Risky Business

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

https://risky.biz/

subscribe
share






Risky Business #581 -- Chinese telcos under fire in USA, spy firms pitch COVID-19 surveillance


On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Spy companies pitch ridiculously invasive approaches to contact tracing
  • NSO Group busted running c2 boxes in USA according to WhatsApp lawsuit
  • Australian government releases contact tracing app, no idea if it works
  • Chinese telcos to get boot from USA
  • Much, much more

This week’s show is brought to you by Senetas. This week’s sponsor interview is with listener favourite, Senetas CTO Julian Fay. He’ll be along in this week’s show to talk about an open source project Senetas has put together – oqs-engine.

It’s an OpenSSL engine plugin you can go grab right now if you want to play around with Open Quantum Safe encryption algorithms. Senetas didn’t write the algorithms, but they have squeezed them into this handy OpenSSL engine plugin package. Julian drops in to tell us all about that.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Special Report: Cyber-intel firms pitch governments on spy tools to trace coronavirus - Reuters NSO Employee Abused Phone Hacking Tech to Target a Love Interest - VICE Facebook: Here’s Proof Israeli WhatsApp Hackers Ran Cyberweapons In America COVIDSafe RIPE opposes China's internet protocols upgrade plan | ZDNet Chinese telcos have 30 days to prevent US expulsion - Risky Business Flaw in iPhone, iPads may have allowed hackers to steal data for years - Reuters That no-click iOS 0-day reported to be under exploit doesn’t exist, Apple says | Ars Technica Google discloses zero-click bugs impacting several Apple operating systems | ZDNet Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks | WIRED How Spies Snuck Malware Into the Google Play Store—Again and Again | WIRED Vietnamese cyber-espionage has pivoted to Beijing's coronavirus response Researchers used a GIF to prove they could access Microsoft Teams user data CSI-SELECTING-AND-USING-COLLABORATION-SERVICES-SECURELY-LONG-FINAL.PDF Prague mayor under police protection amid reports of Russian plot | World news | The Guardian Poland implicates Russia in cyberattack, info op aimed at undercutting U.S. relations The Covid-19 Pandemic Reveals Ransomware's Long Game | WIRED Hackers are exploiting a Sophos firewall zero-day | ZDNet Malicious advertising slingers up the ante during Covid-19 pandemic | The Daily Swig Hackers have breached 60 ad servers to load their own malicious ads | ZDNet Unproven Coronavirus Therapy Proves Cash Cow for Shadow Pharmacies — Krebs on Security Hackers spoof SBA to try to compromise companies' computers Israel government tells water treatment companies to change passwords | ZDNet You can now manage Windows 10 devices through G Suite | ZDNet Nintendo says 160,000 users impacted in recent account hacks | ZDNet Nintendo isn’t saying, so here’s how to fend off the account hijacking spree | Ars Technica Another one-line npm package breaks the JavaScript ecosystem | ZDNet This Tweet Crashes Twitter - VICE The Air Force wants you to hack its satellite in orbit. Yes, really | TechCrunch Security researcher identifies new APT group mentioned in 2017 Shadow Brokers leak | ZDNet NSA shares list of vulnerabilities commonly exploited to plant web shells | ZDNet Detect and prevent web shell malware | Cyber.gov.au Instacart Sends Cease-and-Desist to Website That Automatically Placed Orders - VICE Insomnia Security GitHub - open-quantum-safe/oqs-engine: [Work in Progress] An OpenSSL ENGINE that enables the use of post-quantum digital signature algorithms from liboqs. Senetas, a leading provider of encryption technology


fyyd: Podcast Search Engine
share








 April 29, 2020  n/a