| I used Kagi to summarize the transcript: - A serious SSH backdoor was discovered in the xz Linux compression library, allowing attackers to compromise SSH servers. - The backdoor was discovered by Andres Freund, a Postgres developer, who noticed suspicious CPU usage and login attempts on his systems. - The xz backdoor allowed attackers to bypass authentication and gain root access on compromised systems. - Microsoft faced significant criticism from the CSRB (Cybersecurity Review Board) for a cascade of errors related to a China-based hack. - Ukraine was able to leverage an old WinRAR vulnerability to hack into Russian systems as part of the ongoing conflict. - There have been recent "MFA bombing" attacks targeting Apple users, combining push notifications and social engineering. - A ransomware gang leaked stolen Scottish healthcare patient data as part of an extortion attempt. - Renowned security expert and author Ross Anderson passed away. - The episode features a discussion with Andres Freund about his discovery of the xz backdoor. - The podcast sponsor, Island, discusses how enterprises are moving away from VDI (Virtual Desktop Infrastructure) towards security-focused enterprise browsers. |