On this week’s show Patrick and Adam discuss the week’s security news, including:
- Ransomware shutters US natural gas plants
- Huawei hit with huge indictment
- Voatz mobile voting app shredded by MIT, dust-up ensues
- The latest from the Vault7 trial
- Reality Winner seeking clemency
- Ring to force all users on to 2FA
- Israeli court rules Facebook must reinstate NSO staff profiles
- USG drops more North Korean samples
- OpenSSH gets Fido/U2F support
This week’s sponsor interview is with Dave Cottingham from Airlock Digital.
They make whitelisting software that’s actually useable. And until I did this interview I didn’t know that their agent actually does host hardening as well, which is pretty cool. Since we last spoke they’ve also popped up in CrowdStrike’s app store thingy, which means a bunch of you Crowdstrike customers will be able to dabble in some whitelisting if you want to.
Dave joins the show to talk about a bunch of stuff, including their experience having Silvio Cesare do a code audit on their agent.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- DHS says ransomware hit US gas pipeline operator | ZDNet
- Ransomware Impacting Pipeline Operations | CISA
- U.S. charges Huawei with conspiracy to steal trade secrets, racketeering
- Voting App Flaws Could Have Let Hackers Manipulate Results | WIRED
- 'Sloppy' Mobile Voting App Used in Four States Has 'Elementary' Security Flaws - VICE
- Voatz Response to Researchers’ Flawed Report - Blog @ Voatz
- Microsoft to deploy ElectionGuard voting software in first real-world test | ZDNet
- Joshua Schulte's attorneys are trying to call Mike Pompeo in the Vault 7 trial
- Joshua Schulte's defense asks for a mistrial in the Vault 7 case
- Reality Winner seeks clemency for leaking NSA report on Russian hacking attempts
- Ring to enable 2FA for all user accounts after recent hacks | ZDNet
- Facebook must unblock NSO Group employee’s account, Israeli court rules
- US government goes all in to expose new malware used by North Korean hackers | Ars Technica
- Israeli soldiers tricked into installing malware by Hamas agents posing as women | ZDNet
- Hamas-linked hackers exploit current events to spy on rival Palestinian officials, researchers say
- Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world | ZDNet
- Leaked report describes Federal Parliament's cyber security as having 'low level of maturity' - ABC News (Australian Broadcasting Corporation)
- Data Protection Authority Investigates Avast for Selling Users’ Browsing History - VICE
- Pay Up, Or We’ll Make Google Ban Your Ads — Krebs on Security
- Ohio man arrested over darknet bitcoin laundering operation | The Daily Swig
- IOTA cryptocurrency shuts down entire network after wallet hack | ZDNet
- A Light at the End of Liberty Reserve’s Demise? — Krebs on Security
- Signal Is Finally Bringing Its Secure Messaging to the Masses | WIRED
- Hundreds of Millions of PC Components Still Have Hackable Firmware | WIRED
- OpenSSH adds support for FIDO/U2F security keys | ZDNet
- Second Windows 10 update is now causing problems by hiding user profiles | ZDNet
- Nasty Android malware reinfects its targets, and no one knows how | Ars Technica
- Google removes 500+ malicious Chrome extensions from the Web Store | ZDNet
- FBI: BEC scams accounted for half of the cyber-crime losses in 2019 | ZDNet
- foone on Twitter: "So I learned of an amusing bug today: Docker for Windows won't run if you have the Razer Synapse driver management tool running. But the reason is the funny part... https://t.co/s42SeQ949z" / Twitter