In this week’s show Patrick Gray and Alex Stamos discuss all the week’s news, including:
- Will Iran cyber all the cybers?
- ToTok chat app alleged to be UAE spy tool
- China makes moves on own OS
- Big game ransomware hits crisis levels
- WSJ carries water for NSO Group
- Much, much more
This week’s show is brought to you Bugcrowd. We’ll be hearing from Bugcrowd’s Casey Ellis in this week’s sponsor interview. He’ll be talking about the US federal government’s decision to force all departments into accepting bug reports – he thinks this is a move that will have a big impact on the wider security ecosystem.
Links to everything are below!
Show notes
- Homeland Security warns businesses to brace for Iranian cyberattacks | TechCrunch
- After U.S. kills Iranian general, analysts warn of Tehran’s ability to retaliate in cyberspace
- Unpatched US government website gets pwned by pro-Iran script kiddie | Ars Technica
- Iranian Hackers Claim Defacement of Texas Government and Alabama Veterans Websites - VICE
- It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool. - The New York Times
- Google Reinstates Reported UAE Surveillance App ToTok - VICE
- U.S. Army bans TikTok amid ongoing scrutiny of Chinese-made video app
- Two of China's largest tech firms are uniting to create a new 'domestic OS' | ZDNet
- Police Tracked a Terror Suspect—Until His Phone Went Dark After a Facebook Warning - WSJ
- US Coast Guard discloses Ryuk ransomware infection at maritime facility | ZDNet
- Frankfurt shuts down IT network following Emotet infection | ZDNet
- Sodinokibi ransomware plagues Travelex currency exchange as investigation continues
- Company shuts down because of ransomware, leaves 300 without jobs just before holidays | ZDNet
- Maze ransomware was behind Pensacola “cyber event,” Florida officials say | Ars Technica
- FBI warns U.S. companies about Maze ransomware, appeals for victim data - CyberScoop
- Another ransomware strain is now stealing data before encrypting it | ZDNet
- New Orleans hit by ransomware, city employees told to turn off computers | ZDNet
- Pensacola confirms ransomware attack but provides few details | Ars Technica
- Ransomware at IT Services Provider Synoptek — Krebs on Security
- Arkansas telemarketing firm blames ransomware for sudden holiday closure - CyberScoop
- Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up — Krebs on Security
- Hackensack Meridian Health pays attackers to thwart ransomware incident - CyberScoop
- Big Game Ransomware being delivered to organisations via Pulse Secure VPN
- The Hidden Cost of Ransomware: Wholesale Password Theft — Krebs on Security
- Hackers steal data for 15 million patients, then sell it back to lab that lost it | Ars Technica
- Apple sues security vendor for DMCA violations - The Verge
- Apple opens public bug bounty program, publishes official rules | ZDNet
- Not so IDLE hands: FBI program offers companies data protection via deception | Ars Technica
- A Twitter app bug was used to match 17 million phone numbers to user accounts | TechCrunch
- Chinese hacker group caught bypassing 2FA | ZDNet
- Critical flaw in Citrix applications could allow unauthorized access to internal networks
- Hacker who blackmailed Apple in 2017 gets no prison time | ZDNet
- Member of 'The Dark Overlord' hacking group extradited to the US | ZDNet
- Rambler will drop NGINX criminal case | ZDNet
- How Hackers Are Breaking Into Ring Cameras - VICE
- Over 1,500 Ring passwords have been found on the dark web | TechCrunch
- We Tested Ring’s Security. It’s Awful - VICE
- Creditors Seek to Exhume the Body of a Dead Crypto Executive | WIRED
- Lithuanian scammer gets 5 years for defrauding Google, Facebook of $120 million
- Web Cache Deception attacks still impact websites with 'substantial user populations' | ZDNet
- iPhones and iPads finally get key-based protection against account takeovers | Ars Technica
- Mozilla to force all add-on devs to use 2FA to prevent supply-chain attacks | ZDNet
- Npm team warns of new 'binary planting' bug | ZDNet
- Only 9.27% of all npm developers use 2FA | ZDNet
- Half of the websites using WebAssembly use it for malicious purposes | ZDNet
- U.S. Launches Fresh Assault On Apple’s ‘Warrant-Proof Encryption’
- The Great $50M African IP Address Heist — Krebs on Security
- 'Shattered': Inside the secret battle to save America's undercover spies in the digital age