On this week’s show Patrick and Adam discuss the week’s security news, including:

ASD launches offensive action against criminals
Bio-tech firms working on COVID-19 targeted by ransomware
Iran targets WHO
Did you hear there’s a security issue with Zoom? You might not have heard. Don’t worry we’ll tell you about it
Much, much more

This week’s show is brought to you by Yubico, makers of the Yubikey devices.

Yubico’s Chief Solutions Officer Jerrod Chong will be along in this week’s sponsor interview to talk through a few things: what is he seeing out there among users? As you’ll hear, he’s seeing what all of us are seeing, a massive rush to enable remote working. Jerrod also us through some new stuff Yubico is planning, from managed credential services through to biometric Yubikeys. Don’t miss it!

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.





Show notes




Australian government says it is hacking criminals who are exploiting the pandemic


Hackers ‘Without Conscience’ Target Health-Care Providers - Bloomberg


Exclusive: Hackers linked to Iran target WHO staff emails during coronavirus - sources - Reuters


Iran’s ban on Telegram that was intended to facilitate domestic spying backfired


DarkHotel hackers use VPN zero-day to breach Chinese government agencies | ZDNet


NASA sees an “exponential” jump in malware attacks as personnel work from home | Ars Technica


So Wait, How Encrypted Are Zoom Meetings Really? | WIRED


Zoom admits some calls were routed through China by mistake | TechCrunch


Zoom founder promises to remedy security, privacy concerns during a 'feature freeze' - CyberScoop


New York City bans Zoom in schools, citing security concerns | TechCrunch


DOJ says Zoom-bombing is a crime | ZDNet


Video service Zoom taking security seriously: U.S. government memo - Reuters


The Zoom Privacy Backlash Is Only Getting Started | WIRED


The internet is now rife with places where you can organize Zoom-bombing raids | ZDNet


Why Zoom Really Needs Better Privacy: $1.4 Million Orders Show The US Government’s COVID-19 Response Is Now Relying On It


‘War Dialing’ Tool Exposes Zoom’s Password Problems — Krebs on Security


Microsoft Buys Corp.com So Bad Guys Can’t — Krebs on Security


Experts agree: Internet voting isn’t ready for COVID-19 crisis - Risky Business


Schiff wants ODNI to scrub out politics from election security briefs


PayPal and Venmo Are Letting SIM Swappers Hijack Accounts - VICE


Google backs Apple's SMS OTP standard proposal | ZDNet


Microsoft announces IPE, a new code integrity feature for Linux | ZDNet


Chrome 81 released with initial support for the Web NFC standard | ZDNet


A Hacker Found a Way to Take Over Any Apple Webcam | WIRED


Hardware microphone disconnect in Mac and iPad - Apple Support


Hacking forum gets hacked for the second time in a year | ZDNet


A hacker has wiped, defaced more than 15,000 Elasticsearch servers | ZDNet


Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others | ZDNet


Remote working security: Thousands of misconfigured Atlassian instances ripe for unauthorized access | The Daily Swig


Cisco rations VPNs for staff as strain of 100,000+ home workers hits its network • The Register


Twisted programming framework stung by brace of request smuggling vulnerabilities | The Daily Swig


How we abused Slack's TURN servers to gain access to internal services | Communication Breakdown


Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others — Krebs on Security


XSS vulnerability found in Mozilla’s XSS-prevention library | The Daily Swig


On signing the Joint Statement of the Russian Federation and the Republic of Burundi on the non-deployment of weapons in space by the first - News - Ministry of Foreign Affairs of the Russian Federation


Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike - Reuters


Seriously Risky Business

Twitter Mentions