Risky Business Podcast

October 10, 2018

Risky Business #517 -- Bloomberg's dumpster fire lights up infosec

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:

  • Bloomberg’s shaky, disputed report on hardware back doors
  • A look back on other false reports about imaginary incidents published by Bloomberg
  • GRU operations doxed by GCHQ
  • DOJ charges Russian intelligence officers
  • APT crews targeting MSPs
  • Google+ API exposure the final straw
  • Enterprise TLS interception gear is woefully insecure

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #517 -- Bloomberg's dumpster fire lights up infosec
0:00 / 46:08

Show notes

(9+)Turkish Pipeline Explosion Probably No Cyber ​​Attack - Digital - Süddeutsche.de

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies - Bloomberg

Codebook - October 10, 2018 - Axios

Patrick Gray on Twitter: "Just got this from Bloomberg PR.… "

Apple Bloomberg Congressional Letter

Patrick Gray on Twitter: "Holy shit… "

Report: Apple designing its own servers to avoid snooping | Ars Technica

Apple deleted server supplier after finding infected firmware in servers [Updated] | Ars Technica

New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom - Bloomberg

HHM22137A2 TDK | Mouser Australia

Reckless campaign of cyber attacks by Russian military intelligence service exposed - NCSC Site

Justice Department charges 7 Russian intelligence officers

U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations | OPA | Department of Justice

Gordon Corera on Twitter: "Breaking - Dutch intelligence (with help of British) disrupted a Russian GRU cyber operation targeting OPCW on April 13th. Four Russian intelligence officers escorted out of country."

Advanced Persistent Threat Activity Exploiting Managed Service Providers | US-CERT

Google shuts down Google+ after API bug exposed details for over 500,000 users | ZDNet

Google Plus Will Be Shut Down After User Information Was Exposed - The New York Times

Google forcibly enables G Suite alerts for government-backed attacks | ZDNet

SandboxEscaper on Twitter: "Why did gmail just throw a notification that government attackers are trying to get into my account. Not even kidding -.-"

Google sets new rules for third-party apps to access Gmail data | ZDNet

It's 2018, and network middleware still can't handle TLS without breaking encryption | ZDNet

CEO Pleads Guilty to Selling Encrypted Phones to Organized Crime - Motherboard

Project Zero: 365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools

Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT | ZDNet

U.S. GAO - Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities

Senetas, a leading provider of encryption technology