Risky Business #557 -- 26 nations release cyber norms statement at UN

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Tibetans targeted in mobile malware campaign
  • Iran denies cyber-attack nobody was asking about
  • More news from the Middle East
  • 26 nations open UN General Assembly with statement on cyber norms
  • Fedex sued over company’s NotPetya response, exec share sales
  • Why “quantum supremacy” isn’t a big deal. Yet.
  • Much, much more

In this week’s sponsor interview we talk to Cody Wood of Signal Sciences about http request smuggling. What it is and why it’s a nightmare to fix.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #557 -- 26 nations release cyber norms statement at UN
0:00 / 0:00

Show notes

Androids And iPhones Hacked With Just One WhatsApp Click — And Tibetans Are Under Assault

Footage shows hundreds of blindfolded and shackled prisoners in China – video | World news | The Guardian

Iran denies successful cyber attack on oil sector | The Times of Israel

Advanced hackers are infecting IT providers in hopes of hitting their customers | Ars Technica

The Urgent Search for a Cyber Silver Bullet Against Iran - The New York Times

New research shows more utility companies are being targeted by phishing emails

New North Korean malware targeting ATMs spotted in India | ZDNet

Shareholders allege FedEx covered up damages caused by NotPetya attack

All the Code Connections Between Russia’s Hackers, Visualized | WIRED

World powers are pushing to build their own brand of cyber norms

Google’s ‘Quantum Supremacy’ Isn’t the End of Encryption | WIRED

The FBI Tried to Plant a Backdoor in an Encrypted Phone Network - VICE

Russian national confesses to biggest bank hack in US history | Ars Technica

Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange | ZDNet

Two years later, hackers are still breaching local government payment portals | ZDNet

Massive IT Support Fraud ‘Made $10 Million From Thousands Of Elderly Victims’

Facebook suspended tens of thousands of apps from 400 developers | ZDNet

Massive wave of account hijacks hits YouTube creators | ZDNet

Bloomberg reporter of challenged ‘Big Hack’ story gets promoted - The Washington Post

GitHub security alerts now support PHP projects | ZDNet

Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites | ZDNet

Microsoft releases out-of-band security update to fix IE zero-day & Defender bug | ZDNet

Medicine show: Crown Sterling demos 256-bit RSA key-cracking at private event | Ars Technica

Iowa officials claim confusion over scope led to arrest of pen-testers | Ars Technica

Ask Cybergibbons! on Twitter: "Another interesting week on a ship. As with every previous maritime test, we found a system installed that no one really knew about or understood. Shoreside was totally unaware of its existence." / Twitter

What is HTTP request smuggling? Tutorial & Examples

HTTP Desync Attacks: Request Smuggling Reborn | Blog - PortSwigger