Risky Business

By Patrick Gray

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Tech News

Open in iTunes

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 803
Reviews: 1

 Oct 10, 2018


Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Episode Date
Risky Business #563 -- Phineas Phisher returns

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Phineas Phisher returns, claims credit for Cayman bank hack and offers bounties for activist hijinks
  • Microsoft cautiously backs DoH
  • Huawei granted another 90-day stay of execution in US market
  • Iranian APT crew targeting ICS supply chain
  • Alexei Burkov extradition complete, appears in US court
  • Some very funny stuff is happening to GPS in the Shanghai area
  • Louisiana government ransomwared, emerges relatively unscathed
  • Official Monero binaries trojaned. Lol.
  • Much, much more!

This week’s show is brought to you by Senetas. Rob Linton from Senetas joins the show this week to talk about its O365 integration for its SureDrop product, a new feature that will be of interest to many Risky Business listeners.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies - VICE
Offshore Bank Targeted By Phineas Fisher Confirms it Was Hacked - VICE
Microsoft says yes to future encrypted DNS requests in Windows | Ars Technica
Exclusive: U.S. manufacturing group hacked by China as trade talks intensified - sources - Reuters
US grants Huawei new 90-day license extension
Iran’s APT33 Hackers Are Targeting Industrial Control Systems | WIRED
How Iran's Government Shut Off the Internet | WIRED
Why Were the Russians So Set Against This Hacker Being Extradited? — Krebs on Security
Russia Fails to Stop Alleged Hacker From Facing US Charges | WIRED
Ghost ships, crop circles, and soft gold: A GPS mystery in Shanghai - MIT Technology Review
Ransomware hits Louisiana state government systems | ZDNet
Ransomware Bites 400 Veterinary Hospitals — Krebs on Security
Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware' | ZDNet
Official Monero website compromised with malware that steals funds | ZDNet
Anonymous hacker gets a whopping six years in prison for some lame DDoS attacks | ZDNet
DDoS-for-Hire Boss Gets 13 Months Jail Time — Krebs on Security
US student was allegedly building a custom Gentoo Linux distro for ISIS | ZDNet
20-year-old Chicago man charged with writing code to spread ISIS propaganda
The Dark Overlord hacking suspect who's fighting extradition to the U.S. is running out of options
Citing security concerns, senators call on White House to appoint coordinator for 5G issues
Burglars Really Do Use Bluetooth Scanners to Find Laptops and Phones | WIRED
LA warns of ‘juice-jacking’ malware, but admits it has no cases | TechCrunch
Someone is using the 'Cozy Bear' moniker to scare DDoS victims into bitcoin payments
146 New Vulnerabilities All Come Preinstalled on Android Phones | WIRED
As iOS vulnerabilities emerge, a new app promises to detect hacked iPhones
GitHub launches 'Security Lab' to help secure open source ecosystem | ZDNet
Google Chrome experiment crashes browser tabs, impacts companies worldwide | ZDNet
Chrome, Edge, Safari hacked at elite Chinese hacking contest | ZDNet
Company discovered it was hacked after a server ran out of free space | ZDNet
TPM-FAIL vulnerabilities impact TPM chips in desktops, laptops, servers | ZDNet
How a turf war and a botched contract landed 2 pentesters in Iowa jail | Ars Technica
What Happens When You Remove a Police-Installed GPS Tracker | WIRED
Nov 21, 2019
Risky Business #562 -- Two former Twitter staff charged over Saudi spying

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Two ex Twitter employees charged with spying for KSA
  • US border device searches now require suspicion after ACLU win
  • Unredacted Corellium lawsuit response drops
  • Ransomware attacks on hospitals increase mortality
  • Much, much more!

This week’s sponsor interview is with Stephan Chenette, the co-founder and CTO of AttackIQ. We talk to him about some CSOs playing Pokemon Go with MITRE ATT&CK (“Gotta catch ‘em all!”) and about recent ATT&CK developments.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Twitter Insiders Allegedly Spied for Saudi Arabia | WIRED
Former Trend Micro employee enabled scam calls by stealing customers' personal data
Federal Court Rules Suspicionless Searches of Travelers’ Phones and Laptops Unconstitutional | American Civil Liberties Union
Corellium claims Apple sued it after acquisition talks fell through
U.K.’s Labour Party ‘Hit By Large Cyberattack’ A Month Before Election
Cyber Command flags North Korean-linked hackers behind ongoing financial heists
Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks — Krebs on Security
As 5G Rolls Out, Troubling New Security Flaws Emerge | WIRED
DNS-over-HTTPS will eventually roll out in all major browsers, despite ISP opposition | ZDNet
Phones and PCs sold in Russia will have to come pre-installed with Russian apps | ZDNet
Capital One replaces security chief after data breach | TechCrunch
One of the world’s most advanced hacking groups debuts new Titanium backdoor | Ars Technica
Facebook Portal survives Pwn2Own hacking contest, Amazon Echo got hacked | ZDNet
Between 200,000 and 240,000 Magento online stores will reach EOL next year | ZDNet
Major ASP.NET hosting provider infected by ransomware | ZDNet
Mysterious hacker dumps database of infamous IronMarch neo-nazi forum | ZDNet
Breaking the law: How 8chan (or “8kun”) got (briefly) back online | Ars Technica
Microsoft's Rust experiments are going well, but some features are missing | ZDNet
Further enhancing security from Microsoft, not just for Microsoft
Microsoft to apply California's privacy law for all US users | ZDNet
'Chronicle Is Dead and Google Killed It' - VICE
Google Enlists Outside Help to Clean Up Android's Malware Mess | WIRED
Manual code review finds 35 vulnerabilities in 8 enclave SDKs | ZDNet
Amid NSA warning, attacks on Confluence have risen in recent weeks
Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash | Ars Technica
Intel Fixes a Security Flaw It Said Was Repaired 6 Months Ago - The New York Times
Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings | WIRED
Influencers Pay Thousands to Get Back Into Their Hacked Instagram Accounts - VICE
Nov 13, 2019
Risky Biz Soap Box: Capsule8 chief scientist Brandon Edwards

The Soap Box podcast is a wholly sponsored podcast series we do here at Risky.biz, which means everyone you hear on it paid to appear.

This edition of the Soap Box is brought to you by Capsule8.

It’s taken a long time, but over the last couple of years we’ve seen a meaningful Linux security software market emerge. It makes sense, I guess, considering the modern production environment is all glued together from various Linux systems. So, we’re seeing some interesting approaches to the Linux security challenge pop up.

Capsule8 makes detection and visibility software for Linux. You can use it to spot various types of funny behaviour on your Linux systems. Brandon Edwards is Capsule8’s chief scientist and he is our guest today.

We speak about a few things, but primarily this conversation centres on the fact that modern production environments have become so complex it’s almost impossible to comprehend how they work. We’ve lost insight, and we’ve even lost the ability to understand how individual security flaws can impact our wider production environments.

So we’re going to talk about complexity in modern production environments, and then we’ll talk a bit about Capsule8’s approach to the Linux security challenge. Enjoy!

Nov 07, 2019
Risky Business #561 -- Report: NSO exploits used against politicians, senior military targets

On this week’s show Patrick Gray and Mark Piper discuss all the week’s security news, including:

  • NSO Group malware turning up in some unexpected places
  • Bluekeep mass exploitation finally begins
  • Owning smart home devices with friggin’ lasers
  • Two plead guilty to hacks on Lynda.com, Uber
  • Imperva CEO departs following breach
  • TLS Delegated Credentials sound like A VERY GOOD IDEA
  • Cybercommand heads to Montenegro
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Haroon Meer and Adrian Sanabria from Thinkst recently did a keynote talk at the Virus Bulletin conference in London. Titled “The Security Products We Deserve,” it’s a stinging critique of the security product lifecycle. VC firms keeping stupid ideas alive, analyst firms being parasites, vendors not doing security testing on their equipment and so much more. We’ll be talking to Haroon Meer about that keynote in this week’s sponsor interview, which will run after this week’s news segment.

Links to everything are below.

Show notes

Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources - Reuters
Snooping row: Priyanka Gandhi's WhatsApp also targeted, claims Congress | India News - Times of India
WhatsApp's Case Against NSO Group Hinges on a Tricky Legal Argument | WIRED
Facebook deletes the accounts of NSO Group workers | Ars Technica
The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic | WIRED
Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home | WIRED
2 Plead Guilty in 2016 Uber and Lynda.com Hacks - The New York Times
Imperva planned to keep its CEO through a merger. Two months after a breach, he’s out.
Facebook, Mozilla, and Cloudflare announce new TLS Delegated Credentials standard | ZDNet
Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections
Election security drill pits red-team hackers against DHS, FBI and police
The count of managed service providers getting hit with ransomware mounts | Ars Technica
Japanese media giant Nikkei says $29 million lost in BEC scam
An inside look at WP-VCD, today's largest WordPress hacking operation | ZDNet
Chinese hackers developed malware to steal SMS messages from telco's network | ZDNet
Thousands of QNAP NAS devices have been infected with the QSnatch malware | ZDNet
Utah renewables company was hit by rare cyberattack in March
Ubisoft reports 93% drop in DDoS attacks after pushing back against attackers | ZDNet
Breaches at NetworkSolutions, Register.com, and Web.com — Krebs on Security
How would MITRE’s popular cyberattack framework apply to industrial control systems?
Google Is Helping Design an Open Source, Ultra-Secure Chip | WIRED
Alleged Capital One hacker Paige Thompson to be released before trial
Huawei calls hackers to Munich for secret bug bounty meeting | TechCrunch
GitLab considers ban on new hires in China and Russia due to espionage fears | ZDNet
Keynote address: The security products we deserve - YouTube
Nov 06, 2019
Feature Podcast: Critical infrastructure security with Eric Rosenbach and Robert M Lee

This podcast is brought to you by the William and Flora Hewlett Foundation, and it’s the second in a series of podcasts we’re doing that are all about cyber policy.

The Foundation funds a lot of interesting people and work in the cybersecurity space. So the idea behind this podcast series is pretty simple: we talk to Hewlett’s grant recipients, or experts in Hewlett’s network, about pressing policy issues and turn those conversations into podcasts. The whole idea is to get some policy perspectives out there among the Risky Business audience, which, funnily enough, includes a lot of policymakers.

This podcast features both Eric Rosenbach and Robert M Lee talking about ICS security.

Eric is the co-director of the Belfer Center for Science and International Affairs at the Harvard Kennedy School. He also heads the Defending Digital Democracy project there. Eric has a very long and somewhat fascinating resume. As United States Assistant Secretary of Defense he led the US Defense Department’s efforts to counter cyberattacks by Iran and North Korea on US critical infrastructure. He’s also worked as a Chief Security Officer in the private sector and served as Pentagon chief of staff from 2015-2017.

Robert M Lee is the founder of Dragos Inc, a very well known company in the ICS/OT security space. Rob started out in infosec with the US Air Force as a Cyber Warfare Operations Officer tasked to the NSA, but as you’ll hear, Rob is actually pretty optimistic about the ICT/OT security challenge.

Oct 31, 2019
Risky Business #560 -- Facebook sues NSO Group

On this week’s show Patrick and gust co-host Alex Stamos discuss the week’s security news, including:

  • Facebook files suit against NSO Group
  • Corellium responds to Apple suit
  • Indian nuclear power plant administrative network likely attacked by DPRK
  • Mass defacement in Georgia. Old schooooool!
  • Fancy Bear targets 2020 Olympics
  • FCC proposes subsidies for telcos to rip and replace Huawei, ZTE equipment
  • City of Johannesburg data held to ransom, but it’s not ransomware
  • Much, much more

This week’s sponsor interview is with Jake King of CMD Security. The topic is applying the MITRE ATT&CK framework

Links to everything that we discussed are below and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes

Will Cathcart - Why WhatsApp is pushing back on NSO Group hacking - The Washington Post
Facebook sues NSO Group for alleged WhatsApp hack - CyberScoop
Exclusive: A ‘Magic’ iPhone Hacking Startup Bites Back At Apple Lawyers — And Demands $300,000
iPhone Emulation Company Sued by Apple Says It's Making iPhones Safer - VICE
(9) Sandhya Sharma on Twitter: "GOI denies reports of #CyberAttack on #kudankulam nuclear power plant and other Indian nuclear power plants control systems. Said they are stand alone not connected to outside cyber network and internet. “Any cyber attack on the Nuclear Power Plant Control System is not possible” https://t.co/o5bUmUKHqp" / Twitter
Indian nuke plant’s network reportedly hit by malware tied to N. Korea | Ars Technica
Indian Nuclear Power Facility Denies Unverified Reports of a Cyber Attack – The Diplomat
Largest cyber-attack in Georgia's history linked to hacked web hosting provider | ZDNet
Fancy Bear hackers targeted at least 16 athletic organizations ahead of Tokyo Olympics
Inside Olympic Destroyer, the Most Deceptive Hack in History | WIRED
FCC proposes rules requiring telcos remove Huawei, ZTE equipment | TechCrunch
City of Johannesburg held for ransom by hacker gang | ZDNet
Vietnamese student behind Android adware strain that infected millions | ZDNet
NSA: 'We know we need to do some work' on declassifying threat intel
Why did Cyber Command back off its recent plans to call out North Korean hacking?
Sens. Warren, Wyden want to know if Amazon shares some blame for the Capital One breach
White House kicks infosec team to curb in IT office shakeup | Ars Technica
DHS is mulling an order that would force agencies to set up vulnerability disclosure programs
Congress Still Doesn't Have an Answer for Ransomware | WIRED
Most system administrators prefer firewall GUIs over CLIs | ZDNet
Australian House Committee to look into age verification for porn | ZDNet
Monash University partners with Chinese state firm linked to industrial espionage
Storage Wars star's parents' garage was raided by Feds for top-secret spy equipment | Daily Mail Online
Cmd – Protect your Linux servers, proactively
Oct 30, 2019
Risky Business #559 -- Maybe it was the Israelis hacking the Russians to masquerade as Iranians?

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Fresh details on Turla’s hostile takeover of Oilrig
  • Russians doing very interesting things with “tagged” TLS
  • China wants an aerospace sector so a lot of people got a lot of owned
  • Imperva releases breach details
  • Zendesk cops to 2016 breach
  • German manufacturer, US transport tech company sunk by ransomware
  • NordVPN gets owned
  • AVAST owned. Lots. Again.
  • Welcome to Video takedown
  • Much, much more

This week’s show is brought to you by Trail of Bits! We’ll be hearing from Trail of Bits practice lead for assurance Stefan Edwards all about their work on a recent security audit of Kubernetes. As it turns out, Kubernetes isn’t actually a horror show, but Stefan thinks you might want to run a hosted instance unless you’re a real expert.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Hacking the hackers: Russian group hijacked Iranian spying operation, officials say - Reuters
Russian hacker group patches Chrome and Firefox to fingerprint TLS traffic | ZDNet
Building China's Comac C919 airplane involved a lot of hacking, report says | ZDNet
Imperva blames data breach on stolen AWS API key | ZDNet
Zendesk discloses 2016 data breach | ZDNet
Major German manufacturer still down a week after getting hit by ransomware | ZDNet
NordVPN admits 'isolated' data breach was discovered last year
Antivirus Giant Avast Hacked By Spies Who Stole Its Passwords
How a Bitcoin Trail Led to a Massive Dark Web Child-Porn Site Takedown | WIRED
Inside the shutdown of the ‘world’s largest’ child sex abuse website | TechCrunch
Hacking 20 high-profile dev accounts could compromise half of the npm ecosystem | ZDNet
US claims cyber strike on Iran after attack on Saudi oil facility | Ars Technica
Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say
Planting Tiny Spy Chips in Hardware Can Cost as Little as $200 | WIRED
Microsoft's Secured-Core PC Feature Protects Critical Code | WIRED
White-hat hacks Muhstik ransomware gang and releases decryption keys | ZDNet
EA to give users a free month of Origin Access if they enable 2FA | ZDNet
Google finds Android zero-day impacting Pixel, Samsung, Huawei, Xiaomi devices | ZDNet
FBI warns of major ransomware attacks as criminals go “big-game hunting” | Ars Technica
Why are cyber insurers incentivizing clients to invest in specific vendors?
Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities
Trump administration looks to throttle Chinese surveillance companies’ business with U.S.
Magecart strikes more than 2 million websites as more groups get involved
Shipping giant Pitney Bowes hit by ransomware | TechCrunch
Apple Mac Hack Warning: North Korea Uses Fake Cryptocurrency Companies To Break Into macOS
Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC - VICE
Intel proposes new SAPM memory type to protect against Spectre-like attacks | ZDNet
Unpatched Linux bug may open devices to serious attacks over Wi-Fi | Ars Technica
Samsung, Google acknowledge flaws in phone-unlocking biometric tools
Rethinking Encryption - Lawfare
A million people are jailed at China's gulags. I managed to escape. Here's what really goes on inside - World News - Haaretz.com
GitHub - lojikil/kubectlfish: Slides from my OWASP AppSec Global DC 2019 talk
audit-kubernetes/reports at master · trailofbits/audit-kubernetes · GitHub
Trail of Bits
Oct 23, 2019
Snake Oilers 10 part 2: Do too many users have VPN access to your prod environment? There's another way!

In this edition of Snake Oilers Patrick speaks to:

  • Justin McCarthy of StrongDM

StrongDM makes a protocol proxy that you can use to provision production services (like Kubernetes and SQL access) to users without them requiring full VPN access to prod. This is very cool stuff, if you manage a large prod environment that’s suffering from VPN sprawl you’ll want to check this one out.

  • Nicholas Davis of Rapid7

Nicholas is the senior technical product manager for InsightIDR. InsightIDR is a SIEM/EDR play that integrates a bunch of stuff. These days Rapid7 is really emphasising the holistic nature of InsightIDR, rather than the endpoint part, and Nicholas joins the show to talk about that.

  • Preston Hogue of F5 Networks

F5 Networks recently acquired NGINX as a part of a push to become cloud-relevant. Their strategy is to allow for F5 security smarts to be inserted basically anywhere and anyhow you want. Preston joins the show to talk about that!

Links to our Snake Oilers sponsors are below!

Oct 09, 2019
Risky Biz Soap Box: Yubico's Jerrod Chong talks series 5 Yubikeys and what's next

These Soap Box podcasts are a wholly sponsored series of podcasts we do here at Risky.Biz, so everyone you hear on the Soap Box podcast paid to be here.

But that’s ok, because we’ve got some great sponsors. This podcast is brought to you by Yubico, makes of the Yubikey devices. These podcasts with Yubico have basically turned into an annual thing. Jerrod Chong is the Chief Solutions Officer at Yubico and he joined me for this conversation about what’s new in Yubico-land. They’ve launched some new stuff, including Yubikeys with lightning adapters for iOS devices, and Jerrod also talks about hardware 2FA moving increasingly to the mainstream.

If you’re reading this within 48 hours of this podcast going live, you can get yourself a $20 discount on any two of the new series 5 Yubikeys by visiting this link and using the code ‘Risky19’.

Oct 03, 2019
Risky Business #558 -- Trump targets Crowdstrike, Apple jailbreakers rejoice

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Apple jailbreakers partying in the streets
  • Donald Trump targets Crowdstrike over 4chan conspiracy nonsense
  • Ransomware absolutely everywhere this week
  • Horror-show VxWorks bugs are popping up in other stacks
  • OnApp fixes mother of all misconfigurations
  • More SIM card issues
  • Much, much more

In this week’s sponsor interview we chat with Mr Sandbox himself, VMRay’s Carsten Willems. He’s along to talk about VMRay’s involvement in a machine-learning bypass competition that happened at DEFCON earlier this year.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval | WIRED
No, it wasn’t a virus; it was Chrome that stopped Macs from booting | Ars Technica
How Trump’s Ukraine Mess Entangled CrowdStrike | WIRED
Trump Was Repeatedly Warned That Ukraine Conspiracy Theory Was ‘Completely Debunked’ - The New York Times
Evan McMurry on Twitter: "NEW: Tom Bossert on Pres. Trump's Crowdstrike reference on Ukraine call: "It's not only a conspiracy theory, it is completely debunked... "I am deeply frustrated with what [Rudy Giuliani] and the legal team is doing in repeating that debunked theory to the president." https://t.co/o1lcVI31u8" / Twitter
Trump Still Doesn't Believe Russia Hacked the 2016 Election | WIRED
Trump told Russian officials in 2017 he wasn’t concerned about Moscow’s interference in U.S. election - The Washington Post
Airbus hit by series of cyber attacks on suppliers
U.S. Steps Up Scrutiny of Airplane Cybersecurity - WSJ
Ransomware forces 3 hospitals to turn away all but the most critical patients | Ars Technica
Surgeries delayed and patient security fears after cyber attack on Victorian hospitals
Wood Ranch Medical Announces Permanent Closure Due to Ransomware Attack
Malware infection disrupts production at defence contractor plants in three countries | ZDNet
Over 500 US schools were hit by ransomware in 2019 | ZDNet
Ransomware incident to cost Danish company a whopping $95 million | ZDNet
Decades-Old Code Is Putting Millions of Critical Devices at Risk | WIRED
Thousands of Cloud Computing Servers Could Be Owned With 'Very Simple' Attack, Researchers Say - VICE
California's new labor law is going to impact bug bounty companies. By how much is unknown.
Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold - VICE
New SIM card attack disclosed, similar to Simjacker | ZDNet
German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting — Krebs on Security
Cloudflare, Google Chrome, and Firefox add HTTP/3 support | ZDNet
Microsoft bans 38 file extensions in Outlook for the Web | ZDNet
AT&T redirected pen-test payloads to the FBI's Tips portal | ZDNet
Azure Sentinel, Microsoft's cloud-based SIEM, hits general availability | ZDNet
Microsoft will now encrypt new SSDs with BitLocker | TechRadar
High-severity vulnerability in vBulletin is being actively exploited | Ars Technica
Cybersecurity giant Comodo can’t even keep its own website secure | TechCrunch
Threesome Blowjob Scene on Giant Highway Billboard Could Have Caused an Accident, Police Say - VICE
Porn on the big screen in central Auckland: Asics video monitor hacked - NZ Herald
Yahoo Engineer Used Insider Access to Get Private Photos of Women - VICE
Landmark White data beach: Sydney IT contractor arrested after high-profile cyber attack
Home - MLSEC
VMRay | Malware Analysis Tools | Malware Sandbox Solutions
Oct 02, 2019
Snake Oilers 10 part 1: Richard Bejtlich talks Zeek plus pitches from Respond Software and PATH Networks

In this edition of the Snake Oilers podcast host Patrick Gray speaks to:

  • Richard Bejtlich of Corelight

Richard talks about Zeek, formerly Bro, and how enterprises can use it to capture useful network information for analysis, forensics and detection purposes. Richard is an industry luminary and it’s a great interview.

  • Marshal Webb of PATH Networks

Marshal explains how new technology like eBPF and XDP mean it’s possible to build DDoS mitigation rigs out of commodity hardware. That means DDoS mitigation is about to get a whole lot cheaper, and PATH is in pole position in this soon-to-be disrupted market.

  • Chris Triolo from Respond Software

Respond Software makes a decision agent for the modern SOC. They are aiming to completely replace level 1 SOC analysts so those resources can be freed up to do higher-value work. They’re offering free live and retroactive trials of their software, and it definitely belongs in the “why not take it out for a spin” category.

Some links to the company websites and blogs are below!

Sep 26, 2019
Risky Business #557 -- 26 nations release cyber norms statement at UN

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Tibetans targeted in mobile malware campaign
  • Iran denies cyber-attack nobody was asking about
  • More news from the Middle East
  • 26 nations open UN General Assembly with statement on cyber norms
  • Fedex sued over company’s NotPetya response, exec share sales
  • Why “quantum supremacy” isn’t a big deal. Yet.
  • Much, much more

In this week’s sponsor interview we talk to Cody Wood of Signal Sciences about http request smuggling. What it is and why it’s a nightmare to fix.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Androids And iPhones Hacked With Just One WhatsApp Click — And Tibetans Are Under Assault
Footage shows hundreds of blindfolded and shackled prisoners in China – video | World news | The Guardian
Iran denies successful cyber attack on oil sector | The Times of Israel
Advanced hackers are infecting IT providers in hopes of hitting their customers | Ars Technica
The Urgent Search for a Cyber Silver Bullet Against Iran - The New York Times
New research shows more utility companies are being targeted by phishing emails
New North Korean malware targeting ATMs spotted in India | ZDNet
Shareholders allege FedEx covered up damages caused by NotPetya attack
All the Code Connections Between Russia’s Hackers, Visualized | WIRED
World powers are pushing to build their own brand of cyber norms
Google’s ‘Quantum Supremacy’ Isn’t the End of Encryption | WIRED
The FBI Tried to Plant a Backdoor in an Encrypted Phone Network - VICE
Russian national confesses to biggest bank hack in US history | Ars Technica
Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange | ZDNet
Two years later, hackers are still breaching local government payment portals | ZDNet
Massive IT Support Fraud ‘Made $10 Million From Thousands Of Elderly Victims’
Facebook suspended tens of thousands of apps from 400 developers | ZDNet
Massive wave of account hijacks hits YouTube creators | ZDNet
Bloomberg reporter of challenged ‘Big Hack’ story gets promoted - The Washington Post
GitHub security alerts now support PHP projects | ZDNet
Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites | ZDNet
Microsoft releases out-of-band security update to fix IE zero-day & Defender bug | ZDNet
Medicine show: Crown Sterling demos 256-bit RSA key-cracking at private event | Ars Technica
Iowa officials claim confusion over scope led to arrest of pen-testers | Ars Technica
Ask Cybergibbons! on Twitter: "Another interesting week on a ship. As with every previous maritime test, we found a system installed that no one really knew about or understood. Shoreside was totally unaware of its existence." / Twitter
What is HTTP request smuggling? Tutorial & Examples
HTTP Desync Attacks: Request Smuggling Reborn | Blog - PortSwigger
Sep 25, 2019
Risky Business #556 -- US Treasury targets DPRK crews, more details on Ukraine power hack

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • US Treasury targets DPRK APT crews
  • Russia owned FBI counter surveillance team radio comms
  • New details on 2016 attack against Ukraine power grid
  • US Government to sue Edward Snowden for memoir profits
  • Did RCMP intelligence director tip Phantom Secure on investigation?
  • Much, much more!

This week’s sponsor interview is with Casey Ellis of Bugcrowd. It’s an interesting chat with Casey this week. He was at the Billington cyber conference a couple of weeks ago and he had a bunch of interesting discussions there with people in the aerospace sector.

Between recent Black Hat presentations on 787 security and the trouble Boeing has had with it’s 737-MAX, software security and resiliency is all of a sudden on the agenda in aerospace. Casey drops by to talk about all of that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

US Treasury sanctions three North Korean hacking groups | ZDNet
Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups | U.S. Department of the Treasury
North Korean hackers target U.S. entities amid stalled denuclearization talks
Exclusive: Russia carried out a 'stunning' breach of FBI communications system, escalating the spy game on U.S. soil
New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction | WIRED
Exclusive: Australia concluded China was behind hack on parliament, political parties – sources    - Reuters
US sues Edward Snowden over new book | ZDNet
Investigation into senior RCMP official stemmed from disruption of encrypted phone service: sources - National | Globalnews.ca
Israeli police arrest execs from vendor of mobile surveillance tech | ZDNet
Infamous surveillance tech vendor makes pledge to follow UN human rights policy | ZDNet
This Company Built a Private Surveillance Network. We Tracked Someone With It - VICE
Simjacker attack exploited in the wild to track users for at least two years | ZDNet
A Password-Exposing Bug Was Purged From LastPass | WIRED
The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite | WIRED
Database leaks data on most of Ecuador's citizens, including 6.7 million children | ZDNet
Arrest made in Ecuador's massive data breach | ZDNet
Data of 24.3 million Lumin PDF users shared on hacking forum | ZDNet
Hacked government contractor shares breach details as investigation continues
FIN7's IT admin pleads guilty for role in billion-dollar cybercrime crew
Google discloses vulnerability in Chrome OS 'built-in security key' feature | ZDNet
Sophos open-sources Sandboxie, a utility for sandboxing any application | ZDNet
Chrome 77 released with no EV indicators, contact picker, permanent Guest Mode | ZDNet
Most Android flashlight apps request an absurd number of permissions | ZDNet
Cloudflare may have provided service to terrorists, drug traffickers in violation of U.S. sanctions
NY Payroll Company Vanishes With $35 Million — Krebs on Security
2 charged say they were hired to break into Dallas County courthouse
Sep 18, 2019
Risky Business #555 -- Bluekeep Metasploit module released, Paige Thompson pleads not guilty and more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Paige Thompson pleads not guilty to CapitalOne hack
  • German government probes FinFisher
  • Bluekeep Metasploit module dropped
  • DPRK samples hit VT, courtesy of our friends in the USA
  • Apple releases awful statement about mass exploitation of its devices
  • Much more

This week’s show is brought to you by Blackberry Cylance. In this week’s sponsor interview we’ll be talking about US Cybercommand dropping some sweet, sweet APT28 samples on VirusTotal back in May. We’ll talk a little bit about that malware, and also have a more general discussion about CYBERCOM VT drops with Cylance research staffers Steve Barnes and Josh Lemos.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Cyber Command's biggest VirusTotal upload looks to expose North Korean-linked malware
InstaCyber on Twitter: "Uploading of samples isn't burning capability or some sort of (working) counter-CNE operation. This is proven by the large number of actors that keep truckin' on with the same old junk despite disclosure; the number of groups that truly pack up shop, albeit temporarily, is small https://t.co/COkDOLYlwr" / Twitter
The NSA recognizes it needs to share more nation-state threat data, and faster
Apple takes flak for disputing iOS security bombshell dropped by Google | Ars Technica
We must see China - the opportunities and the threats - with clear eyes
Samsung, Huawei, LG, and Sony phones vulnerable to rogue 'provisioning' messages | ZDNet
Zero-day disclosed in Android OS | ZDNet
A Chinese APT is now going after Pulse Secure and Fortinet VPN servers | ZDNet
Metasploit team releases BlueKeep exploit | ZDNet
How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.
German prosecutors investigate spyware maker FinFisher | News | DW | 05.09.2019
Twitter disables SMS-to-tweet feature after its CEO got hacked last week | ZDNet
Accused Capital One hacker pleads not guilty to all charges
Back to school: With latest attack, ransomware cancels classes in Flagstaff | Ars Technica
No municipality paid ransoms in 'coordinated ransomware attack' that hit Texas | ZDNet
Chris Bing on Twitter: "NSA cybersecurity division Director Anne Neuberger says at #BillingtonSummit that Ransomware represents one of the threats facing the election. Explains its a notable vector of attack following attacks on cities across the US." / Twitter
Thousands of servers infected with new Lilocked (Lilu) ransomware | ZDNet
Scraping public website data does not violate CFAA, judge rules
51 tech CEOs send open letter to Congress asking for a federal data privacy law | ZDNet
Microsoft, Hewlett Foundation preparing to launch nonprofit that calls out cyberattacks
Security researchers expose another instance of Chrome patch gapping | ZDNet
Kaspersky launches anti-cheat solution for pro e-sports tournaments | ZDNet
Mozilla launches Firefox VPN extension for US users | ZDNet
Mozilla to gradually enable DNS-over-HTTPS for Firefox US users later this month | ZDNet
Intel server-grade CPUs impacted by new NetCAT attack | ZDNet
U.S. arrests 281 people worldwide accused of involvement in BEC scams
Forget email: Scammers use CEO voice 'deepfakes' to con workers into wiring cash | ZDNet
Cyber-security incident at US power grid entity linked to unpatched firewalls | ZDNet
Secret Service Investigates Breach at U.S. Govt IT Contractor — Krebs on Security
Millions of Exim servers vulnerable to root-granting exploit | ZDNet
Sep 11, 2019
Risky Biz Soap Box: MITRE ATT&CK framework is now officially everywhere

The Soap Box podcast series is a fully sponsored podcast series we do here at Risky.Biz, and that means that everyone you hear in it paid to be featured.

This edition of the Soap Box podcast is brought to you by AttackIQ and in in it we talk to its CISO and VP of customer success Chris Kennedy. And we’ll be discussing a topic of that frankly should be talked about a bit more: the MITRE ATT&CK framework.

We also talk about attack simulation and which security controls are most commonly and catastrophically misconfigured. If you’re a CISO you’ll like this one.

Sep 05, 2019
Risky Business #554 -- Is there an iOS exploit glut?

Alex Stamos is our news co-host this week. Patrick and Alex discuss all the week’s security news, including:

  • Mass exploitation of iOS devices by Chinese govt
  • Telegram moves to nix phone number enumeration “feature”
  • USA targeted Iranian maritime awareness system
  • Existence of Stuxnet mole revealed by Kim Zetter
  • @jack gets hacked
  • Much, much more

This week’s sponsor interview is with Michelle Price of AustCyber. AustCyber is the organisation here in Australia that aims to build out the Australian cyber security industry and skills base, and Michelle pops in this week to tell us all about the upcoming Australian Cyber Week.

Links to everything are below in the show notes.

Show notes

Project Zero: A very deep dive into iOS Exploit chains found in the wild
Mysterious iOS Attack Changes Everything We Know About iPhone Hacking | WIRED
iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources
Apple iPhone Hack Exposed By Google Breaks WhatsApp Encryption
This Has Been the Worst Year for iPhone Security Yet - VICE
Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks | WIRED
Exploit Sellers Say There are More iPhone Hacks on the Market Than They’ve Ever Seen - VICE
Researchers uncover malicious sites targeting China's Uyghur population
Confirmed: Google’s Android Suffers Sustained Attacks By Anti-Uighur Hackers
Exclusive: Messaging app Telegram moves to protect identity of Hong Kong protesters - Reuters
U.S. Cyberattack Hurt Iran’s Ability to Target Oil Tankers, Officials Say - The New York Times
Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
North Korean state hackers target retired diplomats and military officials | ZDNet
How Twitter CEO Jack Dorsey's Account Was Hacked | WIRED
Google launches bounty program to spot misuses of Google API, Chrome, and Android user data | ZDNet
Google adds all Android apps with +100m installs to its bug bounty program | ZDNet
Cisco releases guides for incident responders handling hacked Cisco gear | ZDNet
BEC overtakes ransomware and data breaches in cyber-insurance claims | ZDNet
How MuleSoft patched a critical security flaw and avoided a disaster | ZDNet
Rash of ransomware continues with 13 new victims—most of them schools | Ars Technica
Russian police take down malware gang that infected 800,000+ Android smartphones | ZDNet
Avast and French police take over malware botnet and disinfect 850,000 computers | ZDNet
TrickBot, today's top trojan, adds feature to aid SIM swapping attacks | ZDNet
German bank loses €1.5 million in mysterious cashout of EMV cards | ZDNet
Over 47,000 Supermicro servers are exposing BMC ports on the internet | ZDNet
Spam In your Calendar? Here’s What to Do. — Krebs on Security
Marc Owen Jones on Twitter: "[Thread] As promised, today I want to tell you of how I became friends with a Twitter troll called Angus Gallagher. Angus recently had a sex/ethnicity reassignment operation. He is now called Jasmine, but we'll come to that a bit later. First though, say hi to Angus #StopTheCoup https://t.co/z9cjTZxkxo" / Twitter
Security Engineer job in Austin, TX at Praetorian
National Missing Persons Hackathon 2019 Tickets, Fri 11/10/2019 at 9:30 am | Eventbrite
Sep 04, 2019
Risky Business #553 -- Imperva's cloud WAF gets owned hard

On this week’s show Adam Boileau and Patrick Gray discuss the week’s security news, including:

  • Fortinet, Pulse Security VPNs are being exploited in wild
  • Imperva’s cloud WAF gets colossally owned
  • US authorities fear ransomware attacks against election systems
  • Apple fixes re-introduced jailbreak bug
  • Telegram design choice puts HK protestors at risk
  • Researcher drops two 0days in Valve’s Steam client after bounty spat
  • Much, much more

This week’s sponsor guest is Ryan Kalember, EVP of cybersecurity strategy with Proofpoint. Ryan is stopping by this week to touch on a couple of topics. He’ll tell us why Proofpoint didn’t attribute a recent malware campaign targeting US utilities to APT10 despite there being some pretty APT10-like tradecraft used in that particular campaign.

He’ll also talk a bit about how thread hijacking is a giant pain in the ass. That’s where attackers take over a mailbox, then just jump right in replying to existing mail threads. Detecting that is hard, of course, because it’s internal mail. It’s a great little mixed bag interview.


Show notes

Hackers mount attacks on Webmin servers, Pulse Secure, and Fortinet VPNs | ZDNet
Hackers are actively trying to steal passwords from two widely used VPNs | Ars Technica
Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs
The year-long rash of supply chain attacks against open source is getting worse | Ars Technica
Cybersecurity Firm Imperva Discloses Breach — Krebs on Security
Exclusive: U.S. officials fear ransomware attack against 2020 election - Reuters
While one Texas county shook off ransomware, small cities took full punch | Ars Technica
Apple patches iPhone jailbreaking bug | ZDNet
Alleged 'Snake Oil' Crypto Firm Sues Over Boos at Black Hat | WIRED
Hong Kong protesters warn of Telegram feature that can disclose their identities | ZDNet
Researcher publishes second Steam zero day after getting banned on Valve's bug bounty program | ZDNet
Valve patches recent Steam zero-days, calls turning away researcher 'a mistake' | ZDNet
Capital One hacker denied release, will remain in jail | ZDNet
Ex-Google and Uber engineer Anthony Levandowski charged with trade secret theft - The Verge
Hacker Claims He Can ‘Turn Off 25,000 Cars’ At The Push Of A Button
Hackers Could Steal a Tesla Model S by Cloning Its Key Fob—Again | WIRED
Microsoft will let some Windows 7 customers get free security updates for an extra year | TechCrunch
UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks | ZDNet
Inside the Black Market for Bots That Buy Designer Clothes Before They Sell Out - VICE
Employees connect nuclear plant to the internet so they can mine cryptocurrency | ZDNet
How an NSA researcher plans to allow everyone to guard against firmware attacks
NSA-approved cybersecurity law and policy course now available online
Protocol used by 630,000 devices can be abused for devastating DDoS attacks | ZDNet
Blockbuster indictment against 80 fraud suspects details a complex global scam operation
VMware announces plans to acquire Carbon Black for $2.1 billion
Firefox and Chrome Fight Back Against Kazakhstan's Spying | WIRED
Google Play app with 100 million downloads executed secret payloads | Ars Technica
Moscow's blockchain voting system cracked a month before election | ZDNet
Microsoft: Using multi-factor authentication blocks 99.9% of account hacks | ZDNet
Why is DJI getting the Huawei treatment from the U.S.? - CyberScoop
Intel, IBM, Google, Microsoft & others join new security-focused industry group | ZDNet
Chinese spies have their sights on cancer research
Nasa said to be investigating first allegation of a crime in space - BBC News
LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards | Proofpoint AU
We are bringing together the world's security expertise
Careers at Remediant | Remediant
Aug 28, 2019
Risky Biz Soap Box: Casey Ellis on "match.com for hackers"

We used to think of companies like Bugcrowd as offering a very simple service: managed bug bounties. But these days that’s a bit too simplistic. All the “bounty” companies are offering more comprehensive and specific products these days. In this edition of the Soap Box podcast Bugcrowd CTO Casey Ellis joins the show to talk through what the future looks like in crowdsourced security. Matching individual hackers’ skills to individual gigs and launching new services like Bugcrowd for Marketplaces will be a big part of that future.

Aug 22, 2019
Risky Business #552 -- Guest host Alex Stamos on all the week's security news

In this week’s show Patrick Gray and Alex Stamos discuss all the week’s news, including:

  • Confirmed: 30 companies affected by CapitalOne attacker
  • China info-ops booted off Twitter, Facebook
  • Real deal Bluetooth bugs
  • Apple re-introduces kernel bug, jailbreaks aplenty
  • Apple to sue Corellium for copyright infringement
  • DPRK gets its malware VT’d by CYBERCOM
  • Much, much more

Haroon Meer of Thinkst Canary is this week’s sponsor guest. We spoke to Haroon while he was in the USA, just before he was about to deliver a talk to USENIX all about “embracing hackiness”. Haroon thinks “hackiness” is a huge advantage for red teams, but that doesn’t mean blue teams can’t use the same hacky approaches to defence. It’s a typically great chat with Haroon. Links to everything discussed are below.

Show notes

Apple’s Lawsuit Against a Startup Shows How It Wants to Control the iPhone Hacking Market - VICE
You Can Jailbreak Your iPhone Again (But Maybe You Shouldn’t) | WIRED
New Attack exploiting serious Bluetooth weakness can intercept sensitive data | Ars Technica
Capital One hacker took data from more than 30 companies, new court docs reveal | ZDNet
Amazon Web Services finds no 'significant issues' at other companies allegedly breached by Paige Thompson
Twitter, Facebook scrub coordinated activity targeting Hong Kong demonstrations
Twitter bans 936 accounts managed by the Chinese state, aimed at Hong Kong protests | ZDNet
Chinese state media bought Twitter ads to spread disinformation about Hong Kong protests
Amazon’s Creepy Twitter PR Army is Growing - VICE
Huawei Technicians Helped African Governments Spy on Political Opponents - WSJ
U.S. Cyber Command warns of North Korea-linked Lazarus Group malware
Ransomware strike takes down 23 Texas local government agencies | Ars Technica
Backdoor found in Webmin, a popular web-based utility for managing Unix servers | ZDNet
Backdoor code found in 11 Ruby libraries | ZDNet
Degrading Tor network performance only costs a few thousand dollars per month | ZDNet
Meet Bluetana, the Scourge of Pump Skimmers — Krebs on Security
Financial hacking teams FIN7, Cobalt Group update tactics to haunt banks and retail
Google wants to reduce lifespan for HTTPS certificates to one year | ZDNet
Facebook to pay researchers to hunt down Instagram apps that abuse user data | ZDNet
How Facebook Catches Bugs in Its 100 Million Lines of Code | WIRED
Facebook awards $100,000 prize for new code isolation technique | ZDNet
Finally, a Lightning YubiKey to Kill Password Clutter on Your iPhone | WIRED
Aug 21, 2019
Feature Podcast: Inaction is escalatory

This podcast is brought to you by the William and Flora Hewlett Foundation, and it’s the second in a series of podcasts we’re doing that are all about cyber policy.

The Foundation funds a lot of interesting people and work in the cybersecurity space. So the idea behind this podcast series is pretty simple: we talk to Hewlett’s grant recipients, or experts in Hewlett’s network, about pressing policy issues and turn those conversations into podcasts. The whole idea is to get some policy perspectives out there among the Risky Business audience, which, funnily enough, includes a lot of policymakers.

In this podcast we’re speaking with Katherine Charlet. She currently serves as the director of the Technology and International Affairs Program at the Carnegie Endowment for International Peace. Prior to joining Carnegie, Kate served as the deputy assistant secretary of defence for cyber policy, where she managed the development of US Department of Defence cyber policy and strategy, its development of cyber capabilities, and the expansion of its international relationships.

This conversation essentially covers what the state of affairs is when it comes to militaries and their actions in the cyber domain. It was only a few weeks ago that reports claimed the United States government launched a cyber attack against Iranian weapons systems. We’ll hear from Kate about what she thinks that all means, and then we’re going to talk about all sorts of stuff really – the blurring of the line between what warrants a law enforcement response versus a military response, what the path to this situation looked like, so on and so on. But I kicked things off by asking Kate to tell us what this concept of “defending forward” actually means. In the last couple of years we’ve heard that term bandied about by all sorts of people, but everyone seems to have a different definition. Here, Kate shares her more definitive definition.

Aug 15, 2019