Risky Business #562 -- Two former Twitter staff charged over Saudi spying

PLUS: USG border device searches now require reasonable suspicion...
13 Nov 2019 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Two ex Twitter employees charged with spying for KSA
  • US border device searches now require suspicion after ACLU win
  • Unredacted Corellium lawsuit response drops
  • Ransomware attacks on hospitals increase mortality
  • Much, much more!

This week’s sponsor interview is with Stephan Chenette, the co-founder and CTO of AttackIQ. We talk to him about some CSOs playing Pokemon Go with MITRE ATT&CK (“Gotta catch ‘em all!”) and about recent ATT&CK developments.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Twitter Insiders Allegedly Spied for Saudi Arabia | WIRED
Former Trend Micro employee enabled scam calls by stealing customers' personal data
Federal Court Rules Suspicionless Searches of Travelers’ Phones and Laptops Unconstitutional | American Civil Liberties Union
Corellium claims Apple sued it after acquisition talks fell through
U.K.’s Labour Party ‘Hit By Large Cyberattack’ A Month Before Election
Cyber Command flags North Korean-linked hackers behind ongoing financial heists
Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks — Krebs on Security
As 5G Rolls Out, Troubling New Security Flaws Emerge | WIRED
DNS-over-HTTPS will eventually roll out in all major browsers, despite ISP opposition | ZDNet
Phones and PCs sold in Russia will have to come pre-installed with Russian apps | ZDNet
Capital One replaces security chief after data breach | TechCrunch
One of the world’s most advanced hacking groups debuts new Titanium backdoor | Ars Technica
Facebook Portal survives Pwn2Own hacking contest, Amazon Echo got hacked | ZDNet
Between 200,000 and 240,000 Magento online stores will reach EOL next year | ZDNet
Major ASP.NET hosting provider infected by ransomware | ZDNet
Mysterious hacker dumps database of infamous IronMarch neo-nazi forum | ZDNet
Breaking the law: How 8chan (or “8kun”) got (briefly) back online | Ars Technica
Microsoft's Rust experiments are going well, but some features are missing | ZDNet
Further enhancing security from Microsoft, not just for Microsoft
Microsoft to apply California's privacy law for all US users | ZDNet
'Chronicle Is Dead and Google Killed It' - VICE
Google Enlists Outside Help to Clean Up Android's Malware Mess | WIRED
Manual code review finds 35 vulnerabilities in 8 enclave SDKs | ZDNet
Amid NSA warning, attacks on Confluence have risen in recent weeks
Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash | Ars Technica
Intel Fixes a Security Flaw It Said Was Repaired 6 Months Ago - The New York Times
Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings | WIRED
Influencers Pay Thousands to Get Back Into Their Hacked Instagram Accounts - VICE