This episode sponsored by Fastly.On this week’s show Patrick and Adam discuss the week’s security news, including:
- Tibetans targeted in mobile malware campaign
- Iran denies cyber-attack nobody was asking about
- More news from the Middle East
- 26 nations open UN General Assembly with statement on cyber norms
- Fedex sued over company’s NotPetya response, exec share sales
- Why “quantum supremacy” isn’t a big deal. Yet.
- Much, much more
In this week’s sponsor interview we talk to Cody Wood of Signal Sciences about http request smuggling. What it is and why it’s a nightmare to fix.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Androids And iPhones Hacked With Just One WhatsApp Click — And Tibetans Are Under Assault
- Footage shows hundreds of blindfolded and shackled prisoners in China – video | World news | The Guardian
- Iran denies successful cyber attack on oil sector | The Times of Israel
- Advanced hackers are infecting IT providers in hopes of hitting their customers | Ars Technica
- The Urgent Search for a Cyber Silver Bullet Against Iran - The New York Times
- New research shows more utility companies are being targeted by phishing emails
- New North Korean malware targeting ATMs spotted in India | ZDNet
- Shareholders allege FedEx covered up damages caused by NotPetya attack
- All the Code Connections Between Russia’s Hackers, Visualized | WIRED
- World powers are pushing to build their own brand of cyber norms
- Google’s ‘Quantum Supremacy’ Isn’t the End of Encryption | WIRED
- The FBI Tried to Plant a Backdoor in an Encrypted Phone Network - VICE
- Russian national confesses to biggest bank hack in US history | Ars Technica
- Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange | ZDNet
- Two years later, hackers are still breaching local government payment portals | ZDNet
- Massive IT Support Fraud ‘Made $10 Million From Thousands Of Elderly Victims’
- Facebook suspended tens of thousands of apps from 400 developers | ZDNet
- Massive wave of account hijacks hits YouTube creators | ZDNet
- Bloomberg reporter of challenged ‘Big Hack’ story gets promoted - The Washington Post
- GitHub security alerts now support PHP projects | ZDNet
- Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites | ZDNet
- Microsoft releases out-of-band security update to fix IE zero-day & Defender bug | ZDNet
- Medicine show: Crown Sterling demos 256-bit RSA key-cracking at private event | Ars Technica
- Iowa officials claim confusion over scope led to arrest of pen-testers | Ars Technica
- Ask Cybergibbons! on Twitter: "Another interesting week on a ship. As with every previous maritime test, we found a system installed that no one really knew about or understood. Shoreside was totally unaware of its existence." / Twitter
- What is HTTP request smuggling? Tutorial & Examples
- HTTP Desync Attacks: Request Smuggling Reborn | Blog - PortSwigger
