Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

• ASD launches offensive action against criminals
• Bio-tech firms working on COVID-19 targeted by ransomware
• Iran targets WHO
• Did you hear there’s a security issue with Zoom? You might not have heard. Don’t worry we’ll tell you about it
• Much, much more

This week’s show is brought to you by Yubico, makers of the Yubikey devices.

Yubico’s Chief Solutions Officer Jerrod Chong will be along in this week’s sponsor interview to talk through a few things: what is he seeing out there among users? As you’ll hear, he’s seeing what all of us are seeing, a massive rush to enable remote working. Jerrod also us through some new stuff Yubico is planning, from managed credential services through to biometric Yubikeys. Don’t miss it!

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Australian government says it is hacking criminals who are exploiting the pandemic Hackers ‘Without Conscience’ Target Health-Care Providers - Bloomberg Exclusive: Hackers linked to Iran target WHO staff emails during coronavirus - sources - Reuters Iran’s ban on Telegram that was intended to facilitate domestic spying backfired DarkHotel hackers use VPN zero-day to breach Chinese government agencies | ZDNet NASA sees an “exponential” jump in malware attacks as personnel work from home | Ars Technica So Wait, How Encrypted Are Zoom Meetings Really? | WIRED Zoom admits some calls were routed through China by mistake | TechCrunch Zoom founder promises to remedy security, privacy concerns during a 'feature freeze' - CyberScoop New York City bans Zoom in schools, citing security concerns | TechCrunch DOJ says Zoom-bombing is a crime | ZDNet Video service Zoom taking security seriously: U.S. government memo - Reuters The Zoom Privacy Backlash Is Only Getting Started | WIRED The internet is now rife with places where you can organize Zoom-bombing raids | ZDNet Why Zoom Really Needs Better Privacy: $1.4 Million Orders Show The US Government’s COVID-19 Response Is Now Relying On It ‘War Dialing’ Tool Exposes Zoom’s Password Problems — Krebs on Security Microsoft Buys Corp.com So Bad Guys Can’t — Krebs on Security Experts agree: Internet voting isn’t ready for COVID-19 crisis - Risky Business Schiff wants ODNI to scrub out politics from election security briefs PayPal and Venmo Are Letting SIM Swappers Hijack Accounts - VICE Google backs Apple's SMS OTP standard proposal | ZDNet Microsoft announces IPE, a new code integrity feature for Linux | ZDNet Chrome 81 released with initial support for the Web NFC standard | ZDNet A Hacker Found a Way to Take Over Any Apple Webcam | WIRED Hardware microphone disconnect in Mac and iPad - Apple Support Hacking forum gets hacked for the second time in a year | ZDNet A hacker has wiped, defaced more than 15,000 Elasticsearch servers | ZDNet Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others | ZDNet Remote working security: Thousands of misconfigured Atlassian instances ripe for unauthorized access | The Daily Swig Cisco rations VPNs for staff as strain of 100,000+ home workers hits its network • The Register Twisted programming framework stung by brace of request smuggling vulnerabilities | The Daily Swig How we abused Slack's TURN servers to gain access to internal services | Communication Breakdown Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others — Krebs on Security XSS vulnerability found in Mozilla’s XSS-prevention library | The Daily Swig On signing the Joint Statement of the Russian Federation and the Republic of Burundi on the non-deployment of weapons in space by the first - News - Ministry of Foreign Affairs of the Russian Federation Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike - Reuters Seriously Risky Business