Risky Business #566 -- Balkanisation, ransomware, comedy bugs close out the decade

PLUS: Haroon Meer looks to 2020...
11 Dec 2019 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • China to ditch foreign hardware, software, from government use
  • Huawei sues FCC
  • More background on Project Raven
  • Senate hearings into encryption
  • Reddit fingers alleged RU disinfo campaign
  • “Evil Corp” hackers have lots of money, terrible taste
  • Ransomware attacks galore
  • Much, much more

This week’s sponsor interview is with Haroon Meer of Thinkst Canary. And we’re going to do the typical thing and have a look forward to what we can expect to see in security next year. But we’re going less for the big, dumb predictions and more picking the trends we expect to strengthen over the next year.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Chinese government to replace foreign hardware and software within three years | ZDNet
Russia to invest $31 million in a local Wikipedia clone | ZDNet
Huawei sues FCC for icing U.S. business, claiming a lack of evidence
Made in America
Facebook intends to implement end-to-end encryption despite DOJ pressure
U.S. senators threaten Facebook, Apple with encryption regulation - Reuters
Patrick Gray on Twitter: "So Apple has issued a DMCA takedown on a Tweet that disclosed a key that could be used to decrypt 64 bit SEP. Apple's approach to security researchers feels a little bit like this scene from Mars Attacks lately... https://t.co/rJPE5L8OP5" / Twitter
Reddit links leak of US-UK trade documents to Russian influence campaign | ZDNet
Alleged Russian Hacker Behind $100 Million Evil Corp Indicted | WIRED
BMW and Hyundai hacked by Vietnamese hackers, report claims | ZDNet
Ransomware at Colorado IT Provider Affects 100+ Dental Offices — Krebs on Security
Pensacola cyber attack: Officials not sure if personal data was exposed
Ransomware attack hits major US data center provider | ZDNet
20 VPS providers to shut down on Monday, giving customers two days to save their data | ZDNet
Keybase moves to stop onslaught of spammers on encrypted message platform | Ars Technica
Scammers dupe Chinese venture capitalists out of $1 million with the 'ultimate' BEC heist
Facebook sues Chinese malware operator for abusing its ad platform | ZDNet
Exclusive: A Facebook Employee Accepted Bribes From A Scammer To Reactivate Banned Ad Accounts
Google Chrome Will Now Warn You If Your Web Passwords Have Been Stolen
Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sells Your Web Habits.
Two malicious Python libraries caught stealing SSH and GPG keys | ZDNet
Snatch ransomware reboots PCs in Windows Safe Mode to bypass antivirus apps | ZDNet
HackerOne breach lets outside hacker read customers’ private bug reports | Ars Technica
Hackers Can Mess With Voltages to Steal Intel Chips' Secrets | WIRED
Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter • The Register
SwiftOnSecurity on Twitter: "Me: Threat-hunting rare DNS lookups in a corporate network. Confluence: https://t.co/6GPMROKua2 https://t.co/pse4VwORiZ" / Twitter
Aristotle Tzafalias on Twitter: "Wassenaar Arrangement Dec. 2019 New entry in the Munitions List: "ML21.b.5 "Software" specially designed or modified for the conduct of military offensive cyber operations;" https://t.co/pkY1Web6Pr https://t.co/INcLWwGHGZ" / Twitter
Meeting | Hearings | United States Senate Committee on the Judiciary