Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
https://risky.biz/
Risky Business #557 -- 26 nations release cyber norms statement at UN
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Tibetans targeted in mobile malware campaign
- Iran denies cyber-attack nobody was asking about
- More news from the Middle East
- 26 nations open UN General Assembly with statement on cyber norms
- Fedex sued over company’s NotPetya response, exec share sales
- Why “quantum supremacy” isn’t a big deal. Yet.
- Much, much more
In this week’s sponsor interview we talk to Cody Wood of Signal Sciences about http request smuggling. What it is and why it’s a nightmare to fix.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes Androids And iPhones Hacked With Just One WhatsApp Click — And Tibetans Are Under Assault Footage shows hundreds of blindfolded and shackled prisoners in China – video | World news | The Guardian Iran denies successful cyber attack on oil sector | The Times of Israel Advanced hackers are infecting IT providers in hopes of hitting their customers | Ars Technica The Urgent Search for a Cyber Silver Bullet Against Iran - The New York Times New research shows more utility companies are being targeted by phishing emails New North Korean malware targeting ATMs spotted in India | ZDNet Shareholders allege FedEx covered up damages caused by NotPetya attack All the Code Connections Between Russia’s Hackers, Visualized | WIRED World powers are pushing to build their own brand of cyber norms Google’s ‘Quantum Supremacy’ Isn’t the End of Encryption | WIRED The FBI Tried to Plant a Backdoor in an Encrypted Phone Network - VICE Russian national confesses to biggest bank hack in US history | Ars Technica Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange | ZDNet Two years later, hackers are still breaching local government payment portals | ZDNet Massive IT Support Fraud ‘Made $10 Million From Thousands Of Elderly Victims’ Facebook suspended tens of thousands of apps from 400 developers | ZDNet Massive wave of account hijacks hits YouTube creators | ZDNet Bloomberg reporter of challenged ‘Big Hack’ story gets promoted - The Washington Post GitHub security alerts now support PHP projects | ZDNet Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites | ZDNet Microsoft releases out-of-band security update to fix IE zero-day & Defender bug | ZDNet Medicine show: Crown Sterling demos 256-bit RSA key-cracking at private event | Ars Technica Iowa officials claim confusion over scope led to arrest of pen-testers | Ars Technica Ask Cybergibbons! on Twitter: "Another interesting week on a ship. As with every previous maritime test, we found a system installed that no one really knew about or understood. Shoreside was totally unaware of its existence." / Twitter What is HTTP request smuggling? Tutorial & Examples HTTP Desync Attacks: Request Smuggling Reborn | Blog - PortSwigger