Risky Business #737 -- LockBit gets absolutely rekt

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

• LockBit has been taken down by law enforcement
• Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON
• GRU gets its Moobot network shutdown
• Signal adding usernames is… complicated
• Much, much more

In this week’s sponsor interview Devicie’s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There’s an expectation out there that Windows policies are set and forget, but sadly, this is not so.

Show notes

• Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates – Krebs on Security
• Law enforcement disrupt world’s biggest ransomware operation
• Shanghai Anxun’s information is unreliable and is a trap for national government agencies.
• China spy agency renews foreign cyber intelligence warning after data breaches
• US Justice Department says it disrupted Russian intelligence hacking network | Reuters
• Several Ukrainian media outlets attacked by Russian hackers
• Polish PM says previous ruling party used Pegasus spyware against ‘very long’ list of victims
• Hackers are targeting Asian bank accounts using stolen facial recognition data
• Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private | WIRED
• Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529
• “the "AB" trigger has similar vibes to the Unreal IRCd and ProFTPD backdoors of the same timeframe.”
• FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING
• CVSS 10 RCE in Screen Connect
• National Security Agency Announces Retirement of Cybersecurity Director
• Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard