Threats

Episode 157: Do we need an FDA for Software? Also: operationalizing Threat Intelligence

Sarah Zatko of the Cyber Independent Testing Lab joins us to talk about CITL’s big new study of firmware security. In our second segment, we’re joined by Allan Thomson who is the Chief Technology Officer at LookingGlass Cyber Solutions to talk about the growing use of cyber threat intelligence and the need to evolve cybersecurity practices to keep ahead of fast-evolving threats.

MH-17 Disinformation Tweets

Episode 155: Disinformation is a Cyber Weapon and APTs warm to Mobile Malware

In this week’s episode of the Podcast (#155): Jerome Segura of Malwarebytes joins us to talk about how disinformation campaigns and cyber crime are part of the same toxic cocktail in the world’s trouble spots, like Ukraine. Also: Adam Meyers of CrowdStrike joins us to talk about that company’s first ever report on mobile malware, which is gaining currency with advanced persistent threat (APT) groups.

Armis Urgent/11 Vulnerabilities Logo

Critical Flaws in VxWorks affect 200 Million Connected Things

Serious and exploitable security flaws in VxWorks, a commonly used operating system for embedded devices, span 13 years and could leave hundreds of millions* of connected devices vulnerable to remote cyber attacks and hacks. The security firm Armis on Monday published a warning about 11 critical, zero day vulnerabilities in the VxWorks operating system, which is owned and managed by the firm Wind River. The vulnerabilities expose more than 200 million devices and could allow attackers to remotely take control of everything from networked printers and security appliances to industrial and medical devices, according to Ben Seri, the Vice President of Research at Armis. Move over, EternalBlue! At least a couple of the flaws were described as “more serious” than EternalBlue, the Microsoft Windows flaw that powered both the WannaCry and NotPetya malware outbreaks. SCADA and industrial control system devices, healthcare devices like patient monitors and MRI machines, as well […]

Episode 153: Hacking Anesthesia Machines and Mayors say No to Ransoms

In this week’s podcast episode (#153): The researcher who discovered serious remote access security flaws in anesthesia machines by GE says such security holes are common. Also: the US Conference of Mayors voted unanimously to swear off paying ransoms for cyber attacks. But is that a smart idea? We’re joined by Andrew Dolan of the Multi State Information Sharing and Analysis Center to talk about it.

Episode 152: What the Silex Malware says about IoT Insecurity and Cloud Security CEO Steve Mullaney on Amazon ReInforce

In this week’s podcast episode, #152: we talk with Akamai researcher Larry Cashdollar about his discovery of Silex, a new example of IoT killing malware allegedly authored by a 14 year old. Also: Steve Mullaney, the CEO of the cloud security start up Aviatrix joins us to talk about Amazon’s new cloud security conference: Re:Inforce.