Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
https://risky.biz/
Risky Business #561 -- Report: NSO exploits used against politicians, senior military targets
On this week’s show Patrick Gray and Mark Piper discuss all the week’s security news, including:
- NSO Group malware turning up in some unexpected places
- Bluekeep mass exploitation finally begins
- Owning smart home devices with friggin’ lasers
- Two plead guilty to hacks on Lynda.com, Uber
- Imperva CEO departs following breach
- TLS Delegated Credentials sound like A VERY GOOD IDEA
- Cybercommand heads to Montenegro
- Much, much more
This week’s show is brought to you by Thinkst Canary. Haroon Meer and Adrian Sanabria from Thinkst recently did a keynote talk at the Virus Bulletin conference in London. Titled “The Security Products We Deserve,” it’s a stinging critique of the security product lifecycle. VC firms keeping stupid ideas alive, analyst firms being parasites, vendors not doing security testing on their equipment and so much more. We’ll be talking to Haroon Meer about that keynote in this week’s sponsor interview, which will run after this week’s news segment.
Links to everything are below.
Show notes Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources - Reuters Snooping row: Priyanka Gandhi's WhatsApp also targeted, claims Congress | India News - Times of India WhatsApp's Case Against NSO Group Hinges on a Tricky Legal Argument | WIRED Facebook deletes the accounts of NSO Group workers | Ars Technica The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic | WIRED Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home | WIRED 2 Plead Guilty in 2016 Uber and Lynda.com Hacks - The New York Times Imperva planned to keep its CEO through a merger. Two months after a breach, he’s out. Facebook, Mozilla, and Cloudflare announce new TLS Delegated Credentials standard | ZDNet Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections Election security drill pits red-team hackers against DHS, FBI and police The count of managed service providers getting hit with ransomware mounts | Ars Technica Japanese media giant Nikkei says $29 million lost in BEC scam An inside look at WP-VCD, today's largest WordPress hacking operation | ZDNet Chinese hackers developed malware to steal SMS messages from telco's network | ZDNet Thousands of QNAP NAS devices have been infected with the QSnatch malware | ZDNet Utah renewables company was hit by rare cyberattack in March Ubisoft reports 93% drop in DDoS attacks after pushing back against attackers | ZDNet Breaches at NetworkSolutions, Register.com, and Web.com — Krebs on Security How would MITRE’s popular cyberattack framework apply to industrial control systems? Google Is Helping Design an Open Source, Ultra-Secure Chip | WIRED Alleged Capital One hacker Paige Thompson to be released before trial Huawei calls hackers to Munich for secret bug bounty meeting | TechCrunch GitLab considers ban on new hires in China and Russia due to espionage fears | ZDNet Keynote address: The security products we deserve - YouTube