Paul's Security Weekly (Audio) Zero Days Are Not Just Fiction - PSW #863
Feb 27, 2025
This discussion dives into cybersecurity's pressing issues, like Apple's data protection and Australia's Kaspersky ban. Outdated software poses significant risks, and emerging tech like topological qubits could change the game. Ransomware chat logs reveal dark hacking techniques, while vulnerabilities in UEFI and Grub add to the challenge. The conversation highlights the need for quantum-resistant encryption and critiques a recent series on cybersecurity. Finally, it stresses the importance of robust authentication over insecure SMS options.
AI Snips
Chapters
Books
Transcript
Episode notes
Verify SBAT And Grub Patching Now
- Check your system's SBAT and GRUB versions and ensure distributions applied patches and SBAT revocations.
- Use mokutil and grub-install to list SBAT policies and Grub versions to assess vulnerability.
Bootloader Flaws Often In Filesystem Parsing
- GRUB vulnerabilities often arise from filesystem and network-boot parsing code, not only physical boot access.
- Many flaws enable remote or network-based boot attacks, enabling persistence via bootkits.
Watch 'Zero Day' For Cybersecurity Context
- Watch 'Zero Day' if you're in cybersecurity; it's plausible and instructive despite Hollywood shortcuts.
- Expect some technical inaccuracies but useful themes on malware, radio comms, and geopolitics.
