All topics
In the wake of the disclosure of a serious intrusion at F5 that reportedly lasted about a year, we talk about the details of the disclosure, the potential link to Chinese state actors, the fallout from the attackers’ access to source code and bug reports, and what this could mean in the long term.
The company discovered the intrusion in August but did not say when the attackers first gained access to F5’s systems or how long they had access.
This week brings some new insights into the origins and length of the Cl0p extortion attacks tied to the Oracle E-Business Suite vulnerability, big surges in scanning for Cisco ASA, Palo Alto, and Fortinet devices, and a huge upgrade to Apple bug bounty payouts.
Dennis and Lindsey dissect a busy week in security news, starting with the Cl0p group’s extortion campaign against Oracle customers (3:24), then moving into the Crimson Collective’s claimed breach of some of Red Hat GitLab’s repos (12:41), and finally the consequences of the expiration of th CISA legislation and de-funding of the MS-ISAC (22:46). We also […]
Two British teenagers have been arrested by UK authorities for their alleged ties to the Scattered Spider cybercriminal collective.
The campaign does not appear to be connected to the previous npm phishing attacks, but it does seem to be related to a rash of GitHub and npm token and secret thefts from the end of August.
