Risky Business #778 -- Musk's child soldiers seize control of FedGov IT systems

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• DeepSeek leaves an unauthed database on the internet

• Russia hacked UK prime minister’s personal mail

• Australia sanctions a Telegram group… which is more sensible than it sounds

• Medical device backdoor turns out to be just poorly thought out upgrade feature

• Google abuses weak hashing to patch AMD CPU microcode

• And much, much more.

This week’s episode is sponsored by email security boffins Sublime. Their co-founder and CEO Josh Kamdjou joins to talk about how attackers’ abuse of legitimate services like Docusign is a challenge for email security vendors.

This episode is also available on Youtube.

Show notes Exclusive: Musk aides lock workers out of OPM computer systems | Reuters Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog Криптостилер SparkCat в магазинах Google Play и App Store | Securelist Russian hackers suspected of compromising British PM’s personal email account | The Record from Recorded Future News PowerSchool hack: missed basic security step resulted in data breach Australia sanctions ‘Terrorgram’ white supremacist online group | The Record from Recorded Future News ‘Paid actors’ could be behind some antisemitic attacks, Albanese says | Australian security and counter-terrorism | The Guardian Interview with James Glenday, ABC News Breakfast | Australian Minister for Foreign Affairs WhatsApp says spyware company Paragon Solutions targeted journalists Spyware maker Paragon confirms US government is a customer | TechCrunch Former Polish justice minister arrested in sprawling spyware probe | The Record from Recorded Future News Sweden releases suspected ship, says cable break ‘clearly’ not sabotage | The Record from Recorded Future News Backdoor found in two healthcare patient monitors, linked to IP in China Attackers exploit zero-day vulnerability in Zyxel CPE devices | Cybersecurity Dive AMD: Microcode Signature Verification Vulnerability · Advisory · google/security-research · GitHub 22-year-old math wiz indicted for alleged DeFI hack that stole $65M - Ars Technica A method to assess 'forgivable' vs 'unforgivable'... - NCSC.GOV.UK Living Off the Land: Credential Phishing via Docusign abuse Living Off the Land: Callback Phishing via Docusign comment B2B freight-forwarding scams on the rise to evade financial fraud crackdowns Callback phishing via invoice abuse and distribution list relays Enhanced message groups: Improving efficiency in email incident response