The 443 - Security Simplified

This week on the podcast we take a look at Content Security Policy, a web app security standard designed to combat Cross Site Scripting attacks against websites and web apps. Before that though, we'll cover the latest security news including a resurgence in ransomware attacks and the long overdue death of TLS versions 1.0 and 1.1. … [Read more...]

This week on the podcast we cover key findings from the 2020 FBI Internet Crime Report and the latest reflective amplification vector for DDoS attacks. Then, we discuss a recent blog post from penetration tester Fabian Mosch that details the top weaknesses they target during their engagements. You can read more from Fabian here. … [Read more...]

This week on the podcast we take a deep dive into the Exchange Server vulnerabilities that Microsoft issued an emergency patch for after discovering foreign adversaries were actively exploiting the flaws in the wild. We'll go over the vulnerabilities, how they work, and give some tips for defending against similar attacks in the future. … [Read more...]

This week on the podcast we cover Gootkitand Gootloader, two oddly-named pieces of an evasive trojan that researchers have been watching evolve into a fileless threat. We also discuss the security benefits and drawbacks of Apple's closed-door approach to security. Finally, we end with some research on what happens when a cosmic ray causes your computer to load up the wrong … [Read more...]

This week on the podcast we cover an upcoming Chrome browser update with important behind-the-scenes changes, a 9.8/10 severity vulnerability in VMWare vCenter, and a plea from Microsoft for more breach disclosure regulation in the wake of the SolarWinds breaches. … [Read more...]