Risky Business Podcast
September 25, 2019
Risky Business #557 -- 26 nations release cyber norms statement at UN
Presented by
CEO and Publisher
Technology Editor
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Tibetans targeted in mobile malware campaign
- Iran denies cyber-attack nobody was asking about
- More news from the Middle East
- 26 nations open UN General Assembly with statement on cyber norms
- Fedex sued over company’s NotPetya response, exec share sales
- Why “quantum supremacy” isn’t a big deal. Yet.
- Much, much more
In this week’s sponsor interview we talk to Cody Wood of Signal Sciences about http request smuggling. What it is and why it’s a nightmare to fix.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by Fastly
Modern web app and API security, anywhere
Show notes
Androids And iPhones Hacked With Just One WhatsApp Click — And Tibetans Are Under Assault
Iran denies successful cyber attack on oil sector | The Times of Israel
Advanced hackers are infecting IT providers in hopes of hitting their customers | Ars Technica
The Urgent Search for a Cyber Silver Bullet Against Iran - The New York Times
New research shows more utility companies are being targeted by phishing emails
New North Korean malware targeting ATMs spotted in India | ZDNet
Shareholders allege FedEx covered up damages caused by NotPetya attack
All the Code Connections Between Russia’s Hackers, Visualized | WIRED
World powers are pushing to build their own brand of cyber norms
Google’s ‘Quantum Supremacy’ Isn’t the End of Encryption | WIRED
The FBI Tried to Plant a Backdoor in an Encrypted Phone Network - VICE
Russian national confesses to biggest bank hack in US history | Ars Technica
Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange | ZDNet
Two years later, hackers are still breaching local government payment portals | ZDNet
Massive IT Support Fraud ‘Made $10 Million From Thousands Of Elderly Victims’
Facebook suspended tens of thousands of apps from 400 developers | ZDNet
Massive wave of account hijacks hits YouTube creators | ZDNet
Bloomberg reporter of challenged ‘Big Hack’ story gets promoted - The Washington Post
GitHub security alerts now support PHP projects | ZDNet
Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites | ZDNet
Microsoft releases out-of-band security update to fix IE zero-day & Defender bug | ZDNet
Medicine show: Crown Sterling demos 256-bit RSA key-cracking at private event | Ars Technica
Iowa officials claim confusion over scope led to arrest of pen-testers | Ars Technica
What is HTTP request smuggling? Tutorial & Examples
HTTP Desync Attacks: Request Smuggling Reborn | Blog - PortSwigger