On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
We roll our eyes over the “16 billion credentials” leak hitting mainstream news
Some interesting cyber angles emerge from the conflict in Iran
Opensource maintainer of libxml2 is fed up with this hacker crap
Shockingly, there are yet more ways to trick people into pasting commands into Windows
Veeam “patches” its backup software RCE like it’s 2002 … by breaking the public PoCThis week’s episode is sponsored by Internet-wide honeypot reconnaissance platform, Greynoise. Founder Andrew Morris joins to talk about their journey spotting Chinese ORB-builders hacking thousands of ASUS routers, and why they’re destined for the woodchipper.
This episode is also available on Youtube.
Show notes
" rel="noopener noreferrer">No, the 16 billion credentials leak is not a new data breach
" rel="noopener noreferrer">Canadian telecom hacked by suspected China state group - Ars Technica
" rel="noopener noreferrer">Telecom giant Viasat breached by China's Salt Typhoon hackers
" rel="noopener noreferrer">WarTranslated on X: "Iran’s jamming GPS in the Strait of Hormuz, messing with ~970 ships, per Windward. UKMTO confirms the interference. Faulty AIS coordinates are screwing up navigation in the Persian Gulf. The IRGC threatens to shut the strait down in hours. https://t.co/kdMJvshOGC" / X
" rel="noopener noreferrer">Dmitri Alperovitch on X: "Chairman of the Joint Chiefs Gen. Dan Caine says @US_CYBERCOM supported this strike mission" / X
" rel="noopener noreferrer">Top Pentagon spy pick rejected by White House - POLITICO
" rel="noopener noreferrer">DHS warns of heightened cyber threat as US enters Iran conflict | Cybersecurity Dive
" rel="noopener noreferrer">Exclusive: Early US intel assessment suggests strikes on Iran did not destroy nuclear sites, sources say
" rel="noopener noreferrer">U.S. braces for Iran's response after overnight strikes on nuclear sites
" rel="noopener noreferrer">Assessing the Damage to Iran’s Nuclear Program
" rel="noopener noreferrer">Iran Hacks Tirana Municipality in Retaliation Over MEK - Tirana Times
" rel="noopener noreferrer">Iran's government says it shut down internet to protect against cyberattacks | TechCrunch
" rel="noopener noreferrer">Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry | Cybersecurity Dive
" rel="noopener noreferrer">Tonga Ministry of Health hit with cyberattack affecting website, IT systems | The Record from Recorded Future News
" rel="noopener noreferrer">Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US | The Record from Recorded Future News
" rel="noopener noreferrer">Russia releases REvil members after convictions for payment card fraud | The Record from Recorded Future News
" rel="noopener noreferrer">OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys - SpecterOps
" rel="noopener noreferrer">Triaging security issues reported by third parties (#913) · Issue · GNOME/libxml2
" rel="noopener noreferrer">README: Set expectations straight (35d04a08) · Commits · GNOME / libxml2 · GitLab
" rel="noopener noreferrer">What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | Google Cloud Blog
" rel="noopener noreferrer">FileFix - A ClickFix Alternative | mr.d0x
" rel="noopener noreferrer">Address bar shows hp.com. Browser displays scammers’ malicious text anyway. - Ars Technica
" rel="noopener noreferrer">Researchers urge vigilance as Veeam releases patch to address critical flaw | Cybersecurity Dive
" rel="noopener noreferrer">ASUSpicious Flaw - Millions of Users’ Information Exposed Since 2022 | MrBruh's Epic Blog
" rel="noopener noreferrer">Perth dad who created ‘evil twin’ Wi-Fi did so to access pictures of women
" rel="noopener noreferrer">GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers