Risky Business #606 -- BEC nukes Australian hedge fund

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Mark Piper discuss the week’s security news, including:

  • UK unveils Cyber Force
  • US passes surprisingly sane IoT security law
  • Symantec drops some APT10 research
  • MobileIron bugs getting a decent workout courtesy of state-backed attackers
  • Much, much more…

This week’s show is brought to you by ExtraHop Networks. Its VP of Security, Matt Cauthorn, joins the show this week to talk about how we might fare – technology wise – as COVID-19 cases spiral out of control in some parts of the world. With most of the heavy lifting on accelerated cloud adoption and work-from-home already done, Matt thinks the IT side of things is much better prepared for a second major pandemic-induced disruption than it was back in March.

Links to everything that we discussed are below and you can follow Patrick or Pipes on Twitter if that’s your thing.

Risky Business #606 -- BEC nukes Australian hedge fund
0:00 / 0:00

Show notes

UK formally unveils GCHQ's offensive cyber-operation shop

After years of work, Congress passes 'internet of things' cybersecurity bill — and it's kind of a big deal

Symantec implicates APT10 in sweeping hacking campaign against Japanese firms

State-sponsored hackers try to exploit flaw in popular mobile software, UK warns

The malware that usually installs ransomware and you need to remove right away | ZDNet

Biotech research firm Miltenyi Biotec hit by ransomware, data leaked

Ransomware attack forces web hosting provider Managed.com to take servers offline | ZDNet

Hacker leaks the user data of event management app Peatix | ZDNet

Fake Zoom invite cripples Aussie hedge fund with $8m hit

Tradies frustrated by banks as business email scam costs them $51,000 - ABC News

Australia’s spy agencies caught collecting COVID-19 app data | TechCrunch

This Bluetooth Attack Can Steal a Tesla Model X in Minutes | WIRED

Baidu's Android apps caught collecting sensitive user details | ZDNet

Double-dipping scammers don't need malware to grab card numbers and turn a profit, report says

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services — Krebs on Security

Liquid crypto-exchange says hacker accessed internal network, stole user data | ZDNet

New WAPDropper malware abuses Android devices for WAP fraud | ZDNet

Google Is Testing End-to-End Encryption in Android Messages | WIRED

Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn | Ars Technica

A Facebook Messenger Flaw Could Have Let Hackers Listen In | WIRED

Cisco Webex bugs allow attackers to join meetings as ghost users | ZDNet

Exploitation of Cisco Security Manager RCE flaws ‘imminent’ | The Daily Swig

Minor controversy erupts over chained iOS exploit that harvests researchers’ crash dumps | The Daily Swig

Patrick Gray on Twitter: "Have a read of their security expert’s website. Seriously. Check out the services page: https://t.co/w5Nv9zeeWE https://t.co/F2bwzK9n8G" / Twitter

Office of National Intelligence - IT Systems Engineer