Risky Business #586 -- Google TAGs Indian mercenaries

PLUS: Risky Biz editor Brett Winterford joins the show to talk incident response and legal privilege...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Google TAG implicates Indian hacker-for-hire outfits in espionage
  • NSA warns of Sandworm Exim exploitation
  • Huawei CFO extradition process to continue
  • Black lives matter
  • F–k police brutality

Sandworm tapping unpatched mail servers, Capital One forced to hand over IR reports, and more...

The Risky Biz newsletter for June 2, 2020...

The NSA warns that Sandworm, one of Russia’s most formidable offensive cyber operations, has been exploiting a known flaw in the Exim mail transfer agent (MTA) in attacks for at least 10 months. Sandworm - part of Russia’s GRU intelligence unit - were fingered for NotPetya and crippling wiper attacks on Ukraine’s power grid. You don’t want these guys up in your business.

Surprise Capital One court decision spells trouble for incident response

Security incident? Prepare to be surrounded by even more lawyers than usual...

When litigants suing Capital One sought a forensic incident response report into its 2019 data breach, the bank played a reliable card: the report was commissioned by its outside law firm, and therefore subject to attorney-client privilege.

In a surprising move, this week a US District Court rejected the bank’s claim to privilege and demanded the document be handed over, in what appears to set an unsettling precedent.

Feature Podcast: Releasing the hounds with Bobby Chesney

PLUS: Mieke Eoyang talks cybercrime enforcement...

Regular listeners to the podcast would know that for the last year or so, my cohost Adam Boileau and I have been talking a lot about how governments might involve non law enforcement agencies in a response to the big game ransomware epidemic. To discuss that, we’re joined by Bobby Chesney, the co-founder of the Lawfare blog and a very highly respected figure in US national security circles.

UK changes course on Huawei

The Risky Biz newsletter for April 27, 2020...

The United Kingdom is pulling together a plan to remove Huawei from its mobile networks within the next three years, following the lead of Australia and the United States.

Risky Business #585 -- UK mulls Huawei ban, NGOs urge COVID-19 hack de-escalation

PLUS: German authorities warn of Russian infrastructure attacks...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • German intelligence warns of widespread Russian infrastructure hacks
  • NGOs urge COVID-19 hack de-escalation
  • UK mulls total Huawei ban… we think it’s a done deal
  • DHS warning on 5G “moronavirus”
  • Wen jailbreak? NOW JAILBREAK
  • iOS 14 leaks
  • Much, much more…

Wuhan lab dossier debunked

The Risky Biz newsletter for May 19, 2020...

Russia has some competition in the disinformation game. The US administration’s claim that the COVID-19 outbreak was caused by a laboratory accident was based on a report that has now been thoroughly debunked.

All roads lead to CISA to secure .gov

Chris Krebs' empire has big plans for securing the US Federal Government. He's also got some outsized expectations to manage.

The US Government has spent a decade and tens of billions trying to centralise cybersecurity capability across civilian agencies, without much success. So why now are policymakers so buzzed about CISA?

Risky Biz Soap Box: ExtraHop CTO Jesse Rothstein talks network monitoring

Spotting rogue network usage in the COVID-19 age with ExtraHop...

This isn’t the normal, weekly Risky Business podcast, Soap Box is the wholly sponsored podcast series we do here at Risky.Biz where vendors pay us money to come on to the show and talk about topics that interest them.

Today we’re speaking with Jesse Rothstein, the co-founder and CTO of ExtraHop Networks. ExtraHop is a network security play, but they started off more in the application monitoring and performance space before gradually moving into security over time.

In this interview Jesse talks about network security monitoring, ExtraHop’s history, and what people are using the ExtraHop tech to do during the COVID-19 crisis.

Risky Business #583 -- COVID-19 collection intensifies, tensions mount

PLUS: All the other security news...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • US takes aim at China over vaccine hax
  • ??? takes aim at Iranian port infrastructure over ???
  • Iran attacks Gilead pharma
  • Zoom acquires Keybase
  • Thunderbolt research discussed
  • US to drop more DPRK malware
  • Ransomware targets European hospital group
  • Australian flu vaccine distribution disrupted by ransomware
  • More!

Attacks on healthcare are crossing all the red lines

The Srsly Risky Biz Newsletter for May 12, 2020...

The ongoing march of destructive attacks on medical organisations and a frenzy of espionage interest in COVID-19 vaccine and treatment research is testing the restraint of several governments. This week’s Seriously Risky Biz newsletter and our livestream discuss the ethical and policy dilemmas this race poses.

Risky Business #582 -- Germans indict APT28 operator

PLUS: Groundhog day for Toll Group...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Salt framework 1Day wreaks havoc
  • Toll Group hit with ransomware attack. Again.
  • Germans indict APT28 operator
  • Ransomware a key word in SEC filings
  • Much, much more!

Ransomware is now officially on the board agenda

The Srsly Risky Biz Newsletter for May 5, 2020...

How’s this for a cogent data point: Catalin Cimpanu at ZDNet had the curiosity and foresight to search for the word ‘ransomware’ in recent SEC filings. Cimpanu found that over 1000 public US companies now list ransomware attacks as a forward-looking risk.

It wasn’t long ago that a company getting popped in a ransomware attack would rate a mention on the Risky Business podcast. Today, it takes a novel attack to raise an eyebrow. 

Australia’s COVID-19 app is buggy, not yet operational

The Morrison Government erred in rushing app release...

The Australian Government has placed uptake of its COVID-19 contact tracing app front and centre of its strategy to walk back lockdown measures, despite mounting evidence it isn’t fit for purpose.

On Friday, Australia’s Prime Minister Scott Morrison framed uptake of the government’s contact tracing app as one of a few remaining pre-conditions before lockdown measures would be lifted.

However, according to multiple reports, the government’s COVIDSafe app is barely functional on iOS devices, state health authorities don’t yet have access to the contact tracing data it was designed to collect and the app is interfering with some Bluetooth-based medical devices.

Snake Oilers 11 part 2: Go passwordless with Okta, why Crowdstrike customers need Airlock

PLUS: Kaseya pitches its VSA endpoint management agent...

Snake Oilers isn’t the regular Risky Business podcast, if you’re looking for that just scroll back to one of the numbered episodes in our podcast feed. Snake Oilers is the wholly sponsored podcast series we do here at Risky.Biz where vendors give us money so they can come on to the show and pitch you their sweet, sweet Snake Oil.

In this edition of snake oilers we’ll hear from:

  • David Cottingham of Airlock Digital pitches the Crowdstrike/Airlock two piece combo meal deal
  • Marc Rogers of Okta talks passwordless authentication and pitches modern SSO generally
  • John Emmitt of Kaseya pops in to pitch the VSA endpoint management agent

Risky Business #581 -- Chinese telcos under fire in USA, spy firms pitch COVID-19 surveillance

PLUS: NSO Group in hot water over US C2 IPs...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Spy companies pitch ridiculously invasive approaches to contact tracing
  • NSO Group busted running c2 boxes in USA according to WhatsApp lawsuit
  • Australian government releases contact tracing app, no idea if it works
  • Chinese telcos to get boot from USA
  • Much, much more

Chinese telcos have 30 days to prevent US expulsion

The Risky Biz newsletter for April 18, 2020...

The US Federal Communications Commission has ordered three Chinese State-owned telcos to ‘show cause’ for why it shouldn’t expunge their license to operate in the United States.

China Telecom Americas, China Unicom Americas and Pacific Networks each have 30 days to prove their operations and subsidiaries are “not subject to the influence and control of the Chinese government.” Among other demands, each must detail affiliations between directors/employees and the CCP/Chinese Government, provide network diagrams, list interconnections with other service providers, provide inventories of network equipment and hand over US subscriber information to avoid license revocation.

Deterrence in cyberspace isn't working. What next?

Lawmakers urged to use the NDAA to reshape Cyber Command

The United States is on the cusp of making far-reaching changes to how it defends its networks and projects its capabilities in cyberspace. Over the coming months, lawmakers will review the recommendations of the Cyberspace Solarium Commission - a year-long review into US cyber strategy. Will they have the nerve to push for contentious reforms, and who wins and loses in the process? Risky.Biz looks for answers in this three-part series.