A Bit of everything: 0days, Breaches, Lawsuits, Attacking AI, and some insecure

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

• [00:05:23] Apple v. Corellium
• [00:12:04] Firefox to Discontinue Sideloaded Extensions
• [00:16:52] Delegated Credentials for TLS
• [00:23:02] North Korean Malware Found on Indian Nuclear Plant's Network
• [00:28:20] The Pirate Bay Downtime Caused by Malicious Search Queries
• [00:29:30] Web.com Breach (allegedly includes NetworkSolutions.com and Register.com)
• [00:32:28] BlueKeep attacks are happening, but it's not a worm
• https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/
• [00:36:13] Untitled Goose Game - Insecure Deserialization
• [00:39:58] Two Chrome 0Days get Patched
• [00:42:45] NFC Beaming Bypasses Security Controls in Android [CVE-2019-2114]
• [00:45:43] Abusing HTTP Hop-by-hop Request Headers
• [00:50:54] Let's Make Windows Defender Angry: Antivirus Can be an Oracle! -icchy
• https://en.wikipedia.org/wiki/EICAR_test_file
• [00:56:54] rConfig v3.9.2 authenticated and unauthenticated RCE (CVE-2019-16663) and (CVE-2019-16662)
• [01:02:26] Making an Invisibility Cloak: Real World Adversarial Attacks on Object Detectors
• [01:07:26] Silhouette: Efficient Intra-Address Space Isolation for Protected Shadow Stacks on Embedded Systems
• [01:19:46] unfork(2)
• [01:23:51] Destroying x86_64 instruction decoders with differential fuzzing
• https://github.com/zyantific/zydis