Risky Business Podcast
April 25, 2018
Risky Business #496 -- The China supply chain problem
Presented by
CEO and Publisher
Technology Editor
On this week’s show we hear from Jennifer Bisceglie, the CEO of Interos Solutions, a company that recently prepared a report on supply chain security for the US government’s US-China Economic and Security Review Commission. Risky Business contributor Brian Donohue caught up with Jennifer to talk about the report and really get an idea of what supply chain risks look like from a macro level. The long and the short of it is the supply chain is already very, very opaque, so governments and the private sector will have to work pretty hard to mitigate the risks involved here.
This week’s show is brought to you by Netsparker, the web application security scanning toolmaker. Netsparker was founded nine years ago by this week’s sponsor guest, Ferruh Mavituna. He was a pentester who created Netsparker to help him with his own work. But just recently they raised a bundle of cash: US$40m. We’ll catch up with him and find out if a webapp scanning company with $40m is like the mule with the spinning wheel. It certainly seems like Ferruh has some ambitious plans. We haven’t seen this sort of money being raised by comparable companies so it’s definitely interesting stuff.
In this week’s news we cover off:
- Mysterious BGP route hijacking for lame Ether theft (??)
- Google disabling domain fronting
- Canadian teen charged with downloading documents from a website
- City of Atlanta spending $2.6m to recover from its ransomware event
- RSA’s conference app fail
- White House chaos over Rob Joyce replacement (MAGA!!! MAGAAAAAA!!!!!)
- Much more
The show notes/links are below, and you can follow Adam, Brian or Patrick on Twitter if that’s your thing.
Brought to you by NetSparker
Invicti (formerly Netsparker) | Web Application and API Security for Enterprise
Show notes
Suspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency | Ars Technica
Google disables domain-fronting, removing ability to bypass state-level firewalls - Neowin
Teen charged in Nova Scotia government breach says he had 'no malicious intent' | CBC News
Atlanta Spent $2.6M to Recover From a $52,000 Ransomware Scare | WIRED
Nation-state hackers attempted to use Equifax vulnerability against DoD, NSA official says
DNC Lawsuit Against Russia Reveals New Details About 2016 Hack | WIRED
RSA conference app leaks user data
SEC fines Yahoo remnant Altaba $35 million for failing to disclose breach
These Ex-Spies Are Harvesting Facebook Photos For A Massive Facial Recognition Database
The Cat-and-Mouse Game Between Apple and the Manufacturer of an iPhone Unlocking Tool - Motherboard
Someone Is Trying to Extort iPhone Crackers GrayShift With Leaked Code - Motherboard
The NSA now officially has a new chief
Trump sends cyberwar strategy to Congress
A cybersecurity power struggle is brewing at the National Security Council
Microsoft-led industry group pledges to not assist government cyberattacks - Cyberscoop
Kaspersky Lab banned from advertising on Twitter
U.S. government weighing sanctions against Kaspersky Lab
Sentencing delayed for FSB's email-popping hacker pawn
Introducing Microsoft Azure Sphere: Secure and power the intelligent edge | Blog | Microsoft Azure
“Drupalgeddon2” touches off arms race to mass-exploit powerful Web servers | Ars Technica
‘Orangeworm’ hacking campaign hits X-ray and MRI machines
Icelandic bitcoin heist suspect arrested in Amsterdam after leaving prison | Ars Technica
A bunch of Red Pills: VMware Escapes | Keen Security Lab Blog
Spoofing Cell Networks with a USB to VGA Adapter | Hackaday
Avast reveals more information detailing how hackers compromised CCleaner | V3
New hacks siphon private cryptocurrency keys from airgapped wallets | Ars Technica