In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the launch of their new podcast, Getting Defensive. They delve into a CISA report on exploited vulnerabilities, highlighting the concerning trend of zero-day vulnerabilities being exploited. The conversation also covers a GitHub incident involving malicious commits … Continue reading Defensive Security Podcast Episode 286 →
In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the launch of their new podcast, Getting Defensive. They delve into a CISA report on exploited vulnerabilities, highlighting the concerning trend of zero-day vulnerabilities being exploited. The conversation also covers a GitHub incident involving malicious commits aimed at framing a researcher, Microsoft’s new Windows resiliency initiative, and insights from a CISA red team assessment of a critical infrastructure organization. We emphasize the importance of consent in security assessments and the challenges organizations face in managing risks associated with outdated software.
Takeaways
* The launch of the new podcast ‘Getting Defensive’ aims to explore deeper cybersecurity topics.
* CISA’s report indicates a troubling trend of zero-day vulnerabilities being exploited more frequently.
* Organizations must prioritize patching and mitigating controls to address vulnerabilities effectively.
* The GitHub incident highlights the risks of malicious commits and the importance of code review.
* Microsoft’s Windows resiliency initiative introduces new features to enhance security and system integrity.
* Consent is crucial in penetration testing and security assessments.
* Organizations often accept risks associated with outdated software, which can lead to vulnerabilities.
* Effective monitoring and detection are essential to mitigate potential attacks.
* Ransomware is not the only threat; organizations must be aware of various attack vectors.
* The CISA red team assessment provides valuable insights into the security posture of critical infrastructure.
Â
Links:
* https://www.darkreading.com/cyberattacks-data-breaches/zero-days-wins-superlative-most-exploited-vulns
* https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/
* https://thehackernews.com/2024/11/microsoft-launches-windows-resiliency.html?m=1
* https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a
Â
Links: