Welcome to The Threat Show powered by Fletch! This week we're joined by Simon Crosby. Simon has an impressive list of experiences from his time in cybersecurity, from founding and serving as CTO of XenSource and Bromium, to lecturing at the University of Cambridge and later becoming a member of the Board of Directors at Cambridge in America. Currently, he is an investor and equity partner at DCVC, a venture capital company focused on implementing AI in parts of the economy that have yet to adopt the technology.
After discussing five major threats you need to know about, we talk to Simon about the role AI will play in the future (and present) of cybersecurity, for both the good guys and the bad actors.
Threat Landscape (1:30)
Darien Kindlund and Chris Wilder break down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
LastPass Says Employee's Home Computer Was Hacked And Corporate Vault Stolen (04:48)
New details surrounding a LastPass breach from August 2022 have emerged; 1 of 4 LastPass employees with access to the corporate vault was compromised through their home computer. The attacker compromised a media software package known as Plex which allowed the attacker to load a keylogger onto the home computer system. When the devops engineer logged into LastPass production environments from their home computer the attacker gained access to everything.
Hunting for Honkbox | Multistage macOS Cryptominer May Still Be Hiding (07:43)
A new XMRig cryptocurrency mining malware called Honkbox has led Apple to roll out protections through their internal EDR product XProtect. This malware leverages Web3 technology in the form of the Invisible Internet Project so that rather than being easily identifiable on the internet, malware operators are able to avoid detection.
Who’s Behind the Botnet-Based Service BHProxies? (09:24)
Mylobot is a malware family that sells access to a proxy service called BHProxies where people can anonymously route their web traffic through compromised computers. This ends up targeting consumer grade devices which may not have a lot of sensitive data. Despite the lack of sensitive data, these targets are still valuable to attackers because a user’s internet access through a compromised system acted as nodes on BHProxies.
BlackLotus UEFI bootkit: Myth confirmed (11:04)
BlackLotus is a new malware bootkit that effectively evades Secure Boot. This attack was theoretical a few months ago, but is now confirmed and shows that operators can even target systems that would otherwise be considered secure systems.
Security Defects in TPM 2.0 Spec Raise Alarm (14:09)
Carnegie Mellon researchers discovered 2 theoretical attacks against TPM firmware where a local attacker could upload any arbitrary code they want.
Interview with Simon Crosby (15:08)
We talk to Simon about the role AI will play in the future (and present) of cybersecurity, for both the good guys and the bad actors, chatGPT, deepfakes and much more.
