Risky Business #712 -- The 336,000 undead Fortigates of DOOM
07/11/23 • 69 min
2 Listeners
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- The SEC is targeting SolarWinds executives
- UK to make banks liable for fraud
- NSA issues advice on UEFI trojan
- Microsoft blocks 100+ dodgy drivers
- The US IC knew what Prihozhin was up to. But what FSB doing?
- Much, much more
This week’s show is brought to you by Netwrix. Martin Cannard, Netwrix’s VP of Product Strategy, is this week’s sponsor guest. He talks about why zero standing privilege is a worthy goal.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation | Cybersecurity Dive
- While Australian banks refuse most scam victims refunds, the UK is making them mandatory - ABC News
- New law could allow GCHQ to monitor UK internet logs in real-time to tackle fraud
- Federal incentives could help utilities overcome major cybersecurity hurdle: money | CyberScoop
- Major Japanese port suspends operation following ransomware attack
- Petro-Canada reports service restoration after suspected Suncor breach | Cybersecurity Dive
- Chinese state-backed hackers accidentally infected a European hospital with malware
- Hackers exploit gaping Windows loophole to give their malware kernel access | Ars Technica
- 336,000 servers remain unpatched against critical Fortigate vulnerability | Ars Technica
- CISA says latest VMware analytics bug being exploited
- MOVEit vulnerability snags almost 200 victims, more expected | Cybersecurity Dive
- Actively exploited vulnerability threatens hundreds of solar power stations | Ars Technica
- U.S. intelligence learned in mid-June Prigozhin was plotting uprising - The Washington Post
- Russian election-meddling ‘troll factory’ reportedly shut down after Wagner revolt
- Russian telecom confirms hack after group backing Wagner boasted about an attack | CyberScoop
- Hackers claim to take down Russian satellite communications provider
- Russian railway site allegedly taken down by Ukrainian hackers
- Several US states investigating ‘SiegedSec’ hacking campaign
- Hacking crew targeting states over transition bans claims cyberattack hitting global satellite systems | CyberScoop
- Hacktivists steal government files from Texas city Fort Worth | TechCrunch
- Belarusian hacktivists сlaim to breach country’s leading state university
- ...
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- The SEC is targeting SolarWinds executives
- UK to make banks liable for fraud
- NSA issues advice on UEFI trojan
- Microsoft blocks 100+ dodgy drivers
- The US IC knew what Prihozhin was up to. But what FSB doing?
- Much, much more
This week’s show is brought to you by Netwrix. Martin Cannard, Netwrix’s VP of Product Strategy, is this week’s sponsor guest. He talks about why zero standing privilege is a worthy goal.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation | Cybersecurity Dive
- While Australian banks refuse most scam victims refunds, the UK is making them mandatory - ABC News
- New law could allow GCHQ to monitor UK internet logs in real-time to tackle fraud
- Federal incentives could help utilities overcome major cybersecurity hurdle: money | CyberScoop
- Major Japanese port suspends operation following ransomware attack
- Petro-Canada reports service restoration after suspected Suncor breach | Cybersecurity Dive
- Chinese state-backed hackers accidentally infected a European hospital with malware
- Hackers exploit gaping Windows loophole to give their malware kernel access | Ars Technica
- 336,000 servers remain unpatched against critical Fortigate vulnerability | Ars Technica
- CISA says latest VMware analytics bug being exploited
- MOVEit vulnerability snags almost 200 victims, more expected | Cybersecurity Dive
- Actively exploited vulnerability threatens hundreds of solar power stations | Ars Technica
- U.S. intelligence learned in mid-June Prigozhin was plotting uprising - The Washington Post
- Russian election-meddling ‘troll factory’ reportedly shut down after Wagner revolt
- Russian telecom confirms hack after group backing Wagner boasted about an attack | CyberScoop
- Hackers claim to take down Russian satellite communications provider
- Russian railway site allegedly taken down by Ukrainian hackers
- Several US states investigating ‘SiegedSec’ hacking campaign
- Hacking crew targeting states over transition bans claims cyberattack hitting global satellite systems | CyberScoop
- Hacktivists steal government files from Texas city Fort Worth | TechCrunch
- Belarusian hacktivists сlaim to breach country’s leading state university
- ...
Previous Episode
Risky Biz Soap Box: Defeating Living of the Land
In this edition of the Soap Box podcast we’re going to be talking about a great topic – living off the land.
The recent Volt Typhoon report out of Microsoft chronicled the adventures of a Chinese APT crew in US critical infrastructure. But one of the most fascinating aspects of the Volt Typhoon campaign was that the attackers almost exclusively used so-called living off the land techniques.
So the question becomes – what can you do about an attacker in your environment who has privilege and isn’t using malware?
Guests David Cottingham and Daniel Schell, the CEO and CTO of Airlock Digital, join the show to talk it through.
Next Episode
Risky Business #713 -- Microsoft activates PR weasels after State Department hack
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- Microsoft’s weasel-word response to the State Department email hack
- JumpCloud got owned, maybe by DPRK
- Citrix 0day is getting stuff rekt
- Two more spyware firms sanctioned by USA
- Scammers list fake phone numbers for major airlines on Google Maps
- Much, much more
This week’s show is brought to you by security focussed enterprise browser maker Island. Dan Amiga, Island’s CTO and co-founder, is this week’s sponsor guest. He talks about why widespread enterprise browser deployment is inevitable.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- China-based hackers breach email accounts at State Department
- Microsoft hardens key issuance systems after state-backed hackers breach Outlook accounts | Cybersecurity Dive
- Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
- Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection | Mandiant
- Hackers target Pakistani government, bank and telecom provider with China-made malware
- Risky Biz News: JumpCloud compromised by APT group
- Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns | Ars Technica
- CISA warns of dangerous Rockwell industrial bug being exploited by gov’t group
- Rockwell Automation, Honeywell warned of critical vulnerabilities in industrial products | Cybersecurity Dive
- CISA gives US civilian agencies until August 1 to resolve four Microsoft vulnerabilities
- Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service
- White House unveils consumer labeling program to strengthen IoT security | Cybersecurity Dive
- Senate bill crafted with DEA targets end-to-end encryption, requires online companies to report drug activity
- Two more foreign spyware firms blacklisted by US
- Phone numbers for airlines listed on Google directed to scammers
- By criminals, for criminals: AI tool easily generates ‘remarkably persuasive’ fraud emails
- Itamar Golan 🤓 on Twitter: "A malicious LLM-based tool known as WormGPT 🪱 is rapidly gaining traction in underground forums. This tool empowers attackers to automate sophisticated phishing and BEC (Business Email Compromise) attacks, leveraging personalized fake emails to significantly enhance success... https://t.co/fAcrYhT696" / Twitter
- FCC chair proposes $200M investment to boost K-12 cybersecurity | Cybersecurity Dive
- Fed ends Capital One breach-related enforcement action | Cybersecurity Dive
- Norwegian Refugee Council hit by cyberattack
If you like this episode you’ll love
Episode Comments
Featured in these lists
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/risky-business-43859/risky-business-712-the-336000-undead-fortigates-of-doom-31480055"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to risky business #712 -- the 336,000 undead fortigates of doom on goodpods" style="width: 225px" /> </a>
Copy