July 31, 2024

Risky Business #757 – The ClownStrike cleanup continues

Listen Later

1 hour

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:

The insurance industry’s reaction to CrowdStrike’s mess

Google’s Workspace email validation flaw and its consequences for OAuth’d applications

Is the VMWare ESX group membership feature a CVE or an FYI?

Secureboot continues to under-deliver

North Korea’s revenue neutral intelligence services

And much, much more

This episode is sponsored by allowlisting software vendor Airlock Digital. Airlock uses a kernel driver on Windows, so Chief Executive David Cottingham joined to discuss what the CrowdStrike kernel driver bug drama means for security vendors.

This episode is also available on Youtube. If you want to ruin the magic of radio and see the faces behind the show, well, now you can!

Show notes

Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption | Cybersecurity Dive

Delta hires David Boies to seek damages from CrowdStrike, Microsoft

CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds | Cybersecurity Dive

(1145) Why CrowdStrike's Baffling BSOD Disaster Was Avoidable - YouTube

CrowdStrike offers a $10 apology gift card to say sorry for outage | TechCrunch

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security

Hackers exploit VMware vulnerability that gives them hypervisor admin | Ars Technica

Microsoft calls out apparent ESXi vulnerability that some researchers say is a ‘nothing burger’ | CyberScoop

AMI Platform Key leak undermines Secure Boot on 800+ PC models

Chrome will now prompt some users to send passwords for suspicious files | Ars Technica

Google Online Security Blog: Improving the security of Chrome cookies on Windows

A Senate Bill Would Radically Improve Voting Machine Security | WIRED

U.S. told Philippines it made ‘missteps’ in secret anti-vax propaganda effort | Reuters

Cyber firm KnowBe4 hired a fake IT worker from North Korea | CyberScoop

North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop

ServiceNow spots sales opportunities post-CrowdStrike outage | Cybersecurity Dive

Chaining Three Bugs to Access All Your ServiceNow Data

Cyber Supply Chain Risk Management Conference (CySCRM) 2024 | Conference | PNNL

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Risky Business

By Patrick Gray

4.6

352352 ratings

July 31, 2024

Risky Business #757 – The ClownStrike cleanup continues

Listen Later

1 hour

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:

The insurance industry’s reaction to CrowdStrike’s mess

Google’s Workspace email validation flaw and its consequences for OAuth’d applications

Is the VMWare ESX group membership feature a CVE or an FYI?

Secureboot continues to under-deliver

North Korea’s revenue neutral intelligence services

And much, much more

This episode is sponsored by allowlisting software vendor Airlock Digital. Airlock uses a kernel driver on Windows, so Chief Executive David Cottingham joined to discuss what the CrowdStrike kernel driver bug drama means for security vendors.

This episode is also available on Youtube. If you want to ruin the magic of radio and see the faces behind the show, well, now you can!

Show notes

Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption | Cybersecurity Dive

Delta hires David Boies to seek damages from CrowdStrike, Microsoft

CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds | Cybersecurity Dive

(1145) Why CrowdStrike's Baffling BSOD Disaster Was Avoidable - YouTube

CrowdStrike offers a $10 apology gift card to say sorry for outage | TechCrunch

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security

Hackers exploit VMware vulnerability that gives them hypervisor admin | Ars Technica

Microsoft calls out apparent ESXi vulnerability that some researchers say is a ‘nothing burger’ | CyberScoop

AMI Platform Key leak undermines Secure Boot on 800+ PC models

Chrome will now prompt some users to send passwords for suspicious files | Ars Technica

Google Online Security Blog: Improving the security of Chrome cookies on Windows

A Senate Bill Would Radically Improve Voting Machine Security | WIRED

U.S. told Philippines it made ‘missteps’ in secret anti-vax propaganda effort | Reuters

Cyber firm KnowBe4 hired a fake IT worker from North Korea | CyberScoop

North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop

ServiceNow spots sales opportunities post-CrowdStrike outage | Cybersecurity Dive

Chaining Three Bugs to Access All Your ServiceNow Data

Cyber Supply Chain Risk Management Conference (CySCRM) 2024 | Conference | PNNL

...more

More shows like Risky Business

Security Now (Audio) by TWiT

Security Now (Audio)

1,961 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

634 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

369 Listeners

Hacked by Hacked

Hacked

175 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,006 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

313 Listeners

Click Here by Recorded Future News

Click Here

386 Listeners

Malicious Life by Malicious Life

Malicious Life

923 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,841 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

142 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

182 Listeners

Hacking Humans by N2K Networks

Hacking Humans

309 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

72 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

120 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

33 Listeners