Risky Business #819 -- Venezuela (credibly?!) blames USA for wiper attack

In the final show of 2025, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• React2Shell attacks continue, surprising no one
• The unholy combination of OAuth consent phishing, social engineering and Azure CLI
• Venezuela’s state oil firm gets ransomware’d, blames US… but what if it really is a US cyber op?!
• Russian junk-hacktivist gets indicted for cybering critical… err… a car wash and a fountain
• Microsoft finally turns RC4 off by default in Active Directory Kerberos
• Traefik’s TLS verify=on … turns it off, whoopsie 🤡

This week’s episode is sponsored by Sublime Security, makers of an email filtering solution that’s up for dealing with modern problems. Founder and CEO Josh Kamdjou joins to talk about calendar invite phishing, and the extra steps they’ve had to take to reach into people’s calendars and fix the mess.

The Risky Business weekly show is taking holiday break, and will return on 14 January for its twentieth year! Good luck out there, internet friends.

This episode is also available on Youtube.

Show notes

• React2Shell attacks expand widely across multiple sectors | Cybersecurity Dive
• React issues new patches after security researchers flag additional flaws | Cybersecurity Dive
• ConsentFix: Browser-native ClickFix hijacks OAuth grants
• Hacking Endpoint to Identity (Microsoft 365): "ConsentFix" - YouTube
• Announced pick for No. 2 at NSA won’t get the job as another candidate surfaces | The Record from Recorded Future News
• Laura Loomer on X: "EXCLUSIVE: 🚨 White House Official Confirms Ongoing Search for NSA Deputy Director As Tim Kosiba's Deep State And Anti-Trump Ties Raise Red Flags 🚨"
• Senior official at Indo-Pacific Command is set to be Trump’s pick to lead Cyber Command, NSA | The Record from Recorded Future News
• Trump Administration Turning to Private Firms in Cyber Offensive - Bloomberg
• PdV says cyber attacks contained | Latest Market News
• Venezuela state oil company blames cyberattack on US after tanker seizure | The Record from Recorded Future News
• Office of Public Affairs | Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups | United States Department of Justice
• DOJ, CISA warn of Russia-linked attacks targeting meat processing plants, nuclear regulatory entities and other critical infrastructure | The Record from Recorded Future News
• vx-underground on X: "The United States government has indicted a state-sponsored Threat Actor named Victoria Eduardovna Dubranova"
• vx-underground on X: "I'm actually laughing. One of the compromises is so dumb"
• German parliament suffers suspected cyber attack during Zelenskyy’s visit
• Während Selenskyj-Besuch: Große Internet-Störung im Bundestag! | Politik | BILD.de
• Germany summons Russian ambassador over cyberattack, election disinformation | The Record from Recorded Future News
• Russische hackgroep had toegang tot openbare waterfontein in Nederland | de Volkskrant
• Most Parked Domains Now Serving Malicious Content – Krebs on Security
• PornHub extorted after hackers steal Premium member activity data
• Office of Public Affairs | Senior Manager for Government Contractor Charged in Cybersecurity Fraud Scheme | United States Department of Justice
• Microsoft will finally kill obsolete cipher that has wreaked decades of havoc - Ars Technica
• CVE-2025-66491: Traefik's "Verify=On" Turned TLS Off | AISLE
• Dylan O'Donnell 🦋 on X: "This week I was rushed to hospital with a diagnosis of oesophageal cancer."