Risky Business

On this week’s show Patrick and Mark Piper discuss the week’s security news, including:

• UK unveils Cyber Force
• US passes surprisingly sane IoT security law
• Symantec drops some APT10 research
• MobileIron bugs getting a decent workout courtesy of state-backed attackers
• Much, much more…

This week’s show is brought to you by ExtraHop Networks. Its VP of Security, Matt Cauthorn, joins the show this week to talk about how we might fare – technology wise – as COVID-19 cases spiral out of control in some parts of the world. With most of the heavy lifting on accelerated cloud adoption and work-from-home already done, Matt thinks the IT side of things is much better prepared for a second major pandemic-induced disruption than it was back in March.

Links to everything that we discussed are below and you can follow Patrick or Pipes on Twitter if that’s your thing.

Show notes UK formally unveils GCHQ's offensive cyber-operation shop After years of work, Congress passes 'internet of things' cybersecurity bill — and it's kind of a big deal Symantec implicates APT10 in sweeping hacking campaign against Japanese firms State-sponsored hackers try to exploit flaw in popular mobile software, UK warns The malware that usually installs ransomware and you need to remove right away | ZDNet Biotech research firm Miltenyi Biotec hit by ransomware, data leaked Ransomware attack forces web hosting provider Managed.com to take servers offline | ZDNet Hacker leaks the user data of event management app Peatix | ZDNet Fake Zoom invite cripples Aussie hedge fund with $8m hit Tradies frustrated by banks as business email scam costs them $51,000 - ABC News Australia’s spy agencies caught collecting COVID-19 app data | TechCrunch This Bluetooth Attack Can Steal a Tesla Model X in Minutes | WIRED Baidu's Android apps caught collecting sensitive user details | ZDNet Double-dipping scammers don't need malware to grab card numbers and turn a profit, report says GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services — Krebs on Security Liquid crypto-exchange says hacker accessed internal network, stole user data | ZDNet New WAPDropper malware abuses Android devices for WAP fraud | ZDNet Google Is Testing End-to-End Encryption in Android Messages | WIRED Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn | Ars Technica A Facebook Messenger Flaw Could Have Let Hackers Listen In | WIRED Cisco Webex bugs allow attackers to join meetings as ghost users | ZDNet Exploitation of Cisco Security Manager RCE flaws ‘imminent’ | The Daily Swig Minor controversy erupts over chained iOS exploit that harvests researchers’ crash dumps | The Daily Swig Patrick Gray on Twitter: "Have a read of their security expert’s website. Seriously. Check out the services page: https://t.co/w5Nv9zeeWE https://t.co/F2bwzK9n8G" / Twitter Office of National Intelligence - IT Systems Engineer