The 443 - Security Simplified

This week on the podcast, we discuss the line between ethical security research and malicious activity thanks to a compromised open source software package. After that we cover the latest industry to fall victim to Ransomware and end by highlighting a 0-click vulnerability in Zoom’s message system discovered by Google Project Zero.

This week on the podcast we sit down for a chat with Matt Lee, Sr. Director of Security and Compliance at Pax8 and well-known cyber security educator, to discuss security strategies for MSPs and midsize enterprises in the face of a dynamic threat landscape. We cover everything from picking a framework to getting buy in from stakeholders and take a forward look at what future cyber regulations may look like to all organizations.

This week on the podcast we walk through CISA alert AA222-131A which gives bulleted guidance to MSPs and customers of MSPs on how to navigate their relationship security as threats targeting service providers continue to grow. We'll walk through the list and hit each recommendation and give our own guidance on top of them for both MSPs and their customers. After that, we cover the the latest Microsoft patch Tuesday and end the episode with the latest updates on SAT COM hacking.

This week on the podcast we discuss the latest rumblings around the return of the prolific ransomware-as-a-service organization REvil. Before that though, we dive in to the latest tools, tactics and procedures of the Lazarous nation state hacking group as well as a recently discovered form of fileless malware evasion.

This week on the podcast, we dive into CISA's list of the 15 most exploited vulnerabilities in 2021. We'll walk through each flaw and give a refresher on their history and how attackers have exploited them. After that, we cover the latest ransomware-as-a-service threat that has victimized over 60 organizations worldwide before ending with a quick chat about our "favorite" topic, NFTs.

This week on the podcast we cover a critical and easily-exploited vulnerability in how some recent versions of Java handle cryptography. We also discuss the latest in a series of alerts from CISA and international intelligence organizations on cyber threats to critical infrastructure. Finally, we end with a condensed overview of the latest internet security report from the WatchGuard Threat Lab.

This week on the podcast, we cover the latest evasion and persistence techniques from the state-sponsored threat actors known as Hafnium. Then, we dive into the world of ICS and SCADA devices to discuss the latest joint-agency alert from the US Government. We then round out the episode by highlighting some recent research into spoofing using Unicode BiDi (Bi-Directional) characters.

This week on the podcast we discuss one of the most rampant yet easily resolved risks facing many organizations today, not installing vendor-supplied security fixes. We'll cover some of the reasons why organizations might fall behind on patching as well as the potentially serious consequences. After that, we cover the latest 0-day Chromium vulnerability before a quick chat about the latest in US cybersecurity legislation.

This week on the podcast we cover the hacking organization Lapsus$ including their tactics, targets, and how they ended up with several members arrested last week. After that, we cover the cyber cold war and threats of Russian revenge attacks against the US energy sector that prompted classified meetings with potentially targeted organizations.

This week on the podcast, we cover a CISA alert on securing satellite communications (SATCOM) in the wake of several recent incidents involving providers and networks in eastern Europe. After that, we check in on the TSA's cybersecurity rules for pipeline distribution networks and how adoption is going so far in the industry.