cover of episode Defensive Security Podcast Episode 286
People
A
Andrew Kalat
J
Jerry Bell
Topics
Jerry Bell 和 Andrew Kalat 讨论了他们新的播客 "Getting Defensive",该播客将深入探讨网络安全主题,并采访业内专家。他们还讨论了 CISA 关于已利用漏洞的报告,该报告强调了零日漏洞日益增长的趋势。他们分析了 GitHub 上发生的恶意提交事件,该事件试图陷害一位安全研究人员,并讨论了微软新的 Windows 弹性计划以及 CISA 对关键基础设施组织进行的红队评估。他们强调了在安全评估中获得同意的重要性以及组织在管理与过时软件相关的风险方面面临的挑战。 Jerry Bell 和 Andrew Kalat 详细分析了 CISA 报告中提到的关键漏洞,并讨论了这些漏洞被利用的策略和影响。他们还讨论了在软件生产商和消费者层面应对这些漏洞的策略,包括及时修补、实施缓解控制措施以及加强监控和检测。他们还讨论了网络安全行业在及时修补和管理风险方面面临的挑战,例如劳动力短缺和修补带来的潜在风险。 Jerry Bell 和 Andrew Kalat 讨论了微软新的 Windows 弹性计划,该计划旨在增强安全性并提高系统完整性。他们讨论了该计划的一些关键功能,例如远程配置管理、改进的打印安全、密码管理改进以及内核访问限制。他们还讨论了这些改进可能带来的新的安全风险,以及这些改进如何影响安全工具的运行方式。 Jerry Bell 和 Andrew Kalat 讨论了 CISA 对关键基础设施组织进行的红队评估报告。他们分析了攻击者如何利用 NFS 共享、网络钓鱼以及已知漏洞来入侵该组织的系统。他们还讨论了该组织的安全团队如何发现并应对这些攻击,以及该组织在管理风险和实施缓解控制措施方面面临的挑战。他们强调了在安全评估中获得同意的重要性,以及在管理与过时软件相关的风险方面面临的挑战。

Deep Dive

Chapters
The discussion focuses on CISA's report highlighting the alarming trend of zero-day vulnerabilities being exploited more frequently. The hosts explore the implications for software producers and consumers, emphasizing the need for better patching practices and mitigating controls.
  • Over half of exploited vulnerabilities in 2023 were zero-days.
  • Six out of the top fifteen exploited vulnerabilities were in core network infrastructure.
  • CISA has improved its timeliness in updating the Known Exploited Vulnerabilities list.
  • Organizations need to prioritize patching and implement mitigating controls to address vulnerabilities effectively.

Shownotes Transcript

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the launch of their new podcast, Getting Defensive. They delve into a CISA report on exploited vulnerabilities, highlighting the concerning trend of zero-day vulnerabilities being exploited. The conversation also covers a GitHub incident involving malicious commits aimed at framing a researcher, Microsoft’s new Windows resiliency initiative, and insights from a CISA red team assessment of a critical infrastructure organization. We emphasize the importance of consent in security assessments and the challenges organizations face in managing risks associated with outdated software.

Takeaways

  • The launch of the new podcast ‘Getting Defensive’ aims to explore deeper cybersecurity topics.

  • CISA’s report indicates a troubling trend of zero-day vulnerabilities being exploited more frequently.

  • Organizations must prioritize patching and mitigating controls to address vulnerabilities effectively.

  • The GitHub incident highlights the risks of malicious commits and the importance of code review.

  • Microsoft’s Windows resiliency initiative introduces new features to enhance security and system integrity.

  • Consent is crucial in penetration testing and security assessments.

  • Organizations often accept risks associated with outdated software, which can lead to vulnerabilities.

  • Effective monitoring and detection are essential to mitigate potential attacks.

  • Ransomware is not the only threat; organizations must be aware of various attack vectors.

  • The CISA red team assessment provides valuable insights into the security posture of critical infrastructure.

 

Links: