Risky Business Podcast

December 11, 2019

Risky Business #566 -- Balkanisation, ransomware, comedy bugs close out the decade

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • China to ditch foreign hardware, software, from government use
  • Huawei sues FCC
  • More background on Project Raven
  • Senate hearings into encryption
  • Reddit fingers alleged RU disinfo campaign
  • “Evil Corp” hackers have lots of money, terrible taste
  • Ransomware attacks galore
  • Much, much more

This week’s sponsor interview is with Haroon Meer of Thinkst Canary. And we’re going to do the typical thing and have a look forward to what we can expect to see in security next year. But we’re going less for the big, dumb predictions and more picking the trends we expect to strengthen over the next year.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #566 -- Balkanisation, ransomware, comedy bugs close out the decade
0:00 / 0:00

Show notes

Chinese government to replace foreign hardware and software within three years | ZDNet

Russia to invest $31 million in a local Wikipedia clone | ZDNet

Huawei sues FCC for icing U.S. business, claiming a lack of evidence

Made in America

Facebook intends to implement end-to-end encryption despite DOJ pressure

U.S. senators threaten Facebook, Apple with encryption regulation - Reuters

Patrick Gray on Twitter: "So Apple has issued a DMCA takedown on a Tweet that disclosed a key that could be used to decrypt 64 bit SEP. Apple's approach to security researchers feels a little bit like this scene from Mars Attacks lately... https://t.co/rJPE5L8OP5" / Twitter

Reddit links leak of US-UK trade documents to Russian influence campaign | ZDNet

Alleged Russian Hacker Behind $100 Million Evil Corp Indicted | WIRED

BMW and Hyundai hacked by Vietnamese hackers, report claims | ZDNet

Ransomware at Colorado IT Provider Affects 100+ Dental Offices — Krebs on Security

Pensacola cyber attack: Officials not sure if personal data was exposed

Ransomware attack hits major US data center provider | ZDNet

20 VPS providers to shut down on Monday, giving customers two days to save their data | ZDNet

Keybase moves to stop onslaught of spammers on encrypted message platform | Ars Technica

Scammers dupe Chinese venture capitalists out of $1 million with the 'ultimate' BEC heist

Facebook sues Chinese malware operator for abusing its ad platform | ZDNet

Exclusive: A Facebook Employee Accepted Bribes From A Scammer To Reactivate Banned Ad Accounts

Google Chrome Will Now Warn You If Your Web Passwords Have Been Stolen

Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sells Your Web Habits.

Two malicious Python libraries caught stealing SSH and GPG keys | ZDNet

Snatch ransomware reboots PCs in Windows Safe Mode to bypass antivirus apps | ZDNet

HackerOne breach lets outside hacker read customers’ private bug reports | Ars Technica

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets | WIRED

https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt

Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter • The Register

SwiftOnSecurity on Twitter: "Me: Threat-hunting rare DNS lookups in a corporate network. Confluence: https://t.co/6GPMROKua2 https://t.co/pse4VwORiZ" / Twitter

Aristotle Tzafalias on Twitter: "Wassenaar Arrangement Dec. 2019 New entry in the Munitions List: "ML21.b.5 "Software" specially designed or modified for the conduct of military offensive cyber operations;" https://t.co/pkY1Web6Pr https://t.co/INcLWwGHGZ" / Twitter

Meeting | Hearings | United States Senate Committee on the Judiciary