Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #745 – Tales from the PANageddon
April 17, 2024
0:58:10
55.85 MB
Downloads: 0
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Palo Alto’s firewalls have a ../ bad day
- Sisense’s bucket full of creds gets kicked over
- United Healthcare draws the ire of congress
- FISA 702 reauthorisation finally moves forward
- Apple warns about “mercenary exploitation” but what’s the India link?
- And much, much, more
This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches.
Show notes
- Palo Alto Networks releases fixes for zero-day as attackers swarm VPN vulnerability
- CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect
- Rapid7 Technical Analysis
- Why CISA is Warning CISOs About a Breach at Sisense – Krebs on Security
- Congress rails against UnitedHealth Group after ransomware attack | CyberScoop
- The US Government Has a Microsoft Problem | WIRED
- House GOP bridges divide to reauthorize FISA surveillance bill - The Washington Post
- Top officials again push back on ransom payment ban | Cybersecurity Dive
- Ex-White House cyber official says ransomware payment ban is a ways off | CyberScoop
- Over 500 people targeted by Pegasus spyware in Poland, officials say
- Apple drops term 'state-sponsored' attacks from its threat notification policy
- “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass
- PuTTY vulnerability vuln-p521-bias
- Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch
- Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M | Ars Technica
- Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers – Krebs on Security