On this week’s show Patrick and Adam discuss the week’s security news, including:
- Russia, China, Iran having a red hot go at US political orgs
- Crowdstrike drops report, telcos having a bad time
- MSS owning US government with dumb bugs
- DoJ indicts Iranian script kiddie because reasons
- Proposed TikTok-Oracle deal barely makes sense
- The mother of all Microsoft auth bugs, wow
- Much, much more…
This week’s show is brought to you by Senetas. And we’ve got two sponsor guests for you this week: Senetas CTO Julian Fay will join us, as will Peter Farrely of AUCloud. Senetas uses AUCloud as a partner for its Suredrop file sharing and collaboration platform here in Oz, and Pete is joining us this week to talk through the new Cloud Assessment and Authorisation Framework published by the ACSC. If you work in Australian government IT and security, this one’s for you!
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Exclusive: Microsoft believes Russians that hacked Clinton targeted Biden campaign firm - sources | Reuters
- GRU eyes US election - Risky Business
- STRONTIUM: Detecting new patterns in credential harvesting - Microsoft Security
- Chinese hacking groups are bullying telecoms as 2020 goes on, CrowdStrike says
- Report2020OverWatchNowheretoHide.pdf
- New CDRThief malware targets VoIP softswitches to steal call detail records | ZDNet
- VOS3000 VOS5000 Softswitch by Linknat - A Word-leading VoIP Solutions Provider
- Chinese intelligence-linked hackers are exploiting known flaws to target Washington, US says
- (8) Eric Geller on Twitter: "DOJ to announce Chinese hacking charges (and arrests!) tomorrow. https://t.co/Wj7KSq9BNd" / Twitter
- PAN-OS vulnerabilities add to a torrid year for enterprise software bugs
- Public disclosure didn't stop suspected Chinese hackers from targeting the Vatican
- Trump says Oracle ' very close' to TikTok deal
- Huawei HarmonyOS: Operating system will be on smartphones in 2021
- US charges two hackers for defacing US websites following Soleimani killing | ZDNet
- FBI says credential stuffing attacks are behind some recent bank hacks | ZDNet
- Magento online stores hacked in largest campaign to date | ZDNet
- Multibillion-dollar Equinix is the latest data-center firm to face ransomware incident
- [Blog] Zerologon: instantly become domain admin by subverting Netlogon cryptography (CVE-2020-1472)
- New BlindSide attack uses speculative execution to bypass ASLR | ZDNet
- BLURtooth vulnerability lets attackers overwrite Bluetooth authentication keys | ZDNet
- Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw | ZDNet
- MITRE releases emulation plan for FIN6 hacking group, more to follow | ZDNet
- Internal Facebook systems exposed via unpatched Apache library | The Daily Swig
- Porn site users targeted with malicious ads redirecting to exploit kits, malware | ZDNet
- Researcher kept a major Bitcoin bug secret for two years to prevent attacks | ZDNet
- Vast majority of cyber-attacks on cloud servers aim to mine cryptocurrency | ZDNet
- Slovak cryptocurrency exchange ETERBASE discloses $5.4 million hack | ZDNet
- Chinese diplomat demands investigation after his Twitter account liked embarrassing posts
- Whistleblower Says Facebook Ignored Global Political Manipulation
- When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number
- Anatomy of a Cloud Assessment and Authorisation | Cyber.gov.au