November 20, 2024

Risky Business #771 -- Palo Alto's firewall 0days are very, very stupid

Listen Later

1 hour 1 minute

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

Microsoft introduces some sensible sounding post-Crowdstrike changes

Palo Alto patches hella-stupid bugs in its firewall management webapp

CISA head Jen Easterly to depart as Trump arrives

AI grandma tarpits phone scammers in family-tech-support hell

Academic research supports your gut-reaction; phishing training doesn’t work

And much, much more.

This week’s episode is sponsored by Greynoise. The always excitable Andrew Morris joins to remind us that the edge-device vulnerabilities Pat and Adam complain about on the show are in fact actually even worse than we make them out to be. Andrew also tells us about a zero-day Greynoise’ AI system truffle-pigged out of their data set.

This episode is also available on Youtube.

Show notes

Windows security and resiliency: Protecting your business | Windows Experience Blog

Microsoft revamps how it will disclose vulnerabilities | Cybersecurity Dive

NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474

Palo Alto Networks customers grapple with another actively exploited zero-day | Cybersecurity Dive

Unpatched zero-days in Fortinet and Palo Alto Networks software

Palo Alto Networks’ customer migration tool hit by trio of CVE exploits | Cybersecurity Dive

Readout of President Joe Biden’s Meeting with President Xi Jinping of the People’s Republic of China | The White House

Easterly to step down from CISA director role on Inauguration Day | Cybersecurity Dive

Top White House cyber official urges Trump to focus on ransomware, China

Ransomware gang Akira leaks unprecedented number of victims’ data in one day

Hacker Is Said to Have Gained Access to File With Damaging Testimony About Gaetz

1,400 Pegasus spyware infections detailed in WhatsApp’s lawsuit filings

NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents | TechCrunch

Ransomware gang Akira leaks unprecedented number of victims’ data in one day

Ohio man behind Helix cryptocurrency mixer gets 3-year sentence

O2 unveils Daisy, the AI granny wasting scammers’ time - Virgin Media O2

Understanding the Efficacy of Phishing Training in Practice

Bunnings facial recognition cameras breach Privacy Act, retailer to challenge ruling | news.com.au — Australia’s leading news site

Nudity, punches in newly released Bunnings CCTV as company found to breach Privacy Act | news.com.au — Australia’s leading news site

Bitfinex Hack Launderer Heather 'Razzlekhan' Morgan Sentenced to 18 Months in Prison

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Risky Business

By Patrick Gray

4.6

361361 ratings

November 20, 2024

Risky Business #771 -- Palo Alto's firewall 0days are very, very stupid

Listen Later

1 hour 1 minute

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

Microsoft introduces some sensible sounding post-Crowdstrike changes

Palo Alto patches hella-stupid bugs in its firewall management webapp

CISA head Jen Easterly to depart as Trump arrives

AI grandma tarpits phone scammers in family-tech-support hell

Academic research supports your gut-reaction; phishing training doesn’t work

And much, much more.

This week’s episode is sponsored by Greynoise. The always excitable Andrew Morris joins to remind us that the edge-device vulnerabilities Pat and Adam complain about on the show are in fact actually even worse than we make them out to be. Andrew also tells us about a zero-day Greynoise’ AI system truffle-pigged out of their data set.

This episode is also available on Youtube.

Show notes

Windows security and resiliency: Protecting your business | Windows Experience Blog

Microsoft revamps how it will disclose vulnerabilities | Cybersecurity Dive

NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474

Palo Alto Networks customers grapple with another actively exploited zero-day | Cybersecurity Dive

Unpatched zero-days in Fortinet and Palo Alto Networks software

Palo Alto Networks’ customer migration tool hit by trio of CVE exploits | Cybersecurity Dive

Readout of President Joe Biden’s Meeting with President Xi Jinping of the People’s Republic of China | The White House

Easterly to step down from CISA director role on Inauguration Day | Cybersecurity Dive

Top White House cyber official urges Trump to focus on ransomware, China

Ransomware gang Akira leaks unprecedented number of victims’ data in one day

Hacker Is Said to Have Gained Access to File With Damaging Testimony About Gaetz

1,400 Pegasus spyware infections detailed in WhatsApp’s lawsuit filings

NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents | TechCrunch

Ransomware gang Akira leaks unprecedented number of victims’ data in one day

Ohio man behind Helix cryptocurrency mixer gets 3-year sentence

O2 unveils Daisy, the AI granny wasting scammers’ time - Virgin Media O2

Understanding the Efficacy of Phishing Training in Practice

Bunnings facial recognition cameras breach Privacy Act, retailer to challenge ruling | news.com.au — Australia’s leading news site

Nudity, punches in newly released Bunnings CCTV as company found to breach Privacy Act | news.com.au — Australia’s leading news site

Bitfinex Hack Launderer Heather 'Razzlekhan' Morgan Sentenced to 18 Months in Prison

...more

More shows like Risky Business

Security Now (Audio) by TWiT

Security Now (Audio)

1,989 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

639 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

369 Listeners

Hacked by Hacked

Hacked

183 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,020 Listeners

Smashing Security by Graham Cluley

Smashing Security

317 Listeners

Click Here by Recorded Future News

Click Here

404 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,976 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

173 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Hacking Humans by N2K Networks

Hacking Humans

314 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

77 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

129 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

44 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

169 Listeners