Podcasts

Donald Trump’s personal involvement in threats to ban TikTok is distracting from any legitimate national security concerns the video sharing app might present to the United States. What started as some half-hearted sabre rattling after he was thoroughly punk’d by TikTok teens at his Tulsa rally in late June has spiralled into a theatre of the absurd.

In the same week the EU imposed sanctions against Russian, Chinese and North Korean actors, hacking crews from all three countries were implicated in new mischief.

Soap Box is the wholly sponsored podcast series we do here at Risky.Biz. That means everyone you hear on this podcast paid to be here. In this podcast you’re going to hear my latest interview with Jerrod Chong, Yubico’s Chief Solutions Officer.

Hardware security keys like Yubikeys have come a long way, even over the last couple of years. The biggest change is that the support for hardware keys is borderline ubiquitous now. FIDO2 support is in all the major browsers. You can even use Yubikeys with Google apps on an iPhone. The plumbing is here, it’s arrived.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Two Chinese nationals charged with freelancing for MSS
• Russia, China hacking COVID-19 research
• The world dodged a bullet on the Windows DNS bug
• Twitter blue tick pwnapalooza
• Much, much more.

Who needs custom malware and 0day when wins come this easy?

If it’s any consolation, the most capable infosec teams in the world are having just as much trouble dealing with the current onslaught of high severity vulnerabilities as you are.

Winnti is all at once a malware family, a group, and several groups with wildly diverging motivations. We’re at the point where we may as well scrap the name and start again.

Normally these Soap Box podcasts – which are wholly sponsored – feature vendors trying to sell you stuff. But this time we’re doing something different: an interview with two of Facebook’s most senior engineers.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• The latest on the EncroChat hack-related arrests
• Details about the fresh F5 and Citrix bugs
• Natanz go boom
• Paying Wastedlocker ransoms violates Treasury sanctions
• North Korea embraces Magecart (lol)
• Much, much more…

A critical, trivially exploitable vulnerability in the management interface of F5’s Big-IP devices is the latest in a string of nasty bugs in networking equipment critical to enterprise computing.

Like last year’s Citrix NetScaler and Pulse Secure vulnerabilities, this one is going to hurt.