This episode sponsored by Remediant.On this week’s show Patrick and Adam discuss the week’s security news, including:
- Zoom settles with FTC over misleading E2EE claim
- Some poor sod had to give up $1bn in Bitcoin
- Solaris SSH 0day? Let’s party like it’s 1999
- Samy Kamkar’s latest trick: NAT Slipstreaming
- Australia’s hardcore critical infrastructure protection bill
- Much, much more
This week’s show is brought to you by Remediant. Company co-founder Paul Lanzi joins the show in this week’s sponsor interview to talk about how they’ve been helping companies recover from ransomware attacks. Maybe listen to this one. You know. Just in case you find yourself in that situation one day?
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Zoom settles FTC charges for misleading users about security features | ZDNet
- Someone has transferred ~$1 billion from a bitcoin wallet quiet since 2015 | Ars Technica
- The feds just seized Silk Road’s $1 billion stash of bitcoin | Ars Technica
- Hacker group uses Solaris zero-day to breach corporate networks | ZDNet
- NAT Slipstreaming hack tricks firewalls and routers | The Daily Swig
- Australia's hardcore critical infrastructure laws open to challenge - Risky Business
- 23,600 hacked databases have leaked from a defunct 'data breach index' site | ZDNet
- More suspected North Korean malware identified after US alert on Kimsuky hackers
- Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed
- The many personalities of Lazarus - Risky Business
- Windows 10, iOS, Chrome, and many others fall at China's top hacking contest | ZDNet
- Linux version of RansomEXX ransomware discovered | ZDNet
- Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments
- Building wave of ransomware attacks strike U.S. hospitals | Reuters
- Why Paying to Delete Stolen Data is Bonkers — Krebs on Security
- Israeli companies targeted with new Pay2Key ransomware | ZDNet
- Capcom takes systems offline following cyber-attack | The Daily Swig
- Company that runs US illegal immigration detention centers discloses ransomware attack | ZDNet
- Ransomware Hits Dozens of Hospitals in an Unprecedented Wave | WIRED
- Italian beverage vendor Campari knocked offline after ransomware attack | ZDNet
- Compal, the second-largest laptop manufacturer in the world, hit by ransomware | ZDNet
- Toy maker Mattel discloses ransomware attack | ZDNet
- Wisconsin Republicans say last minute hack cost party $2 million meant to reelect Trump
- FBI: Hackers stole source code from US government agencies and private companies | ZDNet
- Pwned: Deloitte Hacker IQ game forced offline after hack | The Daily Swig
- Russian authorities make rare arrest of malware author | ZDNet
- CERT/CC launches Twitter bot to give security bugs random names | ZDNet
- Oracle publishes rare out-of-band security update for WebLogic servers | ZDNet
- Apple fixes three iOS zero-days exploited in the wild | ZDNet
- After two zero-days in Chrome desktop, Google patches a third zero-day in the Android version | ZDNet
- Google’s Project Zero discloses Windows 0-day that’s been under active exploit | Ars Technica
- Google discloses Windows zero-day exploited in the wild | ZDNet
- Google patches second Chrome zero-day in two weeks | ZDNet
- ACOS/aGalaxy GUI RCE Vulnerability – CVE-2020-24384 – A10 Support
- Infamous ‘Hoax’ Artist Behind Trumpworld’s New Voter Fraud Claim
- (1) Matthew Gertz (@MattGertz) / Twitter
