11 February 2020 Show Notes 28 - Hack Twitter, WhatsApp and all your Cisco phones (CDPwn) ft. GhostKnight 00:01:07 Update regarding Sudo Exploit 00:03:32 Charges Filed against Four Chinese PLA Hackers for part in 2017 Equifax Breach 00:06:06 Announcing a Targeted Incentive Program for Selected Trend Micro Products 00:11:01 Android Security Bulletin - February 2020 Additional Links: https://android.googlesource.com/kernel/common/+/5eeb2ca0 https://android.googlesource.com/kernel/common/+/5eeb2ca0%5E%21/#F0 00:17:06 Critical Bluetooth Vulnerability in Android (CVE-2020-0022) 00:22:48 Dangerous Domain Corp.com Goes Up for Sale 00:37:43 NordVPN - IDOR allow access to payments data of any user Additional Links: https://hackerone.com/nordvpn 00:43:35 Twitter - Bypass Password Authentication for updating email and phone number 00:48:27 WhatsApp Desktop XSS to Local File read (CVE-2019-18426) 01:03:03 CDPwn: 5 Zero-Days in Cisco Discovery Protocol 01:15:07 A Rough Idea of Blind Regular Expression Injection Attack Additional Links: https://speakerdeck.com/lmt_swallow/revisiting-redos-a-rough-idea-of-data-exfiltration-by-redos-and-side-channel-techniques 01:20:45 GhostKnight: Breaching Data Integrity via Speculative Execution 01:26:00 BRIGHTNESS: Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness 01:30:27 Forging SWIFT MT Payment Messages for fun and pr... research! 01:35:22 Grooming the iOS Kernel Heap