Risky Business Podcast

November 18, 2020

Risky Business #605 -- Trump fires CISA director Chris Krebs

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • CISA director Chris Krebs fired
  • Trump ramps up his disinformation campaign
  • TikTok ban stalls
  • BlackBerry discovers new hacker-for-hire crew
  • DNS cache poisoning is back. But do we really care?
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Thinkst’s founder Haroon Meer will be along in this week’s show to talk a bit about security product design. Canary has been remarkably restrained over the years. Instead of trying to use their success as a platform to launch a million other products, they’ve spent more time really working on design and usability. He’ll join us to talk through all of that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #605 -- Trump fires CISA director Chris Krebs
0:00 / 0:00

Show notes

Patrick Gray on Twitter: "The final tweet. I LOVE it that Chris went down swinging. I've gotten to know him a little over the last year and a half, and yeah, he takes his job and mission extremely seriously. The USA has lost a true public servant." / Twitter

Exclusive: Top official on U.S. election cybersecurity tells associates he expects to be fired | Reuters

Lawmakers back CISA chief Krebs after report that he expects to be fired

Trump goes to DEF CON to explain election loss - Risky Business

After Trump tweets Defcon hacking video, voting security experts call BS | Ars Technica

TikTok gets extensions on US sale order, ban enforcement

The untold story of a cyberattack, a hospital and a dying woman | WIRED UK

The ransomware landscape is more crowded than you think | ZDNet

Video game company Capcom details attack, data breach by ransomware gang

Recent ransomware wave targeting Israel linked to Iranian threat actors | ZDNet

Australian government warns of possible ransomware attacks on health sector | ZDNet

Microsoft says three APTs have targeted seven COVID-19 vaccine makers | ZDNet

BlackBerry discovers new hacker-for-hire mercenary group | ZDNet

Mac certificate check stokes fears that Apple logs every app you run | Ars Technica

Apple lets some Big Sur network traffic bypass firewalls | Ars Technica

How the U.S. Military Buys Location Data from Ordinary Apps

Muslim Pro Stops Sharing Location Data After Motherboard Investigation

The iOS Covid App Ecosystem Has Become a Privacy Minefield | WIRED

Australia eyes payment card data for contact tracing - Risky Business

Bumble Vulnerabilities Put Facebook Likes, Locations And Pictures Of 95 Million Daters At Risk

Twitter hires influential hacker Peiter ‘Mudge’ Zatko as security boss

SAD DNS: Researchers pull source code as DNS cache poisoning technique deemed ‘too dangerous’ | The Daily Swig

SAD DNS

Facebook link preview feature used as a proxy in website-scraping scheme | ZDNet

FIN7 recruiter Andrii Kolpakov pleads guilty to role in global hacking scheme

Hackers can use just-fixed Intel bugs to install malicious firmware on PCs | Ars Technica

Citrix patches RCE flaw in SD-WAN Center that could lead to network takeover | The Daily Swig

Google patches two more Chrome zero-days | ZDNet

Chrome 87 released with fix for NAT Slipstream attacks, broader FTP deprecation | ZDNet