Risky Business Podcast

May 01, 2019

Risky Business #539 -- Docker Hub owned, Cloudflare, Bloomberg under fire

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Docker Hub owned
  • That Confluence bug we were talking about a couple of weeks ago got wormified
  • Oracle WebLogic users also having a bad time
  • Cloudflare faces investor pressure over providing services to Nazis
  • Slack warns investors of possible nation-state attacks against it
  • Norsk Hydro puts dollar value on ransomware incident
  • Bloomberg publishes another ridiculous security story
  • Much, much more!

This week’s sponsor interview is with Casey Ellis, the CTO and co-founder of Bugcrowd.

As most of you are probably aware, Bugcrowd announced its so-called “next generation penetration testing” product last year, a move followed some months later by its competitor HackerOne. With others in the bounty space already offering these types of penetration testing packages, it looks like these efforts are here to stay.

But where do crowdsourced penetration tests sit in the wider penetration testing market? Are they coming after the Insomnia and Atredis Partners type firms? The NCCs? The shonky nessus-scan “penetration testers”? Well, not surprisingly Casey argues that this is a new sub-niche in the market and he makes a pretty compelling case to support that argument.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #539 -- Docker Hub owned, Cloudflare, Bloomberg under fire
0:00 / 0:00

Show notes

Docker Hub hack exposed data of 190,000 users | ZDNet

two-factor authentication · Issue #358 · docker/hub-feedback · GitHub

Slack warns investors of a high risk of cyber-attacks impacting stock performance | ZDNet

Vulnerable Confluence Servers Get Infected with Ransomware, Trojans

Recent Oracle WebLogic zero-day used to infect servers with ransomware | ZDNet

Norsk Hydro: Attack Cost $50M « isssource.com

The SIM Swap Fix That the US Isn't Using | WIRED

California synagogue shooting casts harsh light on mutual-fund darling Cloudflare - Reuters

Sleeping Giants on Twitter: "REMINDER: 8Chan, where the anti-Semitic shooter from today AND the New Zealand shooter posted manifestos and their fans cheer the killings, is protected by @Cloudflare and their CEO @eastdakota, who doesn’t have any regrets about it at all.… https://t.co/8XKghBMW94"

Catalin Cimpanu on Twitter: "Today in infosec news: Another low-quality Bloomberg article where the reporter converts a random 10-year-old long-time-patched vulnerability into a national security threat.... because Bloomberg reporters get paid for "market-shifting news" ....which means "horrendous clickbait"… https://t.co/3IOoj08g0Q"

Oh dear. Secret Huawei enterprise router snoop 'backdoor' was Telnet service, sighs Vodafone • The Register

Man who allegedly leaked CIA hacking tools says he's been tortured and is owed $50 billion

Hackers Steal and Ransom Financial Data Related to Some of the World’s Largest Companies - Motherboard

NSA's Russian cyberthreat task force is now permanent

DNS hacks are attacks on critical infrastructure, senior U.S. diplomat says

New DHS order pushes agencies to quickly patch vulnerabilities

Microsoft is considering dropping its Windows password expiration policy | TechCrunch

Microsoft Outlook Email Breach Targeted Cryptocurrency Users - Motherboard

Chinese dev jailed and fined for posting DJI's private keys on Github • The Register

Probable Russian Navy covert camera whale discovered by Norwegians | Ars Technica

CARBANAK Week Part Four: The CARBANAK Desktop Video Player « CARBANAK Week Part Four: The CARBANAK Desktop Video Player | FireEye Inc

Port Scanning, Spoofing & Blacklists – notdan – Medium

Bat bomb - Wikipedia

Project Pigeon - Wikipedia

Next Gen Pen Testing