Risky Business #707 -- Inside China's information lockdown with Chris Krebs

PLUS: Germans charge Finfisher execs, FBI busted abusing 702 access...
24 May 2023 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • Germans charge FinFisher executives
  • The got FBI busted misusing 702 data
  • Special guest Chris Krebs talks China, new CISA mandates and more
  • New research breaks Android fingerprint auth
  • Much, much more

This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Congress looks to expand CISA's role, adding responsibilities for satellites and open source software | CyberScoop
Biden nominates Lt. Gen. Timothy Haugh for top position at NSA, Cyber Command
Unsere Strafanzeige: Staatsanwaltschaft erhebt Anklage gegen FinFisher
The Real Risks in Google’s New .Zip and .Mov Domains | WIRED
FBI misused controversial surveillance tool to investigate Jan. 6 protesters
Suspicion stalks Genesis Market’s competitors following FBI takedown
Crimephones Are a Cop's Best Friend - by Tom Uren
The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED
Some Of Russia’s Most Dangerous Cybercriminals Just Had Their Malware Dealer Unmasked
Shifting tactics fuel surge in Business Email Compromise
Treasury Department sanctions entities tied to North Korean IT scams, hacking | CyberScoop
Chinese Labs Are Selling Fentanyl Ingredients for Millions in Crypto | WIRED
Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption | WIRED
Here’s how long it takes new BrutePrint attack to unlock 10 different smartphones | Ars Technica
It took 48 hours, but the mystery of the mass Asus router outage is solved | Ars Technica
Popular Android TV boxes sold on Amazon are laced with malware | TechCrunch
Teen hacker charged in scheme to siphon funds from sports betting accounts
Researchers tie FIN7 cybercrime family to Clop ransomware
German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack
Dallas courts still closed 2 weeks post-ransomware attack | Cybersecurity Dive
Health insurer says patients’ information was stolen in ransomware attack
Patients angered after Oklahoma allergy clinic blames cyberattack for shutdown
UK steel industry supplier Vesuvius says ‘cyber incident’ cost £3.5 million
Researchers infiltrate Qilin ransomware group, finding lucrative affiliate payouts
A different kind of ransomware demand: Donate to charity to get your data back | CyberScoop
Joe Tidy on Twitter: "A bizarre one from Reading courts - an IT Security worker pleads guilty to piggy-backing off a cyber attack against his own firm. Liles switched the ransom payment details to his own Bitcoin wallet and changed the hacker's email to secretly apply pressured on bosses to pay up. https://t.co/Ze4yAJA6vM" / Twitter
ChatGPT Scams Are Infiltrating Apple's App Store and Google Play | WIRED