On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Microsoft introduces some sensible sounding post-Crowdstrike changes
• Palo Alto patches hella-stupid bugs in its firewall management webapp
• CISA head Jen Easterly to depart as Trump arrives
• AI grandma tarpits phone scammers in family-tech-support hell
• Academic research supports your gut-reaction; phishing training doesn’t work
• And much, much more.

This week’s episode is sponsored by Greynoise. The always excitable Andrew Morris joins to remind us that the edge-device vulnerabilities Pat and Adam complain about on the show are in fact actually even worse than we make them out to be. Andrew also tells us about a zero-day Greynoise’ AI system truffle-pigged out of their data set.

Show notes:

Windows security and resiliency: Protecting your business | Windows Experience Blog https://blogs.windows.com/windowsexperience/2024/11/19/windows-security-and-resiliency-protecting-your-business/

Microsoft revamps how it will disclose vulnerabilities | Cybersecurity Dive https://www.cybersecuritydive.com/news/microsoft-disclose-vulnerabilities-CSAF/733063/

NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely https://therecord.media/nist-vulnerability-backlog-cleared-cisa

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/

Palo Alto Networks customers grapple with another actively exploited zero-day | Cybersecurity Dive https://www.cybersecuritydive.com/news/palo-alto-networks-pan-os-firewall-zero-day/733336/

Unpatched zero-days in Fortinet and Palo Alto Networks software https://news.risky.biz/risky-biz-news-unpatched-zero-day-in-palo-alto-networks-is-in-the-wild/

Palo Alto Networks’ customer migration tool hit by trio of CVE exploits | Cybersecurity Dive https://www.cybersecuritydive.com/news/palo-alto-networks-migration-tool-exploits/733072/

Readout of President Joe Biden’s Meeting with President Xi Jinping of the People’s Republic of China | The White House https://www.whitehouse.gov/briefing-room/statements-releases/2024/11/16/readout-of-president-joe-bidens-meeting-with-president-xi-jinping-of-the-peoples-republic-of-china-3/

Easterly to step down from CISA director role on Inauguration Day | Cybersecurity Dive https://www.cybersecuritydive.com/news/easterly-step-down-cisa-director-inauguration/733199/

Top White House cyber official urges Trump to focus on ransomware, China https://therecord.media/neuberger-urges-trump-admin-focus-china-ransomware

Ransomware gang Akira leaks unprecedented number of victims’ data in one day https://therecord.media/akira-ransomware-group-publishes-unprecedented-leak-data

Hacker Is Said to Have Gained Access to File With Damaging Testimony About Gaetz https://www.nytimes.com/2024/11/19/us/politics/matt-gaetz-hack-testimony.html

1,400 Pegasus spyware infections detailed in WhatsApp’s lawsuit filings https://therecord.media/pegasus-spyware-infections-detailed-whatsapp-lawsuit

NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents | TechCrunch https://techcrunch.com/2024/11/15/nso-group-admits-cutting-off-10-customers-because-they-abused-its-pegasus-spyware-say-unsealed-court-documents/?guccounter=1

Ransomware gang Akira leaks unprecedented number of victims’ data in one day https://therecord.media/akira-ransomware-group-publishes-unprecedented-leak-data

Ohio man behind Helix cryptocurrency mixer gets 3-year sentence https://therecord.media/ohio-man-helix-crypto-sentenced

O2 unveils Daisy, the AI granny wasting scammers’ time - Virgin Media O2 https://news.virginmediao2.co.uk/o2-unveils-daisy-the-ai-granny-wasting-scammers-time/

Understanding the Efficacy of Phishing Training in Practice https://www.computer.org/csdl/proceedings-article/sp/2025/223600a076/21B7RjYyG9q

Bunnings facial recognition cameras breach Privacy Act, retailer to challenge ruling | news.com.au — Australia’s leading news site https://www.news.com.au/finance/business/retail/bunnings-facial-recognition-cameras-breach-privacy-act-retailer-to-challenge-ruling/news-story/11e6f81c75e2da32384936f66bc0ce60

Nudity, punches in newly released Bunnings CCTV as company found to breach Privacy Act | news.com.au — Australia’s leading news site https://www.news.com.au/lifestyle/real-life/news-life/nudity-punches-in-newly-released-bunnings-cctv-as-company-found-to-breach-privacy-act/news-story/6c488d41706d87df2e5d2ca9393764aa

Bitfinex Hack Launderer Heather ‘Razzlekhan’ Morgan Sentenced to 18 Months in Prison https://www.coindesk.com/policy/2024/11/18/bitfinex-hack-launderer-heather-razzlekhan-morgan-sentenced-to-18-months-in-prison/