Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Phineas Phisher returns, claims credit for Cayman bank hack and offers bounties for activist hijinks
• Microsoft cautiously backs DoH
• Huawei granted another 90-day stay of execution in US market
• Iranian APT crew targeting ICS supply chain
• Alexei Burkov extradition complete, appears in US court
• Some very funny stuff is happening to GPS in the Shanghai area
• Louisiana government ransomwared, emerges relatively unscathed
• Official Monero binaries trojaned. Lol.
• Much, much more!

This week’s show is brought to you by Senetas. Rob Linton from Senetas joins the show this week to talk about its O365 integration for its SureDrop product, a new feature that will be of interest to many Risky Business listeners.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies - VICE Offshore Bank Targeted By Phineas Fisher Confirms it Was Hacked - VICE Microsoft says yes to future encrypted DNS requests in Windows | Ars Technica Exclusive: U.S. manufacturing group hacked by China as trade talks intensified - sources - Reuters US grants Huawei new 90-day license extension Iran’s APT33 Hackers Are Targeting Industrial Control Systems | WIRED How Iran's Government Shut Off the Internet | WIRED Why Were the Russians So Set Against This Hacker Being Extradited? — Krebs on Security Russia Fails to Stop Alleged Hacker From Facing US Charges | WIRED Ghost ships, crop circles, and soft gold: A GPS mystery in Shanghai - MIT Technology Review Ransomware hits Louisiana state government systems | ZDNet Ransomware Bites 400 Veterinary Hospitals — Krebs on Security Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware' | ZDNet Official Monero website compromised with malware that steals funds | ZDNet Anonymous hacker gets a whopping six years in prison for some lame DDoS attacks | ZDNet DDoS-for-Hire Boss Gets 13 Months Jail Time — Krebs on Security US student was allegedly building a custom Gentoo Linux distro for ISIS | ZDNet 20-year-old Chicago man charged with writing code to spread ISIS propaganda The Dark Overlord hacking suspect who's fighting extradition to the U.S. is running out of options Citing security concerns, senators call on White House to appoint coordinator for 5G issues Burglars Really Do Use Bluetooth Scanners to Find Laptops and Phones | WIRED LA warns of ‘juice-jacking’ malware, but admits it has no cases | TechCrunch Someone is using the 'Cozy Bear' moniker to scare DDoS victims into bitcoin payments 146 New Vulnerabilities All Come Preinstalled on Android Phones | WIRED As iOS vulnerabilities emerge, a new app promises to detect hacked iPhones GitHub launches 'Security Lab' to help secure open source ecosystem | ZDNet Google Chrome experiment crashes browser tabs, impacts companies worldwide | ZDNet Chrome, Edge, Safari hacked at elite Chinese hacking contest | ZDNet Company discovered it was hacked after a server ran out of free space | ZDNet TPM-FAIL vulnerabilities impact TPM chips in desktops, laptops, servers | ZDNet How a turf war and a botched contract landed 2 pentesters in Iowa jail | Ars Technica What Happens When You Remove a Police-Installed GPS Tracker | WIRED Password SUREDROP