Risky Business

By Patrick Gray

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in iTunes


Open RSS feed


Open Website


Rate for this podcast



 Oct 10, 2018

Description

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Episode Date
Risky Business #531 -- Australia's political parties targeted, the Witt indictment and more

Adam Boileau is along this week to discuss the week’s security news, which also features comment from Dmitri Alperovitch, Klon Kitchen and The Grugq. We cover:

  • Former USAF counterintelligence official indicted over spearphishing, leaking secrets
  • Australia’s major political parties targeted by APT crew that totally isn’t Chinese. (It’s Chinese)
  • More on the Iran DNS hijacks
  • Venezuelans phished by their own government
  • China’s mass surveillance of Uyghur Muslims laid bare in data leak
  • Millions of Swedes have their healthcare help-line calls exposed
  • Bank of Valletta dodges a bullet, catches fraudulent transfers
  • VK gets Samy’d
  • Calls for GDPR-like law in USA
  • Marcus “Malwaretech” Hutchins has a bad week

This week’s sponsor interview is with Jason Haddix of Bugcrowd. He’ll be along to talk a little more about what Bugcrowd calls next-generation pentests. They claim one of their tests is sufficient for compliance purposes under PCI, ISO or NIST and they’ve had a third party auditor prove that for them. They also say the service has really taken off despite being launched only a couple of months ago.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Air Force Defector to Iran Severely Damaged U.S. Intelligence Efforts, Ex-Officials Say - The New York Times
Spy Betrayed U.S. to Work for Iran, Charges Say - The New York Times
Game of Thrones hacker worked with US defector to hack Air Force employees for Iran | ZDNet
Scott Morrison details cyber attack on Australia's major political parties
How China and Russia are readying themselves for a US cyber war
Chinese traders freeze Australian coal orders amid 40-day customs delays: sources | Reuters
A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
Albania expels Iranian diplomats on national security grounds | Reuters
Venezuela’s Government Appears To Be Trying to Hack Activists With Phishing Pages - Motherboard
China's mass surveillance of Uyghur Muslims in Xinjiang province revealed in data security flaw - ABC News (Australian Broadcasting Corporation)
Millions of calls to Swedish healthcare hotline left unprotected online - The Local
Hackers tried to steal €13 million from Malta's Bank of Valletta | ZDNet
State of the Hack S2E01: #NoEasyBreach REVISITED « State of the Hack S2E01: #NoEasyBreach REVISITED | FireEye Inc
Russian hackers 8 times faster than Chinese, Iranians, North Koreans, says report
White hats spread VKontakte worm after social network doesn't pay bug bounty | ZDNet
You Don't Get To Learn How The FBI Tried To Crack Facebook Messenger Encryption, Judge Rules | Gizmodo Australia
GAO gives Congress go-ahead for a GDPR-like privacy legislation | ZDNet
NSO Group founders buy back their spyware company
MalwareTech loses bid to suppress damning statements made after days of partying | Ars Technica
Researchers hide malware in Intel SGX enclaves | ZDNet
Google Play Store app rejections up 55% from last year, app suspensions up 66% | ZDNet
Behold, the Facebook phishing scam that could dupe even vigilant users | Ars Technica
(20) Facebook Popup Phishing Page (Social Login) - YouTube
Google backtracks on Chrome modifications that would have crippled ad blockers | ZDNet
Scammers Are Filing Fake Trademarks to Steal High-Value Instagram Accounts - Motherboard
Google working on new Chrome security feature to 'obliterate DOM XSS' | ZDNet
Microsoft patches 0-day vulnerabilities in IE and Exchange | Ars Technica
Apple is forcing 2FA on iOS and macOS developers
Apple being sued because two-factor authentication on an iPhone or Mac takes too much time
Forced Two Factor Auth Will Cause Issues |Apple Developer Forums
Aspen Tech Policy Hub - A Silicon Valley-Style Think Tank
Next Gen Pen Testing
Feb 20, 2019
Risky Business #530 -- UAE's Project Raven, Bezosgate and more

Adam Boileau is back in the news seat this week. We talk about:

  • Amazing Reuters report on UAE’s “Project Raven”
  • Bezos’ dick pics, Saudi Arabia and a creepy brother
  • US government security staffers play post-shutdown catch-up
  • Krebs: National Credit Union Administration probably pwned
  • Russia to test complete disconnection from wider Internet
  • China suspected of involvement in Australian parliament hack
  • Trump likely to ban all Chinese telco equipment makers from US builds
  • Lasers
  • Google: iOS privesc 0days were in wild
  • $145m in cryptocurrency lost forever due to exchange CEO death
  • VFEmail has a very bad day
  • Facebook/Apple cert wars
  • MORE

This week’s show is brought to you by AustCyber, a nonprofit funded by grants from the Australian government. Its goal is to promote Australia’s cybersecurity industry.

AustCyber CEO Michelle Price will be along in this week’s sponsor interview to tell us all about what they’ve got planned for RSA.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Special Report - Inside the UAE’s secret hacking team of U.S. mercenaries | Reuters
Project Raven: What Happens When U.S. Personnel Serve a Foreign Intelligence Agency? - Lawfare
No thank you, Mr. Pecker – Jeff Bezos – Medium
Mistress’ Brother Leaked Bezos’ Racy Texts to Enquirer, Sources Say
Bezos Could Put National Enquirer Brass in Jail
Cybersecurity Workers Scramble to Fix a Post-Shutdown Mess | WIRED
Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions — Krebs on Security
Russia to disconnect from the internet as part of a planned test | ZDNet
China link possible in cyber attack on Australian Parliament computer system, ABC understands - ABC News (Australian Broadcasting Corporation)
Trump likely to sign executive order banning Chinese telecom equipment next week - POLITICO
Huawei Sting Offers Rare Glimpse of U.S. Targeting Chinese Giant - Bloomberg
China's cybersecurity law update lets state agencies 'pen-test' local companies | ZDNet
Google warns about two iOS zero-days 'exploited in the wild' | ZDNet
$145 million funds frozen after death of cryptocurrency exchange admin | ZDNet
Hackers wipe US servers of email provider VFEmail | ZDNet
Zcash cryptocurrency fixes infinite counterfeiting vulnerability | ZDNet
Biohackers Encoded Malware in a Strand of DNA | WIRED
Google releases Chrome extension that alerts users of breached passwords | Ars Technica
Big Telecom Sold Highly Sensitive Customer GPS Data Typically Used for 911 Calls - Motherboard
Hundreds of Bounty Hunters Had Access to AT&T, T-Mobile, and Sprint Customer Location Data for Years - Motherboard
How Hackers and Scammers Break into iCloud-Locked iPhones - Motherboard
Apple restores Facebook’s ability to run internal iOS apps - The Verge
New TLS encryption-busting attack also impacts the newer TLS 1.3 | ZDNet
Atlassian leads encryption law revolt as Peter Dutton stands firm
Australian government clamping down on security research, academic says - Computerworld
Swiss government invites hackers to pen-test its e-voting system | ZDNet
Indecent disclosure: Gay dating app left “private” images, data exposed to Web (Updated) | Ars Technica
AustCyber supports the development of a vibrant and globally competitive cyber security sector | AustCyber
Feb 12, 2019
Risky Biz Soap Box: Polyswarm builds a marketplace for AV engines

As regular listeners know, this isn’t the regular weekly Risky Business podcast, all Soap Box podcasts are paid promotions. We ran 10 of these last year, we’re running more of them this year – the total number is up to 14, but we’re running fewer of our other promotional podcast Snake Oilers.

In this Soap Box podcast we’re chatting with a company with a legitimately fascinating origin story.

You remember how in 2017 and 2018 people were running all these shonky initial coin offerings where they’d sell off millions of dollars of crypto tokens on the basis of a two minute video and a whitepaper? What happened in a lot of these cases is after the ICO the founders would take the money, launder it and move to the Bahamas.

Well, Polyswarm raised its money in an ICO. About $26m US dollars (!!). And, because they weren’t mainlining the ICO Kool-Aid, they cashed out about half of what they raised into real money before cryptocurrency values crashed.

Instead of moving to the Bahamas, they actually stuck around to build the business that tokenholders had chosen to fund. Their token value has crashed like everyone else’s has, but that doesn’t matter – they’re funded, and because of their unconventional funding source they don’t have a whole bunch of venture capitalists breathing down their neck.

So, what’s the business? It’s a marketplace for threat detection. Yes, my pinned tweet says “I do not want your blockchain expert as a guest on my podcast,” and yes, this company does use blockchain fairy dust, but as you’ll hear, the blockchain element to this business isn’t really what it’s about. Indeed, the founder and CEO of Polyswarm, Steve Bassi, says he would find life a lot easier in many ways if they weren’t actually using blockchain tech here as a marketplace enabler. He’s also banned himself from ever attending a blockchain conference again in his life.

Ok, so what is the Polyswarm marketplace and how does it work. As you’ll hear in this interview it took me a bit to actually understand exactly what they’re doing here, but what they’ve essentially built is a marketplace for AV. The best way to explain this is to just explain how it works. If you’re an enterprise client or an MSSP you can submit a sample to this marketplace. You’re submitting it with a question – is this file bad or good – and you attach a tokenised value to the answer.

On the other side of the equation are all these AV engines. Big ones, small ones… even tiny little micro engines that are only good at detecting very niche threats. So the enterprise submits the sample – that can be a whole file or just a hash – and it gets distributed to all the people who are running these AV engines. They scan the file, and if they’re super confident on an answer, they return that answer as well as a tokenised stake as a measure of their confidence. The idea is you can have a competitive marketplace for threat detection in which even niche players can participate. Polyswarm CEO Steve Bassi joined me to talk me through the whole concept.

Feb 07, 2019
Risky Business #529 -- Special guest Rob Joyce, NSA

There’s no news segment in this week’s show. Instead, you’re going to hear a long-form feature interview I did with the NSA’s Rob Joyce.

Rob is probably best known for his tenure as special assistant to the president on cybersecurity and for being the cybersecurity coordinator on the US National Security Council.

He also served as acting homeland security advisor to Donald Trump for a short time following the departure of Tom Bossert from the Whitehouse. In May last year he went back to NSA where he now serves as a senior advisor to the director of NSA for Cyber Security strategy.

Some of you may also know Rob for his blockbuster January 2016 conference talk “disrupting nation state hackers” back when he was heading TAO at NSA. Good talk, that one, and it’s on YouTube. (Link below.)

But gradually over the last couple of years Rob has emerged as a sort of friendly-face of NSA, at least as far as the infosec industry is concerned. He’s spoke at DEF CON last year, he often appears at events and on panels and he’s doesn’t seem terrified of actually comment on things.

This is a huge departure from the historical way agencies like NSA handled themselves. But as you’ll hear, Rob sees this new approach as being vital to the NSA’s current-day mission.

Topics covered include:

  • DoJ indictments of foreign gov hackers
  • 5G networks and Huawei
  • Kaspersky AV
  • Bloomberg’s Supermicro story
  • Software and hardware supply chain security
  • The USG aggressively burning adversary tools

We also have a sponsor interview for you this week with Zane Lackey, the co-founder of Signal Sciences. I guess you’d call these guys “next generation WAF,” more on that later… but Zane will be along a little bit later with some pretty incredible stats on the way security spending has changed over the last year or two. Money is just piling into appsec while spending on some other controls is actually reducing. It’s a sign of change.

Feb 05, 2019
Risky Business #528 -- Huawei dinged, epic FaceTime and Exchange bugs

Adam Boileau co-hosts this week’s Risky Business episode. We talk about:

  • The Huawei indictments
  • The epic Facetime logic bug
  • The even more epic Exchange privesc bug
  • CISA’s “fix yo DNS” directive
  • Black Cube busted doing shady stuff to Citizen Lab
  • Yahoo shareholder lawsuit settlement makes directors twitchy
  • Internet filtering kicks off in Venezuela
  • Much, much MORE!

This week’s show is brought to you by Thinkst Canary – they make hardware honeypots and the tools you need to deploy canarytokens at scale. They also make virtual honeypots! This week Thinkst’s founder Haroon Meer will be along to wave his finger at basically all of us over what he sees as the security discipline’s tendency to not really learn anything from security conferences. It’s “contertainment,” he says, followed by “GET OFF MY LAWN”.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

US hammers Huawei with 23 indictments for stolen trade secrets, fraud - CNET
Major iPhone FaceTime bug lets you hear the audio of the person you are calling ... before they pick up - 9to5Mac
Abusing Exchange: One API call away from Domain Admin - dirkjanm.io
DHS: Multiple US gov domains hit in serious DNS hijacking wave | Ars Technica
cyber.dhs.gov - Emergency Directive 19-01
Rep. Langevin: We need a DHS briefing to understand extent of DNS hijacking threat
ALERT: DNS hijacking activity - NCSC Site
APNewsBreak: Undercover agents target cybersecurity watchdog
Japanese government plans to hack into citizens' IoT devices | ZDNet
Internet experiment goes wrong, takes down a bunch of Linux routers | ZDNet
Lessons for Corporate Boardrooms From Yahoo’s Cybersecurity Settlement - The New York Times
Mystery still surrounds hack of PHP PEAR website | ZDNet
WordPress sites under attack via zero-day in abandoned plugin | ZDNet
OONI report into Internet filtering in Venezuela
Tonga sent back to 'dark ages' after underwater Internet cable severed | Fox News
Opinion | Mueller’s Real Target in the Roger Stone Indictment - The New York Times
Exclusive: Ukraine says it sees surge in cyber attacks targeting election | Reuters
This Time It’s Russia’s Emails Getting Leaked
Russia Targeting British Institute In Disinformation Campaign
Unsecured MongoDB databases expose Kremlin's backdoor into Russian businesses | ZDNet
Facebook to encrypt Instagram messages ahead of integration with WhatsApp, Facebook Messenger | TechCrunch
Cryptopia funds still being drained by hackers while police investigated | RNZ News
Europol arrests UK man for stealing €10 million worth of IOTA cryptocurrency | ZDNet
Police license plate readers are still exposed on the internet | TechCrunch
Malvertising campaign targets Apple users with malicious code hidden in images | ZDNet
Hackers are going after Cisco RV320/RV325 routers using a new exploit | ZDNet
Spencer Dailey on Twitter: "hard to understate how bad this flaw is--shocked more pubs haven't picked up on this. The affected chip is ubiquitous, the potential exploits allow anyone within wifi-range to run arbitrary code on the machine. Wifi routers themselves use affected chip 🤯 https://t.co/XQx4SobJtj"
GitHub - hannob/apache-uaf: Apache use after free bug infos / ASAN stack traces
Lesley Carhart on Twitter: "At the very least I’ll be able to publish these questions so that other people can grill their properties should they forcibly migrate to IoT equipment."
APT39: An Iranian Cyber Espionage Group Focused on Personal Information « APT39: An Iranian Cyber Espionage Group Focused on Personal Information | FireEye Inc
44CON 2013 - A talk about (info-sec) talks - Haroon Meer - YouTube
Jan 29, 2019
Risky Business #527 -- Featuring Alex Stamos, The Grugq, Susan Hennessey, Brian Krebs, Kelly Shortridge and Bobby Chesney

Alex Stamos co-hosts this week’s episode. Topics discussed include:

  • DNC says Russia tried to own its servers in November 2018
  • South Korean Defence Ministry owned
  • Lazarus Group busy in Chile
  • West African banks suffer multiple intrusions
  • Michael Cohen admits rigging online poll for Trump
  • Nine charged over SEC hack
  • More USG SSL certificates due to expire
  • apt-get remote root RCE
  • Don’t use your Garmin to scope your murder escape route
  • Big plot twist in viral video outrage

This week’s show is brought to you by Duo Security, which I guess is now Cisco Duo Security. Wendy Nather - Duo’s head of advisory CISOs - will be along in this week’s sponsor interview to talk about a topic near and dear to my heart: victim shaming. That’s a good one so please do stick around for that.

Links to everything that we discussed are below and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes

DNC says Russia tried to hack its servers again in November 2018 | ZDNet
Hackers breach and steal data from South Korea's Defense Ministry | ZDNet
North Korean hackers infiltrate Chile's ATM network after Skype job interview | ZDNet
West African banks hit by multiple hacking waves last year | ZDNet
Michael Cohen says Trump directed him to pay for poll rigging - CNNPolitics
Nine defendants charged in SEC hacking scheme that netted $4.1 million | Ars Technica
773M Password ‘Megabreach’ is Years Old — Krebs on Security
Advertising network compromised to deliver credit card stealing code | ZDNet
Major Security Breach Discovered Affecting Nearly Half of All Airline Travelers Worldwide | Safety Detective
These are all the federal HTTPS websites that’ll expire soon because of the US government shutdown | TechCrunch
The Hacker News on Twitter: "We all love your media player, but that’s really rude #VLC 🙄 VLC developers refused to consider #software "update-over-HTTP" as a threat. Responded→ “no threat model. no proof. no #security bug" It wouldn't hurt if you simply consider the suggestion. https://t.co/GWhE1US5Ko… https://t.co/7ja6wM4Ube"
Remote Code Execution in apt/apt-get
Hitman Runner Mark Fellows Convicted of Mob Murder on GPS Watch Data
HN Front Page on Twitter: "FBI arrests PureVPN user with log data that was said to not exist L: https://t.co/bnY0CPyidf C: https://t.co/M1uhBVTRVC"
Lin Affidavit
Huawei founder says company would not share user secrets | The Sacramento Bee
Opinion | If 5G Is So Important, Why Isn’t It Secure? - The New York Times
Facebook’s Sputnik Takedown — In Depth – DFRLab – Medium
Covington students, Nathan Phillips viral video: Twitter suspends account that helped ignite controversy - CNN
Russia tries to force Facebook and Twitter to relocate servers to Russia | Ars Technica
Forget Bitcoin: Why Criminals are Using Fortnite to Launder Illicit Funds
Fortnite security issue would have granted hackers access to accounts | ZDNet
VC funding of cybersecurity companies hits record $5.3B in 2018 | TechCrunch
Jan 22, 2019
Risky Business #526 -- Huawei arrest in Poland, DPRK SWIFT hack conviction, more from the El Chapo trial

This week’s podcast features Patrick and Adam talking about the week’s security news, including:

  • Huawei staffer arrested for spying in Poland
  • Conviction in DPRK SWIFT hack against Bangladesh central bank
  • El Chapo used Flexispy to spy on mistresses and staff
  • NSO group on charm offensive
  • Iran hijacking DNS entries, conducting PITM with DV certs
  • Kaspersky tipped NSA on Hal Martin
  • US government certificates expire amid shutdown
  • Idiot sentenced to 10 years prison for DDoSing children’s hospital

This week’s show is brought to you by Trail of Bits! Trail of Bits is a security engineering firm and consultancy based in New York. They aren’t a typical pen-testing firm, they build as well as break.

In this week’s sponsor interview JP Smith from Trail of Bits joins us to talk about the work he put in to CSAW. Not the Centre for Sustainable Architecture with Wood, which is a thing, but the Cyber Security Awareness Worldwide CTF.

JP is a sick man. He’s sick. You’ll hear about the mind-bending CTF challenges he put together for CSAW. Remarkably, some teams were actually able to solve his problems, some of which featured complex numbers mapped to a four dimensional unit sphere being used to drive the rotation of a virtual IBM Selectric typewriter golfball in Second Life. As I say, he’s a sick, sick man.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Poland spy arrest: China telecoms firm Huawei sacks employee - BBC News
Ex-RCBC manager guilty in $81-M heist | The Manila Times Online
Alan Feuer on Twitter: "Chapo would play a little game. He would call people who had the “special” phones and chat with them a while then hang up, secretly activate the mic and listen to what they said about him."
Chapo’s I.T. Guy: Working for a Kingpin Can Cause a Nervous Breakdown - The New York Times
Exclusive: How Mexican drug baron El Chapo was brought down by technology made in Israel
A Worldwide Hacking Spree Uses DNS Trickery to Nab Data | WIRED
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale « Global DNS Hijacking Campaign: DNS Record Manipulation at Scale | FireEye Inc
Exclusive: How a Russian firm helped catch an alleged NSA data thief - POLITICO
.gov security falters during U.S. shutdown | Netcraft
Senators Call on FCC To Investigate T-Mobile, AT&T, and Sprint Selling Location Data to Bounty Hunters - Motherboard
Google Demanded That T-Mobile, Sprint Not Sell Google Fi Customers' Location Data - Motherboard
AT&T to Stop Selling Location Data to Third Parties After Motherboard Investigation - Motherboard
Feds Can't Force You To Unlock Your iPhone With Finger Or Face, Judge Rules
Ryuk ransomware gang probably Russian, not North Korean | ZDNet
Man gets 10 years for cyberattack on Boston Children's Hospital | Boston.com
Hacker 'BestBuy' sentenced to prison for operating Mirai DDoS botnet | ZDNet
Police get report of a shooting only to find out it was a prank - Palo Alto Daily Post
Scooter startup Bird tried to silence a journalist. It did not go well. | TechCrunch
Yet another Qld cop charged with hacking - Security - iTnews
Some of the biggest web hosting sites were vulnerable to simple account takeover hacks | TechCrunch
$900,000 On Offer For Anyone Who Can Hack A Tesla Model 3
SCP implementations impacted by 36-years-old security flaws | ZDNet
Google Chrome's built-in ad blocker to roll out worldwide on July 9 | ZDNet
Gaining access to Uber's user data through AMPScript evaluation – Assetnote
Rahul Sridhar on Twitter: "Here's a short story about cryptography in 2018 in five tweets:"
Jan 15, 2019
Risky Business #525 -- Back on deck for 2019!

In this week’s show Adam Boileau and Patrick Gray discuss the security news of the last few weeks, including:

  • German politicians pwnt, suspect arrested
  • Possible ransomware attack affects US newspapers
  • Mass 2FA bypasses impacting Gmail users in Middle East
  • Emergency warning system in Australia popped
  • Ethereum Classic double-spend attack a sign of things to come
  • EU to fund open source bug bounties
  • Attackers steal details of 1,000 North Korean defectors
  • Doing the Bloomberg hack for real at 35C3
  • El Chapo should have used Signal
  • Much, much more…

This week’s show is brought to you by Cylance! BlackBerry announced that it’s acquiring Cylance for $1.4bn (I don’t know if that’s closed yet) which is great news for all the founders and early employees there – some of whom I know reasonably well. So congrats to team Cylance on that!

But we’re not talking about that this week. Instead, Cylance’s very own Scott Scheferman joins us to talk about the MITRE ATT&CK framework and how it’s informing their product dev. There’s some product talk in that interview but there’s also some real meat there so I let it run long. Scott says we’re close to the terrible situation where security companies are going to start using MITRE ATT&CK as a marketing tool, like “Full MITRE ATT&CK coverage!”

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Arrested German hacker confesses to leaking politicians' information, report says
Before Germany’s Massive Hack, We Learned What Not to Do With Sensitive Stolen Information - Motherboard
What we still don’t know about the cyberattack on Tribune newspapers - The Washington Post
Ransomware suspected in cyberattack that crippled major US newspapers | ZDNet
How Hackers Bypass Gmail 2FA at Scale - Motherboard
Hackers target 'hundreds' of Middle East activists with fake login pages, 2FA bypass schemes
Hackers send fake emergency emails, texts, messages using warning system
Coinbase suspends Ethereum Classic (ETC) trading after double-spend attacks | ZDNet
I Gave a Bounty Hunter $300. Then He Located Our Phone - Motherboard
EU to fund bug bounty programs for 14 open source projects starting January 2019 | ZDNet
Hackers hijack thousands of Chromecasts to warn of latest security bug | TechCrunch
Hackers steal personal info of 1,000 North Korean defectors | ZDNet
Modchips - Trammell Hudson's Projects
Hacking Group Decrypts Cache of Insurance Files Related to 9/11 Attacks - Motherboard
Hackers Make a Fake Hand to Beat Vein Authentication - Motherboard
You Can Now Get $1 Million for Hacking WhatsApp and iMessage - Motherboard
Alan Feuer on Twitter: "In February 2010, an undercover FBI agent met with the target of a sensitive investigation: Christian Rodriguez, an IT specialist who had recently developed a remarkable product: an encrypted communication network for the Mexican drug lord El Chapo and his Colombian partners."
Encrypted Messaging App Signal Says It Won’t Comply With Australia’s New Backdoor Bill - Motherboard
Louis Theroux among those hit by Twitter hack exposing security flaw | Technology | The Guardian
NSA to release a free reverse engineering tool | ZDNet
Open-source tool aims to curb BGP hijacking amid Chinese espionage concerns
ARTEMIS — neutralizing BGP hijacking within a minute | APNIC Blog
New hardware-agnostic side-channel attack works against Windows and Linux | ZDNet
1901.01161.pdf
Презентация PowerPoint
CVE-2019-0547 | Windows DHCP Client Remote Code Execution Vulnerability
Jan 09, 2019
Risky Biz Soap Box: From 2 billion events to 350 alerts with Respond Software

Soap Box is the podcast series we do here at Risky.Biz where we have detailed discussions with vendors about all sorts of stuff – sometimes it’s about their products, other times it’s about the landscape as they see it, other times it’s about research they’ve done that they want to promote. Soap Box is a wholly sponsored podcast series – just so you know – so everyone you hear on it, paid to be on it.

And this Soap Box edition is brought to you by Respond Software. We’ll be joined by Respond Software’s co-founder and CEO, Mike Armistead to talk about Respond’s tech. Mike has an interesting history in infosec… he actually co-founded Fortify, the software security firm, before winding up at HPE as the VP and General Manager for Arcsight, the poor fella. But he’s free now! Freeeeeee! And he’s co-founded the venture we’re talking about today.

So, what’s the idea behind Respond Software? Well, to break it down into really simple terms the whole idea is to take all the zillions of events your existing security kit flags and distill them down into meaningful alerts. To put this into context, Mike says that during the 30 days in the lead up to the interview we recorded, his customers fed two billion events into their Respond Software gear. Of those two billion events, Respond deemed 7 million of them worthy of escalation, and from there determined 45,000 were malicious, but then… and this is the cool part, this only resulted in 350 incidents raised by the Respond platform. From 2 billion to 350.

So it’s a great idea – tune out the crap and look at meaningful correlations. Automate the decision making around what’s serious and what’s not. You’ve got all this gear, maybe you’ve got something aggregating it, but what’s applying decision logic to it?

Mike sent me a list of software Respond currently supports: all manner of IDSes, AV and EDR suites and then other stuff that gives their software the context it needs to make better decisions, like active directory, Nessus, Qualys, Splunk, QRadar… whatever! The idea is, plug ALL your over-alerting crap into Respond Software’s gear and it’ll do a good enough job of correlating events that you’ll only have to deal with what’s real. Well, that’s the pitch. Mike Armistead joined me to to flesh it out a bit more.

Dec 14, 2018
Risky Business #524 -- Huawei CFO arrested, US Government dumps on Equifax

This is the last weekly Risky Business podcast for 2018. We’ll be posting a Soap Box edition early next week then going on break until January 9.

In this week’s show Adam Boileau and Patrick Gray discuss the week’s security news:

  • Huawei’s CFO arrested over sanctions violations
  • BT in the UK removes Huawei equipment from 4G network
  • Australia passes controversial surveillance law
  • US House Oversight Committee blasts Equifax in scathing report
  • Bloomberg plays word-games on Super Micro story
  • MOAR

This week’s show is sponsored by Bugcrowd. In this week’s sponsor interview Bugcrowd’s CTO and founder Casey Ellis tells us why his company is launching “pay for effort” products to run alongside bounty programs.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

US, China executives grow wary about travel after Huawei arrest
Canadian court grants bail to CFO of China's Huawei | Reuters
Michael Kovrig: Canadian ex-diplomat 'held in China' - BBC News
BT removing Huawei equipment from parts of 4G network | Technology | The Guardian
China's cyber-espionage against U.S. is 'more audacious,' NSA official says amid Huawei flap
China spied on African Union headquarters for five years — Quartz Africa
House panel: Equifax breach was ‘entirely preventable’
Committee Releases Report Revealing New Information on Equifax Data Breach - United States House Committee on Oversight and Government Reform
Experian Exposes Apparent Customer Data in Training Manuals - Motherboard
NotPetya leads to unprecedented insurance coverage dispute
Over 40,000 credentials for government portals found online | ZDNet
What's actually in Australia's encryption laws? Everything you need to know | ZDNet
Australia's encryption laws will fall foul of differing definitions | ZDNet
Australia Just Became The Testing Ground For Breaking Into Encryption
Matthew Green on Twitter: "GCHQ has proposal to surveill encrypted messaging and phone calls. The idea is to use weaknesses in the “identity system” to create a surveillance backdoor. This is a bad idea for so many reasons. Thread. 1/ https://t.co/rnmo0eOWus"
Melbourne terror attack plot suspects arrested in police raids over mass shooting fears - ABC News (Australian Broadcasting Corporation)
Why Scott Morrison is right on encryption but wrong on Muslims
Super Micro Says Third-Party Test Found No Malicious Hardware - Bloomberg
Someone Defaced Linux.org Website With ‘Goatse’ And Anti-Diversity Tirade - Motherboard
Nearly 250 Pages of Devastating Internal Facebook Documents Posted Online By UK Parliament - Motherboard
Internal Documents Show Facebook Has Never Deserved Our Trust or Our Data - Motherboard
Google+ Exposed Data of 52.5 Million Users and Will Shut Down in April | WIRED
Iranians indicted in Atlanta city government ransomware attack | Ars Technica
Report: FBI opens criminal investigation into net neutrality comment fraud | Ars Technica
Police arrest hacker behind WeChat ransomware attack - CGTN
A bug in Microsoft’s login system made it easy to hijack anyone’s Office account | TechCrunch
For the fourth month in a row, Microsoft patches Windows zero-day used in the wild | ZDNet
Hackers ramp up attacks on mining rigs before Ethereum price crashes into the gutter | ZDNet
OpSec mistake brings down network of Dark Web money counterfeiter | ZDNet
Google CEO Says No Plan to ‘Launch’ Censored Search Engine in China - Motherboard
Marriott to reimburse some guests for new passports after massive data breach | ZDNet
Eastern European banks lose tens of millions of dollars in Hollywood-style hacks | ZDNet
Industrial espionage fears arise over Chrome extension caught stealing browsing history | ZDNet
Hacker Fantastic on Twitter: ""open-source is more secure than closed-source because you can view the source code" ... GNU inetutils <= 1.9.4 telnet.c multiple overflows https://t.co/O88psTlS1X"
Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret - The New York Times
APPSEC CALIFORNIA 2019 - OWASP AppSec California 2019
Next Gen Pen Testing
Dec 12, 2018
Snake Oilers 8 part 2: Forticode's Cipherise, device features from Exabeam and SentinelOne on "active EDR"

Snake Oilers is the podcast where we get a bunch of vendors together to pitch their stuff – they all pay to participate, just so you know – and today we’re going to hear three pitches from tech companies: one from Forticode, one from Exabeam and one from SentinelOne.

That’s right, we talk to vendors to get their best pitches so you don’t have to!

Forticode joins us to pitch its Cipherise platform – applied PKI wrapped into a slick mobile platform that helps large organisations authenticate their users, and helps their users authenticate them.

Exabeam will be talking about how they’re doing more device analytics in their SIEM platform and SentinelOne will be talking about how they differentiate themselves in the highly competitive EDR space.

Links to all of these companies are below.

Dec 10, 2018
Risky Business #523 -- So many breaches

This week’s show features Patrick Gray and Adam Boileau discussing the week’s security news, including:

  • The Marriott, Quora, Dell and Sky Brazil data breaches
  • Kashoggi associate to sue NSO Group
  • Australia’s AA Bill set to pass
  • NZ give Huawei the boot
  • AutoCAD malware targets key verticals
  • Republicans’ 2018 campaign hacked
  • Czech government blames Russia for intrusions into key systems
  • Horror-show bug in Kubernetes

This week’s show is brought to you by Duo Security, big thanks to Duo for that! In this week’s sponsor interview we’ll be chatting with Duo Security’s very own Dave Lewis about some Beyond Corp stuff. Beyond Corp is the enterprise computing model of the future and Dave will be along after this week’s news to talk about some of its finer points.

Links to everything that we discussed are below. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Marriott: Data on 500 Million Guests Stolen in 4-Year Breach — Krebs on Security
Marriott sued hours after announcing data breach | ZDNet
Quora Announces Data Breach of 100 Million Users - Motherboard
Dell announces security breach | ZDNet
Sky Brasil exposes data of 32 million subscribers | ZDNet
Israeli Software Helped Saudis Spy on Khashoggi, Lawsuit Says - The New York Times
Police, spies gain powers to access encrypted messages after political deal struck
GCHQ’s not-so-smart idea to spy on encrypted messaging apps is branded ‘absolute madness’ | TechCrunch
Principles for a More Informed Exceptional Access Debate - Lawfare
Defence department exposed by Chinese hackers
'Watering hole' attacks: How China's hackers went after think tanks and universities
Huawei banned from New Zealand's 5G mobile network over security concerns - ABC News (Australian Broadcasting Corporation)
20180717_HCSEC_Oversight_Board_Report_2018_-_FINAL.pdf
UK and Germany grow wary of Huawei as US turns up pressure | Financial Times
New industrial espionage campaign leverages AutoCAD-based malware | ZDNet
House Republican campaign arm hacked during 2018 election
Czech Republic blames Russia for multiple government network hacks | ZDNet
Magecart Group Ups Ante: Now Goes After Admin Credentials | Threatpost | The first stop for security news
FBI dismantles gigantic ad fraud scheme operating across over one million IPs | ZDNet
After Microsoft complaints, Indian police arrest tech support scammers at 26 call centers | ZDNet
"WeChat Payment" ransomware makers are locked in transmission, harm and epidemic ultimate decryption
​Kubernetes' first major security hole discovered | ZDNet
Researchers discover SplitSpectre, a new Spectre-like CPU attack | ZDNet
Hackers are opening SMB ports on routers so they can infect PCs with NSA malware | ZDNet
Microsoft warns about two apps that installed root certificates then leaked the private keys | ZDNet
Project Zero: Adventures in Video Conferencing Part 1: The Wild World of WebRTC
Cyber attack victims face disputes with insurers | Financial Times
unprivileged users with UID > INT_MAX can successfully execute any systemctl command (#74) · Issues · polkit / polkit · GitLab
Dec 05, 2018
Snake Oilers 8 part 1: Rapid7's InsightAppSec, WhiteSource and Virus Total Enterprise

This is the first part of our final Snake Oilers edition for 2018.

Snake OIlers, for people don’t know it, is the podcast where vendors pay to come on to the show to promote their wares. This series actually turned out to be way more popular than we expected. People quite like listening to security companies actually explaining what they do in clear terms.

We have six vendors participating in this last round of Snake Oilers for the year – we’ve split the podcast into two podcasts containing three vendor pitches each, and in this part you’ll be hearing pitches from Rapid7, WhiteSource and Chronicle.

  • Dan Kuykendall of Rapid7 talks InsightAppSec, its DAST solution.
  • David Habusha of WhiteSource talks software composition analysis
  • Brandon Levene of Chronicle on VirusTotal Enterprise

Part two is up next week!

Dec 03, 2018
Risky Business #522 -- Alex Stamos co-hosts the show, reflects on Snowden disclosures

We’ve got a slightly different edition of the show this week – Alex Stamos is filling in for Adam Boileau this week in the news slot.

Most of you know him as Facebook’s recently departed chief security officer. Alex also served as the CSO at Yahoo for a time, but his security career stretches back a long way. He co-founded iSEC Partners back in 2004, and before that he did some time with @Stake.

The @Stake mafia is everywhere.

These days Alex is an adjunct professor at Stanford University. He joined me to talk about the week’s security news, as well as to have a chat about the Edward Snowden disclosures, five years on.

This week’s show is brought to you by Thinkst Canary, big thanks to them for that. And instead of one of their staff being on the show this week in the sponsor chair, they asked me to interview this week’s sponsor guest, their customer, Mike Ruth, a security engineer with Cruise Automation.

Mike did a presentation at a conference called QCon recently all about automating the deployment of canary tokens at scale using some nifty CI/CD tricks. He’ll be joining us after the news to tell us all about that.

Items discussed in this week’s news:

  • NSO Group busted to selling to Saudi Arabia
  • NSO malware targets Mexican journalists
  • Edward Snowden claims NSO connection in Khashoggi case
  • Australia’s AA Bill latest
  • npm supply-chain attack targets Bitcoiners
  • Guardian reports Manafort met Assange, denials, lawsuits flying already
  • UK parliament seizes Facebook documents
  • Uber fined over 2016 breach coverup
  • UK cops decline to charge bug reporter
  • USPS finally fixes data exposure after Krebs intervention
  • Rowhammer attack bypasses ECC protections
  • Bloomberg is investigating its own reporting on Supermicro
  • Magecart is everywhere
  • Google, Mozilla plan browser access to file systems

Links to everything that we discussed are below and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes

Israeli hacking firm NSO Group offered Saudis cellphone spy tools - report | The Times of Israel
Edward Snowden: Israeli spyware was used to track and eventually kill Jamal Khashoggi | Business Insider
A Journalist Was Killed in Mexico. Then His Colleagues Were Hacked. - The New York Times
Home Affairs attempts to allay concerns about Australian exporters for encryption-busting Bill | ZDNet
Widely used open source software contained bitcoin-stealing backdoor | Ars Technica
I don't know what to say. · Issue #116 · dominictarr/event-stream · GitHub
Manafort held secret talks with Assange in Ecuadorian embassy, sources say | US news | The Guardian
UK parliament seizes cache of internal Facebook documents to further privacy probe | TechCrunch
Uber fined $1.17 million by U.K., Dutch authorities for 2016 breach
UK cops won't go after researcher who reported security issue to York city officials | ZDNet
USPS Site Exposed Data on 60 Million Users — Krebs on Security
Potentially disastrous Rowhammer bitflips can bypass ECC protections | Ars Technica
Bloomberg is still reporting on challenged story regarding China hardware hack - The Washington Post
Magecart group hilariously sabotages competitor | ZDNet
Amazon admits it exposed customer email addresses, but refuses to give details | TechCrunch
Google, Mozilla working on letting web apps edit files despite warning it could be 'abused in terrible ways' - TechRepublic
Germany proposes router security guidelines | ZDNet
Half of all Phishing Sites Now Have the Padlock — Krebs on Security
The Snowden Legacy, part one: What’s changed, really? | Ars Technica
QConSF18 - Canaries - Google Drive
Canary — know when it matters
Nov 28, 2018
Risky Biz Soap Box: MITRE ATT&CK Matrix, misconfigured security controls, attack sim and more!

The Soap Box podcast series is a wholly sponsored podcast series we do here at Risky.Biz – vendors pay to participate. This Soap Box edition is brought to you by AttackIQ.

AttackIQ is a five-year-old company that makes an attack simulation platform. The idea is you agitate a network with suspicious traffic and activities, then measure what the response looks like on the other side. As you’ll hear, Stephan argues this is a better way to test your controls than trying to do it after an incident has been and gone.

Mostly people are using it to verify the effectiveness of their security controls. They already have endpoint security software, IDS, various monitoring bits and pieces, but quite often this stuff just isn’t tuned right. So, you throw some attack traffic and behaviour at your systems and see what bubbles up

One piece of work that has been absolutely vital to AttackIQ’s success is the MITRE ATT&CK Matrix. Like AttackIQ, the ATT&CK Matrix has been around for five years.

Stephan Chenette is AttackIQ’s CTO and he joined me to talk all about how they’re trying to use the ATT&CK Matrix to drive their whole outlook, and, conversely, how they’re spending time talking to MITRE about where the whole thing is going.

Nov 25, 2018
Risky Business #521 -- Bears everywhere

This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:

  • Cozy Bear is back, Fancy Bear has new tooling
  • Russian government wants DNC lawsuit thrown out
  • Cyber Command submitting samples to VirusTotal
  • Google BGP shenanigans
  • Australian/China Telecom BGP shenanigans
  • All the recent Facebook drama
  • More speculative execution bugs
  • Julian Assange likely to be charged
  • Vault7 leaker facing new charges
  • Phineas Fisher investigation abandoned
  • Bitcoin/Tether link probed by DoJ, btc in free-fall
  • MUCH MOAR

This week’s show is brought to you by Proofpoint.

Sherrod DeGrippo, Proofpoint’s director of threat research and detection is this week’s sponsor guest. Surprisingly, she tells us that ransomware via email is a dead duck.

Links to everything that we discussed are below. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Russia’s Cozy Bear comes out of hiding with post-election spear-phishing blitz | Ars Technica
Russia's Fancy Bear and Cozy Bear Hackers May Have New Phishing Tricks | WIRED
Russia wants DNC hack lawsuit thrown out, citing international conventions | ZDNet
Russian Trolls Sue Facebook, Their Old Propaganda Machine
Ukraine detects new Pterodo backdoor malware, warns of Russian cyberattack | Ars Technica
US Cyber Command starts uploading foreign APT malware to VirusTotal | ZDNet
Google goes down after major BGP mishap routes traffic through China | Ars Technica
How China diverts, then spies on Australia's internet traffic
Rob Joyce on Twitter: "I hope this latest fiasco of traffic rerouting through China is the wakeup call for all of us to get serious about addressing the massive and unacceptable vulnerability inherent in today’s BGP routing architecture. https://t.co/dSTVIOltsF"
Everything you need to know about Facebook’s latest crisis - Recode
Facebook has been accused of peddling anti-Semitic conspiracy theories - Vox
Yes, Facebook made mistakes in 2016. But we weren’t the only ones. - The Washington Post
Researchers discover seven new Meltdown and Spectre attacks | ZDNet
The US Department of Justice is reportedly preparing to indict WikiLeaks founder Julian Assange | Business Insider
Julian Assange has been charged, prosecutors reveal inadvertently in court filing
Accused 'Vault 7' leaker to face new charges
Hacking Team Hacker Phineas Fisher Has Gotten Away With It - Motherboard
Bitcoin Price Manipulated by Tether? Justice Department Probing - Bloomberg
A Browser Extension Apparently Stole The Private Facebook Messages Of At Least 81,000 Accounts | Gizmodo Australia
The Hack Millions of People Are Installing Themselves - Motherboard
Facebook patches another bug that could have allowed mass-harvesting of user data | ZDNet
Trump signs bill that creates the Cybersecurity and Infrastructure Security Agency | ZDNet
AWS rolls out new security feature to prevent accidental S3 data leaks | ZDNet
Most ATMs can be hacked in under 20 minutes | ZDNet
Deserialization issues also affect Ruby, not just Java, PHP, and .NET | ZDNet
Adobe ColdFusion servers under attack from APT group | ZDNet
VirtualBox zero-day published by disgruntled researcher | ZDNet
Office 365, Azure users are locked out after a global multi-factor authentication outage | TechCrunch
Cisco says a flaw in its Adaptive Security Appliance allows remote attacks
He Helped People Cheat at Grand Theft Auto. Then His Home Was Raided. - The New York Times
Proofpoint
Nov 21, 2018
Risky Business #520 -- Tanya Janca talks security in the curriculum

We’ve got a great podcast for you this week. Tanya Janca will be talking about some volunteer work she’s been doing with a Canadian government panel on getting security content into children’s school curriculums.

In this week’s sponsor interview we’ll be talking with Ferruh Mavituna of Netsparker.

They launched Netsparker Cloud a while ago so now they have some decent telemetry I wanted to ask Ferruh what he’s found surprising now he’s sitting on a mountain of scan results. The types of bugs being turned up aren’t really a surprise, but the extent to which old software is a problem was actually pretty surprising to him. He knew it was bad, he says, but he didn’t know it’s this bad.

Adam Boileau, as usual, joins the show this week to talk about all the week’s security news:

  • More Chinese MSS officers indicted by the US DoJ
  • ASD chief speaks publicly on 5G Huawei ban
  • China playing funny buggers with BGP
  • Russia is still messing with the US during the midterms
  • Facebook boots more Iranian influence pages
  • New privacy features in Signal
  • Plus much, much more!

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Chinese Intelligence Officers and Their Recruited Hackers and Insiders Conspired to Steal Sensitive Commercial Aviation and Technological Data for Years | OPA | Department of Justice
U.S. charges Chinese intelligence officers for jet engine data hack
Huawei's ban to 5G network 'supported by technical advice', spy agency chief says - ABC News (Australian Broadcasting Corporation)
Canadian security boss ain't afraid of no Huawei, sees no reason for ban • The Register
US bans exports to Chinese DRAM maker citing national security risk | ZDNet
China has been 'hijacking the vital internet backbone of western countries' | ZDNet
Russia Is Meddling In The Midterms. The White House Just Isn't Talking About It.
The Crisis of Election Security - The New York Times
DHS: Election officials inundated, confused by free cyber-security offerings | ZDNet
Facebook removes more Iran-linked accounts, this time targeting the US & UK | ZDNet
We posed as 100 senators to run ads on Facebook. Facebook approved all of them. – VICE News
NYT: Chinese and Russian spies routinely eavesdrop on Trump’s iPhone calls | Ars Technica
North Korea blamed for two cryptocurrency scams, five trading platform hacks | ZDNet
New Signal privacy feature removes sender ID from metadata | Ars Technica
Windows Defender becomes first antivirus to run inside a sandbox | ZDNet
Pakistani bank denies losing $6 million in country's 'biggest cyber attack' | ZDNet
Many CMS plugins are disabling TLS certificate validation... and that's very bad | ZDNet
Twelve malicious Python libraries found and removed from PyPI | ZDNet
How ‘Mr. Hashtag’ Helped Saudi Arabia Spy on Dissidents - Motherboard
Government Spyware Vendor Left Customer, Victim Data Online for Everyone to See - Motherboard
Apple's T2 Security Chip Makes It Harder to Tap MacBook Mics | WIRED
Microsoft Windows zero-day disclosed on Twitter, again | ZDNet
https://support.f5.com/csp/article/K52868493
Digital DASH – ICTC - Focus on Information Technology (FIT)
Oct 31, 2018
Risky Biz Soap Box: Duo's Olabode Anise recap's his Black Hat talk on Twitter bots

Soap Box is the wholly sponsored podcast series we do where vendors pay to participate. They sometimes want to talk about their products, other times they want to talk about general ecosystem stuff, other times they want to talk about research they’ve done.

And that’s what’s happening today! Olabode Anise is a data scientist at Duo Security. He and his colleague Jordan Wright put together a talk for Black Hat this year all about Twitter bots. It was called Don’t @ me, hunting Twitter bots at scale.

As you’ll hear, finding bots on Twitter at scale isn’t that hard, but doing so with 100% confidence isn’t as easy as you’d think.

You can check out a blog post from Olabode in the show note below.

Oct 26, 2018
Risky Business #519 -- '90s IRC war between US and Russia intensifies

This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:

  • CYBERCOM doxing Russian operators. No, really.
  • Arrest over Russian midterm info-op
  • Bloomberg dumpster fire is now a tyre fire
  • Equifax insider sentenced for insider trading
  • Twitter releases bot dataset
  • Saudi insider responsible for 2015 Twitter breach
  • Trisis/Triton now linked to Russia
  • Kaspersky doxes NSA op
  • Risky Business cited by Senate Estimates, AA Bill faces possible delay
  • Much, much more!

This week’s show is sponsored by Cylance, and this week’s sponsor interview is with Josh Lemos.

That’s an interesting chat – Cylance has succeeded in applying machine learning to classifying binaries, but what next? Where does it make sense to apply machine learning next, from their point of view? As you’ll hear, a binary classifier is one thing, but applying ML to something like endpoint detection and response or network traffic is actually a lot more complicated.

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections - The New York Times
Russian woman charged with attempted meddling in upcoming U.S. midterms
Apple CEO Tim Cook Is Calling For Bloomberg To Retract Its Chinese Spy Chip Story
Amazon exec joins Apple in calling for a retraction of Bloomberg’s explosive microchip spying report | Business Insider
Coats: ODNI has seen 'no evidence' of supply chain hack detailed in Bloomberg story
Super Micro trashes Bloomberg chip hack story in recent customer letter | ZDNet
Equifax engineer who designed breach portal gets 8 months of house arrest for insider trading | ZDNet
Twitter publishes dump of accounts tied to Russian, Iranian influence campaigns | Ars Technica
A Twitter employee groomed by the Saudi government prompted 2015 state-sponsored hacking warning | TechCrunch
FireEye links Russian research lab to Triton ICS malware attacks | ZDNet
Kaspersky says it detected infections with DarkPulsar, alleged NSA malware | ZDNet
Patrick ☠️SMBv1☠️ Gray on Twitter: "Risky Biz gets a shout out in senate estimates... 2018 is weird. https://t.co/Y25bukriKU… "
Magecart group leverages zero-days in 20 Magento extensions | ZDNet
WordPress team working on "wiping older versions from existence on the internet" | ZDNet
Trade.io loses $7.5Mil worth of cryptocurrency in mysterious cold wallet hack | ZDNet
Hackers steal data of 75,000 users after Healthcare.gov FFE breach | ZDNet
Lawfare editor on persistent DDoS attack: 'We wish they'd knock it off'
Vendors confirm products affected by libssh bug as PoC code pops up on GitHub | ZDNet
Advertisers can track users across the Internet via TLS Session Resumption | ZDNet
Open source web hosting software compromised with DDoS malware | ZDNet
Legal and Constitutional Affairs Legislation Committee_2018_10_22_6688.pdf;fileType=application/pdf
I forgot to talk about this in the show... this week's sponsor guest recommends people interested in machine learning check out the papers and slide decks here:
CylanceOPTICS | Products | Cylance
Oct 24, 2018
Risky Business #518 -- "Russian Cambridge Analytica" booted off Facebook after token hack

This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:

  • More info on the Facebook token hack
  • Facebook boots “Russian Cambridge Analytica” off platform
  • Chinese MSS officer extradited to USA after being lured to Belgium
  • NotPetya linked to Sandworm crew
  • Czech intelligence services kill Hezbollah APT
  • Pentagon travel records pwnt
  • No, Khashoggi’s Apple Watch didn’t record his death
  • Apple takes aim at Australia’s AA Bill
  • US voter records for sale in hack forums
  • PHP 5 support ends soon, netpocalypse to commence shortly afterward
  • The world’s most hilarious libssh bug
  • PLUS MOAR

This week’s show is sponsored by Senrio.

Senrio is best known for doing IoT identification, classification, visualisation and anomaly detection, but they’ve now applied the same approach to general IT. Stephen will be along later in the show to talk about what they’ve been able to engineer here. I’ve actually been working with them on this (in a limited capacity) for a few months and it’s very interesting stuff.

So yeah he’s talking about a feature release, then he’ll be releasing some open source tooling that mine your network metadata and spot interactive shells in your environment, which is handy, and then he’s going to preview some free training he’s doing with some other very well respected security people in New York soon.

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Facebook Says 14 Million People Got Their Location Data and Private Search History Stolen - Motherboard
Facebook disables accounts for Russian firm claiming to sell scraped user data - CNET
In a first, a Chinese spy is extradited to the U.S. after stealing technology secrets, Justice Dept. says - The Washington Post
Researchers link tools used in NotPetya and Ukraine grid hacks
Czech intelligence service shuts down Hezbollah hacking operation | ZDNet
Breach of Pentagon travel records exposes defense personnel PII
Why missing Saudi journalist’s Apple Watch is an interesting, but unlikely, lead | TechCrunch
Apple rebukes Australia’s “dangerously ambiguous” anti-encryption bill | TechCrunch
US voter records from 19 states sold on hacking forum | ZDNet
Ransomware hits computer networks of North Carolina water utility
Around 62 percent of all Internet sites will run an unsupported PHP version in 10 weeks | ZDNet
A mysterious grey-hat is patching people's outdated MikroTik routers | ZDNet
Sony working on a fix for bug that's crashing PlayStation 4 consoles | ZDNet
Microsoft JET vulnerability still open to attacks, despite recent patch | ZDNet
Proof-of-concept code published for Microsoft Edge remote code execution bug | ZDNet
WhatsApp fixes bug that let hackers take over app when answering a video call | ZDNet
Kanye's Password, a WhatsApp Bug, and More Security News This Week | WIRED
The ‘Donald Daters’ Trump Dating App Exposed Its Users’ Data - Motherboard
libssh 0.8.4 and 0.7.6 security and bugfix release – libssh
Senrio
Senrio Quick Product Demo on Vimeo
Oct 17, 2018