This episode covers the BootHole vulnerability that bypasses Secure Boot, firmware flaws in Palo Alto firewalls like SMM vulnerabilities and LogoFAIL, and immediate threats like CVE-2024-3393 and CVE-2025-0108. Trixie offers insights on these attacks, their risks, and actionable steps for organizations to protect critical systems. Practical strategies for updating and securing enterprise networks are also discussed.
Episodes (6)
This episode examines RedDelta, a Chinese state-sponsored threat actor, and its evolving strategies to target Mongolia, Southeast Asia, and global entities like the Vatican. We analyze the sophisticated use of PlugX malware, including spear-phishing and DLL sideloading techniques, alongside defensive measures like YARA and Sigma rules. Learn key insights from Mongolia's cybersecurity response and the broader global implications for cybersecurity policies.
Since 2019, MirrorFace has executed sophisticated cyberattacks targeting sensitive sectors, including the 2023 ransomware impacting the Port of Nagoya and the Christmas Day attack on Japan Airlines. This episode highlights their links to APT10, China's state-sponsored operations, and broader geopolitical tensions. Experts provide strategies to bolster defenses, including active cyber defense measures and employee training against phishing.
Researchers Mathy Vanhoef and Angelos Beitis uncover critical vulnerabilities in tunneling protocols, revealing over 4 million globally exposed systems. This episode examines how these flaws impact home routers, VPNs, and core internet infrastructure, enabling risks like DoS attacks and DNS spoofing. Learn about mitigation strategies, CVE identifiers, and the importance of global collaboration to secure this vital technology.
This episode traces the evolution of PlugX, a notorious malware active since 2008, and its ties to Mustang Panda, a suspected state-sponsored group. We discuss the joint efforts of the FBI, French authorities, and Sekoia.io that led to neutralizing over 4,200 infected systems while ensuring no collateral damage. The episode provides insights into global cybersecurity collaboration and innovative strategies to counter advanced threats.
Salt Typhoon emerges as a critical threat in global cybersecurity, targeting telecom networks and exploiting vulnerabilities in Cisco systems. In this episode, Trixie analyzes U.S. sanctions, Salt Typhoon's sophisticated tactics like GRE tunnels, and the global impact of their persistent cyberattacks on governments and industries. Learn how nations can strengthen defenses against such state-sponsored threats.