Risky Business #785 -- Signal-gate is actually as bad as it looks
Mar 26, 2025
auto_awesome
HD Moore, founder of RunZero and a network vulnerability scanning expert, joins to discuss the recent chaos in cybersecurity. He highlights the absurdity of a security breach involving the Trump administration mistakenly including a journalist in sensitive discussions. The conversation also delves into the shortcomings of traditional vulnerability management and what he's doing to revitalize network scanning. Additionally, they explore recent cyber incidents, from GitHub supply chain attacks to Kubernetes vulnerabilities, pushing the urgency for robust security solutions.
The recent inclusion of a journalist in a U.S. military planning Signal group raises significant concerns about governmental communication protocols and encryption practices.
RunZero is revitalizing network vulnerability scanning by focusing on unfiltered identification of vulnerabilities across devices, addressing gaps left by traditional methods.
A reported data breach at Oracle Cloud, potentially impacting millions of records, underscores the urgent need for robust security measures in cloud services.
Deep dives
RunZero's Vulnerability Scanning Revolution
RunZero is introducing a new approach to vulnerability scanning, filling a significant gap left by traditional providers. The platform allows users to direct a scanner towards an IP range, offering insights that prioritize critical vulnerabilities, particularly those that often go unreported. Unlike conventional vulnerability scanners, which primarily rely on authenticated scans and endpoint checks, RunZero emphasizes unfiltered identification of vulnerabilities across networked devices. This reinstitution of old scanning practices aims to provide organizations clarity on their security posture across diverse networks.
Signal Group Chat Controversy
A major scandal erupted when key U.S. government officials inadvertently included a journalist in a military planning group chat on Signal. The involvement of this journalist led to questions about national security and the appropriateness of using encrypted messaging platforms for sensitive discussions. Notably, the coverage of this incident has highlighted the existence of similar group chats likely running under the radar, raising concerns about potential unregulated practices within governmental communication. The implications of this misuse point to a pressing need for reform in how such conversations are handled and documented.
Security Vulnerabilities in Cloud Configurations
Security researchers revealed critical vulnerabilities within Kubernetes clusters, especially related to the NGINX ingress controller. This vulnerability could potentially allow attackers to execute arbitrary code within a privileged environment, posing a serious threat to cloud-based applications. The research underscores the importance of ensuring that cloud-native applications maintain strict configuration protocols to safeguard against external attacks. As cloud infrastructure becomes increasingly critical to operations, the need for diligent configuration management and vulnerability assessments grows.
Data Breach at Oracle Cloud
A significant data breach at Oracle Cloud has come to light, affecting approximately six million records across thousands of tenants. Researchers from CloudSec indicated that sensitive credential information, including Java keystore files, may have been accessed, leading to severe security concerns. Oracle's initial denial of the breach contrasts sharply with evidence from researchers who correlated leaked data back to confirmed credentials belonging to actual clients. This incident highlights the critical importance of data security within cloud services and the potential repercussions for organizations utilizing these platforms.
The Fallout from 23andMe's Bankruptcy
The recent bankruptcy filing by 23andMe has raised concerns regarding the fate of genetic data belonging to millions of users. As the company seeks new ownership, experts warn about the implications of losing control over sensitive personal information. Users are urged to delete their accounts in order to remove their genetic data while they still can, with fears that improper usage could lead to ethically dubious applications of such data. This situation exemplifies the challenges presented by data privacy in a digital age, especially when personal genomics intersect with commercial interests.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group
The Github actions hack is smaller than we thought, but was targeting crypto
Remote code exec in Kubernetes, ouch
Oracle denies its cloud got owned, but that sure does look like customer keymat
Taiwanese hardware maker Clevo packs its private keys into bios update zip
US Treasury un-sanctions Tornado Cash, party time in Pyongyang?
This week’s episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how network vulnerability scanning has atrophied, and what he’s doing to bring it back en vogue. Do you miss early 2000s Nessus? HD knows it, he’s got you fam.