No CVE and No Accountability – PSW #851
Alright, so we dove deep into some pretty wild stuff this week. We started off talking about zip files inside zip files. This is a variation of old-school zip file tricks, and the latest method described here is still causing headaches for antivirus software. Then we geeked out about infrared signals and the Flipper Zero, which brought back memories of the TV-B-Gone. But the real kicker was our discussion on end-of-life software and the whole CVE numbering authority mess. Avanti's refusal to issue a CVE for their end-of-life product sparked a heated debate about cybersecurity accountability and conflicts of interest.
Hosts
Paul Asadoorian
Principal Security Researcher at Eclypsium
- 1. Skeletons in the Closet
- 2. Spotify’s Car Thing, due for bricking, is getting an open source second life
- 3. Surge in exploits of zero-day vulnerabilities is ‘new normal’ warns Five Eyes alliance
- 4. Citrix Issues Patches for Zero-Day Recording Manager Bugs
- 5. Evasive ZIP Concatenation: Trojan Targets Windows Users
- 6. Amazon confirms data breached as MOVEit strikes again
- 7. Visionaries Have Democratised Remote Network Access – Citrix Virtual Apps and Desktops (CVE Unknown)
- 8. Flipper Zero Explained: How It Learns and Controls Infrared Signals
- 9. 6 Infotainment Bugs Allow Mazdas to Be Hacked With USBs
- 10. Linus Torvalds’ New Patch: A Small Change with Big Implications for Linux Sec…
- 11. ‘Zero Day,’ Drama Depicting China’s ‘invasion of Taiwan,’ Rings Alarm; ‘Everyone Must Talk About Issue Now,’ Producer Says
- 12. Rickrolling WiFi at VMware Explore Barcelona 2024 · vNinja.net
Larry Pesce
Product Security Research and Analysis Director at Finite State
