This episode sponsored by ExtraHop.On this week’s show Patrick and Mark Piper discuss the week’s security news, including:
- UK unveils Cyber Force
- US passes surprisingly sane IoT security law
- Symantec drops some APT10 research
- MobileIron bugs getting a decent workout courtesy of state-backed attackers
- Much, much more…
This week’s show is brought to you by ExtraHop Networks. Its VP of Security, Matt Cauthorn, joins the show this week to talk about how we might fare – technology wise – as COVID-19 cases spiral out of control in some parts of the world. With most of the heavy lifting on accelerated cloud adoption and work-from-home already done, Matt thinks the IT side of things is much better prepared for a second major pandemic-induced disruption than it was back in March.
Links to everything that we discussed are below and you can follow Patrick or Pipes on Twitter if that’s your thing.
Show notes
- UK formally unveils GCHQ's offensive cyber-operation shop
- After years of work, Congress passes 'internet of things' cybersecurity bill — and it's kind of a big deal
- Symantec implicates APT10 in sweeping hacking campaign against Japanese firms
- State-sponsored hackers try to exploit flaw in popular mobile software, UK warns
- The malware that usually installs ransomware and you need to remove right away | ZDNet
- Biotech research firm Miltenyi Biotec hit by ransomware, data leaked
- Ransomware attack forces web hosting provider Managed.com to take servers offline | ZDNet
- Hacker leaks the user data of event management app Peatix | ZDNet
- Fake Zoom invite cripples Aussie hedge fund with $8m hit
- Tradies frustrated by banks as business email scam costs them $51,000 - ABC News
- Australia’s spy agencies caught collecting COVID-19 app data | TechCrunch
- This Bluetooth Attack Can Steal a Tesla Model X in Minutes | WIRED
- Baidu's Android apps caught collecting sensitive user details | ZDNet
- Double-dipping scammers don't need malware to grab card numbers and turn a profit, report says
- GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services — Krebs on Security
- Liquid crypto-exchange says hacker accessed internal network, stole user data | ZDNet
- New WAPDropper malware abuses Android devices for WAP fraud | ZDNet
- Google Is Testing End-to-End Encryption in Android Messages | WIRED
- Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn | Ars Technica
- A Facebook Messenger Flaw Could Have Let Hackers Listen In | WIRED
- Cisco Webex bugs allow attackers to join meetings as ghost users | ZDNet
- Exploitation of Cisco Security Manager RCE flaws ‘imminent’ | The Daily Swig
- Minor controversy erupts over chained iOS exploit that harvests researchers’ crash dumps | The Daily Swig
- Patrick Gray on Twitter: "Have a read of their security expert’s website. Seriously. Check out the services page: https://t.co/w5Nv9zeeWE https://t.co/F2bwzK9n8G" / Twitter
- Office of National Intelligence - IT Systems Engineer
