Risky Business Podcast
July 08, 2020
Risky Business #591 -- EncroChat user experience includes getting owned, going to prison
Presented by
CEO and Publisher
Technology Editor
On this week’s show Patrick and Adam discuss the week’s security news, including:
- The latest on the EncroChat hack-related arrests
- Details about the fresh F5 and Citrix bugs
- Natanz go boom
- Paying Wastedlocker ransoms violates Treasury sanctions
- North Korea embraces Magecart (lol)
- Much, much more…
This week’s show is brought to you by Cmd Security. They make a very useful Linux security agent. Essentially they add an additional layer of control to your Linux systems: you can restrict user actions, even for root.
Instead of having one of their own staff on to the show this week they’ve nominated a customer. HPE is a Cmd user, they actually heard about it on the podcast and wound up buying it. So HPE ITOC engineering lead Adam Cardillo and his colleague Curtis Simpson – the ITOC CISO – will both join us in this week’s sponsor interview to talk about how they’re using the software.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by Cmd Security
Defense in depth for Linux
Show notes
VICE - How Police Secretly Took Over a Global Phone Network for Organized Crime
Dutch police find 'torture chamber' with dentist chair after encrypted phones are cracked - ABC News
The network devices are revolting - Risky Business
Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment | WIRED
Hackers are trying to steal admin passwords from F5 BIG-IP devices | ZDNet
A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC) – Fox-IT International blog
Iran blasts: What is behind mysterious fires at key sites? - BBC News
Senator warns of political pressure on U.S. probe into hackers of green groups - Reuters
North Korean hackers linked to web skimming (Magecart) attacks, report says | ZDNet
Connection discovered between Chinese hacker group APT15 and defense contractor | ZDNet
lookout-uyghur-malware-tr-us.pdf
Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn | ZDNet
Feds indict 'fxmsp' in connection with million-dollar hacking operation
US Secret Service reports an increase in hacked managed service providers (MSPs) | ZDNet
Google, Facebook and Twitter Suspend Review of Hong Kong Requests for User Data - WSJ
US tech giants halt Hong Kong police help | TechCrunch
Senate panel advances bill to combat child exploitation, but critics fear it could weaken encryption
German authorities seize 'BlueLeaks' server that hosted data on US cops | ZDNet
Facebook reinstates NSO Group employee accounts amid ongoing lawsuit
Hole-y Guacamole: Flaws in Apache remote desktop tech exposed by new research | The Daily Swig
Microsoft touts free malware-busting virtual machine forensics service | The Daily Swig
Unscheduled fixes released for critical flaw in optional Windows codec | Ars Technica
Alexa OBrien › US v. Assange – Superseding Indictment No. 2 Breakdown – Updated