Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• We roll our eyes over the “16 billion credentials” leak hitting mainstream news
• Some interesting cyber angles emerge from the conflict in Iran
• Opensource maintainer of libxml2 is fed up with this hacker crap
• Shockingly, there are yet more ways to trick people into pasting commands into Windows
• Veeam “patches” its backup software RCE like it’s 2002 … by breaking the public PoC

This week’s episode is sponsored by Internet-wide honeypot reconnaissance platform, Greynoise. Founder Andrew Morris joins to talk about their journey spotting Chinese ORB-builders hacking thousands of ASUS routers, and why they’re destined for the woodchipper.

This episode is also available on Youtube.

Show notes

• No, the 16 billion credentials leak is not a new data breach
• Canadian telecom hacked by suspected China state group - Ars Technica
• Telecom giant Viasat breached by China's Salt Typhoon hackers
• WarTranslated on X: "Iran’s jamming GPS in the Strait of Hormuz, messing with ~970 ships, per Windward. UKMTO confirms the interference. Faulty AIS coordinates are screwing up navigation in the Persian Gulf. The IRGC threatens to shut the strait down in hours. https://t.co/kdMJvshOGC" / X
• Dmitri Alperovitch on X: "Chairman of the Joint Chiefs Gen. Dan Caine says @US_CYBERCOM supported this strike mission" / X
• Top Pentagon spy pick rejected by White House - POLITICO
• DHS warns of heightened cyber threat as US enters Iran conflict | Cybersecurity Dive
• Exclusive: Early US intel assessment suggests strikes on Iran did not destroy nuclear sites, sources say
• U.S. braces for Iran's response after overnight strikes on nuclear sites
• Assessing the Damage to Iran’s Nuclear Program
• Iran Hacks Tirana Municipality in Retaliation Over MEK - Tirana Times
• Iran's government says it shut down internet to protect against cyberattacks | TechCrunch
• Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry | Cybersecurity Dive
• Tonga Ministry of Health hit with cyberattack affecting website, IT systems | The Record from Recorded Future News
• Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US | The Record from Recorded Future News
• Russia releases REvil members after convictions for payment card fraud | The Record from Recorded Future News
• OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys - SpecterOps
• Triaging security issues reported by third parties (#913) · Issue · GNOME/libxml2
• README: Set expectations straight (35d04a08) · Commits · GNOME / libxml2 · GitLab
• What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | Google Cloud Blog
• FileFix - A ClickFix Alternative | mr.d0x
• Address bar shows hp.com. Browser displays scammers’ malicious text anyway. - Ars Technica
• Researchers urge vigilance as Veeam releases patch to address critical flaw | Cybersecurity Dive
• ASUSpicious Flaw - Millions of Users’ Information Exposed Since 2022 | MrBruh's Epic Blog
• Perth dad who created ‘evil twin’ Wi-Fi did so to access pictures of women
• GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers