On this week’s show Adam and Patrick discuss the week’s security news:
- Cyber Command kicks the IRA off the Internet on election day
- WSJ reporting on Iran vs Australia likely incorrect
- Two Russian cybersecurity professionals sentenced over treason
- DPRK spearphishing US summit participants
- LOTS of technical news and research this week
This week’s show is brought to you by Remediant. Their CEO Tim Keeler will be along in this week’s sponsor segment to talk about how they’re doing “virtual directory binding” to make managing Linux accounts via Active Directory less traumatic. If you’re struggling with horrible, horrible PAM solutions in your devops environments have a listen to that one.
*** NOTE FROM PAT: I made some mistakes in the recording phase of this week’s show. As a result, my vocal audio is pretty atrocious. Sorry! ***
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Cyber Command put the kibosh on Russian trolls during the midterms
- Iranian Group Blamed for Cyberattack on Australia’s Parliament - WSJ
- China, not Iran, still the main suspect in hacking of Australia's political parties, say sources
- Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison — Krebs on Security
- North Korean hackers go on phishing expedition before Trump-Kim summit
- Supermicro hardware weaknesses let researchers backdoor an IBM cloud server | Ars Technica
- The Missing Security Primer for Bare Metal Cloud Services – Eclypsium
- The secret lives of Facebook moderators in America - The Verge
- CRXcavator: Democratizing Chrome Extension Security | Duo Security
- CRXcavator
- Toyota Australia says no customer data taken in attempted cyber attack | Business | The Guardian
- Toyota Australia hack update | Automotive Industry News | just-auto
- Many websites threatened by highly critical code-execution bug in Drupal | Ars Technica
- It took hackers only three days to start exploiting latest Drupal bug | ZDNet
- Former Hacking Team Members Are Now Spying on the Blockchain for Coinbase - Motherboard
- attachment.cgi
- For many crooks, malware is out and PowerShell attacks are in, IBM says
- New flaws in 4G, 5G allow attackers to intercept calls and track phone locations | TechCrunch
- Cryptocurrency wallet caught sending user passwords to Google's spellchecker | ZDNet
- POS firm says hackers planted malware on customer networks | ZDNet
- Surveillance firm asks Mozilla to be included in Firefox's certificate whitelist | ZDNet
- New browser attack lets hackers run bad code even after users leave a web page | ZDNet
- WinRAR versions released in the last 19 years impacted by severe security flaw | ZDNet
- Dow Jones’ watchlist of 2.4 million high-risk clients has leaked | TechCrunch
- Intel open-sources HBFA app to help with firmware security testing | ZDNet
- Thunderclap flaws impact how Windows, Mac, Linux handle Thunderbolt peripherals | ZDNet
- Spain investigates raid on North Korean embassy: sources | Reuters
- Conference | 0xCC | Melbourne