Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

• The FTI report on the Bezos incident is a massive let down
• UK lets Huawei into 5G build
• SeaTurtle campaign pinned on Turkey
• Mitsubishi owned through its AV solution
• Ransomware crews owning unpatched Citrix boxes
• Much, much more.

This week’s sponsor guest is Sherrod DeGrippo of Proofpoint. She’s a senior director of threat research there and she’ll be along to talk about the Emotet malware. Despite being spray and pray malware, it’s pretty successful because it operates at such ridiculous scale. Sherrod joins us with details.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes The big questions from FTI's report on the Jeff Bezos hack Some Directions for Further Investigation in the Bezos Hack Case A timeline of events surrounding the Bezos phone hack | ZDNet (10) Bill Marczak on Twitter: "FTI can no longer credibly avoid decrypting the encrypted video that MbS sent to Bezos. Previously, FTI would have had to click on the 1st Google result for "how to decrypt enc whatsapp" (hard, I know), but now @dinodaizovi put everything in a GitHub repo! https://t.co/3dnFgURRyU" / Twitter Hack of Jeff Bezos' phone likely happened through Saudi crown prince, analysts tell UN - CyberScoop Here Is the Technical Report Suggesting Saudi Arabia’s Prince Hacked Jeff Bezos’ Phone - VICE Everything We Know About the Jeff Bezos Phone Hack | WIRED FTI-Report-into-Jeff-Bezos-Phone-Hack.pdf Stopping the Press: New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator - The Citizen Lab New U.S. law requires government to report risks of overseas activities by ex-spies - Reuters UK won't ban Huawei in British 5G technology, defying U.S. warnings - CyberScoop Exclusive: Hackers acting in Turkey's interests believed to be behind recent cyberattacks - sources - Reuters Trend Micro antivirus zero-day used in Mitsubishi Electric hack | ZDNet Fortinet removes SSH and database backdoors from its SIEM product | ZDNet Hackers target unpatched Citrix servers to deploy ransomware | ZDNet Tampa Bay Times struck by ransomware, joining a growing club of hacked media outlets The average ransom demand for a REvil ransomware infection is a whopping $260,000 | ZDNet Judge forces insurer to help small business to clean up after a crippling ransomware attack New York state wants to ban government agencies from paying ransomware demands | ZDNet Hackers hijack social media accounts for the NFL and 15 teams | ZDNet One Small Fix Would Curb Stingray Surveillance | WIRED Leaked Documents Expose the Secretive Market for Your Web Browsing Data - VICE Scraping the Web Is a Powerful Tool. Clearview AI Abused It | WIRED Mozilla has banned nearly 200 malicious Firefox add-ons over the last two weeks | ZDNet The Chrome Web Store is currently facing a wave of fraudulent transactions | ZDNet MDhex vulnerabilities impact GE patient vital signs monitoring devices | ZDNet Researchers set up a mock factory network — and watched the criminals rush in Microsoft to forcibly install Bing search extension in Chrome for Office 365 ProPlus users | ZDNet Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw | WIRED Magecart gang arrested in Indonesia | ZDNet DEF CON China conference put on hold due to coronavirus outbreak | ZDNet Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus | ZDNet LoRaWAN networks are spreading but security researchers say beware | ZDNet Wawa Breach May Have Compromised More Than 30 Million Payment Cards — Krebs on Security LabCorp security lapse exposed thousands of medical documents | TechCrunch TALOS-2019-0964 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence oss-security - LPE and RCE in OpenSMTPD (CVE-2020-7247) Equifax Ordered to Spend $1 Billion on Data Security