Risky Business #571 -- Is Joshua Schulte The Shadow Brokers?

PLUS: Minor app glitch leads to major headlines...
05 Feb 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Iowa app falls over, social and mainstream media chaos ensues
  • Twitter acknowledges state-backed API abuse
  • CDA 230 under review. Uh oh.
  • Toll Group ransomware
  • ICS-compatible ransomware spotted in wild
  • UN got owned pretty hard
  • Is Joshua Schulte The Shadow Brokers? A theory
  • Much, much more.

This week’s show is brought to you by Okta.

Okta’s Simon Thorpe will be along this week to talk about a new trend they’re seeing and obviously encouraging – enterprises ditching Microsoft’s Active Directory. It’s a cloud, cloud, cloud, cloud, world these days. and in the year 2020, you might want to actually ask yourself – do you still need to be using AD?

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The Iowa Caucus Tech Meltdown Is a Warning | WIRED
Democrats’ Iowa Caucus Voting App Stirs Security Concerns - WSJ
Twitter says an attacker used its API to match usernames to phone numbers | ZDNet
Google Guilty Of ‘Big Screw Up’ That May Have Leaked Your Videos To A Random Stranger
Department of Justice to Hold Workshop on Section 230 of the Communications Decency Act | OPA | Department of Justice
The EARN IT Act: How to Ban End-to-End Encryption Without Actually Banning It | Center for Internet and Society
Encryption laws not used to fight terrorism - InnovationAus
Toll Group confirms "targeted" ransomware attack - Security - iTnews
Toll IT Systems Update | Toll Group
(24) Bad Packets Report on Twitter: "@riskybusiness @rycrozier Their Citrix server, https://t.co/66XQWpiFyF, was vulnerable to CVE-2019-19781 on 2020-01-11T06:30:06Z." / Twitter
(24) MalwareTech on Twitter: "A day prior to the Travelex hack, its parent company was worth $2.1 Billion. A month later it is now worth $764 Million. The CEO owns 63% of the shares, which puts his personal loss around $850 Million." / Twitter
Dozens of companies have data dumped online by ransomware ring seeking leverage | Ars Technica
Mysterious New Ransomware Targets Industrial Control Systems | WIRED
The New Humanitarian | EXCLUSIVE: The hack the UN tried to keep under wraps
UN didn't patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it • The Register
Iranian hackers target US government workers in new campaign | ZDNet
As Vault 7 trial begins, Joshua Schulte's attorneys will argue he's a whistleblower
Trial of Accused 'Vault 7' Leaker Opens in New York
Senior Adviser To The Operator Of The “Silk Road” Website Pleads Guilty In Manhattan Federal Court | USAO-SDNY | Department of Justice
Three suspects arrested in Maltese bank cyber-heist | ZDNet
Raytheon engineer arrested for taking US missile defense data to China | ZDNet
DOD contractor suffers ransomware infection | ZDNet
Hackers are hijacking smart building access systems to launch DDoS attacks | ZDNet
Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security — Krebs on Security
FCC Confirms 'One or More' Carriers Broke the Law Selling Location Data - VICE
Anti-virus firm Avast shuts down its data-selling subsidiary
Department of Interior grounding drone fleet over cybersecurity concerns
Google open-sources the firmware needed to build hardware security keys | ZDNet
Apple wants to standardize the format of SMS OTPs (one-time passcodes) | ZDNet
Why direct-memory attacks on laptops just won't go away
Facebook settles facial recognition lawsuit for $550 million
Remember FindFace? The Russian Facial Recognition Company Just Turned On A Massive, Multimillion-Dollar Moscow Surveillance System
London to deploy live facial recognition to find wanted faces in a crowd | Ars Technica
(15) DC3 VDP on Twitter: "Happy Friday hackers! Nitesh @ideaengine007 found a critical RCE vulnerability in Jenkins that led us to discover a Bitcoin mining service running on a DoD website 😲. Head over to the disclosed report to see all the details! Thanks for being 🔥 Nitesh https://t.co/YywrVZu2Uc" / Twitter
(15) HD Moore on Twitter: "Flamingo is a new open source tool from @Atredis for capturing credentials sprayed by IT and security products: https://t.co/NDmCfA0qvA (h/t to @4lex for HTTP NTLM support!) https://t.co/V2jKi3Enpg" / Twitter
Spotlight shone on Microsoft Azure vulnerability | The Daily Swig
Magento fixes trio of critical security flaws | The Daily Swig
Serious flaw that lurked in sudo for 9 years hands over root privileges | Ars Technica
An Artist Used 99 Phones to Fake a Google Maps Traffic Jam | WIRED
Google cuts Chrome 'patch gap' in half, from 33 to 15 days | ZDNet
Researcher: Backdoor mechanism still active in devices using HiSilicon chips | ZDNet