Podcast appearances and mentions of dustin childs

Dustin Childs, Head of Threat Awareness at Trend Micro Zero Day Initiative, joins to discuss their work on "ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains." The research explores two critical vulnerabilities (ZDI-23-1527 and ZDI-23-1528) that could have enabled attackers to hijack the Microsoft PC Manager supply chain via overly permissive SAS tokens in WinGet and official Microsoft domains. While the issues have since been resolved, the findings highlight how misconfigured cloud storage access can put trusted software distribution at risk. The post also includes detection strategies to help defenders identify and mitigate similar threats. The research can be found here: ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains Learn more about your ad choices. Visit megaphone.fm/adchoices

Dustin Childs, Head of Threat Awareness at Trend Micro Zero Day Initiative, joins to discuss their work on "ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains." The research explores two critical vulnerabilities (ZDI-23-1527 and ZDI-23-1528) that could have enabled attackers to hijack the Microsoft PC Manager supply chain via overly permissive SAS tokens in WinGet and official Microsoft domains. While the issues have since been resolved, the findings highlight how misconfigured cloud storage access can put trusted software distribution at risk. The post also includes detection strategies to help defenders identify and mitigate similar threats. The research can be found here: ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of the mnemonic security podcast, Robby is joined by Dustin Childs, Head of Threat Awareness at Trend Micro's Zero Day Initiative (ZDI). Dustin explains the ZDI's role in purchasing and analysing vulnerabilities to provide early protection for customers and how zero days – previously unknown vulnerabilities – become "n-days" once disclosed or patched.The conversation highlights the critical importance of timely patching, the risks posed by bad patches, and the concept of virtual patching as a defence strategy. Dustin also delves into attack surface monitoring, the evolving threat landscape, and the ongoing challenges of balancing security and usability in modern networks.Send us a text

We've probably all felt the slight annoyance at prompts we receive to update our devices. But these updates deliver vital patches to our software, protecting us from bad actors. Governments around the world are increasingly interested in monitoring when dangerous bugs are discovered as a means to protect citizens. But would such regulation have the intended effect? In season 2, episode 5 of Patching the System, we focus on the international system of bringing peace and security online. In this episode, we look at how software vulnerabilities are discovered and reported, what government regulators can and can't do, and the strength of a coordinated disclosure process, among other solutions.  Our participants are: Dustin Childs, Head of Threat Awareness at the Zero Day Initiative at Trend Micro Serge Droz from the Forum of Incident Response and Security Teams (FIRST) Ali Wyne, Eurasia Group Senior Analyst (moderator) GZERO's special podcast series “Patching the System,” produced in partnership with Microsoft as part of the award-winning Global Stage series, highlights the work of the Cybersecurity Tech Accord, a public commitment from over 150 global technology companies dedicated to creating a safer cyber world for all of us.

We've probably all felt the slight annoyance at prompts we receive to update our devices. But these updates deliver vital patches to our software, protecting us from bad actors. Governments around the world are increasingly interested in monitoring when dangerous bugs are discovered as a means to protect citizens. But would such regulation have the intended effect? In season 2, episode 5 of Patching the System, we focus on the international system of bringing peace and security online. In this episode, we look at how software vulnerabilities are discovered and reported, what government regulators can and can't do, and the strength of a coordinated disclosure process, among other solutions.  Our participants are: Dustin Childs, Head of Threat Awareness at the Zero Day Initiative at Trend Micro Serge Droz from the Forum of Incident Response and Security Teams (FIRST) Ali Wyne, Eurasia Group Senior Analyst (moderator) GZERO's special podcast series “Patching the System,” produced in partnership with Microsoft as part of the award-winning Global Stage series, highlights the work of the Cybersecurity Tech Accord, a public commitment from over 150 global technology companies dedicated to creating a safer cyber world for all of us. Subscribe to the GZERO World with Ian Bremmer Podcast on Apple Podcasts, Spotify, or your preferred podcast platform, to receive new episodes as soon as they're published.

Decades ago, patching was, to lean into a corny joke, a bit patchy.  In the late 90s, the Microsoft operating system (OS) Windows 98 had a supportive piece of software that would find security patches for the OS so that users could then download those patches and deploy them to their computers. That software was simply called Windows Update.  But Windows Update had two big problems. One, it had to be installed by a user—if a user was unaware of Windows Update, then they were also likely unaware of the patches that should be deployed to Windows. Two, Windows Update did not scale well because corporations that were running hundreds of instances of Windows had to install every update and they had to uninstall any patches issued by Microsoft that may have broken existing functionality. That time-sink proved to be a real obstacle for systems administrators because, back in the late 90s, patches weren't scheduled. They came when they were needed, and that could be whenever Microsoft learned about a vulnerability that needed to be addressed. Without a schedule, companies were left to react to patches, rather than plan for them.  So, from the late 90s to the early 2000s, Microsoft standardized its patching process. Patches would be released on the second Tuesday of each month. In 2003, Microsoft formalized this process with Patch Tuesday.  Around the same time, the United States National Infrastructure Advisory Council began researching a way to communicate the severity of discovered software vulnerabilities. What they came up with in 2005 was the Common Vulnerability Scoring System, or CVSS. CVSS, which is still used today, is a formula that people rely on to assign a score from 1 to 10, 10 being the highest, to determine the severity of a vulnerability. Patch Tuesday and CVSS are good examples of what happens when people come together to fix a problem with patching.  But as we discuss in today's episode of the Lock and Code podcast with host David Ruiz, patches—both in effectiveness and education—are backsliding. Companies are becoming more tight-lipped about what their patches do, leaving businesses in the dark about what a patch addresses and whether it is actually critical to their own systems.  Our guest Dustin Childs, head of threat awareness for Trend Micro Zero Day Initiative (ZDI), explains the consequences of such an ecosystem.  "If you're not getting the right information about a vulnerability or a group of vulnerabilities, you might spend your resources elsewhere and that vulnerability that you didn't think was important becomes very important to you, or you're spending all of your time and, and energy on." Tune in today.  Show notes and credits: Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 4.0 License http://creativecommons.org/licenses/by/4.0/ Outro Music: “Good God” by Wowa (unminus.com)

Josh and Kurt talk to Dustin Childs about the recent ZDI Black Hat talk where they discovered the current trend of security patches not actually fixing the security problem. We talk about what this problem means. Why is it happening, and what ZDI is doing to try nudge the industry in the right direction. Show Notes Dustin Childs ZDI Sloppy Software Patches Are a ‘Disturbing Trend' Zero Day Initiative launches new bug disclosure timelines ISO 28147

Dustin Childs, senior communications manager at Zero Day Initiative, joins the podcast to discuss Microsoft's Patch Tuesday security updates for July 2022. 

Dustin Childs, senior communications manager at Zero Day Initiative, joins the podcast to over the June 2022 Patch Tuesday security release. 

Space network for iPhones, cyberattacks on MSPs, 15 years of Pwn2Own. Thousands of popular websites see what you type before you hit submit Log4Shell exploit threatens enterprise data lakes, AI poisoning Top 6 security threats targeting remote workers Is Apple planning to launch a secret space network for iPhones? NSA warns managed service providers are now prime targets for cyberattacks Trend Micro's Zero Day Initiative communications manager Dustin Childs talks about the evolution of Pwn2Own as 2022 marks the 15th anniversary of the security contest Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Dustin Childs Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: itpro.tv/enterprise use code ENTERPRISE30 CDW.com/IntelClient bitwarden.com/twit

Space network for iPhones, cyberattacks on MSPs, 15 years of Pwn2Own. Thousands of popular websites see what you type before you hit submit Log4Shell exploit threatens enterprise data lakes, AI poisoning Top 6 security threats targeting remote workers Is Apple planning to launch a secret space network for iPhones? NSA warns managed service providers are now prime targets for cyberattacks Trend Micro's Zero Day Initiative communications manager Dustin Childs talks about the evolution of Pwn2Own as 2022 marks the 15th anniversary of the security contest Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Dustin Childs Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: itpro.tv/enterprise use code ENTERPRISE30 CDW.com/IntelClient bitwarden.com/twit

Space network for iPhones, cyberattacks on MSPs, 15 years of Pwn2Own. Thousands of popular websites see what you type before you hit submit Log4Shell exploit threatens enterprise data lakes, AI poisoning Top 6 security threats targeting remote workers Is Apple planning to launch a secret space network for iPhones? NSA warns managed service providers are now prime targets for cyberattacks Trend Micro's Zero Day Initiative communications manager Dustin Childs talks about the evolution of Pwn2Own as 2022 marks the 15th anniversary of the security contest Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Dustin Childs Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: itpro.tv/enterprise use code ENTERPRISE30 CDW.com/IntelClient bitwarden.com/twit

Space network for iPhones, cyberattacks on MSPs, 15 years of Pwn2Own. Thousands of popular websites see what you type before you hit submit Log4Shell exploit threatens enterprise data lakes, AI poisoning Top 6 security threats targeting remote workers Is Apple planning to launch a secret space network for iPhones? NSA warns managed service providers are now prime targets for cyberattacks Trend Micro's Zero Day Initiative communications manager Dustin Childs talks about the evolution of Pwn2Own as 2022 marks the 15th anniversary of the security contest Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Dustin Childs Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: itpro.tv/enterprise use code ENTERPRISE30 CDW.com/IntelClient bitwarden.com/twit

Dustin Childs, senior communications manager at Zero Day Initiative, joins the podcast to discuss Microsoft's May 2022 monthly security patches. 

Dustin Childs, senior communications manager at Zero Day Initiative, joins the podcast to discuss the April 2022 Patch Tuesday releases. 

Dustin Childs, senior communications manager at Zero Day Initiative, joins the podcast to go over this month's Patch Tuesday. 

Dustin Childs, senior communications manager at Zero Day Initiative, joins the podcast to talk about Microsoft's security updates for February 2022. 

Podcast: Aperture: A Claroty PodcastEpisode: ZDI's Dustin Childs on Pwn2Own MiamiPub date: 2021-11-15Dustin Childs of the Zero Day Initiative (ZDI) joins Claroty's Aperture podcast to discuss the upcoming Pwn2Own Miami hacking contest. This is the only hacking contest focused on finding zero-day vulnerabilities in industrial control systems (ICS) and operational technology (OT), and it will be held during the S4 conference in January. Childs is a veteran of the security industry and Pwn2Own, which is 16 years old. Pwn2Own Miami will be the second such event with an ICS focus. Researchers will compete for a prize pool over more than $300,000; four technology categories are in scope at this year's event: control servers, OPC servers, data gateways, and HMIs. Childs explains Pwn2Own Miami's hybrid approach that will allow competitors to enter either virtually or on-site, how Pwn2Own works, and what the disclosure process is like with affected vendors once a zero-day is demonstrated. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Dustin Childs of the Zero Day Initiative (ZDI) joins Claroty's Aperture podcast to discuss the upcoming Pwn2Own Miami hacking contest. This is the only hacking contest focused on finding zero-day vulnerabilities in industrial control systems (ICS) and operational technology (OT), and it will be held during the S4 conference in January. Childs is a veteran of the security industry and Pwn2Own, which is 16 years old. Pwn2Own Miami will be the second such event with an ICS focus. Researchers will compete for a prize pool over more than $300,000; four technology categories are in scope at this year's event: control servers, OPC servers, data gateways, and HMIs. Childs explains Pwn2Own Miami's hybrid approach that will allow competitors to enter either virtually or on-site, how Pwn2Own works, and what the disclosure process is like with affected vendors once a zero-day is demonstrated. 

The FBI's fake encrypted honeypot phones are showing up online. Microsoft releases emergency patch for 'PrintNightmare' vulnerability. FTC charges Broadcom with illegal monopolization. Minimum broadband speeds are likely too low. Dozens of Chinese phone games now require facial scans to play at night. Biden's right-to-repair order could stop companies from blocking DIY fixes. Dustin Childs, Communications Manager of ZDI at TrendMicro, talks about TrendMicro's Zero Day Initiative. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Dustin Childs Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Endava Podcast - Tech Reimagined business.eset.com/twit Bitwarden.com/twit

The FBI's fake encrypted honeypot phones are showing up online. Microsoft releases emergency patch for 'PrintNightmare' vulnerability. FTC charges Broadcom with illegal monopolization. Minimum broadband speeds are likely too low. Dozens of Chinese phone games now require facial scans to play at night. Biden's right-to-repair order could stop companies from blocking DIY fixes. Dustin Childs, Communications Manager of ZDI at TrendMicro, talks about TrendMicro's Zero Day Initiative. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Dustin Childs Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Endava Podcast - Tech Reimagined business.eset.com/twit Bitwarden.com/twit

The FBI's fake encrypted honeypot phones are showing up online. Microsoft releases emergency patch for 'PrintNightmare' vulnerability. FTC charges Broadcom with illegal monopolization. Minimum broadband speeds are likely too low. Dozens of Chinese phone games now require facial scans to play at night. Biden's right-to-repair order could stop companies from blocking DIY fixes. Dustin Childs, Communications Manager of ZDI at TrendMicro, talks about TrendMicro's Zero Day Initiative. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Dustin Childs Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Endava Podcast - Tech Reimagined business.eset.com/twit Bitwarden.com/twit

The FBI's fake encrypted honeypot phones are showing up online. Microsoft releases emergency patch for 'PrintNightmare' vulnerability. FTC charges Broadcom with illegal monopolization. Minimum broadband speeds are likely too low. Dozens of Chinese phone games now require facial scans to play at night. Biden's right-to-repair order could stop companies from blocking DIY fixes. Dustin Childs, Communications Manager of ZDI at TrendMicro, talks about TrendMicro's Zero Day Initiative. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Dustin Childs Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Endava Podcast - Tech Reimagined business.eset.com/twit Bitwarden.com/twit

The FBI's fake encrypted honeypot phones are showing up online. Microsoft releases emergency patch for 'PrintNightmare' vulnerability. FTC charges Broadcom with illegal monopolization. Minimum broadband speeds are likely too low. Dozens of Chinese phone games now require facial scans to play at night. Biden's right-to-repair order could stop companies from blocking DIY fixes. Dustin Childs, Communications Manager of ZDI at TrendMicro, talks about TrendMicro's Zero Day Initiative. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Dustin Childs Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Endava Podcast - Tech Reimagined business.eset.com/twit Bitwarden.com/twit

The FBI's fake encrypted honeypot phones are showing up online. Microsoft releases emergency patch for 'PrintNightmare' vulnerability. FTC charges Broadcom with illegal monopolization. Minimum broadband speeds are likely too low. Dozens of Chinese phone games now require facial scans to play at night. Biden's right-to-repair order could stop companies from blocking DIY fixes. Dustin Childs, Communications Manager of ZDI at TrendMicro, talks about TrendMicro's Zero Day Initiative. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Dustin Childs Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Endava Podcast - Tech Reimagined business.eset.com/twit Bitwarden.com/twit

The FBI's fake encrypted honeypot phones are showing up online. Microsoft releases emergency patch for 'PrintNightmare' vulnerability. FTC charges Broadcom with illegal monopolization. Minimum broadband speeds are likely too low. Dozens of Chinese phone games now require facial scans to play at night. Biden's right-to-repair order could stop companies from blocking DIY fixes. Dustin Childs, Communications Manager of ZDI at TrendMicro, talks about TrendMicro's Zero Day Initiative. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Dustin Childs Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Endava Podcast - Tech Reimagined business.eset.com/twit Bitwarden.com/twit

The FBI's fake encrypted honeypot phones are showing up online. Microsoft releases emergency patch for 'PrintNightmare' vulnerability. FTC charges Broadcom with illegal monopolization. Minimum broadband speeds are likely too low. Dozens of Chinese phone games now require facial scans to play at night. Biden's right-to-repair order could stop companies from blocking DIY fixes. Dustin Childs, Communications Manager of ZDI at TrendMicro, talks about TrendMicro's Zero Day Initiative. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Dustin Childs Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Endava Podcast - Tech Reimagined business.eset.com/twit Bitwarden.com/twit