The 443 - Security Simplified

You Wouldn't Download a Shipment - The 443 Podcast - Episode 369

Mon, 04 May 2026 08:04:43 -0700

This week on the podcast, we discuss a recent warning from the FBI about hacking leading to stolen shipments. Before that, we cover the Vercel software supply chain incident before discussing the Vect Ransomware-as-a-service turned accidental wiper.

Cybersecurity in LATAM: SMB Risks, AI, and Regional Realities with Paul Harris - The 443 Podcast - Episode 368

Tue, 28 Apr 2026 12:07:44 -0700

This week on the podcast, Marc and Corey sit down with Paul Harris, CEO of BGLA and Futurity Corp at WatchGuard's Impact Partner Conference in Tulum, to explore the evolving cybersecurity landscape across Latin America. Paul shares his journey from early days in cybersecurity to leading organizations in the region, while breaking down the biggest concerns facing LATAM SMBs today. The conversation also covers how AI is reshaping cybersecurity, the challenges of securing partners across diverse markets, and practical advice for business leaders looking to stay ahead of cyber risk in LATAM.

A RedSun Rises - The 443 Podcast - Episode 367

Mon, 20 Apr 2026 08:46:04 -0700

This week on the podcast we discuss RedSun, the latest researcher-disclosed zero-day in Microsoft Windows. After that, we chat about a Europol-lead takedown of DDoS-for-hire services before ending with our thoughts on Microsoft's latest RDP security updates.

Project Glasswing - The 443 Podcast - Episode 366

Wed, 15 Apr 2026 08:53:10 -0700

This week on the podcast, we discuss Anthropic's Project Glasswing and what the Claude Mythos announcement means to cybersecurity. After that, we cover FrostArmada, a campaign from a Russian GRU-backed threat actor that has compromised tens of thousands of home networking routers. Finally we end with a chat about Google Chrome 146's new feature to protect against session hijacking.

Claude Code Accidently Goes Open-Source - The 443 Podcast - Episode 365

Tue, 07 Apr 2026 08:29:42 -0700

This week on the podcast, we cover the accidental Claude Code source code leak and what it means for users and the wider ecosystem. After that, we discuss the Axios supply chain compromise impacting users of a JavaScript library with over 100 million weekly downloads. We end with our thoughts on Browser Gate, the name given to allegations that Microsoft is illegally harvesting LinkedIn customer data for a competitive advantage.

The US Ban on Foreign Routers - The 443 Podcast - Episode 364

Mon, 30 Mar 2026 08:54:04 -0700

This week on the podcast, we discuss the US government's ban on foreign-manufactured consumer routers and its likely impact. After that, we cover a research post from Huntress on a recent phishing campaign leveraging OAuth Device Authentication flows to retain long-term access to compromised accounts. We end with a review of key takeaways from Google's Cloud Threat Horizons report for H1 2026.

Cybersecurity Analyst & Investigations Lead, Kristen Yang - The 443 Podcast - Episode 363

Mon, 23 Mar 2026 10:14:16 -0700

In this episode, Corey Nachreiner interviews WatchGuard Cybersecurity Analyst and Threat Emulation & Investigations Lead, Kristen Yang, about the path into cybersecurity, the evolution from threat hunting to leading investigations, and the realities of defending against modern attacks. They explore today’s threat landscape, incident response mistakes, red teaming lessons, MITRE ATT&CK, AI in security, and the skills analysts need most, plus a rapid-fire round to close things out.

Stryker's Network Disruption - The 443 Podcast - Episode 362

Mon, 16 Mar 2026 09:45:00 -0700

This week on the podcast, we cover the cyber attack that managed to wipe more than 200,000 resources off of the medical technology giant Syryker's network. After that, we review a research post on a good chrome extension gone bad. We end by discussing a recent Microsoft threat intelligence post on how North Korean-backed threat actors have operationalize AI for job scams.

Hackerbot-Claw Crosses the Line - The 443 Podcast - Episode 361

Mon, 09 Mar 2026 11:10:05 -0700

This week on the podcast, we chat about an OpenClaw bot that moved beyond vulnerability research and into malicious activity. Before that, we cover an AI-discovered vulnerability in the pac4j-jwt authentication library before ending with a discussion on an upcoming California law designed to help make age verification in the digital age easier, but with massive consequences.

Cisco's SD-WAN 0-Day - The 443 Podcast - Episode 360

Mon, 02 Mar 2026 11:40:03 -0800

This week on the podcast, we discuss the recently disclosed and patched 0-Day vulnerability in Cisco's Catalyst SD-WAN Controller which has been under active exploit for 3 years. After that, we cover the latest open source supply chain attack involving a self-propagating worm targeting AI tools. We end with a discussion about another social engineering campaign targeting job hunters in the software development world.

WatchGuard's Internet Security Report 2025 H2 - The 443 Podcast - Episode 359

Mon, 23 Feb 2026 09:26:09 -0800

This week on the podcast, we cover the WatchGuard Threat Lab's Internet Security Report for the second half of 2025. In this episode, we cover the latest trends for malware at both the network perimeter and endpoint, network attacks, and the top malicious domains from the period before ending with some tips everyone can use to defend their networks.

OpenClaw as a Security Threat

Tue, 17 Feb 2026 14:30:29 -0800

This week on the podcast, we discuss OpenClaw, the open source chatbot that has exploded in popularity since launching late last year, and some of the risk it introduces to organizations. Before that, we chat about Ring's Super Bowl advertisement that caused a stir before ending with a Google Threat Intelligence Group report on advanced threat actor AI usage.

Moltbook Data Exposure

Mon, 09 Feb 2026 11:43:42 -0800

This week on the podcast, we cover a recent supply chain compromise involving the popular text editor Notepad++. After that, we discuss a recent vulnerability report in the Moltbook AI social network before ending with a deep-dive review of a recent remote code execution vulnerability in the N8N automation platform.

ChatGPT Oopsies Series of Information

Tue, 03 Feb 2026 12:37:49 -0800

This week on the podcast, we cover a Politico report detailing a security lapse at CISA in the United States involving sensitive data and a public version of ChatGPT. Following that, we dive into a couple of vulnerabilities recently resolved in the SolarWinds Web Help Desk application. Finally, we end with some closure on a story about two Coalfire penetration testers who were arrested several years ago for completing a penetration test in Iowa.

Uncovering A Mass VPN Phishing Campaign - The 443 Podcast - Episode 355

Tue, 20 Jan 2026 12:51:32 -0800

This week on the podcast, we cover some first-hand research from the WatchGuard Threat Lab on a phishing campaign targeting users of nearly every major VPN vendor. After that, we discuss two recently resolved vulnerabilities in the Fortinet FortiSIEM application, then end with research from Varonis on a new attack flow against Copilot called RePrompt.

React2Shell - The 443 Podcast - Episode 352

Mon, 12 Jan 2026 11:18:46 -0800

This week on the podcast, we discuss the recently disclosed React2Shell vulnerability affecting a wide array of web applications. Before that, we review a new phishing campaign that uses a newly coined ConsentFix technique before discussing a security misstep from Home Depot.

The Botnet that Topped Cloudlfare's Domain Charts - The 443 Podcast - Episode 354

Mon, 12 Jan 2026 10:59:03 -0800

This week on the podcast, we cover the Kimwolf botnet, a collection of compromised IOT devices that at one point grew so large that it's command and control domain beat out Google.com as the most popular domain on the internet. After that, we discuss yet another devious take on ClickFix style phishing before ending with coverage from Cisco TALOS on another threat actor targeting edge networking equipment.

2025 Ends With a Bang - The 443 Podcast - Episode 353

Mon, 22 Dec 2025 10:49:05 -0800

This week on the podcast, we cover a wave of attacks against network edge equipment and internet-exposed systems including an update on the recently patched Firebox 0-Day. After that, we cover two stories on browser extensions siphoning off data and making unwanted modifications to victim’s web browsing activity.

WatchGuard's 2026 Cybersecurity Predictions - The 443 Podcast Episode 351

Mon, 08 Dec 2025 13:44:09 -0800

This week on the podcast, we go through all six of our cybersecurity predictions for 2026. For each prediction, we'll discuss the trends behind them, why we think they'll hit next year, and some takeaways for people and organizations on how to react to them in the coming year.

OWASP Top 10 2025 Edition - The 443 Podcast - Episode 350

Mon, 24 Nov 2025 10:38:39 -0800

This week on the podcast, we cover OWASP’s update to the top 10 web application security weaknesses and its changes from the 2021 list. We also cover a recently uncovered adversary-in-the-middle campaign that’s pushing malicious software updates to targeted systems. We conclude with our opinions on Microsoft’s latest AI features, which are coming to Windows.

2025 Security Predictions Recap - 443 Podcast - Episode 349

Tue, 18 Nov 2025 11:54:43 -0800

This week on the podcast, we review our 2025 security predictions and grade ourselves on our accuracy. We recap all 6 predictions for 2025 from multi-modal AI being used to create entire attack chains to the CISO role becoming the least desirable role in business, and follow up on this year's news to see if they hit or not.

October Ransomware Update - The 443 Podcast - Episode 348

Thu, 30 Oct 2025 10:47:41 -0700

This week on the podcast, we have our resident ransomware expert, Ryan Estes, on to give an update on the latest in the ransomware ecosystem. We cover a few recent changes to operators, extortion techniques, and business impact from ransomware attacks in recent months.

What's Going On at Salesforce? - The 443 Podcast - Episode 347

Mon, 13 Oct 2025 10:33:03 -0700

This week on the podcast, we discuss the wave of extortion attacks targeting companies that use Salesforce. After that, we discuss Discord's breach involving their customer support application. Finally, we dive deep into the recent Oracle E-Business Suite zero day vulnerability and how attackers chained together multiple low-severity findings into a critical issue.

An AI/ML Deep Dive with Luke Wolcott - The 443 Podcast - Episode 346

Mon, 06 Oct 2025 09:03:53 -0700

This week on the podcast, we bring on WatchGuard's head of MDR data science Luke Wolcott to discuss the evolution of machine learning and artificial intelligence in cybersecurity. We dive into the differences in common (and uncommon) machine learning models, the pros and cons of supervised vs unsupervised learning, and why some of the coolest things happening in AI aren't the ones you hear about in the news.

How GitHub Plans to Fix the Supply Chain - The 443 Podcast - Episode 345

Mon, 29 Sep 2025 08:16:30 -0700

This week on the podcast, we discuss Cisco's recent zero-day vulnerabilities before covering a Microsoft Threat Intelligence post on a phishing campaign that abuses SVG files. After that, we review GitHub's proposed changes for securing the open source software supply chain.

One Token to Rule Them All - The 443 Podcast - Episode 344

Mon, 22 Sep 2025 10:00:32 -0700

This week on the podcast, we cover a vulnerability in Entra ID that could have allowed attackers to gain Global Admin access to any and all Entra ID tenants. After that, we discuss the Shai Hulud NPM worm that ran rampant over the last week, infecting hundreds of packages. Finally, we end with a quick reminder to WatchGuard Firebox customers to update their devices to the latest firmware to resolve CVE-2025-9242z

Should Microsoft Be More Accountable for Security?

Mon, 15 Sep 2025 00:00:00 -0700

This week on the podcast, we cover a massive software supply chain compromise involving widely-used NPM packages. After that we discuss an increase in social engineering attacks called ClickFix. Finally, we end with a discussion of Senator Wyden's recent letter to the FTC demanding Microsoft being held accountable for "gross cybersecurity negligence" and whether his claims have any merit.

Does Security Training Work?

Mon, 08 Sep 2025 13:38:07 -0700

This week on the podcast, we discuss a recently published research study from UC San Diego on the effectiveness on security awareness training on phishing prevention. After that, we discuss a security researcher's work on identifying vulnerabilities in four separate employee webapps at Intel. Finally, we end with our analysis of a Ponemon Institute research report called The State of File Security.

The 2025 Cost of a Breach Report

Mon, 25 Aug 2025 09:02:14 -0700

This week on the podcast, we discuss key findings from IBM and the Ponemon Institute's 2025 Cost of a Breach Report, including a deep analysis of AI impacts in cybersecurity. Before that, we cover Norway's claim that Russian-aligned hackers opened a floodgate in one of their dams. We also discuss a vulnerability in Microsoft 365 Copilot that allowed the AI to delete its own audit logs.

Is Zero Trust a Total Bust?

Mon, 18 Aug 2025 10:14:45 -0700

This week on the podcast, we discuss key findings from a DefCon presentation from researchers at AmberWolf titled ZeroTrust, Total Bust and what it means for Zero Trust Network Access. After that, we review a new vulnerability in the FortiWeb WAF before ending with a quick update from Google Project Zero on a new vulnerability disclosure policy.

What We Know About the Sonicwall SSLVPN Attacks

Tue, 12 Aug 2025 10:15:18 -0700

This week on the podcast, we discuss some recent research into a new zero day vulnerability in the popular WinRAR utility under active exploit. After that, we give a round up on everything we know about the SonicWall SSLVPN attacks from the last few weeks before ending with a review of a new ChatGPT vulnerability.

Clorox vs Cognizant

Mon, 04 Aug 2025 00:00:00 -0700

This week, we discuss the SharePoint ToolShell vulnerabilities that recently received an out-of-cycle patch from Microsoft. After that, we cover some research into a Chrome and Edge extension malware campaign that impacted 2.3 million victims. Finally, we end by discussing a lawsuit from Clorox against their offshore helpdesk provider Cognizant stemming from a security incident 2 years ago.

Outing Chinese Semiconductor Cyber Spies

Mon, 21 Jul 2025 12:37:54 -0700

This week on the podcast, Corey Nachreiner and guest host, Ryan Estes, from WatchGuard’s malware analysis team, cover the cybersecurity news for last week. We chat about AI-based site cloaking tools on the underground, how Domain Tools found potentially unwanted executables hiding in DNS TXT records, and a Chinese state-sponsored set of targeted phishing campaigns going after the Taiwanese semiconductor industry and its supply chain. Join us to learn more and discuss how we can protect ourselves from similar threats.

Exploring Endpoint Threats with WatchGuard’s Q1 2025 Internet Security Report.

Mon, 14 Jul 2025 00:00:00 -0700

This week on the podcast, Corey Nachreiner and guest host, Ryan Estes, from WatchGuard’s malware analysis team, explore WatchGuard’s recently released Q1 Internet Security Report (ISR). As always with the ISR, we highlight the top malware, network attacks, and malicious domains that our products see, but with our guest host, the author of the Endpoint section, we dive much deeper into all the threats arriving a our customers’ endpoint. Listen in for the latest threat landscape trends and some practical tips to stay safe from the most recent threats.

Rewind: Microsoft Kernel Shift, GPT-4o Threats, and Scattered Spider Update

Mon, 07 Jul 2025 14:57:39 -0700

First, we look back at Microsoft’s major shift to remove endpoint protection from the Windows kernel. When we first covered it, it was a proposed change—now it's happening, and the implications are big.

Next, we revisit a segment on GPT-4o and how generative AI is fueling the next wave of social engineering attacks. It's smarter, faster, and more convincing than ever.

And finally, a refresher on the arrest of a Scattered Spider leader. While that made headlines, the group's activity hasn’t slowed down, they're still very much on the radar, as we discussed just last week.

Lessons From The M&S Breach

Mon, 30 Jun 2025 14:00:02 -0700

This week, we discuss a phishing technique that uses a powerful and risky Microsoft 365 configuration setting. After that, we round up everything we know about the Marks & Spencer breach from April and the lessons that all MSPs can learn from it. After that, we quickly cover a new series of vulnerabilities in a popular Bluetooth chipset that could let attackers gain full control over your headphones.

Social Engineering an LLM

Wed, 11 Jun 2025 11:17:06 -0700

This week on the podcast, we cover a recent blog post from Google's Threat Intelligence Group on a financially motiviated threat actor's latest techniques for stealing data. After that, we dive into the Model Context Protocol (MPC) that organizations have been rapidly adopting to add functionality to their AI deployments and all of the security risks that it introduces.

AI Applications in Cybersecurity with Adam Winston

Tue, 03 Jun 2025 13:05:55 -0700

This week on the podcast, recent guest Adam Winston hops back on to continue our discussion on Artificial Intelligence in cybersecurity. This week, we focus on how attackers are using AI, what to worry about and what not to lose sleep over, and guidance for evaluating AI for use within your own organization.

Signal and TeleMessage

Mon, 26 May 2025 00:00:00 -0700

This week on the podcast, we cover Coinbase's recent filing with the SEC that described an insider threat event that lead to a ransomware extortion. After that, we discuss dive in to Signal and other secure messaging apps, how they protect communications, and how other apps can undermine those protections.

2025 Ransomware Update with Ryan Estes

Mon, 19 May 2025 00:00:00 -0700

This week on the podcast, we bring on Ryan Estes from the WatchGuard Threat Lab to discuss the latest trends in ransomware operations. Ryan is an expert in ransomware analysis and currently owns the data behind WatchGuard's public Ransomware Tracker on the WatchGuard Security Center.

AI and Compliance with Adam Winston

Tue, 29 Apr 2025 14:38:30 -0700

This week on the podcast, we bring in Adam Winston, former CSO of ActZero and current Field CTO for Managed Services at WatchGuard to discuss automating the SOC with AI. We cover the history of AI in SecOps, the good and bad applications of AI and Machine Learning, what the future looks like, and how compliance might impact our ability to get there.

The CVE Near-Death Experience

Mon, 21 Apr 2025 14:30:15 -0700

This week on the podcast, we discuss how the CVE program was granted an 11th hour temporary reprieve after the program's steward, MITRE, originally announced their contract had not been renewed. After that, we cover the recent cyberattack against 4chan that took it offline and resulted in leaked moderator information and source code. We end with a quick discussion on a post-exploitation technique being used in the wild against Fortinet FortiGate devices.

Revoking Security Clearances as Punishment

Tue, 15 Apr 2025 13:12:02 -0700

This week on the podcast, we discuss a recent White House executive order that revoked the security clearances of former CISA chief Christopher Krebs as well as all other employees at SentinelOne and the implications that brings to our industry. Before that, we give a quick update on the Oracle Cloud breach from a few weeks back that Oracle has finally confirmed. We end with our thoughts on a few Microsoft Windows AI features that just launched in early preview and how they might impact data privacy and security.

Lucid, the Phishing-as-a-Service Platform

Mon, 07 Apr 2025 07:53:04 -0700

This week on the podcast, we discuss a recent threat intelligence report on the Chinese Phishing-as-a-Service platform Lucid. Before that, we cover the alleged Oracle Cloud breach before reviewing the Singapore Shared Responsibility Framework, designed to combat financial scams.

Github Actions Supply Chain Attacks

Mon, 31 Mar 2025 08:06:22 -0700

This week, we discuss a recent cascading supply chain attack involving multiple Github actions workflows that nearly succeeded in compromising a popular Coinbase application. Before that, we discuss a novel way to download malware onto an endpoint by abusing a web browser's caching feature. Additionally, we cover an FBI alert on file converter malware scams.

Polymorphic Extensions

Mon, 24 Mar 2025 00:05:00 -0700

This week on the podcast, we discuss a research post by SquareX that invents a new way to impersonate any extension installed on a victim's web browser. Before that, we cover the latest supply chain attack attempts from Lazarus, as well as a malvertising campaign that managed to infect 1 million endpoints.

Silk Typhoon is Targeting MSPs

Mon, 17 Mar 2025 09:23:27 -0700

This week on the podcast, we discuss a recent update from Microsoft's Threat Intelligence Center describing the latest tactics from Silk Typhoon, a Chinese nation state threat actor focusing in espionage. Before that, we cover the recent 0day vulnerabilities in VMware ESXi, Workstation and Fusion. We also analyze a report by S-RM on an Akira ransomware attack that leveraged IoT devices to hide from EDR tools.

ByBit Says Bye to $1.4 billion

Mon, 03 Mar 2025 00:00:00 -0800

This week on the podcast, we cover the largest cryptocurrency heist ever (for now). Before that, we cover Apple's decision to disable Advanced Data Protection (ADP) for its UK customers. We end the episode with a review of Wiz's State of Code Security report for 2025.

The Elonephant in the Room

Mon, 17 Feb 2025 16:39:00 -0800

This week on the podcast, we cover a video game that delivered malware through the Steam marketplace before diving into an analysis of a recent Palo Alto authentication bypass vulnerability. We end the podcast by covering the recent activity from the Department of Government Efficiency (DOGE) and the security impact to US federal agencies.

A Drop in Ransomware Payments

Mon, 10 Feb 2025 00:00:00 -0800

This week on the podcast, we cover a recent report that highlights a drop in ransomware payments in 2024. After that, we discuss a recent attack targeting ASP.NET web servers before ending with a report on sensitive data leakage caused by AI model use.

Is CVSS Irreparably Flawed?

Mon, 03 Feb 2025 00:00:00 -0800

This week on the podcast, we discuss the Common Vulnerability Scoring System or CVSS and why one popular developer thinks its completely broken. After that, we cover Lumen's Black Lotus Labs' research into a Juniper backdoor malware. We end with the latest car hacking research and an admin portal with possibly the worst MFA implementation ever.

McHacking

Mon, 13 Jan 2025 07:36:04 -0800

This week on the podcast, we cover security researcher Eaton Zveare's recent blog post on a trove of vulnerabilities they found in McDonalds India's McDelivery web application. Before that, we give an update on Salt Typhoon's latest US government victim and discus an attack involving hijacked Google Chrome extensions.

Our 2025 Security Predictions

Mon, 16 Dec 2024 00:00:00 -0800

This week on the podcast, we dive in to the WatchGuard Threat Lab's 2025 security predictions. We'll cover each of the predictions and explain the trends that drove us to making them for the coming year.

BootKitty Bootkit

Wed, 04 Dec 2024 10:49:51 -0800

This week on the podcast, we cover the first ever UEFI bootkit targeting Linux systems and what it means for evasive malware. After that, we give an update on whats being called "the worst telecom hack in US history" before ending with our analysis of a research post showing the latest phishing evasion techniques for malicious office documents.

Grading our 2024 Security Predictions

Mon, 25 Nov 2024 00:00:00 -0800

This week on the podcast, we look back to our 2024 security predictions that we made last year and grade ourselves on how well we saw the future. We cover everything from AI deep-fake phishing to VR headset hacking!

The Top Exploited Vulnerabilities of 2023

Tue, 19 Nov 2024 11:07:55 -0800

This week on the podcast, we review CISA's most recent report on the top routinely exploited vulnerabilities from the last year. Before that, we cover North Korea's latest malware evasion testing followed by a report on a different evasion technique that abuses concatenated ZIP archives.

The Age of AI-Powered Scams

Tue, 05 Nov 2024 15:40:41 -0800

This week on the podcast, we cover a research white paper that details how attackers could use AI to complete an entire money-theft or credential theft-scam from start to finish. Before that, we discus Sophos' 5 year battle with Chinese hackers targeting network devices followed by Microsoft's current battle with password spray attacks through compromised network devices.

The FortiManager RCE Vulnerability

Tue, 29 Oct 2024 10:41:50 -0700

This week on the podcast, we review Fortinet's recently-disclosed remote code execution vulnerability in the FortiManager system that has been under active exploit since at least June. After that, we discuss the SEC's recent action against 4 companies found at fault for misleading security incident disclosure statements.

Taking Down The Whole Internet (Archive)

Tue, 15 Oct 2024 15:31:29 -0700

This week on the podcast, we cover security incident that brought the Internet Archive and all of its services down, including the Way Back Machine. Before that, we discuss a Chinese nation-state backed threat actor that compromised three major American telecommunications providers and may have gained access to the US wiretapping system.

LLMHijacking

Tue, 08 Oct 2024 10:47:40 -0700

This week we cover a research write up on a new technique to monetize stolen AWS credentials. Before that, we discuss a Linux malware variant that went unexposed until just recently and a story about a serial hacker that was caught because of opsec failures.

The CUPS Vulnerability

Fri, 27 Sep 2024 16:03:34 -0700

This week on the podcast, we cover the "9.9/10 severity vulnerability affecting most Linux systems" that a researcher disclosed last week and what it means for Linux systems administrators. We then discuss a research post into Kia's remote control systems that allowed one researcher to compromise any Kia in the last decade by just knowing their license plate number. We end with a new act that was just introduced into the US Senate with a goal to secure the healthcare industry.

How To Deanonymize the TOR Network

Tue, 24 Sep 2024 09:12:51 -0700

This week on the podcast, we discuss how German law enforcement managed to deanonymize and arrest users on the TOR network. After that, we discuss why the US government is trying to ban Chinese-manufactured car hardware. We then end with a cool research article on chaining open redirect and iframe issues into a 1-click vulnerability that grants attackers access to arbitrary Google Docs files.

Kicking EDR Out of the Kernel

Mon, 16 Sep 2024 10:41:16 -0700

This week on the podcast, we discuss Microsoft's recent Windows Endpoint Security Ecosystem Summit and what it means for the future of endpoint security on the Windows platform. After that, we cover a research post on a malware campaign using Google Sheets as a command and control channel before ending with a chat about the US federal government's push to classify cybersecurity as a national service role.

The White House Tackles BGP Security

Mon, 09 Sep 2024 09:57:10 -0700

This week on the podcast, we discuss guidance published by the US White House Office of the National Cyber Director that lays out a roadmap for addressing key security concerns in the BGP routing protocol. Before that, we cover a security research post from Jfrog detailing a new python package hijacking method under active exploitation as well as an analysis of the Microsoft Windows Wi-Fi driver remote code execution vulnerability patched last June.

Are TP-Link's Days Numbered?

Mon, 26 Aug 2024 14:59:35 -0700

This week on the podcast, we discuss the US government's push to investigate the risks that TP-Link network devices introduce to national security. Before that, we give an update on the NPD data breach from last week as well as the threat actor behind it. We also discuss an ongoing cyber incident at the Port of Seattle.

Leaking Every American's SSN

Mon, 19 Aug 2024 14:31:21 -0700

This week on the podcast, we cover the National Public Data breach that may have leaked every American's social security number. After that, we discuss research from TALOS on how attackers can abuse Microsoft applications on macOS to gain access to your camera and microphone. We end the episode by discussing recent research on how attackers are attempting to evade Endpoint Detection and Response (EDR) tools.

Hacker Summer Camp 2024 Recap

Mon, 12 Aug 2024 16:58:25 -0700

This week on the podcast, we round out our takeaways from the Black Hat and Def Con security conferences in Las Vegas. We go through 4 talks across both conferences that were especially interesting either for nostalgia or modern impact.

BlackHat 2024 Day 2 Recap

Fri, 09 Aug 2024 18:57:37 -0700

On this episode of the podcast, we have another recap from the BlackHat security conference in Las Vegas. This time we discuss a new initiative to protect the world from deepfakes, followed by a penetration testing engagement that proved immutable backups doesn't always mean available backups.

BlackHat 2024 Day 1 Recap

Thu, 08 Aug 2024 13:09:03 -0700

On this episode of the podcast, we cover our two favorite briefings from the first day at the Black Hat security conference. We start with our thoughts on "shadow resources" in cloud environments before giving an update to last week's episode with additional research into AI-as-a-Service attacks.

Stay Tuned for Hacker Summer Camp Recaps

Tue, 06 Aug 2024 12:36:00 -0700

https://youtu.be/PTm87MQS-Z8 This week we will be attending Hacker Summer camp in Las Vegas. We will be publishing a recap each day focusing on our key takeaways.

CrowdStrike's Incident Report

Fri, 26 Jul 2024 09:57:08 -0700

This week on the episode, we walk through CrowdStrike's preliminary post incident report to understand exactly what happened during the July 19th outage and what all software vendors can learn from the event. After that, we cover a clever plot that lead to KnowBe4 hiring a North Korean threat actor. We end with some research from Wiz on Artificial Intelligence tenant isolation.

Global Security Outage

Fri, 19 Jul 2024 19:34:13 -0700

In this daily security byte with WatchGuard CSO, Corey Nachreiner, he explains the recent Global IT outage cause by a CrowdStrike update. We also follow-up on RockYou and the RockYou2024 data dump of 10 billion records.

Blast RADIUS

Mon, 15 Jul 2024 09:46:18 -0700

This week on the podcast we discover the newly-disclosed protocol vulnerability in certain RADIUS implementations. Before that, we give an update on the continued fallout from the Snowflake customer databreaches including a new disclosure from AT&T. We also discuss a blog post from JFrog that details how they saved the world from what could have been the worst supply chain attack in history.

OpenSSH regreSSHion Vulnerability

Tue, 02 Jul 2024 10:37:03 -0700

This week on the podcast, we cover OpenSSH's recent critical vulnerability and what it means for systems administrators. Before that, we discuss the CDK Global ransomware attack impacting car dealerships across the us, a Korean internet service provider delivering malware to their customers, and a takeover of a popular JavaScript library gone hostile.

Snowflake Breach Campaign

Fri, 21 Jun 2024 13:27:33 -0700

This week on the podcast we doscuss two issues from this month's Microsoft patch tuesday that deserve your attention. After that we discuss the recent data theft campain targeting Snowflake customers that has impacted over 100 organizations. We end the episode with an update on the hackers behind the MGM and Caesar's Entertainment breaches last year.

Q1 2024 Internet Security Report

Mon, 17 Jun 2024 13:38:43 -0700

This week on the podcast we cover the WatchGuard Threat Lab's Internet Security Report from Q1. In this episode, we discuss the latest trends in malware detections at the network and the endpoint, network attack trends, and malicious domains that targeted WatchGuard customers around the world.

Recall Windows Recall

Tue, 04 Jun 2024 15:23:56 -0700

This week on the podcast, we discuss a new Microsoft Windows feature that is shaping up to be a security nightmare. Before that, we discuss a new research initiative from the Advanced Research Projects Agency for Health (ARPA-H) that could make big improvements in healthcare cybersecurity.

SSID Confusion Attacks

Mon, 20 May 2024 09:37:48 -0700

This week on the podcast, we cover a newly disclosed weakness in the 802.11 Wi-Fi standard that affects common enterprise Wi-Fi deployments. Before that, we discuss CISA's Secure by Design Pledge for technology vendors before ending with a Microsoft research post on Quick Assist social engineering.

The 443 Podcast - Episode 291 - Picking Secure Technologies

Tue, 14 May 2024 17:53:15 -0700

This week on the podcast, we cover guidance from CISA and its international partners that guides organizations on the right questions to ask during the technology procurement process to make sure the products they buy are secure. Before that, we cover Microsoft's research into a common vulnerability impacting over 4 billion Android application installations followed by a discussion on the Tunnel Vision VPN vulnerability.

The 443 - Kraken Edition

Wed, 08 May 2024 08:08:18 -0700

The 2024 Verizon DBIR

Mon, 06 May 2024 08:56:38 -0700

This week on the podcast, we cover the key takeaways from the 2024 Verizon Data Breach Investigations Report. Before that, we discuss what we learned from United Healthcare CEO Andrew Witty's congressional testimony on their ransomware attack in February. We also discuss a research article from JFrog on malicious Docker Hub repositories.

The 443 Podcast - Episode 288 - Cisco ArcaneDoor Attack

Fri, 03 May 2024 08:50:07 -0700

This week on the podcast, we cover a nation-state backed attack against Cisco ASA appliances which Cisco TALOS themselves have dubbed "ArcaneDoor." After that, we discuss a phishing tookit being used to target LastPass users before ending with a new way to deliver malware payloads using legitimate services.

The 443 Podcast - Episode 287 - Ending Session Hijacking

Fri, 03 May 2024 08:47:38 -0700

This week on the podcast, we cover a Google initiative to kill off session hijacking attacks once and for all. Before that, we give an analysis of CVE-2023-3400, the Palo Alto zero-day vulnerability currently under active exploit. Additionally, we discuss a recent white paper from CISA on securely deploying artificial intelligence systems.

The 443 Podcast - Episode 286 - BatBadBut What?

Fri, 03 May 2024 08:45:02 -0700

This week on the podcast, we cover a research post describing a code injection vulnerability caused by how nearly every high-level programming language runs on Windows. We also discuss a series of vulnerabilities in LG televisions that allow remote attackers to root the device before ending with a chat about new adversarial tactics for delivering malware via GitHub.

The 443 Podcast - Episode 285 - A Postmortem of Microsoft's Security Incident

Fri, 03 May 2024 08:32:55 -0700

This week on the podcast, we cover a report from the Department of Homeland Security's Cyber Safety Review Board that analyzes Microsoft's Exchange Online 2023 security incident in excruciating detail. Before that, we cover CISA's new rules around cyber incident reporting and an unsealed indictment against 7 Chinese nationals.

The 443 Podcast - Episode 284 - A Bad Month for Software Supply Chains

Fri, 03 May 2024 08:29:42 -0700

This week on the podcast, we cover a software supply chain attack years in the making that was days away from a devastating global impact. After that, we cover Facebook's Project Ghostbusters and its impact on user privacy before ending with another software supply chain attack that successfully compromised developers in the gaming world.

The 443 Podcast - Episode 283 - Trucking Worms

Fri, 03 May 2024 08:27:07 -0700

This week on the podcast we discuss a vulnerability in required commercial truck hardware that could enable an automatically propagating worm across the entire US. Before that, we cover Apple's "un-patchable" vulnerability in their M-series processors as well as a vulnerability that could let attackers unlock hotel room doors at will.

Cisco ArcaneDoor Attack

Mon, 29 Apr 2024 01:00:00 -0700

https://youtu.be/GnxViRW1A24 This week on the podcast, we cover a nation-state backed attack against Cisco ASA appliances which Cisco TALOS themselves have dubbed "ArcaneDoor." After that, we discuss a phishing tookit being used to target LastPass users before ending with a new way to deliver malware payloads using legitimate services.

BatBadBut What?

Mon, 15 Apr 2024 01:00:00 -0700

https://youtu.be/3fX7LRXi74I This week on the podcast, we cover a research post that describes a code injection vulnerability caused by the way nearly every high level programming language runs on Windows. We also discuss a series of vulnerabilities in LG televisions that allow remote attackers to root the device before ending with a chat about new adversarial tactics for delivering malware via GitHub.

Bad Month for Software Supply Chains

Mon, 01 Apr 2024 15:49:00 -0700

https://youtu.be/0860ZmM1vgE This week on the podcast, we cover a software supply chain attack years in the making that was days away from a devastating global impact. After that, we cover Facebook's Project Ghostbusters and its impact on user privacy before ending with another software supply chain attack that successfully compromised developers in the gaming world.

Trucking Worms

Mon, 25 Mar 2024 18:08:00 -0700

https://youtu.be/VqFnomsJzdA This week on the podcast we discuss a vulnerability in required commercial truck hardware that could enable an automatically propagating worm across the entire US. Before that, we cover Apple's "un-patchable" vulnerability in their M-series processors as well as a vulnerability that could let attackers unlock hotel room doors at will.

The 443 Podcast - Episode 279 - Could a Toothbrush Botnet Happen?

Wed, 20 Mar 2024 14:20:37 -0700

This week on the podcast, we cover a recent news post about an army of 3 million compromised toothbrushes taking down a Swiss website, causing millions in damages. After that, we discuss the United States DOJ's latest botnet takedown, this time targeting Volt Typhoon. We end the episode by walking through a CISA joint-publication giving guidance on how to defend against Living-of-the-Land (LotL) attacks.

The 443 Podcast - Episode 280 - Flipping Out Over Flipper Zero

Wed, 20 Mar 2024 14:19:53 -0700

This week on the podcast we cover Canada's attempt to ban the Flipper Zero. Before that, we review a recent research post on a new class of vulnerability on the Ubuntu operating system. We end the episode with a chat bout a the impacts of artificial intelligence on data security.

The 443 Podcast - Episode 281 - Locking Up LockBit

Wed, 20 Mar 2024 14:15:34 -0700

This week on the podcast, we cover an international law enforcement takedown of the LokBit ransomware group's infrastructure. After that, we cover a novel malware delivery vector involving an IoT "toy." We end the podcast by covering the latest White House Executive Order addressing cybersecurity in critical infrastructure.

The 443 Podcast - Episode 282 - A Wild Month in Ransomware

Tue, 19 Mar 2024 12:20:32 -0700

https://youtu.be/iYM3y85hEkM

A Wild Month in Ransomware

Mon, 11 Mar 2024 09:34:00 -0700

https://youtu.be/iYM3y85hEkM This week on the podcast, we're joined by Ryan Estes, a member of WatchGuard's Zero-Trust Application Service classification team and resident ransomware expert to discuss the wild month in ransomware news. We start the episode with a story about a fake ransomware operator that scammed cybercriminals out of tens of thousands of dollars before discussing two major Ransomware-as-a-Service operators that have had a pretty rough couple of weeks.

Locking Up LockBit

Mon, 26 Feb 2024 01:00:00 -0800

https://youtu.be/GaX_8NOoq7w This week on the podcast, we cover an international law enforcement takedown of the LokBit ransomware group's infrastructure. After that, we cover a novel malware delivery vector involving an IoT "toy." We end the podcast by covering the latest White House Executive Order addressing cybersecurity in critical infrastructure.

Flipping Out Over Flipper Zero

Tue, 20 Feb 2024 12:04:00 -0800

https://youtu.be/3SY1sDF-BA0 This week on the podcast we cover Canada's attempt to ban the Flipper Zero. Before that, we review a recent research post on a new class of vulnerability on the Ubuntu operating system. We end the episode with a chat bout a the impacts of artificial intelligence on data security. Menlo Report on Business AI Usage - https://info.menlosecurity.com/rs/281-OWV-899/images/How-employee-usage-of-generative-AI-is-impacting-security-posture.pdf?version=5

Could a Toothbrush Botnet Happen?

Mon, 12 Feb 2024 01:00:00 -0800

https://youtu.be/VfKlq6DisLY This week on the podcast, we cover a recent news post about an army of 3 million compromised toothbrushes taking down a Swiss website, causing millions in damages. After that, we discuss the United States DOJ's latest botnet takedown, this time targeting Volt Typhoon. We end the episode by walking through a CISA joint-publication giving guidance on how to defend against Living-of-the-Land (LotL) attacks

A Door in Apple’s Walled Garden

Mon, 05 Feb 2024 01:00:00 -0800

https://youtu.be/MY4TpiL76gY This week on the podcast, we cover Apple's recent announcement describing how they will comply with the European Union's new Digital Markets Act and what that means for the iPhone walled garden. Before that, we cover a databreach at Mercedez-Benze thanks to an alternative authentication method. Additionally, we cover the roundup of vulnerabilities in Ivanti's remote Policy Secure and Connect Secure products and how organizations should respond.

A Blizzard of Threats

Mon, 29 Jan 2024 01:00:00 -0800

https://youtu.be/fdAjMPAV6CM This week on the podcast, we cover two "Blizzard" threat actors targeting governments and private organizations. We also give an update to the SEC's compromised Twitter/X Account, and then end with a discussion of an EU program designed to improve their citizen's privacy while browsing the internet.

Androxgh0st Analysis

Mon, 22 Jan 2024 01:00:00 -0800

https://youtu.be/jG3mwjCLpJQ This week on the podcast, we review a CISA and FBI joint advisory on the Androxgh0st malware. Before that we cover recent Volt Typhoon activity targeting SMB routers exposed on the internet. We end the episode with a fun research blog post about a series of flaws in an Indian insurance provider.

NIST Tackles Adversarial AI

Tue, 16 Jan 2024 08:06:00 -0800

https://youtu.be/3E_Ei9hgNzA This week on the podcast, we review NIST's new publication that defines a taxonomy for how we talk about Adversarial Machine Learning. Before that, we cover a recent discovery of threat actors retaining access to Google accounts even through a password reset. We round out the episode with an account compromise that lead to a surge in Bitcoin price before finishing with a discussion of Living-off-Trusted Sites (LoTS) attacks that leverage GitHub.

RIPE for the Taking

Mon, 08 Jan 2024 01:00:00 -0800

https://youtu.be/VK1QoxLP16Y This week, we cover a password compromise that lead to a mobile telco in Spain losing control of their IP address space. We also give a quick update on the Lapsus$ ringleader's court case before discussing a recently discovered macOS backdoor malware that evades most endpoint protection. We end the episode by covering Microsoft's research into a malware installation method that bypasses many security protections.

Hacking the Crypto Supply Chain

Tue, 19 Dec 2023 14:19:00 -0800

https://youtu.be/YZLayuDJyyk This week on the podcast, we cover a supply chain attack against one of the largest hardware cryptocurrency wallet manufacturers. After that, we discuss the latest Apache Struts vulnerability under active exploit by threat actors. We end the episode with our thoughts on a research blog post about a set of threat actors using an old school attack against modern targets.

Bluetooth Busted

Wed, 13 Dec 2023 14:32:00 -0800

https://youtu.be/sbc2U4WYrng This week on the podcast, we cover a new unauthenticated keystroke injection vulnerability in the Bluetooth implementation on nearly every type of device. After that we discuss Logofail, a suite of vulnerabilities in most UEFI boot implementations that could let threat actors easily hide their tracks. We end by covering a recent CISA advisory on Adobe ColdFusion exploits in the wild.

Our 2024 Security Predictions

Mon, 04 Dec 2023 13:10:00 -0800

https://youtu.be/BHsow5qnmHw This week on the podcast we discuss our cybersecurity predictions for 2024. We'll cover each of the 6 predictions for the coming year including the trends behind them and how to protect your organization if they come true!

Grading our 2023 Security Predictions

Mon, 27 Nov 2023 01:00:00 -0800

https://youtu.be/Eai8tYnU2I0 This week on the podcast, we look back to our 2023 security predictions and grade ourselves on how well we were able to see the future. We'll go through each of our 6 predictions, explain the trends that fueled them, and then provide either evidence that they came true or discuss reasons why they may not have yet.

What to Expect from NIS2

Mon, 20 Nov 2023 08:31:00 -0800

https://youtu.be/RrKozKuhhcw This week on the podcast, we dive in to the EU's Network and Information Security directive update, aka NIS2. We'll cover who might be impacted and what to expect in terms of requirements in the coming year. Before that, we give an update to on the latest Scattered Spider threat actor activity followed by an update on LockBit's latest ransomware victims.

Combined Cyber and Kinetic Warfare

Mon, 13 Nov 2023 01:00:00 -0800

https://youtu.be/GaTUPZ2RMK0 This week on the podcast, we cover an analysis from Mandiant on an attack lead by the Russian state-sponsored threat actor Sandworm that came alongside missiles strikes against Ukraine. Before that, we review Okta's post mortum from their recent cyber incident. We end the episode by discussing udpated research from Jamf on a North Korean threat actor targeting the financial sector.

The White House Tackles AI

Mon, 06 Nov 2023 09:50:00 -0800

https://youtu.be/67SMv6JtJbc This week on the podcast we cover an Executive Order from the US White House on the topic of Artificial Intelligence. After that, we discuss the latest CISO that has found themselves in hot water with the law. We then cover an update to the Common Vulnerability Scoring System and end with a researcher claiming the end of encryption as we know it.

The Threat Actor That Hacked MGM

Mon, 30 Oct 2023 01:00:00 -0700

https://youtu.be/kvSA53ncRlg This week on the podcast, we review a thorough unmasking of Octa Tempest, the threat actor beind the MGM and Caesars Entertainment attacks in September. Before that, we give an update on the Cisco IOS XE vulnerability that head to an implant installed on thousands of exposed devices. We round out the episode with an analysis of CitrixBleed, an information disclosure vulnerability in Citrix NetScaler that was just patched last week.

CISA’s Secure by Design Whitepaper

Mon, 23 Oct 2023 01:00:00 -0700

https://youtu.be/GYoWiEKod38 This week on the podcast, we cover CISA's newly updated whitepaper on guidance for both software manufacturers and customers on the principals of secure-by-design and secure-by-default. Before that, we cover the Cisco IOS XE vulnerability that is under active exploitation in the wild, give an update on the EPA's efforts to regulate cybersecurity practices in water districts, and then discuss research into the latest "bullet proof hosting" options for malicious web content.

Microsoft is Killing NTLM

Mon, 16 Oct 2023 07:44:00 -0700

https://youtu.be/dSUkvBUDum4 This week on the podcast, we cover the recent HTTP/2 protocol vulnerability that lead to the largest DDoS attack ever recorded by CloudFlare. After that, we discuss Microsoft's announcement about the deprecation of VBScript and the impending removal of NTLM. We then cover a collection of data allegedly stolen from the genealogy website 23 and Me before ending with a fun bit of research targeting private servers for the Grand Theft Auto Online video game.

Q2 2023 Internet Security Report

Mon, 09 Oct 2023 01:00:00 -0700

https://youtu.be/NVvX02rwlEA This week on the podcast, we go through the latest Internet Security Report from the WatchGuard Threat Lab. We'll cover the top malware and network attack trends from Q2 2023 impacting small and mid-market organization globally before ending with defensive tips anyone can take back to their company.

Bing Chat Malvertising

Tue, 03 Oct 2023 07:05:00 -0700

https://youtu.be/Io_lubfJgKE This week on the podcast, we discuss an alert from CISA on nation state threat actors embedding malware into legacy Cisco router firmware. After that, we cover a research post on malicious advertisements served up via Bing's ChatGTP integration. We then end with an analysis of North Korea's Lazarus group's latest social engineering techniques.

Meta’ One Good Deed

Mon, 18 Sep 2023 01:00:00 -0700

https://youtu.be/Yo5GO14F5N0 This week on the podcast, we get up to speed on the MGM and Caesars Entertainment ransomware incidents from the previous week. After that, we take a deep dive into a blog post from Meta's application security team for their VR headsets. After that, we cover Microsoft's analysis of an ATP's pivot from email to another form of phishing.

iPhone’s Latest 0-Day

Mon, 11 Sep 2023 07:44:00 -0700

https://youtu.be/UwuG1U1fZhE This week on the podcast, we cover Microsoft's final report on their July incident involving nation-state actors compromising enterprise email accounts. After that, we discuss a zero-day, zero-click vulnerability in iOS being actively exploited in the wild before ending with a chat about an upcoming change to how Android handles CA certificates.

The Qakbot Takedown

Tue, 05 Sep 2023 01:00:00 -0700

https://youtu.be/NLO0DYuTZp4 This week on the podcast, we cover the FBI-lead, multinational takedown of the Qakbot botnet of over 700,000 victim devices. After that, we cover two android malware variants including one targeting victims in southeast Asia and another built by the Russian GRU.

Weaponizing WinRAR

Mon, 28 Aug 2023 12:37:00 -0700

https://youtu.be/BVbVwm0dMgg This week on the podcast we cover the latest evolutions of the North Korean threat actor Lazarus before covering an actively-exploited 0day vulnerability in the popular unarchiver WinRAR. We end the episode with an AI-related attack that doesn't actually use AI.

U.S. Cyber Trust Mark

Mon, 21 Aug 2023 11:09:00 -0700

https://youtu.be/Drx3kF3sllQ This week on the podcast we cover the FCC's proposal for a security assurance labeling program for IoT devices. Before that, we discuss the latest AI research challenge hosted by DARPA as well as some research into a novel attack against the AI/ML supply chain.

Def Con 2023 Recap

Mon, 14 Aug 2023 09:54:00 -0700

https://youtu.be/LldPfSZY0uU On this week's episode, we chat about some of our favorite talks from this year's Def Con security conference. We'll cover several topics including artificial intelligence, hacking mobile point of sale devices, and how worried we should or shouldn't be about cyber warfare.

BlackHat 2023 Recap

Fri, 11 Aug 2023 01:00:00 -0700

https://youtu.be/ltW3DQVrZ28 In this special end-of-week episode of The 443, we cover some of our favorite talks from this year's edition of the BlackHat cybersecurity conference in Las Vegas. We'll discuss the trends we saw and summaries of interesting topics including AI, nation state warfare, and improving cyber defense.

What Is Same-Origin Policy? Replay

Mon, 07 Aug 2023 15:23:00 -0700

https://youtu.be/Gfvg7dywu8A This week we look back to an episode that originally aired in May 2021 where we remember a Def Con legend then dive in to two web browsing security acronyms. Keep an eye out later this week as we come to you from this year's Black Hat and Def Con cybersecurity conferences!

Qakbot Qacktivity

Mon, 31 Jul 2023 01:00:00 -0700

https://youtu.be/FZKalGbK90A This week on the podcast, we cover the latest evolutions of the decade-old Qakbot malware including changes in how attackers deliver it. After that, we give an update on the SEC's new rules around mandatory security disclosure. We then end by reviewing CISA's analysis of Risk and Vulnerability Assessments they completed for their constituents in 2022.

Red Teaming AI Systems

Mon, 24 Jul 2023 01:00:00 -0700

https://youtu.be/GzZkXckK3Nk This week on the podcast, we give an update on last week's discussion around a China-based APT targeting government organizations. After that, we cover the latest uses of generative AI like ChatGPT by malicious hackers. Finally, we end with a report from Google on their efforts around Red Teaming Artificial Intelligence systems.

New Microsoft Office 0-Day

Mon, 17 Jul 2023 01:00:00 -0700

https://youtu.be/I-RjOTEJwZ0 This week on the podcast we cover two stories that came out of Microsoft's July Patch Tuesday. The first involves an incident within Microsoft that lead to foreign cybercriminals compromising the email accounts of multiple government agencies. The second story involves an actively exploited 0-day vulnerability in Office that at the time of recording, remains unpatched.

Q1 2023 Internet Security Report

Mon, 03 Jul 2023 01:00:00 -0700

https://youtu.be/wXqymd_pLOU This week on the podcast, we cover WatchGuard Threat Lab's Internet Security Report for Q1 2023. Throughout the episode, we'll discuss the key trends for cyber threats impacting small and midsize organizations globally including the top malware and network attach detections as well as a look specifically at the endpoint. We round out the episode with key defensive takeaways you can take back to your organization to defend against these threats.

RepoJacking

Tue, 27 Jun 2023 13:22:00 -0700

https://youtu.be/DYam7E96dgc On this week's podcast we discuss a recent analysis on the risks of GitHub RepoJacking. After that, we dive in to the Barracuda 0-day that China-based threat actors are actively exploiting as well as a novel command and control distribution method for a separate China-based APT.

Minecraft Mod Malware

Mon, 12 Jun 2023 12:00:00 -0700

https://youtu.be/KOBaZcDg0tY This week on the podcast we cover a supply chain attack of sorts against Minecraft gamers. After that, we cover a vulnerability in MOVEit Transfer that threat actors are exploiting in the wild to steal data and deploy ransomware. Finally, we wne with our review of the latest Verizon Data Breach Investigations Report (DBIR).

How Not to Update Software

Mon, 05 Jun 2023 08:13:00 -0700

https://youtu.be/PZWaRaguDTI This week on the podcast, we give a quick update on the latest Volt Typhoon activity before covering a newly for sale EDR bypass tool. After that, we discuss Gigabyte's decision to rootkit their own motherboards before ending with a new macOS vulnerability.

Naming APTs

Mon, 29 May 2023 12:30:00 -0700

https://youtu.be/loUDfzGTaiE This week on the podcast, we cover Microsoft's latest refresh of naming conventions for advanced persistent threat (APT) actors worldwide, as well as an update on two specific threat actors and their latest tactics. We also cover a ransomware event targeting a biotechnology company with an interesting twist.

TikTok is Banned, Kind Of

Tue, 23 May 2023 13:07:00 -0700

https://youtu.be/W57_CpRSFEA This week on the podcast, we cover the recent TikTok ban coming from the state of Montana and discuss whether it was justified and what the potential security impact is. Before that, we give an update on two US Supreme Court cases that were poised to potentially strip away Section 230 protections. We also highlight a new phishing-as-a-service (PaaS) platform that has yet again lowered the barrier for executing sophisticated attacks.

An Interview with ChatGPT

Mon, 15 May 2023 16:56:00 -0700

https://youtu.be/-asU7Sd24gg This week on the podcast, Marc kick's Corey off the podcast and interview's ChatGPT to learn its thoughts on AI applications in cybersecurity, both on offense and defense.

Securing Healthcare Tech

Mon, 08 May 2023 12:00:00 -0700

https://youtu.be/PoEXinvhMVQ This week on the podcast, we cover two new malware research pieces, including the latest evolution of a delivery vehicle as old as time. After that, we cover recent regulations in the healthcare industry that have a chance to push the industry to a more secure future.

Rustbuckets and Papercuts

Mon, 01 May 2023 01:00:00 -0700

This week on the podcast, we cover a recently discovered macOS malware attack that uses a multi-stage delivery mechanism. Before that, we discuss an actively-exploited vulnerability in the print management software PaperCut, as well as an update on the 3CX supply chain attack.

MSPs Around the World – Americas

Mon, 24 Apr 2023 08:00:00 -0700

This week's podcast comes from the WatchGuard Apogee partner conference for the Americas where we bring on special guests Kevin Willette of Verus Corporation and Neil Holme of Impact Business Technology to discuss the challenges and opportunities MSPs and MSSPs will face in the coming years. This is the first of a multipart series where we explore similar questions around the world.

Zero Trust Maturity Model 2.0

Mon, 17 Apr 2023 08:00:00 -0700

https://youtu.be/vzTpECddZRg This week on the podcast, we cover two new publications out of CISA. First, we dive into CISA's guidance to manufacturers and customers on products that are secure-by-design and secure-by-default. Next, we discuss CISA's latest Zero Trust Maturity Model which any organization can use to gauge how far along they are on the ZTA path and where the should focus their efforts next. Finally, we end wit some research from Blaze Information Security on a series of vulnerabilities in a play-to-earn blockchain game. You can view more information on the CISA guidance as well as Blaze Lab's full blog post at the links below: - https://www.cisa.gov/sites/default/files/2023-04/zero_trust_maturity_model_v2_508.pdf - https://www.blazeinfosec.com/post/hacking-play-2-earn-blockchain-games-manarium

Operation Cookie Monster

Mon, 10 Apr 2023 10:59:00 -0700

This week on the podcast, we discuss another cybercrime marketplace takedown dubbed Operation Cookie Monster. After that, we discuss Microsoft's attempts to limit the distribution of a popular hacking toolkit. Finally, we discuss a recent analysis by Dr. Ken Tindell of Canis Automotive Labs around how criminals were able to steal his friend's Toyota Rav4. You can view Dr. Ken Tindell's full blog post here: https://kentindell.github.io/2023/04/03/can-injection/

Another Software Supply Chain Attack

Mon, 03 Apr 2023 17:13:00 -0700

This week on The 443, we discuss the latest software supply chain attack with a potential blast radius of thousands of organizations. Then we cover a new protocol vulnerability in the Wi-Fi wireless standard before ending with some research into insecure Microsoft Azure applications.

The NSA’s Guidance on Securing Authentication

Mon, 27 Mar 2023 07:22:00 -0700

This week we have all the acronyms as we cover a joint publication by CISA and the NSA with Identity and Access Management (IAM) best practices. We then cover some new proposed cybersecurity rules out of the Securities and Exchange Commission (SEC) before ending with an FBI takedown of a popular hacking forum.

An Update on Section 230

Mon, 20 Mar 2023 07:00:00 -0700

On this week's episode we look back to our initial monologue on Section 230 protections that allow the social media and the internet as a whole to function. We cap off the episode replay with a new discussion on a recent supreme court case that has the potential to dramatically impact the internet as we know it.

Here Come The Regulations

Mon, 13 Mar 2023 07:00:00 -0700

On today's episode, we cover two new sets of cybersecurity regulations, fresh off the heels of the White House's National Cybersecurity Strategy publication, targeting different critical infrastructure sectors in the United States. We'll also cover the latest in nation state activity targeting network connectivity appliances and end with some fun research into an oldie but goodie video game system.

US National Cybersecurity Strategy

Mon, 06 Mar 2023 19:24:00 -0800

This week's episode is all about the White House's recently released National Cybersecurity Strategy. We'll walk through the strategy from top to bottom and discuss the key elements most likely to impact individuals and organizations as well as our overall thoughts on the direction the US Federal Government is planning to take.

Cybersecurity’s Toll on Mental Health

Mon, 27 Feb 2023 11:45:00 -0800

This week on the episode we have a discussion about stress related issues impacting cybersecurity professionals and ways to combat them. Before that, we cover the latest news including new 0click exploit protection from Samsung, the latest update on GoDaddy's security woes, and Twitters latest erratic move.

Successfully Prosecuting a Russian Hacker

Tue, 21 Feb 2023 15:22:00 -0800

In today's episode, we discuss a recent court case resulting in the succesful conviction of a Russian national tied to breaking in to several publicly traded US companies. We also cover the latest details on the ESXiArgs ransomware attacks that have been impacting organizations globally as well as the latest CISA alert on nation-state ransomware activity.

Live Audience MSP Q&A Panel

Mon, 13 Feb 2023 15:23:00 -0800

On this week's very special episode of the podcast, we sit down with Matt Lee, Calvin Engen, and Scott Williamson, three MSP security and business experts for a Q&A panel in front of a live audience! We'll cover everything from how MSPs and MSSPs should address the cyber threat landscape to what vendors can do to be a more appealing partner.

What is CVSS?

Tue, 07 Feb 2023 09:24:00 -0800

This week on the podcast we cover the Common Vulnerability Scoring System (CVSS) including how it works and some of its limitations. Before that though, we discuss a recent survey on the risks of ChatGPT's usage in cyberattacks and the latest activity from Lazarus, the North Korean government hacking operation.

CISA Warns of Weaponized RMM Software

Tue, 31 Jan 2023 08:29:00 -0800

On today's episode, we cover a recent Department of Justice operation that resulted in taking down a major ransomware organization. After that, we cover two recent publications from CISA, the first on malicious use of legitimate RRM software and the second giving guidance to K-12 on how to address cybersecurity concerns.

Report Roundup

Mon, 23 Jan 2023 07:56:00 -0800

This week on the podcast, we cover key findings from three individual reports published last week. In the first report we'll dive into the world of blockchain analysis looking for illicit transactions. In the second report, we'll cover the state of SMB security. The final report includes a discussion of overall financial crime involving stolen payment card information.

The RCE Vulnerability That Wasn’t

Tue, 17 Jan 2023 10:10:00 -0800

This week on the podcast we cover a recently-disclosed vulnerability in the popular JavaScript library JsonWebToken. After that, we give an update to weaponizing ChatGPT, the currently free Artificial Intelligence chat bot that has made waves since it's release in November. We round out the episode with a wave farewell to Windows 7 and Windows 8.1 and what the end of extended support means for businesses.

Reviving a Dead Botnet

Tue, 10 Jan 2023 08:19:00 -0800

This week on the podcast we cover a recent analysis by Mandiant on a Russia-based APT using a decade old botnet to deliver new attacks. Before that, we cover an update from LastPass about their most recent breach as well as the 200 million Twitter accounts leaked last week.

Q3 2022 Internet Security Report

Tue, 03 Jan 2023 06:34:00 -0800

This week on the podcast we discuss key findings from the WatchGuard Threat Lab's Q3 2022 Internet Security Report. We'll cover everything from the top malware threats to the latest network attack trends targeting small and midsize enterprises globally and give practical defensive tips that anyone can use to keep their organizations safe. [PowerPress]

2023 Security Predictions

Tue, 20 Dec 2022 06:21:00 -0800

It's that time of year for us to discuss the WatchGuard Threat Lab's 2023 cyber security predictions! On this episode, we will cover the six predictions plus another two that didn't make the cut as well as some defensive strategies to try and help stop them from coming true.

Apple’s New Privacy Expansion

Mon, 12 Dec 2022 16:04:00 -0800

This week on the podcast, we cover Apple's latest announcement of expanded privacy and security features for their users. Before that, we cover a major breach in the Android ecosystem followed by a new Internet Explorer (yes, that still exists) 0-day vulnerability.

Hacking Hyundai

Tue, 06 Dec 2022 08:15:00 -0800

On this week's episode, we cover the latest in car hacking, this time involving a vulnerability that could have given remote attackers full control over certain Hyundai models' doors, lights and engine. After that, we discuss the latest breach impacting a major password management app and how it's different from previous ones we've seen. We end with a discussion on the latest 'custom security solution' vendor selling spyware tools for profit.

CISA Incident Response Learnings

Tue, 29 Nov 2022 09:51:00 -0800

On today's episode we cover a pair of alerts from the Cybersecurity Infrastructure and Security Agency (CISA), one detailing the tools, tactics and procedures from a prolific ransomware organization and another walking through a recent incident response engagement CISA completed with a federal agency. Before that though, we learn about what happens when you use a software component that hasn't received updates in 17 years.

Attack Surface Management

Mon, 21 Nov 2022 12:45:00 -0800

This week on the podcast we dive into the world of attack surface management. We discuss what your attack surface is made up of including some areas you may not have thought of and then cover the best ways to reduce and ultimately protect it.

2022 Cybersecurity Predictions Recap

Mon, 14 Nov 2022 07:56:00 -0800

This week on the podcast we take a look back at our 2022 cybersecurity predictions and give ourselves a grading on how well we did. From cyber insurance to space hacks, we'll cover each of the 6 predictions we made last December and discuss why we think they did or did not come to fruition. As mentioned on the episode, several WatchGuard employees are participating in "Mo-vember" to raise awareness and contributions for men's health charities. Check out our page, and Corey's amazing mustache, at - https://nl.movember.com/en/team/2435885

Why OpenSSL Downgraded Their Vulnerability

Mon, 07 Nov 2022 14:22:00 -0800

On this episode we cover the much anticipated OpenSSL vulnerabilities that were disclosed and patched on November 1st and why the 6 year streak of no critical issues continues. After that, we dive back in to election security and the hacking activity that could have the most impact. We end with an update from Apple on their security program and making vulnerability research more accessible.

CISA’s Cybersecurity Performance Goals

Mon, 31 Oct 2022 13:37:00 -0700

This week on the podcast we cover CISA's freshly-released Cybersecurity Performance Goals (CPGs) designed to help smaller organizations bridge the gap between frameworks and practical implementation. After that, we discuss a new bill working its way through the US Senate designed to address open source software security risks. Finally, we end with a research post from Microsoft on the evolution of an interesting malware campaign.

Ransomware TTPs Deep Dive

Wed, 26 Oct 2022 06:08:00 -0700

This week on the podcast, we cover another remote code execution vulnerability that looks extremely concerning on the surface but might be less serious in reality. After that, we cover two research articles by Microsoft on ransomware campaigns including defensive takeaways for all organizations.

Cyber Energy Star

Mon, 17 Oct 2022 07:06:00 -0700

This week on the podcast we cover a proposed program from the White House to create an Energy Star-like label for cybersecurity in consumer products. Before that, we cover two other updates from the federal government including a new open source tool from CISA and the latest reincarnation of Privacy Shield.

Q2 Threats and Guilty CSOs

Tue, 11 Oct 2022 20:45:00 -0700

This week on the podcast, we focus on highlighting WatchGuard's Q2 Internet Security Report, covering the latest threat trends and what you can do to avoid them. However, we also pack in our security news segment, with an Optus breach update from an Australian IT and security expert and WatchGuard Partner, the latest on the UBER CSO trial, and a warning about the recent zero day Exchange exploit that some call ProxyNotShell. This week's episode is a long one, so grab a fresh coffee and listen during a long walk or drive.

Optus Opts Out of PII Protection

Mon, 03 Oct 2022 11:45:00 -0700

This week on the podcast, we cover an Optus data breach that could affect over 10 million Australian customers, and what they should do to protect themselves. We highlight a new malware-as-a-service (MaaS) information stealer that lowers the cost and technical bar for cybercriminals. Finally, we end with some good news about how the FBI was able to catch and arrest an ex-NSA insider trying to sell sensitive national security data to a supposed Russian adversary. Or watch the video version here.

An Uber Hack

Tue, 27 Sep 2022 16:47:00 -0700

This week on the podcast, we cover Uber's most recent security incident and the alleged individual behind it. After that, we dive into the world of gas station operational technology and potential security weaknesses in one tool. Finally, we end with a chat about the FBI CISO Academy and how the FBI as a whole is trying to reshape relationships with the private sector.

Are CISOs Legally Accountable for Security?

Wed, 14 Sep 2022 05:09:00 -0700

This week on the podcast we cover a court case that is attempting to hold the ex-CISO of a popular tech company accountable for their actions involving a data breach dating back to 2016. Before that though, we dive in to a novel command and control (C2) method as well as the latest commoditization of a sophisticated cyber attack technique.

A Day in the Life of a Malware Analyst

Tue, 06 Sep 2022 06:46:00 -0700

This week on the podcast we sit down with Ryan Estes, a malware analyst on the WatchGauard Threat Lab team, to discuss what it takes to rapidly differentiate malware from goodware. In this interview, we discuss what it takes to get in to malware analytics, popular tools to help with the task, and resources anyone can follow to build up skills.

The Twitter Thing

Mon, 29 Aug 2022 12:02:00 -0700

This week on the podcast, we cover the big whistleblower complaint against Twitter including our hot takes on who to believe. We then cover an FBI alert on evasion techniques cyber criminals are deploying in their authentication attacks before finishing with a highlight of a very convincing phish.

2022 Black Hat and Def Con Recap

Mon, 22 Aug 2022 11:58:00 -0700

This week on the podcast we review our time at this year's Black Hat and Def Con cybersecurity conferences in Las Vegas. We'll cover how the WatchGuard CTF contest went this year and discuss takeaways from a few of the briefings we attended.

Hacker Summer Camp 2022

Tue, 09 Aug 2022 13:33:00 -0700

This week on the podcast, we give our preview of the Black Hat and Def Con cybersecurity conferences, aka Hacker Summer Camp. Throughout the episode, we'll discuss the briefings and panels we're most excited to see and what we hope to get out of them. If you're not able to attend either conference in person this year, be sure to watch the Def Con Youtube channel for recordings! Also, check out our capture the flag contest at WGCTF.com!

Private Sector Offensive Actors

Tue, 02 Aug 2022 07:02:00 -0700

This week on the podcast we discuss the shifting landscape of phishing attacks in the wake of Microsoft's efforts to block malicious Office macros. We then cover a private organization that has been found not just selling exploit tools but also participating in offensive cyber operations. We end the episode with a review of IBM and the Ponemon Institute's Cost of a Breach Report for 2022.

USA’s Answer to GDPR

Mon, 25 Jul 2022 14:08:00 -0700

This week on the podcast, we discuss the current cyber skills gab and a federal program designed to help combat it. After that, we dive in to the American Data Privacy protection Act and what it potentially means if passed by US Congress. We end this week with a quick update on Microsoft's attempts to protect users from malicious macro-enabled documents.

Rolling PWN

Thu, 21 Jul 2022 10:29:00 -0700

This week on the podcast we cover the latest in car hacking research, this time targeting vulnerabilities in remote keyless entry. We then dive in to Microsoft's latest research on Adversary in the Middle (AitM) attacks and end with key findings from the latest WatchGuard Threat Lab quarterly Internet Security Report.

Grading Gartner’s Guesses

Mon, 27 Jun 2022 00:00:00 -0700

This week on the podcast, we discuss two recent security reports, one on the topic of open source software and the other on "insecure by design" in the Operational Technology (OT) space. We go through the key findings from each report and what our thoughts are on their accuracy within the real world. We end the week by covering Gartner's 8 security prediction from their Security and Risk Management summit last week and what we think their likelihood of hitting are in the years to come.

200th Episode Extravaganza

Tue, 21 Jun 2022 12:53:00 -0700

In celebration of our 200th episode, this week on the podcast we take a look back at the last few years and revisit some of our favorite episodes. Along the way, we'll give updates on a few of our cybersecurity predictions from years past that took just a little bit longer than anticipated to come true. Finally, we end with a round of Q & A and a few quick news updates.

Robux Ransomware

Tue, 14 Jun 2022 11:51:00 -0700

This week on the podcast we cover the latest and most bizarre ransomware extortion demand we've seen in recent memory. Before that though, we cover the latest updates on nation state hacking activity including threats of escalating attacks leading to physical retaliation.

0-Days for Days

Thu, 09 Jun 2022 14:27:00 -0700

This week on the podcast we cover two fresh 0-day vulnerabilities, one in Windows and another in Atlassian's Confluence, both under active exploitation in the wild. Additionally, we cover Costa Rica's no good, terrible month in Cybersecurity.

Package Hijacking

Tue, 31 May 2022 15:08:00 -0700

This week on the podcast, we discuss the line between ethical security research and malicious activity thanks to a compromised open source software package. After that we cover the latest industry to fall victim to Ransomware and end by highlighting a 0-click vulnerability in Zoom’s message system discovered by Google Project Zero.

Building Security Strategies with Matt Lee

Mon, 23 May 2022 13:33:00 -0700

This week on the podcast we sit down for a chat with Matt Lee, Sr. Director of Security and Compliance at Pax8 and well-known cyber security educator, to discuss security strategies for MSPs and midsize enterprises in the face of a dynamic threat landscape. We cover everything from picking a framework to getting buy in from stakeholders and take a forward look at what future cyber regulations may look like to all organizations.

CISA Guidance for MSPs

Tue, 17 May 2022 15:41:00 -0700

This week on the podcast we walk through CISA alert AA222-131A which gives bulleted guidance to MSPs and customers of MSPs on how to navigate their relationship security as threats targeting service providers continue to grow. We'll walk through the list and hit each recommendation and give our own guidance on top of them for both MSPs and their customers. After that, we cover the the latest Microsoft patch Tuesday and end the episode with the latest updates on SAT COM hacking.

The REturn of REvil?

Mon, 09 May 2022 00:00:00 -0700

This week on the podcast we discuss the latest rumblings around the return of the prolific ransomware-as-a-service organization REvil. Before that though, we dive in to the latest tools, tactics and procedures of the Lazarous nation state hacking group as well as a recently discovered form of fileless malware evasion.

Most Exploited Vulnerabilities of 2021

Mon, 02 May 2022 07:12:00 -0700

This week on the podcast, we dive into CISA's list of the 15 most exploited vulnerabilities in 2021. We'll walk through each flaw and give a refresher on their history and how attackers have exploited them. After that, we cover the latest ransomware-as-a-service threat that has victimized over 60 organizations worldwide before ending with a quick chat about our "favorite" topic, NFTs.

Psychic Signatures

Tue, 26 Apr 2022 08:10:00 -0700

This week on the podcast we cover a critical and easily-exploited vulnerability in how some recent versions of Java handle cryptography. We also discuss the latest in a series of alerts from CISA and international intelligence organizations on cyber threats to critical infrastructure. Finally, we end with a condensed overview of the latest internet security report from the WatchGuard Threat Lab.

Hidden Hafnium

Mon, 18 Apr 2022 07:14:00 -0700

This week on the podcast, we cover the latest evasion and persistence techniques from the state-sponsored threat actors known as Hafnium. Then, we dive into the world of ICS and SCADA devices to discuss the latest joint-agency alert from the US Government. We then round out the episode by highlighting some recent research into spoofing using Unicode BiDi (Bi-Directional) characters.

Patch Management Lag

Mon, 04 Apr 2022 16:30:00 -0700

This week on the podcast we discuss one of the most rampant yet easily resolved risks facing many organizations today, not installing vendor-supplied security fixes. We'll cover some of the reasons why organizations might fall behind on patching as well as the potentially serious consequences. After that, we cover the latest 0-day Chromium vulnerability before a quick chat about the latest in US cybersecurity legislation.

The Rise and Fall of Lapsus$

Mon, 28 Mar 2022 09:21:00 -0700

This week on the podcast we cover the hacking organization Lapsus$ including their tactics, targets, and how they ended up with several members arrested last week. After that, we cover the cyber cold war and threats of Russian revenge attacks against the US energy sector that prompted classified meetings with potentially targeted organizations.

SATCOM Security

Mon, 21 Mar 2022 15:51:00 -0700

This week on the podcast, we cover a CISA alert on securing satellite communications (SATCOM) in the wake of several recent incidents involving providers and networks in eastern Europe. After that, we check in on the TSA's cybersecurity rules for pipeline distribution networks and how adoption is going so far in the industry.

US-Backed Cryptocurrency

Mon, 14 Mar 2022 14:04:00 -0700

This week on the podcast, we cover last week's Executive Order from the White House that lays the foundation for a United States Central Bank Digital Currency, or CBDC, and what it means for the future of Cryptocurrency. We also discuss recent research from Mandiant on APT41, a Chinese threat actor that has recently turned their sights on US state governments.

Conti Leaks

Wed, 09 Mar 2022 19:58:00 -0800

This week on the podcast we cover the recent leaks highlighting the inner workings of the Conti ransomware group that started with chat logs and grew to entire source code dumps. We then round out the episode by discussing the recent Nvidea breach and how some of the stolen information might fuel future attacks.

Rewind: Can We Trust Facial Recognition

Mon, 28 Feb 2022 11:14:00 -0800

This week on the podcast we dig back into our archives for an episode that originally aired back in July 2020 where we discussed one of our analysts first-hand research into facial recognition biases.

BGP-Powered Crypto Theft

Tue, 22 Feb 2022 15:25:00 -0800

This week on the podcast we cover a cryptocurrency heist that abused the backbone of the internet to steal millions of dollars of coins. In related news, we also cover the FBI's new Virtual Asset Exploitation Team and their focus on tracking cryptocurrency-related cybercrime as well as a recent alert on business email compromise from the same agency.

Russia, Fighters of Cybercrime?

Mon, 14 Feb 2022 08:09:00 -0800

This week on the podcast we cover Russia's latest crackdown on cybercriminals within their borders and try to answer the "why now?" question. We also discuss a multi-billion dollar cryptocurrency recovery by the US Justice Department including the arrest of two New Yorkers allegedly responsible for the 2016 Bitfinex hack.

Hacking Back at North Korea

Mon, 07 Feb 2022 00:00:00 -0800

This week on the podcast, we cover the heist of $322 million in cryptocurrency from the distributed exchange Wormhole, including a long discussion on the why it feels like cryptocurrency is still the wild west of technology. After that, give an update on our brief mention in last week's episode about North Korea's internet seemingly being taken offline by cyber attack. We end this week with a quick update on a sophisticated malware attack targeting macOS devices.

The Pwnkit Problem

Mon, 31 Jan 2022 08:58:00 -0800

This week on the podcast, we cover Pwnkit, a privilege escalation vulnerability impacting almost every modern Linux release worldwide. We also dive in to the world of macOS malware with DazzleSpy, a remote a remote access trojan targeting Hong Kong pro-democracy advocates. Finally, we end with an update on North Korea's Lazarus APT and their latest attack tactics targeting organizations.

Q3 2021 Internet Security Report

Wed, 26 Jan 2022 09:37:00 -0800

This week on the podcast we discuss the latest Internet Security Report from the WatchGuard Threat Lab. Built with threat intelligence gathered from tens of thousands of Firebox UTM appliances that have opted-in to sharing data, the quarterly report lets us talk about the latest malware and attack trends targeting organizations globally. On this episode, we'll cover some of the key findings and defensive takeaways from the latest report.

The Death of the Carding Marketplace

Thu, 20 Jan 2022 08:24:00 -0800

This week on the podcast we give a quick update to the Log4Shell saga after the researchers detected the first significant campaign that uses the critical vulnerability. After that, we dive in to the world of carding marketplaces where cybercriminals buy and sell stolen credit card information and discuss possible reasons for why these marketplaces appear to be dying off.

Is Cybersecurity Vocational?

Mon, 10 Jan 2022 16:42:00 -0800

This week on the podcast we give an update on log4j2 and it's most recently-disclosed vulnerabilities before covering a recent report on credential stuffing by the New York Attorney General. Then, we discuss this recent article in DarkReading on whether or not cybersecurity jobs should be considered professional or vocational.

Log4Shell Deep Dive

Mon, 20 Dec 2021 00:00:00 -0800

This week we take a deep dive into CVE-2021-44228, better known as Log4Shell, a critical vulnerability in the massively popular log4j2 logging library for Java applications. We discuss how the flaw came about, how it works, and why this specific issue has the potential to cause lasting headaches for the security industry for years to come. We also answer a mailbag full of questions from our listeners and WatchGuard partners about Log4Shell. NCSC log4js Usage Index - https://github.com/NCSC-NL/log4shell/blob/main/software/README.md Log4Shell IOCs - https://github.com/WatchGuard-Threat-Lab/log4shell-iocs Log4Shell Scanning Utility - https://github.com/proferosec/log4jScanner

Our 2022 Security Predictions

Wed, 15 Dec 2021 08:52:00 -0800

As we move in to the end of the year it's time for us to discuss WatchGuard Threat Lab's 2022 cybersecurity predictions. While many of our predictions tend to come off as extreme, they're all grounded in the trends that we've been following and what we expect to see continue into the coming year. If you haven't checked out the predictions in full, you can view them on watchguard.com/predictions

2021 Security Predictions Grading

Tue, 23 Nov 2021 15:22:00 -0800

Its getting to be the end of the year which means its time to take a look back at WatchGuard Threat Lab's 2021 security predictions and give ourselves a grading on how well we did! On this episode, we'll go through our 8 predictions for 2021, recap the trends that fueled them, and discuss either the events that occurred or failed to come true.

CISA Alert Tips Off Adversaries

Wed, 17 Nov 2021 10:58:00 -0800

This week on the podcast we discuss how a recent CISA alert on specific threat actor activity tipped off a separate adversary, leading to a new wave of attacks against vulnerable systems across multiple industries. We also cover the latest US and international law enforcement crackdowns on ransomware operators as well as a breakthrough on video game console hacking.

Trojan Source

Wed, 10 Nov 2021 10:44:00 -0800

On this week's episode of the podcast, we cover a newly discovered method for hiding malicious source code in plain sight, CISA's new Known Exploited Vulnerabilities Catalog, and action from the US Department of Commerce on the Pegasus spyware manufacturer NSO Group.

Stealing Make-believe Money

Mon, 01 Nov 2021 13:48:00 -0700

This week on the podcast, we cover a heist of over $130 million worth of cryptocurrency from a distributed financial (DeFi) organization and have an in depth discussion on why cryptocurrency-related platforms continue to suffer substantial breaches. Before that though, we cover an apparent ransomware attack against the National Rifle Association and an FBI raid on a popular payment card platform.

Schrödinger’s REvil

Mon, 25 Oct 2021 12:15:00 -0700

This week on the podcast, we cover the latest news on REvil, the ransomware-as-a-service organization responsible for the Kaseya attack earlier this year among many others. After that, we cover an update from the US Commerce Department on new export rules around selling hacking tools outside of the United States, nearly 6 years after the initial proposal caused a firestorm in the security community. Finally, we cover the latest research from Google's Threat Analysis Group, this time on a cookie theft hacking gang targeting YouTube streamers around the world.

VirusTotal Global Ransomware Report

Mon, 18 Oct 2021 08:11:00 -0700

This week on the podcast we cover VirusTotal's first ever global ransomware report which analyzes ransomware trends over the last year from the unique position of the world's largest malware intelligence platform. Before that though, we cover another APT group with a ridiculous name found exploiting a zero-day vulnerability in Windows.

The SMS Breach You Didn’t Hear About

Mon, 11 Oct 2021 10:29:00 -0700

This week on the podcast we discuss a breach that lasted over 5 years involving a company responsible for routing SMS messages for 95 of the top 100 mobile carriers in the world. Before that though, we'll cover the recent Facebook downtime incident as well as the seemingly total compromise of the video game streaming platform Twitch.

Q2 2021 Internet Security Report

Mon, 04 Oct 2021 18:48:00 -0700

This week on the podcast we cover the latest quarterly Internet Security Report from the WatchGuard Threat Lab. We'll go over the latest attack trends and key findings from Q2 2021 as well as defensive tips for keeping your systems safe from the latest threat landscape.

Kaseya’s Trusted Third Party

Mon, 27 Sep 2021 10:29:00 -0700

This week on the podcast we discuss the recently disclosed identify of the"Trusted Third Party" that Kaseya acquired the REvil ransomware master decryption key from, as well as the morals around a decision to hold on to the decryption key for multiple weeks before handing it off to Kaseya. We then cover a new APT discovered by researchers at ESET and the latest CISA alert on ransomware activity.

OMIGOD!

Thu, 23 Sep 2021 15:55:00 -0700

This week on the podcast we discuss the recently patched zero-click vulnerability in iOS, macOS and WatchOS that researchers at TheCitizen Lab discovered while investigating NSO Group's Pegasus spyware. After that, we cover a vulnerability in the OMI Agent that comes automatically installed on all Azure Linux virtual machines. We finish by covering Microsoft's latest efforts to kill passwords for good.

OWASP Update

Thu, 16 Sep 2021 13:59:00 -0700

This week on the podcast we discuss the first update to the OWASP Top 10 since 2017. OWASP servers as an excellent resource for improving web application security so we're excited to run through the latest refresh of their top security weaknesses. We also discuss phishing attacks that abuse Internationalized Domain Names (IDNs) in emails and a critical vulnerability in Microsoft Office.

ProxyWare

Thu, 09 Sep 2021 16:12:00 -0700

This week on the podcast we cover ProxyWare, a form of malware that monetizes your internet access for the benefit of the attacker. After that, we discuss ChaosDB, a vulnerability that could have enabled any Azure user to gain full access to any other user's CosmosDB instance. Finally, we end with a discussion of location tracking vulnerabilities and how a few popular dating apps have tackled them.

Stop Following Me – Rewind

Thu, 02 Sep 2021 15:15:00 -0700

This week on the podcast we dig back in the archives to 2019 where we discussed how web servers manage to track users across sites using browser fingerprinting methods. Even though some improvements like removing third-party cookies have been made to limit tracking, plenty of additional fingerprinting options still remain.

PolyNetwork Heist

Fri, 27 Aug 2021 10:25:00 -0700

This week on the podcast we cover one of the largest cryptocurrency heists in history, with a surprising twist of an ending! Before that we'll chat about the latest T-Mobile data breach and what we can learn about protecting user identity. We end the episode with a discussion about one of the latest episodes of Last Week Tonight with John Oliver, watchable here https://www.youtube.com/watch?v=WqD-ATqw3js, where he talked about the ongoing ransomware pandemic.

DEF CON 29 Recap

Wed, 18 Aug 2021 13:43:00 -0700

This week on the podcast we chat about a few of our favorite presentations from the 2021 edition of the DEF CON security conference out of Las Vegas. If haven't checked them out yourself, visit the DEF CON YouTube channel or media.defcon.org to view this year's and all previous year's content.

Bad BGP

Wed, 11 Aug 2021 11:36:00 -0700

This week on the podcast, we chat about a recent report from Qrator that highlights some of the massive weaknesses in the backbone of the internet. After that, we discuss a recent research blog post from Yan (@bcrypt) showing her work in finding a CSRF flaw in OK Cupid that bypassed Cross-Origin Resource Sharing (CORS) protections.

What Is Zero-Trust Security?

Mon, 02 Aug 2021 08:37:00 -0700

This week on the podcast we talk Zero-Trust. What is it? How do you implement it? And why should all IT professionals work towards updating their networks to this security architecture? We'll answer all that and more after a quick Kaseya update and a security memorandum from the White House.

Why So SeriousSAM

Mon, 26 Jul 2021 10:12:00 -0700

This week on the podcast we cover the latest Microsoft Windows privilege escalation vulnerability, SeriousSAM aka HaveNightmare. Before that, we discuss NSO Group and their spyware software known as Pegasus and whether private organizations should be allowed to market and sell spyware to government agencies.

Section 230 – Rewind

Wed, 21 Jul 2021 11:28:00 -0700

With the White House announcing this month that it plans to investigate potential changes to Section 230, the safe harbor laws that enable websites to moderate content without risk of liability for content they fail to remove, we wanted to bring back an episode from last year where we discuss exactly what these laws are and how they enable a free and open internet.

Kaseya & PrintNightmare

Mon, 12 Jul 2021 08:52:00 -0700

This week on the podcast we cover the Kaseya mass ransomware incident from July 7. While the event is still ongoing, we already have evidence for how the attack occurred and exactly what the threat actors did on affected endpoints. In this episode we dive in to the details around the incident and defensive tips for this specific incident, and similar incidents in the future. Additionally this week, we cover the PrintNightmare vulnerability and what it means for Windows administrators.

A Market for Lemons?

Wed, 07 Jul 2021 15:16:00 -0700

We recorded this episode before news of the massive attack against Kasaye users broke on Friday. Suffice to say, next week's episode will give a full debrief of the incident including how it happened, who it affected, and what all MSPs can learn from it. In the meantime, check out Corey's post on the Kaseya breach here, which we will continue to update as new information comes to light. This week on the podcast, we cover the latest LinkedIn data "breach," an update in activity from the hacking group responsible for the SolarWinds supply chain attack, and research from Microsoft's security team into multiple authentication bypass vulnerabilities in a popular consumer router. After that, we have a discussion our thoughts on a recent article by the Economist that compares the cybersecurity industry to used car dealers.

Q1 2021 Internet Security Report

Tue, 29 Jun 2021 10:54:00 -0700

Its that time of year again! This week on the podcast, we cover the latest internet security report from the WatchGuard Threat Lab. We'll go over the latest trends in malware and network attacks targeting WatchGaurd customer networks through the first quarter of the year, as well as defensive tips for all organizations.

Dark Web Bake Sale

Mon, 21 Jun 2021 09:31:00 -0700

This week on the podcast we discuss an often overlooked item for sale on underground forums, authentication cookies. Before that though, we'll cover a few surprising stats from a recent ransomware study by Cybereason and an update from NATO on cyber warfare.

-Anom-

Tue, 15 Jun 2021 12:52:00 -0700

This week on the podcast, we discuss operation Trojan Shield, a multi-year program where the FBI in partnership with international law enforcement agencies developed and distributed an encrypted communications application on the underground that gave them full access into criminal messages. We'll also cover the latest news from the recent Colonial Pipeline and JBS ransomware attacks before ending with some news from the prolific banking trojan Trickbot.

Atomic Flashcards

Mon, 07 Jun 2021 09:59:00 -0700

This week on the podcast, we take a look at how soldiers unknowingly leaked highly-sensitive information about the United States' foreign nuclear arsenal and discuss how we can reprogram humans to not make similar mistakes. We also cover the latest major ransomware incident targeting manufacturing and industrial control, a damning privacy admission from Google's own executives, and a Supreme Court decision that will likely have a major effect on prosecuting some forms of cyber crime.

An Epic Battle

Wed, 26 May 2021 08:07:00 -0700

This week on the podcast we cover an epic battle between a video game giant and a tech behemoth that has the potential to change mobile security forever. After that, we cover updates to several recent security events including the SolarWinds breach, the attempted poisoning of the Oldsmar, FL water supply, and the ransomware attack against Colonial Pipeline.

Oil for Ransom

Tue, 18 May 2021 13:32:00 -0700

This week on the podcast we cover the ransomware attack against Colonial Pipeline which left the east coast of the United States in fear of gas shortages for more than a week. We'll discuss the threat actors behind it, how they possibly got in, and what the response was from Colonial and the United States government.

21 Nails

Wed, 12 May 2021 11:49:00 -0700

This week on the podcast we cover a 12 year old vulnerability in Dell's firmware update driver impacting hundreds of millions of servers, workstations and tablets. Then, we dive in to 21 nails, a collection of vulnerabilities in the Exim Mail Transfer Agent (MTA) which has wide use across the internet. We'll go over a few of the biggest flaws and how they work as well as what it means for email security.

What Is Same-Origin Policy?

Mon, 03 May 2021 12:00:00 -0700

This week on the podcast, we mourn a Dan Kaminsky, a well-loved hacker responsible for identifying one of the biggest vulnerabilities in the history of the internet. Then, we continue our dive into web app security standards with a discussion on Same-Origin Policy and Cross Origin Resource Sharing (CORS) and how they help protect us against Cross Site Request Forgery (CSRF) attacks.

Cellebrite Good Times

Wed, 28 Apr 2021 11:52:00 -0700

This week on the podcast, we cover Signal CEO Moxie Marlinspike's analysis of a phone forensic analysis tool made by the grey-hat hacking organization Cellebrite. Before that though, we cover another solved mystery from the SolarWinds Orion saga.

On A Tuesday

Wed, 21 Apr 2021 14:15:00 -0700

This week on the podcast we cover a couple of major events from April's Patch Tuesday including four new remote code execution vulnerabilities in Exchange Server and some additional developments in the saga of March's Exchange Server exploits.

Combating Disinformation with Nina Jankowicz Rewind

Wed, 14 Apr 2021 07:49:00 -0700

This week on the podcast, we go back to one of our favorite episodes from last year near the start of the pandemic where we sat down with security expert Nina Jankowicz to discuss what the rapid change to remote work would mean for security.

Q4 2020 Internet Security Report

Wed, 07 Apr 2021 20:42:00 -0700

Its that time of year again! This week on the podcast we dive in to the latest internet security report out of the WatchGuard Threat Lab. We'll cover the latest trends in malware, both at the perimeter and the endpoint, as well as network attacks and malicious domains. Additionally, we'll recap the top security incident from Q4, the Solar Winds Breach, and what it means for companies going forward.

What Is Content Security Policy?

Tue, 30 Mar 2021 16:47:00 -0700

This week on the podcast we take a look at Content Security Policy, a web app security standard designed to combat Cross Site Scripting attacks against websites and web apps. Before that though, we'll cover the latest security news including a resurgence in ransomware attacks and the long overdue death of TLS versions 1.0 and 1.1.

Defense Tips from a Pentester

Tue, 23 Mar 2021 07:00:00 -0700

This week on the podcast we cover key findings from the 2020 FBI Internet Crime Report and the latest reflective amplification vector for DDoS attacks. Then, we discuss a recent blog post from penetration tester Fabian Mosch that details the top weaknesses they target during their engagements. You can read more from Fabian here.

Popping Webmail Shells

Wed, 17 Mar 2021 08:59:00 -0700

This week on the podcast we take a deep dive into the Exchange Server vulnerabilities that Microsoft issued an emergency patch for after discovering foreign adversaries were actively exploiting the flaws in the wild. We'll go over the vulnerabilities, how they work, and give some tips for defending against similar attacks in the future.

Hacked by Cosmic Rays

Tue, 09 Mar 2021 09:23:00 -0800

This week on the podcast we cover Gootkitand Gootloader, two oddly-named pieces of an evasive trojan that researchers have been watching evolve into a fileless threat. We also discuss the security benefits and drawbacks of Apple's closed-door approach to security. Finally, we end with some research on what happens when a cosmic ray causes your computer to load up the wrong destination for a network connection.

Microsoft Says “Regulate Us”

Wed, 03 Mar 2021 14:36:00 -0800

This week on the podcast we cover an upcoming Chrome browser update with important behind-the-scenes changes, a 9.8/10 severity vulnerability in VMWare vCenter, and a plea from Microsoft for more breach disclosure regulation in the wake of the SolarWinds breaches.

RIPE for the Taking

Wed, 24 Feb 2021 12:22:00 -0800

This week on the podcast, we chat about an authentication attack against one of the world’s internet address registrars, another Russian threat actor targeting a popular IT software company, and research on a credential theft trojan and its delivery methods.

So Confused

Thu, 18 Feb 2021 13:15:00 -0800

This week on The 443, we cover a cyber-attack against the water supply of a small Florida town and research into a new class of vulnerabilities in software libraries called Dependency Confusion.

CacheFlow

Thu, 11 Feb 2021 13:23:00 -0800

This week on the podcast, we cover the latest research from Avast on evasion techniques in use by malicious Chrome extensions. After that, we discuss the latest report from Google's Threat Analysis Group on nation-state threat actors targeting white hat security researchers.

It’s Always DNS

Tue, 26 Jan 2021 10:07:00 -0800

This week on the podcast, we bring on Trevor Collins from the WatchGuard Threat Lab to chat about a the recently disclosed MalwareBytes breach and a series of vulnerabilities in a popular DNS forwarder, dubbed DNSPOOQ.

AppleScryptominers

Tue, 19 Jan 2021 00:00:00 -0800

This week on the podcast, we cover a cloud security alert courtesy of Cybersecurity & Infrastructure Security Agency (CISA) and encrypted DNS guidance from the NSA. We also discuss a macOS malware evasion technique that has eluded analysis for over 5 years, until now.

The Hack of the Decade

Mon, 11 Jan 2021 07:56:00 -0800

This week on the podcast we dive into what will likely be remembered as the hack of the decade. With victims including dozens of Fortune 500 companies and US Federal agencies, the SolarWinds supply chain breach has had a massive impact on the industry and as the potential to change client/vendor trust relationships going forward.

Biohacking with Amal Graafstra Rewind

Mon, 28 Dec 2020 00:00:00 -0800

Happy Holidays! This week on the podcast, we're going back to one of our favorite episodes from 2019 where we sat down with Biohacking pioneer Amal Graafstra to discuss implants, RFID technology and the future of human/technology interactions.

2021 Security Predictions

Mon, 07 Dec 2020 08:53:00 -0800

This week on the podcast, we jump in to WatchGuard Threat Lab's 2021 security predictions. From automated spear phishing to booby-trapped electric vehicle chargers, we'll discuss each of the 8 predictions we made and why we made them. You can read about the predictions in full at watchguard.com/predictions.

2020 Predictions Recap

Mon, 30 Nov 2020 08:30:00 -0800

Every November, WatchGuard Threat Lab tries to make predictions about potential security events in the coming year. While some predictions might come off as a bit extreme, they're all grounded in actual trends that we see and expect to continue. With 2020 almost under wraps, its time for us to look back to the predictions we made one year ago and grade ourselves on how well we did.

Securing SMBs with John Grady

Mon, 23 Nov 2020 08:16:00 -0800

This week on the podcast, we sit down with ESG Analyst John Grady again, this time to chat about the topic of SMB Security. We'll cover how the cyber threat landscape has changed throughout 2020 and what SMBs got right, and wrong when it came to adapting.

Getting SASE with John Grady

Mon, 16 Nov 2020 09:37:00 -0800

This week on the podcast we sit down with John Grady, analyst at Enterprise Strategy Group, to break down the latest industry industry terms Secure Access Service Edge (SASE) and Zero Trust Network Access (ZTNA). We'll dive in to exactly what they encompass and then get John's thoughts on where they stand in small and medium enterprises.

Packaged Attacks

Mon, 09 Nov 2020 09:24:00 -0800

This week on the podcast we discuss a previously unsolved mystery from the dark web that was just solved with a little help from the IRS. We'll then discuss the growing issue of malicious opensource packages and libraries after researchers last week discovered a malicious package masquerading as a popular communications service.

Healthcare Hacking

Mon, 02 Nov 2020 12:04:00 -0800

This week on the podcast, we'll discuss an alert from US-CERT and the FBI that details an "imminent threat" to hospitals and other healthcare facilities, as well as some recently disclosed critical vulnerabilities in a popular healthcare records software. After that, we'll give you your (hopefully) last dose of election security news with some election related hacking from the past week.

Top Election Security Threats

Thu, 29 Oct 2020 11:49:00 -0700

With the US elections only a week away, we're talking election security on this week's episode. We'll cover what we do and don't think attackers will target in the coming week and what we can do as a country to improve our security posture.

Trickbot Takedown

Thu, 22 Oct 2020 10:37:00 -0700

This week on the podcast, we discuss the latest round of indictments against foreign intelligence agents for cyber espionage. After that, we cover a Microsoft-lead coalition that has so far made a significant impact in taking down the infrastructure behind one of the largest active botnets. Finally, we highlight key takeaways from the latest Google Threat Analysis Group update on foreign hacking efforts.

Android Ransomware Evolution

Mon, 12 Oct 2020 00:00:00 -0700

This week on The 443, we cover research from Microsoft's security team on a new Android ransomware variant that gets around Google's latest protections. We also cover a UEFI malware loader discovered by Kaspersky and the US Department of Justice's actions against a popular video game console mod chip manufacturer.

ZeroLogon

Mon, 05 Oct 2020 08:53:00 -0700

This week on the podcast we circle back to cover a critical vulnerability in Windows Server, that could allow an attacker to obtain the keys to the kingdom with minimal effort. After that, we discuss a pair of alerts from the US Department of Treasury Office of Foreign Assets Control and Financial Crimes Enforcement Network on the topic of ransomware payments.

Q2 2020 Internet Security Report

Mon, 28 Sep 2020 11:25:00 -0700

This week on the podcast, we cover the latest internet security report from WatchGuard Threat Lab. We'll go over the key takeaways from the Q2 2020 report including malware and network attacks that targeted WatchGuard customer networks. Before that though, we'll discuss an alert from the US Cybersecurity and Infrastructure Security Agency (CISA) that detailed a successful cyber attack against an unnamed federal agency.

Combating Disinformation with Nina Jankowicz

Mon, 21 Sep 2020 00:00:00 -0700

This week on The 443 – Security Simplified, we sit down for a chat on disinformation with Nina Jankowicz, author of How to Lose the Information War. From the US to Estonia, we’ll discuss how nation states are weaponizing social discussion against their adversaries to sow discord and advance their own influence and agenda, in some cases without even having to pick a side.

Election Security Update

Mon, 14 Sep 2020 13:18:00 -0700

This week on the podcast, we cover the city of Portland's ban on facial recognition technology for both public and private organizations, malware targeting VOIP soft switches, and an update from Microsoft on foreign hacking attempts into entities involved in this year's US elections.

Snowden Vindication?

Thu, 10 Sep 2020 13:44:00 -0700

This week on the podcast we cover an update on the MYSTIC surveillance platform, one of several covert and potentially illegal spying programs that former NSA contractor Edward Snowden leaked the existence of in 2014. Additionally, we'll discus an update on the payment card skimming malware MageCart and a Python Remote Access Trojan. Episode Note: Yes, we posted this episode a bit late but we'll be back to our normal Monday episodes next week!

Uber Cover Up

Mon, 31 Aug 2020 12:59:00 -0700

This week on the podcast we cover the latest updates on Uber’s cover up of their 2016 data breach that impacted 57 million customers and employees. After that, we discuss a DDoS attack against the New Zealand Stock Exchange and an interesting malware delivery technique that researchers at ProofPoint recently disclosed.

AI Bloggers

Mon, 24 Aug 2020 09:50:00 -0700

This week on the podcast, we cover Generative Pre-trained Transformer 3 or GPT-3, an AI model that a UC Berkeley student recently used to generate blog posts that fooled humans enough to propel one of them to the top of Hacker News. Additionally, we'll discuss a P2P botnet that has been targeting SSH servers on the internet.

The Dark Web Rewind

Mon, 17 Aug 2020 08:43:00 -0700

This week on the podcast, we’re bringing back a favorite episode from the very beginnings of The 443 – Security Simplified where we dove in to the Dark Web and discussed how It works, where it came from, and who uses it now. This episode originally aired in 2018.

BlackHat 2020 Recap

Mon, 10 Aug 2020 00:00:00 -0700

With BlackHat’s online-only 2020 edition conference in the bag we take a look back at a few of our favorite briefings and discuss the takeaways as they apply to our industry. From a penetration test gone wrong to what security professionals can learn from an EMT, we cover the best talks from this year’s event.

BlackHat and DEF CON Online

Mon, 03 Aug 2020 08:44:00 -0700

With the Black Hat and DEF CON security conferences starting this week, albeit in an online-only mode, we decided to take a look through this year’s agenda and pick some of the talks we are most looking forward to. We’ve picked out talks ranging from new research to updates on recent vulnerabilities to discuss on this week’s episode. Be sure to check out defcon.org this weekend since the conference is entirely free this year.

Meowing Databases

Mon, 27 Jul 2020 00:00:00 -0700

This week on The 443 – Security Simplified we discuss yet another alert from the UK National Cyber Security Center, this time on cyber-attacks targeting sporting organizations. We also take a quick dive into Meowing, a wave of destructive hacking that’s been targeting exposed databases online. Finally, with only a few weeks to go before the online-only editions of Black Hat and DEF CON, we chat about our annual Capture the Flag contest and how to participate this year. fls bxeu ee [[auyfj-8o1z1p9hq7]]

Twoops

Mon, 20 Jul 2020 09:09:00 -0700

This week on The 443 – Security Simplified we cover a massive security breach at Twitter that resulted in an attacker taking over dozens of high-profile accounts ranging from former presidents to Apple. We also discuss the latest Microsoft patch Tuesday which included a fix for a critical security vulnerability in Windows DNS Server.

Can We Trust Facial Recognition?

Mon, 13 Jul 2020 00:00:00 -0700

Welcome back to another episode of The 443 – Security Simplified. This week in the news, we cover an open source vulnerability scanner from Google and phishing campaign that combines Microsoft 365 and Zoom. After that, we dive in to the world of facial recognition and discuss recent research from WatchGuard Threat Lab and other concerns about the technology.

Don’t Trust the App

Mon, 06 Jul 2020 00:00:00 -0700

This week on The 443 – Security Simplified, we discuss the latest out-of-band security patch from Microsoft solving two potentially serious vulnerabilities, a cryptocurrency phishing campaign that made its way on to the Google Play app store, and a neat way that payment card skimming malware hide’s its malicious code.

Q1 2020 Internet Security Report

Mon, 29 Jun 2020 00:00:00 -0700

It’s that time of year again! This week on The 443 we cover the latest internet security report from the WatchGuard Threat Lab. In this episode, we’ll cover the stats and key findings from threat intelligence gathered from over 44,000 security appliances deployed across the world.

A New DDoS Record

Mon, 22 Jun 2020 08:52:00 -0700

This week on The 443 – Security Simplified, we discuss a new DDoS throughput record as reported by Amazon in their AWS Shield Therat Landscape Report for Q1 2020 as well as a history of reflective amplification DDoS attacks. Before that though, we cover an interesting macOS Gatekeeper bypass that involves a bit of social engineering and the latest Intel CPU technology that just might make ROP chains a thing of the past. macOS Gatekeeper bypass - https://www.intego.com/mac-security-blog/new-mac-malware-reveals-google-searches-can-be-unsafe/ Intel Tiger Lake CET - https://newsroom.intel.com/editorials/intel-cet-answers-call-protect-common-malware-threats/ AWS DDoS Record - https://aws-shield-tlr.s3.amazonaws.com/2020-Q1_AWS_Shield_TLR.pdf

Section 230

Mon, 15 Jun 2020 00:00:00 -0700

This week on The 443 – Security Simplified we’re taking a break from the news to talk about a cornerstone of the modern internet, Title 47, Section 230 of the US code, also known as the safe harbor provisions. These laws, which are critical for a free and open internet, have been increasingly under attack in recent months by politicians in the United States from both major political parties. That is why we’re focusing an entire episode exactly what these laws protect and how they came to be.

Nuclear Ransomware

Thu, 11 Jun 2020 14:05:00 -0700

This week on The 443 – Security Simplified, we cover a story from Cloudflare on cyber-attacks targeting activists, APTs targeting political campaigns, and ransomware targeting nuclear missile contractors.

Sandworm Situation

Mon, 01 Jun 2020 09:49:00 -0700

This week on The 443 – Security Simplified we cover an NSA alert on the Russian government-backed hacking group known as Sandworm. After that, we discuss the latest findings from Google’s Threat Analysis Group and what OpenSSH’s deprecation of SHA-1 means to servers everywhere.

Unemployment Fraud

Tue, 26 May 2020 00:00:00 -0700

This week on The 443 – Security Simplified, we cover the latest Google Chrome update, another airline data breach, and a wave of unemployment affecting residents of Washington State and possibly elsewhere.

Centennial

Wed, 20 May 2020 11:16:00 -0700

This week is a very special week for The 443 – Security Simplified, our 100th episode! To celebrate, we’ve combed through our last 99 shows and picked out several stories and topics that we’ve discussed which have updates. In this episode, we’ll bring you up to speed with these topics and then highlight the latest developments.

Toasters and Proxies

Mon, 11 May 2020 09:21:00 -0700

This week on The 443 – Security Simplified we cover the latest in cyber security news including a sneaky payment card skimming malware delivery method, a multinational alert on APTs targeting healthcare, and the latest research on remote access vulnerabilities.

Random Name Generator

Mon, 04 May 2020 08:44:00 -0700

This week on The 443 – Security Simplified, we cover the latest in questionably-named nation state hacking, a crackdown on Chrome extensions, and an actively in-development android Trojan.

You’ve Got Mail [App Vulns]

Mon, 27 Apr 2020 10:26:00 -0700

Welcome back to another episode of The 443 – Security Simplified. This week, we cover the latest security news including over 160,000 compromised Nintendo accounts, nation state hacking, and a battle over a critical Apple iOS vulnerability.

xHelper xUpdate

Mon, 20 Apr 2020 08:50:00 -0700

This week on The 443 – Security Simplified, we cove the latest news stories including yet another security incident involving the video conferencing software Zoom, the effects of the COVID-19 epidemic on cyber-attack trends, and the latest update on the “unkillable” android malware xHelper.

Talking Remote Working with Cat Murdock

Mon, 13 Apr 2020 09:18:00 -0700

This week, we have a special episode of The 443 – Security Simplified where we sit down with a penetration testing and general security expert Cat Murdock of GuidePoint Security to discuss how the COVID-19 pandemic and the rapid shift to working from home has changed the security landscape. You can follow Cat on Twitter @catmurd0ck and check out her latest work at GuidePoint Security here.

Zoom Zoom

Mon, 06 Apr 2020 14:56:00 -0700

Welcome back to another episode of The 443 – Security Simplified. Chances are by now you’ve been invited to join a Zoom meeting by someone in your work or personal life. Chances are, you’ve also probably noticed the deluge of attention Zoom has been receiving in terms of vulnerability research in the past few weeks. That’s why in this episode, we’re talking all about Zoom including our takes on its latest vulnerabilities and how to have a secure meeting safe from Zoom Bombing.

Q4 2019 Internet Security Report Recap

Tue, 31 Mar 2020 09:31:00 -0700

It’s the end of the quarter which means it’s time for another special edition of The 443 – Security Simplified where we discuss the latest Internet Security Report from WatchGuard Threat Lab. In this episode, we’ll cover the top security trends from Q4 2019 and defensive tips for keeping your organization safe from the latest threats.

Securing Remote Workers

Mon, 23 Mar 2020 08:44:00 -0700

Welcome back to another episode of The 443 – Security Simplified. With the COVID-19 pandemic forcing anyone and everyone who can work from home to work from home, many organizations are having to rapidly create remote worker policies and infrastructure for the first time. This week, we cover the latest news before diving in to a discussion on securing a mobile workforce.

Phishing for Viruses

Mon, 16 Mar 2020 10:04:00 -0700

Welcome back to another episode of The 443 – Security Simplified. This week, we cover an emergency patch from Microsoft, a massive botnet takedown, and the latest in COVID-19-related phishes.

RSA 2020 – Day 3 Recap

Fri, 28 Feb 2020 00:00:00 -0800

Welcome to our third and final special RSA 2020 edition of The 443 – Security Simplified. On this episode, we cover the talks we saw on the third day of RSA, ranging from web browser fingerprinting to detecting shadow IT in your organization.

RSA 2020 – Day 2 Recap

Thu, 27 Feb 2020 00:00:00 -0800

Welcome back to another special edition episode of The 443 – Security Simplified. On this episode, we recap day 2 of RSA Conference in San Francisco. We’ll talk about several IoT topics, security vs privacy tradeoffs, and some research into gift card APIs by a 15 year old.

RSA 2020 – Day 1 Recap

Wed, 26 Feb 2020 08:05:00 -0800

Welcome to a special edition episode of The 443 – Security Simplified where we’re coming to you (almost) live from RSA Conference 2020. In this episode, we’ll recap what we saw during day 1 of the conference including the opening keynotes and several individual talks on security-related topics.

EmoTed

Tue, 18 Feb 2020 14:09:00 -0800

Welcome back to another week of The 443 – Security Simplified. In this episode we cover 5 different news stories including vulnerability research into an elections voting app, the latest in phishing, and multiple updates on prolific malware threats.

Episode Delay

Sun, 16 Feb 2020 18:54:00 -0800

This week our regular podcast will be delayed a few days. We hope to get it out to you by Wednesday and then return to our normal Monday schedule. Thanks again for listening, we have a great show coming!

A Wagon Full of Phones

Mon, 10 Feb 2020 00:00:00 -0800

This week on The 443 – Security Simplified, we cover an artistic hack of Google Maps, vulnerabilities in WhatsApp and a popular consumer IoT device, and an FBI warning on election hacking,

Breaches of Trust

Mon, 03 Feb 2020 09:30:00 -0800

This week’s episode of The 443 – Security Simplified takes on a privacy focus as we discuss several recent news stories involving breaches of trust and erosion of privacy in the name of security.

Q3 2019 Internet Security Report Recap

Thu, 26 Dec 2019 15:26:00 -0800

This week on The 443 – Security Simplified, we dive in to WatchGuard Threat Lab’s Q3 2019 Internet Security Report. We’ll cover the trends from the last quarter including the top malware payloads, network attacks, and phishing domains as well as some defensive tips for keeping your systems safe.

2020 Cyber Security Predictions

Mon, 09 Dec 2019 00:00:00 -0800

Each year, WatchGuard Threat Lab sits down and comes up with our predictions for the coming year. While some may come off as farfetched, all are grounded in a trend we expect to see continue and grow. This week on The 443 – Security Simplified, we cover our predictions for 2020.

Elderly Ransomware

Wed, 04 Dec 2019 14:58:00 -0800

Welcome back to another episode of The 443 – Security Simplified. This week, we cover a cryptocurrency heist, a déjà vu breach, the latest in attacks targeting Managed Service Providers, and a state supreme court ruling impacting privacy.

Like Stealing a Capri Sun

Tue, 26 Nov 2019 09:00:00 -0800

Welcome back to another episode of The 443 – Security Simplified. This week, we cover the latest news from a credential stuffing attack against a popular streaming service to the dumbest name for a security threat ever.

Mr. Robot Recap

Mon, 18 Nov 2019 00:00:00 -0800

Welcome back to another episode of The 443 – Security Simplified. With Season 4 of Mr. Robot about half-way through, we decided to take some time and review all of the hacking that has occurred so far. A warning for anyone who hasn’t watched through episode 6 yet, this podcast episode contains spoilers.

Android App Defense Alliance

Mon, 11 Nov 2019 08:22:00 -0800

Welcome back to another episode of The 443 – Security Simplified. This week, we cover several updates on the Android malware landscape and the latest in biometric authentication techniques.

DTrack Damage

Mon, 04 Nov 2019 00:00:00 -0800

Welcome back to another episode of The 443 – Security Simplified. This week, we cover three major news stories from the past week including the NordVPN breach, Facebook suing a zero-day development firm, and the latest attack from North Korea’s Lazarus Group.

Cyber Security Awareness Month – Manufacturing and MSPs

Mon, 28 Oct 2019 00:00:00 -0700

It is now the fourth and final week of Cyber Security Awareness Month which means you're getting the last of our special edition episodes of The 443 – Security Simplified focusing on specific industries. This week, we're chatting about the threat landscape and defensive tips for two different industries, manufacturing, and the world of Managed Service Providers or MSPs.

Cyber Security Awareness Month – Retail and Hospitality

Mon, 21 Oct 2019 00:00:00 -0700

We have reached week three of Cyber Security Awareness Month here on The 443 – Security Simplified which means its time for another special episode focusing on an industry. This week though, we're giving you a 'two-fer' by covering both the retail and hospitality industries. As with the last two weeks, we'll cover the top trends and provide some helpful tips for keeping your networks safe.

Cyber Security Awareness Month – Education

Mon, 14 Oct 2019 00:00:00 -0700

It is week two of Cyber Security Awareness Month which means we are coming at you with our second special edition episode of The 443 – Security Simplified focusing on securing specific verticals and industries. This week, we're covering the world of education and keeping students and faculty safe from cyber threats. We'll go over the top trends and pitch out some helpful tips for keeping school networks safe.

Cyber Security Awareness Month – Healthcare

Mon, 07 Oct 2019 00:00:00 -0700

We’re kicking off Cyber Security Awareness Month with our first in a four-part series of The 443 – Security Simplified focusing on securing specific verticals and industries. This week, we start with healthcare. This week, we’ll cover some of the most important security topics to the healthcare industry including trends and defensive tips.

The Vulnies

Sun, 29 Sep 2019 12:00:00 -0700

https://www.youtube.com/watch?v=wHWx2VWCdrE&feature=youtu.be We’ve cooked up something special for this week’s episode of The 443 – Security Simplified. To celebrate international podcast day, we’re bringing introducing The Vulnie Awards! We’ve curated 8 categories of awards, ranging from the worst breach response to the best vaporware and in this episode, we’ll present you with the winners!

Emotet Eternal

Mon, 23 Sep 2019 07:48:00 -0700

Welcome back to another episode of The 443 – Security Simplified. This week, we have a news roundup for including the latest in mobile phone hacking, a hacking group targeting foreign IT service providers, and an update on one of the oldest banking trojans.

DNS Security

Mon, 16 Sep 2019 00:00:00 -0700

Welcome back to another episode of The 443 – Security Simplified. This week, we cover the latest update on the BlueKeep Windows RDP vulnerability before jumping into an overview of four different protocols that were designed to improve DNS security and privacy. We’ll give you an overview of DNSSec, DNSCrypt, DoT and DoH and how they help secure one of the most used protocols on the internet.

Hacking Android’s Universe

Mon, 09 Sep 2019 00:00:00 -0700

This week on The 443 – Security Simplified we cover several news stories from the past few weeks including an unpatched zero day vulnerability in Android and the latest Facebook privacy failure. We’ll also cover the latest in security concerns from motherboard manufacturer SuperMicro, a data breach affecting the popular web comic XKCD, and an account takeover of Twitter’s CEO.

Lone Star Ransomware

Fri, 23 Aug 2019 00:00:00 -0700

This week on The 443 – Security Simplified, we cover the latest ransomware attack targeting local governments, a new password protection feature being added to Google Chrome, and the latest tricks attackers are using to spam and phish.

Penetration Testing

Mon, 19 Aug 2019 00:00:00 -0700

Welcome back to another episode of The 443 – Security Simplified. This week we cover the latest in infosec news including ransomware targeting a hospital and a recently discovered vulnerability in the Bluetooth specification. We’ll also cover our favorite talks from the last day of the Def Con security conference.

Def Con 27 Recap – Day 2

Wed, 14 Aug 2019 00:00:00 -0700

Welcome back to the last Hacker Summer Camp special edition episode of The 443 – Security Simplified. On this episode, we cover day 2 of the Def Con hacker conference in Las Vegas. We’ll go over our favorite talks and takeaways from the day before heading back home tomorrow.

Def Con 27 Recap – Day 1

Tue, 13 Aug 2019 00:00:00 -0700

Welcome back to The 443 – Security Simplified. With Black Hat 2019 all wrapped up, on this episode we move on to Def Con 27, another security conference hosted every summer in Las Vegas. In this episode, we’ll cover our favorite talks and takeaways from the first day of the conference.

Black Hat 2019 Recap – Day 2

Mon, 12 Aug 2019 10:35:00 -0700

Welcome back to another special edition of The 443 – Security Simplified, (almost) live from Last Vegas! In this episode, we recap the second and final day of the Black Hat 2019 security conference. We'll cover some of our favorite talks and takeaways from the conference before transitioning to the Def Con conference tomorrow!

Black Hat 2019 Recap – Day 1

Fri, 09 Aug 2019 00:00:00 -0700

It’s Hacker Summer Camp season so we’re coming to you (almost) live from Last Vegas with daily recaps from the major security conferences. On this episode, we recap our favorite talks and findings from day 1 of the Black Hat conference.

What’s In Your Wallet?

Mon, 05 Aug 2019 00:00:00 -0700

It seems like the data breaches never end. This week on The 443 – Security Simplified we cover the latest data breach, Capital One. After that, we interview a Matthew Terry, a WatchGuard QA engineer, for an update on where the industry stands on wireless security.

US Justice and Injustice

Mon, 29 Jul 2019 00:00:00 -0700

The week on The 443, we cover stories of US Justice and Injustice. From the Equifax Breach Settlement to Facebook's record-breaking fine. We also cover a recent talk from US Attorney General William Barr on the topic of backdooring encryption. If you want to see whether you were a victim of the Equifax breach and are entitled to compensation, check out equifaxbreachsettlement.com.

FaceApp FUD

Mon, 22 Jul 2019 09:04:00 -0700

This week on The 443 – Security Simplified, we take a look at the popular social media photo manipulation app FaceApp. Is it a Russian-backed ploy to fuel a facial recognition database, or Just another fad with questionable terms of service? We also dive in to several new security stories and end with a discussion on the email address spoofing-prevention standard DMARC.

DerpTroll Detention

Mon, 15 Jul 2019 12:52:00 -0700

We have another bit news roundup day this week on The 443 – Security Simplified. In this episode, we cover an advanced fileless malware campaign, mobile malware targeting android devices, and an update on a script kiddie that tried to ruin Christmas.

Happy America Day!

Mon, 08 Jul 2019 01:00:00 -0700

This week on The 443 – Security Simplified we cover the latest BGP accident and targeted attacks on managed service providers. Then, to celebrate America’s birthday, we turn back the clocks to look at ciphers used during the revolutionary war.

The Q1 2019 Internet Security Report

Mon, 01 Jul 2019 01:00:00 -0700

It’s been three months since the last WatchGuard Threat Lab Internet Security Report which means this week on The 443 – Security Simplified, we have another special edition for the latest report! We’ll cover the big takeaways and trends from the last quarter and how you can keep your network safe from the latest threats.

One Full Trip Around the Sun

Mon, 24 Jun 2019 01:00:00 -0700

It’s been one year since episode #1 of The 443 – Security Simplified! On this week’s episode, celebrate the occasion by talking about some of our favorite topics from the last year. Before that though, we cover some news on new IoT security features and the latest in nation state attacks.

Biohacking with Amal Graafstra

Mon, 17 Jun 2019 01:00:00 -0700

This week on The 443 – Security Simplified, we sit down with biohacking pioneer Amal Graafstra to talk about implants, RFID technology, and the future of human/technology interaction.

2019 Security Predictions Mid-Year Review

Mon, 10 Jun 2019 01:00:00 -0700

It’s been about 6 months since we released our 2019 Security Predictions so this week on The 443 – Security Simplified, we re-visit them to see how we’ve done so far. We’ll cover which ones have been hits and which ones are on track complete with relevant news updates.

Facial Recognition Facts and Fears

Mon, 03 Jun 2019 01:00:00 -0700

This week on The 443 – Security Simplified, we cover the latest updates on the Baltimore ransomware attack and changes to Google Chrome’s extension library for advertisement blockers. Then, we dive in to the world of facial recognition technology including its uses, and privacy concerns.

Another Busy News Day

Mon, 20 May 2019 01:00:00 -0700

This week on The 443 – Security Simplified, we cover another busy week of news updates. We start with a critical vulnerability in some versions of Windows that could allow network worming. Then we follow up with the latest in a series of CPU vulnerabilities, what they are, why they matter, and what it means to you.

Big News Roundup

Mon, 13 May 2019 01:00:00 -0700

Welcome back to another episode of The 443 – Security Simplified. This last week was a busy week in cybersecurity with multiple interesting news topics. Instead of trying to pick just one to discuss, we decided to cover them all in a big news roundup episode! In this episode, we’ll cover a massive cryptocurrency heist, a citywide ransomware attack, a resolution to a 4 year old data breach, and a couple interesting topics involving Mozilla Firefox.

When Hacking and Gaming Collide

Mon, 06 May 2019 01:00:00 -0700

This week on The 443 – Security Simplified, we start with a quick update on ShadowHammer, the supply chain attack against ASUS hardware. Following the update, we combine two of our favorite topics, video games and hacking! We’ll cover a few big hacks and attacks from the early days of video game history to present Mobile games and end with some tips to keep you safe as you game.

Stop Following Me!

Mon, 29 Apr 2019 01:00:00 -0700

Have you ever wondered how website advertisements always seem to know what you plan on buying next? This week on The 443 – Security Simplified, we dive in to the world of browser fingerprinting and data tracking to explain how advertisements always seem to know what you were just thinking about.

Hacking VR With UNHcFREG

Mon, 22 Apr 2019 01:00:00 -0700

Welcome back to another episode of The 443 – Security Simplified. This week, we sit down with three members of the University of New Haven Cyber Forensics Research and Education Group to discuss their resent research into virtual reality application security. UNHcFREG recently discovered several vulnerabilities in the popular VR application BigRoom with results ranging from spying on users to code execution on the victim’s computer. We’ll chat with Dr. Ibrahim (Abe) Baggili, Martin Vondráček, and Peter Casey about this research project, and their thoughts on the future of VR and AR security. Dr. Ibrahim (Abe) Baggili is the Elder Family Endowed Chair of Computer Science & Cybersecurity at the Tagliatela College of Engineering, Department of Computer & Electrical Engineering and Computer Science at the University of New Haven, CT, specializing in Cybersecurity & Forensics. He serves as the Assistant Dean and is the founder of the University of New Haven’s Cyber Forensics Research and Education Group (UNHcFREG). Abe is also the former editor-in-chief of the Journal of Digital Forensics, Security and Law (JDFSL). He received his BSc, MSc and PhD all from Purdue University where he worked as a researcher in CERIAS. Abe co-authored over 70 publications including books, peer reviewed articles, and conference papers and has received funding for his work from a variety of sources including the NSF, NSA, DHS and MITRE. Most recently, work with his students showed security issues in mobile social messaging applications that affect over 1 billion people worldwide they also found major Virtual Reality exploits that affect people globally. His research interests include cybersecurity and forensics from technical, social, and psychological perspectives. He has worked closely with law enforcement and private sector and has published work on real challenges facing cybercriminal investigators and has presented at a number of conferences worldwide. Abe’s work has also been featured in news outlets and on TV worldwide in over 20 languages. To learn more about Abe and his work you can visit http://www.baggili.com and http://www.unhcfreg.com. Martin Vondráček is an enthusiastic student researcher focused on cybersecurity and computer networks, currently (2019) pursuing his master's degree at the Faculty of Information Technology, Brno University of Technology (FIT BUT), Czech Republic. He has completed his Bachelor's degree with honors at the same university and has received several academic awards including dean's award and rector's award. Martin joined the Cyber Forensics Research & Education Group (UNHcFREG) and Virtual Reality Lab as a visiting scholar from the FIT BUT in 2018. During his studies at the FIT BUT, he collaborated with the Networks and Distributed Systems Research Group (NES@FIT). His previous research was focused on automation of Man-in-the-Middle attack on Wi-Fi networks. Martin has also participated in student exchange programs at the University of Malta and the University of South Wales. You can contact him at linkedin.com/in/vondracek-martin, find out more about his publicly available work at github.com/mvondracek, and follow him at twitter.com/VondracekMar. Peter Casey is a graduate researcher at the University of New Haven. He is a member of the Cyber Forensics Research and Education Group, Virtual Reality Lab, and the Hacking Team. While Peter is currently working towards his Master’s in Computer Science (May 2019), he will soon start his career at MITRE. Prior to his studies at the University of New Haven, Peter served several combat deployments with the 1st battalion 75th Ranger Regiment and received his Bachelor’s of Science in Biology from the State University of New York, College at Geneseo.

Interviewing a Former Signals Intelligence Professional

Mon, 15 Apr 2019 01:00:00 -0700

This week on The 443 – Security Simplified, we have a very special episode for you. We sit down for an interview with Ricardo Arroyo, current Product Manager for WatchGuard Technologies and former employee of the NSA. You’ve already heard our views on government intelligence gathering and hacking operations so this week we’ll give you the other side from someone with first-hand experience.

Greetings From the UK!

Mon, 08 Apr 2019 01:00:00 -0700

Welcome back to another episode of The 443 – Security Simplified. We have another special episode this week coming from Manchester UK, where we sit down with Sr. Sales Engineer Martin Lethbridge to discuss the cyber threats that businesses are facing on this side of the pond. In the episode, we cover three main security concerns and how organizations across the world can combat them.

Biohacking Part 2 – Grinders

Mon, 01 Apr 2019 01:00:00 -0700

Today on The 443 – Security Simplified, we jump in to part two of our multi-part series on biohacking. In this episode, we focus on Grinders, the community of biohacker hobbyists that self-experiment with implants and chemicals to enhance their bodies and minds. We’ll cover a few notable individuals, some cool biohacks from the field, and safety concerns.

Internet Security Report Special Edition Q4 2018

Mon, 25 Mar 2019 01:00:00 -0700

The WatchGuard Threat Lab just released our Internet Security Report for Q4 2018 which means this week we have a special edition of The 443 – Security Simplified! On today’s episode, we cover all of the stats and trends from the latest report along with some defensive tips to keep yourself safe from the most prolific and widespread attacks.

Biohacking Part 1

Mon, 18 Mar 2019 01:00:00 -0700

This week on The 443 – Security Simplified, we cover the latest news including downtime for Facebook, a new IoT security bill making its way through congress, and the latest on nation-state hacking. Then, we begin the first of several episodes on the topic of biohacking. We start the series with a general overview of what biohacking is from cybernetic implants to DIY home-gene splicing. We’ll cover its origins, its future, and where it’s at right now with different subgroups of human biohacking. If there is a specific topic in biohacking that you would like us to cover in this series, reach out to us in the comments on Secplicity.org or on twitter at #The443Podcast.

RSA Conference 2019 – Conversations from Booth Land

Mon, 11 Mar 2019 01:00:00 -0700

While Marc is on vacation, and Corey left the cozy confines of our podcast booth in Seattle, and spoke with the folks at WatchGuard’s booth at the RSA Conference in San Francisco. They discussed the top security concerns and trends at the event, including: IoT, MFA and secure Wi-Fi.

RSA Conference Preview

Mon, 04 Mar 2019 01:00:00 -0800

Welcome back to another episode of The 443 – Security Simplified. This week, we preview the trends and buzzwords we expect to see at the 2019 RSA Conference in San Francisco. Before that though, we discuss the latest news, including a mobile phone forensics tool found on ebay and a cryptojacking company closing up shop.

All Hail Our AI Overlords

Mon, 25 Feb 2019 01:00:00 -0800

In this week’s episode of The 443 – Security Simplified, we cover two recent healthcare data breaches in the news. Following that, we’ll jump in to the world of artificial intelligence and a few applications with serious opportunities for misuse.

Roses Are Red, WatchGuard Is Too

Mon, 18 Feb 2019 01:00:00 -0800

In this episode of The 443 – Security Simplified, we cover a multi-factor authentication crackdown on Apple iOS app developers. Then, to celebrate Valentine’s day, we dive in to dating app security. We cover a few prominent hacks and security trends in the online dating world and how to not fall victim to attackers.

reCAPTCHA Roundup

Mon, 11 Feb 2019 01:00:00 -0800

This week on The 443 – Security Simplified, we discuss two news events involving bug bounties. The first event involves a security researcher withholding details of a critical flaw in Mac OS because of Apple’s lack of a bug bounty program, and the second involves a researcher that was allegedly assaulted by a vendor while following up on promises of a payment. After that excitement, we jump in to the world of CAPTCHA, including where it started and how its evolving.

Our First Live Podcast – Kicking off 2019

Mon, 04 Feb 2019 01:00:00 -0800

This edition of The 443 – Security Simplified was recorded in front of a live audience at a recent WatchGuard event. Marc and Corey engage the crowd, and WatchGuard executives, in discussion about the state of information security at the beginning of 2019, and have fun with some security and pop culture trivia games.

How to Breach a Company

Mon, 28 Jan 2019 01:00:00 -0800

In today’s episode of The 443 – Security Simplified, we cover the latest news where a group of researchers accidently triggered a bug, disrupting internet routing. We’ll then jump in to the 6 different categories of data breaches, how they occur, and how to defend against them.

How a Government Shutdown Affects Cybersecurity

Mon, 21 Jan 2019 01:00:00 -0800

In today’s episode, we cover the overlooked cybersecurity ramifications of the US government shutdown. From NIST to expired certificates, we’ll discuss the government agencies, programs, and tools that private organizations rely on every day which are most impacted by the US congress’s ongoing failure to pass a budget for 2019.

Hacking for PewDiePie

Mon, 14 Jan 2019 01:00:00 -0800

In today’s episode of The 443 – Security Simplified, we cover recent news of a mass account breach at Reddit and a global DNS hijacking campaign. We then discuss in to a group of hackers attempting to convince the world to subscribe to a popular YouTube personality’s channel by compromising printers and Chromecasts.

Talking MFA with Roger Grimes

Mon, 07 Jan 2019 01:00:00 -0800

This week on The 443 – Security Simplified, we sit down for an interview with authentication expert Roger Grimes, author of A Data-Driven Computer Security Defense. We’ll discuss the security benefits of multi-factor authentication and how attackers circumvent them.

Best of 2018 Recap

Mon, 31 Dec 2018 01:00:00 -0800

What a year! Since launching The 443 – Security Simplified in June we’ve recorded over 30 episodes full of the latest news, interviews and breakdowns of complex security topics. In this episode, we share some fan-favorite segments complete with the latest updates on where the discussion topics stand today.

The Q3 2018 Internet Security Report

Mon, 17 Dec 2018 01:00:00 -0800

In this episode of The 443 – Security Simplified, we cover WatchGuard’s Internet Security Report for Q3 2018. We’ll run through the latest malware and network attack trends, discuss the top security incidents from the quarter, and dive in to the WatchGuard Threat Lab’s latest research.

Securing Your Smart Home

Mon, 10 Dec 2018 01:00:00 -0800

Are you planning on decking out your home with the latest "smart" gadgets this holiday season? In today's episode of The 443 – Security Simplified, discuss which smart home devices are more secure than others and how to keep your home networks safe while adding your new internet-connected lightbulbs. Before that though, we cover the latest in data breaches with two big ones disclosed in the last week.

The 2019 Predictions That Didn’t Make It

Tue, 04 Dec 2018 01:00:00 -0800

Welcome back to another episode of The 443 - Security Simplified. This week in the news, we cover a supply chain attack against a popular Bitcoin wallet. For our main event, we've picked a few of our favorite predictions that didn't make the cut this year. We'll explain the trends behind each one and the reasons why they weren't included with the rest of them.

What We Are Thankful For

Mon, 26 Nov 2018 11:40:00 -0800

With Thanksgiving right around the corner (or just having just passed depending on when you listen to this), we wanted to take some time and talk about the things we are thankful for in the cyber security world. Before that though, we’ll cover the latest news in breaking biometrics where researchers out of New York University and the University of Michigan have developed a fingerprint master key.

Black Friday and Cyber Monday Security Tips

Mon, 19 Nov 2018 01:00:00 -0800

With Black Friday and Cyber Monday right around the corner, in today’s episode of The 443 – Security Simplified, we provide some useful cyber security tips to keep your bank account and home network safe while shopping for the latest holiday tech. Before that though, we cover a breach of over 23 million SMS messages and its impact on multi-factor authentication and account security as a whole.

Special Edition – 2019 Security Predictions

Wed, 14 Nov 2018 21:09:00 -0800

In this special edition of The 443 – Security Simplified, we cover WatchGuard’s 2019 security predictions, available in video and audio formats! For this year’s predictions, the WatchGuard Threat Lab imagines a dystopian future caused by a cybersecurity apocalypse. Learn about Vaporworms, ransomware targeting industrial control systems, the Internet being held hostage, and more. But don’t worry, we’ll also discuss how it can all be avoided! See both our predictions teaser video, and the full video podcast, here: watchguard.com/2019predictions

Scoring Last Year’s Security Predictions – How’d We Do?

Mon, 12 Nov 2018 11:20:00 -0800

We’re about to launch our security predictions for 2019, but in this episode we review and rate our predictions from last year. Did the predictions hit, miss or were just “meh”? Listen to find out!

Hacking the Mid-Terms

Mon, 05 Nov 2018 01:00:00 -0800

This week, on The 443 – Security Simplified, we cover the Bleeding Bit Bluetooth vulnerability impacting a large number of wireless access points. We then dive headfirst in to election security. We’ll cover both what we’re worried about and what isn’t very likely when it comes to securing the 2018 US mid-term elections.

Rise of the Bots

Mon, 29 Oct 2018 01:00:00 -0700

In today's episode of The 443 -- Security Simplified, we cover a class action settlement for the largest data breach in history (so far). We then dive in to the world of bots. From botnets to Twitter bots, we cover how they work, where they came from, and where they are going.

Web App Security Basics

Mon, 22 Oct 2018 16:00:00 -0700

In this episode of The 443 – Security Simplified, we cover the recent activity of the APT group known as Grey Energy. Who are they? Who are they targeting? And what are their methods? We’ll answer all of that before diving in to the basics of web app security. We’ll break down 5 of the OWASP Top 10 web app security threats into easily understood and actionable advice.

Hacked Hardware and Sad Security

Mon, 15 Oct 2018 01:00:00 -0700

On this week's episode of The 443 - Security Simplified, we cover a recent cyber security audit of major DoD weapons systems (spoiler alert: it's bad). Then we dive in to the recent controversial story out of Bloomberg about hardware implants in motherboards manufactured in China. Did it actually happen? And if so, what does it mean for the future of hardware manufacturing? We'll give our thoughts and more.

Where Do Hackers Come From?

Mon, 08 Oct 2018 01:00:00 -0700

Welcome back to The 443 – Security Simplified. Have you ever wondered how to get in to cyber-security? In this episode, we talk weigh the benefits of formal education versus self-taught knowledge and discuss the certifications and skills that can help get your foot in the door. Before that though, we’ll dive in to this week’s news including another bad day for Facebook and the latest in nation-state attacks.

What Are Digital Certificates?

Mon, 01 Oct 2018 01:00:00 -0700

This week on The 443 – Security Simplified, we cover Microsoft’s latest push towards killing off passwords once and for all and the privacy impact of Facebook maintaining “Shadow Contact Information.” We then dive deep in to the world of digital certificates and how they secure our web connections.

Weaponized Stuxnet

Mon, 24 Sep 2018 01:00:00 -0700

This week on The 443 – Security Simplified, we talk about the recently-sentenced authors of the Mirai Botnet and other cybercriminals that became FBI consultants. We then break down three of the most sophisticated cyber-attacks on the last decade. From Stuxnet to Operation Aurora, we’ll dive in to exactly what made these attacks so successful.

Q2 2018 Internet Security Report

Mon, 17 Sep 2018 01:00:00 -0700

This week on The 443 – Security Simplified, we dive in to WatchGuard’s latest Internet Security Report for Q2 2018. We’ll cover the malware and network attack trends from the last quarter including what you need to watch out for and how to keep your systems secure. We also cover the latest research from the WatchGuard Threat Lab and explain how the EFail PHP and S/MIME vulnerabilities work and how to stay safe.

What is Deep Inspection?

Mon, 10 Sep 2018 01:00:00 -0700

This week on The 443 – Security Simplified, we cover the US Department of Justice’s recently unsealed charges against a North Korean national claimed to be involved in the WannaCry and Sony Pictures attacks. We then break down the differences between stateful firewalling and deep packet inspection and why the latter is so important for detecting modern threats.

Overlooked IoT

Tue, 04 Sep 2018 10:29:00 -0700

On this week’s episode of The 443 – Security Simplified, we cover a vulnerability in a popular video game that recently came to Android and the latest in the seemingly never-ending cycle of data breaches. Then, we shed some light on a sector of IoT that doesn’t seem to garner as much attention as hacked cameras and medical equipment, but still poses security risks to companies.

Hacking Outside the Box

Mon, 27 Aug 2018 01:00:00 -0700

This week on The 443 – Security Simplified, we cover the DNC phishing scare that triggered an alert to the FBI, and a targeted ransomware attack demanding hundreds of thousands of dollars in payment. We then talk about a few outside the box hacks where researchers discovered unique ways to compromise potential targets.

More Wi-Fi Troubles

Mon, 20 Aug 2018 01:00:00 -0700

On this week's episode of The 443 - Security Simplified, we cover a new vulnerability in the WPA2 Wi-Fi standard and the re-release of the MANA wireless hacking toolkit. Marc and Corey also highlight their favorite talks from the DEF CON hacker conference in Las Vegas including attacks against enterprise blockchain, Nintendo systems, and even science itself.

Las Vegas Hacking Conference Week

Mon, 13 Aug 2018 01:00:00 -0700

This week’s episode comes (almost) live from the Black Hat hacking conference in Las Vegas. We start out with a discussion about the Capture the Flag (CTF) challenge that the WatchGuard Threat Lab released for the second year in a row and then jump right in to our favorite talks from this year’s Black Hat including important takeaways for the future of security.

Tales of Black Hats (and DEF CONs) Past

Mon, 06 Aug 2018 01:00:00 -0700

In this week’s news, we discuss how an attack against SMS 2-Factor Authentication allowed someone to access use compromised employee credentials to access Reddit’s source code and some user data. We then go relive some of our favorite bits of research to come out of previous Black Hat and DEF CON events. From hacking cars to ripping pages out of presentation books, you’ll hear it all on this week’s episode.

Black Hat 2018 and DEF CON 26 Preview

Mon, 30 Jul 2018 01:00:00 -0700

This week, the ACLU tested Amazon’s “Rekognition” facial recognition software, comparing 25,000 mugshots and members of US Congress with interesting results. What does this mean to the future of facial recognition in law enforcement and machine learning as a whole? Also, we are now only two weeks out from the annual Black Hat and DEF CON security conferences in Las Vegas. We’ll preview what you can expect if you attend as well as the talks we are looking forward to the most.

Russian Hackers and Wi-Fi Attackers

Mon, 23 Jul 2018 09:38:00 -0700

Well look at that…we’re already 8 episodes into the new podcast. Thanks to everyone who has downloaded and listened, and if you like what we’re doing, please tell a friend. Just after we recorded last week, an unsealed indictment disclosed the hacking efforts of accused Russian intelligence agents who gained access to Democratic Congressional Campaign Committee (DCCC) and Democratic National Convention (DNC) networks. While many of the news headlines focused on the political implications, we’ll dig into how the hackers did it. Spoiler alert, we see far too many “hacker 101” techniques successfully employed. Also, we pick the brain of our resident Wi-Fi security expert to learn how hackers exploit weak Wi-Fi security practices, and offer some practical advice for both business and consumers to protect themselves.

What is the Dark Web?

Mon, 16 Jul 2018 10:28:00 -0700

This week, U.S. military drone documents surfaced on the Dark Web for a mere $150, as did ways to remotely access tens of thousands of compromised systems. What is the Dark Web, who created it and why, is it solely a camouflaged underground for criminals to conduct illicit activities? In this episode of The 443 – Security Simplified, we leave the bright and shiny intertubes of the Clearnet, and we venture to the dark side of the web. Subscribe to "The 443 - Security Simplified" Apple Podcasts Stitcher Overcast Google Play TuneIn RSS

Under the Hood of HTTPS

Mon, 09 Jul 2018 12:04:00 -0700

In this episode, we cover an attack against 4G LTE networks called aLTEr. This attack comes with a marketable name and a website full of custom graphics, but is it the real deal, or does it have more bark than bite? We also break down HTTPS, the protocol that keeps your web browsing secure and private. Subscribe to "The 443 - Security Simplified" on Apple Podcasts Stitcher Overcast Google Play TuneIn RSS

Nation State Attacks

Mon, 02 Jul 2018 10:14:00 -0700

In this episode of "The 443 – Security Simplified", we talk about the Cyber Cold War and how nation-state cyber attacks impact not just countries but private organizations as well. Before that though, we take some time to break down the new WPA3 wireless security standard from the Wi-Fi alliance. Are VPNs still required for a secure wireless experience? Subscribe to "The 443 - Security Simplified" on Apple Podcasts Stitcher Overcast Google Play TuneIn RSS

Special Edition: New Internet Security Report

Thu, 28 Jun 2018 10:26:00 -0700

When they are not podcasting, Corey, Marc, and the rest of the WatchGuard Threat Lab team, conduct security research. Each quarter, the highlights of this research are showcased in the Internet Security Report. Today, the report for Q1 2018 was released, and the guys review the top malware and network attack trends from the first quarter, and give our thoughts on another record breaking DDoS attack that targeted Github back in February.

Host Q&A: The Men Under the White Hats

Tue, 26 Jun 2018 13:12:00 -0700

In this episode, our hosts Marc and Corey take a break from analyzing the latest security threats and trends, and analyze each other in a fun Q&A session. Hear about how their hacking backgrounds, first electrocutions, favorite gadgets, and faux hawk vs. mohawk!

The Insecurity of IoT

Tue, 26 Jun 2018 13:00:00 -0700

Welcome back to "The 443 – Security Simplified". It’s episode 2, and because the universe has a great sense of humor, just after digging into cryptocurrency in episode 1, we get a major hack of a cryptocurrency exchange, AND cypto-mining malware on Amazon TV and FIRE sticks. Never a dull moment in this industry! Subscribe to "The 443 - Security Simplified" Apple Podcasts Stitcher Overcast Google Play TuneIn RSS

Breaking Down the Blockchain and Cryptocurrency

Tue, 26 Jun 2018 11:21:00 -0700

Welcome to the first episode of "The 443 - Security Simplified". Each week on the podcast, white-hat hackers from the WatchGuard Threat Lab will analyze the methods and techniques behind the latest hacks, attacks, and breaches. We’ll tell you what happened, how the bad guys did it, and how to protect your business, employees and customers. On today’s episode, we cover cryptocurrency and the blockchain, learn that hard forks are a big deal, hear tales of fake ICOs, and learn about the utility of private blockchains. Also, is your Google Home leaking? Subscribe to "The 443 - Security Simplified" Apple Podcasts Stitcher Overcast Google Play TuneIn RSS

Introducing “The 443 – Security Simplified” Podcast

Sat, 16 Jun 2018 17:47:00 -0700

We are excited to announce our new podcast, "The 443 - Security Simplified". Listen to the trailer for a preview, and to subscribe, either search for “The 443 – Security Simplified” or use the links below. This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Each week, we’ll educate and entertain you by breaking down and simplifying the latest cyber security headlines and trends. Hosts Marc Laliberte and Corey Nachreiner will use their special blend of expertise, wit, and cynicism, and turn complex security concepts into easily understood and actionable insights. Subscribe