This episode sponsored by Cmd Security.On this week’s show Patrick and Adam discuss the week’s security news, including:
- The latest on the EncroChat hack-related arrests
- Details about the fresh F5 and Citrix bugs
- Natanz go boom
- Paying Wastedlocker ransoms violates Treasury sanctions
- North Korea embraces Magecart (lol)
- Much, much more…
This week’s show is brought to you by Cmd Security. They make a very useful Linux security agent. Essentially they add an additional layer of control to your Linux systems: you can restrict user actions, even for root.
Instead of having one of their own staff on to the show this week they’ve nominated a customer. HPE is a Cmd user, they actually heard about it on the podcast and wound up buying it. So HPE ITOC engineering lead Adam Cardillo and his colleague Curtis Simpson – the ITOC CISO – will both join us in this week’s sponsor interview to talk about how they’re using the software.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- VICE - How Police Secretly Took Over a Global Phone Network for Organized Crime
- Dutch police find 'torture chamber' with dentist chair after encrypted phones are cracked - ABC News
- The network devices are revolting - Risky Business
- Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment | WIRED
- Hackers are trying to steal admin passwords from F5 BIG-IP devices | ZDNet
- Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
- A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC) – Fox-IT International blog
- Iran blasts: What is behind mysterious fires at key sites? - BBC News
- Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: WastedLocker Goes "Big-Game Hunting" in 2020
- Senator warns of political pressure on U.S. probe into hackers of green groups - Reuters
- North Korean hackers linked to web skimming (Magecart) attacks, report says | ZDNet
- Connection discovered between Chinese hacker group APT15 and defense contractor | ZDNet
- lookout-uyghur-malware-tr-us.pdf
- Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn | ZDNet
- Feds indict 'fxmsp' in connection with million-dollar hacking operation
- US Secret Service reports an increase in hacked managed service providers (MSPs) | ZDNet
- Google, Facebook and Twitter Suspend Review of Hong Kong Requests for User Data - WSJ
- US tech giants halt Hong Kong police help | TechCrunch
- Senate panel advances bill to combat child exploitation, but critics fear it could weaken encryption
- (8) Michael Salter on Twitter: "Hard to find media coverage of the EARN IT act that recognises online child abuse as a major social problem that tech companies have an obligation to resolve. Too many journos are repeating industry and astroturfed talking points." / Twitter
- (8) Jennifer Hansler on Twitter: ".@SecPompeo says the US is "certainly looking at" banning Chinese social media apps, including TikTok. "I don’t want to get out in front of the President, but it’s something we’re looking at,” he says" / Twitter
- German authorities seize 'BlueLeaks' server that hosted data on US cops | ZDNet
- Facebook reinstates NSO Group employee accounts amid ongoing lawsuit
- Hole-y Guacamole: Flaws in Apache remote desktop tech exposed by new research | The Daily Swig
- Microsoft touts free malware-busting virtual machine forensics service | The Daily Swig
- Unscheduled fixes released for critical flaw in optional Windows codec | Ars Technica
- (1) Wayne Jordan on Twitter: "MS possibly addressing our E5 Azure app (OAuth) granularity concerns with this preview? @riskybusiness https://t.co/MWbUmNipsO" / Twitter
- Alexa OBrien › US v. Assange – Superseding Indictment No. 2 Breakdown – Updated
