Risky Business

On this week’s show we talk about the latest Shadowbrokers shenanigans with Adam, as well as all the other major security news of the last couple of weeks.

After that we’ll be chatting with Adam’s colleague at Insomnia Security, Pipes, about the interesting aspects to the dump – what did it teach us about how NSA rolls? Well quite a lot, as it turns out. And yeah, the N0day bugs aren’t the interesting bit.

This week’s show is sponsored by Tenable Network Security. This week Tenable’s VP of federal, Darron Makrokanis, will be along to talk about how to speed up federal government adoption of new tech – what’s the best way for that to happen? That’s this week’s sponsor interview!

Links to items discussed in this week’s show have moved – they’re now included in this post, below.

Oh, and do add Patrick, or Adam on Twitter if that’s your thing.

Show notes NSA-leaking Shadow Brokers just dumped its most damaging release yet | Ars Technica In slap at Trump, Shadow Brokers release NSA EquationGroup files | Ars Technica Shadow Brokers Leak Shows NSA Hacked Middle East Banking System and Had Major Windows Exploits | WIRED Alleged NSA Victim Denies Hackers Ever Broke In - Motherboard Mysterious Microsoft patch killed 0-days released by NSA-leaking Shadow Brokers | Ars Technica We Can Calm Down: Microsoft Already Patched Most of the Shadow Brokers Exploits - Motherboard The New Shadow Brokers Leak Connects the NSA to the Stuxnet Cyber Weapon Used on Iran - Motherboard Newly Leaked Hacking Tools Were Worth $2 Million on the Gray Market - Motherboard WikiLeaks just dropped the CIA’s secret how-to for infecting Windows | Ars Technica Found in the wild: Vault7 hacking tools WikiLeaks says come from CIA | Ars Technica Researchers find China tried infiltrating companies lobbying Trump on trade | Ars Technica Brexit: foreign states may have interfered in vote, report says | Politics | The Guardian North Korea: Can the US take out its missiles before launch? - CNN.com Feds deliver fatal blow to botnet that menaced world for 7 years | Ars Technica Rash of in-the-wild attacks permanently destroys poorly secured IoT devices | Ars Technica New processors are now blocked from receiving updates on old Windows | Ars Technica Microsoft Word 0-day was actively exploited by strange bedfellows | Ars Technica Why Did Microsoft Wait Six Months To Patch a Critical Word Zero-Day? - Motherboard Microsoft Word 0-day used to push dangerous Dridex malware on millions | Ars Technica Critical Word 0-day is only 1 of 3 Microsoft bugs under attack | Ars Technica Office Zero Day Delivering FINSPY Spyware to Victims in Russia | Threatpost | The first stop for security news Microsoft Patches Word Zero-Day Spreading Dridex Malware | Threatpost | The first stop for security news Breaking Signal: A Six-Month Journey | Threatpost | The first stop for security news F8 2017: Facebook's Delegated Recovery Will Make It Easier to Get Back Into Locked Accounts | WIRED Charlie Miller on Why Self-Driving Cars Are So Hard to Secure From Hackers | WIRED Meet PINLogger, the drive-by exploit that steals smartphone PINs | Ars Technica Fake News at Work in Spam Kingpin’s Arrest? — Krebs on Security Self-Proclaimed ‘Nuclear Bot’ Author Weighs U.S. Job Offer — Krebs on Security FDA Demands St. Jude Take Action on Medical Device Security | Threatpost | The first stop for security news Inside the 'Stalkerware' Surveillance Market, Where Ordinary People Tap Each Other's Phones - Motherboard ‘High Risk’ Zero-Day Leaves 200,000 Magento Merchants Vulnerable | Threatpost | The first stop for security news Netflix's HTTPS Update Can't Combat Passive Traffic Analysis Attacks | Threatpost | The first stop for security news Purdue CERIAS Researchers Find Vulnerability in Google Protocol - CERIAS - Purdue University Patrick Gray on Twitter: "Our threat intel cyber APT disruption hunt team worked VERY hard on this. The https://t.co/AfUMfSpRrZ quartered rhombus of cyber ownage: https://t.co/lIc4x0aFo3"