On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- The supply chain attack in the supply chain attack
- Russia has a China dependency problem
- Recent research into TLS resumption flaws
- Google and Intel team up on hardware hacking
- DHS will hack enterprise kit
- Much, much more
This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. He’s talking about the (actually sensible) ChatGPT-driven features Corelight has built into its NDR platform.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack - Updated
- Russia China Worries Set Out in Private Memo on Tech Risk - Bloomberg
- Hackers to show they can take over a European Space Agency satellite
- DOJ urges CISOs to continue working with law enforcement ahead of Uber security chief’s sentencing
- To combat cybercrime, US law enforcement increasingly prioritizes disruption | CyberScoop
- Collaboration between CISA, Cyber Command thwarted dangerous cyberattacks, officials said | CyberScoop
- US gov’t stopped Iranian hackers who ‘gained access’ to 2020 election infrastructure
- Bill proposes new DHS centers for testing security of critical government tech
- UK says ‘Wagner-like cyber groups’ attacking critical infrastructure
- Russia's digital warriors adapt to support the war effort in Ukraine, Google threat researchers say | CyberScoop
- Bipartisan legislation aims to ‘arm Taiwan to the teeth in the cyber domain’
- Ex-NSA boss won $700,000 Saudi consulting deal after Khashoggi death - The Washington Post
- U.S. approves massive arms sale to Saudi Arabia, United Arab Emirates to counter Iran | PBS NewsHour
- Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs | WIRED
- Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices | WIRED
- We Really Need to Talk About Session Tickets | System Security Group
- Internet protocol vulnerability opens door to ‘massive’ DoS amplification attacks
- Exploit released for 9.8-severity PaperCut flaw already under attack | Ars Technica
- Finding PaperCut MF and NG servers
- DC health exchange breach traced back to misconfigured Amazon server
- Ukraine remains Russia’s biggest cyber focus in 2023
- The hacker Bassterlord in his own words: Portrait of an access broker as a young man
- Hacker Group Names Are Now Absurdly Out of Control | WIRED