Episode #301: Edwin Kwan: Critical Vulnerability Threatens SSH Security; Hillary Coover: National Grid Removes China-Based Supplier's Components; Ian Garrett: Ransomware Evolves to Extortionware Threat; Olimpiu Pop: 2023 in Review: Cybersecurity and the Supply Chain; Marcel Brown: This Day in Tech History
Description
Free, ungated access to all 300+ episodes of “It’s 5:05 !” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.
The stories we’re covering today.
Marcel Brown: December 25th, 1990. Merry Christmas, everyone. Tim Berners Lee, a British scientist working at the European Organization for Nuclear Research, otherwise known as CERN, along with his associate, Robert Kaliau, were operating the first web server, info.cern.Ch, and first web browser slash editor, World Wide Web, which were reportedly able to communicate over the internet by this date.
Edwin Kwan: A groundbreaking attack named Terrapin has been uncovered posing a significant threat to the security of the SSH secure shell protocol. What sets Terrapin apart is its ability to undermine cryptographic SSH protections that were previously considered to be immune to such attacks
Hillary Coover: Britain's National Grid is taking steps to remove components provided by a subsidiary of China-backed Nari Technology from its electricity transmission network due to concerns about cybersecurity.
Ian Garrett: Cyber criminals in their quest to maximize disruption and ransom demands are evolving their strategies. A notable example is the ransomware group gang known as BlackCat, which recently employed a novel extortion tactic. This incident is the first of its kind, and likely a precursor to future trends in cyber extortion.
Olimpiu Pop: In 2023, cybersecurity and supply chain issues evolved significantly. Software supply chain attacks, especially targeting open source software libraries, saw a dramatic increase. The growing reliance on open source software, under the pressure of rapid development cycles, made these libraries prime targets for exploitation.