Risky Business #601 -- Everyone's messing with TrickBot

PLUS: Why the "ethics in OST" debate is moot...
14 Oct 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Yep, it was Cyber Command
  • Also Microsoft, Symantec, Lumen and others
  • Norwegian parliament hack pinned on Russia
  • We finally talk about “ethics in OST”
  • More

Netflix senior security engineer Scott Behrens also joins the show this week. This week’s episode if brought to you by Signal Sciences – which is now a part of Fastly – and they suggested we talk to Scott for their sponsor slot this week. So, Scott joins the show to talk through how Netflix handles appsec.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Report: U.S. Cyber Command Behind Trickbot Tricks — Krebs on Security
Persistently Engaging TrickBot: USCYBERCOM Takes on a Notorious Botnet - Lawfare
(1) Ciaran Martin on Twitter: "Fascinating account from ⁦@BobbyChesney⁩ on new adaptation of persistent engagement: the hounds released against #ransomware. https://t.co/Dk5Spcjkmy" / Twitter
Trickbot and the Context of Cyber Warfare – Stranded on Pylos
TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent | ZDNet
The Man Who Speaks Softly—and Commands a Big Cyber Army | WIRED
FBI/DHS: Government election systems face threat from active Zerologon exploits | Ars Technica
DHS warns that Emotet malware is one of the most prevalent threats today | Ars Technica
Norway says Russian hackers carried out breach at parliament
Russian-speaking hackers target Russian organizations with industrial spying tools
Chinese hackers suspected in cyber-espionage operation against Russia, India
'Mercenary' hacker group runs rampant in Middle East, cybersecurity research shows | Reuters
Lined up in the sights of Vietnamese hackers
Five Eyes governments, India, and Japan make new call for encryption backdoors | ZDNet
Cyber Command and Microsoft pile in on TrickBot - Risky Business
Top reason to apply October, 2020’s Microsoft patches: Ping of Death Redux – Sophos News
German tech giant Software AG down after ransomware attack | ZDNet
Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work — Krebs on Security
Malware gangs love open source offensive hacking tools | ZDNet
Researchers map threat actors’ use of open source offensive security tools | The Daily Swig
Researchers Found 55 Flaws in Apple's Corporate Network | WIRED
Swiss Post releases bug bounty safe harbor wording under Creative Commons license | The Daily Swig