Episode 22: Rotten to the Core

Written by
Immersive Labs
Published on
October 2, 2020

First up in this week’s episode is news that, as part of its ‘notarization’ process, Apple approved code used by Shlayer, the most common threat faced by Macs last year. Is it reasonable to expect Apple – or any app store – to keep their entire ecosystem squeaky clean at all times, or is it up to the user to always be sceptical about what they’re downloading? 

Next up, another perfect 10 vulnerability. This one, Zerologon, was (luckily) patched back in August, but had the potential for eye-watering consequences. Considering the details of the vulnerability were not made public at the time, users and admins never knew how severe it really was – until now. Thanks to Kev, we get to see it in all its glory. Oh and by the way, we have a lab on this vulnerability, so if you’re a user, log on to check it out. And if you’re not a user…well, maybe you should be. 

APT 41 makes an appearance next as five alleged Chinese citizens have been accused of hacking over 100 companies. Paul borders on seriously ranty territory (nothing new here) and Kev sheds some light on the ridiculous Zone-H. 

And finally, our ever-popular ‘Hackers could…’ feature covers everything from the fairly noteworthy to the downright groan-inducing. Do people *really* still share photos of their shiny new credit cards? 

***

Apple vs Shlayer:
https://arstechnica.com/information-technology/2020/09/mac-malware-gets-apples-seal-of-approval-thanks-to-notarization-goof/

Zerologon:
https://www.zdnet.com/article/zerologon-attack-lets-hackers-take-over-enterprise-networks/

APT 41:
https://techcrunch.com/2020/09/16/justice-department-charges-apt41-chinese-hackers/

About Cyber Humanity

The podcast taking cybersecurity personally
There's a lot of cool techy stuff going down in cybersecurity, and we love it. But you can't deny that a lot the time we humans get forgotten. Our podcast takes a not-so-serious look at issues in security from a human point of view. Covering social engineering to hacker motivations and everything in between, we chat through security stories and themes and what they mean to us: the oft-neglected humans behind the screen. Apart from Kev, Kev is a cyborg.

These weekly podcasts come in two main flavors. We’re either ranting about themes close to the heart of us security types, or we’re discussing threats and vulnerabilities that have hit headlines – or slipped under the radar – in recent weeks.

Join Chris Pace (tech advocate and keeper of the coloring pencils), Kev Breen (pro blue teamer, also known as 'Mr Nothing to CVE here...'), Max Vetter (former dark web detective and pretty cool guy), and Paul Bentham (ex-gov. type and Immersive Labs product guru) as they wend their way through the murky world of Cyber Humanity.

Share this post