Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Endpoint Security

The Top Exploited Vulnerabilities of 2023 - The 443 Podcast - Episode 313

This week on the podcast, we review CISA's most recent report on the top routinely exploited vulnerabilities from the last year. Before that, we cover North Korea's latest malware evasion testing followed by a report on a different evasion technique that abuses concatenated ZIP archives. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.

Fraud Week: The Insider Threat Risk that Companies Ignore at their Peril

External risks, such as cyber scams, ransomware, and identity theft, often steal the limelight. Just look at the numbers: our threat lab reports that 105,571 malware attacks have been blocked daily in the last month, translating into one incident every second. However, insider threats, while more difficult to detect, can be just as damaging to organizations.

Unlocking MSP Success: The Power of AI and Trusted Partnerships

The cybersecurity landscape has evolved dramatically, placing IT managers under pressure to adapt. A 168% rise in evasive malware detected by WatchGuard in Q2 2024 underscores this shift, with threat actors following behavioral patterns and adopting attack techniques that become popular and dominate in waves.

The Age of AI-Powered Scams | The 443 Podcast

This week on the podcast, Marc Laliberte and Corey Nachreiner dive into a research white paper that explores how attackers could use AI to execute a full-scale money or credential theft scam from start to finish. Before that, they discuss Sophos's five-year battle with Chinese hackers targeting network devices, followed by a conversation about Microsoft’s ongoing fight against password spray attacks through compromised network devices.

Exploitation Walkthrough: ESC15/EKUwu with Justin Bollinger from TrustedSec

Justin Bollinger, Principal Security Consultant at TrustedSec, discussed his research and mitigation guidance on ADCS ESC15 (CVE-2024-49019), also known as EKUwu, a vulnerability in Microsoft's Active Directory Certificate Services.