Risky Business #563 -- Phineas Phisher returns

Purported activist goes "full Robin Hood," will pay bounties for righteous hacks...
21 Nov 2019 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Phineas Phisher returns, claims credit for Cayman bank hack and offers bounties for activist hijinks
  • Microsoft cautiously backs DoH
  • Huawei granted another 90-day stay of execution in US market
  • Iranian APT crew targeting ICS supply chain
  • Alexei Burkov extradition complete, appears in US court
  • Some very funny stuff is happening to GPS in the Shanghai area
  • Louisiana government ransomwared, emerges relatively unscathed
  • Official Monero binaries trojaned. Lol.
  • Much, much more!

This week’s show is brought to you by Senetas. Rob Linton from Senetas joins the show this week to talk about its O365 integration for its SureDrop product, a new feature that will be of interest to many Risky Business listeners.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies - VICE
Offshore Bank Targeted By Phineas Fisher Confirms it Was Hacked - VICE
Microsoft says yes to future encrypted DNS requests in Windows | Ars Technica
Exclusive: U.S. manufacturing group hacked by China as trade talks intensified - sources - Reuters
US grants Huawei new 90-day license extension
Iran’s APT33 Hackers Are Targeting Industrial Control Systems | WIRED
How Iran's Government Shut Off the Internet | WIRED
Why Were the Russians So Set Against This Hacker Being Extradited? — Krebs on Security
Russia Fails to Stop Alleged Hacker From Facing US Charges | WIRED
Ghost ships, crop circles, and soft gold: A GPS mystery in Shanghai - MIT Technology Review
Ransomware hits Louisiana state government systems | ZDNet
Ransomware Bites 400 Veterinary Hospitals — Krebs on Security
Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware' | ZDNet
Official Monero website compromised with malware that steals funds | ZDNet
Anonymous hacker gets a whopping six years in prison for some lame DDoS attacks | ZDNet
DDoS-for-Hire Boss Gets 13 Months Jail Time — Krebs on Security
US student was allegedly building a custom Gentoo Linux distro for ISIS | ZDNet
20-year-old Chicago man charged with writing code to spread ISIS propaganda
The Dark Overlord hacking suspect who's fighting extradition to the U.S. is running out of options
Citing security concerns, senators call on White House to appoint coordinator for 5G issues
Burglars Really Do Use Bluetooth Scanners to Find Laptops and Phones | WIRED
LA warns of ‘juice-jacking’ malware, but admits it has no cases | TechCrunch
Someone is using the 'Cozy Bear' moniker to scare DDoS victims into bitcoin payments
146 New Vulnerabilities All Come Preinstalled on Android Phones | WIRED
As iOS vulnerabilities emerge, a new app promises to detect hacked iPhones
GitHub launches 'Security Lab' to help secure open source ecosystem | ZDNet
Google Chrome experiment crashes browser tabs, impacts companies worldwide | ZDNet
Chrome, Edge, Safari hacked at elite Chinese hacking contest | ZDNet
Company discovered it was hacked after a server ran out of free space | ZDNet
TPM-FAIL vulnerabilities impact TPM chips in desktops, laptops, servers | ZDNet
How a turf war and a botched contract landed 2 pentesters in Iowa jail | Ars Technica
What Happens When You Remove a Police-Installed GPS Tracker | WIRED