Risky Business #554 -- Is there an iOS exploit glut?

Apple's mobile OS has a very bad week...
04 Sep 2019 » Risky Business

Alex Stamos is our news co-host this week. Patrick and Alex discuss all the week’s security news, including:

  • Mass exploitation of iOS devices by Chinese govt
  • Telegram moves to nix phone number enumeration “feature”
  • USA targeted Iranian maritime awareness system
  • Existence of Stuxnet mole revealed by Kim Zetter
  • @jack gets hacked
  • Much, much more

This week’s sponsor interview is with Michelle Price of AustCyber. AustCyber is the organisation here in Australia that aims to build out the Australian cyber security industry and skills base, and Michelle pops in this week to tell us all about the upcoming Australian Cyber Week.

Links to everything are below in the show notes.

Show notes

Project Zero: A very deep dive into iOS Exploit chains found in the wild
Mysterious iOS Attack Changes Everything We Know About iPhone Hacking | WIRED
iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources
Apple iPhone Hack Exposed By Google Breaks WhatsApp Encryption
This Has Been the Worst Year for iPhone Security Yet - VICE
Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks | WIRED
Exploit Sellers Say There are More iPhone Hacks on the Market Than They’ve Ever Seen - VICE
Researchers uncover malicious sites targeting China's Uyghur population
Confirmed: Google’s Android Suffers Sustained Attacks By Anti-Uighur Hackers
Exclusive: Messaging app Telegram moves to protect identity of Hong Kong protesters - Reuters
U.S. Cyberattack Hurt Iran’s Ability to Target Oil Tankers, Officials Say - The New York Times
Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
North Korean state hackers target retired diplomats and military officials | ZDNet
How Twitter CEO Jack Dorsey's Account Was Hacked | WIRED
Google launches bounty program to spot misuses of Google API, Chrome, and Android user data | ZDNet
Google adds all Android apps with +100m installs to its bug bounty program | ZDNet
Cisco releases guides for incident responders handling hacked Cisco gear | ZDNet
BEC overtakes ransomware and data breaches in cyber-insurance claims | ZDNet
How MuleSoft patched a critical security flaw and avoided a disaster | ZDNet
Rash of ransomware continues with 13 new victims—most of them schools | Ars Technica
Russian police take down malware gang that infected 800,000+ Android smartphones | ZDNet
Avast and French police take over malware botnet and disinfect 850,000 computers | ZDNet
TrickBot, today's top trojan, adds feature to aid SIM swapping attacks | ZDNet
German bank loses €1.5 million in mysterious cashout of EMV cards | ZDNet
Over 47,000 Supermicro servers are exposing BMC ports on the internet | ZDNet
Spam In your Calendar? Here’s What to Do. — Krebs on Security
Marc Owen Jones on Twitter: "[Thread] As promised, today I want to tell you of how I became friends with a Twitter troll called Angus Gallagher. Angus recently had a sex/ethnicity reassignment operation. He is now called Jasmine, but we'll come to that a bit later. First though, say hi to Angus #StopTheCoup https://t.co/z9cjTZxkxo" / Twitter
Security Engineer job in Austin, TX at Praetorian
National Missing Persons Hackathon 2019 Tickets, Fri 11/10/2019 at 9:30 am | Eventbrite