On this week’s show Patrick Gray talks through the news with Dmitri Alperovitch, NSA Cybersecurity director Rob Joyce and NSA CCC director Morgan Adamski. They discuss:

• The Okta breach
• 40-50k feral Ciscos
• Why the http/2 protocol flaw is a real headache
• The Ragnar Locker takedown
• What the NSA CCC has been thinking about

This week’s show is brought to you by Socket. Socket’s founder Feross Aboukhadijeh joins us this week to talk about their actually-not-crazy use of large language models in their product.

Show notes

• Hackers Stole Access Tokens from Okta’s Support Unit – Krebs on Security
• Almost 42K Cisco IOS XE devices exploited, no patch available | Cybersecurity Dive
• Critical Atlassian Confluence CVE under exploit by prolific state-linked actor | Cybersecurity Dive
• JetBrains vulnerability being exploited by North Korean gov’t hackers, Microsoft says
• Citrix Netscaler patch for critical CVE bypassed by malicious hackers | Cybersecurity Dive
• HTTP/2 Rapid Reset: A New Protocol Vulnerability Will Haunt the Web for Years | WIRED
• How North Korean Workers Tricked U.S. Companies into Hiring Them and Secretly Funneled Their Earnings into Weapons Programs
• Ragnar Locker takedown
• Europol: ‘Key target’ in Ragnar Locker ransomware operation arrested in Paris
• Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts
• The US Congress Was Targeted With Predator Spyware
• Lloyd’s of London finds hypothetical cyberattack could cost world economy $3.5 trillion