Risky Business #535 -- Stop giving Cloudflare money

Special news guest Alex Stamos joins the show...
20 Mar 2019 » Risky Business

In this week’s show Patrick Gray and Alex Stamos discuss the week’s news, as well as discussing the rise of white supremacist communities and propaganda on the Internet and what can be done about it.


  • Norsk Hydro ransomwared
  • Huawei ban gets more and more political
  • APT40 hitting USA hard
  • Cyber Command’s Euro road-trip
  • Kremlin interference in EU elections extremely likely
  • US Senators seek information on breaches targeting them
  • Cloudflare won’t pull service from 8chan in wake of NZ attack
  • Beto O’Rourke was cDc member
  • New Mirari variant
  • 150 million Android devices hosed by new malware
  • Much, much more

This week’s show is brought to you by Chronicle Security! We’ll be joined by Chronicle co-founders Shapor Naghibzadeh and Mike Wiacek. They had a tremendously successful launch at RSA and they’re going to pop in to tell us about some near future plans they have for their Backstory product.

Links to everything are below, and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes

Norsk Hydro Ransomware Attack Is `Severe' But All Too Common - Bloomberg
Antivirus scan for c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15 at 2019-03-19 12:37:54 UTC - VirusTotal
When Facebook Goes Down, Don't Blame Hackers | WIRED
U.S. Campaign to Ban Huawei Overseas Stumbles as Allies Resist - The New York Times
Navy, Industry Partners Are ‘Under Cyber Siege’ by Chinese Hackers, Review Asserts - WSJ
Tim Watts MP on Twitter: "In a rambling and incoherent Op-Ed today, Barnaby Joyce, our former Deputy Prime Minister make a unilateral attribution of the recent incursions into Australia’s Parliamentry IT systems. The Morrison govt has not publicly attributed these incursions. https://t.co/lvaM0mjPnS… https://t.co/btgLqCdFBo"
March for something that’s truly under threat: Western democracy
Cyber Command’s midterm election work included trips to Ukraine, Montenegro, and North Macedonia
Kremlin interference in EU vote is likely, says Estonian spy agency
Report: Tech Company In Steele Dossier May Have Been Used To Support DNC Hack
US senators want to know how many times they've been hacked | ZDNet
After The New Zealand Terror Attack, Here’s Why 8chan Won’t Be Wiped From The Web
How Right-Wing Social Media Site Gab Got Back Online | WIRED
Parliament TV and Radio - New Zealand Parliament
Facebook trolls and scammers from Kosovo are manipulating Australian users - ABC News (Australian Broadcasting Corporation)
Optus, Telstra, Vodafone Block 8chan, 4chan For Christc... | 10 daily
Dutton Wants To Rehash The Video Game Violence Debate After The NZ Attack
Facebook failed to block 20% of uploaded New Zealand shooter videos | TechCrunch
Beto O’Rourke’s secret membership in America’s oldest hacking group
'Make money work for me': Sydney man charged with stealing $100,000 via phone porting
A huge trove of medical records and prescriptions found exposed | TechCrunch
New Mirai malware variant targets signage TVs and presentation systems | ZDNet
Microsoft releases Application Guard extension for Chrome and Firefox | ZDNet
North Korean diplomats in Spain: CIA implicated in attack on North Korean embassy in Madrid | In English | EL PAÍS
Dissidents behind raid on N.Korea Madrid embassy: US paper - The Local
Almost 150 million users impacted by new SimBad Android adware | ZDNet
Most Android Antivirus Apps Are Garbage | WIRED
Nasty WinRAR bug is being actively exploited to install hard-to-detect malware | Ars Technica
Proof-of-concept code published for Windows 7 zero-day | ZDNet
Malicious Counter-Strike 1.6 servers used zero-days to infect users with malware | ZDNet
“Yelp, but for MAGA” turns red over security disclosure, threatens researcher | Ars Technica
Local privilege escalation via the Windows I/O Manager: a variant finding collaboration – Security Research & Defense
iblue on Twitter: "So, that's CVE-2019-5418. Accept: ../../../../../../../../../etc/passwd (And we might see more fun involving the PathResolver in the future :))… https://t.co/JT2hxnCaM4"
CVE‌-2019-7644: How Does this Happen?
Chronicle Security - Careers