Podcast Episode 10: WordPress 5.2 Security Enhancements and Other News

Today we are pleased to bring you the tenth episode of Think Like a Hacker. We’re doing things a little different this week, separating the news and our interview into two episodes. In today’s we cover the news and we will share another compelling interview later in the week.

In the news we discuss new cryptographic protection against supply chain attacks in WordPress 5.2 which was released today. We talk about Israel’s missile attack against Hamas hackers, a data breach affecting 80 million households, the Gutenberg accessibility audit, DuckDuckGo’s “do not track” bill, a hacker selling Windows ZeroDay vulnerabilities and a sophisticated supply chain attack originating in China amongst other stories.

Here are approximate timestamps in case you want to jump around:
1:24 Security enhancements in WordPress 5.2
8:35 Israeli defense force missile attack
11:05 WordCamp Atlanta recap
13:24 Breach affecting 80 million households
16:44 Gutenberg accessibility audit
26:10 DuckDuckGo Do Not Track Bill
31:10 Hacker Selling Windows 0Day vulnerabilities
34:50 Mozilla bans add-on obfuscated code
38:30 Hackers on a supply-chain attack spree
46:05 Hacker wiping Git repositories
48:54 Firefox certificate causes add-on failure
50:40 Japanese government developing defensive malware

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

This week in the news we cover:

• WordPress 5.2 will use digital signatures for core updates to protect against supply-chain attacks. Our own Matt Barry had disclosed a vulnerability that underscores the importance of this new protection.
• Israel retaliates against Hamas hacking with a missle strike.
• A database containing records for 80 million US households was found unprotected on a cloud server by hacktivists Noam Rotem and Ran Locar.
• WPCampus organized an audit of Gutenberg’s accessibility for Section 508 compliance and found numerous issues.
• Privacy-focused search engine DuckDuckGo wrote a bill to stop advertisers from tracking you online.
• A mysterious hacker has been selling Windows zero-day vulnerabilities to APT (advanced persistent threats) ofr the last three years.
• Mozilla has banned Firefox add-ons with obfuscated code.
• A Chinese hacking group code named Barium has been implicated in numerous supply chain attacks.
• Numerous Git repositories have been wiped and replaced with a bitcoin ransom demand.
• Firefox certificate issue was causing add-ons to be disabled or fail on installation.
• The Japanese government has begun an initiative to create and maintain defensive malware.

You can find me on Twitter as @mmaunder and Kathy as @kathyzant. Please don’t hesitate to post your feedback in the comments below.