Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

• US DoJ unseals indictments against Sandworm operators
• Twitter backtracks on “hacked materials” policy
• No consensus on Trickbot c2 status
• NSA publishes “most exploited” listicle that’s actually interesting
• Much, much more

Cmd Security is this week’s sponsor. Its CEO Jake King and CTO Mike Sample join the show this week to talk though a new remote access tech release from Hashicorp called Boundary and what it might mean for Linux system observability in your environment.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit | WIRED UK says Russia was preparing cyber-attacks against the Tokyo Olympics | ZDNet Sandworm operators indicted - Risky Business Microsoft says it took down 94% of TrickBot's command and control servers | ZDNet NSA publishes list of top vulnerabilities currently targeted by Chinese hackers | ZDNet 800,000 SonicWall VPNs vulnerable to new remote code execution bug | ZDNet VMSA-2020-0023 New York Post Published Hunter Biden Report Amid Newsroom Doubts - The New York Times Twitter Says It Blocked NY Post Hunter Biden Article Because It Contains Hacked Data The Media Just Passed a Test It Failed Four Years Ago | WIRED Brevard voters threatened in emails purportedly from 'Proud Boys' Google offers details on Chinese hacking group that targeted Biden campaign Industry alert pins state, local government hacking on suspected Russian group New York regulator faults Twitter for lax security measures prior to big account breach German authorities raid FinFisher offices | ZDNet Shannon Vavra on Twitter: "Details via @hsu_spencer & @kfahim https://t.co/QTRooHnw0I" / Twitter Encrochat Hack That Brought Down Hundreds of Criminals Faces Legal Challenges Hackney Council unable to pay housing benefit after cyber attack | Science & Tech News | Sky News London's Hackney Borough Council hit by hack attack - BBC News Hackney Council services to be disrupted ‘for some time’ Meet FIN11, a cybercrime outfit going after pharma companies while leaning on extortion QAnon/8Chan Sites Briefly Knocked Offline — Krebs on Security Alexander Vinnik heads to trial in France on ransomware, money laundering charges Alleged KickassTorrents founder Artem Vaulin jumped bail in Poland Thousands of infected IoT devices used in for-profit anonymity service | Ars Technica Microsoft adds option to disable JScript in Internet Explorer | ZDNet Zoom to roll out end-to-end encrypted (E2EE) calls | ZDNet QRadar: Popular IBM security tool open to remote code execution attacks | The Daily Swig Google releases Chrome security update to patch actively exploited zero-day | ZDNet Security testing firm NSS Labs ceases operations, citing coronavirus | TechCrunch Ryuk in 5 Hours – The DFIR Report