The network devices are revolting

The Risky Biz newsletter for July 7, 2020...

A critical, trivially exploitable vulnerability in the management interface of F5’s Big-IP devices is the latest in a string of nasty bugs in networking equipment critical to enterprise computing.

Like last year’s Citrix NetScaler and Pulse Secure vulnerabilities, this one is going to hurt.

Risky Biz Soap Box: No magic wand for business email compromise (BEC)

Proofpoint's Ryan Kalember talks BEC...

This edition of the Soap Box podcast is brought to you by Proofpoint.

Today’s guest is Proofpoint’s EVP of Cybersecurity Strategy, Ryan Kalember, and the topic is business email compromise, or BEC.

BEC is a big deal, generating billions of dollars in losses every year across basically all industry verticals and levels of government. Until recently, there haven’t been many technical controls that help to mitigate it.

Risky Business #590 -- REPOST: It turns out we're not SAML experts

A re-post of episode 590, minus the bum steer on the Palo Alto bug...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Inside the new American “e2ee busting” bill
  • Julian Assange hit with (another) superseding indictment
  • Trustwave uncovers sneaky Chinese accounting software backdoor
  • Much, much more…

This week’s show is brought to you by Okta. They are, of course, the identity and auth giant and one of the few sponsors we actually approached last year for 2020 because, well, they are very good at what they do. This week Marc will be joining us to talk about a privacy-related topic. The discussion is nuanced, but it’s basically about how the public perception of privacy risks has diverged from the reality/ Further, that the COVID-19 crisis and the advent of digital contact tracing apps have actually brought general concerns around digital privacy to the fore.

Decrypting America's new push for lawful interception

The Risky Biz newsletter for June 30, 2020...

Three US Senators have put forward a bill that apes the powers of the UK Investigatory Powers Act and Australia’s Assistance and Access Act, while omitting many of the (albeit weak) safeguards that protect that power from being abused.

The Lawful Access to Encrypted Data Act of 2020, introduced by Republican Senators Lindsay Graham, Tom Cotton and Marsha Blackburn, compels device manufacturers and digital service providers to provide access to user data when served with a warrant. It’s the Nike approach: Just do it!

Risky Business #589 -- Why Microsoft's steep E5 license pricing is a national security risk

How foreign intelligence services are leveraging malicious Azure apps...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Australia “under attack” - a wrap
  • Microsoft releases more security protections for E5 customers
  • US to introduce “anti encryption” bill
  • Shady encrypted phone company owned by the cops
  • NSA to offer filtered DNS services to defence industry
  • MORE

Feature podcast: Inside BellTrox's hacker-for-hire operation

Citizen Lab's John Scott-Railton joins the show...

Today we’re chatting with Citizen Lab Senior Researcher John Scott-Railton about the work they did investigating the Indian hacker-for-hire firm BellTrox.

For those of you who didn’t catch the news, The Citizen Lab, which operates out of the Munk School of Global Affairs at the University of Toronto, dropped a huge report a couple of weeks back that lays Belltrox’s operations bare. As you’ll hear this company attempted to hack tens of thousands of email accounts belonging to everyone from government officials to hedge fund managers and activists.

Risky Business #588 -- Catastrophic bugs to plague ICS for years

PLUS: GRU domains doxed by NSA, Facebook dropped 0day on online predator...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Facebook commissioned custom 0day to de-cloak child sex predator
  • IP stack bugs to plague IoT, ICS for years
  • Sandworm was doxxed by the NSA and hardly anyone noticed
  • Congress demands answers on 2015 Juniper NetScreen back door investigation
  • Amazon, Microsoft join moratorium on sale of facial recognition to police
  • Much, much more

Exclusive: Sandworm's Exim hacks reveal wider Russian activity

The Risky Biz newsletter for June 16, 2020...

Threat hunters studying the IoCs released in the NSA’s May 2020 advisory on recent Sandworm activity have used them to identify a large amount of infrastructure that looks custom-made to conduct credential phishing attacks against email and social media accounts used in Western countries.

Risky Biz Soap Box: A better way to provision access to production environments

Co-founder and CTO of strongDM, Justin McCarthy, pops in for a chat...

The Soap Box podcasts we run here at Risky.Biz are wholly sponsored affairs – everyone you hear in a soap box podcast, paid to be here.

The idea is vendors get to come on to the show and chat about their products, what their stuff does, the thinking behind it, so on and so on.

Today we’re hearing from Justin McCarthy of strongDM.

strongDM is a bit of a niche player – essentially what they do is make a product that provisions secure access to engineers who need to access various back end services.

Risky Business #586 -- Google TAGs Indian mercenaries

PLUS: Risky Biz editor Brett Winterford joins the show to talk incident response and legal privilege...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Google TAG implicates Indian hacker-for-hire outfits in espionage
  • NSA warns of Sandworm Exim exploitation
  • Huawei CFO extradition process to continue
  • Black lives matter
  • F–k police brutality

Sandworm tapping unpatched mail servers, Capital One forced to hand over IR reports, and more...

The Risky Biz newsletter for June 2, 2020...

The NSA warns that Sandworm, one of Russia’s most formidable offensive cyber operations, has been exploiting a known flaw in the Exim mail transfer agent (MTA) in attacks for at least 10 months. Sandworm - part of Russia’s GRU intelligence unit - were fingered for NotPetya and crippling wiper attacks on Ukraine’s power grid. You don’t want these guys up in your business.

Surprise Capital One court decision spells trouble for incident response

Security incident? Prepare to be surrounded by even more lawyers than usual...

When litigants suing Capital One sought a forensic incident response report into its 2019 data breach, the bank played a reliable card: the report was commissioned by its outside law firm, and therefore subject to attorney-client privilege.

In a surprising move, this week a US District Court rejected the bank’s claim to privilege and demanded the document be handed over, in what appears to set an unsettling precedent.

Feature Podcast: Releasing the hounds with Bobby Chesney

PLUS: Mieke Eoyang talks cybercrime enforcement...

Regular listeners to the podcast would know that for the last year or so, my cohost Adam Boileau and I have been talking a lot about how governments might involve non law enforcement agencies in a response to the big game ransomware epidemic. To discuss that, we’re joined by Bobby Chesney, the co-founder of the Lawfare blog and a very highly respected figure in US national security circles.

UK changes course on Huawei

The Risky Biz newsletter for April 27, 2020...

The United Kingdom is pulling together a plan to remove Huawei from its mobile networks within the next three years, following the lead of Australia and the United States.

Risky Business #585 -- UK mulls Huawei ban, NGOs urge COVID-19 hack de-escalation

PLUS: German authorities warn of Russian infrastructure attacks...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • German intelligence warns of widespread Russian infrastructure hacks
  • NGOs urge COVID-19 hack de-escalation
  • UK mulls total Huawei ban… we think it’s a done deal
  • DHS warning on 5G “moronavirus”
  • Wen jailbreak? NOW JAILBREAK
  • iOS 14 leaks
  • Much, much more…