**We Left It Vulnerable On Purpose - Rob Allen - PSW #910**

We're diving into a wide range of security news and updates in today's episode, covering everything from Rainbow tables to AI-generated malware. But we'll be saving the most pressing discussion for last: why default allow is still a bad idea.

**Rainbow Tables for Everyone**

Let's start with some exciting news - Lilygo has released a new T-Display that looks absolutely awesome! But, if you're planning to dive into password cracking or other security-related endeavors, this could be your lucky day. Rainbow tables are precomputed tables of hash values for common words and phrases, making it easier for hackers to crack passwords. The release of these tools might not be a good sign for our online security.

**AI-Generated Malware for Real**

Researchers have been experimenting with generating malware using artificial intelligence (AI). Yes, you read that right - AI-generated malware! This development has significant implications for cybersecurity professionals, as it could make it more challenging to detect and prevent malicious attacks. The possibilities are endless in the world of cyber threats.

**Detecting BadUSB When It's Not a Dongle**

Have you ever wondered how to identify a rogue device? A recent article highlighted an innovative method to detect BadUSB attacks even when they're not masquerading as a dongle. This could be a game-changer for cybersecurity experts, allowing them to stay one step ahead of malicious actors.

**Google Fast Pair and How I Took Control of Your Headset**

It appears that Google's popular Fast Pair feature may have some security vulnerabilities. In a shocking experiment, a researcher was able to take control of a user's headset using just a few simple steps. This raises important questions about the need for enhanced security measures in our increasingly connected world.

**Should We Make CVE Noise?**

What role should we assign to Common Vulnerabilities and Exposures (CVEs) in modern cybersecurity? A discussion on this topic highlights the ongoing debate among experts regarding the effectiveness of CVEs in preventing attacks. Perhaps it's time to reevaluate our approach to security alerts.

**Exploiting the Fortinet Patch**

Fortinet released a patch for a critical vulnerability, but researchers quickly discovered that the fix itself introduced new vulnerabilities. This highlights the cat-and-mouse game played between cybersecurity professionals and malicious actors - who can we trust when it comes to security patches?

**DIY Data Diode**

A DIY data diode project was showcased recently, providing an intriguing solution for improving network security. By creating a hardware-based isolator, users can prevent lateral movement across networks, reducing the risk of data breaches.

**Bambu NFC Reader for Your Flipper**

The Bambu NFC reader has been released as an accessory for the popular Flipper Zero device. This allows users to expand their capabilities and tap into new features. But what other exciting developments can we expect from these innovative devices?

**Payloads in PNG Files**

Researchers discovered that malicious actors can embed payloads within PNG files, making it difficult for security systems to detect them. This highlights the evolving tactics of cybercriminals - will we ever be able to keep up?

**Don't Leave the Lab Door Open - Amazing Research and New Tool Release**

A recent research project demonstrated an innovative way to identify vulnerabilities using AI-based analysis. The findings were presented alongside a new tool release, which could revolutionize the way we approach vulnerability detection.

**Fixing Your Breadboards**

As the importance of circuit boards in cybersecurity continues to grow, it's essential that users know how to properly repair and maintain them. A recent article provided some helpful tips on fixing breadboards and avoiding common pitfalls.

**Finding Vulnerabilities in AI Using AI**

In a fascinating example of meta-research, scientists used AI to identify vulnerabilities in other AI systems. This breakthrough could pave the way for more efficient vulnerability detection and mitigation strategies - but what are the implications for our increasingly interconnected world?

**Rob Allen from ThreatLocker: Default Allow is Still a Bad Idea**

Now it's time for the main event! Rob Allen, expert from ThreatLocker, joins us to discuss default allow policies. He shares his insights on why this approach remains a bad idea and provides valuable advice on how to improve your security posture.

**Show Notes:**

Visit https://securityweekly.com/psw-910 for all the latest episodes!

**Sponsored by ThreatLocker:**

Learn more about ThreatLocker's cutting-edge security solutions at https://securityweekly.com/threatlocker