Feb. 7, 2024
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Christine Fossaceca, Laurie Kirk, and Apurva Kumar. Today's discussion concerns a recent release from the Chaos Computer Congress, where researchers discovered and analyzed a zero-click attack on iPhones. The attack involves four zero-day vulnerabilities in iOS, requiring a malicious iMessage, a hardware bug, and a Safari exploit. The spyware discovered was specifically targeting security researchers. Sherrod, Christine, Laurie, and Apurva explore the significance of this attack, its implications for mobile security, the concept of zero-click attacks becoming more prevalent on mobile devices, and the importance of researchers being vigilant about their security. In this episode you’ll learn: Why you should consider the threat landscape when traveling internationally The technical and strategic aspects of mobile threat intelligence Prevalence of spyware on both Android and iOS platforms Some questions we ask: How can attackers disguise Trojans to harvest personal details? What are the communication vehicles that you're seeing phishing come from? How do I know if I have malware on my phone? Resources: Follow Christine on Twitter @x71n3 & @herhaxpodcast View Laurie Kirk on LinkedIn View Apurva Kumar on LinkedIn View Sherrod DeGrippo on LinkedIn DEV-0196: QuaDream’s “KingsPawn” malware targets Europe, North America, the Middle East, and Southeast Asia | Microsoft Security Blog 37C3 - Operation Triangulation: What You Get When Attack iPhones of Researchers Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.