Risky Business #593 -- China promises "mortal combat in the tech realm"

Round one, FIGHT!
05 Aug 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Trump’s war on TikTok (featuring guest Alex Stamos)
  • Twitter hackers caught. Pretty embarrassing stuff, really.
  • NSO implants target Easter Bunny
  • Garmin may need a good OFAC lawyer (featuring comment from Dmitri Alperovitch)
  • Blackberry cracked after five years leads to multiple arrests in Australia
  • Much, much more

Matt Cauthorn of ExtraHop Networks is this week’s news guest. He’ll join us to talk about how the pivot to work from home has changed incident response workflows. The tl;dr is the north-south traffic might look a bit different these days but the east-west shenanigans are still the same.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

TikTok review reduced to meaningless farce - Risky Business
China will not accept U.S. 'theft' of TikTok: China Daily - Reuters
Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users | Ars Technica
Three Individuals Charged For Alleged Roles In Twitter Hack | USAO-NDCA | Department of Justice
How the Alleged Twitter Hackers Got Caught | WIRED
US files superseding indictment against former Twitter employees accused of spying for Saudi Arabia
Twitter prepares to pay up to $250 million for using security data for advertising
Exclusive: Papers leaked before UK election in suspected Russian operation were hacked from ex-trade minister - sources - Reuters
Religious, political leaders in Togo allegedly targeted with NSO Group spyware
'Payment sent' - travel giant CWT pays $4.5 million ransom to cyber criminals - Reuters
Garmin 'paid multi-million dollar ransom to criminals using Arete IR', say sources | Science & Tech News | Sky News
Ransomware gang publishes tens of GBs of internal data from LG and Xerox | ZDNet
Blackberry cracked five years after seizure sparks mass arrests for drug importation
For North Korea, phishing with fake job-recruitment emails never gets old
Suspected Chinese hackers targeting Vatican in advance of Beijing negotiations
CISA, DOD, FBI expose new versions of Chinese malware strain named Taidoor | ZDNet
Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH) | ZDNet
EU sanctions China, Russia, and North Korea for past hacks | ZDNet
Hackers Broke Into Real News Sites to Plant Fake Stories | WIRED
Here's how Army Cyber Command plans to take on information warfare
Exclusive: China-backed hackers 'targeted COVID-19 vaccine firm Moderna' - Reuters
Kaspersky: New hacker-for-hire mercenary group is targeting European law firms | ZDNet
BootHole fixes causing boot problems across multiple Linux distros | ZDNet
Theoretical technique to abuse EMV cards detected used in the real world | ZDNet
Is Your Chip Card Secure? Much Depends on Where You Bank — Krebs on Security
New tool detects shadow admin accounts in AWS and Azure environments | ZDNet
Cloud Native Security: Network Detection and Response | ExtraHop