CrowdStrike Incident – Lessons Learned In DevSecOps and BCP

Jul 27, 2024 | Podcast

The recent CrowdStrike update that led to a global IT outage and the infamous Blue Screen of Death (BSOD) on millions of Windows machines. This incident has brought to light critical lessons in DevSecOps and the importance of Business Continuity Planning (BCP)....

North Korean Hacker Poses as IT Worker in Attempted Cyberattack

Jul 26, 2024 | Podcast

https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us A security firm, KnowBe4, has foiled an attempt by a North Korean hacker to infiltrate its systems by posing as a legitimate software engineer. The company successfully identified and...

Google U-Turns on Third-Party Cookie Phaseout

Jul 25, 2024 | Podcast

https://privacysandbox.com/news/privacy-sandbox-update In a major policy reversal, Google has abandoned its plans to phase out third-party tracking cookies in its Chrome web browser. The tech giant, which has faced intense scrutiny and regulatory pressure over its...

20 Million Domains at Risk from New Email Spoofing Attacks

Jul 24, 2024 | Podcast

https://www.darkreading.com/threat-intelligence/20-million-trusted-domains-vulnerable-to-email-hosting-exploits Cybersecurity researchers have uncovered a critical vulnerability affecting over 20 million trusted domains, including those belonging to Fortune 500...

Our Assumed Trust in Cyber Security Vendors

Jul 24, 2024 | Articles, Podcast

Imagine you are a security manager being asked to do a security assessment on a new software for your organisation. It will be deployed across all Windows workstations and servers and will operate as a boot start driver in kernel mode, granting it extensive access to...

Massive Data Breach at Australian Prescription Service MediSecure

Jul 23, 2024 | Podcast

https://medisecurenotification.wordpress.com Australian prescription delivery service MediSecure has confirmed a significant data breach affecting approximately 12.9 million customers. The attack, which occurred in April 2024, resulted in the theft of sensitive...

Hackers Capitalize on CrowdStrike Outage with Phishing and Malware Attacks

Jul 22, 2024 | Podcast

https://www.bleepingcomputer.com/news/security/fake-crowdstrike-fixes-target-companies-with-malware-data-wipers In the wake of the major disruption caused by a faulty CrowdStrike update last week, cybercriminals are launching phishing and malware attacks targeting...

Leaked GitHub Token Exposed Python Programming Language to Potential Tampering

Jul 19, 2024 | Podcast

Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine Researchers at JFrog have identified a critical security lapse that could have allowed attackers to tamper with the core code of the Python programming...

New Ransomware Gang Targets Unpatched Veeam Software

Jul 18, 2024 | Podcast

https://www.group-ib.com/blog/estate-ransomware A new ransomware gang, EstateRansomware, is exploiting a critical vulnerability (CVE-2023-27532) in Veeam backup software to deploy ransomware and extort victims. This vulnerability was patched over a year ago, in March...

Hackers Exploit Newly Released Weaknesses in Minutes, Report Finds

Jul 17, 2024 | Podcast

https://blog.cloudflare.com/application-security-report-2024-update Hackers are getting faster at turning newly discovered software vulnerabilities into real-world attacks, according to a report by cybersecurity firm Cloudflare. The report, which analyzed internet...