Risky Business #671 -- The case for an American-owned NSO Group
07/13/22 • 42 min
1 Listener
On this week’s show Patrick Gray and guest cohost Dmitri Alperovitch discuss the week’s security news, including:
- Why an American defence contractor acquiring NSO Group would be a nonproliferation win
- A look at Microsoft’s botched macro measures
- iPhone’s Lockdown Mode
- Ukraine goes big on Yubikeys
- Aerojet Rocketdyne pays millions over poor security controls, CISO whistleblower gets bag of cash
- Much, much more
This week’s show is sponsored by Proofpoint. Ryan Kalember, Proofpoint’s Executive Vice President of Cybersecurity Strategy, joins us in this week’s sponsor interview to talk about changes he’s observed in the criminal ecosystem.
NOTE: This podcast contains an error. We say that iOS Lockdown Mode prevents users from using an MDM profile on their devices. It doesn’t, it just stops new MDM profiles from being loaded while in Lockdown Mode, so corporate users will be able to turn it on just fine.
Links to everything that we discussed are below and you can follow Patrick or Dmitri on Twitter if that’s your thing.
Show notes
- L3Harris drops bid for NSO spyware following U.S. concerns - The Washington Post
- Apple introduces 'Lockdown Mode' iPhone feature to block elite spyware
- Risky Biz News: Thousands of Yubikeys have been deployed in Ukraine, more to come
- PyPI repo to distribute 4,000 security keys to maintainers of ‘critical projects’ in 2FA drive | The Daily Swig
- Microsoft makes major course reversal, allows Office to run untrusted macros [Updated] | Ars Technica
- Microsoft says decision to stop blocking Office VBA macros by default is ‘temporary’ - The Record by Recorded Future
- Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents'
- Rocket maker agrees to pay $9 million to settle allegations of cybersecurity violations - The Record by Recorded Future
- North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector | CISA
- North Korea is targeting hospitals with ransomware, U.S. agencies warn
- Medical debt collection firm says ransomware attack exposed info on 650+ healthcare orgs - The Record by Recorded Future
- French telecom company La Poste Mobile struggling to recover from ransomware attack - The Record by Recorded Future
- Cyberattack knocks out California community college email, website, landlines - The Record by Recorded Future
- OPM breach victims expected to receive about $700 each after class action settlement - The Record by Recorded Future
- Chinese Hackers Targeting Russian Government and Telcos
- DeFi Hacker Returns $8m
- Millions in Cryptocurrency Stolen in Phishing Attacks
On this week’s show Patrick Gray and guest cohost Dmitri Alperovitch discuss the week’s security news, including:
- Why an American defence contractor acquiring NSO Group would be a nonproliferation win
- A look at Microsoft’s botched macro measures
- iPhone’s Lockdown Mode
- Ukraine goes big on Yubikeys
- Aerojet Rocketdyne pays millions over poor security controls, CISO whistleblower gets bag of cash
- Much, much more
This week’s show is sponsored by Proofpoint. Ryan Kalember, Proofpoint’s Executive Vice President of Cybersecurity Strategy, joins us in this week’s sponsor interview to talk about changes he’s observed in the criminal ecosystem.
NOTE: This podcast contains an error. We say that iOS Lockdown Mode prevents users from using an MDM profile on their devices. It doesn’t, it just stops new MDM profiles from being loaded while in Lockdown Mode, so corporate users will be able to turn it on just fine.
Links to everything that we discussed are below and you can follow Patrick or Dmitri on Twitter if that’s your thing.
Show notes
- L3Harris drops bid for NSO spyware following U.S. concerns - The Washington Post
- Apple introduces 'Lockdown Mode' iPhone feature to block elite spyware
- Risky Biz News: Thousands of Yubikeys have been deployed in Ukraine, more to come
- PyPI repo to distribute 4,000 security keys to maintainers of ‘critical projects’ in 2FA drive | The Daily Swig
- Microsoft makes major course reversal, allows Office to run untrusted macros [Updated] | Ars Technica
- Microsoft says decision to stop blocking Office VBA macros by default is ‘temporary’ - The Record by Recorded Future
- Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents'
- Rocket maker agrees to pay $9 million to settle allegations of cybersecurity violations - The Record by Recorded Future
- North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector | CISA
- North Korea is targeting hospitals with ransomware, U.S. agencies warn
- Medical debt collection firm says ransomware attack exposed info on 650+ healthcare orgs - The Record by Recorded Future
- French telecom company La Poste Mobile struggling to recover from ransomware attack - The Record by Recorded Future
- Cyberattack knocks out California community college email, website, landlines - The Record by Recorded Future
- OPM breach victims expected to receive about $700 each after class action settlement - The Record by Recorded Future
- Chinese Hackers Targeting Russian Government and Telcos
- DeFi Hacker Returns $8m
- Millions in Cryptocurrency Stolen in Phishing Attacks
Previous Episode
Risky Biz Soap Box: Running a global vulnerability management program
Today’s soap box is brought to you by Nucleus Security.
Nucleus makes a platform that ingests vulnerability scan information from all your vuln scanning tech so that you can do things like assign different vulnerabilities to different teams to manage and remediate. Send these ones to infrastructure, send these ones to app teams, send everything up and down this stack to this department etc.
If you want to see Nucleus in action I have recorded a demo and it’s on our YouTube product demos page, I’ve linked through to it in the show notes for this podcast.
Our guest in this episode is Scott Kuffer, co-founder of Nucleus, and the topic is running a vulnerability management program in a very large enterprise.
Show notes
Next Episode
Risky Business #672 -- "Expected behaviour" is in the eye of the beholder
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- A look at the DHS Cyber Safety Review Board’s Log4j report
- Joshua Schulte no longer the “alleged” Vault7 leaker
- Chinese APT crews targeted US political journalists before Jan 6
- Ransomware gangs make leak sites searchable
- Why recovering plaintext passwords from Okta is expected behaviour
- US Government seizes North Korean ransomware payment
- Much, much more
This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he’ll tell us about work Trail of Bits did for DARPA on investigating blockchain security fundamentals.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Patrick Gray on Twitter: "During our discussion yesterday on the show we didn’t know pre-existing MDM was preserved when iOS lockdown mode is enabled, which is great!" / Twitter
- DHS Cyber Safety Review Board found no evidence China knew of Log4j before disclosure
- Ex-CIA Hacker Convicted for ‘One of the Most Damaging Acts of Espionage in American History’
- Chinese hackers targeted U.S. political reporters just ahead of Jan. 6 attack, researchers say
- Experts concerned about ransomware groups creating searchable databases of victim data - The Record by Recorded Future
- Who-is-Trickbot.pdf
- A Deep Dive Into the Residential Proxy Service ‘911’ – Krebs on Security
- Risky Biz News: Google removes app permissions from the Play Store
- Ongoing phishing campaign can hack you even when you’re protected with MFA | Ars Technica
- ‘Password extraction risk’ in identity provider Okta disputed | The Daily Swig
- Authomize Discovers Password Stealing and Impersonation Risks in Okta | Authomize.com
- Okta Response to Security Report | Okta
- DOJ seized ransoms paid by health centers in Kansas, Colorado after 2021 attacks - The Record by Recorded Future
- North Korean hackers target small businesses with H0lyGh0st ransomware, Microsoft warns - The Record by Recorded Future
- Colorado police investigating ransomware attack on small town - The Record by Recorded Future
- Albania shuts down government websites, services due to wide ranging cyberattack - The Record by Recorded Future
- Bandai Namco confirms cyberattack after ransomware group threatens leak - The Record by Recorded Future
- MiCODUS MV720 GPS tracker | CISA
- Honda redesigning latest vehicles to address key fob vulnerabilities - The Record by Recorded Future
If you like this episode you’ll love
Episode Comments
Featured in these lists
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/risky-business-43859/risky-business-671-the-case-for-an-american-owned-nso-group-21978858"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to risky business #671 -- the case for an american-owned nso group on goodpods" style="width: 225px" /> </a>
Copy