Podcasts about Zerodium

It's possible to earn millions of dollars finding zero days and vulnerabilities in software. But, are you prepared to put in the work? Browser Exploitation Introduction: https://youtu.be/bcnV1dbfKcE Introduction to Buffer Overflows: https://youtu.be/DHCuvMfGLSU Modern Windows Kernel Exploitation: https://youtu.be/nauAlHXrkIk Linux Heap Exploitation: https://youtu.be/dMDoC9DlVzA Modern Binary/Patch Diffing: https://youtu.be/8jVOvPG4TjA Crypto and Blockchain Hacks: https://youtu.be/y5JogTgpp-s My apologies for some of the technical issues in this interview. Zoom is a nightmare :( // MENU // 00:00 - Coming up 00:53 - Stephen Sims introduction & Sans course 03:28 - Stephen's YouTube channel // Off By One Security 07:56 - Growing up with computers 08:57 - Getting involved with Sans courses // Impressed by instructors 09:52 - "The Golden Age of Hacking" // Bill Gates changed the game 15:44 - Making money from Zero-Days // Ethical and Unethical methods, zerodium.com & safety tips 32:56 - How to get started 46:53 - Opportunities in Crypto 50:26 - Windows vs. iOS vs. Linux 53:47 - Which programming language to start with 56:22 - Recommended Sans courses 01:02:04 - Recommended CTF programs & events 01:04:06 - Recommended books 01:08:23 - The Vergilius project 01:10:25 - Connect with Stephen Sims 01:12:24 - Conclusion // Stephen's Social // Twitter: https://twitter.com/Steph3nSims YouTube Live: https://www.youtube.com/@OffByOneSecu... YouTube videos: https://www.youtube.com/@OffByOneSecu... E-mail: Stephen(at)deadlisting.com // Stephen's courses // SANS Course sans.org. https://www.sans.org/cyber-security-c... - Advanced exploit development for penetration testers course - Advanced penetration testing, exploit writing, and ethical hacking (GXPN) - ARM Exploit Development // Books discussed // Grey Hat Hacking: https://amzn.to/3B1FeIK Hacking: The art of Exploitation: https://amzn.to/3Us9Uts The Shellcoder's Handbook: https://amzn.to/3VqUEhY Linkers & Loaders: https://amzn.to/3itqtbe // Websites discussed // Zerodium: https://zerodium.com/ Corelan Cybersecurity Research: https://www.corelan.be/ Fishshell: https://fishshell.com/ Vergilius Project: https://www.vergiliusproject.com/ // David's Social // Discord: https://discord.gg/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube Main Channel: https://www.youtube.com/davidbombal YouTube Tech Channel: https://youtube.com/channel/UCZTIRrEN... YouTube Clips Channel: https://www.youtube.com/channel/UCbY5... YouTube Shorts Channel: https://www.youtube.com/channel/UCEyC... Apple Podcast: https://davidbombal.wiki/applepodcast Spotify Podcast: https://open.spotify.com/show/3f6k6gE... apple ios android samsung exploit exploit development windows linux exploits zero days zero day 0day 1day hack hacking hacker windows kernel windows kernel exploit linux heap linux heap exploit reverse engineering reverse engineer reverse exploit red team red teaming binary diff binary diffing #android #ios #linux

Attacchi mirati basati su OAuth, Zerodium offre 400mila dollari per gli exploit di Outlook, falla sul server mail di Uber, aumento dei ricatti per non subire attacchi DOS, usare una patch non certificata non è saggio, Bootkit del gruppo Apt41, attenzione a plugin e temi di Wordpress. Ne parliamo con Giancarlo Calzetta, appassionato di sicurezza, e Andrea Veca, CEO di Achab per la rubrica “La sicurezza secondo Giancarlo”. Tutti i dettagli sul sito di RadioAchab.

Picture of the Week. Apple eliminates 0-days from iOS and macOS. Qualys published technical details for PwnKit. Log4Shell hits Ubiquiti. New bug bounties posted by Zerodium. "DrawnApart": A device identification technique based on remote GPU fingerprinting. Sorting Windows Folders to the TOP! Closing the Loop. SpinRite. The "Topics" API. We invite you to read our show notes at https://www.grc.com/sn/SN-856-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit itpro.tv/securitynow promo code SN30 progress.com/security-now

Picture of the Week. Apple eliminates 0-days from iOS and macOS. Qualys published technical details for PwnKit. Log4Shell hits Ubiquiti. New bug bounties posted by Zerodium. "DrawnApart": A device identification technique based on remote GPU fingerprinting. Sorting Windows Folders to the TOP! Closing the Loop. SpinRite. The "Topics" API. We invite you to read our show notes at https://www.grc.com/sn/SN-856-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit itpro.tv/securitynow promo code SN30 progress.com/security-now

Picture of the Week. Apple eliminates 0-days from iOS and macOS. Qualys published technical details for PwnKit. Log4Shell hits Ubiquiti. New bug bounties posted by Zerodium. "DrawnApart": A device identification technique based on remote GPU fingerprinting. Sorting Windows Folders to the TOP! Closing the Loop. SpinRite. The "Topics" API. We invite you to read our show notes at https://www.grc.com/sn/SN-856-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit itpro.tv/securitynow promo code SN30 progress.com/security-now

Picture of the Week. Apple eliminates 0-days from iOS and macOS. Qualys published technical details for PwnKit. Log4Shell hits Ubiquiti. New bug bounties posted by Zerodium. "DrawnApart": A device identification technique based on remote GPU fingerprinting. Sorting Windows Folders to the TOP! Closing the Loop. SpinRite. The "Topics" API. We invite you to read our show notes at https://www.grc.com/sn/SN-856-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit itpro.tv/securitynow promo code SN30 progress.com/security-now

Picture of the Week. Apple eliminates 0-days from iOS and macOS. Qualys published technical details for PwnKit. Log4Shell hits Ubiquiti. New bug bounties posted by Zerodium. "DrawnApart": A device identification technique based on remote GPU fingerprinting. Sorting Windows Folders to the TOP! Closing the Loop. SpinRite. The "Topics" API. We invite you to read our show notes at https://www.grc.com/sn/SN-856-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit itpro.tv/securitynow promo code SN30 progress.com/security-now

QNAP Ransomware, APT29 Malware, Zerodium zero-days & more   Cybersecurity News CyberHub Podcast January 31st, 2022   Today's Headlines and the latest #cybernews from the desk of the #CISO: Deadbolt ransomware hits more than 3,600 QNAP NAS devices Russian APT29 hackers' stealthy malware undetected for years Zerodium looks to buy zero-days in Outlook and Thunderbird email clients SureMDM Vulnerabilities Exposed Companies to Supply Chain Attacks Americans lost $770 million from social media fraud surge   Story Links: https://therecord.media/deadbolt-ransomware-hits-more-than-3600-qnap-nas-devices/ https://www.bleepingcomputer.com/news/security/russian-apt29-hackers-stealthy-malware-undetected-for-years/ https://therecord.media/zerodium-looks-to-buy-zero-days-in-outlook-and-thunderbird-email-clients/ https://www.securityweek.com/suremdm-vulnerabilities-exposed-companies-supply-chain-attacks https://www.bleepingcomputer.com/news/security/ftc-americans-lost-770-million-from-social-media-fraud-surge/   “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine   The Practitioner Brief is sponsored by: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub  ****** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Digital Debate, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/c/TheCyberHubPodcast Rumble:  https://rumble.com/c/c-1353861 Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast   The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Cyberattacco ai distributori di benzina in Iran, due attacchi ad app dello store Google, anche il ransomware ha bug, l'estorsione lampo, quanto rende un attacco ransomware e quanto un attacco BEC, Zerodium si interessa alle VPN. Ne parliamo con Giancarlo Calzetta, appassionato di sicurezza, e Andrea Veca, CEO di Achab per la rubrica “La sicurezza secondo Giancarlo”. Tutti i dettagli sul sito di RadioAchab.

Nick Castellucci is a software engineer and hacker. In 2013 and 2014, Nick and 3 partners successfully hacked into EA Sports' FIFA Operating System to generate FIFA Coins at an exponential rate –– making millions of dollars along the way. Following an FBI Investigation, he pleaded guilty to Wire Fraud and served no prison time. However, upon further review, the case appears to be a prime example of massive government overreach –– and the “crime” doesn't seem to have been a crime at all. In this podcast, Nicks tells the story behind how it all went down. ***TIMESTAMPS*** 0:00 - Intro; Defense Attorneys and how they impact cases; NICK TELLS THE STORY OF THE FIFA HACK; How the FIFA Coin System worked; Nick's earliest days as a hacker; How Nick and his fellow hacker team built bot accounts; The Law that the FBI used to charge them: CFAA; Julian wonders what about any of Nick's actions was even illegal; The first way the FBI found out what they were doing; The difference between FIFA Coins and FIFA Points 46:39 - Why Nick left the hacking project behind a year early; Nick talks about how he and his co-conspirators opened up an LLC and hired an attorney right after starting the scheme; Nick reveals the second way the FBI found out about what they were doing (this will blow your mind); The difference between American Law and International Law as it pertains to this case; Nick explains why the case was very profitable for the government to take on; Why Seizures are such a windfall for the US Government; Nick describes the day the FBI came for him 1:03:56 - Privacy and Government capabilities to circumvent it; The Conundrum that is Jack Dorsey; Warrant Canary; Revisiting Facebook and Cambridge Analytica 1:21:58 - Facebook and the move to the Metaverse (under the new name, “Meta”); Nick explains how he believes the Metaverse will work; How will traditional real-world value like land and real estate work in the Metaverse?; Describes what a VR World will look like 1:39:04 - Nick and Julian debate Simulation Theory; The Ultimate Evidence to build The Simulation Theory Case: The Fourth Turning; Nick explains why there might *not* be meaning to life; Genghis Khan and X* J*nping; The subjectivity of good and evil; Laws packed with stupid add-ins; What Nick's case and other circumstances say about the over-complexity of the law 1:57:16 - A society run by people who don;'t want to be sued; Nick explains the definition of “spin”; Nick and Julian watch a video from Australia and discuss what's happening to their society during the Pandemic; The Left Right Position shift is in the midst of happening again? 2:26:14 - Nick explains what a Zero Day is and why Zero Days are the holy grail of hacking; Zerodium and white hat hacking payouts; Nick explains what Pegasus is and how some mobile malware is practically unbeatable once its distributor has your phone number; Julian brings up Sandworm by Andy Greenberg; Could Tesla be hacked?; Bitcoin talk; What if Satoshi was actually a government and Bitcoin its ploy?; Nick and Julian discuss whether Bitcoin is a currency or a store of value 2:56:20 - The end of Nick's FIFA- FBI Case and where everything stands today ~ YouTube EPISODES & CLIPS: https://www.youtube.com/channel/UC0A-v_DL-h76F75xik8h03Q  ~ Get $100 Off The Eight Sleep Pod Pro Mattress / Mattress Cover: https://eight-sleep.ioym.net/trendifier  Julian's Instagram: https://www.instagram.com/julianddorey  ~ Beat provided by: https://freebeats.io  Music Produced by White Hot

Picture of the Week. A sneak peak at November 9th upcoming Win11 fixes. Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement! Microsoft: "We're Excited to Announce the Launch of Comms Hub!" Microsoft: "Windows update expiration policy explained" And while we're on the subject of Windows Updates... Windows XP's 20th Anniversary. Last Tuesday the 19th, Zerodium tweeted... The "Devastating" Gummy Browsers attack! User-Agent Parser NPM package maliciously altered. Closing the Loop. Miscellany. SciFi - Dune / Foundation / Arrival / Invasion SpinRite. The More Things Change... We invite you to read our show notes at https://www.grc.com/sn/SN-842-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: BANDWIDTH.COM/TWIT Melissa.com/twit CrowdStrike.com/twit

Picture of the Week. A sneak peak at November 9th upcoming Win11 fixes. Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement! Microsoft: "We're Excited to Announce the Launch of Comms Hub!" Microsoft: "Windows update expiration policy explained" And while we're on the subject of Windows Updates... Windows XP's 20th Anniversary. Last Tuesday the 19th, Zerodium tweeted... The "Devastating" Gummy Browsers attack! User-Agent Parser NPM package maliciously altered. Closing the Loop. Miscellany. SciFi - Dune / Foundation / Arrival / Invasion SpinRite. The More Things Change... We invite you to read our show notes at https://www.grc.com/sn/SN-842-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: BANDWIDTH.COM/TWIT Melissa.com/twit CrowdStrike.com/twit

Picture of the Week. A sneak peak at November 9th upcoming Win11 fixes. Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement! Microsoft: "We're Excited to Announce the Launch of Comms Hub!" Microsoft: "Windows update expiration policy explained" And while we're on the subject of Windows Updates... Windows XP's 20th Anniversary. Last Tuesday the 19th, Zerodium tweeted... The "Devastating" Gummy Browsers attack! User-Agent Parser NPM package maliciously altered. Closing the Loop. Miscellany. SciFi - Dune / Foundation / Arrival / Invasion SpinRite. The More Things Change... We invite you to read our show notes at https://www.grc.com/sn/SN-842-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: BANDWIDTH.COM/TWIT Melissa.com/twit CrowdStrike.com/twit

Picture of the Week. A sneak peak at November 9th upcoming Win11 fixes. Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement! Microsoft: "We're Excited to Announce the Launch of Comms Hub!" Microsoft: "Windows update expiration policy explained" And while we're on the subject of Windows Updates... Windows XP's 20th Anniversary. Last Tuesday the 19th, Zerodium tweeted... The "Devastating" Gummy Browsers attack! User-Agent Parser NPM package maliciously altered. Closing the Loop. Miscellany. SciFi - Dune / Foundation / Arrival / Invasion SpinRite. The More Things Change... We invite you to read our show notes at https://www.grc.com/sn/SN-842-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: BANDWIDTH.COM/TWIT Melissa.com/twit CrowdStrike.com/twit

Picture of the Week. A sneak peak at November 9th upcoming Win11 fixes. Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement! Microsoft: "We're Excited to Announce the Launch of Comms Hub!" Microsoft: "Windows update expiration policy explained" And while we're on the subject of Windows Updates... Windows XP's 20th Anniversary. Last Tuesday the 19th, Zerodium tweeted... The "Devastating" Gummy Browsers attack! User-Agent Parser NPM package maliciously altered. Closing the Loop. Miscellany. SciFi - Dune / Foundation / Arrival / Invasion SpinRite. The More Things Change... We invite you to read our show notes at https://www.grc.com/sn/SN-842-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: BANDWIDTH.COM/TWIT Melissa.com/twit CrowdStrike.com/twit

Picture of the Week. A sneak peak at November 9th upcoming Win11 fixes. Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement! Microsoft: "We're Excited to Announce the Launch of Comms Hub!" Microsoft: "Windows update expiration policy explained" And while we're on the subject of Windows Updates... Windows XP's 20th Anniversary. Last Tuesday the 19th, Zerodium tweeted... The "Devastating" Gummy Browsers attack! User-Agent Parser NPM package maliciously altered. Closing the Loop. Miscellany. SciFi - Dune / Foundation / Arrival / Invasion SpinRite. The More Things Change... We invite you to read our show notes at https://www.grc.com/sn/SN-842-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: BANDWIDTH.COM/TWIT Melissa.com/twit CrowdStrike.com/twit

Picture of the Week. A sneak peak at November 9th upcoming Win11 fixes. Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement! Microsoft: "We're Excited to Announce the Launch of Comms Hub!" Microsoft: "Windows update expiration policy explained" And while we're on the subject of Windows Updates... Windows XP's 20th Anniversary. Last Tuesday the 19th, Zerodium tweeted... The "Devastating" Gummy Browsers attack! User-Agent Parser NPM package maliciously altered. Closing the Loop. Miscellany. SciFi - Dune / Foundation / Arrival / Invasion SpinRite. The More Things Change... We invite you to read our show notes at https://www.grc.com/sn/SN-842-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: BANDWIDTH.COM/TWIT Melissa.com/twit CrowdStrike.com/twit

Picture of the Week. A sneak peak at November 9th upcoming Win11 fixes. Leo gets his wish!! REvil WAS recently re-taken down by Law Enforcement! Microsoft: "We're Excited to Announce the Launch of Comms Hub!" Microsoft: "Windows update expiration policy explained" And while we're on the subject of Windows Updates... Windows XP's 20th Anniversary. Last Tuesday the 19th, Zerodium tweeted... The "Devastating" Gummy Browsers attack! User-Agent Parser NPM package maliciously altered. Closing the Loop. Miscellany. SciFi - Dune / Foundation / Arrival / Invasion SpinRite. The More Things Change... We invite you to read our show notes at https://www.grc.com/sn/SN-842-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: BANDWIDTH.COM/TWIT Melissa.com/twit CrowdStrike.com/twit

VIDEO: Malware kampaň na YouTube a Zerodium nakupuje 0-day zranitelnosti VPN klientů - SecurityCast Ep#81 - YouTube Vláda USA vydala varování organizacím hlavně v kritické infrastruktuře před hrozbou, kterou představuje skupina za ransomwarem BlackMatter; Kampaň na YouTube, která využívá YouTube videa k nasazování malwaru, který krade přihlašovací údaje; MITRE vydala již desátou verzi frameworku ATT&CK; Zerodium přeprodává 0-day zranitelnosti VPN klientů a doporučení s tím spojená. Sledujte nás na Twitteru @AlefSecurity a @Jk0pr.

This Week Dr. Doug talks: CyberTraining, the death of FTP, Quickfox VPN, Zerodium, FIN7, TruthSocial, GPS hijinx, candy corn, as well as all the show wrap ups on this edition of the Security Weekly News Wrap up Show! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn160

This Week Dr. Doug talks: CyberTraining, the death of FTP, Quickfox VPN, Zerodium, FIN7, TruthSocial, GPS hijinx, candy corn, as well as all the show wrap ups on this edition of the Security Weekly News Wrap up Show! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn160

This Week Dr. Doug talks: CyberTraining, the death of FTP, Quickfox VPN, Zerodium, FIN7, TruthSocial, GPS hijinx, candy corn, as well as all the show wrap ups on this edition of the Security Weekly News Wrap up Show!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn160

In today's podcast we cover four crucial cyber and technology topics, including:  1. Squirrel flaw puts game industry at risk  2. China-linked LightBasin reportedly targeted telecom munitions firms to steal data  3. Zerodium paying for Zero-Day exploits to popular VPN services   4. Man sentenced to 7 years in prison for 2014 hack of health care data  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

We revisit the seminal distros that shaped Linux's past. Find out if these classics still hold up. Plus the outrageous bounty on a beloved Linux desktop app. Special Guest: Gary Kramlich.

In today's podcast we cover four crucial cyber and technology topics, including: 1. Zerodium paying 100k for Pidgin 0Days 2. U.S. Justice department seizes two domains associated with SolarWinds hackers 3. WordPress plugin flawed, actively exploited, no fix available 4. Exagrid backup firm attacked, pays 50 BTC ransom I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

This week's WordPress news - Covering The Week Commencing 12th April 2021

Sponsored by SecurityWeek (https://securityweek.com): This is the republication of an interview first conducted in March 2013 with then-VUPEN chief executive Chauki Bekrar. The audio file was lost in several podcast platform transfers and I'm glad to be able to retain this interview for historical purposes. The recording was conducted in the hallways of the CanSecWest Pwn2Own hacking contest in 2013 where Bekrar's team of hackers demo'd a zero-day attack against Microsoft Internet Explorer 10 on Windows 8, an exploit that bypassed all mitigations including the browser sandbox. We chat about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Own hacker contest. (Please excuse the audio quality and background chatter, this was recorded with a small handheld device in a noisy room).

WISP.org PSA at 35m56s - 37m 19s   Agenda:Bio/background Why are you here (topic discussion) What is the Linux Security Summit North America https://grsecurity.net/   Questions from the meeting invite:   This only affects people who want to use a custom kernel, correct? This doesn’t affect you if you are running bog-standard linux (debian, gentoo, Ubuntu) right? What options do people have in cloud environments?   Does the use of microservices make grsecurity less worthwhile?   You mentioned ARM 64 processors in your first slide as making  significant security functionality strides. With Apple and Microsoft going to ARM based processors, what are some things you feel need to be added to the kernel to shore up Linux for ARM, since some purists enjoy an Apple device with Linux on it? https://www.youtube.com/watch?v=F_Kza6fdkSU - Youtube Video   https://grsecurity.net/10_years_of_linux_security.pdf -- pdf slides   https://lwn.net/Articles/569635/ - Definition of KASLR    LTS kernels moved from 2 years to 6 years - why? 6 years is pretty much “FOREVER” in software development.  Patches get harder to backport, or worse; Could introduce new vulnerabilities Project Treble: https://www.computerworld.com/article/3306443/what-is-project-treble-android-upgrade-fix-explained.html   LTSI: https://ltsi.linuxfoundation.org/   4.4 XLTS is available until Feb2022 -  If fixes and all bugs haven’t been backported (1,250 security fixes aren’t in the latest stable 4.4 kernel) What are the “safe” kernels? Has anything changed since the presentation you gave earlier in July 2020    Syzkaller Let’s discuss Slide 27 (what are those tems?) “Is it improving code quality, or Is it making people lazier and more reliant on a tool to check code?” Slide 29 audio, you mention that you use Syzkaller… why do you use it?   Exploitation Trends Attackers still don’t care about whether a vulnerability has a CVE assigned or not Don’t many vulnerabilities require some work to get to the kernel? And why should they work to get to the kernel?   https://www.bleepingcomputer.com/news/security/rewards-of-up-to-500-000-offered-for-freebsd-openbsd-netbsd-linux-zero-days/ 500K IF the kernel vuln affects major distros (Centos, Ubuntu) https://resources.whitesourcesoftware.com/blog-whitesource/top-10-linux-kernel-vulnerabilities   Why does Zerodium payout for kernel vulns lower than application vulns? Would it be fair to say that getting root/persistence is all that matters and you don’t need to worry about the kernel to do so?   Many of the new security features are protecting against bad programming practices?  So by adding all these things, who are you securing systems against?  Bad actors, or devs who employ poor coding measures?  Why do you think we see lower adoption rates of security      Problem solving: Halvar Flake: http://addxorrol.blogspot.com/2020/03/before-you-ship-security-mitigation.html   If we have time…    Threat models in a kernel Where do they go in the development lifecycle? If kernel dev is an open environment, what precipitates the need for a kernel mitigation threat model Is there an example somewhere that we can see? What is the format? Methodology? Do you think static code analysis of the kernel is worthwhile at all? Absolutely! We do a lot of it, including via the analysis resulting from compiling with LLVM, as well as via specific static analysis GCC plugins of our own.   OK, what about the large amount of false positives the analyzers generate? Do you get around with your custom plugins? Also do you use the analyzers included with Clang and GCC v.10 or 3rd products? That's usually a property of the analysis itself -- some can have large false positive issues, others not. Ideally we try to limit that for the plugins we write (we just recently added one helpful for some kind of NULL ptr dereferences this week). My understanding is the public now also has access to the Coverity reports for the kernel? As far as GCC versions, yes we test with all versions from 4.5 to 10.   What do you think of proposed XPFO patch? https://lwn.net/Articles/784839/ The performance profile is a big problem, and it doesn't address that the same attack can be performed in a different way that it wouldn't handle (that limitation is also mentioned in the original paper). So we haven't invested in it at all with our own work.   how about git sha-256 security measures ? Not my domain of expertise, but sounds like a good idea.   What is the status of KASLR on non-Intel architectures? ARMv7/v8? It exists there as well, and is shipped in Android. It's also recently been added for PowerPC.   What dynamic analysis/testing tools do you use for the kernel? We have a couple racks of hardware, including some new AMD EPYC2 systems dedicated entirely to testing and syzkaller fuzzing. We have syzkaller in place (along with backports of functionality to improve its functionality/coverage) for all kernels we support, as well as a good mix of physical/VM systems for major distros, and automated build/boot/functionality/regression testing in a number of configs across ARM/ARM64/MIPS/PowerPC/SPARC64/i386/x86_64. Thanks! Do you write your own configs/definitions for syzkaller? Yes, including some changes to the code to have it detect some of our specific kernel message (size_overflow, refcount, RAP, etc)   What do you think about LKRG? Also, does grsec provide any similar runtime protection/detection/security? I think it's a good alternative to some other commercial security products, but it's not what our goal is with grsecurity. I like the author of LKRG, but heuristic-based security is always problematic as you can't perform the checks everywhere they need to be performed, or as often as they need to be performed. When an attacker knows the checks performed (or has a general idea), then it's easy to devise an attack that would bypass it, knowing how computationally complex it would be to detect. So in grsecurity we focus on providing real defense vs just having a chance to detect something after the fact.   Do you plan on implementing RAP on PowerPC Architecture? We haven't seen any commercial interest in it, but RAP is technically architecture-independent. We've done some demos for non-x86 architectures, and also just recently (within the past month or so), released a version for i386.   For how long GRSecurity is planning to support 5.4 LTS and LTS generally? What do you think is a good rule of thumb? We've always generally supported them for 3 years, regardless of upstream's support periods. We have an independent process for performing backports that involves looking at all the upstream commits and other sources of information, regardless of any stable/Fixes tags (basically a manual version of AUTOSEL).   What is your opinion of the recently proposed Function-Granular KASLR series? Not a fan of *KASLR in the kernel in general. It tries to deal with a problem (poorly) that there already exists a much better solution for: CFI.   Could you comment on how well (relative to your x86 detailed knownledge) ARM and PPC security fixes are backported? We have many years of reverse engineering experience (15+ on my end) across multiple architectures. We were the first to develop software-based PXN/PAN for ARM for instance. We've also developed functionality specifically for non-x86 architectures. Within the past 2 years or so, we added POWER9 support for REFCOUNT, and have the physical hardware on site (in additional to qemu-based testing) to perform the work. But yes, our backports cover all architectures we support.   What is your opinion on the use of BPF for security-purposes, i.e. security monitoring and newer approaches like KRSI? Enabling something like BPF solely for the use of security seems like it could backfire, given how invasive it is. As long as it's not controllable by an unprivileged user, I think it's fine. Anything that avoids the hassle of having to upstream something in order to implement some new kind of security check, is a good idea. They'll still be limited by the LSM interface itself, so that would be the next barrier to go. With BTF, there's a lot of possibility there.   Regarding exploiting containers: isn't the issue with containers that they have very poor defaults and that people don't use the features they could? For example: mounting sysfs or procfs into a container or not adjusting seccomp/apparmor (or better(?) selinux) policies? That's a problem, but the crucial problem is the shared kernel among all containers. If you look at past exploits, they've been in things like futex, mremap, waitid, brk, etc, all syscalls that would be allowed in nearly all of the most strict seccomp policies. The granularity of current seccomp policies is really not that great, and any sufficiently complex code will necessarily have exposure to a large part of kernel attack surface.   What do you think about the CIP Projects' focus on CVE tracking (especially for the kernel)? It's a good initiative, but the main problem with the kernel is that most vulnerabilities in the kernel don't get a CVE in the first place. I know for certain that many of the security issues we've tweeted haven't had a CVE assigned. The ones that do are when a distro with the vuln present in their kernel spots it and requests one. Most vulnerabilities in recent kernels especially don't get CVEs requested, because distros aren't shipping them.   What's your opinion on SMACK? Any other reference implementation except Tizen? Haven't used it myself, so no opinion one way or another, sorry Doesn't seem bad at least in terms of number of security fixes backported to it compared to other access control LSMs.   If you disable as many CONFIG_* options in your kernel config have you actually reduced your attack surface or is most of the vulnerable code not in modules? Yes, this is a good approach particularly for upstream kernels. I would definitely recommend compiling your own kernel instead of using default distro configs (from a security perspective). Under grsecurity, we have a feature that makes it actually a good idea to put as much functionality in modules as possible, as they can't be auto-loaded by unprivileged users. So the functionality is there if it's needed across a fleet of systems, without the downsides. TARA analysis performed in Linux Kernel ? I'm not familiar with this, sorry!   Is the poor state of LTS and XLTS security backports found in PPC and ARM as well as (presumably) what you report for x86? It's somewhat of an across-the-board problem   Actually I hoped that you will tell about new cool features that appeared in grsecury. Can you share anything about your new kernel heap hardening? It's called AUTOSLAB, and it's useful both for security (particularly against AEG and UAFs), but also for debugging.  Minimal performance impact, we've had one person mention their system feels faster now, and we actually had a bug in one of our routine benchmarks where the feature got enabled in the "minimal" config, yet still reported better benchmark results in all tests than an upstream kernel.  So a really nice performance profile, with some additional memory wastage in the MEMCG case, but nothing terrible.  Also non-invasive, as it's done through a GCC plugin. Thanks for your talk, Brad! What would make you work for upstream? We offered that already years ago, and none of the companies involved seemed to be interested.  So we're funded directly now by people that benefit from our work.       Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonSmile: https://brakesec.com/smile  #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

The Register: “La seguridad de iOS está jodida", dice Zerodium, el broker de exploits y desploma los precios para los exploits de Apple. ¿Quien es Zerodium? Según su página web: ZERODIUM es la plataforma de adquisición de exploits líder en el mundo para premium 0 Days y capacidades avanzadas de ciberseguridad. Pagamos GRANDES recompensas a los investigadores de seguridad para adquirir sus 0 days sin reportar. Mientras que la mayoría de los programas de recompensas existentes aceptan casi cualquier tipo de vulnerabilidades y PoC, pagan recompensas muy bajas, en ZERODIUM nos enfocamos en vulnerabilidades de alto riesgo con exploits completamente funcionales y pagamos las recompensas más altas (hasta $ 2,500,000 por cada uno “movil”). Hace 5 años, Zerodium ofrecia 1M de dólares por ciertos exploits para dispositivos Apple, pero ahora la compañía ha anunciado que no pagará por exploits nuevos debido a la enorme cantidad que está recibiendo. Via Twitter la compañía dijo que no aceptará nuevos exploits tipo Escalamiento de Privilegios Local, Ejecución de Código Remota en Safari, sandbox escapes durante los próximos 3 meses. También dijo “Los precios para los exploits en cadena con un click vía Safari sin persistencia, por ejemplo, probablemente también bajen de precio”. https://zerodium.com/program.html#changelog. iOS 13 ha sido muy defectuoso, tanto que Craig Federighi, vicepresidente senior de ingeniería de software de Apple, tuvo que revisar el proceso de pruebas de software. Por otro lado Patrick Wardle, fundador de Objective-See, dijo que la supuesta sobreoferta de vulnerabilidades también puede ser una consecuencia de la actual crisis de salud global. "Es probable que haya muchos hackers atrapados en casa con tiempo extra en sus manos, o tal vez que han perdido sus trabajos o están en una situación financiera difícil, como lo es una gran parte de la población" “Agrega tiempo y motivación financiera, y obtendrás más bugs.” Pero cómo utilizan esos exploits para comprometer un teléfono iOS. Este es un ejemplo de LightSpy, un “full remote iOS exploit chain (Exploit remoto en cadena, es decir, si el primero es exitoso, el segundo puede ejecutarse y así...)“ que ataca a usuarios en Hong Kong y le permite a los atacantes una vigilancia profunda y un control total sobre los dispositivos iOS infectados. Esta actividad se detectó durante el pasado Enero. Actividad: Los atacantes escriben un post muy atractivo en un foro que atrae la atención de las víctimas “Watering hole attack”. Al darle clic al link dentro del post son redirigidos a un sitio infectado y bajo control de los atacantes. Cuando la página carga en el navegador del usuario, la página carga un iFrame que carga otra página en el background, la cual ejecuta código malicioso que explota una vulnerabilidad de “Ejecución de Código Remoto” en el navegador, La “Ejecución de Código Remoto” permite ejecutar códigos dentro del dispositivo que permite la ejecución del exploit para tomar el control total del dispositivo. Dentro del proceso del “exploit” se ejecuta una otro código que permite elevar los privilegios “Local Privilege Escalation”, en resumen te permite saltar de un nivel usuario a un nivel administrador. Ya con premisos de administrador en el dispositivo, se descarga un malware (en este caso un troyano), lo instala y lo ejecuta. Ya que este troyano ya está siendo ejecutado con privilegios de administrador, puede tomar el control total o parcial del dispositivo.

Прокуратор, выпуск 202005|↑↓> + .97938449|↓↑> Участники: Артем Гавриченков, Георгий Тарасов, Александр Зубков, Артем Шворин, Александр Козлов. Темы без меток времени: 5g в автомобилях; Сами автомобили; Паша Дуров и TON; Социальный мониторинг и прочие приложения, а также паспортные данные; PATRIOT act; Zerodium; И Thunderbolt 3, который нужно залить клеем; Немного прошлись мимоходом по Intel; И вспомнили про отрицательную стоимость на нефть; А также латвийский дрон.

L: NSO suplanta a Facebook para hackear objetivos A: Asesino serial cae por usar la tarjeta de crédito de su víctima H: “La seguridad de iOS está jodida", dice Zerodium, el broker de exploits y desploma los precios para los exploits de Apple L: Nace el estándar SD 8.0 ¡Esperen SDs ultra rápidas! A: Samsung presenta un nuevo navegador para Android H: Hackers rusos usan los códigos del estatus de HTTP para controlar sus malwares

In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode651

In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode651

Rethinking Severity https://isc.sans.edu/forums/diary/Patch+Tuesday+Revisited+CVE20201048+isnt+as+Medium+as+MS+Would+Have+You+Believe/26124/ Top Exploited Vulnerabilities https://www.us-cert.gov/ncas/alerts/aa20-133a Zerodium Drops Payouts For iOS/Safari Exploits https://twitter.com/Zerodium/status/1260541578747064326?s=20 BigIP Edge Client Vulenrability https://support.f5.com/csp/article/K20346072

This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to talk about MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data! In our second segment, we welcome back Harry Sverdlove, Founder and CTO of Edgewise Networks, to discuss Securing Remote Access, Quarantines, and Security! In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!   Show Notes: https://wiki.securityweekly.com/PSWEpisode651 To learn more about Elastic Security, visit: https://securityweekly.com/elastic To view the Elastic Dashboard of MITRE ATT&CK Round 2 Evaluation Results, visit: https://ela.st/mitre-eval-rd2 To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to talk about MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data! In our second segment, we welcome back Harry Sverdlove, Founder and CTO of Edgewise Networks, to discuss Securing Remote Access, Quarantines, and Security! In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!   Show Notes: https://wiki.securityweekly.com/PSWEpisode651 To learn more about Elastic Security, visit: https://securityweekly.com/elastic To view the Elastic Dashboard of MITRE ATT&CK Round 2 Evaluation Results, visit: https://ela.st/mitre-eval-rd2 To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Rethinking Severity https://isc.sans.edu/forums/diary/Patch+Tuesday+Revisited+CVE20201048+isnt+as+Medium+as+MS+Would+Have+You+Believe/26124/ Top Exploited Vulnerabilities https://www.us-cert.gov/ncas/alerts/aa20-133a Zerodium Drops Payouts For iOS/Safari Exploits https://twitter.com/Zerodium/status/1260541578747064326?s=20 BigIP Edge Client Vulenrability https://support.f5.com/csp/article/K20346072

A patent lawsuit takes aim at the GNOME Foundation, Cloudflare launches a VPN service that does not protect privacy, a long-standing exploit has finally been disclosed for vBulletin, and Google has announced their latest code-in challenge.

Microsoft Word bug allows attackers to bypass security defenses, Zerodium offering large payouts for cloud zero-days, and reportedly Chinese hackers targeted 27 universities for military secrets on episode 233 of our daily cybersecurity podcast.

This week, Ethereum hit by Double Spend attack, NSA to release reverse engineering tool for free, a Skype glitch allowed Android Authentication Bypass, Zerodium offers $2 Million for remote iOS jailbreaks, and tens of thousands of hot tubs are exposed to hacking! Our CEO Matt Alderman joins us for expert commentary on how Container Security lags amidst DevOps enthusiasm, and more!   Full Show Notes: https://wiki.securityweekly.com/HNNEpisode202 Visit https://www.securityweekly.com/hnn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

A hacker compromises Australia's Early Warning Network, Zerodium to pay up to $2M for Apple zero-day exploits, and a pair of new breach disclosures on episode 196 of our daily cybersecurity podcast.

This week, Ethereum hit by Double Spend attack, NSA to release reverse engineering tool for free, a Skype glitch allowed Android Authentication Bypass, Zerodium offers $2 Million for remote iOS jailbreaks, and tens of thousands of hot tubs are exposed to hacking! Our CEO Matt Alderman joins us for expert commentary on how Container Security lags amidst DevOps enthusiasm, and more!   Full Show Notes: https://wiki.securityweekly.com/HNNEpisode202 Visit https://www.securityweekly.com/hnn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Etherium hit by Double Spend attack, NSA to release reverse engineering tool for free, a Skype Glitch allowed Android Authentication Bypass, Zerodium offers $2Million for remote iOS jailbreaks, and Tens of Thousands of Hot Tubs are exposed to hack! Our CEO Matt Alderman joins us for expert commentary on Container Security Lags Amidst DevOps Enthusiasm! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode202 Visit http://hacknaked.tv to get all the latest episodes!

Nowości ze świata security w zwięzłej formie. W tym odcinku: zatruwanie odpowiedzi serwera cache, omijanie blokady rodzicielskiej w Nintendo Switch oraz exploit na Tor Browser. 0:15 https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SESN-2018-236-01+Conext+USB+Malware.pdf&p_Doc_Ref=SESN-2018-236-01 1:07 https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html 2:11 https://portswigger.net/blog/practical-web-cache-poisoning 4:09 https://www.secjuice.com/finding-real-ips-of-origin-servers-behind-cloudflare-or-tor/ 5:35 https://blog.grimm-co.com/post/malicious-command-execution-via-bash-completion-cve-2018-7738/ 6:43 https://medium.com/kidsnclicks/nintendo-switch-parental-controls-dont-work-7febabf4942a 7:46 https://twitter.com/Zerodium/status/1039127214602641409 Więcej na: https://youtu.be/6h_8TW242Ds

What ZFS blockpointers are, zero-day rewards offered, KDE on FreeBSD status, new FreeBSD core team, NetBSD WiFi refresh, poor man’s CI, and the power of Ctrl+T. ##Headlines What ZFS block pointers are and what’s in them I’ve mentioned ZFS block pointers in the past; for example, when I wrote about some details of ZFS DVAs, I said that DVAs are embedded in block pointers. But I’ve never really looked carefully at what is in block pointers and what that means and implies for ZFS. The very simple way to describe a ZFS block pointer is that it’s what ZFS uses in places where other filesystems would simply put a block number. Just like block numbers but unlike things like ZFS dnodes, a block pointer isn’t a separate on-disk entity; instead it’s an on disk data format and an in memory structure that shows up in other things. To quote from the (draft and old) ZFS on-disk specification (PDF): A block pointer (blkptr_t) is a 128 byte ZFS structure used to physically locate, verify, and describe blocks of data on disk. Block pointers are embedded in any ZFS on disk structure that points directly to other disk blocks, both for data and metadata. For instance, the dnode for a file contains block pointers that refer to either its data blocks (if it’s small enough) or indirect blocks, as I saw in this entry. However, as I discovered when I paid attention, most things in ZFS only point to dnodes indirectly, by giving their object number (either in a ZFS filesystem or in pool-wide metadata). So what’s in a block pointer itself? You can find the technical details for modern ZFS in spa.h, so I’m going to give a sort of summary. A regular block pointer contains: various metadata and flags about what the block pointer is for and what parts of it mean, including what type of object it points to. Up to three DVAs that say where to actually find the data on disk. There can be more than one DVA because you may have set the copies property to 2 or 3, or this may be metadata (which normally has two copies and may have more for sufficiently important metadata). The logical size (size before compression) and ‘physical’ size (the nominal size after compression) of the disk block. The physical size can do odd things and is not necessarily the asize (allocated size) for the DVA(s). The txgs that the block was born in, both logically and physically (the physical txg is apparently for dva[0]). The physical txg was added with ZFS deduplication but apparently also shows up in vdev removal. The checksum of the data the block pointer describes. This checksum implicitly covers the entire logical size of the data, and as a result you must read all of the data in order to verify it. This can be an issue on raidz vdevs or if the block had to use gang blocks. Just like basically everything else in ZFS, block pointers don’t have an explicit checksum of their contents. Instead they’re implicitly covered by the checksum of whatever they’re embedded in; the block pointers in a dnode are covered by the overall checksum of the dnode, for example. Block pointers must include a checksum for the data they point to because such data is ‘out of line’ for the containing object. (The block pointers in a dnode don’t necessarily point straight to data. If there’s more than a bit of data in whatever the dnode covers, the dnode’s block pointers will instead point to some level of indirect block, which itself has some number of block pointers.) There is a special type of block pointer called an embedded block pointer. Embedded block pointers directly contain up to 112 bytes of data; apart from the data, they contain only the metadata fields and a logical birth txg. As with conventional block pointers, this data is implicitly covered by the checksum of the containing object. Since block pointers directly contain the address of things on disk (in the form of DVAs), they have to change any time that address changes, which means any time ZFS does its copy on write thing. This forces a change in whatever contains the block pointer, which in turn ripples up to another block pointer (whatever points to said containing thing), and so on until we eventually reach the Meta Object Set and the uberblock. How this works is a bit complicated, but ZFS is designed to generally make this a relatively shallow change with not many levels of things involved (as I discovered recently). As far as I understand things, the logical birth txg of a block pointer is the transaction group in which the block pointer was allocated. Because of ZFS’s copy on write principle, this means that nothing underneath the block pointer has been updated or changed since that txg; if something changed, it would have been written to a new place on disk, which would have forced a change in at least one DVA and thus a ripple of updates that would update the logical birth txg. However, this doesn’t quite mean what I used to think it meant because of ZFS’s level of indirection. If you change a file by writing data to it, you will change some of the file’s block pointers, updating their logical birth txg, and you will change the file’s dnode. However, you won’t change any block pointers and thus any logical birth txgs for the filesystem directory the file is in (or anything else up the directory tree), because the directory refers to the file through its object number, not by directly pointing to its dnode. You can still use logical birth txgs to efficiently find changes from one txg to another, but you won’t necessarily get a filesystem level view of these changes; instead, as far as I can see, you will basically get a view of what object(s) in a filesystem changed (effectively, what inode numbers changed). (ZFS has an interesting hack to make things like ‘zfs diff’ work far more efficiently than you would expect in light of this, but that’s going to take yet another entry to cover.) ###Rewards of Up to $500,000 Offered for FreeBSD, OpenBSD, NetBSD, Linux Zero-Days Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails. The offer, first advertised via Twitter earlier this week, is available as part of the company’s latest zero-day acquisition drive. Zerodium is known for buying zero-days and selling them to government agencies and law enforcement. The company runs a regular zero-day acquisition program through its website, but it often holds special drives with more substantial rewards when it needs zero-days of a specific category. BSD zero-day rewards will be on par with Linux payouts The US-based company held a previous drive with increased rewards for Linux zero-days in February, with rewards going as high as $45,000. In another zero-day acquisition drive announced on Twitter this week, the company said it was looking again for Linux zero-days, but also for exploits targeting BSD systems. This time around, rewards can go up to $500,000, for the right exploit. Zerodium told Bleeping Computer they’ll be aligning the temporary rewards for BSD systems with their usual payouts for Linux distros. The company’s usual payouts for Linux privilege escalation exploits can range from $10,000 to $30,000. Local privilege escalation (LPE) rewards can even reach $100,000 for “an exploit with an exceptional quality and coverage,” such as, for example, a Linux kernel exploit affecting all major distributions. Payouts for Linux remote code execution (RCE) exploits can bring in from $50,000 to $500,000 depending on the targeted software/service and its market share. The highest rewards are usually awarded for LPEs and RCEs affecting CentOS and Ubuntu distros. Zero-day price varies based on exploitation chain The acquisition price of a submitted zero-day is directly tied to its requirements in terms of user interaction (no click, one click, two clicks, etc.), Zerodium said. Other factors include the exploit reliability, its success rate, the number of vulnerabilities chained together for the final exploit to work (more chained bugs means more chances for the exploit to break unexpectedly), and the OS configuration needed for the exploit to work (exploits are valued more if they work against default OS configs). Zero-days in servers “can reach exceptional amounts” “Price difference between systems is mostly driven by market shares,” Zerodium founder Chaouki Bekrar told Bleeping Computer via email. Asked about the logic behind these acquisition drives that pay increased rewards, Bekrar told Bleeping Computer the following: "Our aim is to always have, at any time, two or more fully functional exploits for every major software, hardware, or operating systems, meaning that from time to time we would promote a specific software/system on our social media to acquire new codes and strengthen our existing capabilities or extend them.” “We may also react to customers’ requests and their operational needs,” Bekrar said. It’s becoming a crowded market Since Zerodium drew everyone’s attention to the exploit brokerage market in 2015, the market has gotten more and more crowded, but also more sleazy, with some companies being accused of selling zero-days to government agencies in countries with oppressive or dictatorial regimes, where they are often used against political oponents, journalists, and dissidents, instead of going after real criminals. The latest company who broke into the zero-day brokerage market is Crowdfense, who recently launched an acquisition program with prizes of $10 million, of which it already paid $4.5 million to researchers. Twitter Announcement Digital Ocean http://do.co/bsdnow ###KDE on FreeBSD – June 2018 The KDE-FreeBSD team (a half-dozen hardy individuals, with varying backgrounds and varying degrees of involvement depending on how employment is doing) has a status message in the #kde-freebsd channel on freenode. Right now it looks like this: http://FreeBSD.kde.org | Bleeding edge http://FreeBSD.kde.org/area51.php | Released: Qt 5.10.1, KDE SC 4.14.3, KF5 5.46.0, Applications 18.04.1, Plasma-5.12.5, Kdevelop-5.2.1, Digikam-5.9.0 It’s been a while since I wrote about KDE on FreeBSD, what with Calamares and third-party software happening as well. We’re better at keeping the IRC topic up-to-date than a lot of other sources of information (e.g. the FreeBSD quarterly reports, or the f.k.o website, which I’ll just dash off and update after writing this). In no particular order: Qt 5.10 is here, in a FrankenEngine incarnation: we still use WebEnging from Qt 5.9 because — like I’ve said before — WebEngine is such a gigantic pain in the butt to update with all the necessary patches to get it to compile. Our collection of downstream patches to Qt 5.10 is growing, slowly. None of them are upstreamable (e.g. libressl support) though. KDE Frameworks releases are generally pushed to ports within a week or two of release. Actually, now that there is a bigger stack of KDE software in FreeBSD ports the updates take longer because we have to do exp-runs. Similarly, Applications and Plasma releases are reasonably up-to-date. We dodged a bullet by not jumping on Plasma 5.13 right away, I see. Tobias is the person doing almost all of the drudge-work of these updates, he deserves a pint of something in Vienna this summer. The freebsd.kde.org website has been slightly updated; it was terribly out-of-date. So we’re mostly-up-to-date, and mostly all packaged up and ready to go. Much of my day is spent in VMs packaged by other people, but it’s good to have a full KDE developer environment outside of them as well. (PS. Gotta hand it to Tomasz for the amazing application for downloading and displaying a flamingo … niche usecases FTW) ##News Roundup New FreeBSD Core Team Elected Active committers to the project have elected your tenth FreeBSD Core Team. Allan Jude (allanjude) Benedict Reuschling (bcr) Brooks Davis (brooks) Hiroki Sato (hrs) Jeff Roberson (jeff) John Baldwin (jhb) Kris Moore (kmoore) Sean Chittenden (seanc) Warner Losh (imp) Let’s extend our gratitude to the outgoing Core Team members: Baptiste Daroussin (bapt) Benno Rice (benno) Ed Maste (emaste) George V. Neville-Neil (gnn) Matthew Seaman (matthew) Matthew, after having served as the Core Team Secretary for the past four years, will be stepping down from that role. The Core Team would also like to thank Dag-Erling Smørgrav for running a flawless election. To read about the responsibilities of the Core Team, refer to https://www.freebsd.org/administration.html#t-core. ###NetBSD WiFi refresh The NetBSD Foundation is pleased to announce a summer 2018 contract with Philip Nelson (phil%NetBSD.org@localhost) to update the IEEE 802.11 stack basing the update on the FreeBSD current code. The goals of the project are: Minimizing the differences between the FreeBSD and NetBSD IEEE 802.11 stack so future updates are easier. Adding support for the newer protocols 801.11/N and 802.11/AC. Improving SMP support in the IEEE 802.11 stack. Adding Virtual Access Point (VAP) support. Updating as many NIC drivers as time permits for the updated IEEE 802.11 stack and VAP changes. Status reports will be posted to tech-net%NetBSD.org@localhost every other week while the contract is active. iXsystems ###Poor Man’s CI - Hosted CI for BSD with shell scripting and duct tape Poor Man’s CI (PMCI - Poor Man’s Continuous Integration) is a collection of scripts that taken together work as a simple CI solution that runs on Google Cloud. While there are many advanced hosted CI systems today, and many of them are free for open source projects, none of them seem to offer a solution for the BSD operating systems (FreeBSD, NetBSD, OpenBSD, etc.) The architecture of Poor Man’s CI is system agnostic. However in the implementation provided in this repository the only supported systems are FreeBSD and NetBSD. Support for additional systems is possible. Poor Man’s CI runs on the Google Cloud. It is possible to set it up so that the service fits within the Google Cloud “Always Free” limits. In doing so the provided CI is not only hosted, but is also free! (Disclaimer: I am not affiliated with Google and do not otherwise endorse their products.) ARCHITECTURE A CI solution listens for “commit” (or more usually “push”) events, builds the associated repository at the appropriate place in its history and reports the results. Poor Man’s CI implements this very basic CI scenario using a simple architecture, which we present in this section. Poor Man’s CI consists of the following components and their interactions: Controller: Controls the overall process of accepting GitHub push events and starting builds. The Controller runs in the Cloud Functions environment and is implemented by the files in the controller source directory. It consists of the following components: Listener: Listens for GitHub push events and posts them as work messages to the workq PubSub. Dispatcher: Receives work messages from the workq PubSub and a free instance name from the Builder Pool. It instantiates a builder instance named name in the Compute Engine environment and passes it the link of a repository to build. Collector: Receives done messages from the doneq PubSub and posts the freed instance name back to the Builder Pool. PubSub Topics: workq: Transports work messages that contain the link of the repository to build. poolq: Implements the Builder Pool, which contains the name’s of available builder instances. To acquire a builder name, pull a message from the poolq. To release a builder name, post it back into the poolq. doneq: Transports done messages (builder instance terminate and delete events). These message contain the name of freed builder instances. builder: A builder is a Compute Engine instance that performs a build of a repository and shuts down when the build is complete. A builder is instantiated from a VM image and a startx (startup-exit) script. Build Logs: A Storage bucket that contains the logs of builds performed by builder instances. Logging Sink: A Logging Sink captures builder instance terminate and delete events and posts them into the doneq. BUGS The Builder Pool is currently implemented as a PubSub; messages in the PubSub contain the names of available builder instances. Unfortunately a PubSub retains its messages for a maximum of 7 days. It is therefore possible that messages will be discarded and that your PMCI deployment will suddenly find itself out of builder instances. If this happens you can reseed the Builder Pool by running the commands below. However this is a serious BUG that should be fixed. For a related discussion see https://tinyurl.com/ybkycuub. $ ./pmci queuepost poolq builder0 # ./pmci queuepost poolq builder1 # ... repeat for as many builders as you want The Dispatcher is implemented as a Retry Background Cloud Function. It accepts work messages from the workq and attempts to pull a free name from the poolq. If that fails it returns an error, which instructs the infrastructure to retry. Because the infrastructure does not provide any retry controls, this currently happens immediately and the Dispatcher spins unproductively. This is currently mitigated by a “sleep” (setTimeout), but the Cloud Functions system still counts the Function as running and charges it accordingly. While this fits within the “Always Free” limits, it is something that should eventually be fixed (perhaps by the PubSub team). For a related discussion see https://tinyurl.com/yb2vbwfd. ###The Power of Ctrl-T Did you know that you can check what a process is doing by pressing CTRL+T? Has it happened to you before that you were waiting for something to be finished that can take a lot of time, but there is no easy way to check the status. Like a dd, cp, mv and many others. All you have to do is press CTRL+T where the process is running. This will output what’s happening and will not interrupt or mess with it in any way. This causes the operating system to output the SIGINFO signal. On FreeBSD it looks like this: ping pingtest.com PING pingtest.com (5.22.149.135): 56 data bytes 64 bytes from 5.22.149.135: icmpseq=0 ttl=51 time=86.232 ms 64 bytes from 5.22.149.135: icmpseq=1 ttl=51 time=85.477 ms 64 bytes from 5.22.149.135: icmpseq=2 ttl=51 time=85.493 ms 64 bytes from 5.22.149.135: icmpseq=3 ttl=51 time=85.211 ms 64 bytes from 5.22.149.135: icmpseq=4 ttl=51 time=86.002 ms load: 1.12 cmd: ping 94371 [select] 4.70r 0.00u 0.00s 0% 2500k 5/5 packets received (100.0%) 85.211 min / 85.683 avg / 86.232 max 64 bytes from 5.22.149.135: icmpseq=5 ttl=51 time=85.725 ms 64 bytes from 5.22.149.135: icmp_seq=6 ttl=51 time=85.510 ms As you can see it not only outputs the name of the running command but the following parameters as well: 94371 – PID 4.70r – since when is the process running 0.00u – user time 0.00s – system time 0% – CPU usage 2500k – resident set size of the process or RSS `` > An even better example is with the following cp command: cp FreeBSD-11.1-RELEASE-amd64-dvd1.iso /dev/null load: 0.99 cmd: cp 94412 [runnable] 1.61r 0.00u 0.39s 3% 3100k FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 15% load: 0.91 cmd: cp 94412 [runnable] 2.91r 0.00u 0.80s 6% 3104k FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 32% load: 0.91 cmd: cp 94412 [runnable] 4.20r 0.00u 1.23s 9% 3104k FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 49% load: 0.91 cmd: cp 94412 [runnable] 5.43r 0.00u 1.64s 11% 3104k FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 64% load: 1.07 cmd: cp 94412 [runnable] 6.65r 0.00u 2.05s 13% 3104k FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 79% load: 1.07 cmd: cp 94412 [runnable] 7.87r 0.00u 2.43s 15% 3104k FreeBSD-11.1-RELEASE-amd64-dvd1.iso -> /dev/null 95% > I prcessed CTRL+T six times. Without that, all the output would have been is the first line. > Another example how the process is changing states: wget https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso –2018-06-17 18:47:48– https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-dvd1.iso Resolving download.freebsd.org (download.freebsd.org)… 96.47.72.72, 2610:1c1:1:606c::15:0 Connecting to download.freebsd.org (download.freebsd.org)|96.47.72.72|:443… connected. HTTP request sent, awaiting response… 200 OK Length: 3348465664 (3.1G) [application/octet-stream] Saving to: ‘FreeBSD-11.1-RELEASE-amd64-dvd1.iso’ FreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[> ] 41.04M 527KB/s eta 26m 49sload: 4.95 cmd: wget 10152 waiting 0.48u 0.72s FreeBSD-11.1-RELEASE-amd64-dvd1.iso 1%[> ] 49.41M 659KB/s eta 25m 29sload: 12.64 cmd: wget 10152 waiting 0.55u 0.85s FreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=> ] 75.58M 6.31MB/s eta 20m 6s load: 11.71 cmd: wget 10152 running 0.73u 1.19s FreeBSD-11.1-RELEASE-amd64-dvd1.iso 2%[=> ] 85.63M 6.83MB/s eta 18m 58sload: 11.71 cmd: wget 10152 waiting 0.80u 1.32s FreeBSD-11.1-RELEASE-amd64-dvd1.iso 14%[==============> ] 460.23M 7.01MB/s eta 9m 0s 1 > The bad news is that CTRl+T doesn’t work with Linux kernel, but you can use it on MacOS/OS-X: —> Fetching distfiles for gmp —> Attempting to fetch gmp-6.1.2.tar.bz2 from https://distfiles.macports.org/gmp —> Verifying checksums for gmp —> Extracting gmp —> Applying patches to gmp —> Configuring gmp load: 2.81 cmd: clang 74287 running 0.31u 0.28s > PS: If I recall correctly Feld showed me CTRL+T, thank you! Beastie Bits Half billion tries for a HAMMER2 bug (http://lists.dragonflybsd.org/pipermail/commits/2018-May/672263.html) OpenBSD with various Desktops OpenBSD 6.3 running twm window manager (https://youtu.be/v6XeC5wU2s4) OpenBSD 6.3 jwm and rox desktop (https://youtu.be/jlSK2oi7CBc) OpenBSD 6.3 cwm youtube video (https://youtu.be/mgqNyrP2CPs) pf: Increase default state table size (https://svnweb.freebsd.org/base?view=revision&revision=336221) *** Tarsnap Feedback/Questions Ben Sims - Full feed? (http://dpaste.com/3XVH91T#wrap) Scott - Questions and Comments (http://dpaste.com/08P34YN#wrap) Troels - Features of FreeBSD 11.2 that deserve a mention (http://dpaste.com/3DDPEC2#wrap) Fred - Show Ideas (http://dpaste.com/296ZA0P#wrap) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) iXsystems It's all NAS (https://www.ixsystems.com/blog/its-all-nas/)

On this week's Checklist by SecureMac: A fake hacker lands in real trouble Zerodium offers big money for the right zero-day The fine line between being the “friendly skies” and the creepy skies Don't forget to check out our show notes:  SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com

Enregistré le 2017/09/20

Struts - when to patch and when to patch with a vengeance. In light of the Equifax breach, we discuss how patching can make you live better days, Never look back and say, Could have been me. Naturally, that covo leads into the biggest story of the week around Pwning the Supply Chain - CCleaner, Python, and Nyetya style. Avast made some mistakes, but every tech company is susceptible to supply chain attacks. What can companies do to protect themselves and how can users adopt a stronger security posture in this area? We also talk Ex$ploit Economy - Valuing exploits by supply and demand. Zerodium has an extensive price list, what can we discern about the availability and difficulty of various exploits using basic economics?

No excuses for Equifax, mixed reviews for Apple’s facial recognition, Adobe and Microsoft patch away, one MILLION dollars for Tor zero-days, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode530 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

No excuses for Equifax, mixed reviews for Apple’s facial recognition, Adobe and Microsoft patch away, one MILLION dollars for Tor zero-days, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode530 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

La empresa Zerodium está ofreciendo 500mil$ a quien sea capaz de hackear Whatsapp. Hoy te contamos los detalles. Síguenos en Instagram @touchmegafm y @popinteractivo

In today's podcast, we hear about how IoT botnets bring scunion across the Internet, and why security cameras are attractive to bot rustlers. InfoArmor's explanation of the Yahoo! breach gains traction among observers. Europol warns that ransomware is on the rise. Zerodium raises its iOS 10 remote jailbreak bounty to a cool million and a half. US states continue to grapple with election hacking. Markus Rauschecker outlines some new cyber regulations proposed in New York. Dr. Eli David from Deep Instinct explains deep learning. And the Tofsee botnet is chumming for the lonely—click with caution.

James breaks down a few news stories from the previous week.  The following stories were discussed, including some brief points. $1 million bounty for iOS 9 hack http://www.wired.com/2015/09/spy-agency-contractor-puts-1m-bounty-iphone-hack/ Zerodium announced 1 million dollar bounty for hack that can take over an iOS device remotely, via web page, vulnerable app or text message Terms of offer demand that bug not be reported to Apple or publicly disclosed Not uncommon for iOS bugs to fetch big money Rare malware outbreak hits some Apple apps http://www.usatoday.com/story/tech/2015/09/21/apple-china-hack-app-store-malware--xcode-ghost/72572190/ Some developers used fake versions of XCode to create applications Designed to steal user passwords Reportedly little danger to US iphone users unless using Chinese social media apps. Important to use software from trusted sources. Comcast to Pay $33 million over Privacy Breach http://www.huffingtonpost.com/entry/comcast-to-pay-over-privacy-breach_55fb30d7e4b0fde8b0cd9fe4 75,000 names, phone numbers and addresses published People paid $1.50 / month more for privacy Each customer will get $100 Some law enforcement, judges and domestic violence abuse victims will get more due to facing increased safety concerns. Follow us on Twitter (@developsec).  If you want to be alerted when new items are available you can subscribe on our website at https://www.developsec.com