In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Salesforce partner Gainsight has customer data stolen


• Crowdstrike fires insider who gave hackers screenshots of internal systems


• Australian Parliament turns off wifi and bluetooth in fear of of visiting Chinese bigwigs


• Shai-Hulud npm/Github worm is back, and rm -rf’ier than ever


• SEC gives up on Solarwinds lawsuit


• Dog eats cryptographer’s key material

This week’s episode is sponsored by runZero. HD Moore pops in to talk about how they’re integrating runZero with Bloodhound-style graph databases. He also discusses uses for driving runZero’s tools with an AI, plus the complexities of shipping AI when the company has a variety of deployment models.

This episode is also available on Youtube.

Show notes

• Google says hackers stole data from 200 companies following Gainsight breach



• Gainsight Status



• Trust Status



• CrowdStrike fires 'suspicious insider' who passed information to hackers



• Salesforce cuts off access to third-party app after discovering ‘unusual activity’



• Атаки разящей панды: APT31 сегодня



• Office of Public Affairs | Seven Hackers Associated with Chinese Government Charged with Computer Intrusions



• Australian federal MPs warned to turn off phones when Chinese delegation visits Parliament House



• Sha1-Hulud: The Second Coming of the NPM Worm is Digging For Secrets



• FCC eliminates cybersecurity requirements for telecom companies



• Trade Associations Cybersecurity Practices Ex Parte



• SEC voluntarily dismisses SolarWinds lawsuit



• Record-breaking DDoS attack against Microsoft Azure mitigated



• The Cloudflare Outage May Be a Security Roadmap – Krebs on Security



• Critics scoff after Microsoft warns AI feature can infect machines and pilfer data



• vx-underground on X: "I've had a surprising amount of people ask me about Copilot"



• Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation



• Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack



• Russia arrests young cybersecurity entrepreneur on treason charges



• This campaign aims to tackle persistent security myths in favor of better advice



• Oops. Cryptographers cancel election results after losing decryption key.



• Uncovering network attack paths with runZeroHound



• Model Context Protocol