-
Podcast Apr 01, 2024
Root Causes 374: NIST Cyber Security Framework 2 Released
NIST Cyber Security Framework version 2.0 is released. It includes guidance on identity management and authentication.
-
Podcast Mar 29, 2024
Root Causes 373: Massive Brand Hijack Subverts Over 21,000 Domains
A massive name space attack has hijacked more than 21,000 domains and subdomains, including a who's who list of major global brands.
-
Podcast Mar 26, 2024
Root Causes 372: Bugzilla Bloodbath
It's a bloodbath on Bugzilla. Since March 9, more than 25 new Bugzilla bugs been written up, which is 10x the typical pace. And it's not over.
-
Podcast Mar 22, 2024
Root Causes 371: MPIC Rules Go to CABF Ballot
A ballot for Multi-perspective Issuance Corroboration (MPIC), formerly known as MPDV, has entered a discussion period in the CA/Browser Forum (CABF).
-
Podcast Mar 19, 2024
Root Causes 370: Drama on Bugzilla
An evolving incident on Bugzilla has garnered a lot of attention and touches several important issues in the WebPKI ecosystem.
-
Podcast Mar 15, 2024
Root Causes 369: IMessage to Be PQC Enabled
Apple has announced that iMessage will employ post-quantum cryptography (PQC). We explain the implications of this announcement.
-
Podcast Mar 13, 2024
Root Causes 368: CRYSTALS-Kyber Is Now ML-KEM
CRYSTALS-Kyber now has the new official name of Module Lattice-based Key Encryption Module, or ML-KEM. We give an update on the NIST round 3 winners.
-
Podcast Mar 07, 2024
Root Causes 367: Did an IoT Toothbrush Botnet Perform DDoS Attacks?
A story circulated earlier this year about a botnet composed of millions of IoT toothbrushes, which later was debunked. We tell you the whole tale.
-
Podcast Mar 04, 2024
Root Causes 366: What Is eIDAS?
eIDAS 2.0 has been making headlines recently with its proposed expansion to the European digital identity ecosystem. What is eIDAS, and why does it exist?
-
Podcast Feb 26, 2024
Root Causes 365: What Is Subdomain Hijacking?
In this episode we explain subdomain hijacking, including dangling subdomains and how they can constitute vulnerabilities.
-
Podcast Feb 22, 2024
Root Causes 364: Video Conference Deepfake Enables $25 Million Theft
Deepfakes continue to show themselves as part of the criminal toolkit. A recent deepfake spear phish enabled a $25 million Business Email Compromise (BEC).
-
Podcast Feb 19, 2024
Root Causes 363: Defending Yourself Against Use of Stolen Priveleges
We discuss the steps enterprises can take to protect themselves against malicious use of stolen access credentials.