The Adversarial Podcast Ep. 15 - US-China-Taiwan cyber relations, mobile app ads facilitating spying, holiday DoS vulnerabilities

Join former CISOs Jerry, Mario, and Sounil as they dissect the latest cybersecurity news, discuss evolving threats, and share their seasoned perspectives on infosec. 00:00 Highlight00:32 Intro1:48 China accuses US of stealing trade secrets10:05 Taiwan reports 2.4M Chinese cyberattacks/day18:21 Christmas day Chrome Extension hacks, including Cyberhaven23:28 Krebs: U.S. Army Soldier arrested for Snowflake customer extortions26:40 Wired: Popular apps hijacked to spy on locations through ad tracking33:28 Holiday DoS vulnerabilities in Palo Alto and Windows LDAP34:36 Are DoS vulnerabilities neglected by security programs?40:37 TI news feeds are noisy and vulnerabilities are overhyped49:37 Are Passkeys ready for prime time?54:49 Adversarial Podcast YouTube comments 57:06 YouTube comment cryptowallet scams59:24 What should security teams try to accomplish during offsites?China Accuses US of Cyberattacks: https://www.reuters.com/world/china/chinas-internet-emergency-center-says-it-dealt-with-two-us-cyber-attacks-against-2024-12-18/Taiwan Reports 2.4M Chinese Cyberattacks Daily: https://www.reuters.com/technology/cybersecurity/chinese-cyberattacks-taiwan-government-averaged-24-mln-day-2024-report-says-2025-01-06/Christmas Day Chrome Extension Hacks: https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html https://adversarialgroup.slack.com/archives/C073BTZ6ZSR/p1735336226170729U.S. Army Soldier Arrested for AT&T and Verizon Extortions: https://krebsonsecurity.com/2024/12/u-s-army-soldier-arrested-in-att-verizon-extortions/Geo-Data Privacy and App Hijacks: https://www.wired.com/story/gravy-location-data-app-leak-rtb/Holiday DoS Vulnerabilities: https://security.paloaltonetworks.com/CVE-2024-3393 https://www.securityweek.com/exploit-code-published-for-potentially-dangerous-windows-ldap-vulnerability/Passkeys: Are They Ready for Prime Time: https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/Cryptowallet Scams and YouTube Comments: https://www.kaspersky.com/blog/cryptowallet-free-seed-phrase-scam/52810