On this week’s show Adam Boileau and Patrick Gray discuss the week’s security news, including:

Fortinet, Pulse Security VPNs are being exploited in wild

Imperva’s cloud WAF gets colossally owned

US authorities fear ransomware attacks against election systems

Apple fixes re-introduced jailbreak bug

Telegram design choice puts HK protestors at risk

Researcher drops two 0days in Valve’s Steam client after bounty spat

Much, much more

This week’s sponsor guest is Ryan Kalember, EVP of cybersecurity strategy with Proofpoint. Ryan is stopping by this week to touch on a couple of topics. He’ll tell us why Proofpoint didn’t attribute a recent malware campaign targeting US utilities to APT10 despite there being some pretty APT10-like tradecraft used in that particular campaign.

He’ll also talk a bit about how thread hijacking is a giant pain in the ass. That’s where attackers take over a mailbox, then just jump right in replying to existing mail threads. Detecting that is hard, of course, because it’s internal mail. It’s a great little mixed bag interview.

Enjoy!