Risky Bulletin

Tom Uren and The Grugq delve into the role of US cyber operations in the turbulent fall of Venezuelan President Nicolas Maduro. They dissect whether a reported blackout was due to cyberattacks or physical sabotage, exploring the tactical advantages of darkness during military operations. The discussion highlights cyber as a potentially transformative enabler rather than a complete substitute for traditional warfare. The hosts also contemplate how this pivotal moment could reshape expectations and strategies around integrated cyber operations for future conflicts.

A major flaw in Apex Legends has been patched after hackers exploited it to hijack streamer accounts. Meanwhile, a staggering 17 million Instagram users' data is being sold online. Indonesia has temporarily blocked X due to non-consensual AI-generated images. Additionally, a ransomware attack has targeted a significant Chilean energy provider. Topics also touch on various cyber exploits, including Ether theft and defaced websites, alongside new revelations about Armenia's data leak.

Toni de la Fuente, Founder and CEO of Prowler, shares insights on the evolving landscape of cloud security as it intersects with AI workloads. He discusses unique security challenges posed by AI, highlighting how traditional tools may fall short. Toni delves into attack paths in cloud environments, stressing the importance of scanning models and applying OWASP guidance to mitigate risks. He also emphasizes the architectural complexities introduced by AI, drawing parallels to the early web era, and recommends using open-source tools to tackle emerging threats.

Belarus has been caught deploying spyware on journalists' phones, raising serious concerns for press freedom. France arrested a hacker linked to a major data breach affecting millions. In a curious case, a crew member installed malware on an Italian ferry, while Dutch authorities detained someone for bank fraud using facial ID tricks. North Korea continues to steal cryptocurrency on a massive scale, and cybersecurity issues are highlighted with new zero-day vulnerabilities in Cisco and SonicWall products. The podcast covers these alarming trends in cybersecurity and privacy.

Tom Uren, a policy and intelligence editor, dives deep into the troubling U.S. reliance on Chinese manufacturers for electrical grid equipment. He discusses the risks posed by Chinese hacking and the alarming intent behind recent PLA research aimed at grid sabotage. The conversation takes a turn as they explore the controversial U.S. involvement in cyberattacks on Venezuela's state oil company and critique the ineffectiveness of Russian state-backed hacktivism. Uren emphasizes the need for strategic mitigations and warns about the political misuse of security concerns.

Many smart devices are running outdated web browsers, leaving them vulnerable to attacks. Ukrainian hacktivists have reportedly breached a major Russian defense contractor, stealing sensitive data. Additionally, ransomware has disrupted operations at Venezuela's state-owned oil company. In a surprising twist, hackers are attempting to extort PornHub with stolen user data, claiming to hold 94GB of sensitive information. Other notable discussions include ongoing cybersecurity developments and new threats targeting user privacy.

Hamid Kashfi, CEO and founder of DarkCell, is a cybersecurity expert specializing in Iranian cyber espionage. He reveals the evolution of Iran's hacking scene, discussing how the regime's past suppression of domestic talent has transformed into a new focus on training and recruitment. Kashfi highlights the lax OPSEC culture among Iranian operators, the strategic handling of zero-days, and the integration of cyber capabilities with kinetic operations. He also shares insights on how Iran uses lessons from attacks like Shamoon and Stuxnet to improve their techniques.

Russia's recruitment of African freelancers for disinformation campaigns against the US and France is spotlighted. Meanwhile, the US may allow contractors to launch offensive cyber operations. Germany points fingers at Russia for a significant air traffic control hack. In cybersecurity news, Apple addresses urgent WebKit vulnerabilities, and South Korea proposes hefty fines for repeat data breach offenders. The podcast also touches on China's research into US power grid vulnerabilities, underpinning the global cybersecurity landscape.

In this conversation, Mark Orlando, Push Security's Field CTO and an expert in detection and response, shares insights on evolving browser-based attacks. He introduces ConsentFix, a unique attack that hijacks OAuth consent grants, and explains its sophisticated workings, including evasion of detection mechanisms. The discussion highlights browsers as blind spots, revealing the limitations of existing security models and the crucial need for modern taxonomies in combating phishing and in-browser threats. Orlando's research-driven approach aims to enhance community awareness and defenses.

The EU faces challenges in attracting and retaining cyber talent due to skills gaps and burnout. A massive security breach leads to the resignation of Coupang's CEO. Microsoft expands its bug bounty program, now covering third-party code vulnerabilities. Meanwhile, Ukraine showcases its hacking prowess by targeting Russian logistics, and a significant data exposure is revealed at Petco, affecting pet medical details. Additionally, multiple cyber attack indictments and security patches highlight ongoing vulnerabilities in digital infrastructure.