This week’s show is a fun one! We’ll be chatting with Josh Corman, the Atlantic Council’s Director of Cyber Statecraft. We’ll be speaking with him about an exercise he did recently with a whole bunch of students. Basically the whole thing was a simulation where students walked through various scenarios and had to respond. Unfortunately, Josh discovered that most students had a predisposition to escalating things unnecessarily. From Mirai to mushroom clouds, that’s this week’s feature interview.
This week’s sponsor interview is also an absolute corker. Rapid7 is this week’s sponsor. In addition to making enterprise security software and running a pentest practice, Rapid7 also spends a considerable amount of time and money on developing Metasploit.
Rapid7 research director Tod Beardsley and director of transportation security Craig Smith join the show this week to talk about some recent changes to Metasploit that I’m amazed haven’t made a bigger splash. You can now run Metasploit against a CAN bus and they’ve built an RF module as well. That is absolutely awesome stuff, coming up in this week’s sponsor interview, with special thanks to Rapid7!
Adam Boileau, as always, joins us to talk about the week’s security news.
Links to items discussed in this week’s show have moved – they’re now included in this post, below.
Oh, and do add Patrick, or Adam on Twitter if that’s your thing.
- Wikileaks releases code that could unmask CIA hacking operations | Ars Technica
- Smart TV hack embeds attack code into broadcast signal—no access required | Ars Technica
- Project Zero: Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)
- Here's How Not to Get Doxed Like FBI Director James Comey - Motherboard
- Reinhold Niebuhr on Twitter: "https://t.co/L5ehuMFGat https://t.co/x53gCG7Nvc"
- Verizon Rebuts Critics of Data-Collecting App | Threatpost | The first stop for security news
- An Update on Verizon's AppFlash: Pre-Installed Spyware Is Still Spyware | Electronic Frontier Foundation
- New Mirai Variant Roars into Action With 54 Hour DDoS Attacks | Threatpost | The first stop for security news
- Publicly Attacked Microsoft IIS Zero Day Unlikely to be Patched | Threatpost | The first stop for security news
- Microsoft Offers Analysis of Zero-Day Exploited By Zirconium Group | Threatpost | The first stop for security news
- Hackers Are Emptying ATMs With a Single Drilled Hole and $15 Worth of Gear | WIRED
- Russian Hackers Have Used the Same Backdoor for Two Decades | WIRED
- Operation Cloud Hopper
- Pegasus for Android: the other side of the story emerges | Lookout Blog
- Someone is putting lots of work into hacking Github developers | Ars Technica
- FBI Arrests Hacker Who Hacked No One - The Daily Beast
- Hackers Hit Islamic State Site, Use It to Spread Malware - Motherboard
- UK Cops Arrest Man Potentially Linked to Apple Extortion - Motherboard
- Patrick Gray on Twitter: "Heh. I think you could call this "high confidence". https://t.co/zDCbiPmJXV"
- An Unprecedented Heist Hijacked a Brazilian Bank’s Entire Online Operation | WIRED
- Samsung's Android Replacement Is a Hacker's Dream - Motherboard
- Patrick Gray on Twitter: "This is interesting. Apparently RU bots hammer Trump's account with conspiracy-related material when they know he's likely to be using it. https://t.co/f38WB9uIsS"
- McAfee is once again an independent company - CSO | The Resource for Data Security Executives
- Fake SEO Plugin Used In WordPress Malware Attacks | Threatpost | The first stop for security news
- Hackers Can Easily Hijack This Dildo Camera and Livestream the Inside of Your Vagina (Or Butt) - Motherboard
- Rebuttal to Pen Test Partners
- Exiting the Matrix: Introducing Metasploit's Ha... | Rapid7 Community and Blog
- Metasploit's RF Transceiver Capabilities | Rapid7 Community and Blog