On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
- DeepSeek leaves an unauthed database on the internet
- Russia hacked UK prime minister’s personal mail
- Australia sanctions a Telegram group… which is more sensible than it sounds
- Medical device backdoor turns out to be just poorly thought out upgrade feature
- Google abuses weak hashing to patch AMD CPU microcode
- And much, much more.
This week’s episode is sponsored by email security boffins Sublime. Their co-founder and CEO Josh Kamdjou joins to talk about how attackers’ abuse of legitimate services like Docusign is a challenge for email security vendors.
This episode is also available on Youtube.
Show notes
- Exclusive: Musk aides lock workers out of OPM computer systems | Reuters
- Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog
- Криптостилер SparkCat в магазинах Google Play и App Store | Securelist
- Russian hackers suspected of compromising British PM’s personal email account | The Record from Recorded Future News
- PowerSchool hack: missed basic security step resulted in data breach
- Australia sanctions ‘Terrorgram’ white supremacist online group | The Record from Recorded Future News
- ‘Paid actors’ could be behind some antisemitic attacks, Albanese says | Australian security and counter-terrorism | The Guardian
- Interview with James Glenday, ABC News Breakfast | Australian Minister for Foreign Affairs
- WhatsApp says spyware company Paragon Solutions targeted journalists
- Spyware maker Paragon confirms US government is a customer | TechCrunch
- Former Polish justice minister arrested in sprawling spyware probe | The Record from Recorded Future News
- Sweden releases suspected ship, says cable break ‘clearly’ not sabotage | The Record from Recorded Future News
- Backdoor found in two healthcare patient monitors, linked to IP in China
- Attackers exploit zero-day vulnerability in Zyxel CPE devices | Cybersecurity Dive
- AMD: Microcode Signature Verification Vulnerability · Advisory · google/security-research · GitHub
- 22-year-old math wiz indicted for alleged DeFI hack that stole $65M - Ars Technica
- A method to assess 'forgivable' vs 'unforgivable'... - NCSC.GOV.UK
- Living Off the Land: Credential Phishing via Docusign abuse
- Living Off the Land: Callback Phishing via Docusign comment
- B2B freight-forwarding scams on the rise to evade financial fraud crackdowns
- Callback phishing via invoice abuse and distribution list relays
- Enhanced message groups: Improving efficiency in email incident response
