Risky Business #577 -- Stir crazy lockdown edition (reposted)

We're all locked down but the news never stops!
01 Apr 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • KSA uses SS7 to track its citizens in USA
  • Governments begin virus tracking through personal devices
  • FBI warns of Iran-linked crew in yer supply chains
  • Voatz gets booted from HackerOne
  • All the cloud and Zoom drama

(PLEASE NOTE: This is a re-post. Looks like our CDN mangled the initial mp3 for some regions. Should work ok now. - Pat)

This week’s show is brought to you by Signal Sciences. Instead of interviewing one of their people, they suggested we interview Andrew Becherer in this week’s sponsor interview.

Andrew runs security for Iterable, but before that he ran the security program at DataDog. He’ll be along after this week’s news to talk about how much easier it is to stand up a security program in 2020 as opposed to the last time he did it five or so years ago

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Revealed: Saudis suspected of phone spying campaign in US | World news | The Guardian
SS7map: SS7 Networks Exposure
Government Tracking How People Move Around in Coronavirus Pandemic
FBI re-sends alert about supply chain attacks for the third time in three months | ZDNet
HackerOne cuts ties with mobile voting firm Voatz after it clashed with researchers
Houseparty app offers $1m reward to unmask entity behind hacking smear campaign | ZDNet
Marriott discloses new data breach impacting 5.2 million hotel guests | ZDNet
FCC tells US telcos to implement caller ID authentication by June 30, 2021 | ZDNet
Memento Labs, the Reborn Hacking Team, Is Struggling - VICE
RDP and VPN use skyrocketed since coronavirus onset | ZDNet
Update #2 on Microsoft cloud services continuity | Azure blog and updates | Microsoft Azure
Zoom hit with class-action lawsuit for sharing user data with Facebook
FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic — FBI
A Norwegian school quit using video calls after a naked man ‘guessed’ the meeting link | TechCrunch
FBI warns Zoom, teleconference meetings vulnerable to hijacking - CyberScoop
Zoom Removes Code That Sends Data to Facebook - VICE
FBI turns to insurers to grasp the full reach of ransomware - CyberScoop
Cyber insurer Chubb had data stolen in Maze ransomware attack | TechCrunch
Medical and military contractor Kimchuk hit by data-stealing ransomware | TechCrunch
Microsoft announces new 'Hardware-enforced Stack Protection' feature | ZDNet
Android lets advertisers get a list of all your apps -- and this API feature is broadly used | ZDNet
Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics | ZDNet
Risky Business Live, March 31, 2020 - YouTube
Risky Business Live #3 -- Booz Allen Hamilton's Russia report, Azure getting creaky and more - Risky Business
Network of fake QR code generators will steal your Bitcoin | ZDNet
A mysterious hacker group is eavesdropping on corporate email and FTP traffic | ZDNet
Malware from notorious FIN7 group is being delivered by snail mail
Rare BadUSB attack detected in the wild against US hospitality provider | ZDNet
Google to resume Chrome updates it paused last week due to COVID-19 | ZDNet
Google says no APP users have been phished to date | ZDNet
Russians Shut Down Huge Card Fraud Ring — Krebs on Security
U.S. cybersecurity experts see recent spike in Chinese digital espionage - Reuters
Dark web hosting provider hacked again -- 7,600 sites down | ZDNet
OpenWRT code-execution bug puts millions of devices at risk | Ars Technica
Seriously Risky Business