cover of episode Industrial Control Fails and a Package disguised in your own supply

Industrial Control Fails and a Package disguised in your own supply

2021/2/16
logo of podcast Day[0]

Day[0]
Frequently requested episodes will be transcribed first

Shownotes Transcript

"Beg Bounty" hunters, dependency confusion, iOS kernel vuln, and how not to respond to security research.

[00:00:59] Florida Water Treatment Facility Hacked

- https://twitter.com/Bing_Chris/status/1358873543623274499

[00:09:19] Have a domain name? "Beg bounty" hunters may be on their way

- https://news.sophos.com/en-us/2021/02/08/have-a-domain-name-beg-bounty-hunters-may-be-on-their-way/amp/

[00:20:14] FootFallCam and MetaTechnology Drama

- https://twitter.com/_MG_/status/1359582048260743169

[00:28:33] Telegram privacy fails [CVE-2021-27204] [CVE-2021-27205]

- https://www.inputzero.io/2020/12/telegram-privacy-fails-again.html

[00:36:43] Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies

- https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610

[00:44:33] Exploiting a Second-Order SQL Injection in LibreNMS [CVE-2020-35700]

- https://www.horizon3.ai/disclosures/librenms-second-order-sqli

[00:50:46] Swarm of Palo Alto PAN-OS vulnerabilities

- https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/

[00:56:25] Advantech iView Missing Authentication RCE [CVE-2021-22652]

- https://blog.rapid7.com/2021/02/11/cve-2021-22652-advantech-iview-missing-authentication-rce-fixed/

[01:02:30] Windows kernel zero-day exploit [CVE-2021-1732]

- https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/

[01:08:50] Analysis and exploitation of the iOS kernel vulnerability [CVE-2021-1782]

- https://www.synacktiv.com/publications/analysis-and-exploitation-of-the-ios-kernel-vulnerability-cve-2021-1782

[01:20:10] Misusing Service Workers for Privacy Leakage

- https://www.ndss-symposium.org/ndss-paper/awakening-the-webs-sleeper-agents-misusing-service-workers-for-privacy-leakage/

[01:27:53] security things in Linux v5.8

- https://outflux.net/blog/archives/2021/02/08/security-things-in-linux-v5-8/

[01:40:42] Linux Heap Exploitation - Part 2

- https://www.udemy.com/course/linux-heap-exploitation-part-2/

Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec))