Risky Business #823 -- Humans impersonate clawdbots impersonating humans

Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week’s cybersecurity news, including:

• Notepad++ update supply chain attack has been attributed to China
• The AI agent future is even more stupid than expected; behold the OpenClaw/Clawdbot/Moltbook mess
• The Epstein files claim he had a personal hacker?
• Microsoft is finally getting ready to (think about starting to begin to) disable NTLM by default
• The usual bugs in the usual things! Ivanti, Fortinet, and Solarwinds. Again.
• Telco hides a free trip in its privacy policy, someone actually reads it and wins!

This weeks’s episode is sponsored by opensource IDP platform Authentik. CEO Fletcher Heisler talks to Pat about their new endpoint agent that can enforce device posture policies during login.

This episode is also available on Youtube.

Show notes

• The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
• Notepad++ Hijacked by State-Sponsored Hackers | Notepad++
• Notepad++ v8.8.3 - Self-signed Certificate: Certified by Code, Not Corporations | Notepad++
• Hacking Moltbook: AI Social Network Reveals 1.5M API Keys | Wiz Blog
• lcamtuf on X: "Moltbook debate in a nutshell" / X
• Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site
• AndrewMohawk on X: "How exactly did an attacker send a message to your bot since you need to approve all the channels and set keys etc" / X
• Signal president warns AI agents are making encryption irrelevant
• Massive AI Chat App Leaked Millions of Users Private Conversations
• Runa Sandvik on X: New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson
• EFTA01683874.pdf
• Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog
• Nobel Committee says Peace Prize winner likely revealed early by digital spying | Reuters
• County pays $600,000 to pentesters it arrested for assessing courthouse security - Ars Technica
• Advancing Windows security: Disabling NTLM by default - Windows IT Pro Blog
• Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts | Cybersecurity Dive
• CISA orders federal agencies to patch exploited SolarWinds bug by Friday | The Record from Recorded Future News
• CISA, security researchers warn FortiCloud SSO flaw is under attack | Cybersecurity Dive
• Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach | TechCrunch
• We Hid a Free Trip to Switzerland in Our Privacy Policy. Someone Found It in 2 Weeks. - Cape
• Between Two Nerds: The internal logic of Russian power grid attacks - YouTube