Risky Business #741 -- The Mintlify breach and modern supply chains

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Turns out AI is still bad code review after all,
• Mintlify loses a bunch of Github tokens,
• Everything old is new again with the UDP loop DoS,
• Know-your-(recon satellite)-customer is hard,
• Microsoft takes away Russia’s powershell, solving living off the land,
• And much, much more

This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft.

Show notes

• Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim
• Incident report on March 13, 2024 - Mintlify
• Loop DoS: New Denial-of-Service attack targets application-layer protocols
• State of IP Spoofing
• Pharmaceutical development company investigating cyberattack after LockBit posting
• Exclusive: After LockBit’s takedown, its purported leader vows to hack on
• Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News
• A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic
• Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters
• Elon Musk’s SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ
• Russians will no longer be able to access Microsoft cloud services, business intelligence tools
• Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News
• Researchers spot updated version of malware that hit Viasat | CyberScoop
• Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
• PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA
• US is still chasing down pieces of Chinese hacking operation, NSA official says
• 875 workers rescued in Tarlac POGO raid | Philippine News Agency
• Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica
• Mike Lindell must pay a Nevada man after election data dispute - The Washington Post