Risky Business #557 -- 26 nations release cyber norms statement at UN

State-backed activity reaching fever pitch...
25 Sep 2019 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Tibetans targeted in mobile malware campaign
  • Iran denies cyber-attack nobody was asking about
  • More news from the Middle East
  • 26 nations open UN General Assembly with statement on cyber norms
  • Fedex sued over company’s NotPetya response, exec share sales
  • Why “quantum supremacy” isn’t a big deal. Yet.
  • Much, much more

In this week’s sponsor interview we talk to Cody Wood of Signal Sciences about http request smuggling. What it is and why it’s a nightmare to fix.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Androids And iPhones Hacked With Just One WhatsApp Click — And Tibetans Are Under Assault
Footage shows hundreds of blindfolded and shackled prisoners in China – video | World news | The Guardian
Iran denies successful cyber attack on oil sector | The Times of Israel
Advanced hackers are infecting IT providers in hopes of hitting their customers | Ars Technica
The Urgent Search for a Cyber Silver Bullet Against Iran - The New York Times
New research shows more utility companies are being targeted by phishing emails
New North Korean malware targeting ATMs spotted in India | ZDNet
Shareholders allege FedEx covered up damages caused by NotPetya attack
All the Code Connections Between Russia’s Hackers, Visualized | WIRED
World powers are pushing to build their own brand of cyber norms
Google’s ‘Quantum Supremacy’ Isn’t the End of Encryption | WIRED
The FBI Tried to Plant a Backdoor in an Encrypted Phone Network - VICE
Russian national confesses to biggest bank hack in US history | Ars Technica
Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange | ZDNet
Two years later, hackers are still breaching local government payment portals | ZDNet
Massive IT Support Fraud ‘Made $10 Million From Thousands Of Elderly Victims’
Facebook suspended tens of thousands of apps from 400 developers | ZDNet
Massive wave of account hijacks hits YouTube creators | ZDNet
Bloomberg reporter of challenged ‘Big Hack’ story gets promoted - The Washington Post
GitHub security alerts now support PHP projects | ZDNet
Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites | ZDNet
Microsoft releases out-of-band security update to fix IE zero-day & Defender bug | ZDNet
Medicine show: Crown Sterling demos 256-bit RSA key-cracking at private event | Ars Technica
Iowa officials claim confusion over scope led to arrest of pen-testers | Ars Technica
Ask Cybergibbons! on Twitter: "Another interesting week on a ship. As with every previous maritime test, we found a system installed that no one really knew about or understood. Shoreside was totally unaware of its existence." / Twitter
What is HTTP request smuggling? Tutorial & Examples
HTTP Desync Attacks: Request Smuggling Reborn | Blog - PortSwigger