Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
https://risky.biz/
Risky Business #548 -- Zoom RCE details and all the week's news
Adam Boileau is along this week to discuss the week’s security news. We cover:
- US mayors agree: no more paying off ransomware crews
- BitPoint exchange loses $32m in cryptocurrency
- FinSpy is back, big time
- Chinese AV companies won’t flag government malware
- US security companies free to help political campaigns with discounted services, products
- Facebook to pay $5bn privacy fine with money from its spare pants
- Much, much more
Assetnote’s Shubham Shah also joins the news segment to dish on the Zoom RCE bug he and his team found back in March.
This week’s sponsor is Kasada, an Australian company that runs a bot filtering service. Kasada is a relatively new company but they’re kicking some pretty serious goals here in Australia and are now pushing into other markets like the USA. But instead of supplying us with one of their people, they suggested we interview one of their customers - REA Group CSO and head of platform Craig Templeton.
REA Group runs realestate.com.au, Australia’s biggest real estate listings website. They had all sorts of trouble with content scrapers, bots causing service interruptions, cred stuffing, you name it. In the end they went with Kasada to solve their bot problems and Craig pops by this week to talk about the issues they were having and to sing Kasada’s praises. Getting a reference customer to speak publicly is a Herculean task, so full credit to Kasada for making this one happen. If you operate a website that pushes a lot of traffic you’ll want to hear that interview.
Show notes US mayors group adopts resolution not to pay any more ransoms to hackers | ZDNet Monroe College Hit With Ransomware, $2 Million Demanded Bitpoint cryptocurrency exchange hacked for $32 million | ZDNet The developers of the notorious FinSpy spyware are innovating — and thriving Chinese Antivirus Companies Don’t Flag Chinese Border Malware - VICE Why Cyber Command’s latest warning is a win for the government's information sharing efforts Congressional pressure builds for White House to share classified cyber authorizations FEC: Campaigns Can Use Discounted Cybersecurity Services — Krebs on Security Senators grill FTC over reported $5 billion Facebook settlement Update on the availability of some Galileo Initial Services | European Global Navigation Satellite Systems Agency P1 Labs » Presenting QCSuper: a tool for capturing your 2G/3G/4G air traffic on Qualcomm-based phones Revealed: This Is Palantir’s Top-Secret User Manual for Cops - VICE How Julian Assange turned an embassy into a command post for election meddling - CNNPolitics US defense contractor falls for $3 million email scam — Quartz Italian police raid of neo-fascist militants finds air-to-air missile [Updated] | Ars Technica Brazil is at the forefront of a new type of router attack | ZDNet NCSC Issues Alert About Active DNS Hijacking Attacks Magecart Hacker Group Hits 17,000 Domains—and Counting | WIRED Hacker steals data of millions of Bulgarians, emails it to local media | ZDNet Hackers breached Greece's top-level domain registrar | ZDNet EFF Hits AT&T With Class Action Lawsuit for Selling Customers’ Location to Bounty Hunters - VICE Sprint says hackers breached customer accounts via Samsung website | ZDNet New Android malware replaces legitimate apps with ad-infested doppelgangers | ZDNet Academics steal data from air-gapped systems via a keyboard's LEDs | ZDNet Bad McAfee Exploit Prevention Update Blocked Windows Logins Google to remove Chrome's built-in XSS protection (XSS Auditor) | ZDNet Microsoft Azure AD FIDO2 Passwordless Sign-In in Public Preview Apple disables Walkie Talkie app due to vulnerability that could allow iPhone eavesdropping | TechCrunch Meet the World’s Biggest ‘Bulletproof’ Hoster — Krebs on Security Zoom Will Fix the Flaw That Let Hackers Hijack Webcams | WIRED Apple has pushed a silent Mac update to remove hidden Zoom web server | TechCrunch (9) Karan Lyons on Twitter: "MRT update 1.46 now removes vulnerable web servers for Zoom, RingCentral, Telus Meetings, BT Cloud Phone Meetings, Office Suite HD Meeting, AT&T Video Meetings, BizConf, Huihui, UMeeting, Zhumu, and Zoom CN." / Twitter (9) Jonathan Leitschuh on Twitter: "A Remote Code Execution Vulnerability was present in all of these @zoom_us white label desktop apps. This is the full list of applications that @Apple's MRT update will now silently remove from your machines for you. If you want to be proactive, update your MRT to 1.46 https://t.co/rGlwjbQmkg" / Twitter Jira Server and Data Center Update Patches Critical Vulnerability (10) pyn3rd on Twitter: "#CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE https://t.co/rFkENoGiVx" / Twitter Assetnote Kasada | Security Redefined