January 22, 2025

Risky Business #776 -- Trump will flex American cyber muscles

1 hour 3 minutes

Risky Business returns for its 19th year! Patrick Gray and Adam Boileau discuss the week’s cybersecurity news and there is a whole bunch of it. They discuss:

The incoming Trump administration guts the CSRB

Biden’s last cyber Executive Order has sensible things in it

China’s breach of the US Treasury gets our reluctant admiration

Ross Ulbricht - the Dread Pirate Roberts of Silk Road fame - gets his Trump pardon

New year, same shameful comedy Forti- and Ivanti- bugs

US soldier behind the Snowflake hacks faces charges after a solid Krebs-ing

And much, much (much! after a month off) more.

This week’s episode is sponsored by Sandfly Security, who make a Linux EDR solution. Founder Craig Rowland joins to talk about how the Linux ecosystem struggles with its lack of standardised approaches to detection and response. If you’ve got a telco full of unix, and people are asking how much Salt Typhoon you’ve got in there… Sandfly’s tools are probably what you’re looking for.

If you like your Business like us… - Risky - then we’re hiring! We’re looking for someone to help with audio and video production for our work, manage our socials, and if you’re also into the Cybers… even better. Position is remote, with a preference for timezones amenable to Australia/NZ. Drop us a line: editorial at risky.biz.

This episode is also available on Youtube.

Show notes

POLITICO Pro | Article | Acting DHS chief ousts CSRB experts, other department advisers

Treasury’s sanctions office hacked by Chinese government, officials say

Strengthening America’s Resilience Against the PRC Cyber Threats | CISA

AT&T, Verizon say they evicted Salt Typhoon from their networks

Risky Bulletin: Looking at Biden's last cyber executive order - Risky Business

Internet-connected devices can now have a label that rates their security | Reuters

US sanctions prominent Chinese cyber company for role in Flax Typhoon attacks

FCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defense bill

CIA nominee tells Senate he, too, wants to go on cyber offense | CyberScoop

Trump tells Justice Department not to enforce TikTok ban for 75 days

Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices | The Record from Recorded Future News

Unpacking WhatsApp’s Legal Triumph Over NSO Group | Lawfare

Time to check if you ran any of these 33 malicious Chrome extensions

Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - Arctic Wolf

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware

Researchers warn of active exploitation of critical Apache Struts 2 flaw

DOJ deletes China-linked PlugX malware off more than 4,200 US computers

Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers | The Record from Recorded Future News

Ukraine restores state registers after suspected Russian cyberattack | The Record from Recorded Future News

Hackers claim to breach Russian state agency managing property, land records | The Record from Recorded Future News

U.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security

...more

View all episodes

By Patrick Gray

4.6

358358 ratings