Podcasts

The ongoing march of destructive attacks on medical organisations and a frenzy of espionage interest in COVID-19 vaccine and treatment research is testing the restraint of several governments. This week’s Seriously Risky Biz newsletter and our livestream discuss the ethical and policy dilemmas this race poses.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Salt framework 1Day wreaks havoc
• Toll Group hit with ransomware attack. Again.
• Germans indict APT28 operator
• Ransomware a key word in SEC filings
• Much, much more!

How’s this for a cogent data point: Catalin Cimpanu at ZDNet had the curiosity and foresight to search for the word ‘ransomware’ in recent SEC filings. Cimpanu found that over 1000 public US companies now list ransomware attacks as a forward-looking risk.

It wasn’t long ago that a company getting popped in a ransomware attack would rate a mention on the Risky Business podcast. Today, it takes a novel attack to raise an eyebrow. 

The Australian Government has placed uptake of its COVID-19 contact tracing app front and centre of its strategy to walk back lockdown measures, despite mounting evidence it isn’t fit for purpose.

On Friday, Australia’s Prime Minister Scott Morrison framed uptake of the government’s contact tracing app as one of a few remaining pre-conditions before lockdown measures would be lifted.

However, according to multiple reports, the government’s COVIDSafe app is barely functional on iOS devices, state health authorities don’t yet have access to the contact tracing data it was designed to collect and the app is interfering with some Bluetooth-based medical devices.

Snake Oilers isn’t the regular Risky Business podcast, if you’re looking for that just scroll back to one of the numbered episodes in our podcast feed. Snake Oilers is the wholly sponsored podcast series we do here at Risky.Biz where vendors give us money so they can come on to the show and pitch you their sweet, sweet Snake Oil.

In this edition of snake oilers we’ll hear from:

• David Cottingham of Airlock Digital pitches the Crowdstrike/Airlock two piece combo meal deal
• Marc Rogers of Okta talks passwordless authentication and pitches modern SSO generally
• John Emmitt of Kaseya pops in to pitch the VSA endpoint management agent

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Spy companies pitch ridiculously invasive approaches to contact tracing
• NSO Group busted running c2 boxes in USA according to WhatsApp lawsuit
• Australian government releases contact tracing app, no idea if it works
• Chinese telcos to get boot from USA
• Much, much more

The US Federal Communications Commission has ordered three Chinese State-owned telcos to ‘show cause’ for why it shouldn’t expunge their license to operate in the United States.

China Telecom Americas, China Unicom Americas and Pacific Networks each have 30 days to prove their operations and subsidiaries are “not subject to the influence and control of the Chinese government.” Among other demands, each must detail affiliations between directors/employees and the CCP/Chinese Government, provide network diagrams, list interconnections with other service providers, provide inventories of network equipment and hand over US subscriber information to avoid license revocation.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Czechs claim state-backed healthcare sector attack preparation
• Pompeo goes full cyber berserker
• New iOS exploit chain targets Uyghur diaspora
• Zoom 0day for $500k? Tell him he’s dreamin’

The United States is on the cusp of making far-reaching changes to how it defends its networks and projects its capabilities in cyberspace. Over the coming months, lawmakers will review the recommendations of the Cyberspace Solarium Commission - a year-long review into US cyber strategy. Will they have the nerve to push for contentious reforms, and who wins and loses in the process? Risky.Biz looks for answers in this three-part series.

Health authorities are revisiting plans to release hastily-developed COVID-19 contact tracing apps that are unsupported by Apple and Google, now that the tech giants are promising developers a built-in contact tracing framework.

Several countries have released, piloted or approved apps that use Bluetooth Low Energy for contact tracing well in advance of the Google-Apple (hereafter ‘Gapple’) announcement. Their experiences are instructive.

Inspired by Singapore’s TraceTogether app, the Czech Republic released the eRouška Android app on April 11. It did not release an iOS version for the same reason TraceTogether struggled with adoption - Apple does not support the use of Bluetooth Low Energy advertisements while apps run in the background, and won’t until apps conform to the Gapple framework. The Android app attracted 100,000 users (1% of population) in its first week.

NHSX - the digital arm of the UK’s NHS - is currently piloting a contact tracing app, but appears likely to pivot to make use of the Gapple framework. The UK Information Commissioner’s Office has signalled conditional support for it.