Cybersecurity Headlines

Okta explains hack source and response timeline. Looney Tunables now being exploited. Lazarus Group uses KandyKorn against blockchain engineers. Cyber attack via Discord and attacks on mortgage company and Ontario hospitals. Ransomware attacks on hospitals and American Airlines pilots union.

Shawn Bowen, CISO, World Kinect Corporation, joins the hosts to discuss a cloud outage at Cloudflare, government breaches, AI standards, and the SEC lawsuit against SolarWinds. The importance of CVSS score and CISO Sean Bowen's presence on LinkedIn are also highlighted.

Cloudflare experiences a power outage affecting their dashboard and APIs. An attempt to exploit a vulnerability in Apache Active MQ is discovered. Boeing faces a cyber attack on their parts and distribution process. The podcast also discusses other cybersecurity incidents, such as a ransomware attack in Germany and the spread of spyware through a WhatsApp mod. Microsoft's Secure Future Initiative is highlighted as an AI-based defense to enhance product security.

UK summit pledges to tackle AI risks, 'Kill switch' shuts down Mozi botnet, EU regulator bans Meta's ad practices

Canada bans WeChat on government devices, 40 countries sign no ransom pledge, Apple warns Indian opposition about iPhone attacks.

Topics discussed include AI rules in the US, Russia's malware scanning service, potential geolocation data leak, ad changes from Meta, and SEC's lawsuit against SolarWinds. Also, security threats in Huawei, cyber attack on Toronto Public Library, Wiki Slack Attack method, and the value of security theater.

DC Board of Elections breach, LockBit claims Boeing breach, StripedFly malware infects 1 million hosts. There is discussion about a new company offering unlimited security data, F5's big IP vulnerability warning, LinkedIn's AI tests, and upcoming events on trust, security, and compliance.

Former CISO, Arvin Bansal, discusses vulnerabilities in Okta and Cisco systems, budget cuts to CISA, and the tactics of the dangerous threat group, Scattered Spider. They also touch on the role of AI in threat identification and the benefits of automating security compliance.

ILeakage attack steals emails, passwords from Apple devices. CISA protests potential budget cut. Surge in hyper-volumetric HTTP DDoS attacks.

Topics discussed in the podcast include SMIC's use of advanced chip making equipment, exploitation of RoundCube webmail software, cyber attack on Philadelphia's municipal email systems, Amazon's plan for a European Sovereign Cloud, data transfer agreements between the EU and US, an ad from Vanta, and a case involving a Security Systems Designer violating the Espionage Act.