Adam Boileau is along this week to discuss the week’s security news. We cover:
- Zoom’s week from hell
- BA, Marriott face massive GDPR fines
- Seth Rich conspiracy originated from Russia’s SVR
- Coast Guard warns of ship hax
- Cybercommand issues warning on DDE exploitation
- PGP ecosystem having a rough time
- Much, much more!
This week’s show is brought to you by our lovely friends at Signal Sciences. I guess you’d call them a next generation WAF. Signal Sciences co-founder and CTO Zane Lackey will be along in this week’s sponsor interview to plug their new cloud-based WAF product, and also to have a chat about a trend he’s seeing at non-security conferences – more high quality security content.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- A Zoom Flaw Gives Hackers Easy Access to Your Webcam | WIRED
- British Airways fined $229 million under GDPR for data breach tied to Magecart
- Automated Magecart Campaign Hits Over 960 Breached Stores
- Marriott faces $123 million GDPR fine in the UK for last year's data breach | ZDNet
- Huawei staff and Chinese military have deep links, study claims
- Conspiracyland: The Russian connection to Seth Rich conspiracies
- US Coast Guard warns about malware designed to disrupt ships' computer systems | ZDNet
- US Cyber Command issues alert about hackers exploiting Outlook vulnerability | ZDNet
- Someone Is Spamming and Breaking a Core Component of PGP’s Ecosystem - VICE
- Apple reveals App Store takedown demands by governments | TechCrunch
- ICE mined driver’s license photos for facial recognition | TechCrunch
- London Police Facial Recognition ‘Fails 80% Of The Time And Must Stop Now’
- CBP suspends Perceptics from doing government business following data breach
- Over 90 Million Records Leaked by Chinese Public Security Department
- UK's largest police forensics lab paid ransom demand to recover locked data | ZDNet
- Mozilla blocks UAE bid to become an internet security guardian after hacking reports - Reuters
- UK ISP group names Mozilla 'Internet Villain' for supporting 'DNS-over-HTTPS' | ZDNet
- First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol | ZDNet
- Canonical GitHub account hacked, Ubuntu source code safe | ZDNet
- Backdoor found in Ruby library for checking for strong passwords | ZDNet
- Tor Project to fix bug used for DDoS attacks on Onion sites for years | ZDNet
- OpenID Foundation says 'Sign In with Apple' is not secure enough | ZDNet
- Industry Breach Alert Published by US National Trade Association ALTA
- Beware of Fake Microsoft OneNote Audio Note Phishing Emails
- Fake Samsung firmware update app tricks more than 10 million Android users | ZDNet
- 7-Eleven Japanese customers lose $500,000 due to mobile app flaw | ZDNet
- 'Silence' hackers hit banks in Bangladesh, India, Sri Lanka, and Kyrgyzstan | ZDNet
- Who’s Behind the GandCrab Ransomware? — Krebs on Security
- Seriously, stop using RSA | Trail of Bits Blog