In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news.

• Microsoft honks its clown car horn
• Australia’s hounds, released, catch their man
• The beginning of the end for Scattered Spider
• SEC was SIM swapped but had MFA off any way
• Ivanti learns a lesson…
• … while Progress does not
• and much more

DHS undersecretary for policy and Cyber Safety Review Board head Rob Silvers is this week’s feature guest. He joins the show to talk about how the CSRB handles possible conflicts of interests from board members with industry day jobs.

In this week’s sponsor interview Resourcely’s founder Travis McPeak talks about why we need to help developers with “paved roads” instead of relying on dashboard products to tell us when things have gone wrong.

Show notes

• Microsoft network breached through password-spraying by Russia-state hackers | Ars Technica
• Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard | MSRC Blog | Microsoft Security Response Center
• Medibank cyber attack: The weakness that saw Medibank hacker Aleksandr Ermakov exposed | Exclusive
• Russian man identified as Medibank hacker, hit with sanctions by Australian government - ABC News
• Middle District of Florida | Palm Coast Man Arrested For Wire Fraud And Aggravated Identity Theft Charges | United States Department of Justice
• SEC.gov | SECGov X Account
• Owner of BreachedForums sentenced to time served plus 20 years supervised release with special conditions
• CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities | Cybersecurity Dive
• Ivanti Connect Secure exploitation accelerates as Moody’s calls impact credit negative | Cybersecurity Dive
• Progress Software shakes off MOVEit’s financial consequences, maintains customers | Cybersecurity Dive
• Cyberattack on Ukraine’s largest telecom provider will cost it about $100 million
• Ransomware attacks leave small business owners feeling suicidal, report says
• Canadian Man Stuck in Triangle of E-Commerce Fraud – Krebs on Security
• Experts call for US Cyber Safety Review Board rethink • The Register