On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• CSRB to investigate China’s telco-wiretapping hacks
• Euro law enforcement takes down the Redline infostealer
• Someone steals Fed crypto… and then tries to quietly sneak it back in
• Russia sentences REvil guys to … jail? Really?
• Apple private cloud compute gets a proper bug bounty program
• And much, much more.

This week’s episode is sponsored by Material Security, who help navigate the mess of cloud productivity data security. Daniel Ayala - Chief Security and Trust Officer at Dotmatics - is a Material customer, and joins Pat and Material Security’s Rajan Kapoor to talk about how to wrangle securing data that ends up in corporate cloud email and file stores.

This episode is also available on Youtube.

Show notes

• Apple 10 day certificates
• Chinese hackers said to have collected audio of American calls
• U.S. Panel to Probe Cyber Failures in Massive Chinese Hack of Telecoms
• How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware
• Operation Magnus
• Hacker Returns $19.3 Million to Drained US Government Crypto Wallet
• Meet ZachXBT, the Masked Vigilante Tracking Down Billions in Crypto Scams and Thefts | WIRED
• Radar systems in Iran breached prior to Israel's Saturday counter-strike - report
• Delta sues CrowdStrike after widespread IT outage that caused thousands of cancellations
• Tens of thousands of taxpayer accounts hacked as CRA repeatedly paid out millions in bogus refunds
• Microsoft CEO asked board to cut pay in connection with security overhaul | Cybersecurity Dive
• Four REvil members sentenced to more than four years in prison
• Russia says it might build its own Linux community after removal of several kernel maintainers
• Nigerian court drops charges against detained Binance executive Tigran Gambaryan
• Apple will pay security researchers up to $1 million to hack its private AI cloud | TechCrunch
• SonicWall firewalls the common access point in spreading ransomware campaign | Cybersecurity Dive
• Fortinet zero-day attack spree hits at least 50 customers | Cybersecurity Dive
• Cisco warns actively exploited CVE can lead to DoS attacks against VPN services | Cybersecurity Dive
• Chinese influence operation targets US down-ballot races, Microsoft says | Reuters
• Exclusive: Accused Iranian hackers successfully peddle stolen Trump emails | Reuters
• Viral video of ripped-up Pennsylvania ballots is fake and Russian-made, intelligence agencies say
• Product Demo: Securing M365 and Google Workspace with Material Security