Risky Business #607 -- Trump lawyer calls for Krebs' execution, ransomware insurance getting wobbly

PLUS: OceanLotus masquerading as Monero-mining skiddies...
02 Dec 2020 » Risky Business

On this week’s show Patrick and Adam Boileau discuss the week’s security news, including:

  • ORIGINAL: Ransomware insurance payouts are looking pretty unsustainable
  • Trump lawyer calls for Chris Krebs’ execution
  • Hunger relief charity loses $1m to BEC
  • Supreme court weighs CFAA
  • Much, much more!

This week’s sponsor interview is with Marc Rogers, Okta’s Executive Director of Cybersecurity. Marc is also heavily involved with the CTI League, a group of infosec professionals who banded together early this year to try to do some good. They’re cyber do gooders! They’ve chalked up some wins and helped out a bunch of organisations, and in the process Marc and his compadres have also been well positioned to observe changes in the ransomware landscape. He joins us in this week’s sponsor interview to talk through that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Ransom payouts spell trouble for insurers - Risky Business
Patients of a Vermont Hospital Are Left ‘in the Dark’ After a Cyberattack - The New York Times
It's hard to keep a big botnet down: TrickBot sputters back toward full health
(4) Chris Bing on Twitter: "It's insane for a lawyer of the President to casually mention that a former government official should be killed. And then doubly insane to see no broad condemnation from republican lawmakers." / Twitter
Researchers Find Powerful Cellphone Location Surveillance in Europe, Middle East, Australia
Microsoft links Vietnamese state hackers to crypto-mining malware campaign | ZDNet
MacOS backdoor appears to be update of tool previously used by Vietnam-linked group
Philly hunger relief group Philabundance lost nearly $1 million in cyberattack
FBI warns of email forwarding rules being abused in recent hacks | ZDNet
Three members of TMT cybercrime group arrested in Nigeria | ZDNet
Supreme Court considers scope of federal anti-hacking law in biggest cyber case to date
Google security researcher banned from Call of Duty: Modern Warfare after ‘reverse engineering networking code’ | The Daily Swig
Getting Banned for Security Research | nedwill’s security blog
Bug Allowed Hackers to Get Anyone’s Email Address on Xbox Live
Malicious npm packages caught installing remote access trojans | ZDNet
Drupal inherits critical file archiving library flaw | The Daily Swig
2FA bypass discovered in web hosting software cPanel | ZDNet
Microsoft removes 18 malicious Edge extensions for injecting ads into web pages | ZDNet
Global Volunteer Cyberthreat Community-CERT | CTI League