Exploiting Bugs and Vulnerabilities in North Korea and Microsoft Services

On this week’s show Patrick Gray and Adam Boileau are joined by long-time NSA boffin Rob Joyce. Now Rob’s left the government service, he’s hobnobbing with us pundits, talking through the week’s news:

• Apple announces a big leap for confidential cloud computing into the mass market
• While at the same time, letting you just mosey around your iPhone from your Mac
• Mandiant reports in about the Snowflake breach
• Moody’s say credit ratings might consider cyber incidents
• Microsoft fixes an Azure flaw with a… “comprehensive documentation update”
• And much, much more.

This week’s show is sponsored by Yubico, maker of the Yubikey hardware authentication token. Jerrod Chong, Yubico’s COO and President joins to talk about the challenges of the passkey and hardware authenticator ecosystem.

Show notes

• Apple makes a password manager play in a heavily targeted market | Cybersecurity Dive
• macOS Sequoia takes productivity and intelligence on Mac to new heights - Apple
• The Wiretap: Apple’s AI Announcement Promises Big Security Boosts–Not Everyone Is Convinced
• Matthew Green on X: "Ok there are probably half a dozen more technical details in the blog post. It’s a very thoughtful design. Indeed, if you gave an excellent team a huge pile of money and told them to build the best “private” cloud in the world, it would probably look like this. 14/" / X
• Risky Biz News: Microsoft budges on Windows 11 Recall
• Tenable finds an Azure flaw, Microsoft calls it a feature • The Register
• LendingTree confirms that cloud services attack potentially affected subsidiary
• Hackers steal “significant volume” of data from hundreds of Snowflake customers | Ars Technica
• 7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope | Ars Technica
• Urgent call for O-type blood donations following London hospitals ransomware attack
• Darknet site for Qilin gang, suspected in London hospitals ransomware attack, goes down
• Cyberattacks pose mounting risks to creditworthiness: Moody’s | Cybersecurity Dive
• Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
• FCC moves ahead on internet routing security rules | CyberScoop
• House Republicans propose eliminating funding for election security | CyberScoop
• New DJI policy: No flight record syncing for US drone pilots
• Semiconductor giants Nvidia and Arm warn of new flaws in their graphics processors
• Critical PHP CVE is under attack — research shows it’s easy to exploit | Cybersecurity Dive
• A US Company Enabled a North Korean Scam That Raised Money for WMDs | WIRED