Risky Business #697 -- LastPass attacker: Do you gotta hand it to 'em?

PLUS: Ransomware crew hits US Marshals service...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • A look at LastPass’s intrusion post mortem
  • A very stable genius decided to ransomware the US Marshals Service
  • Why Signal’s complaints about UK’s Online Safety Act are bad faith
  • Much, much more…

This week’s show is brought to you by Tines, the no-code automation platform. Its co-founder and CEO Eoin Hinchy joins the show in the sponsor slot, and you can check out a Tines demo we recorded with Eoin on YouTube.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Between Two Nerds: Making sense of cyber power rankings

Do they make sense or are they all rubbish?

In this edition of Between Two Nerds Tom Uren and The Grugq look at reports that try and distil a country’s cyber power into a single number so that they can be ranked and compared. Do these reports say anything useful and have any value?

An interview with Andrew Boyd, director of the CIA's Centre for Cyber Intelligence

Why the lessons learned in Ukraine may not help us in the Taiwan Strait…

In this interview the director of the CIA’s Center for Cyber Intelligence (CCI) sits down with Risky Business podcast host Patrick Gray to talk about:

  • What CCI actually does
  • The CIA’s role in cyber intel and operations
  • What lessons have been learned from Russia’s cyber campaigns targeting Ukraine
  • Why a cyber conflict with China will be very, very different
  • His views on the ransomware threat
  • Much, much more

Srsly Risky Biz: Move Over NSO, the Internet Has a New Villain

PLUS: Googles Russia report is a mixed bag...

In this podcast Patrick Gray talks to Tom Uren about investigations into the disinformation industry. One election interference for hire company, known as “Team Jorge”, provides a huge variety of dirty tricks services, but we think its claims of massive influence are overblown. Despite that, however, these companies are still corrosive for democracy and a scourge worth tackling. Patrick thinks they’re the “new internet villain” and will replace NSO as a target of hate.

They also discuss Google’s new report that covers Russian cyber operations in its invasion of Ukraine. On the whole a good report, but both Tom and Pat think some of it is problematic.

Finally, they talk about Patrick’s interview with the head of the CIA’s Center for Cyber Intelligence. It’s great to have intelligence officials explain how they see the cyber threat landscape and get their take on war in Ukraine and what that means for cyber operations in future conflicts.

Risky Business #696 -- Why Twitter had to kill SMS 2FA

PLUS: Semiconductor supply chain disrupted by ransomware...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Why Twitter had to kill SMS 2FA
  • A look at Meta’s new verification service
  • How a ransomware attack disrupted the semiconductor supply chain
  • Why Anonymous Sudan is probably a Russian info op
  • Microsoft mixes up public and private keys in Azure B2C (for real)
  • Much, much more

This week’s show is brought to you by Proofpoint. Its Executive Vice President of Cybersecurity Strategy Ryan Kalember joins the show in the sponsor slot.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Between Two Nerds: Is cyberespionage actually signals intelligence?

In the Five Eyes signals intelligence organisations mostly own cyber operations, but other countries have different models. Is that the way it should be or just an accident of history?

In this edition of Between Two Nerds Tom Uren and The Grugq look at the differences and similarities between signals intelligence and cyber operations. Why did Five Eyes Sigint organisations end up ‘owning’ cyber operations and does that make sense, or should there be a separate cyber intelligence organisation?

Risky Biz News: Applied Materials to take $250m ransomware hit

PLUS: GoDaddy discloses multi-year breach; French-Israeli BEC gang detained; Russia plans to fine telcos that fail to implement its SORM surveillance system.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Risky Biz News: EU cybersecurity agencies warn of Chinese APT spying

PLUS: Israeli company behind global election meddling campaigns; Atlassian confirms data leak; Belgium launches national vulnerability disclosure framework.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Patrick Gray, who’s filling in for Claire Aird.

You can find the newsletter version of this podcast click here.

Risky Biz Soap Box: Greynoise has built the world's biggest, and smartest, honeypot

A chat with Greynoise Intelligence founder Andrew Morris…

In this interview we’re chatting with the founder of Greynoise Intelligence, Andrew Morris.

Greynoise operates a global network of sensors that collect data on things like mass scanning, exploitation and reconnaissance. The idea is if your SOC gets an alert from a particular IP you can see if it’s associated with mass scanning or exploitation, or if it’s something that’s just targeting you.

And as you’ll hear, there are other use cases also, but we’re talking about a few things with Andrew today. He talks about being able to selectively port forward attacks targeting his sensor network to a data centre running the services being targeted, about the ESXiArgs ransomware attack and more.

Enjoy!

Srsly Risky Biz: North Korean ransomware, Biden flags US privacy reform

PLUS: US Air Force fights inflation…

In this podcast Patrick Gray talks to Tom Uren about North Korea’s foray into state-sponsored ransomware targeting healthcare organisations. There’s reasons to be concerned — North Korea has pulled off some sophisticated hacks and the responses that maybe “work” against cybercriminals might not work at all against the DPRK. Tom thinks that the international community can do a lot more around sanctions that will help.

They also look at President Biden’s talk about privacy at his recent State of the Union speech. Does this mean that the US will finally get meaningful federal privacy and data security legislation? We hope so.

Finally, Tom and Patrick revisit the Chinese spy balloon saga. Even though a single balloon is not a huge threat, an uncontested balloon surveillance program would be and the US is responding strongly. It’s sanctioned six Chinese firms and the US is looking for balloons and finding them. Three more have been shot down since last week, but it looks like they are all just errant balloons rather than more surveillance craft.

Risky Business #695 -- North Korea is ransomwaring hospitals, Russia to make "patriotic" hacking legal

PLUS: Trickbot members linked to FSB and sanctioned...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • North Korea is ransomwaring hospitals with homegrown and Russian strains
  • Russia proposes law greenlighting “patriotic hacks”
  • It’s 702 renewal time… again
  • CISA releases ESXiArgs recovery script (yay!)
  • UK mulls crimephone ban
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Haroon Meer is this week’s sponsor guest and joins us to talk about Thinkst’s latest release: the credit card canary.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Risky Biz News: US and UK sanction seven Trickbot members

Google to give away 100,000 security keys; NIST approves lightweight IoT cryptography standard; Microsoft embraces Adobe PDF renderer for Edge.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Srsly Risky Biz: China's magnificent spy balloon, Iran throws an epic cyber tanty

PLUS: The world's best ransomware case study...

In this podcast Patrick Gray talks to Tom Uren about the bizarre Chinese spy balloon story. There may be incremental intelligence gains for the PRC but they were far outweighed by the diplomatic fallout.

They also discuss an Iranian operation attacking French satiricial magazine Charlie Hebdo. States use cyber operations to pursue vastly different goals and most of them make sense for a state’s point of view. But some operations, like this one, and like the North Korean attack on Sony Pictures, are “vanity projects” that cater to the whims of the “dear leader”.

Finally, the Conti ransomware attack on the Irish public health system (HSE) is turning into the best ransomware case study. It brings together a detailed examination of the management failures with stories from staff, patients and also from inside the Conti group.

You can read the newsletter this podcast is based on here.