Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Zoom settles with FTC over misleading E2EE claim
• Some poor sod had to give up $1bn in Bitcoin
• Solaris SSH 0day? Let’s party like it’s 1999
• Samy Kamkar’s latest trick: NAT Slipstreaming
• Australia’s hardcore critical infrastructure protection bill
• Much, much more

This week’s show is brought to you by Remediant. Company co-founder Paul Lanzi joins the show in this week’s sponsor interview to talk about how they’ve been helping companies recover from ransomware attacks. Maybe listen to this one. You know. Just in case you find yourself in that situation one day?

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Zoom settles FTC charges for misleading users about security features | ZDNet Someone has transferred ~$1 billion from a bitcoin wallet quiet since 2015 | Ars Technica The feds just seized Silk Road’s $1 billion stash of bitcoin | Ars Technica Hacker group uses Solaris zero-day to breach corporate networks | ZDNet NAT Slipstreaming hack tricks firewalls and routers | The Daily Swig Australia's hardcore critical infrastructure laws open to challenge - Risky Business 23,600 hacked databases have leaked from a defunct 'data breach index' site | ZDNet More suspected North Korean malware identified after US alert on Kimsuky hackers Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed The many personalities of Lazarus - Risky Business Windows 10, iOS, Chrome, and many others fall at China's top hacking contest | ZDNet Linux version of RansomEXX ransomware discovered | ZDNet Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments Building wave of ransomware attacks strike U.S. hospitals | Reuters Why Paying to Delete Stolen Data is Bonkers — Krebs on Security Israeli companies targeted with new Pay2Key ransomware | ZDNet Capcom takes systems offline following cyber-attack | The Daily Swig Company that runs US illegal immigration detention centers discloses ransomware attack | ZDNet Ransomware Hits Dozens of Hospitals in an Unprecedented Wave | WIRED Italian beverage vendor Campari knocked offline after ransomware attack | ZDNet Compal, the second-largest laptop manufacturer in the world, hit by ransomware | ZDNet Toy maker Mattel discloses ransomware attack | ZDNet Wisconsin Republicans say last minute hack cost party $2 million meant to reelect Trump FBI: Hackers stole source code from US government agencies and private companies | ZDNet Pwned: Deloitte Hacker IQ game forced offline after hack | The Daily Swig Russian authorities make rare arrest of malware author | ZDNet CERT/CC launches Twitter bot to give security bugs random names | ZDNet Oracle publishes rare out-of-band security update for WebLogic servers | ZDNet Apple fixes three iOS zero-days exploited in the wild | ZDNet After two zero-days in Chrome desktop, Google patches a third zero-day in the Android version | ZDNet Google’s Project Zero discloses Windows 0-day that’s been under active exploit | Ars Technica Google discloses Windows zero-day exploited in the wild | ZDNet Google patches second Chrome zero-day in two weeks | ZDNet ACOS/aGalaxy GUI RCE Vulnerability – CVE-2020-24384 – A10 Support Infamous ‘Hoax’ Artist Behind Trumpworld’s New Voter Fraud Claim (1) Matthew Gertz (@MattGertz) / Twitter