11/10/2023 0 Comments Lastpass breach steve gibson grcBut WordPress is built to support an add-on architecture. Leo: I am going to question you on that because these add-ons aren't official WordPress add-ons. We're also wondering, as a result of this, whether WordPress still makes sense in the current day and age, in 2022. We're going to look at another WordPress add-on problem and a supply chain attack on a very popular add-on WordPress provider. And also the resulting sort of changing cyber-insurance landscape that is emerging as a result. We're also going to look at the result of the insurance industry's pushback against ransomware, their insurance coverage of ransomware. Nothing cataclysmic happened in the last week, but there's little percolatings. But first we're going to briefly touch on the ongoing, I would call it Log4j background noise at this point. And so I thought, okay, that's just perfect for the podcast. But it's just it's textbook classic mistake. But due to a little side effect which, you know, I mean, there were some things they could have done that would have prevented this from happening. And I just thought, you know, when I dug into it a little bit more, I thought, okay, I just have to share this with our listeners because it's a perfect example of how a mistake can get made, that you can look at the code, everything looks fine, the structure, the design, perfect. And it's not super crazy, like no one's going to be able to understand this. The details of what the coder did is so interesting. So indeed, this has been an ongoing problem. So this is Security Now! Episode 855 for the 25th of January titled "Inside the NetUSB Hack." And you asked me before we began recording, is this the first time we've talked about NetUSB? And it's funny that you should ask because in my doing some additional digging, I realized there had been a previous event with exactly the same kernel driver in Linux modems, and we titled a podcast, I think it was #508, NetUSB. Steve: They just keep giving so much joy to the world. It'll be the 8th for another Patch Tuesday adventure. We're going to have one of those earliest possible second Tuesdays of the month, two weeks from today. Where did the month go? Next one will be February 1st. Great to be with you for the last podcast of January. You've been waiting all week for this guy right here, Steve Gibson, GRC.com. Yes, once again it's time for Security Now!. Leo Laporte: This is Security Now! with Steve Gibson, Episode 855, recorded Tuesday, January 25th, 2022: Inside the NetUSB Hack. It's all coming up next on Security Now!. You might want to listen so you don't make the same mistake. ![]() And then Steve's going to look at a NetUSB flaw that involved a fairly simple programming error. The EU's major bug bounty funding for a lot of open source projects. ![]() A look at the insurance industry's pushback against ransomware coverage. But I guess that's only a matter of time. No big severe exploits that we know of yet. We're going to briefly touch on Log4j and the background noise. Quarter size (16 kbps) mp3 audio file URL: High quality (64 kbps) mp3 audio file URL: It's really fun and completely understandable! Then we're going to take another of our recent technical deep dives to examine the precise cause of that pervasive NetUSB flaw. We'll share some interesting questions and topics suggested by our listeners. We cover the EU's quite welcome major bug bounty funding, and Kaspersky's discovery of a very difficult to root out UEFI bootkit. We also wonder whether WordPress still makes sense in 2022. We look at another WordPress add-on problem and a supply-chain attack on a very popular add-on provider. We look at the result of the insurance industry's pushback against ransomware coverage and at the resulting changing cyber-insurance landscape. Description: This week we briefly touch on the ongoing Log4j background noise.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |