This episode sponsored by Corelight.On this week’s show Patrick and Adam discuss the week’s security news, including:
- Chinese operators indicted over Equifax breach, more indictments coming
- Alleged backdoor in Huawei lawful intercept features
- Data on 6.4m Israelis exposed by political party app
- Iowa caucus app was a pile of crap, 4chan clogged up caucus night phones
- Corp.com is up for sale. That’s a lotta hashes.
- Much, much more.
This week’s show is brought to you by Corelight.
Corelight’s Richard Bejtlich joins the show this week in the sponsor slot to talk about what the company is doing to try to build the open source community behind Zeek, the tool its products are based on.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- How 4 Chinese Hackers Allegedly Took Down Equifax | WIRED
- download
- Dustin Volz on Twitter: "Overlooked moment in the DoJ press conference today: Barr linked the Marriott breach to the Chinese. I believe that is the first time the U.S. government has publicly acknowledged a connection to Beijing. https://t.co/dB1bSAsE9h https://t.co/3MN2SfRU93" / Twitter
- FBI is investigating more than 1,000 cases of Chinese theft of US technology | ZDNet
- Feds are lining up more indictments related to Chinese cyber-activity, officials say
- Malaysia warns of Chinese hacking campaign targeting government projects | ZDNet
- Netanyahu's party exposes data on over 6.4 million Israelis | ZDNet
- Software error exposes the ID numbers for 1.26 million Danish citizens | ZDNet
- The Iowa Caucuses App Had Another Problem: It Could Have Been Hacked — ProPublica
- 'Clog the lines': Internet trolls deliberately disrupted the Iowa caucuses hotline for reporting results
- An ‘Off-the-Shelf, Skeleton Project’: Experts Analyze the App That Broke Iowa - VICE
- Shadow's Cancelled Nevada Caucus App Had Errors, Too - VICE
- A US House candidate says she was hacked — now she’s warning others | TechCrunch
- Google's Giving Out Security Keys to Help Protect Campaigns | WIRED
- GAO: CISA's 'nationwide strategy' on election security should be enacted as soon as possible
- How the CIA used Crypto AG encryption devices to spy on countries for decades - Washington Post
- U.S. Officials Say Huawei Can Covertly Access Telecom Networks - WSJ
- US Attorney General says US and allies should invest in Huawei competitors | ZDNet
- FBI warns about ongoing attacks against software supply chain companies | ZDNet
- Dangerous Domain Corp.com Goes Up for Sale — Krebs on Security
- Brazil Judge Declines Charges Against Glenn Greenwald — “For Now”
- Facebook's Bug Bounty Caught a Data-Stealing Spree | WIRED
- Federal Agencies Use Cellphone Location Data for Immigration Enforcement - WSJ
- Can the Government Buy Its Way Around the Fourth Amendment? | WIRED
- Why you can’t bank on backups to fight ransomware anymore | Ars Technica
- Toll transport hack leaves customers demanding answers on parcel delivery delays - ABC News (Australian Broadcasting Corporation)
- Mailto Ransomware Hits Toll Group, Deliveries Across Australia Affected
- Ransomware suspected after CUNA, a credit union lobbyist, knocked offline | TechCrunch
- Emotet trojan evolves to spread via WiFi connections | ZDNet
- Windows trust in abandoned code lets ransomware burrow deep into targeted machines | Ars Technica
- Ransomware attack: Maastricht University pays out $220,000 to cybercrooks | The Daily Swig
- Maze ransomware spree continues amid advisories from French, FBI officials - CyberScoop
- Apple deprecating macOS kernel extensions (KEXTs) is a great win for security | ZDNet
- When Your Used Car is a Little Too ‘Mobile’ — Krebs on Security
- Cisco Flaws Put Millions of Workplace Devices at Risk | WIRED
- Flaws in WhatsApp’s desktop app allowed remote access to files | Ars Technica
- F-Secure issues fix for Internet Gatekeeper heap overflow vulnerability | The Daily Swig
- Forging SWIFT MT Payment Messages for fun and pr... research!
- Introducing security defaults - Microsoft Tech Community - 1061414
- Meet the Guy Selling Wireless Tech to Steal Luxury Cars in Seconds - VICE
- Google fixes no-user-interaction bug in Android's Bluetooth component | ZDNet
- SymTCP – a new tool for circumventing deep packet inspections | The Daily Swig
- 20200206 REDACTED
