Cover image of Risky Business
(225)

Rank #117 in Technology category

Technology
News
Tech News

Risky Business

Updated 3 days ago

Rank #117 in Technology category

Technology
News
Tech News
Read more

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Read more

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

iTunes Ratings

225 Ratings
Average Ratings
198
9
4
4
10

Most

By securityatty - Jan 11 2019
Read more
Not just the best security podcast, the most security podcast

Great podcast!

By smd-IN girl - Jun 05 2018
Read more
Great podcast! I look forward to listening to it every week.

iTunes Ratings

225 Ratings
Average Ratings
198
9
4
4
10

Most

By securityatty - Jan 11 2019
Read more
Not just the best security podcast, the most security podcast

Great podcast!

By smd-IN girl - Jun 05 2018
Read more
Great podcast! I look forward to listening to it every week.

Listen to:

Cover image of Risky Business

Risky Business

Updated 3 days ago

Read more

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Risky Business #563 -- Phineas Phisher returns

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Phineas Phisher returns, claims credit for Cayman bank hack and offers bounties for activist hijinks
  • Microsoft cautiously backs DoH
  • Huawei granted another 90-day stay of execution in US market
  • Iranian APT crew targeting ICS supply chain
  • Alexei Burkov extradition complete, appears in US court
  • Some very funny stuff is happening to GPS in the Shanghai area
  • Louisiana government ransomwared, emerges relatively unscathed
  • Official Monero binaries trojaned. Lol.
  • Much, much more!

This week’s show is brought to you by Senetas. Rob Linton from Senetas joins the show this week to talk about its O365 integration for its SureDrop product, a new feature that will be of interest to many Risky Business listeners.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies - VICE Offshore Bank Targeted By Phineas Fisher Confirms it Was Hacked - VICE Microsoft says yes to future encrypted DNS requests in Windows | Ars Technica Exclusive: U.S. manufacturing group hacked by China as trade talks intensified - sources - Reuters US grants Huawei new 90-day license extension Iran’s APT33 Hackers Are Targeting Industrial Control Systems | WIRED How Iran's Government Shut Off the Internet | WIRED Why Were the Russians So Set Against This Hacker Being Extradited? — Krebs on Security Russia Fails to Stop Alleged Hacker From Facing US Charges | WIRED Ghost ships, crop circles, and soft gold: A GPS mystery in Shanghai - MIT Technology Review Ransomware hits Louisiana state government systems | ZDNet Ransomware Bites 400 Veterinary Hospitals — Krebs on Security Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware' | ZDNet Official Monero website compromised with malware that steals funds | ZDNet Anonymous hacker gets a whopping six years in prison for some lame DDoS attacks | ZDNet DDoS-for-Hire Boss Gets 13 Months Jail Time — Krebs on Security US student was allegedly building a custom Gentoo Linux distro for ISIS | ZDNet 20-year-old Chicago man charged with writing code to spread ISIS propaganda The Dark Overlord hacking suspect who's fighting extradition to the U.S. is running out of options Citing security concerns, senators call on White House to appoint coordinator for 5G issues Burglars Really Do Use Bluetooth Scanners to Find Laptops and Phones | WIRED LA warns of ‘juice-jacking’ malware, but admits it has no cases | TechCrunch Someone is using the 'Cozy Bear' moniker to scare DDoS victims into bitcoin payments 146 New Vulnerabilities All Come Preinstalled on Android Phones | WIRED As iOS vulnerabilities emerge, a new app promises to detect hacked iPhones GitHub launches 'Security Lab' to help secure open source ecosystem | ZDNet Google Chrome experiment crashes browser tabs, impacts companies worldwide | ZDNet Chrome, Edge, Safari hacked at elite Chinese hacking contest | ZDNet Company discovered it was hacked after a server ran out of free space | ZDNet TPM-FAIL vulnerabilities impact TPM chips in desktops, laptops, servers | ZDNet How a turf war and a botched contract landed 2 pentesters in Iowa jail | Ars Technica What Happens When You Remove a Police-Installed GPS Tracker | WIRED Password SUREDROP

Nov 21 2019

Play

Risky Business #562 -- Two former Twitter staff charged over Saudi spying

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Two ex Twitter employees charged with spying for KSA
  • US border device searches now require suspicion after ACLU win
  • Unredacted Corellium lawsuit response drops
  • Ransomware attacks on hospitals increase mortality
  • Much, much more!

This week’s sponsor interview is with Stephan Chenette, the co-founder and CTO of AttackIQ. We talk to him about some CSOs playing Pokemon Go with MITRE ATT&CK (“Gotta catch ‘em all!”) and about recent ATT&CK developments.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Twitter Insiders Allegedly Spied for Saudi Arabia | WIRED Former Trend Micro employee enabled scam calls by stealing customers' personal data Federal Court Rules Suspicionless Searches of Travelers’ Phones and Laptops Unconstitutional | American Civil Liberties Union Corellium claims Apple sued it after acquisition talks fell through U.K.’s Labour Party ‘Hit By Large Cyberattack’ A Month Before Election Cyber Command flags North Korean-linked hackers behind ongoing financial heists Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks — Krebs on Security As 5G Rolls Out, Troubling New Security Flaws Emerge | WIRED DNS-over-HTTPS will eventually roll out in all major browsers, despite ISP opposition | ZDNet Phones and PCs sold in Russia will have to come pre-installed with Russian apps | ZDNet Capital One replaces security chief after data breach | TechCrunch One of the world’s most advanced hacking groups debuts new Titanium backdoor | Ars Technica Facebook Portal survives Pwn2Own hacking contest, Amazon Echo got hacked | ZDNet Between 200,000 and 240,000 Magento online stores will reach EOL next year | ZDNet Major ASP.NET hosting provider infected by ransomware | ZDNet Mysterious hacker dumps database of infamous IronMarch neo-nazi forum | ZDNet Breaking the law: How 8chan (or “8kun”) got (briefly) back online | Ars Technica Microsoft's Rust experiments are going well, but some features are missing | ZDNet Further enhancing security from Microsoft, not just for Microsoft Microsoft to apply California's privacy law for all US users | ZDNet 'Chronicle Is Dead and Google Killed It' - VICE Google Enlists Outside Help to Clean Up Android's Malware Mess | WIRED Manual code review finds 35 vulnerabilities in 8 enclave SDKs | ZDNet Amid NSA warning, attacks on Confluence have risen in recent weeks Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash | Ars Technica Intel Fixes a Security Flaw It Said Was Repaired 6 Months Ago - The New York Times Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings | WIRED Influencers Pay Thousands to Get Back Into Their Hacked Instagram Accounts - VICE

Nov 13 2019

Play

Risky Business #559 -- Maybe it was the Israelis hacking the Russians to masquerade as Iranians?

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Fresh details on Turla’s hostile takeover of Oilrig
  • Russians doing very interesting things with “tagged” TLS
  • China wants an aerospace sector so a lot of people got a lot of owned
  • Imperva releases breach details
  • Zendesk cops to 2016 breach
  • German manufacturer, US transport tech company sunk by ransomware
  • NordVPN gets owned
  • AVAST owned. Lots. Again.
  • Welcome to Video takedown
  • Much, much more

This week’s show is brought to you by Trail of Bits! We’ll be hearing from Trail of Bits practice lead for assurance Stefan Edwards all about their work on a recent security audit of Kubernetes. As it turns out, Kubernetes isn’t actually a horror show, but Stefan thinks you might want to run a hosted instance unless you’re a real expert.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Hacking the hackers: Russian group hijacked Iranian spying operation, officials say - Reuters
Russian hacker group patches Chrome and Firefox to fingerprint TLS traffic | ZDNet
Building China's Comac C919 airplane involved a lot of hacking, report says | ZDNet
Imperva blames data breach on stolen AWS API key | ZDNet
Zendesk discloses 2016 data breach | ZDNet
Major German manufacturer still down a week after getting hit by ransomware | ZDNet
NordVPN admits 'isolated' data breach was discovered last year
Antivirus Giant Avast Hacked By Spies Who Stole Its Passwords
How a Bitcoin Trail Led to a Massive Dark Web Child-Porn Site Takedown | WIRED
Inside the shutdown of the ‘world’s largest’ child sex abuse website | TechCrunch
Hacking 20 high-profile dev accounts could compromise half of the npm ecosystem | ZDNet
US claims cyber strike on Iran after attack on Saudi oil facility | Ars Technica
Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say
Planting Tiny Spy Chips in Hardware Can Cost as Little as $200 | WIRED
Microsoft's Secured-Core PC Feature Protects Critical Code | WIRED
White-hat hacks Muhstik ransomware gang and releases decryption keys | ZDNet
EA to give users a free month of Origin Access if they enable 2FA | ZDNet
Google finds Android zero-day impacting Pixel, Samsung, Huawei, Xiaomi devices | ZDNet
FBI warns of major ransomware attacks as criminals go “big-game hunting” | Ars Technica
Why are cyber insurers incentivizing clients to invest in specific vendors?
Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities
Trump administration looks to throttle Chinese surveillance companies’ business with U.S.
Magecart strikes more than 2 million websites as more groups get involved
Shipping giant Pitney Bowes hit by ransomware | TechCrunch
Apple Mac Hack Warning: North Korea Uses Fake Cryptocurrency Companies To Break Into macOS
Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC - VICE
Intel proposes new SAPM memory type to protect against Spectre-like attacks | ZDNet
Unpatched Linux bug may open devices to serious attacks over Wi-Fi | Ars Technica
Samsung, Google acknowledge flaws in phone-unlocking biometric tools
Rethinking Encryption - Lawfare
A million people are jailed at China's gulags. I managed to escape. Here's what really goes on inside - World News - Haaretz.com
GitHub - lojikil/kubectlfish: Slides from my OWASP AppSec Global DC 2019 talk
audit-kubernetes/reports at master · trailofbits/audit-kubernetes · GitHub
Trail of Bits

Oct 23 2019

Play

Risky Business #561 -- Report: NSO exploits used against politicians, senior military targets

Podcast cover
Read more

On this week’s show Patrick Gray and Mark Piper discuss all the week’s security news, including:

  • NSO Group malware turning up in some unexpected places
  • Bluekeep mass exploitation finally begins
  • Owning smart home devices with friggin’ lasers
  • Two plead guilty to hacks on Lynda.com, Uber
  • Imperva CEO departs following breach
  • TLS Delegated Credentials sound like A VERY GOOD IDEA
  • Cybercommand heads to Montenegro
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Haroon Meer and Adrian Sanabria from Thinkst recently did a keynote talk at the Virus Bulletin conference in London. Titled “The Security Products We Deserve,” it’s a stinging critique of the security product lifecycle. VC firms keeping stupid ideas alive, analyst firms being parasites, vendors not doing security testing on their equipment and so much more. We’ll be talking to Haroon Meer about that keynote in this week’s sponsor interview, which will run after this week’s news segment.

Links to everything are below.

Show notes

Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources - Reuters Snooping row: Priyanka Gandhi's WhatsApp also targeted, claims Congress | India News - Times of India WhatsApp's Case Against NSO Group Hinges on a Tricky Legal Argument | WIRED Facebook deletes the accounts of NSO Group workers | Ars Technica The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic | WIRED Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home | WIRED 2 Plead Guilty in 2016 Uber and Lynda.com Hacks - The New York Times Imperva planned to keep its CEO through a merger. Two months after a breach, he’s out. Facebook, Mozilla, and Cloudflare announce new TLS Delegated Credentials standard | ZDNet Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections Election security drill pits red-team hackers against DHS, FBI and police The count of managed service providers getting hit with ransomware mounts | Ars Technica Japanese media giant Nikkei says $29 million lost in BEC scam An inside look at WP-VCD, today's largest WordPress hacking operation | ZDNet Chinese hackers developed malware to steal SMS messages from telco's network | ZDNet Thousands of QNAP NAS devices have been infected with the QSnatch malware | ZDNet Utah renewables company was hit by rare cyberattack in March Ubisoft reports 93% drop in DDoS attacks after pushing back against attackers | ZDNet Breaches at NetworkSolutions, Register.com, and Web.com — Krebs on Security How would MITRE’s popular cyberattack framework apply to industrial control systems? Google Is Helping Design an Open Source, Ultra-Secure Chip | WIRED Alleged Capital One hacker Paige Thompson to be released before trial Huawei calls hackers to Munich for secret bug bounty meeting | TechCrunch GitLab considers ban on new hires in China and Russia due to espionage fears | ZDNet Keynote address: The security products we deserve - YouTube

Nov 06 2019

Play

Risky Business #560 -- Facebook sues NSO Group

Podcast cover
Read more

On this week’s show Patrick and gust co-host Alex Stamos discuss the week’s security news, including:

  • Facebook files suit against NSO Group
  • Corellium responds to Apple suit
  • Indian nuclear power plant administrative network likely attacked by DPRK
  • Mass defacement in Georgia. Old schooooool!
  • Fancy Bear targets 2020 Olympics
  • FCC proposes subsidies for telcos to rip and replace Huawei, ZTE equipment
  • City of Johannesburg data held to ransom, but it’s not ransomware
  • Much, much more

This week’s sponsor interview is with Jake King of CMD Security. The topic is applying the MITRE ATT&CK framework

Links to everything that we discussed are below and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes

Will Cathcart - Why WhatsApp is pushing back on NSO Group hacking - The Washington Post Facebook sues NSO Group for alleged WhatsApp hack - CyberScoop Exclusive: A ‘Magic’ iPhone Hacking Startup Bites Back At Apple Lawyers — And Demands $300,000 iPhone Emulation Company Sued by Apple Says It's Making iPhones Safer - VICE (9) Sandhya Sharma on Twitter: "GOI denies reports of #CyberAttack on #kudankulam nuclear power plant and other Indian nuclear power plants control systems. Said they are stand alone not connected to outside cyber network and internet. “Any cyber attack on the Nuclear Power Plant Control System is not possible” https://t.co/o5bUmUKHqp" / Twitter Indian nuke plant’s network reportedly hit by malware tied to N. Korea | Ars Technica Indian Nuclear Power Facility Denies Unverified Reports of a Cyber Attack – The Diplomat Largest cyber-attack in Georgia's history linked to hacked web hosting provider | ZDNet Fancy Bear hackers targeted at least 16 athletic organizations ahead of Tokyo Olympics Inside Olympic Destroyer, the Most Deceptive Hack in History | WIRED FCC proposes rules requiring telcos remove Huawei, ZTE equipment | TechCrunch City of Johannesburg held for ransom by hacker gang | ZDNet Vietnamese student behind Android adware strain that infected millions | ZDNet NSA: 'We know we need to do some work' on declassifying threat intel Why did Cyber Command back off its recent plans to call out North Korean hacking? Sens. Warren, Wyden want to know if Amazon shares some blame for the Capital One breach White House kicks infosec team to curb in IT office shakeup | Ars Technica DHS is mulling an order that would force agencies to set up vulnerability disclosure programs Congress Still Doesn't Have an Answer for Ransomware | WIRED Most system administrators prefer firewall GUIs over CLIs | ZDNet Australian House Committee to look into age verification for porn | ZDNet Monash University partners with Chinese state firm linked to industrial espionage Storage Wars star's parents' garage was raided by Feds for top-secret spy equipment | Daily Mail Online Cmd – Protect your Linux servers, proactively

Oct 30 2019

Play

Risky Business #558 -- Trump targets Crowdstrike, Apple jailbreakers rejoice

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Apple jailbreakers partying in the streets
  • Donald Trump targets Crowdstrike over 4chan conspiracy nonsense
  • Ransomware absolutely everywhere this week
  • Horror-show VxWorks bugs are popping up in other stacks
  • OnApp fixes mother of all misconfigurations
  • More SIM card issues
  • Much, much more

In this week’s sponsor interview we chat with Mr Sandbox himself, VMRay’s Carsten Willems. He’s along to talk about VMRay’s involvement in a machine-learning bypass competition that happened at DEFCON earlier this year.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval | WIRED No, it wasn’t a virus; it was Chrome that stopped Macs from booting | Ars Technica How Trump’s Ukraine Mess Entangled CrowdStrike | WIRED Trump Was Repeatedly Warned That Ukraine Conspiracy Theory Was ‘Completely Debunked’ - The New York Times Evan McMurry on Twitter: "NEW: Tom Bossert on Pres. Trump's Crowdstrike reference on Ukraine call: "It's not only a conspiracy theory, it is completely debunked... "I am deeply frustrated with what [Rudy Giuliani] and the legal team is doing in repeating that debunked theory to the president." https://t.co/o1lcVI31u8" / Twitter Trump Still Doesn't Believe Russia Hacked the 2016 Election | WIRED Trump told Russian officials in 2017 he wasn’t concerned about Moscow’s interference in U.S. election - The Washington Post Airbus hit by series of cyber attacks on suppliers U.S. Steps Up Scrutiny of Airplane Cybersecurity - WSJ Ransomware forces 3 hospitals to turn away all but the most critical patients | Ars Technica Surgeries delayed and patient security fears after cyber attack on Victorian hospitals Wood Ranch Medical Announces Permanent Closure Due to Ransomware Attack Malware infection disrupts production at defence contractor plants in three countries | ZDNet Over 500 US schools were hit by ransomware in 2019 | ZDNet Ransomware incident to cost Danish company a whopping $95 million | ZDNet Decades-Old Code Is Putting Millions of Critical Devices at Risk | WIRED Thousands of Cloud Computing Servers Could Be Owned With 'Very Simple' Attack, Researchers Say - VICE California's new labor law is going to impact bug bounty companies. By how much is unknown. Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold - VICE New SIM card attack disclosed, similar to Simjacker | ZDNet German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting — Krebs on Security Cloudflare, Google Chrome, and Firefox add HTTP/3 support | ZDNet Microsoft bans 38 file extensions in Outlook for the Web | ZDNet AT&T redirected pen-test payloads to the FBI's Tips portal | ZDNet Azure Sentinel, Microsoft's cloud-based SIEM, hits general availability | ZDNet Microsoft will now encrypt new SSDs with BitLocker | TechRadar High-severity vulnerability in vBulletin is being actively exploited | Ars Technica Cybersecurity giant Comodo can’t even keep its own website secure | TechCrunch Threesome Blowjob Scene on Giant Highway Billboard Could Have Caused an Accident, Police Say - VICE Porn on the big screen in central Auckland: Asics video monitor hacked - NZ Herald Yahoo Engineer Used Insider Access to Get Private Photos of Women - VICE Landmark White data beach: Sydney IT contractor arrested after high-profile cyber attack Home - MLSEC VMRay | Malware Analysis Tools | Malware Sandbox Solutions

Oct 02 2019

Play

Feature Podcast: Critical infrastructure security with Eric Rosenbach and Robert M Lee

Podcast cover
Read more

This podcast is brought to you by the William and Flora Hewlett Foundation, and it’s the second in a series of podcasts we’re doing that are all about cyber policy.

The Foundation funds a lot of interesting people and work in the cybersecurity space. So the idea behind this podcast series is pretty simple: we talk to Hewlett’s grant recipients, or experts in Hewlett’s network, about pressing policy issues and turn those conversations into podcasts. The whole idea is to get some policy perspectives out there among the Risky Business audience, which, funnily enough, includes a lot of policymakers.

This podcast features both Eric Rosenbach and Robert M Lee talking about ICS security.

Eric is the co-director of the Belfer Center for Science and International Affairs at the Harvard Kennedy School. He also heads the Defending Digital Democracy project there. Eric has a very long and somewhat fascinating resume. As United States Assistant Secretary of Defense he led the US Defense Department’s efforts to counter cyberattacks by Iran and North Korea on US critical infrastructure. He’s also worked as a Chief Security Officer in the private sector and served as Pentagon chief of staff from 2015-2017.

Robert M Lee is the founder of Dragos Inc, a very well known company in the ICS/OT security space. Rob started out in infosec with the US Air Force as a Cyber Warfare Operations Officer tasked to the NSA, but as you’ll hear, Rob is actually pretty optimistic about the ICT/OT security challenge.

Oct 31 2019

Play

Snake Oilers 10 part 2: Do too many users have VPN access to your prod environment? There's another way!

Podcast cover
Read more

In this edition of Snake Oilers Patrick speaks to:

  • Justin McCarthy of StrongDM

StrongDM makes a protocol proxy that you can use to provision production services (like Kubernetes and SQL access) to users without them requiring full VPN access to prod. This is very cool stuff, if you manage a large prod environment that’s suffering from VPN sprawl you’ll want to check this one out.

  • Nicholas Davis of Rapid7

Nicholas is the senior technical product manager for InsightIDR. InsightIDR is a SIEM/EDR play that integrates a bunch of stuff. These days Rapid7 is really emphasising the holistic nature of InsightIDR, rather than the endpoint part, and Nicholas joins the show to talk about that.

  • Preston Hogue of F5 Networks

F5 Networks recently acquired NGINX as a part of a push to become cloud-relevant. Their strategy is to allow for F5 security smarts to be inserted basically anywhere and anyhow you want. Preston joins the show to talk about that!

Links to our Snake Oilers sponsors are below!

Show notes

strongDM Free Trial: The Infrastructure Access API InsightIDR Free Trial: The SIEM You've Always Wanted Build and deploy scalable, high-performing, and secure apps. | F5

Oct 09 2019

Play

Risky Biz Soap Box: Capsule8 chief scientist Brandon Edwards

Podcast cover
Read more

The Soap Box podcast is a wholly sponsored podcast series we do here at Risky.biz, which means everyone you hear on it paid to appear.

This edition of the Soap Box is brought to you by Capsule8.

It’s taken a long time, but over the last couple of years we’ve seen a meaningful Linux security software market emerge. It makes sense, I guess, considering the modern production environment is all glued together from various Linux systems. So, we’re seeing some interesting approaches to the Linux security challenge pop up.

Capsule8 makes detection and visibility software for Linux. You can use it to spot various types of funny behaviour on your Linux systems. Brandon Edwards is Capsule8’s chief scientist and he is our guest today.

We speak about a few things, but primarily this conversation centres on the fact that modern production environments have become so complex it’s almost impossible to comprehend how they work. We’ve lost insight, and we’ve even lost the ability to understand how individual security flaws can impact our wider production environments.

So we’re going to talk about complexity in modern production environments, and then we’ll talk a bit about Capsule8’s approach to the Linux security challenge. Enjoy!

Nov 07 2019

Play

Risky Biz Soap Box: MITRE ATT&CK framework is now officially everywhere

Podcast cover
Read more

The Soap Box podcast series is a fully sponsored podcast series we do here at Risky.Biz, and that means that everyone you hear in it paid to be featured.

This edition of the Soap Box podcast is brought to you by AttackIQ and in in it we talk to its CISO and VP of customer success Chris Kennedy. And we’ll be discussing a topic of that frankly should be talked about a bit more: the MITRE ATT&CK framework.

We also talk about attack simulation and which security controls are most commonly and catastrophically misconfigured. If you’re a CISO you’ll like this one.

Show notes

More Security Endpoint Tech Isn't Always Better | Decipher AttackIQ Platform, continuous validation of your security control.

Sep 05 2019

Play

Risky Business #566 -- Balkanisation, ransomware, comedy bugs close out the decade

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • China to ditch foreign hardware, software, from government use
  • Huawei sues FCC
  • More background on Project Raven
  • Senate hearings into encryption
  • Reddit fingers alleged RU disinfo campaign
  • “Evil Corp” hackers have lots of money, terrible taste
  • Ransomware attacks galore
  • Much, much more

This week’s sponsor interview is with Haroon Meer of Thinkst Canary. And we’re going to do the typical thing and have a look forward to what we can expect to see in security next year. But we’re going less for the big, dumb predictions and more picking the trends we expect to strengthen over the next year.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Chinese government to replace foreign hardware and software within three years | ZDNet Russia to invest $31 million in a local Wikipedia clone | ZDNet Huawei sues FCC for icing U.S. business, claiming a lack of evidence Made in America Facebook intends to implement end-to-end encryption despite DOJ pressure U.S. senators threaten Facebook, Apple with encryption regulation - Reuters Patrick Gray on Twitter: "So Apple has issued a DMCA takedown on a Tweet that disclosed a key that could be used to decrypt 64 bit SEP. Apple's approach to security researchers feels a little bit like this scene from Mars Attacks lately... https://t.co/rJPE5L8OP5" / Twitter Reddit links leak of US-UK trade documents to Russian influence campaign | ZDNet Alleged Russian Hacker Behind $100 Million Evil Corp Indicted | WIRED BMW and Hyundai hacked by Vietnamese hackers, report claims | ZDNet Ransomware at Colorado IT Provider Affects 100+ Dental Offices — Krebs on Security Pensacola cyber attack: Officials not sure if personal data was exposed Ransomware attack hits major US data center provider | ZDNet 20 VPS providers to shut down on Monday, giving customers two days to save their data | ZDNet Keybase moves to stop onslaught of spammers on encrypted message platform | Ars Technica Scammers dupe Chinese venture capitalists out of $1 million with the 'ultimate' BEC heist Facebook sues Chinese malware operator for abusing its ad platform | ZDNet Exclusive: A Facebook Employee Accepted Bribes From A Scammer To Reactivate Banned Ad Accounts Google Chrome Will Now Warn You If Your Web Passwords Have Been Stolen Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sells Your Web Habits. Two malicious Python libraries caught stealing SSH and GPG keys | ZDNet Snatch ransomware reboots PCs in Windows Safe Mode to bypass antivirus apps | ZDNet HackerOne breach lets outside hacker read customers’ private bug reports | Ars Technica Hackers Can Mess With Voltages to Steal Intel Chips' Secrets | WIRED https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter • The Register SwiftOnSecurity on Twitter: "Me: Threat-hunting rare DNS lookups in a corporate network. Confluence: https://t.co/6GPMROKua2 https://t.co/pse4VwORiZ" / Twitter Aristotle Tzafalias on Twitter: "Wassenaar Arrangement Dec. 2019 New entry in the Munitions List: "ML21.b.5 "Software" specially designed or modified for the conduct of military offensive cyber operations;" https://t.co/pkY1Web6Pr https://t.co/INcLWwGHGZ" / Twitter Meeting | Hearings | United States Senate Committee on the Judiciary

Dec 11 2019

Play

Risky Biz Soap Box: Some Zero Trust facts of life

Podcast cover
Read more

Our guest in this edition is Will Peteroy. He’s currently the CTO of security at Gigamon after his company, ICEBRG, was acquired by Gigamon last year. Will has a long and interesting background in security.

As you’ll hear, he worked on the security team at Microsoft once upon a time. He even co-wrote Microsoft’s gigantic paper on mitigating “pass the hash” attacks some years ago. He also did some time with the “Department of Defense” some time ago. He’s a knowledgable fella.

And he’s been spending considerable time lately focussing on the issue of Zero Trust Networks.

Zero Trust is one of those things that’s super simple in theory, but absolutely, awfully complicated when you actually try to do it. So Will joined me for this chat about Zero Trust networks, how to define them, how to transition to them, what some of the steps are and thinking is. It’s a great conversation for any CSOs who are working through some of the issues that pop up when they’re transitioning to ZT architectures.

Dec 05 2019

Play

Risky Business #565 -- Crypto bro takes Jong turn

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Ethereum developer Virgil Griffith charged for allegedly teaching DPRK about cryptocurrency
  • DHS/CISA government vulnerability disclosure program takes shape, looks good
  • Adobe discloses Magento Marketplace data breach
  • Fully patched Android devices targeted
  • IM-RAT takedown
  • Much, much more

This week’s sponsor interview is with Brian Robison of BlackBerry Cylance. He pops along to talk about some interesting research they’ve done on mobile malware.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Cryptocurrency expert arrested for giving talk to North Korea about avoiding sanctions | ZDNet Manhattan U.S. Attorney Announces Arrest Of United States Citizen For Assisting North Korea In Evading Sanctions | USAO-SDNY | Department of Justice Brian Klein on Twitter: "I now represent Virgil Griffith and am very pleased that today the judge found that he should be released from jail pending trial. We dispute the untested allegations in the criminal complaint, and Virgil looks forward to his day in court, when the full story can come out." / Twitter DHS issues draft order to require vulnerability disclosure policies at civilian agencies cyber.dhs.gov - Binding Operational Directive 20-01 New Zealand's gun buyback website 'a shopping list for criminals' | World news | The Guardian It’s Way Too Easy to Get a .gov Domain Name — Krebs on Security Adobe discloses security breach impacting Magento Marketplace users | ZDNet Vulnerability in fully patched Android phones under active attack by bank thieves | Ars Technica Trend Micro finds new mobile malware masquerading as a chat app Authorities take down 'Imminent Monitor' RAT malware operation | ZDNet Australian and European police shut down access to popular criminal hacking tool SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos - VICE Now even the FBI is warning about your smart TV’s security | TechCrunch FBI assesses Russian apps may be counterintelligence threat HPE tells users to patch SSDs to prevent failure after 32,768 hours of operation | ZDNet Splunk tells users to patch ‘Y2K-style’ flaw BlackDirect: Microsoft Azure Account Takeover | CyberArk Hacker stole unreleased music and then tried to frame someone else | ZDNet Microsoft: Malware, ransomware, and cryptominer detections are down in 2019 | ZDNet Hacker’s paradise: Louisiana’s ransomware disaster far from over | Ars Technica Mozilla removes Avast and AVG extensions from add-on portal over snooping claims | ZDNet FBI Asked Sony for Data on User Who Allegedly Used PlayStation Network to Sell Cocaine - VICE (14) SandboxEscaper on Twitter: "I bring dire news.. for soon I may finally have a job (at Microsoft).. I won't be dropping 0days anymore, much to my dismay. But I will be standing here on the sideline cheering on any act of 0day dropping.. for pissing off the infosec elite is a cause worth fighting for." / Twitter Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform

Dec 04 2019

Play

Risky Business #564 -- PRC suffers leak, alleged defection

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • RIPE has officially run out of v4 addresses
  • NSO workers sue Facebook to get their accounts back
  • Mike Pompeo, Republican lawmakers keep Crowdstrike conspiracy theory alive
  • Bugs, hacks, ransomware disasters and more.

This week’s sponsor interview is with Sally Carson of Duo Security. Sally has been a designer for over 20 years, joining Duo in 2015 to build the company’s Product Design and User Research practice from the ground up. Duo now employs one designer for every five users, which is an extremely generous ratio.

As you’ll hear, Sally thinks empathy is the key to designing usable technology.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The RIPE NCC has run out of IPv4 Addresses — RIPE Network Coordination Centre Workers at Israeli surveillance firm NSO sue Facebook for blocking private accounts - Reuters In just three months, Google sent 12k warnings about government-backed attacks | ZDNet Pompeo says Trump’s debunked Ukraine conspiracy theory is worth looking into - The Washington Post (1) Kevin Collier on Twitter: "A fun fact about Republicans embracing the idiotic Crowdstrike conspiracy theory is that the RNSC and RNCC both use Crowdstrike. Have paid more than $175,000 since 2017, per FEC filings. https://t.co/LSvCEbYccP" / Twitter Five Years Later, Who Really Hacked Sony? | Hollywood Reporter Commerce Department proposes rules for implementing Trump’s supply-chain security order Data leak reveals how China 'brainwashes' Uighurs in prison camps - BBC News China used Nick Zhao to try infiltrate federal Parliament, ASIO believes Chinese spy Wang Liqiang's revelations spark Taiwan detention of couple at Taoyuan Airport Iranian Americans Struggle to Reach Family Amid Internet Blackout | WIRED Iran letter raises prospect of 'white list' internet clampdown - BBC News Kevin Rudd says Julian Assange faces 'unacceptable' and 'disproportionate' punishment How the NYPD's fingerprint database got shut down by a computer virus 110 Nursing Homes Cut Off from Health Records in Ransomware Attack — Krebs on Security Over 480 million mobile VPN apps have been downloaded in the past year | ZDNet A hacking group is hijacking Docker systems with exposed API endpoints | ZDNet Cheap kids smartwatch exposes the location of 5,000+ children | ZDNet The California DMV Is Making $50M a Year Selling Drivers’ Personal Information - VICE The Debate Over How to Encrypt the Internet of Things | WIRED 1.2 Billion Records Found Exposed Online in a Single Server | WIRED CISA and VotingWorks release open source post-election auditing tool | ZDNet Extensive hacking operation discovered in Kazakhstan | ZDNet DOD joins fight against 5G spectrum proposal, citing risks to GPS | Ars Technica Scammers try a new way to steal online shoppers’ payment-card data | Ars Technica Suspect can’t be compelled to reveal “64-character” password, court rules | Ars Technica Aleksei Burkov, Russian accused of operating 'elite' hacking forum, pleads not guilty Authorities Arrest Alleged Member of Group That Hacked Jack Dorsey - VICE Lights That Warn Planes of Obstacles Were Exposed to Open Internet - VICE Russia's ‘Sandworm’ Hackers Also Targeted Android Phones | WIRED Google will pay bug hunters up to $1.5m if they can hack its Titan M chip | ZDNet Twitter will finally let users disable SMS as default 2FA method | ZDNet New bypass disclosed in Microsoft PatchGuard (KPP) | ZDNet Exploit code published for dangerous Apache Solr remote code execution flaw | ZDNet Bugtraq: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products

Nov 27 2019

Play

Risky Biz Soap Box: Trend Micro VP of Cloud Research Mark Nunnikhoven

Podcast cover
Read more

This is a Soap Box edition of the show. Soap Box isn’t our regular weekly news program. If you’re looking for that one, scroll one show back in your podcast feed.

Soap Box is a wholly sponsored series of podcasts we do here at Risky Business where vendors give us money to appear. And while these are sponsored episodes they’ve actually become almost as popular as the weekly show. They started off about half as popular, and then I guess people gradually realised they don’t actually suck, so here we are.

Trend’s head of cloud research, Mark Nunnikhoven, is our guest in this edition and we have a pretty wide ranging conversation. A big part of this conversation is us talking about the differences between locking down a corporate network vs locking down a modern application production stack… and there’s a very funny part of this interview where Mark points out that AV scanning for Docker images actually makes sense. Seriously.

Nov 26 2019

Play

Risky Business #563 -- Phineas Phisher returns

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Phineas Phisher returns, claims credit for Cayman bank hack and offers bounties for activist hijinks
  • Microsoft cautiously backs DoH
  • Huawei granted another 90-day stay of execution in US market
  • Iranian APT crew targeting ICS supply chain
  • Alexei Burkov extradition complete, appears in US court
  • Some very funny stuff is happening to GPS in the Shanghai area
  • Louisiana government ransomwared, emerges relatively unscathed
  • Official Monero binaries trojaned. Lol.
  • Much, much more!

This week’s show is brought to you by Senetas. Rob Linton from Senetas joins the show this week to talk about its O365 integration for its SureDrop product, a new feature that will be of interest to many Risky Business listeners.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies - VICE Offshore Bank Targeted By Phineas Fisher Confirms it Was Hacked - VICE Microsoft says yes to future encrypted DNS requests in Windows | Ars Technica Exclusive: U.S. manufacturing group hacked by China as trade talks intensified - sources - Reuters US grants Huawei new 90-day license extension Iran’s APT33 Hackers Are Targeting Industrial Control Systems | WIRED How Iran's Government Shut Off the Internet | WIRED Why Were the Russians So Set Against This Hacker Being Extradited? — Krebs on Security Russia Fails to Stop Alleged Hacker From Facing US Charges | WIRED Ghost ships, crop circles, and soft gold: A GPS mystery in Shanghai - MIT Technology Review Ransomware hits Louisiana state government systems | ZDNet Ransomware Bites 400 Veterinary Hospitals — Krebs on Security Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware' | ZDNet Official Monero website compromised with malware that steals funds | ZDNet Anonymous hacker gets a whopping six years in prison for some lame DDoS attacks | ZDNet DDoS-for-Hire Boss Gets 13 Months Jail Time — Krebs on Security US student was allegedly building a custom Gentoo Linux distro for ISIS | ZDNet 20-year-old Chicago man charged with writing code to spread ISIS propaganda The Dark Overlord hacking suspect who's fighting extradition to the U.S. is running out of options Citing security concerns, senators call on White House to appoint coordinator for 5G issues Burglars Really Do Use Bluetooth Scanners to Find Laptops and Phones | WIRED LA warns of ‘juice-jacking’ malware, but admits it has no cases | TechCrunch Someone is using the 'Cozy Bear' moniker to scare DDoS victims into bitcoin payments 146 New Vulnerabilities All Come Preinstalled on Android Phones | WIRED As iOS vulnerabilities emerge, a new app promises to detect hacked iPhones GitHub launches 'Security Lab' to help secure open source ecosystem | ZDNet Google Chrome experiment crashes browser tabs, impacts companies worldwide | ZDNet Chrome, Edge, Safari hacked at elite Chinese hacking contest | ZDNet Company discovered it was hacked after a server ran out of free space | ZDNet TPM-FAIL vulnerabilities impact TPM chips in desktops, laptops, servers | ZDNet How a turf war and a botched contract landed 2 pentesters in Iowa jail | Ars Technica What Happens When You Remove a Police-Installed GPS Tracker | WIRED Password SUREDROP

Nov 21 2019

Play

Risky Business #562 -- Two former Twitter staff charged over Saudi spying

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Two ex Twitter employees charged with spying for KSA
  • US border device searches now require suspicion after ACLU win
  • Unredacted Corellium lawsuit response drops
  • Ransomware attacks on hospitals increase mortality
  • Much, much more!

This week’s sponsor interview is with Stephan Chenette, the co-founder and CTO of AttackIQ. We talk to him about some CSOs playing Pokemon Go with MITRE ATT&CK (“Gotta catch ‘em all!”) and about recent ATT&CK developments.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Twitter Insiders Allegedly Spied for Saudi Arabia | WIRED Former Trend Micro employee enabled scam calls by stealing customers' personal data Federal Court Rules Suspicionless Searches of Travelers’ Phones and Laptops Unconstitutional | American Civil Liberties Union Corellium claims Apple sued it after acquisition talks fell through U.K.’s Labour Party ‘Hit By Large Cyberattack’ A Month Before Election Cyber Command flags North Korean-linked hackers behind ongoing financial heists Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks — Krebs on Security As 5G Rolls Out, Troubling New Security Flaws Emerge | WIRED DNS-over-HTTPS will eventually roll out in all major browsers, despite ISP opposition | ZDNet Phones and PCs sold in Russia will have to come pre-installed with Russian apps | ZDNet Capital One replaces security chief after data breach | TechCrunch One of the world’s most advanced hacking groups debuts new Titanium backdoor | Ars Technica Facebook Portal survives Pwn2Own hacking contest, Amazon Echo got hacked | ZDNet Between 200,000 and 240,000 Magento online stores will reach EOL next year | ZDNet Major ASP.NET hosting provider infected by ransomware | ZDNet Mysterious hacker dumps database of infamous IronMarch neo-nazi forum | ZDNet Breaking the law: How 8chan (or “8kun”) got (briefly) back online | Ars Technica Microsoft's Rust experiments are going well, but some features are missing | ZDNet Further enhancing security from Microsoft, not just for Microsoft Microsoft to apply California's privacy law for all US users | ZDNet 'Chronicle Is Dead and Google Killed It' - VICE Google Enlists Outside Help to Clean Up Android's Malware Mess | WIRED Manual code review finds 35 vulnerabilities in 8 enclave SDKs | ZDNet Amid NSA warning, attacks on Confluence have risen in recent weeks Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash | Ars Technica Intel Fixes a Security Flaw It Said Was Repaired 6 Months Ago - The New York Times Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings | WIRED Influencers Pay Thousands to Get Back Into Their Hacked Instagram Accounts - VICE

Nov 13 2019

Play

Risky Biz Soap Box: Capsule8 chief scientist Brandon Edwards

Podcast cover
Read more

The Soap Box podcast is a wholly sponsored podcast series we do here at Risky.biz, which means everyone you hear on it paid to appear.

This edition of the Soap Box is brought to you by Capsule8.

It’s taken a long time, but over the last couple of years we’ve seen a meaningful Linux security software market emerge. It makes sense, I guess, considering the modern production environment is all glued together from various Linux systems. So, we’re seeing some interesting approaches to the Linux security challenge pop up.

Capsule8 makes detection and visibility software for Linux. You can use it to spot various types of funny behaviour on your Linux systems. Brandon Edwards is Capsule8’s chief scientist and he is our guest today.

We speak about a few things, but primarily this conversation centres on the fact that modern production environments have become so complex it’s almost impossible to comprehend how they work. We’ve lost insight, and we’ve even lost the ability to understand how individual security flaws can impact our wider production environments.

So we’re going to talk about complexity in modern production environments, and then we’ll talk a bit about Capsule8’s approach to the Linux security challenge. Enjoy!

Nov 07 2019

Play

Risky Business #561 -- Report: NSO exploits used against politicians, senior military targets

Podcast cover
Read more

On this week’s show Patrick Gray and Mark Piper discuss all the week’s security news, including:

  • NSO Group malware turning up in some unexpected places
  • Bluekeep mass exploitation finally begins
  • Owning smart home devices with friggin’ lasers
  • Two plead guilty to hacks on Lynda.com, Uber
  • Imperva CEO departs following breach
  • TLS Delegated Credentials sound like A VERY GOOD IDEA
  • Cybercommand heads to Montenegro
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Haroon Meer and Adrian Sanabria from Thinkst recently did a keynote talk at the Virus Bulletin conference in London. Titled “The Security Products We Deserve,” it’s a stinging critique of the security product lifecycle. VC firms keeping stupid ideas alive, analyst firms being parasites, vendors not doing security testing on their equipment and so much more. We’ll be talking to Haroon Meer about that keynote in this week’s sponsor interview, which will run after this week’s news segment.

Links to everything are below.

Show notes

Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources - Reuters Snooping row: Priyanka Gandhi's WhatsApp also targeted, claims Congress | India News - Times of India WhatsApp's Case Against NSO Group Hinges on a Tricky Legal Argument | WIRED Facebook deletes the accounts of NSO Group workers | Ars Technica The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic | WIRED Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home | WIRED 2 Plead Guilty in 2016 Uber and Lynda.com Hacks - The New York Times Imperva planned to keep its CEO through a merger. Two months after a breach, he’s out. Facebook, Mozilla, and Cloudflare announce new TLS Delegated Credentials standard | ZDNet Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections Election security drill pits red-team hackers against DHS, FBI and police The count of managed service providers getting hit with ransomware mounts | Ars Technica Japanese media giant Nikkei says $29 million lost in BEC scam An inside look at WP-VCD, today's largest WordPress hacking operation | ZDNet Chinese hackers developed malware to steal SMS messages from telco's network | ZDNet Thousands of QNAP NAS devices have been infected with the QSnatch malware | ZDNet Utah renewables company was hit by rare cyberattack in March Ubisoft reports 93% drop in DDoS attacks after pushing back against attackers | ZDNet Breaches at NetworkSolutions, Register.com, and Web.com — Krebs on Security How would MITRE’s popular cyberattack framework apply to industrial control systems? Google Is Helping Design an Open Source, Ultra-Secure Chip | WIRED Alleged Capital One hacker Paige Thompson to be released before trial Huawei calls hackers to Munich for secret bug bounty meeting | TechCrunch GitLab considers ban on new hires in China and Russia due to espionage fears | ZDNet Keynote address: The security products we deserve - YouTube

Nov 06 2019

Play

Feature Podcast: Critical infrastructure security with Eric Rosenbach and Robert M Lee

Podcast cover
Read more

This podcast is brought to you by the William and Flora Hewlett Foundation, and it’s the second in a series of podcasts we’re doing that are all about cyber policy.

The Foundation funds a lot of interesting people and work in the cybersecurity space. So the idea behind this podcast series is pretty simple: we talk to Hewlett’s grant recipients, or experts in Hewlett’s network, about pressing policy issues and turn those conversations into podcasts. The whole idea is to get some policy perspectives out there among the Risky Business audience, which, funnily enough, includes a lot of policymakers.

This podcast features both Eric Rosenbach and Robert M Lee talking about ICS security.

Eric is the co-director of the Belfer Center for Science and International Affairs at the Harvard Kennedy School. He also heads the Defending Digital Democracy project there. Eric has a very long and somewhat fascinating resume. As United States Assistant Secretary of Defense he led the US Defense Department’s efforts to counter cyberattacks by Iran and North Korea on US critical infrastructure. He’s also worked as a Chief Security Officer in the private sector and served as Pentagon chief of staff from 2015-2017.

Robert M Lee is the founder of Dragos Inc, a very well known company in the ICS/OT security space. Rob started out in infosec with the US Air Force as a Cyber Warfare Operations Officer tasked to the NSA, but as you’ll hear, Rob is actually pretty optimistic about the ICT/OT security challenge.

Oct 31 2019

Play

Risky Business #560 -- Facebook sues NSO Group

Podcast cover
Read more

On this week’s show Patrick and gust co-host Alex Stamos discuss the week’s security news, including:

  • Facebook files suit against NSO Group
  • Corellium responds to Apple suit
  • Indian nuclear power plant administrative network likely attacked by DPRK
  • Mass defacement in Georgia. Old schooooool!
  • Fancy Bear targets 2020 Olympics
  • FCC proposes subsidies for telcos to rip and replace Huawei, ZTE equipment
  • City of Johannesburg data held to ransom, but it’s not ransomware
  • Much, much more

This week’s sponsor interview is with Jake King of CMD Security. The topic is applying the MITRE ATT&CK framework

Links to everything that we discussed are below and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes

Will Cathcart - Why WhatsApp is pushing back on NSO Group hacking - The Washington Post Facebook sues NSO Group for alleged WhatsApp hack - CyberScoop Exclusive: A ‘Magic’ iPhone Hacking Startup Bites Back At Apple Lawyers — And Demands $300,000 iPhone Emulation Company Sued by Apple Says It's Making iPhones Safer - VICE (9) Sandhya Sharma on Twitter: "GOI denies reports of #CyberAttack on #kudankulam nuclear power plant and other Indian nuclear power plants control systems. Said they are stand alone not connected to outside cyber network and internet. “Any cyber attack on the Nuclear Power Plant Control System is not possible” https://t.co/o5bUmUKHqp" / Twitter Indian nuke plant’s network reportedly hit by malware tied to N. Korea | Ars Technica Indian Nuclear Power Facility Denies Unverified Reports of a Cyber Attack – The Diplomat Largest cyber-attack in Georgia's history linked to hacked web hosting provider | ZDNet Fancy Bear hackers targeted at least 16 athletic organizations ahead of Tokyo Olympics Inside Olympic Destroyer, the Most Deceptive Hack in History | WIRED FCC proposes rules requiring telcos remove Huawei, ZTE equipment | TechCrunch City of Johannesburg held for ransom by hacker gang | ZDNet Vietnamese student behind Android adware strain that infected millions | ZDNet NSA: 'We know we need to do some work' on declassifying threat intel Why did Cyber Command back off its recent plans to call out North Korean hacking? Sens. Warren, Wyden want to know if Amazon shares some blame for the Capital One breach White House kicks infosec team to curb in IT office shakeup | Ars Technica DHS is mulling an order that would force agencies to set up vulnerability disclosure programs Congress Still Doesn't Have an Answer for Ransomware | WIRED Most system administrators prefer firewall GUIs over CLIs | ZDNet Australian House Committee to look into age verification for porn | ZDNet Monash University partners with Chinese state firm linked to industrial espionage Storage Wars star's parents' garage was raided by Feds for top-secret spy equipment | Daily Mail Online Cmd – Protect your Linux servers, proactively

Oct 30 2019

Play

Risky Business #559 -- Maybe it was the Israelis hacking the Russians to masquerade as Iranians?

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Fresh details on Turla’s hostile takeover of Oilrig
  • Russians doing very interesting things with “tagged” TLS
  • China wants an aerospace sector so a lot of people got a lot of owned
  • Imperva releases breach details
  • Zendesk cops to 2016 breach
  • German manufacturer, US transport tech company sunk by ransomware
  • NordVPN gets owned
  • AVAST owned. Lots. Again.
  • Welcome to Video takedown
  • Much, much more

This week’s show is brought to you by Trail of Bits! We’ll be hearing from Trail of Bits practice lead for assurance Stefan Edwards all about their work on a recent security audit of Kubernetes. As it turns out, Kubernetes isn’t actually a horror show, but Stefan thinks you might want to run a hosted instance unless you’re a real expert.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Hacking the hackers: Russian group hijacked Iranian spying operation, officials say - Reuters
Russian hacker group patches Chrome and Firefox to fingerprint TLS traffic | ZDNet
Building China's Comac C919 airplane involved a lot of hacking, report says | ZDNet
Imperva blames data breach on stolen AWS API key | ZDNet
Zendesk discloses 2016 data breach | ZDNet
Major German manufacturer still down a week after getting hit by ransomware | ZDNet
NordVPN admits 'isolated' data breach was discovered last year
Antivirus Giant Avast Hacked By Spies Who Stole Its Passwords
How a Bitcoin Trail Led to a Massive Dark Web Child-Porn Site Takedown | WIRED
Inside the shutdown of the ‘world’s largest’ child sex abuse website | TechCrunch
Hacking 20 high-profile dev accounts could compromise half of the npm ecosystem | ZDNet
US claims cyber strike on Iran after attack on Saudi oil facility | Ars Technica
Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say
Planting Tiny Spy Chips in Hardware Can Cost as Little as $200 | WIRED
Microsoft's Secured-Core PC Feature Protects Critical Code | WIRED
White-hat hacks Muhstik ransomware gang and releases decryption keys | ZDNet
EA to give users a free month of Origin Access if they enable 2FA | ZDNet
Google finds Android zero-day impacting Pixel, Samsung, Huawei, Xiaomi devices | ZDNet
FBI warns of major ransomware attacks as criminals go “big-game hunting” | Ars Technica
Why are cyber insurers incentivizing clients to invest in specific vendors?
Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities
Trump administration looks to throttle Chinese surveillance companies’ business with U.S.
Magecart strikes more than 2 million websites as more groups get involved
Shipping giant Pitney Bowes hit by ransomware | TechCrunch
Apple Mac Hack Warning: North Korea Uses Fake Cryptocurrency Companies To Break Into macOS
Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC - VICE
Intel proposes new SAPM memory type to protect against Spectre-like attacks | ZDNet
Unpatched Linux bug may open devices to serious attacks over Wi-Fi | Ars Technica
Samsung, Google acknowledge flaws in phone-unlocking biometric tools
Rethinking Encryption - Lawfare
A million people are jailed at China's gulags. I managed to escape. Here's what really goes on inside - World News - Haaretz.com
GitHub - lojikil/kubectlfish: Slides from my OWASP AppSec Global DC 2019 talk
audit-kubernetes/reports at master · trailofbits/audit-kubernetes · GitHub
Trail of Bits

Oct 23 2019

Play

Snake Oilers 10 part 2: Do too many users have VPN access to your prod environment? There's another way!

Podcast cover
Read more

In this edition of Snake Oilers Patrick speaks to:

  • Justin McCarthy of StrongDM

StrongDM makes a protocol proxy that you can use to provision production services (like Kubernetes and SQL access) to users without them requiring full VPN access to prod. This is very cool stuff, if you manage a large prod environment that’s suffering from VPN sprawl you’ll want to check this one out.

  • Nicholas Davis of Rapid7

Nicholas is the senior technical product manager for InsightIDR. InsightIDR is a SIEM/EDR play that integrates a bunch of stuff. These days Rapid7 is really emphasising the holistic nature of InsightIDR, rather than the endpoint part, and Nicholas joins the show to talk about that.

  • Preston Hogue of F5 Networks

F5 Networks recently acquired NGINX as a part of a push to become cloud-relevant. Their strategy is to allow for F5 security smarts to be inserted basically anywhere and anyhow you want. Preston joins the show to talk about that!

Links to our Snake Oilers sponsors are below!

Show notes

strongDM Free Trial: The Infrastructure Access API InsightIDR Free Trial: The SIEM You've Always Wanted Build and deploy scalable, high-performing, and secure apps. | F5

Oct 09 2019

Play

Risky Biz Soap Box: Yubico's Jerrod Chong talks series 5 Yubikeys and what's next

Podcast cover
Read more

These Soap Box podcasts are a wholly sponsored series of podcasts we do here at Risky.Biz, so everyone you hear on the Soap Box podcast paid to be here.

But that’s ok, because we’ve got some great sponsors. This podcast is brought to you by Yubico, makes of the Yubikey devices. These podcasts with Yubico have basically turned into an annual thing. Jerrod Chong is the Chief Solutions Officer at Yubico and he joined me for this conversation about what’s new in Yubico-land. They’ve launched some new stuff, including Yubikeys with lightning adapters for iOS devices, and Jerrod also talks about hardware 2FA moving increasingly to the mainstream.

If you’re reading this within 48 hours of this podcast going live, you can get yourself a $20 discount on any two of the new series 5 Yubikeys by visiting this link and using the code ‘Risky19’.

Show notes

Buy YubiKeys at Yubico.com | Shop hardware authentication security keys
Yubico | YubiKey Strong Two Factor Authentication

Oct 03 2019

Play

Risky Business #558 -- Trump targets Crowdstrike, Apple jailbreakers rejoice

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Apple jailbreakers partying in the streets
  • Donald Trump targets Crowdstrike over 4chan conspiracy nonsense
  • Ransomware absolutely everywhere this week
  • Horror-show VxWorks bugs are popping up in other stacks
  • OnApp fixes mother of all misconfigurations
  • More SIM card issues
  • Much, much more

In this week’s sponsor interview we chat with Mr Sandbox himself, VMRay’s Carsten Willems. He’s along to talk about VMRay’s involvement in a machine-learning bypass competition that happened at DEFCON earlier this year.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval | WIRED No, it wasn’t a virus; it was Chrome that stopped Macs from booting | Ars Technica How Trump’s Ukraine Mess Entangled CrowdStrike | WIRED Trump Was Repeatedly Warned That Ukraine Conspiracy Theory Was ‘Completely Debunked’ - The New York Times Evan McMurry on Twitter: "NEW: Tom Bossert on Pres. Trump's Crowdstrike reference on Ukraine call: "It's not only a conspiracy theory, it is completely debunked... "I am deeply frustrated with what [Rudy Giuliani] and the legal team is doing in repeating that debunked theory to the president." https://t.co/o1lcVI31u8" / Twitter Trump Still Doesn't Believe Russia Hacked the 2016 Election | WIRED Trump told Russian officials in 2017 he wasn’t concerned about Moscow’s interference in U.S. election - The Washington Post Airbus hit by series of cyber attacks on suppliers U.S. Steps Up Scrutiny of Airplane Cybersecurity - WSJ Ransomware forces 3 hospitals to turn away all but the most critical patients | Ars Technica Surgeries delayed and patient security fears after cyber attack on Victorian hospitals Wood Ranch Medical Announces Permanent Closure Due to Ransomware Attack Malware infection disrupts production at defence contractor plants in three countries | ZDNet Over 500 US schools were hit by ransomware in 2019 | ZDNet Ransomware incident to cost Danish company a whopping $95 million | ZDNet Decades-Old Code Is Putting Millions of Critical Devices at Risk | WIRED Thousands of Cloud Computing Servers Could Be Owned With 'Very Simple' Attack, Researchers Say - VICE California's new labor law is going to impact bug bounty companies. By how much is unknown. Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold - VICE New SIM card attack disclosed, similar to Simjacker | ZDNet German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting — Krebs on Security Cloudflare, Google Chrome, and Firefox add HTTP/3 support | ZDNet Microsoft bans 38 file extensions in Outlook for the Web | ZDNet AT&T redirected pen-test payloads to the FBI's Tips portal | ZDNet Azure Sentinel, Microsoft's cloud-based SIEM, hits general availability | ZDNet Microsoft will now encrypt new SSDs with BitLocker | TechRadar High-severity vulnerability in vBulletin is being actively exploited | Ars Technica Cybersecurity giant Comodo can’t even keep its own website secure | TechCrunch Threesome Blowjob Scene on Giant Highway Billboard Could Have Caused an Accident, Police Say - VICE Porn on the big screen in central Auckland: Asics video monitor hacked - NZ Herald Yahoo Engineer Used Insider Access to Get Private Photos of Women - VICE Landmark White data beach: Sydney IT contractor arrested after high-profile cyber attack Home - MLSEC VMRay | Malware Analysis Tools | Malware Sandbox Solutions

Oct 02 2019

Play

Snake Oilers 10 part 1: Richard Bejtlich talks Zeek plus pitches from Respond Software and PATH Networks

Podcast cover
Read more

In this edition of the Snake Oilers podcast host Patrick Gray speaks to:

  • Richard Bejtlich of Corelight

Richard talks about Zeek, formerly Bro, and how enterprises can use it to capture useful network information for analysis, forensics and detection purposes. Richard is an industry luminary and it’s a great interview.

  • Marshal Webb of PATH Networks

Marshal explains how new technology like eBPF and XDP mean it’s possible to build DDoS mitigation rigs out of commodity hardware. That means DDoS mitigation is about to get a whole lot cheaper, and PATH is in pole position in this soon-to-be disrupted market.

  • Chris Triolo from Respond Software

Respond Software makes a decision agent for the modern SOC. They are aiming to completely replace level 1 SOC analysts so those resources can be freed up to do higher-value work. They’re offering free live and retroactive trials of their software, and it definitely belongs in the “why not take it out for a spin” category.

Some links to the company websites and blogs are below!

Show notes

Corelight Richard Bejtlich – Blog Path - Internet Intelligence eBPF, XDP and Network Security Blog Decision-Making Security Analysis Software | Respond Software

Sep 26 2019

Play

Risky Business #557 -- 26 nations release cyber norms statement at UN

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Tibetans targeted in mobile malware campaign
  • Iran denies cyber-attack nobody was asking about
  • More news from the Middle East
  • 26 nations open UN General Assembly with statement on cyber norms
  • Fedex sued over company’s NotPetya response, exec share sales
  • Why “quantum supremacy” isn’t a big deal. Yet.
  • Much, much more

In this week’s sponsor interview we talk to Cody Wood of Signal Sciences about http request smuggling. What it is and why it’s a nightmare to fix.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Androids And iPhones Hacked With Just One WhatsApp Click — And Tibetans Are Under Assault Footage shows hundreds of blindfolded and shackled prisoners in China – video | World news | The Guardian Iran denies successful cyber attack on oil sector | The Times of Israel Advanced hackers are infecting IT providers in hopes of hitting their customers | Ars Technica The Urgent Search for a Cyber Silver Bullet Against Iran - The New York Times New research shows more utility companies are being targeted by phishing emails New North Korean malware targeting ATMs spotted in India | ZDNet Shareholders allege FedEx covered up damages caused by NotPetya attack All the Code Connections Between Russia’s Hackers, Visualized | WIRED World powers are pushing to build their own brand of cyber norms Google’s ‘Quantum Supremacy’ Isn’t the End of Encryption | WIRED The FBI Tried to Plant a Backdoor in an Encrypted Phone Network - VICE Russian national confesses to biggest bank hack in US history | Ars Technica Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange | ZDNet Two years later, hackers are still breaching local government payment portals | ZDNet Massive IT Support Fraud ‘Made $10 Million From Thousands Of Elderly Victims’ Facebook suspended tens of thousands of apps from 400 developers | ZDNet Massive wave of account hijacks hits YouTube creators | ZDNet Bloomberg reporter of challenged ‘Big Hack’ story gets promoted - The Washington Post GitHub security alerts now support PHP projects | ZDNet Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites | ZDNet Microsoft releases out-of-band security update to fix IE zero-day & Defender bug | ZDNet Medicine show: Crown Sterling demos 256-bit RSA key-cracking at private event | Ars Technica Iowa officials claim confusion over scope led to arrest of pen-testers | Ars Technica Ask Cybergibbons! on Twitter: "Another interesting week on a ship. As with every previous maritime test, we found a system installed that no one really knew about or understood. Shoreside was totally unaware of its existence." / Twitter What is HTTP request smuggling? Tutorial & Examples HTTP Desync Attacks: Request Smuggling Reborn | Blog - PortSwigger

Sep 25 2019

Play

Risky Business #556 -- US Treasury targets DPRK crews, more details on Ukraine power hack

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • US Treasury targets DPRK APT crews
  • Russia owned FBI counter surveillance team radio comms
  • New details on 2016 attack against Ukraine power grid
  • US Government to sue Edward Snowden for memoir profits
  • Did RCMP intelligence director tip Phantom Secure on investigation?
  • Much, much more!

This week’s sponsor interview is with Casey Ellis of Bugcrowd. It’s an interesting chat with Casey this week. He was at the Billington cyber conference a couple of weeks ago and he had a bunch of interesting discussions there with people in the aerospace sector.

Between recent Black Hat presentations on 787 security and the trouble Boeing has had with it’s 737-MAX, software security and resiliency is all of a sudden on the agenda in aerospace. Casey drops by to talk about all of that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

US Treasury sanctions three North Korean hacking groups | ZDNet
Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups | U.S. Department of the Treasury
North Korean hackers target U.S. entities amid stalled denuclearization talks
Exclusive: Russia carried out a 'stunning' breach of FBI communications system, escalating the spy game on U.S. soil
New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction | WIRED
Exclusive: Australia concluded China was behind hack on parliament, political parties – sources    - Reuters
US sues Edward Snowden over new book | ZDNet
Investigation into senior RCMP official stemmed from disruption of encrypted phone service: sources - National | Globalnews.ca
Israeli police arrest execs from vendor of mobile surveillance tech | ZDNet
Infamous surveillance tech vendor makes pledge to follow UN human rights policy | ZDNet
This Company Built a Private Surveillance Network. We Tracked Someone With It - VICE
Simjacker attack exploited in the wild to track users for at least two years | ZDNet
A Password-Exposing Bug Was Purged From LastPass | WIRED
The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite | WIRED
Database leaks data on most of Ecuador's citizens, including 6.7 million children | ZDNet
Arrest made in Ecuador's massive data breach | ZDNet
Data of 24.3 million Lumin PDF users shared on hacking forum | ZDNet
Hacked government contractor shares breach details as investigation continues
FIN7's IT admin pleads guilty for role in billion-dollar cybercrime crew
Google discloses vulnerability in Chrome OS 'built-in security key' feature | ZDNet
Sophos open-sources Sandboxie, a utility for sandboxing any application | ZDNet
Chrome 77 released with no EV indicators, contact picker, permanent Guest Mode | ZDNet
Most Android flashlight apps request an absurd number of permissions | ZDNet
Cloudflare may have provided service to terrorists, drug traffickers in violation of U.S. sanctions
NY Payroll Company Vanishes With $35 Million — Krebs on Security
2 charged say they were hired to break into Dallas County courthouse

Sep 18 2019

Play

Risky Business #555 -- Bluekeep Metasploit module released, Paige Thompson pleads not guilty and more

Podcast cover
Read more

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Paige Thompson pleads not guilty to CapitalOne hack
  • German government probes FinFisher
  • Bluekeep Metasploit module dropped
  • DPRK samples hit VT, courtesy of our friends in the USA
  • Apple releases awful statement about mass exploitation of its devices
  • Much more

This week’s show is brought to you by Blackberry Cylance. In this week’s sponsor interview we’ll be talking about US Cybercommand dropping some sweet, sweet APT28 samples on VirusTotal back in May. We’ll talk a little bit about that malware, and also have a more general discussion about CYBERCOM VT drops with Cylance research staffers Steve Barnes and Josh Lemos.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Cyber Command's biggest VirusTotal upload looks to expose North Korean-linked malware InstaCyber on Twitter: "Uploading of samples isn't burning capability or some sort of (working) counter-CNE operation. This is proven by the large number of actors that keep truckin' on with the same old junk despite disclosure; the number of groups that truly pack up shop, albeit temporarily, is small https://t.co/COkDOLYlwr" / Twitter The NSA recognizes it needs to share more nation-state threat data, and faster Apple takes flak for disputing iOS security bombshell dropped by Google | Ars Technica We must see China - the opportunities and the threats - with clear eyes Samsung, Huawei, LG, and Sony phones vulnerable to rogue 'provisioning' messages | ZDNet Zero-day disclosed in Android OS | ZDNet A Chinese APT is now going after Pulse Secure and Fortinet VPN servers | ZDNet Metasploit team releases BlueKeep exploit | ZDNet How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory. German prosecutors investigate spyware maker FinFisher | News | DW | 05.09.2019 Twitter disables SMS-to-tweet feature after its CEO got hacked last week | ZDNet Accused Capital One hacker pleads not guilty to all charges Back to school: With latest attack, ransomware cancels classes in Flagstaff | Ars Technica No municipality paid ransoms in 'coordinated ransomware attack' that hit Texas | ZDNet Chris Bing on Twitter: "NSA cybersecurity division Director Anne Neuberger says at #BillingtonSummit that Ransomware represents one of the threats facing the election. Explains its a notable vector of attack following attacks on cities across the US." / Twitter Thousands of servers infected with new Lilocked (Lilu) ransomware | ZDNet Scraping public website data does not violate CFAA, judge rules 51 tech CEOs send open letter to Congress asking for a federal data privacy law | ZDNet Microsoft, Hewlett Foundation preparing to launch nonprofit that calls out cyberattacks Security researchers expose another instance of Chrome patch gapping | ZDNet Kaspersky launches anti-cheat solution for pro e-sports tournaments | ZDNet Mozilla launches Firefox VPN extension for US users | ZDNet Mozilla to gradually enable DNS-over-HTTPS for Firefox US users later this month | ZDNet Intel server-grade CPUs impacted by new NetCAT attack | ZDNet U.S. arrests 281 people worldwide accused of involvement in BEC scams Forget email: Scammers use CEO voice 'deepfakes' to con workers into wiring cash | ZDNet Cyber-security incident at US power grid entity linked to unpatched firewalls | ZDNet Secret Service Investigates Breach at U.S. Govt IT Contractor — Krebs on Security Millions of Exim servers vulnerable to root-granting exploit | ZDNet

Sep 11 2019

Play

Risky Biz Soap Box: MITRE ATT&CK framework is now officially everywhere

Podcast cover
Read more

The Soap Box podcast series is a fully sponsored podcast series we do here at Risky.Biz, and that means that everyone you hear in it paid to be featured.

This edition of the Soap Box podcast is brought to you by AttackIQ and in in it we talk to its CISO and VP of customer success Chris Kennedy. And we’ll be discussing a topic of that frankly should be talked about a bit more: the MITRE ATT&CK framework.

We also talk about attack simulation and which security controls are most commonly and catastrophically misconfigured. If you’re a CISO you’ll like this one.

Show notes

More Security Endpoint Tech Isn't Always Better | Decipher AttackIQ Platform, continuous validation of your security control.

Sep 05 2019

Play