Risky Business Weekly (819): Venezuela (credibly?!) blames USA for wiper attack

Описание: In the final show of 2025, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including:

React2Shell attacks continue, surprising no one
The unholy combination of OAuth consent phishing, social engineering and Azure CLI
Venezuela's state oil firm gets ransomware'd, blames US… but what if it really is a US cyber op?!
Russian junk-hacktivist gets indicted for cybering critical… err... a car wash and a fountain
Microsoft finally turns RC4 off by default in Active Directory Kerberos
Traefik's TLS verify=on … turns it off, whoopsie 🤡

This week's episode is sponsored by Sublime Security, makers of an email filtering solution that's up for dealing with modern problems. Founder and CEO Josh Kamdjou joins to talk about calendar invite phishing, and the extra steps they've had to take to reach into people's calendars and fix the mess.

The Risky Business weekly show is taking holiday break, and will return on 14 January for its twentieth year! Good luck out there, internet friends.

Show Notes:

React2Shell attacks expand widely across multiple sectors
https://www.cybersecuritydive.com/new...

React issues new patches after security researchers flag additional flaws
https://www.cybersecuritydive.com/new...

ConsentFix: Browser-native ClickFix hijacks OAuth grants
https://pushsecurity.com/blog/consentfix

Hacking Endpoint to Identity (Microsoft 365): "ConsentFix"
   • Hacking Endpoint to Identity (Microsoft 36...  

Announced pick for No. 2 at NSA won’t get the job as another candidate surfaces
https://therecord.media/announced-nsa...

Laura Loomer on X: "Tim Kosiba's Deep State And Anti-Trump Ties Raise Red Flags"
https://x.com/lauraloomer/status/2000...

Senior official at Indo-Pacific Command is set to be Trump’s pick to lead Cyber Command, NSA
https://therecord.media/joshua-rudd-n...

Trump Administration Turning to Private Firms in Cyber Offensive
https://www.bloomberg.com/news/articl...

PdV says cyber attacks contained
https://www.argusmedia.com/en/news-an...

Venezuela state oil company blames cyberattack on US after tanker seizure
https://therecord.media/venezuela-sta...

Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups
https://www.justice.gov/opa/pr/justic...

DOJ, CISA warn of Russia-linked attacks targeting meat processing plants, nuclear regulatory entities and other critical infrastructure
https://therecord.media/doj-cisa-warn...

vx-underground on X: "The United States government has indicted a state-sponsored Threat Actor named Victoria Eduardovna Dubranova"
https://x.com/vxunderground/status/19...

vx-underground on X: "I'm actually laughing. One of the compromises is so dumb"
https://x.com/vxunderground/status/19...

German parliament suffers suspected cyber attack during Zelenskyy’s visit
https://www.ft.com/content/8ca64b0a-2...

Während Selenskyj-Besuch: Große Internet-Störung im Bundestag!
https://www.bild.de/politik/inland/wa...

Germany summons Russian ambassador over cyberattack, election disinformation
https://therecord.media/germany-summo...

Russische hackgroep had toegang tot openbare waterfontein in Nederland
https://www.volkskrant.nl/binnenland/...

Most Parked Domains Now Serving Malicious Content
https://krebsonsecurity.com/2025/12/m...

PornHub extorted after hackers steal Premium member activity data
https://www.bleepingcomputer.com/news...

Senior Manager for Government Contractor Charged in Cybersecurity Fraud Scheme
https://www.justice.gov/opa/pr/senior...

Microsoft will finally kill obsolete cipher that has wreaked decades of havoc
https://arstechnica.com/security/2025...

CVE-2025-66491: Traefik's "Verify=On" Turned TLS Off
https://aisle.com/blog/cve-2025-66491...

Dylan O'Donnell 🦋 on X: "This week I was rushed to hospital with a diagnosis of oesophageal cancer."
https://x.com/erfmufn/status/19974456...