This episode sponsored by Duo Security.Adam Boileau is along this week to discuss the week’s security news. We cover:
- Deep dive on the CapitalOne breach
- Marcus Hutchins sentenced to time served
- Telegram voicemail bug leads to political crisis in Brazil
- Ransomware leaves South Africans without electricity
- Much, much more
Wolfgang Goerlich is this week’s sponsor guest. He’s an advisory CISO with Duo Security and will be along after this week’s news segment to walk us through Duo’s Trusted Access Report. They’ve got some interesting telemetry to share with us.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Capital One Data Theft Impacts 106M People — Krebs on Security
- A Hacker Stole Data From 100 Million Capital One Customers | WIRED
- Paige Thompson allegedly bragged on Slack, Github about hacking Capital One
- DOJ Says Capital One Mega Breach Suspect Could Face More Charges—Did She Hack Multiple Companies?
- Demand for cyber insurance grows as volatility scares off some providers
- How to Get Your Equifax Settlement Money | WIRED
- Hackers used password spraying to breach Citrix, investigation confirms
- Marcus 'MalwareTech' Hutchins gets no prison time, one year supervised release | ZDNet
- Telegram voicemail hack used against Brazil's president, ministers | ZDNet
- Telegram rolls out fix for voicemail hack used against Brazilian politicians | ZDNet
- 'This isn't IAD 2.0': NSA's new Cybersecurity Directorate plots its mission
- APT-doxing group exposes APT17 as Jinan bureau of China's Security Ministry | ZDNet
- Advanced mobile surveillanceware, made in Russia, found in the wild | Ars Technica
- Christo Grozev on Twitter: "A major phishing campaign on @ProtonMail against researchers/journalists investigating Russia|n topics. Emails impersonate @ProtonMail and alert you that your "keys have been exported". Brazenly, they've registered a Swiss .ch clone domain (https://t.co/Q0fhT6brv1)." / Twitter
- Ransomware incident leaves some Johannesburg residents without electricity | ZDNet
- Louisiana governor declares state emergency after local ransomware outbreak | ZDNet
- Cybersecurity officials warn state and local agencies (again) to fend off ransomware | Ars Technica
- US Govt, NGOs Ask Cyber Community to Boost Ransomware Defenses
- Ransomware infection takes some police car laptops offline in Georgia | ZDNet
- US files lawsuit against Bitcoin exchange that helped launder ransomware profits | ZDNet
- City of Baltimore FAQ | Mayor Bernard C. "Jack" Young
- Facebook's Ex-Security Chief Details His 'Observatory' for Internet Abuse | WIRED
- A VxWorks Operating System Bug Exposes 200 Million Critical Devices | WIRED
- Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices | ZDNet
- Google researchers disclose vulnerabilities for 'interactionless' iOS attacks | ZDNet
- Keep Calm, Carry On. VLC Not Affected by Critical Vulnerability
- DHS warns about CAN bus vulnerabilities in small aircraft | ZDNet
- Cmd – Events_
- Malware Sandbox Online | Free Trial
- The Spy Who P3wn3d Me
- The 2019 Duo Trusted Access Report: Zero-Trust Security for the Workforce | Duo Security
