Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #771 -- Palo Alto's firewall 0days are very, very stupid
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
- Microsoft introduces some sensible sounding post-Crowdstrike changes
- Palo Alto patches hella-stupid bugs in its firewall management webapp
- CISA head Jen Easterly to depart as Trump arrives
- AI grandma tarpits phone scammers in family-tech-support hell
- Academic research supports your gut-reaction; phishing training doesn’t work
- And much, much more.
This week’s episode is sponsored by Greynoise. The always excitable Andrew Morris joins to remind us that the edge-device vulnerabilities Pat and Adam complain about on the show are in fact actually even worse than we make them out to be. Andrew also tells us about a zero-day Greynoise’ AI system truffle-pigged out of their data set.
This episode is also available on Youtube.
Show notes
- Windows security and resiliency: Protecting your business | Windows Experience Blog
- Microsoft revamps how it will disclose vulnerabilities | Cybersecurity Dive
- NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely
- Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
- Palo Alto Networks customers grapple with another actively exploited zero-day | Cybersecurity Dive
- Unpatched zero-days in Fortinet and Palo Alto Networks software
- Palo Alto Networks’ customer migration tool hit by trio of CVE exploits | Cybersecurity Dive
- Readout of President Joe Biden’s Meeting with President Xi Jinping of the People’s Republic of China | The White House
- Easterly to step down from CISA director role on Inauguration Day | Cybersecurity Dive
- Top White House cyber official urges Trump to focus on ransomware, China
- Ransomware gang Akira leaks unprecedented number of victims’ data in one day
- Hacker Is Said to Have Gained Access to File With Damaging Testimony About Gaetz
- 1,400 Pegasus spyware infections detailed in WhatsApp’s lawsuit filings
- NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents | TechCrunch
- Ransomware gang Akira leaks unprecedented number of victims’ data in one day
- Ohio man behind Helix cryptocurrency mixer gets 3-year sentence
- O2 unveils Daisy, the AI granny wasting scammers’ time - Virgin Media O2
- Understanding the Efficacy of Phishing Training in Practice
- Bunnings facial recognition cameras breach Privacy Act, retailer to challenge ruling | news.com.au — Australia’s leading news site
- Nudity, punches in newly released Bunnings CCTV as company found to breach Privacy Act | news.com.au — Australia’s leading news site
- Bitfinex Hack Launderer Heather 'Razzlekhan' Morgan Sentenced to 18 Months in Prison