THUGCROWD
EPISODE 34

JUST WINGIN IT

---NEWS---

Bitlocker, or how not to encrypt your SSD
https://www.theregister.co.uk/2018/11/05/busted_ssd_encryption/

FaceTime call from an attacker can cause remote iOS kernel memory corruption
https://twitter.com/taviso/status/1059593233343246336

Kernel RCE caused by buffer overflow in Apple's ICMP packet-handling code (CVE-2018-4407)
https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407

Another day, another Struts RCE
https://cwiki.apache.org/confluence/display/WW/S2-057

New critical vulnerability in multiple high-privileged Android services 
https://blog.zimperium.com/cve-2018-9411-new-critical-vulnerability-multiple-high-privileged-android-services/

NetworkManager IPv6 vulnerability in Ubuntu 18
https://usn.ubuntu.com/3807-1/

China State-Owned Company Charged With Micron Secrets Theft (and lots of others)
https://www.bloomberg.com/news/articles/2018-11-01/u-s-says-china-state-owned-co-stole-micron-trade-secrets

Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks
https://thehackernews.com/2018/11/bluetooth-chip-hacking.html

New Stuxnet Variant Allegedly Struck Iran
https://www.bleepingcomputer.com/news/security/new-stuxnet-variant-allegedly-struck-iran/

---GOOD READS---
Domain hacks with unusual Unicode characters
https://shkspr.mobi/blog/2018/11/domain-hacks-with-unusual-unicode-characters/