Risky Business #451 -- Shadowbrokers nothingburger edition

Adam, Pipes talk Shadowbrokers...
19 Apr 2017 » Risky Business

On this week’s show we talk about the latest Shadowbrokers shenanigans with Adam, as well as all the other major security news of the last couple of weeks.

After that we’ll be chatting with Adam’s colleague at Insomnia Security, Pipes, about the interesting aspects to the dump – what did it teach us about how NSA rolls? Well quite a lot, as it turns out. And yeah, the N0day bugs aren’t the interesting bit.

This week’s show is sponsored by Tenable Network Security. This week Tenable’s VP of federal, Darron Makrokanis, will be along to talk about how to speed up federal government adoption of new tech – what’s the best way for that to happen? That’s this week’s sponsor interview!

Links to items discussed in this week’s show have moved – they’re now included in this post, below.

Oh, and do add Patrick, or Adam on Twitter if that’s your thing.

Show notes

NSA-leaking Shadow Brokers just dumped its most damaging release yet | Ars Technica
In slap at Trump, Shadow Brokers release NSA EquationGroup files | Ars Technica
Shadow Brokers Leak Shows NSA Hacked Middle East Banking System and Had Major Windows Exploits | WIRED
Alleged NSA Victim Denies Hackers Ever Broke In - Motherboard
Mysterious Microsoft patch killed 0-days released by NSA-leaking Shadow Brokers | Ars Technica
We Can Calm Down: Microsoft Already Patched Most of the Shadow Brokers Exploits - Motherboard
The New Shadow Brokers Leak Connects the NSA to the Stuxnet Cyber Weapon Used on Iran - Motherboard
Newly Leaked Hacking Tools Were Worth $2 Million on the Gray Market - Motherboard
WikiLeaks just dropped the CIA’s secret how-to for infecting Windows | Ars Technica
Found in the wild: Vault7 hacking tools WikiLeaks says come from CIA | Ars Technica
Researchers find China tried infiltrating companies lobbying Trump on trade | Ars Technica
Brexit: foreign states may have interfered in vote, report says | Politics | The Guardian
North Korea: Can the US take out its missiles before launch? - CNN.com
Feds deliver fatal blow to botnet that menaced world for 7 years | Ars Technica
Rash of in-the-wild attacks permanently destroys poorly secured IoT devices | Ars Technica
New processors are now blocked from receiving updates on old Windows | Ars Technica
Microsoft Word 0-day was actively exploited by strange bedfellows | Ars Technica
Why Did Microsoft Wait Six Months To Patch a Critical Word Zero-Day? - Motherboard
Microsoft Word 0-day used to push dangerous Dridex malware on millions | Ars Technica
Critical Word 0-day is only 1 of 3 Microsoft bugs under attack | Ars Technica
Office Zero Day Delivering FINSPY Spyware to Victims in Russia | Threatpost | The first stop for security news
Microsoft Patches Word Zero-Day Spreading Dridex Malware | Threatpost | The first stop for security news
Breaking Signal: A Six-Month Journey | Threatpost | The first stop for security news
F8 2017: Facebook's Delegated Recovery Will Make It Easier to Get Back Into Locked Accounts | WIRED
Charlie Miller on Why Self-Driving Cars Are So Hard to Secure From Hackers | WIRED
Meet PINLogger, the drive-by exploit that steals smartphone PINs | Ars Technica
Fake News at Work in Spam Kingpin’s Arrest? — Krebs on Security
Self-Proclaimed ‘Nuclear Bot’ Author Weighs U.S. Job Offer — Krebs on Security
FDA Demands St. Jude Take Action on Medical Device Security | Threatpost | The first stop for security news
Inside the 'Stalkerware' Surveillance Market, Where Ordinary People Tap Each Other's Phones - Motherboard
‘High Risk’ Zero-Day Leaves 200,000 Magento Merchants Vulnerable | Threatpost | The first stop for security news
Netflix's HTTPS Update Can't Combat Passive Traffic Analysis Attacks | Threatpost | The first stop for security news
Purdue CERIAS Researchers Find Vulnerability in Google Protocol - CERIAS - Purdue University
Patrick Gray on Twitter: "Our threat intel cyber APT disruption hunt team worked VERY hard on this. The https://t.co/AfUMfSpRrZ quartered rhombus of cyber ownage: https://t.co/lIc4x0aFo3"