Risky Business #604 -- Election-related cyber shenanigans fail to materialise

But don't worry, there's been plenty of carnage elsewhere…
11 Nov 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Zoom settles with FTC over misleading E2EE claim
  • Some poor sod had to give up $1bn in Bitcoin
  • Solaris SSH 0day? Let’s party like it’s 1999
  • Samy Kamkar’s latest trick: NAT Slipstreaming
  • Australia’s hardcore critical infrastructure protection bill
  • Much, much more

This week’s show is brought to you by Remediant. Company co-founder Paul Lanzi joins the show in this week’s sponsor interview to talk about how they’ve been helping companies recover from ransomware attacks. Maybe listen to this one. You know. Just in case you find yourself in that situation one day?

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Zoom settles FTC charges for misleading users about security features | ZDNet
Someone has transferred ~$1 billion from a bitcoin wallet quiet since 2015 | Ars Technica
The feds just seized Silk Road’s $1 billion stash of bitcoin | Ars Technica
Hacker group uses Solaris zero-day to breach corporate networks | ZDNet
NAT Slipstreaming hack tricks firewalls and routers | The Daily Swig
Australia's hardcore critical infrastructure laws open to challenge - Risky Business
23,600 hacked databases have leaked from a defunct 'data breach index' site | ZDNet
More suspected North Korean malware identified after US alert on Kimsuky hackers
Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed
The many personalities of Lazarus - Risky Business
Windows 10, iOS, Chrome, and many others fall at China's top hacking contest | ZDNet
Linux version of RansomEXX ransomware discovered | ZDNet
Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments
Building wave of ransomware attacks strike U.S. hospitals | Reuters
Why Paying to Delete Stolen Data is Bonkers — Krebs on Security
Israeli companies targeted with new Pay2Key ransomware | ZDNet
Capcom takes systems offline following cyber-attack | The Daily Swig
Company that runs US illegal immigration detention centers discloses ransomware attack | ZDNet
Ransomware Hits Dozens of Hospitals in an Unprecedented Wave | WIRED
Italian beverage vendor Campari knocked offline after ransomware attack | ZDNet
Compal, the second-largest laptop manufacturer in the world, hit by ransomware | ZDNet
Toy maker Mattel discloses ransomware attack | ZDNet
Wisconsin Republicans say last minute hack cost party $2 million meant to reelect Trump
FBI: Hackers stole source code from US government agencies and private companies | ZDNet
Pwned: Deloitte Hacker IQ game forced offline after hack | The Daily Swig
Russian authorities make rare arrest of malware author | ZDNet
CERT/CC launches Twitter bot to give security bugs random names | ZDNet
Oracle publishes rare out-of-band security update for WebLogic servers | ZDNet
Apple fixes three iOS zero-days exploited in the wild | ZDNet
After two zero-days in Chrome desktop, Google patches a third zero-day in the Android version | ZDNet
Google’s Project Zero discloses Windows 0-day that’s been under active exploit | Ars Technica
Google discloses Windows zero-day exploited in the wild | ZDNet
Google patches second Chrome zero-day in two weeks | ZDNet
ACOS/aGalaxy GUI RCE Vulnerability – CVE-2020-24384 – A10 Support
Infamous ‘Hoax’ Artist Behind Trumpworld’s New Voter Fraud Claim
(1) Matthew Gertz (@MattGertz) / Twitter