In this episode of Storm Watch our hosts discuss a variety of topics, including the top cyber conflicts, vulnerability remediation, and the latest issues with Confluence, F5, ApacheMQ, and VMware.
The episode began with a brief introduction and some casual banter among the hosts. They discussed their Halloween experiences and a Glenn's obsession with Wordle. They also mentioned a movie called "Clown" that Kimber recommended for those with a fear of clowns.
The hosts then moved on to discuss cybersecurity topics including:
-Interview with Konstantin of CVECrowd.com - Good News: UK CVD legislation - Confluence Viz Activity - ActiveMQ Viz Activity - F5 Viz Activity - Okta breach update - QNAP vulns - Myth of the long-tail vulnerability - The release of CVSS4 - Quick FYI for the Microsoft/Foreign Policy "Digital Front Lines" magazine - Quick FYI on a Wiz blog - News about the joint Censys/GreyNoise workshop - Mention of the new GreyNoise Honeypots/honeytokens blog - Mention of the new GreyNoise Summary Stats Observable notebook - GreyNoise Tag roundup - KEV roundup - Notes that November is Critical Infra Security & Resilience Month
The episode concluded with a discussion on the myth of the long tail vulnerability, a topic covered in a blog post by Ben from Cisco. The hosts agreed that the hype cycle for vulnerabilities is real and predictable, and there is no long tail vulnerability.