Risky Business #528 -- Huawei dinged, epic FaceTime and Exchange bugs

Adam Boileau is back on deck...
29 Jan 2019 » Risky Business

Adam Boileau co-hosts this week’s Risky Business episode. We talk about:

  • The Huawei indictments
  • The epic Facetime logic bug
  • The even more epic Exchange privesc bug
  • CISA’s “fix yo DNS” directive
  • Black Cube busted doing shady stuff to Citizen Lab
  • Yahoo shareholder lawsuit settlement makes directors twitchy
  • Internet filtering kicks off in Venezuela
  • Much, much MORE!

This week’s show is brought to you by Thinkst Canary – they make hardware honeypots and the tools you need to deploy canarytokens at scale. They also make virtual honeypots! This week Thinkst’s founder Haroon Meer will be along to wave his finger at basically all of us over what he sees as the security discipline’s tendency to not really learn anything from security conferences. It’s “contertainment,” he says, followed by “GET OFF MY LAWN”.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

US hammers Huawei with 23 indictments for stolen trade secrets, fraud - CNET
Major iPhone FaceTime bug lets you hear the audio of the person you are calling ... before they pick up - 9to5Mac
Abusing Exchange: One API call away from Domain Admin - dirkjanm.io
DHS: Multiple US gov domains hit in serious DNS hijacking wave | Ars Technica
cyber.dhs.gov - Emergency Directive 19-01
Rep. Langevin: We need a DHS briefing to understand extent of DNS hijacking threat
ALERT: DNS hijacking activity - NCSC Site
APNewsBreak: Undercover agents target cybersecurity watchdog
Japanese government plans to hack into citizens' IoT devices | ZDNet
Internet experiment goes wrong, takes down a bunch of Linux routers | ZDNet
Lessons for Corporate Boardrooms From Yahoo’s Cybersecurity Settlement - The New York Times
Mystery still surrounds hack of PHP PEAR website | ZDNet
WordPress sites under attack via zero-day in abandoned plugin | ZDNet
OONI report into Internet filtering in Venezuela
Tonga sent back to 'dark ages' after underwater Internet cable severed | Fox News
Opinion | Mueller’s Real Target in the Roger Stone Indictment - The New York Times
Exclusive: Ukraine says it sees surge in cyber attacks targeting election | Reuters
This Time It’s Russia’s Emails Getting Leaked
Russia Targeting British Institute In Disinformation Campaign
Unsecured MongoDB databases expose Kremlin's backdoor into Russian businesses | ZDNet
Facebook to encrypt Instagram messages ahead of integration with WhatsApp, Facebook Messenger | TechCrunch
Cryptopia funds still being drained by hackers while police investigated | RNZ News
Europol arrests UK man for stealing €10 million worth of IOTA cryptocurrency | ZDNet
Police license plate readers are still exposed on the internet | TechCrunch
Malvertising campaign targets Apple users with malicious code hidden in images | ZDNet
Hackers are going after Cisco RV320/RV325 routers using a new exploit | ZDNet
Spencer Dailey on Twitter: "hard to understate how bad this flaw is--shocked more pubs haven't picked up on this. The affected chip is ubiquitous, the potential exploits allow anyone within wifi-range to run arbitrary code on the machine. Wifi routers themselves use affected chip 🤯 https://t.co/XQx4SobJtj"
GitHub - hannob/apache-uaf: Apache use after free bug infos / ASAN stack traces
Lesley Carhart on Twitter: "At the very least I’ll be able to publish these questions so that other people can grill their properties should they forcibly migrate to IoT equipment."
APT39: An Iranian Cyber Espionage Group Focused on Personal Information « APT39: An Iranian Cyber Espionage Group Focused on Personal Information | FireEye Inc
44CON 2013 - A talk about (info-sec) talks - Haroon Meer - YouTube