Risky Business #559 -- Maybe it was the Israelis hacking the Russians to masquerade as Iranians?

Hostile Turla takeover of Oilrig more extensive than previously understood...
23 Oct 2019 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Fresh details on Turla’s hostile takeover of Oilrig
  • Russians doing very interesting things with “tagged” TLS
  • China wants an aerospace sector so a lot of people got a lot of owned
  • Imperva releases breach details
  • Zendesk cops to 2016 breach
  • German manufacturer, US transport tech company sunk by ransomware
  • NordVPN gets owned
  • AVAST owned. Lots. Again.
  • Welcome to Video takedown
  • Much, much more

This week’s show is brought to you by Trail of Bits! We’ll be hearing from Trail of Bits practice lead for assurance Stefan Edwards all about their work on a recent security audit of Kubernetes. As it turns out, Kubernetes isn’t actually a horror show, but Stefan thinks you might want to run a hosted instance unless you’re a real expert.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Hacking the hackers: Russian group hijacked Iranian spying operation, officials say - Reuters
Russian hacker group patches Chrome and Firefox to fingerprint TLS traffic | ZDNet
Building China's Comac C919 airplane involved a lot of hacking, report says | ZDNet
Imperva blames data breach on stolen AWS API key | ZDNet
Zendesk discloses 2016 data breach | ZDNet
Major German manufacturer still down a week after getting hit by ransomware | ZDNet
NordVPN admits 'isolated' data breach was discovered last year
Antivirus Giant Avast Hacked By Spies Who Stole Its Passwords
How a Bitcoin Trail Led to a Massive Dark Web Child-Porn Site Takedown | WIRED
Inside the shutdown of the ‘world’s largest’ child sex abuse website | TechCrunch
Hacking 20 high-profile dev accounts could compromise half of the npm ecosystem | ZDNet
US claims cyber strike on Iran after attack on Saudi oil facility | Ars Technica
Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say
Planting Tiny Spy Chips in Hardware Can Cost as Little as $200 | WIRED
Microsoft's Secured-Core PC Feature Protects Critical Code | WIRED
White-hat hacks Muhstik ransomware gang and releases decryption keys | ZDNet
EA to give users a free month of Origin Access if they enable 2FA | ZDNet
Google finds Android zero-day impacting Pixel, Samsung, Huawei, Xiaomi devices | ZDNet
FBI warns of major ransomware attacks as criminals go “big-game hunting” | Ars Technica
Why are cyber insurers incentivizing clients to invest in specific vendors?
Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities
Trump administration looks to throttle Chinese surveillance companies’ business with U.S.
Magecart strikes more than 2 million websites as more groups get involved
Shipping giant Pitney Bowes hit by ransomware | TechCrunch
Apple Mac Hack Warning: North Korea Uses Fake Cryptocurrency Companies To Break Into macOS
Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC - VICE
Intel proposes new SAPM memory type to protect against Spectre-like attacks | ZDNet
Unpatched Linux bug may open devices to serious attacks over Wi-Fi | Ars Technica
Samsung, Google acknowledge flaws in phone-unlocking biometric tools
Rethinking Encryption - Lawfare
A million people are jailed at China's gulags. I managed to escape. Here's what really goes on inside - World News - Haaretz.com
GitHub - lojikil/kubectlfish: Slides from my OWASP AppSec Global DC 2019 talk
audit-kubernetes/reports at master · trailofbits/audit-kubernetes · GitHub
Trail of Bits