Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
- Github Actions supply chain attack loots keys and secrets from 23k projects
- Why a VC fund now owns a minority stake in Risky Business Media (!?!?)
- China doxes Taiwanese military hackers
- Microsoft thinks .lnk file whitespace trick isn’t worth patching but APTs sure love it
- CISA delivers government efficiency by re-hiring fired staff… to put them on paid leave
- …and Google acquires Wiz for $32bn
This week’s show is sponsored by Zero Networks, and they have sent along a happy customer to talk about their experience. Aaron Steinke is Head of Infrastructure at La Trobe Financial, an asset management firm in Australia. Aaron talks through bringing modern zero-trust goodness to the reality of a technology environment that’s been around 40 years.
This episode is also available on Youtube.
Show notes
- Risky Bulletin: GitHub supply chain attack prints everyone's secrets in build logs - Risky Business Media
- China says Taiwan's military is behind PoisonIvy APT
- China identifies Taiwanese hackers allegedly behind cyberattacks and espionage | The Record from Recorded Future News
- Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds | The Record from Recorded Future News
- Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop
- Poisoned Windows shortcuts found to be a favorite of Chinese, Russian, N. Korean state hackers | The Record from Recorded Future News
- 'Mora_001' ransomware gang exploiting Fortinet bug spotlighted by CISA in January | The Record from Recorded Future News
- Black Basta uses brute-forcing tool to attack edge devices | Cybersecurity Dive
- Alleged Russian LockBit developer extradited from Israel, appears in New Jersey court | The Record from Recorded Future News
- CISA works to contact probationary employees for reinstatement after court order - Nextgov/FCW
- ‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge | WIRED
- The Wiretap: CISA Staff Are Cautiously Optimistic About Trump’s Pick For Director
- White House instructs agencies to avoid firing cybersecurity staff, email says | Reuters
- Signal no longer cooperating with Ukraine on Russian cyberthreats, official says | The Record from Recorded Future News
- Telegram CEO Pavel Durov allowed to leave France amid investigation
- Appellate court upholds sentence for former Uber cyber executive Joe Sullivan | The Record from Recorded Future News
- Google buys cloud security provider Wiz for $32 billion | The Record from Recorded Future News
- Pat Gray, Founder of Risky Business, Joins Decibel as Founder Advisor - Decibel