In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:


LockBit has been taken down by law enforcement
Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON
GRU gets its Moobot network shutdown
Signal adding usernames is… complicated
Much, much more


In this week’s sponsor interview Devicie’s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There’s an expectation out there that Windows policies are set and forget, but sadly, this is not so.





Show notes




Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates – Krebs on Security

Law enforcement disrupt world’s biggest ransomware operation

Shanghai Anxun’s information is unreliable and is a trap for national government agencies.

China spy agency renews foreign cyber intelligence warning after data breaches

US Justice Department says it disrupted Russian intelligence hacking network | Reuters

Several Ukrainian media outlets attacked by Russian hackers

Polish PM says previous ruling party used Pegasus spyware against ‘very long’ list of victims

Hackers are targeting Asian bank accounts using stolen facial recognition data

Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private | WIRED

Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529

“the "AB" trigger has similar vibes to the Unreal IRCd and ProFTPD backdoors of the same timeframe.”

FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING

CVSS 10 RCE in Screen Connect

National Security Agency Announces Retirement of Cybersecurity Director

Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard