NordVPN Again, Snowden, CPDoS, a PHP-RCE, and some console hacking

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

• [00:00:49] NordVPN's Response to Private Certificate Breach Discussed Last Week


• https://nordvpn.com/blog/security-plan/


• [00:12:31] AWS Hit By major DDOS Attack


• https://status.digitalocean.com/incidents/1z3kmlvz69v6


• [00:14:43] Seven Million Adobe Creative Cloud Accounts Exposed to the Public


• [00:25:24] Travel Reservations Platform Leaks US Government Personnel Data


• [00:30:09] Joe Rogan Experience #1368 - Edward Snowden


• [00:48:38] Technical Analysis of Checkm8


• https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html


• [00:55:51] Cache Poisoned Denial of Service (CPDoS)


• [01:08:27] CVE-2019-11043 - PHP-FPM (potential) RCE


• https://github.com/neex/phuip-fpizdam/blob/master/attack.go


• [01:20:44] Light Ears: Information Leakage via Smart Lights


• [01:27:57] Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …


• [01:33:28] Bringing ICS into the Pwn2Own World


• [01:37:39] Analysis of Qualcomm Secure Boot Chains


• [01:39:56] Microsoft Secured-Core PC


• [01:47:46] Guarding Against Physical Attacks: The Xbox One Story