All topics
This week saw a blessed lack of major vulnerabilities, but there was plenty of other news to dig into. We discuss the fallout from the AWS outage (0:36), the conclusions from the latest Cyberspace Solarium Commission report (4:37), and the effects of CISA’s shakeup on the private sector (14:07), and the continued effects of the F5 incident […]
The suspected objective of the Lazarus group was the exfiltration of proprietary information and manufacturing expertise, particularly pertaining to UAV technology.
In the wake of the disclosure of a serious intrusion at F5 that reportedly lasted about a year, we talk about the details of the disclosure, the potential link to Chinese state actors, the fallout from the attackers’ access to source code and bug reports, and what this could mean in the long term.
The company discovered the intrusion in August but did not say when the attackers first gained access to F5’s systems or how long they had access.
This week brings some new insights into the origins and length of the Cl0p extortion attacks tied to the Oracle E-Business Suite vulnerability, big surges in scanning for Cisco ASA, Palo Alto, and Fortinet devices, and a huge upgrade to Apple bug bounty payouts.
The Clop extortion campaign on Oracle customers last week stemmed from months of intrusion activity tracking back to July 10.
