Welcome to The Threat Show powered by Fletch. This week’s special guest is Todd Inskeep, a CISO and cybersecurity executive with over 30 years of experience who helps businesses balance their objectives with the need for protection against modern security threats.
We discuss fractional CISOs, their rising prominence in the InfoSec space, how to know when your organization needs one, and how they can be helpful to businesses of different sizes. The team also discusses four major threats you need to know about.
Hackers exploit critical Citrix ADC and Gateway zero day, patch now (01:53)
A Citrix zero day vulnerability is being actively exploited by the state-sponsored APT5 hacker group. The NSA (National Security Agency) has stepped in to share the attribution for this threat and warn the public.
Security Flaw in Atlassian Products (Jira, Confluence,Trello, BitBucket) Affecting Multiple Companies (06:50)
Improper session handling by Atlassian has led to a threat actor infiltrating CloudSeek’s infrastructure, affecting a number of organizations. When someone logs in to a cloud hosted Atlassian product, the browser is given a cookie for subsequent access that is valid for 30 days, even if the company tries to reset their MFA credentials.
New Ransomware Strain Discovered Lurking in Open-Source Packages (11:02)
A new ransomware strain was discovered within a number of open-source packages, and a particular threat group is typosquatting several popular javascript and python packages in order to lace open-source software with ransomware.
Hackers use new Fantasy data wiper in coordinated supply chain attack (13:36)
An Iranian threat group targeting South East Asian organizations is using a new type of data wiper to completely wipe computer systems. These types of attacks benefit the country sponsoring them.
