The 443 - Security Simplified

https://youtu.be/loUDfzGTaiE
This week on the podcast, we cover Microsoft's latest refresh of naming conventions for advanced persistent threat (APT) actors worldwide, as well as an update on two specific threat actors and their latest tactics. We also cover a ransomware event targeting a biotechnology company with an interesting twist.

https://youtu.be/W57_CpRSFEA
This week on the podcast, we cover the recent TikTok ban coming from the state of Montana and discuss whether it was justified and what the potential security impact is. Before that, we give an update on two US Supreme Court cases that were poised to potentially strip away Section 230 protections. We also highlight a new phishing-as-a-service (PaaS) platform that has yet again lowered the barrier for executing sophisticated attacks.

https://youtu.be/-asU7Sd24gg
This week on the podcast, Marc kick's Corey off the podcast and interview's ChatGPT to learn its thoughts on AI applications in cybersecurity, both on offense and defense.

https://youtu.be/PoEXinvhMVQ
This week on the podcast, we cover two new malware research pieces, including the latest evolution of a delivery vehicle as old as time. After that, we cover recent regulations in the healthcare industry that have a chance to push the industry to a more secure future.

This week on the podcast, we cover a recently discovered macOS malware attack that uses a multi-stage delivery mechanism. Before that, we discuss an actively-exploited vulnerability in the print management software PaperCut, as well as an update on the 3CX supply chain attack.

This week's podcast comes from the WatchGuard Apogee partner conference for the Americas where we bring on special guests Kevin Willette of Verus Corporation and Neil Holme of Impact Business Technology to discuss the challenges and opportunities MSPs and MSSPs will face in the coming years. This is the first of a multipart series where we explore similar questions around the world.

https://youtu.be/vzTpECddZRg
This week on the podcast, we cover two new publications out of CISA. First, we dive into CISA's guidance to manufacturers and customers on products that are secure-by-design and secure-by-default. Next, we discuss CISA's latest Zero Trust Maturity Model which any organization can use to gauge how far along they are on the ZTA path and where the should focus their efforts next. Finally, we end wit some research from Blaze Information Security on a series of vulnerabilities in a play-to-earn blockchain game.
You can view more information on the CISA guidance as well as Blaze Lab's full blog post at the links below:
- https://www.cisa.gov/sites/default/files/2023-04/zero_trust_maturity_model_v2_508.pdf
- https://www.blazeinfosec.com/post/hacking-play-2-earn-blockchain-games-manarium

This week on the podcast, we discuss another cybercrime marketplace takedown dubbed Operation Cookie Monster. After that, we discuss Microsoft's attempts to limit the distribution of a popular hacking toolkit. Finally, we discuss a recent analysis by Dr. Ken Tindell of Canis Automotive Labs around how criminals were able to steal his friend's Toyota Rav4.
You can view Dr. Ken Tindell's full blog post here: https://kentindell.github.io/2023/04/03/can-injection/

This week on The 443, we discuss the latest software supply chain attack with a potential blast radius of thousands of organizations. Then we cover a new protocol vulnerability in the Wi-Fi wireless standard before ending with some research into insecure Microsoft Azure applications.

This week we have all the acronyms as we cover a joint publication by CISA and the NSA with Identity and Access Management (IAM) best practices. We then cover some new proposed cybersecurity rules out of the Securities and Exchange Commission (SEC) before ending with an FBI takedown of a popular hacking forum.