On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:

• Brazil’s supreme court bans X-formerly-Twitter,
• Iranian cyber teams cooperate with ransomware crews
• While North Koreans wield chrome-windows 0-day
• Yubikey cloning attack is impressive, but doesn’t have us binning our keys quite yet
• The White House is coming for your unsigned BGP announcements
• And much, much more.

This week’s episode is sponsored by Okta, and specifically their Identity Security Posture Management product. Okta recently acquired Spera Security, and co-founder Ariel Kadyshevitch joins to talk through the messy reality of modern identity. Pat even gets the giggles at how terrible everything is!

You can also watch this episode on Youtube.

Show notes

• Brazil X ban: Top court judges uphold block of Musk's platform
• Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA
• Malicious North Korean packages appear again in open source code repository
• North Korean threat actor Citrine Sleet exploiting Chromium zero-day | Microsoft Security Blog
• SEC.gov | SEC Charges Transfer Agent Equiniti Trust Co. with Failing to Protect Client Funds Against Cyber Intrusions
• Chinese ‘Spamouflage’ operatives are mimicking disillusioned Americans online
• Researchers uncover ‘SlowTempest’ espionage campaign within China
• City of Columbus sues man after he discloses severity of ransomware attack | Ars Technica
• Bypassing airport security via SQL injection
• Cyberattack hits agency responsible for London’s transport network
• German air traffic control agency confirms cyberattack, says operations unaffected
• White House calls attention to ‘hard problem’ of securing internet traffic routing
• Cambodian scam giant handled $49 billion in crypto transactions since 2021, researchers say
• YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica
• CrowdStrike takes a revenue hit as global IT outage reckoning lingers | Cybersecurity Dive
• Owners of 1-Time Passcode Theft Service Plead Guilty – Krebs on Security