On this week’s show Patrick and Adam discuss the week’s security news, including:
- Two ex Twitter employees charged with spying for KSA
- US border device searches now require suspicion after ACLU win
- Unredacted Corellium lawsuit response drops
- Ransomware attacks on hospitals increase mortality
- Much, much more!
This week’s sponsor interview is with Stephan Chenette, the co-founder and CTO of AttackIQ. We talk to him about some CSOs playing Pokemon Go with MITRE ATT&CK (“Gotta catch ‘em all!”) and about recent ATT&CK developments.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Twitter Insiders Allegedly Spied for Saudi Arabia | WIRED
- Former Trend Micro employee enabled scam calls by stealing customers' personal data
- Federal Court Rules Suspicionless Searches of Travelers’ Phones and Laptops Unconstitutional | American Civil Liberties Union
- Corellium claims Apple sued it after acquisition talks fell through
- U.K.’s Labour Party ‘Hit By Large Cyberattack’ A Month Before Election
- Cyber Command flags North Korean-linked hackers behind ongoing financial heists
- Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks — Krebs on Security
- As 5G Rolls Out, Troubling New Security Flaws Emerge | WIRED
- DNS-over-HTTPS will eventually roll out in all major browsers, despite ISP opposition | ZDNet
- Phones and PCs sold in Russia will have to come pre-installed with Russian apps | ZDNet
- Capital One replaces security chief after data breach | TechCrunch
- One of the world’s most advanced hacking groups debuts new Titanium backdoor | Ars Technica
- Facebook Portal survives Pwn2Own hacking contest, Amazon Echo got hacked | ZDNet
- Between 200,000 and 240,000 Magento online stores will reach EOL next year | ZDNet
- Major ASP.NET hosting provider infected by ransomware | ZDNet
- Mysterious hacker dumps database of infamous IronMarch neo-nazi forum | ZDNet
- Breaking the law: How 8chan (or “8kun”) got (briefly) back online | Ars Technica
- Microsoft's Rust experiments are going well, but some features are missing | ZDNet
- Further enhancing security from Microsoft, not just for Microsoft
- Microsoft to apply California's privacy law for all US users | ZDNet
- 'Chronicle Is Dead and Google Killed It' - VICE
- Google Enlists Outside Help to Clean Up Android's Malware Mess | WIRED
- Manual code review finds 35 vulnerabilities in 8 enclave SDKs | ZDNet
- Amid NSA warning, attacks on Confluence have risen in recent weeks
- Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash | Ars Technica
- Intel Fixes a Security Flaw It Said Was Repaired 6 Months Ago - The New York Times
- Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings | WIRED
- Influencers Pay Thousands to Get Back Into Their Hacked Instagram Accounts - VICE