Risky Business #558 -- Trump targets Crowdstrike, Apple jailbreakers rejoice

All the week's big security news....
02 Oct 2019 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Apple jailbreakers partying in the streets
  • Donald Trump targets Crowdstrike over 4chan conspiracy nonsense
  • Ransomware absolutely everywhere this week
  • Horror-show VxWorks bugs are popping up in other stacks
  • OnApp fixes mother of all misconfigurations
  • More SIM card issues
  • Much, much more

In this week’s sponsor interview we chat with Mr Sandbox himself, VMRay’s Carsten Willems. He’s along to talk about VMRay’s involvement in a machine-learning bypass competition that happened at DEFCON earlier this year.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval | WIRED
No, it wasn’t a virus; it was Chrome that stopped Macs from booting | Ars Technica
How Trump’s Ukraine Mess Entangled CrowdStrike | WIRED
Trump Was Repeatedly Warned That Ukraine Conspiracy Theory Was ‘Completely Debunked’ - The New York Times
Evan McMurry on Twitter: "NEW: Tom Bossert on Pres. Trump's Crowdstrike reference on Ukraine call: "It's not only a conspiracy theory, it is completely debunked... "I am deeply frustrated with what [Rudy Giuliani] and the legal team is doing in repeating that debunked theory to the president." https://t.co/o1lcVI31u8" / Twitter
Trump Still Doesn't Believe Russia Hacked the 2016 Election | WIRED
Trump told Russian officials in 2017 he wasn’t concerned about Moscow’s interference in U.S. election - The Washington Post
Airbus hit by series of cyber attacks on suppliers
U.S. Steps Up Scrutiny of Airplane Cybersecurity - WSJ
Ransomware forces 3 hospitals to turn away all but the most critical patients | Ars Technica
Surgeries delayed and patient security fears after cyber attack on Victorian hospitals
Wood Ranch Medical Announces Permanent Closure Due to Ransomware Attack
Malware infection disrupts production at defence contractor plants in three countries | ZDNet
Over 500 US schools were hit by ransomware in 2019 | ZDNet
Ransomware incident to cost Danish company a whopping $95 million | ZDNet
Decades-Old Code Is Putting Millions of Critical Devices at Risk | WIRED
Thousands of Cloud Computing Servers Could Be Owned With 'Very Simple' Attack, Researchers Say - VICE
California's new labor law is going to impact bug bounty companies. By how much is unknown.
Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold - VICE
New SIM card attack disclosed, similar to Simjacker | ZDNet
German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting — Krebs on Security
Cloudflare, Google Chrome, and Firefox add HTTP/3 support | ZDNet
Microsoft bans 38 file extensions in Outlook for the Web | ZDNet
AT&T redirected pen-test payloads to the FBI's Tips portal | ZDNet
Azure Sentinel, Microsoft's cloud-based SIEM, hits general availability | ZDNet
Microsoft will now encrypt new SSDs with BitLocker | TechRadar
High-severity vulnerability in vBulletin is being actively exploited | Ars Technica
Cybersecurity giant Comodo can’t even keep its own website secure | TechCrunch
Threesome Blowjob Scene on Giant Highway Billboard Could Have Caused an Accident, Police Say - VICE
Porn on the big screen in central Auckland: Asics video monitor hacked - NZ Herald
Yahoo Engineer Used Insider Access to Get Private Photos of Women - VICE
Landmark White data beach: Sydney IT contractor arrested after high-profile cyber attack
Home - MLSEC
VMRay | Malware Analysis Tools | Malware Sandbox Solutions