Risky Business Podcast

September 25, 2019

Risky Business #557 -- 26 nations release cyber norms statement at UN

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Co-host at large

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Tibetans targeted in mobile malware campaign
  • Iran denies cyber-attack nobody was asking about
  • More news from the Middle East
  • 26 nations open UN General Assembly with statement on cyber norms
  • Fedex sued over company’s NotPetya response, exec share sales
  • Why “quantum supremacy” isn’t a big deal. Yet.
  • Much, much more

In this week’s sponsor interview we talk to Cody Wood of Signal Sciences about http request smuggling. What it is and why it’s a nightmare to fix.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #557 -- 26 nations release cyber norms statement at UN
0:00 / 55:13

Show notes

Androids And iPhones Hacked With Just One WhatsApp Click — And Tibetans Are Under Assault

Footage shows hundreds of blindfolded and shackled prisoners in China – video | World news | The Guardian

Iran denies successful cyber attack on oil sector | The Times of Israel

Advanced hackers are infecting IT providers in hopes of hitting their customers | Ars Technica

The Urgent Search for a Cyber Silver Bullet Against Iran - The New York Times

New research shows more utility companies are being targeted by phishing emails

New North Korean malware targeting ATMs spotted in India | ZDNet

Shareholders allege FedEx covered up damages caused by NotPetya attack

All the Code Connections Between Russia’s Hackers, Visualized | WIRED

World powers are pushing to build their own brand of cyber norms

Google’s ‘Quantum Supremacy’ Isn’t the End of Encryption | WIRED

The FBI Tried to Plant a Backdoor in an Encrypted Phone Network - VICE

Russian national confesses to biggest bank hack in US history | Ars Technica

Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange | ZDNet

Two years later, hackers are still breaching local government payment portals | ZDNet

Massive IT Support Fraud ‘Made $10 Million From Thousands Of Elderly Victims’

Facebook suspended tens of thousands of apps from 400 developers | ZDNet

Massive wave of account hijacks hits YouTube creators | ZDNet

Bloomberg reporter of challenged ‘Big Hack’ story gets promoted - The Washington Post

GitHub security alerts now support PHP projects | ZDNet

Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites | ZDNet

Microsoft releases out-of-band security update to fix IE zero-day & Defender bug | ZDNet

Medicine show: Crown Sterling demos 256-bit RSA key-cracking at private event | Ars Technica

Iowa officials claim confusion over scope led to arrest of pen-testers | Ars Technica

Ask Cybergibbons! on Twitter: "Another interesting week on a ship. As with every previous maritime test, we found a system installed that no one really knew about or understood. Shoreside was totally unaware of its existence." / Twitter

What is HTTP request smuggling? Tutorial & Examples

HTTP Desync Attacks: Request Smuggling Reborn | Blog - PortSwigger