Risky Business #600 -- Who's messing with TrickBot?

PLUS: Treasury issues final warning over sanctioned ransomware crews...
07 Oct 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • The UHS ransomware attack
  • Someone is messing with TrickBot: Did the USA release the hounds?
  • US Treasury issues final warning on sanctioned ransomware crews
  • Azerbaijan and Armenia going at it
  • Fancy Bear owns US government department

Nucleus Security co-founder Scott Kuffer joins the show in this week’s sponsor interview to talk about how they have discovered a LOT of enterprises are actually trying to develop in-house vulnerability management software and how that is not going well.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

A Ransomware Attack Has Struck a Major US Hospital Chain | WIRED
German investigators treating ransomware attack as negligent homicide, reports say
Attacks Aimed at Disrupting the Trickbot Botnet — Krebs on Security
Microsoft: Some ransomware attacks take less than 45 minutes | ZDNet
US Treasury says some ransomware payments may need its express approval | ZDNet
Front companies for Chinese and Iranian APTs doxxed - Risky Business
Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack — Krebs on Security
Alleged Iranian hackers balanced espionage with personal cybercrime, US indictment says - CyberScoop
US charges Iranian hackers for breaching US satellite companies | ZDNet
A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware | WIRED
Microsoft says Iranian hackers are exploiting the Zerologon vulnerability | ZDNet
Spies hacked Azerbaijan government officials as Nagorno-Karabakh conflict escalated
North Korea has tried to hack 11 officials of the UN Security Council | ZDNet
Federal Agency Compromised by Malicious Cyber Actor | CISA
Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency | WIRED
Microsoft removed 18 Azure AD apps used by Chinese state-sponsored hacker group | ZDNet
TikTok, WeChat survive in US app stores — one with a deal, the other with a judge's help
Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI | ZDNet
Kevin Rudd: «The Dollar is One of the Things China Fears»
Portland passes landmark private sector facial recognition technology ban | The Daily Swig
All four of the world's largest shipping companies have now been hit by cyber-attacks | ZDNet
UN maritime agency says it was hacked | ZDNet
Trump officials hint at update for US maritime cybersecurity
Encrochat Investigation Finds Corrupt Cops Leaking Information to Criminals
KuCoin cryptocurrency exchange hacked for $150 million | ZDNet
GitHub rolls out new Code Scanning security feature to all users | ZDNet
Facebook sues two Chrome extension makers for scraping user data | ZDNet
Senator asks DHS if foreign-controlled browser extensions threaten the US | Ars Technica
A security flaw in Grindr let anyone easily hijack user accounts | TechCrunch
Hackers claim they can now jailbreak Apple's T2 security chip | ZDNet
Critical stored XSS vulnerability in Instagram’s Spark AR Studio nets 14-year-old researcher $25,000 | The Daily Swig
Mozilla shuts down Firefox Send and Firefox Notes services | ZDNet
Member of 'The Dark Overlord' hacking group sentenced to five years in prison | ZDNet
LinkedIn hacker Nikulin sentenced to 7 years in prison after years of legal battles
John McAfee arrested in Spain, charged with tax evasion