Risky Bulletin Scattered Spider goes after aviation sector
pIn other news Russia throttles Cloudflare traffic Mexican cartel hired hackers to track FBI official Canada tells Hikvision to cease operationsppThis newsletter is brought to you by Sandfly Security You can subscribe to an audio version of this newsletter as a podcast by searching for Risky Business in your podcatcher or subscribing via this RSS feedppIndividuals associated with a large cluster of hackers known as Scattered Spider Muddled Libra UNC3944 are targeting companies in the aviation and transportation sectorsppThe group which was previously very active in 2023 and had some members arrested in 2024 saw a resurgence in activity this yearppIt returned with a bang with attacks that targeted UK retail chains moved to go after US retailers and then targeted US insurance businesses before a new change in targets this monthppGoogle Palo Alto Networks and the FBI have put out public statements on Friday warning about the groups new shift towards aviationppThe three warnings come after WestJet and Hawaiian Airlines disclosed breaches this month Reports from Axios and Bleeping Computer claim the two companies were hit by the groupppScattered Spiders hacking spree this year also included intrusions at UK retail chains Mark Spencers and Coop While still unconfirmed three insurance companiesAflac Eerie Insurance and Philadelphia Insurancealso disclosed security breaches shortly after reports that the group shifted to target their industry verticalppScattered Spider has a history of focusing on sectors for a few weeks at a time before expanding their targeting Charles Carmakal Google Mandiant CTO wrote on LinkedIn Carmakal urged companies to read guidance on the groups normal TTPs and take preemptive measuresppThe actors core tactics techniques and procedures have remained consistent This means that organizations can take proactive steps like training their help desk staff to enforce robust identity verification processes and deploying phishingresistant MFA to defend against these intrusions Carmakal told Risky BusinessppWe are still working on attribution and analysis but given the habit of this actor to focus on a single sector we suggest that the industry take steps immediately to harden systems he addedppWhen it comes to these TTPs the group is widely known for the use of extremely clever social engineering techniques and its ability to move across cloud and SaaS environments with greater ease than many other threat actorsppThey typically use public or leakedhacked data to pose as employees contact a companys tech support or IT help desk and then trick support staff into resetting that employees account passwords to bypass existing MFA protectionsppThey then use this account to move laterally across corporate accounts and apps steal data and even deploy ransomware when they can In the next stage the group uses the stolen data and the encrypted files to extort the companies for multimillion dollar ransoms Their attacks are typically very thorough and devastating Many of its victims encountered prolonged multiweek outages which is why they demand so much money from victims they put on their kneesppThese are basically the same techniques theyve been using in 2023 although these new intrusions are carried out by a new batch of members ppWe used the quotes here because technically speaking you cant call the people behind these newer attacks Scattered Spider membersppThe term Scattered Spider is very generously used to describe individuals who learned the same hacking techniques from an underground Discord and Telegram community known as The ComppThere are hundreds of these individuals who are organized in their own smaller cliques sometimes jump between them and even merc out their hacking services on specific intrusions to other groupsppIts a stupid name but it cant be helped since its difficult tracking such a flowy and mercurial bunch of peopleppThe main Risky Business podcast is now on YouTube with video versions of our recent episodes Below is our latest weekly show with Pat and Adam at the helmppHawaiian Airlines cyberattack A cyberattack has disrupted the internal IT systems of Hawaiian Airlines The airline says the incident didnt impact flight schedules Hawaiian didnt provide details about the incident but the aftermath is typical of ransomware attacksppResupply cryptoheist Hackers exploited a vulnerability in the Resupply DeFi platform to steal 10 million worth of crypto assets The bug allowed the attackers to place a 200000 deposit but extract millions in return The hackers used the Tornado Cash mixer to deposit the funds and their identity remains unknownppSociété Générale intern linked to SIM swaps A cybercrime group has stolen more than 1 million from 50 customers of French bank Société Générale The group used customer data provided by a bank intern to access and empty customer accounts The group had four membersone man who created forged documents one individual conducting SIM swaps and a couple who laundered the stolen funds All five were arrested earlier this month Additional coverage in CommRiskppMexican cartel hired a hacker The Sinaloa drug cartel hired a hacker in 2018 to track an FBI officials phone The hacker obtained call records and geolocation data and tracked the agents movements across Mexico City The cartel used the data to identify and even kill informants in a case against the cartels leader Joaquín El Chapo Guzmán Additional coverage in CyberScoopFBI OIG auditPDFppIts almost like surveillance capitalism is a problem for everyoneppAzure AD Graph retirement A reminder that Microsoft is retiring the Azure AD Graph API service in SeptemberppMicrosoft to launch new endpoint security platform Microsoft will launch next month a private preview of a new Windows technology that will allow antivirus and security tools to run without kernel access The new endpoint security platform was developed in response to last years CrowdStrike incident A bug in the CrowdStrike kernel driver took down over 85 million Windows systems Several EDR vendors are working with Microsoft to test the new technologyppNew Chrome antiXSS security feature Google has added a new security feature to the Chrome browser that automatically escapes and characters inside HTML attributes The new feature is designed to prevent crosssite scripting attacks that rely on sneaking malicious code inside HTML The feature shipped with Chrome 138 last weekppNew Meta intrusive AI training Meta is asking users for access to their camera roll to use AI and suggest photos to share As TechCrunch points out this is the companys clever way of training its AI on private photosppThis is the most insane thing Meta has done this year so far except when they tracked browser activities for users who werent even logged in violating Google Plays terms of service
techcrunchcom20250627f
Privacy MetappNew US Cyber Command Executive Director The US government has named Patrick Ware as the new Executive Director of US Cyber Command Ware will occupy the No 3 spot inside the US militarys cyber operations branch a spot typically assigned to an NSA official Ware previously served 34 years with the NSA and replaces Morgan Adamski in the role Additional coverage in The RecordppNo Adversarial AI Act Two US senators have introduced a bill that would ban the US federal agencies from using AI tools developed by foreign adversaries This would apply to AI technologies produced in China Russia Iran and other countries the US considers adversaries The No Adversarial AI Act comes after several agencies and US States banned employees from using Chinese AI tool DeepSeekppSupreme Court upholds porn ID law The US Supreme Court on Friday ruled in favor of a Texas law mandating adult sites to verify the age of their visitors Additional coverage in WiredppProposed CISA cuts Ongoing negotiations and adjustments to DHS budgets for the next year seem to have softened CISA workforce and budget cuts Still ongoing Additional coverage in Federal News NetworkppNASA needs cyber risk management A GAO report found that NASA is lagging behind in implementing an organizationwide cybersecurity risk assessment frameworkppCanada tells Hikvision to get out The Canadian government has ordered Chinese security camera maker Hikvision to close operations in the country Officials said the companys business is a threat to Canadas national security and banned government agencies from purchasing new Hikvision products The US previously sanctioned the company for helping the Chinese government surveil the Uyghur minority in Western China Additional coverage in CBCppKYC for Dutch hosting providers The Dutch government is exploring implementing a KnowYourCustomer requirement for Dutch web hosting providersppGermany looks to ban DeepSeek Berlins data protection agency is seeking to ban DeepSeek in Germany for illegal user data transfer to China The agency says it reported both apps to the Apple and Google app stores last week for GDPR violations According to CNBC an initial action in Germany may lead to an EUwide banppBrazil supreme court ruling to impact online moderation Brazils Supreme Court has ruled that social media networks are liable for their users posts Online social networks will have to monitor and remove user posts that contain hate speech racism and calls for violence The Trump administration previously threatened to sanction any foreign officials going after US tech firms using fines taxes or content moderation attempts Additional coverage in Rest of WorldppRussia throttles Cloudflare Russian internet service providers are throttling traffic to Cloudflare sites Throttling began on June 9 and Cloudflare says it has not received a formal outreach from the Russian government The throttling is a defacto block as ISPs are only allowing 16 KB of data to load from Cloudflare before freezing the connection In February the Kremlin also used traffic throttling to block YouTube inside the countryppIn this Risky Bulletin sponsor interview Craig Rowland CEO of Sandfly Security talks to Tom Uren about the disconnect between how important Linux systems are and how much security attention they get The pair discuss the variety of reasons that security teams underinvest in protecting LinuxppCryLock couple gets prison time Belgian authorities have sentenced a Russian man to seven years in prison for developing the CryLock ransomware A Russian woman also received a fiveyear prison sentence for advertising the ransomware and negotiating with victims Both received two years on their sentence for refusing to cooperate with authorities and hand over passwords for their devices and crypto wallets The couple is believed to have infected more than 400000 users and made over 3 million from the attacks The two were detained in Spain in 2023 and extradited to Belgium to face trial Additional coverage in VRTppIT worker jailed over cyberattack A UK judge has sentenced a 31yearold man to more than seven months in prison for hacking and sabotaging his former employer A day after being suspended from work Mohammed Umar Taj changed login credentials and multifactor authentication settings The sabotage caused IT outages for the companys customers across the UK Germany and Bahrain The incident led to at least 200000 in lost business and reputational damageppNew npm malware Seventyfive malicious npm packages were discovered and taken down last week Check out the GitHub security advisory portal for more detailsppFBI warns of healthcare scams The FBI has warned Americans of cybercriminals coldcalling victims impersonating healthcare providers and asking for private details and paymentsppConnectWises signing booboo River CISO Cem Paya has published a technical deep dive into ConnectWises technical snafu of storing way too much technical data in an area of its installer that was not signed This allowed threat actors to abuse this area to load malware via official ConnectWise ScreenConnect installers Paya is one of the many security researchers who looked at this mainly because the threat actors impersonated his employerppNew Werewolves Group attacks Russian security firm F6 is seeing new attacks from the Werewolves Group a doubleextortion group targeting Russian companies with a version of the LockBit leaked ransomwareppNew Kawa ransomware gang A new ransomware operation named Kawa launched last week Its dark web leak site currently lists five victimsppIsraelIran cyber war NSFOCUS and Tenable published overviews of recent hacking and hacktivist activity linked to the military conflict between Iran and IsraelppCybercrime in Africa Cybercrime reports account for more than 30 of all reported crimes in Western and Eastern Africa according to an Interpol report Online scams ransomware BEC and digital sextortion are the most common incidents Most African countries said their legal systems are not prepared to handle the scale of the new problemppCambodias cyber scam ecosystem Amnesty International published a report on the cyber scam ecosystem in Cambodia alluding that the local government is deliberately ignoring the problem This is most likely because some officials are making a fortune off these compounds as other previous reports have hintedppTerrorgram named terrorist organization The Australian government has designated the Terrorgram online community a terrorist organization The group operates on Telegram where it recruits and encourages members to carry out murders physical attacks and other hate crimes The US arrested two Terrorgram admins last year after shootings and stabbings in Slovakia and Turkey Australia previously sanctioned the groups members in FebruaryppBreachForums profile Sophos has published a profile and timeline of BreachForums the rebranded version of the old RaidForums This doesnt include the millions of clonesppSnake Keylogger Lab52 has spotted the Snake Keylogger being used in an oil industrycentered spearphishing campaignppSandfly Security can help you find Linux packetsniffing malware instantly and at scale You can get a free trial and know immediately if any suspicious processes are sniffing traffic todayppBlind Eagle linked to Proton66 Trustwave has linked campaigns from LATAM APT Blind Eagle to the infrastructure of Russian bulletproof hosting provider Proton66ppDPRK hackers abuse ChatGPT North Korean hacking groups are abusing ChatGPT to automate OSINT reconnaissance operations and cryptocurrency thefts Hackers linked with the Andariel and Kimsuky groups have used ChatGPT to generate malicious code that automatically empties cryptowallets They also used ChatGPT to analyze public data to find targets for attacks South Korean officials found traces of this activity on 39 servers they seized last year Additional coverage in TechMEnglish coverage in CoinTelegraphppUAC0226s GIFTEDCROOK updates Arctic Wolf has published a report detailing new updates to GIFTEDCROOK an infostealer used by Russian espionage group UAC0226 in Ukrainian operations Arctic Wolf says the malware evolved from a browser stealer to a fullblown data exfiltration platformppPravda Catalan The Open Measures team looks at the Catalan branch of Russian disinformation network PravdappIranian infoop goes silent during Israeli strikes An investigation by the UK Defence Journal found that dozens of proScottish independence accounts went silent at the start of Israels military operation in Iran The accounts remained silent for over 10 days while Iran imposed an internet blackout and the country dealt with power outages from Israeli strikes Iran is known to run influence operations in multiple foreign countries where it blends local political themes with its own foreign interests such as proHamas and antiIsrael narrativesppCitrixBleed 2 exploitation Security firm ReliaQuest has spotted evidence that hackers are likely exploiting a new Citrix vulnerability known as CitrixBleed 2 Tracked as CVE20255777 the vulnerability is a memory corruption issue that allows remote attackers to dump a Citrix devices memory The exploit can be used to steal session data and impersonate users Citrix has not confirmed the attacks and ReliaQuests findingsppCentOS Web Panel RCE The CentOS Web Panel project has fixed a vulnerability that could have allowed threat actors to hijack web hosting servers Tracked as CVE202548703 the vulnerability allows attackers who know at least one username on the panel to take over the underlying servers The attack bypasses authentication and proofofconcept code is available onlineppSAP GUI Client vulnerabilities Security firm Pathlock has published a writeup on two bugs it found in the SAP GUI ClientppSynology app leak A leaked secret in a Synology Microsoft 365 app could have allowed threat actors to access the Azure cloud data of any of the apps usersppTeammate Leonid discovered a leaked credential that allowed anyone unauthorized access to all Microsoft tenants of orgs that use Synologys Active Backup for Microsoft 365 ABM including sensitive data like Teams channel messages
synology disclosure modzero
modzerocomenblogwhenppThreattrend reports Bitdefender ESET GitHub GuidePoint and Interpol have recently published reports and summaries covering various infosec trends and industry threatsppNIS2 guidance ENISA has published new guidance to support the implementation of the EU NIS2 DirectiveppNew toolRIFT Microsoft has opensourced RIFT or the Rust Interactive Function Tool a toolkit to assist reverse engineers in identifying library code in Rust malware The code is also on GitHubppNew toolOrange Me2eets Cloudflare has opensourced Orange Me2eets a new demo app to support endtoend encrypted video calling The apps code is also on GitHubppBSides Seattle 2025 videos Talks from the BSides Seattle 2025 security conference which took place in April are available on YouTubeppBSides Tampa 2025 videos Talks from the BSides Tampa 2025 security conference which took place in May are available on YouTubeppNullcon Goa 2025 videos Talks from the Nullcon Goa 2025 security conference which took place at the start of March are available on YouTubeppIn this edition of Seriously Risky Business Tom Uren and Patrick Gray talk about a new report that compares Chinese and American 0day pipelines The US is narrowly focused on acquiring exquisitely stealthy and reliable exploits while China casts a far broader net That was fine in the past but as 0days get harder and harder to find the report argues that the US needs to change the way it goes about getting themppIn this edition of Between Two Nerds Tom Uren and The Grugq dive into the motivations and actions of Predatory Sparrow a purported hacktivist group that has been attacking Iran for the last five years and has leaped into the IranIsrael workppIn other news SEC and SolarWinds seek settlement CM hack linked to malicious insider Luis Vuitton discloses breachppIn other news FBI investigates ransomware negotiator Spain arrests government hackers hackers steal 185 million from Brazilian financial institutionsppYour weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Patrick Gray Its supported by Lawfare with help from the William and Flora Hewlett Foundation This weeks edition is sponsored by Sandfly Security
You can hear a podcast discussion ofppIn other news The ICC discloses security breach US dismantles 29 DPRK laptop farms Chinese student gets jailed in the UK for SMS blasting in Londonpp
Risky Business publishes cybersecurity newsletters and podcasts for security professionals
ppp
techcrunchcom20250627f
Privacy MetappNew US Cyber Command Executive Director The US government has named Patrick Ware as the new Executive Director of US Cyber Command Ware will occupy the No 3 spot inside the US militarys cyber operations branch a spot typically assigned to an NSA official Ware previously served 34 years with the NSA and replaces Morgan Adamski in the role Additional coverage in The RecordppNo Adversarial AI Act Two US senators have introduced a bill that would ban the US federal agencies from using AI tools developed by foreign adversaries This would apply to AI technologies produced in China Russia Iran and other countries the US considers adversaries The No Adversarial AI Act comes after several agencies and US States banned employees from using Chinese AI tool DeepSeekppSupreme Court upholds porn ID law The US Supreme Court on Friday ruled in favor of a Texas law mandating adult sites to verify the age of their visitors Additional coverage in WiredppProposed CISA cuts Ongoing negotiations and adjustments to DHS budgets for the next year seem to have softened CISA workforce and budget cuts Still ongoing Additional coverage in Federal News NetworkppNASA needs cyber risk management A GAO report found that NASA is lagging behind in implementing an organizationwide cybersecurity risk assessment frameworkppCanada tells Hikvision to get out The Canadian government has ordered Chinese security camera maker Hikvision to close operations in the country Officials said the companys business is a threat to Canadas national security and banned government agencies from purchasing new Hikvision products The US previously sanctioned the company for helping the Chinese government surveil the Uyghur minority in Western China Additional coverage in CBCppKYC for Dutch hosting providers The Dutch government is exploring implementing a KnowYourCustomer requirement for Dutch web hosting providersppGermany looks to ban DeepSeek Berlins data protection agency is seeking to ban DeepSeek in Germany for illegal user data transfer to China The agency says it reported both apps to the Apple and Google app stores last week for GDPR violations According to CNBC an initial action in Germany may lead to an EUwide banppBrazil supreme court ruling to impact online moderation Brazils Supreme Court has ruled that social media networks are liable for their users posts Online social networks will have to monitor and remove user posts that contain hate speech racism and calls for violence The Trump administration previously threatened to sanction any foreign officials going after US tech firms using fines taxes or content moderation attempts Additional coverage in Rest of WorldppRussia throttles Cloudflare Russian internet service providers are throttling traffic to Cloudflare sites Throttling began on June 9 and Cloudflare says it has not received a formal outreach from the Russian government The throttling is a defacto block as ISPs are only allowing 16 KB of data to load from Cloudflare before freezing the connection In February the Kremlin also used traffic throttling to block YouTube inside the countryppIn this Risky Bulletin sponsor interview Craig Rowland CEO of Sandfly Security talks to Tom Uren about the disconnect between how important Linux systems are and how much security attention they get The pair discuss the variety of reasons that security teams underinvest in protecting LinuxppCryLock couple gets prison time Belgian authorities have sentenced a Russian man to seven years in prison for developing the CryLock ransomware A Russian woman also received a fiveyear prison sentence for advertising the ransomware and negotiating with victims Both received two years on their sentence for refusing to cooperate with authorities and hand over passwords for their devices and crypto wallets The couple is believed to have infected more than 400000 users and made over 3 million from the attacks The two were detained in Spain in 2023 and extradited to Belgium to face trial Additional coverage in VRTppIT worker jailed over cyberattack A UK judge has sentenced a 31yearold man to more than seven months in prison for hacking and sabotaging his former employer A day after being suspended from work Mohammed Umar Taj changed login credentials and multifactor authentication settings The sabotage caused IT outages for the companys customers across the UK Germany and Bahrain The incident led to at least 200000 in lost business and reputational damageppNew npm malware Seventyfive malicious npm packages were discovered and taken down last week Check out the GitHub security advisory portal for more detailsppFBI warns of healthcare scams The FBI has warned Americans of cybercriminals coldcalling victims impersonating healthcare providers and asking for private details and paymentsppConnectWises signing booboo River CISO Cem Paya has published a technical deep dive into ConnectWises technical snafu of storing way too much technical data in an area of its installer that was not signed This allowed threat actors to abuse this area to load malware via official ConnectWise ScreenConnect installers Paya is one of the many security researchers who looked at this mainly because the threat actors impersonated his employerppNew Werewolves Group attacks Russian security firm F6 is seeing new attacks from the Werewolves Group a doubleextortion group targeting Russian companies with a version of the LockBit leaked ransomwareppNew Kawa ransomware gang A new ransomware operation named Kawa launched last week Its dark web leak site currently lists five victimsppIsraelIran cyber war NSFOCUS and Tenable published overviews of recent hacking and hacktivist activity linked to the military conflict between Iran and IsraelppCybercrime in Africa Cybercrime reports account for more than 30 of all reported crimes in Western and Eastern Africa according to an Interpol report Online scams ransomware BEC and digital sextortion are the most common incidents Most African countries said their legal systems are not prepared to handle the scale of the new problemppCambodias cyber scam ecosystem Amnesty International published a report on the cyber scam ecosystem in Cambodia alluding that the local government is deliberately ignoring the problem This is most likely because some officials are making a fortune off these compounds as other previous reports have hintedppTerrorgram named terrorist organization The Australian government has designated the Terrorgram online community a terrorist organization The group operates on Telegram where it recruits and encourages members to carry out murders physical attacks and other hate crimes The US arrested two Terrorgram admins last year after shootings and stabbings in Slovakia and Turkey Australia previously sanctioned the groups members in FebruaryppBreachForums profile Sophos has published a profile and timeline of BreachForums the rebranded version of the old RaidForums This doesnt include the millions of clonesppSnake Keylogger Lab52 has spotted the Snake Keylogger being used in an oil industrycentered spearphishing campaignppSandfly Security can help you find Linux packetsniffing malware instantly and at scale You can get a free trial and know immediately if any suspicious processes are sniffing traffic todayppBlind Eagle linked to Proton66 Trustwave has linked campaigns from LATAM APT Blind Eagle to the infrastructure of Russian bulletproof hosting provider Proton66ppDPRK hackers abuse ChatGPT North Korean hacking groups are abusing ChatGPT to automate OSINT reconnaissance operations and cryptocurrency thefts Hackers linked with the Andariel and Kimsuky groups have used ChatGPT to generate malicious code that automatically empties cryptowallets They also used ChatGPT to analyze public data to find targets for attacks South Korean officials found traces of this activity on 39 servers they seized last year Additional coverage in TechMEnglish coverage in CoinTelegraphppUAC0226s GIFTEDCROOK updates Arctic Wolf has published a report detailing new updates to GIFTEDCROOK an infostealer used by Russian espionage group UAC0226 in Ukrainian operations Arctic Wolf says the malware evolved from a browser stealer to a fullblown data exfiltration platformppPravda Catalan The Open Measures team looks at the Catalan branch of Russian disinformation network PravdappIranian infoop goes silent during Israeli strikes An investigation by the UK Defence Journal found that dozens of proScottish independence accounts went silent at the start of Israels military operation in Iran The accounts remained silent for over 10 days while Iran imposed an internet blackout and the country dealt with power outages from Israeli strikes Iran is known to run influence operations in multiple foreign countries where it blends local political themes with its own foreign interests such as proHamas and antiIsrael narrativesppCitrixBleed 2 exploitation Security firm ReliaQuest has spotted evidence that hackers are likely exploiting a new Citrix vulnerability known as CitrixBleed 2 Tracked as CVE20255777 the vulnerability is a memory corruption issue that allows remote attackers to dump a Citrix devices memory The exploit can be used to steal session data and impersonate users Citrix has not confirmed the attacks and ReliaQuests findingsppCentOS Web Panel RCE The CentOS Web Panel project has fixed a vulnerability that could have allowed threat actors to hijack web hosting servers Tracked as CVE202548703 the vulnerability allows attackers who know at least one username on the panel to take over the underlying servers The attack bypasses authentication and proofofconcept code is available onlineppSAP GUI Client vulnerabilities Security firm Pathlock has published a writeup on two bugs it found in the SAP GUI ClientppSynology app leak A leaked secret in a Synology Microsoft 365 app could have allowed threat actors to access the Azure cloud data of any of the apps usersppTeammate Leonid discovered a leaked credential that allowed anyone unauthorized access to all Microsoft tenants of orgs that use Synologys Active Backup for Microsoft 365 ABM including sensitive data like Teams channel messages
synology disclosure modzero
modzerocomenblogwhenppThreattrend reports Bitdefender ESET GitHub GuidePoint and Interpol have recently published reports and summaries covering various infosec trends and industry threatsppNIS2 guidance ENISA has published new guidance to support the implementation of the EU NIS2 DirectiveppNew toolRIFT Microsoft has opensourced RIFT or the Rust Interactive Function Tool a toolkit to assist reverse engineers in identifying library code in Rust malware The code is also on GitHubppNew toolOrange Me2eets Cloudflare has opensourced Orange Me2eets a new demo app to support endtoend encrypted video calling The apps code is also on GitHubppBSides Seattle 2025 videos Talks from the BSides Seattle 2025 security conference which took place in April are available on YouTubeppBSides Tampa 2025 videos Talks from the BSides Tampa 2025 security conference which took place in May are available on YouTubeppNullcon Goa 2025 videos Talks from the Nullcon Goa 2025 security conference which took place at the start of March are available on YouTubeppIn this edition of Seriously Risky Business Tom Uren and Patrick Gray talk about a new report that compares Chinese and American 0day pipelines The US is narrowly focused on acquiring exquisitely stealthy and reliable exploits while China casts a far broader net That was fine in the past but as 0days get harder and harder to find the report argues that the US needs to change the way it goes about getting themppIn this edition of Between Two Nerds Tom Uren and The Grugq dive into the motivations and actions of Predatory Sparrow a purported hacktivist group that has been attacking Iran for the last five years and has leaped into the IranIsrael workppIn other news SEC and SolarWinds seek settlement CM hack linked to malicious insider Luis Vuitton discloses breachppIn other news FBI investigates ransomware negotiator Spain arrests government hackers hackers steal 185 million from Brazilian financial institutionsppYour weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Patrick Gray Its supported by Lawfare with help from the William and Flora Hewlett Foundation This weeks edition is sponsored by Sandfly Security
You can hear a podcast discussion ofppIn other news The ICC discloses security breach US dismantles 29 DPRK laptop farms Chinese student gets jailed in the UK for SMS blasting in Londonpp
Risky Business publishes cybersecurity newsletters and podcasts for security professionals
ppp