This week, we're joined by Jono Bacon, a leading community and collaboration speaker, author, and podcaster. He's the founder of Community Leadership Core, an accelerator that develops industry-leading community engagement and growth via personalized training, coaching, and accountability.
He has an impressive career path, having served as director of community at GitHub, Canonical, XPRIZE, and OpenAdvantage. At Ubuntu, he led community strategy for one of the most popular technology platforms in the world, growing it into a community of millions of users. Jono has also authored the books 'People Powered: How communities can supercharge your business, brand, and teams' and 'The Art of Community'.
Jono shares his insights on community building in cybersecurity, communicating with your customers during a security crisis, and the importance of getting your community involved in shaping your brand. We also cover the threat landscape and four trending threats you should know about.
Threat Landscape (02:26)
Darien breaks down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
Google Issues Another Emergency 0-Day Patch For Billions Of Chrome Installs, Update ASAP (03:33)
Google has issued an emergency patch for a zero-day vulnerability affecting billions of Chrome installs. The flaw allows remote attackers to potentially exploit heap corruption via a crafted HTML page. Microsoft’s Edge browser, based on Chromium, is also assumed to be affected by the same vulnerability, and the company is working on releasing a security patch.
Clop ransomware claims responsibility for MOVEit extortion attacks (04:42)
The Clop ransomware gang has claimed responsibility for the recent MOVEit Transfer data-theft attacks, in which a zero-day vulnerability was exploited to breach multiple companies’ servers and steal data. While the number of organizations breached remains undisclosed, the gang stated that victims would be displayed on their data leak site if a ransom was not paid.
Two More Critical Vulnerabilities Found in Zyxel Firewalls and VPN Devices (06:09)
Two critical vulnerabilities have been found in Zyxel firewalls and VPN devices. Both vulnerabilities could lead to remote code execution and denial-of-service attacks on affected devices. Zyxel is urging customers to apply the latest security updates as soon as possible. Last week we covered a similar critical Zyxel vulnerability, CVE-2023-28771, which is now being actively exploited in widespread attacks.
Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards (06:49)
Researchers at Eclypsium discovered that hundreds of Gigabyte motherboard models include a backdoor functionality that could pose a significant risk to organizations. There is no evidence that the backdoor has been leveraged for malicious purposes, but it could be abused by threat actors.
