July 31, 2024

Risky Business #757 – The ClownStrike cleanup continues

Listen Later

1 hour

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:

The insurance industry’s reaction to CrowdStrike’s mess

Google’s Workspace email validation flaw and its consequences for OAuth’d applications

Is the VMWare ESX group membership feature a CVE or an FYI?

Secureboot continues to under-deliver

North Korea’s revenue neutral intelligence services

And much, much more

This episode is sponsored by allowlisting software vendor Airlock Digital. Airlock uses a kernel driver on Windows, so Chief Executive David Cottingham joined to discuss what the CrowdStrike kernel driver bug drama means for security vendors.

This episode is also available on Youtube. If you want to ruin the magic of radio and see the faces behind the show, well, now you can!

Show notes

Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption | Cybersecurity Dive

Delta hires David Boies to seek damages from CrowdStrike, Microsoft

CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds | Cybersecurity Dive

(1145) Why CrowdStrike's Baffling BSOD Disaster Was Avoidable - YouTube

CrowdStrike offers a $10 apology gift card to say sorry for outage | TechCrunch

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security

Hackers exploit VMware vulnerability that gives them hypervisor admin | Ars Technica

Microsoft calls out apparent ESXi vulnerability that some researchers say is a ‘nothing burger’ | CyberScoop

AMI Platform Key leak undermines Secure Boot on 800+ PC models

Chrome will now prompt some users to send passwords for suspicious files | Ars Technica

Google Online Security Blog: Improving the security of Chrome cookies on Windows

A Senate Bill Would Radically Improve Voting Machine Security | WIRED

U.S. told Philippines it made ‘missteps’ in secret anti-vax propaganda effort | Reuters

Cyber firm KnowBe4 hired a fake IT worker from North Korea | CyberScoop

North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop

ServiceNow spots sales opportunities post-CrowdStrike outage | Cybersecurity Dive

Chaining Three Bugs to Access All Your ServiceNow Data

Cyber Supply Chain Risk Management Conference (CySCRM) 2024 | Conference | PNNL

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Risky Business

By Risky Business Media

4.6

364364 ratings

July 31, 2024

Risky Business #757 – The ClownStrike cleanup continues

Listen Later

1 hour

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:

The insurance industry’s reaction to CrowdStrike’s mess

Google’s Workspace email validation flaw and its consequences for OAuth’d applications

Is the VMWare ESX group membership feature a CVE or an FYI?

Secureboot continues to under-deliver

North Korea’s revenue neutral intelligence services

And much, much more

This episode is sponsored by allowlisting software vendor Airlock Digital. Airlock uses a kernel driver on Windows, so Chief Executive David Cottingham joined to discuss what the CrowdStrike kernel driver bug drama means for security vendors.

This episode is also available on Youtube. If you want to ruin the magic of radio and see the faces behind the show, well, now you can!

Show notes

Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption | Cybersecurity Dive

Delta hires David Boies to seek damages from CrowdStrike, Microsoft

CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds | Cybersecurity Dive

(1145) Why CrowdStrike's Baffling BSOD Disaster Was Avoidable - YouTube

CrowdStrike offers a $10 apology gift card to say sorry for outage | TechCrunch

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security

Hackers exploit VMware vulnerability that gives them hypervisor admin | Ars Technica

Microsoft calls out apparent ESXi vulnerability that some researchers say is a ‘nothing burger’ | CyberScoop

AMI Platform Key leak undermines Secure Boot on 800+ PC models

Chrome will now prompt some users to send passwords for suspicious files | Ars Technica

Google Online Security Blog: Improving the security of Chrome cookies on Windows

A Senate Bill Would Radically Improve Voting Machine Security | WIRED

U.S. told Philippines it made ‘missteps’ in secret anti-vax propaganda effort | Reuters

Cyber firm KnowBe4 hired a fake IT worker from North Korea | CyberScoop

North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop

ServiceNow spots sales opportunities post-CrowdStrike outage | Cybersecurity Dive

Chaining Three Bugs to Access All Your ServiceNow Data

Cyber Supply Chain Risk Management Conference (CySCRM) 2024 | Conference | PNNL

...more

More shows like Risky Business

Hacked by Hacked

Hacked

187 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

2,011 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

372 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

651 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,028 Listeners

Smashing Security by Graham Cluley

Smashing Security

317 Listeners

Click Here by Recorded Future News

Click Here

418 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,077 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

175 Listeners

Hacking Humans by N2K Networks

Hacking Humans

315 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

195 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

73 Listeners

Cybersecurity Headlines by CISO Series

Cybersecurity Headlines

139 Listeners

Risky Bulletin by Risky Business Media

Risky Bulletin

45 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

167 Listeners