Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
https://risky.biz/
Risky Business #575 -- World drowns in Coronavirus phishing lures as crisis escalates
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Coronavirus phishing lures are everywhere
- Czech hospital ransomwared during crisis
- Voatz mobile voting app destroyed by Trail of Bits audit
- We recap yesterday’s livestream
- Windows SMBv3 bug probably not such a big deal
- ALL the week’s news
This week’s sponsor interview is with Sam Crowther, founder of Kasada. They do bot detection and mitigation and apparently they’re quite good at it. Sam joins the show to talk through the new greyhatter of anti-anti-bot. It’s actually a really fun conversation, that one, so stick around for it.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes State-sponsored hackers are now using coronavirus lures to infect their targets | ZDNet The Internet is drowning in COVID-19-related malware and phishing scams | Ars Technica undefined TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years | Proofpoint US Live Coronavirus Map Used to Spread Malware — Krebs on Security Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak | ZDNet High-Stakes Security Setups Are Making Remote Work Impossible | WIRED A Mobile Voting App That's Already in Use Is Filled With Critical Flaws - VICE Microsoft delivers emergency patch to fix wormable Windows 10 flaw | Ars Technica undefined undefined undefined undefined Medical Device Regulation: EU to give €100bn MedTech industry a security health check | The Daily Swig WordPress to add auto-update feature for themes and plugins | ZDNet undefined Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn't | ZDNet Avast disables JavaScript engine in its antivirus following major bug | ZDNet US is preparing to ban foreign-made drones from government use | TechCrunch Card data from the Volusion web skimmer incident surfaces on the dark web | ZDNet Intel CPUs vulnerable to new 'Snoop' attack | ZDNet Modern RAM used for computers, smartphones still vulnerable to Rowhammer attacks | ZDNet We Built a Database of Over 500 iPhones Cops Have Tried to Unlock - VICE The Web’s Bot Containment Unit Needs Your Help — Krebs on Security undefined Cyberattack Hits HHS During Coronavirus Response - Bloomberg Microsoft discontinues RDCMan app following security bug | ZDNet Google awards $100k to Dutch bug hunter for cutting-edge cloud security research | The Daily Swig #737140 Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies oracle chat on prem - Google Search Risky Business - Risky Business publications/voatz-securityreview.pdf at master · trailofbits/publications · GitHub publications/voatz-threatmodel.pdf at master · trailofbits/publications · GitHub Our Full Report on the Voatz Mobile Voting Platform | Trail of Bits Blog Securing a work from home workforce - YouTube