On this week’s show Patrick and Adam talk through all the week’s security news, including:
- NSO Group WhatsApp vuln coverage goes nuclear
- Activists targeted by NSO malware in hiding in west after CIA tipoffs
- Cisco Trust Anchor drags on sea floor
- Linux kernel bugs likely overhyped
- Adobe patches insane number of CVEs
- Microsoft patches rumoured GCHQ VEP’d RDP bug
- New hardware bugs affect Intel processors
- SHA-1 collisions become much more practical
- Major US anti-virus firms owned hard
This week’s sponsor interview with Ryan Kalember of Proofpoint. Ryan is a listener, and when he heard Adam talking about how password rotations actually result in crappy passwords, it hit a nerve with him. He says Proofpoint, via its CASBY product, is seeing a lot of targeted credential stuffing campaigns cycling through variations of passwords that have appeared in dumps.
Apparently the bad guys are hip to what a typical password rotation variation looks like and they’re using this knowledge to better direct their cred stuffing attempts.