Risky Business #518 -- "Russian Cambridge Analytica" booted off Facebook after token hack

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:

  • More info on the Facebook token hack
  • Facebook boots “Russian Cambridge Analytica” off platform
  • Chinese MSS officer extradited to USA after being lured to Belgium
  • NotPetya linked to Sandworm crew
  • Czech intelligence services kill Hezbollah APT
  • Pentagon travel records pwnt
  • No, Khashoggi’s Apple Watch didn’t record his death
  • Apple takes aim at Australia’s AA Bill
  • US voter records for sale in hack forums
  • PHP 5 support ends soon, netpocalypse to commence shortly afterward
  • The world’s most hilarious libssh bug
  • PLUS MOAR

This week’s show is sponsored by Senrio.

Senrio is best known for doing IoT identification, classification, visualisation and anomaly detection, but they’ve now applied the same approach to general IT. Stephen will be along later in the show to talk about what they’ve been able to engineer here. I’ve actually been working with them on this (in a limited capacity) for a few months and it’s very interesting stuff.

So yeah he’s talking about a feature release, then he’ll be releasing some open source tooling that mine your network metadata and spot interactive shells in your environment, which is handy, and then he’s going to preview some free training he’s doing with some other very well respected security people in New York soon.

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #518 -- "Russian Cambridge Analytica" booted off Facebook after token hack
0:00 / 0:00

Show notes

Facebook Says 14 Million People Got Their Location Data and Private Search History Stolen - Motherboard

Facebook disables accounts for Russian firm claiming to sell scraped user data - CNET

In a first, a Chinese spy is extradited to the U.S. after stealing technology secrets, Justice Dept. says - The Washington Post

Researchers link tools used in NotPetya and Ukraine grid hacks

Czech intelligence service shuts down Hezbollah hacking operation | ZDNet

Breach of Pentagon travel records exposes defense personnel PII

Why missing Saudi journalist’s Apple Watch is an interesting, but unlikely, lead | TechCrunch

Apple rebukes Australia’s “dangerously ambiguous” anti-encryption bill | TechCrunch

US voter records from 19 states sold on hacking forum | ZDNet

Ransomware hits computer networks of North Carolina water utility

Around 62 percent of all Internet sites will run an unsupported PHP version in 10 weeks | ZDNet

A mysterious grey-hat is patching people's outdated MikroTik routers | ZDNet

Sony working on a fix for bug that's crashing PlayStation 4 consoles | ZDNet

Microsoft JET vulnerability still open to attacks, despite recent patch | ZDNet

Proof-of-concept code published for Microsoft Edge remote code execution bug | ZDNet

WhatsApp fixes bug that let hackers take over app when answering a video call | ZDNet

Kanye's Password, a WhatsApp Bug, and More Security News This Week | WIRED

The ‘Donald Daters’ Trump Dating App Exposed Its Users’ Data - Motherboard

libssh 0.8.4 and 0.7.6 security and bugfix release – libssh

Senrio

Senrio Quick Product Demo on Vimeo