Brought to you by Bugcrowd

#1 Crowdsourced Cybersecurity Platform

Show notes

Homeland Security warns businesses to brace for Iranian cyberattacks | TechCrunch

After U.S. kills Iranian general, analysts warn of Tehran’s ability to retaliate in cyberspace

Unpatched US government website gets pwned by pro-Iran script kiddie | Ars Technica

Iranian Hackers Claim Defacement of Texas Government and Alabama Veterans Websites - VICE

It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool. - The New York Times

Google Reinstates Reported UAE Surveillance App ToTok - VICE

U.S. Army bans TikTok amid ongoing scrutiny of Chinese-made video app

Two of China's largest tech firms are uniting to create a new 'domestic OS' | ZDNet

Police Tracked a Terror Suspect—Until His Phone Went Dark After a Facebook Warning - WSJ

US Coast Guard discloses Ryuk ransomware infection at maritime facility | ZDNet

Frankfurt shuts down IT network following Emotet infection | ZDNet

Sodinokibi ransomware plagues Travelex currency exchange as investigation continues

Company shuts down because of ransomware, leaves 300 without jobs just before holidays | ZDNet

Maze ransomware was behind Pensacola “cyber event,” Florida officials say | Ars Technica

FBI warns U.S. companies about Maze ransomware, appeals for victim data - CyberScoop

Another ransomware strain is now stealing data before encrypting it | ZDNet

New Orleans hit by ransomware, city employees told to turn off computers | ZDNet

Pensacola confirms ransomware attack but provides few details | Ars Technica

Ransomware at IT Services Provider Synoptek — Krebs on Security

Arkansas telemarketing firm blames ransomware for sudden holiday closure - CyberScoop

Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up — Krebs on Security

Hackensack Meridian Health pays attackers to thwart ransomware incident - CyberScoop

Big Game Ransomware being delivered to organisations via Pulse Secure VPN

The Hidden Cost of Ransomware: Wholesale Password Theft — Krebs on Security

Hackers steal data for 15 million patients, then sell it back to lab that lost it | Ars Technica

Apple sues security vendor for DMCA violations - The Verge

Apple opens public bug bounty program, publishes official rules | ZDNet

Not so IDLE hands: FBI program offers companies data protection via deception | Ars Technica

A Twitter app bug was used to match 17 million phone numbers to user accounts | TechCrunch

Chinese hacker group caught bypassing 2FA | ZDNet

Critical flaw in Citrix applications could allow unauthorized access to internal networks

Hacker who blackmailed Apple in 2017 gets no prison time | ZDNet

Member of 'The Dark Overlord' hacking group extradited to the US | ZDNet

Rambler will drop NGINX criminal case | ZDNet

How Hackers Are Breaking Into Ring Cameras - VICE

Over 1,500 Ring passwords have been found on the dark web | TechCrunch

We Tested Ring’s Security. It’s Awful - VICE

Creditors Seek to Exhume the Body of a Dead Crypto Executive | WIRED

Lithuanian scammer gets 5 years for defrauding Google, Facebook of $120 million

Web Cache Deception attacks still impact websites with 'substantial user populations' | ZDNet

iPhones and iPads finally get key-based protection against account takeovers | Ars Technica

Mozilla to force all add-on devs to use 2FA to prevent supply-chain attacks | ZDNet

Npm team warns of new 'binary planting' bug | ZDNet

Only 9.27% of all npm developers use 2FA | ZDNet

Half of the websites using WebAssembly use it for malicious purposes | ZDNet

U.S. Launches Fresh Assault On Apple’s ‘Warrant-Proof Encryption’

The Great $50M African IP Address Heist — Krebs on Security

'Shattered': Inside the secret battle to save America's undercover spies in the digital age