Risky Business #567 -- ToTok, Iran and big-game ransomware galore

We're back for season 14 of Risky Business!
08 Jan 2020 » Risky Business

In this week’s show Patrick Gray and Alex Stamos discuss all the week’s news, including:

  • Will Iran cyber all the cybers?
  • ToTok chat app alleged to be UAE spy tool
  • China makes moves on own OS
  • Big game ransomware hits crisis levels
  • WSJ carries water for NSO Group
  • Much, much more

This week’s show is brought to you Bugcrowd. We’ll be hearing from Bugcrowd’s Casey Ellis in this week’s sponsor interview. He’ll be talking about the US federal government’s decision to force all departments into accepting bug reports – he thinks this is a move that will have a big impact on the wider security ecosystem.

Links to everything are below!

Show notes

Homeland Security warns businesses to brace for Iranian cyberattacks | TechCrunch
After U.S. kills Iranian general, analysts warn of Tehran’s ability to retaliate in cyberspace
Unpatched US government website gets pwned by pro-Iran script kiddie | Ars Technica
Iranian Hackers Claim Defacement of Texas Government and Alabama Veterans Websites - VICE
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool. - The New York Times
Google Reinstates Reported UAE Surveillance App ToTok - VICE
U.S. Army bans TikTok amid ongoing scrutiny of Chinese-made video app
Two of China's largest tech firms are uniting to create a new 'domestic OS' | ZDNet
Police Tracked a Terror Suspect—Until His Phone Went Dark After a Facebook Warning - WSJ
US Coast Guard discloses Ryuk ransomware infection at maritime facility | ZDNet
Frankfurt shuts down IT network following Emotet infection | ZDNet
Sodinokibi ransomware plagues Travelex currency exchange as investigation continues
Company shuts down because of ransomware, leaves 300 without jobs just before holidays | ZDNet
Maze ransomware was behind Pensacola “cyber event,” Florida officials say | Ars Technica
FBI warns U.S. companies about Maze ransomware, appeals for victim data - CyberScoop
Another ransomware strain is now stealing data before encrypting it | ZDNet
New Orleans hit by ransomware, city employees told to turn off computers | ZDNet
Pensacola confirms ransomware attack but provides few details | Ars Technica
Ransomware at IT Services Provider Synoptek — Krebs on Security
Arkansas telemarketing firm blames ransomware for sudden holiday closure - CyberScoop
Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up — Krebs on Security
Hackensack Meridian Health pays attackers to thwart ransomware incident - CyberScoop
Big Game Ransomware being delivered to organisations via Pulse Secure VPN
The Hidden Cost of Ransomware: Wholesale Password Theft — Krebs on Security
Hackers steal data for 15 million patients, then sell it back to lab that lost it | Ars Technica
Apple sues security vendor for DMCA violations - The Verge
Apple opens public bug bounty program, publishes official rules | ZDNet
Not so IDLE hands: FBI program offers companies data protection via deception | Ars Technica
A Twitter app bug was used to match 17 million phone numbers to user accounts | TechCrunch
Chinese hacker group caught bypassing 2FA | ZDNet
Critical flaw in Citrix applications could allow unauthorized access to internal networks
Hacker who blackmailed Apple in 2017 gets no prison time | ZDNet
Member of 'The Dark Overlord' hacking group extradited to the US | ZDNet
Rambler will drop NGINX criminal case | ZDNet
How Hackers Are Breaking Into Ring Cameras - VICE
Over 1,500 Ring passwords have been found on the dark web | TechCrunch
We Tested Ring’s Security. It’s Awful - VICE
Creditors Seek to Exhume the Body of a Dead Crypto Executive | WIRED
Lithuanian scammer gets 5 years for defrauding Google, Facebook of $120 million
Web Cache Deception attacks still impact websites with 'substantial user populations' | ZDNet
iPhones and iPads finally get key-based protection against account takeovers | Ars Technica
Mozilla to force all add-on devs to use 2FA to prevent supply-chain attacks | ZDNet
Npm team warns of new 'binary planting' bug | ZDNet
Only 9.27% of all npm developers use 2FA | ZDNet
Half of the websites using WebAssembly use it for malicious purposes | ZDNet
U.S. Launches Fresh Assault On Apple’s ‘Warrant-Proof Encryption’
The Great $50M African IP Address Heist — Krebs on Security
'Shattered': Inside the secret battle to save America's undercover spies in the digital age