Ep8: Microsoft's zero-days and a wormable Windows TCP/IP flaw known to China

Update: 2024-08-17

Description

Three Buddy Problem - Episode 8: This week’s show digs into Microsoft’s in-the-wild zero-day woes, Patch Tuesday and the absence of IOCs, a wormable Windows TCP/IP flaw that the Chinese government knew about for months, Iran’s aggressive hacking US election targets, CrowdStrike v Qihoo360 and major problems with APT naming conventions.

Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)

Links:

Episode 8 Transcript
Six Windows Zero-Days Being Actively Exploited
CVE-2024-38063 - Windows Ping of Death
Wormable TCP/IP flaw known to China — Chinese researcher Xiao Wei of Cyber KunLun said he discovered the vulnerability “several months ago.”
Google TAG: Iran steps hacking against Israel, U.S.
Microsoft report on Iran election hacking
Qihoo claims CrowdStrike bug exploitable
CrowdStrike root cause analysis
LABScon - Speakers 2024

Comments

Top Podcasts

The Best New Comedy Podcast Right Now – June 2024 The Best News Podcast Right Now – June 2024 The Best New Business Podcast Right Now – June 2024 The Best New Sports Podcast Right Now – June 2024 The Best New True Crime Podcast Right Now – June 2024 The Best New Joe Rogan Experience Podcast Right Now – June 20 The Best New Dan Bongino Show Podcast Right Now – June 20 The Best New Mark Levin Podcast – June 2024

In Channel

Russian APT weaponized nearby Wi-Fi networks in DC, new macOS zero-days, DOJ v Chrome

2024-11-2201:28:22

What happens to CISA now? Is deterrence in cyber possible?

2024-11-1501:53:51

Mysterious rebooting iPhones, EDR vendors spying on hackers, Bitcoin 'meatspace' attacks

2024-11-0901:37:00

The Sophos kernel implant, 'hack-back' implications, CIA malware in Venezuela

2024-11-0301:54:14

Fortinet 0days, Appin hack-for-hire exposé, crypto heists, Russians booted from Linux kernel

2024-10-2501:26:44

ESET Israel wiper malware, China's Volt Typhoon response, Kaspersky sanctions and isolation

2024-10-1801:38:18

Typhoons and Blizzards: Cyberespionage and national security on front burner

2024-10-1101:09:09

Careto returns, IDA Pro pricing controversy, crypto's North Korea problem

2024-10-0401:30:38

Exploding beepers, critical CUPS flaws, Windows Recall rebuilt for security

2024-09-2801:19:07

Ep13: The Consolation of Threat Intel (JAG-S LABScon keynote)

2024-09-2131:41

Ep12: Security use-cases for AI chain-of-thought reasoning

2024-09-1401:14:20

Ep11: Cyberwarfare takes an ominous turn

2024-09-0601:15:13

Ep10: Volt Typhoon zero-day, Russia's APT29 reusing spyware exploits, Pavel Durov's arrest

2024-08-3001:18:37

Ep9: The blurring lines between nation-state APTs and the ransomware epidemic

2024-08-2301:06:16

Ep8: Microsoft's zero-days and a wormable Windows TCP/IP flaw known to China

2024-08-1701:17:45

Ep7: Crowd2K and the kernel, PKFail supply chain failures, Paris trains sabotage and Russian Olympic attacks

2024-08-0201:10:03

Ep6: After CrowdStrike chaos, should Microsoft kick EDR agents out of Windows kernel?

2024-07-2601:16:37

Ep5: CrowdStrike's faulty update shuts down global networks

2024-07-1959:51

Ep4: The AT&T mega-breach, iPhone mercenary spyware, Microsoft zero-days

2024-07-1201:11:39

Ep3: Dave Aitel joins debate on nation-state hacking responsibilities

2024-07-0501:04:29

00:00

1.0x

Ep8: Microsoft's zero-days and a wormable Windows TCP/IP flaw known to China

#box-pro-ellipsis-173235146160781{-webkit-line-clamp:2;}Ep8: Microsoft's zero-days and a wormable Windows TCP/IP flaw known to China

Ep8: Microsoft's zero-days and a wormable Windows TCP/IP flaw known to China

Ryan Naraine

Ep8: Microsoft's zero-days and a wormable Windows TCP/IP flaw known to China