The 443 - Security Simplified

This week on the podcast we cover a couple of major events from April's Patch Tuesday including four new remote code execution vulnerabilities in Exchange Server and some additional developments in the saga of March's Exchange Server exploits.

This week on the podcast, we go back to one of our favorite episodes from last year near the start of the pandemic where we sat down with security expert Nina Jankowicz to discuss what the rapid change to remote work would mean for security.

Its that time of year again! This week on the podcast we dive in to the latest internet security report out of the WatchGuard Threat Lab. We'll cover the latest trends in malware, both at the perimeter and the endpoint, as well as network attacks and malicious domains. Additionally, we'll recap the top security incident from Q4, the Solar Winds Breach, and what it means for companies going forward.

This week on the podcast we take a look at Content Security Policy, a web app security standard designed to combat Cross Site Scripting attacks against websites and web apps. Before that though, we'll cover the latest security news including a resurgence in ransomware attacks and the long overdue death of TLS versions 1.0 and 1.1.

This week on the podcast we cover key findings from the 2020 FBI Internet Crime Report and the latest reflective amplification vector for DDoS attacks. Then, we discuss a recent blog post from penetration tester Fabian Mosch that details the top weaknesses they target during their engagements. You can read more from Fabian here.

This week on the podcast we take a deep dive into the Exchange Server vulnerabilities that Microsoft issued an emergency patch for after discovering foreign adversaries were actively exploiting the flaws in the wild. We'll go over the vulnerabilities, how they work, and give some tips for defending against similar attacks in the future.

This week on the podcast we cover Gootkitand Gootloader, two oddly-named pieces of an evasive trojan that researchers have been watching evolve into a fileless threat. We also discuss the security benefits and drawbacks of Apple's closed-door approach to security. Finally, we end with some research on what happens when a cosmic ray causes your computer to load up the wrong destination for a network connection.

This week on the podcast we cover an upcoming Chrome browser update with important behind-the-scenes changes, a 9.8/10 severity vulnerability in VMWare vCenter, and a plea from Microsoft for more breach disclosure regulation in the wake of the SolarWinds breaches.

This week on the podcast, we chat about an authentication attack against one of the world’s internet address registrars, another Russian threat actor targeting a popular IT software company, and research on a credential theft trojan and its delivery methods.

This week on The 443, we cover a cyber-attack against the water supply of a small Florida town and research into a new class of vulnerabilities in software libraries called Dependency Confusion.

This week on the podcast, we cover the latest research from Avast on evasion techniques in use by malicious Chrome extensions. After that, we discuss the latest report from Google's Threat Analysis Group on nation-state threat actors targeting white hat security researchers.

This week on the podcast, we bring on Trevor Collins from the WatchGuard Threat Lab to chat about a the recently disclosed MalwareBytes breach and a series of vulnerabilities in a popular DNS forwarder, dubbed DNSPOOQ.

This week on the podcast, we cover a cloud security alert courtesy of Cybersecurity & Infrastructure Security Agency (CISA) and encrypted DNS guidance from the NSA. We also discuss a macOS malware evasion technique that has eluded analysis for over 5 years, until now.

This week on the podcast we dive into what will likely be remembered as the hack of the decade. With victims including dozens of Fortune 500 companies and US Federal agencies, the SolarWinds supply chain breach has had a massive impact on the industry and as the potential to change client/vendor trust relationships going forward.

Happy Holidays! This week on the podcast, we're going back to one of our favorite episodes from 2019 where we sat down with Biohacking pioneer Amal Graafstra to discuss implants, RFID technology and the future of human/technology interactions.