Adam Boileau is along this week to discuss the week’s security news, which also features comment from Dmitri Alperovitch, Klon Kitchen and The Grugq. We cover:
- Former USAF counterintelligence official indicted over spearphishing, leaking secrets
- Australia’s major political parties targeted by APT crew that totally isn’t Chinese. (It’s Chinese)
- More on the Iran DNS hijacks
- Venezuelans phished by their own government
- China’s mass surveillance of Uyghur Muslims laid bare in data leak
- Millions of Swedes have their healthcare help-line calls exposed
- Bank of Valletta dodges a bullet, catches fraudulent transfers
- VK gets Samy’d
- Calls for GDPR-like law in USA
- Marcus “Malwaretech” Hutchins has a bad week
This week’s sponsor interview is with Jason Haddix of Bugcrowd. He’ll be along to talk a little more about what Bugcrowd calls next-generation pentests. They claim one of their tests is sufficient for compliance purposes under PCI, ISO or NIST and they’ve had a third party auditor prove that for them. They also say the service has really taken off despite being launched only a couple of months ago.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Air Force Defector to Iran Severely Damaged U.S. Intelligence Efforts, Ex-Officials Say - The New York Times
- Spy Betrayed U.S. to Work for Iran, Charges Say - The New York Times
- Game of Thrones hacker worked with US defector to hack Air Force employees for Iran | ZDNet
- Scott Morrison details cyber attack on Australia's major political parties
- How China and Russia are readying themselves for a US cyber war
- Chinese traders freeze Australian coal orders amid 40-day customs delays: sources | Reuters
- A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
- Albania expels Iranian diplomats on national security grounds | Reuters
- Venezuela’s Government Appears To Be Trying to Hack Activists With Phishing Pages - Motherboard
- China's mass surveillance of Uyghur Muslims in Xinjiang province revealed in data security flaw - ABC News (Australian Broadcasting Corporation)
- Millions of calls to Swedish healthcare hotline left unprotected online - The Local
- Hackers tried to steal €13 million from Malta's Bank of Valletta | ZDNet
- State of the Hack S2E01: #NoEasyBreach REVISITED « State of the Hack S2E01: #NoEasyBreach REVISITED | FireEye Inc
- Russian hackers 8 times faster than Chinese, Iranians, North Koreans, says report
- White hats spread VKontakte worm after social network doesn't pay bug bounty | ZDNet
- You Don't Get To Learn How The FBI Tried To Crack Facebook Messenger Encryption, Judge Rules | Gizmodo Australia
- GAO gives Congress go-ahead for a GDPR-like privacy legislation | ZDNet
- NSO Group founders buy back their spyware company
- MalwareTech loses bid to suppress damning statements made after days of partying | Ars Technica
- Researchers hide malware in Intel SGX enclaves | ZDNet
- Google Play Store app rejections up 55% from last year, app suspensions up 66% | ZDNet
- Behold, the Facebook phishing scam that could dupe even vigilant users | Ars Technica
- (20) Facebook Popup Phishing Page (Social Login) - YouTube
- Google backtracks on Chrome modifications that would have crippled ad blockers | ZDNet
- Scammers Are Filing Fake Trademarks to Steal High-Value Instagram Accounts - Motherboard
- Google working on new Chrome security feature to 'obliterate DOM XSS' | ZDNet
- Microsoft patches 0-day vulnerabilities in IE and Exchange | Ars Technica
- Apple is forcing 2FA on iOS and macOS developers
- Apple being sued because two-factor authentication on an iPhone or Mac takes too much time
- Forced Two Factor Auth Will Cause Issues |Apple Developer Forums
- Aspen Tech Policy Hub - A Silicon Valley-Style Think Tank
- Next Gen Pen Testing