The 443 - Security Simplified

This week on the podcast we cover an epic battle between a video game giant and a tech behemoth that has the potential to change mobile security forever. After that, we cover updates to several recent security events including the SolarWinds breach, the attempted poisoning of the Oldsmar, FL water supply, and the ransomware attack against Colonial Pipeline.

This week on the podcast we cover the ransomware attack against Colonial Pipeline which left the east coast of the United States in fear of gas shortages for more than a week. We'll discuss the threat actors behind it, how they possibly got in, and what the response was from Colonial and the United States government.

This week on the podcast we cover a 12 year old vulnerability in Dell's firmware update driver impacting hundreds of millions of servers, workstations and tablets. Then, we dive in to 21 nails, a collection of vulnerabilities in the Exim Mail Transfer Agent (MTA) which has wide use across the internet. We'll go over a few of the biggest flaws and how they work as well as what it means for email security.

This week on the podcast, we mourn a Dan Kaminsky, a well-loved hacker responsible for identifying one of the biggest vulnerabilities in the history of the internet. Then, we continue our dive into web app security standards with a discussion on Same-Origin Policy and Cross Origin Resource Sharing (CORS) and how they help protect us against Cross Site Request Forgery (CSRF) attacks.

This week on the podcast, we cover Signal CEO Moxie Marlinspike's analysis of a phone forensic analysis tool made by the grey-hat hacking organization Cellebrite. Before that though, we cover another solved mystery from the SolarWinds Orion saga.

This week on the podcast we cover a couple of major events from April's Patch Tuesday including four new remote code execution vulnerabilities in Exchange Server and some additional developments in the saga of March's Exchange Server exploits.

This week on the podcast, we go back to one of our favorite episodes from last year near the start of the pandemic where we sat down with security expert Nina Jankowicz to discuss what the rapid change to remote work would mean for security.

Its that time of year again! This week on the podcast we dive in to the latest internet security report out of the WatchGuard Threat Lab. We'll cover the latest trends in malware, both at the perimeter and the endpoint, as well as network attacks and malicious domains. Additionally, we'll recap the top security incident from Q4, the Solar Winds Breach, and what it means for companies going forward.

This week on the podcast we take a look at Content Security Policy, a web app security standard designed to combat Cross Site Scripting attacks against websites and web apps. Before that though, we'll cover the latest security news including a resurgence in ransomware attacks and the long overdue death of TLS versions 1.0 and 1.1.

This week on the podcast we cover key findings from the 2020 FBI Internet Crime Report and the latest reflective amplification vector for DDoS attacks. Then, we discuss a recent blog post from penetration tester Fabian Mosch that details the top weaknesses they target during their engagements. You can read more from Fabian here.