This week we're joined by Alan Cohen, a deep-tech investor and a partner at DCVC, a venture capital company focused on implementing AI in parts of the economy that have yet to adopt the technology. Alan breaks down why the cybersecurity industry is so complex and why practitioners should focus on extracting simplicity rather than mastering complexity.
We also discuss four major threats involving remote code execution you need to know about.
Apple emits emergency patch for older iPhones after snoops pounce on WebKit hole (01:51)
Apple has rolled out a major patch day, with older hardware as old as ten years old running iOS 12 curiously receiving patches. This is because nation state threat groups and cybercriminals have been able to compromise older Apple hardware and run remote code execution.
Mandiant detects suspected Chinese BOLDMOVE hackers exploiting FortiOS vulnerability across federal entities (04:16)
Fortinet’s SSL-VPN has a vulnerability that can allow for remote code execution. Mandiant has discovered that Chinese threat actors are building custom malware to load and run on these devices.
Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP” (06:46)
A Windows vulnerability allowed attackers to compromise the system through remote code execution if users had IPv6 enabled. This was patched in September, but new details are emerging on its severity.
Critical RCE vulnerabilities found in git (08:24)
Git has several critical vulnerabilities that can trigger remote code execution when a developer downloads an untrusted or malicious software repo from a public site like GitHub. This can cause an end workstation to be compromised, or conversely a malicious actor can submit and upload this laced version of their repo to a cloud service and potentially compromise workloads in the cloud.
Interview With Alan Cohen (11:09)
Alan breaks down why the cybersecurity industry is so complex and why practitioners should focus on extracting simplicity rather than mastering complexity.
