This episode sponsored by Bugcrowd.On this week’s show we’re taking a deep dive into the latest news about Kaspersky and its alleged ties to Russian security services. The New York Times has just published an absolutely blockbuster piece that claims Israeli intelligence infiltrated Kaspersky’s network in 2014 and uncovered slam dunk evidence the company was operating espionage campaigns on behalf of the Russian government. We’ll jump into that in a minute, then in this week’s feature I’ll chat with Dave Aitel of Immunity Inc and get his feelings on the Kaspersky controversy.
Casey Ellis is this week’s sponsor guest. He’s joining us this week to talk about how people running their own bug bounties can avoid false negatives. A couple of weeks back we ran a feature here on the show about a guy who had a pretty hard time reporting a legitimate security bug to Microsoft. Casey will be along with some ideas on how companies might do better when managing a lot of inbound bug reports, many of which are bogus. How do you sort the wheat from the chaff.
Links to everything are below.
Oh, and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- How Israel Caught Russian Hackers Scouring the World for U.S. Secrets - The New York Times
- Ex-NSA Hackers Are Not Surprised by Bombshell Kaspersky Report - Motherboard
- Office Depot, Best Buy Pull Kaspersky Products From Shelves
- Kaspersky and the Third Major Breach of NSA’s Hacking Tools – emptywheel
- Russia reportedly stole NSA secrets with help of Kaspersky—what we know now | Ars Technica
- Thread Reader
- Australian police posed as child abusers for a dark web sting
- North Korea hacked South's secret joint US war plans – reports | World news | The Guardian
- Hacking North Korea Won't Stop Its Nuclear Program | WIRED
- Report: Facebook removed references to Russia from fake-news report | Ars Technica
- Facebook’s security chief warns fake news is more dangerous and complex than people think | The Independent
- SEC hack came as internal security team begged for funding | Ars Technica
- Meet Danny, the Guy Authorities Say Is Selling Encrypted Phones to Organized Crime
- Cellebrite: Hacking into iPhones is harder than ever
- In-progress email threads were hacked to spearphish private companies, report says
- Disqus confirms 2012 database breach impacting 17.5 million users
- Report: John Kelly's personal phone was compromised for months
- Market Research Firm Forrester Says Hackers Stole Sensitive Reports
- Over 37,000 Chrome Users Installed a Fake AdBlock Plus Extension
- New NIST and DHS Standards Get Ready to Tackle BGP Hijacks
- Russia Says It Will Ban Cryptocurrency Exchanges
- ‘Dark Overlord’ Hackers Text Death Threats to Students, Then Dump Voicemails From Victims
- If macOS High Sierra shows your password instead of the password hint for an encrypted APFS volume - Apple Support
- Porn Site Becomes Hub for KovCoreG Group Malvertising Campaigns | Threatpost | The first stop for security news
- T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number - Motherboard
- Critical Windows DNS vulnerability gives hackers the 'keys to the kingdom'
- Manhattan U.S. Attorney Announces Charges Against Seven Iranians For Conducting Coordinated Campaign Of Cyber Attacks Against U.S. Financial Sector On Behalf Of Islamic Revolutionary Guard Corps-Sponsored Entities | USAO-SDNY | Department of Justice
- SensePost | Macro-less code exec in msword
- The confrontation that fueled the fallout between Kaspersky and the U.S. government - Cyberscoop
- Understanding the Equifax Data Breach | Anna Slomovic| Managing Personal Data
- Equation Group: The Crown Creator of Cyber-Espionage | Kaspersky Lab
- [1710.00551] Another Flip in the Wall of Rowhammer Defenses
- CyberTalks 2017
