This episode sponsored by Fastly.On this week’s show Patrick and Adam discuss the week’s security news, including:
- Facebook commissioned custom 0day to de-cloak child sex predator
- IP stack bugs to plague IoT, ICS for years
- Sandworm was doxxed by the NSA and hardly anyone noticed
- Congress demands answers on 2015 Juniper NetScreen back door investigation
- Amazon, Microsoft join moratorium on sale of facial recognition to police
- Much, much more
This week’s show is brought to you by Signal Sciences. And instead of having one of their staff on the show, they nominated one of their customers to appear instead. So in this week’s sponsored segment we’re going to hear from Keith Hoodlet. Keith is currently the Senior Manager of Application Experience at Thermo Fisher Scientific, a $137 billion company. He built their appsec program and he’ll be along later on to talk through all of that. It’s a rapid-fire interview about how he was able to get started and make a dent quickly. Keith used to co-host the Application Security Weekly podcast and he’s worked for Bugcrowd and Veracode. He’s a cool guy, it’s a great interview, make sure you stick around for that one.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Facebook Helped the FBI Hack a Child Predator - VICE
- gov.uscourts.insd.77308.131.0.pdf
- Ripple20 vulnerabilities will haunt the IoT landscape for years to come | ZDNet
- Exclusive: Sandworm's Exim hacks reveal wider Russian activity - Risky Business
- Driving Discord through Disinformation and Disruption – Stranded on Pylos
- Wyden seeks details on spies' data protection after scathing CIA audit on Vault 7 leaks
- wyden-cybersecurity-lapses-letter-to-dni.pdf
- Congress asks Juniper for the results of its 2015 NSA backdoor investigation | ZDNet
- Wyden House Juniper Letter
- Juniper 'fesses up to TWO attacks from 'unauthorised code' • The Register
- Amazon Won’t Let Police Use Its Facial-Recognition Tech for One Year | WIRED
- Microsoft Won’t Sell Facial Recognition To American Cops After Protests
- (5) Richard Grenell on Twitter: "They should now be barred from federal government contracts - there should be consequences for not selling technology to police departments. @realDonaldTrump" / Twitter
- Research shows human rights activists in India were targeted with spyware
- Italian company exposed as a front for malware operations | ZDNet
- US intelligence bill takes aim at commercial spyware makers | TechCrunch
- Text - S.3905 - 116th Congress (2019-2020): Intelligence Authorization Act for Fiscal Year 2021 | Congress.gov | Library of Congress
- Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More | WIRED
- South African bank to replace 12m cards after employees stole master key | ZDNet
- Intel will soon bake anti-malware defenses directly into its CPUs | Ars Technica
- Arm CPUs impacted by rare side-channel attack | ZDNet
- Twitter bans 32k accounts pushing Chinese, Russian, and Turkish propaganda | ZDNet
- COVID-19 Tracking Apps ‘A Privacy Trash Fire’ As Norway Nixes Its Own
- Zoom Promises To Do Better After Banning Tiananmen Square Protests—Then Builds Tech To Help China’s Censorship
- Chinese users saw Zoom as a window through the 'Great Firewall' - Reuters
- Coder-Turned-Kingpin Paul Le Roux Gets His Comeuppance | WIRED
- Stalkerware detection rates are improving across antivirus products | ZDNet
- Lamphone attack lets threat actors recover conversations from your light bulb | ZDNet
- Hackers breached A1 Telekom, Austria's largest ISP | ZDNet
- Google email domains spoofed by SMTP exploit in G Suite | The Daily Swig
- Former eBay Employees Sent Cockroaches, Bloody Pig Mask to Mass. Couple In Harassment Campaign: US Attorney – NBC Boston
