Risky Business Podcast
May 22, 2019
Risky Business #542 -- Confusion reigns over Huawei ban
Presented by
CEO and Publisher
Technology Editor
On this week’s show Patrick and Adam talk through all the week’s security news, including:
- New executive order paved way for Huawei ban
- Google pulls service from Huawei
- No wait, that’s not right, it’s for new handsets
- The ban’s now reversed to allow them to continue the support that they didn’t have to discontinue?
- I’m so confused
- ¯_(ツ)_/¯
- Israeli broadcaster fingers Hamas over Eurovision coverage hack
- New moves to regulate offensive cyber services
- Salesforce has a bad time
- Instagram influencers have a bad time (Hah!)
- OGUsers pwned
- Much, much more
This week’s show is brought to you by CMD Security. They make security software for Linux that does two things – firstly it gives you visibility into what’s happening on your Linux workloads, which actions are being performed by which accounts, that sort of thing. The second thing it does is allow you to lock down accounts by action, rather than by traditional privilege. They’re funded by Google Ventures, among others, and although they’re a relatively small and new company I think they’re going to do really well.
Jake was just at a MITRE conference in Brussels that was all about the Attack Matrix. He’s joining me this week to have a bit of talk about his experience at that event, then we’ll be talking through some of the issues he’s seeing out there in Linux cloud workload land. Jake’s a great communicator and a very smart guy and that interview is a lot of fun.
Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by Cmd Security
Defense in depth for Linux
Show notes
White House executive order sets path for ban on Huawei
Exclusive: Google suspends some business with Huawei after Trump blacklist - source - Reuters
Google's Huawei Android restrictions: what does it mean for you? [Updated] | TechRadar
Trump grants temporary reprieve from Huawei ban | Financial Times
Israel’s national broadcaster accuses Hamas of Eurovision hack | Jewish News
Lawmakers seek probe on U.S. hacking services sold globally - Reuters
U.S. lawmakers call on spy chief to rein in spread of hacking tools - Reuters
Facebook bans Israeli company that's been sharing disinfo on West African politics
Faulty database script brings Salesforce to its knees | ZDNet
Millions of Instagram influencers had their private contact data scraped and exposed | TechCrunch
Account Hijacking Forum OGusers Hacked — Krebs on Security
The Most Expensive Lesson Of My Life: Details of SIM port hack
Chinese cyberspies breached TeamViewer in 2016 | ZDNet
Baltimore ransomware nightmare could last weeks more, with big consequences | Ars Technica
Ohio school sends students home because of Trickbot malware infection | ZDNet
Google Will Replace Titan Security Key Over a Bluetooth Flaw | WIRED
Bluetooth's Complexity Has Become a Security Risk | WIRED
First official version of Tor Browser for Android released on the Play Store | ZDNet
Root account misconfigurations found in 20% of top 1,000 Docker containers | ZDNet
The Crowd, The Source… – CTUS.IO
New windows LPE from non-admin :) : AskNetsec
How CSIRO Computers Were Secretly Used To Mine Bitcoin | 10 daily
Company behind LeakedSource pleads guilty in Canada | ZDNet
Bots Tampering with TLS to Avoid Detection - Akamai Security Intelligence and Threat Research Blog
Hackers abuse ASUS cloud service to install backdoor on users’ PCs | Ars Technica
The radio navigation planes use to land safely is insecure and can be hacked | Ars Technica
Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site
Microsoft releases new version of Attack Surface Analyzer utility | ZDNet
Cisco Upgrades Remote Code Execution Flaws to Critical Severity
Additional mitigations for speculative execution vulnerabilities in Intel CPUs - Apple Support
AT&T Homepage Mistakenly Warns Users of a Non-Existent Data Breach - VICE