Risky Business #702 -- 3CX: It's like SolarWinds, but stupider

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Why 3CX was the dumbest supply chain attack we’ve seen
• Why Wiz’s AzureAD research was a showstopper that didn’t get the attention it deserved
• How attackers are burning down cloud infrastructure
• The latest from the world of spyware
• Much, much more

This week’s show is brought to you by Nucleus Security. Chris Hughes from Aquia is this week’s sponsor guest. He appeared at Nucleus Security’s invitation.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

• Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms | WIRED
• 3CX support tells customers to investigate malware warnings themselves | Ars Technica
• North Korean hackers linked to 3CX supply-chain attack, investigation finds
• BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover | Wiz Blog
• Microsoft leads effort to disrupt illicit use of Cobalt Strike, a dangerous hacking tool in the wrong hands | CyberScoop
• MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog
• CISA, Cisco highlight Russian military targeting of router vulnerabilities
• Israeli spyware software surveilling journalists, politicians
• Mercenary spyware hacked iPhone victims with rogue calendar invites, researchers say | TechCrunch
• Israeli Spyware Maker QuaDream Closes, Fires All Employees - National Security & Cyber - Haaretz.com
• Hackers used spyware made in Spain to target users in the UAE, Google says | TechCrunch
• Apple’s high security mode blocked NSO spyware, researchers say | TechCrunch
• US commits $25 million to Costa Rica for Conti ransomware recovery
• State Department, Congress working on formal program for US cyber aid
• CISA and partners issue secure-by-design principles for software manufacturers | FedScoop
• Time to Designate Space Systems as Critical Infrastructure
• Apple’s Macs Have Long Escaped Ransomware. That May Be Changing | WIRED
• Cyber company Darktrace gets caught up in LockBit gang's apparent blunder
• Payments giant says it is investigating ransomware incident that caused POS outage
• Cyberattack causing treatment delays at Canadian hospital
• German arms manufacturer Rheinmetall confirms cyberattack
• Hackers using Log4j bug to profit from victim IP addresses through ‘proxyjacking’ scheme