Risky Business

By Patrick Gray

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Tech News

Open in iTunes

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 621
Reviews: 1

 Oct 10, 2018


Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Episode Date
Risky Business #537 -- Assange arrested, WordPress ecosystem on fire

On this week’s show Adam Boileau and Patrick Gray discuss the week’s security news:

  • Julian Assange arrested, likely to be extradited to the USA
  • Krebs: Breach at outsourcing firm Wipro
  • WordPress 0day drama causing serious headaches
  • Silk Road 2’s “DPR2” sent to slammer
  • More from Kaspersky SAS

This week’s show is brought to you by Thinkst Canary! Thinkst founder Haroon Meer will be along in this week’s show to talk about the effect venture capital is having on the security ecosystem. He thinks VC money often makes weak ideas look strong, and in a market where it’s quite difficult to make informed purchasing decisions, that’s not a good thing.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Breaking Down the Julian Assange Hacking Case | WIRED
Experts: Breach at IT Outsourcing Giant Wipro — Krebs on Security
Silk Road 2 Founder Dread Pirate Roberts 2 Caught, Jailed for 5 Years - Motherboard
Chinese woman arrested at Mar-a-Lago 'up to something,' denied bail: judge - Reuters
A security researcher with a grudge is dropping Web 0days on innocent users | Ars Technica
Mailgun hacked part of massive attack on WordPress sites | ZDNet
PPD-20 successor has yielded ‘operational success,’ Federal CISO says
A Peek Into the Toolkit of the Dangerous 'Triton' Hackers | WIRED
DHS, FBI say election systems in all 50 states were targeted in 2016 | Ars Technica
Quasi-Russian upstart reportedly targeted Ukraine in cyber-espionage campaign
Patrick Gray 🥚 on Twitter: "Great scoop from @Commsday Looks like @ASDGovAu is going to rip up its contract with @Cloudflare because they host Nazi forums.… https://t.co/uhqC2EIVbY"
Dragonblood vulnerabilities disclosed in WiFi WPA3 standard | ZDNet
Confluence Security Advisory - 2019-03-20 - Atlassian Documentation
A New Breed of ATM Hackers Gets in Through a Bank’s Network | WIRED
Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years | WIRED
Kaspersky: 70 percent of attacks now target Office vulnerabilities | ZDNet
EU: No evidence of Kaspersky spying despite 'confirmed malicious' classification | ZDNet
DHS alerts industry to insecure enterprise VPN apps
Shimo VPN service contains six unpatched vulnerabilities, Talos discovers
‘Land Lordz’ Service Powers Airbnb Scams — Krebs on Security
Hackers publish personal data on thousands of US police officers and federal agents | TechCrunch
Former Senate IT intern admits to doxing US senators on Twitter and Wikipedia | ZDNet
A hacker has dumped nearly one billion user records over the past two months | ZDNet
Google DLP Makes It Easier to Safeguard Sensitive Data Troves | WIRED
Microsoft Email Hack Shows the Lurking Danger of Customer Support | WIRED
Fortinet settles charges of selling intentionally mislabeled Chinese-made tech to U.S. military
Security Engineer, Detection - Google - Sydney NSW, Australia - Google Careers
Security Engineer, Information Security and Privacy Incident Response - Google - Sydney NSW, Australia - Google Careers
Thinkst Canary
Apr 17, 2019
Risky Business #536 -- Mar-a-Lago arrest, ASUS supply chain attack and more

In this week’s show Patrick Gray and Adam Boileau recap all the infosec news of the last three weeks, including:

  • Chinese woman arrested at Mar-a-Lago being very shady
  • The ASUS supply chain attack
  • Flame-related malware lived on longer than expected
  • boostrap-sass Ruby gem backdoored
  • Latest on Norsk Hydro and other victims of the same crew
  • More trouble at Toyota
  • Huawei spanked by UK oversight panel
  • Exodus govvie malware affects Android and iOS
  • Plus much, much more

This week’s sponsor interview is with Kumud Kalia, the Chief Information and Technology Officer of Cylance. They actually dropped a really interesting product announcement at RSA a few weeks back and Kumud will be along later on to tell us about that. The tl;dr it’s an agent that models endpoint behaviour so when someone - or something - else starts using that endpoint to do things that don’t fit the user profile, action can be taken.

It’s the type of tech concept that normally belongs in academic papers, not in actual products people can actually buy. That’s an interesting chat.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Feds: Woman arrested at Mar-a-Lago had hidden-camera detector | Miami Herald
Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers - Motherboard
ASUS releases fix for Live Update tool abused in ShadowHammer attack | ZDNet
Researchers publish list of MAC addresses targeted in ASUS hack | ZDNet
Nation-state hacking kit ‘Flame’ had a second life, researchers say
Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem | Snyk
Norsk Hydro ransomware incident losses reach $40 million after one week | ZDNet
Norsk Hydro will not pay ransom demand and will restore from backups | ZDNet
Arizona Beverages knocked offline by ransomware attack | TechCrunch
Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’ - Motherboard
Toyota announces second security breach in the last five weeks | ZDNet
Huawei's Problem Isn't Chinese Backdoors. It's Buggy Software | WIRED
In issuing 5G recommendations, E.U. spurns U.S. hardline on Huawei
Bezos’ Investigator Gavin de Becker Finds the Saudis Obtained the Amazon Chief’s Private Data
NSO Group Says It Didn’t Hack Jeff Bezos On Behalf of Saudi Arabia - Motherboard
'Exodus' Spyware Posed as a Legit iOS App | WIRED
Former NSA spies hacked BBC host, Al Jazeera chairman for UAE
Lazarus rises in Israel with attempted hack of defense company, researchers say
Defense Ministry rebukes Israeli spy tech company for unlawful exports | The Times of Israel
Islamic State's collapse hastened with help of Australian cyber spies - ABC News (Australian Broadcasting Corporation)
Company sues worker who fell for email scam - BBC News
Utah Just Became a Leader in Digital Privacy | WIRED
Office Depot rigged PC malware scans to sell unneeded $300 tech support | Ars Technica
Microsoft warns Windows 7 users of looming end to security updates | TechCrunch
Brace yourselves: Exploit published for serious Magento bug allowing card skimming [Updated] | Ars Technica
Warfare Plugins on Twitter: "WE ARE AWARE OF A ZERO-DAY EXPLOIT AFFECTING SOCIAL WARFARE CURRENTLY BEING TAKEN ADVANTAGE OF IN THE WILD. Our developers are working to release a patch within the next hour. In the meantime, we recommend disabling the plugin. We will update you as soon as we know more."
Pipdig Update: Dishonest Denials, Erased Evidence, and Ongoing Offenses
Two serious WordPress plugin vulnerabilities are being exploited in the wild | Ars Technica
Ex-NSA contractor pleads guilty to vast classified data leak, faces 9 years in prison
Report deems Russia a pioneer in GPS spoofing attacks | ZDNet
Above Us Only Stars - Exposing GPS Spoofing in Russia and Syria - Association of Old Crows
Researchers find 36 new security flaws in LTE protocol | ZDNet
AT&T, Comcast successfully test SHAKEN/STIR protocol for fighting robocalls | ZDNet
Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years — Krebs on Security
Third-Party Apps Exposed Over 540 Million Facebook Records | WIRED
Man Behind Fatal ‘Swatting’ Gets 20 Years — Krebs on Security
Top dark web marketplace will shut down next month | ZDNet
Lithuanian man pleads guilty to scamming Google and Facebook out of $123 million | ZDNet
China Considers Ban On Cryptocurrency Mining Because It's A Stupid Waste Of Energy | Gizmodo Australia
Vigilantes Counter Christchurch Manifesto with Weaponized Version
RedTeam Pentesting on Twitter: "We were also quite surprised to find this /etc/nginx.conf in… https://t.co/ymjjLM3eP7"
Announcing QueryCon 2019 | Trail of Bits Blog
PaperCall.io - QueryCon 2019
QueryCon 2019 — Hosted by Trail of Bits, with Kolide and Carbon Black Tickets, Thu, Jun 20, 2019 at 9:00 AM | Eventbrite
Apr 10, 2019
Risky Biz Soap Box: All about WebAuthn with Duo Security

This is a wholly sponsored podcast brought to you by Duo Security.

WebAuthn is a new multifactor authentication standard for the web that is all rooted in very smart encryption tech. Some of you would already be using similar authentication standards in apps without even thinking about it, like doing biometric authentication in your banking apps. You want to log in via your app and it scans your face to auth you, that sort of thing. WebAuthn makes those types of authentication actions available to users through the browser.

It’s now an official W3C standard supported by most browsers. It’s the future of auth on the Web.

Duo Security has been involved a little bit with the standards process and in this edition of the Soap Box podcast you’re going to hear a nearly hour long conversation between myself, Nick Steele and James Barclay who are Duo’s resident Webauthn dudes at Duo Labs.

I hope you enjoy this conversation.

Apr 02, 2019
Risky Business #535 -- Stop giving Cloudflare money

In this week’s show Patrick Gray and Alex Stamos discuss the week’s news, as well as discussing the rise of white supremacist communities and propaganda on the Internet and what can be done about it.


  • Norsk Hydro ransomwared
  • Huawei ban gets more and more political
  • APT40 hitting USA hard
  • Cyber Command’s Euro road-trip
  • Kremlin interference in EU elections extremely likely
  • US Senators seek information on breaches targeting them
  • Cloudflare won’t pull service from 8chan in wake of NZ attack
  • Beto O’Rourke was cDc member
  • New Mirari variant
  • 150 million Android devices hosed by new malware
  • Much, much more

This week’s show is brought to you by Chronicle Security! We’ll be joined by Chronicle co-founders Shapor Naghibzadeh and Mike Wiacek. They had a tremendously successful launch at RSA and they’re going to pop in to tell us about some near future plans they have for their Backstory product.

Links to everything are below, and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes

Norsk Hydro Ransomware Attack Is `Severe' But All Too Common - Bloomberg
Antivirus scan for c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15 at 2019-03-19 12:37:54 UTC - VirusTotal
When Facebook Goes Down, Don't Blame Hackers | WIRED
U.S. Campaign to Ban Huawei Overseas Stumbles as Allies Resist - The New York Times
Navy, Industry Partners Are ‘Under Cyber Siege’ by Chinese Hackers, Review Asserts - WSJ
Tim Watts MP on Twitter: "In a rambling and incoherent Op-Ed today, Barnaby Joyce, our former Deputy Prime Minister make a unilateral attribution of the recent incursions into Australia’s Parliamentry IT systems. The Morrison govt has not publicly attributed these incursions. https://t.co/lvaM0mjPnS… https://t.co/btgLqCdFBo"
March for something that’s truly under threat: Western democracy
Cyber Command’s midterm election work included trips to Ukraine, Montenegro, and North Macedonia
Kremlin interference in EU vote is likely, says Estonian spy agency
Report: Tech Company In Steele Dossier May Have Been Used To Support DNC Hack
US senators want to know how many times they've been hacked | ZDNet
After The New Zealand Terror Attack, Here’s Why 8chan Won’t Be Wiped From The Web
How Right-Wing Social Media Site Gab Got Back Online | WIRED
Parliament TV and Radio - New Zealand Parliament
Facebook trolls and scammers from Kosovo are manipulating Australian users - ABC News (Australian Broadcasting Corporation)
Optus, Telstra, Vodafone Block 8chan, 4chan For Christc... | 10 daily
Dutton Wants To Rehash The Video Game Violence Debate After The NZ Attack
Facebook failed to block 20% of uploaded New Zealand shooter videos | TechCrunch
Beto O’Rourke’s secret membership in America’s oldest hacking group
'Make money work for me': Sydney man charged with stealing $100,000 via phone porting
A huge trove of medical records and prescriptions found exposed | TechCrunch
New Mirai malware variant targets signage TVs and presentation systems | ZDNet
Microsoft releases Application Guard extension for Chrome and Firefox | ZDNet
North Korean diplomats in Spain: CIA implicated in attack on North Korean embassy in Madrid | In English | EL PAÍS
Dissidents behind raid on N.Korea Madrid embassy: US paper - The Local
Almost 150 million users impacted by new SimBad Android adware | ZDNet
Most Android Antivirus Apps Are Garbage | WIRED
Nasty WinRAR bug is being actively exploited to install hard-to-detect malware | Ars Technica
Proof-of-concept code published for Windows 7 zero-day | ZDNet
Malicious Counter-Strike 1.6 servers used zero-days to infect users with malware | ZDNet
“Yelp, but for MAGA” turns red over security disclosure, threatens researcher | Ars Technica
Local privilege escalation via the Windows I/O Manager: a variant finding collaboration – Security Research & Defense
iblue on Twitter: "So, that's CVE-2019-5418. Accept: ../../../../../../../../../etc/passwd (And we might see more fun involving the PathResolver in the future :))… https://t.co/JT2hxnCaM4"
CVE‌-2019-7644: How Does this Happen?
Chronicle Security - Careers
Mar 20, 2019
Risky Business #534 -- Manning back in clink, automotive industry under attack

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:

  • Chelsea Manning back in jail
  • Citrix owned, Resecurity claims it was Iran. Again. Because reasons, apparently.
  • Huawei politics get messy
  • EXCLUSIVE: Toyota Oz, other carmakers likely targeted by APT32 (Vietnam)
  • Much, much more

This week’s sponsor is Senetas. They make layer 2 encryption gear but recently made a US$8m investment into Votiro, a Content Disarm and Reconstruction (CDR) play. Votiro CEO Aviv Grafi is this week’s sponsor guest. He stops by to explain CDR tech.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Chelsea Manning jailed after refusing to testify about WikiLeaks - CNNPolitics
Citrix discloses security breach of internal network | ZDNet
Citrix investigating unauthorized access to internal network | Citrix Blogs
Iranian-backed hackers stole data from major U.S. government contractor
Deacon Blues on Twitter: "Have about closed the loop on who is behind Resecurity, the mysterious company attributing the Citrix hack to Iran. It seems to be the work of one man, Andrey Andreevich Komarov, aka Andrew Komarov.… https://t.co/9fbWuEwqdL"
US ambassador in Berlin urges Germany to cut ties with Huawei
Pompeo warns allies Huawei presence complicates partnership with U.S. | Reuters
Huawei’s 5G equipment is a manageable risk, British intelligence claims - The Verge
UN report links North Korean hackers to theft of $571 million from cryptocurrency exchanges
China database lists 'breedready' status of 1.8 million women | World news | The Guardian
800+ Million Emails Leaked Online by Email Verification Service - Security Discovery
Releasing the NSA’s Previously Classified Tool ‘Ghidra’ For Free Is a ‘Game Changer’ - Motherboard
Facebook Suit: Ukrainian Hackers Used Quizzes to Take Data from 60,000 Users
A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificates | Ars Technica
The Prototype iPhones That Hackers Use to Research Apple’s Most Sensitive Code - Motherboard
Google reveals Chrome zero-day under active attacks | ZDNet
Pipes on Twitter: "Google TAG have run down and identified iOS, Chrome and Windows 0days in the last few weeks. @ShaneHuntley Are we going to get some insight on which group you folk are pulling apart later? Sounds like fun times 😉"
Russia blocks encrypted email provider ProtonMail | TechCrunch
Tufts expelled a student for grade hacking. She claims innocence | TechCrunch
Lamborghini-driving bitcoin trader charged with drug trafficking
Cryptocurrency entrepreneur pleads guilty in 'Bitcointopia' fraud - Los Angeles Times
Car alarms with security flaws put 3 million vehicles at risk of hijack | TechCrunch
Silencing Cylance: A Case Study in Modern EDRs – MDSec
Glitching Trezor using EMFI Through The Enclosure – Colin O’Flynn
Extracting BitLocker keys from a TPM
WDS bug lets hackers hijack Windows Servers via malformed TFTP packets | ZDNet
Cisco tells Nexus switch owners to disable POAP feature for security reasons | ZDNet
Auth0 Security Bulletin CVE-2019-7644
Votiro Disarmer Takes Cyber Security to the Next-Generation
Senetas announces $8m investment in Votiro Disarmer
Mar 13, 2019
Risky Business #533 -- Ghidra release, NSA discontinues metadata program and more

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:

  • The NSA isn’t that interested in phone metadata anymore
  • More Chinese mass surveillance data leaks
  • Chelsea Manning, David House subpoenaed over Wikileaks
  • Quadriga cold wallets were actually empty at time of founder’s death
  • NSA deployed “rm -rf / shark” at Internet Research Agency
  • HackerOne follows Bugcrowd into pentesting
  • NSA releases Ghidra
  • Much, much more!

This week’s sponsor interview is with Chris Kennedy, AttackIQ’s CISO and VP of customer success. And we’ll be talking about a few things really, like about how continuous validation of security controls like monitoring is a good thing. Everyone uses software like Tenable to verify patching, why not do the same for your monitoring?

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The NSA has reportedly stopped data-mining Americans' phone and SMS records / Boing Boing
House aide: NSA has shut down phone call record surveillance | Ars Technica
China’s “democracy” includes mandatory apps, mass chat surveillance | Ars Technica
China claims detained Canadians formed spy link
As Trump and Kim Met, North Korean Hackers Hit Over 100 Targets in U.S. and Ally Nations - The New York Times
Disclosing Subpoena for Testimony, Chelsea Manning Vows to Fight - The New York Times
WikiLeaks Veteran: I ‘Cooperated’ With Feds ‘in Exchange for Immunity’
Mystery as Quadriga crypto-cash goes missing - BBC News
NSA’s top policy advisor: It’s time to start putting teeth in cyber deterrence | Ars Technica
US wiped hard drives at Russia's 'troll factory' in last year's hack | ZDNet
Vulnerability exposes location of thousands of malware C&C servers | ZDNet
Former Hacking Team Members Are Now Spying on the Blockchain for Coinbase - Motherboard
Coinbase Says Ex-Hacking Team Members Will ‘Transition Out’ After Users Protest - Motherboard
HackerOne thinks its freelance hackers can conduct penetration tests better than actual pentesting companies
New Software Helps to Mitigate Supply Chain Management Risk > National Security Agency | Central Security Service > Article View
Hacker Fantastic on Twitter: "Ghidra opens up JDWP in debug mode listening on port 18001, you can use it to execute code remotely 🤦‍♂️.. to fix change line 150 of support/launch.sh from * to https://t.co/J3E8q5edC7"
Backstory: An Alphabet Moon Shot Wants to Store the Security Industry's Data | WIRED
BlackBerry Cylance Delivers First Proactive Behavioral Analytics Solution with CylancePERSONA
Martijn Grooten on Twitter: "Shamir is of course right in his criticism of strict US visa procedures, but to add a sobering perspective, we have had speakers who couldn't get a visa when we had our conference in the US, Canada and the EU. For most of the world, visas for the West are really hard.… https://t.co/HRXh1Vr5pt"
W3C finalizes Web Authentication (WebAuthn) standard | ZDNet
Hackers have started attacks on Cisco RV110, RV130, and RV215 routers | ZDNet
Researchers uncover ring of GitHub accounts promoting 300+ backdoored apps | ZDNet
Google Reveals "BuggyCow," a Rare MacOS Zero-Day Vulnerability | WIRED
Adobe releases out-of-band update to patch ColdFusion zero-day | ZDNet
PoC Buffer Overflow exploitation in the British Airways Entertainment System | LinkedIn
Mar 06, 2019
Risky Biz Soap Box: PRODUCT LAUNCH: Backstory by Alphabet's Chronicle

In this edition of the show we’re playing a small part in Chronicle’s launch of its flagship product, Backstory.

Chronicle is of course the security spinoff of Google’s parent company, Alphabet. The launch of Chronicle itself was announced about a year ago, but until now it’s only really had one product: Virus Total Enterprise. That all changed today when Chronicle launched Backstory at the RSA conference in the USA.

I was lucky enough to see a demo of Backstory before we recorded this interview last week, and I’m going to characterise it in a way that Chronicle probably won’t like, but it’s basically a cloud-SIEM, albeit a very good one.

Backstory ingests logs from a bunch of data sources – DNS lookup information, DHCP info, your EDR logs (from your Crowdstrike or Carbon Black software), web proxy logs, firewall alerts – and then it structures this stuff so you can make use of it. You get nice pointy-clicky timelines and useful visualisations. That’s handy enough, but keep in mind your logs are now with the company that is responsible for Virus Total. They have some pretty good intel, and they can now apply various IOCs to the logs you’ve submitted.

So one obvious use case for Backstory is doing the type of threat hunting threat hunters like to do, but beyond that, this is likely going to become a pretty useful alerting platform.

Mar 04, 2019
Risky Business #532 -- A big week of research and tech news

On this week’s show Adam and Patrick discuss the week’s security news:

  • Cyber Command kicks the IRA off the Internet on election day
  • WSJ reporting on Iran vs Australia likely incorrect
  • Two Russian cybersecurity professionals sentenced over treason
  • DPRK spearphishing US summit participants
  • LOTS of technical news and research this week

This week’s show is brought to you by Remediant. Their CEO Tim Keeler will be along in this week’s sponsor segment to talk about how they’re doing “virtual directory binding” to make managing Linux accounts via Active Directory less traumatic. If you’re struggling with horrible, horrible PAM solutions in your devops environments have a listen to that one.

*** NOTE FROM PAT: I made some mistakes in the recording phase of this week’s show. As a result, my vocal audio is pretty atrocious. Sorry! ***

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Cyber Command put the kibosh on Russian trolls during the midterms
Iranian Group Blamed for Cyberattack on Australia’s Parliament - WSJ
China, not Iran, still the main suspect in hacking of Australia's political parties, say sources
Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison — Krebs on Security
North Korean hackers go on phishing expedition before Trump-Kim summit
Supermicro hardware weaknesses let researchers backdoor an IBM cloud server | Ars Technica
The Missing Security Primer for Bare Metal Cloud Services – Eclypsium
The secret lives of Facebook moderators in America - The Verge
CRXcavator: Democratizing Chrome Extension Security | Duo Security
Toyota Australia says no customer data taken in attempted cyber attack | Business | The Guardian
Toyota Australia hack update | Automotive Industry News | just-auto
Many websites threatened by highly critical code-execution bug in Drupal | Ars Technica
It took hackers only three days to start exploiting latest Drupal bug | ZDNet
Former Hacking Team Members Are Now Spying on the Blockchain for Coinbase - Motherboard
For many crooks, malware is out and PowerShell attacks are in, IBM says
New flaws in 4G, 5G allow attackers to intercept calls and track phone locations | TechCrunch
Cryptocurrency wallet caught sending user passwords to Google's spellchecker | ZDNet
POS firm says hackers planted malware on customer networks | ZDNet
Surveillance firm asks Mozilla to be included in Firefox's certificate whitelist | ZDNet
New browser attack lets hackers run bad code even after users leave a web page | ZDNet
WinRAR versions released in the last 19 years impacted by severe security flaw | ZDNet
Dow Jones’ watchlist of 2.4 million high-risk clients has leaked | TechCrunch
Intel open-sources HBFA app to help with firmware security testing | ZDNet
Thunderclap flaws impact how Windows, Mac, Linux handle Thunderbolt peripherals | ZDNet
Spain investigates raid on North Korean embassy: sources | Reuters
Conference | 0xCC | Melbourne
Feb 28, 2019
Risky Business #531 -- Australia's political parties targeted, the Witt indictment and more

Adam Boileau is along this week to discuss the week’s security news, which also features comment from Dmitri Alperovitch, Klon Kitchen and The Grugq. We cover:

  • Former USAF counterintelligence official indicted over spearphishing, leaking secrets
  • Australia’s major political parties targeted by APT crew that totally isn’t Chinese. (It’s Chinese)
  • More on the Iran DNS hijacks
  • Venezuelans phished by their own government
  • China’s mass surveillance of Uyghur Muslims laid bare in data leak
  • Millions of Swedes have their healthcare help-line calls exposed
  • Bank of Valletta dodges a bullet, catches fraudulent transfers
  • VK gets Samy’d
  • Calls for GDPR-like law in USA
  • Marcus “Malwaretech” Hutchins has a bad week

This week’s sponsor interview is with Jason Haddix of Bugcrowd. He’ll be along to talk a little more about what Bugcrowd calls next-generation pentests. They claim one of their tests is sufficient for compliance purposes under PCI, ISO or NIST and they’ve had a third party auditor prove that for them. They also say the service has really taken off despite being launched only a couple of months ago.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Air Force Defector to Iran Severely Damaged U.S. Intelligence Efforts, Ex-Officials Say - The New York Times
Spy Betrayed U.S. to Work for Iran, Charges Say - The New York Times
Game of Thrones hacker worked with US defector to hack Air Force employees for Iran | ZDNet
Scott Morrison details cyber attack on Australia's major political parties
How China and Russia are readying themselves for a US cyber war
Chinese traders freeze Australian coal orders amid 40-day customs delays: sources | Reuters
A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
Albania expels Iranian diplomats on national security grounds | Reuters
Venezuela’s Government Appears To Be Trying to Hack Activists With Phishing Pages - Motherboard
China's mass surveillance of Uyghur Muslims in Xinjiang province revealed in data security flaw - ABC News (Australian Broadcasting Corporation)
Millions of calls to Swedish healthcare hotline left unprotected online - The Local
Hackers tried to steal €13 million from Malta's Bank of Valletta | ZDNet
State of the Hack S2E01: #NoEasyBreach REVISITED « State of the Hack S2E01: #NoEasyBreach REVISITED | FireEye Inc
Russian hackers 8 times faster than Chinese, Iranians, North Koreans, says report
White hats spread VKontakte worm after social network doesn't pay bug bounty | ZDNet
You Don't Get To Learn How The FBI Tried To Crack Facebook Messenger Encryption, Judge Rules | Gizmodo Australia
GAO gives Congress go-ahead for a GDPR-like privacy legislation | ZDNet
NSO Group founders buy back their spyware company
MalwareTech loses bid to suppress damning statements made after days of partying | Ars Technica
Researchers hide malware in Intel SGX enclaves | ZDNet
Google Play Store app rejections up 55% from last year, app suspensions up 66% | ZDNet
Behold, the Facebook phishing scam that could dupe even vigilant users | Ars Technica
(20) Facebook Popup Phishing Page (Social Login) - YouTube
Google backtracks on Chrome modifications that would have crippled ad blockers | ZDNet
Scammers Are Filing Fake Trademarks to Steal High-Value Instagram Accounts - Motherboard
Google working on new Chrome security feature to 'obliterate DOM XSS' | ZDNet
Microsoft patches 0-day vulnerabilities in IE and Exchange | Ars Technica
Apple is forcing 2FA on iOS and macOS developers
Apple being sued because two-factor authentication on an iPhone or Mac takes too much time
Forced Two Factor Auth Will Cause Issues |Apple Developer Forums
Aspen Tech Policy Hub - A Silicon Valley-Style Think Tank
Next Gen Pen Testing
Feb 20, 2019
Risky Business #530 -- UAE's Project Raven, Bezosgate and more

Adam Boileau is back in the news seat this week. We talk about:

  • Amazing Reuters report on UAE’s “Project Raven”
  • Bezos’ dick pics, Saudi Arabia and a creepy brother
  • US government security staffers play post-shutdown catch-up
  • Krebs: National Credit Union Administration probably pwned
  • Russia to test complete disconnection from wider Internet
  • China suspected of involvement in Australian parliament hack
  • Trump likely to ban all Chinese telco equipment makers from US builds
  • Lasers
  • Google: iOS privesc 0days were in wild
  • $145m in cryptocurrency lost forever due to exchange CEO death
  • VFEmail has a very bad day
  • Facebook/Apple cert wars
  • MORE

This week’s show is brought to you by AustCyber, a nonprofit funded by grants from the Australian government. Its goal is to promote Australia’s cybersecurity industry.

AustCyber CEO Michelle Price will be along in this week’s sponsor interview to tell us all about what they’ve got planned for RSA.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Special Report - Inside the UAE’s secret hacking team of U.S. mercenaries | Reuters
Project Raven: What Happens When U.S. Personnel Serve a Foreign Intelligence Agency? - Lawfare
No thank you, Mr. Pecker – Jeff Bezos – Medium
Mistress’ Brother Leaked Bezos’ Racy Texts to Enquirer, Sources Say
Bezos Could Put National Enquirer Brass in Jail
Cybersecurity Workers Scramble to Fix a Post-Shutdown Mess | WIRED
Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions — Krebs on Security
Russia to disconnect from the internet as part of a planned test | ZDNet
China link possible in cyber attack on Australian Parliament computer system, ABC understands - ABC News (Australian Broadcasting Corporation)
Trump likely to sign executive order banning Chinese telecom equipment next week - POLITICO
Huawei Sting Offers Rare Glimpse of U.S. Targeting Chinese Giant - Bloomberg
China's cybersecurity law update lets state agencies 'pen-test' local companies | ZDNet
Google warns about two iOS zero-days 'exploited in the wild' | ZDNet
$145 million funds frozen after death of cryptocurrency exchange admin | ZDNet
Hackers wipe US servers of email provider VFEmail | ZDNet
Zcash cryptocurrency fixes infinite counterfeiting vulnerability | ZDNet
Biohackers Encoded Malware in a Strand of DNA | WIRED
Google releases Chrome extension that alerts users of breached passwords | Ars Technica
Big Telecom Sold Highly Sensitive Customer GPS Data Typically Used for 911 Calls - Motherboard
Hundreds of Bounty Hunters Had Access to AT&T, T-Mobile, and Sprint Customer Location Data for Years - Motherboard
How Hackers and Scammers Break into iCloud-Locked iPhones - Motherboard
Apple restores Facebook’s ability to run internal iOS apps - The Verge
New TLS encryption-busting attack also impacts the newer TLS 1.3 | ZDNet
Atlassian leads encryption law revolt as Peter Dutton stands firm
Australian government clamping down on security research, academic says - Computerworld
Swiss government invites hackers to pen-test its e-voting system | ZDNet
Indecent disclosure: Gay dating app left “private” images, data exposed to Web (Updated) | Ars Technica
AustCyber supports the development of a vibrant and globally competitive cyber security sector | AustCyber
Feb 12, 2019
Risky Biz Soap Box: Polyswarm builds a marketplace for AV engines

As regular listeners know, this isn’t the regular weekly Risky Business podcast, all Soap Box podcasts are paid promotions. We ran 10 of these last year, we’re running more of them this year – the total number is up to 14, but we’re running fewer of our other promotional podcast Snake Oilers.

In this Soap Box podcast we’re chatting with a company with a legitimately fascinating origin story.

You remember how in 2017 and 2018 people were running all these shonky initial coin offerings where they’d sell off millions of dollars of crypto tokens on the basis of a two minute video and a whitepaper? What happened in a lot of these cases is after the ICO the founders would take the money, launder it and move to the Bahamas.

Well, Polyswarm raised its money in an ICO. About $26m US dollars (!!). And, because they weren’t mainlining the ICO Kool-Aid, they cashed out about half of what they raised into real money before cryptocurrency values crashed.

Instead of moving to the Bahamas, they actually stuck around to build the business that tokenholders had chosen to fund. Their token value has crashed like everyone else’s has, but that doesn’t matter – they’re funded, and because of their unconventional funding source they don’t have a whole bunch of venture capitalists breathing down their neck.

So, what’s the business? It’s a marketplace for threat detection. Yes, my pinned tweet says “I do not want your blockchain expert as a guest on my podcast,” and yes, this company does use blockchain fairy dust, but as you’ll hear, the blockchain element to this business isn’t really what it’s about. Indeed, the founder and CEO of Polyswarm, Steve Bassi, says he would find life a lot easier in many ways if they weren’t actually using blockchain tech here as a marketplace enabler. He’s also banned himself from ever attending a blockchain conference again in his life.

Ok, so what is the Polyswarm marketplace and how does it work. As you’ll hear in this interview it took me a bit to actually understand exactly what they’re doing here, but what they’ve essentially built is a marketplace for AV. The best way to explain this is to just explain how it works. If you’re an enterprise client or an MSSP you can submit a sample to this marketplace. You’re submitting it with a question – is this file bad or good – and you attach a tokenised value to the answer.

On the other side of the equation are all these AV engines. Big ones, small ones… even tiny little micro engines that are only good at detecting very niche threats. So the enterprise submits the sample – that can be a whole file or just a hash – and it gets distributed to all the people who are running these AV engines. They scan the file, and if they’re super confident on an answer, they return that answer as well as a tokenised stake as a measure of their confidence. The idea is you can have a competitive marketplace for threat detection in which even niche players can participate. Polyswarm CEO Steve Bassi joined me to talk me through the whole concept.

Feb 07, 2019
Risky Business #529 -- Special guest Rob Joyce, NSA

There’s no news segment in this week’s show. Instead, you’re going to hear a long-form feature interview I did with the NSA’s Rob Joyce.

Rob is probably best known for his tenure as special assistant to the president on cybersecurity and for being the cybersecurity coordinator on the US National Security Council.

He also served as acting homeland security advisor to Donald Trump for a short time following the departure of Tom Bossert from the Whitehouse. In May last year he went back to NSA where he now serves as a senior advisor to the director of NSA for Cyber Security strategy.

Some of you may also know Rob for his blockbuster January 2016 conference talk “disrupting nation state hackers” back when he was heading TAO at NSA. Good talk, that one, and it’s on YouTube. (Link below.)

But gradually over the last couple of years Rob has emerged as a sort of friendly-face of NSA, at least as far as the infosec industry is concerned. He’s spoke at DEF CON last year, he often appears at events and on panels and he’s doesn’t seem terrified of actually comment on things.

This is a huge departure from the historical way agencies like NSA handled themselves. But as you’ll hear, Rob sees this new approach as being vital to the NSA’s current-day mission.

Topics covered include:

  • DoJ indictments of foreign gov hackers
  • 5G networks and Huawei
  • Kaspersky AV
  • Bloomberg’s Supermicro story
  • Software and hardware supply chain security
  • The USG aggressively burning adversary tools

We also have a sponsor interview for you this week with Zane Lackey, the co-founder of Signal Sciences. I guess you’d call these guys “next generation WAF,” more on that later… but Zane will be along a little bit later with some pretty incredible stats on the way security spending has changed over the last year or two. Money is just piling into appsec while spending on some other controls is actually reducing. It’s a sign of change.

Feb 05, 2019
Risky Business #528 -- Huawei dinged, epic FaceTime and Exchange bugs

Adam Boileau co-hosts this week’s Risky Business episode. We talk about:

  • The Huawei indictments
  • The epic Facetime logic bug
  • The even more epic Exchange privesc bug
  • CISA’s “fix yo DNS” directive
  • Black Cube busted doing shady stuff to Citizen Lab
  • Yahoo shareholder lawsuit settlement makes directors twitchy
  • Internet filtering kicks off in Venezuela
  • Much, much MORE!

This week’s show is brought to you by Thinkst Canary – they make hardware honeypots and the tools you need to deploy canarytokens at scale. They also make virtual honeypots! This week Thinkst’s founder Haroon Meer will be along to wave his finger at basically all of us over what he sees as the security discipline’s tendency to not really learn anything from security conferences. It’s “contertainment,” he says, followed by “GET OFF MY LAWN”.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

US hammers Huawei with 23 indictments for stolen trade secrets, fraud - CNET
Major iPhone FaceTime bug lets you hear the audio of the person you are calling ... before they pick up - 9to5Mac
Abusing Exchange: One API call away from Domain Admin - dirkjanm.io
DHS: Multiple US gov domains hit in serious DNS hijacking wave | Ars Technica
cyber.dhs.gov - Emergency Directive 19-01
Rep. Langevin: We need a DHS briefing to understand extent of DNS hijacking threat
ALERT: DNS hijacking activity - NCSC Site
APNewsBreak: Undercover agents target cybersecurity watchdog
Japanese government plans to hack into citizens' IoT devices | ZDNet
Internet experiment goes wrong, takes down a bunch of Linux routers | ZDNet
Lessons for Corporate Boardrooms From Yahoo’s Cybersecurity Settlement - The New York Times
Mystery still surrounds hack of PHP PEAR website | ZDNet
WordPress sites under attack via zero-day in abandoned plugin | ZDNet
OONI report into Internet filtering in Venezuela
Tonga sent back to 'dark ages' after underwater Internet cable severed | Fox News
Opinion | Mueller’s Real Target in the Roger Stone Indictment - The New York Times
Exclusive: Ukraine says it sees surge in cyber attacks targeting election | Reuters
This Time It’s Russia’s Emails Getting Leaked
Russia Targeting British Institute In Disinformation Campaign
Unsecured MongoDB databases expose Kremlin's backdoor into Russian businesses | ZDNet
Facebook to encrypt Instagram messages ahead of integration with WhatsApp, Facebook Messenger | TechCrunch
Cryptopia funds still being drained by hackers while police investigated | RNZ News
Europol arrests UK man for stealing €10 million worth of IOTA cryptocurrency | ZDNet
Police license plate readers are still exposed on the internet | TechCrunch
Malvertising campaign targets Apple users with malicious code hidden in images | ZDNet
Hackers are going after Cisco RV320/RV325 routers using a new exploit | ZDNet
Spencer Dailey on Twitter: "hard to understate how bad this flaw is--shocked more pubs haven't picked up on this. The affected chip is ubiquitous, the potential exploits allow anyone within wifi-range to run arbitrary code on the machine. Wifi routers themselves use affected chip 🤯 https://t.co/XQx4SobJtj"
GitHub - hannob/apache-uaf: Apache use after free bug infos / ASAN stack traces
Lesley Carhart on Twitter: "At the very least I’ll be able to publish these questions so that other people can grill their properties should they forcibly migrate to IoT equipment."
APT39: An Iranian Cyber Espionage Group Focused on Personal Information « APT39: An Iranian Cyber Espionage Group Focused on Personal Information | FireEye Inc
44CON 2013 - A talk about (info-sec) talks - Haroon Meer - YouTube
Jan 29, 2019
Risky Business #527 -- Featuring Alex Stamos, The Grugq, Susan Hennessey, Brian Krebs, Kelly Shortridge and Bobby Chesney

Alex Stamos co-hosts this week’s episode. Topics discussed include:

  • DNC says Russia tried to own its servers in November 2018
  • South Korean Defence Ministry owned
  • Lazarus Group busy in Chile
  • West African banks suffer multiple intrusions
  • Michael Cohen admits rigging online poll for Trump
  • Nine charged over SEC hack
  • More USG SSL certificates due to expire
  • apt-get remote root RCE
  • Don’t use your Garmin to scope your murder escape route
  • Big plot twist in viral video outrage

This week’s show is brought to you by Duo Security, which I guess is now Cisco Duo Security. Wendy Nather - Duo’s head of advisory CISOs - will be along in this week’s sponsor interview to talk about a topic near and dear to my heart: victim shaming. That’s a good one so please do stick around for that.

Links to everything that we discussed are below and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes

DNC says Russia tried to hack its servers again in November 2018 | ZDNet
Hackers breach and steal data from South Korea's Defense Ministry | ZDNet
North Korean hackers infiltrate Chile's ATM network after Skype job interview | ZDNet
West African banks hit by multiple hacking waves last year | ZDNet
Michael Cohen says Trump directed him to pay for poll rigging - CNNPolitics
Nine defendants charged in SEC hacking scheme that netted $4.1 million | Ars Technica
773M Password ‘Megabreach’ is Years Old — Krebs on Security
Advertising network compromised to deliver credit card stealing code | ZDNet
Major Security Breach Discovered Affecting Nearly Half of All Airline Travelers Worldwide | Safety Detective
These are all the federal HTTPS websites that’ll expire soon because of the US government shutdown | TechCrunch
The Hacker News on Twitter: "We all love your media player, but that’s really rude #VLC 🙄 VLC developers refused to consider #software "update-over-HTTP" as a threat. Responded→ “no threat model. no proof. no #security bug" It wouldn't hurt if you simply consider the suggestion. https://t.co/GWhE1US5Ko… https://t.co/7ja6wM4Ube"
Remote Code Execution in apt/apt-get
Hitman Runner Mark Fellows Convicted of Mob Murder on GPS Watch Data
HN Front Page on Twitter: "FBI arrests PureVPN user with log data that was said to not exist L: https://t.co/bnY0CPyidf C: https://t.co/M1uhBVTRVC"
Lin Affidavit
Huawei founder says company would not share user secrets | The Sacramento Bee
Opinion | If 5G Is So Important, Why Isn’t It Secure? - The New York Times
Facebook’s Sputnik Takedown — In Depth – DFRLab – Medium
Covington students, Nathan Phillips viral video: Twitter suspends account that helped ignite controversy - CNN
Russia tries to force Facebook and Twitter to relocate servers to Russia | Ars Technica
Forget Bitcoin: Why Criminals are Using Fortnite to Launder Illicit Funds
Fortnite security issue would have granted hackers access to accounts | ZDNet
VC funding of cybersecurity companies hits record $5.3B in 2018 | TechCrunch
Jan 22, 2019
Risky Business #526 -- Huawei arrest in Poland, DPRK SWIFT hack conviction, more from the El Chapo trial

This week’s podcast features Patrick and Adam talking about the week’s security news, including:

  • Huawei staffer arrested for spying in Poland
  • Conviction in DPRK SWIFT hack against Bangladesh central bank
  • El Chapo used Flexispy to spy on mistresses and staff
  • NSO group on charm offensive
  • Iran hijacking DNS entries, conducting PITM with DV certs
  • Kaspersky tipped NSA on Hal Martin
  • US government certificates expire amid shutdown
  • Idiot sentenced to 10 years prison for DDoSing children’s hospital

This week’s show is brought to you by Trail of Bits! Trail of Bits is a security engineering firm and consultancy based in New York. They aren’t a typical pen-testing firm, they build as well as break.

In this week’s sponsor interview JP Smith from Trail of Bits joins us to talk about the work he put in to CSAW. Not the Centre for Sustainable Architecture with Wood, which is a thing, but the Cyber Security Awareness Worldwide CTF.

JP is a sick man. He’s sick. You’ll hear about the mind-bending CTF challenges he put together for CSAW. Remarkably, some teams were actually able to solve his problems, some of which featured complex numbers mapped to a four dimensional unit sphere being used to drive the rotation of a virtual IBM Selectric typewriter golfball in Second Life. As I say, he’s a sick, sick man.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Poland spy arrest: China telecoms firm Huawei sacks employee - BBC News
Ex-RCBC manager guilty in $81-M heist | The Manila Times Online
Alan Feuer on Twitter: "Chapo would play a little game. He would call people who had the “special” phones and chat with them a while then hang up, secretly activate the mic and listen to what they said about him."
Chapo’s I.T. Guy: Working for a Kingpin Can Cause a Nervous Breakdown - The New York Times
Exclusive: How Mexican drug baron El Chapo was brought down by technology made in Israel
A Worldwide Hacking Spree Uses DNS Trickery to Nab Data | WIRED
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale « Global DNS Hijacking Campaign: DNS Record Manipulation at Scale | FireEye Inc
Exclusive: How a Russian firm helped catch an alleged NSA data thief - POLITICO
.gov security falters during U.S. shutdown | Netcraft
Senators Call on FCC To Investigate T-Mobile, AT&T, and Sprint Selling Location Data to Bounty Hunters - Motherboard
Google Demanded That T-Mobile, Sprint Not Sell Google Fi Customers' Location Data - Motherboard
AT&T to Stop Selling Location Data to Third Parties After Motherboard Investigation - Motherboard
Feds Can't Force You To Unlock Your iPhone With Finger Or Face, Judge Rules
Ryuk ransomware gang probably Russian, not North Korean | ZDNet
Man gets 10 years for cyberattack on Boston Children's Hospital | Boston.com
Hacker 'BestBuy' sentenced to prison for operating Mirai DDoS botnet | ZDNet
Police get report of a shooting only to find out it was a prank - Palo Alto Daily Post
Scooter startup Bird tried to silence a journalist. It did not go well. | TechCrunch
Yet another Qld cop charged with hacking - Security - iTnews
Some of the biggest web hosting sites were vulnerable to simple account takeover hacks | TechCrunch
$900,000 On Offer For Anyone Who Can Hack A Tesla Model 3
SCP implementations impacted by 36-years-old security flaws | ZDNet
Google Chrome's built-in ad blocker to roll out worldwide on July 9 | ZDNet
Gaining access to Uber's user data through AMPScript evaluation – Assetnote
Rahul Sridhar on Twitter: "Here's a short story about cryptography in 2018 in five tweets:"
Jan 15, 2019
Risky Business #525 -- Back on deck for 2019!

In this week’s show Adam Boileau and Patrick Gray discuss the security news of the last few weeks, including:

  • German politicians pwnt, suspect arrested
  • Possible ransomware attack affects US newspapers
  • Mass 2FA bypasses impacting Gmail users in Middle East
  • Emergency warning system in Australia popped
  • Ethereum Classic double-spend attack a sign of things to come
  • EU to fund open source bug bounties
  • Attackers steal details of 1,000 North Korean defectors
  • Doing the Bloomberg hack for real at 35C3
  • El Chapo should have used Signal
  • Much, much more…

This week’s show is brought to you by Cylance! BlackBerry announced that it’s acquiring Cylance for $1.4bn (I don’t know if that’s closed yet) which is great news for all the founders and early employees there – some of whom I know reasonably well. So congrats to team Cylance on that!

But we’re not talking about that this week. Instead, Cylance’s very own Scott Scheferman joins us to talk about the MITRE ATT&CK framework and how it’s informing their product dev. There’s some product talk in that interview but there’s also some real meat there so I let it run long. Scott says we’re close to the terrible situation where security companies are going to start using MITRE ATT&CK as a marketing tool, like “Full MITRE ATT&CK coverage!”

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Arrested German hacker confesses to leaking politicians' information, report says
Before Germany’s Massive Hack, We Learned What Not to Do With Sensitive Stolen Information - Motherboard
What we still don’t know about the cyberattack on Tribune newspapers - The Washington Post
Ransomware suspected in cyberattack that crippled major US newspapers | ZDNet
How Hackers Bypass Gmail 2FA at Scale - Motherboard
Hackers target 'hundreds' of Middle East activists with fake login pages, 2FA bypass schemes
Hackers send fake emergency emails, texts, messages using warning system
Coinbase suspends Ethereum Classic (ETC) trading after double-spend attacks | ZDNet
I Gave a Bounty Hunter $300. Then He Located Our Phone - Motherboard
EU to fund bug bounty programs for 14 open source projects starting January 2019 | ZDNet
Hackers hijack thousands of Chromecasts to warn of latest security bug | TechCrunch
Hackers steal personal info of 1,000 North Korean defectors | ZDNet
Modchips - Trammell Hudson's Projects
Hacking Group Decrypts Cache of Insurance Files Related to 9/11 Attacks - Motherboard
Hackers Make a Fake Hand to Beat Vein Authentication - Motherboard
You Can Now Get $1 Million for Hacking WhatsApp and iMessage - Motherboard
Alan Feuer on Twitter: "In February 2010, an undercover FBI agent met with the target of a sensitive investigation: Christian Rodriguez, an IT specialist who had recently developed a remarkable product: an encrypted communication network for the Mexican drug lord El Chapo and his Colombian partners."
Encrypted Messaging App Signal Says It Won’t Comply With Australia’s New Backdoor Bill - Motherboard
Louis Theroux among those hit by Twitter hack exposing security flaw | Technology | The Guardian
NSA to release a free reverse engineering tool | ZDNet
Open-source tool aims to curb BGP hijacking amid Chinese espionage concerns
ARTEMIS — neutralizing BGP hijacking within a minute | APNIC Blog
New hardware-agnostic side-channel attack works against Windows and Linux | ZDNet
Презентация PowerPoint
CVE-2019-0547 | Windows DHCP Client Remote Code Execution Vulnerability
Jan 09, 2019
Risky Biz Soap Box: From 2 billion events to 350 alerts with Respond Software

Soap Box is the podcast series we do here at Risky.Biz where we have detailed discussions with vendors about all sorts of stuff – sometimes it’s about their products, other times it’s about the landscape as they see it, other times it’s about research they’ve done that they want to promote. Soap Box is a wholly sponsored podcast series – just so you know – so everyone you hear on it, paid to be on it.

And this Soap Box edition is brought to you by Respond Software. We’ll be joined by Respond Software’s co-founder and CEO, Mike Armistead to talk about Respond’s tech. Mike has an interesting history in infosec… he actually co-founded Fortify, the software security firm, before winding up at HPE as the VP and General Manager for Arcsight, the poor fella. But he’s free now! Freeeeeee! And he’s co-founded the venture we’re talking about today.

So, what’s the idea behind Respond Software? Well, to break it down into really simple terms the whole idea is to take all the zillions of events your existing security kit flags and distill them down into meaningful alerts. To put this into context, Mike says that during the 30 days in the lead up to the interview we recorded, his customers fed two billion events into their Respond Software gear. Of those two billion events, Respond deemed 7 million of them worthy of escalation, and from there determined 45,000 were malicious, but then… and this is the cool part, this only resulted in 350 incidents raised by the Respond platform. From 2 billion to 350.

So it’s a great idea – tune out the crap and look at meaningful correlations. Automate the decision making around what’s serious and what’s not. You’ve got all this gear, maybe you’ve got something aggregating it, but what’s applying decision logic to it?

Mike sent me a list of software Respond currently supports: all manner of IDSes, AV and EDR suites and then other stuff that gives their software the context it needs to make better decisions, like active directory, Nessus, Qualys, Splunk, QRadar… whatever! The idea is, plug ALL your over-alerting crap into Respond Software’s gear and it’ll do a good enough job of correlating events that you’ll only have to deal with what’s real. Well, that’s the pitch. Mike Armistead joined me to to flesh it out a bit more.

Dec 14, 2018
Risky Business #524 -- Huawei CFO arrested, US Government dumps on Equifax

This is the last weekly Risky Business podcast for 2018. We’ll be posting a Soap Box edition early next week then going on break until January 9.

In this week’s show Adam Boileau and Patrick Gray discuss the week’s security news:

  • Huawei’s CFO arrested over sanctions violations
  • BT in the UK removes Huawei equipment from 4G network
  • Australia passes controversial surveillance law
  • US House Oversight Committee blasts Equifax in scathing report
  • Bloomberg plays word-games on Super Micro story
  • MOAR

This week’s show is sponsored by Bugcrowd. In this week’s sponsor interview Bugcrowd’s CTO and founder Casey Ellis tells us why his company is launching “pay for effort” products to run alongside bounty programs.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

US, China executives grow wary about travel after Huawei arrest
Canadian court grants bail to CFO of China's Huawei | Reuters
Michael Kovrig: Canadian ex-diplomat 'held in China' - BBC News
BT removing Huawei equipment from parts of 4G network | Technology | The Guardian
China's cyber-espionage against U.S. is 'more audacious,' NSA official says amid Huawei flap
China spied on African Union headquarters for five years — Quartz Africa
House panel: Equifax breach was ‘entirely preventable’
Committee Releases Report Revealing New Information on Equifax Data Breach - United States House Committee on Oversight and Government Reform
Experian Exposes Apparent Customer Data in Training Manuals - Motherboard
NotPetya leads to unprecedented insurance coverage dispute
Over 40,000 credentials for government portals found online | ZDNet
What's actually in Australia's encryption laws? Everything you need to know | ZDNet
Australia's encryption laws will fall foul of differing definitions | ZDNet
Australia Just Became The Testing Ground For Breaking Into Encryption
Matthew Green on Twitter: "GCHQ has proposal to surveill encrypted messaging and phone calls. The idea is to use weaknesses in the “identity system” to create a surveillance backdoor. This is a bad idea for so many reasons. Thread. 1/ https://t.co/rnmo0eOWus"
Melbourne terror attack plot suspects arrested in police raids over mass shooting fears - ABC News (Australian Broadcasting Corporation)
Why Scott Morrison is right on encryption but wrong on Muslims
Super Micro Says Third-Party Test Found No Malicious Hardware - Bloomberg
Someone Defaced Linux.org Website With ‘Goatse’ And Anti-Diversity Tirade - Motherboard
Nearly 250 Pages of Devastating Internal Facebook Documents Posted Online By UK Parliament - Motherboard
Internal Documents Show Facebook Has Never Deserved Our Trust or Our Data - Motherboard
Google+ Exposed Data of 52.5 Million Users and Will Shut Down in April | WIRED
Iranians indicted in Atlanta city government ransomware attack | Ars Technica
Report: FBI opens criminal investigation into net neutrality comment fraud | Ars Technica
Police arrest hacker behind WeChat ransomware attack - CGTN
A bug in Microsoft’s login system made it easy to hijack anyone’s Office account | TechCrunch
For the fourth month in a row, Microsoft patches Windows zero-day used in the wild | ZDNet
Hackers ramp up attacks on mining rigs before Ethereum price crashes into the gutter | ZDNet
OpSec mistake brings down network of Dark Web money counterfeiter | ZDNet
Google CEO Says No Plan to ‘Launch’ Censored Search Engine in China - Motherboard
Marriott to reimburse some guests for new passports after massive data breach | ZDNet
Eastern European banks lose tens of millions of dollars in Hollywood-style hacks | ZDNet
Industrial espionage fears arise over Chrome extension caught stealing browsing history | ZDNet
Hacker Fantastic on Twitter: ""open-source is more secure than closed-source because you can view the source code" ... GNU inetutils <= 1.9.4 telnet.c multiple overflows https://t.co/O88psTlS1X"
Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret - The New York Times
APPSEC CALIFORNIA 2019 - OWASP AppSec California 2019
Next Gen Pen Testing
Dec 12, 2018
Snake Oilers 8 part 2: Forticode's Cipherise, device features from Exabeam and SentinelOne on "active EDR"

Snake Oilers is the podcast where we get a bunch of vendors together to pitch their stuff – they all pay to participate, just so you know – and today we’re going to hear three pitches from tech companies: one from Forticode, one from Exabeam and one from SentinelOne.

That’s right, we talk to vendors to get their best pitches so you don’t have to!

Forticode joins us to pitch its Cipherise platform – applied PKI wrapped into a slick mobile platform that helps large organisations authenticate their users, and helps their users authenticate them.

Exabeam will be talking about how they’re doing more device analytics in their SIEM platform and SentinelOne will be talking about how they differentiate themselves in the highly competitive EDR space.

Links to all of these companies are below.

Dec 10, 2018
Risky Business #523 -- So many breaches

This week’s show features Patrick Gray and Adam Boileau discussing the week’s security news, including:

  • The Marriott, Quora, Dell and Sky Brazil data breaches
  • Kashoggi associate to sue NSO Group
  • Australia’s AA Bill set to pass
  • NZ give Huawei the boot
  • AutoCAD malware targets key verticals
  • Republicans’ 2018 campaign hacked
  • Czech government blames Russia for intrusions into key systems
  • Horror-show bug in Kubernetes

This week’s show is brought to you by Duo Security, big thanks to Duo for that! In this week’s sponsor interview we’ll be chatting with Duo Security’s very own Dave Lewis about some Beyond Corp stuff. Beyond Corp is the enterprise computing model of the future and Dave will be along after this week’s news to talk about some of its finer points.

Links to everything that we discussed are below. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Marriott: Data on 500 Million Guests Stolen in 4-Year Breach — Krebs on Security
Marriott sued hours after announcing data breach | ZDNet
Quora Announces Data Breach of 100 Million Users - Motherboard
Dell announces security breach | ZDNet
Sky Brasil exposes data of 32 million subscribers | ZDNet
Israeli Software Helped Saudis Spy on Khashoggi, Lawsuit Says - The New York Times
Police, spies gain powers to access encrypted messages after political deal struck
GCHQ’s not-so-smart idea to spy on encrypted messaging apps is branded ‘absolute madness’ | TechCrunch
Principles for a More Informed Exceptional Access Debate - Lawfare
Defence department exposed by Chinese hackers
'Watering hole' attacks: How China's hackers went after think tanks and universities
Huawei banned from New Zealand's 5G mobile network over security concerns - ABC News (Australian Broadcasting Corporation)
UK and Germany grow wary of Huawei as US turns up pressure | Financial Times
New industrial espionage campaign leverages AutoCAD-based malware | ZDNet
House Republican campaign arm hacked during 2018 election
Czech Republic blames Russia for multiple government network hacks | ZDNet
Magecart Group Ups Ante: Now Goes After Admin Credentials | Threatpost | The first stop for security news
FBI dismantles gigantic ad fraud scheme operating across over one million IPs | ZDNet
After Microsoft complaints, Indian police arrest tech support scammers at 26 call centers | ZDNet
"WeChat Payment" ransomware makers are locked in transmission, harm and epidemic ultimate decryption
​Kubernetes' first major security hole discovered | ZDNet
Researchers discover SplitSpectre, a new Spectre-like CPU attack | ZDNet
Hackers are opening SMB ports on routers so they can infect PCs with NSA malware | ZDNet
Microsoft warns about two apps that installed root certificates then leaked the private keys | ZDNet
Project Zero: Adventures in Video Conferencing Part 1: The Wild World of WebRTC
Cyber attack victims face disputes with insurers | Financial Times
unprivileged users with UID > INT_MAX can successfully execute any systemctl command (#74) · Issues · polkit / polkit · GitLab
Dec 05, 2018