Risky Business

You might have noticed North Korea’s been in the news over the last couple of days. Well, we’re sticking with the theme – we’ve got a great feature interview for you this week with Andrea Berger. She’s a senior research associate at the US-based James Martin Centre for Nonproliferation Studies and the co-host of the Arms Control Wonk podcast. This week she speaks with Risky Business contributor Hilary Louise about a report the centre did into North Korea’s IT industry.

Yep, they have one, and you’ll be surprised by its scope and reach. That’s this week’s feature interview.

This week’s sponsor interview is with Signal Sciences co-founder and CEO Andrew Peterson. Andrew was at a Gartner event in DC last week, and I grabbed some time with him to talk about what’s new in DevSecOps, how people are applying various DevSecOps tools, and what the general awareness of good DevSecOps practices is out there. Andrew’s prior career was in development, not security. He and Zane Lackey worked together at Etsy and Signal Sciences was very much inspired by the work they both did there. Andrew says analysts are starting to understand that web application security isn’t something you drop on to a network in an appliance and things are actually changing.

Mark “Pipes” Piper is this week’s news guest. All the show links are below and you can follow Patrick, Pipes or Hilary, if that floats your boat.

Show notes Founder of Cybersecurity Company Says His Firm Was Sanctioned Because He was Born in Russia - Motherboard Treasury Sanctions Russian Federal Security Service Enablers | U.S. Department of the Treasury Republican senators move to block Trump’s deal to revive ZTE | Ars Technica WannaCry Hero Marcus Hutchins' New Legal Woes Spell Trouble for White Hat Hackers | WIRED Cisco's Talos Intelligence Group Blog: VPNFilter Update - VPNFilter exploits endpoints, targets new devices Top U.S. counterintelligence official: Kaspersky's move to Switzerland doesn't matter Chinese hackers stole sensitive U.S. Navy submarine plans from contractor China ramps up hacking of U.S. high-tech companies | McClatchy Washington Bureau Flash zero-day shows up in Qatar amid geopolitical struggles NDAA pushes U.S. Cyber Command to be more aggressive Senator hopes to draw red line discouraging election cyberattacks Congress wants to prevent states from weakening encryption FBI announces arrest of 74 email fraudsters on three continents For almost 11 years, hackers could easily bypass 3rd-party macOS signature checks | Ars Technica I can be Apple, and so can you | Okta This app in Google Play wants to use phone mics to enforce copyrights | Ars Technica In a blow to e-voting critics, Brazil suspends use of all paper ballots | Ars Technica Some Signal Disappearing Messages Are Not Disappearing - Motherboard US Government Probes Airplane Vulnerabilities, Says Airline Hack Is ‘Only a Matter of Time’ - Motherboard Hackers Crashed a Bank’s Computers While Attempting a SWIFT Hack Apple just banned cryptocurrency mining on iOS devices | Ars Technica Ethereum "Giveaway" Scammers Have Tricked People Out of $4.3 Million Around 5% of All Monero Currently in Circulation Has Been Mined Using Malware Trik Spam Botnet Leaks 43 Million Email Addresses DPRK's Shadow Sector report