Risky Business #527 -- Featuring Alex Stamos, The Grugq, Susan Hennessey, Brian Krebs, Kelly Shortridge and Bobby Chesney

Introducing the new Risky Business format...
22 Jan 2019 » Risky Business

Alex Stamos co-hosts this week’s episode. Topics discussed include:

  • DNC says Russia tried to own its servers in November 2018
  • South Korean Defence Ministry owned
  • Lazarus Group busy in Chile
  • West African banks suffer multiple intrusions
  • Michael Cohen admits rigging online poll for Trump
  • Nine charged over SEC hack
  • More USG SSL certificates due to expire
  • apt-get remote root RCE
  • Don’t use your Garmin to scope your murder escape route
  • Big plot twist in viral video outrage

This week’s show is brought to you by Duo Security, which I guess is now Cisco Duo Security. Wendy Nather - Duo’s head of advisory CISOs - will be along in this week’s sponsor interview to talk about a topic near and dear to my heart: victim shaming. That’s a good one so please do stick around for that.

Links to everything that we discussed are below and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes

DNC says Russia tried to hack its servers again in November 2018 | ZDNet
Hackers breach and steal data from South Korea's Defense Ministry | ZDNet
North Korean hackers infiltrate Chile's ATM network after Skype job interview | ZDNet
West African banks hit by multiple hacking waves last year | ZDNet
Michael Cohen says Trump directed him to pay for poll rigging - CNNPolitics
Nine defendants charged in SEC hacking scheme that netted $4.1 million | Ars Technica
773M Password ‘Megabreach’ is Years Old — Krebs on Security
Advertising network compromised to deliver credit card stealing code | ZDNet
Major Security Breach Discovered Affecting Nearly Half of All Airline Travelers Worldwide | Safety Detective
These are all the federal HTTPS websites that’ll expire soon because of the US government shutdown | TechCrunch
The Hacker News on Twitter: "We all love your media player, but that’s really rude #VLC 🙄 VLC developers refused to consider #software "update-over-HTTP" as a threat. Responded→ “no threat model. no proof. no #security bug" It wouldn't hurt if you simply consider the suggestion. https://t.co/GWhE1US5Ko… https://t.co/7ja6wM4Ube"
Remote Code Execution in apt/apt-get
Hitman Runner Mark Fellows Convicted of Mob Murder on GPS Watch Data
HN Front Page on Twitter: "FBI arrests PureVPN user with log data that was said to not exist L: https://t.co/bnY0CPyidf C: https://t.co/M1uhBVTRVC"
Lin Affidavit
Huawei founder says company would not share user secrets | The Sacramento Bee
Opinion | If 5G Is So Important, Why Isn’t It Secure? - The New York Times
Facebook’s Sputnik Takedown — In Depth – DFRLab – Medium
Covington students, Nathan Phillips viral video: Twitter suspends account that helped ignite controversy - CNN
Russia tries to force Facebook and Twitter to relocate servers to Russia | Ars Technica
Forget Bitcoin: Why Criminals are Using Fortnite to Launder Illicit Funds
Fortnite security issue would have granted hackers access to accounts | ZDNet
VC funding of cybersecurity companies hits record $5.3B in 2018 | TechCrunch