Risky Business Podcast
February 20, 2019
Risky Business #531 -- Australia's political parties targeted, the Witt indictment and more
Presented by
CEO and Publisher
Technology Editor
Adam Boileau is along this week to discuss the week’s security news, which also features comment from Dmitri Alperovitch, Klon Kitchen and The Grugq. We cover:
- Former USAF counterintelligence official indicted over spearphishing, leaking secrets
- Australia’s major political parties targeted by APT crew that totally isn’t Chinese. (It’s Chinese)
- More on the Iran DNS hijacks
- Venezuelans phished by their own government
- China’s mass surveillance of Uyghur Muslims laid bare in data leak
- Millions of Swedes have their healthcare help-line calls exposed
- Bank of Valletta dodges a bullet, catches fraudulent transfers
- VK gets Samy’d
- Calls for GDPR-like law in USA
- Marcus “Malwaretech” Hutchins has a bad week
This week’s sponsor interview is with Jason Haddix of Bugcrowd. He’ll be along to talk a little more about what Bugcrowd calls next-generation pentests. They claim one of their tests is sufficient for compliance purposes under PCI, ISO or NIST and they’ve had a third party auditor prove that for them. They also say the service has really taken off despite being launched only a couple of months ago.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by Bugcrowd
#1 Crowdsourced Cybersecurity Platform
Show notes
Spy Betrayed U.S. to Work for Iran, Charges Say - The New York Times
Game of Thrones hacker worked with US defector to hack Air Force employees for Iran | ZDNet
Scott Morrison details cyber attack on Australia's major political parties
How China and Russia are readying themselves for a US cyber war
Chinese traders freeze Australian coal orders amid 40-day customs delays: sources | Reuters
A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
Albania expels Iranian diplomats on national security grounds | Reuters
Venezuela’s Government Appears To Be Trying to Hack Activists With Phishing Pages - Motherboard
Millions of calls to Swedish healthcare hotline left unprotected online - The Local
Hackers tried to steal €13 million from Malta's Bank of Valletta | ZDNet
Russian hackers 8 times faster than Chinese, Iranians, North Koreans, says report
White hats spread VKontakte worm after social network doesn't pay bug bounty | ZDNet
GAO gives Congress go-ahead for a GDPR-like privacy legislation | ZDNet
NSO Group founders buy back their spyware company
MalwareTech loses bid to suppress damning statements made after days of partying | Ars Technica
Researchers hide malware in Intel SGX enclaves | ZDNet
Google Play Store app rejections up 55% from last year, app suspensions up 66% | ZDNet
Behold, the Facebook phishing scam that could dupe even vigilant users | Ars Technica
(20) Facebook Popup Phishing Page (Social Login) - YouTube
Google backtracks on Chrome modifications that would have crippled ad blockers | ZDNet
Scammers Are Filing Fake Trademarks to Steal High-Value Instagram Accounts - Motherboard
Google working on new Chrome security feature to 'obliterate DOM XSS' | ZDNet
Microsoft patches 0-day vulnerabilities in IE and Exchange | Ars Technica
Apple is forcing 2FA on iOS and macOS developers
Apple being sued because two-factor authentication on an iPhone or Mac takes too much time
Forced Two Factor Auth Will Cause Issues |Apple Developer Forums