This week’s feature guest is former FBI agent Chris Tarbell, who arrested Silk Road operator Ross Ulbricht way back in 2013. As suggestions swirl that an incoming Trump administration might release Ulbricht, Chris talks about the reality of the Dread Pirate Roberts.

Patrick Gray and Adam Boileau also discuss the week’s cybersecurity news, including:

• Apple frustrates law enforcement with iOS auto-reboot
• CISA says most KEV vulnerabilities in 2023 were first used as zero days
• Russians roll incident response on some sweet Linux spookware
• Regular users can create mailboxes in M365?
• Tor tracks down the source of its joe-job abuse complaints
• And much, much more.

This episode is sponsored by software supply chain security firm Socket.dev. Founder Feross Aboukhadijeh thinks that we need a CVE-like catalogue for supply-chain attacks, and he makes a solid argument.

Show notes:

Apple Quietly Introduced iPhone Reboot Code Which is Locking Out Cops https://www.404media.co/apple-quietly-introduced-iphone-reboot-code-which-is-locking-out-cops/

Exclusive | U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack - WSJ https://www.wsj.com/us-news/u-s-agency-warns-employees-about-phone-use-amid-ongoing-china-hack-dd459273

Surge in exploits of zero-day vulnerabilities is ‘new normal’ warns Five Eyes alliance https://therecord.media/surge-zero-day-exploits-five-eyes-report

Неуловимый GoblinRAT: как бэкдор для Linux проник в государственные инфраструктуры https://rt-solar.ru/solar-4rays/blog/4861/

Microsoft Bookings – Facilitating Impersonation | Cyberis Limited https://www.cyberis.com/article/microsoft-bookings-facilitating-impersonation

TrustedSec | EKUwu: Not just another AD CS ESC https://trustedsec.com/blog/ekuwu-not-just-another-ad-cs-esc

Russia’s internet watchdog blocks thousands of websites that use Cloudflare’s privacy service https://therecord.media/russia-blocks-thousands-of-websites-that-use-cloudflare-service

Defending the Tor network: Mitigating IP spoofing against Tor | The Tor Project https://blog.torproject.org/defending-tor-mitigating-IP-spoofing/

Law enforcement operation takes down 22,000 malicious IP addresses worldwide - Ars Technica https://arstechnica.com/information-technology/2024/11/law-enforcement-operation-takes-down-22000-malicious-ip-addresses-worldwide/

DHS nominee Kristi Noem stood alone for rejecting department cyber grants to state, local governments | CyberScoop https://cyberscoop.com/dhs-nominee-kristi-noem-cyber-grants-trump-admin/