Risky Business #536 -- Mar-a-Lago arrest, ASUS supply chain attack and more
Released Wednesday, 10th April 2019
Good episode? Give it some love!
Risky Business #536 -- Mar-a-Lago arrest, ASUS supply chain attack and more
Risky Business #536 -- Mar-a-Lago arrest, ASUS supply chain attack and more
Wednesday, 10th April 2019
Good episode? Give it some love!
Rate Episode
In this week’s show Patrick Gray and Adam Boileau recap all the infosec news of the last three weeks, including:
- Chinese woman arrested at Mar-a-Lago being very shady
- The ASUS supply chain attack
- Flame-related malware lived on longer than expected
- boostrap-sass Ruby gem backdoored
- Latest on Norsk Hydro and other victims of the same crew
- More trouble at Toyota
- Huawei spanked by UK oversight panel
- Exodus govvie malware affects Android and iOS
- Plus much, much more
This week’s sponsor interview is with Kumud Kalia, the Chief Information and Technology Officer of Cylance. They actually dropped a really interesting product announcement at RSA a few weeks back and Kumud will be along later on to tell us about that. The tl;dr it’s an agent that models endpoint behaviour so when someone - or something - else starts using that endpoint to do things that don’t fit the user profile, action can be taken.
It’s the type of tech concept that normally belongs in academic papers, not in actual products people can actually buy. That’s an interesting chat.
Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
Feds: Woman arrested at Mar-a-Lago had hidden-camera detector | Miami HeraldHackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers - MotherboardASUS releases fix for Live Update tool abused in ShadowHammer attack | ZDNetResearchers publish list of MAC addresses targeted in ASUS hack | ZDNetNation-state hacking kit ‘Flame’ had a second life, researchers sayMalicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem | SnykNorsk Hydro ransomware incident losses reach $40 million after one week | ZDNetNorsk Hydro will not pay ransom demand and will restore from backups | ZDNetArizona Beverages knocked offline by ransomware attack | TechCrunchRansomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’ - MotherboardToyota announces second security breach in the last five weeks | ZDNetHuawei's Problem Isn't Chinese Backdoors. It's Buggy Software | WIREDHCSEC_OversightBoardReport-2019.pdfIn issuing 5G recommendations, E.U. spurns U.S. hardline on HuaweiBezos’ Investigator Gavin de Becker Finds the Saudis Obtained the Amazon Chief’s Private DataNSO Group Says It Didn’t Hack Jeff Bezos On Behalf of Saudi Arabia - Motherboard'Exodus' Spyware Posed as a Legit iOS App | WIREDFormer NSA spies hacked BBC host, Al Jazeera chairman for UAELazarus rises in Israel with attempted hack of defense company, researchers sayDefense Ministry rebukes Israeli spy tech company for unlawful exports | The Times of IsraelIslamic State's collapse hastened with help of Australian cyber spies - ABC News (Australian Broadcasting Corporation)Company sues worker who fell for email scam - BBC NewsUtah Just Became a Leader in Digital Privacy | WIREDOffice Depot rigged PC malware scans to sell unneeded $300 tech support | Ars TechnicaMicrosoft warns Windows 7 users of looming end to security updates | TechCrunchBrace yourselves: Exploit published for serious Magento bug allowing card skimming [Updated] | Ars TechnicaWarfare Plugins on Twitter: "WE ARE AWARE OF A ZERO-DAY EXPLOIT AFFECTING SOCIAL WARFARE CURRENTLY BEING TAKEN ADVANTAGE OF IN THE WILD. Our developers are working to release a patch within the next hour. In the meantime, we recommend disabling the plugin. We will update you as soon as we know more."Pipdig Update: Dishonest Denials, Erased Evidence, and Ongoing OffensesTwo serious WordPress plugin vulnerabilities are being exploited in the wild | Ars TechnicaEx-NSA contractor pleads guilty to vast classified data leak, faces 9 years in prisonReport deems Russia a pioneer in GPS spoofing attacks | ZDNetAbove Us Only Stars - Exposing GPS Spoofing in Russia and Syria - Association of Old CrowsResearchers find 36 new security flaws in LTE protocol | ZDNetAT&T, Comcast successfully test SHAKEN/STIR protocol for fighting robocalls | ZDNetFacebook Stored Hundreds of Millions of User Passwords in Plain Text for Years — Krebs on SecurityThird-Party Apps Exposed Over 540 Million Facebook Records | WIREDMan Behind Fatal ‘Swatting’ Gets 20 Years — Krebs on SecurityTop dark web marketplace will shut down next month | ZDNetLithuanian man pleads guilty to scamming Google and Facebook out of $123 million | ZDNetChina Considers Ban On Cryptocurrency Mining Because It's A Stupid Waste Of Energy | Gizmodo AustraliaVigilantes Counter Christchurch Manifesto with Weaponized VersionRedTeam Pentesting on Twitter: "We were also quite surprised to find this /etc/nginx.conf in 1.4.2.20… https://t.co/ymjjLM3eP7"Announcing QueryCon 2019 | Trail of Bits BlogPaperCall.io - QueryCon 2019QueryCon 2019 — Hosted by Trail of Bits, with Kolide and Carbon Black Tickets, Thu, Jun 20, 2019 at 9:00 AM | EventbriteShow More
Rate
From The Podcast
Risky Business
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.Join Podchaser to...
- Rate podcasts and episodes
- Follow podcasts and creators
- Create podcast and episode lists
- & much more
Episode Tags
Do you host or manage this podcast?
Claim and edit this page to your liking.
,Claim and edit this page to your liking.
Unlock more with Podchaser Pro
- Audience Insights
- Contact Information
- Demographics
- Charts
- Sponsor History
- and More!
- Account
- Register
- Log In
- Find Friends
- Resources
- Help Center
- Blog
- API
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More
- © 2024 Podchaser, Inc.
- Privacy Policy
- Terms of Service
- Contact Us