Risky Business #473 -- Kaspersky is officially toast

Blockbuster New York Times piece reveals Israel caught Kaspersky red handed...
11 Oct 2017 » Risky Business

On this week’s show we’re taking a deep dive into the latest news about Kaspersky and its alleged ties to Russian security services. The New York Times has just published an absolutely blockbuster piece that claims Israeli intelligence infiltrated Kaspersky’s network in 2014 and uncovered slam dunk evidence the company was operating espionage campaigns on behalf of the Russian government. We’ll jump into that in a minute, then in this week’s feature I’ll chat with Dave Aitel of Immunity Inc and get his feelings on the Kaspersky controversy.

Casey Ellis is this week’s sponsor guest. He’s joining us this week to talk about how people running their own bug bounties can avoid false negatives. A couple of weeks back we ran a feature here on the show about a guy who had a pretty hard time reporting a legitimate security bug to Microsoft. Casey will be along with some ideas on how companies might do better when managing a lot of inbound bug reports, many of which are bogus. How do you sort the wheat from the chaff.

Links to everything are below.

Oh, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

How Israel Caught Russian Hackers Scouring the World for U.S. Secrets - The New York Times
Ex-NSA Hackers Are Not Surprised by Bombshell Kaspersky Report - Motherboard
Office Depot, Best Buy Pull Kaspersky Products From Shelves
Kaspersky and the Third Major Breach of NSA’s Hacking Tools – emptywheel
Russia reportedly stole NSA secrets with help of Kaspersky—what we know now | Ars Technica
Thread Reader
Australian police posed as child abusers for a dark web sting
North Korea hacked South's secret joint US war plans – reports | World news | The Guardian
Hacking North Korea Won't Stop Its Nuclear Program | WIRED
Report: Facebook removed references to Russia from fake-news report | Ars Technica
Facebook’s security chief warns fake news is more dangerous and complex than people think | The Independent
SEC hack came as internal security team begged for funding | Ars Technica
Meet Danny, the Guy Authorities Say Is Selling Encrypted Phones to Organized Crime
Cellebrite: Hacking into iPhones is harder than ever
In-progress email threads were hacked to spearphish private companies, report says
Disqus confirms 2012 database breach impacting 17.5 million users
Report: John Kelly's personal phone was compromised for months
Market Research Firm Forrester Says Hackers Stole Sensitive Reports
Over 37,000 Chrome Users Installed a Fake AdBlock Plus Extension
New NIST and DHS Standards Get Ready to Tackle BGP Hijacks
Russia Says It Will Ban Cryptocurrency Exchanges
‘Dark Overlord’ Hackers Text Death Threats to Students, Then Dump Voicemails From Victims
If macOS High Sierra shows your password instead of the password hint for an encrypted APFS volume - Apple Support
Porn Site Becomes Hub for KovCoreG Group Malvertising Campaigns | Threatpost | The first stop for security news
T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number - Motherboard
Critical Windows DNS vulnerability gives hackers the 'keys to the kingdom'
Manhattan U.S. Attorney Announces Charges Against Seven Iranians For Conducting Coordinated Campaign Of Cyber Attacks Against U.S. Financial Sector On Behalf Of Islamic Revolutionary Guard Corps-Sponsored Entities | USAO-SDNY | Department of Justice
SensePost | Macro-less code exec in msword
The confrontation that fueled the fallout between Kaspersky and the U.S. government - Cyberscoop
Understanding the Equifax Data Breach | Anna Slomovic| Managing Personal Data
Equation Group: The Crown Creator of Cyber-Espionage | Kaspersky Lab
[1710.00551] Another Flip in the Wall of Rowhammer Defenses
CyberTalks 2017