Avsnitt
-
This episode is a replay from our sister podcast AppSec Unlocked
In today's rapidly evolving cybersecurity landscape, managing vulnerabilities in open-source components has become increasingly complex. While traditional approaches relying solely on CVSS scores have their merits, they may not be sufficient to address the exponential growth in discovered vulnerabilities. A more nuanced and scalable approach is needed, one that considers not only severity but also exploitability and potential impact.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
Saknas det avsnitt?
-
* AI Transcription Tool "Whisper" Creates Fabricated Text, Raising Concerns in Healthcare and Beyond
* Massive UN Data Leak Exposes Personal Information of Violence Against Women Victims
* Mandiant Report: Exploited Vulnerabilities Reach Record Lows in Time to Patch, But Zero-Days on the Rise
* Fake Browser Update Malware Targets WordPress Sites via Malicious Plugins
* Large-Scale Operation Steals Cloud Credentials from Exposed Git Repositories
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Anthropic's New AI Can Interact with Computers, Raising Safety Concerns
* Internet Archive Hit Again: Exposed Tokens Lead to Zendesk Email Breach
* Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor
* Half of Businesses Underestimate SaaS Security Risks, Culture Blamed
* Cyber Skills Gap Widens, Nearly 90% of Businesses Link Breaches to Lack of Expertise
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* North Korean Hackers Target Tech Job Seekers with Fake Interviews and Malware
* Internet Archive Hack Exposes Data of 31 Million Users
* Australian Government Introduces Sweeping Cybersecurity Bill
* Smart TVs: A Privacy Nightmare Fueled by Data Harvesting and Invasive Ads
* iPhone Mirroring at Work Exposes Private App Data to Employers
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Ecovacs Robot Vacuums Collect Home Images for AI Training, Raising Privacy Concerns
* Deepfakes on the Rise: Threatening Trust and Security
* Meta Ray-Ban Glasses Hacked into Real-Time Facial Recognition Tool
* Apple Patches Privacy Bugs in iOS 18: Passwords Read Aloud and Early Voice Message Recording
* Cloudflare Mitigates Record-Breaking 3.8 Tbps DDoS Attack
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* CISA Boss Calls for More Secure Software Development
* NIST Proposes Sweeping Changes to Password Policies: Mandatory Resets and Character Rules Out
* Critical Vulnerability Found in Nvidia Container Toolkit
* Remote Code Execution Flaw Found in CUPS Printing System (Limited Impact)
* Privacy Group Claims Mozilla's "Privacy-Preserving" Feature Tracks Users
* ServiceNow Outage Caused by Expired Root Certificate
Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* CISA and FBI Urge Software Makers to Eliminate Cross-Site Scripting Vulnerabilities
* Paying Ransomware Doesn't Guarantee File Recovery, Even With Decryptor
* US Dismantles Chinese Government-Linked Botnet Targeting Hundreds of Thousands of Devices
* Clever 'GitHub Scanner' Campaign Abusing Repos to Push Malware
* Australian Government Suffers Surge in Cyber Attacks, Social Engineering Most Common Tactic
Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Millions of Devices at Risk as Microsoft and Google Disable Insecure Email Login Method
* Cybersecurity Giant Fortinet Confirms Data Breach, Downplays Impact
* New Laws Target Banks, Telcos and Tech Giants in Fight Against Scams
* Online Voucher Scam Targets Sydney Restaurants Using Square POS
* TfL Staff Face In-Person Password Resets After Cyberattack
Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* AI-Powered Voice Cloning Scams on the Rise
* Cyberattack Disrupts Transport for London Services
* Typosquatting Threatens Developers: Malicious Code in GitHub Actions
* New Supply Chain Attack Hijacks Removed PyPI Packages
* White House Aims to Strengthen Internet Routing Security
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Singapore's Consumer Watchdog Fined for Data Breaches, Failed to Secure Consumer Information
* Research Study: What's The Worst Place to Leave Your Secrets
* Critical Infrastructure Under Threat: Zero-Day Vulnerability Exploited to Spread Mirai Botnet
* Banks Under Fire for Inadequate Scam Protection as Victims Suffer
* FIDO Security Token YubiKey 5 Vulnerable to Cloning Attacks
* Critical Vulnerability Found in Airport Security System
Special Thanks to Justin Butterfield for contributing some of the interesting stories for this week’s cyber bites.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Cybersecurity: The Need for a Wake-Up Call
* Digital Banks: Boon for Customers, Target for Scammers?
* ASD Warns of Phishing Emails Targeting Australians
* New Guidance Released on Best Practices for Event Logging and Threat Detection
* Local Networks Exposed: A Flaw in Domain Naming Creates Security Nightmare
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Thousands of Websites Exposed AWS Credentials, Leading to Large-Scale Extortion Campaign
* Mac Users Beware: Microsoft Apps May Have Allowed Hackers to Spy on You
* Ransomware on Track for Record Year Despite Fewer Victims Paying
* FlightAware Data Breach Exposes User Information for Years
* GitHub Actions Exposing Authentication Tokens in Popular Open-Source Projects
Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Background Check Company National Public Data Hit by Massive Data Breach Affecting Nearly 3 Billion People
* Trojan Malware Campaign Hijacks Browsers, Steals Data of Over 300,000 Users (https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign)
* Australian Gold Miner Evolution Hit by Ransomware Attack
* Critical Browser Flaw Exposes Local Networks to Attack via "0.0.0.0"
* Hackers Breaches Educational Security Software Company and Wipes 13,000 students’ iPads and Chromebooks
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Australia to Mandate Ransomware Payment Disclosure
* Hackers Abuse Free Cloudflare Tunnels to deliver Remote Access Trojans
* Stack Exchange Used by Threat Actors to Promote Malicious Open Source Components
* Hackers Poison Software Updates Through ISP Breach
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* New Podcast Aims to Unlock Secrets of Application Security
* SBOMs: A Crucial Tool Hampered by Standardization Issues
* Mysterious Rings and QR Codes: The Emergence of Brushing Scams
* France Battles Cyberespionage Ahead of Olympics
* GitHub's Dark Secret: Deleted Data Never Really Dies
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
The recent CrowdStrike update that led to a global IT outage and the infamous Blue Screen of Death (BSOD) on millions of Windows machines. This incident has brought to light critical lessons in DevSecOps and the importance of Business Continuity Planning (BCP).
Joining me today is a very special guest, Denny Wan who is the Founder of the Reasonable Security Institute, an expert in cybersecurity and risk quantification. We’re going to speak about lessons learned in DevSecOps and BCP and get his thoughts and insights.
A video recording of the interview is also available below.
Show Notes
Denny Wan - https://www.linkedin.com/in/wandenny/
FAIR Institute - https://www.fairinstitute.org/
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Hackers Capitalize on CrowdStrike Outage with Phishing and Malware Attacks
* Massive Data Breach at Australian Prescription Service MediSecure
* 20 Million Domains at Risk from New Email Spoofing Attacks
* Google U-Turns on Third-Party Cookie Phaseout
* North Korean Hacker Poses as IT Worker in Attempted Cyberattack
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
Are there a lot more assumed trust in global cybersecurity vendors that security professionals assess them with less rigor compared to other vendors?
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
This week, we'll be covering five major stories:
1. AT&T's massive data breach affecting 109 million customers
2. Key findings from the 2024 SANS SOC Survey
3. Cloudflare's report on the rapid exploitation of vulnerabilities
4. A new ransomware gang targeting unpatched Veeam software
5. A leaked GitHub token that exposed Python to potential tampering
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com - Visa fler