Beers with Talos EP 13:A Vast CCleanup, Strutting Your Stuff, and the Ex$ploit Economy

2017-09-20T07:37:00
ID TALOSBLOG:0740AB10C3D2FA6892375CCC6F2EC61A
Type talosblog
Reporter noreply@blogger.com (Mitch Neff)
Modified 2017-09-20T18:44:30

Description

<div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://4.bp.blogspot.com/-F-xy_yv7eNU/WcJ8SRr2uUI/AAAAAAAAAJo/h1u8a70GRt86YEFTCXJNGzUcP2MhAoOTwCLcBGAs/s1600/BWT-talk-bubble-mitch-092017.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="750" data-original-width="1500" height="320" src="https://4.bp.blogspot.com/-F-xy_yv7eNU/WcJ8SRr2uUI/AAAAAAAAAJo/h1u8a70GRt86YEFTCXJNGzUcP2MhAoOTwCLcBGAs/s640/BWT-talk-bubble-mitch-092017.jpg" width="640" /></a></div><br /><br />Beers with Talos (BWT) Podcast Episode 13 is now available.  Download this episode and subscribe to Beers with Talos:<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://itunes.apple.com/us/podcast/beers-with-talos-podcast/id1236329410" target="_blank"><img border="0" data-original-height="45" data-original-width="160" src="https://4.bp.blogspot.com/-WLkU01IRCLw/WaWCg3YHpRI/AAAAAAAAAJA/nQ2rFarDFeAUBY4ncARRUVaNkMpBKC0KgCLcBGAs/s1600/itunes_button.png" /></a><a href="https://play.google.com/music/listen?u=0#/ps/Ikcmodkhrjtblk5yks47s5uqbca" target="_blank"><img border="0" data-original-height="45" data-original-width="160" src="https://2.bp.blogspot.com/-E-RSSZ9jbUY/WaWCkLGZnZI/AAAAAAAAAJE/Ciiz-Si4oA0cgR9tMGSGbT9336qrYuDeACLcBGAs/s1600/google_play_button.png" /></a></div><br />If iTunes and Google Play aren't your thing: <a href="http://www.talosintelligence.com/podcast">www.talosintelligence.com/podcast</a><br /><br />Beers with Talos is a fast-paced, smart, and humorous podcast focused on security research topics. Staying abreast of security topics is difficult in this rapidly evolving threat landscape. Beers with Talos serves important security stories in a way that is understandable, engaging, and fun to researchers, executives, and security n00bs alike.<br /><h3></h3><h3>EP13 Show Notes: </h3>Struts - when to patch and when to patch with a vengeance. In light of the Equifax breach, we discuss how patching can make you live better days, Never look back and say, Could have been me. Naturally, that convo leads into the biggest story of the week around Pwning the Supply Chain - CCleaner, Python, and Nyetya style. Avast made some mistakes, but every tech company is susceptible to supply chain attacks. What can companies do to protect themselves and how can users adopt a stronger security posture in this area? We also talk Ex$ploit Economy - Valuing exploits by supply and demand. Zerodium has an extensive price list, what can we discern about the availability and difficulty of various exploits using basic economics?<br /><a name='more'></a><h3>EP13 Timetable:</h3>01:00 - Roundtable - What’s on your mind today?<br />10:25 - Struts - Could Have Been Me (but we patched)<br />19:20 - CCleaning up the Supply Supply Chain<br />33:26 - The Ex$ploit Economy<br />53:28 - Closing shots and parting thoughts<br /><br />Talos Struts post: <a href="http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html" target="_blank">http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html </a><br />and <a href="http://blog.talosintelligence.com/2017/09/apache-struts-being-exploited.html%C2%A0" target="_blank">http://blog.talosintelligence.com/2017/09/apache-struts-being-exploited.html </a><br />Talos CCleaner post: <a href="http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html" target="_blank">http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html </a><br />Zerodium exploit pricelist: <a href="https://www.zerodium.com/program.html">https://www.zerodium.com/program.html</a> <span style="font-family: "arial"; font-size: 10pt; vertical-align: baseline; white-space: pre-wrap;"><br /></span>==========<br /><br />Featuring: <a href="https://twitter.com/security_craig">Craig Williams</a> (@Security_Craig), <a href="https://twitter.com/JoelEsler">Joel Esler</a> (@JoelEsler), <a href="https://twitter.com/kpyke">Matt Olney</a> (@kpyke) and <a href="https://twitter.com/EnglishLFC">Nigel Houghton</a> (@EnglishLFC).<br />Hosted by <a href="https://twitter.com/MitchNeff">Mitch Neff</a> (@MitchNeff)<br /><br />Find all episodes:<br /><a href="http://cs.co/talospodcast">http://cs.co/talospodcast</a><br /><br />Subscribe via iTunes (and leave a review!)<br /><a href="http://cs.co/talositunes">http://cs.co/talositunes</a><br /><br />Check out the Talos Threat Research Blog:<br /><a href="http://cs.co/talosresearch">http://cs.co/talosresearch</a><br /><br />Subscribe to the Threat Source newsletter:<br /><a href="http://cs.co/TalosUpdate">http://cs.co/talosupdate</a><br /><br />Follow Talos on Twitter:<br /><a href="http://cs.co/talostwitter">http://cs.co/talostwitter</a><br /><br />Give us your feedback and suggestions for topics:<br /><a href="mailto:beerswithtalos@cisco.com">beerswithtalos@cisco.com</a><div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/feedburner/Talos?a=3_pRL8MVbNg:fT5ndKJoPnM:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/feedburner/Talos/~4/3_pRL8MVbNg" height="1" width="1" alt=""/>