Risky Business #592 -- We're back. Did we miss anything?

A catch up on the last few weeks of security shenanigans...
29 Jul 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Two Chinese nationals charged with freelancing for MSS
  • Russia, China hacking COVID-19 research
  • The world dodged a bullet on the Windows DNS bug
  • Twitter blue tick pwnapalooza
  • Much, much more.

This week’s show is brought to you by Corelight. The company’s Chief Product Officer, Brian Dye, will be along for a chat a bit later on. We look at how adopting a zero trust model, sadly, doesn’t mean you can just ignore your network completely, as much as that would be nice.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Chinese campaign a sad indictment of infosec - Risky Business
US accuses two Chinese hackers of global hacking campaign, targeting coronavirus vaccine research
Russia’s Latest Hacking Target: Covid-19 Vaccine Projects | WIRED
Secret Trump order gives CIA more powers to launch cyberattacks
Report: CIA received more offensive hacking powers in 2018 | ZDNet
Russia's GRU Hackers Hit US Government and Energy Targets | WIRED
Two more cyber-attacks hit Israel's water system | ZDNet
UK 'almost certain' that 2019 election was target of Russian disinformation operation
Russia spreading coronavirus disinfo aimed at West, say US officials
Twitter says hackers accessed DMs for 36 users in last week's hack | ZDNet
US seeks to drop charges against former Twitter employees accused of spying for Saudi Arabia - The Verge
Microsoft Warns of a 17-Year-Old ‘Wormable’ Bug | WIRED
Hackers actively exploit high-severity networking vulnerabilities | Ars Technica
US cyber officials urge patching of bug affecting up to 40K SAP customers
CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malware | ZDNet
Garmin’s four-day service meltdown was caused by ransomware | Ars Technica
North Korean hackers are stepping up their ransomware game, Kaspersky finds
A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs | ZDNet
FBI warns US companies about backdoors in Chinese tax software | ZDNet
Malware stashed in China-mandated software is more extensive than thought | Ars Technica
Iranian Spies Accidentally Leaked Videos of Themselves Hacking | WIRED
Apple’s Hackable iPhones Are Finally Here | WIRED
Google's Project Zero team won't be applying for Apple's SRD program | ZDNet
NY Charges First American Financial for Massive Data Leak — Krebs on Security
Listen to This Deepfake Audio Impersonating a CEO in Brazen Fraud Attempt
The Rise of Synthetic Audio Deepfakes
GEDmatch confirms data breach after users’ DNA profile data made available to police | TechCrunch
Police Are Buying Access to Hacked Website Data
Wyden Plans Law to Stop Cops From Buying Data That Would Need a Warrant
Breached Data Indexer ‘Data Viper’ Hacked — Krebs on Security
Crooks have acquired proprietary Diebold software to “jackpot” ATMs | Ars Technica
Microsoft's new KDP tech blocks malware by making parts of the Windows kernel read-only | ZDNet
Sony awards $10,000 bug bounty for PlayStation 4 kernel exploit | The Daily Swig
Security Operations Lead » InternetNZ