Security Weekly Podcast Network (Audio) Win95, Shuckworm, Ottokit, DCs, EC2, IAB, OSS, Recall, Josh Marpet, and More... - SWN #467
Apr 11, 2025
In a captivating mix of humor and caution, the discussion highlights recent cybersecurity threats like Shuckworm's USB attacks on military targets. Key vulnerabilities in WordPress and Amazon EC2 are examined, shedding light on the agility of cybercriminals versus corporate slowdowns. There's also a dive into new defense procurement regulations aimed at fostering innovation. Plus, the nostalgic sound of Windows 95's boot chime is celebrated for its cultural impact, linking it to a renowned artist's legacy.
AI Snips
Chapters
Transcript
Episode notes
Shuckworm Attack
- Shuckworm, a Russian state-backed group, targets Ukrainian military using infected removable drives.
- This attack bypasses air gapping and highlights the risk of USB devices.
USB Security
- Review and strengthen your organization's USB device policy.
- Consider using Group Policy, BitLocker, or removing driver modules to restrict USB access.
Fast Threat Exploitation
- Criminals are rapidly exploiting disclosed vulnerabilities due to efficient organization and resources.
- An authentication bypass in AutoKit was exploited within hours of public disclosure.