The 443 - Security Simplified

This week on the podcast, we discuss how German law enforcement managed to deanonymize and arrest users on the TOR network. After that, we discuss why the US government is trying to ban Chinese-manufactured car hardware. We then end with a cool research article on chaining open redirect and iframe issues into a 1-click vulnerability that grants attackers access to arbitrary Google Docs files.

This week on the podcast, we discuss Microsoft's recent Windows Endpoint Security Ecosystem Summit and what it means for the future of endpoint security on the Windows platform. After that, we cover a research post on a malware campaign using Google Sheets as a command and control channel before ending with a chat about the US federal government's push to classify cybersecurity as a national service role.

This week on the podcast, we discuss guidance published by the US White House Office of the National Cyber Director that lays out a roadmap for addressing key security concerns in the BGP routing protocol. Before that, we cover a security research post from Jfrog detailing a new python package hijacking method under active exploitation as well as an analysis of the Microsoft Windows Wi-Fi driver remote code execution vulnerability patched last June.

This week on the podcast, we discuss the US government's push to investigate the risks that TP-Link network devices introduce to national security. Before that, we give an update on the NPD data breach from last week as well as the threat actor behind it. We also discuss an ongoing cyber incident at the Port of Seattle.

This week on the podcast, we cover the National Public Data breach that may have leaked every American's social security number. After that, we discuss research from TALOS on how attackers can abuse Microsoft applications on macOS to gain access to your camera and microphone. We end the episode by discussing recent research on how attackers are attempting to evade Endpoint Detection and Response (EDR) tools.

This week on the podcast, we round out our takeaways from the Black Hat and Def Con security conferences in Las Vegas. We go through 4 talks across both conferences that were especially interesting either for nostalgia or modern impact.

On this episode of the podcast, we have another recap from the BlackHat security conference in Las Vegas. This time we discuss a new initiative to protect the world from deepfakes, followed by a penetration testing engagement that proved immutable backups doesn't always mean available backups.

On this episode of the podcast, we cover our two favorite briefings from the first day at the Black Hat security conference. We start with our thoughts on "shadow resources" in cloud environments before giving an update to last week's episode with additional research into AI-as-a-Service attacks.

https://youtu.be/PTm87MQS-Z8
This week we will be attending Hacker Summer camp in Las Vegas. We will be publishing a recap each day focusing on our key takeaways.

This week on the episode, we walk through CrowdStrike's preliminary post incident report to understand exactly what happened during the July 19th outage and what all software vendors can learn from the event. After that, we cover a clever plot that lead to KnowBe4 hiring a North Korean threat actor. We end with some research from Wiz on Artificial Intelligence tenant isolation.