News Wrap: PoC Exploit Controversy, Cable Haunt & Joker Malware
01/17/20 • 25 min
This week's news wrap podcast breaks down the biggest Threatpost security stories of the week, including:
- Various proof-of-concept exploits being released for serious vulnerabilities this week - including for the recently-patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft.
- Multiple cable modems used by ISPs to provide broadband into homes have a critical vulnerability in their underlying reference architecture, dubbed "Cable Haunt," that would allow an attacker full remote control of the device.
- Google's continual battle against attackers who are infiltrating Google Play with Android apps (more than 17,000 apps to date) distributing the Joker malware.
- Google setting an aggressive two-year deadline for dropping support for third-party tracking cookies in its Chrome web browser.
This week's news wrap podcast breaks down the biggest Threatpost security stories of the week, including:
- Various proof-of-concept exploits being released for serious vulnerabilities this week - including for the recently-patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft.
- Multiple cable modems used by ISPs to provide broadband into homes have a critical vulnerability in their underlying reference architecture, dubbed "Cable Haunt," that would allow an attacker full remote control of the device.
- Google's continual battle against attackers who are infiltrating Google Play with Android apps (more than 17,000 apps to date) distributing the Joker malware.
- Google setting an aggressive two-year deadline for dropping support for third-party tracking cookies in its Chrome web browser.
Previous Episode
NSA Detects Major Microsoft Windows Flaw: What It Means
A major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency (NSA).
Microsoft's January Patch Tuesday security bulletin disclosed the "important"-severity vulnerability, which could allow an attacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source.
Threatpost talked to Pratik Savla, senior security engineer at Venafi, about the vulnerability, whether the hype around the flaw was warranted, and what the disclosure means for the NSA.
Next Episode
Vivin Nets Thousands of Dollars Using Cryptomining Malware
Threatpost talks to Nick Biasini, a threat researcher at Cisco Talos, about a recently-uncovered threat actor, dubbed Vivin, has made thousands of U.S. dollars through a large-scale cryptomining campaign.
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/the-threatpost-podcast-108737/news-wrap-poc-exploit-controversy-cable-haunt-and-joker-malware-5622269"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to news wrap: poc exploit controversy, cable haunt & joker malware on goodpods" style="width: 225px" /> </a>
Copy