Risky Business #767 – SEC fines Check Point, Mimecast, Avaya and Unisys over hacks

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• SEC fines tech firms for downplaying the Solarwinds hacks


• Anonymous Sudan still looks and quacks like a Russian duck


• Apple proposes max 10 day TLS certificate life


• Oopsie! Microsoft loses a bunch of cloud logs


• Veeam and Fortinet are bad and should feel bad


• North Koreans are good (at hacking)


• And much, much more.

This week’s episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember joins to talk about their work keeping up with prolific threat actor SocGholish.

This episode is also available on Youtube.

Show notes

• Four cyber companies fined for SolarWinds disclosure failures



• U.S. charges Sudanese men with running powerful cyberattack-for-hire gang



• Hacker Charged With Seeking to Kill Using Cyberattacks on Hospitals | WIRED



• Risky Biz News: Anonymous Sudan's Russia Links Are (Still) Obvious



• Microsoft confirms partial loss of security log data on multiple platforms | Cybersecurity Dive



• Risky Biz News: Apple wants to reduce the lifespan of TLS certificates to 10 days



• Encrypted Chat App ‘Session’ Leaves Australia After Visit From Police



• Crypto platform Radiant Capital says $50 million in digital coins stolen following account compromises



• North Korean hackers use newly discovered Linux malware to raid ATMs - Ars Technica



• Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach – Krebs on Security



• Here’s how SIM swap in alleged bitcoin pump-and-dump scheme worked - Ars Technica



• Critical Veeam CVE actively exploited in ransomware attacks | Cybersecurity Dive



• FortiGate admins report active exploitation 0-day. Vendor isn’t talking. - Ars Technica



• Hackers reportedly impersonate cyber firm ESET to target organizations in Israel



• The latest in North Korea’s fake IT worker scheme: Extorting the employers