Risky Business #547 -- Zoom-gate, massive GDPR fines, ship hack warnings and more

Zoom is an even bigger trash fire than people realise...
10 Jul 2019 » Risky Business

Adam Boileau is along this week to discuss the week’s security news. We cover:

  • Zoom’s week from hell
  • BA, Marriott face massive GDPR fines
  • Seth Rich conspiracy originated from Russia’s SVR
  • Coast Guard warns of ship hax
  • Cybercommand issues warning on DDE exploitation
  • PGP ecosystem having a rough time
  • Much, much more!

This week’s show is brought to you by our lovely friends at Signal Sciences. I guess you’d call them a next generation WAF. Signal Sciences co-founder and CTO Zane Lackey will be along in this week’s sponsor interview to plug their new cloud-based WAF product, and also to have a chat about a trend he’s seeing at non-security conferences – more high quality security content.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

A Zoom Flaw Gives Hackers Easy Access to Your Webcam | WIRED
British Airways fined $229 million under GDPR for data breach tied to Magecart
Automated Magecart Campaign Hits Over 960 Breached Stores
Marriott faces $123 million GDPR fine in the UK for last year's data breach | ZDNet
Huawei staff and Chinese military have deep links, study claims
Conspiracyland: The Russian connection to Seth Rich conspiracies
US Coast Guard warns about malware designed to disrupt ships' computer systems | ZDNet
US Cyber Command issues alert about hackers exploiting Outlook vulnerability | ZDNet
Someone Is Spamming and Breaking a Core Component of PGP’s Ecosystem - VICE
Apple reveals App Store takedown demands by governments | TechCrunch
ICE mined driver’s license photos for facial recognition | TechCrunch
London Police Facial Recognition ‘Fails 80% Of The Time And Must Stop Now’
CBP suspends Perceptics from doing government business following data breach
Over 90 Million Records Leaked by Chinese Public Security Department
UK's largest police forensics lab paid ransom demand to recover locked data | ZDNet
Mozilla blocks UAE bid to become an internet security guardian after hacking reports - Reuters
UK ISP group names Mozilla 'Internet Villain' for supporting 'DNS-over-HTTPS' | ZDNet
First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol | ZDNet
Canonical GitHub account hacked, Ubuntu source code safe | ZDNet
Backdoor found in Ruby library for checking for strong passwords | ZDNet
Tor Project to fix bug used for DDoS attacks on Onion sites for years | ZDNet
OpenID Foundation says 'Sign In with Apple' is not secure enough | ZDNet
Industry Breach Alert Published by US National Trade Association ALTA
Beware of Fake Microsoft OneNote Audio Note Phishing Emails
Fake Samsung firmware update app tricks more than 10 million Android users | ZDNet
7-Eleven Japanese customers lose $500,000 due to mobile app flaw | ZDNet
'Silence' hackers hit banks in Bangladesh, India, Sri Lanka, and Kyrgyzstan | ZDNet
Who’s Behind the GandCrab Ransomware? — Krebs on Security
Seriously, stop using RSA | Trail of Bits Blog