The 443 - Security Simplified

https://youtu.be/DYam7E96dgc
On this week's podcast we discuss a recent analysis on the risks of GitHub RepoJacking. After that, we dive in to the Barracuda 0-day that China-based threat actors are actively exploiting as well as a novel command and control distribution method for a separate China-based APT.

https://youtu.be/KOBaZcDg0tY
This week on the podcast we cover a supply chain attack of sorts against Minecraft gamers. After that, we cover a vulnerability in MOVEit Transfer that threat actors are exploiting in the wild to steal data and deploy ransomware. Finally, we wne with our review of the latest Verizon Data Breach Investigations Report (DBIR).

https://youtu.be/PZWaRaguDTI
This week on the podcast, we give a quick update on the latest Volt Typhoon activity before covering a newly for sale EDR bypass tool. After that, we discuss Gigabyte's decision to rootkit their own motherboards before ending with a new macOS vulnerability.

https://youtu.be/loUDfzGTaiE
This week on the podcast, we cover Microsoft's latest refresh of naming conventions for advanced persistent threat (APT) actors worldwide, as well as an update on two specific threat actors and their latest tactics. We also cover a ransomware event targeting a biotechnology company with an interesting twist.

https://youtu.be/W57_CpRSFEA
This week on the podcast, we cover the recent TikTok ban coming from the state of Montana and discuss whether it was justified and what the potential security impact is. Before that, we give an update on two US Supreme Court cases that were poised to potentially strip away Section 230 protections. We also highlight a new phishing-as-a-service (PaaS) platform that has yet again lowered the barrier for executing sophisticated attacks.

https://youtu.be/-asU7Sd24gg
This week on the podcast, Marc kick's Corey off the podcast and interview's ChatGPT to learn its thoughts on AI applications in cybersecurity, both on offense and defense.

https://youtu.be/PoEXinvhMVQ
This week on the podcast, we cover two new malware research pieces, including the latest evolution of a delivery vehicle as old as time. After that, we cover recent regulations in the healthcare industry that have a chance to push the industry to a more secure future.

This week on the podcast, we cover a recently discovered macOS malware attack that uses a multi-stage delivery mechanism. Before that, we discuss an actively-exploited vulnerability in the print management software PaperCut, as well as an update on the 3CX supply chain attack.

This week's podcast comes from the WatchGuard Apogee partner conference for the Americas where we bring on special guests Kevin Willette of Verus Corporation and Neil Holme of Impact Business Technology to discuss the challenges and opportunities MSPs and MSSPs will face in the coming years. This is the first of a multipart series where we explore similar questions around the world.

https://youtu.be/vzTpECddZRg
This week on the podcast, we cover two new publications out of CISA. First, we dive into CISA's guidance to manufacturers and customers on products that are secure-by-design and secure-by-default. Next, we discuss CISA's latest Zero Trust Maturity Model which any organization can use to gauge how far along they are on the ZTA path and where the should focus their efforts next. Finally, we end wit some research from Blaze Information Security on a series of vulnerabilities in a play-to-earn blockchain game.
You can view more information on the CISA guidance as well as Blaze Lab's full blog post at the links below:
- https://www.cisa.gov/sites/default/files/2023-04/zero_trust_maturity_model_v2_508.pdf
- https://www.blazeinfosec.com/post/hacking-play-2-earn-blockchain-games-manarium