March 12, 2024

Risky Business #740 -- Midnight Blizzard's Microsoft hack isn't over

1 hour 4 minutes

On this week’s show Patrick and Adam discuss the week’s security news, including:

Weather forecast in Redmond is still for blizzards at midnight

Maybe Change Healthcare wasn’t just crying nation-state wolf

Hackers abuse e-prescription systems to sell drugs

CISA goes above and beyond to relate to its constituency by getting its Ivantis owned

VMware drinks from the Tianfu Cup

Much, much more

This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller’s chief of staff when he was FBI director.

John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He’ll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing.

Rad founder Jimmy Mesta will along in this week’s sponsor segment to talk about some really interesting work they’ve done in baselining cloud workloads. It’s the sort of thing that sounds simple that really, really isn’t.

Show notes

Risky Biz News: The aftermath of Microsoft's SVR hack is rearing its ugly head

Swindled Blackcat affiliate wants money from Change Healthcare ransom - Blog | Menlo Security

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security

Change Healthcare systems expected to come back online in mid-March | Cybersecurity Dive

LockBit takes credit for February shutdown of South African pension fund

Ransomware gang claims to have made $3.4 million after attacking children’s hospital

Jason D. Clinton on X: "Fully automated vulnerability research is changing the cybersecurity landscape Claude 3 Opus is capable of reading source code and identifying complex security vulnerabilities used by APTs. But scaling is still a challenge. Demo: https://t.co/UfLNGdkLp8 This is beginner-level… https://t.co/mMQb2vYln1" / X

Jason Koebler on X: "Hackers are hacking doctors, then using their digital prescription portals to "legitimately" prescribe themselves & their customers adderall, oxy, and other prescription drugs https://t.co/6elTKQnXSB" / X

How Hackers Dox Doctors to Order Mountains of Oxy and Adderall

CISA forced to take two systems offline last month after Ivanti compromise

VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica

A Close Up Look at the Consumer Data Broker Radaris – Krebs on Security

Brief of Amici Curiae Former Government Officials

Securities and Exchange Commission v Solarwinds Corp

...more

View all episodes

By Patrick Gray

4.6

352352 ratings