Brought to you by Rapid7

Command Your Attack Surface

Show notes

Threat or menace? “Autosploit” tool sparks fears of empowered “script kiddies” | Ars Technica

Rob Joyce on Twitter: "Releasing AutoSploit, making mass exploitation even easier, was irresponsible. My friends at the FBI remind us all that while exploitation is easier, it is not any less illegal. #scriptkiddiesbeware"

Lauri Love case: Hacking suspect wins extradition appeal - BBC News

Young criminal hackers get assigned jobs at Dutch ICT firms | NL Times

Julian Assange loses challenge to UK arrest warrant, court to rule on new bid next week - ABC News (Australian Broadcasting Corporation)

Alleged Spam Kingpin ‘Severa’ Extradited to US — Krebs on Security

Georgia SB 315 (The Computer Intrusion Bill)

TechCrunch alumni arrested over alleged hacking of car sharing company - SiliconANGLE

Trump administration wants larger role in shaping international data laws

CLOUD Act Would Erode Trust in Privacy of Cloud Storage | Center for Democracy & Technology

Experts push back on Trump administration's call to respond to cyberattacks with nukes

Data Security and Bug Bounty Programs: Lessons Learned from the Uber Breach and Security Researchers - Hearings - U.S. Senate Committee On Commerce, Science, & Transportation

Nicole Perlroth on Twitter: "Wow this Commerce Committee hearing on Uber payment is going off the rails. Blumenthal accusing Uber of aiding and abetting extortion, and a cover up. Flynn, "I agree... This is not the way we are going to do these things moving forward." Calls it "multilevel data intrusion.""

Berkshire Hathaway’s Business Wire Suffers Cyberattack - WSJ

Credit card ban, regulator scrutiny latest challenges for bitcoin

Seoul claims North Korea stole millions worth of cryptocurrency from domestic exchanges

DHS won't reverse ban on Kaspersky products, court docs show

Apple, Cisco team up with cyber insurers for policy discounts

Oh, banks have cameras? Two men arrested for ATM jackpotting scheme must've forgot

Telegram iOS app removed from App Store last week due to child pornography | Ars Technica

Hacking Team Is Still Alive Thanks to a Mysterious Investor From Saudi Arabia - Motherboard

T-Mobile Is Sending a Mass Text Warning of ‘Industry-Wide’ Phone Hijacking Scam - Motherboard

NSA Exploits Ported to Work on All Windows Versions Released Since Windows 2000

Covert Data Channel in TLS Dodges Network Perimeter Protection | Threatpost | The first stop for security news

An Adobe Flash 0day is being actively exploited in the wild | Ars Technica

In just 24 hours, 5,000 Android devices are conscripted into mining botnet | Ars Technica

Bug in Grammarly browser extension exposes virtually everything a user ever writes

Cisco investigation reveals ASA vulnerability is worse than originally thought

Matthew Olney on Twitter: "Hey guys, I know you're excited about CVE-2018-0101 (Cisco ASA SSL VPN RCE), but even if you don't have a service contract you can obtain the update from TAC. DO NOT download and install images from anyone but Cisco. (We appreciate the help, we really do...but...just....don't)"

Cyber Operations Tracker | Council on Foreign Relations Interactives

Atlassian Security Engineering Team Lead | SmartRecruiters

Atlassian Sr. Manager of Global Security Engineering | SmartRecruiters