#24 - Intel Chat: MS Outlook exploit. And ShmooCon organizers, Heidi and Bruce Potter.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel:

•  CVE-2023-23397: A zero-touch exploit that affects all versions of Windows Outlook. (Sigma rule)
•  CVE-2023-24880: An unpatched security bypass in Microsoft’s SmartScreen security feature.
• Mandiant observes China-nexus threat actors targeting technologies that do not normally support endpoint detection and response solutions.
• Kaspersky recently conducted an analysis of 155 dark web forums from January 2020 to June 2022. Threat groups are offering $240k salaries to tech jobseekers.

And an interview with Heidi and Bruce Potter, ShmooCon organizers.

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software, and hardware solutions, and open discussions of critical infosec issues.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.