Podcasts about 0day

Evil MSI Background: BASE64 Statistical Analysis https://isc.sans.edu/diary/Evil%20MSI%20Background%3A%20BASE64%20Statistical%20Analysis/33072 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ TSME/SME not activating on Ryzen 7 9700X https://github.com/AMDESE/AMDSEV/issues/292 Deep-Research Agents Can Be Poisoned via User-Generated Content https://arxiv.org/pdf/2605.24245 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

How has use of framing protection security headers changed in the past 3 years? https://isc.sans.edu/diary/How%20has%20use%20of%20framing%20protection%20security%20headers%20changed%20in%20the%20past%203%20years%3F/33068 Preparing for npm v12: install scripts and non-registry sources become opt-in https://github.com/orgs/community/discussions/198547 Adobe Patches https://helpx.adobe.com/security.html Rogue Planet new Microsoft Defender Vulnerability https://github.com/MSNightmare/RoguePlanet My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

On this week's show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week's cybersecurity news. They cover: Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them Meanwhile, researchers are choosing full disclosure instead of engaging MSRC Meta's AI support agent allowed a staggering 20,000 accounts to be stolen! Apple pulls Russia's MAX messenger from the App Store and disables notifications Anthropic gives the public our first Mythos-class model but it won't do cybersecurity work Stripe and Google Tag Manager used in eCommerce website hack campaign And much, much more! This week's show is brought to you by runZero. HD Moore, runZeros' founder, drops by in this week's sponsor interview to talk about the AI vibe shift. Everyone is very worried about getting owned all of a sudden, and it's really changing the cybersecurity business. This episode is also available on YouTube. Show notes Microsoft Hacked to Deliver Malware to Claude and Gemini Users | 404.feed.press Researcher publishes GitHub token-stealing exploit, blames Microsoft's disclosure process | therecord.media Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges | BleepingComputer Microsoft breaks Patch Tuesday record with 206 vulnerabilities | CyberScoop chompie1337 | X WhatsApp says NSO targeted users with spearfishing attacks in violation of court order | therecord.media Over 20,000 Instagram accounts stolen in Meta AI support hack | BleepingComputer New Apple feature automatically changes your compromised passwords | BleepingComputer Apple removes Russia's state-backed messaging app Max from its store | therecord.media Exclusive: Anthropic's Mythos can exploit new flaws in hours | Anthropic's new model is Mythos on a leash | CyberScoop Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe' Version for the Rest of You | wired.com OpenClaw AI agent found falling for phishing attacks, spills user data | BleepingComputer OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks | TechCrunch Security Hands on with Intelligent Terminal, an AI-powered Windows Terminal | BleepingComputer Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms | Mandiant Check Point warns of zero-day flaw targeted by ransomware affiliate | Cybersecurity Dive ServiceNow discloses security incident exposing customer data | BleepingComputer Credit card theft campaign abuses Stripe to host stolen payment info | BleepingComputer CrowdStrike, Palo Alto Networks defy estimates as AI fuels cyber demand | Cybersecurity Dive The U.S. Military Quietly Turned GPS Into a Global ‘Numbers Station,' Evidence Suggests | 404.feed.press New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute | BleepingComputer Google has quietly cut staff across its Cloud business | businessinsider.com

Nightmare Eclipse drops a fresh zero day, Meta says NSO is targeting WhatsApp users again, hackers breach France's Tchap secure messenger network, Putin disables some Kremlin security cameras, and Gmail be gone! Russia bans logins from foreign email addresses. Show notes Risky Bulletin: Meta says NSO violated court order with new campaign targeting WhatsApp

A new Palo Alto Networks firewall bug is being exploited in the wild, Russia expands SORM surveillance, NIST is looking for new post quantum algorithms, and ENSOC launches in Europe. Show notes Risky Bulletin: Russia greatly expands SORM surveillance requirements

Microsoft hat gerade etwas Stress: Sicherheitsforscher:in Chaotic Eclipse/Nightmare Eclipse hat unter anderem einen 0day-Exploit veröffentlicht, mit dem man auf äußerst einfachem Weg vollen Zugriff auf Laufwerke bzw. Partitionen erhält, die mit Bitlocker verschlüsselt wurden. Laut Chaotic Eclipse sind die dafür nötigen Elemente nur in der Windows Recovery Environment enthalten, nirgends sonst, auch nicht im Internet. Weshalb es nahe liegen könnte, dass es sich hierbei nicht um einen Bug handelt, sondern eine Backdoor. Positiv hingegen für Nutzer von älteren AMD-Grafikkarten: Der ML-basierte Upscaler FSR 4.1 soll nun endlich doch auch offiziell für Radeon 6000 (RDNA 2) und 7000 (RDNA 3) kommen. Für Radeon 7000 sogar schon im Juli 2026, was praktischerweise recht gut zum vermuteten Release der Steam Machines passen würde. Nutzer von Grafikkarten der 6000er Serie müssen sich leider noch bis Anfang 2027 gedulden. Oder weiter auf die inoffizielle INT8-Version per Optiscaler odgl. setzen. Viel Spaß mit Folge 307! Sprecher:innen: Meep, Michael Kister, Mohammed Ali DadAudioproduktion: Michael KisterVideoproduktion: Mohammed Ali Dad, Michael KisterTitelbild: MeepBildquellen: Microsoft/PixabayAufnahmedatum: 15.05.2026 Besucht unsim Discord https://discord.gg/SneNarVCBMauf Bluesky https://bsky.app/profile/technikquatsch.deauf Youtube https://www.youtube.com/@technikquatsch https://www.youtube.com/@technikquatschgamingauf TikTok https://www.tiktok.com/@technikquatschauf Instagram https://www.instagram.com/technikquatschauf Twitch https://www.twitch.tv/technikquatsch RSS-Feed https://technikquatsch.de/feed/podcast/Spotify https://open.spotify.com/show/62ZVb7ZvmdtXqqNmnZLF5uApple Podcasts https://podcasts.apple.com/de/podcast/technikquatsch/id1510030975Deezer https://www.deezer.com/de/show/1162032 00:00:00 Herzlich willkommen zu Technikquatsch Folge 307! 00:08:58 Ein Controller namens Wilhelmhttps://bsky.app/profile/wario64.bsky.social/post/3mloyh34myc2w 00:12:15 Der ML-basierte Upscaler FSR 4.1 kommt offiziell auch für RDNA 3 (Juli 2026) und RDNA 2 (2027).https://www.computerbase.de/news/grafikkarten/ki-upsampling-amd-bringt-fsr-4-1-offiziell-auf-rdna-3-und-rdna-2.97362/ 00:17:42 HDMI 2.1 auf AMD unter Linux nähert sich der Fertigstellung.https://www.gamingonlinux.com/2026/05/further-expanded-amd-hdmi-2-1-support-is-coming-to-linux-now-with-frl-and-dsc/ 00:20:45 Backdoor in Microsoft Bitlockerhttps://www.golem.de/news/nach-zoff-mit-microsoft-forscher-leakt-zero-day-exploit-fuer-bitlocker-2605-208630.htmlhttps://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/https://deadeclipse666.blogspot.com/2026/05/two-more-public-disclosures-it-will.html 00:36:22 Probleme mit Dell Support Assisthttps://borncity.com/blog/2026/05/15/windows-11-dell-bestaetigt-probleme-des-support-assist-mit-windows-updates-mai-2026/ 00:40:10 Hands-on Macbook Neo 00:41:23 Treiber-Rollback durch Windows Update geplanthttps://www.heise.de/news/Stabileres-Windows-Cloud-gestuetzte-Treiber-Wiederherstellung-fuer-Windows-Update-11295257.html 00:54:31 Treffer durch KI-Erkennungssoftware allein reicht nicht für einen Haftbefehl.https://www.heise.de/news/Haftbefehl-abgelehnt-KI-Treffer-ist-fuer-Richter-nur-ein-vager-Hinweis-11295643.html 01:03:19 Mike hat Drova weitergespielt 01:09:13 Mario 64 als Deckbuilder per ROM-Hack, Roguelike-Deckbuilder Dawncaster, Final Fantasy 16 angespielthttps://romhacking.com/hack/bazrhttps://dawncaster.wanderlost.games/ 01:17:00 Vielen Dank, bis zum nächsten Mal!

Palo Alto Networks patches a firewall zero-day, Google patches an Android remote takeover bug, Ivanti also patches one, and a leak exposes Russia's spy and hacker school. Show notes Risky Bulletin: Google patches Android remote takeover bug

On this week's show, Patrick Gray, Adam Boileau and James Wilson discuss the week's cybersecurity news. They cover: Anthropic's new Mythos model hunts bugs and chains exploits together so well that… you cant have it… …Unless you're one of their Project Glasswing partners The world isn't short on bugs, though. F5, Fortinet, Progress ShareFile, and TrueConf are all getting rekt by humans GPU Rowhammering goes in the GPU, past the IOMMU and back into the host-side Nvidia driver North Korea is spending serious time and money on its crypto hacking Just when the US needs CISA most, they slash its budget some more! This week's episode is sponsored by identity verification firm, Persona. Tying digital actions to actual human identities isn't just for banking know-your-customer any more. Persona's Benjamin Chait says know-your-staff checks belong in high-value flows inside your organisation, too. This episode is also available on Youtube. Show notes Claude Mythos Preview red.anthropic.com Anthropic Claims Its New A.I. Model, Mythos, Is a Cybersecurity ‘Reckoning' - The New York Times Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything | WIRED FFmpeg on X: "Thank you to @AnthropicAI for sending FFmpeg patches" / X Critical flaw in F5 BIG-IP faces wide exploitation risk | Cybersecurity Dive React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data | Cybersecurity Dive Critical flaw in FortiClient EMS under exploitation | Cybersecurity Dive Researchers warn of critical flaws in Progress ShareFile | Cybersecurity Dive CISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers | The Record from Recorded Future News New Rowhammer attacks give complete control of machines running Nvidia GPUs - Ars Technica North Korea's hijack of one of the web's most used open source projects was likely weeks in the making | TechCrunch Drift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea | The Record from Recorded Future News Drift on X: "Drift Protocol — Incident Background Update " / X Trump's FY2027 budget again targets CISA | Cybersecurity Dive CISA's vulnerability scans, field support on chopping block in Trump budget | Cybersecurity Dive Iranian hackers break into U.S. industrial systems, agencies warn FBI labels suspected China hack of law enforcement data 'a major cyber incident' Russia Hacked Routers to Steal Microsoft Office Tokens – Krebs on Security Massachusetts hospital turning ambulances away after cyberattack | The Record from Recorded Future News Exclusive | 'Ghost Murmur,' a never-used secret tool, deployed to find lost airman in Iran in daring mission A Secure Chat App's Encryption Is So Bad It Is ‘Meaningless'

How often are redirects used in phishing in 2026? https://isc.sans.edu/diary/How%20often%20are%20redirects%20used%20in%20phishing%20in%202026%3F/32870 Hackerone Suspends Internet Bug Bounty https://hackerone.com/ibb?type=team https://www.linkedin.com/posts/danielstenberg_hackerone-share-7446667043380076545-RX9b/ Bluehammer Windows 0-day Privilege Escalation https://github.com/Nightmare-Eclipse/BlueHammer https://deadeclipse666.blogspot.com/2026/04/public-disclosure.html https://deepwiki.com/Nightmare-Eclipse/BlueHammer Keycloak MFA Bypass CVE-2026-3429 https://access.redhat.com/security/cve/cve-2026-3429

Team PCP Update and Axios Post Mortem https://isc.sans.edu/diary/32864 https://github.com/axios/axios/issues/10636 Strapi NPM Packages Compromised https://safedep.io/malicious-npm-strapi-plugin-events-c2-agent/ Fortinet CVE-2026-35616 exctively exploited https://fortiguard.fortinet.com/psirt/FG-IR-26-099

Presented by Material Security: We protect your company's most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices. Three Buddy Problem - Episode 71: The buddies travel to Canada for a live recording at the Countermeasure conference, discussing the Google v FFmpeg open-source patching brouhana, ransomware negotiators charged and linked to ransomware attacks, the looming TP-Link ban in the U.S., and the discovery of LANDFALL, an APT attack caught using a Samsung mobile zero-day. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

Bilingual Phishing for Cloud Credentials Guy observed identical phishing messages in French and English attempting to phish cloud credentials https://isc.sans.edu/diary/Phishing%20Cloud%20Account%20for%20Information/32416 Kaitai Struct WebIDE The binary file analysis tool Kaitai Struct is now available in a web only version https://isc.sans.edu/diary/Kaitai%20Struct%20WebIDE/32422 WSUS Emergency Update Microsoft released an emergency patch for WSUS to fix a currently exploited critical vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287 Network Security Devices Endanger Orgs with 90s-era Flaws Attackers increasingly use simple-to-exploit network security device vulnerabilities to compromise organizations. https://www.csoonline.com/article/4074945/network-security-devices-endanger-orgs-with-90s-era-flaws.html

Es gibt wieder einige Neuigkeiten in der Welt der IT-Sicherheit und alte Bekannte rühren erneut ihr hässliches Haupt. Allen voran die als "Chatkontrolle" bezeichnete Iniative zum "Client-Side Scanning" von Nachrichten, die der EU-Rat unter dänischer Präsidentschaft kürzlich erneut aus der Versenkung hervorholte. Fast genau ein Jahr nach dem letzten Scheitern dieser Initiative zur Aufweichung von Verschlüsselung sprechen Sylvester und Christopher erneut darüber. Auch Oracle ist bereits altbekannter "Gast" im Podcast - dieses Mal mit einer kritischen Lücke in ihrer e-Business Suite und einer äußerst unbefriedigenden Kommunikationsstrategie. Sylvester erklärt seinem Co-Host und den Hörern, was es mit Signals neuen "Post Quantum Ratchets" auf sich hat und warum diese kryptografischen Ratschen den Messenger im Quantenzeitalter sicherer machen sollen. Und dann geht es gleich quantensicher weiter, nämlich mit einer Diskussion über die Vorteile hybrider Quantenverschlüsselungssysteme zu rein quantensicheren. - Einsteiger-Themenabend zu IT-Sicherheit in Hannover: https://aktionen.heise.de/heise-themenabend - Oracles gelöschter Blogeintrag: https://nitter.net/pic/orig/media%2FG2T6vnYWEAAHcB6.jpg - Watchtowr Labs zu CVE-2025-61882: https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ - "Passwort", Folge 16: Die Technik hinter der Chatkontrolle - https://passwort.podigee.io/16-die-technik-hinter-der-chatkontrolle - Cloudflare-Blog zum Zertifikats-Lapsus: https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/ - SPQR: https://signal.org/blog/spqr/ - "Passwort", Folge 32: Quantencomputer und wie man sich vor ihnen schützt - https://passwort.podigee.io/32-quantencomputer-und-wie-man-sich-vor-ihnen-schutzt - DJB über Hybrid oder nicht: https://blog.cr.yp.to/20240102-hybrid.html - Folgt uns im Fediverse: * @christopherkunz@chaos.social * @syt@social.heise.de Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the 0day mass exploitation of SharePoint and Exchange. This type of widespread hacking appears to be increasingly common… but is it? This episode is also available on YouTube. Show notes X post | Brian in Pittsburgh

Tom Uren and Patrick Gray talk about a new report that compares Chinese and American 0day pipelines. The US is narrowly focussed on acquiring exquisitely stealthy and reliable exploits, while China casts a far broader net. That was fine in the past, but as 0days get harder and harder to find, the report argues that the US needs to change the way it goes about getting them. The pair also talk about Cyber Command supporting the US bomb strikes against Iranian nuclear facilities. We like to believe in magic cyber capabilities, but we suspect the truth was far more mundane in this case. This episode is also available on Youtube. Show notes Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace

vBulletin Exploits CVE-2025-48827, CVE-2025-48828 We do see exploit attempts for the vBulletin flaw disclosed about a week ago. The flaw is only exploitable if vBulltin is run on PHP 8.1, and was patched over a year ago. However, vBulltin never disclosed the type of vulnerability that was patched. https://isc.sans.edu/diary/vBulletin%20Exploits%20%28CVE-2025-48827%2C%20CVE-2025-48828%29/32006 Google Chrome 0-Day Patched Google released a security update for Google Chrome patching three flaws. One of these is already being exploited. https://chromereleases.googleblog.com/ Roundcube Update Roundcube patched a vulnerability that allows any authenticated user to execute arbitrary code. https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 HP Vulnerabilities in StoreOnce HP patched multiple vulnerabilities in StoreOnce. These issues could lead to remote code execution https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US

Getting Past PyArmor PyArmor is a python obfuscation tool used for malicious and non-malicious software. Xavier is taking a look at a sample to show what can be learned from these obfuscated samples with not too much work. https://isc.sans.edu/diary/Obfuscated%20Malicious%20Python%20Scripts%20with%20PyArmor/31840 CenterStack RCE CVE-2025-30406 Gladinet s CenterStack secure file-sharing software suffers from an inadequately protected machine key vulnerability that can be used to modify ViewState data. This vulnerability may lead to remote code execution, which is already exploited. https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf Google Patches two zero-day vulnerabilities CVE-2024-53150 CVE-2024-53197 Google released its monthly patches for Android. Two of the patched vulnerabilities are already exploited. One of them was used by Serbian law enforcement. https://www.malwarebytes.com/blog/news/2025/04/google-fixes-two-actively-exploited-zero-day-vulnerabilities-in-android Broadcom VMWare Tenzu Updates Broadcom released updates for VMWare Tenzu. Many vulnerabilities affect the backup component and allow for arbitrary command execution. https://support.broadcom.com/web/ecx/security-advisory? Windows 11 April Update ads inetpub directory The April Windows 11 update appears to create a new /inetpub directory. It is unclear why, and removing it appears to have no bad effects. https://www.bleepingcomputer.com/news/microsoft/windows-11-april-update-unexpectedly-creates-new-inetpub-folder/ WhatsApp File Type Confusion/Spoofing WhatsApp patched a file type confusion vulnerability. A victim may be tricked into downloading n https://www.whatsapp.com/security/advisories/2025/ SANS Critical AI Security Guidelines https://www.sans.org/mlp/critical-ai-security-guidelines

Three Buddy Problem - Episode 41: Costin and Juanito join the show from Black Hat Asia in Singapore. We discuss Bunnie Huang's keynote on hardware supply chains and a classification system to establish a grounded perspective on trust in hardware, Ivanti's misdiagnosis of a critical VPN applicance flaw and Mandiant reporting on a Chinese APT exploiting Ivanti devices. Plus, breaking news on the sudden firing of NSA director and head of Cyber Command Tim Haugh. We also discuss Microsoft touting AI's value in finding open-source bootloader bugs, Silent Push report on a RUssian APT impersonating the CIA, a backdoor in a popular Chinese robot dog, and Chinese dominance of the robotics market. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

Sponsor by ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠SEC Playground⁠⁠

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why people studying cyber operations are fascinated by 0days. These are vulnerabilities or exploits that have been found in a system before the vendor or manufacturer is made aware of them and so therefore no fix exists. This episode is also available on Youtube. Show notes

Unfurl Update Released Unfurl released an Update fixing a few bugs and adding support to decode BlueSky URLs. https://isc.sans.edu/diary/Unfurl%20v2025.02%20released/31716 Google Confirms GMail To Ditch SMS Code Authentication Google no longer considers SMS authentication save enough for GMail. Instead, it pushes users to use Passkeys, or QR code based app authentication https://www.forbes.com/sites/daveywinder/2025/02/23/google-confirms-gmail-to-ditch-sms-code-authentication/ Beware of Paypal New Address Feature Abuse Attackers are using "address change" e-mails to send links to phishing sites or trick users into calling fake tech support phone numbers. Attackers are just adding the malicious content as part of the address. The e-mail themselves are legitimate PayPal emails and will pass various spam and phishing filters. https://www.bleepingcomputer.com/news/security/beware-paypal-new-address-feature-abused-to-send-phishing-emails/ Exim SQL Injection Vulnerability Exim, with sqlite support and ETRN enabled, is vulnerable to a simple SQL injection exploit. A PoC has been released https://www.exim.org/static/doc/security/CVE-2025-26794.txt https://github.com/OscarBataille/CVE-2025-26794? XMLlib patches https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 0-Day in Parallels https://jhftss.github.io/Parallels-0-day/

Three Buddy Problem - Episode 30: We discuss French threat-intel Sekoia creating a portal to handle “sovereign disinfections” of the PlugX malware, CISA leadership taking a victory lap using the ‘Secure by Design' pledge as a trophy, the new Biden cybersecurity Executive Order, another Fortinet zero-day, the TikTok ban and Ukrainian hackers targeting Russian companies. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even. Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place. Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/esw-386

When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even. Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place. Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/esw-386

Forecast: CYBER WEATHER ALERT | Volt Typhoon bringing sustained APT activity across the Pacific Rim. Expect persistent perimeter probing with a 100% chance of state-sponsored shenanigans. Pack your EDR umbrella! ‍ This week's episode tackles a disturbing story from Disney World where a terminated employee allegedly hacked into their menu system to alter critical peanut allergy information. We dig into the attack details then don our tin-foil hats to explore the potential real-world consequences of malicious insider threats. We're excited to share Sophos' latest research on Pacific Rim, an extensive investigation into nation-state adversaries targeting edge devices. We hone in on this event through the filter of GreyNoise's analysis of this multi-year APT campaigns, and show you live threat data through the GreyNoise Visualizer to demonstrate the ongoing nature of these attacks. VulnCheck brings us two fascinating pieces - a deep examination of ABB vulnerabilities affecting industrial control systems, and an innovative new command-and-control feature called ShellTunnel in the go-exploit framework. GreyNoise has been especially busy, uncovering zero-day vulnerabilities in live streaming cameras using AI assistance. We'll discuss their technical breakdown of CVE-2024-8956 and CVE-2024-8957, which CISA just added to their Known Exploited Vulnerabilities catalog. The October NoiseLetter is out with the latest threat intelligence insights, and don't miss upcoming events including the Quarterly Roadmap Showcase and a special webinar on discovering zero-days with AI. Storm Watch Homepage >> Learn more about GreyNoise >>  

On this week's show, Patrick Gray and Adam Boileau discuss the week's security news, including: Widely used polyfill javascript gets hijacked by its new owners MacOS supply chain disaster bullet dodged That OpenSSH remote code exec OH MY

In this edition of Between Two Nerds Tom Uren and The Grugq look at the life cycle of 0days, dissect the conventional wisdom and talk about how 0days are never truly ‘burnt'.

iLeakage gives hackers access passwords and sensitive data on iOS and macOS browsers. 0ktapus is "one of the world's most dangerous financial criminal groups" says Microsoft. Apple backs national right-to-repair bill. Pro-Russia hackers exploiting 0-day in Roundcube webmail software. 9 innovative ways to boost security hygiene for Cyber Awareness Month Josh Kuo, Senior Educator and SME in Cyber Security of Infoblox talks about why we need Punycode and how DNS can be a security solution for malicious Punycode. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Josh Kuo Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: lookout.com kolide.com/twiet Miro.com/podcast

iLeakage gives hackers access passwords and sensitive data on iOS and macOS browsers. 0ktapus is "one of the world's most dangerous financial criminal groups" says Microsoft. Apple backs national right-to-repair bill. Pro-Russia hackers exploiting 0-day in Roundcube webmail software. 9 innovative ways to boost security hygiene for Cyber Awareness Month Josh Kuo, Senior Educator and SME in Cyber Security of Infoblox talks about why we need Punycode and how DNS can be a security solution for malicious Punycode. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Josh Kuo Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: lookout.com kolide.com/twiet Miro.com/podcast

iLeakage gives hackers access passwords and sensitive data on iOS and macOS browsers. 0ktapus is "one of the world's most dangerous financial criminal groups" says Microsoft. Apple backs national right-to-repair bill. Pro-Russia hackers exploiting 0-day in Roundcube webmail software. 9 innovative ways to boost security hygiene for Cyber Awareness Month Josh Kuo, Senior Educator and SME in Cyber Security of Infoblox talks about why we need Punycode and how DNS can be a security solution for malicious Punycode. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Josh Kuo Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: lookout.com kolide.com/twiet Miro.com/podcast

iLeakage gives hackers access passwords and sensitive data on iOS and macOS browsers. 0ktapus is "one of the world's most dangerous financial criminal groups" says Microsoft. Apple backs national right-to-repair bill. Pro-Russia hackers exploiting 0-day in Roundcube webmail software. 9 innovative ways to boost security hygiene for Cyber Awareness Month Josh Kuo, Senior Educator and SME in Cyber Security of Infoblox talks about why we need Punycode and how DNS can be a security solution for malicious Punycode. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Josh Kuo Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: lookout.com kolide.com/twiet Miro.com/podcast

Some complex and confusing vulnerabilities as we talk about the recent WebP 0day and the complexities of huffman coding. A data-only exploit to escape a kCTF container, the glibc LPE LOONY_TUNABLES, and a Chrome TurboFan RCE. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/218.html [00:00:00] Introduction [00:00:40] Expanding our exploit reward program to Chrome and Cloud [00:06:10] The WebP 0day - We do somewhat downplay this issue due to the difficulty of exploiting it. But to be clear, it was exploited in the wild on Apple devices, so it exploitable. We're more downplaying the panic that came up around it. It is still a serious issue that should be patched. [00:34:00] Escaping the Google kCTF Container with a Data-Only Exploit [00:44:49] Local Privilege Escalation in the glibc's ld.so [CVE-2023-4911] [01:01:27] Getting RCE in Chrome with incorrect side effect in the JIT compiler [01:08:03] Behind the Shield: Unmasking Scudo's Defenses The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

ON THIS INSTALLMENT…DONATE: PAYPAL.ME/JAPANWUT … Matt discusses reasons why Japan doesn't experience wildfires so much, strapping kids with surveillance tech, and a study that links bowel movements with dementia.Follow Matt: Twitter / Facebook Page / InstagramOfficial Website: matthewpmbigelow.comSHOW NOTES FOR EP. 103NEW PRODUCTOsaka Expo ¥1,000 coins go on sale for low price of ¥13,800SOCIETY 5.0Day care operator in Japan turns to tech to monitor children's health, protect livesG7, Generative AI and the ‘Hiroshima AI process'https://www.g7hiroshima.go.jp/documents/pdf/Leaders_Communique_01_en.pdf (page 28/40)Panasonic Ventures Into India with Automation and Cutting-Edge TechnologyMitsui O.S.K. Lines, Ltd. (MOL) has announced that the second of Japan's first two LNG-fueled ferries, the SunflowerJAMSTEC Picks MOL Group Companies for Key Roles in Arctic Research Vessel Development and OperationWARJapan and U.S. to jointly develop hypersonic missile interceptorAso's 'fight for Taiwan' remark in line with official view, lawmaker saysAso, Tsai Vow to Deepen Japan-Taiwan TiesECONOMYVisitors to Japan Climb 16-Fold in JulyJapan April-June GDP grows 6.0%, fastest since 2020 but outlook murkyJapan in JapanLess frequent bowel movements signal higher risk of dementia: Japan researchersJapan's smoking rates continue to decline for men, women in 2022

Join your favorite hosts, @Eden and @Amitai, on the latest "Crying Out Cloud" rollercoaster

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Russia's FSB uncovers “NSA malware” on iPhones Cl0p mass harvests data from MOVEit file transfer servers ASD discloses a bunch of operations against ISIS, criminals Why China's prepositioning is probably… prepositioning Much, much more This week's show is brought to you by Thinkst Canary. Marco Slaviero is this week's sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Russia says US hacked thousands of Apple phones in spy plot | Reuters Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign Russia wants 2 million phones with home-grown Aurora OS for use by officials Доверенная мобильная среда. Мобильная операционная система «Аврора» — Ростелеком Why China's Latest APT Campaign is Legitimately Worrying War crimes committed through cyberspace must not escape international justice, says Estonian president Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News Australian intelligence's secret hand in bringing down the Bali bombers - ABC News Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive metlstorm: "Great, so now I have to roll i…" - Infosec Exchange Dave Aitel: "@riskybusiness @chort honestly…" - Infosec Exchange Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED Ask Fitis, the Bear: Real Crooks Sign Their Malware – Krebs on Security Wayback Machine Discord Admins Hacked by Malicious Bookmarks – Krebs on Security Google's Android and Chrome extensions are a very sad place. Here's why | Ars Technica How university cybersecurity clinics can help cities fight ransomware | CyberScoop Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly. For any questions and concerns, contact support@atomicwallet.io" / Twitter BrianKrebs: "Russian news outlet Kommersant…" - Infosec Exchange Thinkst

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Russia's FSB uncovers “NSA malware” on iPhones Cl0p mass harvests data from MOVEit file transfer servers ASD discloses a bunch of operations against ISIS, criminals Why China's prepositioning is probably… prepositioning Much, much more This week's show is brought to you by Thinkst Canary. Marco Slaviero is this week's sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Russia says US hacked thousands of Apple phones in spy plot | Reuters Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign Russia wants 2 million phones with home-grown Aurora OS for use by officials Доверенная мобильная среда. Мобильная операционная система «Аврора» — Ростелеком Why China's Latest APT Campaign is Legitimately Worrying War crimes committed through cyberspace must not escape international justice, says Estonian president Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News Australian intelligence's secret hand in bringing down the Bali bombers - ABC News Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive metlstorm: "Great, so now I have to roll i…" - Infosec Exchange Dave Aitel: "@riskybusiness @chort honestly…" - Infosec Exchange Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED Ask Fitis, the Bear: Real Crooks Sign Their Malware – Krebs on Security Wayback Machine Discord Admins Hacked by Malicious Bookmarks – Krebs on Security Google's Android and Chrome extensions are a very sad place. Here's why | Ars Technica How university cybersecurity clinics can help cities fight ransomware | CyberScoop Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly. For any questions and concerns, contact support@atomicwallet.io" / Twitter BrianKrebs: "Russian news outlet Kommersant…" - Infosec Exchange Thinkst

In today's podcast we cover four crucial cyber and technology topics, including: 1.        Microsoft flaw abused to deliver Nokoyawa ransomware 2.        NPM service interrupted by criminal abuse 3.        Samsung use of ChatGPT exposes data 4.        North Korea linked to 3CX attack  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Things Stopping You From Making $10,000Your significant other Rich people don't pick mates based on geneticsYou believe you don't deserve to get to $10,000 in 10 daysYou love the Lord but don't believe in the LordYou just ain't thinking about this whole conversationYou're thinking about everything else but making $10,000 in 10 daysWe respect our obstacles instead of going through themYour desire to win must be greater than the obstacles Ten Days to $10,000Day 1 = $1200Day 2 = $455Day 3 = $10Day 4 = $95Day 5 = $2500Day 6 = $720Day 7 = $147Day 8 = $4873Day 9 = $0Day 10 = $0The reason we don't make this money everyday is because your ego won't let you be TimothyIn order to get this money, you have to take the spotlight off yourselfYou've got to point to and talk about PaulSupport this podcast at — https://redcircle.com/the-secret-to-success/exclusive-contentAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow itpro.tv/securitynow promo code SN30 tanium.com/twit

Josh and Kurt talk about the Google Project Zero blog post about 0day vulnerabilities in 2021. There were a lot more than ever before, but why? Part of the challenge is the whole industry is expanding while a lot of our security technologies are not. When the universe around you is expanding but you're staying the same size, you are actually shrinking. Show Notes Google Project Zero blog post Apple 0days Joint cyber advisory

Josh and Kurt talk about a survey about a TuxCare patch management and vulnerability detection. Sometimes our security bubble makes us forget what it's like in the real world for the people who keep our infrastructure running. Patching isn't always immediate, automation doesn't fix everything, and accepting risk is very important. Show Notes State of Enterprise Vulnerability Detection and Patch Management CISA Known Exploited Vulnerabilities Catalog Google 0days