Risky Business #569 -- Bezos' Saudi hack claims, Glenn Greenwald facing cybercrime charges

PLUS some more normal news....
22 Jan 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • MBS fingered in Bezos dick pic breach
  • Glenn Greenwald facing cybercrime charges over Vaza Jato Telegram leaks
  • Citrix finally patches 90s-style ADC bugs
  • IE 0day doing the rounds, no patch available
  • PoCs for 0601 drop
  • Much, much more…

This week’s show is sponsored by VMRay, a sandbox-based malware analyser. You throw a sample into it and it spits out all sorts of useful information. Rather than having one of its own staff in this week’s sponsor slot, VMRay has put forward one of its customers instead. Expel is a managed security provider, and it is making heavy use of VMRay to do malware analysis. Tyler Fornes is a Senior Detection and Response Analyst at Expel and he joined me to talk about how they’re using VMRay to actually make life easier.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Saudi crown prince implicated in hacking of Jeff Bezos’s phone | Financial Times
Amazon boss Jeff Bezos's phone 'hacked by Saudi crown prince' | Jeff Bezos | The Guardian
Outrage As Brazil Accuses Glenn Greenwald Of Hacking Crimes
US Cyber Command was not prepared to handle the amount of data it hacked from ISIS | ZDNet
U.S. says accused Vault 7 leaker tried orchestrating PR campaign from jail cell
Accused scammer Burkov to plead guilty to 'some' charges after extradition dispute
Hackers are racing to exploit a Citrix bug that the company hasn't patched yet
As attacks begin, Citrix ships patch for VPN vulnerability | Ars Technica
CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance
A hacker is patching Citrix servers to maintain exclusive access | ZDNet
Microsoft warns about Internet Explorer zero-day, but no patch yet | ZDNet
Proof-of-concept exploits published for the Microsoft-NSA crypto bug | ZDNet
Critical Windows 10 vulnerability used to Rickroll the NSA and Github | Ars Technica
LastPass is in the midst of a major outage | ZDNet
FBI seizes WeLeakInfo, a website that sold access to breached data | ZDNet
Mitsubishi Electric discloses security breach, China is main suspect | ZDNet
FBI: Nation-state actors have breached two US municipalities | ZDNet
A Georgia election server was vulnerable to Shellshock and may have been hacked | Ars Technica
Visa's plan against Magecart attacks: Devalue and disrupt | ZDNet
Researchers find serious flaws in WordPress plugins used on 400k sites | Ars Technica
The FBI Got Data From A Locked iPhone 11 Pro Max—So Why Is It Demanding Apple Unlock Older Phones?
Apple dropped plan for encrypting backups after FBI complained - sources - Strategy - Cloud - Security - iTnews
Chinese man arrested after making $1.6 million from selling VPN services | ZDNet
Senators to Trump administration: Protect small businesses from Iranian hacking threat
ShadowMove: A Stealthy Lateral Movement Strategy | USENIX
I'm Nicole Perlroth, cybersecurity reporter for The New York Times. I broke the news that Russians hacked the Ukrainian gas company at the center of President Trump's impeachment. US officials warn that Russians have grown stealthier since 2016 and seek to target election systems ahead of 2020. AMA : worldnews