Podcasts about 0day

Getting Past PyArmor PyArmor is a python obfuscation tool used for malicious and non-malicious software. Xavier is taking a look at a sample to show what can be learned from these obfuscated samples with not too much work. https://isc.sans.edu/diary/Obfuscated%20Malicious%20Python%20Scripts%20with%20PyArmor/31840 CenterStack RCE CVE-2025-30406 Gladinet s CenterStack secure file-sharing software suffers from an inadequately protected machine key vulnerability that can be used to modify ViewState data. This vulnerability may lead to remote code execution, which is already exploited. https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf Google Patches two zero-day vulnerabilities CVE-2024-53150 CVE-2024-53197 Google released its monthly patches for Android. Two of the patched vulnerabilities are already exploited. One of them was used by Serbian law enforcement. https://www.malwarebytes.com/blog/news/2025/04/google-fixes-two-actively-exploited-zero-day-vulnerabilities-in-android Broadcom VMWare Tenzu Updates Broadcom released updates for VMWare Tenzu. Many vulnerabilities affect the backup component and allow for arbitrary command execution. https://support.broadcom.com/web/ecx/security-advisory? Windows 11 April Update ads inetpub directory The April Windows 11 update appears to create a new /inetpub directory. It is unclear why, and removing it appears to have no bad effects. https://www.bleepingcomputer.com/news/microsoft/windows-11-april-update-unexpectedly-creates-new-inetpub-folder/ WhatsApp File Type Confusion/Spoofing WhatsApp patched a file type confusion vulnerability. A victim may be tricked into downloading n https://www.whatsapp.com/security/advisories/2025/ SANS Critical AI Security Guidelines https://www.sans.org/mlp/critical-ai-security-guidelines

Three Buddy Problem - Episode 41: Costin and Juanito join the show from Black Hat Asia in Singapore. We discuss Bunnie Huang's keynote on hardware supply chains and a classification system to establish a grounded perspective on trust in hardware, Ivanti's misdiagnosis of a critical VPN applicance flaw and Mandiant reporting on a Chinese APT exploiting Ivanti devices. Plus, breaking news on the sudden firing of NSA director and head of Cyber Command Tim Haugh. We also discuss Microsoft touting AI's value in finding open-source bootloader bugs, Silent Push report on a RUssian APT impersonating the CIA, a backdoor in a popular Chinese robot dog, and Chinese dominance of the robotics market. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

Sponsor by ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠SEC Playground⁠⁠

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why people studying cyber operations are fascinated by 0days. These are vulnerabilities or exploits that have been found in a system before the vendor or manufacturer is made aware of them and so therefore no fix exists. This episode is also available on Youtube. Show notes

Unfurl Update Released Unfurl released an Update fixing a few bugs and adding support to decode BlueSky URLs. https://isc.sans.edu/diary/Unfurl%20v2025.02%20released/31716 Google Confirms GMail To Ditch SMS Code Authentication Google no longer considers SMS authentication save enough for GMail. Instead, it pushes users to use Passkeys, or QR code based app authentication https://www.forbes.com/sites/daveywinder/2025/02/23/google-confirms-gmail-to-ditch-sms-code-authentication/ Beware of Paypal New Address Feature Abuse Attackers are using "address change" e-mails to send links to phishing sites or trick users into calling fake tech support phone numbers. Attackers are just adding the malicious content as part of the address. The e-mail themselves are legitimate PayPal emails and will pass various spam and phishing filters. https://www.bleepingcomputer.com/news/security/beware-paypal-new-address-feature-abused-to-send-phishing-emails/ Exim SQL Injection Vulnerability Exim, with sqlite support and ETRN enabled, is vulnerable to a simple SQL injection exploit. A PoC has been released https://www.exim.org/static/doc/security/CVE-2025-26794.txt https://github.com/OscarBataille/CVE-2025-26794? XMLlib patches https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 0-Day in Parallels https://jhftss.github.io/Parallels-0-day/

Three Buddy Problem - Episode 30: We discuss French threat-intel Sekoia creating a portal to handle “sovereign disinfections” of the PlugX malware, CISA leadership taking a victory lap using the ‘Secure by Design' pledge as a trophy, the new Biden cybersecurity Executive Order, another Fortinet zero-day, the TikTok ban and Ukrainian hackers targeting Russian companies. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even. Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place. Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/esw-386

When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even. Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place. Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/esw-386

Forecast: CYBER WEATHER ALERT | Volt Typhoon bringing sustained APT activity across the Pacific Rim. Expect persistent perimeter probing with a 100% chance of state-sponsored shenanigans. Pack your EDR umbrella! ‍ This week's episode tackles a disturbing story from Disney World where a terminated employee allegedly hacked into their menu system to alter critical peanut allergy information. We dig into the attack details then don our tin-foil hats to explore the potential real-world consequences of malicious insider threats. We're excited to share Sophos' latest research on Pacific Rim, an extensive investigation into nation-state adversaries targeting edge devices. We hone in on this event through the filter of GreyNoise's analysis of this multi-year APT campaigns, and show you live threat data through the GreyNoise Visualizer to demonstrate the ongoing nature of these attacks. VulnCheck brings us two fascinating pieces - a deep examination of ABB vulnerabilities affecting industrial control systems, and an innovative new command-and-control feature called ShellTunnel in the go-exploit framework. GreyNoise has been especially busy, uncovering zero-day vulnerabilities in live streaming cameras using AI assistance. We'll discuss their technical breakdown of CVE-2024-8956 and CVE-2024-8957, which CISA just added to their Known Exploited Vulnerabilities catalog. The October NoiseLetter is out with the latest threat intelligence insights, and don't miss upcoming events including the Quarterly Roadmap Showcase and a special webinar on discovering zero-days with AI. Storm Watch Homepage >> Learn more about GreyNoise >>  

On this week's show, Patrick Gray and Adam Boileau discuss the week's security news, including: Widely used polyfill javascript gets hijacked by its new owners MacOS supply chain disaster bullet dodged That OpenSSH remote code exec OH MY

In this edition of Between Two Nerds Tom Uren and The Grugq look at the life cycle of 0days, dissect the conventional wisdom and talk about how 0days are never truly ‘burnt'.

iLeakage gives hackers access passwords and sensitive data on iOS and macOS browsers. 0ktapus is "one of the world's most dangerous financial criminal groups" says Microsoft. Apple backs national right-to-repair bill. Pro-Russia hackers exploiting 0-day in Roundcube webmail software. 9 innovative ways to boost security hygiene for Cyber Awareness Month Josh Kuo, Senior Educator and SME in Cyber Security of Infoblox talks about why we need Punycode and how DNS can be a security solution for malicious Punycode. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Josh Kuo Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: lookout.com kolide.com/twiet Miro.com/podcast

iLeakage gives hackers access passwords and sensitive data on iOS and macOS browsers. 0ktapus is "one of the world's most dangerous financial criminal groups" says Microsoft. Apple backs national right-to-repair bill. Pro-Russia hackers exploiting 0-day in Roundcube webmail software. 9 innovative ways to boost security hygiene for Cyber Awareness Month Josh Kuo, Senior Educator and SME in Cyber Security of Infoblox talks about why we need Punycode and how DNS can be a security solution for malicious Punycode. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Josh Kuo Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: lookout.com kolide.com/twiet Miro.com/podcast

iLeakage gives hackers access passwords and sensitive data on iOS and macOS browsers. 0ktapus is "one of the world's most dangerous financial criminal groups" says Microsoft. Apple backs national right-to-repair bill. Pro-Russia hackers exploiting 0-day in Roundcube webmail software. 9 innovative ways to boost security hygiene for Cyber Awareness Month Josh Kuo, Senior Educator and SME in Cyber Security of Infoblox talks about why we need Punycode and how DNS can be a security solution for malicious Punycode. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Josh Kuo Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: lookout.com kolide.com/twiet Miro.com/podcast

iLeakage gives hackers access passwords and sensitive data on iOS and macOS browsers. 0ktapus is "one of the world's most dangerous financial criminal groups" says Microsoft. Apple backs national right-to-repair bill. Pro-Russia hackers exploiting 0-day in Roundcube webmail software. 9 innovative ways to boost security hygiene for Cyber Awareness Month Josh Kuo, Senior Educator and SME in Cyber Security of Infoblox talks about why we need Punycode and how DNS can be a security solution for malicious Punycode. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Josh Kuo Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: lookout.com kolide.com/twiet Miro.com/podcast

Some complex and confusing vulnerabilities as we talk about the recent WebP 0day and the complexities of huffman coding. A data-only exploit to escape a kCTF container, the glibc LPE LOONY_TUNABLES, and a Chrome TurboFan RCE. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/218.html [00:00:00] Introduction [00:00:40] Expanding our exploit reward program to Chrome and Cloud [00:06:10] The WebP 0day - We do somewhat downplay this issue due to the difficulty of exploiting it. But to be clear, it was exploited in the wild on Apple devices, so it exploitable. We're more downplaying the panic that came up around it. It is still a serious issue that should be patched. [00:34:00] Escaping the Google kCTF Container with a Data-Only Exploit [00:44:49] Local Privilege Escalation in the glibc's ld.so [CVE-2023-4911] [01:01:27] Getting RCE in Chrome with incorrect side effect in the JIT compiler [01:08:03] Behind the Shield: Unmasking Scudo's Defenses The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

ON THIS INSTALLMENT…DONATE: PAYPAL.ME/JAPANWUT … Matt discusses reasons why Japan doesn't experience wildfires so much, strapping kids with surveillance tech, and a study that links bowel movements with dementia.Follow Matt: Twitter / Facebook Page / InstagramOfficial Website: matthewpmbigelow.comSHOW NOTES FOR EP. 103NEW PRODUCTOsaka Expo ¥1,000 coins go on sale for low price of ¥13,800SOCIETY 5.0Day care operator in Japan turns to tech to monitor children's health, protect livesG7, Generative AI and the ‘Hiroshima AI process'https://www.g7hiroshima.go.jp/documents/pdf/Leaders_Communique_01_en.pdf (page 28/40)Panasonic Ventures Into India with Automation and Cutting-Edge TechnologyMitsui O.S.K. Lines, Ltd. (MOL) has announced that the second of Japan's first two LNG-fueled ferries, the SunflowerJAMSTEC Picks MOL Group Companies for Key Roles in Arctic Research Vessel Development and OperationWARJapan and U.S. to jointly develop hypersonic missile interceptorAso's 'fight for Taiwan' remark in line with official view, lawmaker saysAso, Tsai Vow to Deepen Japan-Taiwan TiesECONOMYVisitors to Japan Climb 16-Fold in JulyJapan April-June GDP grows 6.0%, fastest since 2020 but outlook murkyJapan in JapanLess frequent bowel movements signal higher risk of dementia: Japan researchersJapan's smoking rates continue to decline for men, women in 2022

Join your favorite hosts, @Eden and @Amitai, on the latest "Crying Out Cloud" rollercoaster

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Russia's FSB uncovers “NSA malware” on iPhones Cl0p mass harvests data from MOVEit file transfer servers ASD discloses a bunch of operations against ISIS, criminals Why China's prepositioning is probably… prepositioning Much, much more This week's show is brought to you by Thinkst Canary. Marco Slaviero is this week's sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Russia says US hacked thousands of Apple phones in spy plot | Reuters Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign Russia wants 2 million phones with home-grown Aurora OS for use by officials Доверенная мобильная среда. Мобильная операционная система «Аврора» — Ростелеком Why China's Latest APT Campaign is Legitimately Worrying War crimes committed through cyberspace must not escape international justice, says Estonian president Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News Australian intelligence's secret hand in bringing down the Bali bombers - ABC News Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive metlstorm: "Great, so now I have to roll i…" - Infosec Exchange Dave Aitel: "@riskybusiness @chort honestly…" - Infosec Exchange Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED Ask Fitis, the Bear: Real Crooks Sign Their Malware – Krebs on Security Wayback Machine Discord Admins Hacked by Malicious Bookmarks – Krebs on Security Google's Android and Chrome extensions are a very sad place. Here's why | Ars Technica How university cybersecurity clinics can help cities fight ransomware | CyberScoop Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly. For any questions and concerns, contact support@atomicwallet.io" / Twitter BrianKrebs: "Russian news outlet Kommersant…" - Infosec Exchange Thinkst

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Russia's FSB uncovers “NSA malware” on iPhones Cl0p mass harvests data from MOVEit file transfer servers ASD discloses a bunch of operations against ISIS, criminals Why China's prepositioning is probably… prepositioning Much, much more This week's show is brought to you by Thinkst Canary. Marco Slaviero is this week's sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Russia says US hacked thousands of Apple phones in spy plot | Reuters Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign Russia wants 2 million phones with home-grown Aurora OS for use by officials Доверенная мобильная среда. Мобильная операционная система «Аврора» — Ростелеком Why China's Latest APT Campaign is Legitimately Worrying War crimes committed through cyberspace must not escape international justice, says Estonian president Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News Australian intelligence's secret hand in bringing down the Bali bombers - ABC News Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive metlstorm: "Great, so now I have to roll i…" - Infosec Exchange Dave Aitel: "@riskybusiness @chort honestly…" - Infosec Exchange Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED Ask Fitis, the Bear: Real Crooks Sign Their Malware – Krebs on Security Wayback Machine Discord Admins Hacked by Malicious Bookmarks – Krebs on Security Google's Android and Chrome extensions are a very sad place. Here's why | Ars Technica How university cybersecurity clinics can help cities fight ransomware | CyberScoop Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly. For any questions and concerns, contact support@atomicwallet.io" / Twitter BrianKrebs: "Russian news outlet Kommersant…" - Infosec Exchange Thinkst

Things Stopping You From Making $10,000Your significant other Rich people don't pick mates based on geneticsYou believe you don't deserve to get to $10,000 in 10 daysYou love the Lord but don't believe in the LordYou just ain't thinking about this whole conversationYou're thinking about everything else but making $10,000 in 10 daysWe respect our obstacles instead of going through themYour desire to win must be greater than the obstacles Ten Days to $10,000Day 1 = $1200Day 2 = $455Day 3 = $10Day 4 = $95Day 5 = $2500Day 6 = $720Day 7 = $147Day 8 = $4873Day 9 = $0Day 10 = $0The reason we don't make this money everyday is because your ego won't let you be TimothyIn order to get this money, you have to take the spotlight off yourselfYou've got to point to and talk about PaulSupport this podcast at — https://redcircle.com/the-secret-to-success/exclusive-contentAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

In today's podcast we cover four crucial cyber and technology topics, including: 1.        CISA demands organization patch Google Chrome Web Browser2.        Criminals seeking to SIM swap target technology firms 3.        MegaRAC BMCs have three flaws; used widely by various vendors  4.        Versailles Hospital group cancels surgery, other delays amidst ransomware attack I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

In today's podcast we cover four crucial cyber and technology topics, including: 1.        0day impacting unpatched Fortinet products 2.        MyDeal users have data exposed in compromise 3.        MediBank services disrupted in apparent ransomware attack 4.        Bulgaria hit by DDoS, say at least one Russian involved I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

In today's podcast we cover four crucial cyber and technology topics, including: 1.        South Korean firm says Lockbit using undisclosed Exchange 0day 2.        New Caffeine toolkit offers phishing services 3.        VM2 sandbox flaw allows bypass of security4.        Russian citizens warned against “terrorist” META use I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

In today's podcast we cover four crucial cyber and technology topics, including: 1.        Microsoft provides mitigation for two zero day exploits 2.        Shangri-Las hotel chain suffers data breach 3.        APLV impacts IT firm supporting DoD, leak site subsequently down 4.        Researchers uncover flaw in medical imaging software I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

In today's podcast we cover four crucial cyber and technology topics, including: 1.Backup Buddy Word Press Plugin being exploited 2.WPGateway Zero-day being exploited 3.Trend Micro updates product after Zero Day found 4.Dutch arrest crypto currency launderer after tracing attack I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

Josh and Kurt talk about the Google Project Zero blog post about 0day vulnerabilities in 2021. There were a lot more than ever before, but why? Part of the challenge is the whole industry is expanding while a lot of our security technologies are not. When the universe around you is expanding but you're staying the same size, you are actually shrinking. Show Notes Google Project Zero blog post Apple 0days Joint cyber advisory

Welcome to episode 248 of the Transatlantic Cable. In this week's episode Dave and Ahmed look at some of the more unique or interesting stories to come out of the tech / info-sec world. To kick things off, they look at a breaking story about how BAYC (Bored Ape Yacht Club, to you and me) is reeling after a hack on their Instagram account led to the theft of quite a few NFTs.  From there, they look at how an actor's guild is getting increasingly concerned about AI and deep-fakes, calling for reform. Following that, they look at a concerning story around fake reviews and how the US government is looking at legislation to try to tackle rampant fakery. Wrapping up, they look at news from Google showing that 2021 was a ‘banner-year' for zero-day exploits and their usage. If you liked what you heard, please consider subscribing. Thief steals $1 million of Bored Ape Yacht Club NFTs with Instagram hack Actors launch campaign against AI 'show stealers' 'My negative online review was blocked' Google: 2021 was a Banner Year for Exploited 0-Day Bugs

Josh and Kurt talk about a survey about a TuxCare patch management and vulnerability detection. Sometimes our security bubble makes us forget what it's like in the real world for the people who keep our infrastructure running. Patching isn't always immediate, automation doesn't fix everything, and accepting risk is very important. Show Notes State of Enterprise Vulnerability Detection and Patch Management CISA Known Exploited Vulnerabilities Catalog Google 0days

Kubernetes Security Audit Published https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Final%20Report.pdf https://www.cncf.io/blog/2019/08/06/open-sourcing-the-kubernetes-security-audit/ Apple Expands Bug Bounty https://www.blackhat.com/us-19/briefings/schedule/index.html#behind-the-scenes-of-ios-and-mac-security-17220 https://www.forbes.com/sites/thomasbrewster/2019/08/08/apple-confirms-1-million-reward-for-hackers-who-find-serious-iphone-vulnerabilities/ 0-Day Privilege Escalation in Steam Client https://amonitoring.ru/article/steamclient-0day/ Actual Sextortion Trojan https://www.welivesecurity.com/2019/08/08/varenyky-spambot-campaigns-france/

Show Notes: https://thugcrowd.com/notes/20190326.html

Show Notes: https://thugcrowd.com/notes/20190319.html

Show Notes: https://thugcrowd.com/notes/20190312.html

Show Notes: https://thugcrowd.com/notes/20190226.html

Show Notes: https://thugcrowd.com/notes/20190219.html

Show Notes: https://thugcrowd.com/notes/20190212.html

Show Notes: https://thugcrowd.com/notes/20190205.html

Show Notes: https://thugcrowd.com/notes/20190201.html

Show Notes: https://thugcrowd.com/notes/20190129.html

Show Notes: https://thugcrowd.com/notes/20190122.html