Risky Business #570 -- FTI report lands like a lead balloon

PLUS: CitizenLab drops the good stuff, Mitsubishi owned through its AV and more...
29 Jan 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • The FTI report on the Bezos incident is a massive let down
  • UK lets Huawei into 5G build
  • SeaTurtle campaign pinned on Turkey
  • Mitsubishi owned through its AV solution
  • Ransomware crews owning unpatched Citrix boxes
  • Much, much more.

This week’s sponsor guest is Sherrod DeGrippo of Proofpoint. She’s a senior director of threat research there and she’ll be along to talk about the Emotet malware. Despite being spray and pray malware, it’s pretty successful because it operates at such ridiculous scale. Sherrod joins us with details.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The big questions from FTI's report on the Jeff Bezos hack
Some Directions for Further Investigation in the Bezos Hack Case
A timeline of events surrounding the Bezos phone hack | ZDNet
(10) Bill Marczak on Twitter: "FTI can no longer credibly avoid decrypting the encrypted video that MbS sent to Bezos. Previously, FTI would have had to click on the 1st Google result for "how to decrypt enc whatsapp" (hard, I know), but now @dinodaizovi put everything in a GitHub repo! https://t.co/3dnFgURRyU" / Twitter
Hack of Jeff Bezos' phone likely happened through Saudi crown prince, analysts tell UN - CyberScoop
Here Is the Technical Report Suggesting Saudi Arabia’s Prince Hacked Jeff Bezos’ Phone - VICE
Everything We Know About the Jeff Bezos Phone Hack | WIRED
Stopping the Press: New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator - The Citizen Lab
New U.S. law requires government to report risks of overseas activities by ex-spies - Reuters
UK won't ban Huawei in British 5G technology, defying U.S. warnings - CyberScoop
Exclusive: Hackers acting in Turkey's interests believed to be behind recent cyberattacks - sources - Reuters
Trend Micro antivirus zero-day used in Mitsubishi Electric hack | ZDNet
Fortinet removes SSH and database backdoors from its SIEM product | ZDNet
Hackers target unpatched Citrix servers to deploy ransomware | ZDNet
Tampa Bay Times struck by ransomware, joining a growing club of hacked media outlets
The average ransom demand for a REvil ransomware infection is a whopping $260,000 | ZDNet
Judge forces insurer to help small business to clean up after a crippling ransomware attack
New York state wants to ban government agencies from paying ransomware demands | ZDNet
Hackers hijack social media accounts for the NFL and 15 teams | ZDNet
One Small Fix Would Curb Stingray Surveillance | WIRED
Leaked Documents Expose the Secretive Market for Your Web Browsing Data - VICE
Scraping the Web Is a Powerful Tool. Clearview AI Abused It | WIRED
Mozilla has banned nearly 200 malicious Firefox add-ons over the last two weeks | ZDNet
The Chrome Web Store is currently facing a wave of fraudulent transactions | ZDNet
MDhex vulnerabilities impact GE patient vital signs monitoring devices | ZDNet
Researchers set up a mock factory network — and watched the criminals rush in
Microsoft to forcibly install Bing search extension in Chrome for Office 365 ProPlus users | ZDNet
Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw | WIRED
Magecart gang arrested in Indonesia | ZDNet
DEF CON China conference put on hold due to coronavirus outbreak | ZDNet
Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus | ZDNet
LoRaWAN networks are spreading but security researchers say beware | ZDNet
Wawa Breach May Have Compromised More Than 30 Million Payment Cards — Krebs on Security
LabCorp security lapse exposed thousands of medical documents | TechCrunch
TALOS-2019-0964 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
oss-security - LPE and RCE in OpenSMTPD (CVE-2020-7247)
Equifax Ordered to Spend $1 Billion on Data Security