Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

• China to ditch foreign hardware, software, from government use
• Huawei sues FCC
• More background on Project Raven
• Senate hearings into encryption
• Reddit fingers alleged RU disinfo campaign
• “Evil Corp” hackers have lots of money, terrible taste
• Ransomware attacks galore
• Much, much more

This week’s sponsor interview is with Haroon Meer of Thinkst Canary. And we’re going to do the typical thing and have a look forward to what we can expect to see in security next year. But we’re going less for the big, dumb predictions and more picking the trends we expect to strengthen over the next year.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Chinese government to replace foreign hardware and software within three years | ZDNet Russia to invest $31 million in a local Wikipedia clone | ZDNet Huawei sues FCC for icing U.S. business, claiming a lack of evidence Made in America Facebook intends to implement end-to-end encryption despite DOJ pressure U.S. senators threaten Facebook, Apple with encryption regulation - Reuters Patrick Gray on Twitter: "So Apple has issued a DMCA takedown on a Tweet that disclosed a key that could be used to decrypt 64 bit SEP. Apple's approach to security researchers feels a little bit like this scene from Mars Attacks lately... https://t.co/rJPE5L8OP5" / Twitter Reddit links leak of US-UK trade documents to Russian influence campaign | ZDNet Alleged Russian Hacker Behind $100 Million Evil Corp Indicted | WIRED BMW and Hyundai hacked by Vietnamese hackers, report claims | ZDNet Ransomware at Colorado IT Provider Affects 100+ Dental Offices — Krebs on Security Pensacola cyber attack: Officials not sure if personal data was exposed Ransomware attack hits major US data center provider | ZDNet 20 VPS providers to shut down on Monday, giving customers two days to save their data | ZDNet Keybase moves to stop onslaught of spammers on encrypted message platform | Ars Technica Scammers dupe Chinese venture capitalists out of $1 million with the 'ultimate' BEC heist Facebook sues Chinese malware operator for abusing its ad platform | ZDNet Exclusive: A Facebook Employee Accepted Bribes From A Scammer To Reactivate Banned Ad Accounts Google Chrome Will Now Warn You If Your Web Passwords Have Been Stolen Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sells Your Web Habits. Two malicious Python libraries caught stealing SSH and GPG keys | ZDNet Snatch ransomware reboots PCs in Windows Safe Mode to bypass antivirus apps | ZDNet HackerOne breach lets outside hacker read customers’ private bug reports | Ars Technica Hackers Can Mess With Voltages to Steal Intel Chips' Secrets | WIRED https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter • The Register SwiftOnSecurity on Twitter: "Me: Threat-hunting rare DNS lookups in a corporate network. Confluence: https://t.co/6GPMROKua2 https://t.co/pse4VwORiZ" / Twitter Aristotle Tzafalias on Twitter: "Wassenaar Arrangement Dec. 2019 New entry in the Munitions List: "ML21.b.5 "Software" specially designed or modified for the conduct of military offensive cyber operations;" https://t.co/pkY1Web6Pr https://t.co/INcLWwGHGZ" / Twitter Meeting | Hearings | United States Senate Committee on the Judiciary