Risky Business #759 – Why Iran's hack and leak will amount to naught

PLUS: A wrap up of all the best research from Black Hat and DEFCON...
14 Aug 2024 » Risky Business

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news and recap the best research presented at Black Hat and DEF CON in Las Vegas last week. They cover:

  • Iran tries an election hack’n’leak like its still 2016
  • Crowdstrike takes home the Pwnie for Epic Fail at DEF CON
  • UK healthcare SaaS faces six million pound fine for lack of MFA
  • US circuit courts disagree on geofence warrants
  • Our roundup of juicy Blackhat/DEF CON research
  • And much, much more.

This week’s episode is sponsored by Trail of Bits. CEO Dan Guido is fresh back from the DARPA AI Cyber Challenge at DEF CON, where the Trail of Bits team moved through into the finals. Dan talks through the challenge of finding, reporting and fixing bugs with AI systems.

You can also watch this week’s show on Youtube.

Show notes

Trump campaign points finger at Iranian hackers for documents leak
FBI says it's investigating efforts to hack Trump and Biden-Harris campaigns
Iranian hackers ramping up US election interference, Microsoft warns
State Dept puts $10 million bounty on IRGC-CEC hackers
CrowdStrike snafu was a ‘dress rehearsal’ for critical infrastructure disruptions, CISA director says | Cybersecurity Dive
Dominic White 👾 on X: "CrowdStrike accepting the @PwnieAwards for “most epic fail” at @defcon. Class act. https://t.co/e7IgYosHAE" / X
Russia's Kursk region suffers 'massive' DDoS attack amid Ukraine offensive
Elon Musk on X: "@markpinc Yeah" / X
Progress Software says SEC declines to pursue action related to MOVEit exploitation spree | Cybersecurity Dive
NHS software supplier Advanced faces £6m fine over ransomware attack failings
Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms | TechCrunch
5th Circuit rules geofence warrants illegal in win for phone users’ privacy | Ars Technica
Customs and Border Protection agents need a warrant to search your phone - The Verge
Hackers could spy on cell phone users by abusing 5G baseband flaws, researchers say | TechCrunch
‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections | WIRED
Downgrade Attacks Using Windows Updates | SafeBreach
Listen to the whispers: web timing attacks that actually work | PortSwigger Research
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! | DEVCORE
Trail of Bits Advances to AIxCC Finals | Trail of Bits Blog
SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: