Risky Business Podcast
August 16, 2018
Risky Business #509 -- Just the usual mayhem and ownage
Presented by
CEO and Publisher
Technology Editor
Adam and I have just returned from Black Hat and DEF CON in Las Vegas, so in this week’s show we’re going to have a look at the infosec news we missed over last couple of weeks. We did plan to recap Black Hat in this podcast, but we’ve wound up a bit short on space so I’m busting that out into a separate podcast that I’ll publish on Monday. So this podcast will just be a discussion around news plus a sponsor interview.
The news we’re covering:
- Australia’s new surveillance/”anti-encryption” laws
- Intel SGX vulnerability research
- Taiwan Semiconductor WannaCry woes
- Details on CYBERCOM op against ISIS
- Reddit pwnage
- Bitcoin investor sues AT&T over $23m loss
- FIN7 arrests
- CIA’s loss of scores of China assets may have been hack-related
- Massive ATM cashout and SWIFT attack hits Indian bank
- Much, much more
Bugcrowd CTO Casey Ellis joins us in this week’s sponsor interview to talk about a few things – firstly, how some research presented at Black Hat by the team at Portswigger is a sign that serious research teams are using bounties to cash in on their serious security research. Then we’ll be talking about the Bugcrowd University initiative and a reboot of the disclose.io project.
Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by Bugcrowd
#1 Crowdsourced Cybersecurity Platform
Show notes
Apple and Facebook pressured to reveal terror suspects' data
'Foreshadow' Flaw Undermines the Intel CPU Secure Enclave | WIRED
Key iPhone supplier is hamstrung with the debilitating WannaCry worm | Ars Technica
How US Military Hackers Prepared to Hack the Islamic State - Motherboard
Password breach teaches Reddit that, yes, phone-based 2FA is that bad | Ars Technica
Bitcoin Investor Sues AT&T After Losing $23 Million In SIM Swap Hack - Motherboard
Fin7: The Inner Workings of a Billion-Dollar Hacking Group | WIRED
Former Microsoft engineer sentenced for role in ransomware scheme
Botched CIA Communications System Helped Blow Cover of Chinese Agents – Foreign Policy
In-vehicle wireless devices are endangering emergency first responders | Ars Technica
Hackers Steal $13.5 Million Across Three Days From Indian Bank
DNC tells candidates not to use Huawei or ZTE devices
Report: 'Faxploit' hack can penetrate networks with just a fax number
Popular Android Apps Vulnerable to Man-in-the-Disk Attacks
New Method Simplifies Cracking WPA/WPA2 Passwords on 802.11 Networks
U.S. Payment Processing Services Targeted by BGP Hijacking Attacks
Hacked Water Heaters Could Trigger Mass Blackouts Someday | WIRED
Malware has no trouble hiding and bypassing macOS user warnings | Ars Technica
Powerful Smartphone Malware Used to Target Amnesty International Researcher - Motherboard
In-the-wild router exploit sends unwitting users to fake banking site | Ars Technica
This Guy Hacked Hundreds Of Planes From The Ground
Cisco to acquire Duo Security for $2.35 billion
Practical Web Cache Poisoning | Blog