3 Security Buddies Paul Kehrer, Robert Clark, Matias Brutti

Follow up:
No follow ups
Topics:
NIST changing password requirementsRoundtable how we got into security + suggestions
Paul Rant:
Paul is on vacation. No Rants.  
Links:
https://pages.nist.gov/800-63-3/sp800-63b.html https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords 
Hosts:
Paul Kehrer @reaperhulk
Robert Clark @hyakuhei
Matías Brutti @MrBrutti

Special Guest:
Travis McPeak @travismcpeak 

Post-Production:
Matias Brutti @MrBrutti

Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. 

Follow up:
US is elevating ransomware the same level of terrorism.
Topics:
Apple Security WWDCMove beyond passwords ( iCloud Keychain WebAuthN keys ) Discover account-driven User EnrollmentSecure login with iCloud Keychain verification codes ( domain-binding apple-totp )Polkit PrivEscGrowing abuse of Kubernetes (it’s not containers) 
Paul Rant:
Apple Bug Report blackhole  
Links:
https://www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism-official-says-2021-06-03/ https://threatpost.com/microsoft-cryptomining-kubeflow/166777/https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/ 
Hosts:
Paul Kehrer @reaperhulk
Robert Clark @hyakuhei
Matías Brutti @MrBrutti

Post-Production:
Matias Brutti @MrBrutti

Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. 

Follow up:
 - Nothing this week

Topics:
Automated Fuzzing Testing in GoStack Overflow Supply Chain AttacksDeps.devUpdate on Github’s policies regarding exploits, malware, and vulnerability researchPaul Rant:
Pinning dependencies on Libraries 
Links:
https://blog.golang.com/fuzz-betahttps://www.wsj.com/articles/software-developer-community-stack-overflow-sold-to-tech-giant-prosus-for-1-8-billion-11622648400https://deps.devhttps://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/
Hosts:
Paul Kehrer @reaperhulk
Robert Clark @hyakuhei
Matías Brutti @MrBrutti

Post-Production:
Matias Brutti @MrBrutti

Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. 

Follow up:
Vaxxed || Mask Rant UpdateWhatsApp will not be removing functionality.
Topics:
OpenSSL RustificationData without context is useless AMD attacks on Virtual Machine Protection System.M1ssing Register Access Controls Leak EL0 State
Paul Rant:
QC35 switch is garbage. GARBAGE!
Links:
https://therecord.media/two-attacks-disclosed-against-amds-sev-virtual-machine-protection-system/https://m1racles.com
Hosts:
Paul Kehrer @reaperhulk
Robert Clark @hyakuhei
Matías Brutti @MrBrutti

Post-Production:
Matias Brutti @MrBrutti

Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. 

Episode Follow up:
Codecov Mercari Audacity Open Source Telemetry 
Topics:
WhatsApp: Give me your privacy or I will stop working. Russian Keyboard as a first line of defense  Craig Federighi MacOS vs iOS Security Model 
Paul Rant:
Vaxxed or Mask. Trust by Verify Rant by Matias Brutti. 
Links:
https://about.mercari.com/en/press/news/articles/20210521_incident_report/https://github.com/audacity/audacity/discussions/889https://blog.malwarebytes.com/privacy-2/2021/05/whatsapp-calls-and-messages-will-break-unless-you-share-data-with-facebook/https://www.schneier.com/blog/archives/2021/05/adding-a-russian-keyboard-to-protect-against-ransomware.htmlhttps://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/https://9to5mac.com/2021/05/19/craig-federighi-mac-malware-problem/https://www.imore.com/craig-federighi-defends-iphone-security-throwing-mac-under-bus

Hosts:
Paul Kehrer @reaperhulk
Robert Clark @hyakuhei
Matías Brutti @MrBrutti

Post-Production:
Matias Brutti @MrBrutti

Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. 

Episode 2 Follow up:
CodeCov continues to claim victims. Rapid7 & Twilio. 
Topics:
Rob’s python adventuresAlfredos mouse micFragAttackCyberBattleSiem
Paul Rant:
ZeroTrust Executive Order By Robert Links:
https://www.rapid7.com/blog/post/2021/05/13/rapid7s-response-to-codecov-incident/ https://www.twilio.com/blog/response-to-the-codecov-vulnerabilityhttps://github.com/ortegaalfredo/mousemic https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/05/fragattack-new-wi-fi-vulnerabilities-that-affect-basically-everything/https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ 
Hosts:
Paul Kehrer @reaperhulk
Robert Clark @hyakuhei
Matías Brutti @MrBrutti

Post-Production:
Matias Brutti @MrBrutti

Disclaimer:  The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers.