This episode sponsored by Gigamon.This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:
- Facebook breach impacts 50m accounts
- US courts deny authorities’ attempted FB messenger wiretap
- Uber fined $148m for nondisclosure of 2016 breach
- Fancy Bear-linked UEFI malware appears in wild
- UK Conservative party conference app leaks like sieve
- Twitter bans distribution of “hacked material”
- VPNFilter botnet gets more capabilities
- Duo arrested over $14m cryptocurrency SIM-swap heist
- MOAR
Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- 50 million Facebook accounts breached by access-token-harvesting attack | Ars Technica
- Facebook says it detected security breach after traffic spike | ZDNet
- Facebook sued hours after announcing security breach | ZDNet
- Facebook finds ‘no evidence’ hackers accessed connected apps | TechCrunch
- Exclusive: In test case, U.S. fails to force Facebook to wiretap Messenger calls - sources | Reuters
- Uber to pay $148 million to states for 2016 data breach - CyberScoop
- First UEFI malware discovered in wild is laptop security software hijacked by Russians | Ars Technica
- Report: Zoho's domain regularly exploited to move keylogger data
- UK Conservative Party conference app leaks MPs' personal details | ZDNet
- Twitter bans distribution of hacked materials ahead of US midterm elections | ZDNet
- Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: VPNFilter III: More Tools for the Swiss Army Knife of Malware
- Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks | ZDNet
- 2 men arrested in Oklahoma, suspected in $14 million cryptocurrency theft, hacking of California company | KFOR.com
- Hackers Are Holding High Profile Instagram Accounts Hostage - Motherboard
- Feds Force Suspect To Unlock An Apple iPhone X With Their Face
- U.S. looks to restart talks on global cyber norms
- Canadian restaurant chain suffers country-wide outage after malware outbreak | ZDNet
- Port of San Diego suffers cyber-attack, second port in a week after Barcelona | ZDNet
- Some Apple laptops shipped with Intel chips in "manufacturing mode" | ZDNet
- Google to no longer allow Chrome extensions that use obfuscated code | ZDNet
- Phishing campaign targets developers of Chrome extensions | ZDNet
- US sentences to prison its first ATM jackpotter | ZDNet
- FBI solves mystery surrounding 15-year-old Fruitfly Mac malware | ZDNet
- Hackers Can Stealthily Avoid Traps Set to Defend Amazon's Cloud | WIRED
- Alphabet launches VirusTotal Enterprise | ZDNet
- Researchers find vulnerability in Apple's MDM DEP process | ZDNet
- HD Moore on Twitter: "Estimate how old a device is based on it's MAC address with mac-ages.csv: https://t.co/GaMSvWDdAP (a huge thanks to @jedimercer for https://t.co/UaVcqxc1m4)… https://t.co/Vnm85fnM5s"
- Adobe Releases Security Updates for Acrobat that Fix 86 Vulnerabilities
- Security Update for Foxit PDF Reader Fixes 118 Vulnerabilities
- (PDF) Weaponizing the haters: The Last Jedi and the strategic politicization of pop culture through social media manipulation.
- Gigamon Insight | Gigamon
