Threat Vector

Understanding the Midnight Eclipse Activity and CVE 2024-3400

In this episode of Threat Vector, host David Moulton and Andy Piazza, Sr. Director of Threat Intelligence at Unit 42, dive into the critical vulnerability CVE-2024-3400 found in PAN-OS software of Palo Alto Networks, emphasizing the importance of immediate patching and mitigation strategies for such vulnerabilities, especially when they affect edge devices like firewalls or VPNs. The discussion covers the discovery, technical details, and exploitation of the vulnerability, highlighting its potential for unauthenticated attackers to execute arbitrary code with root privileges. They discuss the Midnight Eclipse activity related to pre-disclosure exploitation of the vulnerability, the collaborative response with cybersecurity firm Volexity, and the living off the land techniques employed by threat actors. The episode underlines the critical nature of patching vulnerabilities promptly, monitoring network traffic for suspicious activity, and ensuring that mitigation strategies are in place to protect against such threats.

Defending against Adversarial AI and Deepfakes with Billy Hewett and Tony Huynh

In this episode of Threat Vector, David Moulton, Director of Thought Leadership at Unit 42, explores Adversarial AI and Deepfakes as part of the ongoing series “AI’s Impact in Cybersecurity” with two expert guests, Billy Hewlett, Senior Director of AI Research at Palo Alto Networks, and Tony Huynh, a Security Engineer specializing in AI and deepfakes. They unpack the escalating risks posed by adversarial AI in cybersecurity. You’ll learn how organizations can fortify their defenses against AI-driven attacks and the critical role of human vigilance in safeguarding against sophisticated cyber threats.

Transcript

Mission-Driven Security: From Marine Corps to Silicon Valley with Donnie Hasseltine

In this episode of Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, welcomes Donnie Hasseltine, VP of Security at Second Front Systems and a former Recon Marine, as they delve into the indispensable role of a military mindset in cybersecurity. Drawing from over two decades in the Marine Corps and a seamless transition into the tech industry, Donnie shares insights into leveraging military discipline and strategic thinking in the rapidly evolving cybersecurity landscape. This conversation not only explores the challenges and opportunities within the startup ecosystem but also highlights the criticality of foundational cybersecurity practices and the value of a security-first approach. Listeners will gain an understanding of how military experience equips veterans for impactful roles in cybersecurity, offering unique perspectives on problem-solving, leadership, and the importance of nurturing a security mindset to navigate and mitigate cyber risks effectively.

Transcript

Public Meets Private: Forging the Future of Cyber Defense Unpacking Congressional Testimony from Sam Rubin

Join David Moulton, Director of Thought Leadership at Unit 42, as he hosts Sam Rubin, VP and Global Head of Operations at Unit 42, to discuss Sam's testimony to the US Congress on the multifaceted landscape of ransomware attacks, AI, and automation, the need for more cybersecurity education and more. This episode digs into the sophistication and rapid evolution of cyber threats with insights drawn from real-world case studies, including stark revelations from sectors like healthcare and education. The conversation underscores the need for robust public-private partnerships in fortifying cybersecurity frameworks. Listeners will gain a deeper understanding of the strategic shifts necessary to counteract the advanced tactics of today's cyber adversaries.

Transcript

The SEC's Cybersecurity Law, a New Compliance Era with Jacqueline Wudyka.

In this episode of Threat Vector, we dive deep into the new SEC cybersecurity regulations that reshape how public companies handle cyber risks. Legal expert and Unit 42 Consultant Jacqueline Wudyka brings a unique perspective on the challenges of defining 'materiality,' the enforcement hurdles, and the impact on the cybersecurity landscape. Whether you're a cybersecurity professional, legal expert, or just keen on understanding the latest in cyber law, this episode is packed with insights and strategies for navigating this new terrain. Tune in to stay ahead in the world of cybersecurity compliance!

Transcript