Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Two Chinese nationals charged with freelancing for MSS
• Russia, China hacking COVID-19 research
• The world dodged a bullet on the Windows DNS bug
• Twitter blue tick pwnapalooza
• Much, much more.

This week’s show is brought to you by Corelight. The company’s Chief Product Officer, Brian Dye, will be along for a chat a bit later on. We look at how adopting a zero trust model, sadly, doesn’t mean you can just ignore your network completely, as much as that would be nice.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Chinese campaign a sad indictment of infosec - Risky Business US accuses two Chinese hackers of global hacking campaign, targeting coronavirus vaccine research Russia’s Latest Hacking Target: Covid-19 Vaccine Projects | WIRED Secret Trump order gives CIA more powers to launch cyberattacks Report: CIA received more offensive hacking powers in 2018 | ZDNet Russia's GRU Hackers Hit US Government and Energy Targets | WIRED Two more cyber-attacks hit Israel's water system | ZDNet UK 'almost certain' that 2019 election was target of Russian disinformation operation Russia spreading coronavirus disinfo aimed at West, say US officials Twitter says hackers accessed DMs for 36 users in last week's hack | ZDNet US seeks to drop charges against former Twitter employees accused of spying for Saudi Arabia - The Verge Microsoft Warns of a 17-Year-Old ‘Wormable’ Bug | WIRED Hackers actively exploit high-severity networking vulnerabilities | Ars Technica US cyber officials urge patching of bug affecting up to 40K SAP customers CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malware | ZDNet Garmin’s four-day service meltdown was caused by ransomware | Ars Technica North Korean hackers are stepping up their ransomware game, Kaspersky finds A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs | ZDNet FBI warns US companies about backdoors in Chinese tax software | ZDNet Malware stashed in China-mandated software is more extensive than thought | Ars Technica Iranian Spies Accidentally Leaked Videos of Themselves Hacking | WIRED Apple’s Hackable iPhones Are Finally Here | WIRED Google's Project Zero team won't be applying for Apple's SRD program | ZDNet NY Charges First American Financial for Massive Data Leak — Krebs on Security Listen to This Deepfake Audio Impersonating a CEO in Brazen Fraud Attempt The Rise of Synthetic Audio Deepfakes GEDmatch confirms data breach after users’ DNA profile data made available to police | TechCrunch Police Are Buying Access to Hacked Website Data Wyden Plans Law to Stop Cops From Buying Data That Would Need a Warrant Breached Data Indexer ‘Data Viper’ Hacked — Krebs on Security Crooks have acquired proprietary Diebold software to “jackpot” ATMs | Ars Technica Microsoft's new KDP tech blocks malware by making parts of the Windows kernel read-only | ZDNet Sony awards $10,000 bug bounty for PlayStation 4 kernel exploit | The Daily Swig Security Operations Lead » InternetNZ