Paul's Security Weekly (Audio)

In the security news:

• Trolling Microsoft With Vulnerabilities
• Fable 5 loves guardrails
• Binwalk vulnerability
• EMBA and local models
• EDRChoker
• AI worms
• Interesting Arista vulnerability added to KEV
• BOD 26-04 and stakeholder specific vulnerability categorization
• Bring your own execution environment
• Homelab tips
• MikroTik routers as interceptors
• Ivanti Sentry and irony
• Smart TV botnets
• Privacy laws
• Solarwinds Serv-U lives on
• More C...

This week in the security news:

• Security Researchers Are Threat Actors according to Microsoft
• Hands-free malicious firmware
• If you've ever typed "ls" in Windows, this is for you
• Cisco makes more patches, wants you to pay
• Ambiguous Secure Boot bypass
• Threat actors love network edge devices, and I have the chat logs and leaks to prove it
• The downside of chip sanctions
• Your VoIP phone is hacked
• Vulnerability disclosure and incent...

This week we have a technical segment focused on Linux! Paul released a script that helps you get a handle on Linux supply chain security, and new features allow you to assess the state of Secure Boot on your Linux systems (that also use MS certificates, ironically). The script is in his Git repo: https://github.com/pasadoorian/Linux_Hacks.

In the security news:

• The CVE chase
• The new security basics
• Enterprises are lacking mor...

In the security news this week:

• FCC router bans and the hidden firmware update problem
• Why extending support timelines actually improves security
• Github supply chain concerns and the evolving SBOM ecosystem
• CRA and NIS2 compliance deadlines are getting very real
• The EU Cyber Resilience Act's 24-hour vulnerability disclosure requirement
• Security regulation: vertical vs horizontal compliance models
• Vehicle-to-load EV systems pow...

This week:

• New Yellowkey bitlocker bypass and what it means for you
• Hackers can run you over with a robot lawnmower
• FCC says new things about routers, again
• Glitching with AI
• almost no false positives
• AI thought it was evil
• DirtyFrag and the sad state of Linux LPEs
• You can buy better tools, perfect security, and other lies
• The Canvas breach
• Hackers can still take over trains
• Baby monitors, on the Internet!
• dnsmasq flaws I am n...

Rob Allen from Threatlocker joins us to discuss the risks associated with VPN appliances and how to implement better security solutions that don't leave you hanging out on the open Internet. The interview segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them!

In the Security News:

• Less details about the FCC router ban
• Canary traps that work
• Hacking trains and getting a...

This week in the security news:

• Are you a FIRESTARTER?
• Eavesdropping via fiber-optic cables
• Copy Fail - more Linux LPE
• Github RCE
• Running Linux on a PS5
• BadUSB tricks
• SilentGlass and HDMI threats
• Sonicwall and vague details
• Universities are for porn?
• The Banshee
• Before CVEs comes scanning
• Vendor addresses AirSnitch
• GitHub and not serious work
• Routers have country-specific backdoors
• Phones with Hotspot are fine

Visit http...

This week:

Larry's in the host seat and chaos ensues. We dig into:

• A very questionable story about tracking a warship with a $5 Bluetooth tracker
• Serial-to-IP devices quietly sitting in critical infrastructure… and full of holes
• New York regulators mandating MFA and asset inventory—aka CIS Control #1 is now breaking news
• A ransomware negotiator who decided to double-dip (and landed in prison)
• "Brand new" hard driv...

This week:

• CSA issues guidance to CISOs on Mythos
• Vuln management woes
• Windows tells you about Secure Boot
• AI-assisted firmware vuln hunting
• The dumbest hack
• Edge decay and the failing perimeter
• Mac OS X on a Wii
• Little snitch comes to Linux
• CPUID served malware
• Buying plugins to backdoor them
• Addicted to hacking
• Is Mythos just a sales pitch?
• We are still talking about Adobe Acrobat vulns
• A single line AI jailbreak
• Hacking App...

This week:

• Rage dropping 0-Day
• Claude Mythos, things are different now
• From UART to root, on a device made in China, where's the FCC?
• More CUPS vulnerabilities
• Russians are hacking routers, FCC ban doesn't stop them
• Mongoose vulnerabilities, and FCC still does nothing
• Renting virtual phones
• Iran's cyber attacks
• SHA-256 almost broken?
• Catching Axios
• New Rowhammer, dubbed GPUBreach, gives you root
• Windows 11 has sudo! (And SSH.....

In the Security News:

• Claude leaks source code and new models
• Two really smart people say AI is finding vulnerabilities better than ever
• Windows is using your internet to send updates to strangers
• BIG-IP APM vulnerability - all you need to know
• Linux KVM for the win
• The bus factor and open source
• Axios supply chain breach
• Trimming Grub
• Depotting and hacking e-Motorcycles
• Trivy and Cisco source code leaks
• The FCC ban and What i...

In this segment, we will explore some pretty awesome tools for scanning the Internet, with a focus on network edge devices. We'll bring it all together with Claude Code and look at some sample results. Tools include:

• Shodan | Passive recon — query existing scan data for exposed devices, services, and vulns | Passive (API) | Instant (no packets sent)
• ZMap | Host discovery — find live hosts with open ports | L4 (TCP ...

In this episode, we sit down with the Radare community leader, Pancake, the creator of the Radare2 reverse engineering framework. Whether you've never heard of Radare, already use it daily, or are thinking about contributing to its development, this conversation will demystify what makes Radare unique, why thousands of engineers rely on it, and how you can step into the community.

This segment is sponsored by NowSecure. Discover ho...

In the security news this week:

• The XZ backdoor documentary
• Zero days - the clock isn't ticking
• Vulnerability Mis-Management
• Reversing traffic light controllers
• Reversing with Claude
• Don't curl to bash!
• Reading CVEs makes my head hurt
• Dumping browser secrets
• I open-sourced a new(ish) tool
• D-LINK exploits
• There is no password
• I control the building
• When old vulnerabilities become new
• Tile is for stalkers
• Hacking AI
• Iran War: Wh...

In the security news this week:

• Remembering "FX"
• Finding and analyzing Windows drivers
• Network monitoring with Gibson
• the backdoor in your PAM
• The edge is fraying - and attackers have the advantage
• Age verification for Linux?
• Banning AI
• TPMS tracking
• BLE tracking
• weird strings
• Airsnitch
• RESURGE in and on Ivanti
• Attackers using Claude
• Government iPhone hacking kits
• Cisco SD-WAN, Linux, and 2023
• Leakbase leaks
• and Bro, upgrade y...

First up is a technical segment called "Paul's Linux Hacks". I finally got around to releasing a bunch of scripts and tutorials for Linux that I've created over the years. We'll go over scripts that can give you a supply chain security report and help you update your Arch-based Linux systems and the tutorial for using Linux KVM/Qemu/Libvirt. Repo is here: https://github.com/pasadoorian/Linux_Hacks

Next up is the security news:

...

AI says that this is the show where we turn coffee into threat intelligence and cigar smoke into packet captures. This week:

• a firmware backdoor living its best life inside Android tablets
• a fresh BeyondTrust RCE that already has scanners circling like seagulls over a french fry.
• Lenovo Vantage reminds us that "preinstalled convenience" is just another way to spell "attack surface."
• Texas is taking a swing at TP-Link
• supercomp...

In the security news:

• Viral AI prompts
• Things to do in your home security lab
• I can open your garage door
• They call me DKnife
• Beyondtrust RCE
• Cool AI device
• Robots need your body
• Meta is just full of scams, phishing, and malware
• Claude Opus 4.6 found more than 500 high-severity vulnerabilities
• Arista next gen firewalls and command injection
• Secure Boot updates
• The RCE AMD won't fix and why the article went away
• End of support ...

In the security news this week:

• Residential proxy abuse is everywhere this week: from Google's takedown of IPIDEA to massive Citrix NetScaler scanning and the Badbox 2.0 botnet
• Supply chain fun time: Notepad++ updates were hijacked
• Attackers set their sights on: Ivanti EPMM, Dell Unity storage, Fortinet VPNs/firewalls, and ASUSTOR NAS devices
• Russian state hackers went after Poland's grid
• Is ICE on a surveillance shopping spre...