Filtrar por gênero
Get inside the minds of leading white-hat hackers and security researchers. Each week, we’ll educate and entertain you by breaking down and simplifying the latest cybersecurity headlines and trends. Using our special blend of expertise, wit, and cynicism, we’ll turn complex security concepts into easily understood and actionable insights.
- 291 - BatBadBut What?
https://youtu.be/3fX7LRXi74I
This week on the podcast, we cover a research post that describes a code injection vulnerability caused by the way nearly every high level programming language runs on Windows. We also discuss a series of vulnerabilities in LG televisions that allow remote attackers to root the device before ending with a chat about new adversarial tactics for delivering malware via GitHub.
Mon, 15 Apr 2024 - 40min - 290 - Bad Month for Software Supply Chains
https://youtu.be/0860ZmM1vgE
This week on the podcast, we cover a software supply chain attack years in the making that was days away from a devastating global impact. After that, we cover Facebook's Project Ghostbusters and its impact on user privacy before ending with another software supply chain attack that successfully compromised developers in the gaming world.
Mon, 01 Apr 2024 - 40min - 289 - Trucking Worms
https://youtu.be/VqFnomsJzdA
This week on the podcast we discuss a vulnerability in required commercial truck hardware that could enable an automatically propagating worm across the entire US. Before that, we cover Apple's "un-patchable" vulnerability in their M-series processors as well as a vulnerability that could let attackers unlock hotel room doors at will.
Tue, 26 Mar 2024 - 45min - 288 - A Wild Month in Ransomware
https://youtu.be/iYM3y85hEkM
This week on the podcast, we're joined by Ryan Estes, a member of WatchGuard's Zero-Trust Application Service classification team and resident ransomware expert to discuss the wild month in ransomware news. We start the episode with a story about a fake ransomware operator that scammed cybercriminals out of tens of thousands of dollars before discussing two major Ransomware-as-a-Service operators that have had a pretty rough couple of weeks.
Mon, 11 Mar 2024 - 29min - 287 - Locking Up LockBit
https://youtu.be/GaX_8NOoq7w
This week on the podcast, we cover an international law enforcement takedown of the LokBit ransomware group's infrastructure. After that, we cover a novel malware delivery vector involving an IoT "toy." We end the podcast by covering the latest White House Executive Order addressing cybersecurity in critical infrastructure.
Mon, 26 Feb 2024 - 31min - 286 - Flipping Out Over Flipper Zero
https://youtu.be/3SY1sDF-BA0
This week on the podcast we cover Canada's attempt to ban the Flipper Zero. Before that, we review a recent research post on a new class of vulnerability on the Ubuntu operating system. We end the episode with a chat bout a the impacts of artificial intelligence on data security.
Menlo Report on Business AI Usage - https://info.menlosecurity.com/rs/281-OWV-899/images/How-employee-usage-of-generative-AI-is-impacting-security-posture.pdf?version=5
Tue, 20 Feb 2024 - 47min - 285 - Could a Toothbrush Botnet Happen?
https://youtu.be/VfKlq6DisLY
This week on the podcast, we cover a recent news post about an army of 3 million compromised toothbrushes taking down a Swiss website, causing millions in damages. After that, we discuss the United States DOJ's latest botnet takedown, this time targeting Volt Typhoon. We end the episode by walking through a CISA joint-publication giving guidance on how to defend against Living-of-the-Land (LotL) attacks
Mon, 12 Feb 2024 - 50min - 284 - A Door in Apple’s Walled Garden
https://youtu.be/MY4TpiL76gY
This week on the podcast, we cover Apple's recent announcement describing how they will comply with the European Union's new Digital Markets Act and what that means for the iPhone walled garden. Before that, we cover a databreach at Mercedez-Benze thanks to an alternative authentication method. Additionally, we cover the roundup of vulnerabilities in Ivanti's remote Policy Secure and Connect Secure products and how organizations should respond.
Mon, 05 Feb 2024 - 51min - 283 - A Blizzard of Threats
https://youtu.be/fdAjMPAV6CM
This week on the podcast, we cover two "Blizzard" threat actors targeting governments and private organizations. We also give an update to the SEC's compromised Twitter/X Account, and then end with a discussion of an EU program designed to improve their citizen's privacy while browsing the internet.
Mon, 29 Jan 2024 - 37min - 282 - Androxgh0st Analysis
https://youtu.be/jG3mwjCLpJQ
This week on the podcast, we review a CISA and FBI joint advisory on the Androxgh0st malware. Before that we cover recent Volt Typhoon activity targeting SMB routers exposed on the internet. We end the episode with a fun research blog post about a series of flaws in an Indian insurance provider.
Mon, 22 Jan 2024 - 34min - 281 - NIST Tackles Adversarial AI
https://youtu.be/3E_Ei9hgNzA
This week on the podcast, we review NIST's new publication that defines a taxonomy for how we talk about Adversarial Machine Learning. Before that, we cover a recent discovery of threat actors retaining access to Google accounts even through a password reset. We round out the episode with an account compromise that lead to a surge in Bitcoin price before finishing with a discussion of Living-off-Trusted Sites (LoTS) attacks that leverage GitHub.
Tue, 16 Jan 2024 - 51min - 280 - RIPE for the Taking
https://youtu.be/VK1QoxLP16Y
This week, we cover a password compromise that lead to a mobile telco in Spain losing control of their IP address space. We also give a quick update on the Lapsus$ ringleader's court case before discussing a recently discovered macOS backdoor malware that evades most endpoint protection. We end the episode by covering Microsoft's research into a malware installation method that bypasses many security protections.
Mon, 08 Jan 2024 - 37min - 279 - Hacking the Crypto Supply Chain
https://youtu.be/YZLayuDJyyk
This week on the podcast, we cover a supply chain attack against one of the largest hardware cryptocurrency wallet manufacturers. After that, we discuss the latest Apache Struts vulnerability under active exploit by threat actors. We end the episode with our thoughts on a research blog post about a set of threat actors using an old school attack against modern targets.
Tue, 19 Dec 2023 - 38min - 278 - Bluetooth Busted
https://youtu.be/sbc2U4WYrng
This week on the podcast, we cover a new unauthenticated keystroke injection vulnerability in the Bluetooth implementation on nearly every type of device. After that we discuss Logofail, a suite of vulnerabilities in most UEFI boot implementations that could let threat actors easily hide their tracks. We end by covering a recent CISA advisory on Adobe ColdFusion exploits in the wild.
Wed, 13 Dec 2023 - 36min - 277 - Our 2024 Security Predictions
https://youtu.be/BHsow5qnmHw
This week on the podcast we discuss our cybersecurity predictions for 2024. We'll cover each of the 6 predictions for the coming year including the trends behind them and how to protect your organization if they come true!
Mon, 04 Dec 2023 - 55min - 276 - Grading our 2023 Security Predictions
https://youtu.be/Eai8tYnU2I0
This week on the podcast, we look back to our 2023 security predictions and grade ourselves on how well we were able to see the future. We'll go through each of our 6 predictions, explain the trends that fueled them, and then provide either evidence that they came true or discuss reasons why they may not have yet.
Mon, 27 Nov 2023 - 59min - 275 - What to Expect from NIS2
https://youtu.be/RrKozKuhhcw
This week on the podcast, we dive in to the EU's Network and Information Security directive update, aka NIS2. We'll cover who might be impacted and what to expect in terms of requirements in the coming year. Before that, we give an update to on the latest Scattered Spider threat actor activity followed by an update on LockBit's latest ransomware victims.
Mon, 20 Nov 2023 - 50min - 274 - Combined Cyber and Kinetic Warfare
https://youtu.be/GaTUPZ2RMK0
This week on the podcast, we cover an analysis from Mandiant on an attack lead by the Russian state-sponsored threat actor Sandworm that came alongside missiles strikes against Ukraine. Before that, we review Okta's post mortum from their recent cyber incident. We end the episode by discussing udpated research from Jamf on a North Korean threat actor targeting the financial sector.
Mon, 13 Nov 2023 - 31min - 273 - The White House Tackles AI
https://youtu.be/67SMv6JtJbc
This week on the podcast we cover an Executive Order from the US White House on the topic of Artificial Intelligence. After that, we discuss the latest CISO that has found themselves in hot water with the law. We then cover an update to the Common Vulnerability Scoring System and end with a researcher claiming the end of encryption as we know it.
Mon, 06 Nov 2023 - 59min - 272 - The Threat Actor That Hacked MGM
https://youtu.be/kvSA53ncRlg
This week on the podcast, we review a thorough unmasking of Octa Tempest, the threat actor beind the MGM and Caesars Entertainment attacks in September. Before that, we give an update on the Cisco IOS XE vulnerability that head to an implant installed on thousands of exposed devices. We round out the episode with an analysis of CitrixBleed, an information disclosure vulnerability in Citrix NetScaler that was just patched last week.
Mon, 30 Oct 2023 - 49min - 271 - CISA’s Secure by Design Whitepaper
https://youtu.be/GYoWiEKod38
This week on the podcast, we cover CISA's newly updated whitepaper on guidance for both software manufacturers and customers on the principals of secure-by-design and secure-by-default. Before that, we cover the Cisco IOS XE vulnerability that is under active exploitation in the wild, give an update on the EPA's efforts to regulate cybersecurity practices in water districts, and then discuss research into the latest "bullet proof hosting" options for malicious web content.
Mon, 23 Oct 2023 - 49min - 270 - Microsoft is Killing NTLM
https://youtu.be/dSUkvBUDum4
This week on the podcast, we cover the recent HTTP/2 protocol vulnerability that lead to the largest DDoS attack ever recorded by CloudFlare. After that, we discuss Microsoft's announcement about the deprecation of VBScript and the impending removal of NTLM. We then cover a collection of data allegedly stolen from the genealogy website 23 and Me before ending with a fun bit of research targeting private servers for the Grand Theft Auto Online video game.
Mon, 16 Oct 2023 - 40min - 269 - Q2 2023 Internet Security Report
https://youtu.be/NVvX02rwlEA
This week on the podcast, we go through the latest Internet Security Report from the WatchGuard Threat Lab. We'll cover the top malware and network attack trends from Q2 2023 impacting small and mid-market organization globally before ending with defensive tips anyone can take back to their company.
Mon, 09 Oct 2023 - 49min - 268 - Bing Chat Malvertising
https://youtu.be/Io_lubfJgKE
This week on the podcast, we discuss an alert from CISA on nation state threat actors embedding malware into legacy Cisco router firmware. After that, we cover a research post on malicious advertisements served up via Bing's ChatGTP integration. We then end with an analysis of North Korea's Lazarus group's latest social engineering techniques.
Tue, 03 Oct 2023 - 30min - 267 - Meta’ One Good Deed
https://youtu.be/Yo5GO14F5N0
This week on the podcast, we get up to speed on the MGM and Caesars Entertainment ransomware incidents from the previous week. After that, we take a deep dive into a blog post from Meta's application security team for their VR headsets. After that, we cover Microsoft's analysis of an ATP's pivot from email to another form of phishing.
Mon, 18 Sep 2023 - 42min - 266 - iPhone’s Latest 0-Day
https://youtu.be/UwuG1U1fZhE
This week on the podcast, we cover Microsoft's final report on their July incident involving nation-state actors compromising enterprise email accounts. After that, we discuss a zero-day, zero-click vulnerability in iOS being actively exploited in the wild before ending with a chat about an upcoming change to how Android handles CA certificates.
Mon, 11 Sep 2023 - 39min - 265 - The Qakbot Takedown
https://youtu.be/NLO0DYuTZp4
This week on the podcast, we cover the FBI-lead, multinational takedown of the Qakbot botnet of over 700,000 victim devices. After that, we cover two android malware variants including one targeting victims in southeast Asia and another built by the Russian GRU.
Tue, 05 Sep 2023 - 52min - 264 - Weaponizing WinRAR
https://youtu.be/BVbVwm0dMgg
This week on the podcast we cover the latest evolutions of the North Korean threat actor Lazarus before covering an actively-exploited 0day vulnerability in the popular unarchiver WinRAR. We end the episode with an AI-related attack that doesn't actually use AI.
Mon, 28 Aug 2023 - 28min - 263 - U.S. Cyber Trust Mark
https://youtu.be/Drx3kF3sllQ
This week on the podcast we cover the FCC's proposal for a security assurance labeling program for IoT devices. Before that, we discuss the latest AI research challenge hosted by DARPA as well as some research into a novel attack against the AI/ML supply chain.
Mon, 21 Aug 2023 - 52min - 262 - Def Con 2023 Recap
https://youtu.be/LldPfSZY0uU
On this week's episode, we chat about some of our favorite talks from this year's Def Con security conference. We'll cover several topics including artificial intelligence, hacking mobile point of sale devices, and how worried we should or shouldn't be about cyber warfare.
Mon, 14 Aug 2023 - 53min - 261 - BlackHat 2023 Recap
https://youtu.be/ltW3DQVrZ28
In this special end-of-week episode of The 443, we cover some of our favorite talks from this year's edition of the BlackHat cybersecurity conference in Las Vegas. We'll discuss the trends we saw and summaries of interesting topics including AI, nation state warfare, and improving cyber defense.
Fri, 11 Aug 2023 - 58min - 260 - What Is Same-Origin Policy? Replay
https://youtu.be/Gfvg7dywu8A
This week we look back to an episode that originally aired in May 2021 where we remember a Def Con legend then dive in to two web browsing security acronyms. Keep an eye out later this week as we come to you from this year's Black Hat and Def Con cybersecurity conferences!
Mon, 07 Aug 2023 - 40min - 259 - Qakbot Qacktivity
https://youtu.be/FZKalGbK90A
This week on the podcast, we cover the latest evolutions of the decade-old Qakbot malware including changes in how attackers deliver it. After that, we give an update on the SEC's new rules around mandatory security disclosure. We then end by reviewing CISA's analysis of Risk and Vulnerability Assessments they completed for their constituents in 2022.
Mon, 31 Jul 2023 - 35min - 258 - Red Teaming AI Systems
https://youtu.be/GzZkXckK3Nk
This week on the podcast, we give an update on last week's discussion around a China-based APT targeting government organizations. After that, we cover the latest uses of generative AI like ChatGPT by malicious hackers. Finally, we end with a report from Google on their efforts around Red Teaming Artificial Intelligence systems.
Mon, 24 Jul 2023 - 36min - 257 - New Microsoft Office 0-Day
https://youtu.be/I-RjOTEJwZ0
This week on the podcast we cover two stories that came out of Microsoft's July Patch Tuesday. The first involves an incident within Microsoft that lead to foreign cybercriminals compromising the email accounts of multiple government agencies. The second story involves an actively exploited 0-day vulnerability in Office that at the time of recording, remains unpatched.
Mon, 17 Jul 2023 - 32min - 256 - Q1 2023 Internet Security Report
https://youtu.be/wXqymd_pLOU
This week on the podcast, we cover WatchGuard Threat Lab's Internet Security Report for Q1 2023. Throughout the episode, we'll discuss the key trends for cyber threats impacting small and midsize organizations globally including the top malware and network attach detections as well as a look specifically at the endpoint. We round out the episode with key defensive takeaways you can take back to your organization to defend against these threats.
Mon, 03 Jul 2023 - 54min - 255 - RepoJacking
https://youtu.be/DYam7E96dgc
On this week's podcast we discuss a recent analysis on the risks of GitHub RepoJacking. After that, we dive in to the Barracuda 0-day that China-based threat actors are actively exploiting as well as a novel command and control distribution method for a separate China-based APT.
Tue, 27 Jun 2023 - 38min - 254 - Minecraft Mod Malware
https://youtu.be/KOBaZcDg0tY
This week on the podcast we cover a supply chain attack of sorts against Minecraft gamers. After that, we cover a vulnerability in MOVEit Transfer that threat actors are exploiting in the wild to steal data and deploy ransomware. Finally, we wne with our review of the latest Verizon Data Breach Investigations Report (DBIR).
Mon, 12 Jun 2023 - 52min - 253 - How Not to Update Software
https://youtu.be/PZWaRaguDTI
This week on the podcast, we give a quick update on the latest Volt Typhoon activity before covering a newly for sale EDR bypass tool. After that, we discuss Gigabyte's decision to rootkit their own motherboards before ending with a new macOS vulnerability.Mon, 05 Jun 2023 - 37min - 252 - Naming APTs
https://youtu.be/loUDfzGTaiE
This week on the podcast, we cover Microsoft's latest refresh of naming conventions for advanced persistent threat (APT) actors worldwide, as well as an update on two specific threat actors and their latest tactics. We also cover a ransomware event targeting a biotechnology company with an interesting twist.
Mon, 29 May 2023 - 40min - 251 - TikTok is Banned, Kind Of
https://youtu.be/W57_CpRSFEA
This week on the podcast, we cover the recent TikTok ban coming from the state of Montana and discuss whether it was justified and what the potential security impact is. Before that, we give an update on two US Supreme Court cases that were poised to potentially strip away Section 230 protections. We also highlight a new phishing-as-a-service (PaaS) platform that has yet again lowered the barrier for executing sophisticated attacks.
Tue, 23 May 2023 - 49min - 250 - An Interview with ChatGPT
https://youtu.be/-asU7Sd24gg
This week on the podcast, Marc kick's Corey off the podcast and interview's ChatGPT to learn its thoughts on AI applications in cybersecurity, both on offense and defense.
Mon, 15 May 2023 - 38min - 249 - Securing Healthcare Tech
https://youtu.be/PoEXinvhMVQ
This week on the podcast, we cover two new malware research pieces, including the latest evolution of a delivery vehicle as old as time. After that, we cover recent regulations in the healthcare industry that have a chance to push the industry to a more secure future.
Mon, 08 May 2023 - 47min - 248 - Rustbuckets and Papercuts
This week on the podcast, we cover a recently discovered macOS malware attack that uses a multi-stage delivery mechanism. Before that, we discuss an actively-exploited vulnerability in the print management software PaperCut, as well as an update on the 3CX supply chain attack.
Mon, 01 May 2023 - 42min - 247 - MSPs Around the World – Americas
This week's podcast comes from the WatchGuard Apogee partner conference for the Americas where we bring on special guests Kevin Willette of Verus Corporation and Neil Holme of Impact Business Technology to discuss the challenges and opportunities MSPs and MSSPs will face in the coming years. This is the first of a multipart series where we explore similar questions around the world.
Mon, 24 Apr 2023 - 49min - 246 - Zero Trust Maturity Model 2.0
https://youtu.be/vzTpECddZRg
This week on the podcast, we cover two new publications out of CISA. First, we dive into CISA's guidance to manufacturers and customers on products that are secure-by-design and secure-by-default. Next, we discuss CISA's latest Zero Trust Maturity Model which any organization can use to gauge how far along they are on the ZTA path and where the should focus their efforts next. Finally, we end wit some research from Blaze Information Security on a series of vulnerabilities in a play-to-earn blockchain game.
You can view more information on the CISA guidance as well as Blaze Lab's full blog post at the links below:
- https://www.cisa.gov/sites/default/files/2023-04/zero_trust_maturity_model_v2_508.pdf
- https://www.blazeinfosec.com/post/hacking-play-2-earn-blockchain-games-manarium
Mon, 17 Apr 2023 - 53min - 245 - Operation Cookie Monster
This week on the podcast, we discuss another cybercrime marketplace takedown dubbed Operation Cookie Monster. After that, we discuss Microsoft's attempts to limit the distribution of a popular hacking toolkit. Finally, we discuss a recent analysis by Dr. Ken Tindell of Canis Automotive Labs around how criminals were able to steal his friend's Toyota Rav4.
You can view Dr. Ken Tindell's full blog post here: https://kentindell.github.io/2023/04/03/can-injection/
Mon, 10 Apr 2023 - 48min - 244 - Another Software Supply Chain Attack
This week on The 443, we discuss the latest software supply chain attack with a potential blast radius of thousands of organizations. Then we cover a new protocol vulnerability in the Wi-Fi wireless standard before ending with some research into insecure Microsoft Azure applications.
Tue, 04 Apr 2023 - 29min - 243 - The NSA’s Guidance on Securing Authentication
This week we have all the acronyms as we cover a joint publication by CISA and the NSA with Identity and Access Management (IAM) best practices. We then cover some new proposed cybersecurity rules out of the Securities and Exchange Commission (SEC) before ending with an FBI takedown of a popular hacking forum.
Mon, 27 Mar 2023 - 40min - 242 - An Update on Section 230
On this week's episode we look back to our initial monologue on Section 230 protections that allow the social media and the internet as a whole to function. We cap off the episode replay with a new discussion on a recent supreme court case that has the potential to dramatically impact the internet as we know it.
Mon, 20 Mar 2023 - 41min - 241 - Here Come The Regulations
On today's episode, we cover two new sets of cybersecurity regulations, fresh off the heels of the White House's National Cybersecurity Strategy publication, targeting different critical infrastructure sectors in the United States. We'll also cover the latest in nation state activity targeting network connectivity appliances and end with some fun research into an oldie but goodie video game system.
Mon, 13 Mar 2023 - 46min - 240 - US National Cybersecurity Strategy
This week's episode is all about the White House's recently released National Cybersecurity Strategy. We'll walk through the strategy from top to bottom and discuss the key elements most likely to impact individuals and organizations as well as our overall thoughts on the direction the US Federal Government is planning to take.
Tue, 07 Mar 2023 - 1h 10min
Podcasts semelhantes a The 443 - Security Simplified
- Global News Podcast BBC World Service
- El Partidazo de COPE COPE
- Herrera en COPE COPE
- The Dan Bongino Show Cumulus Podcast Network | Dan Bongino
- Es la Mañana de Federico esRadio
- La Noche de Dieter esRadio
- Hondelatte Raconte - Christophe Hondelatte Europe 1
- Curiosidades de la Historia National Geographic National Geographic España
- Dateline NBC NBC News
- 財經一路發 News98
- La rosa de los vientos OndaCero
- Más de uno OndaCero
- La Zanzara Radio 24
- L'Heure Du Crime RTL
- El Larguero SER Podcast
- Nadie Sabe Nada SER Podcast
- SER Historia SER Podcast
- Todo Concostrina SER Podcast
- 安住紳一郎の日曜天国 TBS RADIO
- アンガールズのジャンピン[オールナイトニッポンPODCAST] ニッポン放送
- 辛坊治郎 ズーム そこまで言うか! ニッポン放送
- 飯田浩司のOK! Cozy up! Podcast ニッポン放送
- 吳淡如人生實用商學院 吳淡如
- 武田鉄矢・今朝の三枚おろし 文化放送PodcastQR