Risky Business #596 -- DoJ gives Uber breach response one star

PLUS: A bag of old school news...
26 Aug 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Former Uber CSO Joe Sullivan charged with obstruction of justice
  • Whitehouse to concede WeChat carveouts for US operations in China
  • A bunch of news that sounds like it’s from 1997

This week’s sponsor interview is with Bugcrowd’s CTO Casey Ellis. He’s joining us to talk about some US election-related vulnerability disclosure programs that have kicked off in the USA. Voting machine maker ES&S has launched one as has the state of Ohio.

Links to everything that we discussed are below and you can follow Patrickor Adam on Twitter if that’s your thing.

Show notes

Former Uber CSO charged for 2016 hack cover-up | ZDNet
Trump Team Reassures Apple, Others on Using WeChat in China - Bloomberg
TikTok Sues U.S. Government Over Trump Ban - The New York Times
TikTok Complaint
(1) Bobby Chesney on Twitter: "Looking forward to seeing the details of the complaint. But that said, the most TikTok possibly can get here is a delay, and thus possibly a better deal when they are sold. Courts will *not* second-guess the ultimate *merits* determination under IEEPA or CFIUS, full stop. 1/4" / Twitter
Google fixes major Gmail bug seven hours after exploit details go public | ZDNet
Security researcher discloses Safari bug after Apple delays patch | ZDNet
CISA warns of BLINDINGCAN, a new strain of North Korean malware | ZDNet
Taiwan accuses Chinese hackers of aggressive attacks on government agencies
“DeathStalker” hackers are (likely) older and more prolific than we thought | Ars Technica
Hackers Leak Alleged Internal Files of Chinese Social Media Monitoring Firms
FBI, CISA Echo Warnings on ‘Vishing’ Threat — Krebs on Security
Voice Phishers Targeting Corporate VPNs — Krebs on Security
Feds warn election officials of potentially malicious ‘typosquatting’ websites
Cyber Command deploys abroad to fend off foreign hacking ahead of the 2020 election
Report claims a popular iOS SDK is stealing click revenue from other ad networks | ZDNet
Tens of suspects arrested for cashing-out Santander ATMs using software glitch | ZDNet
ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks | ZDNet
University of Utah pays $457,000 to ransomware gang | ZDNet
Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites | ZDNet
Weeks after malware disruption, New York hospital is getting back online
WannaRen ransomware author contacts security firm to share decryption key | ZDNet
Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme | ZDNet
Russian National Arrested for Conspiracy to Introduce Malware into a Nevada Company's Computer Network | OPA | Department of Justice
New P2P botnet infects SSH servers all over the world | Ars Technica
Browser fingerprinting ‘more prevalent on the web now than ever before’ – research | The Daily Swig
Bcrypt hashing library bug leaves Node.js applications open to brute-force attacks | The Daily Swig
Google Firebase messaging vulnerability allowed attackers to send push notifications to app users | The Daily Swig
US government built secret iPod with Apple’s help, former engineer says | Ars Technica
Former Uber CSO charged with obstruction of justice - Risky Business