Beers with Talos Ep. #54: Patch after listening, RDP and wild 0-days

Beers with Talos (BWT) Podcast Ep. #54 is now available. Download this episode and subscribe to Beers with Talos:

If iTunes and Google Play aren’t your thing, click here.

Recorded May 24, 2019 — There is another Blue(X) to talk about and guess what? YES, YOU STILL NEED TO PATCH. We talk about RDP, the source of this vulnerability and whether or not exploits exist for it (hint: they do). There is a quick look back at last year on the anniversary of VPNFilter, and we also tackle zero-days again through the lens of Project Zero’s timeline of zero-days found in the wild.

Also, Craig hasn’t seen the end of “John Wick 3” yet, so feel free to tweet him spoilers. If you are in San Diego for Cisco Live two weeks from now, come find us to see a live recording of the podcast!

The timeline:

• 01:00 — Roundtable: The Dark Times, it’s not what you THOT, and deducing a new baby’s name
• 13:00 — Happy birthday VPNFilter, I didn’t get you anything and I’m not sorry.
• 18:00 — RDP and BlueKeep: Really Do Patch. Stop, go do it. Blah blah blah, not listening. Go patch.
• 29:00 — Zero-days: The amount of time a patch has been available any exploit, and/or since machines have made an attempt on Craig’s life.
• 38:30 — Project Zero Timeline of zero-day found in the wild
• 47:30 — Parting shots, closing thoughts

Some other links:

• MS Guidance for CVE 2019-0708
• Project Zero sheet
  ==========

Featuring: Craig Williams (@Security_Craig), Joel Esler (@JoelEsler), Matt Olney (@kpyke) and Nigel Houghton (@EnglishLFC).

Hosted by Mitch Neff (@MitchNeff).

Subscribe via iTunes (and leave a review!)

Check out the Talos Threat Research Blog

Subscribe to the Threat Source newsletter

Follow Talos on Twitter

Give us your feedback and suggestions for topics: [email protected]