Risky Business #729 -- Why patching faster won't save us

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Iran-linked attacks on US water infrastructure
• Why the ownCloud bug isn’t the end of the world
• The D-Link 0day that… never existed?
• In defence of Okta
• Much, much more

This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of Cybersecurity Strategy, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

• CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks | Cybersecurity Dive
• North Texas water utility the latest suspected industrial ransomware target | Cybersecurity Dive
• Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks
• ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica
• Staples hit by cyberattack during critical Cyber Week sales push | Cybersecurity Dive
• New Jersey, Pennsylvania hospitals affected by cyberattacks
• 60 credit unions facing outages due to ransomware attack on popular tech provider
• HHS warns of ‘Citrix Bleed’ attacks after hospital outages
• Payments processor Tipalti investigating ransomware attack | Cybersecurity Dive
• CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop
• Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers | CISA
• Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says
• Latest severe Chrome bug prompts CISA warning
• Google researchers report critical 0-days in Chrome and all Apple OSes | Ars Technica
• Okta again promises it is taking security seriously | Cybersecurity Dive
• Okta: Breach Affected All Customer Support Users – Krebs on Security
• Russian and Chinese interference networks are ‘building audiences’ ahead of 2024, warns Meta
• Meta says it broke up Chinese influence operation looking to exploit U.S. political divisions
• Clandestine online operations now require sign-off by senior officials - The Washington Post
• Feds seize Sinbad crypto mixer allegedly used by North Korean hackers | TechCrunch
• US sanctions North Korean ‘Kimsuky’ hackers after surveillance satellite launch
• ‘Fugitive’ Spanish aristocrat behind North Korea cryptocurrency conference arrested
• Used by only a few nerds, Facebook kills PGP-encrypted emails | TechCrunch