Risky Business #608 -- FireEye discloses breach and tool exfil

The last edition of the show for the year...
09 Dec 2020 » Risky Business

On this week’s show Patrick and Adam Boileau discuss the week’s security news, including:

  • FireEye’s Very Bad Week
  • Russian bears all up in your VMwares
  • Chris Krebs sues Trump campaign
  • Foxconn ransomware
  • So much more

Proofpoint’s Ryan Kalember is this week’s sponsor guest. He joins the show to talk about their rather different approach to DLP and insider threat detection. You may have noticed we don’t really talk about DLP a whole bunch on this show because it’s, well, really boring. But Proofpoint actually has an interesting approach to the problem that’s different enough to be interesting, so do stick around for that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

U.S. cybersecurity firm FireEye discloses breach, theft of hacking tools | Reuters
NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability | ZDNet
Former CISA director Chris Krebs sues Trump campaign, lawyer after death threats
Foxconn electronics giant hit by ransomware, $34 million ransom
Ransomware attack may delay scheduled procedures at Baltimore-area medical center
Ransomware attack cripples Vancouver public transportation agency | ZDNet
Ransomware hits helicopter maker Kopter | ZDNet
Ransomware gang Egregor publishes details from HR firm Randstand following hack
Ransomware gangs are now cold-calling victims if they restore from backups without paying | ZDNet
The Internet’s Most Notorious Botnet Has an Alarming New Trick | WIRED
Hackers leak data from Embraer, world's third-largest airplane maker | ZDNet
Data of 243 million Brazilians exposed online via website source code | ZDNet
North Korean hackers ramp up coronavirus vaccine targeting
Johnson & Johnson CISO: Healthcare orgs are seeing nation-state attacks every single minute of every single day | ZDNet
Hackers Are Targeting the Covid-19 Vaccine ‘Cold Chain’ | WIRED
Disputed bug in Microsoft Teams posed RCE risk, researcher warns | The Daily Swig
iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever | Ars Technica
Critical Flaws in Millions of IoT Devices May Never Get Fixed | WIRED
8% of all Google Play apps vulnerable to old security bug | ZDNet
A Broken Piece of Internet Backbone Might Finally Get Fixed | WIRED
Meet ODoH, where privacy means just not knowing anything
BTC-e founder sentenced to five years in prison for laundering ransomware funds | ZDNet
Hacker who sent information on US personnel to Islamic State is freed by judge
Kazakhstan government is intercepting HTTPS traffic in its capital | ZDNet
Dell announces new protections for its PC and server supply chain | ZDNet
Massachusetts lawmakers vote to pass a statewide police ban on facial recognition | TechCrunch
Account Hijacking Site OGUsers Hacked, Again — Krebs on Security
Russian bears all up in your VMwares - Risky Business
Hacker opens 2,732 PickPoint package lockers across Moscow | ZDNet