Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Watering hole attacks are getting much better
• How Israel’s government used NSO to strengthen its diplomatic ties
• Randori sat on some PAN 0day. This is fine.
• Facebook outs state-backed ops
• FBi has unfortunate incident with its mail boxes
• Much, much more

This week’s sponsor interview is with HD Moore. He’s the founder of Rumble, the network asset discovery scanner, and he’s joining us to talk about some new tricks he’s added to the product, like integrations with cloud service APIs and external discovery products like Censys.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

• British news website was hacked to control readers' computers, report says
• Strategic web compromises in the Middle East with a pinch of Candiru | WeLiveSecurity
• Analyzing a watering hole campaign using macOS exploits
• Israel, spyware and corruption: NSO ties to Netanyahu, Bennett and other politicians - Israel News - Haaretz.com
• Pakistani hackers operated a fake app store to target former Afghan officials - The Record by Recorded Future
• Exclusive: A Cyber Mercenary Is Hacking The Google And Telegram Accounts Of Presidential Candidates, Journalists And Doctors
• New Moses Staff group targets Israeli organizations in destructive attacks - The Record by Recorded Future
• Kevin Beaumont on Twitter: "Pay attention to this one when it’s out. I haven’t seen it, but it’s possible to use BitLocker to remotely (re)encrypt every endpoint in AD in a way that only the attacker can decrypt… and it bypasses sec solutions. So I imagine it’s that." / Twitter
• Hacker sends spam to 100,000 from FBI email address
• Booking.com was reportedly hacked by a US intel agency but never told customers | Ars Technica
• ‘Ghostwriter’ Looks Like a Purely Russian Op—Except It's Not | WIRED
• Emotet botnet returns after law enforcement mass-uninstall operation - The Record by Recorded Future
• Canadian health systems recovering from breach that forced thousands of appointment cancellations
• Dustin Volz on Twitter: "@riskybusiness @DAlperovitch I think folks outside government can also underestimate how much agencies rehearse talking points and in testimony like this and try to be always on the same page—unless they don’t want to be. And that adds to the sense of “conflict” or “disagreement” for some of us." / Twitter
• CERT-PL employees rally around politically-dismissed chief - The Record by Recorded Future
• US detains crypto-exchange exec for helping Ryuk ransomware gang launder profits - The Record by Recorded Future
• Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating | Ars Technica
• DDR4 memory protections are broken wide open by new Rowhammer technique | Ars Technica
• New secret-spilling hole in Intel CPUs sends company patching (again) | Ars Technica
• GoCD bug chain provides second springboard for supply chain attacks | The Daily Swig
• ‘Add yourself as super admin’ – Researcher details easy-to-exploit bug that exposed GSuite accounts to full takeover | The Daily Swig
• Adult cam site StripChat exposes the data of millions of users and cam models - The Record by Recorded Future
• Hundreds of WordPress sites defaced in fake ransomware attacks - The Record by Recorded Future