Risky Business #502 -- Inside China's hacker scene

PLUS: Inside Micro$oft's pigopolist conspiracy to seize the people's repository...
06 Jun 2018 » Risky Business

On this week’s show we chat with Peter Wesley. Peter’s well known around the Australian security scene, but a few years back he relocated to China, where security is booming. He did a presentation at the AusCERT conference on the Gold Coast last week all about the Chinese hacker scene and security industry. He joins us in this week’s feature interview to tell us about how the Chinese scene evolved and what its current relationship with the Chinese government looks like.

This week’s sponsor interview is a cracker. We’ll be joined by Ryan Kalember, Senior Vice President of Strategy with Proofpoint, the email filtering company. Ryan is along to talk about a phenomenon the Proofpointers are very interested in – we’ve all heard of VIPs, but he’s here to talk about VAPs – Very Attacked People.

So much attacker behaviour these days is driven by email-based attacks, and the people getting hit the most with this sort of stuff might not be the ones you expect. Ryan joins us later on for that conversation in this week’s sponsor interview, with thanks to Proofpoint.

The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

What Will Microsoft's GitHub Buy Mean For Controversial Code? | WIRED
A host of new security enhancements is coming to iOS and macOS | Ars Technica
Apple Is Testing a Feature That Could Kill Police iPhone Unlockers - Motherboard
Microsoft Adds Post-Quantum Cryptography to an OpenVPN Fork
Oracle WebLogic RCE Deserialization Vulnerability (CVE-2018-2628) - DZone Security
Data from 92 million accounts stolen from DNA testing site MyHeritage
Hacker Defaces Ticketfly’s Website, Steals Customer Database - Motherboard
SS7 routing-protocol breach of US cellular carrier exposed customer data | Ars Technica
Judge dismisses Kaspersky lawsuits, U.S. government ban will stand
Playing nice? FireEye CEO says U.S. malware is more restrained than adversaries'
Former DIA official allegedly sold secrets to China, including possible Cyber Command information
ICANN Launches GDPR Lawsuit to Clarify the Future of WHOIS | Threatpost | The first stop for security news
With possible summit approaching, North Korean espionage hacks continue | Ars Technica
Synack offers free penetration testing for election systems ahead of 2018 midterms
CrowdStrike announces $1 million warranty for breaches that happen under its watch
IE Zero-Day Adopted by RIG Exploit Kit After Publication of PoC Code
CVE-2018-8174 | Windows VBScript Engine Remote Code Execution Vulnerability
Chrome and Firefox leaks let sites steal visitors’ Facebook names, profile pics | Ars Technica
Zip Slip Vulnerability Affects Thousands of Projects Across Multiple Ecosystems
Malicious Git Repository Can Lead to Code Execution on Remote Systems
The NSA Just Released 136 Historical Propaganda Posters - Motherboard
NSA Security Posters 1950s-1970s - Album on Imgur