MoveIT, Looney Tunables, iPhone zero days, state of DEVOPS

Description

In this episode of Phoenix Cast, hosts John, Rich, and Kyle discuss a trio of terrible items from the news. They also discuss Google’s state of DEVOPS report.

Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.

Links:

Looney Tunables -

https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so

https://www.bleepingcomputer.com/news/security/exploits-released-for-linux-flaw-giving-root-on-major-distros/?mibextid=Zxz2cZ

https://hackaday.com/2023/10/06/this-week-in-security-looney-tunables-not-a-0-day-and-curl-warning/

MoveIt - https://techcrunch.com/2023/08/25/moveit-mass-hack-by-the-numbers/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAKI26YxLOJ3LtfPNiJcdBP7BjU5pY0NLPt_rZ1BSmhkA67JuGSVuYD5tuhnZTBdr6h-hdVsmq97cSlvBy-cClsH8C5uTJ5sLvcl9QDYYhdFqMu_8FDx4wLMOKUb7ixUEF2kg6NXDtajrK38ERHg4zm487zavIDNsKJrbDr4h-fGE

https://www.darkreading.com/attacks-breaches/financial-firms-breached-in-moveit-cyberattacks-now-face-lawsuits

https://www.bleepingcomputer.com/news/security/the-moveit-hack-and-what-it-taught-us-about-application-security/

https://www.progress.com/moveit

https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/

Apple Zero Days:

https://www.bleepingcomputer.com/news/apple/apple-emergency-update-fixes-new-zero-day-used-to-hack-iphones/?fbclid=IwAR1V3v3W0kJslsY59ayfrB0UswUzpE9bP0ARmlp1VDLDjx2po4WDUoKuGWs_aem_AVWQ2hLENrbnURcSsKrImQS79tU85DLt59xWTfeGF7ByyJ61n4Nt8jnosltfbzscecE&mibextid=Zxz2cZ