Risky Business

Joe Tidy, BBC World Service's cybersecurity correspondent and author of Control Alt Chaos, dives into the complexities of U.S. cyber operations and their implications. He discusses the evolving teen hacker culture shaped by social media and cryptocurrency. Haroon Meer, founder of Thinkst, shares insights on deception tools and their recent acquisition efforts, alongside the exciting work at the South African Computer Olympiad. Together, they explore the future of cybersecurity, the risky world of Amazon Web Services exploits, and the challenges of communicating these themes to the public.

David Cottingham, co-founder of Airlock Digital and expert in cybersecurity, discusses the risks associated with Microsoft’s ClickOnce application deployment. He explains how attackers exploit ClickOnce to load malicious code and the effectiveness of allow-listing in mitigating these threats. The conversation also dives into the challenges EDR technologies face in detecting such attacks. Additionally, there's a fascinating debate on the potential for AI to enhance allow-list management while maintaining human oversight.

Jon Callas, a former software engineer at Digital Equipment Corporation, discusses the early social norms of the ARPANET and the communal spirit among early hackers. Mark Rasch, who prosecuted the Morris Worm case, highlights the challenges in establishing new computer crime laws. Tony Sager shares insights on NSA's initial ambivalence toward hacking and its eventual embrace of cybersecurity. They explore the 414s’ curious exploration, the media's role in shaping public perception, and the Cuckoo's Egg, which tracks espionage by German hackers.

Josh Kamdjou, CEO of Sublime Security, dives into the evolving landscape of phishing, particularly focusing on calendar invite threats. He uncovers how these invites can bypass traditional email defenses, turning into a medium for malware distribution. Kamdjou also discusses Sublime's innovative solutions to combat these attacks and enhance user safety. The conversation highlights the alarming rise in industrial control systems phishing and the need for agile responses in a rapidly changing threat environment.

In a captivating discussion, Jared Atkinson, CTO of SpecterOps and a key player behind BloodHound, dives into the fascinating world of cross-platform attack path enumeration. He reveals how OpenGraph can identify intricate vulnerabilities, like linking GitHub accounts to Active Directory breaches. Jared shares insights into modeling permissions and discusses the importance of extending defenses beyond traditional platforms. He also highlights innovative community extensions and real-world examples of thwarting cyber threats, underscoring why an expansive view of attack surfaces is essential.

Adam Boileau, a seasoned cybersecurity commentator, joins Simon Onyons, Managing Director at Kroll's Cyber and Data Resilience, to tackle the latest in cybersecurity. They dive into the alarming React2Shell vulnerability—scoring a CVSS 10—that's quickly exploited by Chinese APTs. Simon shares insights on demystifying cyber risk for boards and how to communicate it effectively. The episode also touches on Linux's PCIe encryption support and a controversial GrapheneOS case, illustrating the ongoing battle between security and exploitation.

Damien Lukey, CEO and founder of Nebulok, joins the discussion on AI-enabled threat hunting and enhancing MacOS security through Core Sigma Sigma rule development. The conversation dives into the implications of cosmic-ray bitflips affecting Airbus firmware, as well as a substantial data breach in South Korea impacting 65% of the population. Lukey sheds light on how improving macOS telemetry can bolster cybersecurity, while the hosts explore recent trends in malicious browser extensions and the risks of poor operational security among teens.

H.D. Moore, a renowned security researcher and creator of Metasploit, joins to discuss RunZero's innovative tools. He elaborates on integrating RunZero with Bloodhound-style graph databases to enhance security analysis. H.D. also dives into the exciting future of AI in cybersecurity, touching on the challenges of varied deployment models. Additionally, he highlights how exposure management and user experience are shifting in product development, making security more effective and accessible.

Andrew Morris, the founder of GreyNoise, joins the discussion to unveil how their technology can predict serious vulnerabilities up to 90 days in advance. He shares insights on the coordinated mass scanning activities that often precede big security disclosures. Andrew explains strategies for organizations to use early warning signals effectively, like auditing configurations and adopting a zero-trust mindset. He also touches on the challenges posed by residential proxies and IPv6 while advocating for tailored scanning methods to enhance security.

Urooj Burney, Mastercard's Senior VP of Cybersecurity, chats about the evolution of fraud and cybersecurity teams merging. She highlights the importance of a unified approach to tackle cyber-enabled payment risks. Urooj dives into how Mastercard's acquisition of Recorded Future enhances threat intelligence for fraud prevention. The conversation reveals insights on democratizing threat intel for fraud teams and the organizational models that best support this convergence. With real-world implications, this discussion is a wake-up call for the financial sector!