In this episode, we discuss Ransomware affecting ships and 3rd party service organizations, new cyberinsurance requirements around MFA and service account, supply chain woes, and finally, attackers getting fancy with MS Verified Publisher status!
Article 1 - Ransomware severs 1,000 ships from on-shore servers
Supporting Articles:
The Untold Story of NotPetya, the Most Devastating Cyberattack in History
Testing Autonomous Remote Control of Ships in Singapore
Article 2 - Tackling the New Cyber Insurance Requirements: Can Your Organization Comply?
Article 3 - Have we learnt nothing from SolarWinds supply chain attacks? Not yet it appears
Supporting Articles:
Open Software Supply Chain Attack Reference (OSC&R)
OpenVEX Specification
Article 4 - Attackers abuse Microsoft’s 'verified publisher' status to steal data
Supporting Articles:
How to defend against OAuth-enabled cloud-based attacks
Protect against consent phishing
Audit apps and consented permissions
If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!
Russia Meddling was not quite as bad as originally thought, Federal agency passwords are weak, digital license plates are a terrible but cool idea,...
Back in the news cycle, we discuss the AI Challenges at Defcon, FraudGPT and similar, Smart Cities and a new wrinkle in Ransomware Behavior. ...
This week we discuss eSIM Stealing (not swapping!), the EPA attempting to secure water systems again, and the coming, future Maximum Overdrive like Apocalypse...