Risky Business

Alex Stamos is our news co-host this week. Patrick and Alex discuss all the week’s security news, including:

• Mass exploitation of iOS devices by Chinese govt
• Telegram moves to nix phone number enumeration “feature”
• USA targeted Iranian maritime awareness system
• Existence of Stuxnet mole revealed by Kim Zetter
• @jack gets hacked
• Much, much more

This week’s sponsor interview is with Michelle Price of AustCyber. AustCyber is the organisation here in Australia that aims to build out the Australian cyber security industry and skills base, and Michelle pops in this week to tell us all about the upcoming Australian Cyber Week.

Links to everything are below in the show notes.

Show notes Project Zero: A very deep dive into iOS Exploit chains found in the wild Mysterious iOS Attack Changes Everything We Know About iPhone Hacking | WIRED iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources Apple iPhone Hack Exposed By Google Breaks WhatsApp Encryption This Has Been the Worst Year for iPhone Security Yet - VICE Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks | WIRED Exploit Sellers Say There are More iPhone Hacks on the Market Than They’ve Ever Seen - VICE Researchers uncover malicious sites targeting China's Uyghur population Confirmed: Google’s Android Suffers Sustained Attacks By Anti-Uighur Hackers Exclusive: Messaging app Telegram moves to protect identity of Hong Kong protesters - Reuters U.S. Cyberattack Hurt Iran’s Ability to Target Oil Tankers, Officials Say - The New York Times Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran North Korean state hackers target retired diplomats and military officials | ZDNet How Twitter CEO Jack Dorsey's Account Was Hacked | WIRED Google launches bounty program to spot misuses of Google API, Chrome, and Android user data | ZDNet Google adds all Android apps with +100m installs to its bug bounty program | ZDNet Cisco releases guides for incident responders handling hacked Cisco gear | ZDNet BEC overtakes ransomware and data breaches in cyber-insurance claims | ZDNet How MuleSoft patched a critical security flaw and avoided a disaster | ZDNet Rash of ransomware continues with 13 new victims—most of them schools | Ars Technica Russian police take down malware gang that infected 800,000+ Android smartphones | ZDNet Avast and French police take over malware botnet and disinfect 850,000 computers | ZDNet TrickBot, today's top trojan, adds feature to aid SIM swapping attacks | ZDNet German bank loses €1.5 million in mysterious cashout of EMV cards | ZDNet Over 47,000 Supermicro servers are exposing BMC ports on the internet | ZDNet Spam In your Calendar? Here’s What to Do. — Krebs on Security Marc Owen Jones on Twitter: "[Thread] As promised, today I want to tell you of how I became friends with a Twitter troll called Angus Gallagher. Angus recently had a sex/ethnicity reassignment operation. He is now called Jasmine, but we'll come to that a bit later. First though, say hi to Angus #StopTheCoup https://t.co/z9cjTZxkxo" / Twitter Security Engineer job in Austin, TX at Praetorian National Missing Persons Hackathon 2019 Tickets, Fri 11/10/2019 at 9:30 am | Eventbrite