Risky Business #553 -- Imperva's cloud WAF gets owned hard

On this week’s show Adam Boileau and Patrick Gray discuss the week’s security news, including: Fortinet, Pulse Security VPNs are being exploited in wild Imperva’s cloud WAF gets colossally owned US authorities fear ransomware attacks against election systems Apple fixes re-introduced jailbreak bug Telegram design choice puts HK protestors at risk Researcher drops two 0days in Valve’s Steam client after bounty spat Much, much more This week’s sponsor guest is Ryan Kalember, EVP of cybersecurity strategy with Proofpoint. Ryan is stopping by this week to touch on a couple of topics. He’ll tell us why Proofpoint didn’t attribute a recent malware campaign targeting US utilities to APT10 despite there being some pretty APT10-like tradecraft used in that particular campaign. He’ll also talk a bit about how thread hijacking is a giant pain in the ass. That’s where attackers take over a mailbox, then just jump right in replying to existing mail threads. Detecting that is hard, of course, because it’s internal mail. It’s a great little mixed bag interview. Enjoy!