Risky Business Podcast

November 21, 2018

Risky Business #521 -- Bears everywhere

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:

  • Cozy Bear is back, Fancy Bear has new tooling
  • Russian government wants DNC lawsuit thrown out
  • Cyber Command submitting samples to VirusTotal
  • Google BGP shenanigans
  • Australian/China Telecom BGP shenanigans
  • All the recent Facebook drama
  • More speculative execution bugs
  • Julian Assange likely to be charged
  • Vault7 leaker facing new charges
  • Phineas Fisher investigation abandoned
  • Bitcoin/Tether link probed by DoJ, btc in free-fall
  • MUCH MOAR

This week’s show is brought to you by Proofpoint.

Sherrod DeGrippo, Proofpoint’s director of threat research and detection is this week’s sponsor guest. Surprisingly, she tells us that ransomware via email is a dead duck.

Links to everything that we discussed are below. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #521 -- Bears everywhere
0:00 / 0:00

Show notes

Russia’s Cozy Bear comes out of hiding with post-election spear-phishing blitz | Ars Technica

Russia's Fancy Bear and Cozy Bear Hackers May Have New Phishing Tricks | WIRED

Russia wants DNC hack lawsuit thrown out, citing international conventions | ZDNet

Russian Trolls Sue Facebook, Their Old Propaganda Machine

Ukraine detects new Pterodo backdoor malware, warns of Russian cyberattack | Ars Technica

US Cyber Command starts uploading foreign APT malware to VirusTotal | ZDNet

Google goes down after major BGP mishap routes traffic through China | Ars Technica

How China diverts, then spies on Australia's internet traffic

Rob Joyce on Twitter: "I hope this latest fiasco of traffic rerouting through China is the wakeup call for all of us to get serious about addressing the massive and unacceptable vulnerability inherent in today’s BGP routing architecture. https://t.co/dSTVIOltsF"

Everything you need to know about Facebook’s latest crisis - Recode

Facebook has been accused of peddling anti-Semitic conspiracy theories - Vox

Yes, Facebook made mistakes in 2016. But we weren’t the only ones. - The Washington Post

Researchers discover seven new Meltdown and Spectre attacks | ZDNet

The US Department of Justice is reportedly preparing to indict WikiLeaks founder Julian Assange | Business Insider

Julian Assange has been charged, prosecutors reveal inadvertently in court filing

Accused 'Vault 7' leaker to face new charges

Hacking Team Hacker Phineas Fisher Has Gotten Away With It - Motherboard

Bitcoin Price Manipulated by Tether? Justice Department Probing - Bloomberg

A Browser Extension Apparently Stole The Private Facebook Messages Of At Least 81,000 Accounts | Gizmodo Australia

The Hack Millions of People Are Installing Themselves - Motherboard

Facebook patches another bug that could have allowed mass-harvesting of user data | ZDNet

Trump signs bill that creates the Cybersecurity and Infrastructure Security Agency | ZDNet

AWS rolls out new security feature to prevent accidental S3 data leaks | ZDNet

Most ATMs can be hacked in under 20 minutes | ZDNet

Deserialization issues also affect Ruby, not just Java, PHP, and .NET | ZDNet

Adobe ColdFusion servers under attack from APT group | ZDNet

VirtualBox zero-day published by disgruntled researcher | ZDNet

Office 365, Azure users are locked out after a global multi-factor authentication outage | TechCrunch

Cisco says a flaw in its Adaptive Security Appliance allows remote attacks

He Helped People Cheat at Grand Theft Auto. Then His Home Was Raided. - The New York Times

Proofpoint