This week's show is brought to you by BugCrowd -- crowdsourced security testing. Bugcrowd founder and CEO Casey Ellis will join us in this week's sponsor interview to tell us about the latest trends in bounties and crowdsourced security.
He's got some useful info. It turns out bounty participants are getting better at doing OSINT collection to win when testing. So yeah, creds and stuff in Github and repos that shouldn't be there are giving these guys easy wins... we'll also talk about the latest trends in terms of who's running bounty programs -- it's not just companies testing web and mobile apps these days, they're doing a bunch more work on IoT and installable software. It's a solid trend.
There's no feature interview in this week's show because, well, it was a pretty slow week. I was expecting last week's US House hearing into possible US responses to encryption technology to give me heaps of feature material for this week's show, but it was actually a bit of a fizzer, which is pretty awesome, actually.
Adam Boileau, as usual, joins the show to discuss the week's news headlines.
Don't forget you can now support the Risky Business page via our Patreon campaign.
Windows Update for Business Uproots Patch Tuesday | Threatpost | The first stop for security news
A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent\u2026
Windows 10 bombshell: Microsoft to KILL OFF Patch Tuesday \u2022 The Register
With Lock Research, Another Battle Brews in the War Over Security Holes | WIRED
Vulnerability-Riddled Drug Pumps Open to Takeover | Threatpost | The first stop for security news
Interpol alerted as teenage hacker from Perth flees to Europe | The Australian
Programmer Convicted in Bizarre Goldman Sachs Case-Again | WIRED
WikiLeaks Finally Brings Back Its Submission System for Your Secrets | WIRED
How Selerity reported Twitter's earnings-before Twitter did | Ars Technica
'Just follow the damn Constitution!' FBI, DoJ skewered over demands for crypto backdoors \u2022 The Register
Congress, Crypto and Craziness | Threatpost | The first stop for security news
Zuck'ed up: Facebook opens up free internet in India - but bans HTTPS \u2022 The Register
Foiling Pump Skimmers With GPS - Krebs on Security
PayIvy Sells Your Online Accounts Via PayPal - Krebs on Security
Google Research Reveals Profitable, Pervasive Ad Injector Ecosystem | Threatpost | The first stop for security news
Microsoft LAPS Tool Addresss Local Admin Password Problem | Threatpost | The first stop for security news
Netflix Releases FIDO Incident Response Tool | Threatpost | The first stop for security news
Google Updates Password Alert Extension, But Some Bypasses Still Work | Threatpost | The first stop for security news
Super secretive malware wipes hard drive to prevent analysis | Ars Technica
Dyre Banking Trojan Avoids Sandbox Detection | Threatpost | The first stop for security news
The BACKRONYM MySQL Vulnerability - Blog - Duo Security
Behold: the drop-dead simple exploit that nukes Google's Password Alert | Ars Technica
Actively exploited WordPress bug puts millions of sites at risk | Ars Technica
Spam-blasting malware infects thousands of Linux and FreeBSD servers | Ars Technica
Lenovo System Update Vulnerabilities Patched | Threatpost | The first stop for security news
Sally Beauty Card Breach, Part Deux? - Krebs on Security
02 - Mammal - Think - YouTube