Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Former Uber CSO Joe Sullivan charged with obstruction of justice
• Whitehouse to concede WeChat carveouts for US operations in China
• A bunch of news that sounds like it’s from 1997

This week’s sponsor interview is with Bugcrowd’s CTO Casey Ellis. He’s joining us to talk about some US election-related vulnerability disclosure programs that have kicked off in the USA. Voting machine maker ES&S has launched one as has the state of Ohio.

Links to everything that we discussed are below and you can follow Patrickor Adam on Twitter if that’s your thing.

Show notes Former Uber CSO charged for 2016 hack cover-up | ZDNet Trump Team Reassures Apple, Others on Using WeChat in China - Bloomberg TikTok Sues U.S. Government Over Trump Ban - The New York Times TikTok Complaint (1) Bobby Chesney on Twitter: "Looking forward to seeing the details of the complaint. But that said, the most TikTok possibly can get here is a delay, and thus possibly a better deal when they are sold. Courts will *not* second-guess the ultimate *merits* determination under IEEPA or CFIUS, full stop. 1/4" / Twitter Google fixes major Gmail bug seven hours after exploit details go public | ZDNet Security researcher discloses Safari bug after Apple delays patch | ZDNet CISA warns of BLINDINGCAN, a new strain of North Korean malware | ZDNet Taiwan accuses Chinese hackers of aggressive attacks on government agencies “DeathStalker” hackers are (likely) older and more prolific than we thought | Ars Technica Hackers Leak Alleged Internal Files of Chinese Social Media Monitoring Firms FBI, CISA Echo Warnings on ‘Vishing’ Threat — Krebs on Security Voice Phishers Targeting Corporate VPNs — Krebs on Security Feds warn election officials of potentially malicious ‘typosquatting’ websites Cyber Command deploys abroad to fend off foreign hacking ahead of the 2020 election Report claims a popular iOS SDK is stealing click revenue from other ad networks | ZDNet Tens of suspects arrested for cashing-out Santander ATMs using software glitch | ZDNet ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks | ZDNet University of Utah pays $457,000 to ransomware gang | ZDNet Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites | ZDNet Weeks after malware disruption, New York hospital is getting back online WannaRen ransomware author contacts security firm to share decryption key | ZDNet Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme | ZDNet Russian National Arrested for Conspiracy to Introduce Malware into a Nevada Company's Computer Network | OPA | Department of Justice New P2P botnet infects SSH servers all over the world | Ars Technica Browser fingerprinting ‘more prevalent on the web now than ever before’ – research | The Daily Swig Bcrypt hashing library bug leaves Node.js applications open to brute-force attacks | The Daily Swig Google Firebase messaging vulnerability allowed attackers to send push notifications to app users | The Daily Swig US government built secret iPod with Apple’s help, former engineer says | Ars Technica Former Uber CSO charged with obstruction of justice - Risky Business