Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
https://risky.biz/
Risky Business #590 -- Cyber Command sounds alarm on PAN's yolo checkbox of doom
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Inside the new American “e2ee busting” bill
- Julian Assange hit with (another) superseding indictment
- Trustwave uncovers sneaky Chinese accounting software backdoor
- OMFG Palo Alto WTF
- Much, much more…
This week’s show is brought to you by Okta. They are, of course, the identity and auth giant and one of the few sponsors we actually approached last year for 2020 because, well, they are very good at what they do. This week Marc will be joining us to talk about a privacy-related topic. The discussion is nuanced, but it’s basically about how the public perception of privacy risks has diverged from the reality/ Further, that the COVID-19 crisis and the advent of digital contact tracing apps have actually brought general concerns around digital privacy to the fore.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes Decrypting America's new push for lawful interception - Risky Business Australia's cyber security measures significantly increased with $1.3b injection for cyber spies CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication How to create a CA-signed certificate for Palo Alto Networks SAML Applications US Cyber Command says foreign hackers will most likely exploit new PAN-OS security bug | ZDNet Foreign adversaries likely to exploit critical networking bug, US says | Ars Technica Chinese bank forced western companies to install malware-laced tax software | ZDNet WikiLeaks founder charged with conspiring with Anonymous and LulzSec hackers | ZDNet An Embattled Group of Leakers Picks Up the WikiLeaks Mantle | WIRED TikTok and 53 other iOS apps still snoop your sensitive clipboard data | Ars Technica Google removes 25 Android apps caught stealing Facebook credentials | ZDNet India bans 59 Chinese apps, including TikTok, UC Browser, Weibo, and WeChat | ZDNet Russian Cybercrime Boss Burkov Gets 9 Years — Krebs on Security Russian national pleads guilty to being part of $568 million fraud ring Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL | ZDNet Apple strong-arms entire CA industry into one-year certificate lifespans | ZDNet COVID-19 ‘Breach Bubble’ Waiting to Pop? — Krebs on Security A hacker gang is wiping Lenovo NAS devices and asking for ransoms | ZDNet New WastedLocker ransomware demands payments of millions of USD | ZDNet New EvilQuest ransomware discovered targeting macOS users | ZDNet California university pays $1 million ransom amid coronavirus research Apple Safari 14 introduces ‘passwordless’ logins for websites | The Daily Swig Apple declined to implement 16 Web APIs in Safari due to privacy concerns | ZDNet CryptoCore hacker group has stolen more than $200m from cryptocurrency exchanges | ZDNet Sony launches PlayStation bug bounty program with rewards of $50K+ | ZDNet Protect your resources from web attacks with Fetch Metadata