The Top Exploited Vulnerabilities of 2023

This week on the podcast, we cover the first ever UEFI bootkit targeting Linux systems and what it means for evasive malware. After that, we give an update on whats being called "the worst telecom hack in US history" before ending with our analysis of a research post showing the latest phishing evasion techniques for malicious office documents.

This week on the podcast, we look back to our 2024 security predictions that we made last year and grade ourselves on how well we saw the future. We cover everything from AI deep-fake phishing to VR headset hacking!

This week on the podcast, we review CISA's most recent report on the top routinely exploited vulnerabilities from the last year. Before that, we cover North Korea's latest malware evasion testing followed by a report on a different evasion technique that abuses concatenated ZIP archives.

This week on the podcast, we cover a research white paper that details how attackers could use AI to complete an entire money-theft or credential theft-scam from start to finish. Before that, we discus Sophos' 5 year battle with Chinese hackers targeting network devices followed by Microsoft's current battle with password spray attacks through compromised network devices.

This week on the podcast, we review Fortinet's recently-disclosed remote code execution vulnerability in the FortiManager system that has been under active exploit since at least June. After that, we discuss the SEC's recent action against 4 companies found at fault for misleading security incident disclosure statements.

This week on the podcast, we cover security incident that brought the Internet Archive and all of its services down, including the Way Back Machine. Before that, we discuss a Chinese nation-state backed threat actor that compromised three major American telecommunications providers and may have gained access to the US wiretapping system.

This week we cover a research write up on a new technique to monetize stolen AWS credentials. Before that, we discuss a Linux malware variant that went unexposed until just recently and a story about a serial hacker that was caught because of opsec failures.

This week on the podcast, we cover the "9.9/10 severity vulnerability affecting most Linux systems" that a researcher disclosed last week and what it means for Linux systems administrators. We then discuss a research post into Kia's remote control systems that allowed one researcher to compromise any Kia in the last decade by just knowing their license plate number. We end with a new act that was just introduced into the US Senate with a goal to secure the healthcare industry.

This week on the podcast, we discuss how German law enforcement managed to deanonymize and arrest users on the TOR network. After that, we discuss why the US government is trying to ban Chinese-manufactured car hardware. We then end with a cool research article on chaining open redirect and iframe issues into a 1-click vulnerability that grants attackers access to arbitrary Google Docs files.

This week on the podcast, we discuss Microsoft's recent Windows Endpoint Security Ecosystem Summit and what it means for the future of endpoint security on the Windows platform. After that, we cover a research post on a malware campaign using Google Sheets as a command and control channel before ending with a chat about the US federal government's push to classify cybersecurity as a national service role.