This week, we're joined by Andrew Peterson, Co-founder of Aviso Ventures, a seed venture capital fund investing in the next generation. Prior to Aviso, Andrew was CEO and Co-Founder of Signal Sciences.
He is a celebrated figure in Information Security, boasting experience as a founder, board member, advisor, and investor. Andrew has a proven track record of establishing high-performance product and sales teams worldwide for prestigious organizations like Etsy, Google, and the Clinton Foundation. He also wrote the book "Cracking Security Misconceptions" to promote security awareness among non-security professionals.
We discuss challenges stemming from the cybersecurity industry's immaturity, if CISOs need stronger whistleblower protections, how to be a personable (and therefore effective) security practitioner, and more.
Threat Landscape (02:15)
Darien and Chris break down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
BYOS – Bundle Your Own Stealer (07:24)
BundleBot is a new malware strain commonly distributed via Facebook Ads and compromised accounts, leading to websites that masquerade as regular program utilities, AI tools, and games. Some of these websites mimic Bard, Google’s generative AI chatbot, enticing victims to download a malicious RAR archive hosted on legitimate cloud storage services like Dropbox.
Sophos Discovers Ransomware Abusing “Sophos” Name (08:58)
SophosEncrypt is a new ransomware, pretending to be cybersecurity company Sophos. The malware works by encrypting files on the infected computer and demanding a ransom for their release.
CISA orders govt agencies to mitigate Windows and Office zero-days (10:29)
Microsoft has disclosed a zero-day vulnerability impacting Office and Windows, which can allow attackers to perform remote code execution with the same privileges as the target. The vulnerability is being exploited through phishing campaigns using malicious Office documents in email attachments.
New critical Citrix ADC and Gateway flaw exploited as zero-day (14:20)
NetScaler is being exploited by an unauthenticated remote code execution vulnerability. It allows bad actors to perform discovery on the victim’s active directory (AD) and collect and exfiltrate AD data. Citrix released a patch for this vulnerability on July 18, 2023.
Interview with Andrew Peterson (16:59)
Andrew Peterson discusses challenges stemming from the cybersecurity industry’s immaturity, if CISOs need stronger whistleblower protections, how to be a personable (and therefore effective) security practitioner, and more.
