The 443 - Security Simplified

This week on the podcast, we cover guidance from CISA and its international partners that guides organizations on the right questions to ask during the technology procurement process to make sure the products they buy are secure. Before that, we cover Microsoft's research into a common vulnerability impacting over 4 billion Android application installations followed by a discussion on the Tunnel Vision VPN vulnerability.

This week on the podcast, we cover the key takeaways from the 2024 Verizon Data Breach Investigations Report. Before that, we discuss what we learned from United Healthcare CEO Andrew Witty's congressional testimony on their ransomware attack in February. We also discuss a research article from JFrog on malicious Docker Hub repositories.

This week on the podcast, we cover a nation-state backed attack against Cisco ASA appliances which Cisco TALOS themselves have dubbed "ArcaneDoor." After that, we discuss a phishing tookit being used to target LastPass users before ending with a new way to deliver malware payloads using legitimate services.

This week on the podcast, we cover a Google initiative to kill off session hijacking attacks once and for all. Before that, we give an analysis of CVE-2023-3400, the Palo Alto zero-day vulnerability currently under active exploit. Additionally, we discuss a recent white paper from CISA on securely deploying artificial intelligence systems.

This week on the podcast, we cover a research post describing a code injection vulnerability caused by how nearly every high-level programming language runs on Windows. We also discuss a series of vulnerabilities in LG televisions that allow remote attackers to root the device before ending with a chat about new adversarial tactics for delivering malware via GitHub.

This week on the podcast, we cover a report from the Department of Homeland Security's Cyber Safety Review Board that analyzes Microsoft's Exchange Online 2023 security incident in excruciating detail. Before that, we cover CISA's new rules around cyber incident reporting and an unsealed indictment against 7 Chinese nationals.

This week on the podcast, we cover a software supply chain attack years in the making that was days away from a devastating global impact. After that, we cover Facebook's Project Ghostbusters and its impact on user privacy before ending with another software supply chain attack that successfully compromised developers in the gaming world.

This week on the podcast we discuss a vulnerability in required commercial truck hardware that could enable an automatically propagating worm across the entire US. Before that, we cover Apple's "un-patchable" vulnerability in their M-series processors as well as a vulnerability that could let attackers unlock hotel room doors at will.

https://youtu.be/GnxViRW1A24
This week on the podcast, we cover a nation-state backed attack against Cisco ASA appliances which Cisco TALOS themselves have dubbed "ArcaneDoor." After that, we discuss a phishing tookit being used to target LastPass users before ending with a new way to deliver malware payloads using legitimate services.