https://youtu.be/Yo5GO14F5N0 This week on the podcast, we get up to speed on the MGM and Caesars Entertainment ransomware incidents from the previous week. After that, we take a deep dive into a blog post from Meta's application security team for their VR headsets. After that, we cover Microsoft's analysis of an ATP's pivot from email to another form of phishing. … [Read more...]
iPhone’s Latest 0-Day
https://youtu.be/UwuG1U1fZhE This week on the podcast, we cover Microsoft's final report on their July incident involving nation-state actors compromising enterprise email accounts. After that, we discuss a zero-day, zero-click vulnerability in iOS being actively exploited in the wild before ending with a chat about an upcoming change to how Android handles CA certificates. … [Read more...]
The Qakbot Takedown
https://youtu.be/NLO0DYuTZp4 This week on the podcast, we cover the FBI-lead, multinational takedown of the Qakbot botnet of over 700,000 victim devices. After that, we cover two android malware variants including one targeting victims in southeast Asia and another built by the Russian GRU. … [Read more...]
Weaponizing WinRAR
https://youtu.be/BVbVwm0dMgg This week on the podcast we cover the latest evolutions of the North Korean threat actor Lazarus before covering an actively-exploited 0day vulnerability in the popular unarchiver WinRAR. We end the episode with an AI-related attack that doesn't actually use AI. … [Read more...]
U.S. Cyber Trust Mark
https://youtu.be/Drx3kF3sllQ This week on the podcast we cover the FCC's proposal for a security assurance labeling program for IoT devices. Before that, we discuss the latest AI research challenge hosted by DARPA as well as some research into a novel attack against the AI/ML supply chain. … [Read more...]