Bengtson and Leif Dreizler as they dive into the latest trends and insights in the world of cybersecurity.Highlights:🤖 AI's Impact on Security: A deep dive into how AI and LLMs are transforming the security landscape, including the potential for better code and the changing dynamics of security jobs.❄️ Snowflake's MFA Changes: Discussion on Snowflake's proactive measures following data breaches and the importance of shared responsibility in security.📬 Email Spoofing Attack: An analysis of a clever DKIM replay attack that exploited Google’s email systems. ☠️ Malicious Uses of AI: Insights from Anthropic's blog on how AI is being misused for influence campaigns and malware generation. 💻 SCIM Security: A look at the DoyenSec article on SCIM vulnerabilities and the importance of secure provisioning in SSO.Tune in for an engaging conversation filled with expert opinions, practical advice, and a few laughs along the way! Don't forget to like and subscribe!
--------
49:50
--------
49:50
Episode 27 - Deal or No Deel
🎙️Welcome to episode 27! In this episode, we dive into the latest security news and insights with your hosts,Travis McPeak, Will Bengtson and Leif Dreizler.Highlights:🚨 Insider threats are real! Join us as we discuss a wild corporate espionage case between Deal and Rippling. You won’t believe what happened! 💰 Google just dropped $32 billion on Wiz! What does this mean for the future of cloud security? 🛻 Jaguar Land Rover Data Breach: A ransomware attack reveals vulnerabilities in credential management and the importance of dark web monitoring.🕵️♂️ Ever heard of LLM poisoning? We’re exploring how misinformation is affecting AI models.💸Crypto Heist Analysis: A deep dive into the SafeWallet heist, examining the operational security mistakes made by the attackers.Join us as we break down this week’s biggest security stories, so you don’t have to. Don't forget to like and subscribe!
--------
37:08
--------
37:08
Episode 26 - Hugging Pickle
🎙️ We’re back with another exciting episode of our podcast, where we dive into the latest trends and stories in the world of security! In this episode, Travis McPeak and Will Bengtson welcome our special guest, Misha Kuenstner, a Security Engineering Manager at Semgrep. We cover a range of topics, including: 🛌 A deep dive into a recent security vulnerability involving Eight Sleep covers, where researchers discovered alarming access issues.🥒 The implications of Hugging Face models being susceptible to local execution due to the use of Python's Pickle serialization.🛡️ Insights from the first-ever State of Detection Engineering report, highlighting the evolving skills needed in detection and response.☁️ A discussion on the recent CVE related to unauthenticated username enumeration in AWS and its impact on cloud security.✉️ Google's announcement to replace SMS authentication with QR codes for Gmail, aiming to enhance security.Tune in to hear our thoughts, insights, and recommendations on these pressing security issues. Don't forget to like, subscribe, and hit the notification bell for more episodes!
--------
36:59
--------
36:59
Episode 25 - Hook, line, and deep fake
🎙️Join us for another episode of the 404:Security Not Found podcast! This week, Travis McPeak, Swathi Joshi and Will Bengtson discuss the latest trends in cybersecurity, including Microsoft's push towards a passwordless future and the implications of AI in spear phishing attacks.
In this episode, we cover:
🛡️ Microsoft's significant changes impacting over a billion users as they move towards a passwordless future.
🤖 A report from Malwarebytes on AI-powered spear phishing attacks and their alarming effectiveness.
The discovery of a malicious NPM package and the ongoing challenges of package squatting.
The recent pardon of Silk Road creator Ross Ulbricht and its implications.
A fascinating discussion on canaries in cybersecurity and their maturity model.
💔 A heartbreaking story of a woman scammed out of her life savings through a deepfake scam involving a fake Brad Pitt.
Don't forget to like and subscribe for more episodes!
Thanks for listening!
--------
35:02
--------
35:02
Episode 24 - us-east-1.com
🎙️Welcome to this episode of 404 Security Not Found. This week, our hosts—Travis McPeak, Leif Dreizler, Swathi Joshi and Will Bengtson cover the following topics:
🛡️ Security Fix Campaigns: Discover how campaigns help address security misconfigurations efficiently for developers.
⛽ ExxonMobil Hacking Case: Discuss the FBI’s investigation into a hacking operation by an ExxonMobil consultant and its implications on corporate espionage.
🏛️ Government-Recommended Encryption: Following a breach by Chinese actors, we highlight the need for encrypted messaging apps like WhatsApp and Signal.
🤖 AI in Security: Learn how AI is enhancing vulnerability discovery in software development.
☁️ AWS re:Invent Highlights: Explore new features such as Resource Control Policies aimed at boosting cloud security.
🖥️ Us-east-1.com Case: Hear about the surprising traffic and questions on DNS security that arose from the registration of us-east-1.com.
💰 AI Agent Challenge: Examine the FRESA project, where participants try to persuade an AI to transfer funds, raising cybersecurity implications.
Join us for insightful discussions, humor, and expert opinions. Subscribe for more episodes and share your comments below!