Risky Business #586 -- Google TAGs Indian mercenaries

PLUS: Risky Biz editor Brett Winterford joins the show to talk incident response and legal privilege...
03 Jun 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • NSA warns of Sandworm Exim exploitation
  • Huawei CFO extradition process to continue
  • Google TAG implicates Indian hacker-for-hire outfits in espionage
  • Black lives matter
  • F–k police brutality

This week’s sponsor interview is with Marco Slaviero of Thinkst Canary. He’ll be talking through a few of the partnerships Thinkst has entered into over the years. He’ll also talk a bit about some new Canary integrations, such as a new one with HD Moore’s Rumble.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers | WIRED
Canadian judge OKs extradition proceedings for Huawei CFO
Google highlights Indian 'hack-for-hire' companies in new TAG report | ZDNet
Updates about government-backed hacking and disinformation
REvil Ransomware Gang Starts Auctioning Victim Data — Krebs on Security
Michigan State University hit by ransomware gang | ZDNet
Microsoft warns about attacks with the PonyFinal ransomware | ZDNet
Lawsuit seeking billions in damages filed against EasyJet
Anonymous, aiming for relevance, spins old data as new hacks
Exclusive: Zoom plans to roll out strong encryption for paying customers - Reuters
(5) Patrick Gray on Twitter: "Pretty funny that Zoom announced its plans to introduce e2e for paid accounts on May 7 and nobody blinked, but when they actually followed through a few weeks later people lost their minds over it. https://t.co/qsI9Pppey3" / Twitter
An advanced and unconventional hack is targeting industrial firms | Ars Technica
Rod Rosenstein is working with NSO Group, the Israeli firm accused of spying on dissidents
GitHub warns Java developers of new malware poisoning NetBeans projects | ZDNet
Hacker leaks database of dark web hosting provider | ZDNet
Career Choice Tip: Cybercrime is Mostly Boring — Krebs on Security
UK Ad Campaign Seeks to Deter Cybercrime — Krebs on Security
Researcher claims $100,000 for ‘Sign in with Apple’ hack
Zero-day in Sign in with Apple
Facebook security: Researcher scoops $31k bug bounty for flagging SSRF vulnerabilities | The Daily Swig
Google launches CTF-style bug bounty challenge for Kubernetes | The Daily Swig
Shadowserver, an Internet Guardian, Finds a Lifeline | WIRED
DOD's third attempt to implement IPv6 isn't going well | ZDNet
OpenSSH to deprecate SHA-1 logins due to security risk | ZDNet
G Suite Marketplace primed for a privacy scandal, researchers warn | ZDNet
(6) Christopher Glyer on Twitter: "Ewww - one of my favorite subjects. Just like we reported in 2016/2017 with Google - an attacker can create an Oauth app (an Azure app). Once user consents - the app can bypass MFA. Unless you have E5 license only choice is to either enable/disable ALL apps #FireEyeSummit https://t.co/8BsTnkiGPL" / Twitter
Judge rules Capital One must hand over Mandiant's forensic data breach report
Surprise Capital One court decision spells trouble for incident response - Risky Business