Risky Business #799 -- Everyone's Sharepoint gets shelled Podcast By cover art

Risky Business #799 -- Everyone's Sharepoint gets shelled

Risky Business #799 -- Everyone's Sharepoint gets shelled

Listen for free

View show details
Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss: Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not)She shells Sharepoint by the sea-shore (by ‘she’ we mean ‘China’)Four (alleged) Scattered Spider members arrested (and bailed) in the UKHackers spend $2700 to buy creds for a Brazilian payment system, steal $100MFortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things! This week’s episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system. This episode is also available on Youtube. Show notes Update on DOD’s cloud servicesMicrosoft to stop using engineers in China for tech support of US military, Hegseth orders reviewA Little-Known Microsoft Program Could Expose the Defense Department to Chinese HackersWhile DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risksMicrosoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on SecurityNational Guard was hacked by China's 'Salt Typhoon' group, DHS saysSuspected contractor for China’s Hafnium group arrested in in Italy | Cybersecurity DiveSingapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future NewsUK Arrests Four in ‘Scattered Spider’ Ransom Group – Krebs on SecurityFour people bailed after arrests over cyber attacks on M&S, Co-op and HarrodsBrazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future NewsAt Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds | WIREDHacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The RecordIndian crypto exchange CoinDCX says $44 million stolen from reserves | The RecordChainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The RecordPoisonSeed bypassing FIDO keys to ‘fetch’ user accountsRisky Bulletin: Browser extensions hijacked for web scraping botnetA Startup is Selling Data Hacked from Peoples’ Computers to Debt CollectorsA surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunchUkrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source saysFile transfer company CrushFTP warns of zero-day exploit seen in the wild | The RecordHPE warns of hardcoded passwords in Aruba access pointsPre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity DiveGoogle finds custom backdoor being installed on SonicWall network devices - Ars TechnicaHackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
No reviews yet