Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Australian airline Qantas looks like it got a Scattered Spider-ing
• Microsoft works towards blunting the next CrowdStrike disaster
• Changes are coming for Microsoft’s default enterprise app consenting setup
• Synology downplays hardcoded passwords for its M365 cloud backup agent
• The next Citrix Netscaler memory disclosure looks nasty
• Drug cartels used technical surveillance to find, fix and finish FBI informants and witnesses

This week’s episode is sponsored by RAD Security. Co-founder Jimmy Mesta joins to talk through how they use AI automation to assess the security posture of sprawling cloud environments.

This episode is also available on Youtube.

Show notes

• Qantas hit by cyber attack, leaving 6 million customer records at risk of data breach
• Scattered Spider appears to pivot toward aviation sector | Cybersecurity Dive
• Microsoft to make Windows more resilient following 2024 IT outage | Cybersecurity Dive
• (384) The Ultimate Guide to App Consent in Microsoft Entra - YouTube
• When Backups Open Backdoors: Accessing Sensitive Cloud Data via "Synology Active Backup for Microsoft 365" / modzero
• AT&T deploys new account lock feature to counter SIM swapping | CyberScoop
• Iran-linked hackers threaten to release Trump aides' emails | Reuters
• US government warns of new Iran-linked cyber threats on critical infrastructure | Cybersecurity Dive
• Actively exploited vulnerability gives extraordinary control over server fleets - Ars Technica
• Critical vulnerability in Citrix Netscaler raises specter of exploitation wave | Cybersecurity Dive
• Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams | WIRED
• Cloudflare confirms Russia restricting access to services amid free internet crackdown | The Record from Recorded Future News
• Mexican drug cartel used hacker to track FBI official, then killed potential FBI informants, government audit says | CNN Politics
• Audit of the FBI's Efforts to Mitigate the Effects of Ubiquitous Technical Surveillance - Redacted Report
• NATO members aim for spending 5% of GDP on defense, with 1.5% eligible for cyber | The Record from Recorded Future News
• US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations | CyberScoop
• US, French authorities confirm arrest of BreachForums hackers | TechCrunch
• Spanish police arrest five over $542 million crypto investment scheme | The Record from Recorded Future News
• Scam compounds labeled a 'living nightmare' as Cambodian government accused of turning a blind eye | The Record from Recorded Future News