Risky Business #534 -- Manning back in clink, automotive industry under attack

The Toyota Oz plot thickens...
13 Mar 2019 » Risky Business

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:

  • Chelsea Manning back in jail
  • Citrix owned, Resecurity claims it was Iran. Again. Because reasons, apparently.
  • Huawei politics get messy
  • EXCLUSIVE: Toyota Oz, other carmakers likely targeted by APT32 (Vietnam)
  • Much, much more

This week’s sponsor is Senetas. They make layer 2 encryption gear but recently made a US$8m investment into Votiro, a Content Disarm and Reconstruction (CDR) play. Votiro CEO Aviv Grafi is this week’s sponsor guest. He stops by to explain CDR tech.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Chelsea Manning jailed after refusing to testify about WikiLeaks - CNNPolitics
Citrix discloses security breach of internal network | ZDNet
Citrix investigating unauthorized access to internal network | Citrix Blogs
Iranian-backed hackers stole data from major U.S. government contractor
Deacon Blues on Twitter: "Have about closed the loop on who is behind Resecurity, the mysterious company attributing the Citrix hack to Iran. It seems to be the work of one man, Andrey Andreevich Komarov, aka Andrew Komarov.… https://t.co/9fbWuEwqdL"
US ambassador in Berlin urges Germany to cut ties with Huawei
Pompeo warns allies Huawei presence complicates partnership with U.S. | Reuters
Huawei’s 5G equipment is a manageable risk, British intelligence claims - The Verge
UN report links North Korean hackers to theft of $571 million from cryptocurrency exchanges
China database lists 'breedready' status of 1.8 million women | World news | The Guardian
800+ Million Emails Leaked Online by Email Verification Service - Security Discovery
Releasing the NSA’s Previously Classified Tool ‘Ghidra’ For Free Is a ‘Game Changer’ - Motherboard
Facebook Suit: Ukrainian Hackers Used Quizzes to Take Data from 60,000 Users
A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificates | Ars Technica
The Prototype iPhones That Hackers Use to Research Apple’s Most Sensitive Code - Motherboard
Google reveals Chrome zero-day under active attacks | ZDNet
Pipes on Twitter: "Google TAG have run down and identified iOS, Chrome and Windows 0days in the last few weeks. @ShaneHuntley Are we going to get some insight on which group you folk are pulling apart later? Sounds like fun times 😉"
Russia blocks encrypted email provider ProtonMail | TechCrunch
Tufts expelled a student for grade hacking. She claims innocence | TechCrunch
Lamborghini-driving bitcoin trader charged with drug trafficking
Cryptocurrency entrepreneur pleads guilty in 'Bitcointopia' fraud - Los Angeles Times
Car alarms with security flaws put 3 million vehicles at risk of hijack | TechCrunch
Silencing Cylance: A Case Study in Modern EDRs – MDSec
Glitching Trezor using EMFI Through The Enclosure – Colin O’Flynn
Extracting BitLocker keys from a TPM
WDS bug lets hackers hijack Windows Servers via malformed TFTP packets | ZDNet
Cisco tells Nexus switch owners to disable POAP feature for security reasons | ZDNet
Auth0 Security Bulletin CVE-2019-7644
Votiro Disarmer Takes Cyber Security to the Next-Generation
Senetas announces $8m investment in Votiro Disarmer