On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- The amazing Yahoo! News story on the former CIA director’s awesome brainwaves
- Hostage diplomacy pays off for Huawei CFO
- NSA releases great guidance on VPN security
- Microsoft has actually hired a cybersecurity executive
- Much, much more
This week’s show is brought to you by Material Security. Material’s co-founder Ryan Noon will be along in this week’s sponsor interview to talk about smarter ways to do email retention and destruction. They have a product that interfaces with your mail provider’s API – whether you’re on Google Workspace or O365 – to do things like archive and redact email, and they’re finding their customers are using these features to actually implement retention email strategies.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks
- The Yahoo Story about All the Things CIA Wasn't Allowed to Do Against WikiLeaks - emptywheel
- Controversial Maricopa "Audit" Concludes that Biden Won by More Votes Than Previously Reported - by Kim Zetter - Zero Day
- China played dirty to get Huawei’s 'princess' back — too dirty even to tell its own people - ABC News
- Newly-formed international alliances vow to improve cybersecurity, in moves China sees as affront
- EU formally blames Russia for GhostWriter influence operation - The Record by Recorded Future
- Suspected Chinese state-linked threat actors infiltrated major Afghan telecom provider - The Record by Recorded Future
- US deports highly-prized hacker back to Russia - The Record by Recorded Future
- He Escaped the Dark Web's Biggest Bust. Now He's Back | WIRED
- NSA, CISA publish guide for securing VPN servers - The Record by Recorded Future
- The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous
- Biden administration officials push Congress to shape breach reporting mandates
- Ransomware Isn't Back. It Never Left | WIRED
- CISA, FBI, NSA warn of increased attacks involving Conti ransomware
- Major European call center provider goes down in ransomware attack - The Record by Recorded Future
- Exposed ransomware negotiations shed light on cybercrime, but complicate things for victims
- State-sponsored hacking group targets Port of Houston using Zoho zero-day - The Record by Recorded Future
- Russian missile fuel maker targeted with recent Office zero-day - The Record by Recorded Future
- Former AWS veteran Charlie Bell to head cybersecurity ops at Microsoft | Reuters
- Microsoft Exchange Autodiscover bug leaks hundreds of thousands of domain credentials - The Record by Recorded Future
- New Azure Active Directory password brute-forcing flaw has no fix | Ars Technica
- Microsoft adds novel feature to Exchange servers to allow it to deploy emergency temporary fixes - The Record by Recorded Future
- Apple ‘Still Investigating’ Unpatched and Public iPhone Vulnerabilities
- Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program / Habr
- Apple patches iOS and macOS zero-day exploited in the wild - The Record by Recorded Future
- New iCloud Private Relay service leaks users’ true IP addresses, researcher claims | The Daily Swig
- Lithuanian government warns about secret censorship features in Xiaomi phones - The Record by Recorded Future
- VMware vCenter deployments under attack as enterprises urged to update systems | The Daily Swig
- Developers fix multitude of vulnerabilities in Apache HTTP Server | The Daily Swig
- Google finds adware strain abusing novel file signature evasion technique - The Record by Recorded Future
- Device ‘breakage’ concerns persist days before Let’s Encrypt root cert expiry | The Daily Swig
- Meet TruffleHog – a browser extension for finding secret keys in JavaScript code | The Daily Swig
- #RomHack2021 - Dirk-jan Mollema - Breaking Azure AD joined endpoints in zero-trust environments - YouTube