This episode sponsored by Thinkst.On this week’s show Patrick and Adam discuss the week’s security news, including:
- China to ditch foreign hardware, software, from government use
- Huawei sues FCC
- More background on Project Raven
- Senate hearings into encryption
- Reddit fingers alleged RU disinfo campaign
- “Evil Corp” hackers have lots of money, terrible taste
- Ransomware attacks galore
- Much, much more
This week’s sponsor interview is with Haroon Meer of Thinkst Canary. And we’re going to do the typical thing and have a look forward to what we can expect to see in security next year. But we’re going less for the big, dumb predictions and more picking the trends we expect to strengthen over the next year.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Chinese government to replace foreign hardware and software within three years | ZDNet
- Russia to invest $31 million in a local Wikipedia clone | ZDNet
- Huawei sues FCC for icing U.S. business, claiming a lack of evidence
- Made in America
- Facebook intends to implement end-to-end encryption despite DOJ pressure
- U.S. senators threaten Facebook, Apple with encryption regulation - Reuters
- Patrick Gray on Twitter: "So Apple has issued a DMCA takedown on a Tweet that disclosed a key that could be used to decrypt 64 bit SEP. Apple's approach to security researchers feels a little bit like this scene from Mars Attacks lately... https://t.co/rJPE5L8OP5" / Twitter
- Reddit links leak of US-UK trade documents to Russian influence campaign | ZDNet
- Alleged Russian Hacker Behind $100 Million Evil Corp Indicted | WIRED
- BMW and Hyundai hacked by Vietnamese hackers, report claims | ZDNet
- Ransomware at Colorado IT Provider Affects 100+ Dental Offices — Krebs on Security
- Pensacola cyber attack: Officials not sure if personal data was exposed
- Ransomware attack hits major US data center provider | ZDNet
- 20 VPS providers to shut down on Monday, giving customers two days to save their data | ZDNet
- Keybase moves to stop onslaught of spammers on encrypted message platform | Ars Technica
- Scammers dupe Chinese venture capitalists out of $1 million with the 'ultimate' BEC heist
- Facebook sues Chinese malware operator for abusing its ad platform | ZDNet
- Exclusive: A Facebook Employee Accepted Bribes From A Scammer To Reactivate Banned Ad Accounts
- Google Chrome Will Now Warn You If Your Web Passwords Have Been Stolen
- Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sells Your Web Habits.
- Two malicious Python libraries caught stealing SSH and GPG keys | ZDNet
- Snatch ransomware reboots PCs in Windows Safe Mode to bypass antivirus apps | ZDNet
- HackerOne breach lets outside hacker read customers’ private bug reports | Ars Technica
- Hackers Can Mess With Voltages to Steal Intel Chips' Secrets | WIRED
- https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt
- Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter • The Register
- SwiftOnSecurity on Twitter: "Me: Threat-hunting rare DNS lookups in a corporate network. Confluence: https://t.co/6GPMROKua2 https://t.co/pse4VwORiZ" / Twitter
- Aristotle Tzafalias on Twitter: "Wassenaar Arrangement Dec. 2019 New entry in the Munitions List: "ML21.b.5 "Software" specially designed or modified for the conduct of military offensive cyber operations;" https://t.co/pkY1Web6Pr https://t.co/INcLWwGHGZ" / Twitter
- Meeting | Hearings | United States Senate Committee on the Judiciary
