On this week’s show we’re checking in with Kelly Shortridge and the topic is zombies. Not the botnet kind, the heavily-VC-backed kind.
A recent report from the Reuters news agency highlighted the amount of VC pouring into the so-called “cyber” industry vs the amount of money actually coming out of it in the form of profitable exits isn’t matching up. The industry is filling up with so-called zombie companies – they’ll never exit, but they’re not going to completely die, either.
As it turns out, Kelly recently did a presentation on precisely this topic, so in this week’s feature we get her take on why this is happening and what’s likely to change. The tl;dr is something will have to give in the next couple of years, and it’s going to be ugly.
In this week’s sponsor interview we check in with Jordan Wright of Duo Security. Jordan has done some research into phishing kits. While phishing isn’t the sexiest topic, the team at Duo has actually done some pretty comprehensive research here – they looked at thousands of kits and pulled out some interesting stats.
We’ll talk to him about that, and also about the likelihood that U2F hardware will soon be baked into consumer devices. That’s really going to change things in years to come.
Adam Boileau, as always, pops in to discuss the week’s news. We cover the:
- Strava heatmap
- Dutch infiltration of Cozy Bear
- Possible nationalisation of the US 5G network on security grounds
- Microsoft disabling Intel Spectre patches
- Google’s Chronicle announcement
- US$400m Cyptocurrency ownage
The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.
- Strava Data Heat Maps Expose Military Base Locations Around the World | WIRED
- Strava’s heatmap data lets anyone see the names of people exercising on military bases | WIRED UK
- “Heatmap” for social athlete’s app reveals secret bases, secret places | Ars Technica
- Dutch Spies Snooped on Russia's Elite Hackers, and More Security News This Week | WIRED
- To counter China, White House memo suggests a nationalized 5G network | Ars Technica
- Microsoft rushes Windows patch disabling Intel’s Spectre fixes due to instability
- Intel: Meltdown, Spectre silicon fixes coming 2018; 3D XPoint RAM, not so much | Ars Technica
- Chronicle: A Meteor Aimed At Planet Threat Intel? — Krebs on Security
- Two new cryptocurrency heists make off with over $400M worth of blockchange | Ars Technica
- Ethereum Startup Vanishes After Seemingly Making $11, Leaves Message: ‘Penis’ - Motherboard
- Now even YouTube serves ads with CPU-draining cryptocurrency miners | Ars Technica
- New Ads Policy: Improving Integrity and Security of Financial Product and Services Ads | Facebook Business
- Drugs Tripped Up Suspects In First Known ATM “Jackpotting” Attacks in the US — Krebs on Security
- U.S. economy could lose billions if attack shut down major cloud providers, report says
- DNC hires first ever CSO ahead of 2018 midterms
- Huawei loses another carrier deal as spying fears impede its US growth | Ars Technica
- DCShadow explained – Alsid blog
- Cisco patches a perfect 10.0 'critical' flaw in its popular security appliance
- Oracle issues patches for 10 'virtual machine escape' flaws in VirtualBox
- Under threat: Cyber security startups fall on harder times
- Phish in a Barrel