The 443 - Security Simplified Podcast

This week on the podcast, we review Fortinet's recently-disclosed remote code execution vulnerability in the FortiManager system that has been under active exploit since at least June. After that, we discuss the SEC's recent action against 4 companies found at fault for misleading security incident disclosure statements.

This week on the podcast, we cover security incident that brought the Internet Archive and all of its services down, including the Way Back Machine. Before that, we discuss a Chinese nation-state backed threat actor that compromised three major American telecommunications providers and may have gained access to the US wiretapping system.

This week we cover a research write up on a new technique to monetize stolen AWS credentials. Before that, we discuss a Linux malware variant that went unexposed until just recently and a story about a serial hacker that was caught because of opsec failures.

This week on the podcast, we cover the "9.9/10 severity vulnerability affecting most Linux systems" that a researcher disclosed last week and what it means for Linux systems administrators. We then discuss a research post into Kia's remote control systems that allowed one researcher to compromise any Kia in the last decade by just knowing their license plate number. We end with a new act that was just introduced into the US Senate with a goal to secure the healthcare industry.

This week on the podcast, we discuss how German law enforcement managed to deanonymize and arrest users on the TOR network. After that, we discuss why the US government is trying to ban Chinese-manufactured car hardware. We then end with a cool research article on chaining open redirect and iframe issues into a 1-click vulnerability that grants attackers access to arbitrary Google Docs files.