The 443 - Security Simplified

https://youtu.be/jG3mwjCLpJQ
This week on the podcast, we review a CISA and FBI joint advisory on the Androxgh0st malware. Before that we cover recent Volt Typhoon activity targeting SMB routers exposed on the internet. We end the episode with a fun research blog post about a series of flaws in an Indian insurance provider.

https://youtu.be/3E_Ei9hgNzA
This week on the podcast, we review NIST's new publication that defines a taxonomy for how we talk about Adversarial Machine Learning. Before that, we cover a recent discovery of threat actors retaining access to Google accounts even through a password reset. We round out the episode with an account compromise that lead to a surge in Bitcoin price before finishing with a discussion of Living-off-Trusted Sites (LoTS) attacks that leverage GitHub.

https://youtu.be/VK1QoxLP16Y
This week, we cover a password compromise that lead to a mobile telco in Spain losing control of their IP address space. We also give a quick update on the Lapsus$ ringleader's court case before discussing a recently discovered macOS backdoor malware that evades most endpoint protection. We end the episode by covering Microsoft's research into a malware installation method that bypasses many security protections.

https://youtu.be/YZLayuDJyyk
This week on the podcast, we cover a supply chain attack against one of the largest hardware cryptocurrency wallet manufacturers. After that, we discuss the latest Apache Struts vulnerability under active exploit by threat actors. We end the episode with our thoughts on a research blog post about a set of threat actors using an old school attack against modern targets.

https://youtu.be/sbc2U4WYrng
This week on the podcast, we cover a new unauthenticated keystroke injection vulnerability in the Bluetooth implementation on nearly every type of device. After that we discuss Logofail, a suite of vulnerabilities in most UEFI boot implementations that could let threat actors easily hide their tracks. We end by covering a recent CISA advisory on Adobe ColdFusion exploits in the wild.

https://youtu.be/BHsow5qnmHw
This week on the podcast we discuss our cybersecurity predictions for 2024. We'll cover each of the 6 predictions for the coming year including the trends behind them and how to protect your organization if they come true!

https://youtu.be/Eai8tYnU2I0
This week on the podcast, we look back to our 2023 security predictions and grade ourselves on how well we were able to see the future. We'll go through each of our 6 predictions, explain the trends that fueled them, and then provide either evidence that they came true or discuss reasons why they may not have yet.

https://youtu.be/RrKozKuhhcw
This week on the podcast, we dive in to the EU's Network and Information Security directive update, aka NIS2. We'll cover who might be impacted and what to expect in terms of requirements in the coming year. Before that, we give an update to on the latest Scattered Spider threat actor activity followed by an update on LockBit's latest ransomware victims.

https://youtu.be/GaTUPZ2RMK0
This week on the podcast, we cover an analysis from Mandiant on an attack lead by the Russian state-sponsored threat actor Sandworm that came alongside missiles strikes against Ukraine. Before that, we review Okta's post mortum from their recent cyber incident. We end the episode by discussing udpated research from Jamf on a North Korean threat actor targeting the financial sector.

https://youtu.be/67SMv6JtJbc
This week on the podcast we cover an Executive Order from the US White House on the topic of Artificial Intelligence. After that, we discuss the latest CISO that has found themselves in hot water with the law. We then cover an update to the Common Vulnerability Scoring System and end with a researcher claiming the end of encryption as we know it.