Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things".
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Volt Typhoon and other Chinese cyberespionage operations were noted by FBI Director Christopher Wray to be already gearing up for far-reaching disruptive intrusions against U.S. critical infrastructure by 2027 should the U.S. interfere with China's conflict with Taiwan, according to CyberScoop.
Threat actors could potentially launch a software supply chain attack by exploiting a dependency confusion flaw impacting the archived Apache Cordova App Harness project, which had been discontinued five years ago, reports The Hacker News.
CNN reports that Indiana-based water and wastewater treatment plant and electricity provider Tipton Municipal Utilities has been targeted by a cyberattack on Apr. 19 claimed by Russia-linked hacking operation CyberArmyofRussia_Reborn.
Nearly 20 water, energy, and heating providers across Ukraine were noted by the country's Computer Emergency Response Team to have their information and communications systems targeted by Russian state-backed advanced persistent threat operation Sandworm, also known as APT44, Voodoo Bear, BlackEnergy, and Seashell Blizzard, last month, reports BleepingComputer.
Data exfiltration and privilege escalation attacks leveraging the novel GooseEgg hacking tool to exploit an already addressed Windows Print Spooler flaw, tracked as CVE-2022-38028, have been deployed by Russian cyberespionage operation APT28, also known as Forest Blizzard, against government, education, transportation, and non-government organizations since April 2019, BleepingComputer reports.
CISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining secure secrets in CSPs, LLMs and exploit generation, and more!