Sign up to save your podcasts
Or
Share Weekly Security Sprint EP 119. Cyber fundamentals - third party management, passwords, and patching - plus P2D2!
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Weekly Security Sprint EP 119. Cyber fundamentals - third party management, passwords, and patching - plus P2D2!
In this week's Security Sprint, Dave and Andy covered the following topics:
Warm Open:
• 26th Annual TribalNet Conference & Tradeshow
• The Gate 15 Interview EP 60 – Sasha Larkin: “I like the chaos, chaos makes sense to me.”
• The SUN will not be published the week of 28 Jul – 01 Aug. The SUN will resume the following week.
• P2D2!
Main Topics:
Microsoft, China & Vendor Risk Management:
• A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers
• US senator seeks details from Defense Department on Microsoft's Chinese engineers
• Microsoft says it will no longer use engineers in China for Department of Defense work
• Chairmen Gimenez, Moolenaar, Self Probe Tech Companies Over Risks To Undersea Telecom Infrastructure
Passwords. Weak password allowed hackers to sink a 158-year-old company
Patching!
• Microsoft SharePoint vulnerability CVE-2025-53770: Microsoft: Customer guidance for SharePoint vulnerability CVE-2025-53770 & UK NCSC: Active exploitation of vulnerability affecting Microsoft Office SharePoint Server products in the UK
• Canadian Centre for Cyber Security: CrushFTP security advisory (AV25-432)
• CISA Adds One Known Exploited Vulnerability to Catalog - CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability
• CitrixBleed 2 situation update — everybody already got owned
• Canadian Centre for Cyber Security - Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-5349, CVE-2025-5777 and CVE-2025-6543 – Update 2
Managing Politics and Bias
Quick Hits:
• National Guard hacked by Chinese 'Salt Typhoon' campaign for nearly a year, DHS memo says
• Charter Calls Increased Critical Infrastructure Attacks on Spectrum Network in Missouri Acts of Domestic Terrorism
• UK NPSA - Security-Minded Communications - Guidance for Remote and Rural Locations
• Canadian Centre for Cyber Security (CCCS) & Canadian Anti-Fraud Centre (CAFC) Joint Advisory: Cyber officials warns of malicious campaign to impersonate high-profile public figures
• Examining How International Hacktivist Groups Pursue Attention, Select Targets, and Interact in an Evolving Online Landscape
• China’s cyber sector amplifies Beijing’s hacking of U.S. targets
• Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity
• Of course, Grok’s AI companions want to have sex and burn down schools
• Investor Alert: Look Out For Possible Investment Scams Related to the Texas Floods
• The Amnban Files: Inside Iran's Cyber-Espionage Factory Targeting Global Airlines
• Indian crypto exchange CoinDCX hacked, $44M drained
View all episodes
By Gate 15
5
44 ratings
In this week's Security Sprint, Dave and Andy covered the following topics:
Warm Open:
• 26th Annual TribalNet Conference & Tradeshow
• The Gate 15 Interview EP 60 – Sasha Larkin: “I like the chaos, chaos makes sense to me.”
• The SUN will not be published the week of 28 Jul – 01 Aug. The SUN will resume the following week.
• P2D2!
Main Topics:
Microsoft, China & Vendor Risk Management:
• A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers
• US senator seeks details from Defense Department on Microsoft's Chinese engineers
• Microsoft says it will no longer use engineers in China for Department of Defense work
• Chairmen Gimenez, Moolenaar, Self Probe Tech Companies Over Risks To Undersea Telecom Infrastructure
Passwords. Weak password allowed hackers to sink a 158-year-old company
Patching!
• Microsoft SharePoint vulnerability CVE-2025-53770: Microsoft: Customer guidance for SharePoint vulnerability CVE-2025-53770 & UK NCSC: Active exploitation of vulnerability affecting Microsoft Office SharePoint Server products in the UK
• Canadian Centre for Cyber Security: CrushFTP security advisory (AV25-432)
• CISA Adds One Known Exploited Vulnerability to Catalog - CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability
• CitrixBleed 2 situation update — everybody already got owned
• Canadian Centre for Cyber Security - Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-5349, CVE-2025-5777 and CVE-2025-6543 – Update 2
Managing Politics and Bias
Quick Hits:
• National Guard hacked by Chinese 'Salt Typhoon' campaign for nearly a year, DHS memo says
• Charter Calls Increased Critical Infrastructure Attacks on Spectrum Network in Missouri Acts of Domestic Terrorism
• UK NPSA - Security-Minded Communications - Guidance for Remote and Rural Locations
• Canadian Centre for Cyber Security (CCCS) & Canadian Anti-Fraud Centre (CAFC) Joint Advisory: Cyber officials warns of malicious campaign to impersonate high-profile public figures
• Examining How International Hacktivist Groups Pursue Attention, Select Targets, and Interact in an Evolving Online Landscape
• China’s cyber sector amplifies Beijing’s hacking of U.S. targets
• Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity
• Of course, Grok’s AI companions want to have sex and burn down schools
• Investor Alert: Look Out For Possible Investment Scams Related to the Texas Floods
• The Amnban Files: Inside Iran's Cyber-Espionage Factory Targeting Global Airlines
• Indian crypto exchange CoinDCX hacked, $44M drained