Risky Business #725 -- Microsoft knifes VBScript, passkeys the new default for Google accounts

On this week’s show Patrick Gray and Lina Lau discuss the week’s security news. They cover:

• Microsoft has killed VBScript
• Google to make passkeys the new default sign-in method
• MGM losses to exceed $100m
• Clorox has a bad quarter
• Why a bug in cURL could be really bad news
• Much, much more

This week’s show is brought to you by KSOC. Jimmy Mesta, KSOC’s co-founder and CTO, is this week’s sponsor guest. He talks to us about how we can start applying real, actual IAM to Kubernetes environments.

Show notes

• Deprecated features in the Windows client - What's new in Windows | Microsoft Learn
• Google Makes Passkeys Default, Stepping Up Its Push to Kill Passwords | WIRED
• AWS kicks off cloud race to mandate MFA by default | Cybersecurity Dive
• MGM Resorts’ Las Vegas area operations to take $100M hit from cyberattack | Cybersecurity Dive
• Clorox warns of quarterly loss related to August cyberattack, production delays | Cybersecurity Dive
• Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states
• Cybercrime gangs now deploying ransomware within 24 hours of hacking victims
• Microsoft: Human-operated ransomware attacks tripled over past year
• Ukraine, Israel, South Korea top list of most-targeted countries for cyberattacks
• Microsoft: State-backed hackers grow in sophistication, aggressiveness | CyberScoop
• 67 X accounts spread coordinated Israel-Hamas disinformation: report
• John Hultquist🌻 on X: "We are currently seeing pro-Iran information operations actors promoting content across various social media channels, in favor of Hamas and critical of Israel’s response to the attacks. 1/x" / X
• Hacktivism erupts in response to Hamas-Israel war | TechCrunch
• ‘War has no rules’: Hacktivists scorn Red Cross’ new guidelines
• Joe Truzman on X: "Israeli Police Spokesperson: The Cyber Unit of the Police at Lahav 433 has frozen accounts of cryptocurrencies that served Hamas' terrorist organization to solicit donations on social networks. The Cyber Unit of Lahav 433, in cooperation with the Ministry of Defense, the…" / X
• Cloud giants sound alarm on record-breaking DDoS attacks | Cybersecurity Dive
• Israel's Failure to Stop the Hamas Attack Shows the Danger of Too Much Surveillance | WIRED
• Edward Snowden on X: "Netanyahu nurtured a zillion-dollar industry selling spying tools to despots that use them to break into the iPhones of critics, elected opponents, human rights lawyers, and even students (these are all real examples). Turns out they're not very useful for spying on Hamas, tho.…" / X
• HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks
• NVD - CVE-2023-44487
• Maintainers warn of vulnerability affecting foundational open-source tool
• 23andMe user data targeting Ashkenazi Jews leaked online
• 23andMe User Data Stolen in Credential Stuffing Attack
• Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica
• From AI with love: Scammers integrate ChatGPT into dating-app tool
• Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED