Risky Business #590 -- REPOST: It turns out we're not SAML experts

A re-post of episode 590, minus the bum steer on the Palo Alto bug...
01 Jul 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Inside the new American “e2ee busting” bill
  • Julian Assange hit with (another) superseding indictment
  • Trustwave uncovers sneaky Chinese accounting software backdoor
  • Much, much more…

This week’s show is brought to you by Okta. They are, of course, the identity and auth giant and one of the few sponsors we actually approached last year for 2020 because, well, they are very good at what they do. This week Marc will be joining us to talk about a privacy-related topic. The discussion is nuanced, but it’s basically about how the public perception of privacy risks has diverged from the reality/ Further, that the COVID-19 crisis and the advent of digital contact tracing apps have actually brought general concerns around digital privacy to the fore.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Decrypting America's new push for lawful interception - Risky Business
Australia's cyber security measures significantly increased with $1.3b injection for cyber spies
CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication
How to create a CA-signed certificate for Palo Alto Networks SAML Applications
US Cyber Command says foreign hackers will most likely exploit new PAN-OS security bug | ZDNet
Foreign adversaries likely to exploit critical networking bug, US says | Ars Technica
Chinese bank forced western companies to install malware-laced tax software | ZDNet
WikiLeaks founder charged with conspiring with Anonymous and LulzSec hackers | ZDNet
An Embattled Group of Leakers Picks Up the WikiLeaks Mantle | WIRED
TikTok and 53 other iOS apps still snoop your sensitive clipboard data | Ars Technica
Google removes 25 Android apps caught stealing Facebook credentials | ZDNet
India bans 59 Chinese apps, including TikTok, UC Browser, Weibo, and WeChat | ZDNet
Russian Cybercrime Boss Burkov Gets 9 Years — Krebs on Security
Russian national pleads guilty to being part of $568 million fraud ring
Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL | ZDNet
Apple strong-arms entire CA industry into one-year certificate lifespans | ZDNet
COVID-19 ‘Breach Bubble’ Waiting to Pop? — Krebs on Security
A hacker gang is wiping Lenovo NAS devices and asking for ransoms | ZDNet
New WastedLocker ransomware demands payments of millions of USD | ZDNet
New EvilQuest ransomware discovered targeting macOS users | ZDNet
California university pays $1 million ransom amid coronavirus research
Apple Safari 14 introduces ‘passwordless’ logins for websites | The Daily Swig
Apple declined to implement 16 Web APIs in Safari due to privacy concerns | ZDNet
CryptoCore hacker group has stolen more than $200m from cryptocurrency exchanges | ZDNet
Sony launches PlayStation bug bounty program with rewards of $50K+ | ZDNet
Protect your resources from web attacks with Fetch Metadata