Risky Business #565 -- Crypto bro takes Jong turn

PLUS: CISA's vuln reporting policy takes shape...
04 Dec 2019 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Ethereum developer Virgil Griffith charged for allegedly teaching DPRK about cryptocurrency
  • DHS/CISA government vulnerability disclosure program takes shape, looks good
  • Adobe discloses Magento Marketplace data breach
  • Fully patched Android devices targeted
  • IM-RAT takedown
  • Much, much more

This week’s sponsor interview is with Brian Robison of BlackBerry Cylance. He pops along to talk about some interesting research they’ve done on mobile malware.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Cryptocurrency expert arrested for giving talk to North Korea about avoiding sanctions | ZDNet
Manhattan U.S. Attorney Announces Arrest Of United States Citizen For Assisting North Korea In Evading Sanctions | USAO-SDNY | Department of Justice
Brian Klein on Twitter: "I now represent Virgil Griffith and am very pleased that today the judge found that he should be released from jail pending trial. We dispute the untested allegations in the criminal complaint, and Virgil looks forward to his day in court, when the full story can come out." / Twitter
DHS issues draft order to require vulnerability disclosure policies at civilian agencies
cyber.dhs.gov - Binding Operational Directive 20-01
New Zealand's gun buyback website 'a shopping list for criminals' | World news | The Guardian
It’s Way Too Easy to Get a .gov Domain Name — Krebs on Security
Adobe discloses security breach impacting Magento Marketplace users | ZDNet
Vulnerability in fully patched Android phones under active attack by bank thieves | Ars Technica
Trend Micro finds new mobile malware masquerading as a chat app
Authorities take down 'Imminent Monitor' RAT malware operation | ZDNet
Australian and European police shut down access to popular criminal hacking tool
SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos - VICE
Now even the FBI is warning about your smart TV’s security | TechCrunch
FBI assesses Russian apps may be counterintelligence threat
HPE tells users to patch SSDs to prevent failure after 32,768 hours of operation | ZDNet
Splunk tells users to patch ‘Y2K-style’ flaw
BlackDirect: Microsoft Azure Account Takeover | CyberArk
Hacker stole unreleased music and then tried to frame someone else | ZDNet
Microsoft: Malware, ransomware, and cryptominer detections are down in 2019 | ZDNet
Hacker’s paradise: Louisiana’s ransomware disaster far from over | Ars Technica
Mozilla removes Avast and AVG extensions from add-on portal over snooping claims | ZDNet
FBI Asked Sony for Data on User Who Allegedly Used PlayStation Network to Sell Cocaine - VICE
(14) SandboxEscaper on Twitter: "I bring dire news.. for soon I may finally have a job (at Microsoft).. I won't be dropping 0days anymore, much to my dismay. But I will be standing here on the sideline cheering on any act of 0day dropping.. for pissing off the infosec elite is a cause worth fighting for." / Twitter
Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform