Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
https://risky.biz/
Risky Business #456 -- Your MSP *will* get you owned
On this week’s show Adam pops in to discuss the week’s news. (Links below) After the news segment Adam and Patrick both chat about topics near and dear to their hearts: Shoddy infosec marketing and shoddy MSP security.
This week’s show is brought to you by WordFence, a company that makes a WordPress security plugin. It’s not so much an enterprise security tool, but it turns out that when you run two million Wordpress plugins you wind up collecting some pretty valuable threat intel and IOCs. WordFence’s Mark Maunder joins the show this week to talk about WordPress security and malware distribution!
You can add Patrick, or Adam on Twitter if that’s your thing. Show notes are below…
Show notes More people infected by recent WCry worm can unlock PCs without paying ransom | Ars Technica There’s new evidence tying WCry ransomware worm to prolific hacking group | Ars Technica Windows 7, not XP, was the reason last week’s WCry worm spread so widely | Ars Technica EternalRocks Worm Spreads Seven NSA SMB Exploits | Threatpost | The first stop for security news PATCH Act Calls for VEP Review Board | Threatpost | The first stop for security news US politicians think companies should be allowed to 'hack back' after WannaCry Sweden Drops Julian Assange's Rape Charge, But the WikiLeaks Founder Won't Go Free | WIRED Examining the FCC claim that DDoS attacks hit net neutrality comment system | Ars Technica Google Elevates Security in Android O | Threatpost | The first stop for security news Android Gets Security Makeover With Google Play Protect | Threatpost | The first stop for security news Any Half-Decent Hacker Could Break Into Mar-a-Lago, We Tested It | Gizmodo Australia Senate's Use of Signal A Good First Step, Experts Say | Threatpost | The first stop for security news Should SaaS Companies Publish Customers Lists? — Krebs on Security Private Eye Allegedly Used Leaky Goverment Tool in Bid to Find Tax Data on Trump — Krebs on Security Yahoo Retires ImageMagick After Bugs Leak Server Memory | Threatpost | The first stop for security news Twitter Bug Allowed Hackers To Tweet From Any Account - Motherboard Breaking the iris scanner locking Samsung’s Galaxy S8 is laughably easy | Ars Technica Subtitle Hack Leaves 200 Million Vulnerable to Remote Code Execution | Threatpost | The first stop for security news Apple Patches Pwn2Own Vulnerabilities in Safari, macOS, iOS | Threatpost | The first stop for security news BostonGlobe.com disables articles when your browser’s in private mode | Ars Technica Gravityscan - Free Website Malware and Vulnerability Scanner WordPress Security Plugin | Wordfence