Cyber Hub Podcast Summary for November 15, 2023
Key Points:
1. Patch Tuesday Analysis: The episode, aired on November 15, 2023, focused on the aftermath of Patch Tuesday, a critical day for cybersecurity professionals. The show emphasized the extensive work involved in assessing, implementing, and managing patches in an organization.
2. VMware Vulnerability Disclosure: VMware disclosed a significant authentication bypass vulnerability in its Cloud Director (VCD) appliance. This flaw, identified as CVE-2023-34060, poses a risk to certain configurations of the VCD appliance but can be mitigated with a workaround provided by VMware.
3. Australian Cybersecurity Concerns: The podcast highlighted a recent Australian government report revealing a surge in cyberattacks on the country's critical infrastructure. This increase in cyber threats is linked to Australia's defense alliances and its role in global intelligence networks like the Five Eyes.
4. CacheWrap Attack on AMD CPUs: Researchers have discovered a new attack method, CacheWrap, affecting AMD's Secure Encrypted Virtualization. This vulnerability allows attackers to compromise encrypted virtual machines and escalate privileges.
5. Microsoft's Patch Tuesday Report: Microsoft patched 63 vulnerabilities, including 5 zero-day exploits. These fixes address various security issues in Windows, ASP.NET, and Microsoft Office.
6. SAP and Intel Security Updates: SAP released security notes for its Business One product, while Intel published advisories covering over 100 vulnerabilities, including a critical flaw in its datacenter manager's software.
7. OracleIV and IPStorm Botnet Alerts: The episode discussed the OracleIV DDoS botnet targeting public Docker instances and the FBI's takedown of the IPStorm botnet network, which enabled anonymous cybercriminal activities.
8. Jeff Reich Interview Announcement: The host, James Azar, mentioned an upcoming episode featuring Jeff Rich from the IDSA, focusing on identity security for practitioners.
The Cyber Hub Podcast episode provided a comprehensive overview of recent cybersecurity developments, from major vulnerabilities and patches to geopolitical implications of cyber threats.
Story Links:
https://www.securityweek.com/protected-virtual-machines-exposed-to-new-cachewarp-amd-cpu-attack/
https://thehackernews.com/2023/11/alert-microsoft-releases-patch-updates.html
https://www.securityweek.com/sap-patches-critical-vulnerability-in-business-one-product/
https://www.securityweek.com/chipmaker-patch-tuesday-intel-amd-address-over-130-vulnerabilities/
https://thehackernews.com/2023/11/alert-oracleiv-ddos-botnet-targets.html
Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel!
Apply now to be a featured partner on the show: https://www.cyberhubpodcast.com/contact
******
Listen here: https://linktr.ee/cyberhubpodcast
SubStack:
******
Website: https://www.cyberhubpodcast.com
Youtube: https://www.youtube.com/c/TheCyberHubPodcast
Rumble: https://rumble.com/c/c-1353861
Facebook: https://www.facebook.com/CyberHubpodcast/
Linkedin: https://www.linkedin.com/company/cyberhubpodcast/
Twitter: https://twitter.com/cyberhubpodcast
Instagram: https://www.instagram.com/cyberhubpodcast
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Share this post