S3 Ep43: Apple 0-day, pygmy hippos, hive nightmares and Twitter hacker bust [Podcast]
Latest episode – listen now!
Want to know more about this topic or about us? Contact us!
Latest episode – listen now!
by Paul Ducklin Yesterday, we wrote about a vaguely mysterious zero-day patch pushed out by Apple. Like almost all Apple security fixes, the update arrived without any sort of warning, but unlike most Apple updates, only a single bug was listed on the “fix list,” and even by Apple’s brisk . . . Read more
by Paul Ducklin You might be forgiven for thinking that July 2021 was Microsoft’s month for cybersecurity vulnerabilities. First there was PrintNightmare in several guises, followed by HiveNightmare (an entirely unrelated bug that nevertheless attracted the “Nightmare” moniker), followed by PetitPotam (which went down the cute aquatic mammal naming path). . . . Read more
by Paul Ducklin French researcher Gilles Lionel, who goes by @topotam77, recently published proof-of-concept code that attackers could use to take over a Windows network. The hack, which he has dubbed PetitPotam (which is a nod to the endangered Pygmy Hippopotamus, as far as we can tell), involves what’s known . . . Read more
by Paul Ducklin [00’38”] Learning from computer virus history. [02’26”] The PrintNightmare saga continues. [05’27”] Apple puts out a patch, but doesn’t say why. [08’12”] Snitch on a crook and earn $10 million. [17’50”] Scammars do grammer and speeling correctly. [25’12”] And the Business Email Compromise that wasn’t. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. . . . Read more
by Paul Ducklin As if one Windows Nightmare dogging all our printers were not enough… …here’s another bug, disclosed by Microsoft on 2021-07-20, that could expose critical secrets from the Windows registry. Denoted CVE-2021-36934, this one has variously been nicknamed HiveNightmare and SeriousSAM. The moniker HiveNightmare comes from the fact . . . Read more
by Paul Ducklin It’s already nearly two months since Apple’s last security update to iOS 14, which was back on 2021-05-24 when iOS 14.6 appeared. So we weren’t surprised to see that another patch is out, officially listed [2021-07-19] as covering iOS (now on 14.7), tvOS (now also 14.7) and . . . Read more
by Paul Ducklin [01’32”] We explain how a format string bug could lock your iPhone out of your own network. [08’53”] We revisit the PrintNightmare saga, which is sort-of fixed but not really. [12’50”] We look back at the 20-year-old Code Red virus. [18’30”] We look at what cybercriminals spend money on (hint: more cybercrime). [29’10”] And in this . . . Read more
by Paul Ducklin “It never rains but that it pours,” as the old weather adage goes. That’s certainly how Microsoft must be seeing things right now, following the official announcement of yet another unpatched vulnerability in the Windows Print Spooler service. Dubbed CVE-2021-34481, this one isn’t quite as bad as . . . Read more
by Paul Ducklin There’s a famous and very catchy song that starts, “It was 20 years ago today…” In the song, of course, Sergeant Pepper was busily teaching his band to play – a band, as the song assures us, that was guaranteed to raise a smile. But can you . . . Read more