Welcome to The Threat Show, powered by Fletch! This week, we're joined by Leon DuPree, a consultant with the heart of a teacher.
Throughout his career, Leon has worked with larger consulting firms, such as Deloitte & Touche and PricewaterhouseCoopers, holding positions such as Systems Engineer, Project Manager, Systems Manager, Lead Consultant, Senior Security Architect & Auditor. He’s also a published security author in the cloud security and the healthcare space.
We discuss the importance of strong organizational cultures, knowing how to communicate complex cybersecurity issues, and more.
Threat Landscape (01:55)
Darien and Chris break down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
FBI: Unplug exploited Barracuda ESG appliances now (04:25)
Barracuda customers have been warned by the FBI to remove the company’s Email Security Gateway (ESG) appliances from operation immediately due to a vulnerability that remains exploitable even after patches were issued. The zero-day attack, discovered in May, was attributed to a previously unknown threat group called UNC4841, suspected of being linked to China. UNC4841 is known to have exfiltrated data from some compromised systems, with an emphasis on the public sector.
Exploit released for Juniper firewall bugs allowing RCE attacks (06:50)
Hackers are exploiting four newly discovered Remote Code Execution (RCE) security flaws in the J-Web component of Junos OS. These vulnerabilities can be chained together, allowing attackers to execute arbitrary code on compromised instances.
A One-Click Security Vulnerability in Zimbra Collaboration Suite: CVE-2023-41106 (12:28)
A one-click security vulnerability has been discovered in all versions of the Zimbra Collaboration Suite. This vulnerability allows unauthorized access to Zimbra accounts when users click on malicious links sent by attackers.
Interview with Leon DuPree (14:40)
Leon DuPree discusses the importance of strong organizational cultures, knowing how to communicate complex cybersecurity issues, and more.
