This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:
- Former NSA staffer gets 66 months over incident at heart of Kaspersky scandal
- Zoho has a very bad week
- Telco lobby group raises some legit concerns over Australia’s “anti-encryption” legislation
- Twitter API leaks DMs
- Equifax fined by UK
- Yubikey 5 enables passwordless Windows logins
- Privacy International has an aneurism
- NSS Labs launches antitrust suit against security software makers
- MOAR
This week’s show is brought to you by Rapid7.
Jen Andre is this week’s sponsor guest. She was the founder of Komand, which was a security automation and orchestration company but is now a part of Rapid7 as of about mid way through last year. I spoke to Jen a bit about how she came to start Komand and where the security automation and orchestration discipline is at right now.
Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Ex-NSA employee gets 5.5 years in prison for taking home classified info | ZDNet
- EDITORIAL-EAST-20180920122519
- Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users | ZDNet
- Peter Dutton to push through new security legislation as fears of "severely damaging" spyware murmur
- Twitter API bug leaked private data to other accounts
- Equifax fined maximum penalty under 1998 UK data protection law
- The Series 5 YubiKey Will Help Kill the Password | WIRED
- Press release: UK intelligence agency admits unlawfully spying on Privacy International | Privacy International
- UK spooks fess up to snooping on Privacy International's private data
- GCHQ's mass surveillance violates citizens' right to privacy, ECHR rules
- NSS Labs files antitrust suit against multiple cybersecurity vendors
- Hacking for ca$h | The Strategist
- Operator of 'VirusTotal for criminals' gets 14-year prison sentence
- Tencent engineer attending cybersecurity event fined for hotel WiFi hacking
- Snyk gets $22 million for platform that tracks security flaws in open source projects
- They Got 'Everything': Inside a Demo of NSO Group's Powerful iPhone Malware - Motherboard
- Content Moderator Sues Facebook, Says Job Gave Her PTSD - Motherboard
- Microsoft Rolls Out Confidential Computing for Azure
- Cloudflare Improves Privacy by Encrypting the SNI During TLS Negotiation
- This Windows file may be secretly hoarding your passwords and emails | ZDNet
- Security researcher claims macOS Mojave privacy bug on launch day | TechCrunch
- 0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative
- Over 80 Cisco Products Affected by FragmentSmack DoS Bug
- Cisco patches 'critical' credential bug in video surveillance software
- Security Orchestration and Automation with InsightConnect | Rapid7
- Security Orchestration and Automation for Security Operations | Rapid7