Risky Business Podcast
June 17, 2020
Risky Business #588 -- Catastrophic bugs to plague ICS for years
Presented by
CEO and Publisher
Technology Editor
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Facebook commissioned custom 0day to de-cloak child sex predator
- IP stack bugs to plague IoT, ICS for years
- Sandworm was doxxed by the NSA and hardly anyone noticed
- Congress demands answers on 2015 Juniper NetScreen back door investigation
- Amazon, Microsoft join moratorium on sale of facial recognition to police
- Much, much more
This week’s show is brought to you by Signal Sciences. And instead of having one of their staff on the show, they nominated one of their customers to appear instead. So in this week’s sponsored segment we’re going to hear from Keith Hoodlet. Keith is currently the Senior Manager of Application Experience at Thermo Fisher Scientific, a $137 billion company. He built their appsec program and he’ll be along later on to talk through all of that. It’s a rapid-fire interview about how he was able to get started and make a dent quickly. Keith used to co-host the Application Security Weekly podcast and he’s worked for Bugcrowd and Veracode. He’s a cool guy, it’s a great interview, make sure you stick around for that one.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by Fastly
Modern web app and API security, anywhere
Show notes
Facebook Helped the FBI Hack a Child Predator - VICE
gov.uscourts.insd.77308.131.0.pdf
Ripple20 vulnerabilities will haunt the IoT landscape for years to come | ZDNet
Exclusive: Sandworm's Exim hacks reveal wider Russian activity - Risky Business
Driving Discord through Disinformation and Disruption – Stranded on Pylos
Wyden seeks details on spies' data protection after scathing CIA audit on Vault 7 leaks
wyden-cybersecurity-lapses-letter-to-dni.pdf
Congress asks Juniper for the results of its 2015 NSA backdoor investigation | ZDNet
Juniper 'fesses up to TWO attacks from 'unauthorised code' • The Register
Amazon Won’t Let Police Use Its Facial-Recognition Tech for One Year | WIRED
Microsoft Won’t Sell Facial Recognition To American Cops After Protests
Research shows human rights activists in India were targeted with spyware
Italian company exposed as a front for malware operations | ZDNet
US intelligence bill takes aim at commercial spyware makers | TechCrunch
Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More | WIRED
South African bank to replace 12m cards after employees stole master key | ZDNet
Intel will soon bake anti-malware defenses directly into its CPUs | Ars Technica
Arm CPUs impacted by rare side-channel attack | ZDNet
Twitter bans 32k accounts pushing Chinese, Russian, and Turkish propaganda | ZDNet
COVID-19 Tracking Apps ‘A Privacy Trash Fire’ As Norway Nixes Its Own
Chinese users saw Zoom as a window through the 'Great Firewall' - Reuters
Coder-Turned-Kingpin Paul Le Roux Gets His Comeuppance | WIRED
Stalkerware detection rates are improving across antivirus products | ZDNet
Lamphone attack lets threat actors recover conversations from your light bulb | ZDNet
Hackers breached A1 Telekom, Austria's largest ISP | ZDNet
Google email domains spoofed by SMTP exploit in G Suite | The Daily Swig