Risky Business #605 -- Trump fires CISA director Chris Krebs

Krebs pays the price for debunking Trumpworld's "nonsense"...
18 Nov 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • CISA director Chris Krebs fired
  • Trump ramps up his disinformation campaign
  • TikTok ban stalls
  • BlackBerry discovers new hacker-for-hire crew
  • DNS cache poisoning is back. But do we really care?
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Thinkst’s founder Haroon Meer will be along in this week’s show to talk a bit about security product design. Canary has been remarkably restrained over the years. Instead of trying to use their success as a platform to launch a million other products, they’ve spent more time really working on design and usability. He’ll join us to talk through all of that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Patrick Gray on Twitter: "The final tweet. I LOVE it that Chris went down swinging. I've gotten to know him a little over the last year and a half, and yeah, he takes his job and mission extremely seriously. The USA has lost a true public servant." / Twitter
Exclusive: Top official on U.S. election cybersecurity tells associates he expects to be fired | Reuters
Lawmakers back CISA chief Krebs after report that he expects to be fired
Trump goes to DEF CON to explain election loss - Risky Business
After Trump tweets Defcon hacking video, voting security experts call BS | Ars Technica
TikTok gets extensions on US sale order, ban enforcement
The untold story of a cyberattack, a hospital and a dying woman | WIRED UK
The ransomware landscape is more crowded than you think | ZDNet
Video game company Capcom details attack, data breach by ransomware gang
Recent ransomware wave targeting Israel linked to Iranian threat actors | ZDNet
Australian government warns of possible ransomware attacks on health sector | ZDNet
Microsoft says three APTs have targeted seven COVID-19 vaccine makers | ZDNet
BlackBerry discovers new hacker-for-hire mercenary group | ZDNet
Mac certificate check stokes fears that Apple logs every app you run | Ars Technica
Apple lets some Big Sur network traffic bypass firewalls | Ars Technica
How the U.S. Military Buys Location Data from Ordinary Apps
Muslim Pro Stops Sharing Location Data After Motherboard Investigation
The iOS Covid App Ecosystem Has Become a Privacy Minefield | WIRED
Australia eyes payment card data for contact tracing - Risky Business
Bumble Vulnerabilities Put Facebook Likes, Locations And Pictures Of 95 Million Daters At Risk
Twitter hires influential hacker Peiter ‘Mudge’ Zatko as security boss
SAD DNS: Researchers pull source code as DNS cache poisoning technique deemed ‘too dangerous’ | The Daily Swig
Facebook link preview feature used as a proxy in website-scraping scheme | ZDNet
FIN7 recruiter Andrii Kolpakov pleads guilty to role in global hacking scheme
Hackers can use just-fixed Intel bugs to install malicious firmware on PCs | Ars Technica
Citrix patches RCE flaw in SD-WAN Center that could lead to network takeover | The Daily Swig
Google patches two more Chrome zero-days | ZDNet
Chrome 87 released with fix for NAT Slipstream attacks, broader FTP deprecation | ZDNet