This episode sponsored by Okta.On this week’s show Patrick and Adam discuss the week’s security news, including:
- Iowa app falls over, social and mainstream media chaos ensues
- Twitter acknowledges state-backed API abuse
- CDA 230 under review. Uh oh.
- Toll Group ransomware
- ICS-compatible ransomware spotted in wild
- UN got owned pretty hard
- Is Joshua Schulte The Shadow Brokers? A theory
- Much, much more.
This week’s show is brought to you by Okta.
Okta’s Simon Thorpe will be along this week to talk about a new trend they’re seeing and obviously encouraging – enterprises ditching Microsoft’s Active Directory. It’s a cloud, cloud, cloud, cloud, world these days. and in the year 2020, you might want to actually ask yourself – do you still need to be using AD?
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- The Iowa Caucus Tech Meltdown Is a Warning | WIRED
- Democrats’ Iowa Caucus Voting App Stirs Security Concerns - WSJ
- Twitter says an attacker used its API to match usernames to phone numbers | ZDNet
- Google Guilty Of ‘Big Screw Up’ That May Have Leaked Your Videos To A Random Stranger
- Department of Justice to Hold Workshop on Section 230 of the Communications Decency Act | OPA | Department of Justice
- The EARN IT Act: How to Ban End-to-End Encryption Without Actually Banning It | Center for Internet and Society
- Encryption laws not used to fight terrorism - InnovationAus
- Toll Group confirms "targeted" ransomware attack - Security - iTnews
- Toll IT Systems Update | Toll Group
- (24) Bad Packets Report on Twitter: "@riskybusiness @rycrozier Their Citrix server, https://t.co/66XQWpiFyF, was vulnerable to CVE-2019-19781 on 2020-01-11T06:30:06Z." / Twitter
- (24) MalwareTech on Twitter: "A day prior to the Travelex hack, its parent company was worth $2.1 Billion. A month later it is now worth $764 Million. The CEO owns 63% of the shares, which puts his personal loss around $850 Million." / Twitter
- Dozens of companies have data dumped online by ransomware ring seeking leverage | Ars Technica
- Mysterious New Ransomware Targets Industrial Control Systems | WIRED
- The New Humanitarian | EXCLUSIVE: The hack the UN tried to keep under wraps
- UN didn't patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it • The Register
- Iranian hackers target US government workers in new campaign | ZDNet
- As Vault 7 trial begins, Joshua Schulte's attorneys will argue he's a whistleblower
- Trial of Accused 'Vault 7' Leaker Opens in New York
- Senior Adviser To The Operator Of The “Silk Road” Website Pleads Guilty In Manhattan Federal Court | USAO-SDNY | Department of Justice
- Three suspects arrested in Maltese bank cyber-heist | ZDNet
- Raytheon engineer arrested for taking US missile defense data to China | ZDNet
- DOD contractor suffers ransomware infection | ZDNet
- Hackers are hijacking smart building access systems to launch DDoS attacks | ZDNet
- Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security — Krebs on Security
- FCC Confirms 'One or More' Carriers Broke the Law Selling Location Data - VICE
- Anti-virus firm Avast shuts down its data-selling subsidiary
- Department of Interior grounding drone fleet over cybersecurity concerns
- Google open-sources the firmware needed to build hardware security keys | ZDNet
- Apple wants to standardize the format of SMS OTPs (one-time passcodes) | ZDNet
- Why direct-memory attacks on laptops just won't go away
- Facebook settles facial recognition lawsuit for $550 million
- Remember FindFace? The Russian Facial Recognition Company Just Turned On A Massive, Multimillion-Dollar Moscow Surveillance System
- London to deploy live facial recognition to find wanted faces in a crowd | Ars Technica
- (15) DC3 VDP on Twitter: "Happy Friday hackers! Nitesh @ideaengine007 found a critical RCE vulnerability in Jenkins that led us to discover a Bitcoin mining service running on a DoD website 😲. Head over to the disclosed report to see all the details! Thanks for being 🔥 Nitesh https://t.co/YywrVZu2Uc" / Twitter
- (15) HD Moore on Twitter: "Flamingo is a new open source tool from @Atredis for capturing credentials sprayed by IT and security products: https://t.co/NDmCfA0qvA (h/t to @4lex for HTTP NTLM support!) https://t.co/V2jKi3Enpg" / Twitter
- Spotlight shone on Microsoft Azure vulnerability | The Daily Swig
- Magento fixes trio of critical security flaws | The Daily Swig
- Serious flaw that lurked in sudo for 9 years hands over root privileges | Ars Technica
- An Artist Used 99 Phones to Fake a Google Maps Traffic Jam | WIRED
- Google cuts Chrome 'patch gap' in half, from 33 to 15 days | ZDNet
- Researcher: Backdoor mechanism still active in devices using HiSilicon chips | ZDNet
