The 443 - Security Simplified

This week on the podcast, we cover key findings from three individual reports published last week. In the first report we'll dive into the world of blockchain analysis looking for illicit transactions. In the second report, we'll cover the state of SMB security. The final report includes a discussion of overall financial crime involving stolen payment card information.

This week on the podcast we cover a recently-disclosed vulnerability in the popular JavaScript library JsonWebToken. After that, we give an update to weaponizing ChatGPT, the currently free Artificial Intelligence chat bot that has made waves since it's release in November. We round out the episode with a wave farewell to Windows 7 and Windows 8.1 and what the end of extended support means for businesses.

This week on the podcast we cover a recent analysis by Mandiant on a Russia-based APT using a decade old botnet to deliver new attacks. Before that, we cover an update from LastPass about their most recent breach as well as the 200 million Twitter accounts leaked last week.

This week on the podcast we discuss key findings from the WatchGuard Threat Lab's Q3 2022 Internet Security Report. We'll cover everything from the top malware threats to the latest network attack trends targeting small and midsize enterprises globally and give practical defensive tips that anyone can use to keep their organizations safe. [PowerPress]

It's that time of year for us to discuss the WatchGuard Threat Lab's 2023 cyber security predictions! On this episode, we will cover the six predictions plus another two that didn't make the cut as well as some defensive strategies to try and help stop them from coming true.

This week on the podcast, we cover Apple's latest announcement of expanded privacy and security features for their users. Before that, we cover a major breach in the Android ecosystem followed by a new Internet Explorer (yes, that still exists) 0-day vulnerability.

On this week's episode, we cover the latest in car hacking, this time involving a vulnerability that could have given remote attackers full control over certain Hyundai models' doors, lights and engine. After that, we discuss the latest breach impacting a major password management app and how it's different from previous ones we've seen. We end with a discussion on the latest 'custom security solution' vendor selling spyware tools for profit.

On today's episode we cover a pair of alerts from the Cybersecurity Infrastructure and Security Agency (CISA), one detailing the tools, tactics and procedures from a prolific ransomware organization and another walking through a recent incident response engagement CISA completed with a federal agency. Before that though, we learn about what happens when you use a software component that hasn't received updates in 17 years.

This week on the podcast we dive into the world of attack surface management. We discuss what your attack surface is made up of including some areas you may not have thought of and then cover the best ways to reduce and ultimately protect it.

This week on the podcast we take a look back at our 2022 cybersecurity predictions and give ourselves a grading on how well we did. From cyber insurance to space hacks, we'll cover each of the 6 predictions we made last December and discuss why we think they did or did not come to fruition. As mentioned on the episode, several WatchGuard employees are participating in "Mo-vember" to raise awareness and contributions for men's health charities. Check out our page, and Corey's amazing mustache, at - https://nl.movember.com/en/team/2435885

On this episode we cover the much anticipated OpenSSL vulnerabilities that were disclosed and patched on November 1st and why the 6 year streak of no critical issues continues. After that, we dive back in to election security and the hacking activity that could have the most impact. We end with an update from Apple on their security program and making vulnerability research more accessible.

This week on the podcast we cover CISA's freshly-released Cybersecurity Performance Goals (CPGs) designed to help smaller organizations bridge the gap between frameworks and practical implementation. After that, we discuss a new bill working its way through the US Senate designed to address open source software security risks. Finally, we end with a research post from Microsoft on the evolution of an interesting malware campaign.

This week on the podcast, we cover another remote code execution vulnerability that looks extremely concerning on the surface but might be less serious in reality. After that, we cover two research articles by Microsoft on ransomware campaigns including defensive takeaways for all organizations.

This week on the podcast we cover a proposed program from the White House to create an Energy Star-like label for cybersecurity in consumer products. Before that, we cover two other updates from the federal government including a new open source tool from CISA and the latest reincarnation of Privacy Shield.

This week on the podcast, we focus on highlighting WatchGuard's Q2 Internet Security Report, covering the latest threat trends and what you can do to avoid them. However, we also pack in our security news segment, with an Optus breach update from an Australian IT and security expert and WatchGuard Partner, the latest on the UBER CSO trial, and a warning about the recent zero day Exchange exploit that some call ProxyNotShell. This week's episode is a long one, so grab a fresh coffee and listen during a long walk or drive.

This week on the podcast, we cover an Optus data breach that could affect over 10 million Australian customers, and what they should do to protect themselves. We highlight a new malware-as-a-service (MaaS) information stealer that lowers the cost and technical bar for cybercriminals. Finally, we end with some good news about how the FBI was able to catch and arrest an ex-NSA insider trying to sell sensitive national security data to a supposed Russian adversary. Or watch the video version here.

This week on the podcast, we cover Uber's most recent security incident and the alleged individual behind it. After that, we dive into the world of gas station operational technology and potential security weaknesses in one tool. Finally, we end with a chat about the FBI CISO Academy and how the FBI as a whole is trying to reshape relationships with the private sector.

This week on the podcast we cover a court case that is attempting to hold the ex-CISO of a popular tech company accountable for their actions involving a data breach dating back to 2016. Before that though, we dive in to a novel command and control (C2) method as well as the latest commoditization of a sophisticated cyber attack technique.

This week on the podcast we sit down with Ryan Estes, a malware analyst on the WatchGauard Threat Lab team, to discuss what it takes to rapidly differentiate malware from goodware. In this interview, we discuss what it takes to get in to malware analytics, popular tools to help with the task, and resources anyone can follow to build up skills.

This week on the podcast, we cover the big whistleblower complaint against Twitter including our hot takes on who to believe. We then cover an FBI alert on evasion techniques cyber criminals are deploying in their authentication attacks before finishing with a highlight of a very convincing phish.

This week on the podcast we review our time at this year's Black Hat and Def Con cybersecurity conferences in Las Vegas. We'll cover how the WatchGuard CTF contest went this year and discuss takeaways from a few of the briefings we attended.

This week on the podcast, we give our preview of the Black Hat and Def Con cybersecurity conferences, aka Hacker Summer Camp. Throughout the episode, we'll discuss the briefings and panels we're most excited to see and what we hope to get out of them. If you're not able to attend either conference in person this year, be sure to watch the Def Con Youtube channel for recordings! Also, check out our capture the flag contest at WGCTF.com!

This week on the podcast we discuss the shifting landscape of phishing attacks in the wake of Microsoft's efforts to block malicious Office macros. We then cover a private organization that has been found not just selling exploit tools but also participating in offensive cyber operations. We end the episode with a review of IBM and the Ponemon Institute's Cost of a Breach Report for 2022.

This week on the podcast, we discuss the current cyber skills gab and a federal program designed to help combat it. After that, we dive in to the American Data Privacy protection Act and what it potentially means if passed by US Congress. We end this week with a quick update on Microsoft's attempts to protect users from malicious macro-enabled documents.

This week on the podcast we cover the latest in car hacking research, this time targeting vulnerabilities in remote keyless entry. We then dive in to Microsoft's latest research on Adversary in the Middle (AitM) attacks and end with key findings from the latest WatchGuard Threat Lab quarterly Internet Security Report.

This week on the podcast, we discuss two recent security reports, one on the topic of open source software and the other on "insecure by design" in the Operational Technology (OT) space. We go through the key findings from each report and what our thoughts are on their accuracy within the real world. We end the week by covering Gartner's 8 security prediction from their Security and Risk Management summit last week and what we think their likelihood of hitting are in the years to come.

In celebration of our 200th episode, this week on the podcast we take a look back at the last few years and revisit some of our favorite episodes. Along the way, we'll give updates on a few of our cybersecurity predictions from years past that took just a little bit longer than anticipated to come true. Finally, we end with a round of Q & A and a few quick news updates.

This week on the podcast we cover the latest and most bizarre ransomware extortion demand we've seen in recent memory. Before that though, we cover the latest updates on nation state hacking activity including threats of escalating attacks leading to physical retaliation.

This week on the podcast we cover two fresh 0-day vulnerabilities, one in Windows and another in Atlassian's Confluence, both under active exploitation in the wild. Additionally, we cover Costa Rica's no good, terrible month in Cybersecurity.

This week on the podcast, we discuss the line between ethical security research and malicious activity thanks to a compromised open source software package. After that we cover the latest industry to fall victim to Ransomware and end by highlighting a 0-click vulnerability in Zoom’s message system discovered by Google Project Zero.

This week on the podcast we sit down for a chat with Matt Lee, Sr. Director of Security and Compliance at Pax8 and well-known cyber security educator, to discuss security strategies for MSPs and midsize enterprises in the face of a dynamic threat landscape. We cover everything from picking a framework to getting buy in from stakeholders and take a forward look at what future cyber regulations may look like to all organizations.

This week on the podcast we walk through CISA alert AA222-131A which gives bulleted guidance to MSPs and customers of MSPs on how to navigate their relationship security as threats targeting service providers continue to grow. We'll walk through the list and hit each recommendation and give our own guidance on top of them for both MSPs and their customers. After that, we cover the the latest Microsoft patch Tuesday and end the episode with the latest updates on SAT COM hacking.

This week on the podcast we discuss the latest rumblings around the return of the prolific ransomware-as-a-service organization REvil. Before that though, we dive in to the latest tools, tactics and procedures of the Lazarous nation state hacking group as well as a recently discovered form of fileless malware evasion.

This week on the podcast, we dive into CISA's list of the 15 most exploited vulnerabilities in 2021. We'll walk through each flaw and give a refresher on their history and how attackers have exploited them. After that, we cover the latest ransomware-as-a-service threat that has victimized over 60 organizations worldwide before ending with a quick chat about our "favorite" topic, NFTs.

This week on the podcast we cover a critical and easily-exploited vulnerability in how some recent versions of Java handle cryptography. We also discuss the latest in a series of alerts from CISA and international intelligence organizations on cyber threats to critical infrastructure. Finally, we end with a condensed overview of the latest internet security report from the WatchGuard Threat Lab.

This week on the podcast, we cover the latest evasion and persistence techniques from the state-sponsored threat actors known as Hafnium. Then, we dive into the world of ICS and SCADA devices to discuss the latest joint-agency alert from the US Government. We then round out the episode by highlighting some recent research into spoofing using Unicode BiDi (Bi-Directional) characters.

This week on the podcast we discuss one of the most rampant yet easily resolved risks facing many organizations today, not installing vendor-supplied security fixes. We'll cover some of the reasons why organizations might fall behind on patching as well as the potentially serious consequences. After that, we cover the latest 0-day Chromium vulnerability before a quick chat about the latest in US cybersecurity legislation.

This week on the podcast we cover the hacking organization Lapsus$ including their tactics, targets, and how they ended up with several members arrested last week. After that, we cover the cyber cold war and threats of Russian revenge attacks against the US energy sector that prompted classified meetings with potentially targeted organizations.

This week on the podcast, we cover a CISA alert on securing satellite communications (SATCOM) in the wake of several recent incidents involving providers and networks in eastern Europe. After that, we check in on the TSA's cybersecurity rules for pipeline distribution networks and how adoption is going so far in the industry.

This week on the podcast, we cover last week's Executive Order from the White House that lays the foundation for a United States Central Bank Digital Currency, or CBDC, and what it means for the future of Cryptocurrency. We also discuss recent research from Mandiant on APT41, a Chinese threat actor that has recently turned their sights on US state governments.

This week on the podcast we cover the recent leaks highlighting the inner workings of the Conti ransomware group that started with chat logs and grew to entire source code dumps. We then round out the episode by discussing the recent Nvidea breach and how some of the stolen information might fuel future attacks.

This week on the podcast we dig back into our archives for an episode that originally aired back in July 2020 where we discussed one of our analysts first-hand research into facial recognition biases.

This week on the podcast we cover a cryptocurrency heist that abused the backbone of the internet to steal millions of dollars of coins. In related news, we also cover the FBI's new Virtual Asset Exploitation Team and their focus on tracking cryptocurrency-related cybercrime as well as a recent alert on business email compromise from the same agency.

This week on the podcast we cover Russia's latest crackdown on cybercriminals within their borders and try to answer the "why now?" question. We also discuss a multi-billion dollar cryptocurrency recovery by the US Justice Department including the arrest of two New Yorkers allegedly responsible for the 2016 Bitfinex hack.

This week on the podcast, we cover the heist of $322 million in cryptocurrency from the distributed exchange Wormhole, including a long discussion on the why it feels like cryptocurrency is still the wild west of technology. After that, give an update on our brief mention in last week's episode about North Korea's internet seemingly being taken offline by cyber attack. We end this week with a quick update on a sophisticated malware attack targeting macOS devices.

This week on the podcast, we cover Pwnkit, a privilege escalation vulnerability impacting almost every modern Linux release worldwide. We also dive in to the world of macOS malware with DazzleSpy, a remote a remote access trojan targeting Hong Kong pro-democracy advocates. Finally, we end with an update on North Korea's Lazarus APT and their latest attack tactics targeting organizations.

This week on the podcast we discuss the latest Internet Security Report from the WatchGuard Threat Lab. Built with threat intelligence gathered from tens of thousands of Firebox UTM appliances that have opted-in to sharing data, the quarterly report lets us talk about the latest malware and attack trends targeting organizations globally. On this episode, we'll cover some of the key findings and defensive takeaways from the latest report.

This week on the podcast we give a quick update to the Log4Shell saga after the researchers detected the first significant campaign that uses the critical vulnerability. After that, we dive in to the world of carding marketplaces where cybercriminals buy and sell stolen credit card information and discuss possible reasons for why these marketplaces appear to be dying off.

This week on the podcast we give an update on log4j2 and it's most recently-disclosed vulnerabilities before covering a recent report on credential stuffing by the New York Attorney General. Then, we discuss this recent article in DarkReading on whether or not cybersecurity jobs should be considered professional or vocational.

This week we take a deep dive into CVE-2021-44228, better known as Log4Shell, a critical vulnerability in the massively popular log4j2 logging library for Java applications. We discuss how the flaw came about, how it works, and why this specific issue has the potential to cause lasting headaches for the security industry for years to come. We also answer a mailbag full of questions from our listeners and WatchGuard partners about Log4Shell. NCSC log4js Usage Index - https://github.com/NCSC-NL/log4shell/blob/main/software/README.md Log4Shell IOCs - https://github.com/WatchGuard-Threat-Lab/log4shell-iocs Log4Shell Scanning Utility - https://github.com/proferosec/log4jScanner