The CyberWire Daily Podcast 11.1.22
Ep 1695 | 11.1.22

OpenSSL patched today. The risk of misconfiguration. Cyberespionage (and the risk of mixing the personal with the official). Assistance for Ukraine's cyber defense., And a quick look at DNS threats.

Show Notes

OpenSSL is patched today. The misconfiguration risk to US government networks' security and compliance. Hacking Ms Truss's phone. Assistance for Ukraine's cyber defense. Joe Carrigan looks at the latest round of apps pulled from the Google Play Store. Our guest is Matias Madou of Secure Code Warrior on why cultivating a positive culture among security and developer teams continues to fall short. And a quick look at DNS threats.

Selected reading.

Effectively Preparing for the OpenSSL 3.x Vulnerability (Akamai) O

How The OpenSSL 3 Vulnerability Will Really Affect Your Environment (Nucleus Security) 

New Critical Flaw in OpenSSL: How to Know if You're at Risk (Rezilion)

Experts warn of critical security vulnerability discovered in OpenSSL (Application Security Blog)

The impact of exploitable misconfigurations on network security within US Federal organizations (Titania)

Liz Truss's personal phone hacked by Putin's spies (Mail Online) O

Truss phone was hacked by suspected Putin agents when she was foreign minister, the Daily Mail reports (Reuters) 

Liz Truss phone hack claim prompts calls for investigation (BBC News) 

Russian spies hacked Truss's personal phone (Computing)

Government urged to investigate report Liz Truss’s phone was hacked (the Guardian)

Ministers creating ‘wild west’ conditions with use of personal phones (the Guardian)

Suella Braverman admits sending official documents to personal email six times (The Telegraph) 

Ukraine War: UK reveals £6m package for cyber defence (BBC News)

DNS Threat Report — Q3 2022 (Akamai)