https://youtu.be/_nVThuQmPZc This week on the podcast, we cover a Google initiative to kill off session hijacking attacks once and for all. Before that, we give an analysis of CVE-2023-3400, the Palo Alto zero-day vulnerability currently under active exploit. Additionally, we discuss a recent white paper from CISA on securely deploying artificial intelligence systems. … [Read more...]
BatBadBut What?
https://youtu.be/3fX7LRXi74I This week on the podcast, we cover a research post that describes a code injection vulnerability caused by the way nearly every high level programming language runs on Windows. We also discuss a series of vulnerabilities in LG televisions that allow remote attackers to root the device before ending with a chat about new adversarial tactics for … [Read more...]
Bad Month for Software Supply Chains
https://youtu.be/0860ZmM1vgE This week on the podcast, we cover a software supply chain attack years in the making that was days away from a devastating global impact. After that, we cover Facebook's Project Ghostbusters and its impact on user privacy before ending with another software supply chain attack that successfully compromised developers in the gaming world. … [Read more...]
Trucking Worms
https://youtu.be/VqFnomsJzdA This week on the podcast we discuss a vulnerability in required commercial truck hardware that could enable an automatically propagating worm across the entire US. Before that, we cover Apple's "un-patchable" vulnerability in their M-series processors as well as a vulnerability that could let attackers unlock hotel room doors at will. … [Read more...]
A Wild Month in Ransomware
https://youtu.be/iYM3y85hEkM This week on the podcast, we're joined by Ryan Estes, a member of WatchGuard's Zero-Trust Application Service classification team and resident ransomware expert to discuss the wild month in ransomware news. We start the episode with a story about a fake ransomware operator that scammed cybercriminals out of tens of thousands of dollars before … [Read more...]