Risky Business

On this week’s show Patrick and Adam talk through all the week’s security news, including:

• NSO Group WhatsApp vuln coverage goes nuclear
• Activists targeted by NSO malware in hiding in west after CIA tipoffs
• Cisco Trust Anchor drags on sea floor
• Linux kernel bugs likely overhyped
• Adobe patches insane number of CVEs
• Microsoft patches rumoured GCHQ VEP’d RDP bug
• New hardware bugs affect Intel processors
• SHA-1 collisions become much more practical
• Major US anti-virus firms owned hard

This week’s sponsor interview with Ryan Kalember of Proofpoint. Ryan is a listener, and when he heard Adam talking about how password rotations actually result in crappy passwords, it hit a nerve with him. He says Proofpoint, via its CASBY product, is seeing a lot of targeted credential stuffing campaigns cycling through variations of passwords that have appeared in dumps.

Apparently the bad guys are hip to what a typical password rotation variation looks like and they’re using this knowledge to better direct their cred stuffing attempts.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes How Hackers Broke WhatsApp With Just a Phone Call | WIRED Israel gives 'Pegasus' spyware to countries like Saudi Arabia CIA Sent Warnings to 3 Khashoggi Associates About New Saudi Threats | Time WhatsApp Hack Shows End-to-End Encryption Is Pointless - Bloomberg The NSO WhatsApp Vulnerability - This is How It Happened - Check Point Research It’s Almost Impossible to Tell if Your iPhone Has Been Hacked - VICE Human rights groups to ask Israeli court to revoke NSO Group’s export license A Cisco Router Bug Has Massive Global Implications | WIRED Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution Security Updates Released for Adobe Flash Player, Reader, and Media Encoder Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003 — Krebs on Security Microsoft SharePoint vulnerability allows hackers to sift through servers, Saudi authorities warn Two years after WannaCry, a million computers remain at risk | TechCrunch Intel CPUs impacted by new Zombieload side-channel attack | ZDNet ZombieLoad attack lets hackers steal data from Intel chips - The Verge Patch status for the new MDS attacks against Intel CPUs | ZDNet SHA-1 collision attacks are now actually practical and a looming danger | ZDNet NVIDIA Patches High Severity Windows GPU Display Driver Flaws Keyloggers Injected in Web Trust Seal Supply Chain Attack Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond New Details Emerge of Fxmsp's Hacking of Antivirus Companies DOJ Says Chinese Hackers Attacked Anthem, but Not Why | WIRED “RobbinHood” ransomware takes down Baltimore City government networks | Ars Technica Julian Assange to face revived rape investigation in Sweden Former NSA analyst charged in leak of classified documents to reporter New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web | ZDNet Jokeroo Ransomware as a Service Pulls an Exit Scam Nigerian BEC Scammers Shifting to RATs As Tool of Choice Mozilla offers research grant for a way to embed Tor inside Firefox | ZDNet Experts Doubt Russian Claims That Cryptographic Flaw Was a Coincidence - VICE Microsoft recommends using a separate device for administrative tasks | ZDNet Unsecured server exposes data for 85% of all Panama citizens | ZDNet