This episode sponsored by Duo Security.On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- IDF takes out Hamas cyber HQ (Features commentary from Bobby Chesney and Klon Kitchen)
- NYTimes mangles Symantec’s “Buckeye” research
- Lots of dark web arrests
- SAP exploits not all they’re cracked up to be
- Magecart-style attacks spread to other platforms
- Tech-led crackdown on Chinese-muslims intensifies
- Japan to create “defensive malware”
This week’s sponsor interview is with Duo Security advisory CSO Richard Archdeacon and we’ll be talking about zero trust networks. Richard isn’t so worried about every vendor under the sun claiming to be a zero trust tech company. He doesn’t think that’s going to derail the move to zero trust architectures because the move towards them is too strong.
Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Israel Defense Forces on Twitter: "CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.… https://t.co/rL86R93V7P"
- Crossing a Cyber Rubicon? Overreactions to the IDF’s Strike on the Hamas Cyber Facility - Lawfare
- Daniel Moore on Twitter: "It's also possible that they claim this is a kinetic response to a cyber-attack, but in reality the IDF is just bombing more convenient, low-risk elements of Hamas out of its extensive target bank. So possibly more capitalising on an opportunity than direct retaliation.… https://t.co/uFSn4Ql8Nu"
- Inbar Raz on Twitter: "If there had been only one strike, and it had been directed at the Cyber unit, then that would have been a remarkable and unusual event. But it wasn’t. It’s just one more building with “Hamas” written all over it. 3/N… https://t.co/hPfy1ulmsE"
- Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak | Symantec Blogs
- How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks - The New York Times
- A Mysterious Hacker Group Is On a Supply Chain Hijacking Spree | WIRED
- FBI has seized Deep Dot Web and arrested its administrators | TechCrunch
- Law enforcement seizes dark web market after moderator leaks backend credentials | ZDNet
- Public 10KBLAZE Exploits May Impact 90% of SAP Production Systems
- sap_ms/README.md at master · gelim/sap_ms · GitHub
- JavaScript card sniffing attacks spread to other e-commerce platforms | ZDNet
- A hacker is wiping Git repositories and asking for a ransom | ZDNet
- Mysterious hacker has been selling Windows 0-days to APT groups for three years | ZDNet
- China uses biometrics and digital scanning 'data doors' to track Muslim minority | ZDNet
- Uyghurs the People of Xinjiang - Rear Vision - ABC Radio National (Australian Broadcasting Corporation)
- CIA sets up shop on the anonymous, encrypted Tor network - CNET
- China making 'rapid progress' on potency of cyber-operations, Pentagon says
- Japanese government to create and maintain defensive malware | ZDNet
- Hacker takes over 29 IoT botnets | ZDNet
- Only six TSA staffers are overseeing US oil & gas pipeline security | ZDNet
- Dutch intelligence warns of escalating Russian, Chinese cyberattacks in the Netherlands
- NSA unmasked more U.S. entities caught in foreign cyber-espionage efforts last year
- WordPress finally gets the security features a third of the Internet deserves | ZDNet
- Verizon, T-Mobile, Sprint, and AT&T Hit With Class Action Lawsuit Over Selling Customers’ Location Data - VICE
- Firefox add-ons disabled en masse after Mozilla certificate issue | ZDNet
- Labor asks questions of WeChat over doctored accounts, 'fake news'
- Evil Clippy Makes Malicious Office Docs that Dodge Detection
- Dell laptops and computers vulnerable to remote hijacks | ZDNet
- AWS IAM Exploitation – Security Risk Advisors
- Zero Trust Evaluation Guide: For the Workforce | Duo Security
