Risky Business

Risky Business #739 -- ALPHV exit scams while Change Healthcare burns

Mar 5, 2024

This podcast discusses the aftermath of a healthcare ransomware attack, including a hefty payment to AlphaV and an exit scam. They explore memory safety in cybersecurity, the urgency for improved security measures after a breach, and enhancing security with continuous access evaluation profiles. Additionally, they address stability in identity infrastructure administration and highlight the importance of strong authentication measures at the IDP level.

59:25

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Memory corruption remains a prevalent vulnerability despite emphasis on memory safety in severe bugs.

ConnectWise's critical security flaw allowed system code execution through bypassing access controls via URL manipulation.

SMS-based two-factor authentication poses risks as demonstrated by YX International's exposed text message database, highlighting vulnerabilities in the security method.

Deep dives

Memory Safety Bugs Still Prevail

Despite the prevalence of memory safety issues in severe bugs, many vulnerabilities in the wild leverage memory corruption issues, highlighting the importance of using memory-safe languages.

Introduction

2min

The Aftermath of a Healthcare Ransomware Attack

25min

Memory Safety in Cybersecurity

10min

Security Breach and Urgency for Improved Security Measures

3min

Exploring Stability and Authentication Context in Identity Infrastructure Administration

2min

Enhancing Security with Continuous Access Evaluation Profile

7min

Enhancing Security Measures and Awareness in IDP Authentication

11min

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response
Predator spyware maker getting a stern sanctioning
A German military WebEx meeting gets snooped
Mem-corrpution is still king
And much, much more

In this week’s sponsor interview Patrick Gray speaks to Karl McGuinness, Okta’s chief architect, about some new security improvements they’ve built into their IDP.

Show notes

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Risky Business

Risky Business #739 -- ALPHV exit scams while Change Healthcare burns

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Memory Safety Bugs Still Prevail

ConnectWise Exploit Exposes Vulnerability

SMS2FA Vulnerabilities

Octa's Efforts to Improve Security Posture

Continuous Access Evaluation Profile and Proof of Possession Tokens

Show notes

Remember Everything You Learn from Podcasts