The 443 - Security Simplified

This week on the podcast we discuss a previously unsolved mystery from the dark web that was just solved with a little help from the IRS. We'll then discuss the growing issue of malicious opensource packages and libraries after researchers last week discovered a malicious package masquerading as a popular communications service.

This week on the podcast, we'll discuss an alert from US-CERT and the FBI that details an "imminent threat" to hospitals and other healthcare facilities, as well as some recently disclosed critical vulnerabilities in a popular healthcare records software. After that, we'll give you your (hopefully) last dose of election security news with some election related hacking from the past week.

With the US elections only a week away, we're talking election security on this week's episode. We'll cover what we do and don't think attackers will target in the coming week and what we can do as a country to improve our security posture.

This week on the podcast, we discuss the latest round of indictments against foreign intelligence agents for cyber espionage. After that, we cover a Microsoft-lead coalition that has so far made a significant impact in taking down the infrastructure behind one of the largest active botnets. Finally, we highlight key takeaways from the latest Google Threat Analysis Group update on foreign hacking efforts.

This week on The 443, we cover research from Microsoft's security team on a new Android ransomware variant that gets around Google's latest protections. We also cover a UEFI malware loader discovered by Kaspersky and the US Department of Justice's actions against a popular video game console mod chip manufacturer.

This week on the podcast we circle back to cover a critical vulnerability in Windows Server, that could allow an attacker to obtain the keys to the kingdom with minimal effort. After that, we discuss a pair of alerts from the US Department of Treasury Office of Foreign Assets Control and Financial Crimes Enforcement Network on the topic of ransomware payments.

This week on the podcast, we cover the latest internet security report from WatchGuard Threat Lab. We'll go over the key takeaways from the Q2 2020 report including malware and network attacks that targeted WatchGuard customer networks. Before that though, we'll discuss an alert from the US Cybersecurity and Infrastructure Security Agency (CISA) that detailed a successful cyber attack against an unnamed federal agency.

This week on The 443 – Security Simplified, we sit down for a chat on disinformation with Nina Jankowicz, author of How to Lose the Information War. From the US to Estonia, we’ll discuss how nation states are weaponizing social discussion against their adversaries to sow discord and advance their own influence and agenda, in some cases without even having to pick a side.

This week on the podcast, we cover the city of Portland's ban on facial recognition technology for both public and private organizations, malware targeting VOIP soft switches, and an update from Microsoft on foreign hacking attempts into entities involved in this year's US elections.

This week on the podcast we cover an update on the MYSTIC surveillance platform, one of several covert and potentially illegal spying programs that former NSA contractor Edward Snowden leaked the existence of in 2014. Additionally, we'll discus an update on the payment card skimming malware MageCart and a Python Remote Access Trojan. Episode Note: Yes, we posted this episode a bit late but we'll be back to our normal Monday episodes next week!

This week on the podcast we cover the latest updates on Uber’s cover up of their 2016 data breach that impacted 57 million customers and employees. After that, we discuss a DDoS attack against the New Zealand Stock Exchange and an interesting malware delivery technique that researchers at ProofPoint recently disclosed.

This week on the podcast, we cover Generative Pre-trained Transformer 3 or GPT-3, an AI model that a UC Berkeley student recently used to generate blog posts that fooled humans enough to propel one of them to the top of Hacker News. Additionally, we'll discuss a P2P botnet that has been targeting SSH servers on the internet.

This week on the podcast, we’re bringing back a favorite episode from the very beginnings of The 443 – Security Simplified where we dove in to the Dark Web and discussed how It works, where it came from, and who uses it now. This episode originally aired in 2018.

With BlackHat’s online-only 2020 edition conference in the bag we take a look back at a few of our favorite briefings and discuss the takeaways as they apply to our industry. From a penetration test gone wrong to what security professionals can learn from an EMT, we cover the best talks from this year’s event.

With the Black Hat and DEF CON security conferences starting this week, albeit in an online-only mode, we decided to take a look through this year’s agenda and pick some of the talks we are most looking forward to. We’ve picked out talks ranging from new research to updates on recent vulnerabilities to discuss on this week’s episode. Be sure to check out defcon.org this weekend since the conference is entirely free this year.

This week on The 443 – Security Simplified we discuss yet another alert from the UK National Cyber Security Center, this time on cyber-attacks targeting sporting organizations. We also take a quick dive into Meowing, a wave of destructive hacking that’s been targeting exposed databases online. Finally, with only a few weeks to go before the online-only editions of Black Hat and DEF CON, we chat about our annual Capture the Flag contest and how to participate this year. fls bxeu ee [[auyfj-8o1z1p9hq7]]

This week on The 443 – Security Simplified we cover a massive security breach at Twitter that resulted in an attacker taking over dozens of high-profile accounts ranging from former presidents to Apple. We also discuss the latest Microsoft patch Tuesday which included a fix for a critical security vulnerability in Windows DNS Server.

Welcome back to another episode of The 443 – Security Simplified. This week in the news, we cover an open source vulnerability scanner from Google and phishing campaign that combines Microsoft 365 and Zoom. After that, we dive in to the world of facial recognition and discuss recent research from WatchGuard Threat Lab and other concerns about the technology.

This week on The 443 – Security Simplified, we discuss the latest out-of-band security patch from Microsoft solving two potentially serious vulnerabilities, a cryptocurrency phishing campaign that made its way on to the Google Play app store, and a neat way that payment card skimming malware hide’s its malicious code.

It’s that time of year again! This week on The 443 we cover the latest internet security report from the WatchGuard Threat Lab. In this episode, we’ll cover the stats and key findings from threat intelligence gathered from over 44,000 security appliances deployed across the world.

This week on The 443 – Security Simplified, we discuss a new DDoS throughput record as reported by Amazon in their AWS Shield Therat Landscape Report for Q1 2020 as well as a history of reflective amplification DDoS attacks. Before that though, we cover an interesting macOS Gatekeeper bypass that involves a bit of social engineering and the latest Intel CPU technology that just might make ROP chains a thing of the past. macOS Gatekeeper bypass - https://www.intego.com/mac-security-blog/new-mac-malware-reveals-google-searches-can-be-unsafe/ Intel Tiger Lake CET - https://newsroom.intel.com/editorials/intel-cet-answers-call-protect-common-malware-threats/ AWS DDoS Record - https://aws-shield-tlr.s3.amazonaws.com/2020-Q1_AWS_Shield_TLR.pdf

This week on The 443 – Security Simplified we’re taking a break from the news to talk about a cornerstone of the modern internet, Title 47, Section 230 of the US code, also known as the safe harbor provisions. These laws, which are critical for a free and open internet, have been increasingly under attack in recent months by politicians in the United States from both major political parties. That is why we’re focusing an entire episode exactly what these laws protect and how they came to be.

This week on The 443 – Security Simplified, we cover a story from Cloudflare on cyber-attacks targeting activists, APTs targeting political campaigns, and ransomware targeting nuclear missile contractors.

This week on The 443 – Security Simplified we cover an NSA alert on the Russian government-backed hacking group known as Sandworm. After that, we discuss the latest findings from Google’s Threat Analysis Group and what OpenSSH’s deprecation of SHA-1 means to servers everywhere.

This week on The 443 – Security Simplified, we cover the latest Google Chrome update, another airline data breach, and a wave of unemployment affecting residents of Washington State and possibly elsewhere.

This week is a very special week for The 443 – Security Simplified, our 100th episode! To celebrate, we’ve combed through our last 99 shows and picked out several stories and topics that we’ve discussed which have updates. In this episode, we’ll bring you up to speed with these topics and then highlight the latest developments.

This week on The 443 – Security Simplified we cover the latest in cyber security news including a sneaky payment card skimming malware delivery method, a multinational alert on APTs targeting healthcare, and the latest research on remote access vulnerabilities.

This week on The 443 – Security Simplified, we cover the latest in questionably-named nation state hacking, a crackdown on Chrome extensions, and an actively in-development android Trojan.

Welcome back to another episode of The 443 – Security Simplified. This week, we cover the latest security news including over 160,000 compromised Nintendo accounts, nation state hacking, and a battle over a critical Apple iOS vulnerability.

This week on The 443 – Security Simplified, we cove the latest news stories including yet another security incident involving the video conferencing software Zoom, the effects of the COVID-19 epidemic on cyber-attack trends, and the latest update on the “unkillable” android malware xHelper.

This week, we have a special episode of The 443 – Security Simplified where we sit down with a penetration testing and general security expert Cat Murdock of GuidePoint Security to discuss how the COVID-19 pandemic and the rapid shift to working from home has changed the security landscape. You can follow Cat on Twitter @catmurd0ck and check out her latest work at GuidePoint Security here.

Welcome back to another episode of The 443 – Security Simplified. Chances are by now you’ve been invited to join a Zoom meeting by someone in your work or personal life. Chances are, you’ve also probably noticed the deluge of attention Zoom has been receiving in terms of vulnerability research in the past few weeks. That’s why in this episode, we’re talking all about Zoom including our takes on its latest vulnerabilities and how to have a secure meeting safe from Zoom Bombing.

It’s the end of the quarter which means it’s time for another special edition of The 443 – Security Simplified where we discuss the latest Internet Security Report from WatchGuard Threat Lab. In this episode, we’ll cover the top security trends from Q4 2019 and defensive tips for keeping your organization safe from the latest threats.

Welcome back to another episode of The 443 – Security Simplified. With the COVID-19 pandemic forcing anyone and everyone who can work from home to work from home, many organizations are having to rapidly create remote worker policies and infrastructure for the first time. This week, we cover the latest news before diving in to a discussion on securing a mobile workforce.

Welcome back to another episode of The 443 – Security Simplified. This week, we cover an emergency patch from Microsoft, a massive botnet takedown, and the latest in COVID-19-related phishes.

Welcome to our third and final special RSA 2020 edition of The 443 – Security Simplified. On this episode, we cover the talks we saw on the third day of RSA, ranging from web browser fingerprinting to detecting shadow IT in your organization.

Welcome back to another special edition episode of The 443 – Security Simplified. On this episode, we recap day 2 of RSA Conference in San Francisco. We’ll talk about several IoT topics, security vs privacy tradeoffs, and some research into gift card APIs by a 15 year old.

Welcome to a special edition episode of The 443 – Security Simplified where we’re coming to you (almost) live from RSA Conference 2020. In this episode, we’ll recap what we saw during day 1 of the conference including the opening keynotes and several individual talks on security-related topics.

Welcome back to another week of The 443 – Security Simplified. In this episode we cover 5 different news stories including vulnerability research into an elections voting app, the latest in phishing, and multiple updates on prolific malware threats.

This week our regular podcast will be delayed a few days. We hope to get it out to you by Wednesday and then return to our normal Monday schedule. Thanks again for listening, we have a great show coming!

This week on The 443 – Security Simplified, we cover an artistic hack of Google Maps, vulnerabilities in WhatsApp and a popular consumer IoT device, and an FBI warning on election hacking,

This week’s episode of The 443 – Security Simplified takes on a privacy focus as we discuss several recent news stories involving breaches of trust and erosion of privacy in the name of security.

This week on The 443 – Security Simplified, we dive in to WatchGuard Threat Lab’s Q3 2019 Internet Security Report. We’ll cover the trends from the last quarter including the top malware payloads, network attacks, and phishing domains as well as some defensive tips for keeping your systems safe.

Each year, WatchGuard Threat Lab sits down and comes up with our predictions for the coming year. While some may come off as farfetched, all are grounded in a trend we expect to see continue and grow. This week on The 443 – Security Simplified, we cover our predictions for 2020.

Welcome back to another episode of The 443 – Security Simplified. This week, we cover a cryptocurrency heist, a déjà vu breach, the latest in attacks targeting Managed Service Providers, and a state supreme court ruling impacting privacy.

Welcome back to another episode of The 443 – Security Simplified. This week, we cover the latest news from a credential stuffing attack against a popular streaming service to the dumbest name for a security threat ever.

Welcome back to another episode of The 443 – Security Simplified. With Season 4 of Mr. Robot about half-way through, we decided to take some time and review all of the hacking that has occurred so far. A warning for anyone who hasn’t watched through episode 6 yet, this podcast episode contains spoilers.

Welcome back to another episode of The 443 – Security Simplified. This week, we cover several updates on the Android malware landscape and the latest in biometric authentication techniques.

Welcome back to another episode of The 443 – Security Simplified. This week, we cover three major news stories from the past week including the NordVPN breach, Facebook suing a zero-day development firm, and the latest attack from North Korea’s Lazarus Group.

It is now the fourth and final week of Cyber Security Awareness Month which means you're getting the last of our special edition episodes of The 443 – Security Simplified focusing on specific industries. This week, we're chatting about the threat landscape and defensive tips for two different industries, manufacturing, and the world of Managed Service Providers or MSPs.