Risky Business Podcast

August 26, 2020

Risky Business #596 -- DoJ gives Uber breach response one star

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Former Uber CSO Joe Sullivan charged with obstruction of justice
  • Whitehouse to concede WeChat carveouts for US operations in China
  • A bunch of news that sounds like it’s from 1997

This week’s sponsor interview is with Bugcrowd’s CTO Casey Ellis. He’s joining us to talk about some US election-related vulnerability disclosure programs that have kicked off in the USA. Voting machine maker ES&S has launched one as has the state of Ohio.

Links to everything that we discussed are below and you can follow Patrickor Adam on Twitter if that’s your thing.

Risky Business #596 -- DoJ gives Uber breach response one star
0:00 / 60:55

Show notes

Former Uber CSO charged for 2016 hack cover-up | ZDNet

Trump Team Reassures Apple, Others on Using WeChat in China - Bloomberg

TikTok Sues U.S. Government Over Trump Ban - The New York Times

TikTok Complaint

(1) Bobby Chesney on Twitter: "Looking forward to seeing the details of the complaint. But that said, the most TikTok possibly can get here is a delay, and thus possibly a better deal when they are sold. Courts will *not* second-guess the ultimate *merits* determination under IEEPA or CFIUS, full stop. 1/4" / Twitter

Google fixes major Gmail bug seven hours after exploit details go public | ZDNet

Security researcher discloses Safari bug after Apple delays patch | ZDNet

CISA warns of BLINDINGCAN, a new strain of North Korean malware | ZDNet

Taiwan accuses Chinese hackers of aggressive attacks on government agencies

“DeathStalker” hackers are (likely) older and more prolific than we thought | Ars Technica

Hackers Leak Alleged Internal Files of Chinese Social Media Monitoring Firms

FBI, CISA Echo Warnings on ‘Vishing’ Threat — Krebs on Security

Voice Phishers Targeting Corporate VPNs — Krebs on Security

Feds warn election officials of potentially malicious ‘typosquatting’ websites

Cyber Command deploys abroad to fend off foreign hacking ahead of the 2020 election

Report claims a popular iOS SDK is stealing click revenue from other ad networks | ZDNet

Tens of suspects arrested for cashing-out Santander ATMs using software glitch | ZDNet

ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks | ZDNet

University of Utah pays $457,000 to ransomware gang | ZDNet

Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites | ZDNet

Weeks after malware disruption, New York hospital is getting back online

WannaRen ransomware author contacts security firm to share decryption key | ZDNet

Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme | ZDNet

Russian National Arrested for Conspiracy to Introduce Malware into a Nevada Company's Computer Network | OPA | Department of Justice

New P2P botnet infects SSH servers all over the world | Ars Technica

Browser fingerprinting ‘more prevalent on the web now than ever before’ – research | The Daily Swig

Bcrypt hashing library bug leaves Node.js applications open to brute-force attacks | The Daily Swig

Google Firebase messaging vulnerability allowed attackers to send push notifications to app users | The Daily Swig

US government built secret iPod with Apple’s help, former engineer says | Ars Technica

Former Uber CSO charged with obstruction of justice - Risky Business