Risky Business #591 -- EncroChat user experience includes getting owned, going to prison

PLUS: All the latest on the PAN/Citrix/F5-mageddon...
08 Jul 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • The latest on the EncroChat hack-related arrests
  • Details about the fresh F5 and Citrix bugs
  • Natanz go boom
  • Paying Wastedlocker ransoms violates Treasury sanctions
  • North Korea embraces Magecart (lol)
  • Much, much more…

This week’s show is brought to you by Cmd Security. They make a very useful Linux security agent. Essentially they add an additional layer of control to your Linux systems: you can restrict user actions, even for root.

Instead of having one of their own staff on to the show this week they’ve nominated a customer. HPE is a Cmd user, they actually heard about it on the podcast and wound up buying it. So HPE ITOC engineering lead Adam Cardillo and his colleague Curtis Simpson – the ITOC CISO – will both join us in this week’s sponsor interview to talk about how they’re using the software.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

VICE - How Police Secretly Took Over a Global Phone Network for Organized Crime
Dutch police find 'torture chamber' with dentist chair after encrypted phones are cracked - ABC News
The network devices are revolting - Risky Business
Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment | WIRED
Hackers are trying to steal admin passwords from F5 BIG-IP devices | ZDNet
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC) – Fox-IT International blog
Iran blasts: What is behind mysterious fires at key sites? - BBC News
Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: WastedLocker Goes "Big-Game Hunting" in 2020
Senator warns of political pressure on U.S. probe into hackers of green groups - Reuters
North Korean hackers linked to web skimming (Magecart) attacks, report says | ZDNet
Connection discovered between Chinese hacker group APT15 and defense contractor | ZDNet
Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn | ZDNet
Feds indict 'fxmsp' in connection with million-dollar hacking operation
US Secret Service reports an increase in hacked managed service providers (MSPs) | ZDNet
Google, Facebook and Twitter Suspend Review of Hong Kong Requests for User Data - WSJ
US tech giants halt Hong Kong police help | TechCrunch
Senate panel advances bill to combat child exploitation, but critics fear it could weaken encryption
(8) Michael Salter on Twitter: "Hard to find media coverage of the EARN IT act that recognises online child abuse as a major social problem that tech companies have an obligation to resolve. Too many journos are repeating industry and astroturfed talking points." / Twitter
(8) Jennifer Hansler on Twitter: ".@SecPompeo says the US is "certainly looking at" banning Chinese social media apps, including TikTok. "I don’t want to get out in front of the President, but it’s something we’re looking at,” he says" / Twitter
German authorities seize 'BlueLeaks' server that hosted data on US cops | ZDNet
Facebook reinstates NSO Group employee accounts amid ongoing lawsuit
Hole-y Guacamole: Flaws in Apache remote desktop tech exposed by new research | The Daily Swig
Microsoft touts free malware-busting virtual machine forensics service | The Daily Swig
Unscheduled fixes released for critical flaw in optional Windows codec | Ars Technica
(1) Wayne Jordan on Twitter: "MS possibly addressing our E5 Azure app (OAuth) granularity concerns with this preview? @riskybusiness https://t.co/MWbUmNipsO" / Twitter
Alexa OBrien › US v. Assange – Superseding Indictment No. 2 Breakdown – Updated