Risky Business #552 -- Guest host Alex Stamos on all the week's security news

Chinese disinformation, Bluetooth flaws, Apple sues Corellium and more...
21 Aug 2019 » Risky Business

In this week’s show Patrick Gray and Alex Stamos discuss all the week’s news, including:

  • Confirmed: 30 companies affected by CapitalOne attacker
  • China info-ops booted off Twitter, Facebook
  • Real deal Bluetooth bugs
  • Apple re-introduces kernel bug, jailbreaks aplenty
  • Apple to sue Corellium for copyright infringement
  • DPRK gets its malware VT’d by CYBERCOM
  • Much, much more

Haroon Meer of Thinkst Canary is this week’s sponsor guest. We spoke to Haroon while he was in the USA, just before he was about to deliver a talk to USENIX all about “embracing hackiness”. Haroon thinks “hackiness” is a huge advantage for red teams, but that doesn’t mean blue teams can’t use the same hacky approaches to defence. It’s a typically great chat with Haroon. Links to everything discussed are below.

Show notes

Apple’s Lawsuit Against a Startup Shows How It Wants to Control the iPhone Hacking Market - VICE
You Can Jailbreak Your iPhone Again (But Maybe You Shouldn’t) | WIRED
New Attack exploiting serious Bluetooth weakness can intercept sensitive data | Ars Technica
Capital One hacker took data from more than 30 companies, new court docs reveal | ZDNet
Amazon Web Services finds no 'significant issues' at other companies allegedly breached by Paige Thompson
Twitter, Facebook scrub coordinated activity targeting Hong Kong demonstrations
Twitter bans 936 accounts managed by the Chinese state, aimed at Hong Kong protests | ZDNet
Chinese state media bought Twitter ads to spread disinformation about Hong Kong protests
Amazon’s Creepy Twitter PR Army is Growing - VICE
Huawei Technicians Helped African Governments Spy on Political Opponents - WSJ
U.S. Cyber Command warns of North Korea-linked Lazarus Group malware
Ransomware strike takes down 23 Texas local government agencies | Ars Technica
Backdoor found in Webmin, a popular web-based utility for managing Unix servers | ZDNet
Backdoor code found in 11 Ruby libraries | ZDNet
Degrading Tor network performance only costs a few thousand dollars per month | ZDNet
Meet Bluetana, the Scourge of Pump Skimmers — Krebs on Security
Financial hacking teams FIN7, Cobalt Group update tactics to haunt banks and retail
Google wants to reduce lifespan for HTTPS certificates to one year | ZDNet
Facebook to pay researchers to hunt down Instagram apps that abuse user data | ZDNet
How Facebook Catches Bugs in Its 100 Million Lines of Code | WIRED
Facebook awards $100,000 prize for new code isolation technique | ZDNet
Finally, a Lightning YubiKey to Kill Password Clutter on Your iPhone | WIRED