The 443 - Security Simplified-logo

The 443 - Security Simplified

Science & Technology News

Get inside the minds of leading white-hat hackers and security researchers. Each week, we’ll educate and entertain you by breaking down and simplifying the latest cybersecurity headlines and trends. Using our special blend of expertise, wit, and cynicism, we’ll turn complex security concepts into easily understood and actionable insights.

Location:

United States

Description:

Get inside the minds of leading white-hat hackers and security researchers. Each week, we’ll educate and entertain you by breaking down and simplifying the latest cybersecurity headlines and trends. Using our special blend of expertise, wit, and cynicism, we’ll turn complex security concepts into easily understood and actionable insights.

Twitter:

@watchguard

Language:

English

Contact:

2066136600


Episodes

Bad Month for Software Supply Chains

4/1/2024
https://youtu.be/0860ZmM1vgE This week on the podcast, we cover a software supply chain attack years in the making that was days away from a devastating global impact. After that, we cover Facebook's Project Ghostbusters and its impact on user privacy before ending with another software supply chain attack that successfully compromised developers in the gaming world.

Duration:00:40:52

Trucking Worms

3/25/2024
https://youtu.be/VqFnomsJzdA This week on the podcast we discuss a vulnerability in required commercial truck hardware that could enable an automatically propagating worm across the entire US. Before that, we cover Apple's "un-patchable" vulnerability in their M-series processors as well as a vulnerability that could let attackers unlock hotel room doors at will.

Duration:00:45:07

A Wild Month in Ransomware

3/11/2024
https://youtu.be/iYM3y85hEkM This week on the podcast, we're joined by Ryan Estes, a member of WatchGuard's Zero-Trust Application Service classification team and resident ransomware expert to discuss the wild month in ransomware news. We start the episode with a story about a fake ransomware operator that scammed cybercriminals out of tens of thousands of dollars before discussing two major Ransomware-as-a-Service operators that have had a pretty rough couple of weeks.

Duration:00:29:15

Locking Up LockBit

2/26/2024
https://youtu.be/GaX_8NOoq7w This week on the podcast, we cover an international law enforcement takedown of the LokBit ransomware group's infrastructure. After that, we cover a novel malware delivery vector involving an IoT "toy." We end the podcast by covering the latest White House Executive Order addressing cybersecurity in critical infrastructure.

Duration:00:31:50

Flipping Out Over Flipper Zero

2/20/2024
https://youtu.be/3SY1sDF-BA0 This week on the podcast we cover Canada's attempt to ban the Flipper Zero. Before that, we review a recent research post on a new class of vulnerability on the Ubuntu operating system. We end the episode with a chat bout a the impacts of artificial intelligence on data security. Menlo Report on Business AI Usage - https://info.menlosecurity.com/rs/281-OWV-899/images/How-employee-usage-of-generative-AI-is-impacting-security-posture.pdf?version=5

Duration:00:47:49

Could a Toothbrush Botnet Happen?

2/12/2024
https://youtu.be/VfKlq6DisLY This week on the podcast, we cover a recent news post about an army of 3 million compromised toothbrushes taking down a Swiss website, causing millions in damages. After that, we discuss the United States DOJ's latest botnet takedown, this time targeting Volt Typhoon. We end the episode by walking through a CISA joint-publication giving guidance on how to defend against Living-of-the-Land (LotL) attacks

Duration:00:50:11

A Door in Apple’s Walled Garden

2/5/2024
https://youtu.be/MY4TpiL76gY This week on the podcast, we cover Apple's recent announcement describing how they will comply with the European Union's new Digital Markets Act and what that means for the iPhone walled garden. Before that, we cover a databreach at Mercedez-Benze thanks to an alternative authentication method. Additionally, we cover the roundup of vulnerabilities in Ivanti's remote Policy Secure and Connect Secure products and how organizations should respond.

Duration:00:51:36

A Blizzard of Threats

1/29/2024
https://youtu.be/fdAjMPAV6CM This week on the podcast, we cover two "Blizzard" threat actors targeting governments and private organizations. We also give an update to the SEC's compromised Twitter/X Account, and then end with a discussion of an EU program designed to improve their citizen's privacy while browsing the internet.

Duration:00:37:18

Androxgh0st Analysis

1/22/2024
https://youtu.be/jG3mwjCLpJQ This week on the podcast, we review a CISA and FBI joint advisory on the Androxgh0st malware. Before that we cover recent Volt Typhoon activity targeting SMB routers exposed on the internet. We end the episode with a fun research blog post about a series of flaws in an Indian insurance provider.

Duration:00:34:12

NIST Tackles Adversarial AI

1/16/2024
https://youtu.be/3E_Ei9hgNzA This week on the podcast, we review NIST's new publication that defines a taxonomy for how we talk about Adversarial Machine Learning. Before that, we cover a recent discovery of threat actors retaining access to Google accounts even through a password reset. We round out the episode with an account compromise that lead to a surge in Bitcoin price before finishing with a discussion of Living-off-Trusted Sites (LoTS) attacks that leverage GitHub.

Duration:00:51:06

RIPE for the Taking

1/8/2024
https://youtu.be/VK1QoxLP16Y This week, we cover a password compromise that lead to a mobile telco in Spain losing control of their IP address space. We also give a quick update on the Lapsus$ ringleader's court case before discussing a recently discovered macOS backdoor malware that evades most endpoint protection. We end the episode by covering Microsoft's research into a malware installation method that bypasses many security protections.

Duration:00:37:38

Hacking the Crypto Supply Chain

12/19/2023
https://youtu.be/YZLayuDJyyk This week on the podcast, we cover a supply chain attack against one of the largest hardware cryptocurrency wallet manufacturers. After that, we discuss the latest Apache Struts vulnerability under active exploit by threat actors. We end the episode with our thoughts on a research blog post about a set of threat actors using an old school attack against modern targets.

Duration:00:38:38

Bluetooth Busted

12/13/2023
https://youtu.be/sbc2U4WYrng This week on the podcast, we cover a new unauthenticated keystroke injection vulnerability in the Bluetooth implementation on nearly every type of device. After that we discuss Logofail, a suite of vulnerabilities in most UEFI boot implementations that could let threat actors easily hide their tracks. We end by covering a recent CISA advisory on Adobe ColdFusion exploits in the wild.

Duration:00:36:19

Our 2024 Security Predictions

12/4/2023
https://youtu.be/BHsow5qnmHw This week on the podcast we discuss our cybersecurity predictions for 2024. We'll cover each of the 6 predictions for the coming year including the trends behind them and how to protect your organization if they come true!

Duration:00:55:13

Grading our 2023 Security Predictions

11/27/2023
https://youtu.be/Eai8tYnU2I0 This week on the podcast, we look back to our 2023 security predictions and grade ourselves on how well we were able to see the future. We'll go through each of our 6 predictions, explain the trends that fueled them, and then provide either evidence that they came true or discuss reasons why they may not have yet.

Duration:00:59:13

What to Expect from NIS2

11/20/2023
https://youtu.be/RrKozKuhhcw This week on the podcast, we dive in to the EU's Network and Information Security directive update, aka NIS2. We'll cover who might be impacted and what to expect in terms of requirements in the coming year. Before that, we give an update to on the latest Scattered Spider threat actor activity followed by an update on LockBit's latest ransomware victims.

Duration:00:50:59

Combined Cyber and Kinetic Warfare

11/13/2023
https://youtu.be/GaTUPZ2RMK0 This week on the podcast, we cover an analysis from Mandiant on an attack lead by the Russian state-sponsored threat actor Sandworm that came alongside missiles strikes against Ukraine. Before that, we review Okta's post mortum from their recent cyber incident. We end the episode by discussing udpated research from Jamf on a North Korean threat actor targeting the financial sector.

Duration:00:31:56

The White House Tackles AI

11/6/2023
https://youtu.be/67SMv6JtJbc This week on the podcast we cover an Executive Order from the US White House on the topic of Artificial Intelligence. After that, we discuss the latest CISO that has found themselves in hot water with the law. We then cover an update to the Common Vulnerability Scoring System and end with a researcher claiming the end of encryption as we know it.

Duration:00:59:43

The Threat Actor That Hacked MGM

10/30/2023
https://youtu.be/kvSA53ncRlg This week on the podcast, we review a thorough unmasking of Octa Tempest, the threat actor beind the MGM and Caesars Entertainment attacks in September. Before that, we give an update on the Cisco IOS XE vulnerability that head to an implant installed on thousands of exposed devices. We round out the episode with an analysis of CitrixBleed, an information disclosure vulnerability in Citrix NetScaler that was just patched last week.

Duration:00:49:19

CISA’s Secure by Design Whitepaper

10/23/2023
https://youtu.be/GYoWiEKod38 This week on the podcast, we cover CISA's newly updated whitepaper on guidance for both software manufacturers and customers on the principals of secure-by-design and secure-by-default. Before that, we cover the Cisco IOS XE vulnerability that is under active exploitation in the wild, give an update on the EPA's efforts to regulate cybersecurity practices in water districts, and then discuss research into the latest "bullet proof hosting" options for malicious web content.

Duration:00:49:03