On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


  Activists who are totally not Israeli military hackers make Iranian steel mills firebally
  Chinese APT crews use ransomware to muddy attribution
  Attackers are now ransoming cloud access
  Chinese APTs using building control systems for persistence and stealth
  USA, UK and NZ govts issue PowerShell advice
  Much, much more


This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #669 -- Finally, an ICS attack that made stuff explode!

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Technology

Tech News

Podcasting

Gadgets

Software How-To

News

On this week’s show Patrick Gray and Adam Boileau are joined by long-time NSA boffin Rob Joyce. Now Rob’s left the government service, he’s hobnobbing with us pundits, talking through the week’s news:


  Apple announces a big leap for confidential cloud computing into the mass market
  While at the same time, letting you just mosey around your iPhone from your Mac
  Mandiant reports in about the Snowflake breach
  Moody’s say credit ratings might consider cyber incidents
  Microsoft fixes an Azure flaw with a… “comprehensive documentation update”
  And much, much more.


This week’s show is sponsored by Yubico, maker of the Yubikey hardware authentication token. Jerrod Chong, Yubico’s COO and President joins to talk about the challenges of the passkey and hardware authenticator ecosystem.

                
                
                Show notes
                	
                  	
                    	Apple makes a password manager play in a heavily targeted market | Cybersecurity Dive
										
                    	macOS Sequoia takes productivity and intelligence on Mac to new heights - Apple
										
                    	The Wiretap: Apple’s AI Announcement Promises Big Security Boosts–Not Everyone Is Convinced
										
                    	Matthew Green on X: "Ok there are probably half a dozen more technical details in the blog post. It’s a very thoughtful design. Indeed, if you gave an excellent team a huge pile of money and told them to build the best “private” cloud in the world, it would probably look like this. 14/" / X
										
                    	Risky Biz News: Microsoft budges on Windows 11 Recall
										
                    	Tenable finds an Azure flaw, Microsoft calls it a feature • The Register
										
                    	LendingTree confirms that cloud services attack potentially affected subsidiary
										
                    	Hackers steal “significant volume” of data from hundreds of Snowflake customers | Ars Technica
										
                    	7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope | Ars Technica
										
                    	Urgent call for O-type blood donations following London hospitals ransomware attack
										
                    	Darknet site for Qilin gang, suspected in London hospitals ransomware attack, goes down
										
                    	Cyberattacks pose mounting risks to creditworthiness: Moody’s | Cybersecurity Dive
										
                    	Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
										
                    	FCC moves ahead on internet routing security rules | CyberScoop
										
                    	House Republicans propose eliminating funding for election security | CyberScoop
										
                    	New DJI policy: No flight record syncing for US drone pilots
										
                    	Semiconductor giants Nvidia and Arm warn of new flaws in their graphics processors
										
                    	Critical PHP CVE is under attack — research shows it’s easy to exploit | Cybersecurity Dive
										
                    	A US Company Enabled a North Korean Scam That Raised Money for WMDs | WIRED
										
                 	

Risky Business #752 -- Apple announcements thrill and terrify at the same time

On this week’s show Patrick Gray and Mark Piper discuss the week’s security news, including:


  What on earth happened at Snowflake?
  A look at operation Endgame
  Check Point’s hilarious adventures with dot dot slash
  Report says the FTC is looking at Microsoft’s security product bundling
  More ransomware hits Russia
  Much, much more


404 Media co-founder Joseph Cox is this week’s feature guest. He joins us to talk about his new book, Dark Wire, which is all about the FBI’s Anom sting.

This week’s show is brought to you by Resourcely. If your Terraform is a mess or your CSPM dashboards are lighting up with insane and stupid things, you should check out Resourcely. Its founder and CEO Travis McPeak will be along in this week’s sponsor interview to talk about all things Terraform.

                
                
                Show notes
                	
                  	
                    	The Snowflake breach and the need for mandatory MFA

										
                    	Snowflake at centre of world’s largest data breach | by Kevin Beaumont | Jun, 2024 | DoublePulsar

										
                    	Cloud company Snowflake denies that reported breach originated with its products

										
                    	‘Operation Endgame’ Hits Malware Delivery Platforms – Krebs on Security

										
                    	Treasury Sanctions Creators of 911 S5 Proxy Botnet – Krebs on Security

										
                    	TikTok warns of exploit aimed at 'high-profile accounts’

										
                    	SEC clarifies intent of cybersecurity breach disclosure rules after initial filings | Cybersecurity Dive

										
                    	SEC.gov | Disclosure of Cybersecurity Incidents Determined To Be Material and Other Cybersecurity Incidents[*]

										
                    	Nurses at Ascension hospital in Michigan raise alarms about safety following ransomware attack

										
                    	London hospitals declare emergency following ransomware attack | Ars Technica

										
                    	North Korea’s ‘Moonstone Sleet’ using fake tank game, custom ransomware in attacks

										
                    	OpenAI models used in nation-state influence campaigns, company says

										
                    	National Vulnerability Database | NIST

										
                    	More than 600,000 routers knocked out in October by Chalubo malware

										
                    	Hackers steal $305M from DMM Bitcoin crypto exchange | TechCrunch

										
                    	Germany's main opposition party hit by ‘serious’ cyberattack

										
                    	Cyberattack disrupts operations of supermarkets across Russia

										
                    	Rare earths miner targeted in cyber attack prior to removal of Chinese investors - ABC News

										
                    	Check Point - Wrong Check Point (CVE-2024-24919)

										
                    	Kevin Beaumont: "The latest Risky Business epis…" - Infosec Exchange

										
                    	This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI | WIRED

										
                    	FTC-industry talks over possible Microsoft probe raised recent hacking incidents - Nextgov/FCW

										
                    	Tim Schofield 

Risky Business #751 -- Snowflake, operation Endgame and Microsoft's looming FTC problem

On this week’s show Patrick and Adam discuss the week’s security news, including:

  Russian delivery company gets ransomware-wiper’d
  A supply-chain attack targets video software used in US courts
  Checkpoint firewalls get hacked, details as clear as mud
  Microsoft Recall delights hackers
  Aussie telco Optus gets told its IR report isn’t legal advice
  Cyber insurer says you’re 5x more likely to get rekt if you have a Cisco ASA
  And much, much more.


This week’s episode is sponsored by Kroll Cyber. Alex Cowperthwaite, Kroll’s technical director research and development for offence joins to talk about how his team attacks AI models, in ways both classic and new.

                
                
                Show notes
                	
                  	
                    	Major Russian delivery company down for three days due to cyberattack
										
                    	Stark Industries Solutions: An Iron Hammer in the Cloud – Krebs on Security
										
                    	CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack | Rapid7 Blog
										
                    	Check Point Software customers targeted by hackers using old, local VPN accounts | Cybersecurity Dive
										
                    	US pharma giant Cencora says Americans' health information stolen in data breach | TechCrunch
										
                    	Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’ | WIRED
										
                    	Kevin Beaumont: "I got ahold of the Copilot+ so…" - Cyberplace
										
                    	Kevin Beaumont: "For those who aren’t aware, Mi…" - Cyberplace
										
                    	Patrick Gray on X: "You know it’s coming… Microsoft Defender Advanced Security for Recall"
										
                    	Microsoft Edge for Business: Revolutionizing your business with AI, security and productivity - Microsoft Edge Blog
										
                    	Optus loses appeal to keep Deloitte report on cyberattack secret
										
                    	Optus says it will defend allegations it failed to protect confidential details of 9 million customers in cyber attack - ABC News
										
                    	Nearly 3 million affected by Sav-Rx data breach
										
                    	Spyware app pcTattletale was hacked and its website defaced | TechCrunch
										
                    	#F**kStalkerware pt. 6 - tattling on pcTattletale
										
                    	Spyware maker pcTattletale shutters after data breach | TechCrunch
										
                    	Jeremy Kirk: "Cyber insurer Coalition releas…" - Infosec Exchange
										
                    	Coalition_2024-Cyber-Claims-Report
										
                    	TikTok says it disrupted 15 influence operations this year — including one from China
										
                    	Israeli private eye accused of hacking was questioned about DC public affairs firm, sources say | Reuters
										
                    	RansomHub claims attack on Christie’s, the world’s wealthiest auction house
										
                    	Open-Source Assessments of AI Capabilities: The Proliferation of AI Analysis Tools, Replicating Competitor Models, and the Zhousidun Dataset
										
                    	Shashank Joshi on X: "Additionally, OpenAI will retain and consult with other safety, security, and technical experts to support this work, including former cybersecurity officials, Rob Joyce [@RGB_Lights], who advises OpenAI on security, and John Carlin."
										
                 	

Risky Business #750 -- Why Microsoft's Recall is an attacker's best friend

This week’s episode was recorded in front of a live audience at AusCERT’s 2024 conference. Pat and Adam talked through:


  Google starts using security as a marketing tool against Microsoft, along with steep discounts
  Microsoft announces a creepy desktop recording AI
  UK govt proposes ransom payment controls
  Arizona woman runs a laptop farm for North Korea
  Julian Assange just keeps on with his malarky
  And much, much more


This week’s episode is sponsored by Tines. Its CEO Eoin Hinchy joins the show to talk about how AI can be genuinely useful in automation.

                
                
                Show notes
                	
                  	
                    	(1) Dina Bass on X: "Google is offering deep discounts to government and corporate customers to entice them to switch from Microsoft Office as it attacks Microsoft's cybersecurity over recent breaches, citing US gov't cybersecurity review board report https://t.co/43sIJmBWi5" / X
										
                    	Microsoft president set to testify before Congress on ‘security shortcomings’ | Cybersecurity Dive
										
                    	Chairman Green, Ranking Member Thompson Announce Microsoft President Will Testify on Company’s Security Shortcomings Following Hack of Government Accounts – Committee on Homeland Security
										
                    	Google leverages Microsoft’s cyber gaps to woo Workspace customers | Cybersecurity Dive
										
                    	CSRB report highlights the need for a new approach to security
										
                    	(1) vx-underground on X: "tl;dr Microsoft introduces 24/7 surveillance functionality for the NSA and/or CIA but markets it as a feature that you'll like" / X
										
                    	Everything You Need to Know About Windows 11's Recall Feature
										
                    	Australian government warns of 'large-scale ransomware data breach'
										
                    	(1) National Cyber Security Coordinator on X: "The Australian Government continues to assist MediSecure, an electronic prescriptions provider, respond to a cyber incident.  We are still working to build a picture of the size and nature of the data that has been impacted by this data breach impacting MediSecure.  This https://t.co/oyNeRonurZ" / X
										
                    	HHS offering $50 million for proposals to improve hospital cybersecurity
										
                    	Remote-access tools the intrusion point to blame for most ransomware attacks | Cybersecurity Dive
										
                    	UK insurance industry begins to acknowledge role in tackling ransomware
										
                    	Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments
										
                    	Hacktivists turn to ransomware in attacks on Philippines government
										
                    	Arizona woman accused of helping North Koreans get remote IT jobs at 300 companies | Ars Technica
										
                    	US offers $5 million for info on North Korean IT workers involved in job fraud
										
                    	FCC might require telecoms to report on securing internet's BGP technology
										
                    	FCC to probe ‘grave’ weaknesses in phone network infrastructure
										
                    	EPA says it will step up enforcement to address ‘critical’ vulnerabilities within water sector
										
                    	EPA takes steps to address cybersecurity weaknesses at water utilities
										
                    	British signals agency to protect election candidates’ phones from cyberattacks
										
                    	Feds seize BreachForums platform, Telegram page
										
                    	Dark web narcotics market’s alleged leader arrested and charged in New York
										
                    	WikiLeaks’ Julian Assange Can Appeal His Extradition to the US, British Court Says | WIRED
										
                 	

Risky Business #749 -- Google answer to Microsoft's insecurity? Buy Google stuff!

In this podcast SentinelOne’s Chief Trust officer Alex Stamos and its Chief Intelligence and Public Policy Officer Chris Krebs join Patrick Gray to talk all about AI.

It’s been a year and a half since ChatGPT landed and freaked everyone out. Since then, AI has really entrenched itself as the next big thing. It’s popping up everywhere, and the use cases for cybersecurity are starting to come into focus.

Threat actors and defenders are using this stuff already, but it’s early days and as you’ll hear, things are really going to change, and fast.

Risky Business #669 -- Finally, an ICS attack that made stuff explode!

Download our free app to listen on your phone