Risky Business #561 -- Report: NSO exploits used against politicians, senior military targets

Whoops! NSO Group malware showing up on the phones of, err, important people...
06 Nov 2019 » Risky Business

On this week’s show Patrick Gray and Mark Piper discuss all the week’s security news, including:

  • NSO Group malware turning up in some unexpected places
  • Bluekeep mass exploitation finally begins
  • Owning smart home devices with friggin’ lasers
  • Two plead guilty to hacks on Lynda.com, Uber
  • Imperva CEO departs following breach
  • TLS Delegated Credentials sound like A VERY GOOD IDEA
  • Cybercommand heads to Montenegro
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Haroon Meer and Adrian Sanabria from Thinkst recently did a keynote talk at the Virus Bulletin conference in London. Titled “The Security Products We Deserve,” it’s a stinging critique of the security product lifecycle. VC firms keeping stupid ideas alive, analyst firms being parasites, vendors not doing security testing on their equipment and so much more. We’ll be talking to Haroon Meer about that keynote in this week’s sponsor interview, which will run after this week’s news segment.

Links to everything are below.

Show notes

Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources - Reuters
Snooping row: Priyanka Gandhi's WhatsApp also targeted, claims Congress | India News - Times of India
WhatsApp's Case Against NSO Group Hinges on a Tricky Legal Argument | WIRED
Facebook deletes the accounts of NSO Group workers | Ars Technica
The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic | WIRED
Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home | WIRED
2 Plead Guilty in 2016 Uber and Lynda.com Hacks - The New York Times
Imperva planned to keep its CEO through a merger. Two months after a breach, he’s out.
Facebook, Mozilla, and Cloudflare announce new TLS Delegated Credentials standard | ZDNet
Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections
Election security drill pits red-team hackers against DHS, FBI and police
The count of managed service providers getting hit with ransomware mounts | Ars Technica
Japanese media giant Nikkei says $29 million lost in BEC scam
An inside look at WP-VCD, today's largest WordPress hacking operation | ZDNet
Chinese hackers developed malware to steal SMS messages from telco's network | ZDNet
Thousands of QNAP NAS devices have been infected with the QSnatch malware | ZDNet
Utah renewables company was hit by rare cyberattack in March
Ubisoft reports 93% drop in DDoS attacks after pushing back against attackers | ZDNet
Breaches at NetworkSolutions, Register.com, and Web.com — Krebs on Security
How would MITRE’s popular cyberattack framework apply to industrial control systems?
Google Is Helping Design an Open Source, Ultra-Secure Chip | WIRED
Alleged Capital One hacker Paige Thompson to be released before trial
Huawei calls hackers to Munich for secret bug bounty meeting | TechCrunch
GitLab considers ban on new hires in China and Russia due to espionage fears | ZDNet
Keynote address: The security products we deserve - YouTube