Navigating Linux Security Challenges in Critical Infrastructure

Risky Business returns for its 19th year! Patrick Gray and Adam Boileau discuss the week’s cybersecurity news and there is a whole bunch of it. They discuss:

• The incoming Trump administration guts the CSRB
• Biden’s last cyber Executive Order has sensible things in it
• China’s breach of the US Treasury gets our reluctant admiration
• Ross Ulbricht - the Dread Pirate Roberts of Silk Road fame - gets his Trump pardon
• New year, same shameful comedy Forti- and Ivanti- bugs
• US soldier behind the Snowflake hacks faces charges after a solid Krebs-ing
• And much, much (much! after a month off) more.

This week’s episode is sponsored by Sandfly Security, who make a Linux EDR solution. Founder Craig Rowland joins to talk about how the Linux ecosystem struggles with its lack of standardised approaches to detection and response. If you’ve got a telco full of unix, and people are asking how much Salt Typhoon you’ve got in there… Sandfly’s tools are probably what you’re looking for.

If you like your Business like us… - Risky - then we’re hiring! We’re looking for someone to help with audio and video production for our work, manage our socials, and if you’re also into the Cybers… even better. Position is remote, with a preference for timezones amenable to Australia/NZ. Drop us a line: editorial at risky.biz.

This episode is also available on Youtube.

Show notes

• POLITICO Pro | Article | Acting DHS chief ousts CSRB experts, other department advisers
• Treasury’s sanctions office hacked by Chinese government, officials say
• Strengthening America’s Resilience Against the PRC Cyber Threats | CISA
• AT&T, Verizon say they evicted Salt Typhoon from their networks
• Risky Bulletin: Looking at Biden's last cyber executive order - Risky Business
• Internet-connected devices can now have a label that rates their security | Reuters
• US sanctions prominent Chinese cyber company for role in Flax Typhoon attacks
• FCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defense bill
• CIA nominee tells Senate he, too, wants to go on cyber offense | CyberScoop
• Trump tells Justice Department not to enforce TikTok ban for 75 days
• Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices | The Record from Recorded Future News
• Unpacking WhatsApp’s Legal Triumph Over NSO Group | Lawfare
• Time to check if you ran any of these 33 malicious Chrome extensions
• Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - Arctic Wolf
• Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware
• Researchers warn of active exploitation of critical Apache Struts 2 flaw
• DOJ deletes China-linked PlugX malware off more than 4,200 US computers
• Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers | The Record from Recorded Future News
• Ukraine restores state registers after suspected Russian cyberattack | The Record from Recorded Future News
• Hackers claim to breach Russian state agency managing property, land records | The Record from Recorded Future News
• U.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security