Risky Business #584 -- Nation-backed attackers own easyJet, jump airgaps, hack ports

A big week for cyber shenanigans...
20 May 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • easyJet breach linked to Chinese APT
  • Israel claims credit for attack against Iranian port
  • Chinese-linked crew behind Taiwan energy hax
  • Crypto-wars reignite over Pensacola shooter’s phone
  • Much, much more

This week’s show is brought to you by Gigamon Threat Insight. Will Peteroy is our sponsor guest in this week’s show and he drops by with a pretty sobering message: large companies are provisioning VPN access to all and sundry right now because of the COVID-19 crisis and ransomware crews are sailing right on in on the back of that access.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

EasyJet announces breach impacting 9 million people
China hackers suspected in easyJet attack
Taiwan suggests China’s Winnti group is behind ransomware attack on state oil company
'Greenbug' hacking group hits three telecom firms in Pakistan
US will try Joshua Schulte again for allegedly leaking CIA hacking tools
iPhone crypto hid al-Qaida link to naval base shooting, AG fumes | Ars Technica
iPhone Research Tool Sued by Apple Says It’s Just Like a PlayStation Emulator - VICE
Ransomware gang asks $42m from NY law firm, threatens to leak dirt on Trump | ZDNet
UK electricity middleman hit by cyber-attack | ZDNet
Hackers preparing to launch ransomware attacks against hospitals arrested in Romania | ZDNet
Supercomputers hacked across Europe to mine cryptocurrency | ZDNet
Security incident knocks UK supercomputer service offline for days
U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs — Krebs on Security
Scammers steal $10 million from Norfund, the largest sovereign wealth fund
FBI warns about attacks on Magento online stores via old plugin vulnerability | ZDNet
Top 10 Routinely Exploited Vulnerabilities | CISA
Hackers target the air-gapped networks of the Taiwanese and Philippine military | ZDNet
New Ramsay malware can steal sensitive documents from air-gapped networks | ZDNet
COMpfun authors spoof visa application with HTTP status-based Trojan | Securelist
Pentagon Contractors’ Report on ‘Wuhan Lab’ Origins of Coronavirus Is Bogus
This Service Helps Malware Authors Fix Flaws in their Code — Krebs on Security
A cybercrime store is selling access to more than 43,000 hacked servers | ZDNet
US Commerce Department tightens screws on Huawei export controls
Huawei denies involvement in buggy Linux kernel patch proposal | ZDNet
Chrome will soon block resource-draining ads. Here’s how to turn it on now | Ars Technica
Google to start rolling out Chrome Tab Groups feature next week | ZDNet
Microsoft adds initial support for DNS-over-HTTPS (DoH) in Windows Insiders | ZDNet
Cloud security: Attacking Azure AD to expose sensitive accounts and assets | The Daily Swig
Service NSW: Australian government agency hit by cyber-attack | The Daily Swig
PrintDemon vulnerability impacts all Windows versions | ZDNet
Critical SharePoint and browser security flaws star in May Patch Tuesday | The Daily Swig
XSS vulnerability in ‘Login with Facebook’ button earns $20,000 bug bounty | The Daily Swig
BIND 9 security releases address two high severity vulnerabilities | The Daily Swig
Web Giants Scrambled to Head Off a Dangerous DDoS Technique | WIRED
Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks | ZDNet
How to use Trend Micro's Rootkit Remover to Install a Rootkit – Bill Demirkapi's Blog – The adventures of a 18 year old security researcher.
Officials: Israel linked to a disruptive cyberattack on Iranian port facility - The Washington Post
Gigamon ThreatINSIGHT| Network Detection and Response | Gigamon