Risky Business

On this week’s show Patrick and Adam talk through all the week’s security news, including:

• New executive order paved way for Huawei ban
• Google pulls service from Huawei
• No wait, that’s not right, it’s for new handsets
• The ban’s now reversed to allow them to continue the support that they didn’t have to discontinue?
• I’m so confused
• ¯_(ツ)_/¯
• Israeli broadcaster fingers Hamas over Eurovision coverage hack
• New moves to regulate offensive cyber services
• Salesforce has a bad time
• Instagram influencers have a bad time (Hah!)
• OGUsers pwned
• Much, much more

This week’s show is brought to you by CMD Security. They make security software for Linux that does two things – firstly it gives you visibility into what’s happening on your Linux workloads, which actions are being performed by which accounts, that sort of thing. The second thing it does is allow you to lock down accounts by action, rather than by traditional privilege. They’re funded by Google Ventures, among others, and although they’re a relatively small and new company I think they’re going to do really well.

Jake was just at a MITRE conference in Brussels that was all about the Attack Matrix. He’s joining me this week to have a bit of talk about his experience at that event, then we’ll be talking through some of the issues he’s seeing out there in Linux cloud workload land. Jake’s a great communicator and a very smart guy and that interview is a lot of fun.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes White House executive order sets path for ban on Huawei Exclusive: Google suspends some business with Huawei after Trump blacklist - source - Reuters Google's Huawei Android restrictions: what does it mean for you? [Updated] | TechRadar Trump grants temporary reprieve from Huawei ban | Financial Times Israel’s national broadcaster accuses Hamas of Eurovision hack | Jewish News Lawmakers seek probe on U.S. hacking services sold globally - Reuters U.S. lawmakers call on spy chief to rein in spread of hacking tools - Reuters Facebook bans Israeli company that's been sharing disinfo on West African politics Faulty database script brings Salesforce to its knees | ZDNet Millions of Instagram influencers had their private contact data scraped and exposed | TechCrunch Account Hijacking Forum OGusers Hacked — Krebs on Security The Most Expensive Lesson Of My Life: Details of SIM port hack Chinese cyberspies breached TeamViewer in 2016 | ZDNet Baltimore ransomware nightmare could last weeks more, with big consequences | Ars Technica Ohio school sends students home because of Trickbot malware infection | ZDNet Google Will Replace Titan Security Key Over a Bluetooth Flaw | WIRED Bluetooth's Complexity Has Become a Security Risk | WIRED First official version of Tor Browser for Android released on the Play Store | ZDNet Root account misconfigurations found in 20% of top 1,000 Docker containers | ZDNet The Crowd, The Source… – CTUS.IO New windows LPE from non-admin :) : AskNetsec How CSIRO Computers Were Secretly Used To Mine Bitcoin | 10 daily Company behind LeakedSource pleads guilty in Canada | ZDNet Bots Tampering with TLS to Avoid Detection - Akamai Security Intelligence and Threat Research Blog Hackers abuse ASUS cloud service to install backdoor on users’ PCs | Ars Technica The radio navigation planes use to land safely is insecure and can be hacked | Ars Technica 1801 - Visual Voicemail for iPhone: Use-after-free in IMAP NAMESPACE processing - project-zero - Monorail Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site Microsoft releases new version of Attack Surface Analyzer utility | ZDNet Cisco Upgrades Remote Code Execution Flaws to Critical Severity Additional mitigations for speculative execution vulnerabilities in Intel CPUs - Apple Support AT&T Homepage Mistakenly Warns Users of a Non-Existent Data Breach - VICE Encryption fix may now be dead - InnovationsAus.com Request a live demo_