Risky Business

On this week’s show Patrick and gust co-host Alex Stamos discuss the week’s security news, including:

• Facebook files suit against NSO Group
• Corellium responds to Apple suit
• Indian nuclear power plant administrative network likely attacked by DPRK
• Mass defacement in Georgia. Old schooooool!
• Fancy Bear targets 2020 Olympics
• FCC proposes subsidies for telcos to rip and replace Huawei, ZTE equipment
• City of Johannesburg data held to ransom, but it’s not ransomware
• Much, much more

This week’s sponsor interview is with Jake King of CMD Security. The topic is applying the MITRE ATT&CK framework

Links to everything that we discussed are below and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes Will Cathcart - Why WhatsApp is pushing back on NSO Group hacking - The Washington Post Facebook sues NSO Group for alleged WhatsApp hack - CyberScoop Exclusive: A ‘Magic’ iPhone Hacking Startup Bites Back At Apple Lawyers — And Demands $300,000 iPhone Emulation Company Sued by Apple Says It's Making iPhones Safer - VICE (9) Sandhya Sharma on Twitter: "GOI denies reports of #CyberAttack on #kudankulam nuclear power plant and other Indian nuclear power plants control systems. Said they are stand alone not connected to outside cyber network and internet. “Any cyber attack on the Nuclear Power Plant Control System is not possible” https://t.co/o5bUmUKHqp" / Twitter Indian nuke plant’s network reportedly hit by malware tied to N. Korea | Ars Technica Indian Nuclear Power Facility Denies Unverified Reports of a Cyber Attack – The Diplomat Largest cyber-attack in Georgia's history linked to hacked web hosting provider | ZDNet Fancy Bear hackers targeted at least 16 athletic organizations ahead of Tokyo Olympics Inside Olympic Destroyer, the Most Deceptive Hack in History | WIRED FCC proposes rules requiring telcos remove Huawei, ZTE equipment | TechCrunch City of Johannesburg held for ransom by hacker gang | ZDNet Vietnamese student behind Android adware strain that infected millions | ZDNet NSA: 'We know we need to do some work' on declassifying threat intel Why did Cyber Command back off its recent plans to call out North Korean hacking? Sens. Warren, Wyden want to know if Amazon shares some blame for the Capital One breach White House kicks infosec team to curb in IT office shakeup | Ars Technica DHS is mulling an order that would force agencies to set up vulnerability disclosure programs Congress Still Doesn't Have an Answer for Ransomware | WIRED Most system administrators prefer firewall GUIs over CLIs | ZDNet Australian House Committee to look into age verification for porn | ZDNet Monash University partners with Chinese state firm linked to industrial espionage Storage Wars star's parents' garage was raided by Feds for top-secret spy equipment | Daily Mail Online Cmd – Protect your Linux servers, proactively