On this week’s show Patrick and Adam discuss the week’s security news, including:
- NSA drops a sweet Microsoft crypto bug
- Burisma targeted by GRU. 2016 all over again?
- Citrix users having a bad time
- Intrusion Truth targets APT40
- No more BYOD for US soldiers in Middle East
- Much, much more
We have a new sponsor in this week’s show – ExtraHop Networks. Network monitoring is dead! Long live network monitoring!
Matt Cauthorn is ExtraHop’s VP of cybersecurity engineering and he’ll join us this week to talk about recent moves by cloud providers to offer full virtual network mirror ports out of their infrastructure.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
*Credit for this week’s headline goes to @appsecbloke.
- Cryptic Rumblings Ahead of First 2020 Patch Tuesday — Krebs on Security
- Microsoft fixes Windows crypto bug reported by the NSA | ZDNet
- Now It's Really, Truly Time to Give Up Windows 7 | WIRED
- Proof-of-concept code published for Citrix bug as attacks intensify | ZDNet
- Russians Hacked Ukrainian Gas Company at Center of Impeachment - The New York Times
- Russian hackers targeted Ukrainian company at center of impeachment storm: cybersecurity firm - Reuters
- A Tale of Two Attributions – Stranded on Pylos
- Nicole Perlroth on Twitter:
- If Russia Hacked Burisma, Brace for the Leaks to Follow | WIRED
- FBI says Iranian hackers have stepped up reconnaissance since Soleimani killing
- Saudi cyber authority uncovers new data-wiping malware, and experts suspect Iran is behind it
- New Iranian data wiper malware hits Bapco, Bahrain's national oil company | ZDNet
- What is the Hainan Xiandun Technology Development Company? – Intrusion Truth
- Iranian Hackers Have Been ‘Password-Spraying’ the US Grid | WIRED
- Alleged Spy App ToTok Puts Apple in a Bind | WIRED
- US troops deploying to the Middle East told to leave personal devices at home | ZDNet
- Amnesty suit asking Israel to revoke NSO Group's license heads to court
- Travelex says ransomware recovery is underway two weeks after global blackout
- Boing Boing was hacked / Boing Boing
- Kuwait's state news agency says hackers breached its Twitter
- Hackers Are Breaking Directly Into AT&T, T-Mobile, and Sprint to Take Over Customer Phone Numbers - VICE
- Academic research finds five US telcos vulnerable to SIM swapping attacks | ZDNet
- You can now use an iPhone as a security key for Google accounts | ZDNet
- Google plans to drop Chrome support for tracking cookies by 2022 | Ars Technica
- Congressional commission mulls new private sector reporting requirements
- Apple Lawsuit Against Cyber Startup Threatens ‘Dangerous’ Expansion Of Copyright Law
- Equifax to pay customers $380.5 million as part of final breach settlement
- Donald J. Trump on Twitter:
- Tech’s Adversaries vs Enemies - Alex Stamos - Medium
- Was It an Act of War? That’s Merck Cyber Attack’s $1.3 Billion Insurance Question.