Episode #203: Top Vulnerabilities: Why don’t we learn?; Review of 2022 Vulnerabilities; Log4j Still Dangerous Two Years Later;

Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 

Edwin Kwan: Highly Accurate Acoustic Keylogger Attack

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Academic researchers from British universities have developed a deep learning side channel attack that can be used to steal data from keyboard strokes that are recorded using a microphone with an accuracy of up to 95%.

Trac Bannon: Top Vulnerabilities: Why don’t we learn?

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania

Cybersecurity agencies from around the world have co-authored an alert that is peppered with words like “routinely” and “frequently”. It’s interesting to note the distribution of vendors involved in the Top 12 routinely exploited CVEs and CWEs.

Katy Craig: Review of 2022 Vulnerabilities

🇺🇸 Katy Craig, San Diego, California

The world of cybercrime mirrors, the laws of nature; adapt or perish. The choice of targets heavily influence the selection of vulnerabilities. Cyber actors with precision akin to surgeons opt for vulnerabilities more rampant within the network landscape of their targets.

Olimpiu Pop: Vulnerabilities PoV - Log4j Still Dangerous Two Years Later

🇷🇴 Olimpiu Pop, Transylvania, Romania

According to Sonatype, around a third of the related downloads from Maven Center are vulnerable. The main reason this happens is due to the shaky software supply chain. The report provides a couple of advices on how to decrease the risk of supply chain attacks.

Marcel Brown: This Day, August 9 in Tech History

🇺🇸 Marcel Brown, St. Louis, MissouriAugust 9th, 1991. Astronauts aboard the Space Shuttle Atlantis, Mission STS43, use an Apple Macintosh portable computer to send what is considered the first email from space.