On this week’s show Patrick and Adam discuss the week’s security news, including:
- Details about Apple and Google’s contact tracing API and OS changes
- Alex Stamos joins Zoom as outside consultant
- More Zoom news
- US government weighs China Telecom ban following BGP hijacking
- Travelex paid $2.3m to decrypt files in ransomware attack.
This week’s show is brought to you by AttackIQ. They make a breach and attack simulation platform that you can use to figure out which of your security controls are actually working. Carl Wright of AttackIQ will join the show to talk about the new, free online training they’re offering.
If you’re stuck at home like half the planet right now and you’re interested in operationalising MITRE ATT&CK then you can check out AttackIQ academy.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
- Seriously Risky Business Newsletter Subscription Page
- Srsly Risky Biz: Apple, Google to bring COVID-19 contact tracing to billions - Risky Business
- Clever Cryptography Could Protect Privacy in Covid-19 Contact-Tracing Apps | WIRED
- How Google Plans to Push Its Coronavirus Tracing Feature to Android Phones - VICE
- Former Facebook CSO Alex Stamos to join Zoom as outside security consultant | ZDNet
- Zoom removes meeting IDs from app title bar to improve privacy | ZDNet
- US Senate, German government tell staff not to use Zoom | ZDNet
- It's Official: Most Zoom Versions Now Off-Limits to the Military | Military.com
- Senator calls on FTC to create guidelines for video teleconferencing software | ZDNet
- Senator backing anti-crypto bill calls out Zoom’s lack of end-to-end crypto | Ars Technica
- Interest in Zoom Zero-Day Hacks Is ‘Sky-High’ as Meetings Move Online - VICE
- Zoom shareholder accuses executives of fraud over security practices
- U.S., U.K. authorities warn of state-linked and criminal hacking exploiting coronavirus pandemic
- Fiverr Hosted 'Coronavirus Healers' and Dodgy Mask Sellers - VICE
- Citing BGP hijacks and hack attacks, feds want China Telecom out of the US | Ars Technica
- Travelex Paid $2.3 Million to Ransomware Gang: Report
- The Pentagon Hasn't Fixed Basic Cybersecurity Blind Spots | WIRED
- New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments — Krebs on Security
- Cloudflare dumps reCAPTCHA as Google intends to charge for its use | ZDNet
- San Francisco airport websites hacked to steal staff passwords, says notice | TechCrunch
- Russian state hackers behind San Francisco airport hack | ZDNet
- SEC settles with two suspects in EDGAR hacking case | ZDNet
- SEC.gov | Foreign National and American Trader Settle Fraud Charges in EDGAR Hacking Case
- Lawyer for alleged Methbot boss Aleksandr Zhukov wants case dismissed amid coronavirus concerns
- Why you can’t trust your vote to the internet just yet - Risky Business
- Experts agree: Internet voting isn’t ready for COVID-19 crisis - Risky Business
- Experts: Internet voting isn’t ready for COVID-19 crisis
- Vote by Mail Isn't Perfect. But It's Essential in a Pandemic | WIRED
- DARPA snags Intel to lead its machine learning security tech | TechCrunch
- Dell releases new tool to detect BIOS attacks | ZDNet
- Micronaut CRLF injection bug opened the door to server-side request forgery | The Daily Swig
- 2021 - git: Newline injection in credential helper protocol - project-zero
- The Far-Right Helped Create The World's Most Powerful Facial Recognition Technology | HuffPost Australia
- AttackIQ Platform, continuous validation of your security control.