The 443 - Security Simplified Podcast

On this week's podcast we discuss a recent analysis on the risks of GitHub RepoJacking. After that, we dive in to the Barracuda 0-day that China-based threat actors are actively exploiting as well as a novel command and control distribution method for a separate China-based APT.

This week on the podcast we cover a supply chain attack of sorts against Minecraft gamers. After that, we cover a vulnerability in MOVEit Transfer that threat actors are exploiting in the wild to steal data and deploy ransomware. Finally, we wne with our review of the latest Verizon Data Breach Investigations Report (DBIR).

This week on the podcast, we give a quick update on the latest Volt Typhoon activity before covering a newly for sale EDR bypass tool. After that, we discuss Gigabyte's decision to rootkit their own motherboards before ending with a new macOS vulnerability.

This week on the podcast, we cover Microsoft's latest refresh of naming conventions for advanced persistent threat (APT) actors worldwide, as well as an update on two specific threat actors and their latest tactics. We also cover a ransomware event targeting a biotechnology company with an interesting twist.

This week on the podcast, we cover the recent TikTok ban coming from the state of Montana and discuss whether it was justified and what the potential security impact is. Before that, we give an update on two US Supreme Court cases that were poised to potentially strip away Section 230 protections. We also highlight a new phishing-as-a-service (PaaS) platform that has yet again lowered the barrier for executing sophisticated attacks.