Porn Pirating, Zoom RCE, & Huawei – Paul’s Security Weekly #611

July 12, 2019

 

 

In the Security News, Zoom's RCE Vulnerability is affecting over 700,000 companies, how YouTube is trying to ban hacking videos, 1TB of police body cam footage is available online, and how the US Cyber Command warns of Outlook flaw exploited by Iranian Hackers!

Larry's Stories

An open question: PGP vs Signal for e-mail secure communication? Adoption of PGP vs Signal?

  1. Malware on the High Seas - phishing being used against the US Cost Guard in an attempt to gain access to data on the vessels.
  2. Microsoft warns of file-less malware attack Astaroth, reminds me of what we do as red teasers
  3. Unattended, no click Zoom hacks
  4. Hate crime perps caught because they automatically connected to WiFi
  5. US weapon systems hacked in 9 second because of default passwords and other DoD cyber security folly
  6. GoBotKR botnet through pirate Korean videos
  7. Apple iMessage bug bricks phones, patch available
  8. Android apps harvest data, even though they were told not to

Patrick's Stories

  1. Zoom RCE Vulnerability Found
  2. YouTube banning hacking videos, now admits mistake
  3. Android Won't Take No For an Answer More than 1000 Android apps still collect personal data even after user clicks no.

Doug's Stories

  1. Porn Pirating Lawyers sentenced - A US lawyer who uploaded pornography on to file-sharing sites then sued people who downloaded it, has been sentenced to five years in jail.
  2. Crypto Peer-to-Peer Exchanges Grow in Popularity as Regulatory Scrutiny Rises - The uptick in regulatory scrutiny amid this year’s re-emergence of cryptocurrencies is driving some of the speculative asset classes’ biggest advocates further into the darkest corners of finance.
  3. Rhode Island Governor Cuts CISO Position from Cabinet - The controversial decision to eliminate the state's chief information security officer has inspired criticism, though state officials have promised a continued commitment to cybersecurity efforts.
  4. Cybersecurity Firm McAfee Preps for Public Market Return - The company's owners - private-equity firms TPG and Thoma Bravo, and chipmaker Intel - have been meeting with bankers this week to discuss plans for an initial public offering that could occur later this year, The Wall Street Journal reports.

Lee's Stories

  1. Chinese Tourists forced to install Software at border Chinese border officials side-load JingWang application; primarily targeting Xinjiang's Uighur population; that sends device data to their servers, un-encrypted, for analysis also searches for 73,000 files of interest such as religious videos, images and electronic documents.
  2. 1TB Police Bodycam footage available online The police department IT service providers, who were collecting the videos were compromised. Make sure that your service provider is InfoSec aware. Should we expect the hackers to store the acquired content securely?
  3. Orvibo IoT management database insecure SmartMate device management database, with 2 Billion records for devices in 2 Million households had no protection and included usernames, non-salted MD5 Hashed passwords, password reset codes and device location data. How secure is your IoT management system?
  4. Russian hackers target banks Hacker group compromises IT systems, causes ATM to dispense any amount unchecked.
  5. U.S. Cyber Command warns of Outlook flaw exploited by Iranian Hackers Hckers exploit Microsoft Outlook vulnerability tracked as CVE-2017-11774 in an effort to deliver malware.
  6. Huawei Employees linked to China State Intel Agencies Look to the big picture - consider the alliances of your suppliers, at all levels. Who are they truly working for?
  7. Acedemics steal data from air-gapped systems via Keyboard's LEDs It is interesting how you can leverage system components to exfiltrate data across an air-gap. Ben-Gurion University has researched for years. Some other examples LCD Displays CPU fans for pickup as audio CPU Load for pickup as heat HDD Motor/Head noise

Full Show Notes

Follow us on Twitter: https://www.twitter.com/securityweekly

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Doug White Doug White - Professor, Roger Williams University.[/caption]
[caption id="attachment_210" align="alignleft" width="120"]Larry Pesce Larry Pesce - Senior Managing Consultant and Director of Research, InGuardians.[/caption]
 
[caption id="attachment_210" align="alignleft" width="120"]Patrick Laverty Patrick Laverty - Security Consultant, Rapid 7.[/caption]
[caption id="attachment_210" align="alignleft" width="120"]Joff Thyer Joff Thyer - Security Analyst, Black Hills Information Security.[/caption]

 

[audio src="http://traffic.libsyn.com/sw-all/Porn_Pirating_Zoom_RCE__Huawei_-_Pauls_Security_Weekly_611_converted.mp3" ]

prestitial ad