Risky Business #580 -- Czech spear phishing spurs fightin' words from Pompeo

Cyber knife fights might escalate to cyber gun fights...
22 Apr 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Czechs claim state-backed healthcare sector attack preparation
  • Pompeo goes full cyber berserker
  • New iOS exploit chain targets Uyghur diaspora
  • Zoom 0day for $500k? Tell him he’s dreamin’.

This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he’s talking about the future of secure, app-based voting.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Czech cyber officials warn of serious threat to health care sector
UPDATE 1-Czechs warn of imminent, large-scale cyberattacks on hospitals - Reuters
The United States Concerned by Threat of Cyber Attack Against the Czech Republic’s Healthcare Sector - United States Department of State
Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers
US offers $5 million reward for information on North Korean hackers | ZDNet
New iOS exploit discovered being used to spy on China's Uyghur minority | ZDNet
Hackers target oil producers as they struggle with a record glut of crude | Ars Technica
What fools these mortals be: 'Shakespearean' hackers hit Azerbaijani government and energy sectors
Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 - VICE
Security researcher discloses four IBM zero-days after company refused to patch | ZDNet
Zoom to revamp bug bounty program, bring in more security experts | ZDNet
IT services firm Cognizant hit with Maze ransomware
Hackers posed as Egyptian oil contractor in apparent spy campaign ahead of OPEC meeting
The CFAA will soon have its day before the Supreme Court
Hundreds of academics back privacy-friendly coronavirus contact tracing apps | TechCrunch
Hackers steal $25 million worth of cryptocurrency from Lendf.me platform | ZDNet
Starbleed bug impacts FPGA chips used in data centers, IoT devices, industrial equipment | ZDNet
DHS CISA: Companies are getting hacked even after patching Pulse Secure VPNs | ZDNet
German government might have lost tens of millions of euros in COVID-19 phishing attack | ZDNet
Tor Project lays off a third of its staff | ZDNet
Supply-chain attack hits RubyGems repository with 725 malicious packages | Ars Technica
ICEBUCKET group mimicked smart TVs to steal ad money | ZDNet
Coronavirus scientists are big targets for foreign cyber-espionage, FBI says
New tool detects AWS intrusions where hackers abuse self-replicating tokens | ZDNet
Nintendo accounts are getting hacked and used to buy Fortnite currency | ZDNet
People Are Making Bots to Snatch Whole Foods Delivery Order Time Slots - VICE
(64) Everything you ever wanted to know about Bluetooth contact tracing but were too scared to ask - YouTube
Deterrence in cyberspace isn't working. What next? - Risky Business
Governments gravitate to Gapple contact tracing standard - Risky Business
Seriously Risky Business