Risky Business Podcast

January 16, 2020

Risky Business #568 -- Let's Decrypt

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • NSA drops a sweet Microsoft crypto bug
  • Burisma targeted by GRU. 2016 all over again?
  • Citrix users having a bad time
  • Intrusion Truth targets APT40
  • No more BYOD for US soldiers in Middle East
  • Much, much more

We have a new sponsor in this week’s show – ExtraHop Networks. Network monitoring is dead! Long live network monitoring!

Matt Cauthorn is ExtraHop’s VP of cybersecurity engineering and he’ll join us this week to talk about recent moves by cloud providers to offer full virtual network mirror ports out of their infrastructure.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

*Credit for this week’s headline goes to @appsecbloke.

Risky Business #568 -- Let's Decrypt
0:00 / 0:00

Show notes

Cryptic Rumblings Ahead of First 2020 Patch Tuesday — Krebs on Security

Microsoft fixes Windows crypto bug reported by the NSA | ZDNet

Now It's Really, Truly Time to Give Up Windows 7 | WIRED

Proof-of-concept code published for Citrix bug as attacks intensify | ZDNet

Russians Hacked Ukrainian Gas Company at Center of Impeachment - The New York Times

Russian hackers targeted Ukrainian company at center of impeachment storm: cybersecurity firm - Reuters

A Tale of Two Attributions – Stranded on Pylos

Nicole Perlroth on Twitter:

If Russia Hacked Burisma, Brace for the Leaks to Follow | WIRED

FBI says Iranian hackers have stepped up reconnaissance since Soleimani killing

Saudi cyber authority uncovers new data-wiping malware, and experts suspect Iran is behind it

New Iranian data wiper malware hits Bapco, Bahrain's national oil company | ZDNet

What is the Hainan Xiandun Technology Development Company? – Intrusion Truth

Iranian Hackers Have Been ‘Password-Spraying’ the US Grid | WIRED

Alleged Spy App ToTok Puts Apple in a Bind | WIRED

US troops deploying to the Middle East told to leave personal devices at home | ZDNet

Amnesty suit asking Israel to revoke NSO Group's license heads to court

Travelex says ransomware recovery is underway two weeks after global blackout

Boing Boing was hacked / Boing Boing

Kuwait's state news agency says hackers breached its Twitter

Hackers Are Breaking Directly Into AT&T, T-Mobile, and Sprint to Take Over Customer Phone Numbers - VICE

Academic research finds five US telcos vulnerable to SIM swapping attacks | ZDNet

You can now use an iPhone as a security key for Google accounts | ZDNet

Google plans to drop Chrome support for tracking cookies by 2022 | Ars Technica

Congressional commission mulls new private sector reporting requirements

Apple Lawsuit Against Cyber Startup Threatens ‘Dangerous’ Expansion Of Copyright Law

Equifax to pay customers $380.5 million as part of final breach settlement

Donald J. Trump on Twitter:

Tech’s Adversaries vs Enemies - Alex Stamos - Medium

Was It an Act of War? That’s Merck Cyber Attack’s $1.3 Billion Insurance Question.