This episode sponsored by Bugcrowd.Adam Boileau is along this week to discuss the week’s security news. We cover:
- FSB contractor gets itself a whole lotta owned
- NSO Group pitches cloud access
- Hal Martin gets 9 years
- NSA to launch defensive division
- Bulgarian breach data exposed
- DataSpii scandal a 2019 privacy case study
- Google boots DarkMatter certificates from Chrome and Android
- Equifax fined $700m
- Horror show bugs in enterprise VPN concentrators from Palo Alto, Fortinet
- Microsoft demos ElectionGuard SDK (looks pretty cool)
This week’s sponsor interview is with Casey Ellis of Bugcrowd. We’ll talk about how organisations are increasingly doing bug bounties on technology they use, not just technology they develop. And then we’ll be talking about a new thing Bugcrowd is doing – Bugcrowd for marketplaces.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Hackers breach FSB contractor, expose Tor deanonymization project and more | ZDNet
- Report: NSO Group's Pegasus Spyware Can Break Into Cloud Services, Transmit User Data To Server | Gizmodo Australia
- Contractor who stole 50TB of NSA data gets nine years in prison | ZDNet
- Think FaceApp Is Scary? Wait Till You Hear About Facebook | WIRED
- Europe’s Galileo Satellite Outage Serves as a Warning | WIRED
- NSA to establish a defense-minded division named the Cybersecurity Directorate | ZDNet
- US Govt Rolls Out New DNS Security Measures for .gov Domains
- U.S. Cyber Command simulated a seaport cyberattack to test digital readiness
- ‘We have to hit the problem the way it hits us’: How the FBI tracks a range of hacking threats
- Barr Says Police Need Encryption Backdoors, Doesn’t Mention Hacking Tools They Use All the Time - VICE
- Bulgaria's hacked database is now available on hacking forums | ZDNet
- Bulgaria hacking suspect worked on government cybersecurity before tax agency breach
- My browser, the spy: How extensions slurped up browsing histories from 4M users | Ars Technica
- More on DataSpii: How extensions hide their data grabs—and how they’re discovered | Ars Technica
- Google bans DarkMatter certificates from Chrome and Android | ZDNet
- Chances of destructive BlueKeep exploit rise with new explainer posted online | Ars Technica
- Teenage hackers are offered a second chance under European experiment
- Vigilante Hacker ‘Phineas Fisher’ Denies Working for the Russian Government - VICE
- $700 Million Equifax Fine Is Still Too Little, Too Late | WIRED
- Flaws in widely used corporate VPNs put company secrets at risk | TechCrunch
- Siemens contractor pleads guilty to planting logic bomb in company spreadsheets | ZDNet
- Hackers Exploit Jira, Exim Linux Servers to "Keep the Internet Safe'
- 10,000 Microsoft customers targeted by nation-state attacks in the last year
- Mozilla Firefox Tor Mode Likely to Start as a Browser Addon
- Firefox to Warn When Saved Logins are Found in Data Breaches
- Microsoft demos ElectionGuard technology for securing electronic voting machines | ZDNet
- Kazakhstan government is now intercepting all HTTPS traffic | ZDNet
- Data Broker LocationSmart Will Fight Class Action Lawsuit Over Selling AT&T Data - VICE
- Slack resets passwords for 1% of its users because of 2015 hack | ZDNet
- BEC Scams Average $301 Million Per Month In Illegal Transfers
- Malicious Python libraries targeting Linux servers removed from PyPI | ZDNet
- Gigabyte and Lenovo servers impacted by common BMC firmware flaws | ZDNet
- Cracked Tesla 3 Windshield Leads to $10,000 Bug Bounty
- Inside Apple Factory Thefts: Secret Tunnels, Hidden Crawl Spaces — The Information
