Risky Business #549 -- FSB contractor breached, Equifax fined, NSO Group targets cloud

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

Adam Boileau is along this week to discuss the week’s security news. We cover:

  • FSB contractor gets itself a whole lotta owned
  • NSO Group pitches cloud access
  • Hal Martin gets 9 years
  • NSA to launch defensive division
  • Bulgarian breach data exposed
  • DataSpii scandal a 2019 privacy case study
  • Google boots DarkMatter certificates from Chrome and Android
  • Equifax fined $700m
  • Horror show bugs in enterprise VPN concentrators from Palo Alto, Fortinet
  • Microsoft demos ElectionGuard SDK (looks pretty cool)

This week’s sponsor interview is with Casey Ellis of Bugcrowd. We’ll talk about how organisations are increasingly doing bug bounties on technology they use, not just technology they develop. And then we’ll be talking about a new thing Bugcrowd is doing – Bugcrowd for marketplaces.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #549 -- FSB contractor breached, Equifax fined, NSO Group targets cloud
0:00 / 0:00

Show notes

Hackers breach FSB contractor, expose Tor deanonymization project and more | ZDNet

Report: NSO Group's Pegasus Spyware Can Break Into Cloud Services, Transmit User Data To Server | Gizmodo Australia

Contractor who stole 50TB of NSA data gets nine years in prison | ZDNet

Think FaceApp Is Scary? Wait Till You Hear About Facebook | WIRED

Europe’s Galileo Satellite Outage Serves as a Warning | WIRED

NSA to establish a defense-minded division named the Cybersecurity Directorate | ZDNet

US Govt Rolls Out New DNS Security Measures for .gov Domains

U.S. Cyber Command simulated a seaport cyberattack to test digital readiness

‘We have to hit the problem the way it hits us’: How the FBI tracks a range of hacking threats

Barr Says Police Need Encryption Backdoors, Doesn’t Mention Hacking Tools They Use All the Time - VICE

Bulgaria's hacked database is now available on hacking forums | ZDNet

Bulgaria hacking suspect worked on government cybersecurity before tax agency breach

My browser, the spy: How extensions slurped up browsing histories from 4M users | Ars Technica

More on DataSpii: How extensions hide their data grabs—and how they’re discovered | Ars Technica

Google bans DarkMatter certificates from Chrome and Android | ZDNet

Chances of destructive BlueKeep exploit rise with new explainer posted online | Ars Technica

Teenage hackers are offered a second chance under European experiment

Vigilante Hacker ‘Phineas Fisher’ Denies Working for the Russian Government - VICE

$700 Million Equifax Fine Is Still Too Little, Too Late | WIRED

Flaws in widely used corporate VPNs put company secrets at risk | TechCrunch

Siemens contractor pleads guilty to planting logic bomb in company spreadsheets | ZDNet

Hackers Exploit Jira, Exim Linux Servers to "Keep the Internet Safe'

10,000 Microsoft customers targeted by nation-state attacks in the last year

Mozilla Firefox Tor Mode Likely to Start as a Browser Addon

Firefox to Warn When Saved Logins are Found in Data Breaches

Microsoft demos ElectionGuard technology for securing electronic voting machines | ZDNet

Kazakhstan government is now intercepting all HTTPS traffic | ZDNet

Data Broker LocationSmart Will Fight Class Action Lawsuit Over Selling AT&T Data - VICE

Slack resets passwords for 1% of its users because of 2015 hack | ZDNet

BEC Scams Average $301 Million Per Month In Illegal Transfers

Malicious Python libraries targeting Linux servers removed from PyPI | ZDNet

Gigabyte and Lenovo servers impacted by common BMC firmware flaws | ZDNet

Cracked Tesla 3 Windshield Leads to $10,000 Bug Bounty

Inside Apple Factory Thefts: Secret Tunnels, Hidden Crawl Spaces — The Information