Risky Business #575 -- World drowns in Coronavirus phishing lures as crisis escalates

PLUS: Everyone is apparently going Zero Trust overnight now...
18 Mar 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Coronavirus phishing lures are everywhere
  • Czech hospital ransomwared during crisis
  • Voatz mobile voting app destroyed by Trail of Bits audit
  • We recap yesterday’s livestream
  • Windows SMBv3 bug probably not such a big deal
  • ALL the week’s news

This week’s sponsor interview is with Sam Crowther, founder of Kasada. They do bot detection and mitigation and apparently they’re quite good at it. Sam joins the show to talk through the new greyhatter of anti-anti-bot. It’s actually a really fun conversation, that one, so stick around for it.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

State-sponsored hackers are now using coronavirus lures to infect their targets | ZDNet
The Internet is drowning in COVID-19-related malware and phishing scams | Ars Technica
TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years | Proofpoint US
Live Coronavirus Map Used to Spread Malware — Krebs on Security
Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak | ZDNet
High-Stakes Security Setups Are Making Remote Work Impossible | WIRED
A Mobile Voting App That's Already in Use Is Filled With Critical Flaws - VICE
Microsoft delivers emergency patch to fix wormable Windows 10 flaw | Ars Technica
Medical Device Regulation: EU to give €100bn MedTech industry a security health check | The Daily Swig
WordPress to add auto-update feature for themes and plugins | ZDNet
Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn't | ZDNet
Avast disables JavaScript engine in its antivirus following major bug | ZDNet
US is preparing to ban foreign-made drones from government use | TechCrunch
Card data from the Volusion web skimmer incident surfaces on the dark web | ZDNet
Intel CPUs vulnerable to new 'Snoop' attack | ZDNet
Modern RAM used for computers, smartphones still vulnerable to Rowhammer attacks | ZDNet
We Built a Database of Over 500 iPhones Cops Have Tried to Unlock - VICE
The Web’s Bot Containment Unit Needs Your Help — Krebs on Security
Cyberattack Hits HHS During Coronavirus Response - Bloomberg
Microsoft discontinues RDCMan app following security bug | ZDNet
Google awards $100k to Dutch bug hunter for cutting-edge cloud security research | The Daily Swig
#737140 Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies
oracle chat on prem - Google Search
Risky Business - Risky Business
publications/voatz-securityreview.pdf at master · trailofbits/publications · GitHub
publications/voatz-threatmodel.pdf at master · trailofbits/publications · GitHub
Our Full Report on the Voatz Mobile Voting Platform | Trail of Bits Blog
Securing a work from home workforce - YouTube