This episode sponsored by Trail of Bits.On this week’s show Patrick and Adam discuss the week’s security news, including:
- Fresh details on Turla’s hostile takeover of Oilrig
- Russians doing very interesting things with “tagged” TLS
- China wants an aerospace sector so a lot of people got a lot of owned
- Imperva releases breach details
- Zendesk cops to 2016 breach
- German manufacturer, US transport tech company sunk by ransomware
- NordVPN gets owned
- AVAST owned. Lots. Again.
- Welcome to Video takedown
- Much, much more
This week’s show is brought to you by Trail of Bits! We’ll be hearing from Trail of Bits practice lead for assurance Stefan Edwards all about their work on a recent security audit of Kubernetes. As it turns out, Kubernetes isn’t actually a horror show, but Stefan thinks you might want to run a hosted instance unless you’re a real expert.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Hacking the hackers: Russian group hijacked Iranian spying operation, officials say - Reuters
- Russian hacker group patches Chrome and Firefox to fingerprint TLS traffic | ZDNet
- Building China's Comac C919 airplane involved a lot of hacking, report says | ZDNet
- Imperva blames data breach on stolen AWS API key | ZDNet
- Zendesk discloses 2016 data breach | ZDNet
- Major German manufacturer still down a week after getting hit by ransomware | ZDNet
- NordVPN admits 'isolated' data breach was discovered last year
- Antivirus Giant Avast Hacked By Spies Who Stole Its Passwords
- How a Bitcoin Trail Led to a Massive Dark Web Child-Porn Site Takedown | WIRED
- Inside the shutdown of the ‘world’s largest’ child sex abuse website | TechCrunch
- Hacking 20 high-profile dev accounts could compromise half of the npm ecosystem | ZDNet
- US claims cyber strike on Iran after attack on Saudi oil facility | Ars Technica
- Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say
- Planting Tiny Spy Chips in Hardware Can Cost as Little as $200 | WIRED
- Microsoft's Secured-Core PC Feature Protects Critical Code | WIRED
- White-hat hacks Muhstik ransomware gang and releases decryption keys | ZDNet
- EA to give users a free month of Origin Access if they enable 2FA | ZDNet
- Google finds Android zero-day impacting Pixel, Samsung, Huawei, Xiaomi devices | ZDNet
- FBI warns of major ransomware attacks as criminals go “big-game hunting” | Ars Technica
- Why are cyber insurers incentivizing clients to invest in specific vendors?
- Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities
- Trump administration looks to throttle Chinese surveillance companies’ business with U.S.
- Magecart strikes more than 2 million websites as more groups get involved
- Shipping giant Pitney Bowes hit by ransomware | TechCrunch
- Apple Mac Hack Warning: North Korea Uses Fake Cryptocurrency Companies To Break Into macOS
- Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC - VICE
- Intel proposes new SAPM memory type to protect against Spectre-like attacks | ZDNet
- Unpatched Linux bug may open devices to serious attacks over Wi-Fi | Ars Technica
- Samsung, Google acknowledge flaws in phone-unlocking biometric tools
- Rethinking Encryption - Lawfare
- A million people are jailed at China's gulags. I managed to escape. Here's what really goes on inside - World News - Haaretz.com
- GitHub - lojikil/kubectlfish: Slides from my OWASP AppSec Global DC 2019 talk
- audit-kubernetes/reports at master · trailofbits/audit-kubernetes · GitHub
- Trail of Bits
