Risky Business Podcast
February 20, 2019
Risky Business #531 -- Australia's political parties targeted, the Witt indictment and more
Presented by
CEO and Publisher
Co-host at large
Adam Boileau is along this week to discuss the week’s security news, which also features comment from Dmitri Alperovitch, Klon Kitchen and The Grugq. We cover:
- Former USAF counterintelligence official indicted over spearphishing, leaking secrets
- Australia’s major political parties targeted by APT crew that totally isn’t Chinese. (It’s Chinese)
- More on the Iran DNS hijacks
- Venezuelans phished by their own government
- China’s mass surveillance of Uyghur Muslims laid bare in data leak
- Millions of Swedes have their healthcare help-line calls exposed
- Bank of Valletta dodges a bullet, catches fraudulent transfers
- VK gets Samy’d
- Calls for GDPR-like law in USA
- Marcus “Malwaretech” Hutchins has a bad week
This week’s sponsor interview is with Jason Haddix of Bugcrowd. He’ll be along to talk a little more about what Bugcrowd calls next-generation pentests. They claim one of their tests is sufficient for compliance purposes under PCI, ISO or NIST and they’ve had a third party auditor prove that for them. They also say the service has really taken off despite being launched only a couple of months ago.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by Bugcrowd
#1 Crowdsourced Cybersecurity Platform
Show notes
Spy Betrayed U.S. to Work for Iran, Charges Say - The New York Times
Game of Thrones hacker worked with US defector to hack Air Force employees for Iran | ZDNet
Scott Morrison details cyber attack on Australia's major political parties
How China and Russia are readying themselves for a US cyber war
Chinese traders freeze Australian coal orders amid 40-day customs delays: sources | Reuters
A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
Albania expels Iranian diplomats on national security grounds | Reuters
Venezuela’s Government Appears To Be Trying to Hack Activists With Phishing Pages - Motherboard
Millions of calls to Swedish healthcare hotline left unprotected online - The Local
Hackers tried to steal €13 million from Malta's Bank of Valletta | ZDNet
Russian hackers 8 times faster than Chinese, Iranians, North Koreans, says report
White hats spread VKontakte worm after social network doesn't pay bug bounty | ZDNet
GAO gives Congress go-ahead for a GDPR-like privacy legislation | ZDNet
NSO Group founders buy back their spyware company
MalwareTech loses bid to suppress damning statements made after days of partying | Ars Technica
Researchers hide malware in Intel SGX enclaves | ZDNet
Google Play Store app rejections up 55% from last year, app suspensions up 66% | ZDNet
Behold, the Facebook phishing scam that could dupe even vigilant users | Ars Technica
(20) Facebook Popup Phishing Page (Social Login) - YouTube
Google backtracks on Chrome modifications that would have crippled ad blockers | ZDNet
Scammers Are Filing Fake Trademarks to Steal High-Value Instagram Accounts - Motherboard
Google working on new Chrome security feature to 'obliterate DOM XSS' | ZDNet
Microsoft patches 0-day vulnerabilities in IE and Exchange | Ars Technica
Apple is forcing 2FA on iOS and macOS developers
Apple being sued because two-factor authentication on an iPhone or Mac takes too much time
Forced Two Factor Auth Will Cause Issues |Apple Developer Forums