This episode sponsored by Cmd Security.On this week’s show Patrick and Adam talk through all the week’s security news, including:
- New executive order paved way for Huawei ban
- Google pulls service from Huawei
- No wait, that’s not right, it’s for new handsets
- The ban’s now reversed to allow them to continue the support that they didn’t have to discontinue?
- I’m so confused
- ¯_(ツ)_/¯
- Israeli broadcaster fingers Hamas over Eurovision coverage hack
- New moves to regulate offensive cyber services
- Salesforce has a bad time
- Instagram influencers have a bad time (Hah!)
- OGUsers pwned
- Much, much more
This week’s show is brought to you by CMD Security. They make security software for Linux that does two things – firstly it gives you visibility into what’s happening on your Linux workloads, which actions are being performed by which accounts, that sort of thing. The second thing it does is allow you to lock down accounts by action, rather than by traditional privilege. They’re funded by Google Ventures, among others, and although they’re a relatively small and new company I think they’re going to do really well.
Jake was just at a MITRE conference in Brussels that was all about the Attack Matrix. He’s joining me this week to have a bit of talk about his experience at that event, then we’ll be talking through some of the issues he’s seeing out there in Linux cloud workload land. Jake’s a great communicator and a very smart guy and that interview is a lot of fun.
Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- White House executive order sets path for ban on Huawei
- Exclusive: Google suspends some business with Huawei after Trump blacklist - source - Reuters
- Google's Huawei Android restrictions: what does it mean for you? [Updated] | TechRadar
- Trump grants temporary reprieve from Huawei ban | Financial Times
- Israel’s national broadcaster accuses Hamas of Eurovision hack | Jewish News
- Lawmakers seek probe on U.S. hacking services sold globally - Reuters
- U.S. lawmakers call on spy chief to rein in spread of hacking tools - Reuters
- Facebook bans Israeli company that's been sharing disinfo on West African politics
- Faulty database script brings Salesforce to its knees | ZDNet
- Millions of Instagram influencers had their private contact data scraped and exposed | TechCrunch
- Account Hijacking Forum OGusers Hacked — Krebs on Security
- The Most Expensive Lesson Of My Life: Details of SIM port hack
- Chinese cyberspies breached TeamViewer in 2016 | ZDNet
- Baltimore ransomware nightmare could last weeks more, with big consequences | Ars Technica
- Ohio school sends students home because of Trickbot malware infection | ZDNet
- Google Will Replace Titan Security Key Over a Bluetooth Flaw | WIRED
- Bluetooth's Complexity Has Become a Security Risk | WIRED
- First official version of Tor Browser for Android released on the Play Store | ZDNet
- Root account misconfigurations found in 20% of top 1,000 Docker containers | ZDNet
- The Crowd, The Source… – CTUS.IO
- New windows LPE from non-admin :) : AskNetsec
- How CSIRO Computers Were Secretly Used To Mine Bitcoin | 10 daily
- Company behind LeakedSource pleads guilty in Canada | ZDNet
- Bots Tampering with TLS to Avoid Detection - Akamai Security Intelligence and Threat Research Blog
- Hackers abuse ASUS cloud service to install backdoor on users’ PCs | Ars Technica
- The radio navigation planes use to land safely is insecure and can be hacked | Ars Technica
- 1801 - Visual Voicemail for iPhone: Use-after-free in IMAP NAMESPACE processing - project-zero - Monorail
- Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site
- Microsoft releases new version of Attack Surface Analyzer utility | ZDNet
- Cisco Upgrades Remote Code Execution Flaws to Critical Severity
- Additional mitigations for speculative execution vulnerabilities in Intel CPUs - Apple Support
- AT&T Homepage Mistakenly Warns Users of a Non-Existent Data Breach - VICE
- Encryption fix may now be dead - InnovationsAus.com
- Request a live demo_
