This episode sponsored by Corelight.On this week’s show Patrick and Adam discuss the week’s security news, including:
- Two Chinese nationals charged with freelancing for MSS
- Russia, China hacking COVID-19 research
- The world dodged a bullet on the Windows DNS bug
- Twitter blue tick pwnapalooza
- Much, much more.
This week’s show is brought to you by Corelight. The company’s Chief Product Officer, Brian Dye, will be along for a chat a bit later on. We look at how adopting a zero trust model, sadly, doesn’t mean you can just ignore your network completely, as much as that would be nice.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Chinese campaign a sad indictment of infosec - Risky Business
- US accuses two Chinese hackers of global hacking campaign, targeting coronavirus vaccine research
- Russia’s Latest Hacking Target: Covid-19 Vaccine Projects | WIRED
- Secret Trump order gives CIA more powers to launch cyberattacks
- Report: CIA received more offensive hacking powers in 2018 | ZDNet
- Russia's GRU Hackers Hit US Government and Energy Targets | WIRED
- Two more cyber-attacks hit Israel's water system | ZDNet
- UK 'almost certain' that 2019 election was target of Russian disinformation operation
- Russia spreading coronavirus disinfo aimed at West, say US officials
- Twitter says hackers accessed DMs for 36 users in last week's hack | ZDNet
- US seeks to drop charges against former Twitter employees accused of spying for Saudi Arabia - The Verge
- Microsoft Warns of a 17-Year-Old ‘Wormable’ Bug | WIRED
- Hackers actively exploit high-severity networking vulnerabilities | Ars Technica
- US cyber officials urge patching of bug affecting up to 40K SAP customers
- CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malware | ZDNet
- Garmin’s four-day service meltdown was caused by ransomware | Ars Technica
- North Korean hackers are stepping up their ransomware game, Kaspersky finds
- A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs | ZDNet
- FBI warns US companies about backdoors in Chinese tax software | ZDNet
- Malware stashed in China-mandated software is more extensive than thought | Ars Technica
- Iranian Spies Accidentally Leaked Videos of Themselves Hacking | WIRED
- Apple’s Hackable iPhones Are Finally Here | WIRED
- Google's Project Zero team won't be applying for Apple's SRD program | ZDNet
- NY Charges First American Financial for Massive Data Leak — Krebs on Security
- Listen to This Deepfake Audio Impersonating a CEO in Brazen Fraud Attempt
- The Rise of Synthetic Audio Deepfakes
- GEDmatch confirms data breach after users’ DNA profile data made available to police | TechCrunch
- Police Are Buying Access to Hacked Website Data
- Wyden Plans Law to Stop Cops From Buying Data That Would Need a Warrant
- Breached Data Indexer ‘Data Viper’ Hacked — Krebs on Security
- Crooks have acquired proprietary Diebold software to “jackpot” ATMs | Ars Technica
- Microsoft's new KDP tech blocks malware by making parts of the Windows kernel read-only | ZDNet
- Sony awards $10,000 bug bounty for PlayStation 4 kernel exploit | The Daily Swig
- Security Operations Lead » InternetNZ
