The 443 - Security Simplified

As we move in to the end of the year it's time for us to discuss WatchGuard Threat Lab's 2022 cybersecurity predictions. While many of our predictions tend to come off as extreme, they're all grounded in the trends that we've been following and what we expect to see continue into the coming year. If you haven't checked out the predictions in full, you can view them on watchguard.com/predictions

Its getting to be the end of the year which means its time to take a look back at WatchGuard Threat Lab's 2021 security predictions and give ourselves a grading on how well we did! On this episode, we'll go through our 8 predictions for 2021, recap the trends that fueled them, and discuss either the events that occurred or failed to come true.

This week on the podcast we discuss how a recent CISA alert on specific threat actor activity tipped off a separate adversary, leading to a new wave of attacks against vulnerable systems across multiple industries. We also cover the latest US and international law enforcement crackdowns on ransomware operators as well as a breakthrough on video game console hacking.

On this week's episode of the podcast, we cover a newly discovered method for hiding malicious source code in plain sight, CISA's new Known Exploited Vulnerabilities Catalog, and action from the US Department of Commerce on the Pegasus spyware manufacturer NSO Group.

This week on the podcast, we cover a heist of over $130 million worth of cryptocurrency from a distributed financial (DeFi) organization and have an in depth discussion on why cryptocurrency-related platforms continue to suffer substantial breaches. Before that though, we cover an apparent ransomware attack against the National Rifle Association and an FBI raid on a popular payment card platform.

This week on the podcast, we cover the latest news on REvil, the ransomware-as-a-service organization responsible for the Kaseya attack earlier this year among many others. After that, we cover an update from the US Commerce Department on new export rules around selling hacking tools outside of the United States, nearly 6 years after the initial proposal caused a firestorm in the security community. Finally, we cover the latest research from Google's Threat Analysis Group, this time on a cookie theft hacking gang targeting YouTube streamers around the world.

This week on the podcast we cover VirusTotal's first ever global ransomware report which analyzes ransomware trends over the last year from the unique position of the world's largest malware intelligence platform. Before that though, we cover another APT group with a ridiculous name found exploiting a zero-day vulnerability in Windows.

This week on the podcast we discuss a breach that lasted over 5 years involving a company responsible for routing SMS messages for 95 of the top 100 mobile carriers in the world. Before that though, we'll cover the recent Facebook downtime incident as well as the seemingly total compromise of the video game streaming platform Twitch.

This week on the podcast we cover the latest quarterly Internet Security Report from the WatchGuard Threat Lab. We'll go over the latest attack trends and key findings from Q2 2021 as well as defensive tips for keeping your systems safe from the latest threat landscape.

This week on the podcast we discuss the recently disclosed identify of the"Trusted Third Party" that Kaseya acquired the REvil ransomware master decryption key from, as well as the morals around a decision to hold on to the decryption key for multiple weeks before handing it off to Kaseya. We then cover a new APT discovered by researchers at ESET and the latest CISA alert on ransomware activity.

This week on the podcast we discuss the recently patched zero-click vulnerability in iOS, macOS and WatchOS that researchers at TheCitizen Lab discovered while investigating NSO Group's Pegasus spyware. After that, we cover a vulnerability in the OMI Agent that comes automatically installed on all Azure Linux virtual machines. We finish by covering Microsoft's latest efforts to kill passwords for good.

This week on the podcast we discuss the first update to the OWASP Top 10 since 2017. OWASP servers as an excellent resource for improving web application security so we're excited to run through the latest refresh of their top security weaknesses. We also discuss phishing attacks that abuse Internationalized Domain Names (IDNs) in emails and a critical vulnerability in Microsoft Office.

This week on the podcast we cover ProxyWare, a form of malware that monetizes your internet access for the benefit of the attacker. After that, we discuss ChaosDB, a vulnerability that could have enabled any Azure user to gain full access to any other user's CosmosDB instance. Finally, we end with a discussion of location tracking vulnerabilities and how a few popular dating apps have tackled them.

This week on the podcast we dig back in the archives to 2019 where we discussed how web servers manage to track users across sites using browser fingerprinting methods. Even though some improvements like removing third-party cookies have been made to limit tracking, plenty of additional fingerprinting options still remain.

This week on the podcast we cover one of the largest cryptocurrency heists in history, with a surprising twist of an ending! Before that we'll chat about the latest T-Mobile data breach and what we can learn about protecting user identity. We end the episode with a discussion about one of the latest episodes of Last Week Tonight with John Oliver, watchable here https://www.youtube.com/watch?v=WqD-ATqw3js, where he talked about the ongoing ransomware pandemic.

This week on the podcast we chat about a few of our favorite presentations from the 2021 edition of the DEF CON security conference out of Las Vegas. If haven't checked them out yourself, visit the DEF CON YouTube channel or media.defcon.org to view this year's and all previous year's content.

This week on the podcast, we chat about a recent report from Qrator that highlights some of the massive weaknesses in the backbone of the internet. After that, we discuss a recent research blog post from Yan (@bcrypt) showing her work in finding a CSRF flaw in OK Cupid that bypassed Cross-Origin Resource Sharing (CORS) protections.

This week on the podcast we talk Zero-Trust. What is it? How do you implement it? And why should all IT professionals work towards updating their networks to this security architecture? We'll answer all that and more after a quick Kaseya update and a security memorandum from the White House.

This week on the podcast we cover the latest Microsoft Windows privilege escalation vulnerability, SeriousSAM aka HaveNightmare. Before that, we discuss NSO Group and their spyware software known as Pegasus and whether private organizations should be allowed to market and sell spyware to government agencies.

With the White House announcing this month that it plans to investigate potential changes to Section 230, the safe harbor laws that enable websites to moderate content without risk of liability for content they fail to remove, we wanted to bring back an episode from last year where we discuss exactly what these laws are and how they enable a free and open internet.

This week on the podcast we cover the Kaseya mass ransomware incident from July 7. While the event is still ongoing, we already have evidence for how the attack occurred and exactly what the threat actors did on affected endpoints. In this episode we dive in to the details around the incident and defensive tips for this specific incident, and similar incidents in the future. Additionally this week, we cover the PrintNightmare vulnerability and what it means for Windows administrators.

We recorded this episode before news of the massive attack against Kasaye users broke on Friday. Suffice to say, next week's episode will give a full debrief of the incident including how it happened, who it affected, and what all MSPs can learn from it. In the meantime, check out Corey's post on the Kaseya breach here, which we will continue to update as new information comes to light. This week on the podcast, we cover the latest LinkedIn data "breach," an update in activity from the hacking group responsible for the SolarWinds supply chain attack, and research from Microsoft's security team into multiple authentication bypass vulnerabilities in a popular consumer router. After that, we have a discussion our thoughts on a recent article by the Economist that compares the cybersecurity industry to used car dealers.

Its that time of year again! This week on the podcast, we cover the latest internet security report from the WatchGuard Threat Lab. We'll go over the latest trends in malware and network attacks targeting WatchGaurd customer networks through the first quarter of the year, as well as defensive tips for all organizations.

This week on the podcast we discuss an often overlooked item for sale on underground forums, authentication cookies. Before that though, we'll cover a few surprising stats from a recent ransomware study by Cybereason and an update from NATO on cyber warfare.

This week on the podcast, we discuss operation Trojan Shield, a multi-year program where the FBI in partnership with international law enforcement agencies developed and distributed an encrypted communications application on the underground that gave them full access into criminal messages. We'll also cover the latest news from the recent Colonial Pipeline and JBS ransomware attacks before ending with some news from the prolific banking trojan Trickbot.

This week on the podcast, we take a look at how soldiers unknowingly leaked highly-sensitive information about the United States' foreign nuclear arsenal and discuss how we can reprogram humans to not make similar mistakes. We also cover the latest major ransomware incident targeting manufacturing and industrial control, a damning privacy admission from Google's own executives, and a Supreme Court decision that will likely have a major effect on prosecuting some forms of cyber crime.

This week on the podcast we cover an epic battle between a video game giant and a tech behemoth that has the potential to change mobile security forever. After that, we cover updates to several recent security events including the SolarWinds breach, the attempted poisoning of the Oldsmar, FL water supply, and the ransomware attack against Colonial Pipeline.

This week on the podcast we cover the ransomware attack against Colonial Pipeline which left the east coast of the United States in fear of gas shortages for more than a week. We'll discuss the threat actors behind it, how they possibly got in, and what the response was from Colonial and the United States government.

This week on the podcast we cover a 12 year old vulnerability in Dell's firmware update driver impacting hundreds of millions of servers, workstations and tablets. Then, we dive in to 21 nails, a collection of vulnerabilities in the Exim Mail Transfer Agent (MTA) which has wide use across the internet. We'll go over a few of the biggest flaws and how they work as well as what it means for email security.

This week on the podcast, we mourn a Dan Kaminsky, a well-loved hacker responsible for identifying one of the biggest vulnerabilities in the history of the internet. Then, we continue our dive into web app security standards with a discussion on Same-Origin Policy and Cross Origin Resource Sharing (CORS) and how they help protect us against Cross Site Request Forgery (CSRF) attacks.

This week on the podcast, we cover Signal CEO Moxie Marlinspike's analysis of a phone forensic analysis tool made by the grey-hat hacking organization Cellebrite. Before that though, we cover another solved mystery from the SolarWinds Orion saga.

This week on the podcast we cover a couple of major events from April's Patch Tuesday including four new remote code execution vulnerabilities in Exchange Server and some additional developments in the saga of March's Exchange Server exploits.

This week on the podcast, we go back to one of our favorite episodes from last year near the start of the pandemic where we sat down with security expert Nina Jankowicz to discuss what the rapid change to remote work would mean for security.

Its that time of year again! This week on the podcast we dive in to the latest internet security report out of the WatchGuard Threat Lab. We'll cover the latest trends in malware, both at the perimeter and the endpoint, as well as network attacks and malicious domains. Additionally, we'll recap the top security incident from Q4, the Solar Winds Breach, and what it means for companies going forward.

This week on the podcast we take a look at Content Security Policy, a web app security standard designed to combat Cross Site Scripting attacks against websites and web apps. Before that though, we'll cover the latest security news including a resurgence in ransomware attacks and the long overdue death of TLS versions 1.0 and 1.1.

This week on the podcast we cover key findings from the 2020 FBI Internet Crime Report and the latest reflective amplification vector for DDoS attacks. Then, we discuss a recent blog post from penetration tester Fabian Mosch that details the top weaknesses they target during their engagements. You can read more from Fabian here.

This week on the podcast we take a deep dive into the Exchange Server vulnerabilities that Microsoft issued an emergency patch for after discovering foreign adversaries were actively exploiting the flaws in the wild. We'll go over the vulnerabilities, how they work, and give some tips for defending against similar attacks in the future.

This week on the podcast we cover Gootkitand Gootloader, two oddly-named pieces of an evasive trojan that researchers have been watching evolve into a fileless threat. We also discuss the security benefits and drawbacks of Apple's closed-door approach to security. Finally, we end with some research on what happens when a cosmic ray causes your computer to load up the wrong destination for a network connection.

This week on the podcast we cover an upcoming Chrome browser update with important behind-the-scenes changes, a 9.8/10 severity vulnerability in VMWare vCenter, and a plea from Microsoft for more breach disclosure regulation in the wake of the SolarWinds breaches.

This week on the podcast, we chat about an authentication attack against one of the world’s internet address registrars, another Russian threat actor targeting a popular IT software company, and research on a credential theft trojan and its delivery methods.

This week on The 443, we cover a cyber-attack against the water supply of a small Florida town and research into a new class of vulnerabilities in software libraries called Dependency Confusion.

This week on the podcast, we cover the latest research from Avast on evasion techniques in use by malicious Chrome extensions. After that, we discuss the latest report from Google's Threat Analysis Group on nation-state threat actors targeting white hat security researchers.

This week on the podcast, we bring on Trevor Collins from the WatchGuard Threat Lab to chat about a the recently disclosed MalwareBytes breach and a series of vulnerabilities in a popular DNS forwarder, dubbed DNSPOOQ.

This week on the podcast, we cover a cloud security alert courtesy of Cybersecurity & Infrastructure Security Agency (CISA) and encrypted DNS guidance from the NSA. We also discuss a macOS malware evasion technique that has eluded analysis for over 5 years, until now.

This week on the podcast we dive into what will likely be remembered as the hack of the decade. With victims including dozens of Fortune 500 companies and US Federal agencies, the SolarWinds supply chain breach has had a massive impact on the industry and as the potential to change client/vendor trust relationships going forward.

Happy Holidays! This week on the podcast, we're going back to one of our favorite episodes from 2019 where we sat down with Biohacking pioneer Amal Graafstra to discuss implants, RFID technology and the future of human/technology interactions.

This week on the podcast, we jump in to WatchGuard Threat Lab's 2021 security predictions. From automated spear phishing to booby-trapped electric vehicle chargers, we'll discuss each of the 8 predictions we made and why we made them. You can read about the predictions in full at watchguard.com/predictions.

Every November, WatchGuard Threat Lab tries to make predictions about potential security events in the coming year. While some predictions might come off as a bit extreme, they're all grounded in actual trends that we see and expect to continue. With 2020 almost under wraps, its time for us to look back to the predictions we made one year ago and grade ourselves on how well we did.

This week on the podcast, we sit down with ESG Analyst John Grady again, this time to chat about the topic of SMB Security. We'll cover how the cyber threat landscape has changed throughout 2020 and what SMBs got right, and wrong when it came to adapting.

This week on the podcast we sit down with John Grady, analyst at Enterprise Strategy Group, to break down the latest industry industry terms Secure Access Service Edge (SASE) and Zero Trust Network Access (ZTNA). We'll dive in to exactly what they encompass and then get John's thoughts on where they stand in small and medium enterprises.