This week on the podcast, we discuss the Common Vulnerability Scoring System or CVSS and why one popular developer thinks its completely broken. After that, we cover Lumen's Black Lotus Labs' research into a Juniper backdoor malware. We end with the latest car hacking research and an admin portal with possibly the wors... more
This week on the podcast, we cover security researcher Eaton Zveare's recent blog post on a trove of vulnerabilities they found in McDonalds India's McDelivery web application. Before that, we give an update on Salt Typhoon's latest US government victim and discus an attack involving hijacked Google Chrome extensions.
This week on the podcast, we dive in to the WatchGuard Threat Lab's 2025 security predictions. We'll cover each of the predictions and explain the trends that drove us to making them for the coming year.
This week on the podcast, we cover the first ever UEFI bootkit targeting Linux systems and what it means for evasive malware. After that, we give an update on whats being called "the worst telecom hack in US history" before ending with our analysis of a research post showing the latest phishing evasion techniques for m... more
This week on the podcast, we look back to our 2024 security predictions that we made last year and grade ourselves on how well we saw the future. We cover everything from AI deep-fake phishing to VR headset hacking!
This week on the podcast, we review CISA's most recent report on the top routinely exploited vulnerabilities from the last year. Before that, we cover North Korea's latest malware evasion testing followed by a report on a different evasion technique that abuses concatenated ZIP archives.
This week on the podcast, we cover a research white paper that details how attackers could use AI to complete an entire money-theft or credential theft-scam from start to finish. Before that, we discus Sophos' 5 year battle with Chinese hackers targeting network devices followed by Microsoft's current battle with passw... more
This week on the podcast, we review Fortinet's recently-disclosed remote code execution vulnerability in the FortiManager system that has been under active exploit since at least June. After that, we discuss the SEC's recent action against 4 companies found at fault for misleading security incident disclosure statement... more
This week on the podcast, we cover security incident that brought the Internet Archive and all of its services down, including the Way Back Machine. Before that, we discuss a Chinese nation-state backed threat actor that compromised three major American telecommunications providers and may have gained access to the US ... more
This week we cover a research write up on a new technique to monetize stolen AWS credentials. Before that, we discuss a Linux malware variant that went unexposed until just recently and a story about a serial hacker that was caught because of opsec failures.
This week on the podcast, we cover the "9.9/10 severity vulnerability affecting most Linux systems" that a researcher disclosed last week and what it means for Linux systems administrators. We then discuss a research post into Kia's remote control systems that allowed one researcher to compromise any Kia in the last de... more
This week on the podcast, we discuss how German law enforcement managed to deanonymize and arrest users on the TOR network. After that, we discuss why the US government is trying to ban Chinese-manufactured car hardware. We then end with a cool research article on chaining open redirect and iframe issues into a 1-click... more
This week on the podcast, we discuss Microsoft's recent Windows Endpoint Security Ecosystem Summit and what it means for the future of endpoint security on the Windows platform. After that, we cover a research post on a malware campaign using Google Sheets as a command and control channel before ending with a chat abou... more
This week on the podcast, we discuss guidance published by the US White House Office of the National Cyber Director that lays out a roadmap for addressing key security concerns in the BGP routing protocol. Before that, we cover a security research post from Jfrog detailing a new python package hijacking method under ac... more
This week on the podcast, we discuss the US government's push to investigate the risks that TP-Link network devices introduce to national security. Before that, we give an update on the NPD data breach from last week as well as the threat actor behind it. We also discuss an ongoing cyber incident at the Port of Seattle... more
https://youtu.be/jVSMBcT3GnIThis week on the podcast, we cover the National Public Data breach that may have leaked every American's social security number. After that, we discuss research from TALOS on how attackers can abuse Microsoft applications on macOS to gain access to your camera and microphone. We end the ep... more
https://youtu.be/wft_hpC-_WoThis week on the podcast, we cover the National Public Data breach that may have leaked every American's social security number. After that, we discuss research from TALOS on how attackers can abuse Microsoft applications on macOS to gain access to your camera and microphone. We end the ep... more
This week on the podcast, we cover the National Public Data breach that may have leaked every American's social security number. After that, we discuss research from TALOS on how attackers can abuse Microsoft applications on macOS to gain access to your camera and microphone. We end the episode by discussing recent res... more
This week on the podcast, we round out our takeaways from the Black Hat and Def Con security conferences in Las Vegas. We go through 4 talks across both conferences that were especially interesting either for nostalgia or modern impact.
https://youtu.be/0jX-2UYlf8QThis week on the podcast, we round out our takeaways from the Black Hat and Def Con security conferences in Las Vegas. We go through 4 talks across both conferences that were especially interesting either for nostalgia or modern impact.
On this episode of the podcast, we have another recap from the BlackHat security conference in Las Vegas. This time we discuss a new initiative to protect the world from deepfakes, followed by a penetration testing engagement that proved immutable backups doesn't always mean available backups.
On this episode of the podcast, we cover our two favorite briefings from the first day at the Black Hat security conference. We start with our thoughts on "shadow resources" in cloud environments before giving an update to last week's episode with additional research into AI-as-a-Service attacks.
https://youtu.be/PTm87MQS-Z8This week we will be attending Hacker Summer camp in Las Vegas. We will be publishing a recap each day focusing on our key takeaways.
https://youtu.be/AMwgW11DT1cThis week on the episode, we walk through CrowdStrike's preliminary post incident report to understand exactly what happened during the July 19th outage and what all software vendors can learn from the event. After that, we cover a clever plot that lead to KnowBe4 hiring a North Korean thr... more
This week on the episode, we walk through CrowdStrike's preliminary post incident report to understand exactly what happened during the July 19th outage and what all software vendors can learn from the event. After that, we cover a clever plot that lead to KnowBe4 hiring a North Korean threat actor. We end with some re... more