Risky Business #369 -- Kaspersky pwned by Duqu, bye bye 215 and more

PLUS Scanning for people-based threats...
11 Jun 2015 » Risky Business

On this week's show we speak with Laura Bell about scanning people for vulnerabilities. Who in your organisation do you most need to worry about protecting? Well, it's not who you think. She'll be along soon to discuss that.

This week's show is brought to you by Rapid7.

Rapid7's SVP of Products and Engineering Lee Weiner will be along in this week's sponsor interview to talk about how to get security and IT departments both thinking about risk-based approaches to patching. Hey, sure, you've got 8,000 boxes that can all be Heartbleeded, but do you need to worry about all of them right now? Or just the accessible ones with all the customer data on them?

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

Kaspersky Finds New Nation-State Attack-In Its Own Network | WIRED
http://www.wired.com/2015/06/kaspersky-finds-new-nation-state-attack-net...

The Senate Finally Passes NSA Surveillance Reform | WIRED
http://www.wired.com/2015/06/senate-finally-passes-bit-nsa-reform/

Senate Shoots Down All Bad Amendments to the NSA Reform Bill | WIRED
http://www.wired.com/2015/06/senate-shoots-bad-amendments-nsa-reform-bill/

Federal agency hit by Chinese hackers, around 4 million employees affected | Ars Technica
http://arstechnica.com/security/2015/06/federal-agency-hit-by-chinese-ha...

Why the "biggest government hack ever" got past the feds | Ars Technica
http://arstechnica.com/security/2015/06/why-the-biggest-government-hack-...

New Snowden documents reveal secret memos expanding spying | Ars Technica
http://arstechnica.com/tech-policy/2015/06/new-snowden-documents-reveal-...

All U.S. United Flights Grounded Over Mysterious Problem | WIRED
http://www.wired.com/2015/06/united-flights-grounded-mysterious-problem/

Exclusive: U.S. tried Stuxnet-style campaign against North Korea but failed - sources | Reuters
http://www.reuters.com/article/2015/05/29/us-usa-northkorea-stuxnet-idUS...

TV5 Monde attack 'by Russia-based hackers' - BBC News
http://www.bbc.com/news/world-europe-33072034

Nonlinear warfare - A new system of political control 2014 Adam Curtis - YouTube
https://www.youtube.com/watch?v=tyop0d30UqQ

Vladislav Surkov - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Vladislav_Surkov

California senate wants warrants to be required for phone searches
http://www.engadget.com/2015/06/04/california-warrant-phone-search-bill/

Intercepted WhatsApp messages led to Belgian terror arrests [Updated] | Ars Technica
http://arstechnica.com/tech-policy/2015/06/intercepted-whatsapp-messages...

Sen. McCain: How to Get Silicon Valley to Help the Pentagon | WIRED
http://www.wired.com/2015/06/sen-mccain-get-silicon-valley-help-pentagon/

Feds Want to ID Web Trolls Who 'Threatened' Silk Road Judge | WIRED
http://www.wired.com/2015/06/feds-want-id-web-trolls-threatened-silk-roa...

This Hacked Kids' Toy Opens Garage Doors in Seconds | WIRED
http://www.wired.com/2015/06/hacked-kids-toy-opens-garage-doors-seconds/

'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected - SC Magazine
http://www.scmagazine.com/trapx-profiles-medjack-threat/article/418811/

Bitcoin blackmail gang start hurling DDoSes at Scandinavia \u2022 The Register
http://www.theregister.co.uk/2015/06/09/ddos_blackmail_gang_scandinavian...

iiNet investigates alleged theft of customer database - Security - News - iTnews.com.au
http://www.itnews.com.au/News/404959,iinet-investigates-alleged-theft-of...

Crypto flaws in Blockchain Android app sent bitcoins to the wrong address | Ars Technica
http://arstechnica.com/security/2015/05/crypto-flaws-in-blockchain-andro...

Beware of the text message that crashes iPhones | Ars Technica
http://arstechnica.com/security/2015/05/beware-of-the-text-message-that-...

US Army website defaced by Syrian Electronic Army [Updated] | Ars Technica
http://arstechnica.com/security/2015/06/us-army-website-defaced-by-syria...

Assume your GitHub account is hacked, users with weak crypto keys told | Ars Technica
http://arstechnica.com/security/2015/06/assume-your-github-account-is-ha...

June 2015 Adobe Flash Player Security Update | Threatpost | The first stop for security news
https://threatpost.com/adobe-patches-13-vulnerabilities-in-flash-player/...

June 2015 Microsoft Patch Tuesday Security Bulletins | Threatpost | The first stop for security news
https://threatpost.com/critical-ie-update-one-of-eight-microsoft-securit...

FAQs
http://www.bis.doc.gov/index.php/policy-guidance/faqs#subcat200

SafeStack - Agile Application Security
http://safestack.io/

IT Security & Analytics, Pen Testing, Compliance - Rapid7
http://www.rapid7.com/

The Isley Brothers - Fight The Power (Part 1 & 2) (1975) - YouTube
https://www.youtube.com/watch?v=wO2ebiuV3hU

SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: