Risky Business #757 – The ClownStrike cleanup continues

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:

• The insurance industry’s reaction to CrowdStrike’s mess
• Google’s Workspace email validation flaw and its consequences for OAuth’d applications
• Is the VMWare ESX group membership feature a CVE or an FYI?
• Secureboot continues to under-deliver
• North Korea’s revenue neutral intelligence services
• And much, much more

This episode is sponsored by allowlisting software vendor Airlock Digital. Airlock uses a kernel driver on Windows, so Chief Executive David Cottingham joined to discuss what the CrowdStrike kernel driver bug drama means for security vendors.

This episode is also available on Youtube. If you want to ruin the magic of radio and see the faces behind the show, well, now you can!

Show notes

• Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption | Cybersecurity Dive
• Delta hires David Boies to seek damages from CrowdStrike, Microsoft
• CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds | Cybersecurity Dive
• (1145) Why CrowdStrike's Baffling BSOD Disaster Was Avoidable - YouTube
• CrowdStrike offers a $10 apology gift card to say sorry for outage | TechCrunch
• Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security
• Hackers exploit VMware vulnerability that gives them hypervisor admin | Ars Technica
• Microsoft calls out apparent ESXi vulnerability that some researchers say is a ‘nothing burger’ | CyberScoop
• AMI Platform Key leak undermines Secure Boot on 800+ PC models
• Chrome will now prompt some users to send passwords for suspicious files | Ars Technica
• Google Online Security Blog: Improving the security of Chrome cookies on Windows
• A Senate Bill Would Radically Improve Voting Machine Security | WIRED
• U.S. told Philippines it made ‘missteps’ in secret anti-vax propaganda effort | Reuters
• Cyber firm KnowBe4 hired a fake IT worker from North Korea | CyberScoop
• North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop
• North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
• North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop
• ServiceNow spots sales opportunities post-CrowdStrike outage | Cybersecurity Dive
• Chaining Three Bugs to Access All Your ServiceNow Data
• Cyber Supply Chain Risk Management Conference (CySCRM) 2024 | Conference | PNNL