Zero-day exploited in the wild.

CyberWire Daily

N2K Networks, Inc.

Technology, Tech News, Daily News, News

4.8 • 1.1K Ratings

🗓️ 22 October 2024

⏱️ 28 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

A zero-day affects Samsung mobile processors. A critical vulnerability is discovered in the OneDev DevOps platform. German authorities warn against vulnerable industrial routers. The Bumblebee loader buzzes around corporate networks. Ghostpulse hides payloads in PNG files. A Michigan chain of dental centers agrees to a multimillion dollar data breach settlement. A White House proposal tamps down international data sharing. Fortinet is reportedly patching an as-yet undisclosed severe vulnerability. In our Threat Vector segment, host David Moulton speaks with Nathaniel Quist about cloud extortion operations, the rise of ransomware attacks, and the challenges businesses face in securing public cloud environments. Russian deepfakes spread election misinformation. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of the Threat Vector podcast, host David Moulton, Director of Thought Leadership at Palo Alto Networks, speaks with Nathaniel Quist, Manager of Cloud Threat Intelligence at Cortex & Unit 42. David and Nathaniel discuss recent cloud extortion operations, the rise of ransomware attacks, and the challenges businesses face in securing public cloud environments. You can hear the full discussion here and catch new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading Google Warns of Samsung Zero-Day Exploited in the Wild (SecurityWeek) Critical OneDev DevOps Platform Vulnerability Let Attacker Read Sensitive Data (Cyber Security News) Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks (SecurityWeek) Hackers Use Bumblebee Malware to Gain Access to Corporate Networks (GB Hackers) CISA Adds Sciencelogic SL1 Unspecified Vulnerability to KEV Catalog (Cyber Security News) Pixel perfect Ghostpulse malware loader hides inside PNG image files (The Register) Dental Center Chain Settles Data Breach Lawsuit for $2.7M (BankInfo Security) Biden administration proposes new rules governing data transfers to adversarial nations (The Record) Fortinet issues private notifications to FortiManager customers to patch an undisclosed flaw (Beyond Machines) Russian Propaganda Unit Appears to Be Behind Spread of False Tim Walz Sexual Abuse Claims (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	Around every entry point and every clever attacker, Vectra sees the attacks others can't.
0:18.6	How? Vectra has AI on it. Vectra's AI attacks signal intelligence tells security teams where to focus
0:26.4	what matters. It wades through thousands of individual threat events so you don't have
0:31.8	to. Attackers infiltrating your network,
0:34.8	Vectra has AI on it. Attackers compromising your identities. Vectra has AI on it.
0:41.3	Vectra AI, the integrated signal powering your XDR.
0:46.2	Visit Vectra.
0:50.3	dot AI slash show me to learn more. That's VE C T R A dot AI slash show me to learn more. A zero day affects Samsung mobile processors. A critical vulnerability is discovered in the One DevOps platform.
1:15.9	German authorities warn against vulnerable industrial routers.
1:19.7	The bumblebee loader buzzes around corporate networks.
1:23.7	Ghost Pulse hides payloads and P&G files.
1:27.1	A Michigan chain of dental centers agrees to a multi-million dollar data breach settlement.
1:32.0	A White House proposal tamps down international
1:34.6	data sharing. Portanet is reportedly patching an as-yet-un disclosed severe
1:39.5	vulnerability. In our Threat Vector segment, host David Moulton speaks with Nathaniel Quist about cloud extortion
1:46.3	operations, the rise of ransomware attacks and the challenges businesses face in securing
1:51.3	public cloud environments, and Russian deep fakes spread election
1:56.0	misinformation. It's Tuesday, October 22nd, 2024.
2:14.0	I'm Dave Bitner and this is your CyberWire Intel briefing. Thanks for joining us here today. It is great as always to have you with us.
2:36.0	Google's Threat Analysis Group has warned of a zero-day vulnerability in Samsung's mobile processors that has been actively
2:44.7	exploited with a CVSS score of 8.1. This use after Free Bug can be abused
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.