Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Here's the Latest Episode from Risky Business:
This is not the regular Risky Business weekly show, the Soap Box series of podcasts that run on Risky.Biz are wholly sponsored. Everyone you hear in Soap Box paid to be here.
With that disclaimer out of the way, this is actually a really interesting conversation. Carsten Willems is the co-founder and CEO of VMRay, a company that makes… well.. what do you call it? Is it an incident response tool? Is it a detection tool? Or is it just a good hypervisor-based sandbox that you can use to do both of those things?
I’m going to say it’s the third – VMRay is a company that makes a great hyper-visor sandbox and has applied that technology to both response and detection.
In an ideal world you’d have a team of malware reversers on staff pulling apart every single binary that looks shady. But this isn’t a perfect world, so that’s never going to happen. So the original use case that Carsten and his team set out to solve was around automating malware reversing. They build a hyper-visor based sandbox that’s very hard to bypass, you can run your standard build on it, throw binaries and documents at it and see what blows up. That’s really the primary use case here.
But there is a second use case, which is detection. VMRay can give you a pretty decent risk score on samples, and they’ve entered into a few OEM arrangements with vendors to provide that extra level of detection.
I’d never met Carsten Willems before we prepared this podcast, but it’s safe to say we hit it off. This podcast basically turned into Carsten telling his story, the story of where VMRay came from and where he wants it to go. Enjoy!
On this week’s show Patrick and Adam talk through all the week’s security news, including:
- New executive order paved way for Huawei ban
- Google pulls service from Huawei
- No wait, that’s not right, it’s for new handsets
- The ban’s now reversed to allow them to continue the support that they didn’t have to discontinue?
- I’m so confused
- Israeli broadcaster fingers Hamas over Eurovision coverage hack
- New moves to regulate offensive cyber services
- Salesforce has a bad time
- Instagram influencers have a bad time (Hah!)
- OGUsers pwned
- Much, much more
This week’s show is brought to you by CMD Security. They make security software for Linux that does two things – firstly it gives you visibility into what’s happening on your Linux workloads, which actions are being performed by which accounts, that sort of thing. The second thing it does is allow you to lock down accounts by action, rather than by traditional privilege. They’re funded by Google Ventures, among others, and although they’re a relatively small and new company I think they’re going to do really well.
Jake was just at a MITRE conference in Brussels that was all about the Attack Matrix. He’s joining me this week to have a bit of talk about his experience at that event, then we’ll be talking through some of the issues he’s seeing out there in Linux cloud workload land. Jake’s a great communicator and a very smart guy and that interview is a lot of fun.
- White House executive order sets path for ban on Huawei
- Exclusive: Google suspends some business with Huawei after Trump blacklist - source - Reuters
- Google's Huawei Android restrictions: what does it mean for you? [Updated] | TechRadar
- Trump grants temporary reprieve from Huawei ban | Financial Times
- Israel’s national broadcaster accuses Hamas of Eurovision hack | Jewish News
- Lawmakers seek probe on U.S. hacking services sold globally - Reuters
- U.S. lawmakers call on spy chief to rein in spread of hacking tools - Reuters
- Facebook bans Israeli company that's been sharing disinfo on West African politics
- Faulty database script brings Salesforce to its knees | ZDNet
- Millions of Instagram influencers had their private contact data scraped and exposed | TechCrunch
- Account Hijacking Forum OGusers Hacked — Krebs on Security
- The Most Expensive Lesson Of My Life: Details of SIM port hack
- Chinese cyberspies breached TeamViewer in 2016 | ZDNet
- Baltimore ransomware nightmare could last weeks more, with big consequences | Ars Technica
- Ohio school sends students home because of Trickbot malware infection | ZDNet
- Google Will Replace Titan Security Key Over a Bluetooth Flaw | WIRED
- Bluetooth's Complexity Has Become a Security Risk | WIRED
- First official version of Tor Browser for Android released on the Play Store | ZDNet
- Root account misconfigurations found in 20% of top 1,000 Docker containers | ZDNet
- The Crowd, The Source… – CTUS.IO
- New windows LPE from non-admin :) : AskNetsec
- How CSIRO Computers Were Secretly Used To Mine Bitcoin | 10 daily
- Company behind LeakedSource pleads guilty in Canada | ZDNet
- Bots Tampering with TLS to Avoid Detection - Akamai Security Intelligence and Threat Research Blog
- Hackers abuse ASUS cloud service to install backdoor on users’ PCs | Ars Technica
- The radio navigation planes use to land safely is insecure and can be hacked | Ars Technica
- 1801 - Visual Voicemail for iPhone: Use-after-free in IMAP NAMESPACE processing - project-zero - Monorail
- Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site
- Microsoft releases new version of Attack Surface Analyzer utility | ZDNet
- Cisco Upgrades Remote Code Execution Flaws to Critical Severity
- Additional mitigations for speculative execution vulnerabilities in Intel CPUs - Apple Support
- AT&T Homepage Mistakenly Warns Users of a Non-Existent Data Breach - VICE
- Encryption fix may now be dead - InnovationsAus.com
- Request a live demo_
This isn’t our weekly news and current affairs show, this is a wholly sponsored podcast we do here at Risky Biz. The idea behind Soap Box is vendors pay to come on to the show and talk about the things they want to talk about.
Today’s Soap Box is brought to you by Signal Sciences. If you’re not familiar with them, they make web security software. If you operate a website and you’re looking to auto-block a lot of the common attacks and attack techniques that are likely to be directed against your website, then Signal Sciences are definitely worth a look.
Their whole pitch is really about making software that’s easy to deploy. You just drop it on your web server or run it as a WAF proxy, and bang, you’re done. Most of their clients run this software in full blocking mode out of the gate and don’t have any issues.
It’s really, really good at blocking stuff like cred stuffing and weird bot activity, as well as your typical OWASPY-style attacks.
Signal Sciences Trusted Appsec Advisor Phillip Maddux is our guest today. We spoke about a bunch of stuff really: the future of appsec, how the pivot to serverless is changing things. Then we talk about app-layer deception, and finally Phillip basically takes a dump on the bulk of RASP solutions out there.
On this week’s show Patrick and Adam talk through all the week’s security news, including:
- NSO Group WhatsApp vuln coverage goes nuclear
- Activists targeted by NSO malware in hiding in west after CIA tipoffs
- Cisco Trust Anchor drags on sea floor
- Linux kernel bugs likely overhyped
- Adobe patches insane number of CVEs
- Microsoft patches rumoured GCHQ VEP’d RDP bug
- New hardware bugs affect Intel processors
- SHA-1 collisions become much more practical
- Major US anti-virus firms owned hard
This week’s sponsor interview with Ryan Kalember of Proofpoint. Ryan is a listener, and when he heard Adam talking about how password rotations actually result in crappy passwords, it hit a nerve with him. He says Proofpoint, via its CASBY product, is seeing a lot of targeted credential stuffing campaigns cycling through variations of passwords that have appeared in dumps.
Apparently the bad guys are hip to what a typical password rotation variation looks like and they’re using this knowledge to better direct their cred stuffing attempts.
- How Hackers Broke WhatsApp With Just a Phone Call | WIRED
- Israel gives 'Pegasus' spyware to countries like Saudi Arabia
- CIA Sent Warnings to 3 Khashoggi Associates About New Saudi Threats | Time
- WhatsApp Hack Shows End-to-End Encryption Is Pointless - Bloomberg
- The NSO WhatsApp Vulnerability - This is How It Happened - Check Point Research
- It’s Almost Impossible to Tell if Your iPhone Has Been Hacked - VICE
- Human rights groups to ask Israeli court to revoke NSO Group’s export license
- A Cisco Router Bug Has Massive Global Implications | WIRED
- Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution
- Security Updates Released for Adobe Flash Player, Reader, and Media Encoder
- Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003 — Krebs on Security
- Microsoft SharePoint vulnerability allows hackers to sift through servers, Saudi authorities warn
- Two years after WannaCry, a million computers remain at risk | TechCrunch
- Intel CPUs impacted by new Zombieload side-channel attack | ZDNet
- ZombieLoad attack lets hackers steal data from Intel chips - The Verge
- Patch status for the new MDS attacks against Intel CPUs | ZDNet
- SHA-1 collision attacks are now actually practical and a looming danger | ZDNet
- NVIDIA Patches High Severity Windows GPU Display Driver Flaws
- Keyloggers Injected in Web Trust Seal Supply Chain Attack
- Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond
- New Details Emerge of Fxmsp's Hacking of Antivirus Companies
- DOJ Says Chinese Hackers Attacked Anthem, but Not Why | WIRED
- “RobbinHood” ransomware takes down Baltimore City government networks | Ars Technica
- Julian Assange to face revived rape investigation in Sweden
- Former NSA analyst charged in leak of classified documents to reporter
- New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web | ZDNet
- Jokeroo Ransomware as a Service Pulls an Exit Scam
- Nigerian BEC Scammers Shifting to RATs As Tool of Choice
- Mozilla offers research grant for a way to embed Tor inside Firefox | ZDNet
- Experts Doubt Russian Claims That Cryptographic Flaw Was a Coincidence - VICE
- Microsoft recommends using a separate device for administrative tasks | ZDNet
- Unsecured server exposes data for 85% of all Panama citizens | ZDNet
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- IDF takes out Hamas cyber HQ (Features commentary from Bobby Chesney and Klon Kitchen)
- NYTimes mangles Symantec’s “Buckeye” research
- Lots of dark web arrests
- SAP exploits not all they’re cracked up to be
- Magecart-style attacks spread to other platforms
- Tech-led crackdown on Chinese-muslims intensifies
- Japan to create “defensive malware”
This week’s sponsor interview is with Duo Security advisory CSO Richard Archdeacon and we’ll be talking about zero trust networks. Richard isn’t so worried about every vendor under the sun claiming to be a zero trust tech company. He doesn’t think that’s going to derail the move to zero trust architectures because the move towards them is too strong.
- Israel Defense Forces on Twitter: "CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.… https://t.co/rL86R93V7P"
- Crossing a Cyber Rubicon? Overreactions to the IDF’s Strike on the Hamas Cyber Facility - Lawfare
- Daniel Moore on Twitter: "It's also possible that they claim this is a kinetic response to a cyber-attack, but in reality the IDF is just bombing more convenient, low-risk elements of Hamas out of its extensive target bank. So possibly more capitalising on an opportunity than direct retaliation.… https://t.co/uFSn4Ql8Nu"
- Inbar Raz on Twitter: "If there had been only one strike, and it had been directed at the Cyber unit, then that would have been a remarkable and unusual event. But it wasn’t. It’s just one more building with “Hamas” written all over it. 3/N… https://t.co/hPfy1ulmsE"
- Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak | Symantec Blogs
- How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks - The New York Times
- A Mysterious Hacker Group Is On a Supply Chain Hijacking Spree | WIRED
- FBI has seized Deep Dot Web and arrested its administrators | TechCrunch
- Law enforcement seizes dark web market after moderator leaks backend credentials | ZDNet
- Public 10KBLAZE Exploits May Impact 90% of SAP Production Systems
- sap_ms/README.md at master · gelim/sap_ms · GitHub
- A hacker is wiping Git repositories and asking for a ransom | ZDNet
- Mysterious hacker has been selling Windows 0-days to APT groups for three years | ZDNet
- China uses biometrics and digital scanning 'data doors' to track Muslim minority | ZDNet
- Uyghurs the People of Xinjiang - Rear Vision - ABC Radio National (Australian Broadcasting Corporation)
- CIA sets up shop on the anonymous, encrypted Tor network - CNET
- China making 'rapid progress' on potency of cyber-operations, Pentagon says
- Japanese government to create and maintain defensive malware | ZDNet
- Hacker takes over 29 IoT botnets | ZDNet
- Only six TSA staffers are overseeing US oil & gas pipeline security | ZDNet
- Dutch intelligence warns of escalating Russian, Chinese cyberattacks in the Netherlands
- NSA unmasked more U.S. entities caught in foreign cyber-espionage efforts last year
- WordPress finally gets the security features a third of the Internet deserves | ZDNet
- Verizon, T-Mobile, Sprint, and AT&T Hit With Class Action Lawsuit Over Selling Customers’ Location Data - VICE
- Firefox add-ons disabled en masse after Mozilla certificate issue | ZDNet
- Labor asks questions of WeChat over doctored accounts, 'fake news'
- Evil Clippy Makes Malicious Office Docs that Dodge Detection
- Dell laptops and computers vulnerable to remote hijacks | ZDNet
- AWS IAM Exploitation – Security Risk Advisors
- Zero Trust Evaluation Guide: For the Workforce | Duo Security
This isn’t the regular weekly risky biz news and current affairs show, this is the special podcast series we do here at Risky Biz HQ where we take that dirty, dirty vendor cash and let security companies tell the audience all about what they do. Think of it as show and tell for security vendors!
In this edition we’ve got three more vendors vying for your hard-earned bread. We’ll be hearing from Rapid7 on their InsightConnect product, that one used to be known as Komand. What can you automate and orchestrate with it? How does it work? Who’s using it? What are they doing with it?
Then we’ll be hearing from Trend Micro about their O365 mail security product, and this one is legit interesting for one very simple reason – the deployment method. Most of the mail security firms basically make you route your mail through them.
In this case what Trend has done is create a mail security product that just fiddles with your mailboxes through the Microsoft O365 API. They have literally set up a demo account for an enterprise over a beer at a bar. So yeah, I suspect we’ll be seeing more mail security products deploying this way… and because it’s show and tell, Trend will be along to talk about some of the bells and whistles that come with that product.
Then finally we’ll be hearing from Cybermerc. This is a group based out of Canberra in Australia. They’ve done a lot of enterprise deception hybrid hardware/consulting, that’s something they’ve gotten very good at. They also do a lot of cyber cyber training, but now they’re trying to market a managed service towards small to medium businesses – those with 50 to a few hundred seats. A managed honeypot, some internal vuln scans, and a partridge in a pear tree!
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Docker Hub owned
- That Confluence bug we were talking about a couple of weeks ago got wormified
- Oracle WebLogic users also having a bad time
- Cloudflare faces investor pressure over providing services to Nazis
- Slack warns investors of possible nation-state attacks against it
- Norsk Hydro puts dollar value on ransomware incident
- Bloomberg publishes another ridiculous security story
- Much, much more!
This week’s sponsor interview is with Casey Ellis, the CTO and co-founder of Bugcrowd.
As most of you are probably aware, Bugcrowd announced its so-called “next generation penetration testing” product last year, a move followed some months later by its competitor HackerOne. With others in the bounty space already offering these types of penetration testing packages, it looks like these efforts are here to stay.
But where do crowdsourced penetration tests sit in the wider penetration testing market? Are they coming after the Insomnia and Atredis Partners type firms? The NCCs? The shonky nessus-scan “penetration testers”? Well, not surprisingly Casey argues that this is a new sub-niche in the market and he makes a pretty compelling case to support that argument.
- Docker Hub hack exposed data of 190,000 users | ZDNet
- two-factor authentication · Issue #358 · docker/hub-feedback · GitHub
- Slack warns investors of a high risk of cyber-attacks impacting stock performance | ZDNet
- Vulnerable Confluence Servers Get Infected with Ransomware, Trojans
- Recent Oracle WebLogic zero-day used to infect servers with ransomware | ZDNet
- Norsk Hydro: Attack Cost $50M « isssource.com
- The SIM Swap Fix That the US Isn't Using | WIRED
- California synagogue shooting casts harsh light on mutual-fund darling Cloudflare - Reuters
- Sleeping Giants on Twitter: "REMINDER: 8Chan, where the anti-Semitic shooter from today AND the New Zealand shooter posted manifestos and their fans cheer the killings, is protected by @Cloudflare and their CEO @eastdakota, who doesn’t have any regrets about it at all.… https://t.co/8XKghBMW94"
- Catalin Cimpanu on Twitter: "Today in infosec news: Another low-quality Bloomberg article where the reporter converts a random 10-year-old long-time-patched vulnerability into a national security threat.... because Bloomberg reporters get paid for "market-shifting news" ....which means "horrendous clickbait"… https://t.co/3IOoj08g0Q"
- Oh dear. Secret Huawei enterprise router snoop 'backdoor' was Telnet service, sighs Vodafone • The Register
- Man who allegedly leaked CIA hacking tools says he's been tortured and is owed $50 billion
- Hackers Steal and Ransom Financial Data Related to Some of the World’s Largest Companies - Motherboard
- NSA's Russian cyberthreat task force is now permanent
- DNS hacks are attacks on critical infrastructure, senior U.S. diplomat says
- New DHS order pushes agencies to quickly patch vulnerabilities
- Microsoft is considering dropping its Windows password expiration policy | TechCrunch
- Microsoft Outlook Email Breach Targeted Cryptocurrency Users - Motherboard
- Chinese dev jailed and fined for posting DJI's private keys on Github • The Register
- Probable Russian Navy covert camera whale discovered by Norwegians | Ars Technica
- CARBANAK Week Part Four: The CARBANAK Desktop Video Player « CARBANAK Week Part Four: The CARBANAK Desktop Video Player | FireEye Inc
- Port Scanning, Spoofing & Blacklists – notdan – Medium
- Bat bomb - Wikipedia
- Project Pigeon - Wikipedia
- Next Gen Pen Testing
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Marcus Hutchins faces his milkshake duck moment
- Iranian APT crew gets Shadowbrokersed
- DNS interference campaign is actually two large-scale actors
- UK to use some Huawei components in 5G build
- French Government launches comms app for politicians, it doesn’t go well
- More detail on CCleaner/ASUS crew
- Carbanak source found on VT (lol)
- Wall Street Market exit scams
- BEC costing US firms $1.3bn PA
- Much MOAR!
This week’s show is brought to you by Signal Sciences, their CEO Andrew Peterson will be along in this week’s sponsor interview to have a bit of a chat about how a lot of traditional enterprises are running serious business web app shops these days.
- Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware — Krebs on Security
- filsy on Twitter: "The whole internet loves MalwareShake Duck, a lovely duck that saved the internet. *12 months later* We regret to inform you that the duck was the author of malware that stole your grandmothers lifesavings."
- A Mystery Agent Is Doxing Iran's Hackers and Dumping Their Code | WIRED
- Patrick Gray on Twitter: "This development raises serious questions, like: 1. When will SIGINT agencies start publishing zines? 2. Which nation state actors will produce the best defacement art and smack talk?"
- Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: DNS Hijacking Abuses Trust In Core Internet Service
- Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: DNSpionage brings out the Karkoff
- Wipro Intruders Targeted Other Major IT Firms — Krebs on Security
- The Weather Channel goes off the air for 90 minutes after ransomware infection | ZDNet
- Manufacturing giant Aebi Schmidt hit by ransomware | TechCrunch
- Huawei will help build Britain’s 5G network, despite security concerns - The Verge
- U.S. and British Intelligence Agencies Downplay Disagreement Over Huawei 5G
- Huawei frustration boils over as CIA allegedly shows the goods | Telecoms.com
- French government releases in-house IM app to replace WhatsApp and Telegram use | ZDNet
- Congress sends letter to Google for details on Sensorvault location tracking database | ZDNet
- Supply Chain Hackers Snuck Malware Into Videogames | WIRED
- Source code of Carbanak trojan found on VirusTotal | ZDNet
- A 'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions | WIRED
- Another dark web marketplace bites the dust --Wall Street Market | ZDNet
- FBI: US companies lost $1.3 billion in 2018 due to BEC scams | ZDNet
- Security flaw lets attackers recover private keys from Qualcomm chips | ZDNet
- Security flaw in EA’s Origin client exposed gamers to hackers | TechCrunch
- RCE in EA's Origin Desktop Client – Underdog Security – Our blog...
- More Security Endpoint Tech Isn't Always Better | Decipher
- Chaos on Twitter: "last week i got to witness an engineering department lose a full day's work because if you put an emoji in a git commit message, Atlassian Bamboo chokes on it forever and you're forced to rebase master, like you should NEVER DO. this was of course referred to as The Emojiency"
- Australian Lime Scooters Hacked To Say Sexual Things To Riders | Gizmodo Australia
- Demand More from Your Web Application Security | Signal Sciences
On this edition of Snake Oilers you’ll be hearing from three vendors offering what I believe to be excellent security technology. I haven’t personally used this tech, but conceptually everything featured in this edition is The Good Stuff. You’ll see. Or hear. You know what I mean.
First up we’ll be hearing from CMD, they make killer software for Linux that lets you lock down account actions. Not permissions, actions. Do all the default and service accounts you have to run on your Linux fleet terrify you? Well, this is a solution for that. There’s a visibility component there, too.
Then we’ll be hearing from AlphaSOC. When we last spoke to them they were just doing domain-based analytics, but they’ve expanded their tech and now offer IP-based and http request-based analytics. You can deploy AlphaSOC as a Splunk app or hook up to their API any other way you want. They’re offering free trials, but even when you’re on the paid service it’s actually pretty affordable.
The brain behind AlphaSOC is Chris McNab who used to run incident response at NCC Group. He’s seen how the planes crash into the mountains and he has created a product that performs eminently sensible analysis on your traffic and metadata to alert you to badness.
Then finally we’ll be hearing from Nucleus. This is a new company and if your job is managing vulnerabilities and vuln scanners in your org then straight up, just skip to the Nucleus interview immediately. They’ve created a web app that normalises vulnerability scanning information. It’ll take the outputs from Snyk, Rapid7, Checkmarx, Netsparker, OpenVAS, Twistlock, Fortify, Burp Suite, Nessus, Qualys, Acunetix AND others.
It ingests all of this data, normalises it, then plumbs these alerts through to the right people through a multitude of different ticketing systems. If your’e stuck in the 7th layer of Sharepoint or Spreadsheet vulnerability management hell, this is a solution to your problems. You will weep salty tears of joy when you hear this one. Free trials of Nucleus are also available.
Links to the companies featured are below!
On this week’s show Adam Boileau and Patrick Gray discuss the week’s security news:
- Julian Assange arrested, likely to be extradited to the USA
- Krebs: Breach at outsourcing firm Wipro
- WordPress 0day drama causing serious headaches
- Silk Road 2’s “DPR2” sent to slammer
- More from Kaspersky SAS
This week’s show is brought to you by Thinkst Canary! Thinkst founder Haroon Meer will be along in this week’s show to talk about the effect venture capital is having on the security ecosystem. He thinks VC money often makes weak ideas look strong, and in a market where it’s quite difficult to make informed purchasing decisions, that’s not a good thing.
- Breaking Down the Julian Assange Hacking Case | WIRED
- Experts: Breach at IT Outsourcing Giant Wipro — Krebs on Security
- Silk Road 2 Founder Dread Pirate Roberts 2 Caught, Jailed for 5 Years - Motherboard
- Chinese woman arrested at Mar-a-Lago 'up to something,' denied bail: judge - Reuters
- A security researcher with a grudge is dropping Web 0days on innocent users | Ars Technica
- Mailgun hacked part of massive attack on WordPress sites | ZDNet
- PPD-20 successor has yielded ‘operational success,’ Federal CISO says
- A Peek Into the Toolkit of the Dangerous 'Triton' Hackers | WIRED
- DHS, FBI say election systems in all 50 states were targeted in 2016 | Ars Technica
- Quasi-Russian upstart reportedly targeted Ukraine in cyber-espionage campaign
- Patrick Gray 🥚 on Twitter: "Great scoop from @Commsday Looks like @ASDGovAu is going to rip up its contract with @Cloudflare because they host Nazi forums.… https://t.co/uhqC2EIVbY"
- Dragonblood vulnerabilities disclosed in WiFi WPA3 standard | ZDNet
- Confluence Security Advisory - 2019-03-20 - Atlassian Documentation
- A New Breed of ATM Hackers Gets in Through a Bank’s Network | WIRED
- Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years | WIRED
- Kaspersky: 70 percent of attacks now target Office vulnerabilities | ZDNet
- EU: No evidence of Kaspersky spying despite 'confirmed malicious' classification | ZDNet
- DHS alerts industry to insecure enterprise VPN apps
- Shimo VPN service contains six unpatched vulnerabilities, Talos discovers
- ‘Land Lordz’ Service Powers Airbnb Scams — Krebs on Security
- Hackers publish personal data on thousands of US police officers and federal agents | TechCrunch
- Former Senate IT intern admits to doxing US senators on Twitter and Wikipedia | ZDNet
- A hacker has dumped nearly one billion user records over the past two months | ZDNet
- Google DLP Makes It Easier to Safeguard Sensitive Data Troves | WIRED
- Microsoft Email Hack Shows the Lurking Danger of Customer Support | WIRED
- Fortinet settles charges of selling intentionally mislabeled Chinese-made tech to U.S. military
- Security Engineer, Detection - Google - Sydney NSW, Australia - Google Careers
- Security Engineer, Information Security and Privacy Incident Response - Google - Sydney NSW, Australia - Google Careers
- Thinkst Canary
In this week’s show Patrick Gray and Adam Boileau recap all the infosec news of the last three weeks, including:
- Chinese woman arrested at Mar-a-Lago being very shady
- The ASUS supply chain attack
- Flame-related malware lived on longer than expected
- boostrap-sass Ruby gem backdoored
- Latest on Norsk Hydro and other victims of the same crew
- More trouble at Toyota
- Huawei spanked by UK oversight panel
- Exodus govvie malware affects Android and iOS
- Plus much, much more
This week’s sponsor interview is with Kumud Kalia, the Chief Information and Technology Officer of Cylance. They actually dropped a really interesting product announcement at RSA a few weeks back and Kumud will be along later on to tell us about that. The tl;dr it’s an agent that models endpoint behaviour so when someone - or something - else starts using that endpoint to do things that don’t fit the user profile, action can be taken.
It’s the type of tech concept that normally belongs in academic papers, not in actual products people can actually buy. That’s an interesting chat.
- Feds: Woman arrested at Mar-a-Lago had hidden-camera detector | Miami Herald
- Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers - Motherboard
- ASUS releases fix for Live Update tool abused in ShadowHammer attack | ZDNet
- Researchers publish list of MAC addresses targeted in ASUS hack | ZDNet
- Nation-state hacking kit ‘Flame’ had a second life, researchers say
- Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem | Snyk
- Norsk Hydro ransomware incident losses reach $40 million after one week | ZDNet
- Norsk Hydro will not pay ransom demand and will restore from backups | ZDNet
- Arizona Beverages knocked offline by ransomware attack | TechCrunch
- Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’ - Motherboard
- Toyota announces second security breach in the last five weeks | ZDNet
- Huawei's Problem Isn't Chinese Backdoors. It's Buggy Software | WIRED
- In issuing 5G recommendations, E.U. spurns U.S. hardline on Huawei
- Bezos’ Investigator Gavin de Becker Finds the Saudis Obtained the Amazon Chief’s Private Data
- NSO Group Says It Didn’t Hack Jeff Bezos On Behalf of Saudi Arabia - Motherboard
- 'Exodus' Spyware Posed as a Legit iOS App | WIRED
- Former NSA spies hacked BBC host, Al Jazeera chairman for UAE
- Lazarus rises in Israel with attempted hack of defense company, researchers say
- Defense Ministry rebukes Israeli spy tech company for unlawful exports | The Times of Israel
- Islamic State's collapse hastened with help of Australian cyber spies - ABC News (Australian Broadcasting Corporation)
- Company sues worker who fell for email scam - BBC News
- Utah Just Became a Leader in Digital Privacy | WIRED
- Office Depot rigged PC malware scans to sell unneeded $300 tech support | Ars Technica
- Microsoft warns Windows 7 users of looming end to security updates | TechCrunch
- Brace yourselves: Exploit published for serious Magento bug allowing card skimming [Updated] | Ars Technica
- Warfare Plugins on Twitter: "WE ARE AWARE OF A ZERO-DAY EXPLOIT AFFECTING SOCIAL WARFARE CURRENTLY BEING TAKEN ADVANTAGE OF IN THE WILD. Our developers are working to release a patch within the next hour. In the meantime, we recommend disabling the plugin. We will update you as soon as we know more."
- Pipdig Update: Dishonest Denials, Erased Evidence, and Ongoing Offenses
- Two serious WordPress plugin vulnerabilities are being exploited in the wild | Ars Technica
- Ex-NSA contractor pleads guilty to vast classified data leak, faces 9 years in prison
- Report deems Russia a pioneer in GPS spoofing attacks | ZDNet
- Above Us Only Stars - Exposing GPS Spoofing in Russia and Syria - Association of Old Crows
- Researchers find 36 new security flaws in LTE protocol | ZDNet
- AT&T, Comcast successfully test SHAKEN/STIR protocol for fighting robocalls | ZDNet
- Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years — Krebs on Security
- Third-Party Apps Exposed Over 540 Million Facebook Records | WIRED
- Man Behind Fatal ‘Swatting’ Gets 20 Years — Krebs on Security
- Top dark web marketplace will shut down next month | ZDNet
- Lithuanian man pleads guilty to scamming Google and Facebook out of $123 million | ZDNet
- China Considers Ban On Cryptocurrency Mining Because It's A Stupid Waste Of Energy | Gizmodo Australia
- Vigilantes Counter Christchurch Manifesto with Weaponized Version
- RedTeam Pentesting on Twitter: "We were also quite surprised to find this /etc/nginx.conf in 22.214.171.124… https://t.co/ymjjLM3eP7"
- Announcing QueryCon 2019 | Trail of Bits Blog
- PaperCall.io - QueryCon 2019
- QueryCon 2019 — Hosted by Trail of Bits, with Kolide and Carbon Black Tickets, Thu, Jun 20, 2019 at 9:00 AM | Eventbrite
This is a wholly sponsored podcast brought to you by Duo Security.
WebAuthn is a new multifactor authentication standard for the web that is all rooted in very smart encryption tech. Some of you would already be using similar authentication standards in apps without even thinking about it, like doing biometric authentication in your banking apps. You want to log in via your app and it scans your face to auth you, that sort of thing. WebAuthn makes those types of authentication actions available to users through the browser.
It’s now an official W3C standard supported by most browsers. It’s the future of auth on the Web.
Duo Security has been involved a little bit with the standards process and in this edition of the Soap Box podcast you’re going to hear a nearly hour long conversation between myself, Nick Steele and James Barclay who are Duo’s resident Webauthn dudes at Duo Labs.
I hope you enjoy this conversation.
- Touch ID and Beyond: Duo’s Plans for WebAuthn | Duo Security
- Guide to Web Authentication
- GitHub - duo-labs/android-webauthn-authenticator: A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification.
- Web Authentication: An API for accessing Public Key Credentials Level 1
In this week’s show Patrick Gray and Alex Stamos discuss the week’s news, as well as discussing the rise of white supremacist communities and propaganda on the Internet and what can be done about it.
- Norsk Hydro ransomwared
- Huawei ban gets more and more political
- APT40 hitting USA hard
- Cyber Command’s Euro road-trip
- Kremlin interference in EU elections extremely likely
- US Senators seek information on breaches targeting them
- Cloudflare won’t pull service from 8chan in wake of NZ attack
- Beto O’Rourke was cDc member
- New Mirari variant
- 150 million Android devices hosed by new malware
- Much, much more
This week’s show is brought to you by Chronicle Security! We’ll be joined by Chronicle co-founders Shapor Naghibzadeh and Mike Wiacek. They had a tremendously successful launch at RSA and they’re going to pop in to tell us about some near future plans they have for their Backstory product.
- Norsk Hydro Ransomware Attack Is `Severe' But All Too Common - Bloomberg
- Antivirus scan for c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15 at 2019-03-19 12:37:54 UTC - VirusTotal
- When Facebook Goes Down, Don't Blame Hackers | WIRED
- U.S. Campaign to Ban Huawei Overseas Stumbles as Allies Resist - The New York Times
- Navy, Industry Partners Are ‘Under Cyber Siege’ by Chinese Hackers, Review Asserts - WSJ
- Tim Watts MP on Twitter: "In a rambling and incoherent Op-Ed today, Barnaby Joyce, our former Deputy Prime Minister make a unilateral attribution of the recent incursions into Australia’s Parliamentry IT systems. The Morrison govt has not publicly attributed these incursions. https://t.co/lvaM0mjPnS… https://t.co/btgLqCdFBo"
- March for something that’s truly under threat: Western democracy
- Cyber Command’s midterm election work included trips to Ukraine, Montenegro, and North Macedonia
- Kremlin interference in EU vote is likely, says Estonian spy agency
- Report: Tech Company In Steele Dossier May Have Been Used To Support DNC Hack
- US senators want to know how many times they've been hacked | ZDNet
- After The New Zealand Terror Attack, Here’s Why 8chan Won’t Be Wiped From The Web
- How Right-Wing Social Media Site Gab Got Back Online | WIRED
- Parliament TV and Radio - New Zealand Parliament
- Facebook trolls and scammers from Kosovo are manipulating Australian users - ABC News (Australian Broadcasting Corporation)
- Optus, Telstra, Vodafone Block 8chan, 4chan For Christc... | 10 daily
- Dutton Wants To Rehash The Video Game Violence Debate After The NZ Attack
- Facebook failed to block 20% of uploaded New Zealand shooter videos | TechCrunch
- Beto O’Rourke’s secret membership in America’s oldest hacking group
- 'Make money work for me': Sydney man charged with stealing $100,000 via phone porting
- A huge trove of medical records and prescriptions found exposed | TechCrunch
- New Mirai malware variant targets signage TVs and presentation systems | ZDNet
- Microsoft releases Application Guard extension for Chrome and Firefox | ZDNet
- North Korean diplomats in Spain: CIA implicated in attack on North Korean embassy in Madrid | In English | EL PAÍS
- Dissidents behind raid on N.Korea Madrid embassy: US paper - The Local
- Almost 150 million users impacted by new SimBad Android adware | ZDNet
- Most Android Antivirus Apps Are Garbage | WIRED
- Nasty WinRAR bug is being actively exploited to install hard-to-detect malware | Ars Technica
- Proof-of-concept code published for Windows 7 zero-day | ZDNet
- Malicious Counter-Strike 1.6 servers used zero-days to infect users with malware | ZDNet
- “Yelp, but for MAGA” turns red over security disclosure, threatens researcher | Ars Technica
- Local privilege escalation via the Windows I/O Manager: a variant finding collaboration – Security Research & Defense
- iblue on Twitter: "So, that's CVE-2019-5418. Accept: ../../../../../../../../../etc/passwd (And we might see more fun involving the PathResolver in the future :))… https://t.co/JT2hxnCaM4"
- CVE-2019-7644: How Does this Happen?
- Chronicle Security - Careers
On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:
- Chelsea Manning back in jail
- Citrix owned, Resecurity claims it was Iran. Again. Because reasons, apparently.
- Huawei politics get messy
- EXCLUSIVE: Toyota Oz, other carmakers likely targeted by APT32 (Vietnam)
- Much, much more
This week’s sponsor is Senetas. They make layer 2 encryption gear but recently made a US$8m investment into Votiro, a Content Disarm and Reconstruction (CDR) play. Votiro CEO Aviv Grafi is this week’s sponsor guest. He stops by to explain CDR tech.
- Chelsea Manning jailed after refusing to testify about WikiLeaks - CNNPolitics
- Citrix discloses security breach of internal network | ZDNet
- Citrix investigating unauthorized access to internal network | Citrix Blogs
- Iranian-backed hackers stole data from major U.S. government contractor
- Deacon Blues on Twitter: "Have about closed the loop on who is behind Resecurity, the mysterious company attributing the Citrix hack to Iran. It seems to be the work of one man, Andrey Andreevich Komarov, aka Andrew Komarov.… https://t.co/9fbWuEwqdL"
- US ambassador in Berlin urges Germany to cut ties with Huawei
- Pompeo warns allies Huawei presence complicates partnership with U.S. | Reuters
- Huawei’s 5G equipment is a manageable risk, British intelligence claims - The Verge
- UN report links North Korean hackers to theft of $571 million from cryptocurrency exchanges
- China database lists 'breedready' status of 1.8 million women | World news | The Guardian
- 800+ Million Emails Leaked Online by Email Verification Service - Security Discovery
- Releasing the NSA’s Previously Classified Tool ‘Ghidra’ For Free Is a ‘Game Changer’ - Motherboard
- Facebook Suit: Ukrainian Hackers Used Quizzes to Take Data from 60,000 Users
- A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificates | Ars Technica
- The Prototype iPhones That Hackers Use to Research Apple’s Most Sensitive Code - Motherboard
- Google reveals Chrome zero-day under active attacks | ZDNet
- Pipes on Twitter: "Google TAG have run down and identified iOS, Chrome and Windows 0days in the last few weeks. @ShaneHuntley Are we going to get some insight on which group you folk are pulling apart later? Sounds like fun times 😉"
- Russia blocks encrypted email provider ProtonMail | TechCrunch
- Tufts expelled a student for grade hacking. She claims innocence | TechCrunch
- Lamborghini-driving bitcoin trader charged with drug trafficking
- Cryptocurrency entrepreneur pleads guilty in 'Bitcointopia' fraud - Los Angeles Times
- Car alarms with security flaws put 3 million vehicles at risk of hijack | TechCrunch
- Silencing Cylance: A Case Study in Modern EDRs – MDSec
- Glitching Trezor using EMFI Through The Enclosure – Colin O’Flynn
- Extracting BitLocker keys from a TPM
- WDS bug lets hackers hijack Windows Servers via malformed TFTP packets | ZDNet
- Cisco tells Nexus switch owners to disable POAP feature for security reasons | ZDNet
- Auth0 Security Bulletin CVE-2019-7644
- Votiro Disarmer Takes Cyber Security to the Next-Generation
- Senetas announces $8m investment in Votiro Disarmer
On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:
- The NSA isn’t that interested in phone metadata anymore
- More Chinese mass surveillance data leaks
- Chelsea Manning, David House subpoenaed over Wikileaks
- Quadriga cold wallets were actually empty at time of founder’s death
- NSA deployed “rm -rf / shark” at Internet Research Agency
- HackerOne follows Bugcrowd into pentesting
- NSA releases Ghidra
- Much, much more!
This week’s sponsor interview is with Chris Kennedy, AttackIQ’s CISO and VP of customer success. And we’ll be talking about a few things really, like about how continuous validation of security controls like monitoring is a good thing. Everyone uses software like Tenable to verify patching, why not do the same for your monitoring?
- The NSA has reportedly stopped data-mining Americans' phone and SMS records / Boing Boing
- House aide: NSA has shut down phone call record surveillance | Ars Technica
- China’s “democracy” includes mandatory apps, mass chat surveillance | Ars Technica
- China claims detained Canadians formed spy link
- As Trump and Kim Met, North Korean Hackers Hit Over 100 Targets in U.S. and Ally Nations - The New York Times
- Disclosing Subpoena for Testimony, Chelsea Manning Vows to Fight - The New York Times
- WikiLeaks Veteran: I ‘Cooperated’ With Feds ‘in Exchange for Immunity’
- Mystery as Quadriga crypto-cash goes missing - BBC News
- NSA’s top policy advisor: It’s time to start putting teeth in cyber deterrence | Ars Technica
- US wiped hard drives at Russia's 'troll factory' in last year's hack | ZDNet
- Vulnerability exposes location of thousands of malware C&C servers | ZDNet
- Former Hacking Team Members Are Now Spying on the Blockchain for Coinbase - Motherboard
- Coinbase Says Ex-Hacking Team Members Will ‘Transition Out’ After Users Protest - Motherboard
- HackerOne thinks its freelance hackers can conduct penetration tests better than actual pentesting companies
- New Software Helps to Mitigate Supply Chain Management Risk > National Security Agency | Central Security Service > Article View
- Hacker Fantastic on Twitter: "Ghidra opens up JDWP in debug mode listening on port 18001, you can use it to execute code remotely 🤦♂️.. to fix change line 150 of support/launch.sh from * to 127.0.0.1 https://t.co/J3E8q5edC7"
- Backstory: An Alphabet Moon Shot Wants to Store the Security Industry's Data | WIRED
- BlackBerry Cylance Delivers First Proactive Behavioral Analytics Solution with CylancePERSONA
- Martijn Grooten on Twitter: "Shamir is of course right in his criticism of strict US visa procedures, but to add a sobering perspective, we have had speakers who couldn't get a visa when we had our conference in the US, Canada and the EU. For most of the world, visas for the West are really hard.… https://t.co/HRXh1Vr5pt"
- W3C finalizes Web Authentication (WebAuthn) standard | ZDNet
- Hackers have started attacks on Cisco RV110, RV130, and RV215 routers | ZDNet
- Researchers uncover ring of GitHub accounts promoting 300+ backdoored apps | ZDNet
- Google Reveals "BuggyCow," a Rare MacOS Zero-Day Vulnerability | WIRED
- Adobe releases out-of-band update to patch ColdFusion zero-day | ZDNet
- PoC Buffer Overflow exploitation in the British Airways Entertainment System | LinkedIn
In this edition of the show we’re playing a small part in Chronicle’s launch of its flagship product, Backstory.
Chronicle is of course the security spinoff of Google’s parent company, Alphabet. The launch of Chronicle itself was announced about a year ago, but until now it’s only really had one product: Virus Total Enterprise. That all changed today when Chronicle launched Backstory at the RSA conference in the USA.
I was lucky enough to see a demo of Backstory before we recorded this interview last week, and I’m going to characterise it in a way that Chronicle probably won’t like, but it’s basically a cloud-SIEM, albeit a very good one.
Backstory ingests logs from a bunch of data sources – DNS lookup information, DHCP info, your EDR logs (from your Crowdstrike or Carbon Black software), web proxy logs, firewall alerts – and then it structures this stuff so you can make use of it. You get nice pointy-clicky timelines and useful visualisations. That’s handy enough, but keep in mind your logs are now with the company that is responsible for Virus Total. They have some pretty good intel, and they can now apply various IOCs to the logs you’ve submitted.
So one obvious use case for Backstory is doing the type of threat hunting threat hunters like to do, but beyond that, this is likely going to become a pretty useful alerting platform.
On this week’s show Adam and Patrick discuss the week’s security news:
- Cyber Command kicks the IRA off the Internet on election day
- WSJ reporting on Iran vs Australia likely incorrect
- Two Russian cybersecurity professionals sentenced over treason
- DPRK spearphishing US summit participants
- LOTS of technical news and research this week
This week’s show is brought to you by Remediant. Their CEO Tim Keeler will be along in this week’s sponsor segment to talk about how they’re doing “virtual directory binding” to make managing Linux accounts via Active Directory less traumatic. If you’re struggling with horrible, horrible PAM solutions in your devops environments have a listen to that one.
*** NOTE FROM PAT: I made some mistakes in the recording phase of this week’s show. As a result, my vocal audio is pretty atrocious. Sorry! ***
- Cyber Command put the kibosh on Russian trolls during the midterms
- Iranian Group Blamed for Cyberattack on Australia’s Parliament - WSJ
- China, not Iran, still the main suspect in hacking of Australia's political parties, say sources
- Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison — Krebs on Security
- North Korean hackers go on phishing expedition before Trump-Kim summit
- Supermicro hardware weaknesses let researchers backdoor an IBM cloud server | Ars Technica
- The Missing Security Primer for Bare Metal Cloud Services – Eclypsium
- The secret lives of Facebook moderators in America - The Verge
- CRXcavator: Democratizing Chrome Extension Security | Duo Security
- Toyota Australia says no customer data taken in attempted cyber attack | Business | The Guardian
- Toyota Australia hack update | Automotive Industry News | just-auto
- Many websites threatened by highly critical code-execution bug in Drupal | Ars Technica
- It took hackers only three days to start exploiting latest Drupal bug | ZDNet
- Former Hacking Team Members Are Now Spying on the Blockchain for Coinbase - Motherboard
- For many crooks, malware is out and PowerShell attacks are in, IBM says
- New flaws in 4G, 5G allow attackers to intercept calls and track phone locations | TechCrunch
- Cryptocurrency wallet caught sending user passwords to Google's spellchecker | ZDNet
- POS firm says hackers planted malware on customer networks | ZDNet
- Surveillance firm asks Mozilla to be included in Firefox's certificate whitelist | ZDNet
- New browser attack lets hackers run bad code even after users leave a web page | ZDNet
- WinRAR versions released in the last 19 years impacted by severe security flaw | ZDNet
- Dow Jones’ watchlist of 2.4 million high-risk clients has leaked | TechCrunch
- Intel open-sources HBFA app to help with firmware security testing | ZDNet
- Thunderclap flaws impact how Windows, Mac, Linux handle Thunderbolt peripherals | ZDNet
- Spain investigates raid on North Korean embassy: sources | Reuters
- Conference | 0xCC | Melbourne
Adam Boileau is along this week to discuss the week’s security news, which also features comment from Dmitri Alperovitch, Klon Kitchen and The Grugq. We cover:
- Former USAF counterintelligence official indicted over spearphishing, leaking secrets
- Australia’s major political parties targeted by APT crew that totally isn’t Chinese. (It’s Chinese)
- More on the Iran DNS hijacks
- Venezuelans phished by their own government
- China’s mass surveillance of Uyghur Muslims laid bare in data leak
- Millions of Swedes have their healthcare help-line calls exposed
- Bank of Valletta dodges a bullet, catches fraudulent transfers
- VK gets Samy’d
- Calls for GDPR-like law in USA
- Marcus “Malwaretech” Hutchins has a bad week
This week’s sponsor interview is with Jason Haddix of Bugcrowd. He’ll be along to talk a little more about what Bugcrowd calls next-generation pentests. They claim one of their tests is sufficient for compliance purposes under PCI, ISO or NIST and they’ve had a third party auditor prove that for them. They also say the service has really taken off despite being launched only a couple of months ago.
- Air Force Defector to Iran Severely Damaged U.S. Intelligence Efforts, Ex-Officials Say - The New York Times
- Spy Betrayed U.S. to Work for Iran, Charges Say - The New York Times
- Game of Thrones hacker worked with US defector to hack Air Force employees for Iran | ZDNet
- Scott Morrison details cyber attack on Australia's major political parties
- How China and Russia are readying themselves for a US cyber war
- Chinese traders freeze Australian coal orders amid 40-day customs delays: sources | Reuters
- A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
- Albania expels Iranian diplomats on national security grounds | Reuters
- Venezuela’s Government Appears To Be Trying to Hack Activists With Phishing Pages - Motherboard
- China's mass surveillance of Uyghur Muslims in Xinjiang province revealed in data security flaw - ABC News (Australian Broadcasting Corporation)
- Millions of calls to Swedish healthcare hotline left unprotected online - The Local
- Hackers tried to steal €13 million from Malta's Bank of Valletta | ZDNet
- State of the Hack S2E01: #NoEasyBreach REVISITED « State of the Hack S2E01: #NoEasyBreach REVISITED | FireEye Inc
- Russian hackers 8 times faster than Chinese, Iranians, North Koreans, says report
- White hats spread VKontakte worm after social network doesn't pay bug bounty | ZDNet
- You Don't Get To Learn How The FBI Tried To Crack Facebook Messenger Encryption, Judge Rules | Gizmodo Australia
- GAO gives Congress go-ahead for a GDPR-like privacy legislation | ZDNet
- NSO Group founders buy back their spyware company
- MalwareTech loses bid to suppress damning statements made after days of partying | Ars Technica
- Researchers hide malware in Intel SGX enclaves | ZDNet
- Google Play Store app rejections up 55% from last year, app suspensions up 66% | ZDNet
- Behold, the Facebook phishing scam that could dupe even vigilant users | Ars Technica
- (20) Facebook Popup Phishing Page (Social Login) - YouTube
- Google backtracks on Chrome modifications that would have crippled ad blockers | ZDNet
- Scammers Are Filing Fake Trademarks to Steal High-Value Instagram Accounts - Motherboard
- Google working on new Chrome security feature to 'obliterate DOM XSS' | ZDNet
- Microsoft patches 0-day vulnerabilities in IE and Exchange | Ars Technica
- Apple is forcing 2FA on iOS and macOS developers
- Apple being sued because two-factor authentication on an iPhone or Mac takes too much time
- Forced Two Factor Auth Will Cause Issues |Apple Developer Forums
- Aspen Tech Policy Hub - A Silicon Valley-Style Think Tank
- Next Gen Pen Testing
Adam Boileau is back in the news seat this week. We talk about:
- Amazing Reuters report on UAE’s “Project Raven”
- Bezos’ dick pics, Saudi Arabia and a creepy brother
- US government security staffers play post-shutdown catch-up
- Krebs: National Credit Union Administration probably pwned
- Russia to test complete disconnection from wider Internet
- China suspected of involvement in Australian parliament hack
- Trump likely to ban all Chinese telco equipment makers from US builds
- Google: iOS privesc 0days were in wild
- $145m in cryptocurrency lost forever due to exchange CEO death
- VFEmail has a very bad day
- Facebook/Apple cert wars
This week’s show is brought to you by AustCyber, a nonprofit funded by grants from the Australian government. Its goal is to promote Australia’s cybersecurity industry.
AustCyber CEO Michelle Price will be along in this week’s sponsor interview to tell us all about what they’ve got planned for RSA.
- Special Report - Inside the UAE’s secret hacking team of U.S. mercenaries | Reuters
- Project Raven: What Happens When U.S. Personnel Serve a Foreign Intelligence Agency? - Lawfare
- No thank you, Mr. Pecker – Jeff Bezos – Medium
- Mistress’ Brother Leaked Bezos’ Racy Texts to Enquirer, Sources Say
- Bezos Could Put National Enquirer Brass in Jail
- Cybersecurity Workers Scramble to Fix a Post-Shutdown Mess | WIRED
- Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions — Krebs on Security
- Russia to disconnect from the internet as part of a planned test | ZDNet
- China link possible in cyber attack on Australian Parliament computer system, ABC understands - ABC News (Australian Broadcasting Corporation)
- Trump likely to sign executive order banning Chinese telecom equipment next week - POLITICO
- Huawei Sting Offers Rare Glimpse of U.S. Targeting Chinese Giant - Bloomberg
- China's cybersecurity law update lets state agencies 'pen-test' local companies | ZDNet
- Google warns about two iOS zero-days 'exploited in the wild' | ZDNet
- $145 million funds frozen after death of cryptocurrency exchange admin | ZDNet
- Hackers wipe US servers of email provider VFEmail | ZDNet
- Zcash cryptocurrency fixes infinite counterfeiting vulnerability | ZDNet
- Biohackers Encoded Malware in a Strand of DNA | WIRED
- Google releases Chrome extension that alerts users of breached passwords | Ars Technica
- Big Telecom Sold Highly Sensitive Customer GPS Data Typically Used for 911 Calls - Motherboard
- Hundreds of Bounty Hunters Had Access to AT&T, T-Mobile, and Sprint Customer Location Data for Years - Motherboard
- How Hackers and Scammers Break into iCloud-Locked iPhones - Motherboard
- Apple restores Facebook’s ability to run internal iOS apps - The Verge
- New TLS encryption-busting attack also impacts the newer TLS 1.3 | ZDNet
- Atlassian leads encryption law revolt as Peter Dutton stands firm
- Australian government clamping down on security research, academic says - Computerworld
- Swiss government invites hackers to pen-test its e-voting system | ZDNet
- Indecent disclosure: Gay dating app left “private” images, data exposed to Web (Updated) | Ars Technica
- AustCyber supports the development of a vibrant and globally competitive cyber security sector | AustCyber
As regular listeners know, this isn’t the regular weekly Risky Business podcast, all Soap Box podcasts are paid promotions. We ran 10 of these last year, we’re running more of them this year – the total number is up to 14, but we’re running fewer of our other promotional podcast Snake Oilers.
In this Soap Box podcast we’re chatting with a company with a legitimately fascinating origin story.
You remember how in 2017 and 2018 people were running all these shonky initial coin offerings where they’d sell off millions of dollars of crypto tokens on the basis of a two minute video and a whitepaper? What happened in a lot of these cases is after the ICO the founders would take the money, launder it and move to the Bahamas.
Well, Polyswarm raised its money in an ICO. About $26m US dollars (!!). And, because they weren’t mainlining the ICO Kool-Aid, they cashed out about half of what they raised into real money before cryptocurrency values crashed.
Instead of moving to the Bahamas, they actually stuck around to build the business that tokenholders had chosen to fund. Their token value has crashed like everyone else’s has, but that doesn’t matter – they’re funded, and because of their unconventional funding source they don’t have a whole bunch of venture capitalists breathing down their neck.
So, what’s the business? It’s a marketplace for threat detection. Yes, my pinned tweet says “I do not want your blockchain expert as a guest on my podcast,” and yes, this company does use blockchain fairy dust, but as you’ll hear, the blockchain element to this business isn’t really what it’s about. Indeed, the founder and CEO of Polyswarm, Steve Bassi, says he would find life a lot easier in many ways if they weren’t actually using blockchain tech here as a marketplace enabler. He’s also banned himself from ever attending a blockchain conference again in his life.
Ok, so what is the Polyswarm marketplace and how does it work. As you’ll hear in this interview it took me a bit to actually understand exactly what they’re doing here, but what they’ve essentially built is a marketplace for AV. The best way to explain this is to just explain how it works. If you’re an enterprise client or an MSSP you can submit a sample to this marketplace. You’re submitting it with a question – is this file bad or good – and you attach a tokenised value to the answer.
On the other side of the equation are all these AV engines. Big ones, small ones… even tiny little micro engines that are only good at detecting very niche threats. So the enterprise submits the sample – that can be a whole file or just a hash – and it gets distributed to all the people who are running these AV engines. They scan the file, and if they’re super confident on an answer, they return that answer as well as a tokenised stake as a measure of their confidence. The idea is you can have a competitive marketplace for threat detection in which even niche players can participate. Polyswarm CEO Steve Bassi joined me to talk me through the whole concept.