Risky Business #516 -- The Facebook breach, e2e VOIP court verdict, Uber's record fine and more

An insanely busy news week recapped on Risky.Biz...
03 Oct 2018 » Risky Business

This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:

  • Facebook breach impacts 50m accounts
  • US courts deny authorities’ attempted FB messenger wiretap
  • Uber fined $148m for nondisclosure of 2016 breach
  • Fancy Bear-linked UEFI malware appears in wild
  • UK Conservative party conference app leaks like sieve
  • Twitter bans distribution of “hacked material”
  • VPNFilter botnet gets more capabilities
  • Duo arrested over $14m cryptocurrency SIM-swap heist
  • MOAR

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

50 million Facebook accounts breached by access-token-harvesting attack | Ars Technica
Facebook says it detected security breach after traffic spike | ZDNet
Facebook sued hours after announcing security breach | ZDNet
Facebook finds ‘no evidence’ hackers accessed connected apps | TechCrunch
Exclusive: In test case, U.S. fails to force Facebook to wiretap Messenger calls - sources | Reuters
Uber to pay $148 million to states for 2016 data breach - CyberScoop
First UEFI malware discovered in wild is laptop security software hijacked by Russians | Ars Technica
Report: Zoho's domain regularly exploited to move keylogger data
UK Conservative Party conference app leaks MPs' personal details | ZDNet
Twitter bans distribution of hacked materials ahead of US midterm elections | ZDNet
Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: VPNFilter III: More Tools for the Swiss Army Knife of Malware
Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks | ZDNet
2 men arrested in Oklahoma, suspected in $14 million cryptocurrency theft, hacking of California company | KFOR.com
Hackers Are Holding High Profile Instagram Accounts Hostage - Motherboard
Feds Force Suspect To Unlock An Apple iPhone X With Their Face
U.S. looks to restart talks on global cyber norms
Canadian restaurant chain suffers country-wide outage after malware outbreak | ZDNet
Port of San Diego suffers cyber-attack, second port in a week after Barcelona | ZDNet
Some Apple laptops shipped with Intel chips in "manufacturing mode" | ZDNet
Google to no longer allow Chrome extensions that use obfuscated code | ZDNet
Phishing campaign targets developers of Chrome extensions | ZDNet
US sentences to prison its first ATM jackpotter | ZDNet
FBI solves mystery surrounding 15-year-old Fruitfly Mac malware | ZDNet
Hackers Can Stealthily Avoid Traps Set to Defend Amazon's Cloud | WIRED
Alphabet launches VirusTotal Enterprise | ZDNet
Researchers find vulnerability in Apple's MDM DEP process | ZDNet
HD Moore on Twitter: "Estimate how old a device is based on it's MAC address with mac-ages.csv: https://t.co/GaMSvWDdAP (a huge thanks to @jedimercer for https://t.co/UaVcqxc1m4)… https://t.co/Vnm85fnM5s"
Adobe Releases Security Updates for Acrobat that Fix 86 Vulnerabilities
Security Update for Foxit PDF Reader Fixes 118 Vulnerabilities
(PDF) Weaponizing the haters: The Last Jedi and the strategic politicization of pop culture through social media manipulation.
Gigamon Insight | Gigamon