This episode sponsored by AttackIQ.This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:
- Five Eyes nations send a clear message on encryption
- Massive Azure outage
- FBI releases political campaign security guidance
- Google wants to kill the URL
- MEGA.nz plugin owned sideways
- Final “Celebgate” hacker sentenced
- Google launches font fuzzing tool
- Chinese-made Google/Feitian U2F keys under scrutiny
- Some interesting TPM research
- MUCH MORE
This week’s podcast is brought to you by AttackIQ.
AttackIQ founder Stephan Chenette will be along in this week’s sponsor interview to talk to us about a few things – the MITRE attack matrix being one. He’ll also share with us his view that EDR is the most commonly misconfigured security technology he sees out there, and he has pretty good visibilty into things like that because AttackIQ, of course, makes attack simulation software designed to measure the efficacy of these types of solutions.
Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Five Eyes’ data access warning - InnovationsAus.com
- Patrick Gray on Twitter: "Five Eyes officially warns the tech world: build interception capabilities voluntarily or we’ll legislate. https://t.co/XEbzKSliId… https://t.co/ax5mDE7buw"
- Statement of Principles on Access to Evidence and Encryption
- Azure status
- FBI to political campaigns: Up your 'cyber hygiene' - ABC News
- Protected Voices — FBI
- Google Wants to Kill the URL | WIRED
- MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys | ZDNet
- Germany launches new cybersecurity research agency modeled after DARPA
- Fourth man receives prison sentence in 'Celebgate' photo leak
- Google open-sources internal tool for finding font-related security bugs | ZDNet
- Experts Call for Transparency Around Google’s Chinese-Made Security Keys - Motherboard
- Google Notifies People Targeted by Secret FBI Investigation - Motherboard
- Public IP Addresses of Tor Sites Exposed via SSL Certificates
- Temporary Patch Available for Recent Windows Task Scheduler ALPC Zero-Day
- Researchers Detail Two New Attacks on TPM Chips
- New Hakai IoT botnet takes aim at D-Link, Huawei, and Realtek routers | ZDNet
- Two Birds, One STONE PANDA
- Xipiter/Senrio exploitation training
- MITRE ATT&CK Module
