June 11, 2025

Risky Business #795 -- How The Com is hacking Salesforce tenants

1 hour 7 minutes

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

New York Times gets a little stolen Russian FSB data as a treat

iVerify spots possible evidence of iOS exploitation against the Harris-Walz campaign

Researcher figures out a trick to get Google account holders’ full names and phone numbers

Major US food distributor gets ransomwared

The Com’s social engineering of Salesforce app authorisations is a harbinger of our future problems

Australian Navy forgets New Zealand has computers, zaps Kiwis with their giant radar.

This week’s episode is sponsored by identity provider Okta. Long-time friend of the show Alex Tilley is Okta’s Global Threat Research Coordinator, and he joins to discuss how organisations can use both human and technical signals to spot North Koreans in their midst.

This episode is also available on Youtube.

Show notes

How The Times Obtained Secret Russian Intelligence Documents - The New York Times

Ukraine's military intelligence claims cyberattack on Russian strategic bomber maker | The Record from Recorded Future News

Harris-Walz campaign may have been targeted by iPhone hackers, cybersecurity firm says

iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the U.S.

Spyware maker cuts ties with Italy after government refused audit into hack of journalist’s phone | The Record from Recorded Future News

Italian lawmakers say Italy used spyware to target phones of immigration activists, but not against journalist | TechCrunch

Android chipmaker Qualcomm fixes three zero-days exploited by hackers | TechCrunch

Cellebrite to acquire mobile testing firm Corellium in $200 million deal | CyberScoop

Apple Gave Governments Data on Thousands of Push Notifications

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

Bruteforcing the phone number of any Google user

Acreed infostealer poised to replace Lumma after global crackdown | The Record from Recorded Future News

BidenCash darknet forum taken down by US, Dutch law enforcement | The Record from Recorded Future News

NHS calls for 1 million blood donors as UK stocks remain low following cyberattack | The Record from Recorded Future News

Major food wholesaler says cyberattack impacting distribution systems | The Record from Recorded Future News

Kettering Health confirms attack by Interlock ransomware group as health record system is restored | The Record from Recorded Future News

Hackers abuse malicious version of Salesforce tool for data theft, extortion | Cybersecurity Dive

shubs on X: "IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: https://t.co/X3dkMz9gwK" / X

Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect | WIRED

Australian navy ship causes radio and internet outages to parts of New Zealand

...more

View all episodes

By Patrick Gray

4.6

354354 ratings