This episode sponsored by Bugcrowd.Adam and I have just returned from Black Hat and DEF CON in Las Vegas, so in this week’s show we’re going to have a look at the infosec news we missed over last couple of weeks. We did plan to recap Black Hat in this podcast, but we’ve wound up a bit short on space so I’m busting that out into a separate podcast that I’ll publish on Monday. So this podcast will just be a discussion around news plus a sponsor interview.
The news we’re covering:
- Australia’s new surveillance/”anti-encryption” laws
- Intel SGX vulnerability research
- Taiwan Semiconductor WannaCry woes
- Details on CYBERCOM op against ISIS
- Reddit pwnage
- Bitcoin investor sues AT&T over $23m loss
- FIN7 arrests
- CIA’s loss of scores of China assets may have been hack-related
- Massive ATM cashout and SWIFT attack hits Indian bank
- Much, much more
Bugcrowd CTO Casey Ellis joins us in this week’s sponsor interview to talk about a few things – firstly, how some research presented at Black Hat by the team at Portswigger is a sign that serious research teams are using bounties to cash in on their serious security research. Then we’ll be talking about the Bugcrowd University initiative and a reboot of the disclose.io project.
Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Apple and Facebook pressured to reveal terror suspects' data
- 'Foreshadow' Flaw Undermines the Intel CPU Secure Enclave | WIRED
- Key iPhone supplier is hamstrung with the debilitating WannaCry worm | Ars Technica
- How US Military Hackers Prepared to Hack the Islamic State - Motherboard
- Password breach teaches Reddit that, yes, phone-based 2FA is that bad | Ars Technica
- Bitcoin Investor Sues AT&T After Losing $23 Million In SIM Swap Hack - Motherboard
- Fin7: The Inner Workings of a Billion-Dollar Hacking Group | WIRED
- Former Microsoft engineer sentenced for role in ransomware scheme
- Botched CIA Communications System Helped Blow Cover of Chinese Agents – Foreign Policy
- In-vehicle wireless devices are endangering emergency first responders | Ars Technica
- Hackers Steal $13.5 Million Across Three Days From Indian Bank
- DNC tells candidates not to use Huawei or ZTE devices
- Report: 'Faxploit' hack can penetrate networks with just a fax number
- Popular Android Apps Vulnerable to Man-in-the-Disk Attacks
- New Method Simplifies Cracking WPA/WPA2 Passwords on 802.11 Networks
- U.S. Payment Processing Services Targeted by BGP Hijacking Attacks
- Hacked Water Heaters Could Trigger Mass Blackouts Someday | WIRED
- Malware has no trouble hiding and bypassing macOS user warnings | Ars Technica
- Powerful Smartphone Malware Used to Target Amnesty International Researcher - Motherboard
- In-the-wild router exploit sends unwitting users to fake banking site | Ars Technica
- This Guy Hacked Hundreds Of Planes From The Ground
- Cisco to acquire Duo Security for $2.35 billion
- Practical Web Cache Poisoning | Blog
- disclose.io · So our hacker friends don’t go to jail.
- Bugcrowd University – Bugcrowd
