This week, we're joined by Ivan Tsarynny, the CEO and Co-founder of Feroot, a behavior-based web security monitoring platform dedicated to helping their customers do business securely online by diminishing a threat actor’s ability to breach customer data or damage websites via client-side attacks. He serves on the Standards Council of Canada GDPR Committee, a national forum that develops and adopts standards to provide Canadian organizations with effective means to comply with GDPR.
In recent months, Ivan has appeared on several national broadcasts, including CNN and Yahoo! News, to discuss the security risk associated with tracking pixels.
We discuss how organizations can securely use pixels, malicious ads, 5 threats you should know about, and more.
Threat Landscape (01:53)
Darien breaks down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
Update: Apple’s Rapid Security Response Patches Causing Website Access Issues (02:37)
Apple released emergency updates to fix a zero-day vulnerability in WebKit that allowed remote code execution. However, the initial updates caused issues accessing some websites, prompting complaints. Apple withdrew the updates and released corrected versions.
Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices (03:43)
Fortinet recently disclosed a critical vulnerability in different versions of FortiOS and FortiProxy that allows remote code execution. The flaw can be exploited by sending crafted packets to affected proxy or firewall policies.
MOVEit Transfer fixes three new vulnerabilities (04:25)
After hundreds of companies were attacked with a 0-day vulnerability in MOVEit Transfer, has released a patch including fixes for three vulnerabilities, including one allowing unauthorized database access.
Critical RCE Vulnerability in ShareFile: PoC Exploit Available (05:11)
A critical vulnerability was recently discovered in ShareFile, a cloud file sharing service. The vulnerability allowed unauthenticated users to upload arbitrary files and execute remote code.
Big Head Ransomware Found in Malvertising and Fake Windows Updates (06:07)
A new ransomware strain dubbed Big Head emerged in May 2023 and has been actively infecting Windows users. Distributed through fake Windows updates and malicious ads, Big Head installs three encrypted files to spread malware, facilitate Telegram communication, and encrypt files. Multiple variants of Big Head with different capabilities like stealing information or incorporating the Neshta file infector were detected, suggesting continuous development.
