On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Sophos drops implants on Chinese firewall exploit devs Microsoft workshops better just-in-time Windows admin privileges Snowflake hacker arrested in Canada Okta has a fun, but not very impactful auth-bypass bug Russians bring dumb-but-smart RDP client attacks And much, much more. Special guest Sophos CISO Ross McKerchar joined us to talk about its “hacking back” campaign. The full interview is available on Youtube for those who want to really live vicariously through Sophos doing what every vendor probably wants to do. This week’s episode is sponsored by attack surface mapping vendor runZero. Founder and CEO HD Moore joins to talk about marrying up the outside and inside views of your network. You can also watch this episode on Youtube Show notes Okta AD/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory Does bcrypt have a maximum password length? - Information Security Stack Exchange Local Administrator Protection | Privilege Protection Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices | WIRED A Deeper Look at FortiJump (FortiManager CVE-2024-47575) | Bishop Fox Man Arrested for Snowflake Hacking Spree Faces US Extradition | WIRED Google uses large language model to discover real-world vulnerability GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI Thousands of hacked TP-Link routers used in yearslong account takeover attacks - Ars Technica CISA warns of foreign threat group launching spearphishing campaign using malicious RDP files | Cybersecurity Dive Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns India-Canada row: Canadian officials confess to leaking 'intel' against India to Washington Post - India Today Amid diplomatic row, Canada names India in ‘cyberthreat adversary’ list, accuses it of ‘likely spying’ | World News - The Indian Express The Untold Story of Trump's Failed Attempt to Overthrow Venezuela's President | WIRED Risky Biz News: The mystery at Mango Park North Korean hackers seen collaborating with Play ransomware group, researchers say

Daniel Ayala, Chief Security and Trust Officer at Dotmatics, shares insights on data security challenges in cloud environments. Rajan Kapoor from Material Security discusses the importance of securing data in platforms like M365 and Google Workspace. The conversation delves into the investigation of Chinese wiretap hacks, the rise of cybercrime, and the impact of recent breaches on corporate accountability. They also highlight the necessity for robust email security measures and data governance strategies to protect sensitive information from misuse.

Haroon Meer, founder of Thinkst Canary, shares insights from a decade in deception technology. He discusses how Thinkst continues to lead the deception game with user-friendly solutions. The conversation delves into the innovative use of internal honeypots and canary tokens for risk management. Meer also reflects on the importance of establishing genuine connections at cybersecurity conferences, blending humor with practical advice. He touches on the evolving landscape of security and the persistent preference for hardware devices over cloud solutions.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: SEC fines tech firms for downplaying the Solarwinds hacks Anonymous Sudan still looks and quacks like a Russian duck Apple proposes max 10 day TLS certificate life Oopsie! Microsoft loses a bunch of cloud logs Veeam and Fortinet are bad and should feel bad North Koreans are good (at hacking) And much, much more. This week’s episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember joins to talk about their work keeping up with prolific threat actor SocGholish. This episode is also available on Youtube. Show notes Four cyber companies fined for SolarWinds disclosure failures U.S. charges Sudanese men with running powerful cyberattack-for-hire gang Hacker Charged With Seeking to Kill Using Cyberattacks on Hospitals | WIRED Risky Biz News: Anonymous Sudan's Russia Links Are (Still) Obvious Microsoft confirms partial loss of security log data on multiple platforms | Cybersecurity Dive Risky Biz News: Apple wants to reduce the lifespan of TLS certificates to 10 days Encrypted Chat App ‘Session’ Leaves Australia After Visit From Police Crypto platform Radiant Capital says $50 million in digital coins stolen following account compromises North Korean hackers use newly discovered Linux malware to raid ATMs - Ars Technica Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach – Krebs on Security Here’s how SIM swap in alleged bitcoin pump-and-dump scheme worked - Ars Technica Critical Veeam CVE actively exploited in ransomware attacks | Cybersecurity Dive FortiGate admins report active exploitation 0-day. Vendor isn’t talking. - Ars Technica Hackers reportedly impersonate cyber firm ESET to target organizations in Israel The latest in North Korea’s fake IT worker scheme: Extorting the employers

This week, Casey Hill, the Director of Product Management at Panther, dives into the future of Security Information and Event Management (SIEM). He critiques the outdated practice of dumping data into lakes without proper management. Casey highlights the vulnerabilities in lawful intercept systems, particularly concerning recent Chinese espionage. The conversation also touches on emerging cyber threats, including innovative malware and the evolving strategies of cybercriminals, while emphasizing the need for structured data management in cybersecurity.

This episode features insights from guests representing Sandfly Security, Permiso, and Wiz. Sandfly discusses their innovative agentless approach to securing Linux systems, tackling challenges like SSH key management. Permiso emphasizes machine learning in identity security, focusing on proactive measures to detect threats. Wiz explores cloud security vulnerabilities and the importance of integrating safety measures into coding practices. Together, they shed light on the evolving landscape of cybersecurity and its critical role in today's digital world.

Rob Joyce, a former NSA official and cybersecurity expert, joins the discussion on pressing infosec issues. They delve into Elon Musk's capitulation under government pressure and TikTok's swift actions against propagandists. Joyce sheds light on the Biden administration's ban on Chinese software in cars and the unexpected shifts with Kaspersky's antivirus solutions. The conversation also explores how Australian law enforcement dismantles crime networks, revealing the intricate dance of tech, security, and regulations in today’s digital realm.

This week, the discussion highlights Hezbollah's failed attempt to escape Israeli surveillance using pagers, resulting in explosive consequences. The U.S. intensifies scrutiny of RT's role in disinformation campaigns, while Australia counters Chinese aggression in the Pacific. CISA reveals that valid accounts are the leading breach point. Insights into the precarious landscape of cybersecurity emerge, with vendors struggling to keep pace. Also, an interview sheds light on advanced phishing detection and the need for evolving security strategies in today's digital threat environment.

Dive into the murky waters of disinformation as the DoJ cracks down on Russian propaganda ahead of the US elections. Explore how Telegram’s newfound friendship with law enforcement shakes up cyber investigations. Ransomware hits Iranian banks hard, pushing them to negotiate under geopolitical pressures. And just when you thought Microsoft had it together, they create a buzz with an unsettling un-patch of a critical vulnerability. Plus, pro tips on preparing for cyber incidents that could save the day!

In this discussion, the guests include Authentik, an open-source identity provider gaining traction among large organizations, Dropzone AI, which utilizes LLMs to boost SOC analyst efficiency, and SlashID, focused on detecting identity threats through log analysis. They delve into the shift towards self-hosted identity solutions that enhance security and customization. The impact of AI in streamlining security workflows is highlighted, alongside the challenges of data privacy and cloud identity solutions. This episode brings fresh insights into the evolving security landscape.