Risky Business #828 -- The Coruna exploits are truly exquisite

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

• The Coruna exploits were L3 Harris, but it seems Triangulation… was not!
• Iran’s cyber HQ hit by Israeli (kinetic) strikes
• Trump’s cyber “strategy” is … well, all we’ve got is jokes cause there’s no serious content
• NSA and CyberCom finally get a leader after Lt Gen Joshua Rudd gets Senate nod
• DOGE (remember them?!) employee walked a social security database out on a USB stick

This episode is sponsored by open source cloud security scanner Prowler. Creator and CEO Toni de la Fuente talks to Pat about some of the enterprise features Prowler is growing, while remaining true to its open source roots.

This episode is also available on Youtube.

Show notes

• Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit From JavaScript
• GitHub - matteyeux/coruna: deobfuscated JS and blobs
• US military contractor likely built iPhone hacking tools used by Russian spies in Ukraine
• APT36: A Nightmare of Vibeware
• State-linked actors targeted US networks in lead-up to Iran war
• Iranian cyber warfare HQ allegedly hit by Israel
• Last 2 names of 6 US soldiers who died in Kuwait attack identified by the Pentagon
• Signal, WhatsApp users face Russian phishing push, Dutch warn
• Samuel Bendett on X: "Russian military told it couldn't use Telegram messaging app"
• FBI investigating ‘suspicious’ cyber activities on critical surveillance network
• Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime
• President Trump’s CYBER STRATEGY for America
• Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens
• UK plans to shift fraud fight onto telecoms, tech companies
• Trump to hit Anthropic with executive order to remove "woke" AI Claude
• Anthropic launches code review tool to check flood of AI-generated code
• CrowdStrike reports record quarter amid investor concerns about AI impact
• Critical defect in Java security engine poses serious downstream security risks
• Gen. Joshua Rudd confirmed as NSA, Cyber Command head
• Plankey’s nomination as CISA director now in jeopardy
• DOGE employee stole Social Security data and put it on a thumb drive, report says
• Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel
• Cel mai mare exportator român de carne, deținătorul brandului Cocorico, a intrat în restructurări, alături de Casa de Insolvență Transilvania