Risky Business Podcast

January 22, 2019

Risky Business #527 -- Featuring Alex Stamos, The Grugq, Susan Hennessey, Brian Krebs, Kelly Shortridge and Bobby Chesney

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

Alex Stamos co-hosts this week’s episode. Topics discussed include:

  • DNC says Russia tried to own its servers in November 2018
  • South Korean Defence Ministry owned
  • Lazarus Group busy in Chile
  • West African banks suffer multiple intrusions
  • Michael Cohen admits rigging online poll for Trump
  • Nine charged over SEC hack
  • More USG SSL certificates due to expire
  • apt-get remote root RCE
  • Don’t use your Garmin to scope your murder escape route
  • Big plot twist in viral video outrage

This week’s show is brought to you by Duo Security, which I guess is now Cisco Duo Security. Wendy Nather - Duo’s head of advisory CISOs - will be along in this week’s sponsor interview to talk about a topic near and dear to my heart: victim shaming. That’s a good one so please do stick around for that.

Links to everything that we discussed are below and you can follow Patrick or Alex on Twitter if that’s your thing.

Risky Business #527 -- Featuring Alex Stamos, The Grugq, Susan Hennessey, Brian Krebs, Kelly Shortridge and Bobby Chesney
0:00 / 0:00

Show notes

DNC says Russia tried to hack its servers again in November 2018 | ZDNet

Hackers breach and steal data from South Korea's Defense Ministry | ZDNet

North Korean hackers infiltrate Chile's ATM network after Skype job interview | ZDNet

West African banks hit by multiple hacking waves last year | ZDNet

Michael Cohen says Trump directed him to pay for poll rigging - CNNPolitics

Nine defendants charged in SEC hacking scheme that netted $4.1 million | Ars Technica

773M Password ‘Megabreach’ is Years Old — Krebs on Security

Advertising network compromised to deliver credit card stealing code | ZDNet

Major Security Breach Discovered Affecting Nearly Half of All Airline Travelers Worldwide | Safety Detective

These are all the federal HTTPS websites that’ll expire soon because of the US government shutdown | TechCrunch

The Hacker News on Twitter: "We all love your media player, but that’s really rude #VLC 🙄 VLC developers refused to consider #software "update-over-HTTP" as a threat. Responded→ “no threat model. no proof. no #security bug" It wouldn't hurt if you simply consider the suggestion. https://t.co/GWhE1US5Ko… https://t.co/7ja6wM4Ube"

Remote Code Execution in apt/apt-get

Hitman Runner Mark Fellows Convicted of Mob Murder on GPS Watch Data

HN Front Page on Twitter: "FBI arrests PureVPN user with log data that was said to not exist L: https://t.co/bnY0CPyidf C: https://t.co/M1uhBVTRVC"

Lin Affidavit

Huawei founder says company would not share user secrets | The Sacramento Bee

Opinion | If 5G Is So Important, Why Isn’t It Secure? - The New York Times

Facebook’s Sputnik Takedown — In Depth – DFRLab – Medium

Covington students, Nathan Phillips viral video: Twitter suspends account that helped ignite controversy - CNN

Russia tries to force Facebook and Twitter to relocate servers to Russia | Ars Technica

Forget Bitcoin: Why Criminals are Using Fortnite to Launder Illicit Funds

Fortnite security issue would have granted hackers access to accounts | ZDNet

VC funding of cybersecurity companies hits record $5.3B in 2018 | TechCrunch