Vulnerabilities

Unlocked Concept

Episode 225: Unpacking the Azure CHAOS DB Flaw with Nir Ohfeld of Wiz

We’re joined by Nir Ohfeld of Wiz. Nir helped discover the recent CHAOS DB flaw in Azure COSMOS DB, the flagship database for Microsoft’s Azure cloud platform.

Storm on the Farm

DEF CON: Security Holes in Deere, Case IH Shine Spotlight on Agriculture Cyber Risk

A demonstration at DEF CON of glaring flaws in software by agricultural equipment giants John Deere and Case IH raise the specter of remote, software-based attacks that could cripple farms and impact US food production.

UK Cybercrime

Dispute Over Data Leak Highlights Legal Risks for UK Researchers

An expensive, months-long legal tussle between a UK engineer and a healthcare non-profit is spurring calls for reform to the country’s 30 year-old Computer Misuse Act, which Dyke and others contend criminalizes the work of ‘Good Samaritan’ security researchers acting in the public interest.

John Deere Mobile App

Deere John: Researcher Warns Ag Giant’s Site Provides a Map to Customers, Equipment

Software vulnerabilities in web sites operated by John Deere could allow a remote attacker to harvest information on the company’s customers including their names, physical addresses and the equipment they own. The revelation suggests the U.S. agriculture sector is woefully unprepared for disruptive cyber attacks, experts warn.

AdobeStock Transparency Concept

Episode 210: Moving The Goal Posts On Vendor Transparency: A Conversation With Intel’s Suzy Greenberg

In this episode of the podcast, Paul speaks with Intel Vice President Suzy Greenberg about a new survey by the Poneman Institute that shows how customers’ expectations are changing when it comes to vendor transparency about software vulnerabilities.