Beers with Talos (BWT) Podcast Episode 13 is now available. Download this episode and subscribe to Beers with Talos:
If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast
Beers with Talos is a fast-paced, smart, and humorous podcast focused on security research topics. Staying abreast of security topics is difficult in this rapidly evolving threat landscape. Beers with Talos serves important security stories in a way that is understandable, engaging, and fun to researchers, executives, and security n00bs alike.
EP13 Show Notes: Struts - when to patch and when to patch with a vengeance. In light of the Equifax breach, we discuss how patching can make you live better days, Never look back and say, Could have been me. Naturally, that convo leads into the biggest story of the week around Pwning the Supply Chain - CCleaner, Python, and Nyetya style. Avast made some mistakes, but every tech company is susceptible to supply chain attacks. What can companies do to protect themselves and how can users adopt a stronger security posture in this area? We also talk Ex$ploit Economy - Valuing exploits by supply and demand. Zerodium has an extensive price list, what can we discern about the availability and difficulty of various exploits using basic economics?
EP13 Timetable: 01:00 - Roundtable - What’s on your mind today?
10:25 - Struts - Could Have Been Me (but we patched)
19:20 - CCleaning up the Supply Supply Chain
33:26 - The Ex$ploit Economy
53:28 - Closing shots and parting thoughts
Talos Struts post: /apache-0-day-exploited
and /apache-struts-being-exploited
Talos CCleaner post: /avast-distributes-malware
Zerodium exploit pricelist: https://www.zerodium.com/program.html ==========
Featuring: Craig Williams (@Security_Craig), Joel Esler (@JoelEsler), Matt Olney (@kpyke) and Nigel Houghton (@EnglishLFC).
Hosted by Mitch Neff (@MitchNeff)
Find all episodes:
http://cs.co/talospodcast
Subscribe via iTunes (and leave a review!)
http://cs.co/talositunes
Check out the Talos Threat Research Blog:
http://cs.co/talosresearch
Subscribe to the Threat Source newsletter:
http://cs.co/talosupdate
Follow Talos on Twitter:
http://cs.co/talostwitter
Give us your feedback and suggestions for topics:
beerswithtalos@cisco.com