On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• More victims identified in Chinese breach of Microsoft email accounts


• Cyber Safety Review Board to investigate Microsoft


• We got some stuff wrong last week


• More details on Viasat hack revealed


• Special guest Heather Adkins talks about the CSRB’s Lapsus$ report


• Much, much more

This week’s show is brought to you by RunZero. Its co-founder HD Moore is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

• Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska - The Washington Post



• US cyber board to investigate Microsoft hack of government emails | TechCrunch



• Richard: "@briankrebs @metlstorm @riskyb…" - Mastodon.Radio



• Mastodon.Radio



• An SSRF, privileged AWS keys and the Capital One breach | by Riyaz Walikar | Appsecco



• Chamber of Commerce urges SEC to delay cyber rule implementation | Cybersecurity Dive



• Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop



• Microsoft to freeze license extensions for Russian companies



• Takedown of Lolek bulletproof hosting service includes arrests, NetWalker indictment



• Ransomware Diaries V. 3: LockBit's Secrets



• How the FBI goes after DDoS cyberattackers | TechCrunch



• Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’ – Krebs on Security



• Multiple zero days found affecting crypto platforms



• Lawmakers press FCC for action on Chinese-made cellular modules



• Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED



• Rapid7 to cut 18% of workforce, shutter certain offices | Cybersecurity Dive



• SecureWorks layoffs affect 15% staff | TechCrunch



• Researcher says they were behind iPhone popups at Def Con | TechCrunch



• Review of the Attacks Associated with LAPSUS$ and Related Threat Groups



• US should crack down on SIM swapping following Lapsus$ attacks: DHS review



• Kevin Collier: "Def Con is over and nobody hac…" - Infosec Exchange