Risky Business

Risky Business #735 -- AnyDesk fails the transparency test

Listen Later

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

  • Thought eels were slippery? Check out AnyDesk’s PR!
  • Why Microsoft’s 365 is a nightmare to secure
  • Cloudflare’s needlessly hostile blog post
  • US Government introduces “Disneyland ban” for spyware peddlers
  • Much, much more…

    • This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA’s Joint Cyber Defense Collaborative is a bit of a shambles.

    This week’s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they’ve committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn’t have to manually find it on another client engagement. Semgrep for the win!

    Show notes
    • AnyDesk initiates extensive credentials reset following cyberattack | Cybersecurity Dive
    • AnyDesk says software ‘safe to use’ after cyberattack
    • Former CIA officer who gave WikiLeaks state secrets gets 40-year sentence
    • Arrests in $400M SIM-Swap Tied to Heist at FTX? – Krebs on Security
    • Microsoft Breach — What Happened? What Should Azure Admins Do? | by Andy Robbins | Feb, 2024 | Posts By SpecterOps Team Members
    • Cloudflare hit by follow-on attack from previous Okta breach | Cybersecurity Dive
    • Thanksgiving 2023 security incident
    • US announces visa restriction policy targeting spyware abuses
    • Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware - United States Department of State
    • Deputy Prime Minister hosts first global conference targeting ‘hackers for hire’ and malicious use of commercial cyber tools - GOV.UK
    • New Google TAG report: How Commercial Surveillance Vendors work
    • A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash | WIRED
    • American businessman settles hacking case in UK against law firm
    • Crime bosses behind Myanmar cyber ‘fraud dens’ handed over to Chinese government
    • Another Chicago hospital announces cyberattack
    • Deepfake scammer walks off with $25 million in first-of-its-kind AI heist | Ars Technica
    • As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3 | Ars Technica
    • Two new Ivanti bugs discovered as CISA warns of hackers bypassing mitigations
    • Agencies using vulnerable Ivanti products have until Saturday to disconnect them | Ars Technica
    • The far right is scaring away Washington's private hacker army - POLITICO
    • Our thoughts on AIxCC’s competition format | Trail of Bits Blog
    • How CISA can improve OSS security | Trail of Bits Blog
    • Securing open-source infrastructure with OSTIF | Trail of Bits Blog
    • Announcing the Trail of Bits Testing Handbook | Trail of Bits Blog
    • 30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more | Trail of Bits Blog
    • Publishing Trail of Bits’ CodeQL queries | Trail of Bits Blog
    • The Unguarded Moment (2002 Digital Remaster) - YouTube
    • Boy Swallows Universe | Official Trailer | Netflix - YouTube
      • ...more
      View all episodesView all episodes
      Download on the App Store
      Risky BusinessBy Patrick Gray
      • 4.6
      • 4.6
      • 4.6
      • 4.6
      • 4.6

      4.6

      352 ratings

      More shows like Risky Business

      View all
      Security Now (Audio) by TWiT

      Security Now (Audio)

      1,961 Listeners

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

      634 Listeners

      Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

      Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

      368 Listeners

      Hacked by Hacked

      Hacked

      176 Listeners

      CyberWire Daily by N2K Networks

      CyberWire Daily

      1,008 Listeners

      Smashing Security by Graham Cluley & Carole Theriault

      Smashing Security

      312 Listeners

      Click Here by Recorded Future News

      Click Here

      386 Listeners

      Malicious Life by Malicious Life

      Malicious Life

      923 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      7,840 Listeners

      Cybersecurity Today by Jim Love

      Cybersecurity Today

      141 Listeners

      CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

      CISO Series Podcast

      182 Listeners

      Hacking Humans by N2K Networks

      Hacking Humans

      309 Listeners

      Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

      Defense in Depth

      71 Listeners

      Cyber Security Headlines by CISO Series

      Cyber Security Headlines

      120 Listeners

      Risky Bulletin by risky.biz

      Risky Bulletin

      33 Listeners