Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• We roll our eyes over the “16 billion credentials” leak hitting mainstream news


• Some interesting cyber angles emerge from the conflict in Iran


• Opensource maintainer of libxml2 is fed up with this hacker crap


• Shockingly, there are yet more ways to trick people into pasting commands into Windows


• Veeam “patches” its backup software RCE like it’s 2002 … by breaking the public PoC

This week’s episode is sponsored by Internet-wide honeypot reconnaissance platform, Greynoise. Founder Andrew Morris joins to talk about their journey spotting Chinese ORB-builders hacking thousands of ASUS routers, and why they’re destined for the woodchipper.

This episode is also available on Youtube.

Show notes

• No, the 16 billion credentials leak is not a new data breach
  



• Canadian telecom hacked by suspected China state group - Ars Technica
  



• Telecom giant Viasat breached by China's Salt Typhoon hackers
  



• WarTranslated on X: "Iran’s jamming GPS in the Strait of Hormuz, messing with ~970 ships, per Windward. UKMTO confirms the interference. Faulty AIS coordinates are screwing up navigation in the Persian Gulf. The IRGC threatens to shut the strait down in hours. https://t.co/kdMJvshOGC" / X
  



• Dmitri Alperovitch on X: "Chairman of the Joint Chiefs Gen. Dan Caine says @US_CYBERCOM supported this strike mission" / X
  



• Top Pentagon spy pick rejected by White House - POLITICO
  



• DHS warns of heightened cyber threat as US enters Iran conflict | Cybersecurity Dive
  



• Exclusive: Early US intel assessment suggests strikes on Iran did not destroy nuclear sites, sources say
  



• U.S. braces for Iran's response after overnight strikes on nuclear sites
  



• Assessing the Damage to Iran’s Nuclear Program
  



• Iran Hacks Tirana Municipality in Retaliation Over MEK - Tirana Times
  



• Iran's government says it shut down internet to protect against cyberattacks | TechCrunch
  



• Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry | Cybersecurity Dive
  



• Tonga Ministry of Health hit with cyberattack affecting website, IT systems | The Record from Recorded Future News
  



• Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US | The Record from Recorded Future News
  



• Russia releases REvil members after convictions for payment card fraud | The Record from Recorded Future News
  



• OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys - SpecterOps
  



• Triaging security issues reported by third parties (#913) · Issue · GNOME/libxml2
  



• README: Set expectations straight (35d04a08) · Commits · GNOME / libxml2 · GitLab
  



• What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | Google Cloud Blog
  



• FileFix - A ClickFix Alternative | mr.d0x
  



• Address bar shows hp.com. Browser displays scammers’ malicious text anyway. - Ars Technica
  



• Researchers urge vigilance as Veeam releases patch to address critical flaw | Cybersecurity Dive
  



• ASUSpicious Flaw - Millions of Users’ Information Exposed Since 2022 | MrBruh's Epic Blog
  



• Perth dad who created ‘evil twin’ Wi-Fi did so to access pictures of women
  



• GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers