Risky Business Podcast

May 15, 2019

Risky Business #541 -- NSO Group makes global headlines. What next?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Adam talk through all the week’s security news, including:

  • NSO Group WhatsApp vuln coverage goes nuclear
  • Activists targeted by NSO malware in hiding in west after CIA tipoffs
  • Cisco Trust Anchor drags on sea floor
  • Linux kernel bugs likely overhyped
  • Adobe patches insane number of CVEs
  • Microsoft patches rumoured GCHQ VEP’d RDP bug
  • New hardware bugs affect Intel processors
  • SHA-1 collisions become much more practical
  • Major US anti-virus firms owned hard

This week’s sponsor interview with Ryan Kalember of Proofpoint. Ryan is a listener, and when he heard Adam talking about how password rotations actually result in crappy passwords, it hit a nerve with him. He says Proofpoint, via its CASBY product, is seeing a lot of targeted credential stuffing campaigns cycling through variations of passwords that have appeared in dumps.

Apparently the bad guys are hip to what a typical password rotation variation looks like and they’re using this knowledge to better direct their cred stuffing attempts.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #541 -- NSO Group makes global headlines. What next?
0:00 / 0:00

Show notes

How Hackers Broke WhatsApp With Just a Phone Call | WIRED

Israel gives 'Pegasus' spyware to countries like Saudi Arabia

CIA Sent Warnings to 3 Khashoggi Associates About New Saudi Threats | Time

WhatsApp Hack Shows End-to-End Encryption Is Pointless - Bloomberg

The NSO WhatsApp Vulnerability - This is How It Happened - Check Point Research

It’s Almost Impossible to Tell if Your iPhone Has Been Hacked - VICE

Human rights groups to ask Israeli court to revoke NSO Group’s export license

A Cisco Router Bug Has Massive Global Implications | WIRED

Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution

Security Updates Released for Adobe Flash Player, Reader, and Media Encoder

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003 — Krebs on Security

Microsoft SharePoint vulnerability allows hackers to sift through servers, Saudi authorities warn

Two years after WannaCry, a million computers remain at risk | TechCrunch

Intel CPUs impacted by new Zombieload side-channel attack | ZDNet

ZombieLoad attack lets hackers steal data from Intel chips - The Verge

Patch status for the new MDS attacks against Intel CPUs | ZDNet

SHA-1 collision attacks are now actually practical and a looming danger | ZDNet

NVIDIA Patches High Severity Windows GPU Display Driver Flaws

Keyloggers Injected in Web Trust Seal Supply Chain Attack

Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond

New Details Emerge of Fxmsp's Hacking of Antivirus Companies

DOJ Says Chinese Hackers Attacked Anthem, but Not Why | WIRED

“RobbinHood” ransomware takes down Baltimore City government networks | Ars Technica

Julian Assange to face revived rape investigation in Sweden

Former NSA analyst charged in leak of classified documents to reporter

New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web | ZDNet

Jokeroo Ransomware as a Service Pulls an Exit Scam

Nigerian BEC Scammers Shifting to RATs As Tool of Choice

Mozilla offers research grant for a way to embed Tor inside Firefox | ZDNet

Experts Doubt Russian Claims That Cryptographic Flaw Was a Coincidence - VICE

Microsoft recommends using a separate device for administrative tasks | ZDNet

Unsecured server exposes data for 85% of all Panama citizens | ZDNet