Risky Business #595 -- NSA and FBI document GRU's Linux malware for them

PLUS: All the week's security news...
19 Aug 2020 » Risky Business

On this week’s show Patrick, Adam and Sherrod DeGrippo discuss the week’s security news, including:

  • NSA and FBI doxx GRU malware. Lol.
  • Malicious Azure app snags SANS staffer
  • Oracle to acquire TikTok?
  • Trump weighs Snowden pardon
  • Much, much more

This week’s show is brought to you by Airlock Digital. They make allowlist/safelist software that is actually manageable at scale! David Cottingham, an Airlock co-founder, joins the show this week to talk through a few product updates.

Links to everything that we discussed are below and you can follow Patrick, Sherrod or Adam on Twitter if that’s your thing.

Show notes

GRU uses Linux rootkits, everyone else is OAuth phishing - Risky Business
NSA, FBI expose Russian intelligence hacking tool: report - Reuters
For six months, security researchers have secretly distributed an Emotet vaccine across the world | ZDNet
SANS Institute, which drills cyber professionals in defense, suffers data breach
US Army report says many North Korean hackers operate from abroad | ZDNet
Oracle Said to be Weighing Bid for TikTok’s U.S. Business - Bloomberg
Final Senate Intel report details remarkable contact between Trump campaign, Russian spies
Trump Pardon of Edward Snowden Would Backfire - Bloomberg
Secret Service Bought Phone Location Data from Apps, Contract Confirms
The Attack That Broke Twitter Is Hitting Dozens of Companies | WIRED
The Secret SIMs Used By Criminals to Spoof Any Number
An advanced group specializing in corporate espionage is on a hacking spree
Cruise operator Carnival hit by ransomware
Brown-Forman Was Target of Apparent Ransomware Attack - Bloomberg
Blackbaud ransomware attack exposed donor data from two UK charities | The Daily Swig
Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack — Krebs on Security
Canadian government services forced offline after credential stuffing attacks | The Daily Swig
Ukraine arrests gang who ran 20 crypto-exchanges and laundered money for ransomware gangs | ZDNet
Signal adds message requests to stop spam and protect user privacy | ZDNet
Re­VoL­TE attack can decrypt 4G (LTE) calls to eavesdrop on conversations | ZDNet
Sources: Mozilla extends its Google search deal | ZDNet
Remote code execution vulnerability exposed in popular JavaScript serialization package | The Daily Swig
Some email clients are vulnerable to attacks via 'mailto' links | ZDNet