Risky Business #578 -- ASD launches offensive campaign against criminals

Will ransomware crews face the same fate as Somalian pirates?
08 Apr 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • ASD launches offensive action against criminals
  • Bio-tech firms working on COVID-19 targeted by ransomware
  • Iran targets WHO
  • Did you hear there’s a security issue with Zoom? You might not have heard. Don’t worry we’ll tell you about it
  • Much, much more

This week’s show is brought to you by Yubico, makers of the Yubikey devices.

Yubico’s Chief Solutions Officer Jerrod Chong will be along in this week’s sponsor interview to talk through a few things: what is he seeing out there among users? As you’ll hear, he’s seeing what all of us are seeing, a massive rush to enable remote working. Jerrod also us through some new stuff Yubico is planning, from managed credential services through to biometric Yubikeys. Don’t miss it!

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Australian government says it is hacking criminals who are exploiting the pandemic
Hackers ‘Without Conscience’ Target Health-Care Providers - Bloomberg
Exclusive: Hackers linked to Iran target WHO staff emails during coronavirus - sources - Reuters
Iran’s ban on Telegram that was intended to facilitate domestic spying backfired
DarkHotel hackers use VPN zero-day to breach Chinese government agencies | ZDNet
NASA sees an “exponential” jump in malware attacks as personnel work from home | Ars Technica
So Wait, How Encrypted Are Zoom Meetings Really? | WIRED
Zoom admits some calls were routed through China by mistake | TechCrunch
Zoom founder promises to remedy security, privacy concerns during a 'feature freeze' - CyberScoop
New York City bans Zoom in schools, citing security concerns | TechCrunch
DOJ says Zoom-bombing is a crime | ZDNet
Video service Zoom taking security seriously: U.S. government memo - Reuters
The Zoom Privacy Backlash Is Only Getting Started | WIRED
The internet is now rife with places where you can organize Zoom-bombing raids | ZDNet
Why Zoom Really Needs Better Privacy: $1.4 Million Orders Show The US Government’s COVID-19 Response Is Now Relying On It
‘War Dialing’ Tool Exposes Zoom’s Password Problems — Krebs on Security
Microsoft Buys Corp.com So Bad Guys Can’t — Krebs on Security
Experts agree: Internet voting isn’t ready for COVID-19 crisis - Risky Business
Schiff wants ODNI to scrub out politics from election security briefs
PayPal and Venmo Are Letting SIM Swappers Hijack Accounts - VICE
Google backs Apple's SMS OTP standard proposal | ZDNet
Microsoft announces IPE, a new code integrity feature for Linux | ZDNet
Chrome 81 released with initial support for the Web NFC standard | ZDNet
A Hacker Found a Way to Take Over Any Apple Webcam | WIRED
Hardware microphone disconnect in Mac and iPad - Apple Support
Hacking forum gets hacked for the second time in a year | ZDNet
A hacker has wiped, defaced more than 15,000 Elasticsearch servers | ZDNet
Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others | ZDNet
Remote working security: Thousands of misconfigured Atlassian instances ripe for unauthorized access | The Daily Swig
Cisco rations VPNs for staff as strain of 100,000+ home workers hits its network • The Register
Twisted programming framework stung by brace of request smuggling vulnerabilities | The Daily Swig
How we abused Slack's TURN servers to gain access to internal services | Communication Breakdown
Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others — Krebs on Security
XSS vulnerability found in Mozilla’s XSS-prevention library | The Daily Swig
On signing the Joint Statement of the Russian Federation and the Republic of Burundi on the non-deployment of weapons in space by the first - News - Ministry of Foreign Affairs of the Russian Federation
Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike - Reuters
Seriously Risky Business