Risky Business Podcast
September 19, 2018
Risky Business #514 -- New NSO Group report released and another State Department email breach. Drink!
Presented by
CEO and Publisher
Technology Editor
This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:
- Citizen Lab drops NSO Group report
- “Weaponised Stuxnet” claims are idiotic
- Another State Department email breach! Drink!
- Dutch foil planned attack against Swiss Novichok lab
- Mirai botnet authors working for FBI
- US telcos want to be consumer auth brokers
- US fails to extradite “Mr Bitcoin”
- Much, much more
This week’s show is brought to you by Remediant. They make a just-in-time access solution for privileged account management (PAM), and we’re doing something a little different in this week’s sponsor interview.
Paul Lanzi of Remediant will be along, but so will Harry Perper of MITRE corporation. Harry’s pay-cheques say MITRE, but he’s been working on a NIST project. The National Cybersecurity Center of Excellence (NCCoE) at NIST has been working on a project to provide guidance on the secure usage and management of privileged accounts. The so-called 1800-18 document is a practical guide and reference architecture for privileged account management and we’ll talk to both Harry and Paul about that after the news.
Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by Remediant
Cybersecurity that works for you
Show notes
HIDE AND SEEK: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries - The Citizen Lab
iOS Security Guide iOS 12 September 2018
US military given more authority to launch preventative cyberattacks - CNNPolitics
State Department email breach exposed employees' personal information - POLITICO
Novichok poisoning: Russians expelled from Switzerland
The Mirai Botnet Architects Are Now Fighting Crime With the FBI | WIRED
U.S. Mobile Giants Want to be Your Online Identity — Krebs on Security
Senior Google Scientist Resigns Over “Forfeiture of Our Values” in China
Google Plans to Launch Censored Search Engine in China, Leaked Documents Reveal
Google's prototype Chinese search engine links searches to phone numbers | Technology | The Guardian
US loses extradition battle with Russia for Bitcoin kingpin | ZDNet
US lawmakers introduce bill to fight cybersecurity workforce shortage | ZDNet
Ransomware attack blacks out screens at Bristol Airport | ZDNet
Security flaw can leak Intel ME encryption keys | ZDNet
Nasty piece of CSS code crashes and restarts iPhones | ZDNet
New cold boot attack affects 'nearly all modern computers' | ZDNet
Uproar after Adobe winds down Magento rewards-based bug bounty program | ZDNet
Proofpoint: One month out from deadline, half of agency domains are DMARC compliant
Facebook Broadens Its Bug Bounty to Include Third-Party Apps | WIRED
Google remotely changed the settings on a bunch of phones running Android 9 Pie - The Verge
Zero day in popular video surveillance technology goes public, unpatched