It's 5:05! Daily cybersecurity and open source briefing

Episode #46 - It's 5:05, Monday, January 2, 2023

Listen

Description

It’s 5:05, Monday, January 2, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today’s episode come from Edwin Kwan in Australia on PyTorch dependency confusion attack, Trac Bannon in Pennsylvania on office space inspired cyber theft, Olimpiu Pop in Romania on Linux Kernel vulnerability allows RCE on SMB3 servers.

Today’s episode begins with Katy Craig in California on smartphone sidechannel attack. 

Let’s get to it!

🇺🇸 Katy Craig, San Diego, California

Smartphone Sidechannel Attack

https://arxiv.org/pdf/2212.12151.pdf

🇷🇴 Olimpiu Pop, Transylvania, Romania

Linux Kernel Vulnerability Allows RC On SMB3 Servers

https://www.zerodayinitiative.com/advisories/ZDI-22-1690/

https://lore.kernel.org/lkml/62b2ab15-3675-71bf-2ea6-6376cd0b3b6c@linuxfoundation.org/

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania

Office Space Inspired Cyber Theft

https://www.scribd.com/document/617139119/Ex-Zulily-engineer-charged-for-alleged-theft-scheme-inspired-by-Office-Space

https://www.cnn.com/2022/12/30/us/office-space-inspired-washington-software-engineer-thief/index.html

🇦🇺 Edwin Kwan, Sydney, Australia

PyTorch Dependency Confusion Attack 

https://pytorch.org/blog/compromised-nightly-dependency/

https://www.bleepingcomputer.com/news/security/pytorch-discloses-malicious-dependency-chain-compromise-over-holidays/