Risky Business

By Patrick Gray

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 1055
Reviews: 2

Anders
 Jul 13, 2020


 Oct 10, 2018

Description

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Episode Date
Risky Business #603 -- YOU get sanctions, and YOU get sanctions

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • “Proud Boys” email campaign attributed to Iran in record time
  • Sanctions for everyone!
  • US doxes more adversary TTPs
  • Katie Nickels and Chris Krebs join the show

This week’s show is brought to you by attack simulation platform company AttackIQ. Carl Wright from AttackIQ joins us this week to talk about the distinct possibility that large organisations are going to start slashing their security budgets in response to the changing economy.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

CISA, FBI roll the dice on transparency - Risky Business
Exclusive: 'Dumb mistake' exposed Iranian hand behind fake Proud Boys U.S. election emails - sources | Reuters
FBI News Conference on Election Security | C-SPAN.org
Iran’s bogus email campaign on U.S. elections had a Facebook disinformation prong
Why the US was so fast to blame Iran for voter intimidation emails in Florida
US Treasury sanctions 5 Iranian organizations for alleged election influence operations
'MuddyWater' spies suspected in attacks against Middle East governments, telecoms
The US Sanctions Russians for Potentially ‘Fatal’ Triton Malware | WIRED
EU slaps sanctions on GRU leader, Fancy Bear, FBI-wanted hacker over Bundestag attack
DOD, FBI, DHS warn of active North Korean government-linked hacking operation
FBI, CISA: Russian hackers breached US government networks, exfiltrated data | ZDNet
The Hunter Biden laptop could be fake. Or it could be real. We may never know. - The Washington Post
Exclusive: National Guard called in to thwart cyberattack in Louisiana weeks before election | Reuters
Phishing groups are collecting user data, email and banking passwords via fake voter registration forms | ZDNet
(1) John Hultquist on Twitter: "If the hackers claim to be criminal and there’s no way to pay them, that raises doubt. Likewise, if they claim to be ideological and ask for money..." / Twitter
Justice Department official accuses China of acting as ‘safe haven’ for cybercriminals
Dr. Reddy's shuts 'key' plants worldwide after potential cyberattack hits COVID work | FiercePharma
Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts
A Hacker Is Threatening to Leak Patients' Therapy Notes | WIRED
Tech giants among those affected by breach at PDF signature software maker Nitro | The Daily Swig
Massive Nitro data breach impacts Microsoft, Google, Apple, more
404 Error | Nitro
Hacker steals $24 million from cryptocurrency service 'Harvest Finance' | ZDNet
MobileIron enterprise MDM servers under attack from DDoS gangs, nation-states | ZDNet
(3) Patrick Gray on Twitter: "Wooo... about time" / Twitter
Apple notarizes six malicious apps posing as Flash installers | ZDNet
The Now-Defunct Firms Behind 8chan, QAnon — Krebs on Security
CBP Refuses to Tell Congress How it is Tracking Americans Without a Warrant
Over 100 irrigation systems left exposed online without a password | ZDNet
Microsoft launches machine learning cyber-attack threat matrix | The Daily Swig
WordPress deploys forced security update for dangerous bug in popular plugin | ZDNet
NSA whistleblower Edward Snowden granted permanent residency in Russia | ZDNet
Process Herpaderping | herpaderping
Oct 28, 2020
Snake Oilers 12 part 2: Gravwell seeks to shake up SIEM market, Plextrac pitches its pentest reporting platform

In this (wholly sponsored) edition of the Snake Oilers podcast, three vendors will drop by to pitch their sweet, sweet snake oil:

  • Gravwell pitches its “structure on read” approach to SIEM
  • Plextrac describes its red team/pentest reporting platform
  • ITProTV’s Don Pezet talks about trends in online training
Oct 22, 2020
Risky Business #602 -- US DoJ hooks Sandworm

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • US DoJ unseals indictments against Sandworm operators
  • Twitter backtracks on “hacked materials” policy
  • No consensus on Trickbot c2 status
  • NSA publishes “most exploited” listicle that’s actually interesting
  • Much, much more

Cmd Security is this week’s sponsor. Its CEO Jake King and CTO Mike Sample join the show this week to talk though a new remote access tech release from Hashicorp called Boundary and what it might mean for Linux system observability in your environment.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit | WIRED
UK says Russia was preparing cyber-attacks against the Tokyo Olympics | ZDNet
Sandworm operators indicted - Risky Business
Microsoft says it took down 94% of TrickBot's command and control servers | ZDNet
NSA publishes list of top vulnerabilities currently targeted by Chinese hackers | ZDNet
800,000 SonicWall VPNs vulnerable to new remote code execution bug | ZDNet
VMSA-2020-0023
New York Post Published Hunter Biden Report Amid Newsroom Doubts - The New York Times
Twitter Says It Blocked NY Post Hunter Biden Article Because It Contains Hacked Data
The Media Just Passed a Test It Failed Four Years Ago | WIRED
Brevard voters threatened in emails purportedly from 'Proud Boys'
Google offers details on Chinese hacking group that targeted Biden campaign
Industry alert pins state, local government hacking on suspected Russian group
New York regulator faults Twitter for lax security measures prior to big account breach
German authorities raid FinFisher offices | ZDNet
Shannon Vavra on Twitter: "Details via @hsu_spencer & @kfahim https://t.co/QTRooHnw0I" / Twitter
Encrochat Hack That Brought Down Hundreds of Criminals Faces Legal Challenges
Hackney Council unable to pay housing benefit after cyber attack | Science & Tech News | Sky News
London's Hackney Borough Council hit by hack attack - BBC News
Hackney Council services to be disrupted ‘for some time’
Meet FIN11, a cybercrime outfit going after pharma companies while leaning on extortion
QAnon/8Chan Sites Briefly Knocked Offline — Krebs on Security
Alexander Vinnik heads to trial in France on ransomware, money laundering charges
Alleged KickassTorrents founder Artem Vaulin jumped bail in Poland
Thousands of infected IoT devices used in for-profit anonymity service | Ars Technica
Microsoft adds option to disable JScript in Internet Explorer | ZDNet
Zoom to roll out end-to-end encrypted (E2EE) calls | ZDNet
QRadar: Popular IBM security tool open to remote code execution attacks | The Daily Swig
Google releases Chrome security update to patch actively exploited zero-day | ZDNet
Security testing firm NSS Labs ceases operations, citing coronavirus | TechCrunch
Ryuk in 5 Hours – The DFIR Report
Oct 21, 2020
Risky Business #601 -- Everyone's messing with TrickBot

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Yep, it was Cyber Command
  • Also Microsoft, Symantec, Lumen and others
  • Norwegian parliament hack pinned on Russia
  • We finally talk about “ethics in OST”
  • More

Netflix senior security engineer Scott Behrens also joins the show this week. This week’s episode if brought to you by Signal Sciences – which is now a part of Fastly – and they suggested we talk to Scott for their sponsor slot this week. So, Scott joins the show to talk through how Netflix handles appsec.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Report: U.S. Cyber Command Behind Trickbot Tricks — Krebs on Security
Persistently Engaging TrickBot: USCYBERCOM Takes on a Notorious Botnet - Lawfare
(1) Ciaran Martin on Twitter: "Fascinating account from ⁦@BobbyChesney⁩ on new adaptation of persistent engagement: the hounds released against #ransomware. https://t.co/Dk5Spcjkmy" / Twitter
Trickbot and the Context of Cyber Warfare – Stranded on Pylos
TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent | ZDNet
The Man Who Speaks Softly—and Commands a Big Cyber Army | WIRED
FBI/DHS: Government election systems face threat from active Zerologon exploits | Ars Technica
DHS warns that Emotet malware is one of the most prevalent threats today | Ars Technica
Norway says Russian hackers carried out breach at parliament
Russian-speaking hackers target Russian organizations with industrial spying tools
Chinese hackers suspected in cyber-espionage operation against Russia, India
'Mercenary' hacker group runs rampant in Middle East, cybersecurity research shows | Reuters
Lined up in the sights of Vietnamese hackers
Five Eyes governments, India, and Japan make new call for encryption backdoors | ZDNet
Cyber Command and Microsoft pile in on TrickBot - Risky Business
Top reason to apply October, 2020’s Microsoft patches: Ping of Death Redux – Sophos News
German tech giant Software AG down after ransomware attack | ZDNet
Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work — Krebs on Security
Malware gangs love open source offensive hacking tools | ZDNet
Researchers map threat actors’ use of open source offensive security tools | The Daily Swig
Researchers Found 55 Flaws in Apple's Corporate Network | WIRED
Swiss Post releases bug bounty safe harbor wording under Creative Commons license | The Daily Swig
Oct 14, 2020
Snake Oilers 12 Part 1: An incident management platform for the SOC and auditing for your SaaS accounts

In this (wholly sponsored) edition of the Snake Oilers podcast, three vendors will drop by to pitch their sweet, sweet snake oil:

  • Vaughan Shanks pitches the Cydarm SOC incident management platform
  • Adrian Kitto introduces Detexian, a platform that audits SaaS accounts
  • Eric Skinner from Trend Micro talks about XDR
Oct 12, 2020
Risky Business #600 -- Who's messing with TrickBot?

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • The UHS ransomware attack
  • Someone is messing with TrickBot: Did the USA release the hounds?
  • US Treasury issues final warning on sanctioned ransomware crews
  • Azerbaijan and Armenia going at it
  • Fancy Bear owns US government department

Nucleus Security co-founder Scott Kuffer joins the show in this week’s sponsor interview to talk about how they have discovered a LOT of enterprises are actually trying to develop in-house vulnerability management software and how that is not going well.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

A Ransomware Attack Has Struck a Major US Hospital Chain | WIRED
German investigators treating ransomware attack as negligent homicide, reports say
Attacks Aimed at Disrupting the Trickbot Botnet — Krebs on Security
Microsoft: Some ransomware attacks take less than 45 minutes | ZDNet
US Treasury says some ransomware payments may need its express approval | ZDNet
Front companies for Chinese and Iranian APTs doxxed - Risky Business
Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack — Krebs on Security
Alleged Iranian hackers balanced espionage with personal cybercrime, US indictment says - CyberScoop
US charges Iranian hackers for breaching US satellite companies | ZDNet
A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware | WIRED
Microsoft says Iranian hackers are exploiting the Zerologon vulnerability | ZDNet
Spies hacked Azerbaijan government officials as Nagorno-Karabakh conflict escalated
North Korea has tried to hack 11 officials of the UN Security Council | ZDNet
Federal Agency Compromised by Malicious Cyber Actor | CISA
Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency | WIRED
Microsoft removed 18 Azure AD apps used by Chinese state-sponsored hacker group | ZDNet
TikTok, WeChat survive in US app stores — one with a deal, the other with a judge's help
Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI | ZDNet
Kevin Rudd: «The Dollar is One of the Things China Fears»
Portland passes landmark private sector facial recognition technology ban | The Daily Swig
All four of the world's largest shipping companies have now been hit by cyber-attacks | ZDNet
UN maritime agency says it was hacked | ZDNet
Trump officials hint at update for US maritime cybersecurity
Encrochat Investigation Finds Corrupt Cops Leaking Information to Criminals
KuCoin cryptocurrency exchange hacked for $150 million | ZDNet
GitHub rolls out new Code Scanning security feature to all users | ZDNet
Facebook sues two Chrome extension makers for scraping user data | ZDNet
Senator asks DHS if foreign-controlled browser extensions threaten the US | Ars Technica
A security flaw in Grindr let anyone easily hijack user accounts | TechCrunch
Hackers claim they can now jailbreak Apple's T2 security chip | ZDNet
Critical stored XSS vulnerability in Instagram’s Spark AR Studio nets 14-year-old researcher $25,000 | The Daily Swig
Mozilla shuts down Firefox Send and Firefox Notes services | ZDNet
Member of 'The Dark Overlord' hacking group sentenced to five years in prison | ZDNet
LinkedIn hacker Nikulin sentenced to 7 years in prison after years of legal battles
John McAfee arrested in Spain, charged with tax evasion
Oct 07, 2020
Risky Biz special guest: Former Australian Prime Minister Malcolm Turnbull

This edition of the show is brought to you with the assistance the Hewlett Foundation, which awarded us a grant so we could do these policy-focussed podcasts.

Malcolm Bligh Turnbull served as a member of Parliament from 2004 until 2018, and as Prime Minister from September 2015 until August 2018. But he has been a public figure in Australia for decades. He’s an Oxford-educated lawyer who studied there under a Rhodes scholarship, he’s worked as a journalist, as the personal lawyer to Australian media baron Kerry Packer and was a leader of the ultimately unsuccessful campaign to make Australia a republic in the 1990s.

He can also list a number of achievements in the business world. In 1994 he invested half a million dollars into Australian ISP Ozemail, selling his stake to Worldcom in 1999 for $57m.

As you’ll hear, now he’s returned to private life Turnbull is investing in technology again. He joined the show to talk about cybersecurity in government, Huawei, the 2016 hack-and-leak operation against the DNC – which took place while he was PM – and more.

Sep 30, 2020
Risky Biz Soap Box: Identity as the new perimeter

As regular listeners know, these Soap Box podcasts are wholly sponsored. That means everyone you hear in a Soap Box podcast, paid to be here. But that’s ok, because we manage to book very interesting guests into these things, like today’s guest, Sami Laine.

Officially he’s Okta’s director of technology strategy – but informally he describes his role as being more like a principal security architect.

He joins us to talk about identity as the new perimeter and the massive leap we’ve towards a zero trust future through 2020.

Sep 23, 2020
Risky Business #599 -- You get domain admin! And YOU get domain admin!

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Russia, China, Iran having a red hot go at US political orgs
  • Crowdstrike drops report, telcos having a bad time
  • MSS owning US government with dumb bugs
  • DoJ indicts Iranian script kiddie because reasons
  • Proposed TikTok-Oracle deal barely makes sense
  • The mother of all Microsoft auth bugs, wow
  • Much, much more…

This week’s show is brought to you by Senetas. And we’ve got two sponsor guests for you this week: Senetas CTO Julian Fay will join us, as will Peter Farrely of AUCloud. Senetas uses AUCloud as a partner for its Suredrop file sharing and collaboration platform here in Oz, and Pete is joining us this week to talk through the new Cloud Assessment and Authorisation Framework published by the ACSC. If you work in Australian government IT and security, this one’s for you!

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Exclusive: Microsoft believes Russians that hacked Clinton targeted Biden campaign firm - sources | Reuters
GRU eyes US election - Risky Business
STRONTIUM: Detecting new patterns in credential harvesting - Microsoft Security
Chinese hacking groups are bullying telecoms as 2020 goes on, CrowdStrike says
Report2020OverWatchNowheretoHide.pdf
New CDRThief malware targets VoIP softswitches to steal call detail records | ZDNet
VOS3000 VOS5000 Softswitch by Linknat - A Word-leading VoIP Solutions Provider
Chinese intelligence-slinked hackers are exploiting known flaws to target Washington, US says
(8) Eric Geller on Twitter: "DOJ to announce Chinese hacking charges (and arrests!) tomorrow. https://t.co/Wj7KSq9BNd" / Twitter
PAN-OS vulnerabilities add to a torrid year for enterprise software bugs
Public disclosure didn't stop suspected Chinese hackers from targeting the Vatican
Trump says Oracle ' very close' to TikTok deal
Huawei HarmonyOS: Operating system will be on smartphones in 2021
US charges two hackers for defacing US websites following Soleimani killing | ZDNet
FBI says credential stuffing attacks are behind some recent bank hacks | ZDNet
Magento online stores hacked in largest campaign to date | ZDNet
Multibillion-dollar Equinix is the latest data-center firm to face ransomware incident
[Blog] Zerologon: instantly become domain admin by subverting Netlogon cryptography (CVE-2020-1472)
New BlindSide attack uses speculative execution to bypass ASLR | ZDNet
BLURtooth vulnerability lets attackers overwrite Bluetooth authentication keys | ZDNet
Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw | ZDNet
MITRE releases emulation plan for FIN6 hacking group, more to follow | ZDNet
Internal Facebook systems exposed via unpatched Apache library | The Daily Swig
Porn site users targeted with malicious ads redirecting to exploit kits, malware | ZDNet
Researcher kept a major Bitcoin bug secret for two years to prevent attacks | ZDNet
Vast majority of cyber-attacks on cloud servers aim to mine cryptocurrency | ZDNet
Slovak cryptocurrency exchange ETERBASE discloses $5.4 million hack | ZDNet
Chinese diplomat demands investigation after his Twitter account liked embarrassing posts
Whistleblower Says Facebook Ignored Global Political Manipulation
When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number
Anatomy of a Cloud Assessment and Authorisation | Cyber.gov.au
Sep 16, 2020
Risky Business #598 -- China closing the "cyber gap" with USA

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Why integrity and availability are key to developing a COVID vaccine
  • China closing the “cyber gap” with USA
  • ASPI publishes research on TikTok, WeChat censorship
  • Belarusian “news app” was tracking activists
  • Julian Assange back in court to fight extradition
  • Much, much more

This week’s show is brought to you by Proofpoint, and this week’s sponsor guest is Proofpoint’s senior director of threat research Sherrod DeGrippo. She’ll be telling us about the emergence of some new mid-tier ransomware crews that are targeting people who speak Russian, which is kind of unusual.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Ransomware takes down state-owned bank - Risky Business
How the government is keeping hackers from disrupting coronavirus vaccine research
Chinese cyber power is neck-and-neck with US, Harvard research finds
ASPI finds TikTok censoring LGBTQ+ issues, Uighur crackdown
Google removes Android app that was used to spy on Belarusian protesters | ZDNet
Julian Assange Lays Out His Case Against US Extradition | WIRED
Chilean bank shuts down all branches following ransomware attack | ZDNet
DDoS extortionists posing as cyberspies to run blackmail scam | The Daily Swig
European ISPs report mysterious wave of DDoS attacks | ZDNet
Service NSW confirms 186,000 customers’ data breached in cyber-attack | The Daily Swig
Creepy ‘Geofence’ Finds Anyone Who Went Near a Crime Scene | WIRED
Private Intel Firm Buys Location Data to Track People to their 'Doorstep'
White House publishes a cyber-security rulebook for space systems | ZDNet
Voatz urges Supreme Court to not protect ethical research from prosecution
NSA call records collection ruled illegal by US appeals court | TechCrunch
Facebook explains how it will notify third-parties about bugs in their products | ZDNet
CISA orders agencies to set up vulnerability disclosure programs
A single text is all it took to unleash code-execution worm in Cisco Jabber | Ars Technica
Former IT director gets jail time for selling government's Cisco gear on eBay | ZDNet
Warner Music discloses months-long web skimming incident | ZDNet
A SonicWall cloud bug exposed corporate networks to hackers | TechCrunch
Sep 09, 2020
Risky Biz Soap Box: Canary's Royal origin story

This is a sponsored podcast.

Today we’re chatting with a very special guest, Haroon Meer.

Haroon is the founder of Thinkst Canary. Some call it a deception company, but he doesn’t, as you’ll hear. He says Canary is a detection company and the distinction is important.

In this interview we talk about where Canary came from and recap the last 20 years of Haroon’s security career. We go all the way back to his Sensepost days in 2001, right through to him working for actual royalty in Doha, with a brief detour through him creating an anonymous whistleblower platform for a major broadcaster. You may have heard of Haroon and not known why.

This podcast explains why.

Sep 03, 2020
Risky Business #597 -- Alex Stamos talks news, Pompeo's "clean networks" initiative

On this week’s show Patrick and Alex discuss the week’s security news, including:

  • NZ stock exchange felled by DDoS attack
  • DNI cancels in-person election security briefings for Democats
  • Russians didn’t hack Michigan voter data
  • Sendgrid having a bad time of its own making
  • US to doxes historical DPRK crypto laundering infrastructure, processes

This week’s sponsor interview is with VMRay co-founder and sandbox guru Carsten Willems.

Carsten is joining us to talk product this week – VMRay has brought out a stack of new integrations for its sandbox product, you can now connect it to a lot of your existing enterprise kit. He’ll pop in to tell us more.

Links to everything that we discussed are below and you can follow Patrickor Alex on Twitter if that’s your thing.

Show notes

The US exposes how the DPRK cashes out from cybercrime - Risky Business
DDoS extortionists target NZX, Moneygram, Braintree, and other financial services | ZDNet
Democrats furious after intelligence officials cancel in-person election security briefings
No, Michigan voter data wasn’t hacked by the Russians
A Tesla Employee Thwarted an Alleged Ransomware Plot | WIRED
US sues to recover cryptocurrency funds stolen by North Korean hackers | ZDNet
Sendgrid Under Siege from Hacked Accounts — Krebs on Security
Twitter Hack May Have Had Another Mastermind: A 16-Year-Old - The New York Times
Iranian hackers impersonate journalists to set up WhatsApp calls and gain victims' trust | ZDNet
Iranian hackers are selling access to compromised companies on an underground forum | ZDNet
CenturyLink outage led to a 3.5% drop in global web traffic | ZDNet
Cloud company Fastly to purchase app security provider Signal Sciences for $775 million
Cisco says it will issue patch ‘as soon as possible’ for bugs hackers are trying to exploit
Announcing the Expansion of the Clean Network to Safeguard America’s Assets - United States Department of State
How WeChat Censored the Coronavirus Pandemic | WIRED
What China’s new export rules mean for TikTok’s US sale | Financial Times
TikTok's security boss makes his case. Carefully.
(13) Patrick Gray on Twitter: "Don’t. Run. Electron. Apps." / Twitter
(3) Moxie Marlinspike on Twitter: "Yes. One reason software development is so much more expensive than it used to be is that making one app now requires that you write/maintain three apps. Electron enables an organization to have a "native" desktop presence without having to build/maintain a *fourth* one. 1/4" / Twitter
(3) Justin Schuh 😷 on Twitter: "@ThomasClaburn @dinodaizovi @bascule @riskybusiness My fundamental complaint with Electron is that relatively basic usage still demands that non-security devs understand the full security properties of their system and scope broker usage appropriately. That's not reasonable, given it's one of the hardest tasks for security experts" / Twitter
(3) Samuel Attard on Twitter: "@frgx @mweissbacher @dinodaizovi @riskybusiness Legacy code is always a problem. But (a) slack is and has been investing resources in electron 👋 and (b) as of recently Slack has enabled the security features you mentioned. You can read more about that journey here https://t.co/Ju1mH9szF9" / Twitter
Confessions of an ID Theft Kingpin, Part I — Krebs on Security
Confessions of an ID Theft Kingpin, Part II — Krebs on Security
Sep 02, 2020
Risky Business #596 -- DoJ gives Uber breach response one star

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Former Uber CSO Joe Sullivan charged with obstruction of justice
  • Whitehouse to concede WeChat carveouts for US operations in China
  • A bunch of news that sounds like it’s from 1997

This week’s sponsor interview is with Bugcrowd’s CTO Casey Ellis. He’s joining us to talk about some US election-related vulnerability disclosure programs that have kicked off in the USA. Voting machine maker ES&S has launched one as has the state of Ohio.

Links to everything that we discussed are below and you can follow Patrickor Adam on Twitter if that’s your thing.

Show notes

Former Uber CSO charged for 2016 hack cover-up | ZDNet
Trump Team Reassures Apple, Others on Using WeChat in China - Bloomberg
TikTok Sues U.S. Government Over Trump Ban - The New York Times
TikTok Complaint
(1) Bobby Chesney on Twitter: "Looking forward to seeing the details of the complaint. But that said, the most TikTok possibly can get here is a delay, and thus possibly a better deal when they are sold. Courts will *not* second-guess the ultimate *merits* determination under IEEPA or CFIUS, full stop. 1/4" / Twitter
Google fixes major Gmail bug seven hours after exploit details go public | ZDNet
Security researcher discloses Safari bug after Apple delays patch | ZDNet
CISA warns of BLINDINGCAN, a new strain of North Korean malware | ZDNet
Taiwan accuses Chinese hackers of aggressive attacks on government agencies
“DeathStalker” hackers are (likely) older and more prolific than we thought | Ars Technica
Hackers Leak Alleged Internal Files of Chinese Social Media Monitoring Firms
FBI, CISA Echo Warnings on ‘Vishing’ Threat — Krebs on Security
Voice Phishers Targeting Corporate VPNs — Krebs on Security
Feds warn election officials of potentially malicious ‘typosquatting’ websites
Cyber Command deploys abroad to fend off foreign hacking ahead of the 2020 election
Report claims a popular iOS SDK is stealing click revenue from other ad networks | ZDNet
Tens of suspects arrested for cashing-out Santander ATMs using software glitch | ZDNet
ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks | ZDNet
University of Utah pays $457,000 to ransomware gang | ZDNet
Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites | ZDNet
Weeks after malware disruption, New York hospital is getting back online
WannaRen ransomware author contacts security firm to share decryption key | ZDNet
Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme | ZDNet
Russian National Arrested for Conspiracy to Introduce Malware into a Nevada Company's Computer Network | OPA | Department of Justice
New P2P botnet infects SSH servers all over the world | Ars Technica
Browser fingerprinting ‘more prevalent on the web now than ever before’ – research | The Daily Swig
Bcrypt hashing library bug leaves Node.js applications open to brute-force attacks | The Daily Swig
Google Firebase messaging vulnerability allowed attackers to send push notifications to app users | The Daily Swig
US government built secret iPod with Apple’s help, former engineer says | Ars Technica
Former Uber CSO charged with obstruction of justice - Risky Business
Aug 26, 2020
Risky Business #595 -- NSA and FBI document GRU's Linux malware for them

On this week’s show Patrick, Adam and Sherrod DeGrippo discuss the week’s security news, including:

  • NSA and FBI doxx GRU malware. Lol.
  • Malicious Azure app snags SANS staffer
  • Oracle to acquire TikTok?
  • Trump weighs Snowden pardon
  • Much, much more

This week’s show is brought to you by Airlock Digital. They make allowlist/safelist software that is actually manageable at scale! David Cottingham, an Airlock co-founder, joins the show this week to talk through a few product updates.

Links to everything that we discussed are below and you can follow Patrick, Sherrod or Adam on Twitter if that’s your thing.

Show notes

GRU uses Linux rootkits, everyone else is OAuth phishing - Risky Business
NSA, FBI expose Russian intelligence hacking tool: report - Reuters
For six months, security researchers have secretly distributed an Emotet vaccine across the world | ZDNet
SANS Institute, which drills cyber professionals in defense, suffers data breach
US Army report says many North Korean hackers operate from abroad | ZDNet
Oracle Said to be Weighing Bid for TikTok’s U.S. Business - Bloomberg
Final Senate Intel report details remarkable contact between Trump campaign, Russian spies
Trump Pardon of Edward Snowden Would Backfire - Bloomberg
Secret Service Bought Phone Location Data from Apps, Contract Confirms
The Attack That Broke Twitter Is Hitting Dozens of Companies | WIRED
The Secret SIMs Used By Criminals to Spoof Any Number
An advanced group specializing in corporate espionage is on a hacking spree
Cruise operator Carnival hit by ransomware
Brown-Forman Was Target of Apparent Ransomware Attack - Bloomberg
Blackbaud ransomware attack exposed donor data from two UK charities | The Daily Swig
Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack — Krebs on Security
Canadian government services forced offline after credential stuffing attacks | The Daily Swig
Ukraine arrests gang who ran 20 crypto-exchanges and laundered money for ransomware gangs | ZDNet
Signal adds message requests to stop spam and protect user privacy | ZDNet
Re­VoL­TE attack can decrypt 4G (LTE) calls to eavesdrop on conversations | ZDNet
Sources: Mozilla extends its Google search deal | ZDNet
Remote code execution vulnerability exposed in popular JavaScript serialization package | The Daily Swig
Some email clients are vulnerable to attacks via 'mailto' slinks | ZDNet
Aug 19, 2020
Risky Business #594 -- How ESNIs will change censorship and NDR

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • WeChat joins TikTok in the naughty corner
  • TLS 1.3 with ESNI will have a massive impact on censorship AND security
  • Belarus goes dark after dodgy election
  • Capital One fined $80m
  • Much, much more

We’ll be hearing from Dan Guido of Trail of Bits in this week’s sponsor interview. They’ve developed a generic macOS EDR package that you, dear vendor, should absolutely license from them. Dan joins us to explain why.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

America's clean path is slippery - Risky Business
Trump issues executive orders that will ban TikTok, WeChat in 45 days - CyberScoop
China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI | ZDNet
Cat and mouse: Privacy advocates fight back after China tightens surveillance controls | The Daily Swig
DEF CON: New tool brings back 'domain fronting' as 'domain hiding' | ZDNet
Belarus Has Shut Down the Internet Amid a Controversial Election | WIRED
Ohio becomes first state to release vulnerability policy for election-related websites
Top voting vendor ES&S publishes vulnerability disclosure policy
Microsoft bug bounty payouts trebled to reach nearly $14 million in the last year | The Daily Swig
US offers $10 million reward for hackers meddling in US elections | ZDNet
Mozilla lays off 250 employees while it refocuses on commercial products | ZDNet
US financial regulator fines Capital One $80 million over data breach
FBI says an Iranian hacking group is attacking F5 networking devices | ZDNet
Citrix releases fix for software bug that hackers ‘will move quickly to exploit’
Hacker leaks passwords for 900+ enterprise VPN servers | ZDNet
Hacking group has hit Taiwan's prized semiconductor industry, Taiwanese firm says
A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks | ZDNet
FBI issues warning over Windows 7 end-of-life | ZDNet
Anti-encryption laws yet to be used by Asio or AFP to compel tech firms' help, inquiry told | Australian security and counter-terrorism | The Guardian
WordPress 5.5 rolls out with auto-updates for plugins, themes | The Daily Swig
Snapdragon chip flaws put >1 billion Android phones at risk of data theft | Ars Technica
Researchers found another way to hack Android cellphones via Bluetooth
Insecure satellite Internet is threatening ship and plane safety | Ars Technica
When TLS hacks you: Security friend becomes a foe | The Daily Swig
Top hacks from Black Hat and DEF CON 2020 | The Daily Swig
Security bugs let these car hackers remotely control a Mercedes-Benz | TechCrunch
Black Hat 2020: New HTTP request smuggling variants levied against modern web servers | The Daily Swig
Black Hat 2020: Web cache poisoning offers fresh ways to smash through the web stack | The Daily Swig
(12) Dan Guido on Twitter: "Last Thursday, I was locked out of my cloud MDM, my data was deleted, and MDM agents for every device @trailofbits were silently removed by the vendor, leaving the entire company unmanaged. There was no advance notice and no explanation. This is a warning: Never use Kandji. https://t.co/0zIPZKpCC8" / Twitter
Sinter: New user-mode security enforcement for macOS | Trail of Bits Blog
Aug 12, 2020
Risky Business #593 -- China promises "mortal combat in the tech realm"

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Trump’s war on TikTok (featuring guest Alex Stamos)
  • Twitter hackers caught. Pretty embarrassing stuff, really.
  • NSO implants target Easter Bunny
  • Garmin may need a good OFAC lawyer (featuring comment from Dmitri Alperovitch)
  • Blackberry cracked after five years leads to multiple arrests in Australia
  • Much, much more

Matt Cauthorn of ExtraHop Networks is this week’s news guest. He’ll join us to talk about how the pivot to work from home has changed incident response workflows. The tl;dr is the north-south traffic might look a bit different these days but the east-west shenanigans are still the same.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

TikTok review reduced to meaningless farce - Risky Business
China will not accept U.S. 'theft' of TikTok: China Daily - Reuters
Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users | Ars Technica
Three Individuals Charged For Alleged Roles In Twitter Hack | USAO-NDCA | Department of Justice
How the Alleged Twitter Hackers Got Caught | WIRED
US files superseding indictment against former Twitter employees accused of spying for Saudi Arabia
Twitter prepares to pay up to $250 million for using security data for advertising
Exclusive: Papers leaked before UK election in suspected Russian operation were hacked from ex-trade minister - sources - Reuters
Religious, political leaders in Togo allegedly targeted with NSO Group spyware
'Payment sent' - travel giant CWT pays $4.5 million ransom to cyber criminals - Reuters
Garmin 'paid multi-million dollar ransom to criminals using Arete IR', say sources | Science & Tech News | Sky News
Ransomware gang publishes tens of GBs of internal data from LG and Xerox | ZDNet
Blackberry cracked five years after seizure sparks mass arrests for drug importation
For North Korea, phishing with fake job-recruitment emails never gets old
Suspected Chinese hackers targeting Vatican in advance of Beijing negotiations
CISA, DOD, FBI expose new versions of Chinese malware strain named Taidoor | ZDNet
Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH) | ZDNet
EU sanctions China, Russia, and North Korea for past hacks | ZDNet
Hackers Broke Into Real News Sites to Plant Fake Stories | WIRED
Here's how Army Cyber Command plans to take on information warfare
Exclusive: China-backed hackers 'targeted COVID-19 vaccine firm Moderna' - Reuters
Kaspersky: New hacker-for-hire mercenary group is targeting European law firms | ZDNet
BootHole fixes causing boot problems across multiple Linux distros | ZDNet
Theoretical technique to abuse EMV cards detected used in the real world | ZDNet
Is Your Chip Card Secure? Much Depends on Where You Bank — Krebs on Security
New tool detects shadow admin accounts in AWS and Azure environments | ZDNet
Cloud Native Security: Network Detection and Response | ExtraHop
Aug 05, 2020
Risky Biz Soap Box: Yubico Chief Solutions Officer Jerrod Chong

Soap Box is the wholly sponsored podcast series we do here at Risky.Biz. That means everyone you hear on this podcast paid to be here. In this podcast you’re going to hear my latest interview with Jerrod Chong, Yubico’s Chief Solutions Officer.

Hardware security keys like Yubikeys have come a long way, even over the last couple of years. The biggest change is that the support for hardware keys is borderline ubiquitous now. FIDO2 support is in all the major browsers. You can even use Yubikeys with Google apps on an iPhone. The plumbing is here, it’s arrived.

But there are still some hurdles to overcome before the full potential of hardware security keys will be unlocked. One issue is that if you’re operating an at-scale service, you’re still stuck with the same old problems around account recovery. The process problems.

So in this interview I talk with Jerrod about how far things have come and where they might go next.

Jul 30, 2020
Risky Business #592 -- We're back. Did we miss anything?

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Two Chinese nationals charged with freelancing for MSS
  • Russia, China hacking COVID-19 research
  • The world dodged a bullet on the Windows DNS bug
  • Twitter blue tick pwnapalooza
  • Much, much more.

This week’s show is brought to you by Corelight. The company’s Chief Product Officer, Brian Dye, will be along for a chat a bit later on. We look at how adopting a zero trust model, sadly, doesn’t mean you can just ignore your network completely, as much as that would be nice.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Chinese campaign a sad indictment of infosec - Risky Business
US accuses two Chinese hackers of global hacking campaign, targeting coronavirus vaccine research
Russia’s Latest Hacking Target: Covid-19 Vaccine Projects | WIRED
Secret Trump order gives CIA more powers to launch cyberattacks
Report: CIA received more offensive hacking powers in 2018 | ZDNet
Russia's GRU Hackers Hit US Government and Energy Targets | WIRED
Two more cyber-attacks hit Israel's water system | ZDNet
UK 'almost certain' that 2019 election was target of Russian disinformation operation
Russia spreading coronavirus disinfo aimed at West, say US officials
Twitter says hackers accessed DMs for 36 users in last week's hack | ZDNet
US seeks to drop charges against former Twitter employees accused of spying for Saudi Arabia - The Verge
Microsoft Warns of a 17-Year-Old ‘Wormable’ Bug | WIRED
Hackers actively exploit high-severity networking vulnerabilities | Ars Technica
US cyber officials urge patching of bug affecting up to 40K SAP customers
CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malware | ZDNet
Garmin’s four-day service meltdown was caused by ransomware | Ars Technica
North Korean hackers are stepping up their ransomware game, Kaspersky finds
A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs | ZDNet
FBI warns US companies about backdoors in Chinese tax software | ZDNet
Malware stashed in China-mandated software is more extensive than thought | Ars Technica
Iranian Spies Accidentally Leaked Videos of Themselves Hacking | WIRED
Apple’s Hackable iPhones Are Finally Here | WIRED
Google's Project Zero team won't be applying for Apple's SRD program | ZDNet
NY Charges First American Financial for Massive Data Leak — Krebs on Security
Listen to This Deepfake Audio Impersonating a CEO in Brazen Fraud Attempt
The Rise of Synthetic Audio Deepfakes
GEDmatch confirms data breach after users’ DNA profile data made available to police | TechCrunch
Police Are Buying Access to Hacked Website Data
Wyden Plans Law to Stop Cops From Buying Data That Would Need a Warrant
Breached Data Indexer ‘Data Viper’ Hacked — Krebs on Security
Crooks have acquired proprietary Diebold software to “jackpot” ATMs | Ars Technica
Microsoft's new KDP tech blocks malware by making parts of the Windows kernel read-only | ZDNet
Sony awards $10,000 bug bounty for PlayStation 4 kernel exploit | The Daily Swig
Security Operations Lead » InternetNZ
Jul 29, 2020
Risky Biz Soap Box: Facebook, under the hood

Normally these Soap Box podcasts – which are wholly sponsored – feature vendors trying to sell you stuff. But this time we’re doing something different: This podcast is an interview with two senior Facebook staffers:

  • Pedro Canahuati, VP of Engineering
  • Chris Bream, Security Engineering Director.

Why is facebook’s security engineering group sponsoring a Soap Box episode of Risky Biz? They figure lifting the veil a bit on how things are done over there will be good for them. They’re always hiring, right?

Enjoy!

(A reminder – there will be no weekly show this week or next. The weekly Risky Biz news podcast returns on July 29.)

Jul 09, 2020
Risky Business #591 -- EncroChat user experience includes getting owned, going to prison

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • The latest on the EncroChat hack-related arrests
  • Details about the fresh F5 and Citrix bugs
  • Natanz go boom
  • Paying Wastedlocker ransoms violates Treasury sanctions
  • North Korea embraces Magecart (lol)
  • Much, much more…

This week’s show is brought to you by Cmd Security. They make a very useful Linux security agent. Essentially they add an additional layer of control to your Linux systems: you can restrict user actions, even for root.

Instead of having one of their own staff on to the show this week they’ve nominated a customer. HPE is a Cmd user, they actually heard about it on the podcast and wound up buying it. So HPE ITOC engineering lead Adam Cardillo and his colleague Curtis Simpson – the ITOC CISO – will both join us in this week’s sponsor interview to talk about how they’re using the software.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

VICE - How Police Secretly Took Over a Global Phone Network for Organized Crime
Dutch police find 'torture chamber' with dentist chair after encrypted phones are cracked - ABC News
The network devices are revolting - Risky Business
Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment | WIRED
Hackers are trying to steal admin passwords from F5 BIG-IP devices | ZDNet
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC) – Fox-IT International blog
Iran blasts: What is behind mysterious fires at key sites? - BBC News
Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: WastedLocker Goes "Big-Game Hunting" in 2020
Senator warns of political pressure on U.S. probe into hackers of green groups - Reuters
North Korean hackers slinked to web skimming (Magecart) attacks, report says | ZDNet
Connection discovered between Chinese hacker group APT15 and defense contractor | ZDNet
lookout-uyghur-malware-tr-us.pdf
Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn | ZDNet
Feds indict 'fxmsp' in connection with million-dollar hacking operation
US Secret Service reports an increase in hacked managed service providers (MSPs) | ZDNet
Google, Facebook and Twitter Suspend Review of Hong Kong Requests for User Data - WSJ
US tech giants halt Hong Kong police help | TechCrunch
Senate panel advances bill to combat child exploitation, but critics fear it could weaken encryption
(8) Michael Salter on Twitter: "Hard to find media coverage of the EARN IT act that recognises online child abuse as a major social problem that tech companies have an obligation to resolve. Too many journos are repeating industry and astroturfed talking points." / Twitter
(8) Jennifer Hansler on Twitter: ".@SecPompeo says the US is "certainly looking at" banning Chinese social media apps, including TikTok. "I don’t want to get out in front of the President, but it’s something we’re looking at,” he says" / Twitter
German authorities seize 'BlueLeaks' server that hosted data on US cops | ZDNet
Facebook reinstates NSO Group employee accounts amid ongoing lawsuit
Hole-y Guacamole: Flaws in Apache remote desktop tech exposed by new research | The Daily Swig
Microsoft touts free malware-busting virtual machine forensics service | The Daily Swig
Unscheduled fixes released for critical flaw in optional Windows codec | Ars Technica
(1) Wayne Jordan on Twitter: "MS possibly addressing our E5 Azure app (OAuth) granularity concerns with this preview? @riskybusiness https://t.co/MWbUmNipsO" / Twitter
Alexa OBrien › US v. Assange – Superseding Indictment No. 2 Breakdown – Updated
Jul 08, 2020
Risky Biz Soap Box: No magic wand for business email compromise (BEC)

This edition of the Soap Box podcast is brought to you by Proofpoint.

Today’s guest is Proofpoint’s EVP of Cybersecurity Strategy, Ryan Kalember, and the topic is business email compromise, or BEC.

BEC is a big deal, generating billions of dollars in losses every year across basically all industry verticals and levels of government. Until recently, there haven’t been many technical controls that help to mitigate it.

Trying to get on top of this issue is very much in Ryan Kalember’s job description. BEC is a diabolical problem, and as a company with a specialty in email security, Proofpoint is really expected to help clients get on top of it. In this conversation you’ll hear us talk a bunch about the problem and Proofpoint’s approach to trying to minimise BEC.

Jul 02, 2020
Risky Business #590 -- REPOST: It turns out we're not SAML experts

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Inside the new American “e2ee busting” bill
  • Julian Assange hit with (another) superseding indictment
  • Trustwave uncovers sneaky Chinese accounting software backdoor
  • Much, much more…

This week’s show is brought to you by Okta. They are, of course, the identity and auth giant and one of the few sponsors we actually approached last year for 2020 because, well, they are very good at what they do. This week Marc will be joining us to talk about a privacy-related topic. The discussion is nuanced, but it’s basically about how the public perception of privacy risks has diverged from the reality/ Further, that the COVID-19 crisis and the advent of digital contact tracing apps have actually brought general concerns around digital privacy to the fore.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Decrypting America's new push for lawful interception - Risky Business
Australia's cyber security measures significantly increased with $1.3b injection for cyber spies
CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication
How to create a CA-signed certificate for Palo Alto Networks SAML Applications
US Cyber Command says foreign hackers will most likely exploit new PAN-OS security bug | ZDNet
Foreign adversaries likely to exploit critical networking bug, US says | Ars Technica
Chinese bank forced western companies to install malware-laced tax software | ZDNet
WikiLeaks founder charged with conspiring with Anonymous and LulzSec hackers | ZDNet
An Embattled Group of Leakers Picks Up the WikiLeaks Mantle | WIRED
TikTok and 53 other iOS apps still snoop your sensitive clipboard data | Ars Technica
Google removes 25 Android apps caught stealing Facebook credentials | ZDNet
India bans 59 Chinese apps, including TikTok, UC Browser, Weibo, and WeChat | ZDNet
Russian Cybercrime Boss Burkov Gets 9 Years — Krebs on Security
Russian national pleads guilty to being part of $568 million fraud ring
Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL | ZDNet
Apple strong-arms entire CA industry into one-year certificate lifespans | ZDNet
COVID-19 ‘Breach Bubble’ Waiting to Pop? — Krebs on Security
A hacker gang is wiping Lenovo NAS devices and asking for ransoms | ZDNet
New WastedLocker ransomware demands payments of millions of USD | ZDNet
New EvilQuest ransomware discovered targeting macOS users | ZDNet
California university pays $1 million ransom amid coronavirus research
Apple Safari 14 introduces ‘passwordless’ logins for websites | The Daily Swig
Apple declined to implement 16 Web APIs in Safari due to privacy concerns | ZDNet
CryptoCore hacker group has stolen more than $200m from cryptocurrency exchanges | ZDNet
Sony launches PlayStation bug bounty program with rewards of $50K+ | ZDNet
Protect your resources from web attacks with Fetch Metadata
Jul 01, 2020
Risky Business #590 -- Cyber Command sounds alarm on PAN's yolo checkbox of doom

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Inside the new American “e2ee busting” bill
  • Julian Assange hit with (another) superseding indictment
  • Trustwave uncovers sneaky Chinese accounting software backdoor
  • OMFG Palo Alto WTF
  • Much, much more…

This week’s show is brought to you by Okta. They are, of course, the identity and auth giant and one of the few sponsors we actually approached last year for 2020 because, well, they are very good at what they do. This week Marc will be joining us to talk about a privacy-related topic. The discussion is nuanced, but it’s basically about how the public perception of privacy risks has diverged from the reality/ Further, that the COVID-19 crisis and the advent of digital contact tracing apps have actually brought general concerns around digital privacy to the fore.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Decrypting America's new push for lawful interception - Risky Business
Australia's cyber security measures significantly increased with $1.3b injection for cyber spies
CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication
How to create a CA-signed certificate for Palo Alto Networks SAML Applications
US Cyber Command says foreign hackers will most likely exploit new PAN-OS security bug | ZDNet
Foreign adversaries likely to exploit critical networking bug, US says | Ars Technica
Chinese bank forced western companies to install malware-laced tax software | ZDNet
WikiLeaks founder charged with conspiring with Anonymous and LulzSec hackers | ZDNet
An Embattled Group of Leakers Picks Up the WikiLeaks Mantle | WIRED
TikTok and 53 other iOS apps still snoop your sensitive clipboard data | Ars Technica
Google removes 25 Android apps caught stealing Facebook credentials | ZDNet
India bans 59 Chinese apps, including TikTok, UC Browser, Weibo, and WeChat | ZDNet
Russian Cybercrime Boss Burkov Gets 9 Years — Krebs on Security
Russian national pleads guilty to being part of $568 million fraud ring
Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL | ZDNet
Apple strong-arms entire CA industry into one-year certificate lifespans | ZDNet
COVID-19 ‘Breach Bubble’ Waiting to Pop? — Krebs on Security
A hacker gang is wiping Lenovo NAS devices and asking for ransoms | ZDNet
New WastedLocker ransomware demands payments of millions of USD | ZDNet
New EvilQuest ransomware discovered targeting macOS users | ZDNet
California university pays $1 million ransom amid coronavirus research
Apple Safari 14 introduces ‘passwordless’ logins for websites | The Daily Swig
Apple declined to implement 16 Web APIs in Safari due to privacy concerns | ZDNet
CryptoCore hacker group has stolen more than $200m from cryptocurrency exchanges | ZDNet
Sony launches PlayStation bug bounty program with rewards of $50K+ | ZDNet
Protect your resources from web attacks with Fetch Metadata
Jul 01, 2020
Risky Business #589 -- Why Microsoft's steep E5 license pricing is a national security risk

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Australia “under attack” - a wrap
  • Microsoft releases more security protections for E5 customers
  • US to introduce “anti encryption” bill
  • Shady encrypted phone company owned by the cops
  • NSA to offer filtered DNS services to defence industry
  • MORE

This week’s sponsor is Kasada. They offer a service that eliminates synthetic/bot traffic from the web. Former Australian Prime Minister Malcolm Turnbull is an investor and has joined Kasada’s board. Kasada’s CEO Pascal Podvin is this week’s sponsor guest.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

One thing Microsoft could do to avert state-sponsored attacks - Risky Business
Australia blames a state actor for major disruptions. China is already denying it.
Microsoft's 'Safe Documents' feature reaches general availability in Office 365 | ZDNet
Microsoft releases first public preview of its Defender antivirus on Android | ZDNet
Graham, Cotton, Blackburn Introduce Balanced Solution to Bolster National Security, End Use of Warrant-Proof Encryption that Shields Criminal Activity | United States Senate Committee on the Judiciary
Encrypted Phone Network Says It's Shutting Down After Police Hack - VICE
‘BlueLeaks’ Exposes Files from Hundreds of Police Departments — Krebs on Security
The NSA is piloting a secure DNS service for the defense industrial base
Bolton book could cause 'irreparable damage' to US signals intelligence, NSA director says
Federal agencies recommend blocking Hong Kong-US undersea cable over national security concerns
North Korea's state hackers caught engaging in BEC scams | ZDNet
Zoom Reverses Course and Promises End-to-End Encryption for All Users | WIRED
AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever | ZDNet
Oracle’s BlueKai tracks you across the web. That data spilled online | TechCrunch
How spies used LinkedIn to hack European defense companies
Crooks abuse Google Analytics to conceal theft of payment card data | Ars Technica
To evade detection, hackers are requiring targets to complete CAPTCHAs | Ars Technica
Adobe wants users to uninstall Flash Player by the end of the year | ZDNet
New Zealand freezes $90 million connected to accused bitcoin launderer Alexander Vinnik
Warning: ‘Invisible God’ Hacker Sold Access To More Than 135 Companies In Just Three Years
FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy — Krebs on Security
Chrome extensions with 33 million downloads slurped sensitive user data | Ars Technica
Microsoft: COVID-19 malware attacks were barely a blip in total malware volume | ZDNet
Russia unbans Telegram | ZDNet
Facebook sues websites that sold Instagram likes and scraped Facebook user data | ZDNet
Mozilla to launch VPN product 'in the next few weeks' | ZDNet
Hackers Compromise a Grey Market for Roblox Items - VICE
Security researcher earns $4k bug bounty after hacking into Starbucks database | The Daily Swig
FBI tracked Philly protester through Etsy, LinkedIn to charge her with torching police cars
Samsung Blu-ray players are rebooting in a loop and nobody knows why | ZDNet
Maersk, me & notPetya - gvnshtn
Twitter says some business users had their private data exposed | TechCrunch
Jun 24, 2020
Feature podcast: Inside BellTrox's hacker-for-hire operation

This podcast is brought to you by the Cyber Initiative at the Hewlett Foundation. They gave us a grant so we can do these podcast interviews that have relevance to cyber policy, so big thanks to the Cyber Initiative at the Hewlett Foundation for funding this work.

Today we’re chatting with Citizen Lab Senior Researcher John Scott-Railton about the work they did investigating the Indian hacker-for-hire firm BellTrox.

For those of you who didn’t catch the news, The Citizen Lab, which operates out of the Munk School of Global Affairs at the University of Toronto, dropped a huge report a couple of weeks back that lays Belltrox’s operations bare. As you’ll hear this company attempted to hack tens of thousands of email accounts belonging to everyone from government officials to hedge fund managers and activists.

Jun 19, 2020
Risky Business #588 -- Catastrophic bugs to plague ICS for years

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Facebook commissioned custom 0day to de-cloak child sex predator
  • IP stack bugs to plague IoT, ICS for years
  • Sandworm was doxxed by the NSA and hardly anyone noticed
  • Congress demands answers on 2015 Juniper NetScreen back door investigation
  • Amazon, Microsoft join moratorium on sale of facial recognition to police
  • Much, much more

This week’s show is brought to you by Signal Sciences. And instead of having one of their staff on the show, they nominated one of their customers to appear instead. So in this week’s sponsored segment we’re going to hear from Keith Hoodlet. Keith is currently the Senior Manager of Application Experience at Thermo Fisher Scientific, a $137 billion company. He built their appsec program and he’ll be along later on to talk through all of that. It’s a rapid-fire interview about how he was able to get started and make a dent quickly. Keith used to co-host the Application Security Weekly podcast and he’s worked for Bugcrowd and Veracode. He’s a cool guy, it’s a great interview, make sure you stick around for that one.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Facebook Helped the FBI Hack a Child Predator - VICE
gov.uscourts.insd.77308.131.0.pdf
Ripple20 vulnerabilities will haunt the IoT landscape for years to come | ZDNet
Exclusive: Sandworm's Exim hacks reveal wider Russian activity - Risky Business
Driving Discord through Disinformation and Disruption – Stranded on Pylos
Wyden seeks details on spies' data protection after scathing CIA audit on Vault 7 leaks
wyden-cybersecurity-lapses-letter-to-dni.pdf
Congress asks Juniper for the results of its 2015 NSA backdoor investigation | ZDNet
Wyden House Juniper Letter
Juniper 'fesses up to TWO attacks from 'unauthorised code' • The Register
Amazon Won’t Let Police Use Its Facial-Recognition Tech for One Year | WIRED
Microsoft Won’t Sell Facial Recognition To American Cops After Protests
(5) Richard Grenell on Twitter: "They should now be barred from federal government contracts - there should be consequences for not selling technology to police departments. @realDonaldTrump" / Twitter
Research shows human rights activists in India were targeted with spyware
Italian company exposed as a front for malware operations | ZDNet
US intelligence bill takes aim at commercial spyware makers | TechCrunch
Text - S.3905 - 116th Congress (2019-2020): Intelligence Authorization Act for Fiscal Year 2021 | Congress.gov | Library of Congress
Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More | WIRED
South African bank to replace 12m cards after employees stole master key | ZDNet
Intel will soon bake anti-malware defenses directly into its CPUs | Ars Technica
Arm CPUs impacted by rare side-channel attack | ZDNet
Twitter bans 32k accounts pushing Chinese, Russian, and Turkish propaganda | ZDNet
COVID-19 Tracking Apps ‘A Privacy Trash Fire’ As Norway Nixes Its Own
Zoom Promises To Do Better After Banning Tiananmen Square Protests—Then Builds Tech To Help China’s Censorship
Chinese users saw Zoom as a window through the 'Great Firewall' - Reuters
Coder-Turned-Kingpin Paul Le Roux Gets His Comeuppance | WIRED
Stalkerware detection rates are improving across antivirus products | ZDNet
Lamphone attack lets threat actors recover conversations from your light bulb | ZDNet
Hackers breached A1 Telekom, Austria's largest ISP | ZDNet
Google email domains spoofed by SMTP exploit in G Suite | The Daily Swig
Former eBay Employees Sent Cockroaches, Bloody Pig Mask to Mass. Couple In Harassment Campaign: US Attorney – NBC Boston
Jun 17, 2020
Risky Business #587 -- Full scale of Indian hacking-for-hire revealed

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Full scale of Indian hacker-for-hire firm revealed
  • IBM exits facial recognition
  • Contact tracing apps flop
  • Much, much more

This week’s show is brought to you by AttackIQ.

AttackIQ’s Chris Kennedy will be along in this week’s sponsor interview to talk about how for some organisations threat intelligence has moved from a nice-to-have to being central to blue team efforts. As you’ll hear he says MITRE ATT&CK makes threat intel actionable, and some orgs playing on hard mode are really kicking some goals that way.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Exclusive: Obscure Indian cyber firm spied on politicians, investors worldwide - Reuters
Dark Basin: Uncovering a Massive Hack-For-Hire Operation - The Citizen Lab
Huge Cyberattacks Attempt To Silence Black Rights Movement With DDoS Attacks
Petition · Take down the racist "Chimpmania" website. It attacks our children · Change.org
Cyberattacks since the murder of George Floyd
IBM will no longer offer, develop, or research facial recognition technology - The Verge
Contact tracing bug bounty: France’s StopCovid project launches public program | The Daily Swig
Another online voting system teardown, Big game hunters net Honda and Lion, and more... - Risky Business
Qatar: Contact tracing app exposes personal details of more than one million - Amnesty International Australia
Hackers target senior executives at German company procuring PPE
Why spies are targeting vaccine research - Risky Business
Shoddy US government review of Chinese telcos endangered national security, Senate panel finds
Election security: Democracy Live’s online voting system ‘open to manipulation’ | The Daily Swig
Facebook sues to stop domain scammers from impersonating Instagram, WhatsApp sites
Hackers hijack one of Coincheck's domains for spear-phishing attacks | ZDNet
New CrossTalk attack impacts Intel's mobile, desktop, and server CPUs | ZDNet
Plundering of crypto keys from ultrasecure SGX sends Intel scrambling again | Ars Technica
DARPA invites hackers to break hardware to make it more secure
ST Engineering conducting ‘rigorous review’ of systems after US subsidiary hit by ransomware attack | The Daily Swig
Ransomware gang says it breached one of NASA's IT contractors | ZDNet
Ransomware crooks attack Conduent, another large IT provider
QNAP NAS devices targeted in another wave of ransomware attacks | ZDNet
Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity — Krebs on Security
Honda puts some manufacturing on hold over computer 'disruption'
Lion hit by cyber attack as hackers target corporate Australia
South African healthcare provider hit by cyber-attack | The Daily Swig
IT-bedrijf moet schade na ransomware-uitbraak vergoeden | Executive People
There’s a new Java ransomware family on the block
Exploit code for wormable flaw on unpatched Windows devices published online | Ars Technica
CallStranger vulnerability lets attacks bypass security systems and scan LANs | ZDNet
Commonwealth Bank to suspend users over abuse in online transaction descriptions
Zoom defenders cite legit reasons to not end-to-end encrypt free calls | Ars Technica
Zoom has partially fixed two new flaws, with other security hurdles ahead
Nintendo now says 300,000 accounts breached by hackers | TechCrunch
Google apps and websites get support for more security keys on iOS devices | ZDNet
Romanian Skimmer Gang in Mexico Outed by KrebsOnSecurity Stole $1.2 Billion — Krebs on Security
RMIScout: New hacking tool brute-forces Java RMI servers for vulnerabilities | The Daily Swig
Spy secret revealed: SIS and MI6 raided Czechoslovakian embassy in Wellington | RNZ News
CVE-2020-13777: TLS 1.3 session resumption works without master key, allowing MITM (#1011) · Issues · gnutls / GnuTLS · GitLab
Jun 10, 2020
Risky Biz Soap Box: A better way to provision access to production environments

The Soap Box podcasts we run here at Risky.Biz are wholly sponsored affairs – everyone you hear in a soap box podcast, paid to be here.

The idea is vendors get to come on to the show and chat about their products, what their stuff does, the thinking behind it, so on and so on.

Today we’re hearing from Justin McCarthy of StrongDM.

StrongDM is a bit of a niche player – essentially what they do is make a product that provisions secure access to engineers who need to access various back end services.

You can think of them as an identity aware proxy of sorts, but for engineers. So instead of provisioning regular users with access to web applications like a typical identity aware proxy, a StrongDM user will use the product to get access to the production database, or to kubernetes, or other services like SSH.

And since the COVID crisis kicked off, business has gone pretty berserk.

Jun 04, 2020
Risky Business #586 -- Google TAGs Indian mercenaries

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • NSA warns of Sandworm Exim exploitation
  • Huawei CFO extradition process to continue
  • Google TAG implicates Indian hacker-for-hire outfits in espionage
  • Black lives matter
  • F–k police brutality

This week’s sponsor interview is with Marco Slaviero of Thinkst Canary. He’ll be talking through a few of the partnerships Thinkst has entered into over the years. He’ll also talk a bit about some new Canary integrations, such as a new one with HD Moore’s Rumble.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers | WIRED
Canadian judge OKs extradition proceedings for Huawei CFO
Google highlights Indian 'hack-for-hire' companies in new TAG report | ZDNet
Updates about government-backed hacking and disinformation
REvil Ransomware Gang Starts Auctioning Victim Data — Krebs on Security
Michigan State University hit by ransomware gang | ZDNet
Microsoft warns about attacks with the PonyFinal ransomware | ZDNet
Lawsuit seeking billions in damages filed against EasyJet
Anonymous, aiming for relevance, spins old data as new hacks
Exclusive: Zoom plans to roll out strong encryption for paying customers - Reuters
(5) Patrick Gray on Twitter: "Pretty funny that Zoom announced its plans to introduce e2e for paid accounts on May 7 and nobody bslinked, but when they actually followed through a few weeks later people lost their minds over it. https://t.co/qsI9Pppey3" / Twitter
An advanced and unconventional hack is targeting industrial firms | Ars Technica
Rod Rosenstein is working with NSO Group, the Israeli firm accused of spying on dissidents
GitHub warns Java developers of new malware poisoning NetBeans projects | ZDNet
Hacker leaks database of dark web hosting provider | ZDNet
Career Choice Tip: Cybercrime is Mostly Boring — Krebs on Security
UK Ad Campaign Seeks to Deter Cybercrime — Krebs on Security
Researcher claims $100,000 for ‘Sign in with Apple’ hack
Zero-day in Sign in with Apple
Facebook security: Researcher scoops $31k bug bounty for flagging SSRF vulnerabilities | The Daily Swig
Google launches CTF-style bug bounty challenge for Kubernetes | The Daily Swig
Shadowserver, an Internet Guardian, Finds a Lifeline | WIRED
DOD's third attempt to implement IPv6 isn't going well | ZDNet
OpenSSH to deprecate SHA-1 logins due to security risk | ZDNet
G Suite Marketplace primed for a privacy scandal, researchers warn | ZDNet
(6) Christopher Glyer on Twitter: "Ewww - one of my favorite subjects. Just like we reported in 2016/2017 with Google - an attacker can create an Oauth app (an Azure app). Once user consents - the app can bypass MFA. Unless you have E5 license only choice is to either enable/disable ALL apps #FireEyeSummit https://t.co/8BsTnkiGPL" / Twitter
Judge rules Capital One must hand over Mandiant's forensic data breach report
Surprise Capital One court decision spells trouble for incident response - Risky Business
Jun 03, 2020
Feature Podcast: Releasing the hounds with Bobby Chesney

This feature podcast series is produced with the assistance of the Hewlett Foundation’s Cyber Initiative. They gave us a grant so we could spend more time focussing on issues around cyber policy, and today we’re really going to hook in to a topic that’s near and dear to my heart: alternative approaches to dealing with ransomware.

Regular listeners to the podcast would know that for the last year or so, my cohost Adam Boileau and I have been talking a lot about how governments might involve non law enforcement agencies in a response to the big game ransomware epidemic. To discuss that, we’re joined by Bobby Chesney, the co-founder of the Lawfare blog and a very highly respected figure in US national security circles.

After we hear from Bobby we’re chatting with Mieke Eoyang about more traditional cyber law enforcement concepts. Mieke is the Vice President of Third Way’s national security program and she’ll be joining us to tell us how traditional cybercrime enforcement might be improved.

May 28, 2020
Risky Business #585 -- UK mulls Huawei ban, NGOs urge COVID-19 hack de-escalation

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • German intelligence warns of widespread Russian infrastructure hacks
  • NGOs urge COVID-19 hack de-escalation
  • UK mulls total Huawei ban… we think it’s a done deal
  • DHS warning on 5G “moronavirus”
  • Wen jailbreak? NOW JAILBREAK!!
  • iOS 14 leaks
  • Much, much more…

This week’s sponsor interview is with Casey Ellis, the CTO of Bugcrowd. As you’ll hear, Bugcrowd did a survey of managers in security to see if their attitudes around work from home had changed since the COVID-19 crisis, and yes, they have. Casey also tells us about Bugcrowd’s latest LevelUp virtual conference. That conversation led to him sharing some interesting insights about trends amongst the crowd of registered testers on Bugcrowd’s platform.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Red Cross urges halt to cyberattacks on healthcare sector amid COVID-19 - Reuters
CyberPeace Institute - Call for Government
FBI offers US companies more details from investigations of health care hacking
UK cyber agency launches review of Huawei presence in 5G networks
NSO Group Impersonated Facebook to Help Clients Hack Targets - VICE
German intelligence agencies warn of Russian hacking threats to critical infrastructure
The DHS Prepares for Attacks Fueled by 5G Conspiracy Theories | WIRED
US may ‘disconnect’ with Australia over Victoria’s deal with China
(2) Tom McIlroy on Twitter: "Statement from US Ambassador to Canberra Arthur Culvahouse - in response to reports about Mike Pompeo's comments on Victoria's Belt and Road agreement https://t.co/n8KzIAyGgJ" / Twitter
Australia China trade war: Beijing seizes on Mike Pompeo’s ‘disconnection’ comment
Coronavirus 'dossier' was a basic timeline of facts handed out by US State Department with no new evidence - ABC News
There's a Jailbreak Out for the Current Version of iOS | WIRED
How iPhone Hackers Got Their Hands on the New iOS Months Before Its Release - VICE
Coronavirus Australia: COVIDSafe app may need privacy changes to use Apple, Google tracing tool
Signal to move away from using phone numbers as user IDs | ZDNet
Facebook Messenger Adds Safety Alerts—Even in Encrypted Chats | WIRED
Hackers infect multiple game developers with advanced malware | Ars Technica
Japan investigates Mitsubishi Electric breach amid national security concerns
Thousands of enterprise systems infected by new Blue Mockingbird malware gang | ZDNet
Summary of Tradecraft Trends for 2019-20: Tactics, Techniques and Procedures Used to Target Australian Networks | Cyber.gov.au
Federal officials have arrested another accused FIN7 hacker
Report: ATM Skimmer Gang Had Protection from Mexican Attorney General’s Office — Krebs on Security
Ransomware deploys virtual machines to hide itself from antivirus software | ZDNet
Turla hacker group steals antivirus logs to see if its malware was detected | ZDNet
RangeAmp attacks can take down websites and CDN servers | ZDNet
Google Cloud security find earns South American researcher $31k bug bounty payout | The Daily Swig
How to perform an HTTP header smuggling attack through a reverse proxy | The Daily Swig
New Spectra attack breaks the separation between Wi-Fi and Bluetooth | ZDNet
Thousands of Israeli sites defaced with code seeking permission to access users' webcams | ZDNet
Twitter adds a warning label fact-checking Trump’s false voting claims | TechCrunch
#LevelUp 0x06 — Presented by Bugcrowd
Bugcrowd - YouTube
May 27, 2020
Risky Business #584 -- Nation-backed attackers own easyJet, jump airgaps, hack ports

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • easyJet breach linked to Chinese APT
  • Israel claims credit for attack against Iranian port
  • Chinese-linked crew behind Taiwan energy hax
  • Crypto-wars reignite over Pensacola shooter’s phone
  • Much, much more

This week’s show is brought to you by Gigamon Threat Insight. Will Peteroy is our sponsor guest in this week’s show and he drops by with a pretty sobering message: large companies are provisioning VPN access to all and sundry right now because of the COVID-19 crisis and ransomware crews are sailing right on in on the back of that access.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

EasyJet announces breach impacting 9 million people
China hackers suspected in easyJet attack
Taiwan suggests China’s Winnti group is behind ransomware attack on state oil company
'Greenbug' hacking group hits three telecom firms in Pakistan
US will try Joshua Schulte again for allegedly leaking CIA hacking tools
iPhone crypto hid al-Qaida link to naval base shooting, AG fumes | Ars Technica
iPhone Research Tool Sued by Apple Says It’s Just Like a PlayStation Emulator - VICE
Ransomware gang asks $42m from NY law firm, threatens to leak dirt on Trump | ZDNet
UK electricity middleman hit by cyber-attack | ZDNet
Hackers preparing to launch ransomware attacks against hospitals arrested in Romania | ZDNet
Supercomputers hacked across Europe to mine cryptocurrency | ZDNet
Security incident knocks UK supercomputer service offline for days
U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs — Krebs on Security
Scammers steal $10 million from Norfund, the largest sovereign wealth fund
FBI warns about attacks on Magento online stores via old plugin vulnerability | ZDNet
Top 10 Routinely Exploited Vulnerabilities | CISA
Hackers target the air-gapped networks of the Taiwanese and Philippine military | ZDNet
New Ramsay malware can steal sensitive documents from air-gapped networks | ZDNet
COMpfun authors spoof visa application with HTTP status-based Trojan | Securelist
Pentagon Contractors’ Report on ‘Wuhan Lab’ Origins of Coronavirus Is Bogus
This Service Helps Malware Authors Fix Flaws in their Code — Krebs on Security
A cybercrime store is selling access to more than 43,000 hacked servers | ZDNet
US Commerce Department tightens screws on Huawei export controls
Huawei denies involvement in buggy Linux kernel patch proposal | ZDNet
Chrome will soon block resource-draining ads. Here’s how to turn it on now | Ars Technica
Google to start rolling out Chrome Tab Groups feature next week | ZDNet
Microsoft adds initial support for DNS-over-HTTPS (DoH) in Windows Insiders | ZDNet
Cloud security: Attacking Azure AD to expose sensitive accounts and assets | The Daily Swig
Service NSW: Australian government agency hit by cyber-attack | The Daily Swig
PrintDemon vulnerability impacts all Windows versions | ZDNet
Critical SharePoint and browser security flaws star in May Patch Tuesday | The Daily Swig
XSS vulnerability in ‘Login with Facebook’ button earns $20,000 bug bounty | The Daily Swig
BIND 9 security releases address two high severity vulnerabilities | The Daily Swig
Web Giants Scrambled to Head Off a Dangerous DDoS Technique | WIRED
Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks | ZDNet
How to use Trend Micro's Rootkit Remover to Install a Rootkit – Bill Demirkapi's Blog – The adventures of a 18 year old security researcher.
Officials: Israel linked to a disruptive cyberattack on Iranian port facility - The Washington Post
Gigamon ThreatINSIGHT| Network Detection and Response | Gigamon
May 20, 2020
Risky Biz Soap Box: ExtraHop CTO Jesse Rothstein talks network monitoring

This isn’t the normal, weekly Risky Business podcast, Soap Box is the wholly sponsored podcast series we do here at Risky.Biz where vendors pay us money to come on to the show and talk about topics that interest them.

Today we’re speaking with Jesse Rothstein, the co-founder and CTO of ExtraHop Networks. ExtraHop is a network security play, but they started off more in the application monitoring and performance space before gradually moving into security over time.

In this interview Jesse talks about network security monitoring, ExtraHop’s history, and what people are using the ExtraHop tech to do during the COVID-19 crisis.

May 14, 2020
Risky Business #583 -- COVID-19 collection intensifies, tensions mount

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • US takes aim at China over vaccine hax
  • ??? takes aim at Iranian port infrastructure over ???
  • Iran attacks Gilead pharma
  • Zoom acquires Keybase
  • Thunderbolt research discussed
  • US to drop more DPRK malware
  • Ransomware targets European hospital group
  • Australian flu vaccine distribution disrupted by ransomware
  • More!

CMD’s co-founder and CEO Jake King joins us in this week’s sponsor interview to talk about what happened when he came on to the show a couple of months ago to spruik their new freemium offering. There was a stampede! It’s a hit! So he’ll be along to tell us what shook out of that whole process, and also about what he’s seeing people use the CMD product for since the COVID-19 crisis began.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

U.S. to Accuse China of Trying to Hack Vaccine Data, as Virus Redirects Cyberattacks - The New York Times
Naikon, Group Tied to China's Military, Deploys Debilitating New Cyberattack Tool - The New York Times
Exclusive: Iran-linked hackers recently targeted coronavirus drugmaker Gilead - sources - Reuters
Iran reports failed cyber-attack on Strait of Hormuz port | ZDNet
When hacker code collides: A discovered malware sample uses tools from the NSA and a Chinese group
Zoom acquires Keybase to beef up encryption, ease security questions
Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking | WIRED
FBI, DHS to go public with suspected North Korean hacking tools
Former Ghana government officials sentenced to jail for doing business with NSO Group
Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware — Krebs on Security
Ransomware Hit ATM Giant Diebold Nixdorf — Krebs on Security
Cognizant expects to lose between $50m and $70m following ransomware attack | ZDNet
Package delivery giant Pitney Bowes confirms second ransomware attack in 7 months | ZDNet
Seasonal influenza vaccination 2020 - Immunisation Programs
Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents | FireEye Inc
DHS memo: 'Significant' security risks presented by online voting
Online Voting Has Worked So Far. That Doesn’t Mean It's Safe | WIRED
A hacker group is selling more than 73 million user records on the dark web | ZDNet
Details of 44m Pakistani mobile users leaked online, part of bigger 115m cache | ZDNet
Hacker gains access to a small number of Microsoft's private GitHub repos | ZDNet
GitHub showcases new code-scanning security tools at virtual event | The Daily Swig
GitHub Takes Aim at Open Source Software Vulnerabilities | WIRED
Australian Tax Office detects ‘fraud’ over early superannuation scheme
Microsoft: 150 million people are using passwordless logins each month | ZDNet
Facebook will pay $52 million in settlement with moderators who developed PTSD on the job - The Verge
Hackers hide web skimmer behind a website's favicon | ZDNet
Samsung patches 0-click vulnerability impacting all smartphones sold since 2014 | ZDNet
A Department of Defense bulletin on a 'leaking' sinkhole has baffled cybersecurity experts
How hackers are updating the EVILNUM malware to target the global financial sector
Astaroth malware hides command servers in YouTube channel descriptions | ZDNet
Defcon Is Canceled | WIRED
For 8 years, a hacker operated a massive IoT botnet just to download Anime videos | ZDNet
Cisco Fixes Kerberos Authentication Bypass Bug in ASA Software | Decipher
The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet | WIRED
Attacks on healthcare are crossing all the red lines - Risky Business
Risky Biz - Cmd
May 13, 2020
Risky Business #582 -- Germans indict APT28 operator

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Salt framework 1Day wreaks havoc
  • Toll Group hit with ransomware attack. Again.
  • Germans indict APT28 operator
  • Ransomware a key word in SEC filings
  • Much, much more!

This week’s show is brought to you by Remediant. They offer software that lets you get privileged accounts under control very quickly. In this week’s sponsor interview we’re chatting with Remediant’s COO Paul Lanzi and Julie Smith, the executive director of the Identity Defined Security Alliance (IDSA). We’ll be talking about what the IDSA actually is and what its goals are.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Salt DevOps framework shaken by data center server security flaws | The Daily Swig
CT2 Log Compromised via Salt Vulnerability - Google Groups
Ghost blogging platform servers hacked and infected with crypto-miner | ZDNet
Hackers seize on software flaw to breach two victims, despite patch availability
Hackers breach LineageOS servers via unpatched vulnerability | ZDNet
German authorities charge Russian hacker for 2015 Bundestag hack | ZDNet
bellingcat - Who Is Dmitry Badin, The GRU Hacker Indicted By Germany Over The Bundestag Hacks? - bellingcat
Toll Group suffers second ransomware attack this year - Security - iTnews
Taiwan’s state-owned energy company suffers ransomware attack
Ransomware mentioned in 1,000+ SEC filings over the past year | ZDNet
Indonesian e-commerce giant probes reported breach of 91 million credentials
Estonia: Foreign hackers breached local email provider for targeted attacks | ZDNet
Google and Apple Reveal How Covid-19 Alert Apps Might Look | WIRED
Australia’s COVID-19 app is buggy, not yet operational - Risky Business
(13) Senator Murray Watt on Twitter: "Here are just a few of the issues with the Govt’s #COVIDSafe app that we’ll explore at today’s #COVID-19 Senate hearing. If it’s central to our recovery, we need to know it works. ⁦@riskybusiness⁩ https://t.co/ATtL6UExqs" / Twitter
Coronavirus Australia: COVIDSafe app privacy law to seek jail time for offenders
The United Nations Coronavirus App Doesn’t Work - VICE
Apple, Google ban use of location tracking in contact tracing apps - Reuters
Hacker Bribed 'Roblox' Insider to Access User Data - VICE
CursedChrome turns your browser into a hacker's proxy | ZDNet
Google announces Chrome Web Store crackdown for August 2020 | ZDNet
First seen in the wild - Malware uses Corporate MDM as attack vector - Check Point Research
Executive Order on Securing the United States Bulk-Power System | The White House
DHS CISA to provide DoH and DoT servers for government use | ZDNet
UK NCSC to stop using 'whitelist' and 'blacklist' due to racial stereotyping | ZDNet
SAP notifying 9% of customers about mysterious cloud products security holes | ZDNet
Adult Cam Site CAM4 Exposed 10.88 Billion Records Online | WIRED
How Cybercriminals are Weathering COVID-19 — Krebs on Security
NSO Group partly disputes claim about use of U.S.-based servers in WhatsApp spy campaign
LabCorp investors file lawsuit, alleging 'persistent' failure to secure data
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
Apple will make it easier to unlock your iPhone while wearing a face mask | TechCrunch
Magento security: Adobe patches six critical flaws in e-commerce platform | The Daily Swig
Oracle warns of attacks against recently patched WebLogic security bug | ZDNet
Putting Identity at the Center of Security - Identity Defined Security Alliance
Remediant: Privileged Access Management | SecureONE
May 06, 2020
Snake Oilers 11 part 2: Go passwordless with Okta, why Crowdstrike customers need Airlock

Snake Oilers isn’t the regular Risky Business podcast, if you’re looking for that just scroll back to one of the numbered episodes in our podcast feed. Snake Oilers is the wholly sponsored podcast series we do here at Risky.Biz where vendors give us money so they can come on to the show and pitch you their sweet, sweet Snake Oil.

In this edition of snake oilers we’ll hear from:

  • David Cottingham of Airlock Digital pitches the Crowdstrike/Airlock two piece combo meal deal
  • Marc Rogers of Okta talks passwordless authentication and pitches modern SSO generally
  • John Emmitt of Kaseya pops in to pitch the VSA endpoint management agent

Links to the vendors are in the show notes. Enjoy!

Apr 30, 2020
Risky Business #581 -- Chinese telcos under fire in USA, spy firms pitch COVID-19 surveillance

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Spy companies pitch ridiculously invasive approaches to contact tracing
  • NSO Group busted running c2 boxes in USA according to WhatsApp lawsuit
  • Australian government releases contact tracing app, no idea if it works
  • Chinese telcos to get boot from USA
  • Much, much more

This week’s show is brought to you by Senetas. This week’s sponsor interview is with listener favourite, Senetas CTO Julian Fay. He’ll be along in this week’s show to talk about an open source project Senetas has put together – oqs-engine.

It’s an OpenSSL engine plugin you can go grab right now if you want to play around with Open Quantum Safe encryption algorithms. Senetas didn’t write the algorithms, but they have squeezed them into this handy OpenSSL engine plugin package. Julian drops in to tell us all about that.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Special Report: Cyber-intel firms pitch governments on spy tools to trace coronavirus - Reuters
NSO Employee Abused Phone Hacking Tech to Target a Love Interest - VICE
Facebook: Here’s Proof Israeli WhatsApp Hackers Ran Cyberweapons In America
COVIDSafe
RIPE opposes China's internet protocols upgrade plan | ZDNet
Chinese telcos have 30 days to prevent US expulsion - Risky Business
Flaw in iPhone, iPads may have allowed hackers to steal data for years - Reuters
That no-click iOS 0-day reported to be under exploit doesn’t exist, Apple says | Ars Technica
Google discloses zero-click bugs impacting several Apple operating systems | ZDNet
Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks | WIRED
How Spies Snuck Malware Into the Google Play Store—Again and Again | WIRED
Vietnamese cyber-espionage has pivoted to Beijing's coronavirus response
Researchers used a GIF to prove they could access Microsoft Teams user data
CSI-SELECTING-AND-USING-COLLABORATION-SERVICES-SECURELY-LONG-FINAL.PDF
Prague mayor under police protection amid reports of Russian plot | World news | The Guardian
Poland implicates Russia in cyberattack, info op aimed at undercutting U.S. relations
The Covid-19 Pandemic Reveals Ransomware's Long Game | WIRED
Hackers are exploiting a Sophos firewall zero-day | ZDNet
Malicious advertising slingers up the ante during Covid-19 pandemic | The Daily Swig
Hackers have breached 60 ad servers to load their own malicious ads | ZDNet
Unproven Coronavirus Therapy Proves Cash Cow for Shadow Pharmacies — Krebs on Security
Hackers spoof SBA to try to compromise companies' computers
Israel government tells water treatment companies to change passwords | ZDNet
You can now manage Windows 10 devices through G Suite | ZDNet
Nintendo says 160,000 users impacted in recent account hacks | ZDNet
Nintendo isn’t saying, so here’s how to fend off the account hijacking spree | Ars Technica
Another one-line npm package breaks the JavaScript ecosystem | ZDNet
This Tweet Crashes Twitter - VICE
The Air Force wants you to hack its satellite in orbit. Yes, really | TechCrunch
Security researcher identifies new APT group mentioned in 2017 Shadow Brokers leak | ZDNet
NSA shares list of vulnerabilities commonly exploited to plant web shells | ZDNet
Detect and prevent web shell malware | Cyber.gov.au
Instacart Sends Cease-and-Desist to Website That Automatically Placed Orders - VICE
Insomnia Security
GitHub - open-quantum-safe/oqs-engine: [Work in Progress] An OpenSSL ENGINE that enables the use of post-quantum digital signature algorithms from liboqs.
Senetas, a leading provider of encryption technology
Apr 29, 2020
Risky Business #580 -- Czech spear phishing spurs fightin' words from Pompeo

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Czechs claim state-backed healthcare sector attack preparation
  • Pompeo goes full cyber berserker
  • New iOS exploit chain targets Uyghur diaspora
  • Zoom 0day for $500k? Tell him he’s dreamin’.

This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he’s talking about the future of secure, app-based voting.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Czech cyber officials warn of serious threat to health care sector
UPDATE 1-Czechs warn of imminent, large-scale cyberattacks on hospitals - Reuters
The United States Concerned by Threat of Cyber Attack Against the Czech Republic’s Healthcare Sector - United States Department of State
Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers
US offers $5 million reward for information on North Korean hackers | ZDNet
New iOS exploit discovered being used to spy on China's Uyghur minority | ZDNet
Hackers target oil producers as they struggle with a record glut of crude | Ars Technica
What fools these mortals be: 'Shakespearean' hackers hit Azerbaijani government and energy sectors
Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 - VICE
Security researcher discloses four IBM zero-days after company refused to patch | ZDNet
Zoom to revamp bug bounty program, bring in more security experts | ZDNet
IT services firm Cognizant hit with Maze ransomware
Hackers posed as Egyptian oil contractor in apparent spy campaign ahead of OPEC meeting
The CFAA will soon have its day before the Supreme Court
Hundreds of academics back privacy-friendly coronavirus contact tracing apps | TechCrunch
Hackers steal $25 million worth of cryptocurrency from Lendf.me platform | ZDNet
Starbleed bug impacts FPGA chips used in data centers, IoT devices, industrial equipment | ZDNet
DHS CISA: Companies are getting hacked even after patching Pulse Secure VPNs | ZDNet
German government might have lost tens of millions of euros in COVID-19 phishing attack | ZDNet
Tor Project lays off a third of its staff | ZDNet
Supply-chain attack hits RubyGems repository with 725 malicious packages | Ars Technica
ICEBUCKET group mimicked smart TVs to steal ad money | ZDNet
Coronavirus scientists are big targets for foreign cyber-espionage, FBI says
New tool detects AWS intrusions where hackers abuse self-replicating tokens | ZDNet
Nintendo accounts are getting hacked and used to buy Fortnite currency | ZDNet
People Are Making Bots to Snatch Whole Foods Delivery Order Time Slots - VICE
(64) Everything you ever wanted to know about Bluetooth contact tracing but were too scared to ask - YouTube
Deterrence in cyberspace isn't working. What next? - Risky Business
Governments gravitate to Gapple contact tracing standard - Risky Business
Seriously Risky Business
Apr 22, 2020
Snake Oilers 11 part 1: MongoDB's new encryption plus AlphaSOC and SecureStack

Snake Oilers is a wholly sponsored podcast series we do here at Risky.Biz where vendors come on to the show to pitch their wonderful, wonderful, magical snake oil to you, the listeners.

In today’s podcast you’ll hear from:

  • Kenn White from MongoDB talking about client-side field level encryption
  • AlphaSOC’s Chris McNab talking about their latest – they’re not just doing DNS analytics anymore
  • SecureStack are making developer-friendly cloud security, provisioning and visibility tooling

Enjoy!

Apr 16, 2020
Risky Business #579 -- Apple and Google go all in on contact tracing

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Details about Apple and Google’s contact tracing API and OS changes
  • Alex Stamos joins Zoom as outside consultant
  • More Zoom news
  • US government weighs China Telecom ban following BGP hijacking
  • Travelex paid $2.3m to decrypt files in ransomware attack.

This week’s show is brought to you by AttackIQ. They make a breach and attack simulation platform that you can use to figure out which of your security controls are actually working. Carl Wright of AttackIQ will join the show to talk about the new, free online training they’re offering.

If you’re stuck at home like half the planet right now and you’re interested in operationalising MITRE ATT&CK then you can check out AttackIQ academy.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Seriously Risky Business Newsletter Subscription Page
Srsly Risky Biz: Apple, Google to bring COVID-19 contact tracing to billions - Risky Business
Clever Cryptography Could Protect Privacy in Covid-19 Contact-Tracing Apps | WIRED
How Google Plans to Push Its Coronavirus Tracing Feature to Android Phones - VICE
Former Facebook CSO Alex Stamos to join Zoom as outside security consultant | ZDNet
Zoom removes meeting IDs from app title bar to improve privacy | ZDNet
US Senate, German government tell staff not to use Zoom | ZDNet
It's Official: Most Zoom Versions Now Off-Limits to the Military | Military.com
Senator calls on FTC to create guidelines for video teleconferencing software | ZDNet
Senator backing anti-crypto bill calls out Zoom’s lack of end-to-end crypto | Ars Technica
Interest in Zoom Zero-Day Hacks Is ‘Sky-High’ as Meetings Move Online - VICE
Zoom shareholder accuses executives of fraud over security practices
U.S., U.K. authorities warn of state-linked and criminal hacking exploiting coronavirus pandemic
Fiverr Hosted 'Coronavirus Healers' and Dodgy Mask Sellers - VICE
Citing BGP hijacks and hack attacks, feds want China Telecom out of the US | Ars Technica
Travelex Paid $2.3 Million to Ransomware Gang: Report
The Pentagon Hasn't Fixed Basic Cybersecurity Blind Spots | WIRED
New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments — Krebs on Security
Cloudflare dumps reCAPTCHA as Google intends to charge for its use | ZDNet
San Francisco airport websites hacked to steal staff passwords, says notice | TechCrunch
Russian state hackers behind San Francisco airport hack | ZDNet
SEC settles with two suspects in EDGAR hacking case | ZDNet
SEC.gov | Foreign National and American Trader Settle Fraud Charges in EDGAR Hacking Case
Lawyer for alleged Methbot boss Aleksandr Zhukov wants case dismissed amid coronavirus concerns
Why you can’t trust your vote to the internet just yet - Risky Business
Experts agree: Internet voting isn’t ready for COVID-19 crisis - Risky Business
Experts: Internet voting isn’t ready for COVID-19 crisis
Vote by Mail Isn't Perfect. But It's Essential in a Pandemic | WIRED
DARPA snags Intel to lead its machine learning security tech | TechCrunch
Dell releases new tool to detect BIOS attacks | ZDNet
Micronaut CRLF injection bug opened the door to server-side request forgery | The Daily Swig
2021 - git: Newline injection in credential helper protocol - project-zero
The Far-Right Helped Create The World's Most Powerful Facial Recognition Technology | HuffPost Australia
AttackIQ Platform, continuous validation of your security control.
Apr 15, 2020
Risky Business #578 -- ASD launches offensive campaign against criminals

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • ASD launches offensive action against criminals
  • Bio-tech firms working on COVID-19 targeted by ransomware
  • Iran targets WHO
  • Did you hear there’s a security issue with Zoom? You might not have heard. Don’t worry we’ll tell you about it
  • Much, much more

This week’s show is brought to you by Yubico, makers of the Yubikey devices.

Yubico’s Chief Solutions Officer Jerrod Chong will be along in this week’s sponsor interview to talk through a few things: what is he seeing out there among users? As you’ll hear, he’s seeing what all of us are seeing, a massive rush to enable remote working. Jerrod also us through some new stuff Yubico is planning, from managed credential services through to biometric Yubikeys. Don’t miss it!

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Australian government says it is hacking criminals who are exploiting the pandemic
Hackers ‘Without Conscience’ Target Health-Care Providers - Bloomberg
Exclusive: Hackers linked to Iran target WHO staff emails during coronavirus - sources - Reuters
Iran’s ban on Telegram that was intended to facilitate domestic spying backfired
DarkHotel hackers use VPN zero-day to breach Chinese government agencies | ZDNet
NASA sees an “exponential” jump in malware attacks as personnel work from home | Ars Technica
So Wait, How Encrypted Are Zoom Meetings Really? | WIRED
Zoom admits some calls were routed through China by mistake | TechCrunch
Zoom founder promises to remedy security, privacy concerns during a 'feature freeze' - CyberScoop
New York City bans Zoom in schools, citing security concerns | TechCrunch
DOJ says Zoom-bombing is a crime | ZDNet
Video service Zoom taking security seriously: U.S. government memo - Reuters
The Zoom Privacy Backlash Is Only Getting Started | WIRED
The internet is now rife with places where you can organize Zoom-bombing raids | ZDNet
Why Zoom Really Needs Better Privacy: $1.4 Million Orders Show The US Government’s COVID-19 Response Is Now Relying On It
‘War Dialing’ Tool Exposes Zoom’s Password Problems — Krebs on Security
Microsoft Buys Corp.com So Bad Guys Can’t — Krebs on Security
Experts agree: Internet voting isn’t ready for COVID-19 crisis - Risky Business
Schiff wants ODNI to scrub out politics from election security briefs
PayPal and Venmo Are Letting SIM Swappers Hijack Accounts - VICE
Google backs Apple's SMS OTP standard proposal | ZDNet
Microsoft announces IPE, a new code integrity feature for Linux | ZDNet
Chrome 81 released with initial support for the Web NFC standard | ZDNet
A Hacker Found a Way to Take Over Any Apple Webcam | WIRED
Hardware microphone disconnect in Mac and iPad - Apple Support
Hacking forum gets hacked for the second time in a year | ZDNet
A hacker has wiped, defaced more than 15,000 Elasticsearch servers | ZDNet
Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others | ZDNet
Remote working security: Thousands of misconfigured Atlassian instances ripe for unauthorized access | The Daily Swig
Cisco rations VPNs for staff as strain of 100,000+ home workers hits its network • The Register
Twisted programming framework stung by brace of request smuggling vulnerabilities | The Daily Swig
How we abused Slack's TURN servers to gain access to internal services | Communication Breakdown
Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others — Krebs on Security
XSS vulnerability found in Mozilla’s XSS-prevention library | The Daily Swig
On signing the Joint Statement of the Russian Federation and the Republic of Burundi on the non-deployment of weapons in space by the first - News - Ministry of Foreign Affairs of the Russian Federation
Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike - Reuters
Seriously Risky Business
Apr 08, 2020
Feature Podcast: Voting in 2020 will likely be by mail

This podcast is brought to you by the Hewlett Foundation. They provided us with a grant to support us doing some podcasts about cybersecurity issues that touch on policy. Regular listeners would have heard some of these special podcasts already.

Today’s guest is Jennifer Morrell. She’s a partner with Elections Group and is a recognised expert on election audits.

We were originally scheduled to record this interview just a few short weeks ago, but the COVID-19 crisis really hit and we had to postpone. And it’s a good thing we did, too, because the issues facing elections today are substantially different to the issues facing elections even a few weeks ago. The whole world has just shifted.

So, instead of having the usual conversation about risk limiting audits, voting machine and tally/counting infrastructure security, we had this conversation instead. How on earth do you run an election during a pandemic? There’s a tl;dr here – e-voting is still a pipe dream but internet supported vote-by-mail is where things will land.

I hope you enjoy this podcast.

Apr 03, 2020
Risky Business #577 -- Stir crazy lockdown edition (reposted)

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • KSA uses SS7 to track its citizens in USA
  • Governments begin virus tracking through personal devices
  • FBI warns of Iran-linked crew in yer supply chains
  • Voatz gets booted from HackerOne
  • All the cloud and Zoom drama

(PLEASE NOTE: This is a re-post. Looks like our CDN mangled the initial mp3 for some regions. Should work ok now. - Pat)

This week’s show is brought to you by Signal Sciences. Instead of interviewing one of their people, they suggested we interview Andrew Becherer in this week’s sponsor interview.

Andrew runs security for Iterable, but before that he ran the security program at DataDog. He’ll be along after this week’s news to talk about how much easier it is to stand up a security program in 2020 as opposed to the last time he did it five or so years ago

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Revealed: Saudis suspected of phone spying campaign in US | World news | The Guardian
SS7map: SS7 Networks Exposure
Government Tracking How People Move Around in Coronavirus Pandemic
FBI re-sends alert about supply chain attacks for the third time in three months | ZDNet
HackerOne cuts ties with mobile voting firm Voatz after it clashed with researchers
Houseparty app offers $1m reward to unmask entity behind hacking smear campaign | ZDNet
Marriott discloses new data breach impacting 5.2 million hotel guests | ZDNet
FCC tells US telcos to implement caller ID authentication by June 30, 2021 | ZDNet
Memento Labs, the Reborn Hacking Team, Is Struggling - VICE
RDP and VPN use skyrocketed since coronavirus onset | ZDNet
Update #2 on Microsoft cloud services continuity | Azure blog and updates | Microsoft Azure
Zoom hit with class-action lawsuit for sharing user data with Facebook
FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic — FBI
A Norwegian school quit using video calls after a naked man ‘guessed’ the meeting link | TechCrunch
FBI warns Zoom, teleconference meetings vulnerable to hijacking - CyberScoop
Zoom Removes Code That Sends Data to Facebook - VICE
FBI turns to insurers to grasp the full reach of ransomware - CyberScoop
Cyber insurer Chubb had data stolen in Maze ransomware attack | TechCrunch
Medical and military contractor Kimchuk hit by data-stealing ransomware | TechCrunch
Microsoft announces new 'Hardware-enforced Stack Protection' feature | ZDNet
Android lets advertisers get a list of all your apps -- and this API feature is broadly used | ZDNet
Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics | ZDNet
Risky Business Live, March 31, 2020 - YouTube
Risky Business Live #3 -- Booz Allen Hamilton's Russia report, Azure getting creaky and more - Risky Business
Network of fake QR code generators will steal your Bitcoin | ZDNet
A mysterious hacker group is eavesdropping on corporate email and FTP traffic | ZDNet
Malware from notorious FIN7 group is being delivered by snail mail
Rare BadUSB attack detected in the wild against US hospitality provider | ZDNet
Google to resume Chrome updates it paused last week due to COVID-19 | ZDNet
Google says no APP users have been phished to date | ZDNet
Russians Shut Down Huge Card Fraud Ring — Krebs on Security
U.S. cybersecurity experts see recent spike in Chinese digital espionage - Reuters
Dark web hosting provider hacked again -- 7,600 sites down | ZDNet
OpenWRT code-execution bug puts millions of devices at risk | Ars Technica
Seriously Risky Business
Apr 01, 2020
Risky Business #577 -- Stir crazy lockdown edition (reposted)

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • KSA uses SS7 to track its citizens in USA
  • Governments begin virus tracking through personal devices
  • FBI warns of Iran-linked crew in yer supply chains
  • Voatz gets booted from HackerOne
  • All the cloud and Zoom drama

This week’s show is brought to you by Signal Sciences. Instead of interviewing one of their people, they suggested we interview Andrew Becherer in this week’s sponsor interview.

Andrew runs security for Iterable, but before that he ran the security program at DataDog. He’ll be along after this week’s news to talk about how much easier it is to stand up a security program in 2020 as opposed to the last time he did it five or so years ago

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Revealed: Saudis suspected of phone spying campaign in US | World news | The Guardian
SS7map: SS7 Networks Exposure
Government Tracking How People Move Around in Coronavirus Pandemic
FBI re-sends alert about supply chain attacks for the third time in three months | ZDNet
HackerOne cuts ties with mobile voting firm Voatz after it clashed with researchers
Houseparty app offers $1m reward to unmask entity behind hacking smear campaign | ZDNet
Marriott discloses new data breach impacting 5.2 million hotel guests | ZDNet
FCC tells US telcos to implement caller ID authentication by June 30, 2021 | ZDNet
Memento Labs, the Reborn Hacking Team, Is Struggling - VICE
RDP and VPN use skyrocketed since coronavirus onset | ZDNet
Update #2 on Microsoft cloud services continuity | Azure blog and updates | Microsoft Azure
Zoom hit with class-action lawsuit for sharing user data with Facebook
FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic — FBI
A Norwegian school quit using video calls after a naked man ‘guessed’ the meeting link | TechCrunch
FBI warns Zoom, teleconference meetings vulnerable to hijacking - CyberScoop
Zoom Removes Code That Sends Data to Facebook - VICE
FBI turns to insurers to grasp the full reach of ransomware - CyberScoop
Cyber insurer Chubb had data stolen in Maze ransomware attack | TechCrunch
Medical and military contractor Kimchuk hit by data-stealing ransomware | TechCrunch
Microsoft announces new 'Hardware-enforced Stack Protection' feature | ZDNet
Android lets advertisers get a list of all your apps -- and this API feature is broadly used | ZDNet
Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics | ZDNet
Risky Business Live, March 31, 2020 - YouTube
Risky Business Live #3 -- Booz Allen Hamilton's Russia report, Azure getting creaky and more - Risky Business
Network of fake QR code generators will steal your Bitcoin | ZDNet
A mysterious hacker group is eavesdropping on corporate email and FTP traffic | ZDNet
Malware from notorious FIN7 group is being delivered by snail mail
Rare BadUSB attack detected in the wild against US hospitality provider | ZDNet
Google to resume Chrome updates it paused last week due to COVID-19 | ZDNet
Google says no APP users have been phished to date | ZDNet
Russians Shut Down Huge Card Fraud Ring — Krebs on Security
U.S. cybersecurity experts see recent spike in Chinese digital espionage - Reuters
Dark web hosting provider hacked again -- 7,600 sites down | ZDNet
OpenWRT code-execution bug puts millions of devices at risk | Ars Technica
Seriously Risky Business
Apr 01, 2020
Risky Biz Soap Box: VPNs are out, identity-aware proxies are in

In this (sponsored) podcast Akamai’s CTO of Security Strategy Patrick Sullivan talks us through the basics of identity-aware proxies. With more and more internal applications being served to newly external users, identity-aware proxies are the new hotness.

Akamai isn’t the only company that offers an identity-aware proxy product, but it was a relatively early mover in the space offering the service since 2016.

Obviously there are some massive shifts happening right now with so many people stuck working at home right now. That means Akamai’s identity-aware proxy service – and its network more broadly – is getting a pretty serious workout right now. What are the quick wins with a technology like this? Where are the wins harder?

Patrick Sullivan joined me to talk about identity-aware proxies and what’s been happening on Akamai’s tubes over the last couple of weeks.

Mar 29, 2020
Risky Business #576 -- Are cloud computing resources the new toilet paper?

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Azure resource constraints hit Europe
  • Should we unleash surveillance on COVID-19, privacy be damned?
  • Browser maintainers cease new releases
  • South Korea-linked APT crew attacks World Health Organization
  • Much, much more

This week’s show is brought to you by Thinks Canary.

Thinkst’s Haroon Meer joins the show this week to talk about what he tells customers when they ask him if Thinkst could go rogue and own all their customers.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

'Azure appears to be full': UK punters complain of capacity issues on Microsoft's cloud • The Register
Coronavirus response: ITU unveils platform for reinforcing global telecoms infrastructure | The Daily Swig
Coronavirus: US emergency funding for federal agencies targets home working security | The Daily Swig
Playing the long game on remote access - Risky Business
Google pauses Chrome and Chrome OS releases due to coronavirus outbreak | ZDNet
Microsoft Pauses New Edge Browser Versions Due to Coronavirus
Firefox to remove support for the FTP protocol | ZDNet
Microsoft offers mitigations against unpatched Windows font handler security flaw | The Daily Swig
Apple security updates - Apple Support
Srsly Risky Biz: Tuesday, March 24 - Risky Business
How Surveillance Could Save Lives Amid a Public Health Crisis | WIRED
US, Israel, South Korea, and China look at intrusive surveillance solutions for tracking COVID-19 | ZDNet
The Value and Ethics of Using Phone Data to Monitor Covid-19 | WIRED
Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike - Reuters
Hackers breach FSB contractor and leak details about IoT hacking project | ZDNet
China borrowing Russian tactics to spread coronavirus disinformation
WhatsApp Is at the Center of Coronavirus Response | WIRED
Hacker selling data of 538 million Weibo users | ZDNet
FireEye warns about the proliferation of ready-made ICS hacking tools | ZDNet
Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats | FireEye Inc
Ransomware Gangs to Stop Attacking Health Orgs During Pandemic
Maze ransomware attackers extort vaccine testing facility | SC Media
Volunteers and vigilantes back hospital InfoSec - Risky Business
With everyone working from home, VPN security is now paramount | ZDNet
Zyxel Flaw Powers New Mirai IoT Botnet Strain — Krebs on Security
Security Breach Disrupts Fintech Firm Finastra — Krebs on Security
Most ransomware attacks take place during the night or over the weekend | ZDNet
France warns of new ransomware gang targeting local governments | ZDNet
Venture funding in security startups is falling. Don't blame the coronavirus.
Here’s the Netflix account compromise Bugcrowd doesn’t want you to know about [Updated] | Ars Technica
Bug bounty platforms step up as coronavirus forces businesses to implement work from home policies | The Daily Swig
How Microsoft Dismantled the Infamous Necurs Botnet | WIRED
Two Trend Micro zero-days exploited in the wild by hackers | ZDNet
Google APP users won't be allowed to install apps from outside the Play Store | ZDNet
Magecart hackers have spent weeks lurking on NutriBullet's website
Site Isolation - The Chromium Projects
(37) Cell phone tracking in the crisis - YouTube
thinkst Thoughts...: If i run your software, can you hack me?
Seriously Risky Business
Mar 25, 2020
Volunteers and vigilantes back hospital InfoSec

Around 50 hospitals around the world are less likely to get popped in ransomware attacks this week, thanks largely to a loose band of InfoSec pros that banded together to help healthcare providers during the COVID-19 crisis.

While they aren’t yet going after ransomware gangs in vigilante-style retribution, the group’s pro bono work has already helped pinpoint over 50 healthcare organizations running vulnerable versions of Citrix NetScalers or Pulse Secure VPN gateways.

Vulnerable VPN endpoints have been targeted by several ransomware gangs in recent months, and despite promises from some groups not to target healthcare organizations, hospital networks and the medical supply chain continue to fall victim.

The voluntary threat intel and hunting effort has been welcome help for Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center (H-ISAC), which has taken on the role of aggregating and disclosing vulnerability information collected by the group to affected healthcare providers.

The group of independent researchers - which now numbers around 200 - has no name. Most of its members prefer anonymity and volunteer outside of work hours. So far they have provided H-ISAC data from honeypots set up to detect opportunistic scanning activity. They also scanned the internet for IP addresses hosting vulnerable VPN endpoints, from which H-ISAC extracted a list of 50 healthcare providers. H-ISAC has sent those organisations slinks to technical write-ups on the vulnerabilities in question, as well as generic mitigation advice, irrespective of whether they are H-ISAC members.

Weiss is optimistic the advisories will be acted on. “Based on our prior experience, most [hospitals] will pay attention and do something,” he said. The hospitals will be prompted with further information if their systems continue to show up in scans, he said.

Ohad Zaidenberg, one of the few public figures working to corral volunteers, told Risky Business the group has only “just started.”

“From tomorrow, we will start to work actively,” he said, but was coy as to what the next phase of their program involves.

Healthcare CSOs we spoke to this week were grateful for the camaraderie and generosity of their industry peers. But they also cautioned to not expect too much of hospitals under strain.

“The offers of intel-sharing and threat hunting is only useful to the extent that hospitals have the capacity and capability to consume it,” said Christopher Neal, CSO of Ramsay Health Care, which operates a global network of 480 medical facilities in 11 countries. In most hospital networks, Neal said, there are insufficient resources available to act on the information - even prior to the coronavirus outbreak.

Neal wants to see “clearer public policy arguments to increase funding for security programs” in healthcare.

Weiss said that he is keen to receive more Indicators of Compromise (both atomic indicators and TTPs) about ransomware attacks, as well as decryption methods for various strains of the malware. But he recognizes the difficulties that might emerge as the initiative scales. Automation may be required to filter and sort through the volume of data coming in and to prepare actionable reports.

Still, he said, “I’d rather have that problem than the reverse.”

Mar 23, 2020
Risky Business #575 -- World drowns in Coronavirus phishing lures as crisis escalates

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Coronavirus phishing lures are everywhere
  • Czech hospital ransomwared during crisis
  • Voatz mobile voting app destroyed by Trail of Bits audit
  • We recap yesterday’s livestream
  • Windows SMBv3 bug probably not such a big deal
  • ALL the week’s news

This week’s sponsor interview is with Sam Crowther, founder of Kasada. They do bot detection and mitigation and apparently they’re quite good at it. Sam joins the show to talk through the new greyhatter of anti-anti-bot. It’s actually a really fun conversation, that one, so stick around for it.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

State-sponsored hackers are now using coronavirus lures to infect their targets | ZDNet
The Internet is drowning in COVID-19-related malware and phishing scams | Ars Technica
undefined
TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years | Proofpoint US
Live Coronavirus Map Used to Spread Malware — Krebs on Security
Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak | ZDNet
High-Stakes Security Setups Are Making Remote Work Impossible | WIRED
A Mobile Voting App That's Already in Use Is Filled With Critical Flaws - VICE
Microsoft delivers emergency patch to fix wormable Windows 10 flaw | Ars Technica
undefined
undefined
undefined
undefined
Medical Device Regulation: EU to give €100bn MedTech industry a security health check | The Daily Swig
WordPress to add auto-update feature for themes and plugins | ZDNet
undefined
Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn't | ZDNet
Avast disables JavaScript engine in its antivirus following major bug | ZDNet
US is preparing to ban foreign-made drones from government use | TechCrunch
Card data from the Volusion web skimmer incident surfaces on the dark web | ZDNet
Intel CPUs vulnerable to new 'Snoop' attack | ZDNet
Modern RAM used for computers, smartphones still vulnerable to Rowhammer attacks | ZDNet
We Built a Database of Over 500 iPhones Cops Have Tried to Unlock - VICE
The Web’s Bot Containment Unit Needs Your Help — Krebs on Security
undefined
Cyberattack Hits HHS During Coronavirus Response - Bloomberg
Microsoft discontinues RDCMan app following security bug | ZDNet
Google awards $100k to Dutch bug hunter for cutting-edge cloud security research | The Daily Swig
#737140 Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies
oracle chat on prem - Google Search
Risky Business - Risky Business
publications/voatz-securityreview.pdf at master · trailofbits/publications · GitHub
publications/voatz-threatmodel.pdf at master · trailofbits/publications · GitHub
Our Full Report on the Voatz Mobile Voting Platform | Trail of Bits Blog
Securing a work from home workforce - YouTube
Mar 18, 2020
Risky Biz Soap Box: Trend Micro's Jon Clay talks ransomware and being a portfolio company

If you don’t know already, all guests who appear on the Risky Business Soap Box podcast paid to be here. These podcasts are promotional, but as regular listeners know, they’re not just mindless recitations of marketing talking points.

This edition of Soap Box is brought to you by Trend Micro, which is a company that’s in a really interesting position at the moment.

With Symantec acquired by Broadcom, which only really cares about the biggest 500 companies in the world, Sophos absorbed, Borg-style, by Thoma Bravo and McAfee sitting in the corner eating its paste, there’s an opportunity for a new “portfolio” security software firm to emerge, and Trend wants to be it.

Jon Clay is Trend’s director of global threat communications and he joined me for this conversation about ransomware, how EDR is becoming “just another feature,” and what the role for a “portfolio” company in infosec is going to be in the future.

Mar 16, 2020
Risky Business #574 -- EARN IT Act targets crypto, Joshua Schulte to be retried on most serious charges

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Two Exabeam engineers sick with Coronavirus following RSA attendance
  • Hung jury in Joshua Schulte Vault7 trial
  • Qihoo 360 tries to “pull an APT1” but it was just weird and awkward instead
  • Corellium releases Android for iPhone hardware toolkit
  • Much, much more.

This week’s sponsor interview is with Scott Kuffer of Nucleus Security. They have built a web application that pulls together feeds from all your vulnscanners and vulnerability-related software (Snyk, Burp, whatever), normalises it then lets you slice it, dice it, and send it through to the most relevant project owner/dev team. It’s insanely popular stuff, and Scott pops along this week to talk about vulnerability management and what his last year has looked like as Nucleus’s business has boomed.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Two People Who Attended Cyber Event Contract Coronavirus
The EARN IT Act Is a Sneak Attack on Encryption | WIRED
Vault 7 court case ends in mistrial on most serious charges
Energy Organizations Continue to be Compromised Globally | Dragos
Chinese security firm says CIA hacked Chinese targets for the past 11 years | ZDNet
Exclusive: This Hack Turns Apple’s iPhone Into An Android
Apple Just Demanded Santander And A $50 Billion US Intelligence Contractor Reveal How They Use iPhone Hacking Tech
NSO Group works to explain no-show in court for WhatsApp suit, plots defense
Facebook sues Namecheap to unmask hackers who registered malicious domains | ZDNet
Clearview AI Reports Breach of Customer List - VICE
Clearview AI, Facial Recognition Company That Works With Law Enforcement, Says Entire Client List Was Stolen
Apple has blocked Clearview AI’s iPhone app for violating its rules | TechCrunch
London Police Just Turned On Facial Recognition In One Of The World’s Busiest Shopping Districts
This Small Company Is Turning Utah Into a Surveillance Panopticon - VICE
Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media - VICE
Defense contractor CPI knocked offline by ransomware attack | TechCrunch
Visser, a parts manufacturer for Tesla and SpaceX, confirms data breach | TechCrunch
Ryuk ransomware hits Fortune 500 company EMCOR | ZDNet
One of Roman Abramovich's companies got hit by ransomware | ZDNet
Legal services giant Epiq Global offline after ransomware attack | TechCrunch
Big health care analytics firm infected with ransomware
Croatia's largest petrol station chain impacted by cyber-attack | ZDNet
US Railroad Contractor Reports Data Breach After Ransomware Attack
DoppelPaymer Hacked Bretagne Télécom Using the Citrix ADC Flaw
Zyxel 0day Affects its Firewall Products, Too — Krebs on Security
The strange, unexplained journey of ToTok in Google Play fuels user suspicions | Ars Technica
Message to our ToTok community
Indictment names Group-IB executive in scheme to sell hacked data
Chrome 80 update cripples top cybercrime marketplace | ZDNet
Brave to generate random browser fingerprints to preserve user privacy | ZDNet
Firefox to enable DNS-over-HTTPS by default to US users | TechCrunch
Let’s Encrypt deploys new domain validation technology to mitigate BGP hijacking risks | The Daily Swig
Microsoft Exchange Server admins urged to treat crypto key flaw as ‘critical’ | The Daily Swig
Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu | ZDNet
Zoho zero-day published on Twitter | ZDNet
(12) Thijs Alkemade on Twitter: "Last week, I was thinking back about this discussion from @riskybusiness. I decided to have a look at how it works. While doing that, I found a vulnerability that could have been used to gain unauthorized access to an iCloud account. https://t.co/szfFBNWZmy" / Twitter
5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable | Ars Technica
Positive Technologies - learn and secure : Intel x86 Root of Trust: loss of trust
AMD processors from 2011 to 2019 vulnerable to two new attacks | ZDNet
Intel CPUs vulnerable to new LVI attacks | ZDNet
A Flaw in Billions of Wi-Fi Chips Let Attackers Decrypt Data | WIRED
Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys | WIRED
GadgetProbe: New tool simplifies the exploitation of Java deserialization vulnerabilities | The Daily Swig
FBI Warned Of Fraudster’s Paradise: Up To 130,000 Hacked Asus Routers On Sale For A Few Dollars
Porn, gore, and gambling habits aired in Virgin Media breach | Ars Technica
Hackers Were Inside Citrix for Five Months — Krebs on Security
The Case for Limiting Your Browser Extensions — Krebs on Security
Hackers are targeting other hackers by infecting their tools with malware | TechCrunch
Who's Hacking the Hackers: No Honor Among Thieves
Google could have fixed 2FA code-stealing flaw in Authenticator app years ago | ZDNet
New action to disrupt world’s largest online criminal network - Microsoft on the Issues
This Chinese Whale Lost $45 Million in Bitcoin and BCH Overnight: How it Happened
Mar 11, 2020
Risky Biz Soap Box: Chris Kennedy on the latest MITRE ATT&CK developments

These Soap Box podcasts are wholly sponsored. That means everyone you hear on one of these editions of the show, paid to be here. But that’s ok, because we have interesting sponsors!

Today’s sponsor is AttackIQ. They make an attack and breach simulation platform. They started sponsoring risky biz when they were a little baby startup, but these days, as you’ll hear, attack sim is actually emerging as a budget line item, particularly for larger companies.

They use the platform to test their existing controls, figure out where they have gaps or bad products, then kick on to planning from there… then retest, evaluate, plan, implement, etc etc etc.

For a lot of organisations, something like this is going to be really helpful. Another super helpful thing is that AttackIQ is all in on MITRE ATT&CK.

AttackIQ is, in fact, one of the first vendors I know of that jumped on the MITRE ATT&CK bandwagon. They got in early, and this podcast is mostly going to be focussed on ATT&CK. Chris Kennedy is AttackIQ’s CISO and VP of customer success! He did one of these soap boxes last year and it was really popular with the CISOs who tune in to risky biz.

He joined me for this discussion about MITTRE ATT&CK; where it’s at, where it’s going, how people are using it and how AttackIQ is using it to make its products more useful.

Feb 20, 2020
Risky Business #573 -- Gas plant ransomware attack, Huawei mega-indictment and more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Ransomware shutters US natural gas plants
  • Huawei hit with huge indictment
  • Voatz mobile voting app shredded by MIT, dust-up ensues
  • The latest from the Vault7 trial
  • Reality Winner seeking clemency
  • Ring to force all users on to 2FA
  • Israeli court rules Facebook must reinstate NSO staff profiles
  • USG drops more North Korean samples
  • OpenSSH gets Fido/U2F support

This week’s sponsor interview is with Dave Cottingham from Airlock Digital.

They make whitelisting software that’s actually useable. And until I did this interview I didn’t know that their agent actually does host hardening as well, which is pretty cool. Since we last spoke they’ve also popped up in CrowdStrike’s app store thingy, which means a bunch of you Crowdstrike customers will be able to dabble in some whitelisting if you want to.

Dave joins the show to talk about a bunch of stuff, including their experience having Silvio Cesare do a code audit on their agent.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

DHS says ransomware hit US gas pipeline operator | ZDNet
Ransomware Impacting Pipeline Operations | CISA
U.S. charges Huawei with conspiracy to steal trade secrets, racketeering
Voting App Flaws Could Have Let Hackers Manipulate Results | WIRED
'Sloppy' Mobile Voting App Used in Four States Has 'Elementary' Security Flaws - VICE
Voatz Response to Researchers’ Flawed Report - Blog @ Voatz
Microsoft to deploy ElectionGuard voting software in first real-world test | ZDNet
Joshua Schulte's attorneys are trying to call Mike Pompeo in the Vault 7 trial
Joshua Schulte's defense asks for a mistrial in the Vault 7 case
Reality Winner seeks clemency for leaking NSA report on Russian hacking attempts
Ring to enable 2FA for all user accounts after recent hacks | ZDNet
Facebook must unblock NSO Group employee’s account, Israeli court rules
US government goes all in to expose new malware used by North Korean hackers | Ars Technica
Israeli soldiers tricked into installing malware by Hamas agents posing as women | ZDNet
Hamas-linked hackers exploit current events to spy on rival Palestinian officials, researchers say
Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world | ZDNet
Leaked report describes Federal Parliament's cyber security as having 'low level of maturity' - ABC News (Australian Broadcasting Corporation)
Data Protection Authority Investigates Avast for Selling Users’ Browsing History - VICE
Pay Up, Or We’ll Make Google Ban Your Ads — Krebs on Security
Ohio man arrested over darknet bitcoin laundering operation | The Daily Swig
IOTA cryptocurrency shuts down entire network after wallet hack | ZDNet
A Light at the End of Liberty Reserve’s Demise? — Krebs on Security
Signal Is Finally Bringing Its Secure Messaging to the Masses | WIRED
Hundreds of Millions of PC Components Still Have Hackable Firmware | WIRED
OpenSSH adds support for FIDO/U2F security keys | ZDNet
Second Windows 10 update is now causing problems by hiding user profiles | ZDNet
Nasty Android malware reinfects its targets, and no one knows how | Ars Technica
Google removes 500+ malicious Chrome extensions from the Web Store | ZDNet
FBI: BEC scams accounted for half of the cyber-crime losses in 2019 | ZDNet
foone on Twitter: "So I learned of an amusing bug today: Docker for Windows won't run if you have the Razer Synapse driver management tool running. But the reason is the funny part... https://t.co/s42SeQ949z" / Twitter
Feb 19, 2020
Risky Biz Soap Box: Cmd's Jake King talks Linux security

Soap Box podcasts are fully sponsored which means everyone you hear on these editions of the show paid to be here. If you’re looking for the regular, weekly Risky Business podcast, just scroll one back in your podcast feed.

But you know what? I wouldn’t recommend it, because this edition of Soap Box is top notch. In it we’re joined by Jake King, a co-founder of CMD Security.

CMD makes Linux security software, and I love their approach mostly because, well, it’s simple. It has two main functions – visibility and control – but both of these functions focus on execution. The visibility piece is “which user executed what?” and the control piece is “only let user X execute Y”. The idea here is you can apply an additional layer of control over user actions, but obviously the visibility aspect to this is pretty useful at driving decisions around what sort of limits to put on various accounts.

Jake has fronted this edition of the show with an exclusive offer to Risky Business listeners, which is free use of their software. Obviously you won’t get access to absolutely all its features, but certainly enough of them to be very, very useful. They’re getting to the point where they can do this – throw out most of the functionality and just sell the icing on the cake to companies who want it. You can register for early access to the free trial at cmd.com/risky.

Feb 13, 2020
Risky Business #572 -- Equifax indictments land, some big Huawei news

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Chinese operators indicted over Equifax breach, more indictments coming
  • Alleged backdoor in Huawei lawful intercept features
  • Data on 6.4m Israelis exposed by political party app
  • Iowa caucus app was a pile of crap, 4chan clogged up caucus night phones
  • Corp.com is up for sale. That’s a lotta hashes.
  • Much, much more.

This week’s show is brought to you by Corelight.

Corelight’s Richard Bejtlich joins the show this week in the sponsor slot to talk about what the company is doing to try to build the open source community behind Zeek, the tool its products are based on.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

How 4 Chinese Hackers Allegedly Took Down Equifax | WIRED
download
Dustin Volz on Twitter: "Overlooked moment in the DoJ press conference today: Barr linked the Marriott breach to the Chinese. I believe that is the first time the U.S. government has publicly acknowledged a connection to Beijing. https://t.co/dB1bSAsE9h https://t.co/3MN2SfRU93" / Twitter
FBI is investigating more than 1,000 cases of Chinese theft of US technology | ZDNet
Feds are lining up more indictments related to Chinese cyber-activity, officials say
Malaysia warns of Chinese hacking campaign targeting government projects | ZDNet
Netanyahu's party exposes data on over 6.4 million Israelis | ZDNet
Software error exposes the ID numbers for 1.26 million Danish citizens | ZDNet
The Iowa Caucuses App Had Another Problem: It Could Have Been Hacked — ProPublica
'Clog the lines': Internet trolls deliberately disrupted the Iowa caucuses hotline for reporting results
An ‘Off-the-Shelf, Skeleton Project’: Experts Analyze the App That Broke Iowa - VICE
Shadow's Cancelled Nevada Caucus App Had Errors, Too - VICE
A US House candidate says she was hacked — now she’s warning others | TechCrunch
Google's Giving Out Security Keys to Help Protect Campaigns | WIRED
GAO: CISA's 'nationwide strategy' on election security should be enacted as soon as possible
How the CIA used Crypto AG encryption devices to spy on countries for decades - Washington Post
U.S. Officials Say Huawei Can Covertly Access Telecom Networks - WSJ
US Attorney General says US and allies should invest in Huawei competitors | ZDNet
FBI warns about ongoing attacks against software supply chain companies | ZDNet
Dangerous Domain Corp.com Goes Up for Sale — Krebs on Security
Brazil Judge Declines Charges Against Glenn Greenwald — “For Now”
Facebook's Bug Bounty Caught a Data-Stealing Spree | WIRED
Federal Agencies Use Cellphone Location Data for Immigration Enforcement - WSJ
Can the Government Buy Its Way Around the Fourth Amendment? | WIRED
Why you can’t bank on backups to fight ransomware anymore | Ars Technica
Toll transport hack leaves customers demanding answers on parcel delivery delays - ABC News (Australian Broadcasting Corporation)
Mailto Ransomware Hits Toll Group, Deliveries Across Australia Affected
Ransomware suspected after CUNA, a credit union lobbyist, knocked offline | TechCrunch
Emotet trojan evolves to spread via WiFi connections | ZDNet
Windows trust in abandoned code lets ransomware burrow deep into targeted machines | Ars Technica
Ransomware attack: Maastricht University pays out $220,000 to cybercrooks | The Daily Swig
Maze ransomware spree continues amid advisories from French, FBI officials - CyberScoop
Apple deprecating macOS kernel extensions (KEXTs) is a great win for security | ZDNet
When Your Used Car is a Little Too ‘Mobile’ — Krebs on Security
Cisco Flaws Put Millions of Workplace Devices at Risk | WIRED
Flaws in WhatsApp’s desktop app allowed remote access to files | Ars Technica
F-Secure issues fix for Internet Gatekeeper heap overflow vulnerability | The Daily Swig
Forging SWIFT MT Payment Messages for fun and pr... research!
Introducing security defaults - Microsoft Tech Community - 1061414
Meet the Guy Selling Wireless Tech to Steal Luxury Cars in Seconds - VICE
Google fixes no-user-interaction bug in Android's Bluetooth component | ZDNet
SymTCP – a new tool for circumventing deep packet inspections | The Daily Swig
20200206 REDACTED
Feb 12, 2020
Risky Business #571 -- Is Joshua Schulte The Shadow Brokers?

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Iowa app falls over, social and mainstream media chaos ensues
  • Twitter acknowledges state-backed API abuse
  • CDA 230 under review. Uh oh.
  • Toll Group ransomware
  • ICS-compatible ransomware spotted in wild
  • UN got owned pretty hard
  • Is Joshua Schulte The Shadow Brokers? A theory
  • Much, much more.

This week’s show is brought to you by Okta.

Okta’s Simon Thorpe will be along this week to talk about a new trend they’re seeing and obviously encouraging – enterprises ditching Microsoft’s Active Directory. It’s a cloud, cloud, cloud, cloud, world these days. and in the year 2020, you might want to actually ask yourself – do you still need to be using AD?

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The Iowa Caucus Tech Meltdown Is a Warning | WIRED
Democrats’ Iowa Caucus Voting App Stirs Security Concerns - WSJ
Twitter says an attacker used its API to match usernames to phone numbers | ZDNet
Google Guilty Of ‘Big Screw Up’ That May Have Leaked Your Videos To A Random Stranger
Department of Justice to Hold Workshop on Section 230 of the Communications Decency Act | OPA | Department of Justice
The EARN IT Act: How to Ban End-to-End Encryption Without Actually Banning It | Center for Internet and Society
Encryption laws not used to fight terrorism - InnovationAus
Toll Group confirms "targeted" ransomware attack - Security - iTnews
Toll IT Systems Update | Toll Group
(24) Bad Packets Report on Twitter: "@riskybusiness @rycrozier Their Citrix server, https://t.co/66XQWpiFyF, was vulnerable to CVE-2019-19781 on 2020-01-11T06:30:06Z." / Twitter
(24) MalwareTech on Twitter: "A day prior to the Travelex hack, its parent company was worth $2.1 Billion. A month later it is now worth $764 Million. The CEO owns 63% of the shares, which puts his personal loss around $850 Million." / Twitter
Dozens of companies have data dumped online by ransomware ring seeking leverage | Ars Technica
Mysterious New Ransomware Targets Industrial Control Systems | WIRED
The New Humanitarian | EXCLUSIVE: The hack the UN tried to keep under wraps
UN didn't patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it • The Register
Iranian hackers target US government workers in new campaign | ZDNet
As Vault 7 trial begins, Joshua Schulte's attorneys will argue he's a whistleblower
Trial of Accused 'Vault 7' Leaker Opens in New York
Senior Adviser To The Operator Of The “Silk Road” Website Pleads Guilty In Manhattan Federal Court | USAO-SDNY | Department of Justice
Three suspects arrested in Maltese bank cyber-heist | ZDNet
Raytheon engineer arrested for taking US missile defense data to China | ZDNet
DOD contractor suffers ransomware infection | ZDNet
Hackers are hijacking smart building access systems to launch DDoS attacks | ZDNet
Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security — Krebs on Security
FCC Confirms 'One or More' Carriers Broke the Law Selling Location Data - VICE
Anti-virus firm Avast shuts down its data-selling subsidiary
Department of Interior grounding drone fleet over cybersecurity concerns
Google open-sources the firmware needed to build hardware security keys | ZDNet
Apple wants to standardize the format of SMS OTPs (one-time passcodes) | ZDNet
Why direct-memory attacks on laptops just won't go away
Facebook settles facial recognition lawsuit for $550 million
Remember FindFace? The Russian Facial Recognition Company Just Turned On A Massive, Multimillion-Dollar Moscow Surveillance System
London to deploy live facial recognition to find wanted faces in a crowd | Ars Technica
(15) DC3 VDP on Twitter: "Happy Friday hackers! Nitesh @ideaengine007 found a critical RCE vulnerability in Jenkins that led us to discover a Bitcoin mining service running on a DoD website 😲. Head over to the disclosed report to see all the details! Thanks for being 🔥 Nitesh https://t.co/YywrVZu2Uc" / Twitter
(15) HD Moore on Twitter: "Flamingo is a new open source tool from @Atredis for capturing credentials sprayed by IT and security products: https://t.co/NDmCfA0qvA (h/t to @4lex for HTTP NTLM support!) https://t.co/V2jKi3Enpg" / Twitter
Spotlight shone on Microsoft Azure vulnerability | The Daily Swig
Magento fixes trio of critical security flaws | The Daily Swig
Serious flaw that lurked in sudo for 9 years hands over root privileges | Ars Technica
An Artist Used 99 Phones to Fake a Google Maps Traffic Jam | WIRED
Google cuts Chrome 'patch gap' in half, from 33 to 15 days | ZDNet
Researcher: Backdoor mechanism still active in devices using HiSilicon chips | ZDNet
Feb 05, 2020
Risky Biz Soap Box: Zane Lackey on the rush to Azure and securing Web apps against logic flaws

In this edition of the Soap Box podcast we’re joined by Zane Lackey, a co-founder of Signal Sciences.

Signal Sciences makes, in essence, a “next generation” Web Application Firewall, or WAF. Signal Sciences is a pretty well-established startup these days with a zillion customers, so he has some real insight into what’s happening out there in webapp land.

In this conversation he has some really interesting things to say: First, there’s a rush to Azure happening right now. It has become the platform of choice for all sorts of organisations.

He also has some really interesting things to say about how to protect web applications from logic flaws. Some simple ideas that should really help lock things down.

Enjoy!

Jan 30, 2020
Risky Business #570 -- FTI report lands like a lead balloon

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • The FTI report on the Bezos incident is a massive let down
  • UK lets Huawei into 5G build
  • SeaTurtle campaign pinned on Turkey
  • Mitsubishi owned through its AV solution
  • Ransomware crews owning unpatched Citrix boxes
  • Much, much more.

This week’s sponsor guest is Sherrod DeGrippo of Proofpoint. She’s a senior director of threat research there and she’ll be along to talk about the Emotet malware. Despite being spray and pray malware, it’s pretty successful because it operates at such ridiculous scale. Sherrod joins us with details.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The big questions from FTI's report on the Jeff Bezos hack
Some Directions for Further Investigation in the Bezos Hack Case
A timeline of events surrounding the Bezos phone hack | ZDNet
(10) Bill Marczak on Twitter: "FTI can no longer credibly avoid decrypting the encrypted video that MbS sent to Bezos. Previously, FTI would have had to click on the 1st Google result for "how to decrypt enc whatsapp" (hard, I know), but now @dinodaizovi put everything in a GitHub repo! https://t.co/3dnFgURRyU" / Twitter
Hack of Jeff Bezos' phone likely happened through Saudi crown prince, analysts tell UN - CyberScoop
Here Is the Technical Report Suggesting Saudi Arabia’s Prince Hacked Jeff Bezos’ Phone - VICE
Everything We Know About the Jeff Bezos Phone Hack | WIRED
FTI-Report-into-Jeff-Bezos-Phone-Hack.pdf
Stopping the Press: New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator - The Citizen Lab
New U.S. law requires government to report risks of overseas activities by ex-spies - Reuters
UK won't ban Huawei in British 5G technology, defying U.S. warnings - CyberScoop
Exclusive: Hackers acting in Turkey's interests believed to be behind recent cyberattacks - sources - Reuters
Trend Micro antivirus zero-day used in Mitsubishi Electric hack | ZDNet
Fortinet removes SSH and database backdoors from its SIEM product | ZDNet
Hackers target unpatched Citrix servers to deploy ransomware | ZDNet
Tampa Bay Times struck by ransomware, joining a growing club of hacked media outlets
The average ransom demand for a REvil ransomware infection is a whopping $260,000 | ZDNet
Judge forces insurer to help small business to clean up after a crippling ransomware attack
New York state wants to ban government agencies from paying ransomware demands | ZDNet
Hackers hijack social media accounts for the NFL and 15 teams | ZDNet
One Small Fix Would Curb Stingray Surveillance | WIRED
Leaked Documents Expose the Secretive Market for Your Web Browsing Data - VICE
Scraping the Web Is a Powerful Tool. Clearview AI Abused It | WIRED
Mozilla has banned nearly 200 malicious Firefox add-ons over the last two weeks | ZDNet
The Chrome Web Store is currently facing a wave of fraudulent transactions | ZDNet
MDhex vulnerabilities impact GE patient vital signs monitoring devices | ZDNet
Researchers set up a mock factory network — and watched the criminals rush in
Microsoft to forcibly install Bing search extension in Chrome for Office 365 ProPlus users | ZDNet
Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw | WIRED
Magecart gang arrested in Indonesia | ZDNet
DEF CON China conference put on hold due to coronavirus outbreak | ZDNet
Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus | ZDNet
LoRaWAN networks are spreading but security researchers say beware | ZDNet
Wawa Breach May Have Compromised More Than 30 Million Payment Cards — Krebs on Security
LabCorp security lapse exposed thousands of medical documents | TechCrunch
TALOS-2019-0964 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
oss-security - LPE and RCE in OpenSMTPD (CVE-2020-7247)
Equifax Ordered to Spend $1 Billion on Data Security
Jan 29, 2020
Feature podcast: Alexa O'Brien on Wikileaks, intelligence and influence

This podcast is brought to you by the William and Flora Hewlett Foundation. The Foundation funds a lot of interesting people and work in the cybersecurity space and they’re supporting this special podcast series examining topics of interest to cyber policy makers.

In this podcast we’re going to hear from Alexa O’Brien. She’s currently studying a Masters in Applied Intelligence at Georgetown University. She’s also working on an ethical framework for the applied intelligence discipline – collection, analysis and the like – for media practitioners.

Alexa is also a journalist. Her most recent major work is a July 2019 analysis of the US media’s coverage of civilian harm in the war against ISIS, I’ve linked through to that in the show notes below.

Before she worked as an established journalist, Alexa covered Chelsea Manning’s trial at Fort Meade on her blog. Her transcript of the proceedings were a tremendous help to the wider media, and it was this work that briefly pulled her into the Wikileaks “scene”.

It wasn’t a good fit.

Alexa joined me for this freewheeling discussion about intelligence, ethics, moral authority and signs that not everything is as it seems in the Wikileaks universe.

Show notes

Jan 23, 2020
Risky Business #569 -- Bezos' Saudi hack claims, Glenn Greenwald facing cybercrime charges

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • MBS fingered in Bezos dick pic breach
  • Glenn Greenwald facing cybercrime charges over Vaza Jato Telegram leaks
  • Citrix finally patches 90s-style ADC bugs
  • IE 0day doing the rounds, no patch available
  • PoCs for 0601 drop
  • Much, much more…

This week’s show is sponsored by VMRay, a sandbox-based malware analyser. You throw a sample into it and it spits out all sorts of useful information. Rather than having one of its own staff in this week’s sponsor slot, VMRay has put forward one of its customers instead. Expel is a managed security provider, and it is making heavy use of VMRay to do malware analysis. Tyler Fornes is a Senior Detection and Response Analyst at Expel and he joined me to talk about how they’re using VMRay to actually make life easier.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Saudi crown prince implicated in hacking of Jeff Bezos’s phone | Financial Times
Amazon boss Jeff Bezos's phone 'hacked by Saudi crown prince' | Jeff Bezos | The Guardian
Outrage As Brazil Accuses Glenn Greenwald Of Hacking Crimes
US Cyber Command was not prepared to handle the amount of data it hacked from ISIS | ZDNet
U.S. says accused Vault 7 leaker tried orchestrating PR campaign from jail cell
Accused scammer Burkov to plead guilty to 'some' charges after extradition dispute
Hackers are racing to exploit a Citrix bug that the company hasn't patched yet
As attacks begin, Citrix ships patch for VPN vulnerability | Ars Technica
CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance
A hacker is patching Citrix servers to maintain exclusive access | ZDNet
Microsoft warns about Internet Explorer zero-day, but no patch yet | ZDNet
Proof-of-concept exploits published for the Microsoft-NSA crypto bug | ZDNet
Critical Windows 10 vulnerability used to Rickroll the NSA and Github | Ars Technica
LastPass is in the midst of a major outage | ZDNet
FBI seizes WeLeakInfo, a website that sold access to breached data | ZDNet
Mitsubishi Electric discloses security breach, China is main suspect | ZDNet
FBI: Nation-state actors have breached two US municipalities | ZDNet
A Georgia election server was vulnerable to Shellshock and may have been hacked | Ars Technica
Visa's plan against Magecart attacks: Devalue and disrupt | ZDNet
Researchers find serious flaws in WordPress plugins used on 400k sites | Ars Technica
The FBI Got Data From A Locked iPhone 11 Pro Max—So Why Is It Demanding Apple Unlock Older Phones?
Apple dropped plan for encrypting backups after FBI complained - sources - Strategy - Cloud - Security - iTnews
Chinese man arrested after making $1.6 million from selling VPN services | ZDNet
Senators to Trump administration: Protect small businesses from Iranian hacking threat
ShadowMove: A Stealthy Lateral Movement Strategy | USENIX
I'm Nicole Perlroth, cybersecurity reporter for The New York Times. I broke the news that Russians hacked the Ukrainian gas company at the center of President Trump's impeachment. US officials warn that Russians have grown stealthier since 2016 and seek to target election systems ahead of 2020. AMA : worldnews
Jan 22, 2020
Risky Business #568 -- Let's Decrypt

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • NSA drops a sweet Microsoft crypto bug
  • Burisma targeted by GRU. 2016 all over again?
  • Citrix users having a bad time
  • Intrusion Truth targets APT40
  • No more BYOD for US soldiers in Middle East
  • Much, much more

We have a new sponsor in this week’s show – ExtraHop Networks. Network monitoring is dead! Long live network monitoring!

Matt Cauthorn is ExtraHop’s VP of cybersecurity engineering and he’ll join us this week to talk about recent moves by cloud providers to offer full virtual network mirror ports out of their infrastructure.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

*Credit for this week’s headline goes to @appsecbloke.

Show notes

Cryptic Rumblings Ahead of First 2020 Patch Tuesday — Krebs on Security
Microsoft fixes Windows crypto bug reported by the NSA | ZDNet
Now It's Really, Truly Time to Give Up Windows 7 | WIRED
Proof-of-concept code published for Citrix bug as attacks intensify | ZDNet
Russians Hacked Ukrainian Gas Company at Center of Impeachment - The New York Times
Russian hackers targeted Ukrainian company at center of impeachment storm: cybersecurity firm - Reuters
A Tale of Two Attributions – Stranded on Pylos
Nicole Perlroth on Twitter:
If Russia Hacked Burisma, Brace for the Leaks to Follow | WIRED
FBI says Iranian hackers have stepped up reconnaissance since Soleimani killing
Saudi cyber authority uncovers new data-wiping malware, and experts suspect Iran is behind it
New Iranian data wiper malware hits Bapco, Bahrain's national oil company | ZDNet
What is the Hainan Xiandun Technology Development Company? – Intrusion Truth
Iranian Hackers Have Been ‘Password-Spraying’ the US Grid | WIRED
Alleged Spy App ToTok Puts Apple in a Bind | WIRED
US troops deploying to the Middle East told to leave personal devices at home | ZDNet
Amnesty suit asking Israel to revoke NSO Group's license heads to court
Travelex says ransomware recovery is underway two weeks after global blackout
Boing Boing was hacked / Boing Boing
Kuwait's state news agency says hackers breached its Twitter
Hackers Are Breaking Directly Into AT&T, T-Mobile, and Sprint to Take Over Customer Phone Numbers - VICE
Academic research finds five US telcos vulnerable to SIM swapping attacks | ZDNet
You can now use an iPhone as a security key for Google accounts | ZDNet
Google plans to drop Chrome support for tracking cookies by 2022 | Ars Technica
Congressional commission mulls new private sector reporting requirements
Apple Lawsuit Against Cyber Startup Threatens ‘Dangerous’ Expansion Of Copyright Law
Equifax to pay customers $380.5 million as part of final breach settlement
Donald J. Trump on Twitter:
Tech’s Adversaries vs Enemies - Alex Stamos - Medium
Was It an Act of War? That’s Merck Cyber Attack’s $1.3 Billion Insurance Question.
Jan 16, 2020
Risky Business #567 -- ToTok, Iran and big-game ransomware galore

In this week’s show Patrick Gray and Alex Stamos discuss all the week’s news, including:

  • Will Iran cyber all the cybers?
  • ToTok chat app alleged to be UAE spy tool
  • China makes moves on own OS
  • Big game ransomware hits crisis levels
  • WSJ carries water for NSO Group
  • Much, much more

This week’s show is brought to you Bugcrowd. We’ll be hearing from Bugcrowd’s Casey Ellis in this week’s sponsor interview. He’ll be talking about the US federal government’s decision to force all departments into accepting bug reports – he thinks this is a move that will have a big impact on the wider security ecosystem.

Links to everything are below!

Show notes

Homeland Security warns businesses to brace for Iranian cyberattacks | TechCrunch
After U.S. kills Iranian general, analysts warn of Tehran’s ability to retaliate in cyberspace
Unpatched US government website gets pwned by pro-Iran script kiddie | Ars Technica
Iranian Hackers Claim Defacement of Texas Government and Alabama Veterans Websites - VICE
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool. - The New York Times
Google Reinstates Reported UAE Surveillance App ToTok - VICE
U.S. Army bans TikTok amid ongoing scrutiny of Chinese-made video app
Two of China's largest tech firms are uniting to create a new 'domestic OS' | ZDNet
Police Tracked a Terror Suspect—Until His Phone Went Dark After a Facebook Warning - WSJ
US Coast Guard discloses Ryuk ransomware infection at maritime facility | ZDNet
Frankfurt shuts down IT network following Emotet infection | ZDNet
Sodinokibi ransomware plagues Travelex currency exchange as investigation continues
Company shuts down because of ransomware, leaves 300 without jobs just before holidays | ZDNet
Maze ransomware was behind Pensacola “cyber event,” Florida officials say | Ars Technica
FBI warns U.S. companies about Maze ransomware, appeals for victim data - CyberScoop
Another ransomware strain is now stealing data before encrypting it | ZDNet
New Orleans hit by ransomware, city employees told to turn off computers | ZDNet
Pensacola confirms ransomware attack but provides few details | Ars Technica
Ransomware at IT Services Provider Synoptek — Krebs on Security
Arkansas telemarketing firm blames ransomware for sudden holiday closure - CyberScoop
Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up — Krebs on Security
Hackensack Meridian Health pays attackers to thwart ransomware incident - CyberScoop
Big Game Ransomware being delivered to organisations via Pulse Secure VPN
The Hidden Cost of Ransomware: Wholesale Password Theft — Krebs on Security
Hackers steal data for 15 million patients, then sell it back to lab that lost it | Ars Technica
Apple sues security vendor for DMCA violations - The Verge
Apple opens public bug bounty program, publishes official rules | ZDNet
Not so IDLE hands: FBI program offers companies data protection via deception | Ars Technica
A Twitter app bug was used to match 17 million phone numbers to user accounts | TechCrunch
Chinese hacker group caught bypassing 2FA | ZDNet
Critical flaw in Citrix applications could allow unauthorized access to internal networks
Hacker who blackmailed Apple in 2017 gets no prison time | ZDNet
Member of 'The Dark Overlord' hacking group extradited to the US | ZDNet
Rambler will drop NGINX criminal case | ZDNet
How Hackers Are Breaking Into Ring Cameras - VICE
Over 1,500 Ring passwords have been found on the dark web | TechCrunch
We Tested Ring’s Security. It’s Awful - VICE
Creditors Seek to Exhume the Body of a Dead Crypto Executive | WIRED
Lithuanian scammer gets 5 years for defrauding Google, Facebook of $120 million
Web Cache Deception attacks still impact websites with 'substantial user populations' | ZDNet
iPhones and iPads finally get key-based protection against account takeovers | Ars Technica
Mozilla to force all add-on devs to use 2FA to prevent supply-chain attacks | ZDNet
Npm team warns of new 'binary planting' bug | ZDNet
Only 9.27% of all npm developers use 2FA | ZDNet
Half of the websites using WebAssembly use it for malicious purposes | ZDNet
U.S. Launches Fresh Assault On Apple’s ‘Warrant-Proof Encryption’
The Great $50M African IP Address Heist — Krebs on Security
'Shattered': Inside the secret battle to save America's undercover spies in the digital age
Jan 08, 2020
Risky Business #566 -- Balkanisation, ransomware, comedy bugs close out the decade

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • China to ditch foreign hardware, software, from government use
  • Huawei sues FCC
  • More background on Project Raven
  • Senate hearings into encryption
  • Reddit fingers alleged RU disinfo campaign
  • “Evil Corp” hackers have lots of money, terrible taste
  • Ransomware attacks galore
  • Much, much more

This week’s sponsor interview is with Haroon Meer of Thinkst Canary. And we’re going to do the typical thing and have a look forward to what we can expect to see in security next year. But we’re going less for the big, dumb predictions and more picking the trends we expect to strengthen over the next year.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Chinese government to replace foreign hardware and software within three years | ZDNet
Russia to invest $31 million in a local Wikipedia clone | ZDNet
Huawei sues FCC for icing U.S. business, claiming a lack of evidence
Made in America
Facebook intends to implement end-to-end encryption despite DOJ pressure
U.S. senators threaten Facebook, Apple with encryption regulation - Reuters
Patrick Gray on Twitter: "So Apple has issued a DMCA takedown on a Tweet that disclosed a key that could be used to decrypt 64 bit SEP. Apple's approach to security researchers feels a little bit like this scene from Mars Attacks lately... https://t.co/rJPE5L8OP5" / Twitter
Reddit links leak of US-UK trade documents to Russian influence campaign | ZDNet
Alleged Russian Hacker Behind $100 Million Evil Corp Indicted | WIRED
BMW and Hyundai hacked by Vietnamese hackers, report claims | ZDNet
Ransomware at Colorado IT Provider Affects 100+ Dental Offices — Krebs on Security
Pensacola cyber attack: Officials not sure if personal data was exposed
Ransomware attack hits major US data center provider | ZDNet
20 VPS providers to shut down on Monday, giving customers two days to save their data | ZDNet
Keybase moves to stop onslaught of spammers on encrypted message platform | Ars Technica
Scammers dupe Chinese venture capitalists out of $1 million with the 'ultimate' BEC heist
Facebook sues Chinese malware operator for abusing its ad platform | ZDNet
Exclusive: A Facebook Employee Accepted Bribes From A Scammer To Reactivate Banned Ad Accounts
Google Chrome Will Now Warn You If Your Web Passwords Have Been Stolen
Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sells Your Web Habits.
Two malicious Python libraries caught stealing SSH and GPG keys | ZDNet
Snatch ransomware reboots PCs in Windows Safe Mode to bypass antivirus apps | ZDNet
HackerOne breach lets outside hacker read customers’ private bug reports | Ars Technica
Hackers Can Mess With Voltages to Steal Intel Chips' Secrets | WIRED
https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt
Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter • The Register
SwiftOnSecurity on Twitter: "Me: Threat-hunting rare DNS lookups in a corporate network. Confluence: https://t.co/6GPMROKua2 https://t.co/pse4VwORiZ" / Twitter
Aristotle Tzafalias on Twitter: "Wassenaar Arrangement Dec. 2019 New entry in the Munitions List: "ML21.b.5 "Software" specially designed or modified for the conduct of military offensive cyber operations;" https://t.co/pkY1Web6Pr https://t.co/INcLWwGHGZ" / Twitter
Meeting | Hearings | United States Senate Committee on the Judiciary
Dec 11, 2019
Risky Biz Soap Box: Some Zero Trust facts of life

Our guest in this edition is Will Peteroy. He’s currently the CTO of security at Gigamon after his company, ICEBRG, was acquired by Gigamon last year. Will has a long and interesting background in security.

As you’ll hear, he worked on the security team at Microsoft once upon a time. He even co-wrote Microsoft’s gigantic paper on mitigating “pass the hash” attacks some years ago. He also did some time with the “Department of Defense” some time ago. He’s a knowledgable fella.

And he’s been spending considerable time lately focussing on the issue of Zero Trust Networks.

Zero Trust is one of those things that’s super simple in theory, but absolutely, awfully complicated when you actually try to do it. So Will joined me for this chat about Zero Trust networks, how to define them, how to transition to them, what some of the steps are and thinking is. It’s a great conversation for any CSOs who are working through some of the issues that pop up when they’re transitioning to ZT architectures.

Dec 05, 2019
Risky Business #565 -- Crypto bro takes Jong turn

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Ethereum developer Virgil Griffith charged for allegedly teaching DPRK about cryptocurrency
  • DHS/CISA government vulnerability disclosure program takes shape, looks good
  • Adobe discloses Magento Marketplace data breach
  • Fully patched Android devices targeted
  • IM-RAT takedown
  • Much, much more

This week’s sponsor interview is with Brian Robison of BlackBerry Cylance. He pops along to talk about some interesting research they’ve done on mobile malware.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Cryptocurrency expert arrested for giving talk to North Korea about avoiding sanctions | ZDNet
Manhattan U.S. Attorney Announces Arrest Of United States Citizen For Assisting North Korea In Evading Sanctions | USAO-SDNY | Department of Justice
Brian Klein on Twitter: "I now represent Virgil Griffith and am very pleased that today the judge found that he should be released from jail pending trial. We dispute the untested allegations in the criminal complaint, and Virgil looks forward to his day in court, when the full story can come out." / Twitter
DHS issues draft order to require vulnerability disclosure policies at civilian agencies
cyber.dhs.gov - Binding Operational Directive 20-01
New Zealand's gun buyback website 'a shopping list for criminals' | World news | The Guardian
It’s Way Too Easy to Get a .gov Domain Name — Krebs on Security
Adobe discloses security breach impacting Magento Marketplace users | ZDNet
Vulnerability in fully patched Android phones under active attack by bank thieves | Ars Technica
Trend Micro finds new mobile malware masquerading as a chat app
Authorities take down 'Imminent Monitor' RAT malware operation | ZDNet
Australian and European police shut down access to popular criminal hacking tool
SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos - VICE
Now even the FBI is warning about your smart TV’s security | TechCrunch
FBI assesses Russian apps may be counterintelligence threat
HPE tells users to patch SSDs to prevent failure after 32,768 hours of operation | ZDNet
Splunk tells users to patch ‘Y2K-style’ flaw
BlackDirect: Microsoft Azure Account Takeover | CyberArk
Hacker stole unreleased music and then tried to frame someone else | ZDNet
Microsoft: Malware, ransomware, and cryptominer detections are down in 2019 | ZDNet
Hacker’s paradise: Louisiana’s ransomware disaster far from over | Ars Technica
Mozilla removes Avast and AVG extensions from add-on portal over snooping claims | ZDNet
FBI Asked Sony for Data on User Who Allegedly Used PlayStation Network to Sell Cocaine - VICE
(14) SandboxEscaper on Twitter: "I bring dire news.. for soon I may finally have a job (at Microsoft).. I won't be dropping 0days anymore, much to my dismay. But I will be standing here on the sideline cheering on any act of 0day dropping.. for pissing off the infosec elite is a cause worth fighting for." / Twitter
Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform
Dec 04, 2019
Risky Business #564 -- PRC suffers leak, alleged defection

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • RIPE has officially run out of v4 addresses
  • NSO workers sue Facebook to get their accounts back
  • Mike Pompeo, Republican lawmakers keep Crowdstrike conspiracy theory alive
  • Bugs, hacks, ransomware disasters and more.

This week’s sponsor interview is with Sally Carson of Duo Security. Sally has been a designer for over 20 years, joining Duo in 2015 to build the company’s Product Design and User Research practice from the ground up. Duo now employs one designer for every five users, which is an extremely generous ratio.

As you’ll hear, Sally thinks empathy is the key to designing usable technology.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The RIPE NCC has run out of IPv4 Addresses — RIPE Network Coordination Centre
Workers at Israeli surveillance firm NSO sue Facebook for blocking private accounts - Reuters
In just three months, Google sent 12k warnings about government-backed attacks | ZDNet
Pompeo says Trump’s debunked Ukraine conspiracy theory is worth looking into - The Washington Post
(1) Kevin Collier on Twitter: "A fun fact about Republicans embracing the idiotic Crowdstrike conspiracy theory is that the RNSC and RNCC both use Crowdstrike. Have paid more than $175,000 since 2017, per FEC filings. https://t.co/LSvCEbYccP" / Twitter
Five Years Later, Who Really Hacked Sony? | Hollywood Reporter
Commerce Department proposes rules for implementing Trump’s supply-chain security order
Data leak reveals how China 'brainwashes' Uighurs in prison camps - BBC News
China used Nick Zhao to try infiltrate federal Parliament, ASIO believes
Chinese spy Wang Liqiang's revelations spark Taiwan detention of couple at Taoyuan Airport
Iranian Americans Struggle to Reach Family Amid Internet Blackout | WIRED
Iran letter raises prospect of 'white list' internet clampdown - BBC News
Kevin Rudd says Julian Assange faces 'unacceptable' and 'disproportionate' punishment
How the NYPD's fingerprint database got shut down by a computer virus
110 Nursing Homes Cut Off from Health Records in Ransomware Attack — Krebs on Security
Over 480 million mobile VPN apps have been downloaded in the past year | ZDNet
A hacking group is hijacking Docker systems with exposed API endpoints | ZDNet
Cheap kids smartwatch exposes the location of 5,000+ children | ZDNet
The California DMV Is Making $50M a Year Selling Drivers’ Personal Information - VICE
The Debate Over How to Encrypt the Internet of Things | WIRED
1.2 Billion Records Found Exposed Online in a Single Server | WIRED
CISA and VotingWorks release open source post-election auditing tool | ZDNet
Extensive hacking operation discovered in Kazakhstan | ZDNet
DOD joins fight against 5G spectrum proposal, citing risks to GPS | Ars Technica
Scammers try a new way to steal online shoppers’ payment-card data | Ars Technica
Suspect can’t be compelled to reveal “64-character” password, court rules | Ars Technica
Aleksei Burkov, Russian accused of operating 'elite' hacking forum, pleads not guilty
Authorities Arrest Alleged Member of Group That Hacked Jack Dorsey - VICE
Lights That Warn Planes of Obstacles Were Exposed to Open Internet - VICE
Russia's ‘Sandworm’ Hackers Also Targeted Android Phones | WIRED
Google will pay bug hunters up to $1.5m if they can hack its Titan M chip | ZDNet
Twitter will finally let users disable SMS as default 2FA method | ZDNet
New bypass disclosed in Microsoft PatchGuard (KPP) | ZDNet
Exploit code published for dangerous Apache Solr remote code execution flaw | ZDNet
Bugtraq: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products
Nov 27, 2019
Risky Biz Soap Box: Trend Micro VP of Cloud Research Mark Nunnikhoven

This is a Soap Box edition of the show. Soap Box isn’t our regular weekly news program. If you’re looking for that one, scroll one show back in your podcast feed.

Soap Box is a wholly sponsored series of podcasts we do here at Risky Business where vendors give us money to appear. And while these are sponsored episodes they’ve actually become almost as popular as the weekly show. They started off about half as popular, and then I guess people gradually realised they don’t actually suck, so here we are.

Trend’s head of cloud research, Mark Nunnikhoven, is our guest in this edition and we have a pretty wide ranging conversation. A big part of this conversation is us talking about the differences between locking down a corporate network vs locking down a modern application production stack… and there’s a very funny part of this interview where Mark points out that AV scanning for Docker images actually makes sense. Seriously.

Nov 26, 2019
Risky Business #563 -- Phineas Phisher returns

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Phineas Phisher returns, claims credit for Cayman bank hack and offers bounties for activist hijinks
  • Microsoft cautiously backs DoH
  • Huawei granted another 90-day stay of execution in US market
  • Iranian APT crew targeting ICS supply chain
  • Alexei Burkov extradition complete, appears in US court
  • Some very funny stuff is happening to GPS in the Shanghai area
  • Louisiana government ransomwared, emerges relatively unscathed
  • Official Monero binaries trojaned. Lol.
  • Much, much more!

This week’s show is brought to you by Senetas. Rob Linton from Senetas joins the show this week to talk about its O365 integration for its SureDrop product, a new feature that will be of interest to many Risky Business listeners.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies - VICE
Offshore Bank Targeted By Phineas Fisher Confirms it Was Hacked - VICE
Microsoft says yes to future encrypted DNS requests in Windows | Ars Technica
Exclusive: U.S. manufacturing group hacked by China as trade talks intensified - sources - Reuters
US grants Huawei new 90-day license extension
Iran’s APT33 Hackers Are Targeting Industrial Control Systems | WIRED
How Iran's Government Shut Off the Internet | WIRED
Why Were the Russians So Set Against This Hacker Being Extradited? — Krebs on Security
Russia Fails to Stop Alleged Hacker From Facing US Charges | WIRED
Ghost ships, crop circles, and soft gold: A GPS mystery in Shanghai - MIT Technology Review
Ransomware hits Louisiana state government systems | ZDNet
Ransomware Bites 400 Veterinary Hospitals — Krebs on Security
Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware' | ZDNet
Official Monero website compromised with malware that steals funds | ZDNet
Anonymous hacker gets a whopping six years in prison for some lame DDoS attacks | ZDNet
DDoS-for-Hire Boss Gets 13 Months Jail Time — Krebs on Security
US student was allegedly building a custom Gentoo Linux distro for ISIS | ZDNet
20-year-old Chicago man charged with writing code to spread ISIS propaganda
The Dark Overlord hacking suspect who's fighting extradition to the U.S. is running out of options
Citing security concerns, senators call on White House to appoint coordinator for 5G issues
Burglars Really Do Use Bluetooth Scanners to Find Laptops and Phones | WIRED
LA warns of ‘juice-jacking’ malware, but admits it has no cases | TechCrunch
Someone is using the 'Cozy Bear' moniker to scare DDoS victims into bitcoin payments
146 New Vulnerabilities All Come Preinstalled on Android Phones | WIRED
As iOS vulnerabilities emerge, a new app promises to detect hacked iPhones
GitHub launches 'Security Lab' to help secure open source ecosystem | ZDNet
Google Chrome experiment crashes browser tabs, impacts companies worldwide | ZDNet
Chrome, Edge, Safari hacked at elite Chinese hacking contest | ZDNet
Company discovered it was hacked after a server ran out of free space | ZDNet
TPM-FAIL vulnerabilities impact TPM chips in desktops, laptops, servers | ZDNet
How a turf war and a botched contract landed 2 pentesters in Iowa jail | Ars Technica
What Happens When You Remove a Police-Installed GPS Tracker | WIRED
Password
SUREDROP
Nov 21, 2019
Risky Business #562 -- Two former Twitter staff charged over Saudi spying

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Two ex Twitter employees charged with spying for KSA
  • US border device searches now require suspicion after ACLU win
  • Unredacted Corellium lawsuit response drops
  • Ransomware attacks on hospitals increase mortality
  • Much, much more!

This week’s sponsor interview is with Stephan Chenette, the co-founder and CTO of AttackIQ. We talk to him about some CSOs playing Pokemon Go with MITRE ATT&CK (“Gotta catch ‘em all!”) and about recent ATT&CK developments.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Twitter Insiders Allegedly Spied for Saudi Arabia | WIRED
Former Trend Micro employee enabled scam calls by stealing customers' personal data
Federal Court Rules Suspicionless Searches of Travelers’ Phones and Laptops Unconstitutional | American Civil Liberties Union
Corellium claims Apple sued it after acquisition talks fell through
U.K.’s Labour Party ‘Hit By Large Cyberattack’ A Month Before Election
Cyber Command flags North Korean-linked hackers behind ongoing financial heists
Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks — Krebs on Security
As 5G Rolls Out, Troubling New Security Flaws Emerge | WIRED
DNS-over-HTTPS will eventually roll out in all major browsers, despite ISP opposition | ZDNet
Phones and PCs sold in Russia will have to come pre-installed with Russian apps | ZDNet
Capital One replaces security chief after data breach | TechCrunch
One of the world’s most advanced hacking groups debuts new Titanium backdoor | Ars Technica
Facebook Portal survives Pwn2Own hacking contest, Amazon Echo got hacked | ZDNet
Between 200,000 and 240,000 Magento online stores will reach EOL next year | ZDNet
Major ASP.NET hosting provider infected by ransomware | ZDNet
Mysterious hacker dumps database of infamous IronMarch neo-nazi forum | ZDNet
Breaking the law: How 8chan (or “8kun”) got (briefly) back online | Ars Technica
Microsoft's Rust experiments are going well, but some features are missing | ZDNet
Further enhancing security from Microsoft, not just for Microsoft
Microsoft to apply California's privacy law for all US users | ZDNet
'Chronicle Is Dead and Google Killed It' - VICE
Google Enlists Outside Help to Clean Up Android's Malware Mess | WIRED
Manual code review finds 35 vulnerabilities in 8 enclave SDKs | ZDNet
Amid NSA warning, attacks on Confluence have risen in recent weeks
Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash | Ars Technica
Intel Fixes a Security Flaw It Said Was Repaired 6 Months Ago - The New York Times
Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings | WIRED
Influencers Pay Thousands to Get Back Into Their Hacked Instagram Accounts - VICE
Nov 13, 2019
Risky Biz Soap Box: Capsule8 chief scientist Brandon Edwards

The Soap Box podcast is a wholly sponsored podcast series we do here at Risky.biz, which means everyone you hear on it paid to appear.

This edition of the Soap Box is brought to you by Capsule8.

It’s taken a long time, but over the last couple of years we’ve seen a meaningful Linux security software market emerge. It makes sense, I guess, considering the modern production environment is all glued together from various Linux systems. So, we’re seeing some interesting approaches to the Linux security challenge pop up.

Capsule8 makes detection and visibility software for Linux. You can use it to spot various types of funny behaviour on your Linux systems. Brandon Edwards is Capsule8’s chief scientist and he is our guest today.

We speak about a few things, but primarily this conversation centres on the fact that modern production environments have become so complex it’s almost impossible to comprehend how they work. We’ve lost insight, and we’ve even lost the ability to understand how individual security flaws can impact our wider production environments.

So we’re going to talk about complexity in modern production environments, and then we’ll talk a bit about Capsule8’s approach to the Linux security challenge. Enjoy!

Nov 07, 2019
Risky Business #561 -- Report: NSO exploits used against politicians, senior military targets

On this week’s show Patrick Gray and Mark Piper discuss all the week’s security news, including:

  • NSO Group malware turning up in some unexpected places
  • Bluekeep mass exploitation finally begins
  • Owning smart home devices with friggin’ lasers
  • Two plead guilty to hacks on Lynda.com, Uber
  • Imperva CEO departs following breach
  • TLS Delegated Credentials sound like A VERY GOOD IDEA
  • Cybercommand heads to Montenegro
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Haroon Meer and Adrian Sanabria from Thinkst recently did a keynote talk at the Virus Bulletin conference in London. Titled “The Security Products We Deserve,” it’s a stinging critique of the security product lifecycle. VC firms keeping stupid ideas alive, analyst firms being parasites, vendors not doing security testing on their equipment and so much more. We’ll be talking to Haroon Meer about that keynote in this week’s sponsor interview, which will run after this week’s news segment.

Links to everything are below.

Show notes

Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources - Reuters
Snooping row: Priyanka Gandhi's WhatsApp also targeted, claims Congress | India News - Times of India
WhatsApp's Case Against NSO Group Hinges on a Tricky Legal Argument | WIRED
Facebook deletes the accounts of NSO Group workers | Ars Technica
The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic | WIRED
Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home | WIRED
2 Plead Guilty in 2016 Uber and Lynda.com Hacks - The New York Times
Imperva planned to keep its CEO through a merger. Two months after a breach, he’s out.
Facebook, Mozilla, and Cloudflare announce new TLS Delegated Credentials standard | ZDNet
Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections
Election security drill pits red-team hackers against DHS, FBI and police
The count of managed service providers getting hit with ransomware mounts | Ars Technica
Japanese media giant Nikkei says $29 million lost in BEC scam
An inside look at WP-VCD, today's largest WordPress hacking operation | ZDNet
Chinese hackers developed malware to steal SMS messages from telco's network | ZDNet
Thousands of QNAP NAS devices have been infected with the QSnatch malware | ZDNet
Utah renewables company was hit by rare cyberattack in March
Ubisoft reports 93% drop in DDoS attacks after pushing back against attackers | ZDNet
Breaches at NetworkSolutions, Register.com, and Web.com — Krebs on Security
How would MITRE’s popular cyberattack framework apply to industrial control systems?
Google Is Helping Design an Open Source, Ultra-Secure Chip | WIRED
Alleged Capital One hacker Paige Thompson to be released before trial
Huawei calls hackers to Munich for secret bug bounty meeting | TechCrunch
GitLab considers ban on new hires in China and Russia due to espionage fears | ZDNet
Keynote address: The security products we deserve - YouTube
Nov 06, 2019
Feature Podcast: Critical infrastructure security with Eric Rosenbach and Robert M Lee

This podcast is brought to you by the William and Flora Hewlett Foundation, and it’s the second in a series of podcasts we’re doing that are all about cyber policy.

The Foundation funds a lot of interesting people and work in the cybersecurity space. So the idea behind this podcast series is pretty simple: we talk to Hewlett’s grant recipients, or experts in Hewlett’s network, about pressing policy issues and turn those conversations into podcasts. The whole idea is to get some policy perspectives out there among the Risky Business audience, which, funnily enough, includes a lot of policymakers.

This podcast features both Eric Rosenbach and Robert M Lee talking about ICS security.

Eric is the co-director of the Belfer Center for Science and International Affairs at the Harvard Kennedy School. He also heads the Defending Digital Democracy project there. Eric has a very long and somewhat fascinating resume. As United States Assistant Secretary of Defense he led the US Defense Department’s efforts to counter cyberattacks by Iran and North Korea on US critical infrastructure. He’s also worked as a Chief Security Officer in the private sector and served as Pentagon chief of staff from 2015-2017.

Robert M Lee is the founder of Dragos Inc, a very well known company in the ICS/OT security space. Rob started out in infosec with the US Air Force as a Cyber Warfare Operations Officer tasked to the NSA, but as you’ll hear, Rob is actually pretty optimistic about the ICT/OT security challenge.

Oct 31, 2019
Risky Business #560 -- Facebook sues NSO Group

On this week’s show Patrick and gust co-host Alex Stamos discuss the week’s security news, including:

  • Facebook files suit against NSO Group
  • Corellium responds to Apple suit
  • Indian nuclear power plant administrative network likely attacked by DPRK
  • Mass defacement in Georgia. Old schooooool!
  • Fancy Bear targets 2020 Olympics
  • FCC proposes subsidies for telcos to rip and replace Huawei, ZTE equipment
  • City of Johannesburg data held to ransom, but it’s not ransomware
  • Much, much more

This week’s sponsor interview is with Jake King of CMD Security. The topic is applying the MITRE ATT&CK framework

Links to everything that we discussed are below and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes

Will Cathcart - Why WhatsApp is pushing back on NSO Group hacking - The Washington Post
Facebook sues NSO Group for alleged WhatsApp hack - CyberScoop
Exclusive: A ‘Magic’ iPhone Hacking Startup Bites Back At Apple Lawyers — And Demands $300,000
iPhone Emulation Company Sued by Apple Says It's Making iPhones Safer - VICE
(9) Sandhya Sharma on Twitter: "GOI denies reports of #CyberAttack on #kudankulam nuclear power plant and other Indian nuclear power plants control systems. Said they are stand alone not connected to outside cyber network and internet. “Any cyber attack on the Nuclear Power Plant Control System is not possible” https://t.co/o5bUmUKHqp" / Twitter
Indian nuke plant’s network reportedly hit by malware tied to N. Korea | Ars Technica
Indian Nuclear Power Facility Denies Unverified Reports of a Cyber Attack – The Diplomat
Largest cyber-attack in Georgia's history linked to hacked web hosting provider | ZDNet
Fancy Bear hackers targeted at least 16 athletic organizations ahead of Tokyo Olympics
Inside Olympic Destroyer, the Most Deceptive Hack in History | WIRED
FCC proposes rules requiring telcos remove Huawei, ZTE equipment | TechCrunch
City of Johannesburg held for ransom by hacker gang | ZDNet
Vietnamese student behind Android adware strain that infected millions | ZDNet
NSA: 'We know we need to do some work' on declassifying threat intel
Why did Cyber Command back off its recent plans to call out North Korean hacking?
Sens. Warren, Wyden want to know if Amazon shares some blame for the Capital One breach
White House kicks infosec team to curb in IT office shakeup | Ars Technica
DHS is mulling an order that would force agencies to set up vulnerability disclosure programs
Congress Still Doesn't Have an Answer for Ransomware | WIRED
Most system administrators prefer firewall GUIs over CLIs | ZDNet
Australian House Committee to look into age verification for porn | ZDNet
Monash University partners with Chinese state firm linked to industrial espionage
Storage Wars star's parents' garage was raided by Feds for top-secret spy equipment | Daily Mail Online
Cmd – Protect your Linux servers, proactively
Oct 30, 2019
Risky Business #559 -- Maybe it was the Israelis hacking the Russians to masquerade as Iranians?

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Fresh details on Turla’s hostile takeover of Oilrig
  • Russians doing very interesting things with “tagged” TLS
  • China wants an aerospace sector so a lot of people got a lot of owned
  • Imperva releases breach details
  • Zendesk cops to 2016 breach
  • German manufacturer, US transport tech company sunk by ransomware
  • NordVPN gets owned
  • AVAST owned. Lots. Again.
  • Welcome to Video takedown
  • Much, much more

This week’s show is brought to you by Trail of Bits! We’ll be hearing from Trail of Bits practice lead for assurance Stefan Edwards all about their work on a recent security audit of Kubernetes. As it turns out, Kubernetes isn’t actually a horror show, but Stefan thinks you might want to run a hosted instance unless you’re a real expert.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Hacking the hackers: Russian group hijacked Iranian spying operation, officials say - Reuters
Russian hacker group patches Chrome and Firefox to fingerprint TLS traffic | ZDNet
Building China's Comac C919 airplane involved a lot of hacking, report says | ZDNet
Imperva blames data breach on stolen AWS API key | ZDNet
Zendesk discloses 2016 data breach | ZDNet
Major German manufacturer still down a week after getting hit by ransomware | ZDNet
NordVPN admits 'isolated' data breach was discovered last year
Antivirus Giant Avast Hacked By Spies Who Stole Its Passwords
How a Bitcoin Trail Led to a Massive Dark Web Child-Porn Site Takedown | WIRED
Inside the shutdown of the ‘world’s largest’ child sex abuse website | TechCrunch
Hacking 20 high-profile dev accounts could compromise half of the npm ecosystem | ZDNet
US claims cyber strike on Iran after attack on Saudi oil facility | Ars Technica
Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say
Planting Tiny Spy Chips in Hardware Can Cost as Little as $200 | WIRED
Microsoft's Secured-Core PC Feature Protects Critical Code | WIRED
White-hat hacks Muhstik ransomware gang and releases decryption keys | ZDNet
EA to give users a free month of Origin Access if they enable 2FA | ZDNet
Google finds Android zero-day impacting Pixel, Samsung, Huawei, Xiaomi devices | ZDNet
FBI warns of major ransomware attacks as criminals go “big-game hunting” | Ars Technica
Why are cyber insurers incentivizing clients to invest in specific vendors?
Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities
Trump administration looks to throttle Chinese surveillance companies’ business with U.S.
Magecart strikes more than 2 million websites as more groups get involved
Shipping giant Pitney Bowes hit by ransomware | TechCrunch
Apple Mac Hack Warning: North Korea Uses Fake Cryptocurrency Companies To Break Into macOS
Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC - VICE
Intel proposes new SAPM memory type to protect against Spectre-like attacks | ZDNet
Unpatched Linux bug may open devices to serious attacks over Wi-Fi | Ars Technica
Samsung, Google acknowledge flaws in phone-unlocking biometric tools
Rethinking Encryption - Lawfare
A million people are jailed at China's gulags. I managed to escape. Here's what really goes on inside - World News - Haaretz.com
GitHub - lojikil/kubectlfish: Slides from my OWASP AppSec Global DC 2019 talk
audit-kubernetes/reports at master · trailofbits/audit-kubernetes · GitHub
Trail of Bits
Oct 23, 2019
Snake Oilers 10 part 2: Do too many users have VPN access to your prod environment? There's another way!

In this edition of Snake Oilers Patrick speaks to:

  • Justin McCarthy of StrongDM

StrongDM makes a protocol proxy that you can use to provision production services (like Kubernetes and SQL access) to users without them requiring full VPN access to prod. This is very cool stuff, if you manage a large prod environment that’s suffering from VPN sprawl you’ll want to check this one out.

  • Nicholas Davis of Rapid7

Nicholas is the senior technical product manager for InsightIDR. InsightIDR is a SIEM/EDR play that integrates a bunch of stuff. These days Rapid7 is really emphasising the holistic nature of InsightIDR, rather than the endpoint part, and Nicholas joins the show to talk about that.

  • Preston Hogue of F5 Networks

F5 Networks recently acquired NGINX as a part of a push to become cloud-relevant. Their strategy is to allow for F5 security smarts to be inserted basically anywhere and anyhow you want. Preston joins the show to talk about that!

Links to our Snake Oilers sponsors are below!

Oct 09, 2019
Risky Biz Soap Box: Yubico's Jerrod Chong talks series 5 Yubikeys and what's next

These Soap Box podcasts are a wholly sponsored series of podcasts we do here at Risky.Biz, so everyone you hear on the Soap Box podcast paid to be here.

But that’s ok, because we’ve got some great sponsors. This podcast is brought to you by Yubico, makes of the Yubikey devices. These podcasts with Yubico have basically turned into an annual thing. Jerrod Chong is the Chief Solutions Officer at Yubico and he joined me for this conversation about what’s new in Yubico-land. They’ve launched some new stuff, including Yubikeys with lightning adapters for iOS devices, and Jerrod also talks about hardware 2FA moving increasingly to the mainstream.

If you’re reading this within 48 hours of this podcast going live, you can get yourself a $20 discount on any two of the new series 5 Yubikeys by visiting this link and using the code ‘Risky19’.

Oct 03, 2019
Risky Business #558 -- Trump targets Crowdstrike, Apple jailbreakers rejoice

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Apple jailbreakers partying in the streets
  • Donald Trump targets Crowdstrike over 4chan conspiracy nonsense
  • Ransomware absolutely everywhere this week
  • Horror-show VxWorks bugs are popping up in other stacks
  • OnApp fixes mother of all misconfigurations
  • More SIM card issues
  • Much, much more

In this week’s sponsor interview we chat with Mr Sandbox himself, VMRay’s Carsten Willems. He’s along to talk about VMRay’s involvement in a machine-learning bypass competition that happened at DEFCON earlier this year.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval | WIRED
No, it wasn’t a virus; it was Chrome that stopped Macs from booting | Ars Technica
How Trump’s Ukraine Mess Entangled CrowdStrike | WIRED
Trump Was Repeatedly Warned That Ukraine Conspiracy Theory Was ‘Completely Debunked’ - The New York Times
Evan McMurry on Twitter: "NEW: Tom Bossert on Pres. Trump's Crowdstrike reference on Ukraine call: "It's not only a conspiracy theory, it is completely debunked... "I am deeply frustrated with what [Rudy Giuliani] and the legal team is doing in repeating that debunked theory to the president." https://t.co/o1lcVI31u8" / Twitter
Trump Still Doesn't Believe Russia Hacked the 2016 Election | WIRED
Trump told Russian officials in 2017 he wasn’t concerned about Moscow’s interference in U.S. election - The Washington Post
Airbus hit by series of cyber attacks on suppliers
U.S. Steps Up Scrutiny of Airplane Cybersecurity - WSJ
Ransomware forces 3 hospitals to turn away all but the most critical patients | Ars Technica
Surgeries delayed and patient security fears after cyber attack on Victorian hospitals
Wood Ranch Medical Announces Permanent Closure Due to Ransomware Attack
Malware infection disrupts production at defence contractor plants in three countries | ZDNet
Over 500 US schools were hit by ransomware in 2019 | ZDNet
Ransomware incident to cost Danish company a whopping $95 million | ZDNet
Decades-Old Code Is Putting Millions of Critical Devices at Risk | WIRED
Thousands of Cloud Computing Servers Could Be Owned With 'Very Simple' Attack, Researchers Say - VICE
California's new labor law is going to impact bug bounty companies. By how much is unknown.
Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold - VICE
New SIM card attack disclosed, similar to Simjacker | ZDNet
German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting — Krebs on Security
Cloudflare, Google Chrome, and Firefox add HTTP/3 support | ZDNet
Microsoft bans 38 file extensions in Outlook for the Web | ZDNet
AT&T redirected pen-test payloads to the FBI's Tips portal | ZDNet
Azure Sentinel, Microsoft's cloud-based SIEM, hits general availability | ZDNet
Microsoft will now encrypt new SSDs with BitLocker | TechRadar
High-severity vulnerability in vBulletin is being actively exploited | Ars Technica
Cybersecurity giant Comodo can’t even keep its own website secure | TechCrunch
Threesome Blowjob Scene on Giant Highway Billboard Could Have Caused an Accident, Police Say - VICE
Porn on the big screen in central Auckland: Asics video monitor hacked - NZ Herald
Yahoo Engineer Used Insider Access to Get Private Photos of Women - VICE
Landmark White data beach: Sydney IT contractor arrested after high-profile cyber attack
Home - MLSEC
VMRay | Malware Analysis Tools | Malware Sandbox Solutions
Oct 02, 2019
Snake Oilers 10 part 1: Richard Bejtlich talks Zeek plus pitches from Respond Software and PATH Networks

In this edition of the Snake Oilers podcast host Patrick Gray speaks to:

  • Richard Bejtlich of Corelight

Richard talks about Zeek, formerly Bro, and how enterprises can use it to capture useful network information for analysis, forensics and detection purposes. Richard is an industry luminary and it’s a great interview.

  • Marshal Webb of PATH Networks

Marshal explains how new technology like eBPF and XDP mean it’s possible to build DDoS mitigation rigs out of commodity hardware. That means DDoS mitigation is about to get a whole lot cheaper, and PATH is in pole position in this soon-to-be disrupted market.

  • Chris Tiolo from Respond Software

Respond Software makes a decision agent for the modern SOC. They are aiming to completely replace level 1 SOC analysts so those resources can be freed up to do higher-value work. They’re offering free live and retroactive trials of their software, and it definitely belongs in the “why not take it out for a spin” category.

Some links to the company websites and blogs are below!

Sep 26, 2019
Risky Business #557 -- 26 nations release cyber norms statement at UN

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Tibetans targeted in mobile malware campaign
  • Iran denies cyber-attack nobody was asking about
  • More news from the Middle East
  • 26 nations open UN General Assembly with statement on cyber norms
  • Fedex sued over company’s NotPetya response, exec share sales
  • Why “quantum supremacy” isn’t a big deal. Yet.
  • Much, much more

In this week’s sponsor interview we talk to Cody Wood of Signal Sciences about http request smuggling. What it is and why it’s a nightmare to fix.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Androids And iPhones Hacked With Just One WhatsApp Click — And Tibetans Are Under Assault
Footage shows hundreds of blindfolded and shackled prisoners in China – video | World news | The Guardian
Iran denies successful cyber attack on oil sector | The Times of Israel
Advanced hackers are infecting IT providers in hopes of hitting their customers | Ars Technica
The Urgent Search for a Cyber Silver Bullet Against Iran - The New York Times
New research shows more utility companies are being targeted by phishing emails
New North Korean malware targeting ATMs spotted in India | ZDNet
Shareholders allege FedEx covered up damages caused by NotPetya attack
All the Code Connections Between Russia’s Hackers, Visualized | WIRED
World powers are pushing to build their own brand of cyber norms
Google’s ‘Quantum Supremacy’ Isn’t the End of Encryption | WIRED
The FBI Tried to Plant a Backdoor in an Encrypted Phone Network - VICE
Russian national confesses to biggest bank hack in US history | Ars Technica
Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange | ZDNet
Two years later, hackers are still breaching local government payment portals | ZDNet
Massive IT Support Fraud ‘Made $10 Million From Thousands Of Elderly Victims’
Facebook suspended tens of thousands of apps from 400 developers | ZDNet
Massive wave of account hijacks hits YouTube creators | ZDNet
Bloomberg reporter of challenged ‘Big Hack’ story gets promoted - The Washington Post
GitHub security alerts now support PHP projects | ZDNet
Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites | ZDNet
Microsoft releases out-of-band security update to fix IE zero-day & Defender bug | ZDNet
Medicine show: Crown Sterling demos 256-bit RSA key-cracking at private event | Ars Technica
Iowa officials claim confusion over scope led to arrest of pen-testers | Ars Technica
Ask Cybergibbons! on Twitter: "Another interesting week on a ship. As with every previous maritime test, we found a system installed that no one really knew about or understood. Shoreside was totally unaware of its existence." / Twitter
What is HTTP request smuggling? Tutorial & Examples
HTTP Desync Attacks: Request Smuggling Reborn | Blog - PortSwigger
Sep 25, 2019
Risky Business #556 -- US Treasury targets DPRK crews, more details on Ukraine power hack

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • US Treasury targets DPRK APT crews
  • Russia owned FBI counter surveillance team radio comms
  • New details on 2016 attack against Ukraine power grid
  • US Government to sue Edward Snowden for memoir profits
  • Did RCMP intelligence director tip Phantom Secure on investigation?
  • Much, much more!

This week’s sponsor interview is with Casey Ellis of Bugcrowd. It’s an interesting chat with Casey this week. He was at the Billington cyber conference a couple of weeks ago and he had a bunch of interesting discussions there with people in the aerospace sector.

Between recent Black Hat presentations on 787 security and the trouble Boeing has had with it’s 737-MAX, software security and resiliency is all of a sudden on the agenda in aerospace. Casey drops by to talk about all of that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

US Treasury sanctions three North Korean hacking groups | ZDNet
Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups | U.S. Department of the Treasury
North Korean hackers target U.S. entities amid stalled denuclearization talks
Exclusive: Russia carried out a 'stunning' breach of FBI communications system, escalating the spy game on U.S. soil
New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction | WIRED
Exclusive: Australia concluded China was behind hack on parliament, political parties – sources    - Reuters
US sues Edward Snowden over new book | ZDNet
Investigation into senior RCMP official stemmed from disruption of encrypted phone service: sources - National | Globalnews.ca
Israeli police arrest execs from vendor of mobile surveillance tech | ZDNet
Infamous surveillance tech vendor makes pledge to follow UN human rights policy | ZDNet
This Company Built a Private Surveillance Network. We Tracked Someone With It - VICE
Simjacker attack exploited in the wild to track users for at least two years | ZDNet
A Password-Exposing Bug Was Purged From LastPass | WIRED
The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite | WIRED
Database leaks data on most of Ecuador's citizens, including 6.7 million children | ZDNet
Arrest made in Ecuador's massive data breach | ZDNet
Data of 24.3 million Lumin PDF users shared on hacking forum | ZDNet
Hacked government contractor shares breach details as investigation continues
FIN7's IT admin pleads guilty for role in billion-dollar cybercrime crew
Google discloses vulnerability in Chrome OS 'built-in security key' feature | ZDNet
Sophos open-sources Sandboxie, a utility for sandboxing any application | ZDNet
Chrome 77 released with no EV indicators, contact picker, permanent Guest Mode | ZDNet
Most Android flashlight apps request an absurd number of permissions | ZDNet
Cloudflare may have provided service to terrorists, drug traffickers in violation of U.S. sanctions
NY Payroll Company Vanishes With $35 Million — Krebs on Security
2 charged say they were hired to break into Dallas County courthouse
Sep 18, 2019
Risky Business #555 -- Bluekeep Metasploit module released, Paige Thompson pleads not guilty and more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Paige Thompson pleads not guilty to CapitalOne hack
  • German government probes FinFisher
  • Bluekeep Metasploit module dropped
  • DPRK samples hit VT, courtesy of our friends in the USA
  • Apple releases awful statement about mass exploitation of its devices
  • Much more

This week’s show is brought to you by Blackberry Cylance. In this week’s sponsor interview we’ll be talking about US Cybercommand dropping some sweet, sweet APT28 samples on VirusTotal back in May. We’ll talk a little bit about that malware, and also have a more general discussion about CYBERCOM VT drops with Cylance research staffers Steve Barnes and Josh Lemos.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Cyber Command's biggest VirusTotal upload looks to expose North Korean-linked malware
InstaCyber on Twitter: "Uploading of samples isn't burning capability or some sort of (working) counter-CNE operation. This is proven by the large number of actors that keep truckin' on with the same old junk despite disclosure; the number of groups that truly pack up shop, albeit temporarily, is small https://t.co/COkDOLYlwr" / Twitter
The NSA recognizes it needs to share more nation-state threat data, and faster
Apple takes flak for disputing iOS security bombshell dropped by Google | Ars Technica
We must see China - the opportunities and the threats - with clear eyes
Samsung, Huawei, LG, and Sony phones vulnerable to rogue 'provisioning' messages | ZDNet
Zero-day disclosed in Android OS | ZDNet
A Chinese APT is now going after Pulse Secure and Fortinet VPN servers | ZDNet
Metasploit team releases BlueKeep exploit | ZDNet
How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.
German prosecutors investigate spyware maker FinFisher | News | DW | 05.09.2019
Twitter disables SMS-to-tweet feature after its CEO got hacked last week | ZDNet
Accused Capital One hacker pleads not guilty to all charges
Back to school: With latest attack, ransomware cancels classes in Flagstaff | Ars Technica
No municipality paid ransoms in 'coordinated ransomware attack' that hit Texas | ZDNet
Chris Bing on Twitter: "NSA cybersecurity division Director Anne Neuberger says at #BillingtonSummit that Ransomware represents one of the threats facing the election. Explains its a notable vector of attack following attacks on cities across the US." / Twitter
Thousands of servers infected with new Lilocked (Lilu) ransomware | ZDNet
Scraping public website data does not violate CFAA, judge rules
51 tech CEOs send open letter to Congress asking for a federal data privacy law | ZDNet
Microsoft, Hewlett Foundation preparing to launch nonprofit that calls out cyberattacks
Security researchers expose another instance of Chrome patch gapping | ZDNet
Kaspersky launches anti-cheat solution for pro e-sports tournaments | ZDNet
Mozilla launches Firefox VPN extension for US users | ZDNet
Mozilla to gradually enable DNS-over-HTTPS for Firefox US users later this month | ZDNet
Intel server-grade CPUs impacted by new NetCAT attack | ZDNet
U.S. arrests 281 people worldwide accused of involvement in BEC scams
Forget email: Scammers use CEO voice 'deepfakes' to con workers into wiring cash | ZDNet
Cyber-security incident at US power grid entity linked to unpatched firewalls | ZDNet
Secret Service Investigates Breach at U.S. Govt IT Contractor — Krebs on Security
Millions of Exim servers vulnerable to root-granting exploit | ZDNet
Sep 11, 2019
Risky Biz Soap Box: MITRE ATT&CK framework is now officially everywhere

The Soap Box podcast series is a fully sponsored podcast series we do here at Risky.Biz, and that means that everyone you hear in it paid to be featured.

This edition of the Soap Box podcast is brought to you by AttackIQ and in in it we talk to its CISO and VP of customer success Chris Kennedy. And we’ll be discussing a topic of that frankly should be talked about a bit more: the MITRE ATT&CK framework.

We also talk about attack simulation and which security controls are most commonly and catastrophically misconfigured. If you’re a CISO you’ll like this one.

Sep 05, 2019
Risky Business #554 -- Is there an iOS exploit glut?

Alex Stamos is our news co-host this week. Patrick and Alex discuss all the week’s security news, including:

  • Mass exploitation of iOS devices by Chinese govt
  • Telegram moves to nix phone number enumeration “feature”
  • USA targeted Iranian maritime awareness system
  • Existence of Stuxnet mole revealed by Kim Zetter
  • @jack gets hacked
  • Much, much more

This week’s sponsor interview is with Michelle Price of AustCyber. AustCyber is the organisation here in Australia that aims to build out the Australian cyber security industry and skills base, and Michelle pops in this week to tell us all about the upcoming Australian Cyber Week.

Links to everything are below in the show notes.

Show notes

Project Zero: A very deep dive into iOS Exploit chains found in the wild
Mysterious iOS Attack Changes Everything We Know About iPhone Hacking | WIRED
iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources
Apple iPhone Hack Exposed By Google Breaks WhatsApp Encryption
This Has Been the Worst Year for iPhone Security Yet - VICE
Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks | WIRED
Exploit Sellers Say There are More iPhone Hacks on the Market Than They’ve Ever Seen - VICE
Researchers uncover malicious sites targeting China's Uyghur population
Confirmed: Google’s Android Suffers Sustained Attacks By Anti-Uighur Hackers
Exclusive: Messaging app Telegram moves to protect identity of Hong Kong protesters - Reuters
U.S. Cyberattack Hurt Iran’s Ability to Target Oil Tankers, Officials Say - The New York Times
Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
North Korean state hackers target retired diplomats and military officials | ZDNet
How Twitter CEO Jack Dorsey's Account Was Hacked | WIRED
Google launches bounty program to spot misuses of Google API, Chrome, and Android user data | ZDNet
Google adds all Android apps with +100m installs to its bug bounty program | ZDNet
Cisco releases guides for incident responders handling hacked Cisco gear | ZDNet
BEC overtakes ransomware and data breaches in cyber-insurance claims | ZDNet
How MuleSoft patched a critical security flaw and avoided a disaster | ZDNet
Rash of ransomware continues with 13 new victims—most of them schools | Ars Technica
Russian police take down malware gang that infected 800,000+ Android smartphones | ZDNet
Avast and French police take over malware botnet and disinfect 850,000 computers | ZDNet
TrickBot, today's top trojan, adds feature to aid SIM swapping attacks | ZDNet
German bank loses €1.5 million in mysterious cashout of EMV cards | ZDNet
Over 47,000 Supermicro servers are exposing BMC ports on the internet | ZDNet
Spam In your Calendar? Here’s What to Do. — Krebs on Security
Marc Owen Jones on Twitter: "[Thread] As promised, today I want to tell you of how I became friends with a Twitter troll called Angus Gallagher. Angus recently had a sex/ethnicity reassignment operation. He is now called Jasmine, but we'll come to that a bit later. First though, say hi to Angus #StopTheCoup https://t.co/z9cjTZxkxo" / Twitter
Security Engineer job in Austin, TX at Praetorian
National Missing Persons Hackathon 2019 Tickets, Fri 11/10/2019 at 9:30 am | Eventbrite
Sep 04, 2019
Risky Business #553 -- Imperva's cloud WAF gets owned hard
Aug 28, 2019
Risky Biz Soap Box: Casey Ellis on "match.com for hackers"
Aug 22, 2019
Risky Business #552 -- Guest host Alex Stamos on all the week's security news
Aug 21, 2019
Feature Podcast: Inaction is escalatory
Aug 15, 2019
Risky Business #551 -- Post Vegas edition, more news than we can handle
Aug 14, 2019
Risky Business #550 -- CapitalOne owned, Hutchins sentenced, VxWorks horror-show and more!
Jul 31, 2019
Risky Business #549 -- FSB contractor breached, Equifax fined, NSO Group targets cloud
Jul 24, 2019
Risky Biz Soap Box: Ryan Kalember of Proofpoint on "Very Attacked People"
Jul 18, 2019
Risky Business #548 -- Zoom RCE details and all the week's news
Jul 17, 2019
Risky Business #547 -- Zoom-gate, massive GDPR fines, ship hack warnings and more
Jul 10, 2019
Risky Biz Soap Box: Cylance talks Persona
Jul 04, 2019
Risky Business #546 -- The fifth domain sees some action
Jul 03, 2019
Feature podcast: An interview with Jim Baker, former general counsel, FBI
Jun 15, 2019
Risky Business #545 -- US Government loses control of customs mugshot database
Jun 12, 2019
Risky Business #544 -- NYTimes Baltimore report falls over
Jun 05, 2019
Risky Business #543 -- NYTimes blames NSA for Baltimore hacks, Assange faces espionage charges
May 29, 2019
Risky Biz Soap Box: VMRay CEO Carsten Willems talks sandbox tech
May 23, 2019
Risky Business #542 -- Confusion reigns over Huawei ban
May 22, 2019
Risky Biz Soap Box: Signal Sciences on serverless, app-layer deception and more
May 16, 2019
Risky Business #541 -- NSO Group makes global headlines. What next?
May 15, 2019
Risky Business #540 -- In depth: Hamas cyber unit destroyed in air strike
May 08, 2019
Snake Oilers 9 part 2: Rapid7 talks SOAR, Trend Micro on its API-based email security play
May 02, 2019
Risky Business #539 -- Docker Hub owned, Cloudflare, Bloomberg under fire
May 01, 2019
Risky Business #538 -- Marcus Hutchins is a milkshake duck, Iranian APTs doxxed and more
Apr 25, 2019
Snake Oilers 9 part 1: The best Snake Oilers edition we've ever run
Apr 23, 2019
Risky Business #537 -- Assange arrested, WordPress ecosystem on fire
Apr 17, 2019
Risky Business #536 -- Mar-a-Lago arrest, ASUS supply chain attack and more
Apr 10, 2019
Risky Biz Soap Box: All about WebAuthn with Duo Security
Apr 02, 2019
Risky Business #535 -- Stop giving Cloudflare money
Mar 20, 2019
Risky Business #534 -- Manning back in clink, automotive industry under attack
Mar 13, 2019
Risky Business #533 -- Ghidra release, NSA discontinues metadata program and more
Mar 06, 2019
Risky Biz Soap Box: PRODUCT LAUNCH: Backstory by Alphabet's Chronicle
Mar 04, 2019
Risky Business #532 -- A big week of research and tech news
Feb 28, 2019
Risky Business #531 -- Australia's political parties targeted, the Witt indictment and more
Feb 20, 2019
Risky Business #530 -- UAE's Project Raven, Bezosgate and more
Feb 12, 2019
Risky Biz Soap Box: Polyswarm builds a marketplace for AV engines
Feb 07, 2019
Risky Business #529 -- Special guest Rob Joyce, NSA
Feb 05, 2019
Risky Business #528 -- Huawei dinged, epic FaceTime and Exchange bugs
Jan 29, 2019
Risky Business #527 -- Featuring Alex Stamos, The Grugq, Susan Hennessey, Brian Krebs, Kelly Shortridge and Bobby Chesney
Jan 22, 2019
Risky Business #526 -- Huawei arrest in Poland, DPRK SWIFT hack conviction, more from the El Chapo trial
Jan 15, 2019
Risky Business #525 -- Back on deck for 2019!
Jan 09, 2019
Risky Biz Soap Box: From 2 billion events to 350 alerts with Respond Software
Dec 14, 2018
Risky Business #524 -- Huawei CFO arrested, US Government dumps on Equifax
Dec 12, 2018