This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:
- More info on the Facebook token hack
- Facebook boots “Russian Cambridge Analytica” off platform
- Chinese MSS officer extradited to USA after being lured to Belgium
- NotPetya linked to Sandworm crew
- Czech intelligence services kill Hezbollah APT
- Pentagon travel records pwnt
- No, Khashoggi’s Apple Watch didn’t record his death
- Apple takes aim at Australia’s AA Bill
- US voter records for sale in hack forums
- PHP 5 support ends soon, netpocalypse to commence shortly afterward
- The world’s most hilarious libssh bug
- PLUS MOAR
This week’s show is sponsored by Senrio.
Senrio is best known for doing IoT identification, classification, visualisation and anomaly detection, but they’ve now applied the same approach to general IT. Stephen will be along later in the show to talk about what they’ve been able to engineer here. I’ve actually been working with them on this (in a limited capacity) for a few months and it’s very interesting stuff.
So yeah he’s talking about a feature release, then he’ll be releasing some open source tooling that mine your network metadata and spot interactive shells in your environment, which is handy, and then he’s going to preview some free training he’s doing with some other very well respected security people in New York soon.
Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Facebook Says 14 Million People Got Their Location Data and Private Search History Stolen - Motherboard
- Facebook disables accounts for Russian firm claiming to sell scraped user data - CNET
- In a first, a Chinese spy is extradited to the U.S. after stealing technology secrets, Justice Dept. says - The Washington Post
- Researchers link tools used in NotPetya and Ukraine grid hacks
- Czech intelligence service shuts down Hezbollah hacking operation | ZDNet
- Breach of Pentagon travel records exposes defense personnel PII
- Why missing Saudi journalist’s Apple Watch is an interesting, but unlikely, lead | TechCrunch
- Apple rebukes Australia’s “dangerously ambiguous” anti-encryption bill | TechCrunch
- US voter records from 19 states sold on hacking forum | ZDNet
- Ransomware hits computer networks of North Carolina water utility
- Around 62 percent of all Internet sites will run an unsupported PHP version in 10 weeks | ZDNet
- A mysterious grey-hat is patching people's outdated MikroTik routers | ZDNet
- Sony working on a fix for bug that's crashing PlayStation 4 consoles | ZDNet
- Microsoft JET vulnerability still open to attacks, despite recent patch | ZDNet
- Proof-of-concept code published for Microsoft Edge remote code execution bug | ZDNet
- WhatsApp fixes bug that let hackers take over app when answering a video call | ZDNet
- Kanye's Password, a WhatsApp Bug, and More Security News This Week | WIRED
- The ‘Donald Daters’ Trump Dating App Exposed Its Users’ Data - Motherboard
- libssh 0.8.4 and 0.7.6 security and bugfix release – libssh
- Senrio
- Senrio Quick Product Demo on Vimeo