The 443 - Security Simplified

The Age of AI-Powered Scams

Secplicity — Wed, 06 Nov 2024 15:32:28 -0500

This week on the podcast, we cover a research white paper that details how attackers could use AI to complete an entire money-theft or credential theft-scam from start to finish. Before that, we discus Sophos' 5 year battle with Chinese hackers targeting network devices followed by Microsoft's current battle with password spray attacks through compromised network devices.

The FortiManager RCE Vulnerability

Secplicity — Wed, 06 Nov 2024 15:29:59 -0500

This week on the podcast, we review Fortinet's recently-disclosed remote code execution vulnerability in the FortiManager system that has been under active exploit since at least June. After that, we discuss the SEC's recent action against 4 companies found at fault for misleading security incident disclosure statements.

Taking Down The Whole Internet (Archive)

Secplicity — Wed, 06 Nov 2024 15:29:45 -0500

This week on the podcast, we cover security incident that brought the Internet Archive and all of its services down, including the Way Back Machine. Before that, we discuss a Chinese nation-state backed threat actor that compromised three major American telecommunications providers and may have gained access to the US wiretapping system.

LLMHijacking

Secplicity — Wed, 06 Nov 2024 15:29:32 -0500

This week we cover a research write up on a new technique to monetize stolen AWS credentials. Before that, we discuss a Linux malware variant that went unexposed until just recently and a story about a serial hacker that was caught because of opsec failures.

The CUPS Vulnerability

Secplicity — Wed, 06 Nov 2024 15:29:15 -0500

This week on the podcast, we cover the "9.9/10 severity vulnerability affecting most Linux systems" that a researcher disclosed last week and what it means for Linux systems administrators. We then discuss a research post into Kia's remote control systems that allowed one researcher to compromise any Kia in the last decade by just knowing their license plate number. We end with a new act that was just introduced into the US Senate with a goal to secure the healthcare industry.

How To Deanonymize the TOR Network

Secplicity — Wed, 06 Nov 2024 15:18:24 -0500

This week on the podcast, we discuss how German law enforcement managed to deanonymize and arrest users on the TOR network. After that, we discuss why the US government is trying to ban Chinese-manufactured car hardware. We then end with a cool research article on chaining open redirect and iframe issues into a 1-click vulnerability that grants attackers access to arbitrary Google Docs files.

Kicking EDR Out of the Kernel

Secplicity — Wed, 06 Nov 2024 15:17:58 -0500

This week on the podcast, we discuss Microsoft's recent Windows Endpoint Security Ecosystem Summit and what it means for the future of endpoint security on the Windows platform. After that, we cover a research post on a malware campaign using Google Sheets as a command and control channel before ending with a chat about the US federal government's push to classify cybersecurity as a national service role.

The White House Tackles BGP Security

Secplicity — Mon, 09 Sep 2024 12:50:37 -0400

https://youtu.be/rqJGPKJmbkc This week on the podcast, we discuss guidance published by the US White House Office of the National Cyber Director that lays out a roadmap for addressing key security concerns in the BGP routing protocol. Before that, we cover a security research post from Jfrog detailing a new python package hijacking method under active exploitation as well as an analysis of the Microsoft Windows Wi-Fi driver remote code execution vulnerability patched last June.

Are TP-Link’s Days Numbered?

Secplicity — Mon, 26 Aug 2024 17:57:15 -0400

https://youtu.be/jVSMBcT3GnI This week on the podcast, we cover the National Public Data breach that may have leaked every American's social security number. After that, we discuss research from TALOS on how attackers can abuse Microsoft applications on macOS to gain access to your camera and microphone. We end the episode by discussing recent research on how attackers are attempting to evade Endpoint Detection and Response (EDR) tools.

Leaking Every American’s SSN

Secplicity — Mon, 19 Aug 2024 19:19:33 -0400

https://youtu.be/wft_hpC-_Wo This week on the podcast, we cover the National Public Data breach that may have leaked every American's social security number. After that, we discuss research from TALOS on how attackers can abuse Microsoft applications on macOS to gain access to your camera and microphone. We end the episode by discussing recent research on how attackers are attempting to evade Endpoint Detection and Response (EDR) tools.

Summer Camp 2024 Recap

Secplicity — Mon, 12 Aug 2024 19:54:49 -0400

https://youtu.be/0jX-2UYlf8Q This week on the podcast, we round out our takeaways from the Black Hat and Def Con security conferences in Las Vegas. We go through 4 talks across both conferences that were especially interesting either for nostalgia or modern impact.

BlackHat 2024 Day 2 Recap

Secplicity — Fri, 09 Aug 2024 21:56:32 -0400

https://youtu.be/4IWdQ249z_M On this episode of the podcast, we have another recap from the BlackHat security conference in Las Vegas. This time we discuss a new initiative to protect the world from deepfakes, followed by a penetration testing engagement that proved immutable backups doesn't always mean available backups.

BlackHat 2024 Day 1 Recap

Secplicity — Thu, 08 Aug 2024 16:04:44 -0400

https://youtu.be/cEiPjW_STUU On this episode of the podcast, we cover our two favorite briefings from the first day at the Black Hat security conference. We start with our thoughts on "shadow resources" in cloud environments before giving an update to last week's episode with additional research into AI-as-a-Service attacks.

Stay Tuned for Hacker Summer Camp Recaps

Secplicity — Tue, 06 Aug 2024 15:36:59 -0400

https://youtu.be/PTm87MQS-Z8 This week we will be attending Hacker Summer camp in Las Vegas. We will be publishing a recap each day focusing on our key takeaways.

CrowdStrike’s Incident Report

Secplicity — Mon, 29 Jul 2024 04:00:24 -0400

https://youtu.be/AMwgW11DT1c This week on the episode, we walk through CrowdStrike's preliminary post incident report to understand exactly what happened during the July 19th outage and what all software vendors can learn from the event. After that, we cover a clever plot that lead to KnowBe4 hiring a North Korean threat actor. We end with some research from Wiz on Artificial Intelligence tenant isolation.

Global Security Outage

Secplicity — Fri, 19 Jul 2024 22:15:27 -0400

https://youtu.be/NgggZ_3ZBGg In this daily security byte with WatchGuard CSO, Corey Nachreiner, he explains the recent Global IT outage cause by a CrowdStrike update. We also follow-up on RockYou and the RockYou2024 data dump of 10 billion records

Blast RADIUS

Secplicity — Mon, 15 Jul 2024 12:34:35 -0400

https://youtu.be/wozYlHlPPmE This week on the podcast we discover the newly-disclosed protocol vulnerability in certain RADIUS implementations. Before that, we give an update on the continued fallout from the Snowflake customer databreaches including a new disclosure from AT&T. We also discuss a blog post from JFrog that details how they saved the world from what could have been the worst supply chain attack in history.

OpenSSH regreSSHion Vulnerability

Secplicity — Tue, 02 Jul 2024 13:23:35 -0400

https://youtu.be/p_zv9TEIZO0 This week on the podcast, we cover OpenSSH's recent critical vulnerability and what it means for systems administrators. Before that, we discuss the CDK Global ransomware attack impacting car dealerships across the us, a Korean internet service provider delivering malware to their customers, and a takeover of a popular JavaScript library gone hostile.

Snowflake Breach Campaign

Secplicity — Mon, 24 Jun 2024 04:00:29 -0400

https://youtu.be/Pxh2VhwkHrE This week on the podcast we doscuss two issues from this month's Microsoft patch tuesday that deserve your attention. After that we discuss the recent data theft campain targeting Snowflake customers that has impacted over 100 organizations. We end the episode with an update on the hackers behind the MGM and Caesar's Entertainment breaches last year.

Q1 2024 Internet Security Report

Secplicity — Mon, 17 Jun 2024 16:34:31 -0400

https://youtu.be/jE2m_BO_yyY This week on the podcast we cover the WatchGuard Threat Lab's Internet Security Report from Q1. In this episode, we discuss the latest trends in malware detections at the network and the endpoint, network attack trends, and malicious domains that targeted WatchGuard customers around the world.