Risky Business #545 -- US Government loses control of customs mugshot database

PLUS: Android devices shipped certified pre-pwned...
12 Jun 2019 » Risky Business

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news, including:

  • CBP loses photo and license plate database
  • Some Android phones shipped with backdoor
  • Info on Google’s cloud outage
  • USG ramps up “defend forward”
  • Trump and Mnuchin can’t get their stories straight on Huawei
  • The latest from Baltimore, more on that RDP bug
  • TalkTalk hacker sentenced
  • Much, much more

This week’s show is brought to you by Remediant! Remediant CEO Tim Keeler will be along this week to have a chinwag. We’ll talk about how simple security tech is really en vogue these days and how that’s a good thing.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

CBP says hackers stole license plate and travelers' photos | ZDNet
Hackers Breach Company That Makes License Plate Readers for U.S. Government - VICE
Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online • The Register
Google confirms that advanced backdoor came preinstalled on Android devices | Ars Technica
Two-thirds of iOS apps disable ATS, an iOS security feature | ZDNet
How a Google Cloud Catch-22 Broke the Internet | WIRED
Google Cloud Status Dashboard
U.S. ramping up offensive cyber measures to stop economic attacks, Bolton says
Trump and Mnuchin on Huawei, trade, national security
Huawei executive labeled a 'moral vacuum' in heated UK hearing - CNN
Russia and Iran Plan to Fundamentally Isolate the Internet | WIRED
For two hours, a large chunk of European mobile traffic was rerouted through China | ZDNet
Baltimore’s bill for ransomware: Over $18 million, so far | Ars Technica
A botnet is brute-forcing over 1.5 million RDP servers all over the world | ZDNet
Microsoft warns about email spam campaign abusing Office vulnerability | ZDNet
SymCrypt Bug Would Let Attacker "Take Down Entire Windows Fleet"
Senator asks Department of Justice if it can keep a lid on its software exploits
'You don't stand a chance': how the press freedom argument will go for Assange
TalkTalk hacker Daniel Kelley sentenced to four years - BBC News
A Push to Protect Campaigns from Hackers Hits an FEC Roadblock | WIRED
Top voting machine maker reverses position on election security, promises paper ballots | TechCrunch
Windows 10 zero-day details published on GitHub | ZDNet
Microsoft NTLM Flaws Expose All Windows Machines to RCE Attacks
New RCE vulnerability impacts nearly half of the internet's email servers | ZDNet
Major HSM vulnerabilities impact banks, cloud providers, governments | ZDNet
'RAMBleed' Rowhammer attack can now steal data, not just alter it | ZDNet
A backdoor in Optergy tech could remotely shut down a smart building ‘with one click’ | TechCrunch
That push notification on your phone might be a phishing attempt
New Spam Campaign Controlled by Attackers via DNS TXT Records
Fortune 500 giant Tech Data exposed customer and billing data | TechCrunch
FBI Issues Warning on ‘Secure’ Websites Used For Phishing
Diebold Nixdorf warns customers of RCE bug in older ATMs | ZDNet
Microsoft Blocks Some Bluetooth Devices Due to Security Risks
Apple's 'Find My' Feature Uses Some Very Clever Cryptography | WIRED
VLC 3.0.7 is Biggest Security Release Due to EU Bounty Program
How to create an EVIL LTE Twin – Adam Toscher – Medium