Risky Business #606 -- BEC nukes Australian hedge fund

PLUS: UK unveils Cyber Force, USA passes IoT security laws...
25 Nov 2020 » Risky Business

On this week’s show Patrick and Mark Piper discuss the week’s security news, including:

  • UK unveils Cyber Force
  • US passes surprisingly sane IoT security law
  • Symantec drops some APT10 research
  • MobileIron bugs getting a decent workout courtesy of state-backed attackers
  • Much, much more…

This week’s show is brought to you by ExtraHop Networks. Its VP of Security, Matt Cauthorn, joins the show this week to talk about how we might fare – technology wise – as COVID-19 cases spiral out of control in some parts of the world. With most of the heavy lifting on accelerated cloud adoption and work-from-home already done, Matt thinks the IT side of things is much better prepared for a second major pandemic-induced disruption than it was back in March.

Links to everything that we discussed are below and you can follow Patrick or Pipes on Twitter if that’s your thing.

Show notes

UK formally unveils GCHQ's offensive cyber-operation shop
After years of work, Congress passes 'internet of things' cybersecurity bill — and it's kind of a big deal
Symantec implicates APT10 in sweeping hacking campaign against Japanese firms
State-sponsored hackers try to exploit flaw in popular mobile software, UK warns
The malware that usually installs ransomware and you need to remove right away | ZDNet
Biotech research firm Miltenyi Biotec hit by ransomware, data leaked
Ransomware attack forces web hosting provider Managed.com to take servers offline | ZDNet
Hacker leaks the user data of event management app Peatix | ZDNet
Fake Zoom invite cripples Aussie hedge fund with $8m hit
Tradies frustrated by banks as business email scam costs them $51,000 - ABC News
Australia’s spy agencies caught collecting COVID-19 app data | TechCrunch
This Bluetooth Attack Can Steal a Tesla Model X in Minutes | WIRED
Baidu's Android apps caught collecting sensitive user details | ZDNet
Double-dipping scammers don't need malware to grab card numbers and turn a profit, report says
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services — Krebs on Security
Liquid crypto-exchange says hacker accessed internal network, stole user data | ZDNet
New WAPDropper malware abuses Android devices for WAP fraud | ZDNet
Google Is Testing End-to-End Encryption in Android Messages | WIRED
Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn | Ars Technica
A Facebook Messenger Flaw Could Have Let Hackers Listen In | WIRED
Cisco Webex bugs allow attackers to join meetings as ghost users | ZDNet
Exploitation of Cisco Security Manager RCE flaws ‘imminent’ | The Daily Swig
Minor controversy erupts over chained iOS exploit that harvests researchers’ crash dumps | The Daily Swig
Patrick Gray on Twitter: "Have a read of their security expert’s website. Seriously. Check out the services page: https://t.co/w5Nv9zeeWE https://t.co/F2bwzK9n8G" / Twitter
Office of National Intelligence - IT Systems Engineer