Ep8: Microsoft's zero-days and a wormable Windows TCP/IP flaw known to China
The 'Three Buddy Problem' Podcast Episode 8: This week’s show digs into Microsoft’s in-the-wild zero-day woes, Patch Tuesday and the absence of IOCs, a wormable Windows TCP/IP flaw that the Chinese government knew about for months, Iran’s aggressive hacking US election targets, CrowdStrike v Qihoo360 and major problems with APT naming conventions. Hosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)
Audio is streamed directly from the publisher (aphid.fireside.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Three Buddy Problem - Episode 8: This week’s show digs into Microsoft’s in-the-wild zero-day woes, Patch Tuesday and the absence of IOCs, a wormable Windows TCP/IP flaw that the Chinese government knew about for months, Iran’s aggressive hacking US election targets, CrowdStrike v Qihoo360 and major problems with APT naming conventions.
Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)
Links:
- Episode 8 Transcript
- Six Windows Zero-Days Being Actively Exploited
- CVE-2024-38063 - Windows Ping of Death
- Wormable TCP/IP flaw known to China — Chinese researcher Xiao Wei of Cyber KunLun said he discovered the vulnerability “several months ago.”
- Google TAG: Iran steps hacking against Israel, U.S.
- Microsoft report on Iran election hacking
- Qihoo claims CrowdStrike bug exploitable
- CrowdStrike root cause analysis
- LABScon - Speakers 2024