Risky Business #563 -- Phineas Phisher returns

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Phineas Phisher returns, claims credit for Cayman bank hack and offers bounties for activist hijinks
  • Microsoft cautiously backs DoH
  • Huawei granted another 90-day stay of execution in US market
  • Iranian APT crew targeting ICS supply chain
  • Alexei Burkov extradition complete, appears in US court
  • Some very funny stuff is happening to GPS in the Shanghai area
  • Louisiana government ransomwared, emerges relatively unscathed
  • Official Monero binaries trojaned. Lol.
  • Much, much more!

This week’s show is brought to you by Senetas. Rob Linton from Senetas joins the show this week to talk about its O365 integration for its SureDrop product, a new feature that will be of interest to many Risky Business listeners.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #563 -- Phineas Phisher returns
0:00 / 0:00

Show notes

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies - VICE

Offshore Bank Targeted By Phineas Fisher Confirms it Was Hacked - VICE

Microsoft says yes to future encrypted DNS requests in Windows | Ars Technica

Exclusive: U.S. manufacturing group hacked by China as trade talks intensified - sources - Reuters

US grants Huawei new 90-day license extension

Iran’s APT33 Hackers Are Targeting Industrial Control Systems | WIRED

How Iran's Government Shut Off the Internet | WIRED

Why Were the Russians So Set Against This Hacker Being Extradited? — Krebs on Security

Russia Fails to Stop Alleged Hacker From Facing US Charges | WIRED

Ghost ships, crop circles, and soft gold: A GPS mystery in Shanghai - MIT Technology Review

Ransomware hits Louisiana state government systems | ZDNet

Ransomware Bites 400 Veterinary Hospitals — Krebs on Security

Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware' | ZDNet

Official Monero website compromised with malware that steals funds | ZDNet

Anonymous hacker gets a whopping six years in prison for some lame DDoS attacks | ZDNet

DDoS-for-Hire Boss Gets 13 Months Jail Time — Krebs on Security

US student was allegedly building a custom Gentoo Linux distro for ISIS | ZDNet

20-year-old Chicago man charged with writing code to spread ISIS propaganda

The Dark Overlord hacking suspect who's fighting extradition to the U.S. is running out of options

Citing security concerns, senators call on White House to appoint coordinator for 5G issues

Burglars Really Do Use Bluetooth Scanners to Find Laptops and Phones | WIRED

LA warns of ‘juice-jacking’ malware, but admits it has no cases | TechCrunch

Someone is using the 'Cozy Bear' moniker to scare DDoS victims into bitcoin payments

146 New Vulnerabilities All Come Preinstalled on Android Phones | WIRED

As iOS vulnerabilities emerge, a new app promises to detect hacked iPhones

GitHub launches 'Security Lab' to help secure open source ecosystem | ZDNet

Google Chrome experiment crashes browser tabs, impacts companies worldwide | ZDNet

Chrome, Edge, Safari hacked at elite Chinese hacking contest | ZDNet

Company discovered it was hacked after a server ran out of free space | ZDNet

TPM-FAIL vulnerabilities impact TPM chips in desktops, laptops, servers | ZDNet

How a turf war and a botched contract landed 2 pentesters in Iowa jail | Ars Technica

What Happens When You Remove a Police-Installed GPS Tracker | WIRED

Password

SUREDROP