Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
https://risky.biz/
Risky Business #568 -- Let's Decrypt
On this week’s show Patrick and Adam discuss the week’s security news, including:
- NSA drops a sweet Microsoft crypto bug
- Burisma targeted by GRU. 2016 all over again?
- Citrix users having a bad time
- Intrusion Truth targets APT40
- No more BYOD for US soldiers in Middle East
- Much, much more
We have a new sponsor in this week’s show – ExtraHop Networks. Network monitoring is dead! Long live network monitoring!
Matt Cauthorn is ExtraHop’s VP of cybersecurity engineering and he’ll join us this week to talk about recent moves by cloud providers to offer full virtual network mirror ports out of their infrastructure.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
*Credit for this week’s headline goes to @appsecbloke.
Show notes Cryptic Rumblings Ahead of First 2020 Patch Tuesday — Krebs on Security Microsoft fixes Windows crypto bug reported by the NSA | ZDNet Now It's Really, Truly Time to Give Up Windows 7 | WIRED Proof-of-concept code published for Citrix bug as attacks intensify | ZDNet Russians Hacked Ukrainian Gas Company at Center of Impeachment - The New York Times Russian hackers targeted Ukrainian company at center of impeachment storm: cybersecurity firm - Reuters A Tale of Two Attributions – Stranded on Pylos Nicole Perlroth on Twitter: If Russia Hacked Burisma, Brace for the Leaks to Follow | WIRED FBI says Iranian hackers have stepped up reconnaissance since Soleimani killing Saudi cyber authority uncovers new data-wiping malware, and experts suspect Iran is behind it New Iranian data wiper malware hits Bapco, Bahrain's national oil company | ZDNet What is the Hainan Xiandun Technology Development Company? – Intrusion Truth Iranian Hackers Have Been ‘Password-Spraying’ the US Grid | WIRED Alleged Spy App ToTok Puts Apple in a Bind | WIRED US troops deploying to the Middle East told to leave personal devices at home | ZDNet Amnesty suit asking Israel to revoke NSO Group's license heads to court Travelex says ransomware recovery is underway two weeks after global blackout Boing Boing was hacked / Boing Boing Kuwait's state news agency says hackers breached its Twitter Hackers Are Breaking Directly Into AT&T, T-Mobile, and Sprint to Take Over Customer Phone Numbers - VICE Academic research finds five US telcos vulnerable to SIM swapping attacks | ZDNet You can now use an iPhone as a security key for Google accounts | ZDNet Google plans to drop Chrome support for tracking cookies by 2022 | Ars Technica Congressional commission mulls new private sector reporting requirements Apple Lawsuit Against Cyber Startup Threatens ‘Dangerous’ Expansion Of Copyright Law Equifax to pay customers $380.5 million as part of final breach settlement Donald J. Trump on Twitter: Tech’s Adversaries vs Enemies - Alex Stamos - Medium Was It an Act of War? That’s Merck Cyber Attack’s $1.3 Billion Insurance Question.