Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
https://risky.biz/
Risky Business #547 -- Zoom-gate, massive GDPR fines, ship hack warnings and more
Adam Boileau is along this week to discuss the week’s security news. We cover:
- Zoom’s week from hell
- BA, Marriott face massive GDPR fines
- Seth Rich conspiracy originated from Russia’s SVR
- Coast Guard warns of ship hax
- Cybercommand issues warning on DDE exploitation
- PGP ecosystem having a rough time
- Much, much more!
This week’s show is brought to you by our lovely friends at Signal Sciences. I guess you’d call them a next generation WAF. Signal Sciences co-founder and CTO Zane Lackey will be along in this week’s sponsor interview to plug their new cloud-based WAF product, and also to have a chat about a trend he’s seeing at non-security conferences – more high quality security content.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes A Zoom Flaw Gives Hackers Easy Access to Your Webcam | WIRED British Airways fined $229 million under GDPR for data breach tied to Magecart Automated Magecart Campaign Hits Over 960 Breached Stores Marriott faces $123 million GDPR fine in the UK for last year's data breach | ZDNet Huawei staff and Chinese military have deep links, study claims Conspiracyland: The Russian connection to Seth Rich conspiracies US Coast Guard warns about malware designed to disrupt ships' computer systems | ZDNet US Cyber Command issues alert about hackers exploiting Outlook vulnerability | ZDNet Someone Is Spamming and Breaking a Core Component of PGP’s Ecosystem - VICE Apple reveals App Store takedown demands by governments | TechCrunch ICE mined driver’s license photos for facial recognition | TechCrunch London Police Facial Recognition ‘Fails 80% Of The Time And Must Stop Now’ CBP suspends Perceptics from doing government business following data breach Over 90 Million Records Leaked by Chinese Public Security Department UK's largest police forensics lab paid ransom demand to recover locked data | ZDNet Mozilla blocks UAE bid to become an internet security guardian after hacking reports - Reuters UK ISP group names Mozilla 'Internet Villain' for supporting 'DNS-over-HTTPS' | ZDNet First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol | ZDNet Canonical GitHub account hacked, Ubuntu source code safe | ZDNet Backdoor found in Ruby library for checking for strong passwords | ZDNet Tor Project to fix bug used for DDoS attacks on Onion sites for years | ZDNet OpenID Foundation says 'Sign In with Apple' is not secure enough | ZDNet Industry Breach Alert Published by US National Trade Association ALTA Beware of Fake Microsoft OneNote Audio Note Phishing Emails Fake Samsung firmware update app tricks more than 10 million Android users | ZDNet 7-Eleven Japanese customers lose $500,000 due to mobile app flaw | ZDNet 'Silence' hackers hit banks in Bangladesh, India, Sri Lanka, and Kyrgyzstan | ZDNet Who’s Behind the GandCrab Ransomware? — Krebs on Security Seriously, stop using RSA | Trail of Bits Blog