April 10, 2023
Sister Podcasts, Uber Suffered Supply Chain Attack, Apple Patches Exploited Zero Days
In this Episode:
?? Mark Miller, New York City ↗
That’s in my EULA?? with lawyer Joel MacMull
Real Technologists with host Tracy Bannon
daBOM with host DJ Schleen
Uber Suffered Supply Chain Attack
Apple Pushes Urgent Patches for Exploited Zero Days
This Day In Tech History 04-09 & 04-10
[00:00:00] Pokie Huang:
Hey, it’s 5:05 on Monday, April 10th, 2023. From The Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney, Australia, Katy Craig in San Diego, California, Marcel Brown in St. Louis, Missouri.
We will start today’s episode with a message from our executive producer, Mark Miller, live from the streets of New York City.
Let’s get to it.
[00:00:34] Mark Miller:
This is Mark Miller, executive producer of its 5:05, and Founder of Sourced Network Productions. I’m walking down the streets of New York City this morning, but wanted to have a short note before we get started.
We’ve launched three new shows in the past couple weeks, and each has a new episode coming out this week.
On Tuesday, DJ Schleen, host of “daBOM” talks with Chris Blask, author talker, ponderer of Inevitable Curves. On Wednesday, Real Technologist podcast with Tracy Bannon talks with Caroline Wong, host of Humans of InfoSec podcast, author of Security Metrics, a Beginner’s guide and teacher of the OWASP Top 10 for LinkedIn. And on Thursday lawyer, Joel McMullen and I go over the terms of agreement for YouTube and Google in our show, “You’re kidding me… That’s in my EULA??”
If you’re enjoying It’s 5:05, I think you’ll like our sister shows. As we say at conferences though, vote with your feet. That means check out one of our other shows and if you like it, subscribe. If it’s not for you, check out one of the other shows. We won’t be insulted.
That’s “daBOM” with DJ Schleen on Tuesdays. “Real Technologists” with Tracy Bannon on Wednesday. And “You’re kidding me… that’s in my EULA??” on Thursdays with me and Joel MacMull. All available on your favorite podcast platforms.
We’re also looking forward to seeing you at RSA Conference at the end of the month. If you’re going to be there, stop in and say hi.
And now I’ve got to go and stop for a bagel and cream cheese at my corner Bodega. Yeah, you should be jealous. Live from the streets of New York.
[00:02:28] Edwin Kwan:
This is Edwin Kwan from Sydney, Australia.
Uber has suffered yet another data breach affected. Drivers were notified that Uber became aware of suspicious activity in its internal information systems in late January. After investigating, the company determined that an unauthorized third party had accessed its systems between January 23rd and 31st.
During that time, the threat actor had stolen data, including Uber driver’s names, social security numbers, and tax identification numbers. Uber is providing 12 months of free identity monitoring services for the affected users. It said it had also secured its systems by changing all system passwords and notifying the police.
[00:03:35] Katy Craig:
Attention Apple device users. Urgent updates have been released to fix two zero days. Zero days are vulnerabilities that designers do not know about until they’re actively exploited.
This is Katy Craig in San Diego, California.
Last Friday, Apple release patches for two zero day vulnerabilities that were being actively exploited in the wild. One of the patches fixes a vulnerability that gives apps kernel access, which is essentially the keys to the kingdom.
The other patch fixes a vulnerability that allows arbitrary code execution, meaning an attacker could run whatever code they want on your device. Now you might be thinking, well, I’m sure glad I don’t have those apps installed on my device, but unfortunately that’s not how it works.
The apps could be disguised as something else, or they could be hidden in the background, so you might not even know they’re there. That’s why it’s crucial that you installed these patches as soon as possible.
Apple made the updates available over the weekend, so if you haven’t updated your phone or tablet yet, do it now.
These vulnerabilities are being actively exploited, meaning there are bad actors out there who are taking advantage of these flaws to do who knows what on your device. So take a moment to update your software and if you know someone who might not be aware of the issue, please let them know. It only takes a few minutes to update your device, but it could save you a whole lot of trouble down the line.
This is Katy Craig. Stay safe out there.
[00:05:16] Marcel Brown:
This is Marcel Brown, the most trusted name in technology, bringing you some technology history for April 9th and April 10th.
April 9th, 1959. NASA announces the selection of the United States’ first seven astronauts, Scott Carpenter, Gordon Cooper, John Glenn, Gus Grissom, Wally Shera, Alan Shepherd, and Donald Slayton.
The seven were chosen from 110 applicants to participate in the Mercury Program, the nation’s first manned space program. The news media quickly dubs the group Mercury 7.
On May 5th, 1961, Shepherd will become the first American in space during the flight of Freedom Seven.
April 10th, 1943. Researchers at the University of Pennsylvania begin work on the electronic numerical integrator and computer, known as ENIAC, which when completed will become the first general purpose fully electronic computer capable of making calculations 1000 times faster than any other prior computer. The work will be carried out in secret since the computer is intended for military purposes, though it won’t actually be completed until after World War II ended.
ENIAC will be unveiled to the public in February of 1946.
That’s your technology history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.
[00:06:42] Pokie Huang:
That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.
5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there.
Thank you to Edwin Kwan, Katy Craig, Mark Miller, Marcel Brown for today’s contributions.
The Executive Producer is Mark Miller. The editor and the sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you tomorrow… at 5:05.