Black Hats Recapped IRL
In this episode, Bill and Gavin discuss attacks against adult apps, a WhatsApp flaw that enables an attacker to change messages and join groups, hacking alarm systems with a $2 device, and predicting the NVD future with Predictive Prioritization.
- Rogue Asset Discovery for free!
- Seeing into the future, or before NVD, with Predictive Prioritization
- LockPickingLawyer takes on IoT Alarms
- 3Fun hacking for fun and embarrassment
- WhatsApp hack attack can change your messages
- VXWorks flaw affects over 200M devices
Apples Rotting in Gavin's Vault
In this episode, Bill turns the insecurity tables on Gavin with the IOS 13 keychain bug. The boys also discuss insecure trains, remote code execution vulnerabilities in Atlassian and how to respond to a major outage publicly. Bill is also joined by David Wells who talks about the recent vulnerability he discovered in Comodo AV.
- Major software bug in IOS 13 beta reveals stored passwords without authentication
- Train software snaffled by employee
- Multiple Atlassian Vulnerabilities
- Multiple vulnerabilities to pivot through the Citrix SD-WAN
- Tenable research discover major weaknesses in Siemens
- Cloudflare shows the right way to discuss a major public incident
Overly Convenient Store Cards
In this episode Bill and Gavin discuss strange meetings in English Forests, improvements in security guidelines around IoT devices, bricking iPhone with a single message and the issues with non experts defining Government policy. Bill is also joined by Jimi Sebree to discuss how he discovers new zero days and a recent Arlo Camera teardown.
- All things IoT
- Crime does not pay
- 1 more reason to use a password vault
- Convenient loss @ a convenience store
- 2019 so far so….
- Protect yourself at all times
- When the non-experts are making policy
- Bricking an iphone with malformed imessage
- Fixed in 12.3
- Similar to “Black dot” from last year
Foxy Zero Days and MSSP Misery
In this episode Bill and Gavin talk about a Firefox Zero Day, organizations facing bankruptcy due to ransomware, MSSP's as an attack vector and C&C Slack. The guys are also joined by Matt Everson and Justin Brown from Tenable Research team.
- Breaches costing real money.
- Paying Ransom & other fees
- Firefox has a 0-day
- Help software is the vulnerability
- Slack - is more than useful
- Gangs attacking MSSPs
Eternally Blue about Ransomware
Bill and Gavin talk about Baltimore City being hit with Ransomware, yet another leak of hundreds of millions of personal details, and the chaps are joined by Claire Tills to discuss how the media drive remediation efforts for popular vulnerabilities.
- Baltimore City
- First American Title
- https://www.bleepingcomputer.com/news/security/new-windows-10-zero-day-bug-emerges-from-bypassing-patched-flaw/ (this one has all the other bugs discovered)
- ICS in Poland
- Old vulns and bad habits
CSuperhost Spycams and Compromised CMSes
In this episode Bill and Gavin discuss dodgy Superhost spying on their guests, SharePoint issues and weaknesses affecting the elderly. Gavin also interviews the delightful Jenny Radcliffe, the People Hacker, about social engineering.
- Airbnb Superhost’s creepy spycam sniffed out by sleuthing infosec pro
- SharePoint servers under attack through CVE-2019-0604
- Open source bug poses a threat to sites running multiple CMSes
- Dhound Chatbot: open domains, IP addresses
- Unless you want your payment card data skimmed, avoid these commerce sites
- EXPLOITING 10,000+ DEVICES USED BY BRITAIN’S MOST VULNERABLE
Correct Horse Burrito Staple
In this episode Bill and Gavin talk easy to guess passwords, the Beapy Cryptojacking worm sweeping through Asia and hungry cybercriminals leveraging credential stuffing attacks
- 10 most hacked passwords
- The Chipotle Hack And The Troubling Trend Of Credential Stuffing
- New zero-day vulnerability CVE-2019-0859 in win32k.sys
- Beapy: Cryptojacking Worm Hits Enterprises in China
Break into Bills house with this one simple trick
In this episode Bill realises smart locks are slightly less clever than their name implies, we discuss data science based cyber hygiene and MRI misgivings.
- Corporate giants want to help students, feds and themselves by offering cyber pros $75,000 in loan assistance
- Cool blog entry about building going "smart"
- Owning WPA3
- All about Man in the Middle Attacks
- Now you see Cancer, now you don't
- Windows 3.1 installed where?
- The ubiquity of WordPress plugins
- Who is the group named Triton?
- Ponemon Report (registration required)
- Ted Gary's Blog entry
Four phones, two laptops and a malware laden USB stick walk into a bar...
In this episode, Bill tries to track Merger and Acquisition activity with children's GPS devices, Gavin highlights the issues of hiding malware in BIOS and Thom Langford from TL(2) joins to give a CISO's perspective.
- Motherboard flaws can lead to hidden malware
- Mar-a-lago physical security failure
- Game of Thrones torrents packing nasty surprises
- Researcher prints PWNED! on hundreds of GPS watches
CYBER EXPOSURE PODCAST
Conversations and interviews related to Cyber Exposure, vulnerability management, and security overall. We are pleased to have you as a listener and welcome your feedback at [email protected]. If you are interested in being a guest, let us know at the same email address.
Bill Olson is a Tenable Technical Director, responsible for product strategy and direction. Bill works closely with our customers to understand their needs in vulnerability management and continuous network monitoring. He is passionate about building better solutions to improve customers’ security posture and programs.
Gavin Millard is a trained, ethical hacker who works with medium and large enterprises to address their cybersecurity challenges. With a deep understanding of how attackers plot a breach, he helps bring these companies to a trusted state of IT infrastructure. He previously worked as the Europe, Middle East and Africa (EMEA) technical director for Tripwire. He has also spoken frequently on data integrity, hacking and other key security topics.