Security News

Black Hat wasn't the only game in town last week: FuzzCon threw a bunch of software security experts and industry leaders into a black box and shook them up to see what fuzzing - an emerging trend in continuous software testing that automates white-hat hacking - is all about. Fuzzing is an elite tool, so it makes sense that its use to discover Heartbleed - one of many bugs uncovered with fuzzing - was discovered and confirmed by elite code testers: Google's Neel Mehta discovered the vulnerability, while the Finnish company Codenomicon confirmed it.

" Timezone curiosities - when modular arithmetic gets weird. Microsoft researcher found Apple 0-day in March, didn't report it.

In the company's annual Human Factor 2021 report assessing how the threat landscape morphed over the past year - released on Wednesday - Proofpoint researchers scratched their heads over the reasons for so many users succumbing to malicious CAPTCHAs or clicking on poisoned images in steganography attacks. Since its inception in 2014, the Human Factor report has looked at how people play into risk, including where users are most vulnerable, how attackers target them, and the havoc that can be wreaked when threat actors compromise privileged access to data, systems and other resources.

A new sort of Windows nightmare, this one not involving printers. Another new sort of Windows nightmare, also with no printers.

My guests today are Lee Christiansen and Will Schroeder, the SpecterOps researchers behind a recent report entitled Certified Pre-owned: Abusing Active Directory Certificate Servers, about attack paths in Microsoft Active Directory. Will Schroeder: And the last thing I'll add on to that last kind of point is just the complexity of Active Directory along with, you know, how easy it can occasionally be to where one of the things we've seen and a term we've tried to help kind of push is misconfiguration debt, where we see Active Directory has been in an environment for a long period of time.

Full transparency: Curtis Simpson, CISO at Armis, the enterprise IoT security company, was fundamentally a black hat at the age of 12, before he even knew what a black hat was. That mindset comes in handy in the space of OT and ICS: in other words, the world of operational technology, - the computing systems used to manage industrial operations - and industrial control systems.

LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

" We explain how a format string bug could lock your iPhone out of your own network. We revisit the PrintNightmare saga, which is sort-of fixed but not really.

In this week's Oh! No! story, a server room fills with toxic fumes. Download the IBM 3270 retrofont that Duck admired in the podcast.

In this special splintersode, Kimberly Truong talks to Eva Galperin, Director of Security at the Electronic Frontier Foundation. Join Eva as she discusses growing up with cryptography, the troubling issue of stalkerware, how to get started in cybersecurity and the sort of hobbies that help infosec professionals to free their minds from work pressure when they want to relax.