Risky Business #525 -- Back on deck for 2019!

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week’s show Adam Boileau and Patrick Gray discuss the security news of the last few weeks, including:

  • German politicians pwnt, suspect arrested
  • Possible ransomware attack affects US newspapers
  • Mass 2FA bypasses impacting Gmail users in Middle East
  • Emergency warning system in Australia popped
  • Ethereum Classic double-spend attack a sign of things to come
  • EU to fund open source bug bounties
  • Attackers steal details of 1,000 North Korean defectors
  • Doing the Bloomberg hack for real at 35C3
  • El Chapo should have used Signal
  • Much, much more…

This week’s show is brought to you by Cylance! BlackBerry announced that it’s acquiring Cylance for $1.4bn (I don’t know if that’s closed yet) which is great news for all the founders and early employees there – some of whom I know reasonably well. So congrats to team Cylance on that!

But we’re not talking about that this week. Instead, Cylance’s very own Scott Scheferman joins us to talk about the MITRE ATT&CK framework and how it’s informing their product dev. There’s some product talk in that interview but there’s also some real meat there so I let it run long. Scott says we’re close to the terrible situation where security companies are going to start using MITRE ATT&CK as a marketing tool, like “Full MITRE ATT&CK coverage!”

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #525 -- Back on deck for 2019!
0:00 / 0:00

Show notes

Arrested German hacker confesses to leaking politicians' information, report says

Before Germany’s Massive Hack, We Learned What Not to Do With Sensitive Stolen Information - Motherboard

What we still don’t know about the cyberattack on Tribune newspapers - The Washington Post

Ransomware suspected in cyberattack that crippled major US newspapers | ZDNet

How Hackers Bypass Gmail 2FA at Scale - Motherboard

Hackers target 'hundreds' of Middle East activists with fake login pages, 2FA bypass schemes

Hackers send fake emergency emails, texts, messages using warning system

Coinbase suspends Ethereum Classic (ETC) trading after double-spend attacks | ZDNet

I Gave a Bounty Hunter $300. Then He Located Our Phone - Motherboard

EU to fund bug bounty programs for 14 open source projects starting January 2019 | ZDNet

Hackers hijack thousands of Chromecasts to warn of latest security bug | TechCrunch

Hackers steal personal info of 1,000 North Korean defectors | ZDNet

Modchips - Trammell Hudson's Projects

Hacking Group Decrypts Cache of Insurance Files Related to 9/11 Attacks - Motherboard

Hackers Make a Fake Hand to Beat Vein Authentication - Motherboard

You Can Now Get $1 Million for Hacking WhatsApp and iMessage - Motherboard

Alan Feuer on Twitter: "In February 2010, an undercover FBI agent met with the target of a sensitive investigation: Christian Rodriguez, an IT specialist who had recently developed a remarkable product: an encrypted communication network for the Mexican drug lord El Chapo and his Colombian partners."

Encrypted Messaging App Signal Says It Won’t Comply With Australia’s New Backdoor Bill - Motherboard

Louis Theroux among those hit by Twitter hack exposing security flaw | Technology | The Guardian

NSA to release a free reverse engineering tool | ZDNet

Open-source tool aims to curb BGP hijacking amid Chinese espionage concerns

ARTEMIS — neutralizing BGP hijacking within a minute | APNIC Blog

New hardware-agnostic side-channel attack works against Windows and Linux | ZDNet

1901.01161.pdf

Презентация PowerPoint

CVE-2019-0547 | Windows DHCP Client Remote Code Execution Vulnerability