Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Apple jailbreakers partying in the streets
• Donald Trump targets Crowdstrike over 4chan conspiracy nonsense
• Ransomware absolutely everywhere this week
• Horror-show VxWorks bugs are popping up in other stacks
• OnApp fixes mother of all misconfigurations
• More SIM card issues
• Much, much more

In this week’s sponsor interview we chat with Mr Sandbox himself, VMRay’s Carsten Willems. He’s along to talk about VMRay’s involvement in a machine-learning bypass competition that happened at DEFCON earlier this year.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval | WIRED No, it wasn’t a virus; it was Chrome that stopped Macs from booting | Ars Technica How Trump’s Ukraine Mess Entangled CrowdStrike | WIRED Trump Was Repeatedly Warned That Ukraine Conspiracy Theory Was ‘Completely Debunked’ - The New York Times Evan McMurry on Twitter: "NEW: Tom Bossert on Pres. Trump's Crowdstrike reference on Ukraine call: "It's not only a conspiracy theory, it is completely debunked... "I am deeply frustrated with what [Rudy Giuliani] and the legal team is doing in repeating that debunked theory to the president." https://t.co/o1lcVI31u8" / Twitter Trump Still Doesn't Believe Russia Hacked the 2016 Election | WIRED Trump told Russian officials in 2017 he wasn’t concerned about Moscow’s interference in U.S. election - The Washington Post Airbus hit by series of cyber attacks on suppliers U.S. Steps Up Scrutiny of Airplane Cybersecurity - WSJ Ransomware forces 3 hospitals to turn away all but the most critical patients | Ars Technica Surgeries delayed and patient security fears after cyber attack on Victorian hospitals Wood Ranch Medical Announces Permanent Closure Due to Ransomware Attack Malware infection disrupts production at defence contractor plants in three countries | ZDNet Over 500 US schools were hit by ransomware in 2019 | ZDNet Ransomware incident to cost Danish company a whopping $95 million | ZDNet Decades-Old Code Is Putting Millions of Critical Devices at Risk | WIRED Thousands of Cloud Computing Servers Could Be Owned With 'Very Simple' Attack, Researchers Say - VICE California's new labor law is going to impact bug bounty companies. By how much is unknown. Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold - VICE New SIM card attack disclosed, similar to Simjacker | ZDNet German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting — Krebs on Security Cloudflare, Google Chrome, and Firefox add HTTP/3 support | ZDNet Microsoft bans 38 file extensions in Outlook for the Web | ZDNet AT&T redirected pen-test payloads to the FBI's Tips portal | ZDNet Azure Sentinel, Microsoft's cloud-based SIEM, hits general availability | ZDNet Microsoft will now encrypt new SSDs with BitLocker | TechRadar High-severity vulnerability in vBulletin is being actively exploited | Ars Technica Cybersecurity giant Comodo can’t even keep its own website secure | TechCrunch Threesome Blowjob Scene on Giant Highway Billboard Could Have Caused an Accident, Police Say - VICE Porn on the big screen in central Auckland: Asics video monitor hacked - NZ Herald Yahoo Engineer Used Insider Access to Get Private Photos of Women - VICE Landmark White data beach: Sydney IT contractor arrested after high-profile cyber attack Home - MLSEC VMRay | Malware Analysis Tools | Malware Sandbox Solutions