Risky Business #541 -- NSO Group makes global headlines. What next?

Is the Israeli spyware vendor pushing its luck?
15 May 2019 » Risky Business

On this week’s show Patrick and Adam talk through all the week’s security news, including:

  • NSO Group WhatsApp vuln coverage goes nuclear
  • Activists targeted by NSO malware in hiding in west after CIA tipoffs
  • Cisco Trust Anchor drags on sea floor
  • Linux kernel bugs likely overhyped
  • Adobe patches insane number of CVEs
  • Microsoft patches rumoured GCHQ VEP’d RDP bug
  • New hardware bugs affect Intel processors
  • SHA-1 collisions become much more practical
  • Major US anti-virus firms owned hard

This week’s sponsor interview with Ryan Kalember of Proofpoint. Ryan is a listener, and when he heard Adam talking about how password rotations actually result in crappy passwords, it hit a nerve with him. He says Proofpoint, via its CASBY product, is seeing a lot of targeted credential stuffing campaigns cycling through variations of passwords that have appeared in dumps.

Apparently the bad guys are hip to what a typical password rotation variation looks like and they’re using this knowledge to better direct their cred stuffing attempts.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

How Hackers Broke WhatsApp With Just a Phone Call | WIRED
Israel gives 'Pegasus' spyware to countries like Saudi Arabia
CIA Sent Warnings to 3 Khashoggi Associates About New Saudi Threats | Time
WhatsApp Hack Shows End-to-End Encryption Is Pointless - Bloomberg
The NSO WhatsApp Vulnerability - This is How It Happened - Check Point Research
It’s Almost Impossible to Tell if Your iPhone Has Been Hacked - VICE
Human rights groups to ask Israeli court to revoke NSO Group’s export license
A Cisco Router Bug Has Massive Global Implications | WIRED
Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution
Security Updates Released for Adobe Flash Player, Reader, and Media Encoder
Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003 — Krebs on Security
Microsoft SharePoint vulnerability allows hackers to sift through servers, Saudi authorities warn
Two years after WannaCry, a million computers remain at risk | TechCrunch
Intel CPUs impacted by new Zombieload side-channel attack | ZDNet
ZombieLoad attack lets hackers steal data from Intel chips - The Verge
Patch status for the new MDS attacks against Intel CPUs | ZDNet
SHA-1 collision attacks are now actually practical and a looming danger | ZDNet
NVIDIA Patches High Severity Windows GPU Display Driver Flaws
Keyloggers Injected in Web Trust Seal Supply Chain Attack
Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond
New Details Emerge of Fxmsp's Hacking of Antivirus Companies
DOJ Says Chinese Hackers Attacked Anthem, but Not Why | WIRED
“RobbinHood” ransomware takes down Baltimore City government networks | Ars Technica
Julian Assange to face revived rape investigation in Sweden
Former NSA analyst charged in leak of classified documents to reporter
New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web | ZDNet
Jokeroo Ransomware as a Service Pulls an Exit Scam
Nigerian BEC Scammers Shifting to RATs As Tool of Choice
Mozilla offers research grant for a way to embed Tor inside Firefox | ZDNet
Experts Doubt Russian Claims That Cryptographic Flaw Was a Coincidence - VICE
Microsoft recommends using a separate device for administrative tasks | ZDNet
Unsecured server exposes data for 85% of all Panama citizens | ZDNet