Risky Business #553 -- Imperva's cloud WAF gets owned hard

PLUS: Fortinet and Pulse Security SSL VPNs, Webmin interfaces attacked in wild...
28 Aug 2019 » Risky Business

On this week’s show Adam Boileau and Patrick Gray discuss the week’s security news, including:

  • Fortinet, Pulse Security VPNs are being exploited in wild
  • Imperva’s cloud WAF gets colossally owned
  • US authorities fear ransomware attacks against election systems
  • Apple fixes re-introduced jailbreak bug
  • Telegram design choice puts HK protestors at risk
  • Researcher drops two 0days in Valve’s Steam client after bounty spat
  • Much, much more

This week’s sponsor guest is Ryan Kalember, EVP of cybersecurity strategy with Proofpoint. Ryan is stopping by this week to touch on a couple of topics. He’ll tell us why Proofpoint didn’t attribute a recent malware campaign targeting US utilities to APT10 despite there being some pretty APT10-like tradecraft used in that particular campaign.

He’ll also talk a bit about how thread hijacking is a giant pain in the ass. That’s where attackers take over a mailbox, then just jump right in replying to existing mail threads. Detecting that is hard, of course, because it’s internal mail. It’s a great little mixed bag interview.


Show notes

Hackers mount attacks on Webmin servers, Pulse Secure, and Fortinet VPNs | ZDNet
Hackers are actively trying to steal passwords from two widely used VPNs | Ars Technica
Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs
The year-long rash of supply chain attacks against open source is getting worse | Ars Technica
Cybersecurity Firm Imperva Discloses Breach — Krebs on Security
Exclusive: U.S. officials fear ransomware attack against 2020 election - Reuters
While one Texas county shook off ransomware, small cities took full punch | Ars Technica
Apple patches iPhone jailbreaking bug | ZDNet
Alleged 'Snake Oil' Crypto Firm Sues Over Boos at Black Hat | WIRED
Hong Kong protesters warn of Telegram feature that can disclose their identities | ZDNet
Researcher publishes second Steam zero day after getting banned on Valve's bug bounty program | ZDNet
Valve patches recent Steam zero-days, calls turning away researcher 'a mistake' | ZDNet
Capital One hacker denied release, will remain in jail | ZDNet
Ex-Google and Uber engineer Anthony Levandowski charged with trade secret theft - The Verge
Hacker Claims He Can ‘Turn Off 25,000 Cars’ At The Push Of A Button
Hackers Could Steal a Tesla Model S by Cloning Its Key Fob—Again | WIRED
Microsoft will let some Windows 7 customers get free security updates for an extra year | TechCrunch
UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks | ZDNet
Inside the Black Market for Bots That Buy Designer Clothes Before They Sell Out - VICE
Employees connect nuclear plant to the internet so they can mine cryptocurrency | ZDNet
How an NSA researcher plans to allow everyone to guard against firmware attacks
NSA-approved cybersecurity law and policy course now available online
Protocol used by 630,000 devices can be abused for devastating DDoS attacks | ZDNet
Blockbuster indictment against 80 fraud suspects details a complex global scam operation
VMware announces plans to acquire Carbon Black for $2.1 billion
Firefox and Chrome Fight Back Against Kazakhstan's Spying | WIRED
Google Play app with 100 million downloads executed secret payloads | Ars Technica
Moscow's blockchain voting system cracked a month before election | ZDNet
Microsoft: Using multi-factor authentication blocks 99.9% of account hacks | ZDNet
Why is DJI getting the Huawei treatment from the U.S.? - CyberScoop
Intel, IBM, Google, Microsoft & others join new security-focused industry group | ZDNet
Chinese spies have their sights on cancer research
Nasa said to be investigating first allegation of a crime in space - BBC News
LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards | Proofpoint AU
We are bringing together the world's security expertise
Careers at Remediant | Remediant