On this week’s show Adam Boileau and Patrick Gray discuss the week’s security news, including:
- Fortinet, Pulse Security VPNs are being exploited in wild
- Imperva’s cloud WAF gets colossally owned
- US authorities fear ransomware attacks against election systems
- Apple fixes re-introduced jailbreak bug
- Telegram design choice puts HK protestors at risk
- Researcher drops two 0days in Valve’s Steam client after bounty spat
- Much, much more
This week’s sponsor guest is Ryan Kalember, EVP of cybersecurity strategy with Proofpoint. Ryan is stopping by this week to touch on a couple of topics. He’ll tell us why Proofpoint didn’t attribute a recent malware campaign targeting US utilities to APT10 despite there being some pretty APT10-like tradecraft used in that particular campaign.
He’ll also talk a bit about how thread hijacking is a giant pain in the ass. That’s where attackers take over a mailbox, then just jump right in replying to existing mail threads. Detecting that is hard, of course, because it’s internal mail. It’s a great little mixed bag interview.