Risky Business Podcast

October 28, 2020

Risky Business #603 -- YOU get sanctions, and YOU get sanctions

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • “Proud Boys” email campaign attributed to Iran in record time
  • Sanctions for everyone!
  • US doxes more adversary TTPs
  • Katie Nickels and Chris Krebs join the show

This week’s show is brought to you by attack simulation platform company AttackIQ. Carl Wright from AttackIQ joins us this week to talk about the distinct possibility that large organisations are going to start slashing their security budgets in response to the changing economy.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #603 -- YOU get sanctions, and YOU get sanctions
0:00 / 0:00

Show notes

CISA, FBI roll the dice on transparency - Risky Business

Exclusive: 'Dumb mistake' exposed Iranian hand behind fake Proud Boys U.S. election emails - sources | Reuters

FBI News Conference on Election Security | C-SPAN.org

Iran’s bogus email campaign on U.S. elections had a Facebook disinformation prong

Why the US was so fast to blame Iran for voter intimidation emails in Florida

US Treasury sanctions 5 Iranian organizations for alleged election influence operations

'MuddyWater' spies suspected in attacks against Middle East governments, telecoms

The US Sanctions Russians for Potentially ‘Fatal’ Triton Malware | WIRED

EU slaps sanctions on GRU leader, Fancy Bear, FBI-wanted hacker over Bundestag attack

DOD, FBI, DHS warn of active North Korean government-linked hacking operation

FBI, CISA: Russian hackers breached US government networks, exfiltrated data | ZDNet

The Hunter Biden laptop could be fake. Or it could be real. We may never know. - The Washington Post

Exclusive: National Guard called in to thwart cyberattack in Louisiana weeks before election | Reuters

Phishing groups are collecting user data, email and banking passwords via fake voter registration forms | ZDNet

(1) John Hultquist on Twitter: "If the hackers claim to be criminal and there’s no way to pay them, that raises doubt. Likewise, if they claim to be ideological and ask for money..." / Twitter

Justice Department official accuses China of acting as ‘safe haven’ for cybercriminals

Dr. Reddy's shuts 'key' plants worldwide after potential cyberattack hits COVID work | FiercePharma

Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts

A Hacker Is Threatening to Leak Patients' Therapy Notes | WIRED

Tech giants among those affected by breach at PDF signature software maker Nitro | The Daily Swig

Massive Nitro data breach impacts Microsoft, Google, Apple, more

404 Error | Nitro

Hacker steals $24 million from cryptocurrency service 'Harvest Finance' | ZDNet

MobileIron enterprise MDM servers under attack from DDoS gangs, nation-states | ZDNet

(3) Patrick Gray on Twitter: "Wooo... about time" / Twitter

Apple notarizes six malicious apps posing as Flash installers | ZDNet

The Now-Defunct Firms Behind 8chan, QAnon — Krebs on Security

CBP Refuses to Tell Congress How it is Tracking Americans Without a Warrant

Over 100 irrigation systems left exposed online without a password | ZDNet

Microsoft launches machine learning cyber-attack threat matrix | The Daily Swig

WordPress deploys forced security update for dangerous bug in popular plugin | ZDNet

NSA whistleblower Edward Snowden granted permanent residency in Russia | ZDNet

Process Herpaderping | herpaderping