Podcasts

If it’s any consolation, the most capable infosec teams in the world are having just as much trouble dealing with the current onslaught of high severity vulnerabilities as you are.

Winnti is all at once a malware family, a group, and several groups with wildly diverging motivations. We’re at the point where we may as well scrap the name and start again.

Normally these Soap Box podcasts – which are wholly sponsored – feature vendors trying to sell you stuff. But this time we’re doing something different: an interview with two of Facebook’s most senior engineers.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• The latest on the EncroChat hack-related arrests
• Details about the fresh F5 and Citrix bugs
• Natanz go boom
• Paying Wastedlocker ransoms violates Treasury sanctions
• North Korea embraces Magecart (lol)
• Much, much more…

A critical, trivially exploitable vulnerability in the management interface of F5’s Big-IP devices is the latest in a string of nasty bugs in networking equipment critical to enterprise computing.

Like last year’s Citrix NetScaler and Pulse Secure vulnerabilities, this one is going to hurt.

This edition of the Soap Box podcast is brought to you by Proofpoint.

Today’s guest is Proofpoint’s EVP of Cybersecurity Strategy, Ryan Kalember, and the topic is business email compromise, or BEC.

BEC is a big deal, generating billions of dollars in losses every year across basically all industry verticals and levels of government. Until recently, there haven’t been many technical controls that help to mitigate it.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Inside the new American “e2ee busting” bill
• Julian Assange hit with (another) superseding indictment
• Trustwave uncovers sneaky Chinese accounting software backdoor
• Much, much more…

This week’s show is brought to you by Okta. They are, of course, the identity and auth giant and one of the few sponsors we actually approached last year for 2020 because, well, they are very good at what they do. This week Marc will be joining us to talk about a privacy-related topic. The discussion is nuanced, but it’s basically about how the public perception of privacy risks has diverged from the reality/ Further, that the COVID-19 crisis and the advent of digital contact tracing apps have actually brought general concerns around digital privacy to the fore.

Three US Senators have put forward a bill that apes the powers of the UK Investigatory Powers Act and Australia’s Assistance and Access Act, while omitting many of the (albeit weak) safeguards that protect that power from being abused.

The Lawful Access to Encrypted Data Act of 2020, introduced by Republican Senators Lindsay Graham, Tom Cotton and Marsha Blackburn, compels device manufacturers and digital service providers to provide access to user data when served with a warrant. It’s the Nike approach: Just do it!

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Australia “under attack” - a wrap
• Microsoft releases more security protections for E5 customers
• US to introduce “anti encryption” bill
• Shady encrypted phone company owned by the cops
• NSA to offer filtered DNS services to defence industry
• MORE

Technical indicators released by the Australian Government reveal that state-backed actors are among the many attackers abusing OAuth apps to gain unauthorised access to cloud accounts. Risky.Biz reckons there is more Microsoft can do to stop it.