Sponsored By:

• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!
• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com

Links:

• Sysadmin unplugged wrong server, ran away, hoped nobody noticed • The Register — ‘I was a snot-nosed kid fresh out of college and thought I knew everything!’
• Spoofing Cell Networks with a USB to VGA Adapter | Hackaday — Available through the usual overseas suppliers for as little has $5 USD, these devices can be used unmodified to transmit low-power FM, DAB, DVB-T, GSM, UMTS and GPS signals.
• ShofEL2, a Tegra X1 and Nintendo Switch exploit — The Tegra X1 (also known as Tegra210) SoC inside the Nintendo Switch contains an exploitable bug that allow taking control over early execution, bypassing all signature checks.
• Atlanta spends more than $2 million to recover from ransomware attack — . It appears that firms Secureworks and Ernst & Young were paid $650,000 and $600,000, respectively, for emergency services while Edelman was paid $50,000 for crisis communication services. Overall, the funds seemingly applied to the ransomware attack response add up to approximately $2.7 million.
• Google Chrome 66 Released Today Focuses on Security — The biggest change is that Google Chrome will start showing SSL certificate errors for all Symantec certs issued before June 1, 2016. This is "stage two" of Google's long-term plan on distrusting Symantec certificates altogether.
• Where to get started with monitoring?
• defunkt uses a fool tools for his network
• Brian shares some love for Zabbix
• VMware Patches Pwn2Own VM Escape Vulnerabilities — VMware on Tuesday patched a series of vulnerabilities uncovered earlier this month at Pwn2Own. The flaws enabled an attacker to execute code on a workstation and carry out a virtual machine escape to attack a host server.
• balena - A Moby-based container engine for IoT — A Moby-based container engine for IoT

Plus we go from a hacked client to a Zero-day discovery, answer some questions, ask a few, and more!

Sponsored By:

• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!

Links:

• Unified Logs in High Sierra (10.13) Show Plaintext Password for APFS Encrypted External Volumes — My verification test is below. Note that it gets stored in on-disk, collected logs (non-volatile logs).
• Thousands of servers found leaking 750MB worth of passwords and keys — Leaky etcd servers could be a boon to data thieves and ransomware scammers.
• Atlanta city government systems down due to ransomware attack — FBI called in as some city services are interrupted, employees told to turn off PCs.
• Android malware found inside apps downloaded 500,000 times | ZDNet — Cybercriminals have distributed malware to hundreds of thousands of Android users by hiding it inside a series of apparently harmless apps.
• From hacked client to 0day discovery — The client’s account had been blocked because it was spotted sending spam. Once connected to the service, it was clear that the monthly quota of the account was almost reached and that the latest emails sent shown on the dashboard had content that were clearly spam.
• Listener Feedback from Jeff S
• Listener Feedback from Tyler