Risky Business #509 -- Just the usual mayhem and ownage

A look at recent infosec news...
16 Aug 2018 » Risky Business

Adam and I have just returned from Black Hat and DEF CON in Las Vegas, so in this week’s show we’re going to have a look at the infosec news we missed over last couple of weeks. We did plan to recap Black Hat in this podcast, but we’ve wound up a bit short on space so I’m busting that out into a separate podcast that I’ll publish on Monday. So this podcast will just be a discussion around news plus a sponsor interview.

The news we’re covering:

  • Australia’s new surveillance/”anti-encryption” laws
  • Intel SGX vulnerability research
  • Taiwan Semiconductor WannaCry woes
  • Details on CYBERCOM op against ISIS
  • Reddit pwnage
  • Bitcoin investor sues AT&T over $23m loss
  • FIN7 arrests
  • CIA’s loss of scores of China assets may have been hack-related
  • Massive ATM cashout and SWIFT attack hits Indian bank
  • Much, much more

Bugcrowd CTO Casey Ellis joins us in this week’s sponsor interview to talk about a few things – firstly, how some research presented at Black Hat by the team at Portswigger is a sign that serious research teams are using bounties to cash in on their serious security research. Then we’ll be talking about the Bugcrowd University initiative and a reboot of the disclose.io project.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Apple and Facebook pressured to reveal terror suspects' data
'Foreshadow' Flaw Undermines the Intel CPU Secure Enclave | WIRED
Key iPhone supplier is hamstrung with the debilitating WannaCry worm | Ars Technica
How US Military Hackers Prepared to Hack the Islamic State - Motherboard
Password breach teaches Reddit that, yes, phone-based 2FA is that bad | Ars Technica
Bitcoin Investor Sues AT&T After Losing $23 Million In SIM Swap Hack - Motherboard
Fin7: The Inner Workings of a Billion-Dollar Hacking Group | WIRED
Former Microsoft engineer sentenced for role in ransomware scheme
Botched CIA Communications System Helped Blow Cover of Chinese Agents – Foreign Policy
In-vehicle wireless devices are endangering emergency first responders | Ars Technica
Hackers Steal $13.5 Million Across Three Days From Indian Bank
DNC tells candidates not to use Huawei or ZTE devices
Report: 'Faxploit' hack can penetrate networks with just a fax number
Popular Android Apps Vulnerable to Man-in-the-Disk Attacks
New Method Simplifies Cracking WPA/WPA2 Passwords on 802.11 Networks
U.S. Payment Processing Services Targeted by BGP Hijacking Attacks
Hacked Water Heaters Could Trigger Mass Blackouts Someday | WIRED
Malware has no trouble hiding and bypassing macOS user warnings | Ars Technica
Powerful Smartphone Malware Used to Target Amnesty International Researcher - Motherboard
In-the-wild router exploit sends unwitting users to fake banking site | Ars Technica
This Guy Hacked Hundreds Of Planes From The Ground
Cisco to acquire Duo Security for $2.35 billion
Practical Web Cache Poisoning | Blog
disclose.io · So our hacker friends don’t go to jail.
Bugcrowd University – Bugcrowd