This episode sponsored by Cylance.In this week’s show Adam Boileau and Patrick Gray discuss the security news of the last few weeks, including:
- German politicians pwnt, suspect arrested
- Possible ransomware attack affects US newspapers
- Mass 2FA bypasses impacting Gmail users in Middle East
- Emergency warning system in Australia popped
- Ethereum Classic double-spend attack a sign of things to come
- EU to fund open source bug bounties
- Attackers steal details of 1,000 North Korean defectors
- Doing the Bloomberg hack for real at 35C3
- El Chapo should have used Signal
- Much, much more…
This week’s show is brought to you by Cylance! BlackBerry announced that it’s acquiring Cylance for $1.4bn (I don’t know if that’s closed yet) which is great news for all the founders and early employees there – some of whom I know reasonably well. So congrats to team Cylance on that!
But we’re not talking about that this week. Instead, Cylance’s very own Scott Scheferman joins us to talk about the MITRE ATT&CK framework and how it’s informing their product dev. There’s some product talk in that interview but there’s also some real meat there so I let it run long. Scott says we’re close to the terrible situation where security companies are going to start using MITRE ATT&CK as a marketing tool, like “Full MITRE ATT&CK coverage!”
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Arrested German hacker confesses to leaking politicians' information, report says
- Before Germany’s Massive Hack, We Learned What Not to Do With Sensitive Stolen Information - Motherboard
- What we still don’t know about the cyberattack on Tribune newspapers - The Washington Post
- Ransomware suspected in cyberattack that crippled major US newspapers | ZDNet
- How Hackers Bypass Gmail 2FA at Scale - Motherboard
- Hackers target 'hundreds' of Middle East activists with fake login pages, 2FA bypass schemes
- Hackers send fake emergency emails, texts, messages using warning system
- Coinbase suspends Ethereum Classic (ETC) trading after double-spend attacks | ZDNet
- I Gave a Bounty Hunter $300. Then He Located Our Phone - Motherboard
- EU to fund bug bounty programs for 14 open source projects starting January 2019 | ZDNet
- Hackers hijack thousands of Chromecasts to warn of latest security bug | TechCrunch
- Hackers steal personal info of 1,000 North Korean defectors | ZDNet
- Modchips - Trammell Hudson's Projects
- Hacking Group Decrypts Cache of Insurance Files Related to 9/11 Attacks - Motherboard
- Hackers Make a Fake Hand to Beat Vein Authentication - Motherboard
- You Can Now Get $1 Million for Hacking WhatsApp and iMessage - Motherboard
- Alan Feuer on Twitter: "In February 2010, an undercover FBI agent met with the target of a sensitive investigation: Christian Rodriguez, an IT specialist who had recently developed a remarkable product: an encrypted communication network for the Mexican drug lord El Chapo and his Colombian partners."
- Encrypted Messaging App Signal Says It Won’t Comply With Australia’s New Backdoor Bill - Motherboard
- Louis Theroux among those hit by Twitter hack exposing security flaw | Technology | The Guardian
- NSA to release a free reverse engineering tool | ZDNet
- Open-source tool aims to curb BGP hijacking amid Chinese espionage concerns
- ARTEMIS — neutralizing BGP hijacking within a minute | APNIC Blog
- New hardware-agnostic side-channel attack works against Windows and Linux | ZDNet
- 1901.01161.pdf
- Презентация PowerPoint
- CVE-2019-0547 | Windows DHCP Client Remote Code Execution Vulnerability
