This is not the regular Risky Business weekly show, the Soap Box series of podcasts that run on Risky.Biz are wholly sponsored. Everyone you hear in Soap Box paid to be here.

With that disclaimer out of the way, this is actually a really interesting conversation. Carsten Willems is the co-founder and CEO of VMRay, a company that makes… well.. what do you call it? Is it an incident response tool? Is it a detection tool? Or is it just a good hypervisor-based sandbox that you can use to do both of those things?

I’m going to say it’s the third – VMRay is a company that makes a great hyper-visor sandbox and has applied that technology to both response and detection.

In an ideal world you’d have a team of malware reversers on staff pulling apart every single binary that looks shady. But this isn’t a perfect world, so that’s never going to happen. So the original use case that Carsten and his team set out to solve was around automating malware reversing. They build a hyper-visor based sandbox that’s very hard to bypass, you can run your standard build on it, throw binaries and documents at it and see what blows up. That’s really the primary use case here.

But there is a second use case, which is detection. VMRay can give you a pretty decent risk score on samples, and they’ve entered into a few OEM arrangements with vendors to provide that extra level of detection.

I’d never met Carsten Willems before we prepared this podcast, but it’s safe to say we hit it off. This podcast basically turned into Carsten telling his story, the story of where VMRay came from and where he wants it to go. Enjoy!

Show notes

Malware Sandbox Online | Free Trial

On this week’s show Patrick and Adam talk through all the week’s security news, including:

• New executive order paved way for Huawei ban
• Google pulls service from Huawei
• No wait, that’s not right, it’s for new handsets
• The ban’s now reversed to allow them to continue the support that they didn’t have to discontinue?
• I’m so confused
• ¯_(ツ)_/¯
• Israeli broadcaster fingers Hamas over Eurovision coverage hack
• New moves to regulate offensive cyber services
• Salesforce has a bad time
• Instagram influencers have a bad time (Hah!)
• OGUsers pwned
• Much, much more

This week’s show is brought to you by CMD Security. They make security software for Linux that does two things – firstly it gives you visibility into what’s happening on your Linux workloads, which actions are being performed by which accounts, that sort of thing. The second thing it does is allow you to lock down accounts by action, rather than by traditional privilege. They’re funded by Google Ventures, among others, and although they’re a relatively small and new company I think they’re going to do really well.

Jake was just at a MITRE conference in Brussels that was all about the Attack Matrix. He’s joining me this week to have a bit of talk about his experience at that event, then we’ll be talking through some of the issues he’s seeing out there in Linux cloud workload land. Jake’s a great communicator and a very smart guy and that interview is a lot of fun.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

White House executive order sets path for ban on Huawei

Exclusive: Google suspends some business with Huawei after Trump blacklist - source - Reuters

Google's Huawei Android restrictions: what does it mean for you? [Updated] | TechRadar

Trump grants temporary reprieve from Huawei ban | Financial Times

Israel’s national broadcaster accuses Hamas of Eurovision hack | Jewish News

Lawmakers seek probe on U.S. hacking services sold globally - Reuters

U.S. lawmakers call on spy chief to rein in spread of hacking tools - Reuters

Facebook bans Israeli company that's been sharing disinfo on West African politics

Faulty database script brings Salesforce to its knees | ZDNet

Millions of Instagram influencers had their private contact data scraped and exposed | TechCrunch

Account Hijacking Forum OGusers Hacked — Krebs on Security

The Most Expensive Lesson Of My Life: Details of SIM port hack

Chinese cyberspies breached TeamViewer in 2016 | ZDNet

Baltimore ransomware nightmare could last weeks more, with big consequences | Ars Technica

Ohio school sends students home because of Trickbot malware infection | ZDNet

Google Will Replace Titan Security Key Over a Bluetooth Flaw | WIRED

Bluetooth's Complexity Has Become a Security Risk | WIRED

First official version of Tor Browser for Android released on the Play Store | ZDNet

Root account misconfigurations found in 20% of top 1,000 Docker containers | ZDNet

The Crowd, The Source… – CTUS.IO

New windows LPE from non-admin :) : AskNetsec

How CSIRO Computers Were Secretly Used To Mine Bitcoin | 10 daily

Company behind LeakedSource pleads guilty in Canada | ZDNet

Bots Tampering with TLS to Avoid Detection - Akamai Security Intelligence and Threat Research Blog

Hackers abuse ASUS cloud service to install backdoor on users’ PCs | Ars Technica

The radio navigation planes use to land safely is insecure and can be hacked | Ars Technica

1801 - Visual Voicemail for iPhone: Use-after-free in IMAP NAMESPACE processing - project-zero - Monorail

Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site

Microsoft releases new version of Attack Surface Analyzer utility | ZDNet

Cisco Upgrades Remote Code Execution Flaws to Critical Severity

Additional mitigations for speculative execution vulnerabilities in Intel CPUs - Apple Support

AT&T Homepage Mistakenly Warns Users of a Non-Existent Data Breach - VICE

Encryption fix may now be dead - InnovationsAus.com

Request a live demo_

This isn’t our weekly news and current affairs show, this is a wholly sponsored podcast we do here at Risky Biz. The idea behind Soap Box is vendors pay to come on to the show and talk about the things they want to talk about.

Today’s Soap Box is brought to you by Signal Sciences. If you’re not familiar with them, they make web security software. If you operate a website and you’re looking to auto-block a lot of the common attacks and attack techniques that are likely to be directed against your website, then Signal Sciences are definitely worth a look.

Their whole pitch is really about making software that’s easy to deploy. You just drop it on your web server or run it as a WAF proxy, and bang, you’re done. Most of their clients run this software in full blocking mode out of the gate and don’t have any issues.

It’s really, really good at blocking stuff like cred stuffing and weird bot activity, as well as your typical OWASPY-style attacks.

Signal Sciences Trusted Appsec Advisor Phillip Maddux is our guest today. We spoke about a bunch of stuff really: the future of appsec, how the pivot to serverless is changing things. Then we talk about app-layer deception, and finally Phillip basically takes a dump on the bulk of RASP solutions out there.

Enjoy!

Show notes

Dear RASP: We Need to Talk About the Friction in Our Relationship

On this week’s show Patrick and Adam talk through all the week’s security news, including:

• NSO Group WhatsApp vuln coverage goes nuclear
• Activists targeted by NSO malware in hiding in west after CIA tipoffs
• Cisco Trust Anchor drags on sea floor
• Linux kernel bugs likely overhyped
• Adobe patches insane number of CVEs
• Microsoft patches rumoured GCHQ VEP’d RDP bug
• New hardware bugs affect Intel processors
• SHA-1 collisions become much more practical
• Major US anti-virus firms owned hard

This week’s sponsor interview with Ryan Kalember of Proofpoint. Ryan is a listener, and when he heard Adam talking about how password rotations actually result in crappy passwords, it hit a nerve with him. He says Proofpoint, via its CASBY product, is seeing a lot of targeted credential stuffing campaigns cycling through variations of passwords that have appeared in dumps.

Apparently the bad guys are hip to what a typical password rotation variation looks like and they’re using this knowledge to better direct their cred stuffing attempts.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

How Hackers Broke WhatsApp With Just a Phone Call | WIRED

Israel gives 'Pegasus' spyware to countries like Saudi Arabia

CIA Sent Warnings to 3 Khashoggi Associates About New Saudi Threats | Time

WhatsApp Hack Shows End-to-End Encryption Is Pointless - Bloomberg

The NSO WhatsApp Vulnerability - This is How It Happened - Check Point Research

It’s Almost Impossible to Tell if Your iPhone Has Been Hacked - VICE

Human rights groups to ask Israeli court to revoke NSO Group’s export license

A Cisco Router Bug Has Massive Global Implications | WIRED

Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution

Security Updates Released for Adobe Flash Player, Reader, and Media Encoder

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003 — Krebs on Security

Microsoft SharePoint vulnerability allows hackers to sift through servers, Saudi authorities warn

Two years after WannaCry, a million computers remain at risk | TechCrunch

Intel CPUs impacted by new Zombieload side-channel attack | ZDNet

ZombieLoad attack lets hackers steal data from Intel chips - The Verge

Patch status for the new MDS attacks against Intel CPUs | ZDNet

SHA-1 collision attacks are now actually practical and a looming danger | ZDNet

NVIDIA Patches High Severity Windows GPU Display Driver Flaws

Keyloggers Injected in Web Trust Seal Supply Chain Attack

Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond

New Details Emerge of Fxmsp's Hacking of Antivirus Companies

DOJ Says Chinese Hackers Attacked Anthem, but Not Why | WIRED

“RobbinHood” ransomware takes down Baltimore City government networks | Ars Technica

Julian Assange to face revived rape investigation in Sweden

Former NSA analyst charged in leak of classified documents to reporter

New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web | ZDNet

Jokeroo Ransomware as a Service Pulls an Exit Scam

Nigerian BEC Scammers Shifting to RATs As Tool of Choice

Mozilla offers research grant for a way to embed Tor inside Firefox | ZDNet

Experts Doubt Russian Claims That Cryptographic Flaw Was a Coincidence - VICE

Microsoft recommends using a separate device for administrative tasks | ZDNet

Unsecured server exposes data for 85% of all Panama citizens | ZDNet

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• IDF takes out Hamas cyber HQ (Features commentary from Bobby Chesney and Klon Kitchen)
• NYTimes mangles Symantec’s “Buckeye” research
• Lots of dark web arrests
• SAP exploits not all they’re cracked up to be
• Magecart-style attacks spread to other platforms
• Tech-led crackdown on Chinese-muslims intensifies
• Japan to create “defensive malware”

This week’s sponsor interview is with Duo Security advisory CSO Richard Archdeacon and we’ll be talking about zero trust networks. Richard isn’t so worried about every vendor under the sun claiming to be a zero trust tech company. He doesn’t think that’s going to derail the move to zero trust architectures because the move towards them is too strong.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Israel Defense Forces on Twitter: "CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.… https://t.co/rL86R93V7P"

Crossing a Cyber Rubicon? Overreactions to the IDF’s Strike on the Hamas Cyber Facility - Lawfare

Daniel Moore on Twitter: "It's also possible that they claim this is a kinetic response to a cyber-attack, but in reality the IDF is just bombing more convenient, low-risk elements of Hamas out of its extensive target bank. So possibly more capitalising on an opportunity than direct retaliation.… https://t.co/uFSn4Ql8Nu"

Inbar Raz on Twitter: "If there had been only one strike, and it had been directed at the Cyber unit, then that would have been a remarkable and unusual event. But it wasn’t. It’s just one more building with “Hamas” written all over it. 3/N… https://t.co/hPfy1ulmsE"

Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak | Symantec Blogs

How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks - The New York Times

A Mysterious Hacker Group Is On a Supply Chain Hijacking Spree | WIRED

FBI has seized Deep Dot Web and arrested its administrators | TechCrunch

Law enforcement seizes dark web market after moderator leaks backend credentials | ZDNet

Public 10KBLAZE Exploits May Impact 90% of SAP Production Systems

sap_ms/README.md at master · gelim/sap_ms · GitHub

JavaScript card sniffing attacks spread to other e-commerce platforms | ZDNet

A hacker is wiping Git repositories and asking for a ransom | ZDNet

Mysterious hacker has been selling Windows 0-days to APT groups for three years | ZDNet

China uses biometrics and digital scanning 'data doors' to track Muslim minority | ZDNet

Uyghurs the People of Xinjiang - Rear Vision - ABC Radio National (Australian Broadcasting Corporation)

CIA sets up shop on the anonymous, encrypted Tor network - CNET

China making 'rapid progress' on potency of cyber-operations, Pentagon says

Japanese government to create and maintain defensive malware | ZDNet

Hacker takes over 29 IoT botnets | ZDNet

Only six TSA staffers are overseeing US oil & gas pipeline security | ZDNet

Dutch intelligence warns of escalating Russian, Chinese cyberattacks in the Netherlands

NSA unmasked more U.S. entities caught in foreign cyber-espionage efforts last year

WordPress finally gets the security features a third of the Internet deserves | ZDNet

Verizon, T-Mobile, Sprint, and AT&T Hit With Class Action Lawsuit Over Selling Customers’ Location Data - VICE

Firefox add-ons disabled en masse after Mozilla certificate issue | ZDNet

Labor asks questions of WeChat over doctored accounts, 'fake news'

Evil Clippy Makes Malicious Office Docs that Dodge Detection

Dell laptops and computers vulnerable to remote hijacks | ZDNet

AWS IAM Exploitation – Security Risk Advisors

Zero Trust Evaluation Guide: For the Workforce | Duo Security

This isn’t the regular weekly risky biz news and current affairs show, this is the special podcast series we do here at Risky Biz HQ where we take that dirty, dirty vendor cash and let security companies tell the audience all about what they do. Think of it as show and tell for security vendors!

In this edition we’ve got three more vendors vying for your hard-earned bread. We’ll be hearing from Rapid7 on their InsightConnect product, that one used to be known as Komand. What can you automate and orchestrate with it? How does it work? Who’s using it? What are they doing with it?

Then we’ll be hearing from Trend Micro about their O365 mail security product, and this one is legit interesting for one very simple reason – the deployment method. Most of the mail security firms basically make you route your mail through them.

In this case what Trend has done is create a mail security product that just fiddles with your mailboxes through the Microsoft O365 API. They have literally set up a demo account for an enterprise over a beer at a bar. So yeah, I suspect we’ll be seeing more mail security products deploying this way… and because it’s show and tell, Trend will be along to talk about some of the bells and whistles that come with that product.

Then finally we’ll be hearing from Cybermerc. This is a group based out of Canberra in Australia. They’ve done a lot of enterprise deception hybrid hardware/consulting, that’s something they’ve gotten very good at. They also do a lot of cyber cyber training, but now they’re trying to market a managed service towards small to medium businesses – those with 50 to a few hundred seats. A managed honeypot, some internal vuln scans, and a partridge in a pear tree!

Show notes

Security Orchestration and Automation with InsightConnect | Rapid7

Email Security Smart Protection for Office 365 | Trend Micro

Cybermerc

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Docker Hub owned
• That Confluence bug we were talking about a couple of weeks ago got wormified
• Oracle WebLogic users also having a bad time
• Cloudflare faces investor pressure over providing services to Nazis
• Slack warns investors of possible nation-state attacks against it
• Norsk Hydro puts dollar value on ransomware incident
• Bloomberg publishes another ridiculous security story
• Much, much more!

This week’s sponsor interview is with Casey Ellis, the CTO and co-founder of Bugcrowd.

As most of you are probably aware, Bugcrowd announced its so-called “next generation penetration testing” product last year, a move followed some months later by its competitor HackerOne. With others in the bounty space already offering these types of penetration testing packages, it looks like these efforts are here to stay.

But where do crowdsourced penetration tests sit in the wider penetration testing market? Are they coming after the Insomnia and Atredis Partners type firms? The NCCs? The shonky nessus-scan “penetration testers”? Well, not surprisingly Casey argues that this is a new sub-niche in the market and he makes a pretty compelling case to support that argument.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Docker Hub hack exposed data of 190,000 users | ZDNet

two-factor authentication · Issue #358 · docker/hub-feedback · GitHub

Slack warns investors of a high risk of cyber-attacks impacting stock performance | ZDNet

Vulnerable Confluence Servers Get Infected with Ransomware, Trojans

Recent Oracle WebLogic zero-day used to infect servers with ransomware | ZDNet

Norsk Hydro: Attack Cost $50M « isssource.com

The SIM Swap Fix That the US Isn't Using | WIRED

California synagogue shooting casts harsh light on mutual-fund darling Cloudflare - Reuters

Sleeping Giants on Twitter: "REMINDER: 8Chan, where the anti-Semitic shooter from today AND the New Zealand shooter posted manifestos and their fans cheer the killings, is protected by @Cloudflare and their CEO @eastdakota, who doesn’t have any regrets about it at all.… https://t.co/8XKghBMW94"

Catalin Cimpanu on Twitter: "Today in infosec news: Another low-quality Bloomberg article where the reporter converts a random 10-year-old long-time-patched vulnerability into a national security threat.... because Bloomberg reporters get paid for "market-shifting news" ....which means "horrendous clickbait"… https://t.co/3IOoj08g0Q"

Oh dear. Secret Huawei enterprise router snoop 'backdoor' was Telnet service, sighs Vodafone • The Register

Man who allegedly leaked CIA hacking tools says he's been tortured and is owed $50 billion

Hackers Steal and Ransom Financial Data Related to Some of the World’s Largest Companies - Motherboard

NSA's Russian cyberthreat task force is now permanent

DNS hacks are attacks on critical infrastructure, senior U.S. diplomat says

New DHS order pushes agencies to quickly patch vulnerabilities

Microsoft is considering dropping its Windows password expiration policy | TechCrunch

Microsoft Outlook Email Breach Targeted Cryptocurrency Users - Motherboard

Chinese dev jailed and fined for posting DJI's private keys on Github • The Register

Probable Russian Navy covert camera whale discovered by Norwegians | Ars Technica

CARBANAK Week Part Four: The CARBANAK Desktop Video Player « CARBANAK Week Part Four: The CARBANAK Desktop Video Player | FireEye Inc

Port Scanning, Spoofing & Blacklists – notdan – Medium

Bat bomb - Wikipedia

Project Pigeon - Wikipedia

Next Gen Pen Testing

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Marcus Hutchins faces his milkshake duck moment
• Iranian APT crew gets Shadowbrokersed
• DNS interference campaign is actually two large-scale actors
• UK to use some Huawei components in 5G build
• French Government launches comms app for politicians, it doesn’t go well
• More detail on CCleaner/ASUS crew
• Carbanak source found on VT (lol)
• Wall Street Market exit scams
• BEC costing US firms $1.3bn PA
• Much MOAR!

This week’s show is brought to you by Signal Sciences, their CEO Andrew Peterson will be along in this week’s sponsor interview to have a bit of a chat about how a lot of traditional enterprises are running serious business web app shops these days.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware — Krebs on Security

filsy on Twitter: "The whole internet loves MalwareShake Duck, a lovely duck that saved the internet. *12 months later* We regret to inform you that the duck was the author of malware that stole your grandmothers lifesavings."

A Mystery Agent Is Doxing Iran's Hackers and Dumping Their Code | WIRED

Patrick Gray on Twitter: "This development raises serious questions, like: 1. When will SIGINT agencies start publishing zines? 2. Which nation state actors will produce the best defacement art and smack talk?"

Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: DNS Hijacking Abuses Trust In Core Internet Service

Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: DNSpionage brings out the Karkoff

Wipro Intruders Targeted Other Major IT Firms — Krebs on Security

The Weather Channel goes off the air for 90 minutes after ransomware infection | ZDNet

Manufacturing giant Aebi Schmidt hit by ransomware | TechCrunch

Huawei will help build Britain’s 5G network, despite security concerns - The Verge

U.S. and British Intelligence Agencies Downplay Disagreement Over Huawei 5G

Huawei frustration boils over as CIA allegedly shows the goods | Telecoms.com

French government releases in-house IM app to replace WhatsApp and Telegram use | ZDNet

Congress sends letter to Google for details on Sensorvault location tracking database | ZDNet

Supply Chain Hackers Snuck Malware Into Videogames | WIRED

Source code of Carbanak trojan found on VirusTotal | ZDNet

A 'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions | WIRED

Another dark web marketplace bites the dust --Wall Street Market | ZDNet

FBI: US companies lost $1.3 billion in 2018 due to BEC scams | ZDNet

Security flaw lets attackers recover private keys from Qualcomm chips | ZDNet

Security flaw in EA’s Origin client exposed gamers to hackers | TechCrunch

RCE in EA's Origin Desktop Client – Underdog Security – Our blog...

More Security Endpoint Tech Isn't Always Better | Decipher

Chaos on Twitter: "last week i got to witness an engineering department lose a full day's work because if you put an emoji in a git commit message, Atlassian Bamboo chokes on it forever and you're forced to rebase master, like you should NEVER DO. this was of course referred to as The Emojiency"

Australian Lime Scooters Hacked To Say Sexual Things To Riders | Gizmodo Australia

Demand More from Your Web Application Security | Signal Sciences

On this edition of Snake Oilers you’ll be hearing from three vendors offering what I believe to be excellent security technology. I haven’t personally used this tech, but conceptually everything featured in this edition is The Good Stuff. You’ll see. Or hear. You know what I mean.

First up we’ll be hearing from CMD, they make killer software for Linux that lets you lock down account actions. Not permissions, actions. Do all the default and service accounts you have to run on your Linux fleet terrify you? Well, this is a solution for that. There’s a visibility component there, too.

Then we’ll be hearing from AlphaSOC. When we last spoke to them they were just doing domain-based analytics, but they’ve expanded their tech and now offer IP-based and http request-based analytics. You can deploy AlphaSOC as a Splunk app or hook up to their API any other way you want. They’re offering free trials, but even when you’re on the paid service it’s actually pretty affordable.

The brain behind AlphaSOC is Chris McNab who used to run incident response at NCC Group. He’s seen how the planes crash into the mountains and he has created a product that performs eminently sensible analysis on your traffic and metadata to alert you to badness.

Then finally we’ll be hearing from Nucleus. This is a new company and if your job is managing vulnerabilities and vuln scanners in your org then straight up, just skip to the Nucleus interview immediately. They’ve created a web app that normalises vulnerability scanning information. It’ll take the outputs from Snyk, Rapid7, Checkmarx, Netsparker, OpenVAS, Twistlock, Fortify, Burp Suite, Nessus, Qualys, Acunetix AND others.

It ingests all of this data, normalises it, then plumbs these alerts through to the right people through a multitude of different ticketing systems. If your’e stuck in the 7th layer of Sharepoint or Spreadsheet vulnerability management hell, this is a solution to your problems. You will weep salty tears of joy when you hear this one. Free trials of Nucleus are also available.

Links to the companies featured are below!

Show notes

Cmd — Defense in depth for Linux

AlphaSOC

Overview > Nucleus Security

On this week’s show Adam Boileau and Patrick Gray discuss the week’s security news:

• Julian Assange arrested, likely to be extradited to the USA
• Krebs: Breach at outsourcing firm Wipro
• WordPress 0day drama causing serious headaches
• Silk Road 2’s “DPR2” sent to slammer
• More from Kaspersky SAS

This week’s show is brought to you by Thinkst Canary! Thinkst founder Haroon Meer will be along in this week’s show to talk about the effect venture capital is having on the security ecosystem. He thinks VC money often makes weak ideas look strong, and in a market where it’s quite difficult to make informed purchasing decisions, that’s not a good thing.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Breaking Down the Julian Assange Hacking Case | WIRED

Experts: Breach at IT Outsourcing Giant Wipro — Krebs on Security

Silk Road 2 Founder Dread Pirate Roberts 2 Caught, Jailed for 5 Years - Motherboard

Chinese woman arrested at Mar-a-Lago 'up to something,' denied bail: judge - Reuters

A security researcher with a grudge is dropping Web 0days on innocent users | Ars Technica

Mailgun hacked part of massive attack on WordPress sites | ZDNet

PPD-20 successor has yielded ‘operational success,’ Federal CISO says

A Peek Into the Toolkit of the Dangerous 'Triton' Hackers | WIRED

DHS, FBI say election systems in all 50 states were targeted in 2016 | Ars Technica

Quasi-Russian upstart reportedly targeted Ukraine in cyber-espionage campaign

Patrick Gray 🥚 on Twitter: "Great scoop from @Commsday Looks like @ASDGovAu is going to rip up its contract with @Cloudflare because they host Nazi forums.… https://t.co/uhqC2EIVbY"

Dragonblood vulnerabilities disclosed in WiFi WPA3 standard | ZDNet

Confluence Security Advisory - 2019-03-20 - Atlassian Documentation

A New Breed of ATM Hackers Gets in Through a Bank’s Network | WIRED

Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years | WIRED

Kaspersky: 70 percent of attacks now target Office vulnerabilities | ZDNet

EU: No evidence of Kaspersky spying despite 'confirmed malicious' classification | ZDNet

DHS alerts industry to insecure enterprise VPN apps

Shimo VPN service contains six unpatched vulnerabilities, Talos discovers

‘Land Lordz’ Service Powers Airbnb Scams — Krebs on Security

Hackers publish personal data on thousands of US police officers and federal agents | TechCrunch

Former Senate IT intern admits to doxing US senators on Twitter and Wikipedia | ZDNet

A hacker has dumped nearly one billion user records over the past two months | ZDNet

Google DLP Makes It Easier to Safeguard Sensitive Data Troves | WIRED

Microsoft Email Hack Shows the Lurking Danger of Customer Support | WIRED

Fortinet settles charges of selling intentionally mislabeled Chinese-made tech to U.S. military

Security Engineer, Detection - Google - Sydney NSW, Australia - Google Careers

Security Engineer, Information Security and Privacy Incident Response - Google - Sydney NSW, Australia - Google Careers

Thinkst Canary

In this week’s show Patrick Gray and Adam Boileau recap all the infosec news of the last three weeks, including:

• Chinese woman arrested at Mar-a-Lago being very shady
• The ASUS supply chain attack
• Flame-related malware lived on longer than expected
• boostrap-sass Ruby gem backdoored
• Latest on Norsk Hydro and other victims of the same crew
• More trouble at Toyota
• Huawei spanked by UK oversight panel
• Exodus govvie malware affects Android and iOS
• Plus much, much more

This week’s sponsor interview is with Kumud Kalia, the Chief Information and Technology Officer of Cylance. They actually dropped a really interesting product announcement at RSA a few weeks back and Kumud will be along later on to tell us about that. The tl;dr it’s an agent that models endpoint behaviour so when someone - or something - else starts using that endpoint to do things that don’t fit the user profile, action can be taken.

It’s the type of tech concept that normally belongs in academic papers, not in actual products people can actually buy. That’s an interesting chat.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Feds: Woman arrested at Mar-a-Lago had hidden-camera detector | Miami Herald

Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers - Motherboard

ASUS releases fix for Live Update tool abused in ShadowHammer attack | ZDNet

Researchers publish list of MAC addresses targeted in ASUS hack | ZDNet

Nation-state hacking kit ‘Flame’ had a second life, researchers say

Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem | Snyk

Norsk Hydro ransomware incident losses reach $40 million after one week | ZDNet

Norsk Hydro will not pay ransom demand and will restore from backups | ZDNet

Arizona Beverages knocked offline by ransomware attack | TechCrunch

Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’ - Motherboard

Toyota announces second security breach in the last five weeks | ZDNet

Huawei's Problem Isn't Chinese Backdoors. It's Buggy Software | WIRED

HCSEC_OversightBoardReport-2019.pdf

In issuing 5G recommendations, E.U. spurns U.S. hardline on Huawei

Bezos’ Investigator Gavin de Becker Finds the Saudis Obtained the Amazon Chief’s Private Data

NSO Group Says It Didn’t Hack Jeff Bezos On Behalf of Saudi Arabia - Motherboard

'Exodus' Spyware Posed as a Legit iOS App | WIRED

Former NSA spies hacked BBC host, Al Jazeera chairman for UAE

Lazarus rises in Israel with attempted hack of defense company, researchers say

Defense Ministry rebukes Israeli spy tech company for unlawful exports | The Times of Israel

Islamic State's collapse hastened with help of Australian cyber spies - ABC News (Australian Broadcasting Corporation)

Company sues worker who fell for email scam - BBC News

Utah Just Became a Leader in Digital Privacy | WIRED

Office Depot rigged PC malware scans to sell unneeded $300 tech support | Ars Technica

Microsoft warns Windows 7 users of looming end to security updates | TechCrunch

Brace yourselves: Exploit published for serious Magento bug allowing card skimming [Updated] | Ars Technica

Warfare Plugins on Twitter: "WE ARE AWARE OF A ZERO-DAY EXPLOIT AFFECTING SOCIAL WARFARE CURRENTLY BEING TAKEN ADVANTAGE OF IN THE WILD. Our developers are working to release a patch within the next hour. In the meantime, we recommend disabling the plugin. We will update you as soon as we know more."

Pipdig Update: Dishonest Denials, Erased Evidence, and Ongoing Offenses

Two serious WordPress plugin vulnerabilities are being exploited in the wild | Ars Technica

Ex-NSA contractor pleads guilty to vast classified data leak, faces 9 years in prison

Report deems Russia a pioneer in GPS spoofing attacks | ZDNet

Above Us Only Stars - Exposing GPS Spoofing in Russia and Syria - Association of Old Crows

Researchers find 36 new security flaws in LTE protocol | ZDNet

AT&T, Comcast successfully test SHAKEN/STIR protocol for fighting robocalls | ZDNet

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years — Krebs on Security

Third-Party Apps Exposed Over 540 Million Facebook Records | WIRED

Man Behind Fatal ‘Swatting’ Gets 20 Years — Krebs on Security

Top dark web marketplace will shut down next month | ZDNet

Lithuanian man pleads guilty to scamming Google and Facebook out of $123 million | ZDNet

China Considers Ban On Cryptocurrency Mining Because It's A Stupid Waste Of Energy | Gizmodo Australia

Vigilantes Counter Christchurch Manifesto with Weaponized Version

RedTeam Pentesting on Twitter: "We were also quite surprised to find this /etc/nginx.conf in 1.4.2.20… https://t.co/ymjjLM3eP7"

Announcing QueryCon 2019 | Trail of Bits Blog

PaperCall.io - QueryCon 2019

QueryCon 2019 — Hosted by Trail of Bits, with Kolide and Carbon Black Tickets, Thu, Jun 20, 2019 at 9:00 AM | Eventbrite

This is a wholly sponsored podcast brought to you by Duo Security.

WebAuthn is a new multifactor authentication standard for the web that is all rooted in very smart encryption tech. Some of you would already be using similar authentication standards in apps without even thinking about it, like doing biometric authentication in your banking apps. You want to log in via your app and it scans your face to auth you, that sort of thing. WebAuthn makes those types of authentication actions available to users through the browser.

It’s now an official W3C standard supported by most browsers. It’s the future of auth on the Web.

Duo Security has been involved a little bit with the standards process and in this edition of the Soap Box podcast you’re going to hear a nearly hour long conversation between myself, Nick Steele and James Barclay who are Duo’s resident Webauthn dudes at Duo Labs.

I hope you enjoy this conversation.

Show notes

Touch ID and Beyond: Duo’s Plans for WebAuthn | Duo Security

WebAuthn.io

Guide to Web Authentication

GitHub - duo-labs/android-webauthn-authenticator: A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification.

Web Authentication: An API for accessing Public Key Credentials Level 1

In this week’s show Patrick Gray and Alex Stamos discuss the week’s news, as well as discussing the rise of white supremacist communities and propaganda on the Internet and what can be done about it.

News:

• Norsk Hydro ransomwared
• Huawei ban gets more and more political
• APT40 hitting USA hard
• Cyber Command’s Euro road-trip
• Kremlin interference in EU elections extremely likely
• US Senators seek information on breaches targeting them
• Cloudflare won’t pull service from 8chan in wake of NZ attack
• Beto O’Rourke was cDc member
• New Mirari variant
• 150 million Android devices hosed by new malware
• Much, much more

This week’s show is brought to you by Chronicle Security! We’ll be joined by Chronicle co-founders Shapor Naghibzadeh and Mike Wiacek. They had a tremendously successful launch at RSA and they’re going to pop in to tell us about some near future plans they have for their Backstory product.

Links to everything are below, and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes

Norsk Hydro Ransomware Attack Is `Severe' But All Too Common - Bloomberg

Antivirus scan for c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15 at 2019-03-19 12:37:54 UTC - VirusTotal

When Facebook Goes Down, Don't Blame Hackers | WIRED

U.S. Campaign to Ban Huawei Overseas Stumbles as Allies Resist - The New York Times

Navy, Industry Partners Are ‘Under Cyber Siege’ by Chinese Hackers, Review Asserts - WSJ

Tim Watts MP on Twitter: "In a rambling and incoherent Op-Ed today, Barnaby Joyce, our former Deputy Prime Minister make a unilateral attribution of the recent incursions into Australia’s Parliamentry IT systems. The Morrison govt has not publicly attributed these incursions. https://t.co/lvaM0mjPnS… https://t.co/btgLqCdFBo"

March for something that’s truly under threat: Western democracy

Cyber Command’s midterm election work included trips to Ukraine, Montenegro, and North Macedonia

Kremlin interference in EU vote is likely, says Estonian spy agency

Report: Tech Company In Steele Dossier May Have Been Used To Support DNC Hack

US senators want to know how many times they've been hacked | ZDNet

After The New Zealand Terror Attack, Here’s Why 8chan Won’t Be Wiped From The Web

How Right-Wing Social Media Site Gab Got Back Online | WIRED

Parliament TV and Radio - New Zealand Parliament

Facebook trolls and scammers from Kosovo are manipulating Australian users - ABC News (Australian Broadcasting Corporation)

Optus, Telstra, Vodafone Block 8chan, 4chan For Christc... | 10 daily

Dutton Wants To Rehash The Video Game Violence Debate After The NZ Attack

Facebook failed to block 20% of uploaded New Zealand shooter videos | TechCrunch

Beto O’Rourke’s secret membership in America’s oldest hacking group

'Make money work for me': Sydney man charged with stealing $100,000 via phone porting

A huge trove of medical records and prescriptions found exposed | TechCrunch

New Mirai malware variant targets signage TVs and presentation systems | ZDNet

Microsoft releases Application Guard extension for Chrome and Firefox | ZDNet

North Korean diplomats in Spain: CIA implicated in attack on North Korean embassy in Madrid | In English | EL PAÍS

Dissidents behind raid on N.Korea Madrid embassy: US paper - The Local

Almost 150 million users impacted by new SimBad Android adware | ZDNet

Most Android Antivirus Apps Are Garbage | WIRED

Nasty WinRAR bug is being actively exploited to install hard-to-detect malware | Ars Technica

Proof-of-concept code published for Windows 7 zero-day | ZDNet

Malicious Counter-Strike 1.6 servers used zero-days to infect users with malware | ZDNet

“Yelp, but for MAGA” turns red over security disclosure, threatens researcher | Ars Technica

Local privilege escalation via the Windows I/O Manager: a variant finding collaboration – Security Research & Defense

iblue on Twitter: "So, that's CVE-2019-5418. Accept: ../../../../../../../../../etc/passwd (And we might see more fun involving the PathResolver in the future :))… https://t.co/JT2hxnCaM4"

CVE‌-2019-7644: How Does this Happen?

Chronicle Security - Careers

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:

• Chelsea Manning back in jail
• Citrix owned, Resecurity claims it was Iran. Again. Because reasons, apparently.
• Huawei politics get messy
• EXCLUSIVE: Toyota Oz, other carmakers likely targeted by APT32 (Vietnam)
• Much, much more

This week’s sponsor is Senetas. They make layer 2 encryption gear but recently made a US$8m investment into Votiro, a Content Disarm and Reconstruction (CDR) play. Votiro CEO Aviv Grafi is this week’s sponsor guest. He stops by to explain CDR tech.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Chelsea Manning jailed after refusing to testify about WikiLeaks - CNNPolitics

Citrix discloses security breach of internal network | ZDNet

Citrix investigating unauthorized access to internal network | Citrix Blogs

Iranian-backed hackers stole data from major U.S. government contractor

Deacon Blues on Twitter: "Have about closed the loop on who is behind Resecurity, the mysterious company attributing the Citrix hack to Iran. It seems to be the work of one man, Andrey Andreevich Komarov, aka Andrew Komarov.… https://t.co/9fbWuEwqdL"

US ambassador in Berlin urges Germany to cut ties with Huawei

Pompeo warns allies Huawei presence complicates partnership with U.S. | Reuters

Huawei’s 5G equipment is a manageable risk, British intelligence claims - The Verge

UN report links North Korean hackers to theft of $571 million from cryptocurrency exchanges

China database lists 'breedready' status of 1.8 million women | World news | The Guardian

800+ Million Emails Leaked Online by Email Verification Service - Security Discovery

Releasing the NSA’s Previously Classified Tool ‘Ghidra’ For Free Is a ‘Game Changer’ - Motherboard

Facebook Suit: Ukrainian Hackers Used Quizzes to Take Data from 60,000 Users

A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificates | Ars Technica

The Prototype iPhones That Hackers Use to Research Apple’s Most Sensitive Code - Motherboard

Google reveals Chrome zero-day under active attacks | ZDNet

Pipes on Twitter: "Google TAG have run down and identified iOS, Chrome and Windows 0days in the last few weeks. @ShaneHuntley Are we going to get some insight on which group you folk are pulling apart later? Sounds like fun times 😉"

Russia blocks encrypted email provider ProtonMail | TechCrunch

Tufts expelled a student for grade hacking. She claims innocence | TechCrunch

Lamborghini-driving bitcoin trader charged with drug trafficking

Cryptocurrency entrepreneur pleads guilty in 'Bitcointopia' fraud - Los Angeles Times

Car alarms with security flaws put 3 million vehicles at risk of hijack | TechCrunch

Silencing Cylance: A Case Study in Modern EDRs – MDSec

Glitching Trezor using EMFI Through The Enclosure – Colin O’Flynn

Extracting BitLocker keys from a TPM

WDS bug lets hackers hijack Windows Servers via malformed TFTP packets | ZDNet

Cisco tells Nexus switch owners to disable POAP feature for security reasons | ZDNet

Auth0 Security Bulletin CVE-2019-7644

Votiro Disarmer Takes Cyber Security to the Next-Generation

Senetas announces $8m investment in Votiro Disarmer

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:

• The NSA isn’t that interested in phone metadata anymore
• More Chinese mass surveillance data leaks
• Chelsea Manning, David House subpoenaed over Wikileaks
• Quadriga cold wallets were actually empty at time of founder’s death
• NSA deployed “rm -rf / shark” at Internet Research Agency
• HackerOne follows Bugcrowd into pentesting
• NSA releases Ghidra
• Much, much more!

This week’s sponsor interview is with Chris Kennedy, AttackIQ’s CISO and VP of customer success. And we’ll be talking about a few things really, like about how continuous validation of security controls like monitoring is a good thing. Everyone uses software like Tenable to verify patching, why not do the same for your monitoring?

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The NSA has reportedly stopped data-mining Americans' phone and SMS records / Boing Boing

House aide: NSA has shut down phone call record surveillance | Ars Technica

China’s “democracy” includes mandatory apps, mass chat surveillance | Ars Technica

China claims detained Canadians formed spy link

As Trump and Kim Met, North Korean Hackers Hit Over 100 Targets in U.S. and Ally Nations - The New York Times

Disclosing Subpoena for Testimony, Chelsea Manning Vows to Fight - The New York Times

WikiLeaks Veteran: I ‘Cooperated’ With Feds ‘in Exchange for Immunity’

Mystery as Quadriga crypto-cash goes missing - BBC News

NSA’s top policy advisor: It’s time to start putting teeth in cyber deterrence | Ars Technica

US wiped hard drives at Russia's 'troll factory' in last year's hack | ZDNet

Vulnerability exposes location of thousands of malware C&C servers | ZDNet

Former Hacking Team Members Are Now Spying on the Blockchain for Coinbase - Motherboard

Coinbase Says Ex-Hacking Team Members Will ‘Transition Out’ After Users Protest - Motherboard

HackerOne thinks its freelance hackers can conduct penetration tests better than actual pentesting companies

New Software Helps to Mitigate Supply Chain Management Risk > National Security Agency | Central Security Service > Article View

Ghidra

Hacker Fantastic on Twitter: "Ghidra opens up JDWP in debug mode listening on port 18001, you can use it to execute code remotely 🤦‍♂️.. to fix change line 150 of support/launch.sh from * to 127.0.0.1 https://t.co/J3E8q5edC7"

Backstory: An Alphabet Moon Shot Wants to Store the Security Industry's Data | WIRED

BlackBerry Cylance Delivers First Proactive Behavioral Analytics Solution with CylancePERSONA

Martijn Grooten on Twitter: "Shamir is of course right in his criticism of strict US visa procedures, but to add a sobering perspective, we have had speakers who couldn't get a visa when we had our conference in the US, Canada and the EU. For most of the world, visas for the West are really hard.… https://t.co/HRXh1Vr5pt"

W3C finalizes Web Authentication (WebAuthn) standard | ZDNet

Hackers have started attacks on Cisco RV110, RV130, and RV215 routers | ZDNet

Researchers uncover ring of GitHub accounts promoting 300+ backdoored apps | ZDNet

Google Reveals "BuggyCow," a Rare MacOS Zero-Day Vulnerability | WIRED

Adobe releases out-of-band update to patch ColdFusion zero-day | ZDNet

PoC Buffer Overflow exploitation in the British Airways Entertainment System | LinkedIn

In this edition of the show we’re playing a small part in Chronicle’s launch of its flagship product, Backstory.

Chronicle is of course the security spinoff of Google’s parent company, Alphabet. The launch of Chronicle itself was announced about a year ago, but until now it’s only really had one product: Virus Total Enterprise. That all changed today when Chronicle launched Backstory at the RSA conference in the USA.

I was lucky enough to see a demo of Backstory before we recorded this interview last week, and I’m going to characterise it in a way that Chronicle probably won’t like, but it’s basically a cloud-SIEM, albeit a very good one.

Backstory ingests logs from a bunch of data sources – DNS lookup information, DHCP info, your EDR logs (from your Crowdstrike or Carbon Black software), web proxy logs, firewall alerts – and then it structures this stuff so you can make use of it. You get nice pointy-clicky timelines and useful visualisations. That’s handy enough, but keep in mind your logs are now with the company that is responsible for Virus Total. They have some pretty good intel, and they can now apply various IOCs to the logs you’ve submitted.

So one obvious use case for Backstory is doing the type of threat hunting threat hunters like to do, but beyond that, this is likely going to become a pretty useful alerting platform.

Show notes

Chronicle launches Backstory

On this week’s show Adam and Patrick discuss the week’s security news:

• Cyber Command kicks the IRA off the Internet on election day
• WSJ reporting on Iran vs Australia likely incorrect
• Two Russian cybersecurity professionals sentenced over treason
• DPRK spearphishing US summit participants
• LOTS of technical news and research this week

This week’s show is brought to you by Remediant. Their CEO Tim Keeler will be along in this week’s sponsor segment to talk about how they’re doing “virtual directory binding” to make managing Linux accounts via Active Directory less traumatic. If you’re struggling with horrible, horrible PAM solutions in your devops environments have a listen to that one.

*** NOTE FROM PAT: I made some mistakes in the recording phase of this week’s show. As a result, my vocal audio is pretty atrocious. Sorry! ***

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Cyber Command put the kibosh on Russian trolls during the midterms

Iranian Group Blamed for Cyberattack on Australia’s Parliament - WSJ

China, not Iran, still the main suspect in hacking of Australia's political parties, say sources

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison — Krebs on Security

North Korean hackers go on phishing expedition before Trump-Kim summit

Supermicro hardware weaknesses let researchers backdoor an IBM cloud server | Ars Technica

The Missing Security Primer for Bare Metal Cloud Services – Eclypsium

The secret lives of Facebook moderators in America - The Verge

CRXcavator: Democratizing Chrome Extension Security | Duo Security

CRXcavator

Toyota Australia says no customer data taken in attempted cyber attack | Business | The Guardian

Toyota Australia hack update | Automotive Industry News | just-auto

Many websites threatened by highly critical code-execution bug in Drupal | Ars Technica

It took hackers only three days to start exploiting latest Drupal bug | ZDNet

Former Hacking Team Members Are Now Spying on the Blockchain for Coinbase - Motherboard

attachment.cgi

For many crooks, malware is out and PowerShell attacks are in, IBM says

New flaws in 4G, 5G allow attackers to intercept calls and track phone locations | TechCrunch

Cryptocurrency wallet caught sending user passwords to Google's spellchecker | ZDNet

POS firm says hackers planted malware on customer networks | ZDNet

Surveillance firm asks Mozilla to be included in Firefox's certificate whitelist | ZDNet

New browser attack lets hackers run bad code even after users leave a web page | ZDNet

WinRAR versions released in the last 19 years impacted by severe security flaw | ZDNet

Dow Jones’ watchlist of 2.4 million high-risk clients has leaked | TechCrunch

Intel open-sources HBFA app to help with firmware security testing | ZDNet

Thunderclap flaws impact how Windows, Mac, Linux handle Thunderbolt peripherals | ZDNet

Spain investigates raid on North Korean embassy: sources | Reuters

Conference | 0xCC | Melbourne

Adam Boileau is along this week to discuss the week’s security news, which also features comment from Dmitri Alperovitch, Klon Kitchen and The Grugq. We cover:

• Former USAF counterintelligence official indicted over spearphishing, leaking secrets
• Australia’s major political parties targeted by APT crew that totally isn’t Chinese. (It’s Chinese)
• More on the Iran DNS hijacks
• Venezuelans phished by their own government
• China’s mass surveillance of Uyghur Muslims laid bare in data leak
• Millions of Swedes have their healthcare help-line calls exposed
• Bank of Valletta dodges a bullet, catches fraudulent transfers
• VK gets Samy’d
• Calls for GDPR-like law in USA
• Marcus “Malwaretech” Hutchins has a bad week

This week’s sponsor interview is with Jason Haddix of Bugcrowd. He’ll be along to talk a little more about what Bugcrowd calls next-generation pentests. They claim one of their tests is sufficient for compliance purposes under PCI, ISO or NIST and they’ve had a third party auditor prove that for them. They also say the service has really taken off despite being launched only a couple of months ago.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Air Force Defector to Iran Severely Damaged U.S. Intelligence Efforts, Ex-Officials Say - The New York Times

Spy Betrayed U.S. to Work for Iran, Charges Say - The New York Times

Game of Thrones hacker worked with US defector to hack Air Force employees for Iran | ZDNet

Scott Morrison details cyber attack on Australia's major political parties

How China and Russia are readying themselves for a US cyber war

Chinese traders freeze Australian coal orders amid 40-day customs delays: sources | Reuters

A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security

Albania expels Iranian diplomats on national security grounds | Reuters

Venezuela’s Government Appears To Be Trying to Hack Activists With Phishing Pages - Motherboard

China's mass surveillance of Uyghur Muslims in Xinjiang province revealed in data security flaw - ABC News (Australian Broadcasting Corporation)

Millions of calls to Swedish healthcare hotline left unprotected online - The Local

Hackers tried to steal €13 million from Malta's Bank of Valletta | ZDNet

State of the Hack S2E01: #NoEasyBreach REVISITED « State of the Hack S2E01: #NoEasyBreach REVISITED | FireEye Inc

Russian hackers 8 times faster than Chinese, Iranians, North Koreans, says report

White hats spread VKontakte worm after social network doesn't pay bug bounty | ZDNet

You Don't Get To Learn How The FBI Tried To Crack Facebook Messenger Encryption, Judge Rules | Gizmodo Australia

GAO gives Congress go-ahead for a GDPR-like privacy legislation | ZDNet

NSO Group founders buy back their spyware company

MalwareTech loses bid to suppress damning statements made after days of partying | Ars Technica

Researchers hide malware in Intel SGX enclaves | ZDNet

Google Play Store app rejections up 55% from last year, app suspensions up 66% | ZDNet

Behold, the Facebook phishing scam that could dupe even vigilant users | Ars Technica

(20) Facebook Popup Phishing Page (Social Login) - YouTube

Google backtracks on Chrome modifications that would have crippled ad blockers | ZDNet

Scammers Are Filing Fake Trademarks to Steal High-Value Instagram Accounts - Motherboard

Google working on new Chrome security feature to 'obliterate DOM XSS' | ZDNet

Microsoft patches 0-day vulnerabilities in IE and Exchange | Ars Technica

Apple is forcing 2FA on iOS and macOS developers

Apple being sued because two-factor authentication on an iPhone or Mac takes too much time

Forced Two Factor Auth Will Cause Issues |Apple Developer Forums

Aspen Tech Policy Hub - A Silicon Valley-Style Think Tank

Next Gen Pen Testing

Adam Boileau is back in the news seat this week. We talk about:

• Amazing Reuters report on UAE’s “Project Raven”
• Bezos’ dick pics, Saudi Arabia and a creepy brother
• US government security staffers play post-shutdown catch-up
• Krebs: National Credit Union Administration probably pwned
• Russia to test complete disconnection from wider Internet
• China suspected of involvement in Australian parliament hack
• Trump likely to ban all Chinese telco equipment makers from US builds
• Lasers
• Google: iOS privesc 0days were in wild
• $145m in cryptocurrency lost forever due to exchange CEO death
• VFEmail has a very bad day
• Facebook/Apple cert wars
• MORE

This week’s show is brought to you by AustCyber, a nonprofit funded by grants from the Australian government. Its goal is to promote Australia’s cybersecurity industry.

AustCyber CEO Michelle Price will be along in this week’s sponsor interview to tell us all about what they’ve got planned for RSA.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Special Report - Inside the UAE’s secret hacking team of U.S. mercenaries | Reuters

Project Raven: What Happens When U.S. Personnel Serve a Foreign Intelligence Agency? - Lawfare

No thank you, Mr. Pecker – Jeff Bezos – Medium

Mistress’ Brother Leaked Bezos’ Racy Texts to Enquirer, Sources Say

Bezos Could Put National Enquirer Brass in Jail

Cybersecurity Workers Scramble to Fix a Post-Shutdown Mess | WIRED

Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions — Krebs on Security

Russia to disconnect from the internet as part of a planned test | ZDNet

China link possible in cyber attack on Australian Parliament computer system, ABC understands - ABC News (Australian Broadcasting Corporation)

Trump likely to sign executive order banning Chinese telecom equipment next week - POLITICO

Huawei Sting Offers Rare Glimpse of U.S. Targeting Chinese Giant - Bloomberg

China's cybersecurity law update lets state agencies 'pen-test' local companies | ZDNet

Google warns about two iOS zero-days 'exploited in the wild' | ZDNet

$145 million funds frozen after death of cryptocurrency exchange admin | ZDNet

Hackers wipe US servers of email provider VFEmail | ZDNet

Zcash cryptocurrency fixes infinite counterfeiting vulnerability | ZDNet

Biohackers Encoded Malware in a Strand of DNA | WIRED

Google releases Chrome extension that alerts users of breached passwords | Ars Technica

Big Telecom Sold Highly Sensitive Customer GPS Data Typically Used for 911 Calls - Motherboard

Hundreds of Bounty Hunters Had Access to AT&T, T-Mobile, and Sprint Customer Location Data for Years - Motherboard

How Hackers and Scammers Break into iCloud-Locked iPhones - Motherboard

Apple restores Facebook’s ability to run internal iOS apps - The Verge

New TLS encryption-busting attack also impacts the newer TLS 1.3 | ZDNet

Atlassian leads encryption law revolt as Peter Dutton stands firm

Australian government clamping down on security research, academic says - Computerworld

Swiss government invites hackers to pen-test its e-voting system | ZDNet

Indecent disclosure: Gay dating app left “private” images, data exposed to Web (Updated) | Ars Technica

AustCyber supports the development of a vibrant and globally competitive cyber security sector | AustCyber

As regular listeners know, this isn’t the regular weekly Risky Business podcast, all Soap Box podcasts are paid promotions. We ran 10 of these last year, we’re running more of them this year – the total number is up to 14, but we’re running fewer of our other promotional podcast Snake Oilers.

In this Soap Box podcast we’re chatting with a company with a legitimately fascinating origin story.

You remember how in 2017 and 2018 people were running all these shonky initial coin offerings where they’d sell off millions of dollars of crypto tokens on the basis of a two minute video and a whitepaper? What happened in a lot of these cases is after the ICO the founders would take the money, launder it and move to the Bahamas.

Well, Polyswarm raised its money in an ICO. About $26m US dollars (!!). And, because they weren’t mainlining the ICO Kool-Aid, they cashed out about half of what they raised into real money before cryptocurrency values crashed.

Instead of moving to the Bahamas, they actually stuck around to build the business that tokenholders had chosen to fund. Their token value has crashed like everyone else’s has, but that doesn’t matter – they’re funded, and because of their unconventional funding source they don’t have a whole bunch of venture capitalists breathing down their neck.

So, what’s the business? It’s a marketplace for threat detection. Yes, my pinned tweet says “I do not want your blockchain expert as a guest on my podcast,” and yes, this company does use blockchain fairy dust, but as you’ll hear, the blockchain element to this business isn’t really what it’s about. Indeed, the founder and CEO of Polyswarm, Steve Bassi, says he would find life a lot easier in many ways if they weren’t actually using blockchain tech here as a marketplace enabler. He’s also banned himself from ever attending a blockchain conference again in his life.

Ok, so what is the Polyswarm marketplace and how does it work. As you’ll hear in this interview it took me a bit to actually understand exactly what they’re doing here, but what they’ve essentially built is a marketplace for AV. The best way to explain this is to just explain how it works. If you’re an enterprise client or an MSSP you can submit a sample to this marketplace. You’re submitting it with a question – is this file bad or good – and you attach a tokenised value to the answer.

On the other side of the equation are all these AV engines. Big ones, small ones… even tiny little micro engines that are only good at detecting very niche threats. So the enterprise submits the sample – that can be a whole file or just a hash – and it gets distributed to all the people who are running these AV engines. They scan the file, and if they’re super confident on an answer, they return that answer as well as a tokenised stake as a measure of their confidence. The idea is you can have a competitive marketplace for threat detection in which even niche players can participate. Polyswarm CEO Steve Bassi joined me to talk me through the whole concept.

Show notes

Enterprise Clients - PolySwarm

PolySwarm (NCT) - All information about PolySwarm ICO (Token Sale) - ICO Drops