This episode sponsored by Senetas.On this week’s show Patrick and Adam discuss the week’s security news, including:
- Spy companies pitch ridiculously invasive approaches to contact tracing
- NSO Group busted running c2 boxes in USA according to WhatsApp lawsuit
- Australian government releases contact tracing app, no idea if it works
- Chinese telcos to get boot from USA
- Much, much more
This week’s show is brought to you by Senetas. This week’s sponsor interview is with listener favourite, Senetas CTO Julian Fay. He’ll be along in this week’s show to talk about an open source project Senetas has put together – oqs-engine.
It’s an OpenSSL engine plugin you can go grab right now if you want to play around with Open Quantum Safe encryption algorithms. Senetas didn’t write the algorithms, but they have squeezed them into this handy OpenSSL engine plugin package. Julian drops in to tell us all about that.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Special Report: Cyber-intel firms pitch governments on spy tools to trace coronavirus - Reuters
- NSO Employee Abused Phone Hacking Tech to Target a Love Interest - VICE
- Facebook: Here’s Proof Israeli WhatsApp Hackers Ran Cyberweapons In America
- COVIDSafe
- RIPE opposes China's internet protocols upgrade plan | ZDNet
- Chinese telcos have 30 days to prevent US expulsion - Risky Business
- Flaw in iPhone, iPads may have allowed hackers to steal data for years - Reuters
- That no-click iOS 0-day reported to be under exploit doesn’t exist, Apple says | Ars Technica
- Google discloses zero-click bugs impacting several Apple operating systems | ZDNet
- Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks | WIRED
- How Spies Snuck Malware Into the Google Play Store—Again and Again | WIRED
- Vietnamese cyber-espionage has pivoted to Beijing's coronavirus response
- Researchers used a GIF to prove they could access Microsoft Teams user data
- CSI-SELECTING-AND-USING-COLLABORATION-SERVICES-SECURELY-LONG-FINAL.PDF
- Prague mayor under police protection amid reports of Russian plot | World news | The Guardian
- Poland implicates Russia in cyberattack, info op aimed at undercutting U.S. relations
- The Covid-19 Pandemic Reveals Ransomware's Long Game | WIRED
- Hackers are exploiting a Sophos firewall zero-day | ZDNet
- Malicious advertising slingers up the ante during Covid-19 pandemic | The Daily Swig
- Hackers have breached 60 ad servers to load their own malicious ads | ZDNet
- Unproven Coronavirus Therapy Proves Cash Cow for Shadow Pharmacies — Krebs on Security
- Hackers spoof SBA to try to compromise companies' computers
- Israel government tells water treatment companies to change passwords | ZDNet
- You can now manage Windows 10 devices through G Suite | ZDNet
- Nintendo says 160,000 users impacted in recent account hacks | ZDNet
- Nintendo isn’t saying, so here’s how to fend off the account hijacking spree | Ars Technica
- Another one-line npm package breaks the JavaScript ecosystem | ZDNet
- This Tweet Crashes Twitter - VICE
- The Air Force wants you to hack its satellite in orbit. Yes, really | TechCrunch
- Security researcher identifies new APT group mentioned in 2017 Shadow Brokers leak | ZDNet
- NSA shares list of vulnerabilities commonly exploited to plant web shells | ZDNet
- Detect and prevent web shell malware | Cyber.gov.au
- Instacart Sends Cease-and-Desist to Website That Automatically Placed Orders - VICE
- Insomnia Security
- GitHub - open-quantum-safe/oqs-engine: [Work in Progress] An OpenSSL ENGINE that enables the use of post-quantum digital signature algorithms from liboqs.
- Senetas, a leading provider of encryption technology
