The 443 - Security Simplified

This week on the podcast, we give our preview of the Black Hat and Def Con cybersecurity conferences, aka Hacker Summer Camp. Throughout the episode, we'll discuss the briefings and panels we're most excited to see and what we hope to get out of them. If you're not able to attend either conference in person this year, be sure to watch the Def Con Youtube channel for recordings! Also, check out our capture the flag contest at WGCTF.com!

This week on the podcast we discuss the shifting landscape of phishing attacks in the wake of Microsoft's efforts to block malicious Office macros. We then cover a private organization that has been found not just selling exploit tools but also participating in offensive cyber operations. We end the episode with a review of IBM and the Ponemon Institute's Cost of a Breach Report for 2022.

This week on the podcast, we discuss the current cyber skills gab and a federal program designed to help combat it. After that, we dive in to the American Data Privacy protection Act and what it potentially means if passed by US Congress. We end this week with a quick update on Microsoft's attempts to protect users from malicious macro-enabled documents.

This week on the podcast we cover the latest in car hacking research, this time targeting vulnerabilities in remote keyless entry. We then dive in to Microsoft's latest research on Adversary in the Middle (AitM) attacks and end with key findings from the latest WatchGuard Threat Lab quarterly Internet Security Report.

This week on the podcast, we discuss two recent security reports, one on the topic of open source software and the other on "insecure by design" in the Operational Technology (OT) space. We go through the key findings from each report and what our thoughts are on their accuracy within the real world. We end the week by covering Gartner's 8 security prediction from their Security and Risk Management summit last week and what we think their likelihood of hitting are in the years to come.

In celebration of our 200th episode, this week on the podcast we take a look back at the last few years and revisit some of our favorite episodes. Along the way, we'll give updates on a few of our cybersecurity predictions from years past that took just a little bit longer than anticipated to come true. Finally, we end with a round of Q & A and a few quick news updates.

This week on the podcast we cover the latest and most bizarre ransomware extortion demand we've seen in recent memory. Before that though, we cover the latest updates on nation state hacking activity including threats of escalating attacks leading to physical retaliation.

This week on the podcast we cover two fresh 0-day vulnerabilities, one in Windows and another in Atlassian's Confluence, both under active exploitation in the wild. Additionally, we cover Costa Rica's no good, terrible month in Cybersecurity.

This week on the podcast, we discuss the line between ethical security research and malicious activity thanks to a compromised open source software package. After that we cover the latest industry to fall victim to Ransomware and end by highlighting a 0-click vulnerability in Zoom’s message system discovered by Google Project Zero.

This week on the podcast we sit down for a chat with Matt Lee, Sr. Director of Security and Compliance at Pax8 and well-known cyber security educator, to discuss security strategies for MSPs and midsize enterprises in the face of a dynamic threat landscape. We cover everything from picking a framework to getting buy in from stakeholders and take a forward look at what future cyber regulations may look like to all organizations.

This week on the podcast we walk through CISA alert AA222-131A which gives bulleted guidance to MSPs and customers of MSPs on how to navigate their relationship security as threats targeting service providers continue to grow. We'll walk through the list and hit each recommendation and give our own guidance on top of them for both MSPs and their customers. After that, we cover the the latest Microsoft patch Tuesday and end the episode with the latest updates on SAT COM hacking.

This week on the podcast we discuss the latest rumblings around the return of the prolific ransomware-as-a-service organization REvil. Before that though, we dive in to the latest tools, tactics and procedures of the Lazarous nation state hacking group as well as a recently discovered form of fileless malware evasion.

This week on the podcast, we dive into CISA's list of the 15 most exploited vulnerabilities in 2021. We'll walk through each flaw and give a refresher on their history and how attackers have exploited them. After that, we cover the latest ransomware-as-a-service threat that has victimized over 60 organizations worldwide before ending with a quick chat about our "favorite" topic, NFTs.

This week on the podcast we cover a critical and easily-exploited vulnerability in how some recent versions of Java handle cryptography. We also discuss the latest in a series of alerts from CISA and international intelligence organizations on cyber threats to critical infrastructure. Finally, we end with a condensed overview of the latest internet security report from the WatchGuard Threat Lab.

This week on the podcast, we cover the latest evasion and persistence techniques from the state-sponsored threat actors known as Hafnium. Then, we dive into the world of ICS and SCADA devices to discuss the latest joint-agency alert from the US Government. We then round out the episode by highlighting some recent research into spoofing using Unicode BiDi (Bi-Directional) characters.