This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:
- Cozy Bear is back, Fancy Bear has new tooling
- Russian government wants DNC lawsuit thrown out
- Cyber Command submitting samples to VirusTotal
- Google BGP shenanigans
- Australian/China Telecom BGP shenanigans
- All the recent Facebook drama
- More speculative execution bugs
- Julian Assange likely to be charged
- Vault7 leaker facing new charges
- Phineas Fisher investigation abandoned
- Bitcoin/Tether link probed by DoJ, btc in free-fall
- MUCH MOAR
This week’s show is brought to you by Proofpoint.
Sherrod DeGrippo, Proofpoint’s director of threat research and detection is this week’s sponsor guest. Surprisingly, she tells us that ransomware via email is a dead duck.
Links to everything that we discussed are below. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Russia’s Cozy Bear comes out of hiding with post-election spear-phishing blitz | Ars Technica
- Russia's Fancy Bear and Cozy Bear Hackers May Have New Phishing Tricks | WIRED
- Russia wants DNC hack lawsuit thrown out, citing international conventions | ZDNet
- Russian Trolls Sue Facebook, Their Old Propaganda Machine
- Ukraine detects new Pterodo backdoor malware, warns of Russian cyberattack | Ars Technica
- US Cyber Command starts uploading foreign APT malware to VirusTotal | ZDNet
- Google goes down after major BGP mishap routes traffic through China | Ars Technica
- How China diverts, then spies on Australia's internet traffic
- Rob Joyce on Twitter: "I hope this latest fiasco of traffic rerouting through China is the wakeup call for all of us to get serious about addressing the massive and unacceptable vulnerability inherent in today’s BGP routing architecture. https://t.co/dSTVIOltsF"
- Everything you need to know about Facebook’s latest crisis - Recode
- Facebook has been accused of peddling anti-Semitic conspiracy theories - Vox
- Yes, Facebook made mistakes in 2016. But we weren’t the only ones. - The Washington Post
- Researchers discover seven new Meltdown and Spectre attacks | ZDNet
- The US Department of Justice is reportedly preparing to indict WikiLeaks founder Julian Assange | Business Insider
- Julian Assange has been charged, prosecutors reveal inadvertently in court filing
- Accused 'Vault 7' leaker to face new charges
- Hacking Team Hacker Phineas Fisher Has Gotten Away With It - Motherboard
- Bitcoin Price Manipulated by Tether? Justice Department Probing - Bloomberg
- A Browser Extension Apparently Stole The Private Facebook Messages Of At Least 81,000 Accounts | Gizmodo Australia
- The Hack Millions of People Are Installing Themselves - Motherboard
- Facebook patches another bug that could have allowed mass-harvesting of user data | ZDNet
- Trump signs bill that creates the Cybersecurity and Infrastructure Security Agency | ZDNet
- AWS rolls out new security feature to prevent accidental S3 data leaks | ZDNet
- Most ATMs can be hacked in under 20 minutes | ZDNet
- Deserialization issues also affect Ruby, not just Java, PHP, and .NET | ZDNet
- Adobe ColdFusion servers under attack from APT group | ZDNet
- VirtualBox zero-day published by disgruntled researcher | ZDNet
- Office 365, Azure users are locked out after a global multi-factor authentication outage | TechCrunch
- Cisco says a flaw in its Adaptive Security Appliance allows remote attacks
- He Helped People Cheat at Grand Theft Auto. Then His Home Was Raided. - The New York Times
- Proofpoint
