We didn’t have space to run a feature in this week’s show, mostly because we had three weeks of news to catch up on because of my holiday. Adam Boileau is away on a company retreat this week, so Haroon Meer is this week’s news guest.
We talk about:
- The Russia indictment
- Chrome now marks http sites as “not secure”
- Julian Assange is close to being turfed out of his London digs
- Microsoft’s midterm meddling misfire
- Singapore loses 1.5m health records
- Some cool research from Talos and Cyberark
- Azimuth Security acquired by L3
- The npm supply-chain attack
- Chrome site isolation
- And much more!
This week’s sponsor is ICEBRG. And ICEBRG just announced today that it’s been acquired by Gigamon, which is pretty big news for them. So we’ll spend a couple of minutes talking about that with ICEBRG’s Jason Rebholz. Then we’ll be talking to Justin Warner about a pretty cool Flash 0day they found hiding in a Microsoft Office document. That was some pretty cool work, and the attackers in that case did some pretty novel things in terms of keeping their payload away from prying eyes. Obviously they didn’t do a good enough job or we wouldn’t be talking about it, but there are some new techniques there, fun stuff.
*****NOTE: At one point I get Jason Rebholz’s name wrong. I call him Justin Rebholz by accident. Apologies for the error, Jason!
Show notes
- Today’s the day that Chrome brands plain old HTTP “not secure” | Ars Technica
- 12 Russian Spies Indicted for Hacking in 2016 | Fortune
- The Russians Who Allegedly Hacked the DNC Sexted a Playboy Model and 'Bond Girl' - Motherboard
- Russian hackers struck Clinton server hours after Trump called for emails - CyberScoop
- Trump calls Putin's plan for investigating 2016 DNC breach an 'incredible offer' - Cyberscoop
- Ecuador 'close to evicting' Julian Assange from UK embassy | The Independent
- Microsoft: Russian Hackers Are Targeting The Midterms
- Three top cybersecurity officials are leaving the FBI: Report
- Singapore personal data hack hits 1.5m, health authority says - BBC News
- Cisco's Talos Intelligence Group Blog: Advanced Mobile Malware Campaign in India uses Malicious MDM
- Cellebrite's newest target: Your IoT-filled home
- Alexa, Are You A Spy? Israeli Startup Raises $12.5 Million So Governments Can Hack IoT
- L3 Strengthens Intelligence Collection and Surveillance Capabilities With Cyber Acquisitions | Business Wire
- In the opaque world of government hacking, private firms grapple with allegiances
- King iPhone Hacker NSO Group Robbed By Employee -- Spyware On Dark Web Sale For $50 Million, Israel Claims
- Private sector played critical role in WannaCry attribution, ODNI official says
- Compromised JavaScript Package Caught Stealing npm Credentials
- Google Chrome shifts browser architecture to thwart Spectre attacks
- Lawmakers call on Amazon and Google to reconsider ban on domain fronting
- DOJ regrets the error on OPM-linked fraud case
- A Privacy Researcher Uncovered a Year’s Worth of Breakups and Drug Deals Using Venmo’s Public Data - Motherboard
- Avoid Detection with Shadow Keys - CyberArk
- Attacks on Oracle WebLogic Servers Detected After Publication of PoC Code
- Watch a Hacker Install a Firmware Backdoor on a Laptop in Less Than 5 Minutes - Motherboard
- Many Bluetooth Implementations and OS Drivers Affected by Crypto Bug
- ICEBRG, Inc.
- Risky Biz Annual Black Hat Party w/ Signal Sciences, Remediant and Bugcrowd Tickets, Tue, Aug 7, 2018 at 7:00 PM | Eventbrite