Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

• CISA director Chris Krebs fired
• Trump ramps up his disinformation campaign
• TikTok ban stalls
• BlackBerry discovers new hacker-for-hire crew
• DNS cache poisoning is back. But do we really care?
• Much, much more

This week’s show is brought to you by Thinkst Canary. Thinkst’s founder Haroon Meer will be along in this week’s show to talk a bit about security product design. Canary has been remarkably restrained over the years. Instead of trying to use their success as a platform to launch a million other products, they’ve spent more time really working on design and usability. He’ll join us to talk through all of that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Patrick Gray on Twitter: "The final tweet. I LOVE it that Chris went down swinging. I've gotten to know him a little over the last year and a half, and yeah, he takes his job and mission extremely seriously. The USA has lost a true public servant." / Twitter Exclusive: Top official on U.S. election cybersecurity tells associates he expects to be fired | Reuters Lawmakers back CISA chief Krebs after report that he expects to be fired Trump goes to DEF CON to explain election loss - Risky Business After Trump tweets Defcon hacking video, voting security experts call BS | Ars Technica TikTok gets extensions on US sale order, ban enforcement The untold story of a cyberattack, a hospital and a dying woman | WIRED UK The ransomware landscape is more crowded than you think | ZDNet Video game company Capcom details attack, data breach by ransomware gang Recent ransomware wave targeting Israel linked to Iranian threat actors | ZDNet Australian government warns of possible ransomware attacks on health sector | ZDNet Microsoft says three APTs have targeted seven COVID-19 vaccine makers | ZDNet BlackBerry discovers new hacker-for-hire mercenary group | ZDNet Mac certificate check stokes fears that Apple logs every app you run | Ars Technica Apple lets some Big Sur network traffic bypass firewalls | Ars Technica How the U.S. Military Buys Location Data from Ordinary Apps Muslim Pro Stops Sharing Location Data After Motherboard Investigation The iOS Covid App Ecosystem Has Become a Privacy Minefield | WIRED Australia eyes payment card data for contact tracing - Risky Business Bumble Vulnerabilities Put Facebook Likes, Locations And Pictures Of 95 Million Daters At Risk Twitter hires influential hacker Peiter ‘Mudge’ Zatko as security boss SAD DNS: Researchers pull source code as DNS cache poisoning technique deemed ‘too dangerous’ | The Daily Swig SAD DNS Facebook link preview feature used as a proxy in website-scraping scheme | ZDNet FIN7 recruiter Andrii Kolpakov pleads guilty to role in global hacking scheme Hackers can use just-fixed Intel bugs to install malicious firmware on PCs | Ars Technica Citrix patches RCE flaw in SD-WAN Center that could lead to network takeover | The Daily Swig Google patches two more Chrome zero-days | ZDNet Chrome 87 released with fix for NAT Slipstream attacks, broader FTP deprecation | ZDNet