On this week’s show we hear from Jennifer Bisceglie, the CEO of Interos Solutions, a company that recently prepared a report on supply chain security for the US government’s US-China Economic and Security Review Commission. Risky Business contributor Brian Donohue caught up with Jennifer to talk about the report and really get an idea of what supply chain risks look like from a macro level. The long and the short of it is the supply chain is already very, very opaque, so governments and the private sector will have to work pretty hard to mitigate the risks involved here.
This week’s show is brought to you by Netsparker, the web application security scanning toolmaker. Netsparker was founded nine years ago by this week’s sponsor guest, Ferruh Mavituna. He was a pentester who created Netsparker to help him with his own work. But just recently they raised a bundle of cash: US$40m. We’ll catch up with him and find out if a webapp scanning company with $40m is like the mule with the spinning wheel. It certainly seems like Ferruh has some ambitious plans. We haven’t seen this sort of money being raised by comparable companies so it’s definitely interesting stuff.
In this week’s news we cover off:
- Mysterious BGP route hijacking for lame Ether theft (??)
- Google disabling domain fronting
- Canadian teen charged with downloading documents from a website
- City of Atlanta spending $2.6m to recover from its ransomware event
- RSA’s conference app fail
- White House chaos over Rob Joyce replacement (MAGA!!! MAGAAAAAA!!!!!)
- Much more
The show notes/links are below, and you can follow Adam, Brian or Patrick on Twitter if that’s your thing.
- Suspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency | Ars Technica
- Google disables domain-fronting, removing ability to bypass state-level firewalls - Neowin
- Teen charged in Nova Scotia government breach says he had 'no malicious intent' | CBC News
- Atlanta Spent $2.6M to Recover From a $52,000 Ransomware Scare | WIRED
- Seamus Hughes on Twitter: "A beautiful circle: Company gets ransomwared. Hires IT company to fix it. Unlocks system in record time. FBI figures out the IT company just paid the bitcoin ransom.… https://t.co/7Vrd04GeSA"
- Nation-state hackers attempted to use Equifax vulnerability against DoD, NSA official says
- Richard Bejtlich on Twitter: "A million times, this. The "basic cyber hygiene" thesis drives me crazy. It's the epitome of static, time-ignorant thinking. "Hygiene" may work against mindless one-shot malware, or one-trick pony script kiddies. It has no place in serious conversations about targeted intrusions.… https://t.co/EtyiHKM0sF"
- DNC Lawsuit Against Russia Reveals New Details About 2016 Hack | WIRED
- (tech)Darko||Dan on Twitter: "Apparently @RSAConference isn't giving out maps to Expo attendees anymore - they require you to install their app which wants access to everything short of installing a rootkit on your phone. Are you kidding me @RSAsecurity?… https://t.co/QCQeAhzbv5"
- RSA conference app leaks user data
- SEC fines Yahoo remnant Altaba $35 million for failing to disclose breach
- These Ex-Spies Are Harvesting Facebook Photos For A Massive Facial Recognition Database
- The Cat-and-Mouse Game Between Apple and the Manufacturer of an iPhone Unlocking Tool - Motherboard
- Someone Is Trying to Extort iPhone Crackers GrayShift With Leaked Code - Motherboard
- The NSA now officially has a new chief
- Trump sends cyberwar strategy to Congress
- A cybersecurity power struggle is brewing at the National Security Council
- Microsoft-led industry group pledges to not assist government cyberattacks - Cyberscoop
- Kaspersky Lab banned from advertising on Twitter
- U.S. government weighing sanctions against Kaspersky Lab
- Sentencing delayed for FSB's email-popping hacker pawn
- Introducing Microsoft Azure Sphere: Secure and power the intelligent edge | Blog | Microsoft Azure
- “Drupalgeddon2” touches off arms race to mass-exploit powerful Web servers | Ars Technica
- ‘Orangeworm’ hacking campaign hits X-ray and MRI machines
- Icelandic bitcoin heist suspect arrested in Amsterdam after leaving prison | Ars Technica
- A bunch of Red Pills: VMware Escapes | Keen Security Lab Blog
- Spoofing Cell Networks with a USB to VGA Adapter | Hackaday
- Google Translate
- Avast reveals more information detailing how hackers compromised CCleaner | V3
- New hacks siphon private cryptocurrency keys from airgapped wallets | Ars Technica
- [TITLE] - AARP Research Report