Paul's Security Weekly (Audio) Vulnerability Mis-Management - PSW #917
6 snips
Mar 12, 2026 Deep dive into the XZ backdoor and how performance anomalies exposed it. Heated debate on CVE mis-management, KEV, and national cyber strategy shortfalls. Reversing traffic light controllers and IoT firmware using AI tools. Warnings about malvertising, curl-to-bash scams, and lingering legacy device risks. Tales of exploit chains, rapid zero-day weaponization, and privacy issues with Tile tracking.
AI Snips
Chapters
Transcript
Episode notes
Slack Alerted Us First About The Striker Incident
- The panel traced the cybersecurity impacts of the Iran conflict and recent attacks labeled in the press.
- Jeff described Slack chatter about a company wipe and how CISA issued TLP green advisories amid staffing constraints.
Funding Cuts Weaken CISA's Defensive Reach
- CISA core functions persist but funding cuts limit proactive infrastructure defense.
- Paul warned reduced staffing constrains CISA's capacity to move the needle on critical infrastructure protection during active conflicts.
Discontinue EOL D-Link Gear Immediately
- Remove unsupported consumer network gear from enterprise use and discontinue vulnerable devices.
- Paul found a public repo with 20+ D-Link exploits and recommended discontinuing EOL routers rather than relying on fragile firmware updates.