Bumble and Match data breaches, SonicWall cloud compromise, Poland’s bricked ICS devices, illicit crypto at $158B, MongoDB extortion, Johnson Controls zero-day, & Google engineer convicted of IP Theft
Strong episode, especially the Johnson Controls CVE discussion. A 10.0 CVSS on building management systems is wild - these things are everywhere and people forget they're connected to corporate networks. Your point about testing firmware in a lab before deploying is crucial. I've seen teams rush patches for critical vulns and end up bricking production systems, which is ironically worse than the vulnerability itself. The Ivanti EPMM situation is another reminder that MDM platforms are high-value targets cause they touch every device. Geofencing admin portals should be standard practice tbh.
Strong episode, especially the Johnson Controls CVE discussion. A 10.0 CVSS on building management systems is wild - these things are everywhere and people forget they're connected to corporate networks. Your point about testing firmware in a lab before deploying is crucial. I've seen teams rush patches for critical vulns and end up bricking production systems, which is ironically worse than the vulnerability itself. The Ivanti EPMM situation is another reminder that MDM platforms are high-value targets cause they touch every device. Geofencing admin portals should be standard practice tbh.