Risky Business

This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:

• Facebook breach impacts 50m accounts
• US courts deny authorities’ attempted FB messenger wiretap
• Uber fined $148m for nondisclosure of 2016 breach
• Fancy Bear-linked UEFI malware appears in wild
• UK Conservative party conference app leaks like sieve
• Twitter bans distribution of “hacked material”
• VPNFilter botnet gets more capabilities
• Duo arrested over $14m cryptocurrency SIM-swap heist
• MOAR

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Show notes 50 million Facebook accounts breached by access-token-harvesting attack | Ars Technica Facebook says it detected security breach after traffic spike | ZDNet Facebook sued hours after announcing security breach | ZDNet Facebook finds ‘no evidence’ hackers accessed connected apps | TechCrunch Exclusive: In test case, U.S. fails to force Facebook to wiretap Messenger calls - sources | Reuters Uber to pay $148 million to states for 2016 data breach - CyberScoop First UEFI malware discovered in wild is laptop security software hijacked by Russians | Ars Technica Report: Zoho's domain regularly exploited to move keylogger data UK Conservative Party conference app leaks MPs' personal details | ZDNet Twitter bans distribution of hacked materials ahead of US midterm elections | ZDNet Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: VPNFilter III: More Tools for the Swiss Army Knife of Malware Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks | ZDNet 2 men arrested in Oklahoma, suspected in $14 million cryptocurrency theft, hacking of California company | KFOR.com Hackers Are Holding High Profile Instagram Accounts Hostage - Motherboard Feds Force Suspect To Unlock An Apple iPhone X With Their Face U.S. looks to restart talks on global cyber norms Canadian restaurant chain suffers country-wide outage after malware outbreak | ZDNet Port of San Diego suffers cyber-attack, second port in a week after Barcelona | ZDNet Some Apple laptops shipped with Intel chips in "manufacturing mode" | ZDNet Google to no longer allow Chrome extensions that use obfuscated code | ZDNet Phishing campaign targets developers of Chrome extensions | ZDNet US sentences to prison its first ATM jackpotter | ZDNet FBI solves mystery surrounding 15-year-old Fruitfly Mac malware | ZDNet Hackers Can Stealthily Avoid Traps Set to Defend Amazon's Cloud | WIRED Alphabet launches VirusTotal Enterprise | ZDNet Researchers find vulnerability in Apple's MDM DEP process | ZDNet HD Moore on Twitter: "Estimate how old a device is based on it's MAC address with mac-ages.csv: https://t.co/GaMSvWDdAP (a huge thanks to @jedimercer for https://t.co/UaVcqxc1m4)… https://t.co/Vnm85fnM5s" Adobe Releases Security Updates for Acrobat that Fix 86 Vulnerabilities Security Update for Foxit PDF Reader Fixes 118 Vulnerabilities (PDF) Weaponizing the haters: The Last Jedi and the strategic politicization of pop culture through social media manipulation. Gigamon Insight | Gigamon