Risky Business #548 -- Zoom RCE details and all the week's news

Adam Boileau and Shubham Shah talk news, bugs...
17 Jul 2019 » Risky Business

Adam Boileau is along this week to discuss the week’s security news. We cover:

  • US mayors agree: no more paying off ransomware crews
  • BitPoint exchange loses $32m in cryptocurrency
  • FinSpy is back, big time
  • Chinese AV companies won’t flag government malware
  • US security companies free to help political campaigns with discounted services, products
  • Facebook to pay $5bn privacy fine with money from its spare pants
  • Much, much more

Assetnote’s Shubham Shah also joins the news segment to dish on the Zoom RCE bug he and his team found back in March.

This week’s sponsor is Kasada, an Australian company that runs a bot filtering service. Kasada is a relatively new company but they’re kicking some pretty serious goals here in Australia and are now pushing into other markets like the USA. But instead of supplying us with one of their people, they suggested we interview one of their customers - REA Group CSO and head of platform Craig Templeton.

REA Group runs realestate.com.au, Australia’s biggest real estate listings website. They had all sorts of trouble with content scrapers, bots causing service interruptions, cred stuffing, you name it. In the end they went with Kasada to solve their bot problems and Craig pops by this week to talk about the issues they were having and to sing Kasada’s praises. Getting a reference customer to speak publicly is a Herculean task, so full credit to Kasada for making this one happen. If you operate a website that pushes a lot of traffic you’ll want to hear that interview.

Show notes

US mayors group adopts resolution not to pay any more ransoms to hackers | ZDNet
Monroe College Hit With Ransomware, $2 Million Demanded
Bitpoint cryptocurrency exchange hacked for $32 million | ZDNet
The developers of the notorious FinSpy spyware are innovating — and thriving
Chinese Antivirus Companies Don’t Flag Chinese Border Malware - VICE
Why Cyber Command’s latest warning is a win for the government's information sharing efforts
Congressional pressure builds for White House to share classified cyber authorizations
FEC: Campaigns Can Use Discounted Cybersecurity Services — Krebs on Security
Senators grill FTC over reported $5 billion Facebook settlement
Update on the availability of some Galileo Initial Services | European Global Navigation Satellite Systems Agency
P1 Labs » Presenting QCSuper: a tool for capturing your 2G/3G/4G air traffic on Qualcomm-based phones
Revealed: This Is Palantir’s Top-Secret User Manual for Cops - VICE
How Julian Assange turned an embassy into a command post for election meddling - CNNPolitics
US defense contractor falls for $3 million email scam — Quartz
Italian police raid of neo-fascist militants finds air-to-air missile [Updated] | Ars Technica
Brazil is at the forefront of a new type of router attack | ZDNet
NCSC Issues Alert About Active DNS Hijacking Attacks
Magecart Hacker Group Hits 17,000 Domains—and Counting | WIRED
Hacker steals data of millions of Bulgarians, emails it to local media | ZDNet
Hackers breached Greece's top-level domain registrar | ZDNet
EFF Hits AT&T With Class Action Lawsuit for Selling Customers’ Location to Bounty Hunters - VICE
Sprint says hackers breached customer accounts via Samsung website | ZDNet
New Android malware replaces legitimate apps with ad-infested doppelgangers | ZDNet
Academics steal data from air-gapped systems via a keyboard's LEDs | ZDNet
Bad McAfee Exploit Prevention Update Blocked Windows Logins
Google to remove Chrome's built-in XSS protection (XSS Auditor) | ZDNet
Microsoft Azure AD FIDO2 Passwordless Sign-In in Public Preview
Apple disables Walkie Talkie app due to vulnerability that could allow iPhone eavesdropping | TechCrunch
Meet the World’s Biggest ‘Bulletproof’ Hoster — Krebs on Security
Zoom Will Fix the Flaw That Let Hackers Hijack Webcams | WIRED
Apple has pushed a silent Mac update to remove hidden Zoom web server | TechCrunch
(9) Karan Lyons on Twitter: "MRT update 1.46 now removes vulnerable web servers for Zoom, RingCentral, Telus Meetings, BT Cloud Phone Meetings, Office Suite HD Meeting, AT&T Video Meetings, BizConf, Huihui, UMeeting, Zhumu, and Zoom CN." / Twitter
(9) Jonathan Leitschuh on Twitter: "A Remote Code Execution Vulnerability was present in all of these @zoom_us white label desktop apps. This is the full list of applications that @Apple's MRT update will now silently remove from your machines for you. If you want to be proactive, update your MRT to 1.46 https://t.co/rGlwjbQmkg" / Twitter
Jira Server and Data Center Update Patches Critical Vulnerability
(10) pyn3rd on Twitter: "#CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE https://t.co/rFkENoGiVx" / Twitter
Kasada | Security Redefined