This week’s show features Patrick Gray and Adam Boileau discussing the week’s security news, including:
- The Marriott, Quora, Dell and Sky Brazil data breaches
- Kashoggi associate to sue NSO Group
- Australia’s AA Bill set to pass
- NZ give Huawei the boot
- AutoCAD malware targets key verticals
- Republicans’ 2018 campaign hacked
- Czech government blames Russia for intrusions into key systems
- Horror-show bug in Kubernetes
This week’s show is brought to you by Duo Security, big thanks to Duo for that! In this week’s sponsor interview we’ll be chatting with Duo Security’s very own Dave Lewis about some Beyond Corp stuff. Beyond Corp is the enterprise computing model of the future and Dave will be along after this week’s news to talk about some of its finer points.
Links to everything that we discussed are below. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Marriott: Data on 500 Million Guests Stolen in 4-Year Breach — Krebs on Security
- Marriott sued hours after announcing data breach | ZDNet
- Quora Announces Data Breach of 100 Million Users - Motherboard
- Dell announces security breach | ZDNet
- Sky Brasil exposes data of 32 million subscribers | ZDNet
- Israeli Software Helped Saudis Spy on Khashoggi, Lawsuit Says - The New York Times
- Police, spies gain powers to access encrypted messages after political deal struck
- GCHQ’s not-so-smart idea to spy on encrypted messaging apps is branded ‘absolute madness’ | TechCrunch
- Principles for a More Informed Exceptional Access Debate - Lawfare
- Defence department exposed by Chinese hackers
- 'Watering hole' attacks: How China's hackers went after think tanks and universities
- Huawei banned from New Zealand's 5G mobile network over security concerns - ABC News (Australian Broadcasting Corporation)
- 20180717_HCSEC_Oversight_Board_Report_2018_-_FINAL.pdf
- UK and Germany grow wary of Huawei as US turns up pressure | Financial Times
- New industrial espionage campaign leverages AutoCAD-based malware | ZDNet
- House Republican campaign arm hacked during 2018 election
- Czech Republic blames Russia for multiple government network hacks | ZDNet
- Magecart Group Ups Ante: Now Goes After Admin Credentials | Threatpost | The first stop for security news
- FBI dismantles gigantic ad fraud scheme operating across over one million IPs | ZDNet
- After Microsoft complaints, Indian police arrest tech support scammers at 26 call centers | ZDNet
- "WeChat Payment" ransomware makers are locked in transmission, harm and epidemic ultimate decryption
- Kubernetes' first major security hole discovered | ZDNet
- Researchers discover SplitSpectre, a new Spectre-like CPU attack | ZDNet
- Hackers are opening SMB ports on routers so they can infect PCs with NSA malware | ZDNet
- Microsoft warns about two apps that installed root certificates then leaked the private keys | ZDNet
- Project Zero: Adventures in Video Conferencing Part 1: The Wild World of WebRTC
- Cyber attack victims face disputes with insurers | Financial Times
- unprivileged users with UID > INT_MAX can successfully execute any systemctl command (#74) · Issues · polkit / polkit · GitLab