Risky Business Podcast

December 04, 2019

Risky Business #565 -- Crypto bro takes Jong turn

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Ethereum developer Virgil Griffith charged for allegedly teaching DPRK about cryptocurrency
  • DHS/CISA government vulnerability disclosure program takes shape, looks good
  • Adobe discloses Magento Marketplace data breach
  • Fully patched Android devices targeted
  • IM-RAT takedown
  • Much, much more

This week’s sponsor interview is with Brian Robison of BlackBerry Cylance. He pops along to talk about some interesting research they’ve done on mobile malware.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #565 -- Crypto bro takes Jong turn
0:00 / 0:00

Show notes

Cryptocurrency expert arrested for giving talk to North Korea about avoiding sanctions | ZDNet

Manhattan U.S. Attorney Announces Arrest Of United States Citizen For Assisting North Korea In Evading Sanctions | USAO-SDNY | Department of Justice

Brian Klein on Twitter: "I now represent Virgil Griffith and am very pleased that today the judge found that he should be released from jail pending trial. We dispute the untested allegations in the criminal complaint, and Virgil looks forward to his day in court, when the full story can come out." / Twitter

DHS issues draft order to require vulnerability disclosure policies at civilian agencies

cyber.dhs.gov - Binding Operational Directive 20-01

New Zealand's gun buyback website 'a shopping list for criminals' | World news | The Guardian

It’s Way Too Easy to Get a .gov Domain Name — Krebs on Security

Adobe discloses security breach impacting Magento Marketplace users | ZDNet

Vulnerability in fully patched Android phones under active attack by bank thieves | Ars Technica

Trend Micro finds new mobile malware masquerading as a chat app

Authorities take down 'Imminent Monitor' RAT malware operation | ZDNet

Australian and European police shut down access to popular criminal hacking tool

SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos - VICE

Now even the FBI is warning about your smart TV’s security | TechCrunch

FBI assesses Russian apps may be counterintelligence threat

HPE tells users to patch SSDs to prevent failure after 32,768 hours of operation | ZDNet

Splunk tells users to patch ‘Y2K-style’ flaw

BlackDirect: Microsoft Azure Account Takeover | CyberArk

Hacker stole unreleased music and then tried to frame someone else | ZDNet

Microsoft: Malware, ransomware, and cryptominer detections are down in 2019 | ZDNet

Hacker’s paradise: Louisiana’s ransomware disaster far from over | Ars Technica

Mozilla removes Avast and AVG extensions from add-on portal over snooping claims | ZDNet

FBI Asked Sony for Data on User Who Allegedly Used PlayStation Network to Sell Cocaine - VICE

(14) SandboxEscaper on Twitter: "I bring dire news.. for soon I may finally have a job (at Microsoft).. I won't be dropping 0days anymore, much to my dismay. But I will be standing here on the sideline cheering on any act of 0day dropping.. for pissing off the infosec elite is a cause worth fighting for." / Twitter

Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform