This episode sponsored by Remediant.On this week’s show Patrick and Adam discuss the week’s security news, including:
- Salt framework 1Day wreaks havoc
- Toll Group hit with ransomware attack. Again.
- Germans indict APT28 operator
- Ransomware a key word in SEC filings
- Much, much more!
This week’s show is brought to you by Remediant. They offer software that lets you get privileged accounts under control very quickly. In this week’s sponsor interview we’re chatting with Remediant’s COO Paul Lanzi and Julie Smith, the executive director of the Identity Defined Security Alliance (IDSA). We’ll be talking about what the IDSA actually is and what its goals are.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Salt DevOps framework shaken by data center server security flaws | The Daily Swig
- CT2 Log Compromised via Salt Vulnerability - Google Groups
- Ghost blogging platform servers hacked and infected with crypto-miner | ZDNet
- Hackers seize on software flaw to breach two victims, despite patch availability
- Hackers breach LineageOS servers via unpatched vulnerability | ZDNet
- German authorities charge Russian hacker for 2015 Bundestag hack | ZDNet
- bellingcat - Who Is Dmitry Badin, The GRU Hacker Indicted By Germany Over The Bundestag Hacks? - bellingcat
- Toll Group suffers second ransomware attack this year - Security - iTnews
- Taiwan’s state-owned energy company suffers ransomware attack
- Ransomware mentioned in 1,000+ SEC filings over the past year | ZDNet
- Indonesian e-commerce giant probes reported breach of 91 million credentials
- Estonia: Foreign hackers breached local email provider for targeted attacks | ZDNet
- Google and Apple Reveal How Covid-19 Alert Apps Might Look | WIRED
- Australia’s COVID-19 app is buggy, not yet operational - Risky Business
- (13) Senator Murray Watt on Twitter: "Here are just a few of the issues with the Govt’s #COVIDSafe app that we’ll explore at today’s #COVID-19 Senate hearing. If it’s central to our recovery, we need to know it works. @riskybusiness https://t.co/ATtL6UExqs" / Twitter
- Coronavirus Australia: COVIDSafe app privacy law to seek jail time for offenders
- The United Nations Coronavirus App Doesn’t Work - VICE
- Apple, Google ban use of location tracking in contact tracing apps - Reuters
- Hacker Bribed 'Roblox' Insider to Access User Data - VICE
- CursedChrome turns your browser into a hacker's proxy | ZDNet
- Google announces Chrome Web Store crackdown for August 2020 | ZDNet
- First seen in the wild - Malware uses Corporate MDM as attack vector - Check Point Research
- Executive Order on Securing the United States Bulk-Power System | The White House
- DHS CISA to provide DoH and DoT servers for government use | ZDNet
- UK NCSC to stop using 'whitelist' and 'blacklist' due to racial stereotyping | ZDNet
- SAP notifying 9% of customers about mysterious cloud products security holes | ZDNet
- Adult Cam Site CAM4 Exposed 10.88 Billion Records Online | WIRED
- How Cybercriminals are Weathering COVID-19 — Krebs on Security
- NSO Group partly disputes claim about use of U.S.-based servers in WhatsApp spy campaign
- LabCorp investors file lawsuit, alleging 'persistent' failure to secure data
- Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
- Apple will make it easier to unlock your iPhone while wearing a face mask | TechCrunch
- Magento security: Adobe patches six critical flaws in e-commerce platform | The Daily Swig
- Oracle warns of attacks against recently patched WebLogic security bug | ZDNet
- Putting Identity at the Center of Security - Identity Defined Security Alliance
- Remediant: Privileged Access Management | SecureONE
