Risky Business Podcast
August 29, 2018
Risky Business #511 -- Australia, Japan to ban Huawei, Struts drama, DNC lols and more
Presented by
CEO and Publisher
Technology Editor
We’re going to stick with the revised format this week – we’re going long on news with Adam, then diving right in to the sponsor interview with Zane Lackey of Signal Sciences.
A bunch of you heard my long form, Soap Box interview with Zane from a few weeks back. We’re extending that interview out a bit in this week’s interview. Zane will be outlining what he thinks needs to change in DevSecOps tooling and workflow for things to really work nicely – it’s just a solid 12 minutes of good thinking and advice, that interview, so do stick around for it.
Adam Boileau will join the show to recap the week’s news:
- Australia and Japan to ban Huawei from their 5G builds
- Struts bug: Big deal or meh?
- Voting machine maker ES&S rebuked by researchers AND US gov
- The DNC phish that wasn’t
- Recapping Andy Greenberg’s Maersk/Notpetya coverage
- Instagram adds real 2FA
- Windows privesc 0day on teh twittarz
- T-Mobile pwned harder than it initially admitted
- Log in to Windows with Google accounts
- Some hilarious Lazarus group shenanigans
- Much, much more
Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by Fastly
Modern web app and API security, anywhere
Show notes
China intensifies criticism of Australia's Huawei 5G ban | afr.com
Japan plans to block Huawei, ZTE from public procurement: report
New critical vulnerability exposes Apache Struts instances to remote attacks
Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776
How the U.S. Has Failed to Protect the 2018 Election—and Four Ways to Protect 2020 - Lawfare
Democrats find hackers targeting voter database
DNC says phishing incident was a false alarm
Facebook bans Myanmar general as U.N. calls for independent investigation into Rohingya crisis
Russian trolls targeted Australian voters on Twitter via #auspol and #MH17
Google removes dozens of YouTube channels linked to 'influence operation'
The Untold Story of NotPetya, the Most Devastating Cyberattack in History | WIRED
Scammers Threaten to Review Bomb a Travel Company Unless it Pays Ransom - Motherboard
Instagram Expands 2FA Support Following Recent Wave of Account Hacks
Exploit Published for Unpatched Flaw in Windows Task Scheduler
Travel blog of an evil transgirl
Travel blog of an evil transgirl: Disclosures
Hackers Stole Personal Data of 2 Million T-Mobile Customers - Motherboard
You May Soon Be Able to Log Into Windows 10 Using a Google Account
How a hacker network turned stolen press releases into $100 million - The Verge
Cobalt Dickens threat group looks to be similar to indicted hackers
Eset-Turla-Outlook-Backdoor.pdf
Researchers find way to spy on remote screens—through the webcam mic | Ars Technica
Windows 95 Is Now Available as an App for Windows, macOS and Linux
The adventures of lab ED011—“Nobody would be able to duplicate what happened there” | Ars Technica
Building a Modern Security Program [Book]
The Next-Gen Web Protection Platform - WAF And RASP | Signal Sciences