Exploring Security Vulnerabilities in Multi-tenant Architectures

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Crowdstrike talks loud in its postmortem, but says very little
• Digicert fears the CA-Browser Forum, gets lawsuit from a customer
• Dmitri Alperovitch joins the show to talk about the Russian prisoner swap
• Cloudflare continues to harbour scum and villainy
• Professional ransomware crew … is an improvement?
• And much, much more.

This week’s episode is sponsored by Thinkst Canary. Marko Slaviero joins to discuss the unfashionable choice they made in hosting their platform one-VM-per-customer.

Show notes

• CrowdStrike investors file class action suit following global IT outage | Cybersecurity Dive
• CrowdStrike rebukes Delta’s negligence claims in fiery letter | Cybersecurity Dive
• Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf
• Sparks fly when lawyers meet a certificate revocation
• crt.sh | Alegeus
• U.S. releases Russian hackers in Evan Gershkovich prisoner swap
• U.S. Trades Cybercriminals to Russia in Prisoner Swap – Krebs on Security
• Who are the two major hackers Russia just received in a prisoner swap? | Ars Technica
• Hackers remotely wipe 13,000 students’ iPads and Chromebooks after breaching safety software
• Mobile Guardian Device Management Application to be removed | MOE
• Ford wants patent for tech allowing cars to surveil and report speeding drivers
• I'm Sorry, Dave, You're Speeding | WIRED
• Cloudflare once again comes under pressure for enabling abusive sites | Ars Technica
• Low-Drama ‘Dark Angels’ Reap Record Ransoms – Krebs on Security
• Bumble and Hinge allowed stalkers to pinpoint users’ locations down to 2 meters, researchers say | TechCrunch
• Unfashionably secure: why we use isolated VMs – Thinkst Thoughts
• Defending AI Model Files from Unauthorized Access with Canaries | NVIDIA Technical Blog