Risky Business

On this week’s show, of course, we’ll be using the news segment to take a look at the dumpster fire that is the Equifax breach. We’ve got suspicious short trades, executive share sales and an absolutely shambolic response. This one’s got the lot; something for everyone.

We’ll also take a look at these latest Bluetooth bugs and of course we’ll recap the rest of the week’s security news.

In this week’s feature interview we’re chatting with Emily Crose. After cutting her teeth at CIA, NSA and US Cyber Command, these days Emily works in the private sector, and her hobby at the moment is using machine learning-based image processing to identify problematic social media images.

Some social media companies say it’s too hard to identify, for example, ze Nazis. Emily says nope.

I would say this week’s show is brought to you by Tenable Network Security, but now I’m just going to say Tenable because these days that’s what they’re calling themselves. And it makes sense. Vulnerability management isn’t really just about what’s on your network anymore.

With that in mind, they’ve really changed the messaging of the company. They’re not calling it continuous monitoring anymore, they’re calling it cyber exposure measurement. Corey Bodzin, VP of product operations at Tenable joins the show to walk us through the rationale behind the new messaging.

Adam Boileau is this week’s news guest.

See links to show notes below, and follow Patrick or Adam on Twitter if that’s your thing!

Show notes The Equifax Breach: What You Should Know — Krebs on Security Equifax Breach Response Turns Dumpster Fire — Krebs on Security Apache Foundation Refutes Involvement in Equifax Breach | Threatpost | The first stop for security news Suspect trading in Equifax options before breach might have generated millions in profit Dustin Volz on Twitter: "NEWS: Senate Finance Committee leaders Hatch and Wyden ask @Equifax CEO for info on hack, including what stock-selling execs knew and when https://t.co/Dhvyj8MALS" Equifax Stung With Multibillion-Dollar Class-Action Lawsuit After Massive Data Breach Chatbot lets you sue Equifax for up to $25,000 without a lawyer - The Verge Exploit goes public for severe bug affecting high-impact sites | Ars Technica Apache Struts Vulnerabilities May Affect Many of Cisco's Products Facebook May Have More Russian Troll Farms to Worry About | WIRED FBI investigates Russian news agency Sputnik Billions of devices imperiled by new clickless Bluetooth attack | Ars Technica Windows 0-day is exploited to install creepy Finspy malware (again) | Ars Technica Microsoft September Patch Tuesday Fixes 82 Security Issues, Including a Zero-Day Hacking Collective Finds Flaw That Allows Tampering With Election Vote Counts A Simple Design Flaw Makes It Astoundingly Easy To Hack Siri And Alexa Popular D-Link Router Riddled with Vulnerabilities | Threatpost | The first stop for security news Over 1.65 Million Computers Infected With Cryptocurrency Miners in 2017 So Far Bitcoin Price Takes a Tumble Amid Rumors of China Banning Cryptocurrency Trading Bashware: Malware Can Abuse Windows 10's Linux Shell to Bypass Security Software TensorFlow Tenable™ - The Cyber Exposure Company