Â
Â
In the Security News, Zoomâs RCE Vulnerability is affecting over 700,000 companies, how YouTube is trying to ban hacking videos, 1TB of police body cam footage is available online, and how the US Cyber Command warns of Outlook flaw exploited by Iranian Hackers!
Larryâs Stories
An open question: PGP vs Signal for e-mail secure communication? Adoption of PGP vs Signal?
- Malware on the High Seas â phishing being used against the US Cost Guard in an attempt to gain access to data on the vessels.
- Microsoft warns of file-less malware attack Astaroth, reminds me of what we do as red teasers
- Unattended, no click Zoom hacks
- Hate crime perps caught because they automatically connected to WiFi
- US weapon systems hacked in 9 second because of default passwords and other DoD cyber security folly
- GoBotKR botnet through pirate Korean videos
- Apple iMessage bug bricks phones, patch available
- Android apps harvest data, even though they were told not to
Patrickâs Stories
- Zoom RCE Vulnerability Found
- YouTube banning hacking videos, now admits mistake
- Android Wonât Take No For an Answer More than 1000 Android apps still collect personal data even after user clicks no.
Dougâs Stories
- Porn Pirating Lawyers sentenced â A US lawyer who uploaded pornography on to file-sharing sites then sued people who downloaded it, has been sentenced to five years in jail.
- Crypto Peer-to-Peer Exchanges Grow in Popularity as Regulatory Scrutiny Rises â The uptick in regulatory scrutiny amid this yearâs re-emergence of cryptocurrencies is driving some of the speculative asset classesâ biggest advocates further into the darkest corners of finance.
- Rhode Island Governor Cuts CISO Position from Cabinet â The controversial decision to eliminate the stateâs chief information security officer has inspired criticism, though state officials have promised a continued commitment to cybersecurity efforts.
- Cybersecurity Firm McAfee Preps for Public Market Return â The companyâs owners â private-equity firms TPG and Thoma Bravo, and chipmaker Intel â have been meeting with bankers this week to discuss plans for an initial public offering that could occur later this year, The Wall Street Journal reports.
Leeâs Stories
- Chinese Tourists forced to install Software at border Chinese border officials side-load JingWang application; primarily targeting Xinjiangâs Uighur population; that sends device data to their servers, un-encrypted, for analysis also searches for 73,000 files of interest such as religious videos, images and electronic documents.
- 1TB Police Bodycam footage available online The police department IT service providers, who were collecting the videos were compromised. Make sure that your service provider is InfoSec aware. Should we expect the hackers to store the acquired content securely?
- Orvibo IoT management database insecure SmartMate device management database, with 2 Billion records for devices in 2 Million households had no protection and included usernames, non-salted MD5 Hashed passwords, password reset codes and device location data. How secure is your IoT management system?
- Russian hackers target banks Hacker group compromises IT systems, causes ATM to dispense any amount unchecked.
- U.S. Cyber Command warns of Outlook flaw exploited by Iranian Hackers Hckers exploit Microsoft Outlook vulnerability tracked as CVE-2017-11774 in an effort to deliver malware.
- Huawei Employees linked to China State Intel Agencies Look to the big picture â consider the alliances of your suppliers, at all levels. Who are they truly working for?
- Acedemics steal data from air-gapped systems via Keyboardâs LEDs It is interesting how you can leverage system components to exfiltrate data across an air-gap. Ben-Gurion University has researched for years. Some other examples LCD Displays CPU fans for pickup as audio CPU Load for pickup as heat HDD Motor/Head noise
Full Show Notes
Follow us on Twitter: https://www.twitter.com/securityweekly
 |
 |
| Â |
 |
 |
Â
Gloss