This episode sponsored by Thinkst.In this week’s show Patrick Gray and Alex Stamos discuss all the week’s news, including:
- Confirmed: 30 companies affected by CapitalOne attacker
- China info-ops booted off Twitter, Facebook
- Real deal Bluetooth bugs
- Apple re-introduces kernel bug, jailbreaks aplenty
- Apple to sue Corellium for copyright infringement
- DPRK gets its malware VT’d by CYBERCOM
- Much, much more
Haroon Meer of Thinkst Canary is this week’s sponsor guest. We spoke to Haroon while he was in the USA, just before he was about to deliver a talk to USENIX all about “embracing hackiness”. Haroon thinks “hackiness” is a huge advantage for red teams, but that doesn’t mean blue teams can’t use the same hacky approaches to defence. It’s a typically great chat with Haroon. Links to everything discussed are below.
Show notes
- Apple’s Lawsuit Against a Startup Shows How It Wants to Control the iPhone Hacking Market - VICE
- You Can Jailbreak Your iPhone Again (But Maybe You Shouldn’t) | WIRED
- New Attack exploiting serious Bluetooth weakness can intercept sensitive data | Ars Technica
- Capital One hacker took data from more than 30 companies, new court docs reveal | ZDNet
- Amazon Web Services finds no 'significant issues' at other companies allegedly breached by Paige Thompson
- Twitter, Facebook scrub coordinated activity targeting Hong Kong demonstrations
- Twitter bans 936 accounts managed by the Chinese state, aimed at Hong Kong protests | ZDNet
- Chinese state media bought Twitter ads to spread disinformation about Hong Kong protests
- Amazon’s Creepy Twitter PR Army is Growing - VICE
- Huawei Technicians Helped African Governments Spy on Political Opponents - WSJ
- U.S. Cyber Command warns of North Korea-linked Lazarus Group malware
- Ransomware strike takes down 23 Texas local government agencies | Ars Technica
- Backdoor found in Webmin, a popular web-based utility for managing Unix servers | ZDNet
- Backdoor code found in 11 Ruby libraries | ZDNet
- Degrading Tor network performance only costs a few thousand dollars per month | ZDNet
- Meet Bluetana, the Scourge of Pump Skimmers — Krebs on Security
- Financial hacking teams FIN7, Cobalt Group update tactics to haunt banks and retail
- Google wants to reduce lifespan for HTTPS certificates to one year | ZDNet
- Facebook to pay researchers to hunt down Instagram apps that abuse user data | ZDNet
- How Facebook Catches Bugs in Its 100 Million Lines of Code | WIRED
- Facebook awards $100,000 prize for new code isolation technique | ZDNet
- Finally, a Lightning YubiKey to Kill Password Clutter on Your iPhone | WIRED
