iPhone’s Latest 0-Day
maŋit 16 diimmut
39:01https://youtu.be/UwuG1U1fZhE This week on the podcast, we cover Microsoft's final report on their July incident involving nation-state actors compromising enterprise email accounts. After that, we discuss a zero-day, zero-click vulnerability in iOS being actively exploited in the wild before ending with a chat about an upcoming change to how Android handles CA certificates.
The Qakbot Takedown
52:01https://youtu.be/NLO0DYuTZp4 This week on the podcast, we cover the FBI-lead, multinational takedown of the Qakbot botnet of over 700,000 victim devices. After that, we cover two android malware variants including one targeting victims in southeast Asia and another built by the Russian GRU.
Missa inte ett avsnitt av “The 443 - Security Simplified” och prenumerera på det i GetPodcast-appen.
28:02https://youtu.be/BVbVwm0dMgg This week on the podcast we cover the latest evolutions of the North Korean threat actor Lazarus before covering an actively-exploited 0day vulnerability in the popular unarchiver WinRAR. We end the episode with an AI-related attack that doesn't actually use AI.
U.S. Cyber Trust Mark
52:33https://youtu.be/Drx3kF3sllQ This week on the podcast we cover the FCC's proposal for a security assurance labeling program for IoT devices. Before that, we discuss the latest AI research challenge hosted by DARPA as well as some research into a novel attack against the AI/ML supply chain.
Def Con 2023 Recap
53:09https://youtu.be/LldPfSZY0uU On this week's episode, we chat about some of our favorite talks from this year's Def Con security conference. We'll cover several topics including artificial intelligence, hacking mobile point of sale devices, and how worried we should or shouldn't be about cyber warfare.
BlackHat 2023 Recap
58:12https://youtu.be/ltW3DQVrZ28 In this special end-of-week episode of The 443, we cover some of our favorite talks from this year's edition of the BlackHat cybersecurity conference in Las Vegas. We'll discuss the trends we saw and summaries of interesting topics including AI, nation state warfare, and improving cyber defense.
What Is Same-Origin Policy? Replay
40:25https://youtu.be/Gfvg7dywu8A This week we look back to an episode that originally aired in May 2021 where we remember a Def Con legend then dive in to two web browsing security acronyms. Keep an eye out later this week as we come to you from this year's Black Hat and Def Con cybersecurity conferences!
35:50https://youtu.be/FZKalGbK90A This week on the podcast, we cover the latest evolutions of the decade-old Qakbot malware including changes in how attackers deliver it. After that, we give an update on the SEC's new rules around mandatory security disclosure. We then end by reviewing CISA's analysis of Risk and Vulnerability Assessments they completed for their constituents in 2022.
Red Teaming AI Systems
36:57https://youtu.be/GzZkXckK3Nk This week on the podcast, we give an update on last week's discussion around a China-based APT targeting government organizations. After that, we cover the latest uses of generative AI like ChatGPT by malicious hackers. Finally, we end with a report from Google on their efforts around Red Teaming Artificial Intelligence systems.
New Microsoft Office 0-Day
32:36https://youtu.be/I-RjOTEJwZ0 This week on the podcast we cover two stories that came out of Microsoft's July Patch Tuesday. The first involves an incident within Microsoft that lead to foreign cybercriminals compromising the email accounts of multiple government agencies. The second story involves an actively exploited 0-day vulnerability in Office that at the time of recording, remains unpatched.