Our guest today is Phillip Wylie, an offensive security professional and evangelist, author and podcast host who recently added director of services and training at Scythe to his extensive CV. Wylie talks with host David Puner about the critical need for ethical hacking in cybersecurity, identity security revelations from years of penetration testing, and his fascinating career arc, which began in professional wrestling. Considering a cybersecurity career?
In today's digital age, businesses have witnessed a profound shift in how they operate. Software-as-a-Service (SaaS) solutions have become the backbone of many organizations, offering flexibility and scalability. While firewalls remain an essential part of cybersecurity, securing your digital assets in the SaaS realm is a multifaceted challenge.
In 2018, the discovery of the Meltdown and Spectre CPU vulnerabilities sent shockwaves through the tech industry. These hardware flaws allowed attackers to steal sensitive data like passwords and encryption keys from computers, smartphones, and cloud servers. Now, in 2023, history is unfortunately repeating itself. A new exploit called Zenbleed has emerged, taking advantage of similar speculative execution processes in AMD’s Zen architecture chips.
Researchers at Barracuda describe how attackers use legitimate email inbox rules to control compromised accounts and evade detection. “In order to create malicious email rules, the attackers need to have compromised a target account, for example, through a successful phishing email or by using stolen credentials seized in an earlier breach,” the researchers write.