Episode 16

A Bit of everything: 0days, Breaches, Lawsuits, Attacking AI, and some insecure

Watch the podcast live every Monday afternoon at 12:00pm PST (3:00pm EST) on Twitch (@Dayzerosec)

[00:05:23] Apple v. Corellium

[00:12:04] Firefox to Discontinue Sideloaded Extensions

[00:16:52] Delegated Credentials for TLS

[00:23:02] North Korean Malware Found on Indian Nuclear Plant's Network

[00:28:20] The Pirate Bay Downtime Caused by Malicious Search Queries

[00:29:30] Web.com Breach (allegedly includes NetworkSolutions.com and Register.com)

[00:32:28] BlueKeep attacks are happening, but it's not a worm

[00:36:13] Untitled Goose Game - Insecure Deserialization

[00:39:58] Two Chrome 0Days get Patched

[00:42:45] NFC Beaming Bypasses Security Controls in Android [CVE-2019-2114]

[00:45:43] Abusing HTTP Hop-by-hop Request Headers

[00:50:54] Let's Make Windows Defender Angry: Antivirus Can be an Oracle! -icchy

[00:56:54] rConfig v3.9.2 authenticated and unauthenticated RCE (CVE-2019-16663) and (CVE-2019-16662)

[01:02:26] Making an Invisibility Cloak: Real World Adversarial Attacks on Object Detectors

[01:07:26] Silhouette: Efficient Intra-Address Space Isolation for Protected Shadow Stacks on Embedded Systems

[01:19:46] unfork(2)

[01:23:51] Destroying x86_64 instruction decoders with differential fuzzing