Risky Business Podcast

July 31, 2019

Risky Business #550 -- CapitalOne owned, Hutchins sentenced, VxWorks horror-show and more!

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

Adam Boileau is along this week to discuss the week’s security news. We cover:

  • Deep dive on the CapitalOne breach
  • Marcus Hutchins sentenced to time served
  • Telegram voicemail bug leads to political crisis in Brazil
  • Ransomware leaves South Africans without electricity
  • Much, much more

Wolfgang Goerlich is this week’s sponsor guest. He’s an advisory CISO with Duo Security and will be along after this week’s news segment to walk us through Duo’s Trusted Access Report. They’ve got some interesting telemetry to share with us.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #550 -- CapitalOne owned, Hutchins sentenced, VxWorks horror-show and more!
0:00 / 0:00

Show notes

Capital One Data Theft Impacts 106M People — Krebs on Security

A Hacker Stole Data From 100 Million Capital One Customers | WIRED

Paige Thompson allegedly bragged on Slack, Github about hacking Capital One

DOJ Says Capital One Mega Breach Suspect Could Face More Charges—Did She Hack Multiple Companies?

Demand for cyber insurance grows as volatility scares off some providers

How to Get Your Equifax Settlement Money | WIRED

Hackers used password spraying to breach Citrix, investigation confirms

Marcus 'MalwareTech' Hutchins gets no prison time, one year supervised release | ZDNet

Telegram voicemail hack used against Brazil's president, ministers | ZDNet

Telegram rolls out fix for voicemail hack used against Brazilian politicians | ZDNet

'This isn't IAD 2.0': NSA's new Cybersecurity Directorate plots its mission

APT-doxing group exposes APT17 as Jinan bureau of China's Security Ministry | ZDNet

Advanced mobile surveillanceware, made in Russia, found in the wild | Ars Technica

Christo Grozev on Twitter: "A major phishing campaign on @ProtonMail against researchers/journalists investigating Russia|n topics. Emails impersonate @ProtonMail and alert you that your "keys have been exported". Brazenly, they've registered a Swiss .ch clone domain (https://t.co/Q0fhT6brv1)." / Twitter

Ransomware incident leaves some Johannesburg residents without electricity | ZDNet

Louisiana governor declares state emergency after local ransomware outbreak | ZDNet

Cybersecurity officials warn state and local agencies (again) to fend off ransomware | Ars Technica

US Govt, NGOs Ask Cyber Community to Boost Ransomware Defenses

Ransomware infection takes some police car laptops offline in Georgia | ZDNet

US files lawsuit against Bitcoin exchange that helped launder ransomware profits | ZDNet

City of Baltimore FAQ | Mayor Bernard C. "Jack" Young

Facebook's Ex-Security Chief Details His 'Observatory' for Internet Abuse | WIRED

A VxWorks Operating System Bug Exposes 200 Million Critical Devices | WIRED

Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices | ZDNet

Google researchers disclose vulnerabilities for 'interactionless' iOS attacks | ZDNet

Keep Calm, Carry On. VLC Not Affected by Critical Vulnerability

DHS warns about CAN bus vulnerabilities in small aircraft | ZDNet

Cmd – Events_

Malware Sandbox Online | Free Trial

The Spy Who P3wn3d Me

The 2019 Duo Trusted Access Report: Zero-Trust Security for the Workforce | Duo Security