Risky Business #469 -- More like EquiHAX. AMIRITE??

PLUS: Nazi-hunting with TensorFlow...
13 Sep 2017 » Risky Business

On this week’s show, of course, we’ll be using the news segment to take a look at the dumpster fire that is the Equifax breach. We’ve got suspicious short trades, executive share sales and an absolutely shambolic response. This one’s got the lot; something for everyone.

We’ll also take a look at these latest Bluetooth bugs and of course we’ll recap the rest of the week’s security news.

In this week’s feature interview we’re chatting with Emily Crose. After cutting her teeth at CIA, NSA and US Cyber Command, these days Emily works in the private sector, and her hobby at the moment is using machine learning-based image processing to identify problematic social media images.

Some social media companies say it’s too hard to identify, for example, ze Nazis. Emily says nope.

I would say this week’s show is brought to you by Tenable Network Security, but now I’m just going to say Tenable because these days that’s what they’re calling themselves. And it makes sense. Vulnerability management isn’t really just about what’s on your network anymore.

With that in mind, they’ve really changed the messaging of the company. They’re not calling it continuous monitoring anymore, they’re calling it cyber exposure measurement. Corey Bodzin, VP of product operations at Tenable joins the show to walk us through the rationale behind the new messaging.

Adam Boileau is this week’s news guest.

See links to show notes below, and follow Patrick or Adam on Twitter if that’s your thing!

Show notes

The Equifax Breach: What You Should Know — Krebs on Security
Equifax Breach Response Turns Dumpster Fire — Krebs on Security
Apache Foundation Refutes Involvement in Equifax Breach | Threatpost | The first stop for security news
Suspect trading in Equifax options before breach might have generated millions in profit
Dustin Volz on Twitter: "NEWS: Senate Finance Committee leaders Hatch and Wyden ask @Equifax CEO for info on hack, including what stock-selling execs knew and when https://t.co/Dhvyj8MALS"
Equifax Stung With Multibillion-Dollar Class-Action Lawsuit After Massive Data Breach
Chatbot lets you sue Equifax for up to $25,000 without a lawyer - The Verge
Exploit goes public for severe bug affecting high-impact sites | Ars Technica
Apache Struts Vulnerabilities May Affect Many of Cisco's Products
Facebook May Have More Russian Troll Farms to Worry About | WIRED
FBI investigates Russian news agency Sputnik
Billions of devices imperiled by new clickless Bluetooth attack | Ars Technica
Windows 0-day is exploited to install creepy Finspy malware (again) | Ars Technica
Microsoft September Patch Tuesday Fixes 82 Security Issues, Including a Zero-Day
Hacking Collective Finds Flaw That Allows Tampering With Election Vote Counts
A Simple Design Flaw Makes It Astoundingly Easy To Hack Siri And Alexa
Popular D-Link Router Riddled with Vulnerabilities | Threatpost | The first stop for security news
Over 1.65 Million Computers Infected With Cryptocurrency Miners in 2017 So Far
Bitcoin Price Takes a Tumble Amid Rumors of China Banning Cryptocurrency Trading
Bashware: Malware Can Abuse Windows 10's Linux Shell to Bypass Security Software
Tenable™ - The Cyber Exposure Company