Risky Business

On this week’s show we’re chatting with Alex Tilley. He’s with Secureworks in Australia these days, but before that he spent a big chunk of his career with the Australian Federal Police.

He did a presentation a few weeks back at the AusCERT conference all about what fraud crews are up to these days. He’ll be joining us to walk through how much damage West African crime groups are doing with compromised office 365 accounts. We also talk a bit about trends in money muling, because that game has really changed.

This week’s show is brought to you by Cylance, and in this week’s sponsor interview we’ll be chatting with Cylance’s very own Jim Walter about how ransomware hasn’t really gone anywhere, despite most of the tech press getting sick of writing about it.

Adam Boileau, as usual, joins us to talk about the week’s news, including:

• The Vault7 guy is totally screwed
• US Senate scuttles Trump’s plan to save ZTE
• Chinese pwning satellite comms, telcos
• Olympic Destroyer crew is back

Links to everything are below and you can follow Patrick and Adam on Twitter if that’s your thing.

Show notes Ex-CIA employee charged in major leak of agency hacking tools - The Washington Post Ryan Duff on Twitter: "The CIA leaker conducted a privilege escalation on the computer he used to access the data he stole, erased all the logs of his activity, and then locked other users out. A lot more tradecraft here than your average leaker… https://t.co/vIy0JL2f63" WikiLeaks Shares Alleged Diaries of Accused CIA Leaker Joshua Schulte - Motherboard Senate rejects Trump’s plan to lift ZTE export ban | Ars Technica China-based campaign breached satellite, defense companies: Symantec | Reuters Senate bill hopes to sort out supply-chain cybersecurity risks, prevent next Kaspersky drama Kaspersky Halts Europol and NoMoreRansom Project Coop After EU Parliament Vote North Korea to blame for string of Latin America bank hacks, insiders say After Trump courts Kim, U.S. issues warning on North Korean malware The Olympic Destroyer Hackers May Have Returned For More | WIRED Patrick Gray on Twitter: "And there it is. The circle is complete. The whole point of Olympic Destroyer was to cast doubt on attribution generally, even though nobody who matters ever made attribution claims based on a few “vectors”.… https://t.co/RFXQYGr7sl" Yubico snatched my login token vulnerability to claim a $5k Google bug bounty, says bloke • The Register Iran’s Telegram Ban Has Impacted All Corners of the Country | WIRED FBI recovers WhatsApp, Signal data stored on Michael Cohen’s BlackBerry | Ars Technica Reminder: macOS still leaks secrets stored on encrypted drives | Ars Technica Verizon and AT&T will stop selling your phone’s location to data brokers | Ars Technica Google to Fix Location Data Leak in Google Home, Chromecast — Krebs on Security 17 Backdoored Docker Images Removed From Docker Hub Cortana Hack Lets You Change Passwords on Locked PCs ZeroFont Technique Lets Phishing Emails Bypass Office 365 Security Filters Hacker Breaches Syscoin GitHub Account and Poisons Official Client Clipboard Hijacker Targeting Bitcoin & Ethereum Users Infects Over 300,0000 PCs Chris Vickery on Twitter: "Holy shit. This guy, George Cottrell, was advertising money laundering services on the dark web. He was caught red-handed in a FBI sting. Guy is (was) top aide to the Brexit campaign leader, Nigel Farage. His super secret dark web username was "Banker". https://t.co/unEM4CnYVj" InstaCyber on Twitter: "It begins. THANKS #GDPR https://t.co/JH9CyWGWcO" Bitcoin’s Price Was Artificially Inflated, Fueling Skyrocketing Value, Researchers Say - The New York Times Man Gets 20 Years In Jail For Trying To Steal A Domain Name At Gunpoint | Gizmodo Australia Cops Are Confident iPhone Hackers Have Found a Workaround to Apple’s New Security Feature - Motherboard https://dcso.de cylance spear team - Google Search