Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

• MBS fingered in Bezos dick pic breach
• Glenn Greenwald facing cybercrime charges over Vaza Jato Telegram leaks
• Citrix finally patches 90s-style ADC bugs
• IE 0day doing the rounds, no patch available
• PoCs for 0601 drop
• Much, much more…

This week’s show is sponsored by VMRay, a sandbox-based malware analyser. You throw a sample into it and it spits out all sorts of useful information. Rather than having one of its own staff in this week’s sponsor slot, VMRay has put forward one of its customers instead. Expel is a managed security provider, and it is making heavy use of VMRay to do malware analysis. Tyler Fornes is a Senior Detection and Response Analyst at Expel and he joined me to talk about how they’re using VMRay to actually make life easier.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Saudi crown prince implicated in hacking of Jeff Bezos’s phone | Financial Times Amazon boss Jeff Bezos's phone 'hacked by Saudi crown prince' | Jeff Bezos | The Guardian Outrage As Brazil Accuses Glenn Greenwald Of Hacking Crimes US Cyber Command was not prepared to handle the amount of data it hacked from ISIS | ZDNet U.S. says accused Vault 7 leaker tried orchestrating PR campaign from jail cell Accused scammer Burkov to plead guilty to 'some' charges after extradition dispute Hackers are racing to exploit a Citrix bug that the company hasn't patched yet As attacks begin, Citrix ships patch for VPN vulnerability | Ars Technica CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance A hacker is patching Citrix servers to maintain exclusive access | ZDNet Microsoft warns about Internet Explorer zero-day, but no patch yet | ZDNet Proof-of-concept exploits published for the Microsoft-NSA crypto bug | ZDNet Critical Windows 10 vulnerability used to Rickroll the NSA and Github | Ars Technica LastPass is in the midst of a major outage | ZDNet FBI seizes WeLeakInfo, a website that sold access to breached data | ZDNet Mitsubishi Electric discloses security breach, China is main suspect | ZDNet FBI: Nation-state actors have breached two US municipalities | ZDNet A Georgia election server was vulnerable to Shellshock and may have been hacked | Ars Technica Visa's plan against Magecart attacks: Devalue and disrupt | ZDNet Researchers find serious flaws in WordPress plugins used on 400k sites | Ars Technica The FBI Got Data From A Locked iPhone 11 Pro Max—So Why Is It Demanding Apple Unlock Older Phones? Apple dropped plan for encrypting backups after FBI complained - sources - Strategy - Cloud - Security - iTnews Chinese man arrested after making $1.6 million from selling VPN services | ZDNet Senators to Trump administration: Protect small businesses from Iranian hacking threat ShadowMove: A Stealthy Lateral Movement Strategy | USENIX I'm Nicole Perlroth, cybersecurity reporter for The New York Times. I broke the news that Russians hacked the Ukrainian gas company at the center of President Trump's impeachment. US officials warn that Russians have grown stealthier since 2016 and seek to target election systems ahead of 2020. AMA : worldnews