Big DDOS, Tracking Smartphones, BIOS Doom, NSO Buyer, & Android Children – PSW #744
This week in the Security News: Big DDOS, tracking smartphones, play Doom in your BIOS, hertzbleed, Apple M1 vulnerability, who will buy NSO, spoof your location data, building system attacks, and a hacker's revenge!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
"we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own." - Okay, but that's not the point. The point is to fix the vulnerabilities. Just because there is a chain of things, doesn't mean you don't patch one thing in the chain because the other thing will prevent an attack. Top down and bottom up security is needed, it flows in both directions from apps to OS to kernel to firmware and the reverse. Don't rely on the adjacent layers to provide security for the other layers!
Okay, I am freaked out: "A lot of the time, feeling trapped and alone and having no means of getting out of those circumstances makes one feel sad, depressed or angry." - I'm sorry Dave, I can't do that. WTH.
In the enterprise security news, Funding announcements take a bit of a break, We explore a few new vendors and organizations that have come to our attention recently, Wiz researchers annoy yet another cloud service by pointing out ridiculous vulnerabilities - IBM Cloud, this time, Docker Hub has tons of shady stuffs going on, EU strengthens cyberse...
This week in the Security News: When you just wanna hurl, malicious containers, FCC bans stuff, these are not the CVE's you're looking for, Linux password mining, mind the gap, hacking smart watches, & more!
We are joined by Josh and Kurt from the amazing Open Source Security Podcast! We're talking about supply chain risks, threats and vulnerabilities in this segment!