December 05, 2023

Risky Business #729 -- Why patching faster won't save us

Listen Later

53 minutes

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

Iran-linked attacks on US water infrastructure

Why the ownCloud bug isn’t the end of the world

The D-Link 0day that… never existed?

In defence of Okta

Much, much more

This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of Cybersecurity Strategy, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks | Cybersecurity Dive

North Texas water utility the latest suspected industrial ransomware target | Cybersecurity Dive

Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks

ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica

Staples hit by cyberattack during critical Cyber Week sales push | Cybersecurity Dive

New Jersey, Pennsylvania hospitals affected by cyberattacks

60 credit unions facing outages due to ransomware attack on popular tech provider

HHS warns of ‘Citrix Bleed’ attacks after hospital outages

Payments processor Tipalti investigating ransomware attack | Cybersecurity Dive

CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers | CISA

Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says

Latest severe Chrome bug prompts CISA warning

Google researchers report critical 0-days in Chrome and all Apple OSes | Ars Technica

Okta again promises it is taking security seriously | Cybersecurity Dive

Okta: Breach Affected All Customer Support Users – Krebs on Security

Russian and Chinese interference networks are ‘building audiences’ ahead of 2024, warns Meta

Meta says it broke up Chinese influence operation looking to exploit U.S. political divisions

Clandestine online operations now require sign-off by senior officials - The Washington Post

Feds seize Sinbad crypto mixer allegedly used by North Korean hackers | TechCrunch

US sanctions North Korean ‘Kimsuky’ hackers after surveillance satellite launch

‘Fugitive’ Spanish aristocrat behind North Korea cryptocurrency conference arrested

Used by only a few nerds, Facebook kills PGP-encrypted emails | TechCrunch

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Risky Business

By Patrick Gray

4.6

352352 ratings

December 05, 2023

Risky Business #729 -- Why patching faster won't save us

Listen Later

53 minutes

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

Iran-linked attacks on US water infrastructure

Why the ownCloud bug isn’t the end of the world

The D-Link 0day that… never existed?

In defence of Okta

Much, much more

This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of Cybersecurity Strategy, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks | Cybersecurity Dive

North Texas water utility the latest suspected industrial ransomware target | Cybersecurity Dive

Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks

ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica

Staples hit by cyberattack during critical Cyber Week sales push | Cybersecurity Dive

New Jersey, Pennsylvania hospitals affected by cyberattacks

60 credit unions facing outages due to ransomware attack on popular tech provider

HHS warns of ‘Citrix Bleed’ attacks after hospital outages

Payments processor Tipalti investigating ransomware attack | Cybersecurity Dive

CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers | CISA

Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says

Latest severe Chrome bug prompts CISA warning

Google researchers report critical 0-days in Chrome and all Apple OSes | Ars Technica

Okta again promises it is taking security seriously | Cybersecurity Dive

Okta: Breach Affected All Customer Support Users – Krebs on Security

Russian and Chinese interference networks are ‘building audiences’ ahead of 2024, warns Meta

Meta says it broke up Chinese influence operation looking to exploit U.S. political divisions

Clandestine online operations now require sign-off by senior officials - The Washington Post

Feds seize Sinbad crypto mixer allegedly used by North Korean hackers | TechCrunch

US sanctions North Korean ‘Kimsuky’ hackers after surveillance satellite launch

‘Fugitive’ Spanish aristocrat behind North Korea cryptocurrency conference arrested

Used by only a few nerds, Facebook kills PGP-encrypted emails | TechCrunch

...more

More shows like Risky Business

Security Now (Audio) by TWiT

Security Now (Audio)

1,961 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

634 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

368 Listeners

Hacked by Hacked

Hacked

176 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,008 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

312 Listeners

Click Here by Recorded Future News

Click Here

386 Listeners

Malicious Life by Malicious Life

Malicious Life

923 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,840 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

141 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

182 Listeners

Hacking Humans by N2K Networks

Hacking Humans

309 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

71 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

120 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

33 Listeners