Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Details about Apple and Google’s contact tracing API and OS changes
• Alex Stamos joins Zoom as outside consultant
• More Zoom news
• US government weighs China Telecom ban following BGP hijacking
• Travelex paid $2.3m to decrypt files in ransomware attack.

This week’s show is brought to you by AttackIQ. They make a breach and attack simulation platform that you can use to figure out which of your security controls are actually working. Carl Wright of AttackIQ will join the show to talk about the new, free online training they’re offering.

If you’re stuck at home like half the planet right now and you’re interested in operationalising MITRE ATT&CK then you can check out AttackIQ academy.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Seriously Risky Business Newsletter Subscription Page Srsly Risky Biz: Apple, Google to bring COVID-19 contact tracing to billions - Risky Business Clever Cryptography Could Protect Privacy in Covid-19 Contact-Tracing Apps | WIRED How Google Plans to Push Its Coronavirus Tracing Feature to Android Phones - VICE Former Facebook CSO Alex Stamos to join Zoom as outside security consultant | ZDNet Zoom removes meeting IDs from app title bar to improve privacy | ZDNet US Senate, German government tell staff not to use Zoom | ZDNet It's Official: Most Zoom Versions Now Off-Limits to the Military | Military.com Senator calls on FTC to create guidelines for video teleconferencing software | ZDNet Senator backing anti-crypto bill calls out Zoom’s lack of end-to-end crypto | Ars Technica Interest in Zoom Zero-Day Hacks Is ‘Sky-High’ as Meetings Move Online - VICE Zoom shareholder accuses executives of fraud over security practices U.S., U.K. authorities warn of state-linked and criminal hacking exploiting coronavirus pandemic Fiverr Hosted 'Coronavirus Healers' and Dodgy Mask Sellers - VICE Citing BGP hijacks and hack attacks, feds want China Telecom out of the US | Ars Technica Travelex Paid $2.3 Million to Ransomware Gang: Report The Pentagon Hasn't Fixed Basic Cybersecurity Blind Spots | WIRED New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments — Krebs on Security Cloudflare dumps reCAPTCHA as Google intends to charge for its use | ZDNet San Francisco airport websites hacked to steal staff passwords, says notice | TechCrunch Russian state hackers behind San Francisco airport hack | ZDNet SEC settles with two suspects in EDGAR hacking case | ZDNet SEC.gov | Foreign National and American Trader Settle Fraud Charges in EDGAR Hacking Case Lawyer for alleged Methbot boss Aleksandr Zhukov wants case dismissed amid coronavirus concerns Why you can’t trust your vote to the internet just yet - Risky Business Experts agree: Internet voting isn’t ready for COVID-19 crisis - Risky Business Experts: Internet voting isn’t ready for COVID-19 crisis Vote by Mail Isn't Perfect. But It's Essential in a Pandemic | WIRED DARPA snags Intel to lead its machine learning security tech | TechCrunch Dell releases new tool to detect BIOS attacks | ZDNet Micronaut CRLF injection bug opened the door to server-side request forgery | The Daily Swig 2021 - git: Newline injection in credential helper protocol - project-zero The Far-Right Helped Create The World's Most Powerful Facial Recognition Technology | HuffPost Australia AttackIQ Platform, continuous validation of your security control.