On this week’s show Patrick and Adam discuss the week’s security news, including:
The latest on the EncroChat hack-related arrests
Details about the fresh F5 and Citrix bugs
Natanz go boom
Paying Wastedlocker ransoms violates Treasury sanctions
North Korea embraces Magecart (lol)
Much, much more…
This week’s show is brought to you by Cmd Security. They make a very useful Linux security agent. Essentially they add an additional layer of control to your Linux systems: you can restrict user actions, even for root.
Instead of having one of their own staff on to the show this week they’ve nominated a customer. HPE is a Cmd user, they actually heard about it on the podcast and wound up buying it. So HPE ITOC engineering lead Adam Cardillo and his colleague Curtis Simpson – the ITOC CISO – will both join us in this week’s sponsor interview to talk about how they’re using the software.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
VICE - How Police Secretly Took Over a Global Phone Network for Organized Crime
Dutch police find 'torture chamber' with dentist chair after encrypted phones are cracked - ABC News
The network devices are revolting - Risky Business
Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment | WIRED
Hackers are trying to steal admin passwords from F5 BIG-IP devices | ZDNet
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC) – Fox-IT International blog
Iran blasts: What is behind mysterious fires at key sites? - BBC News
Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: WastedLocker Goes "Big-Game Hunting" in 2020
Senator warns of political pressure on U.S. probe into hackers of green groups - Reuters
North Korean hackers linked to web skimming (Magecart) attacks, report says | ZDNet
Connection discovered between Chinese hacker group APT15 and defense contractor | ZDNet
Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn | ZDNet
Feds indict 'fxmsp' in connection with million-dollar hacking operation
US Secret Service reports an increase in hacked managed service providers (MSPs) | ZDNet
Google, Facebook and Twitter Suspend Review of Hong Kong Requests for User Data - WSJ
US tech giants halt Hong Kong police help | TechCrunch
Senate panel advances bill to combat child exploitation, but critics fear it could weaken encryption
(8) Michael Salter on Twitter: "Hard to find media coverage of the EARN IT act that recognises online child abuse as a major social problem that tech companies have an obligation to resolve. Too many journos are repeating industry and astroturfed talking points." / Twitter
(8) Jennifer Hansler on Twitter: ".@SecPompeo says the US is "certainly looking at" banning Chinese social media apps, including TikTok. "I don’t want to get out in front of the President, but it’s something we’re looking at,” he says" / Twitter
German authorities seize 'BlueLeaks' server that hosted data on US cops | ZDNet
Facebook reinstates NSO Group employee accounts amid ongoing lawsuit
Hole-y Guacamole: Flaws in Apache remote desktop tech exposed by new research | The Daily Swig
Microsoft touts free malware-busting virtual machine forensics service | The Daily Swig
Unscheduled fixes released for critical flaw in optional Windows codec | Ars Technica
(1) Wayne Jordan on Twitter: "MS possibly addressing our E5 Azure app (OAuth) granularity concerns with this preview? @riskybusiness https://t.co/MWbUmNipsO" / Twitter
Alexa OBrien › US v. Assange – Superseding Indictment No. 2 Breakdown – Updated
This podcast is brought to you by the William and Flora Hewlett Foundation. The Foundation funds a lot of interesting people and work in the cybersecurity space and they’re supporting this special podcast series examining topics of interest to cyber policy makers.
In this podcast we’re going to hear from Alexa O’Brien. She’s currently studying a Masters in Applied Intelligence at Georgetown University. She’s also working on an ethical framework for the applied intelligence discipline – collection, analysis and the like – for media practitioners.
Alexa is also a journalist. Her most recent major work is a July 2019 analysis of the US media’s coverage of civilian harm in the war against ISIS, I’ve linked through to that in the show notes below.
Before she worked as an established journalist, Alexa covered Chelsea Manning’s trial at Fort Meade on her blog. Her transcript of the proceedings were a tremendous help to the wider media, and it was this work that briefly pulled her into the Wikileaks “scene”.
It wasn’t a good fit.
Alexa joined me for this freewheeling discussion about intelligence, ethics, moral authority and signs that not everything is as it seems in the Wikileaks universe.
Jeremy Scahill is back. Well, sort of. He passes the reins over to Intercepted's producers. A recent report from Airwars investigates the incredibly thin media coverage of civilian harm during the U.S. war against ISIS. The author of that report, investigative researcher Alexa O'Brien, shares her findings with associate producer Elise Swain. Lead producer Jack D'Isidoro interviews Wilfred Chan, who dives deep into the pro-democracy uprising in Hong Kong and explores the protesters' demands. The Intercept's Jordan Smith discusses the first abortion case before the Supreme Court since Trump’s new appointments with producer Laura Flynn. They analyze the latest in the war against women's reproductive rights.
See acast.com/privacy for privacy and opt-out information.
We’re joined by journalist Alexa O’Brien and Chris Woods, the founder and director of Airwars. They published a report in July that revealed big gaps in Western media coverage of civilian harm from the U.S.-led airstrike campaign against the Islamic State in Iraq and Syria. Find that report online here: https://airwars.org/report/news-in-brief-us-media-coverage-of-civilian-harm/