This episode sponsored by Thinkst.On this week’s show Patrick Gray and Mark Piper discuss all the week’s security news, including:
- NSO Group malware turning up in some unexpected places
- Bluekeep mass exploitation finally begins
- Owning smart home devices with friggin’ lasers
- Two plead guilty to hacks on Lynda.com, Uber
- Imperva CEO departs following breach
- TLS Delegated Credentials sound like A VERY GOOD IDEA
- Cybercommand heads to Montenegro
- Much, much more
This week’s show is brought to you by Thinkst Canary. Haroon Meer and Adrian Sanabria from Thinkst recently did a keynote talk at the Virus Bulletin conference in London. Titled “The Security Products We Deserve,” it’s a stinging critique of the security product lifecycle. VC firms keeping stupid ideas alive, analyst firms being parasites, vendors not doing security testing on their equipment and so much more. We’ll be talking to Haroon Meer about that keynote in this week’s sponsor interview, which will run after this week’s news segment.
Links to everything are below.
Show notes
- Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources - Reuters
- Snooping row: Priyanka Gandhi's WhatsApp also targeted, claims Congress | India News - Times of India
- WhatsApp's Case Against NSO Group Hinges on a Tricky Legal Argument | WIRED
- Facebook deletes the accounts of NSO Group workers | Ars Technica
- The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic | WIRED
- Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home | WIRED
- 2 Plead Guilty in 2016 Uber and Lynda.com Hacks - The New York Times
- Imperva planned to keep its CEO through a merger. Two months after a breach, he’s out.
- Facebook, Mozilla, and Cloudflare announce new TLS Delegated Credentials standard | ZDNet
- Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections
- Election security drill pits red-team hackers against DHS, FBI and police
- The count of managed service providers getting hit with ransomware mounts | Ars Technica
- Japanese media giant Nikkei says $29 million lost in BEC scam
- An inside look at WP-VCD, today's largest WordPress hacking operation | ZDNet
- Chinese hackers developed malware to steal SMS messages from telco's network | ZDNet
- Thousands of QNAP NAS devices have been infected with the QSnatch malware | ZDNet
- Utah renewables company was hit by rare cyberattack in March
- Ubisoft reports 93% drop in DDoS attacks after pushing back against attackers | ZDNet
- Breaches at NetworkSolutions, Register.com, and Web.com — Krebs on Security
- How would MITRE’s popular cyberattack framework apply to industrial control systems?
- Google Is Helping Design an Open Source, Ultra-Secure Chip | WIRED
- Alleged Capital One hacker Paige Thompson to be released before trial
- Huawei calls hackers to Munich for secret bug bounty meeting | TechCrunch
- GitLab considers ban on new hires in China and Russia due to espionage fears | ZDNet
- Keynote address: The security products we deserve - YouTube
