Risky Business Podcast

March 18, 2020

Risky Business #575 -- World drowns in Coronavirus phishing lures as crisis escalates

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Coronavirus phishing lures are everywhere
  • Czech hospital ransomwared during crisis
  • Voatz mobile voting app destroyed by Trail of Bits audit
  • We recap yesterday’s livestream
  • Windows SMBv3 bug probably not such a big deal
  • ALL the week’s news

This week’s sponsor interview is with Sam Crowther, founder of Kasada. They do bot detection and mitigation and apparently they’re quite good at it. Sam joins the show to talk through the new greyhatter of anti-anti-bot. It’s actually a really fun conversation, that one, so stick around for it.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #575 -- World drowns in Coronavirus phishing lures as crisis escalates
0:00 / 0:00

Show notes

State-sponsored hackers are now using coronavirus lures to infect their targets | ZDNet

The Internet is drowning in COVID-19-related malware and phishing scams | Ars Technica

undefined

TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years | Proofpoint US

Live Coronavirus Map Used to Spread Malware — Krebs on Security

Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak | ZDNet

High-Stakes Security Setups Are Making Remote Work Impossible | WIRED

A Mobile Voting App That's Already in Use Is Filled With Critical Flaws - VICE

Microsoft delivers emergency patch to fix wormable Windows 10 flaw | Ars Technica

undefined

undefined

undefined

undefined

Medical Device Regulation: EU to give €100bn MedTech industry a security health check | The Daily Swig

WordPress to add auto-update feature for themes and plugins | ZDNet

undefined

Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn't | ZDNet

Avast disables JavaScript engine in its antivirus following major bug | ZDNet

US is preparing to ban foreign-made drones from government use | TechCrunch

Card data from the Volusion web skimmer incident surfaces on the dark web | ZDNet

Intel CPUs vulnerable to new 'Snoop' attack | ZDNet

Modern RAM used for computers, smartphones still vulnerable to Rowhammer attacks | ZDNet

We Built a Database of Over 500 iPhones Cops Have Tried to Unlock - VICE

The Web’s Bot Containment Unit Needs Your Help — Krebs on Security

undefined

Cyberattack Hits HHS During Coronavirus Response - Bloomberg

Microsoft discontinues RDCMan app following security bug | ZDNet

Google awards $100k to Dutch bug hunter for cutting-edge cloud security research | The Daily Swig

#737140 Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies

oracle chat on prem - Google Search

Risky Business - Risky Business

publications/voatz-securityreview.pdf at master · trailofbits/publications · GitHub

publications/voatz-threatmodel.pdf at master · trailofbits/publications · GitHub

Our Full Report on the Voatz Mobile Voting Platform | Trail of Bits Blog

Securing a work from home workforce - YouTube