Risky Business #556 -- US Treasury targets DPRK crews, more details on Ukraine power hack

Another big week of security news....
18 Sep 2019 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • US Treasury targets DPRK APT crews
  • Russia owned FBI counter surveillance team radio comms
  • New details on 2016 attack against Ukraine power grid
  • US Government to sue Edward Snowden for memoir profits
  • Did RCMP intelligence director tip Phantom Secure on investigation?
  • Much, much more!

This week’s sponsor interview is with Casey Ellis of Bugcrowd. It’s an interesting chat with Casey this week. He was at the Billington cyber conference a couple of weeks ago and he had a bunch of interesting discussions there with people in the aerospace sector.

Between recent Black Hat presentations on 787 security and the trouble Boeing has had with it’s 737-MAX, software security and resiliency is all of a sudden on the agenda in aerospace. Casey drops by to talk about all of that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

US Treasury sanctions three North Korean hacking groups | ZDNet
Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups | U.S. Department of the Treasury
North Korean hackers target U.S. entities amid stalled denuclearization talks
Exclusive: Russia carried out a 'stunning' breach of FBI communications system, escalating the spy game on U.S. soil
New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction | WIRED
Exclusive: Australia concluded China was behind hack on parliament, political parties – sources    - Reuters
US sues Edward Snowden over new book | ZDNet
Investigation into senior RCMP official stemmed from disruption of encrypted phone service: sources - National | Globalnews.ca
Israeli police arrest execs from vendor of mobile surveillance tech | ZDNet
Infamous surveillance tech vendor makes pledge to follow UN human rights policy | ZDNet
This Company Built a Private Surveillance Network. We Tracked Someone With It - VICE
Simjacker attack exploited in the wild to track users for at least two years | ZDNet
A Password-Exposing Bug Was Purged From LastPass | WIRED
The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite | WIRED
Database leaks data on most of Ecuador's citizens, including 6.7 million children | ZDNet
Arrest made in Ecuador's massive data breach | ZDNet
Data of 24.3 million Lumin PDF users shared on hacking forum | ZDNet
Hacked government contractor shares breach details as investigation continues
FIN7's IT admin pleads guilty for role in billion-dollar cybercrime crew
Google discloses vulnerability in Chrome OS 'built-in security key' feature | ZDNet
Sophos open-sources Sandboxie, a utility for sandboxing any application | ZDNet
Chrome 77 released with no EV indicators, contact picker, permanent Guest Mode | ZDNet
Most Android flashlight apps request an absurd number of permissions | ZDNet
Cloudflare may have provided service to terrorists, drug traffickers in violation of U.S. sanctions
NY Payroll Company Vanishes With $35 Million — Krebs on Security
2 charged say they were hired to break into Dallas County courthouse