This episode sponsored by Airlock Digital.On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Why the White House’s cybersecurity strategy is actually quite good
- The LastPass breach was probably DPRK
- UEFI bootkits are going downmarket, and this is bad
- GitHub will scan repos for secrets
- A look at some interesting DJI drone research
- Much, much more
This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
* NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show
Show notes
- Risky Biz News: White House unveils National Cybersecurity Strategy
- White House looks to put cybersecurity pressure on companies
- Surveillance oversight board member explores concerns about Section 702 renewal | CyberScoop
- Secret Service and ICE conducted warrantless stingray surveillance, says watchdog | TechCrunch
- LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach
- Give Me E2EE or Give Me Death - by Tom Uren
- Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica
- GitHub’s secret scanning alerts now available for all public repos
- This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location | WIRED
- Hackers steal gun owners’ data from firearm auction website | TechCrunch
- New ATM Malware 'FiXS' Emerges - SecurityWeek
- US government warns Royal ransomware is targeting critical infrastructure | TechCrunch
- Ransomware gang posts breast cancer patient photos from Pennsylvania health network to dark web
- Hospital Clínic de Barcelona severely impacted by ransomware attack
- Hackers Release Data Stolen in Oakland Ransomware Attack – NBC Bay Area
- Salt Labs | Traveling with OAuth - Account Takeover on Booking.com
- Google adds client-side encryption to Gmail and Calendar. Should you care? | Ars Technica
- The life-upending flaw that USPS won’t fix | TechCrunch
- Powerful Meta large language model widely available online | CyberScoop
- We’re going teetotal: It’s goodbye to The Daily Swig | The Daily Swig
