Risky Business #456 -- Your MSP *will* get you owned

PLUS: Shoddy infosec marketing and the news with Adam...
24 May 2017 » Risky Business

On this week’s show Adam pops in to discuss the week’s news. (Links below) After the news segment Adam and Patrick both chat about topics near and dear to their hearts: Shoddy infosec marketing and shoddy MSP security.

This week’s show is brought to you by WordFence, a company that makes a WordPress security plugin. It’s not so much an enterprise security tool, but it turns out that when you run two million Wordpress plugins you wind up collecting some pretty valuable threat intel and IOCs. WordFence’s Mark Maunder joins the show this week to talk about WordPress security and malware distribution!

You can add Patrick, or Adam on Twitter if that’s your thing. Show notes are below…

Show notes

More people infected by recent WCry worm can unlock PCs without paying ransom | Ars Technica
There’s new evidence tying WCry ransomware worm to prolific hacking group | Ars Technica
Windows 7, not XP, was the reason last week’s WCry worm spread so widely | Ars Technica
EternalRocks Worm Spreads Seven NSA SMB Exploits | Threatpost | The first stop for security news
PATCH Act Calls for VEP Review Board | Threatpost | The first stop for security news
US politicians think companies should be allowed to 'hack back' after WannaCry
Sweden Drops Julian Assange's Rape Charge, But the WikiLeaks Founder Won't Go Free | WIRED
Examining the FCC claim that DDoS attacks hit net neutrality comment system | Ars Technica
Google Elevates Security in Android O | Threatpost | The first stop for security news
Android Gets Security Makeover With Google Play Protect | Threatpost | The first stop for security news
Any Half-Decent Hacker Could Break Into Mar-a-Lago, We Tested It | Gizmodo Australia
Senate's Use of Signal A Good First Step, Experts Say | Threatpost | The first stop for security news
Should SaaS Companies Publish Customers Lists? — Krebs on Security
Private Eye Allegedly Used Leaky Goverment Tool in Bid to Find Tax Data on Trump — Krebs on Security
Yahoo Retires ImageMagick After Bugs Leak Server Memory | Threatpost | The first stop for security news
Twitter Bug Allowed Hackers To Tweet From Any Account - Motherboard
Breaking the iris scanner locking Samsung’s Galaxy S8 is laughably easy | Ars Technica
Subtitle Hack Leaves 200 Million Vulnerable to Remote Code Execution | Threatpost | The first stop for security news
Apple Patches Pwn2Own Vulnerabilities in Safari, macOS, iOS | Threatpost | The first stop for security news
BostonGlobe.com disables articles when your browser’s in private mode | Ars Technica
Gravityscan - Free Website Malware and Vulnerability Scanner
WordPress Security Plugin | Wordfence