Risky Business #568 -- Let's Decrypt

NSA drops mad crypto bugs, GRU pokes Burisma...
16 Jan 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • NSA drops a sweet Microsoft crypto bug
  • Burisma targeted by GRU. 2016 all over again?
  • Citrix users having a bad time
  • Intrusion Truth targets APT40
  • No more BYOD for US soldiers in Middle East
  • Much, much more

We have a new sponsor in this week’s show – ExtraHop Networks. Network monitoring is dead! Long live network monitoring!

Matt Cauthorn is ExtraHop’s VP of cybersecurity engineering and he’ll join us this week to talk about recent moves by cloud providers to offer full virtual network mirror ports out of their infrastructure.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

*Credit for this week’s headline goes to @appsecbloke.

Show notes

Cryptic Rumblings Ahead of First 2020 Patch Tuesday — Krebs on Security
Microsoft fixes Windows crypto bug reported by the NSA | ZDNet
Now It's Really, Truly Time to Give Up Windows 7 | WIRED
Proof-of-concept code published for Citrix bug as attacks intensify | ZDNet
Russians Hacked Ukrainian Gas Company at Center of Impeachment - The New York Times
Russian hackers targeted Ukrainian company at center of impeachment storm: cybersecurity firm - Reuters
A Tale of Two Attributions – Stranded on Pylos
Nicole Perlroth on Twitter:
If Russia Hacked Burisma, Brace for the Leaks to Follow | WIRED
FBI says Iranian hackers have stepped up reconnaissance since Soleimani killing
Saudi cyber authority uncovers new data-wiping malware, and experts suspect Iran is behind it
New Iranian data wiper malware hits Bapco, Bahrain's national oil company | ZDNet
What is the Hainan Xiandun Technology Development Company? – Intrusion Truth
Iranian Hackers Have Been ‘Password-Spraying’ the US Grid | WIRED
Alleged Spy App ToTok Puts Apple in a Bind | WIRED
US troops deploying to the Middle East told to leave personal devices at home | ZDNet
Amnesty suit asking Israel to revoke NSO Group's license heads to court
Travelex says ransomware recovery is underway two weeks after global blackout
Boing Boing was hacked / Boing Boing
Kuwait's state news agency says hackers breached its Twitter
Hackers Are Breaking Directly Into AT&T, T-Mobile, and Sprint to Take Over Customer Phone Numbers - VICE
Academic research finds five US telcos vulnerable to SIM swapping attacks | ZDNet
You can now use an iPhone as a security key for Google accounts | ZDNet
Google plans to drop Chrome support for tracking cookies by 2022 | Ars Technica
Congressional commission mulls new private sector reporting requirements
Apple Lawsuit Against Cyber Startup Threatens ‘Dangerous’ Expansion Of Copyright Law
Equifax to pay customers $380.5 million as part of final breach settlement
Donald J. Trump on Twitter:
Tech’s Adversaries vs Enemies - Alex Stamos - Medium
Was It an Act of War? That’s Merck Cyber Attack’s $1.3 Billion Insurance Question.