The 443 - Security Simplified show

The 443 - Security Simplified

Summary: Get inside the minds of leading white-hat hackers and security researchers. Each week, we’ll educate and entertain you by breaking down and simplifying the latest cyber security headlines and trends. Using our special blend of expertise, wit, and cynicism, we’ll turn complex security concepts into easily understood and actionable insights.

Podcasts:

 A Wild Month in Ransomware | File Type: audio/mpeg | Duration: 29:15

https://youtu.be/iYM3y85hEkM This week on the podcast, we're joined by Ryan Estes, a member of WatchGuard's Zero-Trust Application Service classification team and resident ransomware expert to discuss the wild month in ransomware news. We start the episode with a story about a fake ransomware operator that scammed cybercriminals out of tens of thousands of dollars before discussing two major Ransomware-as-a-Service operators that have had a pretty rough couple of weeks.

 Locking Up LockBit | File Type: audio/mpeg | Duration: 31:50

https://youtu.be/GaX_8NOoq7w This week on the podcast, we cover an international law enforcement takedown of the LokBit ransomware group's infrastructure. After that, we cover a novel malware delivery vector involving an IoT "toy." We end the podcast by covering the latest White House Executive Order addressing cybersecurity in critical infrastructure.

 Flipping Out Over Flipper Zero | File Type: audio/mpeg | Duration: 47:49

https://youtu.be/3SY1sDF-BA0 This week on the podcast we cover Canada's attempt to ban the Flipper Zero. Before that, we review a recent research post on a new class of vulnerability on the Ubuntu operating system. We end the episode with a chat bout a the impacts of artificial intelligence on data security. Menlo Report on Business AI Usage - https://info.menlosecurity.com/rs/281-OWV-899/images/How-employee-usage-of-generative-AI-is-impacting-security-posture.pdf?version=5

 Could a Toothbrush Botnet Happen? | File Type: audio/mpeg | Duration: 50:11

https://youtu.be/VfKlq6DisLY This week on the podcast, we cover a recent news post about an army of 3 million compromised toothbrushes taking down a Swiss website, causing millions in damages. After that, we discuss the United States DOJ's latest botnet takedown, this time targeting Volt Typhoon. We end the episode by walking through a CISA joint-publication giving guidance on how to defend against Living-of-the-Land (LotL) attacks

 A Door in Apple’s Walled Garden | File Type: audio/mpeg | Duration: 51:36

https://youtu.be/MY4TpiL76gY This week on the podcast, we cover Apple's recent announcement describing how they will comply with the European Union's new Digital Markets Act and what that means for the iPhone walled garden. Before that, we cover a databreach at Mercedez-Benze thanks to an alternative authentication method. Additionally, we cover the roundup of vulnerabilities in Ivanti's remote Policy Secure and Connect Secure products and how organizations should respond.

 A Blizzard of Threats | File Type: audio/mpeg | Duration: 37:18

https://youtu.be/fdAjMPAV6CM This week on the podcast, we cover two "Blizzard" threat actors targeting governments and private organizations. We also give an update to the SEC's compromised Twitter/X Account, and then end with a discussion of an EU program designed to improve their citizen's privacy while browsing the internet.

 Androxgh0st Analysis | File Type: audio/mpeg | Duration: 34:12

https://youtu.be/jG3mwjCLpJQ This week on the podcast, we review a CISA and FBI joint advisory on the Androxgh0st malware. Before that we cover recent Volt Typhoon activity targeting SMB routers exposed on the internet. We end the episode with a fun research blog post about a series of flaws in an Indian insurance provider.

 NIST Tackles Adversarial AI | File Type: audio/mpeg | Duration: 51:06

https://youtu.be/3E_Ei9hgNzA This week on the podcast, we review NIST's new publication that defines a taxonomy for how we talk about Adversarial Machine Learning. Before that, we cover a recent discovery of threat actors retaining access to Google accounts even through a password reset. We round out the episode with an account compromise that lead to a surge in Bitcoin price before finishing with a discussion of Living-off-Trusted Sites (LoTS) attacks that leverage GitHub.

 RIPE for the Taking | File Type: audio/mpeg | Duration: 37:38

https://youtu.be/VK1QoxLP16Y This week, we cover a password compromise that lead to a mobile telco in Spain losing control of their IP address space. We also give a quick update on the Lapsus$ ringleader's court case before discussing a recently discovered macOS backdoor malware that evades most endpoint protection. We end the episode by covering Microsoft's research into a malware installation method that bypasses many security protections.

 Hacking the Crypto Supply Chain | File Type: audio/mpeg | Duration: 38:38

https://youtu.be/YZLayuDJyyk This week on the podcast, we cover a supply chain attack against one of the largest hardware cryptocurrency wallet manufacturers. After that, we discuss the latest Apache Struts vulnerability under active exploit by threat actors. We end the episode with our thoughts on a research blog post about a set of threat actors using an old school attack against modern targets.

 Bluetooth Busted | File Type: audio/mpeg | Duration: 36:19

https://youtu.be/sbc2U4WYrng This week on the podcast, we cover a new unauthenticated keystroke injection vulnerability in the Bluetooth implementation on nearly every type of device. After that we discuss Logofail, a suite of vulnerabilities in most UEFI boot implementations that could let threat actors easily hide their tracks. We end by covering a recent CISA advisory on Adobe ColdFusion exploits in the wild.

 Our 2024 Security Predictions | File Type: audio/mpeg | Duration: 55:13

https://youtu.be/BHsow5qnmHw This week on the podcast we discuss our cybersecurity predictions for 2024. We'll cover each of the 6 predictions for the coming year including the trends behind them and how to protect your organization if they come true!

 Grading our 2023 Security Predictions | File Type: audio/mpeg | Duration: 59:13

https://youtu.be/Eai8tYnU2I0 This week on the podcast, we look back to our 2023 security predictions and grade ourselves on how well we were able to see the future. We'll go through each of our 6 predictions, explain the trends that fueled them, and then provide either evidence that they came true or discuss reasons why they may not have yet.

 What to Expect from NIS2 | File Type: audio/mpeg | Duration: 50:59

https://youtu.be/RrKozKuhhcw This week on the podcast, we dive in to the EU's Network and Information Security directive update, aka NIS2. We'll cover who might be impacted and what to expect in terms of requirements in the coming year. Before that, we give an update to on the latest Scattered Spider threat actor activity followed by an update on LockBit's latest ransomware victims.

 Combined Cyber and Kinetic Warfare | File Type: audio/mpeg | Duration: 31:56

https://youtu.be/GaTUPZ2RMK0 This week on the podcast, we cover an analysis from Mandiant on an attack lead by the Russian state-sponsored threat actor Sandworm that came alongside missiles strikes against Ukraine. Before that, we review Okta's post mortum from their recent cyber incident. We end the episode by discussing udpated research from Jamf on a North Korean threat actor targeting the financial sector.

Comments

Login or signup comment.