Episoder
-
* Australia Faces Escalating Cyber Threats Amid Complex Strategic Environment
* Sextortion Scams Abuse Microsoft 365 Admin Portal to Bypass Email Filters
* Cybercriminals Exploit Black Friday Shopping Season with Phishing Attacks
* The Dark World of Online Scams: A Deep Dive
* Google Prepares to Launch Shielded Email for Enhanced Privacy
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
This is a rebroadcast of Season 1, Episode 10 of AppSec Unlocked.
In this episode of AppSec Unlocked, we dive into the fascinating topic of using a FAIR approach to Vulnerability Patch prioritization, where we explore how organizations can better prioritize vulnerabilities in their open-source software using the FAIR model and EPSS. And we have Denny Wan, an expert on FAIR analysis sharing his insights on this innovative approach.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
Mangler du episoder?
-
* Google Pixel AI-powered Features To Combat Scam Calls
* Apple's New Security Feature: Automatic Reboots to Protect Data
* Massive Data Leak Exposes Employee Information from Over 25 Companies
* Bitdefender Releases Free Decryptor for ShrinkLocker Ransomware
* New Phishing Campaign Uses Fake Copyright Claims to Spread Malware
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Cloud Security Concerns Surge in APAC as Data Breaches Remain High
* AI-Powered Scams: A Growing Threat
* Western Sydney University Suffers Major Data Breach
* New FakeCall Malware Targets Android Users for Financial Fraud
* UK Regulator Warns Financial Firms After CrowdStrike Outage
* OWASP Releases GenAI Security Guidelines
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
This episode is a replay from our sister podcast AppSec Unlocked
In today's rapidly evolving cybersecurity landscape, managing vulnerabilities in open-source components has become increasingly complex. While traditional approaches relying solely on CVSS scores have their merits, they may not be sufficient to address the exponential growth in discovered vulnerabilities. A more nuanced and scalable approach is needed, one that considers not only severity but also exploitability and potential impact.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* AI Transcription Tool "Whisper" Creates Fabricated Text, Raising Concerns in Healthcare and Beyond
* Massive UN Data Leak Exposes Personal Information of Violence Against Women Victims
* Mandiant Report: Exploited Vulnerabilities Reach Record Lows in Time to Patch, But Zero-Days on the Rise
* Fake Browser Update Malware Targets WordPress Sites via Malicious Plugins
* Large-Scale Operation Steals Cloud Credentials from Exposed Git Repositories
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Anthropic's New AI Can Interact with Computers, Raising Safety Concerns
* Internet Archive Hit Again: Exposed Tokens Lead to Zendesk Email Breach
* Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor
* Half of Businesses Underestimate SaaS Security Risks, Culture Blamed
* Cyber Skills Gap Widens, Nearly 90% of Businesses Link Breaches to Lack of Expertise
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* North Korean Hackers Target Tech Job Seekers with Fake Interviews and Malware
* Internet Archive Hack Exposes Data of 31 Million Users
* Australian Government Introduces Sweeping Cybersecurity Bill
* Smart TVs: A Privacy Nightmare Fueled by Data Harvesting and Invasive Ads
* iPhone Mirroring at Work Exposes Private App Data to Employers
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Ecovacs Robot Vacuums Collect Home Images for AI Training, Raising Privacy Concerns
* Deepfakes on the Rise: Threatening Trust and Security
* Meta Ray-Ban Glasses Hacked into Real-Time Facial Recognition Tool
* Apple Patches Privacy Bugs in iOS 18: Passwords Read Aloud and Early Voice Message Recording
* Cloudflare Mitigates Record-Breaking 3.8 Tbps DDoS Attack
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* CISA Boss Calls for More Secure Software Development
* NIST Proposes Sweeping Changes to Password Policies: Mandatory Resets and Character Rules Out
* Critical Vulnerability Found in Nvidia Container Toolkit
* Remote Code Execution Flaw Found in CUPS Printing System (Limited Impact)
* Privacy Group Claims Mozilla's "Privacy-Preserving" Feature Tracks Users
* ServiceNow Outage Caused by Expired Root Certificate
Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* CISA and FBI Urge Software Makers to Eliminate Cross-Site Scripting Vulnerabilities
* Paying Ransomware Doesn't Guarantee File Recovery, Even With Decryptor
* US Dismantles Chinese Government-Linked Botnet Targeting Hundreds of Thousands of Devices
* Clever 'GitHub Scanner' Campaign Abusing Repos to Push Malware
* Australian Government Suffers Surge in Cyber Attacks, Social Engineering Most Common Tactic
Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Millions of Devices at Risk as Microsoft and Google Disable Insecure Email Login Method
* Cybersecurity Giant Fortinet Confirms Data Breach, Downplays Impact
* New Laws Target Banks, Telcos and Tech Giants in Fight Against Scams
* Online Voucher Scam Targets Sydney Restaurants Using Square POS
* TfL Staff Face In-Person Password Resets After Cyberattack
Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* AI-Powered Voice Cloning Scams on the Rise
* Cyberattack Disrupts Transport for London Services
* Typosquatting Threatens Developers: Malicious Code in GitHub Actions
* New Supply Chain Attack Hijacks Removed PyPI Packages
* White House Aims to Strengthen Internet Routing Security
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Singapore's Consumer Watchdog Fined for Data Breaches, Failed to Secure Consumer Information
* Research Study: What's The Worst Place to Leave Your Secrets
* Critical Infrastructure Under Threat: Zero-Day Vulnerability Exploited to Spread Mirai Botnet
* Banks Under Fire for Inadequate Scam Protection as Victims Suffer
* FIDO Security Token YubiKey 5 Vulnerable to Cloning Attacks
* Critical Vulnerability Found in Airport Security System
Special Thanks to Justin Butterfield for contributing some of the interesting stories for this week’s cyber bites.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Cybersecurity: The Need for a Wake-Up Call
* Digital Banks: Boon for Customers, Target for Scammers?
* ASD Warns of Phishing Emails Targeting Australians
* New Guidance Released on Best Practices for Event Logging and Threat Detection
* Local Networks Exposed: A Flaw in Domain Naming Creates Security Nightmare
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Thousands of Websites Exposed AWS Credentials, Leading to Large-Scale Extortion Campaign
* Mac Users Beware: Microsoft Apps May Have Allowed Hackers to Spy on You
* Ransomware on Track for Record Year Despite Fewer Victims Paying
* FlightAware Data Breach Exposes User Information for Years
* GitHub Actions Exposing Authentication Tokens in Popular Open-Source Projects
Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Background Check Company National Public Data Hit by Massive Data Breach Affecting Nearly 3 Billion People
* Trojan Malware Campaign Hijacks Browsers, Steals Data of Over 300,000 Users (https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign)
* Australian Gold Miner Evolution Hit by Ransomware Attack
* Critical Browser Flaw Exposes Local Networks to Attack via "0.0.0.0"
* Hackers Breaches Educational Security Software Company and Wipes 13,000 students’ iPads and Chromebooks
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Australia to Mandate Ransomware Payment Disclosure
* Hackers Abuse Free Cloudflare Tunnels to deliver Remote Access Trojans
* Stack Exchange Used by Threat Actors to Promote Malicious Open Source Components
* Hackers Poison Software Updates Through ISP Breach
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* New Podcast Aims to Unlock Secrets of Application Security
* SBOMs: A Crucial Tool Hampered by Standardization Issues
* Mysterious Rings and QR Codes: The Emergence of Brushing Scams
* France Battles Cyberespionage Ahead of Olympics
* GitHub's Dark Secret: Deleted Data Never Really Dies
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com - Se mer