On this week’s show Patrick and Adam discuss the week’s security news, including:
- KSA uses SS7 to track its citizens in USA
- Governments begin virus tracking through personal devices
- FBI warns of Iran-linked crew in yer supply chains
- Voatz gets booted from HackerOne
- All the cloud and Zoom drama
(PLEASE NOTE: This is a re-post. Looks like our CDN mangled the initial mp3 for some regions. Should work ok now. - Pat)
This week’s show is brought to you by Signal Sciences. Instead of interviewing one of their people, they suggested we interview Andrew Becherer in this week’s sponsor interview.
Andrew runs security for Iterable, but before that he ran the security program at DataDog. He’ll be along after this week’s news to talk about how much easier it is to stand up a security program in 2020 as opposed to the last time he did it five or so years ago
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Revealed: Saudis suspected of phone spying campaign in US | World news | The Guardian
- SS7map: SS7 Networks Exposure
- Government Tracking How People Move Around in Coronavirus Pandemic
- FBI re-sends alert about supply chain attacks for the third time in three months | ZDNet
- HackerOne cuts ties with mobile voting firm Voatz after it clashed with researchers
- Houseparty app offers $1m reward to unmask entity behind hacking smear campaign | ZDNet
- Marriott discloses new data breach impacting 5.2 million hotel guests | ZDNet
- FCC tells US telcos to implement caller ID authentication by June 30, 2021 | ZDNet
- Memento Labs, the Reborn Hacking Team, Is Struggling - VICE
- RDP and VPN use skyrocketed since coronavirus onset | ZDNet
- Update #2 on Microsoft cloud services continuity | Azure blog and updates | Microsoft Azure
- Zoom hit with class-action lawsuit for sharing user data with Facebook
- FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic — FBI
- A Norwegian school quit using video calls after a naked man ‘guessed’ the meeting link | TechCrunch
- FBI warns Zoom, teleconference meetings vulnerable to hijacking - CyberScoop
- Zoom Removes Code That Sends Data to Facebook - VICE
- FBI turns to insurers to grasp the full reach of ransomware - CyberScoop
- Cyber insurer Chubb had data stolen in Maze ransomware attack | TechCrunch
- Medical and military contractor Kimchuk hit by data-stealing ransomware | TechCrunch
- Microsoft announces new 'Hardware-enforced Stack Protection' feature | ZDNet
- Android lets advertisers get a list of all your apps -- and this API feature is broadly used | ZDNet
- Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics | ZDNet
- Risky Business Live, March 31, 2020 - YouTube
- Risky Business Live #3 -- Booz Allen Hamilton's Russia report, Azure getting creaky and more - Risky Business
- Network of fake QR code generators will steal your Bitcoin | ZDNet
- A mysterious hacker group is eavesdropping on corporate email and FTP traffic | ZDNet
- Malware from notorious FIN7 group is being delivered by snail mail
- Rare BadUSB attack detected in the wild against US hospitality provider | ZDNet
- Google to resume Chrome updates it paused last week due to COVID-19 | ZDNet
- Google says no APP users have been phished to date | ZDNet
- Russians Shut Down Huge Card Fraud Ring — Krebs on Security
- U.S. cybersecurity experts see recent spike in Chinese digital espionage - Reuters
- Dark web hosting provider hacked again -- 7,600 sites down | ZDNet
- OpenWRT code-execution bug puts millions of devices at risk | Ars Technica
- Seriously Risky Business