On this week’s show Patrick and Adam discuss the week’s security news, including:
- The FTI report on the Bezos incident is a massive let down
- UK lets Huawei into 5G build
- SeaTurtle campaign pinned on Turkey
- Mitsubishi owned through its AV solution
- Ransomware crews owning unpatched Citrix boxes
- Much, much more.
This week’s sponsor guest is Sherrod DeGrippo of Proofpoint. She’s a senior director of threat research there and she’ll be along to talk about the Emotet malware. Despite being spray and pray malware, it’s pretty successful because it operates at such ridiculous scale. Sherrod joins us with details.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- The big questions from FTI's report on the Jeff Bezos hack
- Some Directions for Further Investigation in the Bezos Hack Case
- A timeline of events surrounding the Bezos phone hack | ZDNet
- (10) Bill Marczak on Twitter: "FTI can no longer credibly avoid decrypting the encrypted video that MbS sent to Bezos. Previously, FTI would have had to click on the 1st Google result for "how to decrypt enc whatsapp" (hard, I know), but now @dinodaizovi put everything in a GitHub repo! https://t.co/3dnFgURRyU" / Twitter
- Hack of Jeff Bezos' phone likely happened through Saudi crown prince, analysts tell UN - CyberScoop
- Here Is the Technical Report Suggesting Saudi Arabia’s Prince Hacked Jeff Bezos’ Phone - VICE
- Everything We Know About the Jeff Bezos Phone Hack | WIRED
- FTI-Report-into-Jeff-Bezos-Phone-Hack.pdf
- Stopping the Press: New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator - The Citizen Lab
- New U.S. law requires government to report risks of overseas activities by ex-spies - Reuters
- UK won't ban Huawei in British 5G technology, defying U.S. warnings - CyberScoop
- Exclusive: Hackers acting in Turkey's interests believed to be behind recent cyberattacks - sources - Reuters
- Trend Micro antivirus zero-day used in Mitsubishi Electric hack | ZDNet
- Fortinet removes SSH and database backdoors from its SIEM product | ZDNet
- Hackers target unpatched Citrix servers to deploy ransomware | ZDNet
- Tampa Bay Times struck by ransomware, joining a growing club of hacked media outlets
- The average ransom demand for a REvil ransomware infection is a whopping $260,000 | ZDNet
- Judge forces insurer to help small business to clean up after a crippling ransomware attack
- New York state wants to ban government agencies from paying ransomware demands | ZDNet
- Hackers hijack social media accounts for the NFL and 15 teams | ZDNet
- One Small Fix Would Curb Stingray Surveillance | WIRED
- Leaked Documents Expose the Secretive Market for Your Web Browsing Data - VICE
- Scraping the Web Is a Powerful Tool. Clearview AI Abused It | WIRED
- Mozilla has banned nearly 200 malicious Firefox add-ons over the last two weeks | ZDNet
- The Chrome Web Store is currently facing a wave of fraudulent transactions | ZDNet
- MDhex vulnerabilities impact GE patient vital signs monitoring devices | ZDNet
- Researchers set up a mock factory network — and watched the criminals rush in
- Microsoft to forcibly install Bing search extension in Chrome for Office 365 ProPlus users | ZDNet
- Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw | WIRED
- Magecart gang arrested in Indonesia | ZDNet
- DEF CON China conference put on hold due to coronavirus outbreak | ZDNet
- Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus | ZDNet
- LoRaWAN networks are spreading but security researchers say beware | ZDNet
- Wawa Breach May Have Compromised More Than 30 Million Payment Cards — Krebs on Security
- LabCorp security lapse exposed thousands of medical documents | TechCrunch
- TALOS-2019-0964 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
- oss-security - LPE and RCE in OpenSMTPD (CVE-2020-7247)
- Equifax Ordered to Spend $1 Billion on Data Security