Risky Business Podcast
July 17, 2019
Risky Business #548 -- Zoom RCE details and all the week's news
Presented by
CEO and Publisher
Technology Editor
Adam Boileau is along this week to discuss the week’s security news. We cover:
- US mayors agree: no more paying off ransomware crews
- BitPoint exchange loses $32m in cryptocurrency
- FinSpy is back, big time
- Chinese AV companies won’t flag government malware
- US security companies free to help political campaigns with discounted services, products
- Facebook to pay $5bn privacy fine with money from its spare pants
- Much, much more
Assetnote’s Shubham Shah also joins the news segment to dish on the Zoom RCE bug he and his team found back in March.
This week’s sponsor is Kasada, an Australian company that runs a bot filtering service. Kasada is a relatively new company but they’re kicking some pretty serious goals here in Australia and are now pushing into other markets like the USA. But instead of supplying us with one of their people, they suggested we interview one of their customers - REA Group CSO and head of platform Craig Templeton.
REA Group runs realestate.com.au, Australia’s biggest real estate listings website. They had all sorts of trouble with content scrapers, bots causing service interruptions, cred stuffing, you name it. In the end they went with Kasada to solve their bot problems and Craig pops by this week to talk about the issues they were having and to sing Kasada’s praises. Getting a reference customer to speak publicly is a Herculean task, so full credit to Kasada for making this one happen. If you operate a website that pushes a lot of traffic you’ll want to hear that interview.
Brought to you by Kasada
Finally, automated threats aren’t your problem
Show notes
US mayors group adopts resolution not to pay any more ransoms to hackers | ZDNet
Monroe College Hit With Ransomware, $2 Million Demanded
Bitpoint cryptocurrency exchange hacked for $32 million | ZDNet
The developers of the notorious FinSpy spyware are innovating — and thriving
Chinese Antivirus Companies Don’t Flag Chinese Border Malware - VICE
Why Cyber Command’s latest warning is a win for the government's information sharing efforts
Congressional pressure builds for White House to share classified cyber authorizations
FEC: Campaigns Can Use Discounted Cybersecurity Services — Krebs on Security
Senators grill FTC over reported $5 billion Facebook settlement
Revealed: This Is Palantir’s Top-Secret User Manual for Cops - VICE
How Julian Assange turned an embassy into a command post for election meddling - CNNPolitics
US defense contractor falls for $3 million email scam — Quartz
Italian police raid of neo-fascist militants finds air-to-air missile [Updated] | Ars Technica
Brazil is at the forefront of a new type of router attack | ZDNet
NCSC Issues Alert About Active DNS Hijacking Attacks
Magecart Hacker Group Hits 17,000 Domains—and Counting | WIRED
Hacker steals data of millions of Bulgarians, emails it to local media | ZDNet
Hackers breached Greece's top-level domain registrar | ZDNet
EFF Hits AT&T With Class Action Lawsuit for Selling Customers’ Location to Bounty Hunters - VICE
Sprint says hackers breached customer accounts via Samsung website | ZDNet
New Android malware replaces legitimate apps with ad-infested doppelgangers | ZDNet
Academics steal data from air-gapped systems via a keyboard's LEDs | ZDNet
Bad McAfee Exploit Prevention Update Blocked Windows Logins
Google to remove Chrome's built-in XSS protection (XSS Auditor) | ZDNet
Microsoft Azure AD FIDO2 Passwordless Sign-In in Public Preview
Meet the World’s Biggest ‘Bulletproof’ Hoster — Krebs on Security
Zoom Will Fix the Flaw That Let Hackers Hijack Webcams | WIRED
Apple has pushed a silent Mac update to remove hidden Zoom web server | TechCrunch
Jira Server and Data Center Update Patches Critical Vulnerability