Coffee Talk with SURGe: RSA, Karakurt, Apple Passwords, Confluence Zero-Day, Follina/MSDT Update
Join the SURGe Team with a guest from the land down under, a recap of important news in the security landscape, a discussion on RSA, and a special interview with Danielle Jablanski of Nozomi Networks!
This week Ryan Kovar, Audra Streetman, Mick Baccio, and Shannon Davis discussed CISA advisories about China state-sponsored threat actors and the data extortion group Karakurt plus an update on the Confluence and MSDT/Follina zero-days. Mick and Ryan competed in a 60 second charity challenge regarding Apple's plan to replace passwords with biometric authentication methods. The team also shared their takeaway from this year's RSA Conference in San Francisco.
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices (CISA):
https://www.cisa.gov/uscert/ncas/alerts/aa22-158a
U.S. cybersecurity officials issue notice on Karakurt extortion group (CISA):
https://www.cyberscoop.com/karakurt-extortion-cisa-advisory-conti-ransomware/
SURGe Blog about Confluence Zero-Day:
https://www.splunk.com/en_us/blog/security/atlassian-confluence-vulnerability-cve-2022-26134.html
SURGe Blog about Follina Zero-Day:
https://www.splunk.com/en_us/blog/security/rce-la-follina-cve-2022-30190.html
Apple Just Killed the Password—for Real This Time (WIRED):
https://www.wired.com/story/apple-passkeys-password-ios16-ventura/