Risky Business #640 -- Huh. The CIA really was out to neck Assange

And they would've gotten away with it, if it weren't for those meddling lawyers...
29 Sep 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The amazing Yahoo! News story on the former CIA director’s awesome brainwaves
  • Hostage diplomacy pays off for Huawei CFO
  • NSA releases great guidance on VPN security
  • Microsoft has actually hired a cybersecurity executive
  • Much, much more

This week’s show is brought to you by Material Security. Material’s co-founder Ryan Noon will be along in this week’s sponsor interview to talk about smarter ways to do email retention and destruction. They have a product that interfaces with your mail provider’s API – whether you’re on Google Workspace or O365 – to do things like archive and redact email, and they’re finding their customers are using these features to actually implement retention email strategies.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks
The Yahoo Story about All the Things CIA Wasn't Allowed to Do Against WikiLeaks - emptywheel
Controversial Maricopa "Audit" Concludes that Biden Won by More Votes Than Previously Reported - by Kim Zetter - Zero Day
China played dirty to get Huawei’s 'princess' back — too dirty even to tell its own people - ABC News
Newly-formed international alliances vow to improve cybersecurity, in moves China sees as affront
EU formally blames Russia for GhostWriter influence operation - The Record by Recorded Future
Suspected Chinese state-linked threat actors infiltrated major Afghan telecom provider - The Record by Recorded Future
US deports highly-prized hacker back to Russia - The Record by Recorded Future
He Escaped the Dark Web's Biggest Bust. Now He's Back | WIRED
NSA, CISA publish guide for securing VPN servers - The Record by Recorded Future
The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous
Biden administration officials push Congress to shape breach reporting mandates
Ransomware Isn't Back. It Never Left | WIRED
CISA, FBI, NSA warn of increased attacks involving Conti ransomware
Major European call center provider goes down in ransomware attack - The Record by Recorded Future
Exposed ransomware negotiations shed light on cybercrime, but complicate things for victims
State-sponsored hacking group targets Port of Houston using Zoho zero-day - The Record by Recorded Future
Russian missile fuel maker targeted with recent Office zero-day - The Record by Recorded Future
Former AWS veteran Charlie Bell to head cybersecurity ops at Microsoft | Reuters
Microsoft Exchange Autodiscover bug leaks hundreds of thousands of domain credentials - The Record by Recorded Future
New Azure Active Directory password brute-forcing flaw has no fix | Ars Technica
Microsoft adds novel feature to Exchange servers to allow it to deploy emergency temporary fixes - The Record by Recorded Future
Apple ‘Still Investigating’ Unpatched and Public iPhone Vulnerabilities
Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program / Habr
Apple patches iOS and macOS zero-day exploited in the wild - The Record by Recorded Future
New iCloud Private Relay service leaks users’ true IP addresses, researcher claims | The Daily Swig
Lithuanian government warns about secret censorship features in Xiaomi phones - The Record by Recorded Future
VMware vCenter deployments under attack as enterprises urged to update systems | The Daily Swig
Developers fix multitude of vulnerabilities in Apache HTTP Server | The Daily Swig
Google finds adware strain abusing novel file signature evasion technique - The Record by Recorded Future
Device ‘breakage’ concerns persist days before Let’s Encrypt root cert expiry | The Daily Swig
Meet TruffleHog – a browser extension for finding secret keys in JavaScript code | The Daily Swig
#RomHack2021 - Dirk-jan Mollema - Breaking Azure AD joined endpoints in zero-trust environments - YouTube