Brought to you by Okta

Employee and Customer Identity Solutions

Show notes

The Iowa Caucus Tech Meltdown Is a Warning | WIRED

Democrats’ Iowa Caucus Voting App Stirs Security Concerns - WSJ

Twitter says an attacker used its API to match usernames to phone numbers | ZDNet

Google Guilty Of ‘Big Screw Up’ That May Have Leaked Your Videos To A Random Stranger

Department of Justice to Hold Workshop on Section 230 of the Communications Decency Act | OPA | Department of Justice

The EARN IT Act: How to Ban End-to-End Encryption Without Actually Banning It | Center for Internet and Society

Encryption laws not used to fight terrorism - InnovationAus

Toll Group confirms "targeted" ransomware attack - Security - iTnews

Toll IT Systems Update | Toll Group

(24) Bad Packets Report on Twitter: "@riskybusiness @rycrozier Their Citrix server, https://t.co/66XQWpiFyF, was vulnerable to CVE-2019-19781 on 2020-01-11T06:30:06Z." / Twitter

(24) MalwareTech on Twitter: "A day prior to the Travelex hack, its parent company was worth $2.1 Billion. A month later it is now worth $764 Million. The CEO owns 63% of the shares, which puts his personal loss around $850 Million." / Twitter

Dozens of companies have data dumped online by ransomware ring seeking leverage | Ars Technica

Mysterious New Ransomware Targets Industrial Control Systems | WIRED

The New Humanitarian | EXCLUSIVE: The hack the UN tried to keep under wraps

UN didn't patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it • The Register

Iranian hackers target US government workers in new campaign | ZDNet

As Vault 7 trial begins, Joshua Schulte's attorneys will argue he's a whistleblower

Trial of Accused 'Vault 7' Leaker Opens in New York

Senior Adviser To The Operator Of The “Silk Road” Website Pleads Guilty In Manhattan Federal Court | USAO-SDNY | Department of Justice

Three suspects arrested in Maltese bank cyber-heist | ZDNet

Raytheon engineer arrested for taking US missile defense data to China | ZDNet

DOD contractor suffers ransomware infection | ZDNet

Hackers are hijacking smart building access systems to launch DDoS attacks | ZDNet

Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security — Krebs on Security

FCC Confirms 'One or More' Carriers Broke the Law Selling Location Data - VICE

Anti-virus firm Avast shuts down its data-selling subsidiary

Department of Interior grounding drone fleet over cybersecurity concerns

Google open-sources the firmware needed to build hardware security keys | ZDNet

Apple wants to standardize the format of SMS OTPs (one-time passcodes) | ZDNet

Why direct-memory attacks on laptops just won't go away

Facebook settles facial recognition lawsuit for $550 million

Remember FindFace? The Russian Facial Recognition Company Just Turned On A Massive, Multimillion-Dollar Moscow Surveillance System

London to deploy live facial recognition to find wanted faces in a crowd | Ars Technica

(15) DC3 VDP on Twitter: "Happy Friday hackers! Nitesh @ideaengine007 found a critical RCE vulnerability in Jenkins that led us to discover a Bitcoin mining service running on a DoD website 😲. Head over to the disclosed report to see all the details! Thanks for being 🔥 Nitesh https://t.co/YywrVZu2Uc" / Twitter

(15) HD Moore on Twitter: "Flamingo is a new open source tool from @Atredis for capturing credentials sprayed by IT and security products: https://t.co/NDmCfA0qvA (h/t to @4lex for HTTP NTLM support!) https://t.co/V2jKi3Enpg" / Twitter

Spotlight shone on Microsoft Azure vulnerability | The Daily Swig

Magento fixes trio of critical security flaws | The Daily Swig

Serious flaw that lurked in sudo for 9 years hands over root privileges | Ars Technica

An Artist Used 99 Phones to Fake a Google Maps Traffic Jam | WIRED

Google cuts Chrome 'patch gap' in half, from 33 to 15 days | ZDNet

Researcher: Backdoor mechanism still active in devices using HiSilicon chips | ZDNet