Risky Business

<p>On this week's show we've landed what looks to be a fairly exclusive interview -- at least as far as the tech press is concerned. Justine Bone will be joining us to explain why the company she works with, MedSec, decided to use vulnerability information on implantable medical devices to drive a short-selling scheme in partnership with Muddy Waters.</p> <!--excerpt-above--> <p>This week's show is sponsored by Tenable Network Security. We're doing something a bit different in this week's sponsor interview -- we're chatting with one of Tenable's customers, City of San Diego CISO Gary Hayslip. </p> <p>They've just invested heavily in Nessus, among other things. Gary drops by to explain what he's been doing since he took the CISO position a few years ago. If you're a CISO it's actually a pretty interesting interview. That team has to deal with everything from embedded devices in cop cars to control systems to its very own POS network. Hey, citizens have to pay for government services somehow, right?</p> <p>Trail of Bits head honcho Dan Guido is this week's news guest.</p> <p>Oh, and do add <a href="https://twitter.com/riskybusiness">Patrick</a> and <a href="https://twitter.com/dguido">Dan</a> on Twitter if that's your thing.</p> Show notes Trading in stock of medical device paused after hackers team with short seller | Ars Technica The 'Million Dollar Dissident' Is a Magnet for Government Spyware | Motherboard British Companies Are Selling Advanced Spy Tech to Authoritarian Regimes | Motherboard Exclusive: SWIFT discloses more cyber thefts, pressures banks on security | Reuters Officials blame &quot;sophisticated&quot; Russian hackers for voter system attacks | Ars Technica After Illinois hack, FBI warns of more attacks on state election board systems | Ars Technica Voter Records Get Hacked a Lot, And You Can Just Buy Them Anyway | Motherboard Military submarine maker springs leak after &quot;hack'd&quot; -- India, Oz hit dive alarm | Ars Technica Congressman to FCC: Fix phone network flaw that allows eavesdropping | Ars Technica France, Germany Call for European Decryption Law | Threatpost | The first stop for security news Hackers Stole Account Details for Over 60 Million Dropbox Users | Motherboard Ransomware Targets UK Hospitals, But NHS Won't Pay Up | Motherboard Tens of Thousands of Infowars Accounts Hacked | Motherboard 1.7 Million Opera Browser Users Told To Reset Passwords | Threatpost | The first stop for security news Hacker who stole 2.9 million credit card numbers is Russian lawmaker's son | Ars Technica Hackers attack site of Ghostbusters star Leslie Jones, post racist abuse | Ars Technica Lurk Criminal Gang Also Behind Angler Exploit Kit | Threatpost | The first stop for security news Keystroke Recognition Uses Wi-Fi Signals To Snoop | Threatpost | The first stop for security news Hackers Trick Facial-Recognition Logins With Photos From Facebook (What Else?) | WIRED HTTPS and OpenVPN face new attack that can decrypt secret cookies | Ars Technica Meet USBee, the malware that uses USB drives to covertly jump airgaps | Ars Technica RIPPER ATM Malware Uses Malicious EMV Chip | Threatpost | The first stop for security news BASHLITE Family Of Malware Infects 1 Million IoT Devices | Threatpost | The first stop for security news Leaked ShadowBrokers Attack Upgraded to Target Current Versions of Cisco ASA | Threatpost | The first stop for security news HostSailor Threatens to Sue KrebsOnSecurity - Krebs on Security Whoops! Hotel Left Thousand of Customers' Credit Cards Online For All To See | Motherboard Muddy Waters is Short St. Jude Medical, Inc. (STJ:US)