This episode sponsored by Remediant.This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:
- Citizen Lab drops NSO Group report
- “Weaponised Stuxnet” claims are idiotic
- Another State Department email breach! Drink!
- Dutch foil planned attack against Swiss Novichok lab
- Mirai botnet authors working for FBI
- US telcos want to be consumer auth brokers
- US fails to extradite “Mr Bitcoin”
- Much, much more
This week’s show is brought to you by Remediant. They make a just-in-time access solution for privileged account management (PAM), and we’re doing something a little different in this week’s sponsor interview.
Paul Lanzi of Remediant will be along, but so will Harry Perper of MITRE corporation. Harry’s pay-cheques say MITRE, but he’s been working on a NIST project. The National Cybersecurity Center of Excellence (NCCoE) at NIST has been working on a project to provide guidance on the secure usage and management of privileged accounts. The so-called 1800-18 document is a practical guide and reference architecture for privileged account management and we’ll talk to both Harry and Paul about that after the news.
Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Cyber Sleuths Find Traces of Infamous iPhone and Android Spyware ‘Pegasus’ in 45 Countries - Motherboard
- HIDE AND SEEK: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries - The Citizen Lab
- iOS Security Guide iOS 12 September 2018
- US military given more authority to launch preventative cyberattacks - CNNPolitics
- People Are Recklessly Speculating That the Massachusetts Gas Explosions Were a Stuxnet-Related Hack - Motherboard
- State Department email breach exposed employees' personal information - POLITICO
- Novichok poisoning: Russians expelled from Switzerland
- The Mirai Botnet Architects Are Now Fighting Crime With the FBI | WIRED
- U.S. Mobile Giants Want to be Your Online Identity — Krebs on Security
- Senior Google Scientist Resigns Over “Forfeiture of Our Values” in China
- Google Plans to Launch Censored Search Engine in China, Leaked Documents Reveal
- Google's prototype Chinese search engine links searches to phone numbers | Technology | The Guardian
- Vijay Boyapati on Twitter: "When I worked at Google, as an engineer on Google News, I was asked to write code to censor news articles in China (circa 2006). I refused and they took me off the project and put someone else on it. Doesn't surprise me Google is back at it. "Don't be Evil" is a Google myth.… https://t.co/1geUCURHay"
- US loses extradition battle with Russia for Bitcoin kingpin | ZDNet
- US lawmakers introduce bill to fight cybersecurity workforce shortage | ZDNet
- Ransomware attack blacks out screens at Bristol Airport | ZDNet
- Security flaw can leak Intel ME encryption keys | ZDNet
- Nasty piece of CSS code crashes and restarts iPhones | ZDNet
- New cold boot attack affects 'nearly all modern computers' | ZDNet
- Uproar after Adobe winds down Magento rewards-based bug bounty program | ZDNet
- Jason Woosley on Twitter: "The demise of #BugBounty at @Magento has been greatly exaggerated. Yesterday we announced the transition of this program to the @Adobe @HackerOne system. We failed to mention that we will continue to pay out for this incredibly valuable work. Hack on!"
- Proofpoint: One month out from deadline, half of agency domains are DMARC compliant
- Cloudflare’s new ‘one-click’ DNSSEC setup will make it far more difficult to spoof websites | TechCrunch
- Facebook pilots new political campaign security tools — just 50 days before Election Day | TechCrunch
- Facebook Broadens Its Bug Bounty to Include Third-Party Apps | WIRED
- Google remotely changed the settings on a bunch of phones running Android 9 Pie - The Verge
- Zero day in popular video surveillance technology goes public, unpatched
- Privileged Account Management | NCCoE
- fs-pam-project-description-draft.pdf
