Newsletters

Cybercrime gang FIN7 has added some old school tools to its arsenal - sending US targets malware-infected USB keys in the post. Expect the FBI’s warning on the subject to feature in future Powerpoint pitches for USB lockdowns. Is it now time to start including USB drops in the pen test scope again?

Ransomware source code unleashed: Researchers have noted that the source code for Dharma ransomware - which extorted at least US$24 million from victims last year alone - is for sale online for US$2k. Variants of Dharma already abound, but there’s naturally concern for how many bad actors might have it now.

Hot Plastic - Attackers installed a web skimmer to steal customer credit card details from the Tupperware website last week. Tupperware didn’t respond to warnings from security researchers for five days, but removed the code once ZDNet journalist Catalin Cimpanu published a story.

Lawmakers have asked US tech companies to contribute data to help health authorities monitor quarantine compliance and trace recent contacts of people infected with coronavirus.

As authorities the world over rush to flatten the curve of coronavirus infections, even the most diehard privacy advocates are exhibiting a willingness to temporarily let civil liberties slide in the name of saving lives.

You might be surprised by which of our regular Risky.Biz contributors said as much when we hosted a livestream discussion on cell phone tracking earlier today - which featured Dmitri Alperovitch, Adam Boileau, Patrick Gray and Alex Stamos.

Welcome to the first edition of Seriously Risky Business, your weekly batch of the big stories shaping cyber policy, curated by Brett Winterford.

Feedback welcome at editorial@risky.biz

If we hoped ransomware gangs would give hospitals a reprieve during a global health epidemic, prepare to be disappointed. Local Czech media reports that the University Hospital in Brno - the country’s second-largest - had to shut down and isolate systems and re-route some patients to counter a ransomware infection.

Welcome to the pilot edition of Seriously Risky Business, your weekly batch of the big stories shaping cyber policy, curated by Brett Winterford.

Feedback welcome at editorial@risky.biz

US Attorneys failed to convince a jury that former CIA exploit developer Josh Schulte dumped an archive about the agency’s offensive cyber weapons program to Wikileaks (the ‘Vault 7’ leaks).