Defensive Security Podcast Episode 286

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec - A podcast by Jerry Bell and Andrew Kalat - Luni

Podcast artwork

Categories:

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the launch of their new podcast, Getting Defensive. They delve into a CISA report on exploited vulnerabilities, highlighting the concerning trend of zero-day vulnerabilities being exploited. The conversation also covers a GitHub incident involving malicious commits aimed at framing a researcher, Microsoft’s new Windows resiliency initiative, and insights from a CISA red team assessment of a critical infrastructure organization. We emphasize the importance of consent in security assessments and the challenges organizations face in managing risks associated with outdated software. Takeaways * The launch of the new podcast ‘Getting Defensive’ aims to explore deeper cybersecurity topics. * CISA’s report indicates a troubling trend of zero-day vulnerabilities being exploited more frequently. * Organizations must prioritize patching and mitigating controls to address vulnerabilities effectively. * The GitHub incident highlights the risks of malicious commits and the importance of code review. * Microsoft’s Windows resiliency initiative introduces new features to enhance security and system integrity. * Consent is crucial in penetration testing and security assessments. * Organizations often accept risks associated with outdated software, which can lead to vulnerabilities. * Effective monitoring and detection are essential to mitigate potential attacks. * Ransomware is not the only threat; organizations must be aware of various attack vectors. * The CISA red team assessment provides valuable insights into the security posture of critical infrastructure.   Links: * https://www.darkreading.com/cyberattacks-data-breaches/zero-days-wins-superlative-most-exploited-vulns * https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/ * https://thehackernews.com/2024/11/microsoft-launches-windows-resiliency.html?m=1 * https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a

Visit the podcast's native language site