Risky Business

By Patrick Gray

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Tech News

Open in iTunes

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 723
Reviews: 1

 Oct 10, 2018


Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Episode Date
Feature Podcast: Inaction is escalatory

This podcast is brought to you by the William and Flora Hewlett Foundation, and it’s the second in a series of podcasts we’re doing that are all about cyber policy.

The Foundation funds a lot of interesting people and work in the cybersecurity space. So the idea behind this podcast series is pretty simple: we talk to Hewlett’s grant recipients, or experts in Hewlett’s network, about pressing policy issues and turn those conversations into podcasts. The whole idea is to get some policy perspectives out there among the Risky Business audience, which, funnily enough, includes a lot of policymakers.

In this podcast we’re speaking with Katherine Charlet. She currently serves as the director of the Technology and International Affairs Program at the Carnegie Endowment for International Peace. Prior to joining Carnegie, Kate served as the deputy assistant secretary of defence for cyber policy, where she managed the development of US Department of Defence cyber policy and strategy, its development of cyber capabilities, and the expansion of its international relationships.

This conversation essentially covers what the state of affairs is when it comes to militaries and their actions in the cyber domain. It was only a few weeks ago that reports claimed the United States government launched a cyber attack against Iranian weapons systems. We’ll hear from Kate about what she thinks that all means, and then we’re going to talk about all sorts of stuff really – the blurring of the line between what warrants a law enforcement response versus a military response, what the path to this situation looked like, so on and so on. But I kicked things off by asking Kate to tell us what this concept of “defending forward” actually means. In the last couple of years we’ve heard that term bandied about by all sorts of people, but everyone seems to have a different definition. Here, Kate shares her more definitive definition.

Aug 15, 2019
Risky Business #551 -- Post Vegas edition, more news than we can handle

Adam Boileau is along this week to discuss the week’s security news. We cover:

  • Follow ups on CapitalOne
  • Amazon EBS snapshots exposed
  • North Korea bags $2bn in cybercrime spree
  • Attempted Coinbase breach postmortem
  • Apple’s new research phones for bug hunters
  • APT41 busted moonlighting
  • Cloudflare finally ditches 8chan
  • Leaked Boeing 787 code shredded, full of bugs
  • Qualcomm bugs pave path through to Android kernel
  • Microsoft gets Tavis’d
  • More RDP/RDS bugs
  • Much, much more

This week’s sponsor interview is with Jake King of CMD. CMD has developed a control layer for Linux systems that restricts account actions, not just by traditional permissions. Jake will be along this week to talk a little bit about EDR on Linux. He saw a nice talk from some IBM X-Forcers at Black Hat about Linux EDR bypasses and that led to a conversation about Linux EDR generally. It’s interesting stuff

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

What We Can Learn from the Capital One Hack — Krebs on Security
GitHub sued for aiding hacking in Capital One breach | ZDNet
Hundreds of exposed Amazon cloud backups found leaking sensitive data | TechCrunch
Monzo admits to storing payment card PINs in internal logs | ZDNet
One Million Bank Phone Calls Found in Exposed Server - VICE
SEC Investigating Data Leak at First American Financial Corp. — Krebs on Security
North Korea took $2 billion in cyberattacks to fund weapons program: U.N. report - Reuters
An attempted heist at Coinbase was scary good, even though it failed - MIT Technology Review
Responding to Firefox 0-days in the wild - The Coinbase Blog
Three ads generate 5.5 times more revenue than a web-based cryptojacking script | ZDNet
Apple Hands Hackers Secret iPhones In A Bid To Boost Security, Sources Say
Apple expands bug bounty to macOS, raises bug rewards | ZDNet
Meet APT41, the Chinese hackers moonlighting for personal gain
Cloudflare Says It Won’t Ban 8chan, a Hotbed for Terrorist Manifestos - VICE
Cloudflare Is Protecting a Site Linked to a Neo-Nazi Terror Group - VICE
A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts | WIRED
Feds plan to use SecureDrop as a vulnerability reporting portal
US military purchased $32.8m worth of electronics with known security risks | ZDNet
MICROCHIPS Act wants to secure US govt supply chain against Chinese sabotage | ZDNet
Cisco to pay $8.6 million fine for selling government hackable video surveillance technology - The Washington Post
Exclusive: Kaspersky Software Lingers On Sensitive Government Systems 2 Years After U.S. Ban
New advanced malware, possibly nation sponsored, is targeting US utilities | Ars Technica
Yet another hacking group is targeting oil and gas companies, Dragos says
NSA's reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy
A Multimillionaire Surveillance Dealer Steps Out Of The Shadows . . . And His $9 Million WhatsApp Hacking Van
Microsoft To Disable VBScript by Default on August 13th
These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer - VICE
This Tesla Mod Turns a Model S Into a Mobile 'Surveillance Station' | WIRED
Clever attack uses SQLite databases to hack other apps, malware servers | ZDNet
Researchers find security flaws in 40 kernel drivers from 20 vendors | ZDNet
Hackers Can Break Into an iPhone Just by Sending a Text | WIRED
Microsoft Invites Researchers to Hack Their Azure Security Lab
Hackers Take on Darpa's $10 Million Voting Machine | WIRED
13-Year-Old Encryption Bugs Still Haunt Apps and IoT | WIRED
Avaya VoIP Phones Harbored 10-year Old Vulnerability
Microsoft: Russian state hackers are using IoT devices to breach enterprise networks | ZDNet
Black Hat Talk About ‘Time AI’ Causes Uproar, Is Deleted By Conference - VICE
Development stops on PowerShell Empire framework after project reaches its goal | ZDNet
How AT&T Insiders Were Bribed to 'Unlock' Millions of Phones | WIRED
QualPwn vulnerabilities in Qualcomm chips let hackers compromise Android devices | ZDNet
Security bugs in popular Cisco switch brand allow hackers to take over devices | ZDNet
WordPress team working on daring plan to forcibly update old websites | ZDNet
Vulnerability in Microsoft CTF protocol goes back to Windows XP | ZDNet
How offense and defense came together to plug a hole in a popular Microsoft program
Ancient technique tears a hole through modern web stacks at Black Hat 2019 | The Daily Swig
He tried to prank the DMV. Then his vanity license plate backfired big time.
*********READING LIST STARTS HERE: How a BlackBerry password cracked one of Australia’s biggest drug hauls
Who Owns Your Wireless Service? Crooks Do. — Krebs on Security
DARPA Is Building a $10 Million, Open Source, Secure Voting System - VICE
Now you can use Android phones, rather than passwords, to log in to Google* | Ars Technica
Database from StockX Hack Sold Online, Check If You're Included
Silent Windows update patched side channel that leaked data from Intel CPUs | Ars Technica
Extortion and alleged ISIS threats: A Saudi embassy learned the hard way about email security - CyberScoop
A phishing campaign with nation-state hallmarks is targeting Chinese government agencies - CyberScoop
Guardian Firewall iOS App Automatically Blocks the Trackers on Your Phone | WIRED
A cyber-espionage group has been stealing files from the Venezuelan military | ZDNet
Voter records for 80% of Chile's population left exposed online | ZDNet
A Remote-Start App Exposed Thousands of Cars to Hackers | WIRED
FTC: Too many people signed up for Equifax cash, so they'll be getting less than $125 | ZDNet
Exclusive: Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials - VICE
Windows malware strain records users on adult sites | ZDNet
State Farm says hackers confirmed valid usernames and passwords in credentials stuffing attack | ZDNet
iNSYNQ Ransom Attack Began With Phishing Email — Krebs on Security
Android Apps With Over 100M Installs Contain a Clicker Trojan
New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks
StockX was hacked, exposing millions of customers’ data | TechCrunch
CafePress Data Breach Exposes Personal Info of 23 Million Users
Aug 14, 2019
Risky Business #550 -- CapitalOne owned, Hutchins sentenced, VxWorks horror-show and more!

Adam Boileau is along this week to discuss the week’s security news. We cover:

  • Deep dive on the CapitalOne breach
  • Marcus Hutchins sentenced to time served
  • Telegram voicemail bug leads to political crisis in Brazil
  • Ransomware leaves South Africans without electricity
  • Much, much more

Wolfgang Goerlich is this week’s sponsor guest. He’s an advisory CISO with Duo Security and will be along after this week’s news segment to walk us through Duo’s Trusted Access Report. They’ve got some interesting telemetry to share with us.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Capital One Data Theft Impacts 106M People — Krebs on Security
A Hacker Stole Data From 100 Million Capital One Customers | WIRED
Paige Thompson allegedly bragged on Slack, Github about hacking Capital One
DOJ Says Capital One Mega Breach Suspect Could Face More Charges—Did She Hack Multiple Companies?
Demand for cyber insurance grows as volatility scares off some providers
How to Get Your Equifax Settlement Money | WIRED
Hackers used password spraying to breach Citrix, investigation confirms
Marcus 'MalwareTech' Hutchins gets no prison time, one year supervised release | ZDNet
Telegram voicemail hack used against Brazil's president, ministers | ZDNet
Telegram rolls out fix for voicemail hack used against Brazilian politicians | ZDNet
'This isn't IAD 2.0': NSA's new Cybersecurity Directorate plots its mission
APT-doxing group exposes APT17 as Jinan bureau of China's Security Ministry | ZDNet
Advanced mobile surveillanceware, made in Russia, found in the wild | Ars Technica
Christo Grozev on Twitter: "A major phishing campaign on @ProtonMail against researchers/journalists investigating Russia|n topics. Emails impersonate @ProtonMail and alert you that your "keys have been exported". Brazenly, they've registered a Swiss .ch clone domain (https://t.co/Q0fhT6brv1)." / Twitter
Ransomware incident leaves some Johannesburg residents without electricity | ZDNet
Louisiana governor declares state emergency after local ransomware outbreak | ZDNet
Cybersecurity officials warn state and local agencies (again) to fend off ransomware | Ars Technica
US Govt, NGOs Ask Cyber Community to Boost Ransomware Defenses
Ransomware infection takes some police car laptops offline in Georgia | ZDNet
US files lawsuit against Bitcoin exchange that helped launder ransomware profits | ZDNet
City of Baltimore FAQ | Mayor Bernard C. "Jack" Young
Facebook's Ex-Security Chief Details His 'Observatory' for Internet Abuse | WIRED
A VxWorks Operating System Bug Exposes 200 Million Critical Devices | WIRED
Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices | ZDNet
Google researchers disclose vulnerabilities for 'interactionless' iOS attacks | ZDNet
Keep Calm, Carry On. VLC Not Affected by Critical Vulnerability
DHS warns about CAN bus vulnerabilities in small aircraft | ZDNet
Cmd – Events_
Malware Sandbox Online | Free Trial
The Spy Who P3wn3d Me
The 2019 Duo Trusted Access Report: Zero-Trust Security for the Workforce | Duo Security
Jul 31, 2019
Risky Business #549 -- FSB contractor breached, Equifax fined, NSO Group targets cloud

Adam Boileau is along this week to discuss the week’s security news. We cover:

  • FSB contractor gets itself a whole lotta owned
  • NSO Group pitches cloud access
  • Hal Martin gets 9 years
  • NSA to launch defensive division
  • Bulgarian breach data exposed
  • DataSpii scandal a 2019 privacy case study
  • Google boots DarkMatter certificates from Chrome and Android
  • Equifax fined $700m
  • Horror show bugs in enterprise VPN concentrators from Palo Alto, Fortinet
  • Microsoft demos ElectionGuard SDK (looks pretty cool)

This week’s sponsor interview is with Casey Ellis of Bugcrowd. We’ll talk about how organisations are increasingly doing bug bounties on technology they use, not just technology they develop. And then we’ll be talking about a new thing Bugcrowd is doing – Bugcrowd for marketplaces.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Hackers breach FSB contractor, expose Tor deanonymization project and more | ZDNet
Report: NSO Group's Pegasus Spyware Can Break Into Cloud Services, Transmit User Data To Server | Gizmodo Australia
Contractor who stole 50TB of NSA data gets nine years in prison | ZDNet
Think FaceApp Is Scary? Wait Till You Hear About Facebook | WIRED
Europe’s Galileo Satellite Outage Serves as a Warning | WIRED
NSA to establish a defense-minded division named the Cybersecurity Directorate | ZDNet
US Govt Rolls Out New DNS Security Measures for .gov Domains
U.S. Cyber Command simulated a seaport cyberattack to test digital readiness
‘We have to hit the problem the way it hits us’: How the FBI tracks a range of hacking threats
Barr Says Police Need Encryption Backdoors, Doesn’t Mention Hacking Tools They Use All the Time - VICE
Bulgaria's hacked database is now available on hacking forums | ZDNet
Bulgaria hacking suspect worked on government cybersecurity before tax agency breach
My browser, the spy: How extensions slurped up browsing histories from 4M users | Ars Technica
More on DataSpii: How extensions hide their data grabs—and how they’re discovered | Ars Technica
Google bans DarkMatter certificates from Chrome and Android | ZDNet
Chances of destructive BlueKeep exploit rise with new explainer posted online | Ars Technica
Teenage hackers are offered a second chance under European experiment
Vigilante Hacker ‘Phineas Fisher’ Denies Working for the Russian Government - VICE
$700 Million Equifax Fine Is Still Too Little, Too Late | WIRED
Flaws in widely used corporate VPNs put company secrets at risk | TechCrunch
Siemens contractor pleads guilty to planting logic bomb in company spreadsheets | ZDNet
Hackers Exploit Jira, Exim Linux Servers to "Keep the Internet Safe'
10,000 Microsoft customers targeted by nation-state attacks in the last year
Mozilla Firefox Tor Mode Likely to Start as a Browser Addon
Firefox to Warn When Saved Logins are Found in Data Breaches
Microsoft demos ElectionGuard technology for securing electronic voting machines | ZDNet
Kazakhstan government is now intercepting all HTTPS traffic | ZDNet
Data Broker LocationSmart Will Fight Class Action Lawsuit Over Selling AT&T Data - VICE
Slack resets passwords for 1% of its users because of 2015 hack | ZDNet
BEC Scams Average $301 Million Per Month In Illegal Transfers
Malicious Python libraries targeting Linux servers removed from PyPI | ZDNet
Gigabyte and Lenovo servers impacted by common BMC firmware flaws | ZDNet
Cracked Tesla 3 Windshield Leads to $10,000 Bug Bounty
Inside Apple Factory Thefts: Secret Tunnels, Hidden Crawl Spaces — The Information
Jul 24, 2019
Risky Biz Soap Box: Ryan Kalember of Proofpoint on "Very Attacked People"

Soap Box isn’t the regular, weekly show we do at Risky.Biz, if you’re looking for that, just scroll one podcast back in your feed or on the Risky Business website.

Soap Box is a fully sponsored podcast series we do where vendors pay to come on and talk about research they’ve done, products they’ve launched, whatever.

This edition of Soap Box is a particularly good one. Ryan Kalember is EVP of cybersecurity strategy at Proofpoint and he’s our guest in this edition. Ryan was on the show a little while back talking about the concept of VAPs – very attacked people. In this interview he’s going to expand on that.

It’s one thing to know that some of your key people are being attacked, but let’s take it one step further. Of those people, who among them is most likely to actually do something like click an untrusted link? What do we know about those users that can tell us how at-risk they are, based on how frequently they’re attacked, and also how likely they are to engage with phishing attempts or dodgy attachments? And if they ARE a risky user, what can you do about that? Measuring risk is only useful if you can do something about it.

Jul 18, 2019
Risky Business #548 -- Zoom RCE details and all the week's news

Adam Boileau is along this week to discuss the week’s security news. We cover:

  • US mayors agree: no more paying off ransomware crews
  • BitPoint exchange loses $32m in cryptocurrency
  • FinSpy is back, big time
  • Chinese AV companies won’t flag government malware
  • US security companies free to help political campaigns with discounted services, products
  • Facebook to pay $5bn privacy fine with money from its spare pants
  • Much, much more

Assetnote’s Shubham Shah also joins the news segment to dish on the Zoom RCE bug he and his team found back in March.

This week’s sponsor is Kasada, an Australian company that runs a bot filtering service. Kasada is a relatively new company but they’re kicking some pretty serious goals here in Australia and are now pushing into other markets like the USA. But instead of supplying us with one of their people, they suggested we interview one of their customers - REA Group CSO and head of platform Craig Templeton.

REA Group runs realestate.com.au, Australia’s biggest real estate listings website. They had all sorts of trouble with content scrapers, bots causing service interruptions, cred stuffing, you name it. In the end they went with Kasada to solve their bot problems and Craig pops by this week to talk about the issues they were having and to sing Kasada’s praises. Getting a reference customer to speak publicly is a Herculean task, so full credit to Kasada for making this one happen. If you operate a website that pushes a lot of traffic you’ll want to hear that interview.

Show notes

US mayors group adopts resolution not to pay any more ransoms to hackers | ZDNet
Monroe College Hit With Ransomware, $2 Million Demanded
Bitpoint cryptocurrency exchange hacked for $32 million | ZDNet
The developers of the notorious FinSpy spyware are innovating — and thriving
Chinese Antivirus Companies Don’t Flag Chinese Border Malware - VICE
Why Cyber Command’s latest warning is a win for the government's information sharing efforts
Congressional pressure builds for White House to share classified cyber authorizations
FEC: Campaigns Can Use Discounted Cybersecurity Services — Krebs on Security
Senators grill FTC over reported $5 billion Facebook settlement
Update on the availability of some Galileo Initial Services | European Global Navigation Satellite Systems Agency
P1 Labs » Presenting QCSuper: a tool for capturing your 2G/3G/4G air traffic on Qualcomm-based phones
Revealed: This Is Palantir’s Top-Secret User Manual for Cops - VICE
How Julian Assange turned an embassy into a command post for election meddling - CNNPolitics
US defense contractor falls for $3 million email scam — Quartz
Italian police raid of neo-fascist militants finds air-to-air missile [Updated] | Ars Technica
Brazil is at the forefront of a new type of router attack | ZDNet
NCSC Issues Alert About Active DNS Hijacking Attacks
Magecart Hacker Group Hits 17,000 Domains—and Counting | WIRED
Hacker steals data of millions of Bulgarians, emails it to local media | ZDNet
Hackers breached Greece's top-level domain registrar | ZDNet
EFF Hits AT&T With Class Action Lawsuit for Selling Customers’ Location to Bounty Hunters - VICE
Sprint says hackers breached customer accounts via Samsung website | ZDNet
New Android malware replaces legitimate apps with ad-infested doppelgangers | ZDNet
Academics steal data from air-gapped systems via a keyboard's LEDs | ZDNet
Bad McAfee Exploit Prevention Update Blocked Windows Logins
Google to remove Chrome's built-in XSS protection (XSS Auditor) | ZDNet
Microsoft Azure AD FIDO2 Passwordless Sign-In in Public Preview
Apple disables Walkie Talkie app due to vulnerability that could allow iPhone eavesdropping | TechCrunch
Meet the World’s Biggest ‘Bulletproof’ Hoster — Krebs on Security
Zoom Will Fix the Flaw That Let Hackers Hijack Webcams | WIRED
Apple has pushed a silent Mac update to remove hidden Zoom web server | TechCrunch
(9) Karan Lyons on Twitter: "MRT update 1.46 now removes vulnerable web servers for Zoom, RingCentral, Telus Meetings, BT Cloud Phone Meetings, Office Suite HD Meeting, AT&T Video Meetings, BizConf, Huihui, UMeeting, Zhumu, and Zoom CN." / Twitter
(9) Jonathan Leitschuh on Twitter: "A Remote Code Execution Vulnerability was present in all of these @zoom_us white label desktop apps. This is the full list of applications that @Apple's MRT update will now silently remove from your machines for you. If you want to be proactive, update your MRT to 1.46 https://t.co/rGlwjbQmkg" / Twitter
Jira Server and Data Center Update Patches Critical Vulnerability
(10) pyn3rd on Twitter: "#CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE https://t.co/rFkENoGiVx" / Twitter
Kasada | Security Redefined
Jul 17, 2019
Risky Business #547 -- Zoom-gate, massive GDPR fines, ship hack warnings and more

Adam Boileau is along this week to discuss the week’s security news. We cover:

  • Zoom’s week from hell
  • BA, Marriott face massive GDPR fines
  • Seth Rich conspiracy originated from Russia’s SVR
  • Coast Guard warns of ship hax
  • Cybercommand issues warning on DDE exploitation
  • PGP ecosystem having a rough time
  • Much, much more!

This week’s show is brought to you by our lovely friends at Signal Sciences. I guess you’d call them a next generation WAF. Signal Sciences co-founder and CTO Zane Lackey will be along in this week’s sponsor interview to plug their new cloud-based WAF product, and also to have a chat about a trend he’s seeing at non-security conferences – more high quality security content.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

A Zoom Flaw Gives Hackers Easy Access to Your Webcam | WIRED
British Airways fined $229 million under GDPR for data breach tied to Magecart
Automated Magecart Campaign Hits Over 960 Breached Stores
Marriott faces $123 million GDPR fine in the UK for last year's data breach | ZDNet
Huawei staff and Chinese military have deep links, study claims
Conspiracyland: The Russian connection to Seth Rich conspiracies
US Coast Guard warns about malware designed to disrupt ships' computer systems | ZDNet
US Cyber Command issues alert about hackers exploiting Outlook vulnerability | ZDNet
Someone Is Spamming and Breaking a Core Component of PGP’s Ecosystem - VICE
Apple reveals App Store takedown demands by governments | TechCrunch
ICE mined driver’s license photos for facial recognition | TechCrunch
London Police Facial Recognition ‘Fails 80% Of The Time And Must Stop Now’
CBP suspends Perceptics from doing government business following data breach
Over 90 Million Records Leaked by Chinese Public Security Department
UK's largest police forensics lab paid ransom demand to recover locked data | ZDNet
Mozilla blocks UAE bid to become an internet security guardian after hacking reports - Reuters
UK ISP group names Mozilla 'Internet Villain' for supporting 'DNS-over-HTTPS' | ZDNet
First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol | ZDNet
Canonical GitHub account hacked, Ubuntu source code safe | ZDNet
Backdoor found in Ruby library for checking for strong passwords | ZDNet
Tor Project to fix bug used for DDoS attacks on Onion sites for years | ZDNet
OpenID Foundation says 'Sign In with Apple' is not secure enough | ZDNet
Industry Breach Alert Published by US National Trade Association ALTA
Beware of Fake Microsoft OneNote Audio Note Phishing Emails
Fake Samsung firmware update app tricks more than 10 million Android users | ZDNet
7-Eleven Japanese customers lose $500,000 due to mobile app flaw | ZDNet
'Silence' hackers hit banks in Bangladesh, India, Sri Lanka, and Kyrgyzstan | ZDNet
Who’s Behind the GandCrab Ransomware? — Krebs on Security
Seriously, stop using RSA | Trail of Bits Blog
Jul 10, 2019
Risky Biz Soap Box: Cylance talks Persona

As regular listeners know, this isn’t the weekly Risky Biz news and current affairs show, if you want that, scroll back in the podcast feed to the previous podcast. This is a Soap Box edition, a solely sponsored podcast series we do here at Risky Biz where vendors pay us to come on to the show to talk about, well, whatever they want, really.

We’ve heard Duo Security talking about WebAuthn, we’ve got one with Proofpoint coming up that’s about insights they’ve gleaned from filtering such ridiculous amounts of email.

But in this edition, Garret Grajek from BlackBerry Cylance will be along to talk about its new product, Cylance Persona. This latest product is kinda out of the box, it’s a machine learning classifier that you install on the endpoint that learns what the typical user behaviour looks like. Once the observed user behaviour starts diverging from what’s expected, it can perform actions – like kicking up for 2fa, locking the user out, whatever you want, really.

It’s a novel approach to dealing with compromised endpoints. Two factor authentication is great, but if your endpoints are hosed that doesn’t really count for much. And that’s really what this new gear is about.

Jul 04, 2019
Risky Business #546 -- The fifth domain sees some action

Adam Boileau is along this week to discuss the week’s security news. We cover:

  • NYTimes reports USA is getting all up in Russia’s grids
  • Kremlin not happy
  • CYBERCOM targets Iranian rocket control and APT crews
  • TRITON attackers target US grid
  • Turla completes hostile takeover of Oilrig
  • Reuters publishes huge feature on Cloudhopper/APT10
  • China pwns global telcos, targets key subscribers
  • FVEY owns Yandex
  • Tourists entering Xinjiang now have mobile malware installed at border
  • Florida city governments having a bad time
  • Much, much more!

This week’s edition of Risky Business is brought to you by Senetas. They make layer 2 encryption tech, but they’ve also got a content disarm and reconstruction play now, Votiro, as well as their safe file sharing platform SureDrop. But we’re sticking with encryption in this week’s sponsor interview. Senetas CTO Julian Fay will be along a bit later to talk about his trip to the International Crypto Module Conference. He’ll fill us in on what the agenda was there – lots of talk about quantum resistant crypto and also some talk about streamlining various certification regimes.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

U.S. Escalates Online Attacks on Russia’s Power Grid - The New York Times
Kremlin Warns of Cyberwar After Report of U.S. Hacking Into Russian Power Grid - The New York Times
The Highly Dangerous 'Triton' Hackers Have Probed the US Grid | WIRED
US wants to isolate power grids with 'retro' technology to limit cyber-attacks | ZDNet
Wait, What The Hell Is Going On With Huawei Now? | Gizmodo Australia
The Legal Context for CYBERCOM’s Reported Operations Against Iran - Lawfare
Iran executes ‘defence ministry contractor’ over spying for CIA
Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount | WIRED
Nation-sponsored hackers likely carried out hostile takeover of rival group’s servers | Ars Technica
Stealing Clouds
Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers — Krebs on Security
Chinese spies have been sucking up call records at multinational telecoms, researchers say
Exclusive: Western intelligence hacked 'Russia's Google' Yandex to spy on accounts - sources - Reuters
China Is Forcing Tourists to Install Text-Stealing Malware at its Border - VICE
Will Hurd’s Black Hat keynote nixed amid criticism of voting record
A Florida city paid a $600,000 bitcoin ransom to hackers who took over its computers — and it's a massive alarm bell for the rest of the US | Business Insider
Florida city fires IT employee after paying ransom demand last week | ZDNet
Ryuk, Ryuk, Ryuk: Georgia’s courts hit by ransomware | Ars Technica
Georgia courts (mostly) shrug off ransomware attack | Ars Technica
Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy — Krebs on Security
Firefox zero-day was used in attack against Coinbase employees, not its users | ZDNet
FTC settles with device maker D-Link, requires 'comprehensive' security effort
Cellebrite Now Says It Can Unlock Any iPhone for Cops | WIRED
Gift-card scheme went well beyond Wipro hack, RiskIQ reports
Tracing the Supply Chain Attack on Android — Krebs on Security
Fraudsters Spoof Blockchain.com to Steal $27M in Cryptocurrency
Android Malware Bypasses 2FA by Stealing One-Time Passwords
LTE flaws let hackers ‘easily’ spoof presidential alerts | TechCrunch
NASA hacked because of unauthorized Raspberry Pi connected to its network | ZDNet
Microsoft warns Azure customers of Exim worm | ZDNet
Jul 03, 2019
Feature podcast: An interview with Jim Baker, former general counsel, FBI

This is the first edition of a new series of podcasts we’re doing here at Risky.Biz that will focus on cyber policy issues. The Hewlett Foundation approached us a while back to see if we’d be interested in doing this series we jumped at the opportunity.

The Foundation funds a lot of interesting people and work in the cybersecurity space. So the idea is pretty simple: we can talk to some of Hewlett’s grant recipients or experts in its network about pressing policy issues and turn those conversations into podcasts. The whole idea is to get some policy perspectives out there among the Risky Business audience, which, funnily enough, includes a lot of policy people.

Our first cab off the rank is this interview with Jim Baker. He joined the Department of Justice in 1990 and rose through the ranks to become the FBI general counsel in January 2014, a position he held until December 2017. So of course he was running all things legal for the FBI during the Apple-FBI dispute over a locked iPhone 5C recovered from the gunman responsible for the San Bernardino shooting.

Baker was the US Government’s point man on all things encryption, taking stances that outraged technologists and reinvigorated a policy debate that had – at least to a degree – stagnated for years. These days, Jim Baker serves as Director of the R Street think tank’s National Security and Cybersecurity Program.

This interview focusses on the so-called encryption wars. The FBI and other law enforcement/intelligence agencies want better access to encrypted material, while technologists say that’s impossible to accomplish without introducing unacceptable risks into the technology ecosystem. Baker shares his view on the topic.

The Australian government law enforcement and intelligence agencies guide to the Assistance and Access Act, which is mentioned in the introduction to the podcast, can be found here. (Ironically enough, served over http!)

PLEASE NOTE: Jim Baker joined our meeting via a phone call, so the audio quality here isn’t up to our usual standards. Sorry about that!

Jun 15, 2019
Risky Business #545 -- US Government loses control of customs mugshot database

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news, including:

  • CBP loses photo and license plate database
  • Some Android phones shipped with backdoor
  • Info on Google’s cloud outage
  • USG ramps up “defend forward”
  • Trump and Mnuchin can’t get their stories straight on Huawei
  • The latest from Baltimore, more on that RDP bug
  • TalkTalk hacker sentenced
  • Much, much more

This week’s show is brought to you by Remediant! Remediant CEO Tim Keeler will be along this week to have a chinwag. We’ll talk about how simple security tech is really en vogue these days and how that’s a good thing.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

CBP says hackers stole license plate and travelers' photos | ZDNet
Hackers Breach Company That Makes License Plate Readers for U.S. Government - VICE
Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online • The Register
Google confirms that advanced backdoor came preinstalled on Android devices | Ars Technica
Two-thirds of iOS apps disable ATS, an iOS security feature | ZDNet
How a Google Cloud Catch-22 Broke the Internet | WIRED
Google Cloud Status Dashboard
U.S. ramping up offensive cyber measures to stop economic attacks, Bolton says
Trump and Mnuchin on Huawei, trade, national security
Huawei executive labeled a 'moral vacuum' in heated UK hearing - CNN
Russia and Iran Plan to Fundamentally Isolate the Internet | WIRED
For two hours, a large chunk of European mobile traffic was rerouted through China | ZDNet
Baltimore’s bill for ransomware: Over $18 million, so far | Ars Technica
A botnet is brute-forcing over 1.5 million RDP servers all over the world | ZDNet
Microsoft warns about email spam campaign abusing Office vulnerability | ZDNet
SymCrypt Bug Would Let Attacker "Take Down Entire Windows Fleet"
Senator asks Department of Justice if it can keep a lid on its software exploits
'You don't stand a chance': how the press freedom argument will go for Assange
TalkTalk hacker Daniel Kelley sentenced to four years - BBC News
A Push to Protect Campaigns from Hackers Hits an FEC Roadblock | WIRED
Top voting machine maker reverses position on election security, promises paper ballots | TechCrunch
Windows 10 zero-day details published on GitHub | ZDNet
Microsoft NTLM Flaws Expose All Windows Machines to RCE Attacks
New RCE vulnerability impacts nearly half of the internet's email servers | ZDNet
Major HSM vulnerabilities impact banks, cloud providers, governments | ZDNet
'RAMBleed' Rowhammer attack can now steal data, not just alter it | ZDNet
A backdoor in Optergy tech could remotely shut down a smart building ‘with one click’ | TechCrunch
That push notification on your phone might be a phishing attempt
New Spam Campaign Controlled by Attackers via DNS TXT Records
Fortune 500 giant Tech Data exposed customer and billing data | TechCrunch
FBI Issues Warning on ‘Secure’ Websites Used For Phishing
Diebold Nixdorf warns customers of RCE bug in older ATMs | ZDNet
Microsoft Blocks Some Bluetooth Devices Due to Security Risks
Apple's 'Find My' Feature Uses Some Very Clever Cryptography | WIRED
VLC 3.0.7 is Biggest Security Release Due to EU Bounty Program
How to create an EVIL LTE Twin – Adam Toscher – Medium
Jun 12, 2019
Risky Business #544 -- NYTimes Baltimore report falls over

On this week’s show Patrick and Adam talk through all the week’s security news, including:

  • NYTimes story on EternalBlue and Baltimore is bunk
  • An RDP worm is feeling kind of inevitable
  • Iran is still getting Shadowbrokersed
  • Intercept has a great feature on SID Today dumps
  • Australian Federal Police crack down on national security journalism
  • Phantom Secure CEO gets nine years and loses $80m
  • Silk Road 2.0 admin must be an amazing snitch
  • Another Bitcoin tumbler bites the dust
  • Much, much more

This week’s sponsor interview is with Marco Slaviero of Thinkst Canary.

Marco is joining us this week to talk about how he thinks web application-based deception techniques are kind of a waste of time right now. We talk about how deception approaches work best in privileged domains, then we talk about how security teams do better when they have a dedicated ops developer.

Show notes

Ruppersberger: NSA has no evidence EternalBlue was in Baltimore attack
Sen. Van Hollen: Government sees no EternalBlue in Baltimore ransomware attack
N.S.A. Denies Its Cyberweapon Was Used in Baltimore Attack, Congressman Says - The New York Times
Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware — Krebs on Security
Baltimore ransomware perp pinky-swears he didn’t use NSA exploit | Ars Technica
NSA points to two-year patching window in remarks about Baltimore incident
Microsoft's BlueKeep Bug Isn't Getting Patched Fast Enough | WIRED
Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708) | ZDNet
New Iranian hacking tool leaked on Telegram | ZDNet
Meltdown Showed Extent of NSA Surveillance — and Other Tales From Hundreds of Intelligence Documents
Federal police raid home of News Corp journalist Annika Smethurst | Australia news | The Guardian
PressReader.com - Your favorite newspapers and magazines.
CEO Who Sold Encrypted Phones to the Sinaloa Cartel Sentenced to Nine Years - VICE
Silk Road 2.0 Admin May Only Be Prosecuted For Tax Crimes After Cooperating with Feds - VICE
Bitcoin Blender Exits Cryptocurrency Mixing On Its Own Terms
Rights groups probe investments in NSO Group’s private equity firm
Lorenzo Franceschi-Bicchierai on Twitter: "In his new book, @josephmenn argues that Phineas Fisher, the hacktivist that breached FinFisher and Hacking Team, is perhaps a Russian intelligence front.… https://t.co/PgLPt369Sd"
Much @Stake: The Band of Hackers That Defined an Era | WIRED
Google Cloud goes down, taking YouTube, Gmail, Snapchat, and others with it | ZDNet
China 'rigs' 5G test to favour Huawei - NZ Herald
Russian military moves closer to replacing Windows with Astra Linux | ZDNet
Maze Ransomware Says Computer Type Determines Ransom Amount
Phishing Emails Pretend to be Office 365 'File Deletion' Alerts
Unpatched Flaw Affects All Docker Versions, Exploits Ready
Zero-Day Flaw in Windows 10 Task Scheduler Gets Micropatch
0patch Blog: Another Task Scheduler 0day, Another Task Scheduler Micropatch (The SandboxEscaper Saga)
Flipboard says hackers stole user details | ZDNet
Google Is Finally Making Chrome Extensions More Secure | WIRED
Westpac cyber atttack: PayID platform hack exposes private details on 100,000 Australians
Terry Zhang on Twitter: "Received a 40,000$ bounty from @msftsecresponse through @Bugcrowd for a critical Auth Bypass i found on Microsoft Cloud.Also will join the team and talk about it on the BlackHat this year.Thanks for the great bounty and the opportunity sharing on a big stage.… https://t.co/mbzs41LfBf"
New research shows personalized ads are just barely more efficient than dumb ads | ZDNet
Stephen A. Ridley on Twitter: "It has been 10 years since we reverse engineered the MS08-67 patch and published the FIRST public vuln PoC (which was used by the Confiker Worm authors). BUT, it has only been about a year since we got an angry email blaming us for the Confiker worm. https://t.co/4Xalrh7okV… https://t.co/QPeMCZIHtc"
Malware Sandbox Online | Free Trial
Thinkst Canary
Jun 05, 2019
Risky Business #543 -- NYTimes blames NSA for Baltimore hacks, Assange faces espionage charges

Adam Boileau couldn’t make it this week, but that’s ok because we’ve got former Facebook CSO and current Stanford adjunct professor Alex Stamos filling in for him in today’s show. He’ll be talking through all the week’s security news, including:

  • NYTimes report blames Baltimore ransomware attack on leaked NSA exploit
  • Assange to face espionage charges, extradition fight looming
  • SanboxEscaper just keeps dropping those 0days
  • Fury over Facebook’s response to doctored Pelosi video
  • Much, much more

This week’s sponsor interview with David Warburton of F5 Networks. You know F5 as a blinky-light box manufacturer. Load balancers, SSL termination, that sort of stuff. Not exactly a growth industry at the moment, so they’re pivoting.

They’ve dropped $670m on NGINX – f5 now owns the NGINX company – and they’re making all sorts of moves in the appsec space. That interview is mostly about F5’s business, but I found it interesting because what do you do when you’re an $8bn company that makes data-centre equipment and that industry starts going into decline?

Links to everything discussed are below, and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc - The New York Times
Thomas Rid on Twitter: "Meanwhile I feel rather uncomfortable about being quoted in said NYT story. Although the bigger point stands: whoever was behind Shadowbrokers must be held accountable, and USG should not get away with publicly ignoring this historic leak."
Eternally Blue: Baltimore City leaders blame NSA for ransomware attack | Ars Technica
Google bots shut down Baltimore officials’ ransomware-workaround Gmail accounts | Ars Technica
CyberSecPolitics: Baltimore is not EternalBlue
Errata Security: A lesson in journalism vs. cybersecurity
Intense scanning activity detected for BlueKeep RDP flaw | ZDNet
Researcher publishes Windows zero-days for the third day in a row | ZDNet
Cyber Command's latest VirusTotal upload has been linked to an active attack
The Latest Julian Assange Indictment Is an Assault on Press Freedom | WIRED
Here's How a Facebook Exec Defended Leaving Up That Fake Nancy Pelosi Video
Facebook scrubbed 2.2 billion fake accounts in the first quarter of 2019, a new high
U.S. Navy Creating a 350 Billion Record Social Media Archive
A--Global Social Media Archive, 350 billion digital data records (text) - Federal Business Opportunities: Opportunities
Amazon shareholders reject facial recognition sale ban to governments | TechCrunch
Facial Recognition Has Already Reached Its Breaking Point | WIRED
Android and iOS devices impacted by new sensor calibration attack | ZDNet
Privacy Preserving Ad Click Attribution For the Web | WebKit
German Minister Wants Secure Messengers To Decrypt Chats
European police seize BestMixer, saying it helped launder $200 million worth of cryptocurrency
Chinese military to replace Windows OS amid fears of US hacking | ZDNet
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records — Krebs on Security
Australian tech unicorn Canva suffers security breach | ZDNet
Equifax is spending a ton of money on cybersecurity. Wall Street analysts don't like it.
Democratic Party’s network security still lags behind GOP, researchers find | Ars Technica
CrowdStrike, NSS Labs resolve court battle over product testing | ZDNet
Security Engineer, Detection - Google - Sydney NSW, Australia - Google Careers
Security Engineer, Information Security and Privacy Incident Response - Google - Sydney NSW, Australia - Google Careers
Malware Sandbox Online | Free Trial
F5 Networks | Secure application delivery
May 29, 2019
Risky Biz Soap Box: VMRay CEO Carsten Willems talks sandbox tech

This is not the regular Risky Business weekly show, the Soap Box series of podcasts that run on Risky.Biz are wholly sponsored. Everyone you hear in Soap Box paid to be here.

With that disclaimer out of the way, this is actually a really interesting conversation. Carsten Willems is the co-founder and CEO of VMRay, a company that makes… well.. what do you call it? Is it an incident response tool? Is it a detection tool? Or is it just a good hypervisor-based sandbox that you can use to do both of those things?

I’m going to say it’s the third – VMRay is a company that makes a great hyper-visor sandbox and has applied that technology to both response and detection.

In an ideal world you’d have a team of malware reversers on staff pulling apart every single binary that looks shady. But this isn’t a perfect world, so that’s never going to happen. So the original use case that Carsten and his team set out to solve was around automating malware reversing. They build a hyper-visor based sandbox that’s very hard to bypass, you can run your standard build on it, throw binaries and documents at it and see what blows up. That’s really the primary use case here.

But there is a second use case, which is detection. VMRay can give you a pretty decent risk score on samples, and they’ve entered into a few OEM arrangements with vendors to provide that extra level of detection.

I’d never met Carsten Willems before we prepared this podcast, but it’s safe to say we hit it off. This podcast basically turned into Carsten telling his story, the story of where VMRay came from and where he wants it to go. Enjoy!

May 23, 2019
Risky Business #542 -- Confusion reigns over Huawei ban

On this week’s show Patrick and Adam talk through all the week’s security news, including:

  • New executive order paved way for Huawei ban
  • Google pulls service from Huawei
  • No wait, that’s not right, it’s for new handsets
  • The ban’s now reversed to allow them to continue the support that they didn’t have to discontinue?
  • I’m so confused
  • ¯_(ツ)_/¯
  • Israeli broadcaster fingers Hamas over Eurovision coverage hack
  • New moves to regulate offensive cyber services
  • Salesforce has a bad time
  • Instagram influencers have a bad time (Hah!)
  • OGUsers pwned
  • Much, much more

This week’s show is brought to you by CMD Security. They make security software for Linux that does two things – firstly it gives you visibility into what’s happening on your Linux workloads, which actions are being performed by which accounts, that sort of thing. The second thing it does is allow you to lock down accounts by action, rather than by traditional privilege. They’re funded by Google Ventures, among others, and although they’re a relatively small and new company I think they’re going to do really well.

Jake was just at a MITRE conference in Brussels that was all about the Attack Matrix. He’s joining me this week to have a bit of talk about his experience at that event, then we’ll be talking through some of the issues he’s seeing out there in Linux cloud workload land. Jake’s a great communicator and a very smart guy and that interview is a lot of fun.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

White House executive order sets path for ban on Huawei
Exclusive: Google suspends some business with Huawei after Trump blacklist - source - Reuters
Google's Huawei Android restrictions: what does it mean for you? [Updated] | TechRadar
Trump grants temporary reprieve from Huawei ban | Financial Times
Israel’s national broadcaster accuses Hamas of Eurovision hack | Jewish News
Lawmakers seek probe on U.S. hacking services sold globally - Reuters
U.S. lawmakers call on spy chief to rein in spread of hacking tools - Reuters
Facebook bans Israeli company that's been sharing disinfo on West African politics
Faulty database script brings Salesforce to its knees | ZDNet
Millions of Instagram influencers had their private contact data scraped and exposed | TechCrunch
Account Hijacking Forum OGusers Hacked — Krebs on Security
The Most Expensive Lesson Of My Life: Details of SIM port hack
Chinese cyberspies breached TeamViewer in 2016 | ZDNet
Baltimore ransomware nightmare could last weeks more, with big consequences | Ars Technica
Ohio school sends students home because of Trickbot malware infection | ZDNet
Google Will Replace Titan Security Key Over a Bluetooth Flaw | WIRED
Bluetooth's Complexity Has Become a Security Risk | WIRED
First official version of Tor Browser for Android released on the Play Store | ZDNet
Root account misconfigurations found in 20% of top 1,000 Docker containers | ZDNet
The Crowd, The Source… – CTUS.IO
New windows LPE from non-admin :) : AskNetsec
How CSIRO Computers Were Secretly Used To Mine Bitcoin | 10 daily
Company behind LeakedSource pleads guilty in Canada | ZDNet
Bots Tampering with TLS to Avoid Detection - Akamai Security Intelligence and Threat Research Blog
Hackers abuse ASUS cloud service to install backdoor on users’ PCs | Ars Technica
The radio navigation planes use to land safely is insecure and can be hacked | Ars Technica
1801 - Visual Voicemail for iPhone: Use-after-free in IMAP NAMESPACE processing - project-zero - Monorail
Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site
Microsoft releases new version of Attack Surface Analyzer utility | ZDNet
Cisco Upgrades Remote Code Execution Flaws to Critical Severity
Additional mitigations for speculative execution vulnerabilities in Intel CPUs - Apple Support
AT&T Homepage Mistakenly Warns Users of a Non-Existent Data Breach - VICE
Encryption fix may now be dead - InnovationsAus.com
Request a live demo_
May 22, 2019
Risky Biz Soap Box: Signal Sciences on serverless, app-layer deception and more

This isn’t our weekly news and current affairs show, this is a wholly sponsored podcast we do here at Risky Biz. The idea behind Soap Box is vendors pay to come on to the show and talk about the things they want to talk about.

Today’s Soap Box is brought to you by Signal Sciences. If you’re not familiar with them, they make web security software. If you operate a website and you’re looking to auto-block a lot of the common attacks and attack techniques that are likely to be directed against your website, then Signal Sciences are definitely worth a look.

Their whole pitch is really about making software that’s easy to deploy. You just drop it on your web server or run it as a WAF proxy, and bang, you’re done. Most of their clients run this software in full blocking mode out of the gate and don’t have any issues.

It’s really, really good at blocking stuff like cred stuffing and weird bot activity, as well as your typical OWASPY-style attacks.

Signal Sciences Trusted Appsec Advisor Phillip Maddux is our guest today. We spoke about a bunch of stuff really: the future of appsec, how the pivot to serverless is changing things. Then we talk about app-layer deception, and finally Phillip basically takes a dump on the bulk of RASP solutions out there.


May 16, 2019
Risky Business #541 -- NSO Group makes global headlines. What next?

On this week’s show Patrick and Adam talk through all the week’s security news, including:

  • NSO Group WhatsApp vuln coverage goes nuclear
  • Activists targeted by NSO malware in hiding in west after CIA tipoffs
  • Cisco Trust Anchor drags on sea floor
  • Linux kernel bugs likely overhyped
  • Adobe patches insane number of CVEs
  • Microsoft patches rumoured GCHQ VEP’d RDP bug
  • New hardware bugs affect Intel processors
  • SHA-1 collisions become much more practical
  • Major US anti-virus firms owned hard

This week’s sponsor interview with Ryan Kalember of Proofpoint. Ryan is a listener, and when he heard Adam talking about how password rotations actually result in crappy passwords, it hit a nerve with him. He says Proofpoint, via its CASBY product, is seeing a lot of targeted credential stuffing campaigns cycling through variations of passwords that have appeared in dumps.

Apparently the bad guys are hip to what a typical password rotation variation looks like and they’re using this knowledge to better direct their cred stuffing attempts.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

How Hackers Broke WhatsApp With Just a Phone Call | WIRED
Israel gives 'Pegasus' spyware to countries like Saudi Arabia
CIA Sent Warnings to 3 Khashoggi Associates About New Saudi Threats | Time
WhatsApp Hack Shows End-to-End Encryption Is Pointless - Bloomberg
The NSO WhatsApp Vulnerability - This is How It Happened - Check Point Research
It’s Almost Impossible to Tell if Your iPhone Has Been Hacked - VICE
Human rights groups to ask Israeli court to revoke NSO Group’s export license
A Cisco Router Bug Has Massive Global Implications | WIRED
Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution
Security Updates Released for Adobe Flash Player, Reader, and Media Encoder
Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003 — Krebs on Security
Microsoft SharePoint vulnerability allows hackers to sift through servers, Saudi authorities warn
Two years after WannaCry, a million computers remain at risk | TechCrunch
Intel CPUs impacted by new Zombieload side-channel attack | ZDNet
ZombieLoad attack lets hackers steal data from Intel chips - The Verge
Patch status for the new MDS attacks against Intel CPUs | ZDNet
SHA-1 collision attacks are now actually practical and a looming danger | ZDNet
NVIDIA Patches High Severity Windows GPU Display Driver Flaws
Keyloggers Injected in Web Trust Seal Supply Chain Attack
Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond
New Details Emerge of Fxmsp's Hacking of Antivirus Companies
DOJ Says Chinese Hackers Attacked Anthem, but Not Why | WIRED
“RobbinHood” ransomware takes down Baltimore City government networks | Ars Technica
Julian Assange to face revived rape investigation in Sweden
Former NSA analyst charged in leak of classified documents to reporter
New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web | ZDNet
Jokeroo Ransomware as a Service Pulls an Exit Scam
Nigerian BEC Scammers Shifting to RATs As Tool of Choice
Mozilla offers research grant for a way to embed Tor inside Firefox | ZDNet
Experts Doubt Russian Claims That Cryptographic Flaw Was a Coincidence - VICE
Microsoft recommends using a separate device for administrative tasks | ZDNet
Unsecured server exposes data for 85% of all Panama citizens | ZDNet
May 15, 2019
Risky Business #540 -- In depth: Hamas cyber unit destroyed in air strike

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • IDF takes out Hamas cyber HQ (Features commentary from Bobby Chesney and Klon Kitchen)
  • NYTimes mangles Symantec’s “Buckeye” research
  • Lots of dark web arrests
  • SAP exploits not all they’re cracked up to be
  • Magecart-style attacks spread to other platforms
  • Tech-led crackdown on Chinese-muslims intensifies
  • Japan to create “defensive malware”

This week’s sponsor interview is with Duo Security advisory CSO Richard Archdeacon and we’ll be talking about zero trust networks. Richard isn’t so worried about every vendor under the sun claiming to be a zero trust tech company. He doesn’t think that’s going to derail the move to zero trust architectures because the move towards them is too strong.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Israel Defense Forces on Twitter: "CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.… https://t.co/rL86R93V7P"
Crossing a Cyber Rubicon? Overreactions to the IDF’s Strike on the Hamas Cyber Facility - Lawfare
Daniel Moore on Twitter: "It's also possible that they claim this is a kinetic response to a cyber-attack, but in reality the IDF is just bombing more convenient, low-risk elements of Hamas out of its extensive target bank. So possibly more capitalising on an opportunity than direct retaliation.… https://t.co/uFSn4Ql8Nu"
Inbar Raz on Twitter: "If there had been only one strike, and it had been directed at the Cyber unit, then that would have been a remarkable and unusual event. But it wasn’t. It’s just one more building with “Hamas” written all over it. 3/N… https://t.co/hPfy1ulmsE"
Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak | Symantec Blogs
How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks - The New York Times
A Mysterious Hacker Group Is On a Supply Chain Hijacking Spree | WIRED
FBI has seized Deep Dot Web and arrested its administrators | TechCrunch
Law enforcement seizes dark web market after moderator leaks backend credentials | ZDNet
Public 10KBLAZE Exploits May Impact 90% of SAP Production Systems
sap_ms/README.md at master · gelim/sap_ms · GitHub
JavaScript card sniffing attacks spread to other e-commerce platforms | ZDNet
A hacker is wiping Git repositories and asking for a ransom | ZDNet
Mysterious hacker has been selling Windows 0-days to APT groups for three years | ZDNet
China uses biometrics and digital scanning 'data doors' to track Muslim minority | ZDNet
Uyghurs the People of Xinjiang - Rear Vision - ABC Radio National (Australian Broadcasting Corporation)
CIA sets up shop on the anonymous, encrypted Tor network - CNET
China making 'rapid progress' on potency of cyber-operations, Pentagon says
Japanese government to create and maintain defensive malware | ZDNet
Hacker takes over 29 IoT botnets | ZDNet
Only six TSA staffers are overseeing US oil & gas pipeline security | ZDNet
Dutch intelligence warns of escalating Russian, Chinese cyberattacks in the Netherlands
NSA unmasked more U.S. entities caught in foreign cyber-espionage efforts last year
WordPress finally gets the security features a third of the Internet deserves | ZDNet
Verizon, T-Mobile, Sprint, and AT&T Hit With Class Action Lawsuit Over Selling Customers’ Location Data - VICE
Firefox add-ons disabled en masse after Mozilla certificate issue | ZDNet
Labor asks questions of WeChat over doctored accounts, 'fake news'
Evil Clippy Makes Malicious Office Docs that Dodge Detection
Dell laptops and computers vulnerable to remote hijacks | ZDNet
AWS IAM Exploitation – Security Risk Advisors
Zero Trust Evaluation Guide: For the Workforce | Duo Security
May 08, 2019
Snake Oilers 9 part 2: Rapid7 talks SOAR, Trend Micro on its API-based email security play

This isn’t the regular weekly risky biz news and current affairs show, this is the special podcast series we do here at Risky Biz HQ where we take that dirty, dirty vendor cash and let security companies tell the audience all about what they do. Think of it as show and tell for security vendors!

In this edition we’ve got three more vendors vying for your hard-earned bread. We’ll be hearing from Rapid7 on their InsightConnect product, that one used to be known as Komand. What can you automate and orchestrate with it? How does it work? Who’s using it? What are they doing with it?

Then we’ll be hearing from Trend Micro about their O365 mail security product, and this one is legit interesting for one very simple reason – the deployment method. Most of the mail security firms basically make you route your mail through them.

In this case what Trend has done is create a mail security product that just fiddles with your mailboxes through the Microsoft O365 API. They have literally set up a demo account for an enterprise over a beer at a bar. So yeah, I suspect we’ll be seeing more mail security products deploying this way… and because it’s show and tell, Trend will be along to talk about some of the bells and whistles that come with that product.

Then finally we’ll be hearing from Cybermerc. This is a group based out of Canberra in Australia. They’ve done a lot of enterprise deception hybrid hardware/consulting, that’s something they’ve gotten very good at. They also do a lot of cyber cyber training, but now they’re trying to market a managed service towards small to medium businesses – those with 50 to a few hundred seats. A managed honeypot, some internal vuln scans, and a partridge in a pear tree!

May 02, 2019
Risky Business #539 -- Docker Hub owned, Cloudflare, Bloomberg under fire

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Docker Hub owned
  • That Confluence bug we were talking about a couple of weeks ago got wormified
  • Oracle WebLogic users also having a bad time
  • Cloudflare faces investor pressure over providing services to Nazis
  • Slack warns investors of possible nation-state attacks against it
  • Norsk Hydro puts dollar value on ransomware incident
  • Bloomberg publishes another ridiculous security story
  • Much, much more!

This week’s sponsor interview is with Casey Ellis, the CTO and co-founder of Bugcrowd.

As most of you are probably aware, Bugcrowd announced its so-called “next generation penetration testing” product last year, a move followed some months later by its competitor HackerOne. With others in the bounty space already offering these types of penetration testing packages, it looks like these efforts are here to stay.

But where do crowdsourced penetration tests sit in the wider penetration testing market? Are they coming after the Insomnia and Atredis Partners type firms? The NCCs? The shonky nessus-scan “penetration testers”? Well, not surprisingly Casey argues that this is a new sub-niche in the market and he makes a pretty compelling case to support that argument.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Docker Hub hack exposed data of 190,000 users | ZDNet
two-factor authentication · Issue #358 · docker/hub-feedback · GitHub
Slack warns investors of a high risk of cyber-attacks impacting stock performance | ZDNet
Vulnerable Confluence Servers Get Infected with Ransomware, Trojans
Recent Oracle WebLogic zero-day used to infect servers with ransomware | ZDNet
Norsk Hydro: Attack Cost $50M « isssource.com
The SIM Swap Fix That the US Isn't Using | WIRED
California synagogue shooting casts harsh light on mutual-fund darling Cloudflare - Reuters
Sleeping Giants on Twitter: "REMINDER: 8Chan, where the anti-Semitic shooter from today AND the New Zealand shooter posted manifestos and their fans cheer the killings, is protected by @Cloudflare and their CEO @eastdakota, who doesn’t have any regrets about it at all.… https://t.co/8XKghBMW94"
Catalin Cimpanu on Twitter: "Today in infosec news: Another low-quality Bloomberg article where the reporter converts a random 10-year-old long-time-patched vulnerability into a national security threat.... because Bloomberg reporters get paid for "market-shifting news" ....which means "horrendous clickbait"… https://t.co/3IOoj08g0Q"
Oh dear. Secret Huawei enterprise router snoop 'backdoor' was Telnet service, sighs Vodafone • The Register
Man who allegedly leaked CIA hacking tools says he's been tortured and is owed $50 billion
Hackers Steal and Ransom Financial Data Related to Some of the World’s Largest Companies - Motherboard
NSA's Russian cyberthreat task force is now permanent
DNS hacks are attacks on critical infrastructure, senior U.S. diplomat says
New DHS order pushes agencies to quickly patch vulnerabilities
Microsoft is considering dropping its Windows password expiration policy | TechCrunch
Microsoft Outlook Email Breach Targeted Cryptocurrency Users - Motherboard
Chinese dev jailed and fined for posting DJI's private keys on Github • The Register
Probable Russian Navy covert camera whale discovered by Norwegians | Ars Technica
CARBANAK Week Part Four: The CARBANAK Desktop Video Player « CARBANAK Week Part Four: The CARBANAK Desktop Video Player | FireEye Inc
Port Scanning, Spoofing & Blacklists – notdan – Medium
Bat bomb - Wikipedia
Project Pigeon - Wikipedia
Next Gen Pen Testing
May 01, 2019