Risky Business Podcast

July 25, 2018

Risky Business #507 -- For Vlad

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

We didn’t have space to run a feature in this week’s show, mostly because we had three weeks of news to catch up on because of my holiday. Adam Boileau is away on a company retreat this week, so Haroon Meer is this week’s news guest.

We talk about:

  • The Russia indictment
  • Chrome now marks http sites as “not secure”
  • Julian Assange is close to being turfed out of his London digs
  • Microsoft’s midterm meddling misfire
  • Singapore loses 1.5m health records
  • Some cool research from Talos and Cyberark
  • Azimuth Security acquired by L3
  • The npm supply-chain attack
  • Chrome site isolation
  • And much more!

This week’s sponsor is ICEBRG. And ICEBRG just announced today that it’s been acquired by Gigamon, which is pretty big news for them. So we’ll spend a couple of minutes talking about that with ICEBRG’s Jason Rebholz. Then we’ll be talking to Justin Warner about a pretty cool Flash 0day they found hiding in a Microsoft Office document. That was some pretty cool work, and the attackers in that case did some pretty novel things in terms of keeping their payload away from prying eyes. Obviously they didn’t do a good enough job or we wouldn’t be talking about it, but there are some new techniques there, fun stuff.

*****NOTE: At one point I get Jason Rebholz’s name wrong. I call him Justin Rebholz by accident. Apologies for the error, Jason!

Risky Business #507 -- For Vlad
0:00 / 0:00

Show notes

Today’s the day that Chrome brands plain old HTTP “not secure” | Ars Technica

12 Russian Spies Indicted for Hacking in 2016 | Fortune

The Russians Who Allegedly Hacked the DNC Sexted a Playboy Model and 'Bond Girl' - Motherboard

Russian hackers struck Clinton server hours after Trump called for emails - CyberScoop

Trump calls Putin's plan for investigating 2016 DNC breach an 'incredible offer' - Cyberscoop

Ecuador 'close to evicting' Julian Assange from UK embassy | The Independent

Microsoft: Russian Hackers Are Targeting The Midterms

Three top cybersecurity officials are leaving the FBI: Report

Singapore personal data hack hits 1.5m, health authority says - BBC News

Cisco's Talos Intelligence Group Blog: Advanced Mobile Malware Campaign in India uses Malicious MDM

Cellebrite's newest target: Your IoT-filled home

Alexa, Are You A Spy? Israeli Startup Raises $12.5 Million So Governments Can Hack IoT

L3 Strengthens Intelligence Collection and Surveillance Capabilities With Cyber Acquisitions | Business Wire

In the opaque world of government hacking, private firms grapple with allegiances

King iPhone Hacker NSO Group Robbed By Employee -- Spyware On Dark Web Sale For $50 Million, Israel Claims

Private sector played critical role in WannaCry attribution, ODNI official says

Compromised JavaScript Package Caught Stealing npm Credentials

Google Chrome shifts browser architecture to thwart Spectre attacks

Lawmakers call on Amazon and Google to reconsider ban on domain fronting

DOJ regrets the error on OPM-linked fraud case

A Privacy Researcher Uncovered a Year’s Worth of Breakups and Drug Deals Using Venmo’s Public Data - Motherboard

Avoid Detection with Shadow Keys - CyberArk

Attacks on Oracle WebLogic Servers Detected After Publication of PoC Code

Watch a Hacker Install a Firmware Backdoor on a Laptop in Less Than 5 Minutes - Motherboard

Many Bluetooth Implementations and OS Drivers Affected by Crypto Bug

ICEBRG, Inc.

Risky Biz Annual Black Hat Party w/ Signal Sciences, Remediant and Bugcrowd Tickets, Tue, Aug 7, 2018 at 7:00 PM | Eventbrite