Goodpods logo
Goodpods

Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
Two Guys and an Opinion - Travel-ex!

Travel-ex!

02/05/21 • 43 min

Two Guys and an Opinion

In this episode we study in detail, (apologies, Richard rambled!), the shocking story of the demise of Travelex due in no small part to a highly successful ransomware attack. We cover just how avoidable these incidents are by dealing with those pesky vulnerabilities! And the drinking word this week sounds like you're already half-cut when you say it....
Show Notes:

  1. Apple - iOS and iPadOS 14.4. - iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and the 7th generation iPod touch. Apple also issued security updates for one of the vulnerabilities across a range of its other offerings, including Apple Watch (watchOS 7.3) and Apple TVs (tvOS 14.4).
  • CVE-2021-1782. Attackers could use the application to gain additional privileges in the device’s operating system, which would allow them to wreak all kinds of havoc.
  • CVE-2021-1871 and CVE-2021-1870, reside in the WebKit component, Apple’s open-source web browser engine used by the Safari browser, could be exploited by a remote attacker and allow them to execute arbitrary code. Flaws could be exploited by “by persuading a victim to visit a specially crafted Web site.”
  1. SolarWinds - Three new vulnerabilities in SolarWinds products. The vulnerabilities, which have been already been patched, included a remote code execution flaw in Orion that required only network access. That flaw allows hackers to use an improperly installed Microsoft Messaging Queue to send commands for a server to execute.
  2. Linux sudo privilege escalation heap overflow vulnerability - CVE-2021-3156 - A successful exploitation allows any unprivileged user to escalate its privileges to root on the vulnerable host. Since it’s a privilege escalation vulnerability, it requires access to a local user on the vulnerable host in order to actually exploit it.

The vulnerability affects all the following sudo versions:

  • All legacy versions from 1.8.2 to 1.8.31p2
  • All stable versions from 1.9.0 to 1.9.5p1
plus icon
bookmark

In this episode we study in detail, (apologies, Richard rambled!), the shocking story of the demise of Travelex due in no small part to a highly successful ransomware attack. We cover just how avoidable these incidents are by dealing with those pesky vulnerabilities! And the drinking word this week sounds like you're already half-cut when you say it....
Show Notes:

  1. Apple - iOS and iPadOS 14.4. - iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and the 7th generation iPod touch. Apple also issued security updates for one of the vulnerabilities across a range of its other offerings, including Apple Watch (watchOS 7.3) and Apple TVs (tvOS 14.4).
  • CVE-2021-1782. Attackers could use the application to gain additional privileges in the device’s operating system, which would allow them to wreak all kinds of havoc.
  • CVE-2021-1871 and CVE-2021-1870, reside in the WebKit component, Apple’s open-source web browser engine used by the Safari browser, could be exploited by a remote attacker and allow them to execute arbitrary code. Flaws could be exploited by “by persuading a victim to visit a specially crafted Web site.”
  1. SolarWinds - Three new vulnerabilities in SolarWinds products. The vulnerabilities, which have been already been patched, included a remote code execution flaw in Orion that required only network access. That flaw allows hackers to use an improperly installed Microsoft Messaging Queue to send commands for a server to execute.
  2. Linux sudo privilege escalation heap overflow vulnerability - CVE-2021-3156 - A successful exploitation allows any unprivileged user to escalate its privileges to root on the vulnerable host. Since it’s a privilege escalation vulnerability, it requires access to a local user on the vulnerable host in order to actually exploit it.

The vulnerability affects all the following sudo versions:

  • All legacy versions from 1.8.2 to 1.8.31p2
  • All stable versions from 1.9.0 to 1.9.5p1

Previous Episode

undefined - GDP-ARGGHHH!

GDP-ARGGHHH!

Just when you thought you'd heard enough about GDPR - it's back! And there's now two of them! Who knew? Also in this episode we introduce you to a new drinking game and a shocking development in the war against ransomware.

Next Episode

undefined - Patch!

Patch!

This week's episode provides an antidote to last week's main story; well we get about half way anyway!
We're imparting our hard won experience and war stories concerning vulnerability management programs and how to hopefully get it right first time! Again, Richard rambled and we ran out of time, but part two of this story shall complete the picture.
We also reveal some VERY exciting news about next week's episode, so be sure to stay listening until the end.. Or just skip to good bit, whatever...!

If you like this episode you’ll love
ITSPmagazine Podcasts

ITSPmagazine Podcasts

The Torch: The Great Courses Podcast

The Torch: The Great Courses Podcast

TED Talks Daily (SD video)

TED Talks Daily (SD video)

Aspen Ideas to Go

Aspen Ideas to Go

The Edtech Podcast

The Edtech Podcast

Episode Comments

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/two-guys-and-an-opinion-230627/travel-ex-26005313"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to travel-ex! on goodpods" style="width: 225px" /> </a>

Copy