Risky Business #807 -- Shai-Hulud npm worm wreaks old-school havoc

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Shai-Hulud worm propagates via npm and steals credentials

• Jaguar Land Rover attack may put smaller suppliers out of business

• Leaked data emerges from the vendor behind the Great Firewall of China

• Vastaamo hacker walks free while appeal is underway

• Why is a senator so mad about Kerberos?

This week’s episode is sponsored by Knocknoc. Chief exec Adam Pointon joins to talk through the surprising number of customers that are using Knocknoc’s identity-to-firewall glue to protect internal services and networks.

This week’s episode is also available on Youtube.

Show notes Self-Replicating Worm Hits 180+ Software Packages – Krebs on Security Jaguar Land Rover: Some suppliers 'face bankruptcy' due to hack crisis Jaguar Land Rover production shutdown could last until November U.S. Investors, Trump Close In on TikTok Deal With China - WSJ U.S. Investors, Trump Close In on TikTok Deal With China - WSJ How China’s Propaganda and Surveillance Systems Really Operate | WIRED Mythical Beasts: Diving into the depths of the global spyware market - Atlantic Council Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal | The Record from Recorded Future News US national charged in Finnish psychotherapy center extortion | The Record from Recorded Future News BreachForums administrator given three-year prison stint after resentencing | The Record from Recorded Future News Microsoft, Cloudflare disrupt RaccoonO365 credential stealing tool run by Nigerian national | The Record from Recorded Future News Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting” - Ars Technica Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure | Reuters Israel announces seizure of $1.5M from crypto wallets tied to Iran | TechCrunch