On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Microsoft introduces some sensible sounding post-Crowdstrike changes


• Palo Alto patches hella-stupid bugs in its firewall management webapp


• CISA head Jen Easterly to depart as Trump arrives


• AI grandma tarpits phone scammers in family-tech-support hell


• Academic research supports your gut-reaction; phishing training doesn’t work


• And much, much more.

This week’s episode is sponsored by Greynoise. The always excitable Andrew Morris joins to remind us that the edge-device vulnerabilities Pat and Adam complain about on the show are in fact actually even worse than we make them out to be. Andrew also tells us about a zero-day Greynoise’ AI system truffle-pigged out of their data set.

This episode is also available on Youtube.

Show notes

• Windows security and resiliency: Protecting your business | Windows Experience Blog



• Microsoft revamps how it will disclose vulnerabilities | Cybersecurity Dive



• NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely



• Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474



• Palo Alto Networks customers grapple with another actively exploited zero-day | Cybersecurity Dive



• Unpatched zero-days in Fortinet and Palo Alto Networks software



• Palo Alto Networks’ customer migration tool hit by trio of CVE exploits | Cybersecurity Dive



• Readout of President Joe Biden’s Meeting with President Xi Jinping of the People’s Republic of China | The White House



• Easterly to step down from CISA director role on Inauguration Day | Cybersecurity Dive



• Top White House cyber official urges Trump to focus on ransomware, China



• Ransomware gang Akira leaks unprecedented number of victims’ data in one day



• Hacker Is Said to Have Gained Access to File With Damaging Testimony About Gaetz



• 1,400 Pegasus spyware infections detailed in WhatsApp’s lawsuit filings



• NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents | TechCrunch



• Ransomware gang Akira leaks unprecedented number of victims’ data in one day



• Ohio man behind Helix cryptocurrency mixer gets 3-year sentence



• O2 unveils Daisy, the AI granny wasting scammers’ time - Virgin Media O2



• Understanding the Efficacy of Phishing Training in Practice



• Bunnings facial recognition cameras breach Privacy Act, retailer to challenge ruling | news.com.au — Australia’s leading news site



• Nudity, punches in newly released Bunnings CCTV as company found to breach Privacy Act | news.com.au — Australia’s leading news site



• Bitfinex Hack Launderer Heather 'Razzlekhan' Morgan Sentenced to 18 Months in Prison