Below are podcasts we've found related to your search. Click any title to listen!
Application Security PodCast
Steve Wilson--OpenClaw and Advanced AI Agents
In this episode of the Application Security Podcast, Chris Romeo and Robert Hurlbut welcome back Steve Wilson, a global leader in AI security and Chief AI and Product Officer at Exabeam, as well as founder of the OWASP Gen AI Security Project.Steve shares how his AI assistant was hacked using a simple phishing attack, highlighting a major shift in securityAI agents behave more like humans than traditional software. The conversation explores how this changes the threat model, why AppSec is struggling to keep up, and how organizations should approach the practical security of AI systems.They also cover the risks of...
Brad Geesaman - Redefining AppSec with AI: Shrinking Toil, Expanding Impact - How LLMs are able to reduce toil in triage-heavy AppSec workflows
Brad Geesaman, Principal Security Engineer at Ghost, joins the podcast today to explore how AI and large language models are transforming the world of application security. The discussion starts with the concept of "toil"the repetitive, exhausting work that drains AppSec teams as they struggle to keep up with mountains of security findings and alerts. Brad shares his insights on how LLMs can provide meaningful leverage by handling the heavy lifting of triage, classification, and evidence gathering, while keeping humans firmly in the loop for final decisions. They also discuss the seismic shift happening in the AppSec market, with AI-native approaches...
OWASP Candidate Debate - 2025 Edition
In this special episode of the Application Security Podcast we meet nine of the OWASP Board of Directors candidates. Each candidate discusses their unique qualifications, experiences, and vision for OWASP's future. Topics include enhancing OWASP's impact, improving outreach and education, securing funding, and engaging local chapters. Don't miss this insightful debate as these candidates share their strategies to help secure a brighter future for OWASP.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Francesco Cipollone - Agentic AI Manifesto
Francesco Cipollone, the CEO of Phoenix Security, shares his extensive experience in AI and security, discussing the crucial difference between true AI agents and glorified chatbots. Learn why Phoenix Security utilizes six different LLMs instead of a single super agent. Understand the sobering economics behind AI implementation and the importance of adopting AI responsibly. Get practical advice on integrating AI agents to enhance, not replace, human capabilities, while touching on the Agentic AI Manifesto's key principles. This conversation is perfect for anyone navigating the AI landscape both cautiously and optimistically.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for...
Simon Gibbs & Devika Gibbs -- Building Bridges with Games
Simon and Devika Gibbs, the innovative minds behind Cybersec Games, join us on the episode today. Discover how the Gibbs duo are revolutionizing the way we teach and learn security concepts through interactive gaming. Learn about their journey from developing stationary for agile teams to delving into the world of threat modeling games like Elevation of Privilege. We talk about the power of gamification in cybersecurity education, and get the inside scoop on their Cybersecurity Game Challenge, which invites creative minds to bring their game ideas to life.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Akansha Shukla - Modern AppSec: Securing APIs with Threat Modeling and DevSecOps
Our guest today is Akansha Shukla, an information security professional with over 10 years of experience in application security, DevSecOps, and API security. Were discussing why API security remains one of the least mature areas of AppSec today and exploring the challenges developers face when securing APIs. Akansha shares her insights on incorporating APIs into threat modeling exercises, the ongoing struggles with API discovery and inventory management, and the authorization challenges highlighted in the OWASP API Security Top 10. The conversation also touches on whether "shift left" is truly dead and why we still haven't solved basic security problems like...
Getting Ready for the EU CRA
The European Union's Cyber Resilience Act is set to revolutionize how we approach product security worldwide. In this episode, we sit down with application security expert Nariman Aga-Tagiyev to break down everything you need to know about this legislation. Nariman has over 20 years of software development experience and today hes sharing his expertise with us. Learn what the EU CRA is and why it matters for global software companies, key compliance requirements, and how OWASP SAMM can help you.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Marisa Fagan - Measuring Security Culture
Marisa Fagan, Head of Product at Katilyst and veteran security culture expert joins us today to share practical strategies for building and scaling security champions programs that actually work, from designing effective pilots to avoiding common pitfalls that can derail your initiatives. Learn how to motivate developers using the SAPs model (Status, Access, Power, Stuff), why getting management buy-in is crucial before launching, and discover the metrics that truly demonstrate security culture success. Marisa reveals why most programs fail, shares her blueprint for creating sustainable security culture initiatives, and discusses the evolution beyond security champions to include privacy and accessibility...
Aram Hovsepyan -- Your Security Dashboard is Lying to You: The Science of Metrics
Aram Hovsepyan joins the podcast today to chat about the misconceptions behind common security metrics. Aram tells us how total vulnerability counts and CVSS scores can be misleading and he introduces us to the Goal Question Metric framework, this framework is a better approach to building truly effective security dashboards. Learn about the critical qualities of good metrics and how to ensure that your metrics accurately reflect your organization's security posture and readiness. Also, discover overlooked metrics that could offer deeper insights into your application security.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sean Varga -- OWASP Top 10 for AppSec Sales
Were discussing the intersections of application security (AppSec) and sales strategy with our guest, Sean Varga. Sean shares the unique challenges and best practices in AppSec sales, like the importance of empathy, understanding customer needs, and community participation. Learn about the OWASP top 10 for AppSec Sales and discover how to achieve success by aligning with customer goals, maintaining detailed living documents, and fostering strong partnerships.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sarah-Jane Madden -- What AI means for AppSec
Sarah Jane Madden joins us to discuss the evolving role of AI in software development. We reflect on the changes and challenges posed by AI, including the potential for over-reliance and the misconception that traditional software engineering practices like the SDLC are obsolete. The conversation explores the nuances of AI-generated code, emphasizing the importance of maintaining foundational engineering skills and a critical understanding of the tools used. Madden shares insights from her keynote at OWASP Barcelona and stresses the need for responsible and thoughtful integration of AI in development workflows. Key takeaways include leveraging AI for efficiency while avoiding complacency...
Dag Flachet -- Kaizen for your Appsec Program
Dag Flachet joins us to discuss the concept of Kaizen and its application in improving application security. Dag shares his journey into the world of security, emphasizing the importance of iterative, small-step improvements. The conversation delves into how organizations can effectively implement maturity models to enhance their security programs, the limitations of compliance-focused frameworks like ISO 27,000 and SOC 2, and the practical application of Kaizen principles. They also explore the evolution and future updates of OWASP SAM, and the importance of empowering development teams through a bottom-up approach in security enhancement. Dag is the co-founder of Codific, a professor...
Javan Rasokat and Andra Lezza -- When Chatbots Go Rogue - Lessons Learned from Building and Defending LLM Applications
Andra Lezza and Javan Rasokat discuss the complexities of securing AI and LLM applications. With years of experience in Application Security (AppSec), Andra and Javan share their journey and lessons from their DEF CON talk on building and defending LLMs. They explore critical vulnerabilities, prompt injection, hallucinations, and the importance of data security. This discussion sheds light on the evolving landscape of AI and LLM security, offering practical advice for developers and security professionals alike.Javans blog article: Adversarial Misuse of Generative AIJavans recommendation for the TLDR newsletterAndra's book recommendation: The Cuckoos Egg by Cliff StollFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The...
Jim Routh -- The CISO Transition to the rest of life
Former CISO Jim Routh discusses his perspective on retirement and career fulfillment in cybersecurity. Rather than viewing retirement as simply stopping work, Routh describes his three-filter approach: working only with people he respects and admires, doing only work he finds fulfilling, and controlling when he works. He shares valuable lessons learned about which post-retirement opportunities truly bring satisfaction and explains why he avoids certain roles. Routh emphasizes the importance of cybersecurity professionals taking ownership of their career development, recommending they focus on developing two specific skills annually rather than using tenure to guide career moves.The article written by Jim, published...
Henrik Plate -- OWASP Top 10 Open Source Risks
Henrik Plate joins us to discuss the OWASP Top 10 Open Source Risks, a guide highlighting critical security and operational challenges in using open source dependencies. The list includes risks like known vulnerabilities, compromised legitimate packages, name confusion attacks, and unmaintained software, providing developers and organizations a framework to assess and mitigate potential threats. Henrik offers insights on how developers and AppSec professionals can implement the guidelines. Our discussion also includes the need for a dedicated open-source risk list, and the importance of addressing known vulnerabilities, unmaintained projects, immature software, and more.The OWASP Top 10 Open Source RisksFOLLOW OUR SOCIAL...
Tanya Janca -- A Secure SDLC from a Developer's Perspective
Security expert Tanya Janca discusses her new book "Alice and Bob Learn Secure Coding" and shares insights on making security accessible to developers. In this engaging conversation, she explores how security professionals can better connect with developers through threat modeling, maintaining empathy, and creating inclusive learning environments. Tanya emphasizes the importance of system maintenance after deployment and shares practical advice on input validation, while highlighting how security teams can build better relationships with development teams by avoiding arrogance and embracing collaboration.Tanyas new book: Alice & Bob Learn Secure CodingThree Individuals that Tanya would like to introduce to you:Confidence Staveley https://confidencestaveley.com/Rana...
Mehran Koushkebaghi -- Security as a Systemic Concern: How to develop Anti-Requirements
Mehran Koushkebaghi, a seasoned engineering expert, delves into the intricacies of systemic security. He draws parallels between civil engineering and IT systems, and explains the importance of holistic thinking in security design. Discover the difference between semantic and syntactic vulnerabilities and understand how anti-requirements play a critical role in system resilience. This episode offers fresh perspectives on application security.Books recommended by Mehran:Critical System Thinking Book by Mike JacksonThe Fifth Discipline by Peter SengeUnderstanding Complexity on Audible read by Scott E PageNassim Taleb booksFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Kalyani Pawar -- Shaping AppSec at Startups
Kalyani Pawar shares critical strategies for integrating security early and effectively in AppSec for startups. She recommends that startups begin focusing on AppSec around the 30-employee mark, with an ideal ratio of one AppSec professional per 10 engineers as the company grows. Pawar emphasizes the importance of building a security culture through "culture as code" - implementing automated guardrails and checkpoints that make security an integral part of the development process. She advises startups to prioritize visibility into their systems, conduct pentests, develop thoughtful policies, and carefully vet third-party tools and open-source solutions. Ultimately, Pawar's approach is about making security...
Milan Williams -- AppSec Metrics
Milan Williams discusses the importance of application security metrics and how to make them both meaningful and actionable. She explains that metrics are crucial for tracking progress in what can often feel like an overwhelming security landscape, and they're valuable for career advancement and securing resources. We discuss metrics categories and several specific metrics that are good to track. Milan shares important principles on the importance of making metrics actionable through storytelling and relating security impacts to real-world consequences for users.Milan's Book Recommendation:Quiet Influence: The Introverts Guide to Making a Difference by Jennifer KahnweilerFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application...
MO Sadek -- Building an AppSec Program from Scratch
Mo Sadek shares his unique journey of building an Application Security program from scratch at Roblox. Mo discusses his unconventional path, including temporarily joining the infrastructure team to truly understand engineering challenges. He emphasizes that security isn't about mandating rules, but about making processes easier and more secure by default. Mo shares his insights on how to build effective cross-team security relationships and approaches for gaining leadership buy-in.Mo's Book Recommendation: I Have No Mouth and I Must Scream by Harlan EllisonFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brett Crawley -- Threat Modeling Gameplay with EoP
Brett Crawley discusses the Elevation of Privilege (EoP) card game, a powerful tool for threat modeling in software development. The discussion explores recent extensions to the game including privacy-focused suits and TRIM (Transfer, Retention/Removal, Inference, Minimization) categories. Crawley emphasizes that threat modeling shouldn't end with the game but should be an ongoing process throughout an application's lifecycle, ideally starting before implementation. He also shares insights from his book, which provides detailed examples and guidance for teams new to threat modeling using EoP.You can find Brett on X @brettcrawleyBretts book: Threat Modeling Gameplay with EoP: A reference manual for spotting threats...
Matin Mavaddat - Understanding Security as a Systemic Concern: The Role of Anti-Requirements
Matin Mavaddat discusses his perspective on security as a systemic concern, developed from his background in requirements engineering and systems architecture. He introduces the concept of "anti-requirements" - defining what a system should not do - and distinguishes between "syntactic security" (addressing technical vulnerabilities that are always incorrect) and "semantic security" (context-dependent security emerging from system interactions). Mavaddat shares his perspective that security itself doesn't have independent existence but rather emerges from preventing undesirable states. The discussion concludes with practical implementation strategies, suggesting that while automated tools can handle syntactic security issues, organizations should focus more energy on semantic security...
Kayra Otaner -- DevSecOps
Kayra Otaner joins the podcast today to discuss DevSecOps and answer the question, is it dead? Kayra is the Director of DevSecOps at Roche and is highly involved in the DevSecOps community. Kayra states that DevSecOps in its traditional form is dead and that each organization should approach its needs based on their size. Otaner introduces the concept of "security as code" and "policy as code" as more effective approaches, where security functions are codified rather than relying on traditional documentation and checklists. Finally, they discuss the emergence of Application Security Posture Management (ASPM) tools as the "SIM for AppSec,"...
Franois Proulx - Arbitrary Code Execution 0-day in Build Pipeline of Popular Open Source Packages
Franois Proulx shares his discovery of security vulnerabilities in build pipelines. Francois has found that attackers can exploit this often overlooked side of the software supply chain. To help address this, his team developed an open source scanner called Poutine that can identify vulnerable build pipelines at scale and provide remediation guidance. Francois has over 10 years of experience in building application security programs, hes also the founder of the NorthSec conference in Montreal.Mentioned in the Episode:Cooking for Geeks by Jeff PotterPoutine Living Off the Pipeline projectGrand Theft Actions Abusing Self Hosted GitHub Runners - Adnan Khan and John StawinskiWhere...
Steve Wilson -- The Developer's Playbook for Large Language Model Security: Building Secure AI Applications
Steve Wilson, the author of 'The Developer's Playbook for Large Language Model Security is back to dive into topics from his book like AI hallucinations, trust, and the future of AI. Steve has been at the forefront of the explosion of activity at the intersection of AppSec, LLM, and AI. We discuss the biggest fears surrounding LLMs and AI, and explore advanced concepts like Retrieval Augmented Generation and prompt injection.Links:The Developers Playbook for Large Language Model Security by Steve WilsonFind Steve on LinkedInPrevious Episodes:Steve Wilson -- OWASP Top Ten for LLMsSteve Wilson and Gavin Klondike -- OWASP Top Ten for...
Jeff Williams -- Application Detection & Response (ADR)
Jeff Williams, a renowned pioneer in the field of application security is with us to discuss Application Detection and Response (ADR), detailing its potential to revolutionize security in production environments. Jeff shares stories from his career, including the founding of OWASP, and his take on security assurance. We cover many topics including; security assurance, life, basketball and plenty of AppSec as well.Where to find Jeff:LinkedIn: https://www.linkedin.com/in/planetlevel/Previous Episodes:Jeff Williams The Tech of Runtime SecurityJeff Williams The History of OWASPFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Phillip Wylie -- Pen Testing from Somebody who Knows about Pen Testing
Philip Wiley shares his unique journey from professional wrestling to being a renowned pen tester. We define pen testing and the role of social engineering in ethical hacking. We talk tools of the trade, share a favorite web app pentest hack and offer good advice on starting a career in cybersecurity. Philip shares some insights from his book, The Pentester Blueprint: Starting a Career as an Ethical Hacker. And we discuss the impact of AI on pen testing and where this field is headed in the next few years.The Pentester Blueprint Starting a Career as an Ethical Hacker written by...
Steve Springett -- Software and System Transparency
Steve Springett, an expert in secure software development and a key figure in several OWASP projects is back. Steve unpacks CycloneDX and the value proposition of various BOMs. He gives us a rundown of the BOM landscape and unveils some new BOM projects that will continue to unify the security industry. Steve is a seasoned guest of the show so we learn a bit more about Steve's hobbies, providing a personal glimpse into his life outside of technology.Links from this episode:https://cyclonedx.org/Previous episodes with Steve Springett:JC Herz and Steve Springett -- SBOMs and software supply chain assuranceSteve Springett An insiders checklist...
Irfaan Santoe -- The Power of Strategy in AppSec
Irfaan Santoe joins us for an in-depth discussion on the power of strategy in Application Security. We delve into measuring AppSec maturity, return on investment, and communicating technical needs to business leaders. Irfaan shares his unique journey from consulting to becoming an AppSec professional, and addresses the gaps between CISOs and AppSec knowledge. Irfaan shares valuable insights for scaling AppSec programs and aligning them with business objectives.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Andrew Van Der Stock -- The New OWASP Top Ten
Andrew Van Der Stok, a leading web application security specialist and executive director at OWASP joins us for this episode. We discuss the latest with the OWASP Top 10 Project, the importance of data collection, and the need for developer engagement. Andrew gives us the methodology behind building the OWASP Top 10, the significance of framework security, and much more.Previous episodes with Andrew Van Der StockAndrew van der Stock Taking Application Security to the MassesAndrew van der Stock and Brian Glas -- The Future of the OWASP Top 10Books mentioned in the episode:The Crown Road by Iain BanksEdward Tufte FOLLOW...
Derek Fisher -- Hiring in Cyber/AppSec
Derek Fisher, an expert in hardware, software, and cybersecurity with over 25 years of experience is back on the podcast. Derek shares his advice on cybersecurity hiring, specifically in application security, and dives into the challenges of entry-level roles in the industry. We discuss the value of certifications, the necessity of lifelong learning, and the importance of networking. Listen along for good advice on getting noticed in cybersecurity, resume tips, and the evolving landscape of AppSec careers.Mentioned in this episode:The Application Security Handbook by Derek FisherWith the Old Breed by E.B. SledgeCyber for Builders by Ross HaleliukEffective Vulnerability Management by...
Tanya Janca -- Secure Guardrails
Tanya Janka, also known as SheHacksPurple, discusses secure guardrails, the difference between guardrails and paved roads, and how to implement both in application security. Tanya is an award-winning public speaker and head of education at SEMGREP and the best-selling author of Alice and Bob Learn Application Security. Tanya shares her insights on creating secure software and teaching developers in this episode.Mentioned in this episode:Tanya Janca What Secure Coding Really MeansTanya Janca Mentoring Monday - 5 Minute AppSecTanya Janca and Nicole Becher Hacking APIs and Web Services with DevSlopThe Expanse Series by James S.A. CoreyAlice and Bob Learn Application Security by...
Jahanzeb Farooq -- Launching and executing an AppSec program
Jahanzeb Farooq discusses his journey in cybersecurity and the challenges of building AppSec programs from scratch. Jahanzeb shares his experience working in various industries, including Siemens, Novo Nordisk, and Danske Bank, highlighting the importance of understanding developer needs and implementing the right tools. The conversation covers the complexities of cybersecurity in the pharmaceutical and financial sectors, shedding light on regulatory requirements and the role of software in critical industries. Learn about prioritizing security education, threat modeling, and navigating digital transformation.Mentioned in this Episode:The Power of Habit by Charles DuhiggFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
David Quisenberry -- Building Security, People, and Programs
David Quisenberry shares about his journey into the security world, insights on building AppSec programs in small to mid-sized companies, and the importance of data-driven decision-making. The conversation delves into the value of mentoring and why it's important to build real relationships with the people you work with, the vital role of trust with engineering teams, and the significance of mental health and community in the industry.Books Shared in the Episode:SRE Engineering by Betsy Beyer, Chris Jones, Jennifer Petoff and Niall Richard Murphy The Phoenix Project by Gene Kim, Kevin Behr and George SpaffordSecurity Chaos Engineering by Aaron Rinehart and...
Matt Rose -- Software Supply Chain Security Means Many Different Things to Different People
Matt Rose, an experienced technical AppSec testing leader discusses his career journey and significant contributions in AppSec. The conversation delves into the nuances of software supply chain security and exploring how different perceptions affect its understanding. Matt provides insights into the XZ compromise, critiques the buzzword 'shift left,' and discusses the role of digital twins and AI in enhancing the supply chain security. He emphasizes the need for a comprehensive approach beyond SCA, the relevance of threat modeling, and the potential risks and benefits of AI in security.Mentioned in the episode:The Application Security Program Handbook by Derek Fisher https://www.manning.com/books/application-security-program-handbookPodcast Episode:...
James Berthoty -- Is DAST Dead? And the future of API security
James Berthoty, a cloud security engineer with a diverse IT background, discusses his journey into application and product security. James highlights his career trajectory from IT operations to cloud security, his experiences with security tools like Snyk and StackHawk, and the evolving landscape of Dynamic Application Security Testing (DAST) and API security. They delve into the practical challenges of CVEs, reachability analysis, and the complexities of patching in mid-sized companies. James shares his views on the often misunderstood role of WAF and the importance of fixing issues over merely identifying them. James Berthotys LinkedIn post: AppSec Kool-Aid Statements I Disagree...
Mark Curphey and Simon Bennetts -- Riding the Coat Tails of ZAP, without Open Source Funding
Mark Curphey and Simon Bennetts, join Chris on the podcast to discuss the challenges of funding and sustaining major open source security projects like ZAP.Curphey shares about going fully independent and building a non-profit sustainable model for ZAP. The key is getting companies in the industry, especially companies commercializing ZAP, to properly fund its ongoing development and maintenance.Bennetts, who has led ZAP for over 15 years, shares the harsh reality that while ZAP is likely the world's most popular web scanner with millions of active users per month, very few companies contribute back financially despite making millions by building products...
Devin Rudnicki -- Expanding AppSec
Devon Rudnicki, the Chief Information Security Officer at Fitch Group, shares her journey of developing an application security program from scratch and advancing to the CISO role. She emphasizes the importance of collaboration, understanding the organization's business, and using metrics to drive positive change in the security program.Elon Musk - Walter IsaacsonSteve Jobs - Walter IsaacsonThe Code Breaker: Jennifer Doudna, Gene Editing, and the Future of the Human Race - Walter Isaacsonhttps://www.simonandschuster.com/authors/Walter-Isaacson/697650FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dustin Lehr -- Culture Change through Champions and Gamification
Dustin Lehr, Senior Director of Platform Security/Deputy CISO at Fivetran and Chief Solutions Officer at Katilyst Security, joins Robert and Chris to discuss security champions. Dustin explains the concept of security champions within the developer community, exploring the unique qualities and motivations behind developers becoming security advocates. He emphasizes the importance of fostering a security culture and leveraging gamification to engage developers effectively. They also cover the challenges of implementing security practices within the development process and how to justify the need for a champion program to engineering leadership. Dustin shares insights from his career transition from a developer to...
Francesco Cipollone -- Application Security Posture Management and the Power of Working with the Business
Francesco Cipollone, CEO of Phoenix Security, joins Chris and Robert to discuss security and explain Application Security Posture Management (ASPM). Francesco shares his journey from developer to cybersecurity leader, revealing the origins and importance of ASPM. The discussion covers the distinction between application security and product security, the evolution of ASPM from SIEM solutions, and ASPM's role in managing asset vulnerabilities and software security holistically. Francesco emphasizes the necessity of involving the business side in security decisions and explains how ASPM enables actionable, risk-based decision-making. The episode also touches on the impact of AI on ASPM. It concludes with Francesco...
Mukund Sarma -- Developer Tools that Solve Security Problems
Mukund Sarma, the Senior Director for Product Security at Chime, talks with Chris about his career path from being a software engineer to becoming a leader in application security. He explains how he focuses on building security tools that are easy for developers to use and stresses the importance of looking at application security as a part of the broader category of product security. Mukund highlights the role of collaboration over security mandates and the introduction of security scorecards for proactive risk management. He and Chris also discuss the strategic implementation of embedded security functions within development teams. Discover the...
Meghan Jacquot -- Assumed Breach Red Team Engagements for AppSec
AppSec specialist Megan Jacquot joins Chris and Robert for a compelling conversation about community, career paths, and productive red team exercises. Megan shares her unique cybersecurity origin story, tracing her interest in the field from childhood influences through her tenure as an educator and her formal return to academia to pivot into a tech-focused career. She delves into her roles in threat intelligence and application security, emphasizing her passion for technical work, penetration testing, and bug bounty programs. Additionally, Megan highlights the importance of mentorship, her involvement with the Women in Cybersecurity (WeCyS) community, and her dedication to fostering the...
Bill Sempf -- Development, Security, and Teaching the Next Generation
Robert is joined by Bill Sempf, an application security architect with over 20 years of experience in software development and security. Bill shares his security origins as a curious child immersed in technology, leading to his lifelong dedication to application security. They discuss CodeMash, a developer conference in Ohio, and recount Bill's presentation on the Veilid application framework, designed for privacy-driven mobile applications. Bill also explores his efforts in educating children about technology and programming, drawing on his experiences with Kidsmash and other initiatives. Additionally, they delve into the challenges of application security, particularly modern software development practices and the...
Hendrik Ewerlin-- Threat Modeling of Threat Modeling
Robert and Chris talk with Hendrik Ewerlin, a threat modeling advocate and trainer. Hendrik believes you can threat model anything, and he recently applied threat modeling to the process of threat modeling itself. His conclusions are published in the document Threat Modeling of Threat Modeling, where he aims to help practitioners, in his own words, "tame the threats to the threat modeling process." They explore the role of threat modeling in software development, emphasizing the dire consequences of overlooking this crucial process. They discuss why threat modeling serves as a cornerstone for security, and why Hendrik stresses the importance of...
Jason Nelson -- Three Pillars of Threat Modeling Success: Consistency, Repeatability, and Efficacy
Jason Nelson, an accomplished expert in information security management, joins Chris to share insights on establishing successful threat modeling programs in data-intensive industries like finance and healthcare. Jason presents his three main pillars to consider when establishing a threat modeling program: consistency, repeatability, and efficacy. The discussion also provides a series of fascinating insights into security practices, regulatory environments, and the value of a threat modeling champion. As a threat modeling practitioner, Jason provides an essential perspective to anyone serious about application security.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Erik Cabetas -- Cracking Codes on Screen and in Contests: An Expert's View on Hacking, Vulnerabilities, and the Evolution of Cybersecurity Language
Erik Cabetas joins Robert and Chris for a thought-provoking discussion about modern software security. They talk about the current state of vulnerabilities, the role of memory-safe languages in AppSec, and why IncludeSec takes a highly systematic approach to security assessments and bans OWASP language. Along the way, Erik shares his entry into cybersecurity and his experience consulting about hacking for TV shows and movies. The conversation doesn't end before they peek into threat modeling, software engineering architecture, and the nuances of running security programs.Helpful Links:Security Engineering by Ross Anderson - https://www.wiley.com/en-us/Security+Engineering%3A+A+Guide+to+Building+Dependable+Distributed+Systems%2C+3rd+Edition-p-9781119642817New School of Information Security by Adam Shostack and Andrew...
Justin Collins-- Enabling the Business to Move Faster, Securely
Justin Collins of Gusto joins Robert and Chris for a practical conversation about running security teams in an engineering-minded organization. Justin shares his experience leading product security teams, the importance of aligning security with business goals, and the challenges arising from the intersection of product security and emerging technologies like GenAI.They also discuss the concept of security partners and the future of AI applications in the field of cybersecurity. And he doesnt finish before sharing insights into the role of GRC and privacy in the current security landscape. Find out why Justin believes that above all, security should align with...
Kyle Kelly -- The Dumpster Fire of Software Supply Chain Security
Kyle Kelly joins Chris to explore the wild west of software supply chain security. Kyle, author of the CramHacks newsletter, sheds light on the complicated and often misunderstood world of software supply chain security. He brings unique insights into the challenges, issues, and potential solutions in this constantly growing field. From his experiences in sectors like cybersecurity and security research, he adapts a critical perspective on the state of the software supply chain, suggesting it is in a 'dumpster fire' state. We'll dissect that incendiary claim and discuss the influence of open-source policies, the role of GRC, and the importance...
Chris Hughes -- Software Transparency
Chris Hughes, co-founder of Aquia, joins Chris and Robert on the Application Security Podcast to discuss points from his recent book Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, co-authored with Tony Turner. The conversation touches on the U.S. government in the software supply chain, the definition and benefits of software transparency, the concept of a software bill of materials (SBOM), and the growth of open-source software. The episode also covers crucial topics like compliance versus real security in software startups, the role of SOC 2 in setting security baselines, and the importance of threat modeling...
Jay Bobo & Darylynn Ross -- App Sec Is Dead. Product Security Is the Future.
Jay Bobo and Darylynn Ross from CoverMyMeds join Chris to explain their assertion that 'AppSec is Dead.' They discuss the differences between product and application security, emphasizing the importance of proper security practices and effective communication with senior leaders, engineers, and other stakeholders. Jay proposes that product security requires a holistic approach and cautions against the current state of penetration testing in web applications. Darylynn encourages AppSec engineers to broaden their scope beyond individual applications to product security. With enlightening insights and practical advice, this episode thoughtfully challenges AppSec professionals with new ideas about application and product security.Links:Jay recommends:How to...
Eitan Worcel -- Is AI a Security Champion?
Eitan Worcel joins the Application Security Podcast, to talk automated code fixes and the role of artificial intelligence in application security. We start with a thought-provoking discussion about the consistency and reliability of AI-generated responses in fixing vulnerabilities like Cross-Site Scripting (XSS). The conversation highlights a future where AI on one side writes code while AI on the other side fixes it, raising questions about the outcomes of such a scenario.The discussion shifts to the human role in using AI for automated code fixes. Human oversight is important in setting policies or rules to guide AI, as opposed to letting...
Bjrn Kimminich -- OWASP Juice Shop
Bjorn Kimminich, the driving force behind the OWASP Juice Shop project, joins Chris and Robert to discuss all things Juice Shop. The OWASP Juice Shop is a deliberately vulnerable web application that serves as an invaluable training tool for security professionals and enthusiasts. Bjorn provides a comprehensive overview of the latest features and challenges introduced in the Juice Shop, underscoring the project's commitment to simulating real-world security scenarios.Key highlights include the introduction of coding challenges, where users must identify and fix code vulnerabilities. This interactive approach enhances the learning experience and bridges the gap between theoretical knowledge and practical application....
Arshan Dabirsiaghi -- Security Startups, AI Influencing AppSec, and Pixee/Codemodder.io
Arshan Dabirsiaghi of Pixee joins Robert and Chris to discuss startups, AI in appsec, and Pixee's Codemodder.io. The conversation begins with a focus on the unrealistic expectations placed on developers regarding security. Arshan points out that even with training, developers may not remember or apply security measures effectively, especially in complex areas like deserialization. This leads to a lengthy and convoluted process for fixing security issues, a problem that Arshan and his team have been working to address through their open-source tool, Codemodder.io.Chris and Arshan discuss the dynamic nature of the startup world. Chris reflects on the highs and lows...
Dr. Jared Demott -- Cloud Security & Bug Bounty
Chris and Robert are thrilled to have an insightful conversation with Dr. Jared Demott, a seasoned expert in the field of cybersecurity. The discussion traverses a range of topics, from controversial opinions on application security to the practical aspects of managing bug bounty programs in large corporations like Microsoft.We dive into the technicalities of bug bounty programs, exploring how companies like Microsoft handle the influx of reports and the importance of such programs in a comprehensive security strategy. Dr. Demott provides valuable insights into the evolution of bug classes and the never-ending challenge of addressing significant bug types, emphasizing that...
Katharina Koerner -- Security as Responsible AI
Dr. Katharina Koerner, a renowned advisor and community builder with expertise in privacy by design and responsible AI, joins Chris and Robert to delve into the intricacies of responsible AI in this episode of the Application Security Podcast. She explores how security intersects with AI, discusses the ethical implications of AI's integration into daily life, and emphasizes the importance of educating ourselves about AI risk management frameworks. She also highlights the crucial role of AI security engineers, the ethical debates around using AI in education, and the significance of international AI governance. This discussion is a deep dive into AI,...
Ray Espinoza -- The AppSec CISO, Vendor Relationships, and Mentoring
For Security Pros & Business Leaders | Strategic Insights & Leadership Lessons When Ray Espinoza joined Chris and Robert on the Application Security Podcast, he gave a treasure trove of insights for both security professionals and business leaders alike! Whether you're deep in the trenches of information security or steering the ship in business leadership, this episode is packed with valuable takeaways. Dive in to discover why this is a must-listen for professionals across the spectrum. For Security Professionals:1. CISO Insights: Gain a glimpse into the strategic mind of a Chief Information Security Officer. Learn from their real-world experiences and...
Chris John Riley -- MVSP: Minimum Viable Secure Product
Chris John Riley joins Chris and Robert to discuss the Minimum Viable Secure Product. MVSP is a minimalistic security checklist for B2B software and business process outsourcing suppliers. It was designed by a team that included experts from Google, Salesforce, Okta, and Slack. The MVSP objectives are targeted at startups and other companies creating new applications, helping such organizations meet security standards expected by larger enterprises like Google. The MVSP is designed to be accessible for users, as a way to streamline the process of vendor assessment and procurement from the start to the contractual control stages.Using MVSP, developers and...
Steve Wilson and Gavin Klondike -- OWASP Top Ten for LLM Release
Steve Wilson and Gavin Klondike are part of the core team for the OWASP Top 10 for Large Language Model Applications project. They join Robert and Chris to discuss the implementation and potential challenges of AI, and present the OWASP Top Ten for LLM version 1.0. Steve and Gavin provide insights into the issues of prompt injection, insecure output handling, training data poisoning, and others. Specifically, they emphasize the significance of understanding the risk of allowing excessive agency to LLMs and the role of secure plugin designs in mitigating vulnerabilities.The conversation dives deep into the importance of secure supply chains...
Tanya Janca -- What Secure Coding Really Means
Tanya Janca, also known as SheHacksPurple, joins the Application Security Podcast again to discuss secure coding, threat modeling, education, and other topics in the AppSec world. With a rich background spanning over 25 years in IT, coding, and championing cybersecurity, Tanya delves into the essence of secure coding.Tanya highlights the difference between teaching developers about vulnerabilities and teaching them the practices to avoid these vulnerabilities in the first place. Instead of focusing on issues like SQL injection, she emphasizes the importance of proactive measures like input validation and always using parameterized queries. She believes teaching developers how to build secure...
Hasan Yasar -- Actionable SBOM via DevSecOps
Hasan Yasar believes that everyone shares the responsibility of creating a secure environment, and this can only be achieved by working collaboratively. He underscores the idea that security is not an isolated endeavor but a collective effort, urging everyone to come together and build a world where safety and security are paramount.Yasar also shares his thoughts about education and security. He highlights the need for integrating security concepts right from the foundational levels of teaching programming languages. By introducing concepts like input validation and sanitization early on, students can be better equipped to handle security challenges in their professional lives....
Varun Badhwar -- The Developer Productivity Tax
Varun Badhwar is a three-time founder, a luminary in the cyber security industry, and a clear communicator. He joins Chris and Robert on the Application Security Podcast to discuss scanning with context, SBOM plus VEX, and the developer productivity tax. The concept of a "Developer Productivity Tax" acknowledges the challenges developers face when bombarded with a plethora of vulnerabilities. This "tax" represents the drain on developers' time and resources as they navigate through a myriad of potential threats, many of which lack actionable context. The inefficiencies arising from this process can lead to significant delays in software development, emphasizing the...
OWASP Board of Directors Debate
The Application Security Podcast presents the OWASP Board of Directors Debate for the 2023 elections. This is a unique and engaging discussion among six candidates vying for a position on the board. Throughout the debate, candidates address pressing questions about their priorities as potential board members, the future direction of OWASP, and strategies for community growth and vendor neutrality. Topics such as vendor agnosticism, the allocation of profits from global OWASP events, and the importance of community involvement are among the critical issues discussed.The questions presented by Chris and Robert include:What experience do you have running an organization like OWASP?...
Itzik Alvas -- Secrets Security and Management
Itzik Alvas, Co-founder and CEO of Entro, is an expert on secrets security.Itzik joins Chris and Robert to discuss the significance of understanding and managing secrets, emphasizing the importance of knowing how many secrets an organization has, where they are located, and their potential impact. He elaborates on the three pillars of secrets management: listing and locating secrets, classifying and understanding their potential blast radius, and monitoring them for any abnormal behavior.The conversation takes a turn towards the future of secrets management, where Itzik believes there's a need for a shift in mentality. He stresses the importance of education in...
Harshil Parikh -- Deep Environmental and Organizational Context in Application Security
Harshil Parikh is a seasoned security leader with experience building security and compliance functions from the ground up. He notably built the security and compliance team at Medallia from scratch and led it through several transitions. He is also a conference speaker, and, most recently, he co-founded Tromzo. Harshil shares insights about AppSec, running a startup, selling effectively, and provides justification for his mantra, "Context is king." Harshil underscores the importance of understanding context in security, emphasizing that it's the bedrock for making informed decisions. He also brings to light the significance of data-driven metrics in application security.Harshil champions the...
Jeff Williams -- The Tech of Runtime Security
Jeff Willams of Contrast Security joins Chris and Robert on the Application Security Podcast to discuss runtime security, emphasizing the significance of Interactive Application Security Testing (IAST) in the modern DevOps landscape. After reflecting on the history of OWASP, the conversation turns to the challenges organizations face in managing their application security (AppSec) backlogs. Jeff highlights the alarming number of unresolved issues that often pile up, emphasizing the inefficiencies of traditional security tools.Jeff champions IAST, and here are a few highlights that he shares. IAST is ideally suited for DevOps by seamlessly transforming regular test cases into security tests. IAST...
Mark Curphey and John Viega -- Chalk
Mark Curphey and John Viega join Chris and Robert to explain the details of Chalk, Crash Override's new tool. Mark also talks about why ZAP departed from OWASP and joined the Software Security Project, highlighting some of the value and differences of both organizations. Open Source Software is important to the industry, but Mark calls on companies to contribute to the development and support of the projects they use. The conversation explores the challenges faced by companies, especially large tech firms, in managing their software engineering processes. Many organizations grapple with identifying code ownership, determining code versions during incidents, and...
Maril Vernon -- You Get What You Inspect, Not What You Expect
Maril Vernon is passionate about Purple teaming and joins Robert and Chris to discuss the intricacies of purple teaming in cybersecurity. She underscores the significance of fostering a collaborative environment between developers and the security team. Drawing from her experiences, Maril shares the challenge of development overlooking her remediation recommendations. She chose to engage directly with the developers, understanding their perspective and subsequently learning to frame her remediations in developer-centric language. This approach made her recommendations actionable and bridged the communication gap between the two teams.Maril also looks into the future of purple teaming, envisioning a landscape dominated by automation...
Dan Kykendall -- Why All Application Security Products Suck
Dan Kykendall visits The Application Security Podcast to discuss his series "Why All AppSec Products Suck" and explain why software companies should understand the uses and limitations of any security tool. The series aims to highlight the limitations of each tool and to help users make informed decisions when selecting the right tools for their needs. In this field, there is no such thing as an expert; there is always something new to learn.Dan, Chris, and Robert remember the late Kevin Mitnick, a well-known figure in the cybersecurity community. They share their personal experiences with Mitnick, highlighting his curiosity, humility,...
Kevin Johnson -- Samurai Swords and Zap's Departure
Kevin Johnson is the CEO of Secure Ideas. He began his career as a developer but turned toward security when he discovered that the interface for an intrusion detection system, Snort, was out of date. This led him to create BASE (Basic Analysis and Security Engine), a testament to Kevin's proactive approach.Kevin has a deep-rooted passion for open-source projects. He highlights the challenges and joys of initiating and sustaining such ventures, emphasizing the pivotal role of community contributions. Kevin also details how to install and start with SamuraiWTF, a tool tailored for those keen on mastering application security. He outlines...
Tony Quadros -- The Life of an AppSec Vendor
Tony Quadros, the AppSec Lumberjack, shares the unique career path that led him to find his passion in Application Security. The discussion delves into the work of an AppSec vendor, with Tony explaining his role and the responsibilities it entails. He emphasizes the importance of understanding the needs and environment of the customer, and whether the product he represents can fulfill their requirements. Tony also shares his philosophy of sales, centered around solving problems and providing business value.Tony reveals the challenges salespeople face in the cybersecurity industry, particularly the pressure to meet quotas and the need for good company culture....
Steve Giguere -- Cloud AppSec
Cloud security is on an evolutionary path, with newer platforms embracing secure-by-default settings. This has led to a significant improvement in security but also adds complexity as developers need to understand these defaults when deploying to the cloud.Steve Giguere defines cloud application security, describes cloud-first development and cloud complexity, security by default, and the need to broaden AppSec by creating new security personas and being secure from idea to destination. Steve provides many nuggets of insight from his travels, including pointing us to Wing, a programming language for the cloud that includes code and IaC together.We discuss the consolidation of...
Paul McCarty -- The Burrito Analogy of the Software Supply Chain
"Visualizing the Software Supply Chain" is a project which aims to kick off a discussion about the scope and breadth of the software supply chain.Paul McCarty emphasizes the importance of understanding what's in the software supply chain to secure it effectively. He uses the burrito analogy, stating that you can't decide if you want to eat it if you don't know what's in it. We discuss the nuances around the Software Bill of Materials (SBOM) and the importance of understanding the differences between various SBOMs, especially for companies that deploy frequently.The conversation also covers third-party components, such as APIs, SaaS...
Farshad Abasi -- Three Models for Deploying AppSec Resources
Farshad Abasi shares three models for deploying resources within application security teams:The Dedicated AppSec Person Model involves assigning an AppSec person to work with each team. Farshad shares his experience of working with developers and the challenges faced in getting them to understand and implement threat modeling. He also discusses the transition from waterfall to Agile and how it affected threat modeling.The Federated Model: A security consultant attends weekly standups and sprint planning sessions in this model. They work with a checklist to quickly determine if any user stories could be security sensitive. This model reduces the allocation required to...
Kim Wuyts -- The Future of Privacy Threat Modeling
Kim Wuyts discusses her work in privacy threat modeling with LINDDUN, a framework inspired by Microsoft's STRIDE for security threat modeling. LINDDUN provides a structure to analyze privacy threats across multiple categories such as linking, detecting data disclosure, and unawareness. The framework has been updated over the years to incorporate new knowledge and developments in privacy, and it has become recognized as a go-to approach for privacy threat modeling.Kim believes that privacy and security can be combined and highlights the importance of protecting individuals' rights and data while securing systems and assets.Privacy by design, which focuses on reducing unnecessary data...
Software supply chain -- how deep does the problem go? Franois is here to help us realize how deep the rabbit hole of the supply chain is and enlighten us with strategies to get out of the hole.Franois emphasizes the importance of branch protection in source code repositories as the cornerstone of any supply chain, highlighting the need for peer review and static code analysis before merging. He also discusses the concept of tag protection, which prevents anyone with rewrite access to the repository from modifying a tag. This is particularly important in the context of build systems, where an...
Steve Wilson -- OWASP Top Ten for LLMs
How do we do security in the world of AI and LLMs? A great place to start is with an OWASP project tasked with creating a standardized guideline for building secure AI applications with large language models such as ChatGPT. Enter OWASP Top Ten for LLMs, and Steve Wilson, the project leader.You'll experience Large Language Models (LLMs) and their implications in AI. Steve explains how the introduction of ChatGPT marked a significant shift in the AI landscape. He elaborates on the concept of LLMs, their functioning, and the unique properties that emerge when used at a large scale.Traditional OWASP Top...
JB Aviat -- The State of Application Security
What is the state of application security? JB Aviat answered that question, by creating the state of application security report based on data from Datadog customers using the application security and APM products. It provides insights into threat detection, vulnerability detection, prioritization, and general trends on where the most significant risks lie.We discuss:the prioritization of vulnerabilities;the risks associated with non-production environments like staging or pre-production. They discuss how attackers often target these environments, potentially as practice grounds, before launching an attack on the production environment;future trends of application security, particularly with the rise of low-code or no-code development tooling.FOLLOW OUR...
Joshua Wells -- Application Security in the Age of Zero Trust
What is zero trust, and how does it impact the world of applications and application security? We dive deep into zero trust with Joshua Wells, a seasoned cybersecurity expert with over ten years of experience. Joshua explores the intricacies of zero trust, a cybersecurity model that dictates no user or machine is trusted by default and must be authenticated every time.Listen in as Joshua discusses his journey from aspiring to be an NFL player to becoming a leading voice in cybersecurity. He shares insights on how zero trust operates in different domains, including architectural security, endpoint detection, mobile device management,...
Jeevan Singh -- The Future of Application Security Engineers
Jeevan Singh, the director of product security at Twilio, discusses the future of application security engineers. Singh highlights the importance of embedding security into all aspects of software development and the need for a strong security culture within organizations. He also explains the skills required for a senior application security engineer, such as application security, software development, and teaching skills. Singh underscores the importance of empathy and influence, emphasizing that soft skills can significantly affect adequate application security. He also discusses the impact of AI, particularly OpenAI's GPT, in supporting the work of security engineers by providing valuable insights and...
Tony Turner -- Threat Modeling and SBOM
Have you ever considered using an SBOM to inform your threat modeling? Tony Turner has. Tony joins us to discuss SBOMs, threat modeling, and the importance of Cyber Informed Engineering.Tony delves into the SBOM (Software Bill of Materials) concept, highlighting their value proposition in identifying vulnerabilities, demonstrating compliance with software licenses, and informing M&A activities and incident response indicators related to cyberattacks. We also explore the integration of SBOMs into the system engineering process and security engineering.Tony further introduces the concept of Consequence-Driven Cyber Informed Engineering, which emphasizes understanding the potential consequences of cyberattacks on critical infrastructure rather than just...
Christian Frichot -- Threat Modeling with hcltm
Christian Frichot, an AppSec hacker, security leader, and developer of hcltm. He discusses the DevOps threat modeling tool he dreamed up and built. The tech was created to fit into developers' workflows and leverage tools they are familiar with. hcltm is designed to drive valuable change and be updated and maintained easily by software engineers. It is a developer-centric software product not heavily opinionated on diagramming, allowing users to employ their preferred methods for threat modeling. The solution is still evolving, and Frichot is open to user feedback and suggestions to improve it. He encourages people to try hcltm and...
Zohar Shachar -- Bug Bounty from Both Sides
Zohar Shachar joins us to discuss the bug bounty process from both sides. Zohar has spent time as a bug bounty hunter and shares wisdom on avoiding bug bounty-causing issues for your AppSec posture. We hope you enjoy this conversation with...Zohar Shachar.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sarah-jane Madden -- Threat Modeling to established teams
Sarah-Jane Madden is the Chief Information Security Officer of Sensing Technology Group. - part of Fortive. She has over 20 years of software experience, from the most formal environments to lets fix it in production type teams. She has been a longtime advocate of deliberate application security as a partnership with product management and believes security does not have to be an overhead. Sarah-Jane joins us to discuss her talk at OWASP Dublin, "Far from green fields introducing Threat Modeling to established teams." She shares lessons learned from her 3-year journey and is transparent with the mistakes she made along...
Jet Anderson -- The AppSec Code Doctor
Jet Anderson's passion is teaching today's software developers to write secure code as part of modern DevOps pipelines, at speed and scale, without missing a beat. He's been a software engineer for over 25 years and believes fixing security bugs is better than finding them. Jet joins us to discuss software or security engineer first, how fixing security bugs is better than just finding them, and the Code Doctor security training program he built and deployed. We hope you enjoy this conversation with...Jet Anderson.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
James Mckee -- Developer Security
James Mckee is a developer (MCPDEA) and security advocate (CISSP) whose biggest responsibility is leading developer security practices. He sets the standards and procedures for the practice's operations and leads all client engagement efforts concerning security. He also takes the lead in ensuring that company staff (developers specifically) are properly trained and following best practices concerning application security. Currently, he is responsible for training and providing product guidance for developers worldwide. James joins us to discuss offensive application security for developers. We also get into the role of security professionals in reaching developers outside of the security echo chamber. We...
Derek Fisher -- The Application Security Handbook
Derek is the author of The Application Security Handbook. He is a university instructor at Temple University, where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led security teams, large and small, at organizations in the healthcare and financial industries. Derek joins us to unpack the goals of an application security program, what is cutting edge in application security programs today, the role of open source vs. commercial, and guidance such as "decentralized application security." "enablement instead of gates; application security as a service," and "stop...
Rob van der Veer -- OWASP AI Security & Privacy Guide
Rob van der Veer has a 30-year background in software engineering, building AI businesses, creating software, and assessing software. He is a senior director at the Software Improvement Group, where he established practices for AI, security, and privacy. Rob is involved in several standardization initiatives like OWASP SAMM, ENISA, CIP, and AI security & privacy guide. He leads the writing group for the new ISO standard on AI engineering: 5338. Rob co-leads the OWASP integration project, with openCRE.org as a key result, aiming to create alignment in the standards landscape. Rob joins us to introduce the OWASP AI Security and...
Robyn Lundin -- Planning & organizing a penetration test as an AppSec team
Robyn Lundin started working in tech after a coding boot camp as a developer for a small startup. She then discovered her passion for security, pivoted into pentesting for NCC Group, and now works as a Senior Product Security Engineer for Slack.Robyn joins us to discuss the role of penetration testing within the application security realm. Robyn provides actionable guidance you can apply directly to your application pen testing program. We hope you enjoy this conversation with....Robyn Lundin.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Michael Bargury -- Low Code / No Code Security and an OWASP Top Ten
Michael Bargury is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past, he headed security product efforts at Azure, focused on IoT, APIs and IaC.Michael is passionate about all things related to cloud, SaaS and low-code security and spends his time finding ways they could go wrong. He also leads the OWASP low-code security project and writes about it on DarkReading. Michael is a regular speaker at OWASP, BSides and DEFCON conferences.Michael joins us to unpack Low Code / No Code and the new OWASP Top Ten that defines specific risks against...
Alex Olsen -- Security champions, empowering developers, and AppSec training
Alex leads the Cyber Security Consulting Group, part of Rakuten's Cyber Security Defense Department. The group's dedication is to providing global security services, including security architecture, DevSecOps tooling and integration services, delivery of technical training, and running Rakuten's Security Champion community. His focus is on empowering teams to improve security throughout the development lifecycle.Alex joins us to discuss security champions, a topic near and dear to our hearts. We get into democratizing appsec, the value of security governance and empowerment activities for security champions and the organization, how scope, cost and effort fit, and the ROI of training and security...
Mark Curphey -- The future of OWASP
Mark Curphey is one of the creators of OWASP from the very early days. Mark worked in the background over the few decades of OWASP but has recently taken more to the spotlight. After running, he was elected and joined the OWASP Board of Directors.This conversation starts with the historical story of Mark and his history with OWASP. Then we jump into the visions for OWASP in the future and the plans in place to reach those goals. We hope you enjoy this conversation with...Mark Curphey.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tiago Mendo -- How to scan at scale with OWASP ZAP
Tiago Mendo is a co-founder and CTO of Probely. He has extensive experience in pentesting applications, training, and providing all-around security consultancy.Tiago started working with security in the early 2000s, beginning with a tenure of 12 years at Portugal Telecom. While there, he built the web security team and worked with 150+ developers. He holds a Master's in Information Technology/Information Security from Carnegie Mellon University and a CISSP certification.He is also a qualified member of AP2SI, a non-profit organization that promotes Information Security in Portugal, and Co-Leader of the Lisbon OWASP Chapter. He is a frequent speaker at security events,...
Wolfgang Goerlich -- Security beyond vulnerabilities
J. Wolfgang Goerlich is an Advisory CISO for Cisco Secure. He has been responsible for IT and IT security in the healthcare and financial services verticals. Wolfgang has led advisory and assessment practices for cybersecurity consulting firms.Wolf joins us to talk about some security things that will stretch your mind, like security beyond vulnerabilities, how apps intended functionality can be misused, data privacy, and nudges and behavior science.Wolf challenged my thinking in this episode and pointed out a new area of threat modeling I had never considered. We hope you enjoy this conversation with... J. Wolfgang Goerlich.FOLLOW OUR SOCIAL MEDIA:Twitter:...
Sam Stepanyan -- OWASP Nettacker Project
Sam Stepanyan is an OWASP London Chapter Leader and an Independent Application Security Consultant with over 20 years of IT experience and a background in software engineering and web application development.Sam has worked for various financial services institutions in the City of London, specializing in Application Security consulting, Secure Software Development Lifecycle (SDLC), developer training, source code reviews and vulnerability management. He is also a Subject Matter Expert in Web Application Firewalls (WAF) and SIEM systems. Sam holds a Masters degree in Software Engineering and a CISSP certification.Sam joins us to introduce us to OWASP Nettacker. He describes the tool's...
Nick Aleks and Dolev Farhi -- GraphQL Security
Dolev Farhi is a security engineer and author with extensive experience leading security engineering teams in complex environments and scales in the Fintech and cyber security industries. Currently, he is the Principal Security Engineer at Wealthsimple. He is one of the founders of DEFCON Toronto (DC416). He enjoys researching vulnerabilities in IoT devices, participating in and building CTF challenges and contributing exploits to Exploit-DB.Nick Aleks is a leader in Toronto's cybersecurity community and a distinguished and patented security engineer, speaker, and researcher. He is currently the Senior Director of Security at Wealthsimple, leads his security firm, ASEC.IO, and is a...
Guy Barhart-Magen -- Log4j and Incident Response
With nearly 25 years of experience in the cyber-security industry, Guy held various positions in both corporates and startups.In his role as the CTO for the cyber crisis management firm Profero, his focus is making incident response fast and scalable, harnessing the latest technologies and a cloud-native approach.Guy is the BSidesTLV chairman and CTF lead, a Public speaker in well-known global security events (SAS, t2, 44CON, BSidesLV, and several DefCon villages, to name a few), and the recipient of the Cisco black belt security ninja honor Ciscos highest cybersecurity advocate rank.Guy joins us to explore his front-row seat for the...
Brett Smith -- Security is a Necessary Evil
Brett Smith is a Software Architect/Engineer/Developer with 20+ years of experience. Specialties: Automation, Continuous Integration/Delivery/Testing/DeploymentExpertise: Linux, packaging, and tool design. Brett joins us to discuss why he hates security and shares his vast knowledge of building a secure and cutting-edge build pipeline. We hope you enjoy this conversation with...Brett Smith.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chen Gour-Arie -- The AppSec Map
Chen Gour-Arie is the Chief Architect and Co-Founder of Enso Security. With over 15 years of hands-on experience in cybersecurity and software development, Chen demonstrably bolstered the software security of dozens of global enterprise organizations across multiple industry verticals. An enthusiastic builder, he has focused his career on building tools to optimize and accelerate security testing and all related workflows. Ken joins us to introduce the AppSec Map and provides a live demo of the catalog and what AppSec practitioners can use it for. We hope you enjoy this conversation with...Chen Gour-Arie.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube:...
Dominique Righetto -- OWASP Secure Headers
Dominique Righetto is an AppSec enthusiast and OWASP projects contributor. Dominique joins us to discuss the OWASP Secure Headers project. We discuss headers at a high level and then dive into all the goodies you'll find within the project, from awareness, guidance, and a test suite that can be integrated into your CI/CD pipeline to test your security headers. We hope you enjoy this conversation with...Dominique Righetto.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hillel Solow -- How to do AppSec without a security team
Hillel Solow is Chairman of the Board at ProtectOnce, where he helps guide product and security strategy. Hillel is a serial entrepreneur in the cybersecurity space, but his favorite thing is still writing code at 2 am.Hillel joins us to discuss how to do appsec without a security team. We explore the building blocks of an appsec program, and what appsec looks like for companies of different sizes, from startup to midsize to enterprise. Then dive into Hillel's most important advice for companies who can't afford a security person. We hope you enjoy this conversation with Hillel Solow.FOLLOW OUR SOCIAL...
Chris Romeo -- The Security Journey Story
In this episode of the Application Security Podcast, Chris Romeo walks through the origin story of Security Journey and shares some experiences taking a security startup from bootstrap to acquisition. Chris talks about how and why he started the company, what defining factors made Security Journey successful and why they're being acquired now. He ends by giving an overview of what to expect from Security Journey moving forward. We hope you enjoy this conversation withChris Romeo.Check out these resources for more information about the acquisition!Press Release: https://www.accesswire.com/702562/HackEDU-Acquires-Security-Journey-to-Provide-the-Most-Comprehensive-Application-Security-Training-Offering-Helping-Development-Teams-Deliver-Secure-Code-and-Protect-DataChris's Blog Post: https://www.securityjourney.com/post/hackedu-acquires-security-journeyJoe's Blog Post: https://www.hackedu.com/blog/hackedu-acquires-security-journey-to-create-industry-leading-application-security-offeringFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security...
Kristen Tan and Vaibhav Garg -- Machine Assisted Threat Modeling
In this episode of the Application Security Podcast, we talk to Kristen Tan and Vaibhav Garg from Comcast. They wrote a paper called "An Analysis of Open-source Automated Threat Modeling Tools and Their Extensibility from Security into Privacy". They join us to share their story about what they were doing and why they did it. We hope you enjoy this conversation with...Kristen and VG.https://www.usenix.org/publications/loginonline/analysis-open-source-automated-threat-modeling-tools-and-theirFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Patrick Dwyer -- CycloneDX and SBOMs
Patrick is a Senior Product Security Engineer in the Application Security team at ServiceNow. He is also Co-Leader of the OWASP CycloneDX project. A lightweight Software Bill of Materials (SBOM) standard designed for use in application security contexts and supply chain component analysis.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Omer Gil and Daniel Krivelevich -- Top 10 CI/CD Security Risks
Daniel Krivelevich is a cybersecurity expert and problem solver, with 15+ years of enterprise security experience with a proven track record working with 100+ enterprises across multiple industries, with a strong orientation to Application & Cloud Security. Daniel co-Founded Cider Security as the companys CTO. Cider is a startup focused on securing CI/CD pipelines, flows, and systems.Omer is a seasoned application and cloud security expert with over 13 years of experience across multiple security disciplines. An experienced researcher and public speaker, Omer discovered the Web Cache Deception attack vector in 2017. Omer leads research at Cider Security.We hope you enjoy...
Josh Grossman -- Building a High-Value AppSec Scanning Program
Josh Grossman has over 15 years of experience in IT Risk and Application Security consulting, and he has also worked as a software developer. He currently works as CTO for Bounce Security, where he focuses on helping organizations build secure products by providing value-driven Application Security support and guidance.In his spare time, he is very involved with OWASP. He is on the OWASP Israel chapter board, he is a co-leader of the OWASP Application Security Verification Standard project, and he has contributed to various other projects as well, including the Top 10 Risks, Top Ten Proactive Controls and JuiceShop projects.We...
Alex Mor -- Application Risk Profiling at Scale
Alex Mor is a passionate cybersecurity defender or breaker depending on the time of day, providing expert technical guidance to product teams and building security in their platforms. Alex joins us to talk about application risk profiling. He defines what this concept is to help us understand it. Then we talk about how can you do application risk profiling at scale? Whether you have ten applications or 1500 applications? How do you bring this together and gain real true security value from this idea of profiling your applications? We hope you enjoyed this conversation with Alex Mor.FOLLOW OUR SOCIAL MEDIA:Twitter:...
Brenna Leath -- Product Security Leads: A different way of approaching Security Champions
Brenna Leath is currently the Head of Product Security for a data analytics company where she sets the application security strategy for R&D and leads a team of security architects. Brenna originally joined us to talk about EO 14028 and the implications for private sector programs, BUT, we were chatting about security champions and product security leads, and we changed our focus to cover these topics instead. We hope you enjoy this conversation with...Brenna Leath.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Will Ratner -- Centralized container scanning
Will Ratner is a software security professional with extensive experience building and implementing security solutions across a myriad of industries including banking, media, construction, and information technology. In his current role at Atlassian, Will focuses on improving the vulnerability management process by building highly scalable and automated solutions for the enterprise. Will joins us to discuss a centralized approach he built for container scanning. We explore the challenges and lessons learned, building a scalable, enterprise-grade solution, and how to build something that developers will see value in. We hope you enjoy this conversation with...Will Ratner.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The...
Neil Matatall -- AppSec at Scale
Neil Matatall is an engineer with a background in security. He has previously worked at GitHub and Twitter and is a co-founder of Loco Moco Product Security Conference. Neil joins us for his second visit, to discuss account security at scale. He describes the underlying principles behind security at scale, how he worked to build a sign-in analysis feature, and how attacks were detected. We ended the conversation with an authentication lightning round, with Neil responding to various statements about authentication off the cuff! We hope you enjoy this episode with Neil Matatall.Check out our previous conversation with Neil Matatall.https://www.buzzsprout.com/1730684/8122595-neil-matatall-content-security-policyFOLLOW...
Joern Freydank -- Security Design Anti Patterns Limit Security Debt
Joern Freydank is a Lead Cyber Security Engineer with more than 20 years of experience. He is currently establishing the Threat Modeling Program at a major insurance company. Joern joins us to talk about security design anti-patterns. He defines the term, explains security debt, reviews the categories of anti-patterns, and walks us through the example of a common role misconception. We hope you enjoy this conversation with...Joern Freydank.For more from Joern, check out his talk, Security Design Anti-Patterns -- Creating Awareness to Limit Security Debt, from Global AppSec: https://youtu.be/o_Wq7Ga4M-0FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ken Toler -- Blockchain, Cloud, and #AppSec
Ken Toler is a principal consultant at Kudelski Security and is passionate about building and optimizing application security programs that stick through strong adoption and ease of use. Ken has spent considerable time on all sides of the security aisle from playing defense and managing security teams to offense by breaking applications and reviewing code. Ken is also the host and creator of the Relating to DevSecOps podcast that focuses on forging strong relationships between engineers, operations, and security through collaboration, understanding, skill-sharing, and healthy debate. Ken joins us to talk about all things Blockchain and AppSec. We define Blockchain,...
Jeroen Willemsen and Ben de Haan -- Dirty little secrets
Jeroen Willemsen is a passionate, hands-on security architect with a knack for mobile security and security automation. As a "jack of all trades," he has been involved with various OWASP projects and has developed various trainings. He has spent over 10 years as a full-stack developer and has worked as a (security) architect, security lead, and risk manager.Ben de Haan is a Freelance Security consultant and engineer. Ben's specialties are architecting and implementing cloud security and building secure CI/CD environments in Agile, DevOps, and SRE cultures. Ben believes security should be built-in and can be scaled to meet these modern...
Adam Shostack -- Fast, cheap and good threat models
Adam is a leading expert on threat modeling, and a consultant, expert witness, author and game designer. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft. While not consulting or training, Shostack serves as an advisor to a variety of companies and academic institutions. Adam joins us to talk about fast, cheap, and good threat models. We discuss how Adam defines these categories, the weight of threat modeling, questionnaires/requirements, expertise, and how to make threat modeling conversational. We hope you enjoy this conversation with...Adam Shostack.FOLLOW OUR...
Loren Kohnfelder -- Designing Secure Software
Loren Kohnfelder has over 20 years of experience in the security industry. At Microsoft, he was a key contributor to STRIDE, the industrys first formalized proactive security process methodology, and also program-managed the .NET platform security effort. At Google, he worked as a software engineer on the Security team and as a founding member of the Privacy team. Loren joins us to talk about his new book, Designing Secure Software. We start the conversation geeking out about his work to create STRIDE and digital certificates. We then discuss facets of the book, like secure software, security design review, and what...
Ochaun Marshall -- IaC and SAST
Ochaun Marshall is an Application Security Consultant. In his roles of secure ideas, he works on on-going development projects utilizing Amazon web services and breaks other people's web applications. Ochaun joins us to talk about SAST and IaC, static application security testing and infrastructure as code. We talk about what they are, how they work, the security benefits, some of the tools that make them possible, and we finish our conversation talking about developer empathy and why Ochaun has developer empathy as a result of some of the experiences that he has as a developer and as a security person....
Simon Bennetts -- Using OWASP Zap across an Enterprise
Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Project Leader and a Distinguished Engineer at StackHawk, a company that uses ZAP to help users fix application security bugs before they hit production. He has talked about and demonstrated ZAP at conferences all over the world. Prior to making a move into security, he was a developer for 25 years and strongly believes that you cannot build secure web applications without knowing how to attack them.Simon joins us for the second time to refresh our knowledge of Zap, explain how to use Zap as an automation tool in your pipeline,...
Timo Pagel -- DevSecOps Maturity Model
Timo Pagel has been in the IT industry for over fifteen years. After a system administrator and web developer career, he advises customers as a DevSecOps consultant and trainer. His focus is on security test automation for software and infrastructure and assessment of complex applications in the cloud.In his spare time, he teaches Web and Application Security at various universities. Timo joins us to talk about the OWASP DevSecOps Maturity Model or DSOMM. We explore maturity models, this specific one, how you can use it, and how to get started. We hope you enjoy this conversation with...Timo Pagel.FOLLOW OUR SOCIAL...
Mazin Ahmed -- Terraform Security
Mazin Ahmed is a security engineer that specializes in AppSec and offensive security. He is passionate about information security and has previously found vulnerabilities in Facebook, Twitter, Linkedin, and Oracle, to name a few. Mazin is the developer of several popular open-source security tools that have been integrated into security testing frameworks and distributions. Mazin also built FullHunt.io, the next-generation continuous attack surface security platform. He is also passionate about cloud security, where he has been running dozens of experiments in the cloud security world. Mazin joins us to introduce Infrastructure as Code and TerraForm and discuss the security benefits...
James Ransome and Brook Schoenfield -- trust and verify: Building in Security at Agile Speed
Dr. James Ransome is the Chief Scientist for CyberPhos, an early-stage cybersecurity startup. He is also a member of the board of directors for the Bay Area Chief Security Officer Council and serves as an adviser to ForAllSecure and Resilient Software Security.Dr. Ransome's career includes leadership positions in the private and public sectors. He has served in three chief information security officer and four chief security officer roles before taking on Chief Product Security Officer roles over the last 11 years. During this time, he has been building and enhancing developer-centric, self-sustaining, and scalable software security programs that are holistic,...
OWASP Top 10 2021 Peer Review
Robert and I break down the OWASP Top 10 2021 Peer Review Edition. We walk through and give you our insights and highlights of the things that stand out to us and our questions. We feel it brings value to our audience's understanding of the OWASP Top 10 2021 and what it will likely look like when it comes out. We encourage you to go and do your own peer review of the document, submit your own poll requests, provide your feedback and issues on Github because together as a community, this is how we make this document better. Enjoy!FOLLOW...
Anastasiia Voitova -- Encryption is easy, key management is hard
Anastasiia Voitova is the Head of customer solutions and a security software engineer at Cossack Labs. She works on data security and encryption tools and their integration into the real world apps.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Eran Kinsbruner -- DevSecOps Continuous Testing
Eran Kinsbruner is the Chief Evangelist and Senior Director at Perforce Software. His published books include the 2016 Amazon bestseller, The Digital Quality Handbook, Continuous Testing for DevOps Professionals, and Accelerating Software Quality ML and AI in the Age of DevOps. Eran is a recognized influencer on continuous testing and DevOps thought leadership, an international speaker, and blogger. Eran joins us to talk about the role of testing in a secure software pipeline. We talk about the intersection of security and quality, biggest challenges in getting started, and even a brief conversation about how SAST is used to check automotive...
Mark Loveless -- Threat modeling in a DevSecOps environment.
Mark Loveless - aka Simple Nomad - is a security researcher and hacker. He's spoken at numerous security and hacker conferences worldwide, including Blackhat, DEF CON, ShmooCon, and RSA. He's been quoted in the press including CNN, Washington Post, and the New York Times. Mark joins us to discuss his series of blog posts on Threat Modeling at GitLab. We discuss his philosophical approach, framework choice (spoiler alert, it's a pared down version of PASTA), and success stories / best practices he's seen for threat modeling success. We hope you enjoy this conversation with...Mark Loveless.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The...
Jeroen Willemsen -- Security automation with ci/cd
Jeroen Willemsen is a Principal Security Architect at Xebia. Jeroen is more or less a jack of all trades with an interest in infrastructure security, risk management, and application security. With a love for mobile security, he enjoys sharing knowledge on various security topics. Jeroen joins us to unpack security automation in a DevOps world. We discuss categories of tools, typical quick wins, potential downsides, and how dependency management specifically plays into automation. We hope you enjoy this conversation with...Jeroen Willemsen.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thinking back, Looking forward - A Balanced Approach to Securing our Software Future
Kevin Greene is the Director of Security Solutions at Parasoft and has extensive experience and expertise in software security, cyber research and development, and DevOps. He leverages his knowledge to create meaningful solutions and technologies to improve software security practices. Kevin and I had a conversation to discuss software security from the past and into the future. We cover how to make security easier for developers, SBOM, software minimalism, cyber resiliency, and so much more! We hope you enjoy this conversation with...Kevin Greene.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jeevan Singh -- Threat modeling based in democracy
Jeevan Singh is a Security Engineer Manager at Segment, where he is embedding security into all aspects of the software development process. Jeevan enjoys building security culture within organizations and educating staff on security best practices. Before life in the security space, Jeevan had a wide variety of development and leadership roles over the past 15 years. Jeevan joins us to speak about self-serve threat modeling at Segment or threat modeling based in democracy. We discuss their focus with the program, how it fits in their dev methodology and their ultimate goal with the threat modeling program. We hope you...
Dima Kotik -- Application Security and the Zen of Python
Dima Kotik is an Application Security Engineer at Security Journey and has been programming in Python for years. As he was working on building out Security Journey's Secure Coding with Python content, he came across the Zen of Python, a set of guidelines for how to program in Python. He wrote a blog post about how to apply application security to the Zen of Python, and then we recorded this interview to talk about the concept in more depth. We hope you enjoy this interview with....Dima Kotik.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dustin Lehr -- Advocating and being on the side of developers
Before taking the plunge into information security leadership, Dustin Lehr spent over a decade as a software engineer and architect in a variety of industries, including retail, DoD, and even video games. This diverse background has helped him forge close partnerships with development teams, engineering leaders, and software security advocates while pursuing the organizational culture shift of building good security habits into daily work. Dustin joins us to talk about the challenges developers face with security and so much more. We hope you enjoy this conversation with...Dustin Lehr.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aaron Rinehart -- Security Chaos Engineering
Aaron Rinehart is expanding the possibilities of chaos engineering to cybersecurity. He began pioneering security in chaos engineering when he released ChaoSlingr during his tenure as Chief Security Architect at UnitedHealth Group (UHG). Rinehart is the O'Reilly Author on Security Chaos Engineering and has recently founded a chaos engineering startup called Verica with Casey Rosenthal from Netflix. Aaron joins us to explain what the heck security chaos engineering is. We explore the origin story of chaos engineering and security chaos engineering and how a listener starts with this new technique. We hope you enjoy this conversation with...Aaron Rinehart.FOLLOW OUR SOCIAL...
Izar Tarandach and Matt Coles-- Threat Modeling: A Practical Guide for Development Teams
In this episode of the Application Security Podcast, we're joined by friends Izar and Matt, authors of the book "Threat Modeling: A Practical Guide for Development Teams." Izar is currently the Squarespace Principal Security Engineer. He lives in NY, where he enjoys telling people who separate security from development to get off his lawn. Matt is currently a Product & Application Security Engineer at Dell Technologies. Matt lives in Massachusetts, is an avid gamer, and enjoys time with his family when not thinking or talking to others about security. We discuss why they wrote the book, what it covers, the...
Charles Shirer -- The most positive person in security
Charles is a Senior Security Consultant for Red Siege. He has over 18 years of experience in IT. In his spare time, Charles does retro gaming and works on the SECBSD open source project, a penetration testing distro. He currently works as Staff at several Security Conferences, podcasts (GrumpyHackers) (Positively Blue Team Cast), and is a part of the MentalHealthHackers DeadPixelSec NovaHackers and HackingisNotaCrime Family. Charles joins us to talk about positivity in InfoSec. If you've never seen Charle's videos, you're missing out. We'll unpack what drives his positivity and how we as infosec / appsec people can embrace a...
Leif Dreizler -- Tactical tips to shift engineering right
Leif Dreizler is the manager of the Product Security team at Segment. Leif got his start in the security industry at Redspin doing security consulting work and was later an early employee at Bugcrowd. He helps organize the Bay Area OWASP Chapter, the LocoMocoSec Conference, and the AppSec California conference. Leif caught our attention when he published an article called Shifting Engineering Right: What security engineers can learn from DevSecOps. In this interview, we focus in on the tactical tips and takeaways from the article, or how you as a security person can shift engineering right. We hope you enjoy...
Vandana Verma -- OWASP Spotlight Series
Vandana Verma is the President of Infosec girls and Infosec Kids, a board of directors member for OWASP, and a leader for BSides Dehli. She joins us to introduce the OWASP Spotlight Series. With each video she creates, she highlights an OWASP project. We survey the projects she's covered and discuss a specific takeaway from each for the application security person. We hope you enjoy this conversation with...Vandana Verma.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dr. Anita DAmico -- Do certain types of developers or teams write more secure code?
Dr. Anita DAmico is the CEO of Code Dx, which provides Application Security Orchestration and Correlation solutions to industry and government. Her roots are in experimental psychology and human factors. Her attention is now focused on enhancing the decisions and work processes of software developers and AppSec analysts to make code more secure. Anita joins us to discuss research she has done answering the question, "do certain types of developers or teams write more secure code?" Being a security culture fanatic, this topic is near and dear for me. We hope you enjoy this conversation with...Dr. Anita D'Amico.FOLLOW OUR SOCIAL...
Alyssa Miller -- Bringing security to DevOps and the CI/CD pipeline
Alyssa Miller is a life-long hacker, security advocate, and cybersecurity leader. She is the BISO for S&P Global ratings and has over 15 years of experience in security roles. She is heavily involved in the cybersecurity community as an international speaker, author, and advocate. Alyssa joins us to talk about bringing security to DevOps and the CI/CD pipeline. We talk about the success of the DevOps transformation, mistakes AppSec teams make with DevOps and explore the possible idea that DevSecOps is its own silo. We hope you enjoy this conversation with...Alyssa Miller.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube:...
Liran Tal Cloud native application security, whats a developer to do?
Liran Tal is an application security activist and long-time proponent of open-source software. He is a member of the Node.js security working group, an OWASP project lead, author of Essential Node.js Security, and OReillys Serverless Security. He is leading the developer advocacy team at Snyk in a mission to empower developers with better dev-first security. Liran joins us to talk about cloud-native and application security. We begin by defining cloud-native and the changes it is causing. We then get into threats in a cloud-native world and the role of developers and AppSec. We hope you enjoy this conversation with. Liran...
Chris Romeo DevSecOps Fails
For this episode, Robert and I decided to talk about an article I wrote called "DevOps security culture: 12 fails your team can learn from". We hope you enjoy this walkthrough of the 12 fails. If we missed any, hit us up on Twitter and let us know what we should add to the list.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Routh Secure software pipelines
Jim Routh has built software security programs at some of the biggest brands in the world. He has served as CISO or CSO six different times in his career, always staying close to his cyber and software security roots. Jim has hung up his CISO badge and now focuses on serving on boards and advising security-focused startups. Jims original AppSec podcast episode is our #1 listened to of all time. Having the opportunity to interact with Jim and absorb his vast wisdom and knowledge is a treat for everyone. At the end of this interview, my immediate thought was to...
Andrew van der Stock Taking Application Security to the Masses
Andrew van der Stock has been around the world of Application Security for quite a long time. In 2020, he took over as the Executive Director of OWASP, and he's working from within the organization to further the mission of taking application security to the masses. We discuss Andrew's OWASP origin story and he defines OWASP and the OWASP core mission. We talk membership, the future, and drop some details about the upcoming 20th anniversary of OWASP. We hope you enjoy this conversation with Andrew van der Stock.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
JC Herz and Steve Springett SBOMs and software supply chain assurance
JC Herz is the COO of Ion Channel, a software logistics and supply chain assurance platform for critical infrastructure. She is a visiting fellow at George Masons National Security Institute and co-chairs a Department of Commerce working group on software bills of materials for security-sensitive public and private sector enterprises. JC and Steve Springett join to talk all things software bill of materials. We define what an SBOM is and what its used for. We talk threats that SBOM counters, who started it, and what the OWASP tie in. JC concludes our time by explaining why now is the time...
Brian Reed Mobile Appsec: The Good, the Bad and the Ugly as We Head into 2021
Brian Reed is Chief Mobility Officer at NowSecure. Brian has over 30 years in tech and 15 years in mobile, security, and apps dating back to the birth of mobile including BlackBerry, Good Technology, BoxTone, and MicroFocus. Brian joins us to discuss mobile application security, the good, the bad, and the ugly as we head into 2021. We discuss recent issues in mobile apps, mobile firewalls, mobile vs. web, and how AppSec is different in a mobile world. We hope you enjoy this conversation withBrian Reed.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Threat Modeling Manifesto Part 2
This is part two of the story of a diverse group of security and privacy people that love threat modeling and gathered to define threat modeling, encourage people to threat model, help them succeed, and change the world. This is our story of the Threat Modeling Manifesto. In this episode, we move on from definition to working through the values and principles that make up threat modeling, and then we ship the product.The working group of the Threat Modeling Manifesto consists of individuals with years of experience in threat modeling for security or privacy.Zoe BraitermanAdam ShostackJonathan MarcilStephen de VriesIrene MichlinKim...
The Threat Modeling Manifesto Part 1
This is part one of the story of a diverse group of security and privacy people that love threat modeling and gathered to define threat modeling, encourage people to threat model, help them succeed, and change the world. This is our story of the Threat Modeling Manifesto. Our intention is to share a distilled version of our collective threat modeling knowledge in a way that should inform, educate, and inspire other practitioners to adopt threat modeling as well as improve security and privacy during development.We developed this Manifesto after years of experience thinking about, performing, teaching, and developing the practice...
Season 7 Guests The best of Season 7
This is our final episode of Season 7, and we thought we'd share some of our favorite clips with you. We've covered lots of ground, from featuring many OWASP projects to DevSecOps, penetration testing, AWS security, SameSite cookies, crypto, and that just scratches the surface. We hope you enjoy this wrap-up episode with.... A whole bunch of Season 7 guests.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aviat Jean-Baptiste The AppSec report
Jb Aviat is CTO and co-founder at Sqreen. Prior to this, Jb worked at Apple as a reverse engineer, pentester, and developer. Jb joins us to discuss the new Application Security Report that Sqreen has released. We review what the report contains, key takeaways and conclusions, and even consider which framework/language is the most secure. We hope you enjoy this conversation with. Jb Aviat.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Frank Rietta The convergence of Ruby on Rails and #AppSec
Frank Rietta is the CEO of Rietta.com, a Security Focused Web Application Firm. He is a web application security architect, expert witness, author, and speaker. Frank joins us to discuss secure coding with Ruby on Rails. We get into a discussion about RoR vs. other languages, primary threats, counters to threats, and tools available for the RoR developer to assist with security. We hope you enjoy this conversation with Frank Rietta.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dmitry Sotnikov REST API Security there is no silver bullet
Dmitry Sotnikov serves as Chief Product Officer at 42Crunch an enterprise API security company. He maintains https://APISecurity.io, a popular community site with daily API Security news and weekly newsletter API vulnerabilities, breaches, standards, best practices, regulations, and tools. Dmitry joins us to discuss REST API Security. We talk about the top API security threats, counters to those threats, and the details on APISecurity.IO. We hope you enjoy this conversation with Dmitry Sotnikov.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Caroline Wong The state of Penetration Testing
Caroline Wong is the Chief Strategy Officer at Cobalt.io. Wong's close and practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec Product Manager, and day-to-day leadership roles at eBay and Zynga. Caroline joins us to talk about penetration testing and reviews key findings from the Cobalt.io "State of Pentesting" report. We hope you enjoy Caroline Wongs second visit to the Application Security Podcast.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aaron Davis LavaMoat solving JavaScript software supply chain
Aaron Davis is a founder, dev, and a lead security researcher at MetaMask, a popular Ethereum wallet. He introduces us to LavaMoat, an approach to solving javascript software supply chain security for node and the browser. The LavaMoat runtime prevents modifying JavaScript's primordials, limits access to the platform API, and prevents packages from corrupting other packages. We hope you enjoy this conversation with Aaron Davis.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Anastasiia Voitova Use Cryptography; Dont Learn It
Anastasiia Voitova is a software engineer who works on data security solutions at @cossacklabs, making complex crypto easy-to-use in modern software. She joins us to explore the idea of boring crypto. She caught our attention with a talk at OWASP 24 where she encouraged developers to NOT learn crypto. You'll have to listen to understand her rationale. She explains mistakes folks make with crypto, boring crypto, and how to get started implementing boring crypto. We hope you enjoy this conversation withAnastasiia Voitova.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Michael Furman SameSite Cookies
Michael Furman is the Lead Security Architect at Tufin, and is responsible for the security and Security Development Lifecycle (SDL) of Tufin software products. Michael is passionate about application security for over 13 years already and evangelizes about application security at various conferences (including OWASP conferences) and security meetups. Michael joins us to break down SameSite cookies, which are all the rage in browsers these days. He describes what they are, the threats they counter, and how SameSite + the Synchronizer Token Pattern work together to counter CSRF. We hope you enjoy this conversation with. Michael Furman.FOLLOW OUR SOCIAL MEDIA:Twitter:...
Chris Romeo The State of Security and the Importance of Empathy
Application security applies to everyone, network architects included. Chris had an opportunity to join a friend's Podcast called "The Hedge." Chris talks with hosts Tom and Russ about the state of security and what network engineers need to know about security from an application perspective. They talk about the importance of empathy in all jobs, walking a mile in the shoes of those that work around you.Youll find this episode on the Hedge site at https://rule11.tech/hedge-048/.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Neil Matatall Content Security Policy
Neil Matatall is a product security engineer at GitHub. He focuses on designing and engineering user experiences solutions related to authentication and account recovery. Working remotely from Hawaii, Neil is a strong believer in the future of remote work. Neil joins us for a deep-dive into Content Security Policy. We explore what it is, the purpose, and why its so difficult to implement.We hope you enjoy this conversation with Neil Matatall.https://github.com/github/secure_headersFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Grant Ongers Gamification of threat modeling
Grant Ongers is co-founder of the bearded trio called Secure Delivery, with a philosophy and purpose for optimal delivery and security in one dynamic package. Grant's experience spans Dev, Ops, and Security, with over 30 years pushing the limits of (Info)Sec. Grants community involvement is global: Staff at BSides (London, Las Vegas, and Cape Town), Goon at DEF CON (USA) for nearly ten years and DC2721 co-founder, staff at BlackHat (USA and EU), and an OWASP Global Board member.Grant joins us to talk about gamification and threat modeling, and introduces me to the OWASP Cornucopia card game, which you can...
Elie Saad OWASP WSTG, Cheat Sheets, and Integration
Elie Saad is an application security engineer, leading three different OWASP projects. He focuses on helping developers own and champion security in their projects by providing guidance, tests, secure pipeline design and aiding them in applying external security measures. In this conversation, Elie educates us about the current happenings with WSTG, Cheat Sheets, and the Integration Standard. He walks us through demos of each project.We hope you enjoy this conversation with Elie Saad. @7hundersonFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Graham Holmes Adversarial Machine Learning
Graham Holmes is the founder and owner of AoP CyberSecurity, LLC whose mission is to enable organizations to create scalable and effective strategies for trustworthy outcomes. His career includes over 22 years as a leader at Cisco Systems, where he infamously served as my boss for a period of time, and before that he served in the US Navy as a commissioned officer for 9 years. Graham joins us to discuss adversarial machine learning. We explore the threats and attacks in an AI/ML world, and review solutions to address these challenges using trust as a foundation. Please enjoy this conversation...
Ochaun Marshall Securing Web applications in AWS
Ochaun Marshall is a developer and security consultant. In his roles at Secure Ideas, he works on ongoing development projects utilizing Amazon Web Services and breaks other people's web applications. Ochaun joins us to talk about the changing tide of serverless and frustrations with AWS security. Before we got to the actual topic, we talked about how he currently works as a developer some times, and a pen tester/security person the rest of the time, and the conflict that arises from this split role. Please enjoy this conversation withOchaun Marshall.@OchaunMFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for...
Drew Dennison Security should make the computer sweat more
Drew Dennison is the CTO & co-founder of r2c, a startup working to profoundly improve software security and reliability to safeguard human progress. Drew joins us to introduce a tool called semgrep. Semgrep is a fast source code analysis tool, potentially faster than anything you've seen before. If you want to see the live demo of semgrep, head over to the Application Security Podcast Youtube channel to see the video.We hope you enjoy this conversation with Drew Dennison.Twitter: DrewDennisonFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aaron Guzman IoTGoat
Aaron Guzman specializes in IoT, embedded, and automotive security. Aaron is the Co-Author of IoT Penetration Testing Cookbook. He helps lead both OWASPs Embedded Application Security and Internet of Things projects; providing practical guidance for addressing top security vulnerabilities to the embedded and IoT community. Aaron joins us to explore IoTGoat. IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices. He describes what it is, where it comes from, and does a demo for us on how to put it to use.For season 7 and beyond, weve...
Adam Shostack The Jenga View of Threat Modeling
Adam Shostack is a leading expert on threat modeling, and consultant, entrepreneur, technologist, author, and game designer. He has taught threat modeling at a wide range of commercial, non-profit, and government organizations. Adam joins us to discuss his new white paper called the Jenga View of Threat Modeling. For season 7 and beyond, we've launched our YouTube channel, Application Security Podcast, where we post the video feeds for all episodes. Youll want to check it out, as many interviews now have demos included, where we capture a screen during the interview.You can grab a copy of the whitepaper on Adams...
Cindy Blake Aligning security testing with Agile development
Cindy Blake is the Senior Security Evangelist at GitLab. Cindy collaborates around best practices for integrated DevSecOps application security solutions with major enterprises. She is proud to introduce her new book, 10 Steps to Securing Next-Gen Software. The book combines her cyber security experience with a background in lean and software development, and simplifies the complexities of todays software evolution into pragmatic advice for security programs. Cindy joins us to discuss how to align security testing with Agile development.For season 7 and beyond, weve launched our YouTube channel, Application Security Podcast, where we post the video feeds for all episodes....
Jannik Hollenbach Multijuicer: JuiceShop with a side of Kubernetes
Jannik Hollenbach is a Security Automation Engineer at iteratec GmbH, working on and with open source security testing tools to continuously detect security vulnerabilities in the companies software and systems. He is also a member of the OWASP Juice Shop project team. Jannik joins us to discuss MultiJuicer, or how to run JuiceShop in a Kubernetes cluster, with a separate JuiceShop instance for each user.For season 7 and beyond, weve launched our Youtube channel, Application Security Podcast, where we post the video feeds for all episodes. Youll want to check it out, as many interviews now have demos included, where...
Sebastien Deleersnyder and Bart De Win OWASP SAMM
Sebastien Deleersnyder is co-founder, CEO of Toreon, and Bart De Win is a director within PwC Belgium. They work together to co-lead both the OWASP Belgium Chapter and the OWASP SAMM project. Sebastien and Bart join us to introduce OWASP SAMM 2.0. OWASP SAMM (Software Assurance Maturity Model) is the OWASP framework to help organizations assess, formulate, and implement a strategy for software security they can integrate into an existing Software Development Lifecycle (SDLC). We explore where it came from, and walk through the framework.For season 7 and beyond, weve launched our Youtube channel, Application Security Podcast, where we post...
Marc French, Steve Lipner, Maya Kaczorowski, DJ Schleen, Kim Wuyts Season Six Wrap up
Weve reached the end of season six, and here are a few of our favorite clips. Season seven is around the corner.S06E01 Marc French The AppSec CISOWhat are some tips for someone who wants to become a CISO? Is there such a thing as a CISO school?S06E05 Steve Lipner The Past, Present, and Future of SDLLipner is a giant in the industry and someone that Ive looked up to for years. After some setup, I ask him for a definition of SDL.S06E08 Maya Kaczorowski Container and Orchestration SecurityContainers are not a security tool. Do you agree or disagree? The philosophy...
Mark Merkow Secure, Resilient, and Agile Software Development
Mark Merkow works at WageWorks in Tempe, Arizona, leading application security architecture and engineering efforts in the office of the CISO. Mark has over 40 years of experience in IT in a variety of roles, including application development, systems analysis, and design, security engineering, and security management. Mark has authored or co-authored 17 books on IT and has been a contributing editor to four others.Mark joins us to discuss how application security and Agile software development methodology fit together. We hope you enjoy this conversation with Mark Merkow.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Zsolt Imre Fuzz testing is easy
Zsolt is the founder and CTO of GUARDARA with more than 15 years of experience in cybersecurity, both on the offensive and defensive side. Zsolt explains fuzz testing, who does it, and why. He also helps us to understand how to deal with fuzz testing results, and how to get started doing fuzz testing on your own. We hope you enjoy this conversation with Zolt Imre.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adam Shostack Remote Threat Modeling
Adam joins us to discuss remote threat modeling, and we do a live threat modeling exercise to figure out how remote threat modeling actually works. If you want to see the screen share as we figure out remote threat modeling, check out the Youtube version of the episode. Bio: Adam Shostack is a leading expert on threat modeling, and consultant, entrepreneur, technologist, author and game designer. He has taught threat modeling at a wide range of commercial, non-profit and government organizations. Hes a member of the Black Hat Review Board, is the author of Threat Modeling: Designing for Security, and...
Kim Wuyts Privacy Threat Modeling
Kim Wuyts is a postdoctoral researcher at the Department of Computer Science at KU Leuven (Belgium). She has more than 10 years of experience in security and privacy in software engineering. Kim is one of the main forces behind the development and extension of LINDDUN, a privacy threat modeling framework that provides systematic support to elicit and mitigate privacy threats in software systems. Kim joins us to explain the difference between security and privacy and introduce us to LINDDUN and how to use it.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
John Martin Preventing a Cyberpocalypse
John Martin has owned responsibilities ranging from Software Supply Chain to DevSecOps Security Champions to Cloud Security Monitoring. His career spans the years between Blue-Box MF generators, through the era of automated hacks, and into our modern age of industrialized paranoia. He is a frequent speaker on the topic of commercial software security and a contributor to many SAFECode and CSA efforts. John joins us to discuss the prevention of a cyberpocalypse. You heard it correctly. Now tune in to learn what a cyberpocalypse is and why you need to care about it. We hope you enjoy this conversation with...
Jeremy Long Its dependency check, not checker
Jeremy Long is a principal engineer specializing in securing the SDLC. Jeremy is the founder and project lead for the OWASP dependency-check project; a software composition analysis tool that identifies known vulnerable 3rd party libraries. Jeremy joins us to share the origin story of dependency check, the problems it solves, the number of companies that use it, how to integrate it, and the future of the project.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Alyssa Miller Experiences with DevOps + Automation and beyond
Alyssa is a hacker, security evangelist, cybersecurity professional and international public speaker with almost 15 years of experience in the security industry. A former developer, her background is application security, not only conducting technical assessments but also helping develop complete security programs. Alyssa joins us to share her take on DevOps, automation, and beyond. She also shares a great story about how she got domain admin in 3 minutes.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vandana Verma Support each other
Vandana Verma is a passionate advocate for application security. From serving on the OWASP Board to running various groups promoting security to organizing conferences, she is engaged in making the global application security community a better place. She manages the @Infosecgirls organization and is a leader for the @OWASPBangalore chapter. Vandana joins us to discuss her work so far on the OWASP Board, to discuss her AppSec DC keynote on diversity, and to catch us up on InfoSecGirls and WIA.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DJ Schleen DevOps: The Sec is Silent
DJ Schleen is a seasoned DevSecOps advocate at Sonatype and provides thought leadership to organizations looking to integrate security into their DevOps practices. He encourages organizations to deeply integrate a culture of security and trust into their core values and product development journey. DJ joins us to talk about the philosophy of DevOps and flow, DevSecOps and silos, and the DevSecOps reference architectures. We hope you enjoy this conversation with DJ Schleen.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Niels Tanis 3rd Party Risk in a .NET World
Niels Tanis has a background in .NET development, pen-testing, and security consultancy. He has experience breaking, defending and building secure applications. Neils joins us to continue our .NET conversation from last year. This time around we focus on the 3rd party risk we pull into our applications by using third party libraries in a .NET conversation from last year. This time around we focus on the 3rd party risk we pull into our applications by using third party libraries in a .NET world.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Maya Kaczorowski Container and Orchestration Security
Maya is a Product Manager in Security & Privacy at Google, focused on container security. She previously worked on encryption at rest and encryption key management. Maya has a Master's in mathematics, focusing on cryptography and game theory. Maya joins us to discuss how containers improve security, a high-level threat model of containers and orchestration, and tips for enhancing security as you role out containers and Kubernetes.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Geoff Hill AppSec, DevSecOps, and Diplomacy
Geoffrey Hill is an AppSec DevSecOps leader and Architect. Geoff joins us to discuss his experiences rolling out DevSecOps in both Agile and non-Agile practicing shops. We hope you enjoy this conversation with...Geoff Hill.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Erez Yalon The OWASP API Security Project
Erez Yalon heads the security research group at Checkmarx. With vast defender and attacker experience and as an independent security researcher, he brings invaluable knowledge and skills to the table. Erez joins us to speak about the new OWASP API Security Project, and more specifically, the new API Security Top 10. We hope you enjoy this conversation with Erez Yalon.Find the Document on the OWASP GitHub: https://github.com/OWASP/API-SecurityFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Steve Lipner The Past, Present, and Future of SDL
Steve Lipner is a pioneer in cybersecurity, approaching 50 years experience. He retired in 2015 from Microsoft where he was the creator and long-time leader of Microsofts Security Development Lifecycle (SDL) team. While at Microsoft, Steve also created initiatives to encourage industry adoption of secure development practices and the SDL and served as a member and chair of the SAFECode board. Steve joins us to talk about all things SDL, and I must say, I was super excited for this interview, with way too many questions for someone who was there on day 1 of Secure Development Lifecycle. We hope...
David Kosorok The Three Pillars of an AppSec Program: Prevent, Detect, and React
David Kosorok is a code security expert, software tester, father of 9, and a self-described major nerd. David is the Director of AppSec at Align Tech, and a fellow member of the Raleigh Durham tech community. David joins us to speak about the three pillars of building an application security program: Prevent, Detect, and React. When we think the program, weve never heard anyone relate a program this way, and thought you needed to hear about a different approach to program building. We hope you enjoy this conversation with. David Kosorok.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks...
Chris and Robert: A Taste of Hi-5
As the hosts of the Application Security Podcast, we get the opportunity from time to time to mix it up. This week we gather a few security articles, share a summary, and offer our opinions (for what our opinions are worth). The source of the articles is Hi-5, a weekly newsletter containing five security articles that are worth your time. We scour the Interwebs looking for the best articles on application and product security and share those with you. You can subscribe to Hi-5 on the Security Journey website.Hit us up on Twitter and let us know if you like...
Bill Dougherty INCLUDES NO DIRT, practical threat modeling for healthcare and beyond
Bill Dougherty is the vice president of IT and security at Omada Health, where he leads a team responsible for all aspects of internal IT including SaaS strategy, end-user support, vendor management, operational security and compliance. Bill along with Patrick Curry created the INCLUDES NO DIRT approach to threat modeling, which takes threat modeling to the next level, beyond STRIDE, and goes head on with a more modern set of real-world security considerations. We hope you enjoy this conversation with, Bill Dougherty.Find Bill on Twitter @bdognet.For an article about the methodology, see INCLUDES NO DIRT: A Practical Threat Modeling Approach...
Marc French The AppSec CISO
Marc French is a security person, firearms geek, scuba guy, lousy golfer, and an aspiring blacksmith. We met Marc in the hallway at the Boston Application Security Conference. Marc has extensive experience as a CISO but came from the world of AppSec to the exec suite, which is not the normal path. We discuss what is a CISO, and what does a CISO actually do, the role of AppSec in the life of the CISO, and tips Marc has for those that wish to become a CISO someday. We hope you enjoy this conversation with Marc French.FOLLOW OUR SOCIAL MEDIA:Twitter:...
Season 5 Finale A cross section of #AppSec
Threat modeling, secrets, mentoring, self-care, program building, and much more. Clips from Georgia Weidman, Simon Bennetts, Izar Tarandach, Omer Levi Hevroni, Tanya Janca, Bjrn Kimminich, Caroline Wong, Adam Shostack, Steve Springett, Matt McGrath, Brook Schoenfield, and Ronnie Flathers.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ronnie Flathers Security programs big and small
Ronnie Flathers is a security guy, a pentester, and a researcher. In this conversation, we explore his experiences in building application security programs. He's had the opportunity to program build inside of companies big and small.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brook Schoenfield Security is a messy problem
Brook Schoenfield is a Master Security Architect @IOActive and author of Securing Systems, as well as an industry leader in security architecture and threat modeling, and a friend. "We have a static analysis tool. Why do we need a program?" This is what Brook overheard at one point in his past, from a company CTO, and it sums up the program issue. The CTO was trying to drive a technical strategy for an entire company, and security was just one piece of that. A mandate or a tool would have made life so easy.Brook takes us on a journey based...
Liran Tal The state of open source software security
Liran Tal is a Developer Advocate @snyksec and is the author of Essential Node.js Security. He takes #opensource and protecting the #web very seriously. Liran and I start by geeking out about BBS's in the days of old. SYSOP page, anyone? Then we go into the state of open source security based on the report that Liran contributed heavily to and discuss many of the key takeaways from that report, including the developer response to open source security, security vulnerability rates in docker containers, and the length of time that vulnerabilities lie dormant in open source. We close out with...
Liran Tal Open Source Security 5 Minute AppSec
Why should someone care about open source security?FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Steve Springett An insiders checklist for Software Composition Analysis
Steve Springett is a technologist, husband, father, entrepreneur, and tequila aficionado. He is the creator of the OWASP @DependencyTrack and @CycloneDX_Spec. In this conversation, we begin with the problem of software supply chain risk and the failures of commercial Software Composition Analysis tools. We then go through an extensive list of criteria for purchasing a software composition analysis tool. I have never seen a list like this ever shared anywhere in the industry. Steve is definitely in the know when it comes to these types of tools, and this is a detailed checklist of what he looks for in a...
Steve Springett OWASP Dependency Track 5 Minute AppSec
The question is for Steve Springett, in regards to Software Composition Analysis / Software Supply Chain and OWASP Dependency Track.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Elissa Shevinsky Static Analysis early and often
Elissa Shevinsky is CEO at Faster Than Light. She's had a storied career as an entrepreneur with Brave, Everyday Health, and Geekcorps. We discuss Elissa's origin story, security startups, and the value of mentoring to her career. Then we get into Static Analysis and how we make security easier for people so that security gets done.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Elissa Shevinsky Be Kind, Security People 5 Minute AppSec
Robert asks Elissa Shevinsky, why should people be nice, or why is niceness important in security?FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Matt McGrath Security coaches
Matt McGrath is an old school Java developer that made the transition into security. Matt has had success in rolling out a programmatic approach to security improvement called security coaching. A security coach is much more than a wellness or life coach for your developers. They have some commonalities, but the security coach is thinking about how you help the developer want to get better at security. In his experience, developers are not going to kick and scream away from security but will embrace it when asked.The job description for a good coach does not require a development background. The...
Erez Yalon and Liora Herman The Application Security Village @ DefCon
Erez Yalon and Liora Herman are both passionate security professionals. They joined forces to create the AppSec Village, an event at DefCon in Las Vegas. If you are in Vegas for BH/DC, stop by the village and say hi to Robert, who will be in attendance as well.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Erez Yalon AppSec Village 5 Minute AppSec
It's BlackHat and DefCon season, so we asked a question of Erez Yalon; why did you start the AppSec Village?FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tommy Ross The BSA Framework for Secure Software
Tommy Ross serves as Senior Director, Policy with BSA | The Software Alliance. In this role, he works with BSA members to develop and advance global policy positions on a range of key issues, with a focus on cybersecurity, privacy, and market access barriers. Tommy is one of the coordinators/collaborators on the BSA Framework for Secure Software. This document caught our attention when it came out a few months ago, as it is a reliable representation of all the pieces an organization needs for software security. Tommy shares with us some of the background stories on how this document came...
Adam Shostack Threat modeling layer 8 and conflict modeling
Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups. Adam is known for his work with threat modeling. In this episode, we take threat modeling to a whole new level as we explore the idea of threat modeling layer 8 or human beings, and explore the concept of conflict modeling.Youll find Adams conflict modeling work on GitHub.https://github.com/adamshostack/conflictmodelingFOLLOW OUR SOCIAL...
Adam Shostack Threat Modeling 5 Minute AppSec
If you've done anything with threat modeling, you've heard of Adam Shostack. We asked him the question, "why would anyone threat model?".FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Zoe Braiterman AI, ML, AppSec, and a dose of data protection
Zoe Braiterman is an Innovation Intelligence Strategist focused on both the Machine and Human and also the OWASP WIA Chair. We explore the intersection of application security with artificial intelligence and machine learning and end up discussing data protection. Zoe approaches AppSec from a different angle, and her perspectives get us thinking about the importance of appsec in the future of autonomous everything.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Caroline Wong Self-care and self-aware for security people
Caroline Wong has had a long career in security, starting with eBay and leading to her role today at Cobalt.IO as Chief Strategist. Caroline shares her explanation of self-care and tells her story about how neglecting self-care led to problems. She offers ideas about how to better approach self-care as a security professional, work-life balance, and ways for approaching a successful career in security.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bjrn Kimminich The new JuiceShop, GSOC, and Open Security Summit
Bjrn Kimminich is the project leader for OWASP JuiceShop. This is his second visit to the podcast, and we discuss new features in JuiceShop, including XSS in jingle promo video, marketing campaign coupon hacking, GDPR related features and challenges, working 2FA with TOTP, and the DLP failure challenges. Then we get into the cool new things that will come as a result of the GSoC, where a developer will add new functionality to the JS where new vulns can be hidden. We end discussing the upcoming Open Security Summit from OWASP.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks...
Bjrn Kimminich JuiceShop 5 minute AppSec
Bjrn Kimminich is the project leader for OWASP JuiceShop. He created JuiceShop out of necessity, after reviewing all the available vulnerable web apps years ago, and not finding what he needed. OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security training, awareness demos, CTFs, and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nancy Garich and Tanya Janca DevSlop, the movement
Nancy Garich and Tanya Janca are two of the project leaders for the OWASP DevSlop Project. As we learn more about DevSlop, we realize that it is much more than a project: it's a movement. DevSlop is about the learning and sharing of four awesome women and is a platform for them to share what theyve learned with the community.DevSlop consists of four different modules:Patty An Azure DevSecOps pipelinePixi-CRS & Pixi-CRS-ZAP are two Circle-CI pipelines that demonstrate adding a WAF to your pipeline for automatic tuning before moving your apps to prodPixi is an intentionally vulnerable app and consists of...
Tanya Janca Mentoring Monday 5 Minute AppSec
Tanya Janca is excited about mentoring. She's started a hashtag on Twitter for mentors to find mentee's, and for mentee's to search for mentors. Mentoring is such an essential part of growing our community, so if you are not mentoring anyone today, I can only ask, why not? Here is Tanya's take on mentoring and her advice on how to get involved with #MentoringMonday.5 Minute AppSec is an AppSec Podcast experiment with micro-content. Hit us up on Twitter and tell us what you think, @AppSecPodcast.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Matt Clapham A perspective on appsec from the world of medical software
Matt Clapham is a product security person, as a developer, security engineer, advisor, and manager. He began his career as a software tester, which led him down the path of figuring out how to break things. Matt lives in the medical software world and visited the Healthcare Information and Management Systems Society (HIMSS) conference. Matt shares his perspectives on application/cybersecurity through the eyes of the healthcare industry. There is much for us to understand by viewing how other segments approach security and privacy. Matt believes in stepping outside the echo chamber and experiencing how other industries see security, and he...
Jon McCoy Hacker outreach
Jon McCoy is a security engineer, a developer, and a hacker; and a passionate OWASP advocate. Maybe even a hacker first. Jon has a passion to connect people and break down barriers between hackers and corporate folks. Jon explains the idea of hacker outreach and breaks down what we can expect if we venture to the DefCon event in Las Vegas. Jon also remembered a cautionary tale of Roberts Fitbit out at a DefCon event. Jon is someone we can all learn from about giving back to our community.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Omer Levi Hevroni K8s can keep a secret?
Omer Levi Hevroni has written extensively on the topic of Kubernetes and secrets, and he's a super dev. He's the author of a tool for secrets management called Kamus. Kamus is an open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enables users to easily encrypt secrets that can be decrypted only by the application running on Kubernetes. The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS, and AES).Find Omer on Twitter to converse about all things K8s and secrets.Show notes:https://blog.solutotlv.com/can-kubernetes-keep-a-secret/https://github.com/Soluto/kamusFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks...
Izar Tarandach Command line threat modeling with pytm
Izar Tarandach is a threat modeling pioneer, seen as one of the movers and shakers in the threat modeling world. Izar leads a small team that develops the pytm tool, which is self-described as a "A Pythonic framework for threat modeling". The GitHub page goes on to say define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram (DFD), a Sequence Diagram and most important of all, threats to your system.Reach out to Izar on Twitter and visit the pytm GitHub page to download...
Simon Bennetts OWASP ZAP: past, present, and future
Simon Bennetts is the project leader for OWASP ZAP. Simon joined Robert at CodeMash to talk about the origin of ZAP, the new heads up display, and ZAP API. ZAP is an OWASP FlagShip Project and is available here: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_ProjectFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bill Sempf Growing AppSec People and KidzMash
Robert meets up with Bill Sempf at the CodeMash conference and discusses how to grow AppSec people. Developers can transform into application security people. They also cover how to inspire the next generation of cybersecurity people (kids) through the example of KidzMash.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Georgia Weidman Mobile, IoT, and Pen Testing
Georgia Weidman (@georgiaweidman) met with Robert at CodeMash to discuss her origin story, mobile, IoT, penetration testing, and details about her various companies. If you've never seen Georgia's book on penetration testing, we recommend you grab a copy. http://www.nostarch.com/pentesting To sign up for the newsletter mentioned at the start of this week's show, visithttps://info.securityjourney.com/hi5signupFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Conclusion: Season 4 Finale
Here it is. The finale of season four. Thanks to everyone who listens in, and remember, if there are any people you want us to interview on the podcast, tweet at us @AppSecPodcastFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Geoff Hill -- Rapid Threat Model Prototyping Process
Geoff Hill joins Chris and Robert to talk about Rapid Threat Model Prototyping Process. You can find Geoff on Twitter @Tutamantic_SecFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bill Wilder -- Running Azure Securely
Bill Wilder joins Chris and Robert to talk about Running Azure Securely. You can find Bill on Twitter @codingoutloudFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Matt Konda -- OWASP Glue
Matt Konda joins Chris and Robert to talk about what Glue is.You can find Matt on Twitter @mkondaOWASP GlueFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Josh Grossman, Avi Douglen, and Ofer Maor -- AppSec in Israel and Three Talks to watch from AppSec USA
Josh Grossman, Avi Douglen, and Ofer Maor at AppSec USA join Chris. They discuss the AppSec group in Israel and a few critical talks you should watch from AppSec USA this year.You can find Josh on Twitter @JoshCGrossmanYou can find Avi on Twitter @sec_tiggerYou can find Ofer on Twitter @OferMaorFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Daniel Miessler -- OWASP IoT Top 10
Daniel Miessler joins Chris and Robert to talk about the upcoming Top 10 list for IoT.You can find Daniel on Twitter @DanielMiesslerIoT ProjectFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Travis McPeak -- SecOps Makes Developers Lives Easier
Travis McPeak joins Chris to talk about SecOps and how it can help make a developer's life easier.You can find Travis on Twitter @travismcpeakFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris Romeo -- Security Culture Hacking: Disrupting the Security Status Quo
We listen in on the #AppSecUSA talk by Chris about Security Culture Hacking.You can find Chris on Twitter @edgeroute FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Manico -- The Extremely Unabridged History of SQLi and XSS
Jim Manico joins again to talk about how AppSec has changed over the years and gives us an in-depth look at the history of SQL Injection and XSS.You can find Jim on Twitter @manicodeFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jeff Williams -- The History of OWASP
Chris talks with Jeff Williams about the History of OWASP and where it came from.You can find Jeff on Twitter @planetlevelFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bjorn Kimminich -- The Joy of the Vulnerable Web: JuiceShop
Bjorn Kimminich joins to talk about JuiceShop. He dives into what JuiceShop is and some of its use cases.You can find Bjorn on Twitter @bkimminichFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Swaroop Yermalkar -- iGoat and iOS Mobile Pen Testing
Chris is at AppSec USA and is joined by Swaroop to talk about iGoat. They discuss how iGoat relates to WebGoat and how they can be used for pen testing.You can find Swaroop on Twitter @swaroopsyFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adam Bacchus and Jon Bottarini -- Two Sides to a Bug Bounty: The Researcher and The Program
Chris and Robert talk with Adam and John from HackerOne about Bug Bounty. They dive into bug bounty from the programming and security researcher sides to show how you can combine these pieces with being successful with a bug bounty.You can find Adam on Twitter @SushiHack and Jon @jon_bottariniFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Erlend Oftedal -- What You Require, You Must Also Retire
Chris talks with Erlend Oftedal about the Norway Chapter of OWASP and continues on to what retire.js is and how it works.You can find Erlend on Twitter @webtonullFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Abhay Bhargav -- Threat Modeling as Code
Abhay Bhargav joins Robert to talk about threat modeling as code. He dives into how this can help you in your threat models.You can find Abhay on Twitter @abhaybhargavFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tony UV -- Threat Libraries in the Cloud
Tony UV joins Robert to discuss all things threat libraries in the cloud.You can find Tony on Twitter @t0nyuvFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aaron Rinehart -- Chaos Engineering and #AppSec
Chris and Robert talk to Aaron Rinehart about how the security community can embrace chaos engineering.You can find Aaron on Twitter @aaronrinehartFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jessica Robinson and Vandana Verma-- WIA: Women in #AppSec
Jessie and Vandana join Chris from Women in #AppSec to discuss the project! They dive into what the project is and how the numerous OWASP Chapters around the world can participate!You can find them on Twitter @InfosecVandana and @jessrobin96FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karen Staley -- A Conversation with Karen
This week we're joined by Karen Staley, the Executive Director of the OWASP Foundation. She dives into what's happening on OWASP and what we can look forward to in the future.You can find her on Twitter @owaspedFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mohammed Imran -- Back to the Lab Again with a DevOps
Mohammed Imran joins us to discuss the DevSecOps Studio and more about the beautiful world of DevOps.You can find him on Twitter @secfigoFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Niels Tanis -- A Slice of the Razor with ASP.Net Core
Niels Tanis joins to talk about Razor and ASP.Net Core versus General.You can find Niels on Twitter @nielstanisFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ofer Maor -- A Pen Testers Transition to #AppSec: #VoteForOfer
Chris is joined by Ofer Maor to talk about his journey of transitioning into the world of #AppSec from the world of Pen Testing.You can find him on Twitter @OferMaorFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Matt Tesauro -- #AppSec Pipeline as Toolbox
We're joined by Matt Tesauro, a co-lead for the AppSec Pipeline Project. He explains how they began building this project and some ways for you to start using this in your organization.You can find Matt on Twitter @matt_tesauroFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Stephen de Vries -- Threat Modeling with a bit of #Startup
Stephen de Vries joins to discuss Threat Modeling and the unique approach that he takes by using tooling. We also discuss application security and startups.You can find Stephen on Twitter @stephendvFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Julien Vehent -- Securing DevOps
Julien Vehent joins us to discuss all things DevOps + Security. We talk through Julien's new book, Securing DevOps, and go in-depth about his journey to building security into DevOps at his job.You can find Julien on Twitter @jvehentVisit Manning PublicationsFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Christian Folini -- CRS and an Abstraction Layer
Christian Folini joins Chris at AppSec EU for this episode about ModSecurity and the Core Rule Set project from OWASP. They dive into the timeline for the abstraction layer piece of the project and much more.You can find Christian on Twitter @ChrFolini.OWASP ModSecurity Core Rule SetModSecurityFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sean Wright -- Google Chrome and the Case of the Disappearing HTTP
Sean Wright joins Chris to discuss the changes Google made to handle the HTTP Protocol. They also dive into TLS and some other pieces of crypto that relate to #AppSec.You can find Sean on Twitter @SeanWrightSecFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Conclusion: All the Pieces You Need for an #AppSec Program
The conclusion of Season 3, all the best highlights, and some great advice from our guests on what you need to build an #AppSec Program.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Martin Knobloch -- OWASP, Reach Out; We Are Known and Misunderstood
Martin Knobloch joins Chris and Robert to discuss all things OWASP. They dive into the history of OWASP and some of the plans for the future.You can find Martin on Twitter @knoblochmartin.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Devin McMasters -- Bug Bounty with a Side of Empathy
Devin McMasters joins Chris to talk about bug bounties and how to make them successful.You can find Devin on Twitter @DevinMcmastersFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Apollo Clark -- Malicious User Stories
In this episode, Robert speaks about Malicious User Stories and DevOps with Apollo Clark. He discusses how to properly handle user stories in a world being taken over by DevOps.You can find Apollo on Twitter @apolloclarkFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Megan Roddie -- Neurodiversity in Security
Megan Roddie joins Robert at the SOURCE Conference in Boston. She talks about how neurodiverse people can truly help an organization.You can find her on Twitter @megan_roddieFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chase Schultz -- AppSec and Hardware
Chase Schultz joins to discuss the combination of AppSec and hardware. He also dives into how the Meltdown and Spectre attacks worked.You can find Chase on Twitter @f47h3r_B0FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
John Melton -- #OWASP AppSensor
John Melton joins to discuss the #OWASP AppSensor project. He talks about how AppSensor works and how it can be used in your application.You can find John on Twitter @_jtmeltonFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
David Habusha -- Third Party Software is not a Cathedral, Its a Bazaar
David Habusha joins to discuss the OWASP Top 10 A9: Using components with known vulnerabilities. He also dives into the Software Composition Analysis (SCA) market.You can find David on Twitter @davidhabushaFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Steve Springett -- Dependency Check and Dependency Track
Steve Springett joins the show to talk about Dependency Check and Dependency Track. He also discusses how they can help prevent you from using components with known vulnerabilities.You can find Steve on Twitter @stevespringettFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Steven Wierckx -- The #OWASP Threat Modeling Project
Steven Wierckx joins Robert and Chris this week to talk about the #OWASP Threat Modeling project that hes involved in.You can find Steven on Twitter @ihackforfunhttps://open-security-summit.org/FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Manico -- The #OWASP Cheat Sheet Project
Jim Manico joins us to discuss some of the changes with the OWASP Cheat Sheets and their plans for that project's future. Jim also talks about how they are looking for experts to create or update some of the Cheat Sheets. You can find Jim on Twitter @manicodeFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Neil Smithline -- OWASP Top 10 #10: Logging
Neil Smithline joins this week to discuss one of the new items on the OWASP Top 10 List, Insufficient Logging and Monitoring.You can find Neil on Twitter @neilsmithineFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Routh -- Selling #AppSec Up The Chain
Jim Routh joins the podcast to discuss selling #AppSec up the chain. Jim has built five successful software security programs in his career and serves as a CISO now. Jim shares his real-world experience with successfully selling #AppSec to senior management (as well as many other pieces of wisdom for running an AppSec program).You can find Jim on Twitter @jmrouth01FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris and Robert -- #AppSec Recommendations
Chris and Robert go over a plethora of recommendations they have accumulated over their years of experience in the industry.Chriss recommendations1. Book: Agile Application Security: Enabling Security in a Continuous Delivery Pipelineby Laura Bell (Author), Michael Brunton-Spall (Author), Rich Smith (Author), Jim Bird (Author)https://amzn.com/14919388462. Website: Iron GeekAdrian Crenshaw records many major, non-commercial security conferences and posts the talks to Youtubehttp://www.irongeek.com/3. Book: The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizationsby Gene Kim (Author), Patrick Debois (Author), John Willis (Author), Jez Humble (Author)https://amzn.com/19427880024. News Source: The RegisterNews site, but has great sources and a bit of...
Magen Wu -- Hustle and Flow: Dealing With Burnout in Security
Magen Wu works through the topic of burnout and mental health in security. She gives examples of handling this and recognizing if people around you are burning out.You can find her on Twitter @infosec_tottieAdditional information on this topic:Jack Daniel often speaks on this topic of burnoutYoutube: The Causes of and Solutions for Security BurnoutYoutube: Infosec Survival Skills: Being Productive, Coping with Stress, & Preventing BurnoutArticle: Becoming jaded with Security BSides Jack DanielFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Katy Anton -- OWASP Top 10 #4 XXE
Katy Anton joins this week to discuss number four on the OWASP Top 10. She dives into what XXE is, how to deal with it, and other new items on the OWASP Top 10 2017.You can find Katy on Twitter @KatyAntonFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pete Chestna -- SAST, DAST, and IAST. Oh My!
Pete Chestna is an advocate for SAST, DAST, and IAST tools and a passionate #AppSec enthusiast. Pete shared A moving quote during this episode: "an #AppSec program is the byproduct of building secure developers. #TruthPete describes the differences between SAST, DAST, IAST, and RASP. The struggles developers encounter using new tools, false positives and how to reduce them, and advice for building an #AppSec program from scratch versus adding tools to a mature program.You can find Pete on Twitter @PeteChestna.Additional information on this topic:TechBeacon learning article for more details on the differences between AppSec testing toolsSAST, DAST, IAST, and RASP:...
Irene Michlin -- We Are Not Making It Worse
Irene Michlin operates at the intersection of security and agility. She teaches about incremental threat modeling and how to make threat modeling when living in an Agile or DevOps world.Irene ends the discussion by saying that her goal when working with a team on threat modeling is that they all conclude, We are not making it worse.You can find Irene on Twitter @IreneMichlin, and check out Irenes talk on Incremental Threat Modeling last year at AppSec EU.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bill Sempf -- Insecure Deserialization
Bill Sempf joins to talk about insecure deserialization. We do a deep dive and contextual review of the generalities of deserialization and the specifics of how it applies to .NET. Bill begins his journey to understand these vulnerabilities and provides some hints and tips for looking for them in your code.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris and Robert -- Security Champions
Security champions are the hands and feet of any well-equipped product security team. Robert and Chris introduce security champions, where to find them, why you need them, and how to set up a beginning champion program from scratch.Here are a few other resources that weve written about Security Champions:Do you have Security Champions in your company?Information security needs community: 6 ways to build up your teamsFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Kevin Greene -- Shifting left
Robert and Chris interview Kevin Greene from Mitre. We discuss an article Kevin wrote about shifting left and exploring codifying intuitions and new projects at Mitre that will bolster the knowledge of your developers and testers. Kevin brings up the need for accurate results from the SAST and DAST tools on the market. He brings an exciting perspective, focusing on research and development at DHS.Kevins article on Dark ReadingCAWEATT&CKFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Conclusion: OWASP is for everyone
This is the conclusion of Season 02 for the AppSec PodCast. This episode focuses on all the OWASP goodness weve experienced this year. Youll hear our favorite clips and explanations from a season full of OWASP.With the publication of this episode, season 02 is a wrap, and on to season 03, which will roll out in March.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brian Andrzejewski -- Containers Again
This is the final interview from the #AppSecUSA Conference in Orlando, and Brian Andrzejewski joins Chris and Robert.He talks about containers, their usage within #AppSec, and orchestrations.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tin Zaw -- ModSecurity and #AppSec
Tin Zaw, an advocate for ModSecurity, joins Robert and Chris.He dives into its background, the use of rules, and the many advantages.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aditya Gupta -- The Exploitation of IoT
Aditya Gupta joins Robert and Chris.They speak with him about the many facets of IoT and some of its effects on pen testing, training, and mobile application security.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Manico and Katy Anton -- The Future of the OWASP Proactive Controls
Chris and Robert talk to Jim Manico and Katy Anton about the OWASP Proactive Controls project.We have discussed this before, and they are looking for feedback on the upcoming update.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Andrew van der Stock and Brian Glas -- The Future of the OWASP Top 10
We talk about the future of the OWASP Top 10. We do this by meeting the new project leadership team, understanding the process for how they do governance now and into the future, and how they deal with provided feedback. We look behind the curtain at how they make decisions and use the data and feedback provided.Side note, at the AppSec USA closing, the OWASP T10 leaders did announce that A7 and A10 from the OWASP Top 10 RC1 have been removed.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Robert Hurlbut -- Threat Modeling
On this week's episode of the #AppSec Podcast, Chris and Robert are at #AppSecUSA.We hear a conference talk done by Robert on the topic of Threat Modeling. He goes more in-depth than ever before on the show.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris and Robert -- Passwords, Identity, and #AppSec
Robert and Chris talk about Passwords, something we all are familiar with.They dive into specifics with passwords and threats that can occur with them. They also talk about how passwords interact with Identity and AppSec.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tanya Janca and Nicole Becher -- Hacking APIs and Web Services with DevSlop
Tanya and Nicole join Chris and Robert. They talk about what APIs are, how they are used, and some of the threats involved with them. They also look at what DevSlop and ZAP are in combination with APIs.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jon Mccoy and Jonathan Marcil -- Agile #AppSec
Robert and Chris speak with Jon Mccoy and Jonathan Marcil about using Agile #AppSec in the Secure Development Lifecycle.They dive deeper into what agile is, how it can be used, some practical applications using security champions, and much more.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jay Beale -- Docker Security and AppSec
A listener asked for a recommendation for a PodCast or Blog post about Docker security. We looked but couldnt find one, so we created one. Robert interviews Jay Beale from Inguardians and asks what docker is, what threats it introduces, and the specific tie-ins with AppSec.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris and Robert -- Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing
Robert and I try a new format for discussing a few topics per episode. We discuss changes with the Proactive Controls, AppSecUSA, and the Gartner Magic Quadrant for Application Security Testing.We mentioned the link to OWASP Proactive Controls to review the draft and suggest updates.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Robert Hurlbut -- Blackhat Security Conference
We talk with Robert about his experiences at the Blackhat Security Conference.He will explain some of the AppSec-focused parts of the conference and more about the Alec Stamos Keynote.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dave Ferguson -- The OWASP Top 10 Proactive Controls
Dave Ferguson discusses the OWASP Top 10 Proactive Controls in this episode with Chris.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Manico -- MORE OWASP!
Were here today with Jim Manico, a project lead with OWASP. We dive deep into some of the projects on his plate.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mike Goodwin -- The OWASP Threat Dragon
In this episode, we speak with Mike Goodwin, the founder of the OWASP Threat Dragon.We dive into what the threat dragon is and how it can work for youYou can find the tool here: https://github.com/mike-goodwin/owasp-threat-dragonFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mark Willis -- I Just Like Static Analysis. Static Analysis is My Favorite
Were back with another episode of The Application Security Podcast.This time, we talked to Mark Willis about the many facets of static analysis and how it affects the DevOps world.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Eric Johnson -- Continuous Integration in .NET
Welcome back to season two of the Application Security Podcast. In this week's episode, we talk to Eric Johnson about static analysis, pen testing, continuous integration, etc.Thanks for listening!Rate us on iTunes and provide a positive comment, please!FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Matt Clapham -- The Technical Debt Ceiling
Our topic today is technical debt and how security plays into it. Chris was at Converge Conference 2017 in Detroit, Michigan (which he says is the best security conference around) and continued the AppSec PodCast series of hallway conversations. Matt Clapham joins Chris. This is Matts second time on the podcast.Rate us on iTunes and provide a positive comment, please!FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris and Robert -- Controversy within the OWASP Top 10 RC
On this episode of the application security podcast, Robert and I jump over a wall. Just kidding. This isnt Top Gear.This is our second episode of season two of the #AppSec PodCast. Robert and I talk about the OWASP Top 10 2017 release candidate. We walk through what the OWASP Top 10 is and what some of the controversies surround the changes made for this year.Rate us on iTunes and provide a positive comment, please!FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brook S.E. Schoenfield -- Security in the Design and Architecture
This episode is an interview Robert and I did with Brook Schoenfield (@BrkSchoenfield) during the RSA Conference 2017.Brook S.E. Schoenfield is a Distinguished Engineer at Intel Security Group. At Intel Security (including the former McAfee), Mr. Schoenfield is the senior technical leader for delivering software products that protect themselves and Intel Securitys customers. He has been a security architecture leader at global technology companies for over 15 years of his 30+ years in high tech. He is a founding member of IEEEs Center For Secure Design.We discuss secure design, architecture, and threat modeling. Brook has been an advocate for security...
Conclusion: The Endof Season 1
Good day, friends. The Application Security PodCast has concluded our first season. With many friends' help, we could record 18 episodes. Weve done something different for this final episode of season 1. Our producer, Daniel Romeo, has collected some of our favorite clips from this season, the things that stood out to us. Enjoy! And we look forward to the release of season 2 in a few months.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rafal Los, James Jardine, and Michael Santarcangelo -- #DtSR and What Makes a Good Security Consultant?
Greetings all! We have a treat for you in this episode. The crew joins Robert and me from the Down the Security Rabbit Hole Podcast. This includes Rafal Los (@wh1t3rabbit), James Jardine (@jardinesoftware), and Michael Santarcangelo (@catalyst). This is a unique conversation for me because the AppSec PodCast was born from my first interview with #DtSR. I was featured on DtSR Episode 204 in July 2016 after a friend suggested me to Raf on Twitter. (Thanks, Nigel!) The DtSR episode was entitled On Changing Culture. I had listened to these guys on and off for years and now had the...
Adam Shostack -- Think like an Attacker or Accountant?
On this episode, Robert and I are joined by Adam Shostack (@adamshostack). Adam is a well-known speaker and thought leader in application security. We speak with Adam about how to connect with development teams. This all started about a year ago when Adam tackled the issue of thinking like a hacker and why he wanted people to think differently. We dive deep into this issue, but many other exciting nuggets also fall out in conversation.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jon McCoy -- The Mindset to Reverse Engineer
Today we talk to Jon McCoy (@thejonmccoy), a developer turned security person. Hes been helping developers learn more about security. We talk about reverse engineering malware and .NET security, as well as a bit of security community and the mindset to Reverse Engineer.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris Romeo -- AppSec Awareness: A Blue Print for Security Culture Change
We bring you a recorded version of Chriss security conference talk from 2016 for this episode. The talk is AppSec Awareness, A Blue Print for Security Culture Change. He covers The Problem Space, why we need application security, how to create sustainable security culture, and introduces the idea of Application Security Awareness. Chris had the luxury of building such a program while at Cisco and shares his experiences with the community.There are slides available to correspond with this talk. They arent required, but some may want to follow along. Check out https://speakerdeck.com/edgeroute to get a copy.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn:...
Tracy Maleeff -- Natural Paranoia as a Career Path? A Transition to Security
In this episode, Robert and I are joined by Tracy Maleeff. Tracy is an InfoSec enthusiast with an MLIS degree. She has mad research and organizational skills. She co-hosts the PVCSec podcast. You can find Tracy on Twitter @InfoSecSherpa.Tracy is in the midst of a career transition. She began her career in Library Sciences and is moving into Information Security. We discussed the challenges of transition, how to network and connect, a process for transition, and three actionable things for those that want to make a transition. Enjoy!FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris Romeo -- Security Community at Any Scale
In this episode, Robert interviews Chris about the security community. Chris talks about his experiences doing security community at a large organization for 5+ years. Robert keeps pushing Chris to make this applicable to small companies as well. Youll hear best practices for building a security community in your org, including monthly training sessions, lunch and learns, and even an internal security conference. Chris also offers the profound statement that everyone eats lunch.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deidre Diamond -- The Soft Skills of AppSec
We are joined by Deidre Diamond, Founder, and CEO @cyber_sn & the Founder of @brain_babe. We discuss employment in the world of application security. We also dive deep into soft skills, exploring why they are foundational in the workforce. Deidre explains the benefits of win-win conversation, how words and everyday language connect, and how to have fun, compassion, love, integrity, and productivity all in one at work.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tony UcedaVelez -- PASTA: Not Just for Breakfast Anymore
This is our third interview from ISC2 Security Congress. We are joined by Tony UcedaVelez, or TonyUV, founder and CEO of VerSprite a global security consulting firm based in Atlanta, GA. Tony leads the OWASP Atlanta Chapter and BSides Atlanta.This is a deep dive into Tonys experience with threat modeling. We explore the PASTA methodology he created.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Glenn Leifheit -- An Inner Glimpse of the Microsoft SDL
This is our second interview at ISC2 Security Congress. We are joined by Glenn Leifheit (@gleifhe), an InfoSec and Development Evangelist at Microsoft. Microsoft is the grandparent to almost every secure development lifecycle across the industry.This is an in-depth discussion about how actually to do SDL. Glenn shares some things during this conversation that Ive never heard about the internals of Microsofts SDL process in public. You will take something away from this conversation to apply to your program.Enjoy!FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mike Landeck -- Security Must Meet the Needs of the Business
Mike Landeck joins Robert and me. Mike is a Cyber security evangelist, AppSec junky & Docker Security geek, and can be found on Twitter @MikeLandeck.We interviewed Mike in person at the ISC2 Security Congress event in Orlando, Florida. We discussed his latest talk on breach fatigue, the need to reach outside the echo chamber of security, Twitter as a news source for security, secure coding, and many other things.Please enjoy, and search for something you can apply directly into your day-to-day life!FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Daniel Ramsbrock -- Web Application Pen Testing Part 2
On this two-part episode of the Application Security PodCast, Robert and I speak with Daniel Ramsbrock about Web App Penetration testing. In part two, we focus on the process of pen testing and web app pen testing.I (Chris) connected with Daniel through the RVASec security conference in Richmond, Virginia. Daniel has been in security for over ten years, focusing most of that time on application security. He spent two years as a full-time consultant at Cigital and is now doing independent AppSec consulting through his company, Enigma Technologies. We hope you enjoy it!FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security...
Daniel Ramsbrock -- Web Application Pen Testing Part 1
On this two-part episode of the Application Security PodCast, Robert and I speak with Daniel Ramsbrock about Web App Penetration testing. In part one, we focus on the difference between pen testing and web app pen testing, where pen testing fits your development methodology (waterfall, agile, and DevOps), and why someone should care about it.I (Chris) connected with Daniel through the RVASec security conference in Richmond, Virginia. Daniel has been in security for over ten years, focusing most of that time on application security. He spent two years as a full-time consultant at Cigital and is now doing independent AppSec...
Matt Clapham -- Development Security Maturity
Robert and I are joined today by Matt Clapham. Matt makes products more secure I mean, hey, his Twitter handle is @ProdSec.The topic of this interview is what Matt calls development security maturity. This concept is based on Matts research and his talk at RSA. Matt created a simple process to measure the maturity of development security by looking at five key behaviors. We cover the what and why of development security, the five key behaviors, and scoring and reporting. In conclusion, we discuss how to make the results of an assessment actionable.Matts RSA slides are a great resource to...
Elena Elkina -- Privacy and Data Protection
Welcome to the first of many interviews on the #AppSec Podcast. In this episode, Robert and I interview Elena Elkina (@el0chka) on privacy. We cover privacy, data protection, and customer data protection. This is a quick chat for around 20 minutes. In the future, well dive deeper into the crossroads of security and privacy.Elena is a Senior Global Privacy & Data Protection Management Executive. She has worked with financial and healthcare institutions, software and internet companies, major law firms, and the government sector on both international and domestic levels. She co-founded Women in Security and Privacy, a non-profit organization focusing...
Chris and Robert -- Security in the Methodology
In this episode, we talk about product development methodologies and the impact of security. We explore how to apply security activities to waterfall and Agile and discuss the pros and cons. Weve both had experience with these methodologies and freely share what weve seen work and what weve seen fail. This applies whether you are new to security or have been doing security for decades. If you have anything to add, share your wisdom by catching us @AppSecPodcast on Twitter!FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris and Robert -- The Activities of the Secure Development Lifecycle
On this episode of the Application Security PodCast, we continue our journey through the foundations of application security. We explore the activities of the secure development life cycle. We cover requirements, secure design, secure coding, 3rd party SW, static analysis, vulnerability scanning, and others.FOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris and Robert -- Introductions and why #AppSec?
In the inaugural episode of the Application Security PodCast, Robert and I introduce ourselves to the audience, explain our journeys into the security world, and answer the burning question, What the heck is application security?The key takeaways from this episode are:Application security is:foundationalrequired by customersa worthy investmenta people issue supported by toolsFOLLOW OUR SOCIAL MEDIA:Twitter: @AppSecPodcastLinkedIn: The Application Security PodcastYouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Critical Thinking - Bug Bounty Podcast
Episode 170: Claude Code + Tmux, Websockets, and Other Korea LHE Takeaways
Episode 170: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph their trip to Korea with some quick takeaways from the LHE. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also...
Episode 169: Attacking OAuth 2.1
Episode 169: In this episode of Critical Thinking - Bug Bounty Podcast gr3pme goes over some of the changes from OAuth 2.0 vs 2.1 and how Hackers can capitalize.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports,...
Episode 168: XSSDoctor - Client-side Path Traversal Research
Episode 168: In this episode of Critical Thinking - Bug Bounty Podcast were getting a visit from the XSS Doctor. Jonathan joins us to go through his Client-side workflow, run labs, and diagnose some bugs live.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private...
Episode 167: Stealing Bugs with Valeriy Shevchenko
Episode 167: In this episode of Critical Thinking - Bug Bounty Podcast we welcome Valeriy Shevchenko to talk about program management, anchor programs, and Theft in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You...
Episode 166: Rez0s Top Claude Skill Secrets
Episode 166: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Rez0s Claude Skill Secrets, when AI Generated reports fall apart, and agents vs filters.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports,...
Episode 165: Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows
Episode 165: In this episode of Critical Thinking - Bug Bounty Podcast Justin recaps his Zero Trust World experience, before we dive into Permissions issues client-side bugs, New Hardware Hacking Classes, and using AI to hack.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private...
Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND
Episode 164: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Tommy DeVoss to talk about his origin story, Yahoo bugs, and how Tommy first got Justin into Bug BountyFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses,...
Episode 163: Best Technical Takeaways from Portswigger Top 10 2025
Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast Its that time of year again! Were looking at the Portswigger Research list of top 10 web hacking techniques of 2025.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools,...
Episode 162: HackerOne Training AI on Bug Bounty Data?
Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private...
Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil
Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOneFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools,...
Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS
Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & Magic String Denial of Service in Claude.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to...
Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins
Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to best configure for success.Follow us on XGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:====== Ways to Support CTBBPodcast ======Hop on the CTBB DiscordWe also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits,...
Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our personal takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 bug can look like, and if Smart People Ever Say Theyre Smart.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10,...
Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits
Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast were joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted...
Episode 156: Chill AMA from bugbounty.forum
Episode 156: In this episode of Critical Thinking - Bug Bounty Podcast we answer some fantastic questions from over at bugbounty.forumFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources...
Episode 155: 2025 Hacker Stats & 2026 Goals
Episode 155: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn reflect on last year of Bug Bounty, and list their goals and predictions for what 2026 holds.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts,...
Episode 154: Starting a Pentesting Company on Top of Bug Bounty
Episode 154: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn talk through the transition from Bug Bounty hunting to Pentesting. We cover diversifying income streams, the challenges of pricing for Pentests, legal considerations, and what Bug Hunters can bring to the Pentesting worldFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at...
Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown
Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports,...
Episode 152: GeminiJack and Agentic Security with Sasi Levi
Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast were joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Vertex Bug, and debate if Prompt Injection is a real Vuln.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and...
Episode 151: Client-side Advanced Topics
Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast were covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL Parsing, and more.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug...
Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration
Episode 150: In this episode of Critical Thinking - Bug Bounty Podcast we're highlighting some cool news and research, but not before expressing our gratitude to the Hacker community. We are so thankful for you all!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses,...
Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains
Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.Follow us on XGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag...
Episode 148: MCP Hacking Guide
Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at...
Episode 147: Stupid Simple Hacking Workflow Tips
Episode 147: In this episode of Critical Thinking - Bug Bounty Podcast we're talking tips and tricks that help us in hacking that we really shouldve learned sooner.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can...
Episode 146: Hacking Horror Stories
Episode 146: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn all sit down to celebrate the spooky season by swapping their scariest bug stories. From frightening fails and firings to hacks with chilling and critical consequences. Grab your flashlight and a blanket for this one!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do...
Episode 145: In this episode of Critical Thinking - Bug Bounty Podcast Brandyn lets us in on some of his notetaking tips, including his Templates, Threat Modeling, and ways he uses notes to help with collaboration.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, Rez0, & gr3pme on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits,...
Episode 144: Googles Top AI Hackers: Busfactor and Monke
Episode 144: In this episode of Critical Thinking - Bug Bounty Podcast Joseph is joined by Vitor Falco and Ciarn Cotter to discuss their success at the recent Mexico LHE, as well as their journey and routines in fulltime hacking. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get...
Episode 143: New Cohost + Client-Side Gadgets, LHE Meta Instant Global Admin in Entra!
Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits,...
Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News
Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Metas $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools,...
Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)
Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You...
Episode 140: Crit Research Lab Update & Client-Side Tricks Galore
Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chaos, and more.Follow us on X at: https://x.com/ctbbpodcastGot any ideas and suggestions? Send us feedback at info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!Get some hacker swag here!====== This Week in Bug Bounty ======Cross-site request forgeryHackerOne New Milestone ProgramEmail santerra.holler@bugcrowd.com for media opportunities====== Resources ======Exploiting Web Worker XSS with BlobsCritical Research LabRez0's...
Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research
Episode 139: In this episode of Critical Thinking - Bug Bounty Podcast Justin finally sits down with the great James Kettle to talk about HTTP Proxys, metagaming research, avoiding burnout, and why HTTP/1.1 must die!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools,...
Episode 138: Caido Tools and Workflows
Episode 138: In this episode of Critical Thinking - Bug Bounty Podcast Were talking Caido tools and workflows. Justin gives us a list of some of the Caido tools that have caught his interest, as well as how hes using them.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get...
Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber
Episode 137: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner and Joseph Thacker reunite to talk about AI Hacking Assistants, CSPT and cache deception, and a bunch of tools like ch.at, Slice, Ebka, and more.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private...
Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable
Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluelys desktop application, as well as the resulting drama. They also talk about Jacks background in government cybersecurity initiatives, and the legal risks faced by security researchers.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We...
Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories
Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10,...
Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado
Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast were joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucinations, and the future of AI in the BB landscape. Diego also shares some of his own hacking journey and successes in the Ambassador World cup.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways...
Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad
Episode 133: In this episode of Critical Thinking - Bug Bounty Podcast were joined by Harley and Ari from H1 to talk some about community management roles within Bug Bounty, as well as discuss the evolution of Bug Bounty Village at DEFCON, and what theyve got in store this year.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs...
Episode 132: Archive Testing Methodology with Mathias Karlsson
Episode 132: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is joined by Mathias Karlsson to discuss vulnerabilities associated with archives. They talk about his new tool, Archive Alchemist, and explore topics like the significance of Unicode paths, symlinks, and TAR before they end up talking about Charsets again..Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!You can also find...
Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for Windows, Third-Person prompting, and touch on the recent McDonalds LeakFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers...
Episode 130: Minecraft Hacks to Google Hacking Star - Valentino
Episode 130: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Valentino, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through several bugs, including an HTML Sanitizer bypass and .NET deserialization, and highlights the hyper creative approaches he tends to employ.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do...
Episode 129: Is this how Bug Bounty Ends?
Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of AIFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10,...
Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts,...
Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More
Episode 127: In this episode of Critical Thinking - Bug Bounty Podcast we address some recent bug bounty controversy before jumping into a slew of news itemsFollow us on XShoutout to YTCracker for the awesome intro music!Today's Sponsor: Adobe====== This Week In Bug Bounty ======Hackers Guide to Google dorkingYesWeCaidoNew Dojo ChallengeSmart Contract BB tipsRed Team AAS====== Resources ======DisclosedPDF csp bypassBypassing File Upload Restrictions To Exploit Client-Side Path TraversalOBS WebSocket to RCETime in a bottle (or knapsack)How to Differentiate Yourself as a Bug Bounty HunterDisclosed. Onlinehacked-inEchoLeakPiloting Edge CopilotNewtownerTips for agent promptingFirefox XSS vectorsTweet from Masato KinugawaChrome debug() function
Episode 126: Hacking AI Series: Vulnus ex Machina - Part 3
Episode 126: In this episode of Critical Thinking - Bug Bounty Podcast we wrap up Rez0s AI miniseries Vulnus Ex Machina. Part 3 includes a showcase of AI Vulns that Rez0 himself has found, and how much they paid out.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access...
Episode 125: How to Win Live Hacking Events
Episode 125: In this episode of Critical Thinking - Bug Bounty Podcast Justin shares insights on how to succeed at live hacking events. We cover pre-event preparations, challenges of collaboration, on-site strategies, and the importance of maintaining a healthy mindset throughout the entire process.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 -...
Episode 124: Bug Bounty Lifestyle = Less Hacking Time?
Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Josephs Anthropic safety testing, Justins guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at...
Episode 123: Hacking AI Series: Vulnus ex Machina - Part 2
Episode 123: In this episode of Critical Thinking - Bug Bounty Podcast were back with part 2 of Rez0s miniseries. Today we talk about mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private...
Episode 122: We Won Google's AI Hacking Event in Tokyo - Main Takeaways
Episode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First were joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! Then, we sit down with Lupin and Monke for a winners roundtable and retrospective of the event.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We...
Episode 121: Slonsers Image Injection 0-day -> ATO & New Caido Collab Plugin
Episode 121: In this episode of Critical Thinking - Bug Bounty Podcast we cover so much news and research that we ran out of room in the description...Follow us on XShoutout to YTCracker for the awesome intro music!====== Links ======Follow Rhynorater and Rez0 on X:====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also have hacker swag!====== This Week in Bug Bounty ======Hacker spotlight: RhynoraterUltra Mobile BB Program - Mobile AppsUltra Mobile BB Program - (Public)John Deere ProgramJD's's BB Program Boosts CybersecurityDojo #41 - Ruby treasure====== Resources ======slonser 0-day in chromeCT Additional useful primitivesHow I made $64k from deleted...
Episode 120: SpaceRaccoon - From Day Zero to Zero Day
Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB...
Episode 119: Abusing Iframes from a client-side hacker
Episode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why theyre significant, their attributes, and how to attack them.CORRECTION: Some of my comments on the latest episode of the pod were woefully inaccurate about the `csp` attribute of an iframe. Def should have read the spec more thoroughly. Please see the #corrections channel in Discord for the deets.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links...
Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots
Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, Credentialless iframes, prototype pollution, and what constitutes a polyglot in llms.txt.Follow us on XShoutout to YTCracker for the awesome intro music!====== Links ======Follow Rhynorater and Rez0 on X====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!You can also find some hacker swag!====== Resources ======p4fg passed 1 Million!/reports/:id.json - $25K CritHacking Crypto pt1The art of payload obfuscationAnalyzing the Next.js Middleware BypassNahamsec's Merch storellms.txt polyglot prompt injectionReact Router and the Remixed pathPre-Authentication SQL Injection in Halo ITSMPwning Millions...
Episode 117: Hacking AI Series: Vulnus ex Machina - Part 1
Episode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and focuses on AI reconnaissance. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses,...
Episode 116: Auth Bypasses and Google VRP Writeups
Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswiggers SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts,...
Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)
Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about Reflector, and finish up by doing a bonus podcast segment in Japanese!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and...
Episode 114: Single Page Application Hacking Playbook
Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast were diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access...
Episode 113: Best Technical Takeaways from Portswigger Top 10 2024
Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast were breaking down the Portswigger Top 10 from 2024. Theres some bangers in here!Follow us on X at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on X: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag!======...
Episode 112: Interview with Ciarn Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter
Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarn Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop...
Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu
Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevins research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and...
Episode 110: Oauth Gadget Correlation and Common Attacks
Episode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs...
Episode 109: Creative Recon - Alternative Techniques
Episode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama thats been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to talk about Alternative Recon TechniquesFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We...
Episode 108: How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello
Episode 108: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples from Salesforce, ServiceNow, and Power Pages.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses,...
Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Googles OAuth login flaw, RAINK, and gift card hacking.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools,...
Episode 106: Announcing our new cohost...
Episode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time bug bounty hunting, his goals, and what hes looking forward to bringing to the pod. We also cover some news items including doubleclickjacking, character set attacks, SVG XSS, and more.Follow us on twitter at: @ctbbpodcastFeel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Rez0 on twitter:https://x.com/Rhynoraterhttps://x.com/rez0__------ Ways to Support CTBBPodcast ------Hop on the CTBB...
Episode 105: Best Critical Thinking Moments from 2024
Episode 105: In this episode of Critical Thinking - Bug Bounty Podcast we're back with another Best-of episode recapping some of our top moments of 2024.Follow us on twitter at: @ctbbpodcastSsend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Rez0 on twitter:https://x.com/Rhynoraterhttps://x.com/rez0__------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store at https://ctbb.show/swag!Todays Sponsor - ThreatLocker. Check out their...
Episode 104: 2024 Hacker Stats & 2025 Goals
Episode 104: In this episode of Critical Thinking - Bug Bounty Podcast Justin reflects upon the past year and walks through some of the bug bounty goals he had for 2024, and how he feels like he did. Then he sets some goals for 2025, as well as some exciting CT news for the coming year.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Rez0 on X:https://x.com/rhynoraterhttps://x.com/rez0__------ Ways to Support CTBBPodcast ------Hop on the CTBB...
Episode 103: Getting ANSI about Unicode Normalization
Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some new research and the value of micro-blogging in general.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord!We offer Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug...
Episode 102: Building Web Hacking Micro Agents with Jason Haddix
Episode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF bypasses, report writing, and more.They discuss the importance of contextual knowledge, the cost implications, and the strengths of different LLM Models.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at...
Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger
Episode 101: In this episode of Critical Thinking - Bug Bounty Podcast weve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI application vulnerabilities. They talk through the importance of understanding system prompts, and various obfuscation techniques used to bypass security measures, the best AI platforms, and the evolving landscape of AI security.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------...
Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking
Episode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show as a co-host, but returning as guest. Then we hear from a bunch of friends about their 'best bug of the year', before capping the episode with the announcement of a new AI tool we've been working on!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro...
Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty
Episode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the first year.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access...
Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath
Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord...
Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. They also explore the latest research from Portswigger on payload concealment techniques, and the introduction of the Lightyear tool for PHP exploits.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support...
Episode 96: Cookies & Caching with MatanBer
Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast were back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques and exploitation methods, Safari's unique behaviors regarding cookie handling and debugging methods, and some of the writeups from the HeroCTF v6.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB...
Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side
Episode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and threat models, and cover things like service workers, extension pages, and isolated worlds.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25,...
Episode 94: Zendesk Fiasco & the CTBB Naughty List
Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion SecurityFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium...
Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor
Episode 93: In this episode of Critical Thinking - Bug Bounty Podcast were joined by Dr. Jonathan Bouman to discuss his unique journey as both a Hacker and a Healthcare Professional. We talk through how he balances his dual careers, some ethical considerations of hacking in the context of healthcare, and highlight some experiences hes had with Amazon's bug bounty program.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------...
Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser
Episode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-Fi, and Vulnerabilities caused by The Great FirewallFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5...
Episode 91: Zero to LHE in 9 Months (feat gr3pme)
Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinkings own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with Bug Bounty. We cover mentorship, networking and LHEs, ecosystem hacking, emotional regulation, and the need for self-care. Then we wrap up with some fun bugs.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop...
Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs
Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some research about SQL Injections, Clickjacking in Google Docs, and how to steal your Telegram account in 10 seconds.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the...
Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown
Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast Were joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in hardware hacking, and Matts personal Methodology. Then we switch over to touch on BGA Reballing, Certificate Pinning and Validation, and some of his own bug stories.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------...
Episode 88: News, Tools, and Writeups
Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB...
Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships
Episode 87: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with none other than his wife Mariah to talk about Bug Bounty from the perspective of a Significant Other. They share how theyve traversed travel and Live Hacking Events, household chores, hobbies, goals, rewards, as well as how best to encourage and support the hacker/non-hacker in your life.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek...
Episode 86: The X-Correlation between Frans & RCE - Research Drop
Episode 86: In this episode of Critical Thinking - Bug Bounty Podcast Frans blows Justins mind with a sneak peak of his new presentation. Note: This is a little different from our normal episode, and video is recommended. So head over to ctbb.show/yt if you feel like youre missing something.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We...
Episode 85: Practical Applications of DEFCON 32 Web Research
Episode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cache exploitation, and exploits related to email protocols are all featured. Plus we also talk some fun Apache hacks from Orange TsaiFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on...
Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat
Episode 84: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Roni Carta (@0xLupin) to discuss their MVH win at the recent Google LHE, and share some technical observations they had with the target and the event.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and...
Episode 83: Brainstorming Proxy Plugins
Episode 83: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin are brainstorming new features and improvements for Caido, such as the implementation of a 403 bypassing workflow, a text expander, Tracing Cookies, and more.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access...
Episode 82: Part-Time Bug Bounty
Episode 82: In this episode of Critical Thinking - Bug Bounty Podcast Joel Margolis discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balance, picking programs and goals, and streamlining your process to optimize productivity.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium...
Episode 81: Crushing Client-Side on Any Scope with MatanBer
Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access...
Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)
Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne EventsFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private...
Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes
Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.Follow us on twitter at: @ctbbpodcastSend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Resources:SpaceRaccoon's Universal Code Execution ExtensionsEscalating Client Side Path TraversalFull-time Bug Bounty BlueprintSequential...
Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques
Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast were talking about writing reports. We share some tips that weve learned, and discuss ways that AI can (and cant) help with that process. We also talk about the benefit of using tools like Fabric, Loom, and ShareX.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord...
Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 -...
Episode 76: Match & Replace - HTTP Proxies' Most Underrated Feature
Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast were talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, and storing payloads. We also talk about the HackerOne Ambassador World Cup and the issues with dupe submissions, and go through some write-ups.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord...
Episode 75: *Rerun* of The OG Bug Bounty King - Frans Rosen
Episode 75: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are sick, So instead of a new full episode, we're going back 30 episodes to review.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!Today's Guest: https://twitter.com/fransrosen DetectifyDiscovering s3 subdomain takeovershttps://labs.detectify.com/writeups/hostile-subdomain-takeover-using-heroku-github-desk-more/bucket-disclose.shhttps://gist.github.com/fransr/a155e5bd7ab11c93923ec8ce788e3368A deep dive into AWS S3 access controlsAttacking Modern Web TechnologiesLive Hacking like a MVHAccount hijacking using...
Episode 74: Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin)
Episode 74: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Roni "Lupin" Carta for a deep dive into supply chain attacks and dependency confusion. We explore the supply chain attacks, the ethical considerations surrounding maintainers and hosting packages on public registries, and chat about the vision and uses of his new tool Depi.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop...
Episode 73: Sandboxed IFrames and WAF Bypasses
Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses,...
Episode 72: Research TLDRs & Smuggling Payloads in Well Known Data Types
Episode 72: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss some hot research from the past couple months. This includes ways to smuggle payloads in phone numbers and IPv6 Addresses, the NextJS SSRF, the PDF.JS PoC drop, and a GitHub Enterprise Indirect Method Information bug. Also, we have an attack vector featured from Monke!Follow us on twitter at: @ctbbpodcastShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and...
Episode 71: More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet
Episode 71: In this episode of Critical Thinking - Bug Bounty Podcast Keith Hoodlet joins us to weigh in on the VDP Debate. He shares some of his insights on when VDPs are appropriate in a company's security posture, and the challenges of securing large organizations. Then we switch gears and talk about AI bias bounties, where Keith explains the approach he takes to identify bias in chatbots and highlights the importance of understanding human biases and heuristics to better hack AI.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback...
Episode 70: NahamCon and CSP Bypasses Everywhere
Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast were once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHEs taking place. Then they cover CI/CD and drop some cool CSP Bypasses.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and...
Episode 69: Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty.
Episode 69: In this episode of Critical Thinking - Bug Bounty Podcast were joined by Johan Carlsson to hear about some updates on his bug hunting journey. We deep-dive a CSP bypass he found in GitHub, a critical he found in GitLab's pipeline, and also talk through his approach to using script gadgets and adapting to highly CSP'd environments. Then we talk about his transition to full-time bug hunting, including the goals hes set, the successes and challenges, and his current focus on specific bug types like ReDoS and OAuth, and the serendipitous nature of bug hunting.Follow us on twitter...
Episode 68: 0-days & HTMX-SS with Mathias
Episode 68: In this episode of Critical Thinking - Bug Bounty Podcast Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header injection to XSS, bypassing HTMX disable, and the challenges of using HTMX in larger applications and the potential performance trade-offs. We also talk about the results of his recent CTF Challenge, and explore some more facets of CDN-CGI functionality.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts...
Episode 67: VDPs & Accidental Program VS Hacker Debate Part 2
Episode 67: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive on the topic of Vulnerability Disclosure Programs (VDPs) and whether they are beneficial or not. We also touch on the topic of leaderboard accuracy, and continue the Program VS Hacker debate regarding allocating funds for bounties.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord...
Episode 66: CDN-CGI Research, Intent To Ship, and Louis Vuitton
Episode 66: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the recent YesWeHack Louis Vuitton LHE, the importance of failure as growth in bug bounty, and Justin shares his research on CDN CGI.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterProject Discovery Conference: https://nux.gg/hss24------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium...
Episode 65: Motivation and Methodology with Sam Curry (Zlz)
Episode 65: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with Sam Curry to discuss the ethical considerations and effectiveness of hacking, the importance of good intent, and the enjoyment Sam derives from pushing the boundaries to find bugs. He shares stories of his experiences, including hacking Tesla, online casinos,Starbucks, his own is ISP router, and even getting detained at the airport.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater &...
Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App
Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also touch on the importance of collaboration and knowledge sharing, JavaScript Deobfuscation, the value of impactful POCs, hiding XSS payloads with URL path updates.Follow us on twitter at: @ctbbpodcastsend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast...
Episode 63: JHaddix Returns
Episode 63: In this episode of Critical Thinking - Bug Bounty Podcast we welcome back Jason Haddix (From Episode 12) to talk about some updates to his The Bug Hunter's Methodology, as well as his own personal life and hacking journey. We talk about the start of his new company, and then venture into topics such as using threat intelligence and buying credentials from the dark web, recon techniques, and ways to integrate AI into your workflow (or target list).Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout...
Episode 62: Frontend Language Oddities
Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didnt make the Portswigger Top-Ten, but that are worth looking at.Follow us on twitter at: @ctbbpodcastFeel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Sign up for...
Episode 61: A Hacker on Wall Street - JR0ch17
Episode 61: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Jasmin Landry to share some stories about startup security, bug bounty, and the challenges of balancing both. He also shares his methodology for discovering OAuth-related bugs, highlights some differences between structured learning and self-teaching, and then walks us through a couple arbitrary ATOs and SSTI to RCE bugs hes found lately.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater &...
Episode 60: Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023
Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023.Follow us on twitter at: @ctbbpodcastSend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Hop on the CTBB DiscordWe also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources:Top 10 web hacking techniques of 20231: Smashing the state machine8: From Akamai to...
Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through things like HTML injection, image injection, CRLF injection, web cache deception, leaking window location, self-stored XSS, and much more.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Sign up for Caido using the...
Episode 58: Youssef Sammouda - Client-Side & ATO War Stories
Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and postMessage vulnerabilities. He shares some crazy stories about race conditions, exploiting hash change events, and leveraging scroll to text fragments. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral...
Episode 57: Technical breakdown from Miami Hacking Event - H1-305
Episode 57: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are live from Miami, and recap their experience and share takeaways from the live hacking event. They highlight the importance of paying attention to client-side routing and the growing bug class of client-side path traversal. They also discuss the challenges of knowing when to cut your losses and the value of tracking time and setting goals. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow...
Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)
Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)Episode 56: In this episode of Critical Thinking - Bug Bounty Podcast, Justin sits down with Jon Colston to discuss how his background in digital marketing and data science has influenced his hunting methodology. We dive into subjects like data sources, automation, working backwards from vulnerabilities, applying conversion funnels to bug bounty, and the mayonaise signature 'Mother of All Bugs' Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------...
Episode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plugins.Follow us on twitterSend us any feedback here:Shoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------WordFence - Sign up as a researcher! https://ctbb.show/wf---Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Hop on the CTBB DiscordWe also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts,...
Episode 54: White Box Formulas - Vulnerable Coding Patterns
Episode 54: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with news items and new projects. Joel shares about his personal scraping project to gather data on bug bounty programs and distribution Next, they announce the launch of HackerNotes, a podcast companion that will summarize the main technical points of each episode. They also discuss a recent GitLab CVE and an invisible prompt injection, before diving into a discussion (or debate) about vulnerable code patterns.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback...
Episode 53: In this episode of Critical Thinking - Bug Bounty Podcast,were joined by none other than NahamSec. We start by discusses the challenges he faced on his journey in bug bounty hunting and content creation, including personal struggles and the pressure of success.We also talk about finding balance and managing mental energy, going the extra mile, and the importance of planning and setting goals for yourself before he walks us through some Blind XSS techniques.Follow us on twitter at: @ctbbpodcastFeel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts...
Episode 52: Best Technical Content from Year 1 of CTBB Podcast
Episode 52: In this episode of Critical Thinking - Bug Bounty Podcast we're going back and highlighting some of the best technical moments from the past year! Hope you enjoy this best of 2023 Supercut!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25,...
Episode 51: Hacker Stats 2023 & 2024 Goals
Episode 51: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are back for the last episode of 2023. We discuss some noteworthy news items including a Hacker One Crit, Caido updates, and some Blind CSS. Then we dive into our own personal Hackers Wrapped recap of the year, before laying out some goals for 2024.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast...
Episode 50: Mathias 'Fall in a well' Karlsson - Bug Bounty Prophet
Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specialization. Then we dive into the technical details of MXSS and XSLT, character encoding, and give some predictions of what Bug Bounty might look like in the futureFollow us on twitter at: @ctbbpodcastSend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Hop...
Episode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with Nagli
Episode 49: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is once again joined by Nagli to discuss some of their recent hacking discoveries. They talk about finding and exploiting a backup file in an ASP.NET app, discovering vulnerabilities through Swagger files, and debating the vulnerability of a specific undisclosed domain. Then they reflect on 2023s Live Hacking Event circuit, and preview whats to come in 2024s.This episode sponsored by Wordfence! Wordfence recently launched a game-changer of a bug bounty program with ALL WordPress plugins over 50k installs are in-scope. They are currently paying 6.25x their...
Episode 48: MVH, DEFCON Black Badge, Googler - Sam Erb
Episode 48: In this episode, joined by the spectacular Sam Erb, Google Security Engineer and DEFCON Black Badge winner. We talk about the importance of understanding how systems work to find vulnerabilities, and how his engineering background influences his hunting style and methodologies. Then we jump over to his Career Development and his work with Google, and then chat about some of the recent Google Vulnerability Programs.This episode is sponsored by Wordfence! Wordfence recently launched a game-changer of a bug bounty program with ALL WordPress plugins over 50k installs are in-scope. They are currently paying 6.25x their normal bounty amounts,...
Episode 47: CSP Research, Iframe Hopping, and Client-side Shenanigans
Episode 47: In this episode of Critical Thinking - Bug Bounty Podcast, the holidays are fast approaching, and Justin and Joel discuss some of the struggles of getting back into the hacking groove during and after breaks. We also celebrate the newly launched Critical Thinking Discord Community before diving into Iframe Sandwhiches, JS Hoisting, CSP Bypasses, and a host of new tools, techniques, and tangents.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on...
Episode 46: The SAML Ramble
Episode 46: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is deep diving the topic of SAML (Security Assertion Markup Language), and walks through what it is and why it can be intimidating, before going over some key attack vectors to look for. Then he closes out with a commentary on a sample payload, and some HackerOne reports.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support...
Episode 45: The OG Bug Bounty King - Frans Rosen
Episode 45: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Frans Rosn, an OG bug bounty hunter and co-founder of Detectify. We kick off with Frans sharing his journey bug bounty and security startups, before diving headfirst into a host of his blog posts. We also cover the value of pseudo-code for bug exploitation, understanding developer terminology, the challenges of collaboration and delegating tasks, and balancing hacking with parenting. If you're interested in bug bounty or entrepreneurship, you won't want to miss it!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so...
Episode 44: URL Parsing & Auth Bypass Magic
Episode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrounding them which allow for all sorts of bypasses. We also round out the episode with some new tools, ato stories, and some controversial current events in the hacker scene.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek...
Episode 43: Caido - The Up-And-Coming HTTP Proxy
Episode 43: In this episode of Critical Thinking - Bug Bounty Podcast, we're joined by Emile from Caido, who shares his journey into the bug bounty and ethical hacking world. We kick off with a hilarious incident involving Joel, a child on an airplane, and an unfortunate cough. We then dive into the challenges of building an HTTP proxy tool, balancing basic features with nice-to-have features, and the importance of user feedback in shaping the development of Caido, a bug bounty tool.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback...
Episode 42: Renniepak Interview & Intigriti LHE Recap
Episode 42: In this episode of Critical Thinking - Bug Bounty Podcast, we're live from a hacking event in Portugal, and joined by the extremely talented Ren de Sain! He helps us cover a host of topics like NFT, XSS, LHE, and tips for success. We also talk about the correlation between creativity and hacking, shared workspaces, and last but certainly not least, hacker tattoos.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on...
Episode 41: Mini Masterclass: Attack Vector Ideation
Episode 41: In this episode of Critical Thinking - Bug Bounty Podcast, Justin takes a break from his busy travel schedule to walk us through a few of his Attack Vector formulation strategies. Were keeping this one short and sweet, so it can be better used as a reference when looking for new vectors.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the...
Episode 40: Bug Bounty Mentoring
Episode 40: In this episode of Critical Thinking - Bug Bounty Podcast, its all about mentorships! Justin sits down with Kodai and So, two hackers he helped mentor, to discuss what worked and what didnt. We talk about the importance of mentorship, what mentors might look for in a candidate, the challenges of transitioning from being mentored to self-education, and the necessity of continuous learning in this ever-evolving field that is bug bounty. This episode is a treasure trove of insights, and if youre interested in either side of the mentorship coin, you wont want to miss it.Follow us on...
Episode 39: The Art of Architectures
Episode 39: In this episode of Critical Thinking - Bug Bounty Podcast, We're catching up on news, including new override updates from Chrome, GPT-4, SAML presentations, and even a shoutout from Live Overflow! Then we get busy laying the groundwork on a discussion of web architecture. better get started on this one, cause we're going to need a part two!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCT shoutout from Live Overflowhttps://www.youtube.com/watch?v=3zShGLEqDn8Chrome...
Episode 38: Mobile Hacking Maestro: Sergey Toshin
Episode 38: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome mobile hacking maestro Sergey Toshin (aka @bagipro). We kick off with Sergey sharing his unexpected journey into mobile security, and how he rose to become the number one hacker in both Google Play Security and Samsung Bug Bounty programs. We then delve into the evolving perception of mobile bugs, a myriad of new and existing attack vectors, and discuss Sergey's creation of mobile security company Oversecured. Youre going to want to make time for this one!Follow us on twitter at: @ctbbpodcastWe're new to this...
Episode 37: Tokyo Hacking & Interview with 0xLupin
Episode 37: In this episode of Critical Thinking - Bug Bounty Podcast we're joined by none other than Lupin himself! We recap the Tokyo LHE and the lessons we learned from it before diving into his legendary journey into security research and bug bounty. We also talk collaboration of all kinds: pair hacking, joining a team, and starting a business together. We even touch on some great tools that can collaborate with each other! This was a fun one, and we don't want you to miss it!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free...
Episode 36: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel take a break from LHE prep to answer questions about the ethics of bug bounty and share their recent bug finds. We talk Iframes, mobile intercept proxies, open redirects, and that time Justin got shot atFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterTimeshifter:https://www.timeshifter.com/Tweet about Google Open Redirecthttps://twitter.com/Rhynorater/status/1697357773690818844 Tweet about XSS Exploitation https://twitter.com/Rhynorater/status/1698059391700701424 Request Minimizerhttps://portswigger.net/bappstore/cc16f37549ff416b990d4312490f5fd1Timestamps:(00:00:00) Introduction(00:02:45) Hacker...
Episode 35: King of Collaboration: Douglas Day
Episode 35: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Douglas Day, a bug bounty hunter known for his unique methodologies and collaborative spirit. We talk about his approach to finding new endpoints in applications, his ingenious technique of exploiting Intercom widgets, and collaboration preferences and tips at LHEs. We also touch on the struggle of justifying hobbies that don't generate income and the importance of finding enjoyment in the process.We hope you enjoy this episode as much as we did!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free...
Episode 34: Program vs Hacker Debate
Episode 34: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel have both beaten COVID and now square off against each other in a mega-debate representing hackers and program managers respectively. Among the topics included are Disclosures, Dupes, Zero-Day Policy, payouts, budgets, Triage and Retesting. So, if you want blood-pumping, insult-hurling opinion-invalidating debatethen maybe look somewhere else. But if a thought-provoking discussion about bug bounty is more your style, then take a seat and get ready!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout...
Episode 33: The Master of Hacker Show&Tell: Inti De Ceukelaire
Episode 33: In this episode of Critical Thinking - Bug Bounty Podcast, we welcome Inti De Ceukelaire, a seasoned bug hunter known for his creative storytelling and impactful show-and-tell bugsand let us tell you, his stories do not disappoint! From his bug bounty journey to some pretty wild hacks, Inti captivates us as only Inti can. We discuss the potential life-saving impact of bug bounty reports, especially in areas such as transportation and medical devices. We also cover hacker mentality, the benefits of objective-based challenges, and the need for collaboration and alignment within the bug bounty community. Its a mesmerizing...
Episode 32: The Great Write-up Low-down
Episode 32: In this episode of Critical Thinking - Bug Bounty Podcast, Joel caught a nasty bug (no, not that kind) so Justin is flying solo, and catches us up to speed on what's been happening in hacking news.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterSmashing the State articlehttps://portswigger.net/research/smashing-the-state-machine?ps_source=portswiggerres&ps_medium=social&ps_campaign=race-conditionsNagles Algorithmhttps://en.wikipedia.org/wiki/Nagle%27s_algorithm HTTP/2 RFC https://httpwg.org/specs/rfc7540.html Tweet by Alex Chapmanhttps://twitter.com/ajxchapman/status/1691103677920968704?s=20Cookieless Duodrop IIS Auth Bypasshttps://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/ Xss and .Nethttps://blog.isec.pl/all-is-xss-that-comes-to-the-net/Shopify Account Takeoverhttps://ophionsecurity.com/blog/shopify-acount-takeoverShort Name Guesserhttps://github.com/projectmonke/shortnameguesserHacking Points.comhttps://samcurry.net/Points-com/Hacking Starbucks https://samcurry.net/hacking-starbucks/Bug...
Episode 31: Alex Chapman - The Man of Many Crits
Episode 31: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to be joined by Alex Chapman, a seasoned InfoSec hacker and bug bounty hunter. We kick off with Alex sharing his hacking journey, from a guest lecturer that inspired him, to working on internal Red Teams, to his transition to working with HackerOne, and finally as a bug bounty hunter focusing on searching out those few, high impact bugs. We also discuss the power of collaboration, the challenges of balancing hacking with other responsibilities, and the necessity of flexibility and taking breaks in bug bounty work....
Episode 30: Recon Legend Shubs - From Burgers to Bounties
Episode 30: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to be joined by renowned bug bounty hunter Shubs. We kick off with him sharing his journey from burgers to bugs, and how his friendly rivalry with a fellow hacker fueled his passion for reconnaissance, as well as his love of collaboration. We then shift gears to talk about the art of debugging, ethics and economics of bug bounty hunting, the transition to Entrepreneur, and the evolution of Assetnote from a reconnaissance tool to enterprise security software suite. This ones a banger, and we dont want...
Episode 29: Live Episode with Sean Yeoh - Assetnote Engineer
Episode 29: In this episode of Critical Thinking - Bug Bounty Podcast sit down with Assetnote Engineer Sean Yeoh, and pick his brain about what he's learned on his development journey. We talk about the place and importance of message brokers, and which ones we like best, as well as his engineering philosophy regarding bottleneck prevention and the importance of pursuing optimization. Don't miss this episode of terrific technical tips!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your...
Episode 28: Surfin' with CSRFs
Episode 28: In this episode of Critical Thinking - Bug Bounty Podcast, the CSRFs up, dude! We kick off with a debate about whether or not deep link vulns in mobile apps can be considered CSRF. We also talk browser extensions and tools like Hackbar, PwnFox, and JS Weasel, and Justin tries to invent a whole new vuln term. Theres plenty of good stuff here, so what are you waiting for? Jump on in!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro...
Episode 27: Top 7 Esoteric Web Vulnerabilities
Episode 27: In this episode of Critical Thinking - Bug Bounty Podcast, we've switched places and now Joel is home while Justin is on the move. We break down seven esoteric web vulnerabilities, and talk Cookies, Config File Injections, Client-side path traversals and more. We also briefly discuss appliance hacking, new tools, and shout out some new talent in the hacking space. Don't miss this episode full of cool vulns, and experience Justin's vocal decline in real time.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker...
Episode 26: Client-side Quirks & Browser Hacks
In this episode of Critical Thinking - Bug Bounty Podcast, we're back with Joel, fresh (haha) off of back-to-back live hack events in London and Seoul. We compare the different vibes of each LHE, then we dive into the technical thick of it, and talk web browsers, XSS vectors, new tools, CVSS 4.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:______Hunting for NGINX alias traversals in the wildPortSwigger TweetSoroush's Follow-upTweet about magic...
Episode 25: 2xMVH & Multi-million dollar hacker Inhibitor181
Episode 25: In this episode of Critical Thinking - Bug Bounty Podcast we talk to Cosmin (@Inhibitor181), fresh off of winning his 2nd MVH! We chat about the time management and strategy of hacking Multi-Target LHEs, determining when to pivot, and how to find normalcy in bug bounty hunting and Live Hacking Events. We also touch on setting up Vuln Pipelines, creating mental models, and Cosmin's terrifying naming schemes. Don't miss this episode packed with both laughs and valuable insights for beginners and seasoned bug bounty hunters alike.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel...
Episode 24: AI + Hacking with Daniel Miessler and Rez0
Episode 24: In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Daniel Miessler and Rez0 about the emergence and potential of AI in hacking. We cover AI shortcuts and command line tools, AI in code analysis and the use of AI agents, and even brainstorm about the possible opportunities that integrating AI into hacking tools like Caido and Burp might present. Don't miss this episode packed with valuable insights and cutting-edge strategies for both beginners and seasoned bug bounty hunters alike.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send...
Episode 23: Hacker Loadouts
Episode 23: In this episode of Critical Thinking - Bug Bounty Podcast, we delve into a different aspect of hardware - Our personal loadouts. We go through the equipment and gear we use to get our jobs done, and share stories about why we picked what we have. We also touch on live hacking events, the growing acceptance of white hat hacking, and some pretty cool news going on in the hacker world. Don't miss this episode packed with tips and strategies for both beginners and seasoned hackers alike!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so...
Episode 22: Chipping Away at Hardware Hacking
Episode 22: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some basic/intermediate concepts related to Hardware Hacking. Specifically, we dive into extracting data from eMMC chips in order to get our hands on source code for IoT devices. Don't miss this episode packed with valuable insights, tips, and strategies for beginners and seasoned bug bounty hunters alike!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCheckout NahamCon:https://bit.ly/42vnpMSRiverLoop Security...
Episode 21: Chill Chat with Legendary DoD Hacker Corben Leo
In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Corben Leo about his journey in bug bounty hunting and ethical hacking. We discuss the state of DNS rebinding in 2023, a Twitter thread by Douglas Day (@ArchAngelDDay) on one-hundred bug bounty rules, and our own unique approaches to bug hunting. We also discuss Corben's recon-focused bug hunting methodology and how he developed it. Don't miss this episode filled with valuable tips, insights, and Corben's Boring Mattress Company.Follow us on twitter at: @ctbbpodcastGet on our newsletter for some exclusive content: https://www.criticalthinkingpodcast.io/subscribeWe're new to this podcasting thing, so...
Episode 20: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into the world of "hacker brain hacks'' and overcoming challenges in bug bounty hunting. We discuss custom word lists, the rising popularity of Caido as a potential Burp Suite replacement, and Cloudflared tunnels for hosting POCs. We also tackle the mental aspects of bug bounty hunting, from procrastination to imposter syndrome, and share tips for staying motivated and avoiding burnout. Don't miss this episode packed with valuable insights and advice for both beginners and seasoned bug bounty hunters!Follow us on twitter at: @ctbbpodcastWe're new to this...
Episode 19: In this episode of Critical Thinking - Bug Bounty Podcast we further discuss some tips and tricks for finding vulns once youve got source code and some banger tweets/tools that popped up in our feed this week. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterPart 1:https://open.spotify.com/episode/2pdTaWHSzl9CY7PgRQtvTiNoperators Zip-Snip: https://twitter.com/noperator/status/1658313637189111808https://github.com/noperator/zip-sniphttps://noperator.dev/posts/zip-snip/Insecures SIP Bugs: https://twitter.com/ifsecure/status/1656591469518495745 AssetNotes Sitecore Bugs: https://blog.assetnote.io/2023/05/10/sitecore-round-two/ Fyooers Shadow Clone: https://github.com/fyoorer/ShadowClone
Episode 18: Audit Code, Earn Bounties
Episode 18: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into everything source-code related: how to get source-code and what to do with it once you have. This episode is packed with great examples of successful source code review, tips on how to review code yourself, and the tools you'll need along the way.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCrossing the KASM:https://www.youtube.com/watch?v=NwMY1umhpggPWNAssistant by Elttam:https://www.elttam.com/blog/pwnassistant/#contentAndre's Git Arbitrary...
Episode 17: LA Live Chat with Five Legendary Hackers
Episode 17: In this episode of Critical Thinking - Bug Bounty Podcast we talk with five legendary hackers about some of their favorite bugs. Live. From LA.Corben Leo Lorben CEO @hacker_Sam ZLZ ZOZL The King Curry @samwcyoFrans The Legend Rosen @fransrosenJonathan Doc Bouman @JonathanBoumanNagliNagliNagli @naglinagliShoutout to Jonathan Boumans Mom!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFOLLOW OUR LINKEDIN ACCOUNT FOR NAGLI:https://www.linkedin.com/company/ctbbpodcastSam Currys shoutout - Ian Carrols Seats.Aero: https://seats.aero/
Episode 16: The Hacker's Toolkit
Episode 16: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the hackers toolkit. Joel and Justin talk about their VPS setup, go-to hacking tools, most often used Linux commands, and the ways they duct tape all of these together for the big hacks.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on Twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterOur Boi @rez0__ Dropping Some AI Hackz:https://twitter.com/rez0__/status/1648685943539245056?s=20LiveOverflow Prompt Injection:https://www.youtube.com/watch?v=Sv5OLj2nVAQJoels Private Network Solution:https://www.zerotier.com/Stok & Tomnomnom on Vim/Bash:https://www.youtube.com/watch?v=l8iXMgk2nnYLatest GhostScript...
Episode 15: The Israeli Million-Dollar Hacker
Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFollow Nagli and his new startup...
Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff
Episode 14: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Dynamic Analysis within Mobile Hacking and a bunch of random hacker stuff. It's a good time. Enjoy the pod.Follow us on Twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on Twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJoels Alternative to UberTooth One:https://www.amazon.com/Bluetooth-UD100-G03-Exchangeable-Bluesoleil-Microsoft/dp/B0161B5ATMD3monDevs Burp VPS Plug-in:https://github.com/d3mondev/burp-vps-proxyFireProx:https://github.com/ustayready/fireproxJoels Universal SSL De-pinning Frida Script:https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725Command-line Fuzzy Finder:https://github.com/junegunn/fzfJustins two article recommendations for using Frida:https://tinyurl.com/5n94d6ryhttps://tinyurl.com/yfy3n5f5Copy screen of physical device:https://tinyurl.com/ymdrscm5Flipper:https://flipperzero.one/BetterCap BLE Module:https://www.bettercap.org/modules/ble/Timestamps:(00:00:00) Intro(00:00:55) Hacker Chats(00:03:27) Podcast...
Episode 13: How to Find a Good BBP + Acropalypse + ZDI
Episode 13: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to determine if a bug bounty program is good or not from the policy page. We also cover some news including Acropalypse, ZDI's Pwn2Own Competition, Node's Request library's SSRF Bypass, and a new scanning tool by JHaddix. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJHaddix AWSScrape Tool:https://twitter.com/Jhaddix/status/1637140192728612865?s=20Acropalypse Links:https://twitter.com/ItsSimonTime/status/1636857478263750656https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.htmlhttps://twitter.com/David3141593/status/1638222624084951040https://twitter.com/David3141593/status/1638293029059477505SSRF Bypass in NodeJS:https://blog.doyensec.com/2023/03/16/ssrf-remediation-bypass.htmlZDI's Pwn2Own:https://twitter.com/thezdiKuzu7shiki's Awesome Pixiv Report:https://hackerone.com/reports/1861974https://twitter.com/kuzu7shikiSome...
Episode 12: JHaddix on Hacker->Hacker CISO, OG Hacking Techniques, and Crazy Reports
Episode 12: In this episode of Critical Thinking - Bug Bounty Podcast we talk with Jason Haddix about his eclectic hacking techniques, Hacker -> Hacker CISO life, and some crazy vulns he found. This episode is chock full of awesome tips so give it a good listen!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFollow JHaddix on Twitter:https://twitter.com/jhaddixBuddoBot:https://buddobot.com/BC Hunt:https://github.com/bugcrowd/HUNT/blob/master/README.mdOne List For All:https://github.com/six2dez/OneListForAllAssetNote Wordlists:https://wordlists.assetnote.io/Backslash Powered Scanner:https://portswigger.net/bappstore/9cff8c55432a45808432e26dbb2b41d8Jasons Handy Dandy Acronyms:SSWLR - Sensitive Secrets Were...
Episode 11: CV$$, Web Cache Deception, and SSTI
Episode 11: In this episode of Critical Thinking - Bug Bounty Podcast we talk about CVSS (the good, the bad, and the ugly), Web Cache Deception (an underrated vuln class) and a sick SSTI Joel and Fisher found.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterMDSec Outlook Vuln:https://twitter.com/MDSecLabs/status/1635791863478091778Jub0bs User-Existance Oracle Tweet:https://twitter.com/jub0bs/status/1633786349529513986James Kettle's Tweet About BB ID Header Standardization:https://twitter.com/albinowax/status/163595150679175577615K Snapchat Numeric IDOR:https://hackerone.com/reports/1819832Bug Bounty Reports Explained:https://www.bugbountyexplained.com/CVSS Calculator:https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorWeb Cache Deception Write-up:https://www.blackhat.com/docs/us-17/wednesday/us-17-Gil-Web-Cache-Deception-Attack.pdf
Episode 10: The Life of a Full-Time Bug Bounty Hunter + BB News + Reports from Mentees
Episode 10: In this episode of Critical Thinking - Bug Bounty Podcast we talk about what its like to be a full-time bug bounty hunter, a tonne of bug bounty news, and some great report summaries from Justins two mentees: Kodai and Soma. Follow us on twitter at: https://twitter.com/ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterHackVertor https://portswigger.net/bappstore/65033cbd2c344fbabe57ac060b5dd100 Not_An_Aardvark (Teddy Katz) Blog: https://blog.teddykatz.com/ Tweets from PortSwigger Research:https://twitter.com/PortSwiggerRes/status/1632742844535324677https://twitter.com/PortSwiggerRes/status/1630221223874445314https://twitter.com/PortSwiggerRes/status/1629131380473970688HackerOne LHE Standards: https://www.hackerone.com/hackerone-community-blog/get-invited-how-live-hacking-event-invites-have-changed Rez0 Bug Bounty Tweet: https://twitter.com/rez0__/status/1553371602770960384?t=NCr_esHcEts9PrcjxIZ5uw&s=19Rojans Github Bug:...
Episode 9: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Headless Browser SSRF and drop a tool called RebindMultiA. Joel also walks us through a web3 bug and we cover some bug bounty news from the past week. As always, we drop some bug bounty tips and give you some attack vectors to think about.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Truffle Security End-To-End Encryption Video:https://www.youtube.com/watch?v=BBcZcoIZ1JcHackerOne World Cup:https://www.hackerone.com/hackers/brand-ambassador-programHackerOne World Cup Sign Up Form...
Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops
Episode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It's a short one but a good one! Don't miss it!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCSS Escape Blog Post:https://mathiasbynens.be/notes/css-escapesRez0s blog on ChatGPT:https://rez0.blog/hacking/2023/02/21/hacking-with-chatgpt.htmlAll the ways to get a reference to a frame (shoutout to @wcbowling for the...
Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!
Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter, and, as always, some great bug bounty tips.Sorry if the audio is a little rough around the edges this time, should be better than ever next time.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterPortSwigger's Top 10 Web Hacking Techniques of...
Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)
Episode 6: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJoels HackerOne Android Hacking Introduction:https://t.ly/f87DAndroid Pixel Lock Screen Bypasshttps://t.ly/Q_qqExploiting Deeplink URLs:https://inesmartins.github.io/exploiting-deep-links-in-android-part1/index.htmlJoels get_schemas tool:https://github.com/teknogeek/get_schemasExample AndroidManfest.xml we referenced:https://t.ly/mcN1https://t.ly/ErVVAndroid docs for intent filters:https://developer.android.com/guide/components/intents-filters.htmlAndroid docs for setAllowContentaccess:https://t.ly/hXOZAndroid docs for setAllowFileAccess:https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccess(boolean)Add JavaScript Interface to Webview:https://developer.android.com/reference/android/webkit/WebView#addJavascriptInterface(java.lang.Object,%20java.lang.String)Joels SSL Pinning...
Episode 4: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest Spaceraccoon
Episode 4: In this episode of Critical Thinking - Bug Bounty Podcast we have part two of our series on the H1-407 HackerOne Live Hacking Event. This time, we have a special guest SpaceRaccoon (@spaceraccoonsec) talking about techniques and takeaways from the event.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterSpaceraccoons blog:https://spaceraccoon.dev/Spaceraccoons twitter:https://twitter.com/spaceraccoonsecResponder (NTLM Hash harvesting tool):https://github.com/lgandx/ResponderThe malware reversing course Spaceraccoon recommended:https://courses.zero2auto.com/Offensive Security Exploit Development Courses:https://www.offensive-security.com/courses-and-certifications/
Episode 5: AI Security, Hacking WiFi, the New XSS Hunter, and more
Episode 5: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the new XSS Hunter, MD5 collisions and using ChatGPT for security, and much more!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterSave All Resources Chrome Extension: https://chrome.google.com/webstore/detail/save-all-resources/abpdnfjocnmdomablahdcfnoggeeiedb?hl=enCorben's AMA: https://twitter.com/hacker_/status/1620514351521366016Collisions repo: https://github.com/corkami/collisions
Episode 3: H1-407 Event Madness & Takeaways Part 1
Episode 3: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some of the interesting things weve learned from participating in HackerOne's H1-407 Live Hacking event. We cover decompiling binaries in various different languages, Windows URI Handlers, Caido, and SameSite Lax + POST.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFrans Rosen S3 Bucket Authorization Blog Post: https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/Getting code from executables:ILSpyDotPeekJadx-GUIPyinstxtractorUncompyle6Jub0bs SameSite Article:https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/Mgeekys Powershell Script to Enumerate Windows...
Episode 2: Exploit Writing & Automation / Do you need to know how to program to hack?
Episode 2: In this episode of Critical Thinking - Bug Bounty Podcast we talk about exploit writing/automation, some new tools released in the industry (Of-CORS), the age old question of "Do you have to know how to program to hack?", a walk-through of some very impactful bug bounty reports, and some tips and tricks for exploit writing.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterOf-CORS by TruffleSecurityhttps://trufflesecurity.com/blog/of-cors/https://github.com/trufflesecurity/of-corsCyberChefhttps://gchq.github.io/CyberChef/Curl Converterhttps://curlconverter.com/Caidohttps://caido.io/Copy As Python Requestshttps://portswigger.net/bappstore/b324647b6efa4b6a8f346389730df160eMMC Card...
Episode 1: Introductions, Bug Bounty Reports, and BB Tips
Episode 1: In this episode of Critical Thinking - Bug Bounty Podcast, Joel Margolis (aka 0xteknogeek) and Justin Gardner (aka Rhynorater) cover introductions, a couple of cool bug bounty reports, and some really helpful BB Tips.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterThe report Joel was talking about: https://hackerone.com/reports/1672388
Cyber Distortion Podcast Hosted by Kevin Pentecost & Jason Popillion In this episode of the Cyber Distortion Podcast, Kevin and Jason discuss one of the most chilling and groundbreaking cyberattacks in history: Stuxnet. What started as a mysterious series of system failures inside Iran's nuclear facilities quickly unraveled into something far more dangerousa precision-engineered digital weapon designed not just to spy, but to destroy. We break down how Stuxnet infiltrated highly secure, air-gapped systems, silently manipulated industrial controls, and physically sabotaged centrifugesall while reporting normal operations back to engineers. This wasn't just malware. It was a turning point. From its...
S5 - Episode 002 Cicada 3301
Cyber Distortion Podcast Hosted by Kevin Pentecost & Jason Popillion In January 2012, a mysterious message appeared on an obscure corner of the internet a simple image posted on 4chan with a chilling promise: "We are looking for highly intelligent individuals." What followed was unlike anything the internet had ever seen. Hidden messages. Impossible riddles. Cryptographic puzzles buried in images, music files, and code. Clues scattered across the globe from obscure websites to real-world posters taped to telephone poles in cities thousands of miles apart. Behind it all was a name that would become internet legend: Cicada 3301. In this...
S5 - Episode 001 The Day that Twitter Died
Cyber Distortion Podcast Hosted by Kevin Pentecost & Jason Popillion On July 15, 2020, the unthinkable happened: dozens of the world's most powerful voices Barack Obama, Elon Musk, Bill Gates, Joe Biden, Apple, Uber, and more suddenly blasted the same message out to millions of followers. A promise that sounded too good to be true because it was. What looked like a generous giveaway turned into one of the most audacious social engineering hacks in tech history all orchestrated not by a foreign syndicate, not by an elite hacker collective but by a 17-year-old from Tampa, Florida. In this episode...
S4 - Episode 014 CYBR.HAK.CON: The L33T DFW Hacker Conference (w/ Michael Farnum & Phillip Wylie)
In this episode, we're diving deep into the evolution of one of the most respected cybersecurity community movements in the country. Michael Farnum, founder of CYBR.SEC.Community and the original force behind HOU.SEC.CON, joins us to talk about the transformation of a beloved Houston-based conference into a multi-city, multi-conference ecosystem designed to empower cybersecurity professionals, enthusiasts, and newcomers alike. With expansion plans already underway, the CYBR.SEC.Community is poised to redefine how regional infosec communities connect, learn, and grow. We're also joined by Phillip Wylie, a well-known ethical hacker, author, and educator, who will be leading CYBR.HAK.CON the Dallas/Fort Worth chapter of...
S4 - Episode 013 The Cyber Crystal Ball: Predictions & Pitfalls (w/ Paul Furtado from Gartner)
In this episode of the Cyber Distortion Podcast, hosts Jason Popillion and Kevin Pentecost sit down with Paul Furtado, Vice President and Analyst at Gartner, for a deep, insightful conversation that cuts through industry noise and gets to the heart of what's shaping cybersecurity and enterprise technology today. Paul brings a dynamic blend of executive leadership and real-world operational expertise, with a career marked by driving bottom-line impact, navigating mergers and acquisitions, optimizing performance, and reshaping strategic technology programs. Known for his visionary leadership, negotiation acumen, and ability to connect strategy with execution, Paul shares the kind of clarity and...
S4 - Episode 012 Zero Trust, Zero Confusion (w/ Rob Allen)
In this eye-opening episode of Cyber Distortion, hosts Kevin Pentecost and Jason Popillion sit down with Rob Allen from ThreatLocker to break down one of the most talked-about and misunderstood concepts in cybersecurity today: Zero Trust. With a deep well of technical expertise and real-world business acumen, Rob brings clarity to the chaos, cutting through the jargon to explain what Zero Trust really means, why it matters, and how organizations of all sizes can adopt it effectively. Whether you're a seasoned security pro or just starting to wrap your head around Zero Trust architecture, this episode gives you the insights...
Today's guest is a true force in cybersecurity, governance, and leadership. She's a global voice for resilience, inclusion, and innovation and her story is as inspiring as it is impactful. In this episode, we were thrilled to be joined by Gaelle Koanda a Cybersecurity and GRC powerhouse, ISACA Board Member, AI Ethics Advocate, Entrepreneur, and Nonprofit Leader. From IT audits to executive boardrooms, Gaelle has carved a path defined by grit, grace, and growth. She's the Founder and President of the very first WiCyS chapters in Francophone Africa, and currently serves as the SheLeadsTech Ambassador for Colorado building bridges across...
S4 - Episode 010 The Making of I AM MACHINE w/Chris Glanden & Len Noe
Description: In this compelling episode of the Cyber Distortion Podcast, hosts Jason sits down with the extraordinary trio behind the groundbreaking documentary I AM MACHINE a deep dive into the life and mission of transhuman white hat hacker, Len Noe. Known for merging biology with embedded technology, Len's journey into transhumanism is as provocative as it is visionary. He uses his cybernetic implants not only to push the boundaries of human capability but also as a powerful tool to demonstrate vulnerabilities in both physical and digital security systems. From real-world pen tests to live hacking demos, Len's ethical hacking blurs...
S4 - Episode 009 Codewaves Rising Surfing Latin Americas Talent Tide (w/ Roger Einstoss)
Description: New Episode Alert Cyber Distortion Podcast Welcome back! In this episode we're diving deep into one of the most pressing challenges in cybersecurity: finding the right talent. Join us for an eye-opening conversation with Roger Einstoss, co-founder of Braintly, a company revolutionizing how organizations source cybersecurity professionals from across Latin America. With decades of experience and a sharp eye for global tech talent, Roger shares insider knowledge on tapping into thriving hubs like Argentina, Brazil, and beyond. We explore how Latin America is rapidly emerging as a hotbed for skilled cybersecurity professionalsand why North American companies are increasingly turning...
This episode welcomes Ted Harrington, a celebrated ethical hacker, TEDX keynote speaker, and executive partner at Independent Security Evaluators (ISE). With decades of realworld experience hacking everything from iPhones and cars to medical devices, cryptocurrency platforms, and password managers, Ted brings unmatched expertise to our conversation. He's built a reputation for uncovering hidden vulnerabilities, helping clients such as Google, Amazon, Netflix, Microsoft, Disney, and Adobe to fix tens of thousands of security flawsdemonstrating why no system is truly unhackable. In this episode, Ted walks us through his journey from early penetration testing to leading elite security research. We discuss the...
S4 - Episode 007 Reality Distortion is so Freakin' Real! (w/ Winn Schwartau)
In this riveting episode of Cyber Distortion, hosts Kevin Pentecost and Jason Popillion sit down with none other than Winn Schwartau the legendary cybersecurity pioneer and provocateur known for pulling no punches when it comes to the truth. A trailblazer in information warfare and the original mind behind DEFCON Jeopardy, Winn dives deep into the murky waters of misinformation, disinformation, and the global implications of distorted digital realities. From nation-state psyops to corporate manipulation campaigns, we explore how the war over truth is being waged on battlefields both virtual and real. But it wouldn't be Cyber Distortion without a twist....
S4 - Episode 006 LULZSEC Mastermind Unmasked: The Sabu Story (w/ Hector Monsegur)
Welcome back to Cyber Distortion, the show where the shadows of the digital world come into focus. Today's episode dives deep into the mind of someone who once sat at the center of the internet's most notorious hacktivist movements. Our guest is Hector Monsegurbetter known to some as Sabua former leading figure in both Anonymous and LULZSEC, who orchestrated some of the most high-profile cyber-attacks of the early 2010s. From penetrating government networks to being at the heart of a global FBI takedown, Hector's story is part cautionary tale, part cyber-thriller. In this conversation, he shares it allraw, unfiltered, and...
S4 - Episode 005 The Art of the HVCK! (w/ Ryan Williams)
In this electrifying episode, we dive deep into the world of hacking, privacy, and offensive security with Ryan Williams, Editor of HVCK Magazine and Director of Smart Cyber Solutions Pty Ltd. Ryan is more than just a cybersecurity consultanthe's a red team enthusiast, blue team strategist, and relentless innovator in the cyber arena. We explore Ryan's journey from pen tester to publisher, and uncover the vision behind HVCK Magazinean online publication dedicated to all things hacking, from OSINT and threat intelligence to offensive tooling and real-world exploits. Learn about his contributions to the community with projects like Commander, MxFlex, AllTheThings,...
S4 - Episode 004 Human IOT: Sub-Molecular DNA Cybersecurity (w/ Dr. Gregory Carpenter)
In this electrifying episode of the Cyber Distortion Podcast, hosts Kevin Pentecost and Jason Popillion dive into the fascinating crossroads of cybersecurity, health, and molecular science with a very special guest Dr. Gregory Carpenter. Known worldwide for his pioneering research and groundbreaking work at the intersection of biotechnology and cybersecurity, Dr. Carpenter brings a unique and urgent perspective on the growing risks and innovations tied to DNA hacking and cybersecurity at the molecular level. Together, they explore how advances in genetics, bioinformatics, and synthetic biology are creating new vulnerabilities and why protecting health data and even the biological code of...
S4 - Episode 003 Hackers Love You...And Your Overshared Instagram Posts! (w/ Wes Kussmaul)
In this thought-provoking episode of the Cyber Distortion Podcast, we're joined by Wes Kussmaul, a visionary in the realm of secure online identities and the founder of Delphi Internet Services Corporationthe company behind the Kussmaul Encyclopedia, the world's first computerized encyclopedia and one of the earliest forms of hypertext. With over three decades of experience building secure online spaces, Wes brings a unique blend of historical perspective and forward-thinking innovation to the conversation around privacy, authentication, and identity protection. As digital threats evolve, so must our understanding of how we prove who we are online. Wes breaks down the role...
S4 - Episode 002 - Staring Down the Barrel of a Loaded Gun (w/ Ricoh Danielson)
In this gripping episode of the Cyber Distortion Podcast, we sit down with Ricoh Danielson a former U.S. Army Combat Veteran of Iraq and Afghanistan, national security expert, and digital forensics specialist. With a career that bridges the battlefield and the digital frontlines, Ricoh brings a rare and powerful perspective on the evolving threats to our national security and critical infrastructure. From his firsthand experiences in war zones to his current role as a VCISO and digital forensic expert, Ricoh shares stories that are as eye-opening as they are inspiring. We dive into the real-world challenges facing the nation today...
S4 Episode 001 [CTRL-ALT-GEN] Resetting the Generational Tech Divide
Welcome to this episode ofCyber Distortion, where we explore the cutting edge of technology, security, and the future of humanity itself. In this episode, we look into how differing generational outlooksfrom the Silent Generation, to Baby Boomers, Gen X, Millennials, and Gen Zshape the ways teams solve problems and interact within today's corporate landscape. We explore how historical events, technological exposure, and shifting cultural norms have impacted each generation's communication style, work ethic, and appetite for risk. Through candid anecdotes and real-world examples, we uncover the advantages of blending diverse generational perspectives to spark innovation, build more inclusive workplace cultures,...
S3 Episode 014 Navigating the Storm: Mastering Incident Response and Disaster Recovery
In this season finale of the Cyber Distortion Podcast, hosts Kevin Pentecost and Jason Popillion, tackle one of the most critical topics in modern cybersecurityincident response and disaster recovery. When a cyber incident strikes, every second counts. Organizations need to be ready with well-orchestrated plans to respond effectively and recover swiftly. This episode delves deep into the strategies, tools, and best practices that every cybersecurity professional and organization should know to minimize damage and ensure resilience. Kevin and Jason guide listeners through the intricacies of incident response, breaking it down into digestible phases like preparation, detection, containment, eradication, and recovery....
S3 Episode 013 Bridging the Cyber Skills Gap w/Jessie Bolton
Cybersecurity isn't just about technologyit's about people. In this eye-opening episode of the Cyber Distortion Podcast, we're joined by Jessie Bolton, CEO of Bolt Resources and former Vice President of North Texas ISSA, to tackle one of the industry's most pressing challenges: the human side of the cybersecurity skills gap. Jessie brings a wealth of experience from her collaborations with ISC2, WiCyS, NICE, Infosec Institute, and higher education institutions. She's at the forefront of redefining how organizations identify, nurture, and retain talent in an industry facing a critical workforce shortage. From strategies to attract untapped talent to innovative training programs...
S3 Episode 012 Slaying the Surveillance Capitalist Pigs w/Mark Weinstein
Protecting Your Privacy Online with Mark Weinstein In this must-listen episode of the Cyber Distortion Podcast, we dive deep into the critical topic of online privacy with our special guest, Mark Weinstein. As a world-renowned author, TedX speaker, tech visionary, and privacy advocate, Mark brings unparalleled insight into the digital privacy landscape. We explore strategies to safeguard your online presence, regain control over your personal data, and thrive in an increasingly connected world. Mark also shares groundbreaking ideas from his award-winning book, "Restoring Our Sanity Online A Revolutionary Social Framework", offering a transformative approach to navigating the digital age. Don't...
S3 Episode 011 The Hitchhacker's Guide to the Cyberverse!
So, do you think your business is secure? Think again. This October, Jason and Kevin met with CompTIA's Wayne Selk, to uncover what businesses and individuals must know to stay ahead of today's online threats. Don't miss out on this essential conversation your online safety might just depend on it! An esteemed expert in the industry, Wayne brings over 25 years of cybersecurity expertise, helping businesses and individuals strengthen their defenses against online threats. From common phishing scams to advanced ransomware tactics, Wayne breaks down the latest in cybersecurity best practices and shares practical tips to keep you, your data,...
S3 Episode 010 The Art of the Pivot w/Wirefall
In this episode of the Cyber Distortion Podcast, we sit down with Dustin Dykes, better known as Wirefall, the founder of the Dallas Hackers Association (DHA). Join us as we dive into the origins of DHA, its impact on the cybersecurity community, and Wirefall's journey in the hacking world. Dustin is a Tribe of Hackers and Art of Intrusion Contributor, a public speaker, an improv and stand up student and performer, and of course, a technical guru! He is a local security community advocate. Founder of the Dallas Hackers Association and former board member of BSides DFW and TheLab.MS. He...
S3 Episode 009 He Robs Banks! w/FC (aka: Freaky Clown)
Welcome to this episode of Cyber Distortion, where we explore the cutting edge of technology, security, and the future of humanity itself. Today, Kevin and Jason have the privilege of talking with FC. FC or, "Freaky Clown" as he's known more commonly by his hacker handle, is a renowned ethical hacker and social engineer, as well as global keynote speaker. He has been working in the information security field for over 25 years and is motivated by a drive to make individuals, organizations, and countries more secure. When he is not legally breaking into companies, FC takes audiences on an...
S3 Episode 008 The Transhuman
Welcome to this episode of Cyber Distortion, where we explore the cutting edge of technology, security, and the future of humanity itself. Today, we have a truly extraordinary guest joining us: Len Noe, a Transhumanist with over 10 chips embedded in his body. Len isn't just a futuristhe's living proof of what the future could hold, using his integrated technology to perform hacks and complete takeovers on various devices. His unique perspective challenges the boundaries between human and machine, and today, he's here to share his incredible journey and insights with us. Len's path to becoming a white hat hacker...
S3 Episode 007 The Sociosploit
In today's episode, Kevin and Jason talk with a good friend Justin "Hutch" Hutchens. Hutch is a technology leader and visionary. He is the author of the book "The Language of Deception: Weaponizing Next Generation AI", the creator of Sociosploit.com, a research blog which examines exploitation opportunities on the social web a confluence of his interests in both technical hacking and social psychology, and the co-host of Cyber Cognition, a podcast focused on the rapidly evolving technical landscape of artificial intelligence and machine learning. Hutch is an award-winning public speaker and has spoken at multiple Universities and global conferences to...
S3 Episode 006 The Insane Impact of AI (FireTalks 15)
In this episode, Kevin and Jason hit 15 different topics on the Insane Impact of AI on our businesses, in our daily lives, in healthcare, and beyond. Each topic will be covered in 5 minutes or less in a new format we're calling "Firetalks 15!" The guys like to talk, and if you've listened to more than a few episodes, keeping any topic under 5 minutes proved to be a very challenging thing as you'll see in this interesting new format! Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a...
S3 Episode 005 The Great Cyber Divide (w/ Special Guests: The Bare Knuckles & Brass Tacks Podcast Team)
In this episode, Kevin and Jason sit down to talk shop with George Kamide and George Al-Koura the hosts of the awesome podcast "Bare Knuckles and Brass Tacks." Their podcast is focused on talking about whether or not there truly is a vendor/customer divide. It's a cybersecurity podcast dedicated to answering that question. George Kamide comes from the vendor side, and George Al-Koura is a CISO on the customer side. They have REAL conversations from opposing sides of the pitch about cybersecurity marketing, sales, and go-to-market strategies. They confront these topics and bad practices with bare knuckles. Then it's down...
S3 Episode 004 The Dark Tale Teller with Jack Rhysider of Darknet Diaries
In this episode, Jason and Kevin sit down with the one and only storyteller from the dark side of the internet, Jack Rhysider. Jack is the beloved voice behind the extremely popular podcast The Darknet Diaries. Tonight, it's a podcaster-to-podcaster conversational happy hour! Jack attended a highly ranked university to study computer engineering with an emphasis on software engineering. Received formal training in Linux, Unix, Windows, C, C++, Java, ASM, logic, and electrical engineering. After college, he spent over a decade conducting network hardening by securing, analyzing, and testing network equipment such as firewalls, routers, and IDS units. Completed work...
S3 Episode 003 Alethe-Al Weapon with Alethe Denis
EPISODE DESCRIPTION: In this episode, we sit down with Sr. Security Consultant and Red Teamer, Alethe Denis. Alethe is a social engineer who excels in the art of human hacking. Alethe Denis is a Senior Security Consultant on the Red Team at Bishop Fox, an offensive cyber security company that helps clients protect their assets and data. She holds the Certified Ethical Hacker (CEH) certification and has multiple awards and publications in the field of social engineering and cybersecurity. Pursuing her passion for hacking she joined the cyber security industry after winning the prestigious DEF CON Social Engineering Capture the...
S3 Episode 002 Un-Bearably Dedicated!
EPISODE DESCRIPTION: In this episode, Kevin and Jason sit down to talk shop with Cyber-guru Phillip Wylie. Phillip is a friend and a member of the newly formed Cyber Circus network which includes other podcasters including Chris Glanden of BarCode Security as well as Kevin & Jason from the Cyber Distortion Podcast. Phillip Wylie is a well-known figure in the cybersecurity and ethical hacking community, recognized for his extensive experience and contributions to the field. Background and Expertise: Phillip has a background in penetration testing and ethical hacking. His career spans over two decades, during which he has held various...
S3 Episode 001 Down the Deepfake Rabbit Hole
In this episode, Kevin and Jason kick of what we expect will be our most exciting season to date. We come out of the gate like two savage wildebeests ready to devour anything in our path! Wait, that sounds extreme. Maybe it's on that intense, but it's LEGIT intense as we tackle a topic that only the fearless dare unpackage DEEPFAKES! In this octane fueled episode, we delve into the intricate world of deepfakes, a term that has rapidly evolved from obscure tech lingo to a hot-button issue at the intersection of technology, ethics, and reality. We give funny examples...
S2 - Episode 014 - Lone Star Cyber Circus - LIVE @ Hop & Sting Brewery, Grapevine, TX
Get ready for an electrifying evening as the "Lone Star Cyber Circus" pitches its virtual tent at the renowned Hop & Sting Brewery in Grapevine, Texas! This live podcast event, a harmonious blend of cutting-edge cyber talks and classic Texan hospitality, promises an experience like no other. As you step into the rustic yet modern ambiance of Hop & Sting Brewery, you'll be greeted by the rich aroma of craft beers, a hallmark of this beloved local establishment. The brewery's spacious interior, adorned with hints of Texan charm and cyber-themed dcor, sets the perfect stage for an evening of engaging...
S2 - Episode 013 CISSP Success Stories with Luke Ahmed Part II
Description: This is part two of our riveting two-part episode with the extraordinary Luke Ahmed. Luke, a best-selling author, CISSP instructor, and the driving force behind the immensely popular Facebook page "CISSP Exam Preparation - Study Notes and Theory," brings a wealth of knowledge and passion to the table. Discover the keys to success in the realm of cybersecurity as Luke shares insights from his personal journey and experience in the field. As a CISSP (Certified Information Systems Security Professional) instructor, he's not just a teacher; he's a mentor who has personally guided over 3300 aspiring CISSPs to success in...
S2 - Episode 012 CISSP Success Stories with Luke Ahmed Part I
In this riveting two-part episode, join us as we dive deep into the world of cybersecurity with the extraordinary Luke Ahmed. Luke, a best-selling author, CISSP instructor, and the driving force behind the immensely popular Facebook page "CISSP Exam Preparation - Study Notes and Theory," brings a wealth of knowledge and passion to the table. Discover the keys to success in the realm of cybersecurity as Luke shares insights from his personal journey and experience in the field. As a CISSP (Certified Information Systems Security Professional) instructor, he's not just a teacher; he's a mentor who has personally guided over...
S2 - Episode 011 "Cybersecurity Happy Hour - with Chris Glanden (BARCODE Security)"
In this episode, Kevin and Jason shoot the breeze with fellow Cybersecurity podcaster Chris Glanden, a veteran cybersecurity professional passionate about Security Systems, breakthroughs, vulnerabilities, their mitigation and risk management. Chris has interviewed some of the most high-profile influencers and specialists in technology, hacking, and cyberspace. His episodes include guests like Phillip Wylie, Freaky Clown (FC), Jack Rhysider from Darknet Diaries, Alyssa Miller, Gummo, and Magda Chelly to name a few!! Conceptualized in mid-2020 amongst the Covid pandemic, he designed BARCODE to become THE alternative way to continue the social and educational elements of cybersecurity happy hours, technical meet-ups and...
S2 - Episode 010 Quantum Branding: Turbocharge your Identity with AI
In this unconventional episode, Kevin and Jason are thrilled to welcome a true branding and growth specialist, Larry Roberts, famously known as the "Red Hat Guy." Larry brings a wealth of experience and knowledge in harnessing the power of AI tools to supercharge brand growth and visibility. Meet Larry Roberts - The 'Red Hat Guy' Larry Roberts has made a name for himself in the world of branding and marketing with his unique approach to using AI-driven strategies. As a seasoned expert in the field, he has successfully leveraged cutting-edge technology to help businesses and influencers thrive in the digital...
S2 - Episode 009 DEFCON An Exhaustive Guide to Hacker Summer Camp (with Dr. Louis DeWeaver)
This very special episode is our contribution to all existing or soon-to-be DEFCON attendees! We go deep under the covers to crack the shell of all things Hacker Summer Camp in this definitive, ALL YOU NEED TO KNOW, and truly exhaustive guide. We join forces with our good friend, who we met at Hacker Summer Camp, Dr. Louis DeWeaver. Louis is a former professor and a seasoned cybersecurity expert who brings years of knowledge and many trips to DEFCON to this conversation. His upbeat personality is one of a kind! We like to say that Louis could definitely sell ice...
S2 - Episode 008 Fighting Acronym Fatigue Part II with Dr. Aaron Estes (CEO - Ironwood Cyber)
In this follow-up episode, we are honored to continue our spirited discussion with (Dr. Aaron Estes Ironwood Cyber CEO "Chief Epic Officer") on with us to talk all about his company Ironwood Cyber, and some of the cool things they're doing over there. Ever since we met the Ironwood Cyber team based out of Ft. Worth Texas, we knew we had a solid professional passion and connection and we shared MANY similar interests. The Ironwood Cyber team is a strong group of Engineers originally founded by not one, but TWO Lockheed Martin Fellows respected for their incredible skillsets. Aaron Estes...
S2 - Episode 007 Fighting Acronym Fatigue Part I with Dr. Aaron Estes (CEO - Ironwood Cyber)
In this episode, we are honored to have one of these amazing gentlemen (Dr. Aaron Estes Ironwood Cyber CEO "Chief Epic Officer") on with us to talk all about his company Ironwood Cyber, and some of the cool things they're doing over there. Ever since we met the Ironwood Cyber team based out of Ft. Worth Texas, we knew we had a solid professional passion and connection and we shared MANY similar interests. The Ironwood Cyber team is a strong group of Engineers originally founded by not one, but TWO Lockheed Martin Fellows respected for their incredible skillsets. Aaron Estes...
S2 - Episode 006 You ARE the Weakest link!
A long time in the making, this episode on the importance of User Awareness may just be the most important episode we've released so far. Kevin Pentecost and Jason Popillion are security veterans and Certified Information Systems Security Professionals (CISSPs) who know their way around a good User Awareness Training program having personally trained in classroom led environments as well as fostered and matured their own corporate training programs over their years as Cybersecurity managers. Join us as the duo delve into the critical topic of Cybersecurity User Awareness. With their wealth of experience, they provided invaluable insights and practical...
S2 - Episode 005 Third Party Risk It's not Me, It's You!
HE'S BAAAAAAACK!! In this episode, we RE-visit with our very first guest, Benjamin Hall. Ben has served as a virtual CISO, and serves as Sr. Information Security Consultant at Heartland Business Systems. With experience in Governance, Risk, and Compliance, Ben has worked in several industries including Banking, Finance, Insurance, and Healthcare. He is a Certified Information Systems Auditor (CISA), a Certified Data Privacy Solutions Engineer (CDPSE), and a HITRUST Certified Common Security Framework Practitioner (CCSFP). He is skilled in DR (Disaster Recovery), BC (Business Continuity), IR (Incident Response), Documentation, Risk Management, Business Development, and Information Security. To say Ben is...
S2 - Episode 004 - "AI and ChatGPT is Scary Sh*t! Part II"
In this MUCH anticipated follow-up to our episode 003 on AI an ChatGPT, expect more mind-numbing and terrifying facts about this incredible new technology! Kevin and Jason wrap up their discussion with Justin "Hutch" Hutchins, a true pioneer in the field of AI and it's social impact in the world of Cybersecurity and beyond. The sole purpose of this episode is to touch the topic of AI and open your mind as to how you need to be thinking about it. How might AI intermingle with the world of Cybersecurity? Is this whole thing just another over-hyped topic that will...
S2 - Episode 003 - "AI and ChatGPT is Scary Sh*t! Part I"
What in the world does AI and ChatGPT have to do with Cybersecurity? Well, this episode is going to answer that question for you, and so much more!! In today's exciting episode, Jason and Kevin discuss the incredible world of AI with special guest and white hat hacker extraordinaire, Justin "Hutch" Hutchins. The sole purpose of this episode is to touch the topic of Ai and open your mind as to how you need to be thinking about it. How might AI intermingle with the world of Cybersecurity? Is this whole thing just another over-hyped topic that will fade away...
S2 - Episode 002 2022 Breaches and Some Retrospection
In this exciting second episode of the new season, we're offering up a buffet of delicious options to feast your incessant little cybersecurity appetites on! BREACHES We start by spending time on 5 of the top breaches that took place in 2022, but shift into some real world thoughts and ideas on what concepts could have helped in preventing those types of breaches. FRAMEWORKS Jason and Kevin dig deep into their CISSP bag of tricks to discuss cybersecurity frameworks and do a bit of a shallow dive into NIST, and then migrate into the CIS Top 18 cyber controls for...
S2 - Episode 001 The Dark Web Revisited
WE ARE BACK! Happy 2023 friends In this exciting episode of or BRAND NEW season 2, Kevin and Jason make good a promise from Season 1 where they go back and take a deep dive into the Dark Web. This time, we're coming with a purpose! We go back to investigate and see what's really out there and try to separate myth from reality. Have you always wondered what really exists out on the Dark Web? Do you have a curious bone just itching to go check it all out for yourself? Well, you're in luck! In this episode, you'll...
S1 - Episode 014 Women in Cybersecurity - Part II
There is a worldwide shortage of over 3 million in the ranks of cybersecurity professionals, with half a million of that shortage in North America alone. The problem is only expected to get worse as the demand for infosec talent is expected to grow dramatically in the coming months and years. One troubling fact about this shortage of talent is that the gap could be dramatically filled if only one segment of the population were proportionately represented in the cybersecurity industry women! Join us as Kevin, Jason, and their very special guests, Kristen Twining (Senior VP of Sales) and Madison...
S1 - Episode 013 Women in Cybersecurity - Part I
There is a worldwide shortage of over 3 million in the ranks of cybersecurity professionals, with half a million of that shortage in North America alone. The problem is only expected to get worse as the demand for infosec talent is expected to grow dramatically in the coming months and years. One troubling fact about this shortage of talent is that the gap could be dramatically filled if only one segment of the population were proportionately represented in the cybersecurity industry women! Join us as Kevin, Jason, and their very special guests, Kristen Twining (Senior VP of Sales) and Madison...
S1 - Episode 012 Unraveling the Zero Trust Mystery
If you're like many others in information security, you too may struggle with understanding the concept and basic premise of "zero trust." Well, we have good news for you! After this episode, you can rest-assured that we intend to clear the fog over this very confusing topic. Join us as Kevin, Jason, and their very special guest, Brad Moldenhauer as they help unravel the mystery of zero trust by bring in one of the resident experts on the topic. Brad is the VP and CISO at Z-Scaler who comes with a lengthy history in many facets of dealing with risk...
S1 - Episode 011 The Fine Art of Social Engineering
In this exciting episode, we cover the very fascinating topic of "Social Engineering" aka: Human Hacking! Anyone that lives in Cybersecurity knows that the weakest link in any company's cyber defenses is sitting between the keyboard and the chair. Tonight, we talk all about how malicious actors try to take full advantage of that weakness and exploit it to steal your company or your personal data. Join us as Jason and Kevin converse with a special guest Ragnhild "Bridget" Sageng on all facets of this controversial topic. Bridget has several years of experience in the IT industry, working with IT-support...
S1 - Episode 010 Doomsday Breach Prepping - 101
When the world comes crumbling down and your entire existence is burning to the ground, will you be prepared to handle it? What am I talking about anyway? The post-breach apocalypse, of course. What else?! You see, we have all heard it said so many times, "It's not a matter of IF you get breached; it's a matter of WHEN!" Well, if that is true, do you think you should be making every possible effort to get as prepared as possible ahead of time? We do! That is precisely why have handpicked the special guest for this episode. Stephen Cracknell...
S1 - Episode 009 #Badgelife ft. AND!XOR
Electronic Blinky-Bling?!! What the heck is that?! Take a quick walk around the Las Vegas strip around mid-summer at the DEFCON Hacking/Security Conference and you'll find out pretty darned quick! #BADGELIFE is a sub-culture of creators, hackers, programmers, and like-minded pseudo geniuses that craft some of the coolest electronic gadgetry you're ever going to see! Imagine a sea of LEDs dancing to the music of a DJs mix, on a PCB designed to look artsy and cool. Oh, also imagine that you can hack that bad boy and play games, and set the LCD screen to your favorite animated GIF....
S1 - Episode 008 Cybersecurity Insurance Protecting Your "ASS-ets"
In this episode, Jason and Kevin join guest Ross Ingersoll, Executive Risk & Cyber Account Executive at Holmes & Murphy & Associates. We discuss the topic of cyber insurance and how being protected from today's Cyber risks can better position your company in the event of a major breach event. If you've ever wondered about what Cyber Insurance covers, or what types of things you need to be considering before you even think about applying for Cyber Insurance, then this episode will hit home! In today's Cyber climate, does your company have the risk appetite to go without the added...
S1 Episode 007 The CISSP "EXPERIENCE"
In this episode, join Jason & Kevin as they discuss the journeys they both took to obtain the coveted CISSP (Certified Information Systems Security Professional) certification from the governing body of (ISC)2. Anyone who knows ANYTHING about Cybersecurity and has aspirations of becoming a manager know that the CISSP is the most sought after certification offered. In this episode, they discuss why that is. We also discuss the various domains covered in the exam, the weightings of each domain, the exam format, and many helpful tips and tricks to help get you over the hump as you traverse your studies....
S1 - Episode 006 Surviving Your First Regulatory Audit
In this episode, Jason & Kevin join special guest Stacie Grimm, Principal at UHY. UHY is one of the Midwest's leading CPA, business advisory and M&A firms. They deliver a broad range of tax, accounting, consulting and investment banking capabilities to serve businesses as well as individuals. Stacie brings 15 years of experience as a seasoned auditor to the conversation in this episode. In this episode we hit Stacie with questions around all the differences around company assessments, reports, audits, certifications and frameworks! We talk about Internal versus External audits, and we land on anything and everything SOC (System and...
S1 - Episode 005 - API Security Land Mines
In this episode, Jason and Kevin join guest Adam Fisher, Principal Security Engineer at Salt Security. We focus on a very common threat vector and component in modern web applications, the topic of API security. API security is the process of protecting APIs from attacks. Because APIs are very commonly used, and because they enable access to sensitive software functions and data, they are becoming a primary target for attackers. In this episode, we'll look at why API security is at an all-time high on the concerns lists for companies. If it's not on your top 5 list of concerns,...
S1 - Episode 004 - The Deep Dark Web
What is this mysterious online enigma? Maybe you've heard about it and wondered, "What type of craziness would I find out there?" Cybersecurity professionals and CISSP brothers, Jason and Kevin bring a hard-hitting and action packed episode centered on all of the mysteries the Dark Web has to offer. Join them as they navigate the waters of the various internet layers, the world of anonymity via the Onion Router (TOR). Finally, take a trip down the infamous Silk Road and follow it all the way to the illusive Red Room. Who knows? You may even find out the cost to...
S1 - Episode 003 - A Manager's Perspective on Cybersecurity
Jason and Kevin join guest Eric Lough, VP of Business Development at FCP Euro to discuss how managers think and make critical decisions around Cybersecurity. Eric brings over 15 years of experience in the Automotive Aftermarket to the table. We spend the majority of the episode picking his brain on several key questions on today's challenging decisions that most managers have to make as it relates to protecting their businesses. As you'll find out in this conversation, not all of these decisions are easy! Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin...
S1 - Episode 002 - Ransomware Part II
Jason and Kevin, both CISSP's and seasoned cybersecurity professionals, join guest David Bonvillain, VP of Sales Engineering for Halcyon.ai. David shares his 20+ years of experience to dive deep into Ransomware. David shares with the audience practical ways to keep yourself safe based on his years of reverse engineering malware and his deep understanding on how they are programmed to behave. He also takes on a historical review of Ransomware, where it started, how it progressed into a major business model and recent new developments discovered in the last 2 weeks on where it is going. We conclude with information...
S1 - Episode 001 - Ransomware Part I
Jason and Kevin, both CISSP's and seasoned cybersecurity professionals, join guest Benjamin Hall CISA, CDPSE, a cybersecurity consultant to break down key understandings of Ransomware. They share Ransomware horror stories and participate in a live simple Ransomware awareness quiz game produced by the FTC. They also discuss Senior Management buy-in and provide the audience with simple tools they can implement now so they can protect themselves and their companies. Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as a Information...
S1 - Episode 000 - Welcome to the Cyber Distortion Podcast
Jason and Kevin, both CISSP's and seasoned cybersecurity professionals, breakdown 3 of the top Ransomware attacks of 2021. They give insights into why hackers found these vulnerabilities and help you understand why this podcast series is important to add to your podcast list for 2022.
Cyber Security Headlines
OpenAI's GPT-5.4-Cyber, McGraw Hill blames Salesforce for breach, signed adware disables antivirus
OpenAI rolls out GPT-5.4-Cyber McGraw Hill breach due to Salesforce misconfig Signed adware operation disables antivirus Get the show notes here: https://cisoseries.com/cybersecurity-news-openais-gpt-5-4-cyber-mcgraw-hill-blames-salesforce-for-breach-signed-adware-disables-antivirus/ Huge thanks to our sponsor, Conveyor At some point, every fast-growing SaaS team hits the same wall. The trust center is live. The SOC 2 is published. And somehow the security questionnaires just keep piling up. That's when teams realize a static trust center isn't the finish line. Conveyor is what comes next. AI that completes questionnaires automatically. A trust center customers can actually self-serve. And a knowledge base that updates itself with AI. Companies like Atlassian and...
Ransomware rivals turn on each other Fake Ledger app drains millions in crypto US Treasury wants access to Mythos Get the show notes here: https://cisoseries.com/cybersecurity-news-ransomware-drama-faked-ledger-app-treasury-wants-mythos/ Huge thanks to our sponsor, Conveyor Your trust center was a great start. But if your team is still manually answering questionnaires and fielding sales questions, it hasn't solved the problem. Conveyor goes beyond a trust center. You get a living knowledge library your AI keeps up to date, questionnaire automation that handles any format, and a self-serve experience so customers and sales teams get answers without looping in infosec. Top enterprise SaaS companies trust...
Claude Mythos Preview's capabilities, Anodot breached companies face extortion, wolfSSL flaw enables forged certificates
Claude Mythos Preview's cyber capabilities Anodot hack leaves breached companies facing extortion wolfSSL library flaw enables forged certificate use Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-mythos-previews-capabilities-anodot-breached-companies-face-extortion-wolfssl-flaw-enables-forged-certificates/ Huge thanks to our sponsor, Conveyor Three tools to manage customer security reviews is two too many. Most teams start with a trust center, bolt on a questionnaire tool, and end up with a knowledge base nobody trusts and a Slack channel full of sales pings anyway. Conveyor replaces all of it. Trust center, questionnaire automation, self-serve for sales, AI-managed knowledge library, one platform. Companies like Atlassian and Zapier already made the switch. See why...
The Department of Know is Moving to Fridays
A quick announcement: we're moving our Department of Know livestream to Fridays at 4pm ET/1 pm PT. The format will remain the same. We hope to see you there.
Adobe patches months-old Reader zero-day Critical Marimo flaw now under active exploitation Hackers claim control over Venice anti-flood pumps Get the show notes here: https://cisoseries.com/cybersecurity-news-adobe-patches-zero-day-marimo-flaw-exploited-venice-flood-threat/ Huge thanks to our sponsor, Conveyor Still manually filling out security questionnaires even though you have a trust center? A starter trust center is table stakes and the best security teams have moved way past that. Conveyor gives you an agentic trust center, AI questionnaire automation, and a self-serve layer so sales can move deals forward without pinging you every five minutes. Companies like Atlassian and Zapier made the switch. See why at conveyor.com.
Android API exposure, Acrobat Reader zero-day, Bitcoin Depot cyberattack
Google API keys in Android apps expose Gemini endpoints Acrobat Reader zero-day flaw exploited since December Cryptocurrency ATM company Bitcoin Depot reports cyberattack Check out our show notes here: https://cisoseries.com/cybersecurity-news-android-api-exposure-acrobat-reader-zero-day-bitcoin-depot-cyberattack/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping upand customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secureand keeps your deals moving. Learn more at vanta.com/ciso.
ChipSoft popped, APT28 updates, CIA cyber espionage elevation
Ransomware knocks Dutch healthcare vendor offline APT28 is keeping busy CIA quietly elevated its cyber espionage division Check out our show notes here: https://cisoseries.com/cybersecurity-news-chipsoft-popped-apt28-updates-cia-cyber-espionage-elevation/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping upand customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secureand keeps your deals moving. Learn more at vanta.com/ciso.
Anthropic's Project Glasswing, CISA funding in doubt, routers hijacked for passwords
Anthropic announces Project Glasswing U.S. seeks to slash CISA funding Russia-linked hackers hijack routers for passwords Check out our show notes here: https://cisoseries.com/cybersecurity-news-anthropics-project-glasswing-cisa-funding-in-doubt-routers-hijacked-for-passwords/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping upand customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secureand keeps your deals moving. Learn more at vanta.com/ciso.
Drift blames exploit on North Korea, GitHub attacks target South Korea, Die Linke breach threatens data leak
Drift says exploit was North Korean intelligence operation GitHub used in multi-stage attacks targeting South Korea Data leak threatened after Die Linke attack Check out our show notes here: https://cisoseries.com/cybersecurity-news-drift-blames-exploit-on-north-korea-github-attacks-target-south-korea-die-linke-breach-threatens-data-leak/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping upand customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secureand keeps your deals moving. Learn more at vanta.com/ciso.
Department of Know: Axios malware, TeamPCP campaign, New Storm infostealer
Link toepisode page This week's Department of Know is hosted by Sarah Lane, with guests Jack Kufahl,CISO,Michigan Medicine, andAdam Palmer, CISO,First Hawaiian Bank. Missed the live show? Check it outon YouTube. Huge thanks to our sponsor, Vanta Risk and regulation ramping upand customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secureand keeps your deals moving. Learn more at vanta.com/ciso.
36 Malicious npm packages exploited to deploy persistent implants Hundreds of millions to be cut from CISA in proposed budget Hackers exploit React2Shell in automated credential theft campaign Check out our show notes here: https://cisoseries.com/cybersecurity-news-malicious-npm-packages-cisa-budget-cuts-hackers-exploit-react2shell/ Huge thanks to our episode sponsor, Vanta Risk and regulation ramping upand customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secureand keeps your deals moving. Learn more at vanta.com/ciso.
Texas hospital breach, CISA orders NetScaler patch, ISO file RAT warning
250,000 affected by data Breach at Texas hospital CISA says, "patch Citrix NetScaler bug by Thursday" Researchers uncover mining operation using ISO lures Get the show notes here: https://cisoseries.com/cybersecurity-news-texas-hospital-breach-cisa-orders-netscaler-patch-iso-file-rat-warning/ Huge thanks to our sponsor, ThreatLocker Security controls fail when they break the business. Successful teams phase in protections gradually starting with visibility, then moving to enforcement. That approach allows organizations to reduce risk without overwhelming IT teams or disrupting critical workflows. Learn more at ThreatLocker.com
New iOS patches over DarkSword, FBI: surveillance hack is major incident, Cisco code stolen in Trivy-linked breach
Apple pushes new patches over DarkSword FBI: US surveillance hack is major incident Cisco code stolen in Trivy-linked breach Get the show notes here: https://cisoseries.com/cybersecurity-news-apple-pushes-new-patches-over-darksword-fbi-us-surveillance-hack-is-major-incident-cisco-code-stolen-in-trivy-linked-breach/ Huge thanks to our sponsor, ThreatLocker Detection-based security assumes you'll catch an attack in time. Control-based security assumes you won't. That mindset shift is driving more organizations to focus on preventative controls stopping unknown execution and unauthorized privilege elevation instead of relying solely on alerts after the fact. Learn more at ThreatLocker.com
Axios poisoned, TeamPCP details, Claude Code leaked
HTTP client introduces malicious dependency TeamPCP testing the open source supply chain Claude source code leaked Get the show notes here: https://cisoseries.com/cybersecurity-news-axios-poisoned-teampcp-details-claude-code-leaked/ Huge thanks to our sponsor, ThreatLocker Least privilege isn't about distrusting users it's about limiting blast radius. Many attacks succeed because malware inherits excessive permissions. Enforcing least privilege helps ensure that even if something goes wrong, attackers can't easily escalate access or move laterally across the environment. Learn more at ThreatLocker.com
macOS Terminal gets ClickFix attacks Russian court sentences 'Flint' over card fraud CareCloud probes data breach Get the show notes here: https://cisoseries.com/cybersecurity-news-macos-terminal-clickfix-attacks-russian-court-sentences-flint-carecloud-probes-data-breach/ Huge thanks to our sponsor, ThreatLocker Ransomware doesn't need to be sophisticated if it's allowed to execute. A growing number of security teams are shifting focus from detecting ransomware to preventing execution in the first place controlling applications, scripts, and installers so unauthorized code never gets the chance to run. Learn more at ThreatLocker.com
Department of Know: Gemini scours dark web, NSA worries about cybersecurity, APIs run loose
Link to episode page This week's Department of Know is hosted byRich Stroffolino with guests Dennis Pickett, vp, CISO, RTI International, and Jacob Combs, CISO, Tandem Diabetes Care Thanks to our show sponsor, ThreatLocker Many security strategies still assume everything is allowed until proven malicious. Attackers understand that model well. That's why more organizations are rethinking endpoint security shifting from detection-first tools to control-first approaches that reduce attack surface before an incident occurs. Learn more at ThreatLocker.com All links and the video of this episode can be found on CISO Series.com
FBI email theft, Lloyds Bank glitch, API keys running loose
FBI confirms theft of director's personal emails Lloyds customer data exposed in IT glitch Hundreds of valid API keys discovered on the Web Get the show notes here: https://cisoseries.com/cybersecurity-news-fbi-email-theft-lloyds-bank-glitch-api-keys-running-loose/ Huge thanks to our sponsor, ThreatLocker Most breaches don't start with a zero-day they start because something unexpected was allowed to run. One way organizations reduce risk is by shrinking the attack surface: deciding what software should be allowed to execute and blocking everything else by default. Fewer unknowns means fewer opportunities for attackers. Learn more at ThreatLocker.com
Alleged RedLine dev extradited, Red Menshen spies with BPFDoor, is US cybersecurity slipping?
Alleged RedLine dev extradited to US Red Menshen uses BPFDoor to spy Former NSA chiefs worry US cybersecurity is slipping Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-alleged-redline-dev-extradited-red-menshen-spies-with-bpfdoor-is-us-cybersecurity-slipping/ Huge thanks to our sponsor, ThreatLocker Security controls fail when they break the business. Successful teams phase in protections gradually starting with visibility, then moving to enforcement. That approach allows organizations to reduce risk without overwhelming IT teams or disrupting critical workflows. Learn more at ThreatLocker.com
Torg Grabber targets crypto wallets TeamPCP backdoors LiteLLM GitHub adds AI security bug detection Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-torg-grabber-targets-crypto-teampcp-backdoors-litellm-github-ai-bug-detection/ Huge thanks to our sponsor, ThreatLocker Detection-based security assumes you'll catch an attack in time. Control-based security assumes you won't. That mindset shift is driving more organizations to focus on preventative controls stopping unknown execution and unauthorized privilege elevation instead of relying solely on alerts after the fact. Learn more at ThreatLocker.com
FCC router ban, drone hit AWS, Crunchroll leak
FCC bans foreign routers Drone activity disrupts AWS region Crunchyroll confirmed data leak Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-fcc-router-ban-drone-hit-aws-crunchroll-leak/ Huge thanks to our sponsor, ThreatLocker Least privilege isn't about distrusting users it's about limiting blast radius. Many attacks succeed because malware inherits excessive permissions. Enforcing least privilege helps ensure that even if something goes wrong, attackers can't easily escalate access or move laterally across the environment. Learn more at ThreatLocker.com
DarkSword exploit hits GitHub, Gemini AI agents scour dark web, Trivy supply chain attack expands
New DarkSword exploit hits GitHub Gemini AI agents scour the dark web Trivy supply chain attack expands Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-darksword-exploit-hits-github-gemini-ai-agents-scour-dark-web-trivy-supply-chain-attack-expands/ Huge thanks to our sponsor, ThreatLocker Ransomware doesn't need to be sophisticated if it's allowed to execute. A growing number of security teams are shifting focus from detecting ransomware to preventing execution in the first place controlling applications, scripts, and installers so unauthorized code never gets the chance to run. Learn more at ThreatLocker.com
Department of Know: SaaS apps enable breaches, real-time cyber protection, IoT botnet takedown
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Bil Harmer, CISO, Supabase, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Many security strategies still assume everything is allowed until proven malicious. Attackers understand that model well. That's why more organizations are rethinking endpoint security shifting from detection-first tools to control-first approaches that reduce attack surface before an incident occurs. Learn more at ThreatLocker.com All links and the video of this episode can be found on CISO Series.com
International botnet takedown, California city ransomed, Azure Monitor phishing
Law enforcement seizes botnet infrastructure California city and LA transit agency report cybersecurity issues Microsoft Azure Monitor alerts used for callback phishing attacks Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-cybersecurity-news-international-botnet-takedown-california-city-ransomed-azure-monitor-phishing/ Huge thanks to our sponsor, ThreatLocker Most breaches don't start with a zero-day they start because something unexpected was allowed to run. One way organizations reduce risk is by shrinking the attack surface: deciding what software should be allowed to execute and blocking everything else by default. Fewer unknowns means fewer opportunities for attackers. Learn more at ThreatLocker.com
Critical Microsoft SharePoint flaw now exploited in attacks 1stProtect reveals endpoint security platform intended to prevent cyberattacks in real time CISA urges U.S. organizations to secure Microsoft Intune systems following Stryker breach Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-critical-sharepoint-flaw-real-time-cyberattack-prevention-cisas-intune-warning/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the...
DarkSword emerges, "ShieldGuard" dismantled, NK IT worker army rakes in money
DarkSword emerges from suspected Russian hackers "ShieldGuard" dismantled after malware discovery North Korea's fake IT worker army rakes in $500M/year Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-darksword-emerges-shieldguard-dismantled-nk-it-worker-army-rakes-in-money/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with...
Energy strategy, scammer accord, font-rendering attack
Energy Department to release first cyber strategy Tech giants sign on to fight scammers Font-rendering hides malicious commands from AI in plain sight Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-energy-strategy-scammer-accord-font-rendering-attack/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Attackers don't need malware anymore; they need trust. Tip: set a simple passphrase for high-risk actions, like wire requests or "urgent" account recovery especially within finance teams and families. If the caller can't answer it, pause and verify....
Stryker hospital tools safe, models apply to power AI scams, cybercrime up 245%
Stryker hospital tools safe, digital ordering services down Models apply to be the face of AI scams Cybercrime up 245% since Iran conflict Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-stryker-hospital-tools-safe-models-apply-to-power-ai-scams-cybercrime-up-245/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Today's phishing doesn't just hit inboxes it can sound like your CFO or look like your CEO on Zoom. AI voices, video, and deepfakes are turning trust into the attack surface. Adaptive fights back with AI-driven risk scoring,...
Department of Know: OpenAI vulnerability scanner, US new cyber strategy, VPN SEO poisoning
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Jonathan Waldrop, CISO, Acoustic, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to clone you. Adaptive helps teams spot and stop these AI-powered social engineering...
Royal Bahrain Hospital breach, Canada's Loblaw breached, New York water laws
Payload Ransomware group claims breached of Royal Bahrain Hospital Canadian food retailer Loblaw confirms data breach New York cyber regulations for water organizations launch in 2027 Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-royal-bahrain-hospital-breach-canadas-loblaw-breached-new-york-water-laws/ Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to...
Iran boosts cyberattacks, VENON targets Brazilian banks, England Hockey investigates breach
Iran boosts cyberattacks VENON targets Brazilian banks England Hockey investigates breach Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-iran-boosts-cyberattacks-venon-targets-brazilian-banks-england-hockey-investigates-breach/ Huge thanks to our sponsor, Dropzone AI If you are heading to RSAC next week, here are three things worth seeing at the Dropzone AI Diner. Booth 455, South Expo Hall. One: watch their AI SOC agents investigate real alerts live, with every reasoning step exposed. Two: meet the AI Threat Hunter, the newest agent joining the team. Three: enter the investigation competition and go head to head against the AI. Schedule your stop at dropzone.ai/rsa-2026-ai-diner.
Meta apps offer new scam protection, Google's Wiz acquisition finalized, China curbs state-run OpenClaw use
Meta apps offer new scam protection Google's Wiz acquisition finalized China curbs state-run OpenClaw use Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-meta-offers-scam-protection-googles-wiz-acquisition-finalized-china-curbs-openclaw-use/ Huge thanks to our sponsor, Dropzone AI Here is something worth asking any AI security vendor you meet at RSAC. Can you show me exactly what your AI did? Not just the verdict. The reasoning. Every tool it queried, every piece of evidence, every step it took to get there. Most cannot. Dropzone AI can. Every investigation is fully transparent. You do not have to trust the AI. You can verify it. See it...
New Cyber Command chief, Russia targets Signal, Codex Security
NSA and Cyber Command head confirmed Russians targeting encrypted messaging app users OpenAI rolls out vulnerability scanner Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-march-11-2026/ Huge thanks to our sponsor, Dropzone AI Remember yesterday's 3 AM threat intel? Here is how it plays out with Dropzone AI. The intelligence drops. Dropzone picks it up, turns it into a threat hunt, and runs it across your SIEM, EDR, and cloud data while your team sleeps. By morning, your analysts have answers, not a backlog. That is the AI Threat Hunter, the newest agent on the team, debuting at...
InstallFix spreads fake Claude sites, UNC4899 breaches crypto, UK cyber-fraud crackdown
InstallFix attacks spread fake Claude code sites UNC4899 breaches crypto firm via trojanized file UK launches cyber-fraud crackdown unit Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-installfix-spreads-fake-claude-sites-unc4899-breaches-crypto-uk-cyber-fraud-crackdown/ Huge thanks to our sponsor, Dropzone AI It is 3 AM. New threat intelligence drops. An attack pattern targeting your industry. Your threat hunting team is four people, all on day shift, and already behind on last week's hunts. By the time someone gets to it, the window for early detection has closed. The attacker is already inside. Tomorrow, I will tell you what Dropzone AI is bringing to RSAC...
Department of Know: Quantum-Safe certificates, Iranian cyberattack risks, 90 zero-days
Link to episode page This week's Department of Know is hosted by Sarah Lane with guests John Barrow, CISO, JB Poindexter & Co., and Derek Fisher, Director of the Cyber Defense and Information Assurance Program, Temple University Thanks to our show sponsor, Dropzone AI Here is a number worth knowing before RSAC. The average enterprise SOC sees tens of thousands of alerts a day. Most get triaged. A fraction get thoroughly investigated. The rest sit in the queue or get auto-closed. Dropzone AI puts AI SOC agents on every one of those alerts. Every alert investigated, end to end, across...
FBI investigates suspicious activities on agency network Over 100 GitHub repositories distributing BoryptGrab stealer Hackers abuse .arpa DNS and ipv6 to evade phishing defenses Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-fbi-network-breach-github-distributes-stealer-hackers-abuse-arpa/ Huge thanks to our sponsor, Dropzone AI Here is a number worth knowing before RSAC. The average enterprise SOC sees tens of thousands of alerts a day. Most get triaged. A fraction get thoroughly investigated. The rest sit in the queue or get auto-closed. Dropzone AI puts AI SOC agents on every one of those alerts. Every alert investigated, end to end, across your full...
Apple blocks ByteDance, Google's 90 zero-days, Iran backdoors U.S. organizations
Apple blocks ByteDance Chinese apps Google says 90 zero-days were exploited in attacks last year Iran intelligence backdoored U.S. bank, airport, software outfit networks Get the show notes here: https://cisoseries.com/cybersecurity-news-apple-blocks-bytedance-googles-90-zero-days-iran-backdoors-u-s-organizations/ Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Security training fails when it's generic. Adaptive's platform personalizes training and runs deepfake simulations across email, SMS, voice, and video. And with Adaptive's AI Content Creator, you can drop in a breaking threat or compliance doc and instantly turn it into interactive, multilingual...
Possible iPhone-hacking toolkit used by spies, Hacker mass-mails HungerRush extortion emails, Tycoon 2FA phishing platform dismantled
Possible iPhone-hacking toolkit used by spies Hacker mass-mails HungerRush extortion emails Tycoon 2FA phishing platform dismantled Get the show notes here: https://cisoseries.com/cybersecurity-news-iphone-hacking-toolkit-used-by-spies-hungerrush-extortion-emails-tycoon-phishing-platform-dismantled/ Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with realistic deepfake simulations and training that actually sticks. adaptivesecurity.com.
Quantum decryption, OpenAI's deal, South Korea leaks crypto keys
Quantum decryption gets theoretically easier OpenAI alters the deal with the Pentagon South Korea leaks crypto keys for all to see Get the show notes here: https://cisoseries.com/cybersecurity-news-quantum-decryption-openais-deal-south-korea-leaks-crypto-keys/ Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Attackers don't need malware anymore; they need trust. Tip: set a simple passphrase for high-risk actions, like wire requests or "urgent" account recovery especially within finance teams and families. If the caller can't answer it, pause and verify. Adaptive runs deepfake and vishing simulations so employees...
Chrome quantum-safe certificates, Gemini Live vulnerability, UK warns of Iranian cyberattacks
Chrome unveils quantum-safe certificates Vulnerability allowed hijacking Gemini Live UK warns of Iranian cyberattack risks Get the show notes here: https://cisoseries.com/cybersecurity-news-chrome-quantum-safe-certificates-gemini-live-vulnerability-uk-warns-of-iranian-cyberattacks/ Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Today's phishing doesn't just hit inboxes it can sound like your CFO or look like your CEO on Zoom. AI voices, video, and deepfakes are turning trust into the attack surface. Adaptive fights back with AI-driven risk scoring, deepfake simulations featuring your own executives, and interactive training your team will actually remember....
Department of Know: iPhone, iPad and Grok get greenlight, WiFi gets snitched
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Dan Holden, CISO, Commerce, and Mark Eggleston, CISO, CSC Thanks to our show sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. AI is rewriting the cybersecurity rulebook, because attackers can now scale persuasion as easily as they scale code. The real target isn't just your systems anymore; it's human trust. If you aren't actively testing your organization against AI-driven phishing, vishing, and deepfakes, you're leaving a gap criminals will...
Gottumukkala ousted, Wyden blocks Rudd, Hackers weaponize Claude
Gottumukkala ousted as CISA Director Ron Wyden blocks Rudd confirmation to lead Cyber Command, NSA Hackers Weaponize Claude Code in Mexican government cyberattack Get the show notes here: https://cisoseries.com/cybersecurity-news-gottumukkala-ousted-wyden-blocks-rudd-hackers-weaponize-claude/ Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to clone you. Adaptive helps teams spot and stop these...
NATO adopts Apple, Education and Healthcare backdoor, Apex One flaws
iPhone and iPad cleared for classified NATO work U.S. Education and Healthcare targeted with Dohdoor backdoor Trend Micro warns of critical Apex One code execution flaws Get links to all of today's news in our show notes here: https://cisoseries.com/cybersecurity-news-nato-adopts-apple-education-and-healthcare-backdoor-apex-one-flaws/ Thanks to today's episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Security training fails when it's generic. Adaptive's platform personalizes training and runs deepfake simulations across email, SMS, voice, and video. And with Adaptive's AI Content Creator, you can drop in a breaking threat or...
Google disrupts UNC2814, 3M+ impacted by TriZetto breach, Cisco bug exploited since 2023
Google disrupts UNC2814 3M+ impacted by TriZetto breach Cisco bug exploited since 2023 Get links to all of today's news in our show notes here: Thanks to today's episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with realistic deepfake simulations and training that actually...
Hacked in 30 minutes, Claude distillation, DeFi shutdown after attack
Threat actors break out in under 30 minutes Claude allegedly hit with distillation attacks DeFi platform shutting down after crypto theft Get links to all of today's news in our show notes here: https://cisoseries.com/cybersecurity-news-hacked-in-30-minutes-claude-distillation-defi-shutdown-after-attack/ Thanks to today's episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Attackers don't need malware anymore; they need trust. Tip: set a simple passphrase for high-risk actions, like wire requests or "urgent" account recovery especially within finance teams and families. If the caller can't answer it, pause and verify. Adaptive...
US healthcare breach affects 140k, experts warn against replicating humans, Shai-Hulud-like worm targets devs
140k affected by US healthcare breach Data advocates warn against replicating humans Shai-Hulud-like worm targets developers Get links to all of today's news in our show notes here: https://cisoseries.com/cybersecurity-news-us-healthcare-breach-affects-140k-experts-warn-against-replicating-humans-shai-hulud-like-worm-targets-devs/ Thanks to today's episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Today's phishing doesn't just hit inboxes it can sound like your CFO or look like your CEO on Zoom. AI voices, video, and deepfakes are turning trust into the attack surface. Adaptive fights back with AI-driven risk scoring, deepfake simulations featuring your own executives,...
Department of Know: Chrome zero-day, exploits, Copilot summarizes confidential emails, Identity abuse problems
Link to episode page This week's Department of Know is hosted byRich Stroffolinowith guestsMontez Fitzpatrick, CISO,Navvis, andPeter Gregory, author. Thanks to our show sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. AI is changing phishing, because persuasion now scales like code. And it's not just email anymore; attackers hit SMS, voice calls, and multi-step scams that jump channels. Adaptive runs AI-powered phishing simulations across email, SMS, and voice, including OSINT-based spearphishing and BEC-style scenarios, so employees practice what attacks look like. Learn more atadaptivesecurity.com. All...
Arkanix was POC, 600 Fortinet firewalls breach, Russia heightens tension
Arkanix Stealer the new AI info-stealer experiment AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks Russia stepping up hybrid attacks, preparing for confrontation with West Get links to all of today's news in our show notes here: https://cisoseries.com/cybersecurity-news-arkanix-was-poc-600-fortinet-firewalls-breach-russia-heightens-tension/ Thanks to today's episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough...
CISA's DELL order, Android AI malware, browsers as weak link
CISA orders urgent patch of Dell flaw Android malware uses Gemini to navigate infected devices Half of all cyberattacks start in the browser, says Palo Alto Networks Get the full show notes here: https://cisoseries.com/cybersecurity-news-cisas-dell-order-android-ai-malware-browsers-as-weak-link/ Huge thanks to our sponsor, Conveyor Most of what Conveyor automates is boring. Like really boring. Security questionnaires. Customer requests for things like your SOC 2. All of their follow-up questions. Answering tickets from your sales team. You know what's not boring? Alteryx using Conveyor to support over half a billion dollars in enterprise deals with a small 4 person team. All they did was set...
Microsoft Copilot summarizes confidential emails ShinyHunters takes CarGurus records Texas sues TP-Link over router hack Get the full show notes here: https://cisoseries.com/cybersecurity-news-copilot-summarizes-confidential-emails-shinyhunters-targets-cargurus-texas-sues-tp-link/ Huge thanks to our sponsor, Conveyor Every fast-growing company hits this one moment. Sales wants to close bigger enterprise deals, but this means the security team is buried in security questionnaires. Alteryx avoided the deluge of questionnaires by using Conveyor to automate their customer security reviews.The result? AI completes questionnaires, 40% more customers are supported through a self-serve trust center, and over half a billion dollars in security influenced revenue. If you're trying to scale without adding headcount,...
Hacking protestors, UK "locks the door," Kenyan politician phone cracked
Hackers target anti-government protestors UK launches "lock the door" cybersecurity campaign Cellebrite linked to phone hack on Kenyan politician Get the full show notes here: https://cisoseries.com/cybersecurity-news-hacking-protestors-uk-locks-the-door-kenyan-politician-phone-cracked/ Huge thanks to our sponsor, Conveyor Most of what Conveyor automates is boring. Like really boring. Security questionnaires. Customer requests for things like your SOC 2. All of their follow-up questions. Answering tickets from your sales team. You know what's not boring? Alteryx using Conveyor to support over half a billion dollars in enterprise deals with a small 4 person team. All they did was set up an AI trust center and use Conveyor's...
Eurail traveler data for sale, EU Parliament blocks AI features, Washington Hotel discloses ransomware hit
Eurail stolen traveler data now up for sale EU Parliament blocks AI features Japan's Washington Hotel discloses ransomware hit Get the full show notes here: Huge thanks to our sponsor, Conveyor Here's a fun question. Would you rather support more enterprise deals or answer fewer security questionnaires? Moving upmarket usually means more scrutiny and more security questions. Instead of hiring more people or slowing sales, Alteryx used Conveyor's AI to automate customer security reviews like questionnaires, SOC 2 requests, and all the back-and-forth. They supported 200% growth and over half a billion dollars in pipeline with a 4 person team....
Department of Know: VoidLink threatens multi-cloud, flaw threatens Claude extension, China practices on infrastructure
Link to episode page This week's Department of Know is hosted by Sarah Lane with guests Jon Collins, Field CTO, GigaOm, and Adam Palmer, CISO, First Hawaiian Bank Thanks to our show sponsor, Conveyor Ever dream of giving customers instant answers to their security questions without ever filling out another questionnaire? Meet Conveyor's new Trust Center Agent. The Agent lives in your Conveyor Trust Center and answers every customer question, surfaces documents and even completes full questionnaires instantly so customers can finish their review and be on their way. Top tech companies like Atlassian, Zapier, and more are using Conveyor...
Ivanti actor identified, search overviews manipulated, ClickFix leverages Nslookup
One threat actor responsible for 83% of recent Ivanti RCE attacks Google's AI search overviews manipulated by scammers Microsoft warns of DNS-based ClickFix attack that uses Nslookup Get the full show notes here: https://cisoseries.com/cybersecurity-news-ivanti-actor-identified-search-overviews-manipulated-clickfix-leverages-nslookup/ Huge thanks to our sponsor, Conveyor I'll tell you two things Conveyor can't help you with. Conveyor will not make security questionnaires fun and it will not make your sales team stop asking you questions. But it did help Alteryx support half a billion dollars in enterprise deals with the same 4 person team. All they did was get an AI trust center and use Conveyor's...
Hackers abuse Gemini, Apple patches ancient bug, CISA criticizes shutdown
Hackers abuse Gemini AI for all attack stages, says Google Apple patches decade-old possibly exploited iOS zero-day Acting CISA chief critiques potential DHS funding lapse Get the show notes here: https://cisoseries.com/cybersecurity-news-hackers-abuse-gemini-apple-patches-ancient-bug-cisa-criticizes-shutdown/ Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.
Crazy gang abuses employee monitoring tool, Nevada unveils new data classification, Georgia healthcare breach impact grows
Crazy gang abuses employee monitoring tool Nevada unveils new data classification Georgia healthcare breach impacts more than 620,000 Get the show notes here: https://cisoseries.com/cybersecurity-news-google-gets-eu-wiz-approval-microsoft-secures-secure-boot-certificates-north-korean-hackers-target-crypto-exec/ Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.
Google gets EU Wiz approval, Microsoft secures Secure Boot certificates, North Korean hackers target crypto exec
EU grants Google approval for Wiz Microsoft rolls out Secure Boot certificates before expiration North Korean hackers target crypto exec Get the show notes here: https://cisoseries.com/cybersecurity-news-google-gets-eu-wiz-approval-microsoft-secures-secure-boot-certificates-north-korean-hackers-target-crypto-exec/ Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.
UNC3886 targets Singapore telecoms, VoidLink exhibits multi-cloud capabilities and AI code, 135,000+ OpenClaw instances exposed
UNC3886 targets Singapore telecom sector VoidLink exhibits multi-cloud capabilities and AI code 135,000+ OpenClaw instances exposed to internet Get the show notes here: https://cisoseries.com/cybersecurity-news-february-10-2026/ Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.
Department of Know: GSA's CMMC requirements, AWS intruder AI heist, Moltbook raises the stakes
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Nick Ryan, former CISO, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. All links and the video of this episode can be found on CISO Series.com
OpenClaw turns to VirusTotal to boost security CISA gives federal agencies one year to remove end-of-life devices Payments platform BridgePay confirms ransomware attack Get the show notes here: https://cisoseries.com/cybersecurity-news-openclaw-embraces-virustotal-cisa-eol-deadline-ransomware-hits-bridgepay/ Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.
Substack admits data breach Russian attacks target Winter Olympics GitHub Codespaces enable RCE Get the show notes here: Huge thanks to our sponsor, Strike48 It's no secret that AI is only as good as the data available to it. Strike48 unifies agentic AI with unmatched log visibility while avoiding the typical hefty price tag. Build and deploy agents for phishing detection, alert triage, threat correlation and more. Queries existing logs where they currently live, so you can keep the technology you already have. Learn more at Strike48.com.
Ukraine tightens controls on Starlink terminals, VMware ESXi flaw now exploited, SolarWinds Web Help Desk bug under attack
Ukraine tightens controls on Starlink terminals VMware ESXi flaw now exploited SolarWinds Web Help Desk bug under attack Get the show notes here: https://cisoseries.com/cybersecurity-news-ukraine-tightens-controls-on-starlink-terminals-vmware-esxi-flaw-now-exploited-solarwinds-web-help-desk-bug-under-attack/ Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, maximizing log visibility without blowing your budget. Find threats your siloed tools miss. Get started today with pre-built AI agents and workflows that investigate, detect, and respond 24/7 or build your own at strike48.com/security.
Metro bug, more social bans, leaky Moltbook
React Native Metro bug impacts thousands of servers Greece and Spain set to ban social media for kids Moltbook shows the dangers of vibe coding Get the show notes here: https://cisoseries.com/cybersecurity-news-metro-bug-more-social-bans-leaky-moltbook/ Huge thanks to our sponsor, Strike48 Security teams are stretched. Attack surfaces and threat volumes keep growing, meanwhile SOC budgets stay flat and glorified chatbots with hallucination problems aren't helping. Strike48 is different. Agents scale independently, running investigations across your logs while your team can concentrate on the highest priority tasks that require human judgment and decision making. Try it today at Strike48.com/security.
OpenClaw targets ClawHub users Notepad++ update delivers malware APT28 attackers abuse Microsoft Office zero-day Get the show notes here: https://cisoseries.com/cybersecurity-news-openclaw-targets-clawhub-users-notepad-update-delivers-malware-apt28-attackers-abuse-microsoft-office-zero-day/ Huge thanks to our sponsor, Strike48 It's no secret that AI is only as good as the data available to it. Strike48 unifies agentic AI with unmatched log visibility while avoiding the typical hefty price tag. Build and deploy agents for phishing detection, alert triage, threat correlation and more. Queries existing logs where they currently live, so you can keep the technology you already have. Learn more at Strike48.com.
Department of Know: CISA's cryptography categories, Gottumukkala's ChatGPT gotcha, NTLM says goodbye
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Steve Zalewski, co-host, Defense in Depth, and Nick Espinosa, host, The Deep Dive Radio Show Thanks to our show sponsor, Devo/Strike 48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, maximizing log visibility without blowing your budget. Find threats your siloed tools miss. Get started today with pre-built AI agents and workflows that investigate, detect, and respond 24/7 or build your own at strike48.com/security. All links and the video of this episode can be found on CISO Series.com
Police question Coupang CEO, Russia bakery cyberattack, Australian real estate scandal
Coupang CEO questioned by police regarding data breach probe Cyberattack on large Russian bread factory disrupts deliveries Real estate agents in Australia use apps that leave lease documents at risk Get the show notes here: https://cisoseries.com/cybersecurity-news-police-question-coupang-ceo-russia-bakery-cyberattack-australian-real-estate-scandal/ Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, maximizing log visibility without blowing your budget. Find threats your siloed tools miss. Get started today with pre-built AI agents and workflows that investigate, detect, and respond 24/7 or build your own at strike48.com/security.
France fines unemployment agency, Teams flags calls, UK pushes deterrence
France fines unemployment agency 5 million over data breach Microsoft Teams addition will allow for suspicious calls to be reported UK leaders warned about absorbing cyberattacks without offensive deterrence Check out the show notes here: Huge thanks to our episode sponsor, Conveyor Want to hear a horror story? An infosec manager found out that their sales rep had filled in a customer security questionnaire themselves and sent it back to the customer without review. Which led to dozens of follow up questions. With Conveyor's Trust Center AI Agent, you can avoid all of that. The Agent lives in your Conveyor...
Sandbox flaw exposes n8n instances Fake Moltbot assistant drops malware PeckBirdy takes flight for cross-platform attacks Check out the show notes here: https://cisoseries.com/cybersecurity-news-sandbox-flaw-exposes-n8n-instances-fake-moltbot-assistant-drops-malware-peckbirdy-takes-flight-for-cross-platform-attacks/ Huge thanks to our episode sponsor, Conveyor Another security questionnaire hits your desk. Ever wish it could magically disappear? You already have the answers that customers should self-serve, but they can't find the info in your Trust Center. That's why Conveyor built the first truly agentic Trust Center. An AI Agent lives inside it, answering customer questions, sharing documents, and even completing full questionnaires instantly. Customers get what they need fast. it's magical, touchless, and extremely accurate....
US cyber chief uploaded sensitive files into public ChatGPT, Vibe-coded 'Sicarii' ransomware can't be decrypted, WhatsApp account feature combats spyware
US cyber chief uploaded sensitive files into public ChatGPT Vibe-coded 'Sicarii' ransomware can't be decrypted WhatsApp account feature combats spyware Check out the show notes here: https://cisoseries.com/cybersecurity-news-us-cyber-chief-uploaded-sensitive-files-into-public-chatgpt-vibe-coded-sicarii-ransomware-cant-be-decrypted-whatsapp-account-feature-combats-spyware/ Huge thanks to our episode sponsor, Conveyor Ever dream of giving customers instant answers to their security questions without ever filling out another questionnaire? Meet Conveyor's new Trust Center Agent. The Agent lives in your Conveyor Trust Center and answers every customer question, surfaces documents and even completes full questionnaires instantly so customers can finish their review and be on their way. Top tech companies like Atlassian, Zapier, and more are using Conveyor...
Microsoft patches Office zero-day vulnerability, Indian users targeted by Blackmoon, Konni targets blockchain developers
Microsoft patches Office zero-day vulnerability Indian users targeted by Blackmoon Konni targets blockchain developers Huge thanks to our episode sponsor, Conveyor True story, an infosec team had to give customers MapQuest style directions just to navigate their Trust Center. Spoiler: it didn't reduce follow-up questions and created even more work for everyone involved. With Conveyor's new Trust Center AI Agent, customers get answers instantly and can even upload questionnaires for the Agent to complete. This way, customers find what they need and keep moving, without your team needing to intervene.Learn more at conveyor.com
Department of Know: Davos worries, UK-China tensions, calendar concerns
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Krista Arndt, associate CISO, St. Luke's University Health Network, and Jason Shockey, CISO, Cenlar FSB Thanks to our show sponsor, Conveyor Ever dream of giving customers instant answers to their security questions without ever filling out another questionnaire? Meet Conveyor's new Trust Center Agent. The Agent lives in your Conveyor Trust Center and answers every customer question, surfaces documents and even completes full questionnaires instantly so customers can finish their review and be on their way. Top tech companies like Atlassian, Zapier, and more...
Microsoft Patch problems, Sandworm hits Poland, Dresden Museum cyberattack
Microsoft Outlook and boot problems Sandworm likely behind cyberattack on Poland's power grid Dresden museum network suffers cyberattack Huge thanks to our episode sponsor, Conveyor Ever wish your customers could magically get answers to their own security questionnaires before they ever hit your desk? We've heard this wish from hundreds of teams so Conveyor just launched a new Trust Center AI Agent. The Agent lives in your Conveyor hosted Trust Center and answers customer questions, surfaces documents and even completes full questionnaires instantly so customers can finish their review without your intervention. Join top tech companies using Conveyor today like...
Multi-stage SharePoint attack, SmarterMail bypass flaw, AI worries Davos
Multistage AiTM phishing and BEC campaign abusing SharePoint SmarterMail auth bypass flaw now exploited despite patch The problem of AI agents emerges at Davos Huge thanks to our sponsor, Dropzone AI All week we've talked about alert fatigue, MTTR, and the math that's breaking your SOC. Here's the proof. Dropzone AI is trusted by over 300 global enterprises and MSSPs. Named a Gartner Cool Vendor. Recognized in the Fortune Cyber 60. And backed by $37 million in Series B funding. But they're not stopping at a single agent. They're building toward fully agentic SOC teams where human engineers are augmented...
Tesla hacked at Pwn2Own Automotive, Everest sitting on Under Armour data? PurpleBravo fake jobs campaign targets IP addresses
Tesla hacked at Pwn2Own Automotive Everest sitting on Under Armour data? PurpleBravo fake jobs campaign targets IP addresses Huge thanks to our sponsor, Dropzone AI Quick tip for SOC leaders measuring MTTR. Stop optimizing the human. Optimize what the human has to do. Dropzone AI handles the investigation legwork autonomously. Correlating alerts, gathering evidence, documenting findings. Your analysts only engage when it actually matters. The results are investigations that took hours and now take under 10 minutes with much better accuracy of up to 30%. And analysts who can finally focus on real threats. Proven at over 300 enterprises who...
UK-China forum, Iranian TV hijacked, VoidLink made by AI
UK and China try to ease cyberattack tensions Iranian state TV hijacked VoidLink malware is AI-generated Huge thanks to our sponsor, Dropzone AI Remember yesterday's 2 AM alert? Here's how it ends differently with Dropzone AI. The alert fires. Within minutes, not hours, their AI SOC agents have already correlated logs across your entire security stack, built a complete evidence chain, and delivered a verdict. False positive, or escalate immediately. Your analyst wakes up to answers, not a queue. That's autonomous investigation at enterprise scale. Experience it for yourself at dropzone.ai.
Gemini prompt injection flaw exposes calendar info, hacker admits to Supreme Court data leak, researchers uncover PDFSIDER malware
Gemini prompt injection flaw exposes calendar info Hacker admits to leaking stolen Supreme Court data Researchers uncover PDFSIDER malware Huge thanks to our sponsor, Dropzone AI It's 2 AM. An alert fires. Possible data exfiltration. Your on-call analyst is three time zones away, half-asleep, context-switching between tools. By the time they piece together the evidence, forty-five minutes have passed. Was it a real threat or another false positive? The clock is ticking. Tomorrow, I'll tell you how 300 enterprises solved this exact problem. But if you can't wait, head over to dropzone.ai to learn more.
Department of Know: Easterly helms RSAC, Third party apps report, Self-poisoning AI
Link to episode page This week's Department of Know is hosted by Sarah Lane with guests Dmitriy Sokolovskiy, senior vice president, information security, Semrush, and Nick Espinosa, host, The Deep Dive Radio Show Thanks to our show sponsor, Dropzone AI How many alerts did your SOC investigate last week? How many sat in the queue untouched? If you don't know those numbers, or you don't like them, Dropzone AI can help. They've helped enterprises like UiPath and Zapier handle ten times more alerts without adding headcount. Their AI SOC agents work around the clock, investigating every alert autonomously. Book a...
Cybercom-NSA leadership nominee to assess dual-hat role Two-thirds of third-party applications access sensitive data without justification, says report GhostPoster browser extensions up to 840,000 installs Huge thanks to our sponsor, Dropzone AI Here's a security tip most vendors won't tell you. Your SOC analysts aren't slow. They're drowning. The average enterprise faces tens of thousands of alerts daily, and even your best analysts can only investigate so many before burnout wins. Dropzone AI changes that math. Their AI SOC agents autonomously investigate every alert, no playbooks or code required, in three to ten minutes flat. Stop triaging. Start defending. Book...
Easterly helms RSAC, Windows update problems, Police Copilot gaffe
Jen Easterly to helm RSAC Windows January update causes login problems UK police blame Copilot for intelligence mistake Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. Find the stories behind the headlines at CISOseries.com.
U.S. weighs cyberwarfare options, DeadLock uses smart contracts to hide work, China says stop using US and Israeli cybersecurity software
U.S. weighs private companies' cyberwarfare roles China: stop using US and Israeli cybersecurity software DeadLock uses smart contracts to hide work Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.
GoBruteforcer targets blockchain projects Android accessibility issue just a bug Verizon to stop automatic phone unlocks Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.
Instagram denies breach post-data leak Sweden detains consultant suspected of spying n8n supply chain attack steals OAuth tokens Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.
Department of Know: Brightspeed investigates breach, Prompt injection woes
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Johna Till Johnson, CEO and Founder, Nemertes (check out the Nemertes substack) and Jason Shockey, CISO, Cenlar FSB. Jason will be speaking at MBA Servicing Solution26 in Texas in late February. Details here. Thanks to our show sponsor, ThreatLocker Want real Zero Trust training?Zero Trust World 2026delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with...
BreachForums database leaked, Instagram breach worries, UK government exempts self
BreachForums hacking forum database leaked exposing 324,000 accounts Instagram breach exposes user data, creates password reset panic UK government exempts self from flagship cyber law Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. Find the stories behind the headlines at CISOseries.com.
Microsoft enforces admin MFA, Cisco patches ISE, Illinois breaches self
Microsoft to enforce MFA for Microsoft 365 admin center sign-ins Cisco patches ISE security vulnerability after PoC release Illinois state agency breaches itself Huge thanks to our sponsor, Hoxhunt A small tip for CISOs: if you're unsure whether your security training is actually reducing phishing risk, check out what Qualcomm achieved with Hoxhunt. They took their 1,000 highest-risk users from consistent under-performers to outperforming the rest of the company, driving measurable human risk reduction and earning a CSO50 Award. See the Qualcomm case athoxhunt.com/qualcomm Find the stories behind the headlines at CISOseries.com.
ESA confirms new data heist, Ni8mare lets hackers hijack n8n servers, Taiwan blames 'cyber army' for intrusion attempts
ESA confirms new data heist Ni8mare lets hackers hijack n8n servers Taiwan blames 'cyber army' for intrusion attempts Huge thanks to our sponsor, Hoxhunt Traditional security training fails because it treats employees like the problem. Hoxhunt treats them like the solution. AI-powered simulations mirror actual attacks hitting your inbox. Instant coaching turns mistakes into learning moments. Gamified rewards make security engaging. The result? Real behavior change that measurably reduces your risk. Thousands of companies trust Hoxhunt to transform human vulnerability into human defense. Visit hoxhunt.com/cisoseries to learn more.
UK cyber reset, no MFA is a problem, US cyberattacks on display
The UK hits reset on cybersecurity No MFA, Know Problems US may have coordinated cyberattacks with Maduro's arrest Huge thanks to our sponsor, Hoxhunt A small tip for CISOs: if you're unsure whether your security training is actually reducing phishing risk, check out what Qualcomm achieved with Hoxhunt. They took their 1,000 highest-risk users from consistent under-performers to outperforming the rest of the company, driving measurable human risk reduction and earning a CSO50 Award. See the Qualcomm case athoxhunt.com/qualcomm
European hospitality blue screen of death, Brightspeed investigates breach, Convicted Bitfinex launderer freed
European hospitality blue screen of death Brightspeed investigates breach Convicted Bitfinex launderer freed Huge thanks to our sponsor, Hoxhunt Traditional security training fails because it treats employees like the problem. Hoxhunt treats them like the solution. AI-powered simulations mirror actual attacks hitting your inbox. Instant coaching turns mistakes into learning moments. Gamified rewards make security engaging. The result? Real behavior change that measurably reduces your risk. Thousands of companies trust Hoxhunt to transform human vulnerability into human defense. Visit hoxhunt.com/cisoseries to learn more.
Department of Know: Sedgewick confirms incident, Coupang store credit only, AI needs generators
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Peter Clay, CISO, Aireon, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, HoxHunt A small tip for CISOs: if you're unsure whether your security training is actually reducing phishing risk, check out what Qualcomm achieved with Hoxhunt. They took their 1,000 highest-risk users from consistent under-performers to outperforming the rest of the company, driving measurable human risk reduction and earning a CSO50 Award. See the Qualcomm case at hoxhunt.com/qualcomm All links and the video of this episode can be found on...
Palo Alto AI warning, Resecurity hack fiasco, Christmas ColdFusion attack
Palo Alto Networks boss calls AI agents biggest insider threat Hackers claim Resecurity hack, firm says it was a honeypot Thousands of ColdFusion exploit attempts spotted during Christmas holiday Huge thanks to our sponsor, Hoxhunt A small tip for CISOs: if you're unsure whether your security training is actually reducing phishing risk, check out what Qualcomm achieved with Hoxhunt. They took their 1,000 highest-risk users from consistent under-performers to outperforming the rest of the company, driving measurable human risk reduction and earning a CSO50 Award. See the Qualcomm case athoxhunt.com/qualcomm Find the stories behind the headlines at CISOseries.com.
NYC Inauguration bans Flipper Zero, UK taxes crypto, Finland seizes ship
NYC mayoral inauguration bans Flipper Zero and Raspberry Pi devices Crypto must now share account details with UK tax officials Finland seizes suspected cable sabotage ship Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 atztw.com. Find the stories behind the headlines at CISOseries.com.
Hackers drain millions from Unleash Protocol DarkSpectre campaigns exposed Shai-Hulud attack led Trust Wallet heist Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 atztw.com.
Silver Fox targets Indian users, Mustang Panda deploys ToneShell, will prompt injection ever be 'solved'?
Silver Fox targets Indian users Mustang Panda deploys ToneShell Will prompt injection ever be 'solved'? Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 atztw.com.
Coupang recovers laptop in river, Trust Wallet reports 2k+ wallets drained, Sax discloses 2024 data breach
Coupang recovers laptop allegedly thrown into river Trust Wallet reports 2k+ wallets drained Sax discloses 2024 data breach Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 atztw.com.
The Department of Know: year in review and predictions
Link to episode page To end off a tumultuous year, our final Department of Know episode of 2025 features a chat between hostRich Stroffolino and producer Steve Prentice. Join them as they chat about the biggest stories of 2025, the trends we are seeing, and what we can expect in the new year. Thanks to our show sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on...
Rainbow Six Siege breach, backup generators for AI, LastPass reverberations
Rainbow Six Siege suffers breach, gamers go shopping Diesel generators and aircraft engines in high demand to power AI LastPass 2022 breach reverberates through crypto world Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. Find the stories behind the headlines at CISOseries.com.
Fortinet VPN exploit, Google gmail change, Aflac breach update
Active exploitation of Fortinet VPN bypass utility observed Google possibly allowing users to change default gmail address June Aflac attack resulted in data theft Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. Find the stories behind the headlines at CISOseries.com
Scams target MENA region, pen testers accused of blackmail, DDoS protection faces fresh challenges
Coordinated scams target MENA region Pen Test Partners accused of 'blackmail' Hackers steal record $2.7B in crypto in 2025 Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.
ServiceNow to acquire cybersecurity startup Armis, MacSync Stealer adopts quieter installation, Nissan customer data stolen in Red Hat raid
ServiceNow to acquire cybersecurity startup Armis MacSync Stealer adopts quieter installation Nissan customer data stolen in Red Hat raid Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.
Spotify music library scraped, DDoS disrupts French postal services, Fake delivery sites hit holiday shoppers
Spotify music library scraped DDoS disrupts France's postal and banking services Fake delivery websites hit holiday shoppers Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.
Department of Know: President signs defense bill, time flies at NIST, Italian ferry malware
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Jason Taule, CISO, Luminis Health, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. All links and the video of this episode can be found on CISO Series.com
President signs defense bill funding Cyber Command, Pentagon phone security Iranian APT Infy resurfaces with new malware Massive Android botnet Kimwolf launches DDoS attack Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 46 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. Find the stories behind the headlines at CISOseries.com.
Windows RemoteApp problems, ferry malware arrest, Senator's open-source warning
Recent Windows updates break RemoteApp connections France arrests threat actors for installing malware on Italian ferry Senate Intel chair urges safeguard against open-source software threats Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Security training fails when it's generic. Adaptive's platform personalizes training and runs deepfake simulations across email, SMS, voice, and video. And with Adaptive's AI Content Creator, you can drop in a breaking threat or compliance doc and instantly turn it into interactive, multilingual training no designers, no delays. Learn more at adaptivesecurity.com....
FTC orders crypto to pay, New exploit of React2Shell, Ukraine fraud ring take down
FTC orders crypto to pay New exploit of React2Shell Ukraine-based fraud ring taken down Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. In deepfake scams, the tells aren't glitchy video anymore it's behavior: "Do this right now," or "keep it secret." If you hear urgency and secrecy together, stop and verify through a second channel. Call a known number, start a chat thread, or ask something only the real person would know. Adaptive trains teams against exactly these tactics. Learn more at adaptivesecurity.com.
Rogue NuGet package steals data Venezuela's PDVSA suffers attack Patched Fortinet flaws exploited Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Picture a "new hire" who interviews well except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with realistic deepfake simulations and training that actually sticks. Learn more at adaptivesecurity.com.
US taps private firms in cyber offensive, Microsoft updates cause queuing failures, phishing campaign delivers Phantom Stealer
US turns to private firms in cyber offensive Microsoft updates cause queuing failures Phishing campaign delivers Phantom stealer Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Attackers don't need malware anymore; they need trust. Tip: set a simple passphrase for high-risk actions, like wire requests or "urgent" account recovery especially within finance teams and families. If the caller can't answer it, pause and verify. Adaptive runs deepfake and vishing simulations so employees practice this before it's real. Learn more at adaptivesecurity.com.
Department of Know: MITRE's weaknesses list, DoD goes postquantum, Coupang fallout
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Andy Ellis, Principal, Duha, and Johna Till Johnson, CEO and Founder, Nemertes Research Thanks to our show sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. AI is rewriting the cybersecurity rulebook, because attackers can now scale persuasion as easily as they scale code. The real target isn't just your systems anymore; it's human trust. If you aren't actively testing your organization against AI-driven phishing, vishing, and deepfakes, you're leaving a gap criminals will...
MongoDB records exposed, Apple WebKit patches, Coupang culprit identified
16TB MongoDB database exposes nearly 4.3 billion professional records Apple posts updates after discovery of WebKit flaws Coupang data breach traced to ex-employee Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to clone you. Adaptive helps teams spot and stop these AI-powered social engineering attacks. Learn more at adaptivesecurity.com. Find the...
'DroidLock' demands ransom, Google fixes secret Chrome 0-day, UK fines LastPass over 2022 breach
'DroidLock' malware demands ransom Google fixes secret Chrome 0-day UK fines LastPass over 2022 breach Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Security training fails when it's generic. Adaptive's platform personalizes training and runs deepfake simulations across email, SMS, voice, and video. And with Adaptive's AI Content Creator, you can drop in a breaking threat or compliance doc and instantly turn it into interactive, multilingual training no designers, no delays. Learn more at adaptivesecurity.com.
Coupang CEO resigns, hactivists target US infrastructure, Israeli cybersecurity hits record funding
CEO of retail giant Coupang resigns Pro-Russia hactivists target US infrastructure Israeli cybersecurity funding hits record Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. In deepfake scams, the tells aren't glitchy video anymore it's behavior: "Do this right now," or "keep it secret." If you hear urgency and secrecy together, stop and verify through a second channel. Call a known number, start a chat thread, or ask something only the real person would know. Adaptive trains teams against exactly these tactics. adaptivesecurity.com.
Spain arrest over data records, goodbye dark Telegram, scammers poison AI search results
Spain arrest over data records Goodbye, dark Telegram Scammers poison AI search results Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Picture a "new hire" who interviews well except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with realistic deepfake simulations and training that actually sticks. adaptivesecurity.com.
Ransomware costs billions, cybercrime leads to real violence, three arrested for hacking tools
Ransomware payments pass $4.5 billion Cybercrime networks orchestrate real-world violence Three arrested over possessing hacking tools Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Attackers don't need malware anymore; they need trust. Tip: set a simple passphrase for high-risk actions, like wire requests or "urgent" account recovery especially within finance teams and families. If the caller can't answer it, pause and verify. Adaptive runs deepfake and vishing simulations so employees practice this before it's real. adaptivesecurity.com.
Department of Know: CISO hiring warning, critical threat actor law, Microsoft Defender outage
Link to episode page This week's Department of Know is hosted by Sarah Lane with guests Jason Shockey, CISO, Cenlar FSB, and Mike Lockhart, CISO, Eagleview Thanks to our show sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. AI is rewriting the cybersecurity rulebook, because attackers can now scale persuasion as easily as they scale code. The real target isn't just your systems anymore; it's human trust. If you aren't actively testing your organization against AI-driven phishing, vishing, and deepfakes, you're leaving a gap criminals will exploit. Adaptive runs...
Palo Alto VPN attacks, NATO cyberdefense exercise, Chinese exploit React2Shell
New wave of VPN login attempts on Palo Alto portals NATO holds its largest-ever cyberdefense exercise Chinese hackers exploiting React2Shell bug Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to clone you. Adaptive helps teams spot and stop these AI-powered social engineering attacks. Learn more at adaptivesecurity.com. Find the stories...
Predator spyware, Russia blocks FaceTime, US cyber strategy coming
Predator spyware spotted across several countries Russia blocks FaceTime Draft US cyber strategy set for January release Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com/CISO
Record-breaking DDoS attack React bug puts servers at risk RansomHouse attack Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com/CISO
Microsoft Defender outage disrupts threats, Apple resists India's app order, MuddyWater strikes Israel
Microsoft Defender outage disrupts threats Apple resists India's state-run app order MuddyWater strikes Israel with MuddyViper Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com/CISO
India orders web safety app, arrests over IP camera snooping, Albiriox shows up on dark web
India orders web safety app Arrests over IP camera snooping Albiriox shows up on dark web Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com/CISO
Department of Know: Prompt injection problems, California browser law, Hacklore's security myths
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Mathew Biby, director, cybersecurity, TixTrack, and Derek Fisher, Director of the Cyber Defense and Information Assurance Program, Temple University Thanks to our show sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and...
Asahi ransomware details, California browser law, Windows Teams accelerated
Japanese brewer Asahi provides details regarding October ransomware attack California law regulating web browsers might impact national data privacy Microsoft to speed up Teams Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com/CISO Find...
Microsoft blocks Entra, AI scammer legislation, ASUS patches AiCloud
Microsoft to block unauthorized scripts in Entra ID logins with 2026 CSP update New legislation targets scammers that use AI to deceive ASUS firmware patches critical AiCloud vulnerability Huge thanks to our episode sponsor, KnowBe4 Cybersecurity isn't just a tech problemit's a human one. That's why KnowBe4's Human Risk Management platform allows you to measure, quantify and actuallyreduce human risk across your organization. With AI-powered risk scoring, automated coaching and reporting, HRM+ helps you surface your highest risk users and reduce the risk of data breaches and cyberattacks proactively. Ready to move from awareness to action? Request a demo of...
AWS outage botnet smacks 28 countries, LLMs help malware authors evade detection, Anthropic pressed over Claude espionage
AWS outage botnet smacks 28 countries LLMs help malware authors evade detection Anthropic questioned over Claude espionage Huge thanks to our episode sponsor, KnowBe4 Cybersecurity isn't just a tech problemit's a human one. That's why KnowBe4's Human Risk Management platform allows you to measure, quantify and actuallyreduce human risk across your organization. With AI-powered risk scoring, automated coaching and reporting, HRM+ helps you surface your highest risk users and reduce the risk of data breaches and cyberattacks proactively. Ready to move from awareness to action? Request a demo of HRM+ today at knowbe4.com.
CISA warns of app break-ins, StealC V2 spread through blender files, Russian entrepreneur arrested for treason
CISA warns of app break-ins StealC V2 spread through blender files Russia arrests cybersecurity entrepreneur for treason Huge thanks to our episode sponsor, KnowBe4 Cybersecurity isn't just a tech problemit's a human one. That's why KnowBe4's Human Risk Management platform allows you to measure, quantify and actuallyreduce human risk across your organization. With AI-powered risk scoring, automated coaching and reporting, HRM+ helps you surface your highest risk users and reduce the risk of data breaches and cyberattacks proactively. Ready to move from awareness to action? Request a demo of HRM+ today at knowbe4.com.
CISA orders feds to patch OIM, Delta Dental incurs breach, Ukraine postal operator systems down
CISA orders feds to patch OIM Delta Dental of Virginia incurs data breach Systems down at postal operator in Ukraine Huge thanks to our episode sponsor, KnowBe4 Cybersecurity isn't just a tech problemit's a human one. That's why KnowBe4's Human Risk Management platform allows you to measure, quantify and actuallyreduce human risk across your organization. With AI-powered risk scoring, automated coaching and reporting, HRM+ helps you surface your highest risk users and reduce the risk of data breaches and cyberattacks proactively. Ready to move from awareness to action? Request a demo of HRM+ today at knowbe4.com.
Department of Know: Overconfidence new zero-day, FCC torches Salt Typhoon rules, AI uninsurable
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Keith Townsend, Keith Townsend, host CTO Advisor Podcast, founder of The Advisor Bench, and creator of the Virtual CTO Advisor; and Howard Holton, CEO, GigaOm Thanks to our show sponsor, Knowbe4 Cybersecurity isn't just a tech problemit's a human one. That's why KnowBe4's Human Risk Management platform allows you to measure, quantify and actuallyreduce human risk across your organization. With AI-powered risk scoring, automated coaching and reporting, HRM+ helps you surface your highest risk users and reduce the risk of data breaches and cyberattacks...
CrowdStrike insider catch, Spanish airline breach, AI not insurable
CrowdStrike catches insider feeding information to hackers Spanish airline Iberia suffers breach and data leak AI is too risky to insure, say insurers Huge thanks to our episode sponsor, KnowBe4 Cybersecurity isn't just a tech problemit's a human one. That's why KnowBe4's Human Risk Management platform allows you to measure, quantify and actuallyreduce human risk across your organization. With AI-powered risk scoring, automated coaching and reporting, HRM+ helps you surface your highest risk users and reduce the risk of data breaches and cyberattacks proactively. Ready to move from awareness to action? Request a demo of HRM+ today at knowbe4.com. Find...
Sturnus captures encrypted chats, PowerSchool schools blamed, SEC security bill
Sturnus Android Trojan captures encrypted chats and hijacks devices Canadian regulators say schools share blame for PowerSchool hack Bill reintroduced to bolster cybersecurity at Securities and Exchange Commission Huge thanks to our episode sponsor, KnowBe4 Your email gateway isn't catching everything and cybercriminals know it. That's why there's KnowBe4's Cloud Email Security platform. It's not just another filterit's a dynamic, AI-powered layer of defense that detects and stops advanced threats before they reach your users' inbox. Request a demo of KnowBe4's Cloud Email Security at knowbe4.com or visit them this week at Microsoft Ignite booth #5523. Find the stories behind...
Cloudflare blames database Crypto heist takedown WhatsApp flaw exposed billions Huge thanks to our episode sponsor, KnowBe4 Your email gateway isn't catching everything and cybercriminals know it. That's why there's KnowBe4's Cloud Email Security platform. It's not just another filterit's a dynamic, AI-powered layer of defense that detects and stops advanced threats before they reach your users' inbox. Request a demo of KnowBe4's Cloud Email Security at knowbe4.com or visit them this week at Microsoft Ignite booth #5523.
FCC to torch Salt Typhoon rules, Group claims Danish party website hits, MI5 warns Chinese spies are on LinkedIn
FCC to torch rules from Salt Typhoon Group claims hits on Danish party websites MI5 warns Chinese spies are using LinkedIn Huge thanks to our episode sponsor, KnowBe4 Your email gateway isn't catching everything and cybercriminals know it. That's why there's KnowBe4's Cloud Email Security platform. It's not just another filterit's a dynamic, AI-powered layer of defense that detects and stops advanced threats before they reach your users' inbox. Request a demo of KnowBe4's Cloud Email Security at knowbe4.com or visit them this week at Microsoft Ignite booth #5523.
Azure hit by DDoS, Kenyan government sites recover, EVALUSION emerges
Azure hit by DDoS using 500K IPs Kenyan government websites back online EVALUSION emerges Huge thanks to our episode sponsor, KnowBe4 Your email gateway isn't catching everything and cybercriminals know it. That's why there's KnowBe4's Cloud Email Security platform. It's not just another filterit's a dynamic, AI-powered layer of defense that detects and stops advanced threats before they reach your users' inbox. Request a demo of KnowBe4's Cloud Email Security at knowbe4.com or visit them this week at Microsoft Ignite booth #5523.
Department of Know: Autonomous AI cyberattack, CISOs back to work, bus kill switches
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Robb Dunewood, Host, Daily Tech News Show, and Howard Holton, CEO, GigaOm Thanks to our show sponsor, KnowBe4 Your email gateway isn't catching everything and cybercriminals know it. That's why there's KnowBe4's Cloud Email Security platform. It's not just another filterit's a dynamic, AI-powered layer of defense that detects and stops advanced threats before they reach your users' inbox. Request a demo of KnowBe4's Cloud Email Security at knowbe4.com or visit them this week at Microsoft Ignite booth #5523. All links and the video...
Windows 10 update failure, autonomous AI cyberattack, Feds fumble Cisco patches
Microsoft warns of potential Windows 10 update failure China-backed hackers launch first large-scale autonomous AI cyberattack Feds fumbled Cisco patches requirements, says CISA Huge thanks to our episode sponsor, KnowBe4 Your email gateway isn't catching everything and cybercriminals know it. That's why there's KnowBe4's Cloud Email Security platform. It's not just another filterit's a dynamic, AI-powered layer of defense that detects and stops advanced threats before they reach your users' inbox. Request a demo of KnowBe4's Cloud Email Security at knowbe4.com or visit them this week at Microsoft Ignite booth #5523. Find the stories behind the headlines at CISOseries.com.
Cyber laws reprieved, Microsoft screen capture, FBI highlights Akira
Two key cyber laws are back as president signs bill to end shutdown Microsoft's screen capture prevention for Teams users is finally rolling out FBI calls Akira top five ransomware variant out of 130 targeting U.S. businesses Huge thanks to our sponsor, Vanta What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" ....or the really scary one: "how do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling...
Mobile blackout for Russian travelers, Windows 11 supports 3rd party passkeys, Synology patches BeeStation flaw
Mobile internet blackout for Russian travelers Windows 11 supports 3rd-party passkey apps Synology patches BeeStation flaw Huge thanks to our sponsor, Vanta What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" ....or the really scary one: "how do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta...
Google's remote-wipe weapon, Qilin ransomware activity surges, GootLoader is back
Google's Find Hub turns into remote-wipe weapon Qilin ransomware activity surges GootLoader is back Huge thanks to our sponsor, Vanta What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" ....or the really scary one: "how do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta also fits...
Reauthorizing CISA, Electric bus kill switches, GDPR for AI
CISA reauthorization Denmark and Norway investigating electric bus "kill switches" European Commission looking to simplify privacy laws for AI Huge thanks to our sponsor, Vanta What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" ....or the really scary one: "how do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security...
Department of Know: Cybercriminals join forces, SleepyDuck" exploits Ethereum, passwords still awful
Link to episode page This week's Department of Know is hosted byRich Stroffolinowith guestsJacob Coombs, CISO,Tandem Diabetes Care, andRoss Young, Co-host,CISO Tradecraft Thanks to our show sponsor, Vanta What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" .or the really scary one: "how do I get out from under these old tools and manual processes? EnterVanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies...
runC Docker threats, lost iPhone scam, Landfall spyware warning
runC flaws could allow hackers to escape Docker containers Lost iPhone scam warning Landfall Android spyware targets Samsung Galaxy phones Huge thanks to our sponsor, Vanta What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" ....or the really scary one: "how do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your...
Hackers use Hyper-V, Cisco UCCX flaw, The Louvre's password
Hackers use Windows Hyper-V to evade EDR detection Critical Cisco UCCX flaw lets attackers run commands as root The Louvre's video security password was reportedly Louvre Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats stop them with ThreatLocker. Find the stories behind the headlines at CISOseries.com.
Google uncovers PROMPFLUX, CISA warns of CentOS Web Panel bug, Threat group targets academics
Google uncovers PROMPTFLUX malware CISA warns of CentOS Web Panel bug Threat group targets academics Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here with ThreatLocker
Scattered Spider, LAPSUS$, ShinyHunters join forces, Nikkei data breach impacts 17k people, React Native NPM flaw leads to attacks
Scattered Spider, LAPSUS$, and ShinyHunters join forces Nikkei reports data breach impacting 17,000 people React Native NPM flaw leads to attacks Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats stop them with ThreatLocker.
"SleepyDuck" uses Ethereum to keep command server alive SesameOp abuses OpenAI Assistants API Organized crime cybercrooks steal cargo Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here with ThreatLocker
Department of Know: Azure security pitfalls, retailer cyberattack profits, Aardvark eats bugs
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Davi Ottenheimer, vp, digital trust and ethics, Inrupt, and Rob Teel, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats stop them with ThreatLocker. All links and the video of this episode can be found...
Australia BadCandy warning, Cisco firewall attack, Aardvark eats bugs
Australia warns of BADCANDY attacks exploiting Cisco IOS XE Chinese hackers exploiting Cisco ASA firewalls used by governments worldwide OpenAI's Aardvark GPT-5 agent finds and fixes code flaws automatically Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats stop them with ThreatLocker. Find the stories behind the headlines at CISOseries.com.
LinkedIn AI opt-out, NSA leadership candidates, Python foundation withdraws
LinkedIn users have until Monday to opt out of its AI training program New names surface for NSA leadership Open-source security group pulls out of U.S. grant, citing DEI restrictions Huge thanks to our sponsor, Conveyor Security reviews don't have to feel like a hurricane. Most teams are buried in back-and-forth emails and never-ending customer requests for documentation or answers. But Conveyor takes all that chaos and turns it into calm. AI fills in the questionnaires, your trust center is always ready, and sales cycles move without stalls. Breathe easiercheck out Conveyor at www.conveyor.com. Find the stories behind the headlines...
LG Uplus confirms breach, Conduent attack impacts 10M+, hackers exploit tools against Ukraine
LG Uplus confirms cybersecurity incident 10 million+ impacted by Conduent breach Russian hackers exploit tools against Ukrainian targets Huge thanks to our sponsor, Conveyor Security reviews don't have to feel like a hurricane. Most teams are buried in back-and-forth emails and never-ending customer requests for documentation or answers. But Conveyor takes all that chaos and turns it into calm. AI fills in the questionnaires, your trust center is always ready, and sales cycles move without stalls. Breathe easiercheck out Conveyor at www.conveyor.com.
Android malware types like a human, sanctions weaken cyber ecosystems, side-channel extracts Intel, AMD secrets
New Android malware types like a human Sanctions weaken nation-state cyber ecosystems Side-channel attack extracts Intel, AMD secrets Huge thanks to our sponsor, Conveyor Have you been personally victimized by a questionnaire this week? The queue never ends. But Conveyor can change that story. With AI that answers questionnaires of any format, and a trust center that handles document sharing, security reviews get done without the stress. Feel calm in the chaos with Conveyor. Learn more at www.conveyor.com.
Atlas browser hijacked Bye, bye Twitter birdie Dante spyware surfaces Huge thanks to our sponsor, Conveyor Security reviews don't have to feel like a hurricane. Most teams are buried in back-and-forth emails and never-ending customer requests for documentation or answers. But Conveyor takes all that chaos and turns it into calm. AI fills in the questionnaires, your trust center is always ready, and sales cycles move without stalls. Breathe easiercheck out Conveyor at www.conveyor.com.
Department of Know: Promoting passphrases, questioning international security conferences, gift card hackers
Link to episode page This week's edition of The Department of Knowis hosted by Rich Stroffolino with guests Bil Harmer, operating partner and CISO, Craft Ventures, and Sasha Pereira, CISO, WASH Thanks to our show sponsor, ThreatLocker If security questionnaires make you feel like you're drowning in chaos, you're not alone. Endless spreadsheets, portals, and questionsalways when you least expect them. Conveyor brings calm to the storm. With AI that auto-fills questionnaires and a trust center that shares all your docs in one place, you'll feel peace where there used to be panic. Find your security review zen at www.conveyor.com....
Microsoft WSUS vulnerability, LastPass death hoax, Copilot phishing technique
Microsoft WSUS vulnerability could allow for remote code execution Fake LastPass death claims used to breach password vaults New CoPhish attack steals OAuth tokens via Copilot Studio agents Huge thanks to our sponsor, Conveyor If security questionnaires make you feel like you're drowning in chaos, you're not alone. Endless spreadsheets, portals, and questionsalways when you least expect them. Conveyor brings calm to the storm. With AI that auto-fills questionnaires and a trust center that shares all your docs in one place, you'll feel peace where there used to be panic. Find your security review zen at www.conveyor.com. Find the stories...
Week in Review: AI powered cyberattacks, Chinese time hacked, the 72 hour workweek
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guests David Cross, CISO, Atlassian, and davidcrosstravels.com, and Montez Fitzpatrick, CISO, Navvis Thanks to our show sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats stop them with ThreatLocker. All links and the video of this episode can be found...
Jingle Thief exploit, Lazarus targets jobseekers, the 72 hour workweek
Jingle Thief hackers steal millions in gift cards by exploiting cloud infrastructure Lazarus hackers targeted European defense companies Deep Tech work culture pushes for 72 hour workweeks Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats stop them with ThreatLocker. Find the stories behind the headlines at CISOseries.com.
TP-Link urges updates for Omada gateways MuddyWater targets organizations in espionage campaign "SessionReaper" flaw exploited in Adobe Commerce Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here with ThreatLocker
Russian hackers replace malware with new tools, Windows updates cause login issues, campaign targets high-profile servers
Russian state hackers replace burned malware with new tools Recent Windows updates cause login issues on some PCs Sophisticated campaign targets servers of high-profile organizations Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats stop them with ThreatLocker.
AWS outage, NSA hacking accusations, High risk WhatsApp automation
DNS failure leads to AWS outage China accuses NSA of hacking national time center Chrome store flooded with high-risk WhatsApp automation Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here with ThreatLocker
Europol dismantles 49 million fake account SIM farm Envoy Air confirms Oracle E-Business Suite compromise Cybercrime group Everest claims Collins Aerospace hack Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats stop them with ThreatLocker. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guests Tom Hollingsworth, networking technology advisor, The Futurum Group, as well as on BlueSky, and Brett Conlon, CISO, American Century Investments Thanks to our show sponsor, Vanta What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" .or the really scary one: "how do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence,...
Sotheby's suffers cyberattack Hackers exploit Cisco SNMP flaw in "Zero Disco' attacks Microsoft revokes more than 200 certificates to disrupt ransomware campaign Huge thanks to our sponsor, Vanta What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" ....or the really scary one: "how do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and...
MANGO discloses data breach, Jewelbug infiltrates Russian IT network, nation-state behind F5 attack?
MANGO discloses data breach Threat group 'Jewelbug' infiltrates Russian IT network F5 discloses breach tied to nation-state threat actor Huge thanks to our sponsor, Vanta What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" ....or the really scary one: "how do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security...
Legacy Windows protocols expose theft, Fortra admits GoAnywhere defect, Taiwan claims surge in Chinese attacks
Legacy Windows protocols still expose theft Fortra admits exploitation of GoAnywhere defect Taiwan claims surge in Chinese attack efforts Huge thanks to our sponsor, Vanta What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" ....or the really scary one: "how do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security...
Salesforce data leak, SimonMed breach, Chipmaker vs. Dutch government
Millions of records exposed in Salesforce data leak SimonMed breach grows from hundreds to over a million Dutch government freezes Chinese-owned chipmaker Huge thanks to our sponsor, Vanta What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" ....or the really scary one: "how do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and...
Huge thanks to our sponsor, Vanta What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" ....or the really scary one: "how do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep...
Week in Review: Crowdsourced ransomware campaign, Windows 10 woes, California opts out
Link to episode page This week's Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guests Mike Lockhart, CISO Eagleview, and Dustin Sachs, chief technologist at CyberRisk collaborative, and author of Behavioral Insights in Cybersecurity Thanks to our show sponsor, ThreatLocker Cybercriminals don't knock they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here with ThreatLocker" All links and the video of this...
Microsoft Azure outage, law firm cyberattack, Russian hacktivists pwned
Azure outage blocks access to Microsoft 365 services and admin portals Major U.S. law firm suffers cyberattack Hacktivists aiming for critical infrastructure get pwned Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats stop them with ThreatLocker. Learn more at ThreatLocker.com. Find the stories behind the headlines at CISOseries.com.
DeepMind fixes vulnerabilities, California offers data opt-out, China-Nexus targets open-source tool
Google DeepMind's AI agent finds and fixes vulnerabilities California law lets consumers universally opt out of data sharing China-Nexus actors weaponize 'Nezha' open source tool Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here with ThreatLocker. Learn more at ThreatLocker.com.
North Korean attackers steal crypto. Who's sending UK phones to China? Avnet confirms data breach
North Korean hackers steal more than $2B in crypto Group suspected of sending stolen UK phones to China Avnet confirms breach, says stolen data unreadable Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats stop them with ThreatLocker. Learn more at ThreatLocker.com.
Unity vulnerability, Oracle zero-day patched, Discord user info exposed
Unity vulnerability puts popular games at risk Oracle zero-day exploit patched Third-party breach claims Discord user info Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here with ThreatLocker. Learn more at ThreatLocker.com.
ParkMobile breach settlement, UK schools vulnerable, Zimbra calendar attacks
ParkMobile 2021 data breach class action suit concludes UK government study suggests secondary schools larger target than businesses Zimbra Collaboration Suite flaw used in calendar attacks Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats stop them with ThreatLocker. Learn more at ThreatLocker.com. Find the stories behind the headlines at CISOseries.com.
Week in Review: Shutdown furloughs CISA, DoD risk framework, Oracle extortion problem
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Nick Espinosa, nationally syndicated host of The Deep Dive Radio Show, with guest Steve Zalewski, co-host, Defense in Depth Thanks to our show sponsor, Nudge Security Here's the thing: your employees are signing up for new apps, sharing data, and connecting tools together, often without anyone knowing. And, AI adoption is accelerating this trend. What if you could continuously discover when people start using new apps or sharing data, then prompt them with security guidance right when and where they are working? At Nudge Security,...
Government shutdown furloughs most CISA staff Microsoft Defender bug triggers erroneous BIOS update alerts Motility RV software company suffers cyberattack Huge thanks to our sponsor, Nudge Security Here's the thing: your employees are signing up for new apps, sharing data, and connecting tools together, often without anyone knowing. And, AI adoption is accelerating this trend. What if you could continuously discover when people start using new apps or sharing data, then prompt them with security guidance right when and where they are working? At Nudge Security, we call that securing the Workforce Edge. Instead of trying to control everything (which,...
Breaches set for North America, Outlook bug needs Microsoft support, Air Force admits SharePoint issue
Breach notification letters set to flood North America's mailboxes New bug in classic Outlook only fixed via Microsoft support Air Force admits SharePoint privacy issue over breach Huge thanks to our sponsor, Nudge Security AI notetakers like Otter AI spread fast. In fact, one Nudge Security customer discovered 800 new accounts created in only 90 days. Viral AI notetakers introduce a slew of data privacy risks by gaining access to calendars and adding themselves to every meeting. Nudge Security can help. Within minutes of starting a free trial, you'll see every AI app, account, and integration, even those created in...
China-linked group linked to new malware, 2024 VMware zero-day still exploited, iOS fixes a bevy of glitches
China-Linked Group Hits Governments With Stealth Malware Chinese hackers exploit VMware zero-day since October 2024 Apple's iOS fixes a bevy of glitches Huge thanks to our sponsor, Nudge Security The SaaS supply chain is a hot mesh. As your workforce introduces new SaaS apps and integrations, hidden pathways are created that attackers can exploit to gain access to core business systems. That's exactly what happened in the Drift breach, and it will happen again. But, all is not lost. Nudge Security gives you the visibility and control you need to stop these attacks. Within minutes of starting a free trial,...
Microsoft blocks AI code, Breach hits WestJet, Harrods suffers new data incident
AI-generated code used in phishing campaign blocked by Microsoft WestJet notifies American consumers of data breach Ukrainian cops spoofed in fileless phishing attacks on Kyiv Huge thanks to our sponsor, Nudge Security AI tools have spread to every corner of your tech stack, which is great for innovation, but not so great for data governance. That's where Nudge Security comes in. Nudge discovers shadow AI across your org - chatbots, MCP integrations, AI in the supply chain, and more. And, Nudge delivers guardrails to employees to help you stop data leakage before it even starts. The best part? You'll have...
Dutch espionage arrest, DOD risk management framework, Oyster malvertising
Dutch teenagers arrested for attempted espionage for Russia DoD announces replacement for risk management framework Fake Microsoft Teams installers deliver Oyster malware Huge thanks to our sponsor, Nudge Security Here's the thing: your employees are signing up for new apps, sharing data, and connecting tools together, often without anyone knowing. And, AI adoption is accelerating this trend. What if you could continuously discover when people start using new apps or sharing data, then prompt them with security guidance right when and where they are working? At Nudge Security, we call that securing the Workforce Edge. Instead of trying to control...
Week in Review: Jaguar Land Rover attack, indirect prompt injections, card farms in NYC
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by David Spark with guests Brett Conlon, CISO, American Century Investments, and TC Niedzialkowski, Head of Security & IT, OpenDoor Thanks to our show sponsor, Conveyor Still stuck in security review chaos week after week? You're not the only one. But with Conveyor, teams finally get to a place of Questionnaire Zen. Our AI auto-fills answers across any format of questionnaire, even portals, and an enterprise-ready trust center keeps documents and policies ready for instant sharing. No more manual copy-pasting. No more last-minute scrambles. Just calm,...
Windows 10 extension, teenage Vegas hacker released, Boyd Gaming hacked
Microsoft to offer free Windows 10 security updates in Europe Teenage Vegas casino hacker released to parents Boyd Gaming hacked, employee data stolen Huge thanks to our sponsor, Conveyor Logging into yet another security questionnaire portal on a Friday at 3pm? Yeah, that's chaos. Conveyor AI is your fast path to calm. It finds every question no matter the format and fills in the answersacross portals, spreadsheets, PDFs, you name it. So instead of grinding through copy-paste, you get a first pass of accurate answers in minutes. Find your Friday Zen at www.conveyor.com. Find the stories behind the headlines at...
Suspect arrested over airport attack, DDoS attack hits new record, BRICKSTORM backdoor steals IPs
Person arrested in connection with airport attack Record-breaking DDoS attack hits new highs China-linked attackers use 'BRICKSTORM' backdoor to steal IP Huge thanks to our sponsor, Conveyor Security reviews don't have to feel like a hurricane. Most teams are buried in back-and-forth emails and never-ending customer requests for documentation or answers. But Conveyor takes all that chaos and turns it into calm. AI fills in the questionnaires, your trust center is always ready, and sales cycles move without stalls. Breathe easiercheck out Conveyor at www.conveyor.com.
European airports restore services, CISA deals with GeoServer exploit, Jaguar Land Rover extends shutdown
European airports restoring services after system breach CISA deals with GeoServer exploit App for outing Charlie Kirk's critics leaks personal data Huge thanks to our sponsor, Conveyor Have you been personally victimized by a questionnaire this week? The queue never ends. But Conveyor can change that story. With AI that answers questionnaires of any format, and a trust center that handles document sharing, security reviews get done without the stress. Feel calm in the chaos with Conveyor. Learn more at www.conveyor.com.
EDR-Freeze tool suspends security software DeepMind updates Frontier Safety Framework Major vendors withdraw from MITRE EDR Evaluations Huge thanks to our sponsor, Conveyor Security reviews don't have to feel like a hurricane. Most teams are buried in back-and-forth emails and never-ending customer requests for documentation or answers. But Conveyor takes all that chaos and turns it into calm. AI fills in the questionnaires, your trust center is always ready, and sales cycles move without stalls. Breathe easiercheck out Conveyor at www.conveyor.com.
European airport cyberattack, SMS celltower scam, GPT4-powered ransomware
European airport disruption due to cyberattack check-in and baggage software SMS scammers now using mobile fake cell towers GPT-4-powered MalTerminal malware creates ransomware and Reverse Shell Huge thanks to our sponsor, Conveyor If security questionnaires make you feel like you're drowning in chaos, you're not alone. Endless spreadsheets, portals, and questionsalways when you least expect them. Conveyor brings calm to the storm. With AI that auto-fills questionnaires and a trust center that shares all your docs in one place, you'll feel peace where there used to be panic. Find your security review zen at www.conveyor.com. Find the stories behind the...
Week in Review: Student hackers increase, CISA wants CVE, Microsoft called hypocritical
Link to episode page This week'sCyber Security Headlines Week in Review is hosted by Rich Stroffolino with guests Jack Kufahl, CISO, Michigan Medicine, and Nick Espinosa, host, The Deep Dive Radio Show Thanks to our show sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means...
Google patches zero-day, Copilot's forced installation, Scattered Spider arrests
Google patches sixth Chrome zero-day exploited in attacks this year Microsoft to force install the Microsoft 365 Copilot app in October Two more Scattered Spider teen suspects arrested Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and...
Insight Partners warns thousands after ransomware breach Scattered Spider gang feigns retirement, breaks into bank instead Consumer Reports calls Microsoft 'hypocritical' Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster deal cycles. Win with Trust. Learn...
Cyber programs extended, older Apple devices attacked, chatbots aid phishing scams
House lawmakers move to extend two key cyber programs Apple 0-day likely used in spy attacks affected older devices Reuters crafts phishing scam with AI chatbot help Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster...
Android moving to "risk-based" security updates CISA accused of Cyber Incentive mismanagement How security practitioners use LLMs Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster deal cycles. Win with Trust. Learn more at SafeBase.io.
ShinyHunters hits Vietnam National Credit Information Center HybridPetya is a Petya/NotPetya copycat with UEFI Secure Boot bypass CISA seeks control over CVE Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster deal cycles. Win with Trust....
Week in Review: Qantas penalizes executives, UK cyberlegislation delayed, SonicWall VPN flaws
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guests Rob Teel, CTO, Oklahoma Department of Commerce and Howard Holton, CEO, GigaOm Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Likeright now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta.Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They...
SonicWall SSL VPN flaws now being actively exploited Acting federal cyber chief outlines his priorities U.S. based investors in spyware firms nearly tripled in 2024 Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like...
npm update, Cursor Autorun flaw details, Microsoft probe over Ascension hack?
The npm incident: nothing to fret about? Cursor Autorun flaw lets repositories execute code without consent Senator Wyden urges FTC to probe Microsoft over Ascension hack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows...
Thousands had data leaked in blood center ransomware attack UK Electoral Commission recovers, 3 years after China hack Npm packages with 2 billion weekly downloads targeted in supply chain attack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They...
GhostAction campaign, scam centers grow, GPUGate hits IT
GhostAction campaign targets GitHub Scam centers see huge growth in Myanmar GPUGate targets IT firms Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security...
New malware phishing campaign hidden in SVG files Anthropic agrees to pay $1.5bn in book piracy lawsuit Qantas penalizes executives for cyberattack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,...
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Ray Espinoza, vp of information security, Elite Technology Thanks to our show sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com
France cookie fines, CISA TP-Link KEV, sports piracy takedown
France fines Google and Shein over cookie misconduct CISA adds more TP-Link routers flaws to its KEV catalog World's largest sports piracy site shut down Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Fintech foils bank heist, NotDoor backdoor, Salesloft-Drift impact continues drifting
Fintech foils bank heist NotDoor backdoor Salesloft-Drift impact continues drifting Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Google: Gmail is secure, Cloudflare blocks largest DDoS attack, Amazon shutters theft campaign
'2.5 billion Gmail users at risk'? Entirely false, says Google Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps Jaguar Land Rover says cyberattack 'severely disrupted' production Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
LLM legalese prompts, Maryland Transit cyberattack, hacking into university
LegalPwn technique hides LLMs prompts inside contract legalese Maryland Transit investigating cyberattack Hacker attempts to forge his way into Spanish university Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Velociraptor forensic tool used for C2 tunneling City of Baltimore gets socially engineered to the tune of $1.5 million Ransomware gang takedowns create more smaller groups Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Week in Review: Citrix RCE flaw, steganography revived, major telecom fiasco
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Johna Till Johnson, CEO and founder, Nemertes Thanks to our show sponsor, Prophet Security Ever feel like your security team is stuck in a loop of alert fatigue and manual investigations? Meet Prophet Security. Their Agentic AI SOC Platform automates the tedious stuff: triaging, investigating, and responding to alerts - so your analysts can focus on real threats. Think 10x faster response times and a smarter way to secure your business. Learn more at prophetsecurity.ai. All links and the video of...
Malicious nx Packages, AI worker scam, Salt Typhoon attacks Netherlands
Malicious nx Packages leak GitHub, Cloud, and AI Credentials North Korean remote worker scheme boosted by generative AI The Netherlands announces Salt Typhoon penetration Huge thanks to our sponsor, Prophet Security Security teams are drowning in alerts - many companies generate upwards of 1000 or more alerts a day, and nearly half go ignored. That's where Prophet Security comes in. Their AI SOC platform automatically triages and investigates alerts, so your team can focus on real threats instead of busywork. Faster response, less burnout, and lower risk to your business. Learn more atprophetsecurity.ai. Find the stories behind the headlines at...
Salt Typhoon expands, AI-powered ransomware, Anthropic warns of vibe-hacking
FBI warns of expanded Chinese hacking campaign AI-powered ransomware is a thing now Anthropic warns about "vibe-hacking" Huge thanks to our sponsor, Prophet Security SOC analyst burnout is real - repetitive tasks, poor tooling, and constant alert noise are driving them out. Prophet Security fixes this. Their Agentic AI Analyst handles alert triage and investigation - work that 69% of cybersecurity leaders say is the best use for AI in the SOC. Say goodbye to burnout, and hello to efficiency. Check outprophetsecurity.ai.
DOGE puts critical SS data at risk? CISA warns of new exploited flaw, K-Pop stock heist attacker extradited to South Korea
DOGE Put Critical Social Security Data at Risk, Whistle-Blower Says CISA warns of actively exploited Git code execution flaw Alleged mastermind behind K-Pop celebrity stock heist extradited to South Korea Huge thanks to our sponsor, Prophet Security Your security analysts didn't sign up to chase false alarms all day. With Prophet Security's AI SOC platform, they won't have to. It works like a tireless teammatetriaging and investigating alerts around the clock. Less burnout. Better coverage. And more time for meaningful work. Learn more atprophetsecurity.ai.
Farmers Insurance also hit by Salesforce breach, UpCrypter phishing campaign, Pakistan hits Indian government agencies
If Salesforce flutters its wings in San Francisco... How is this still tricking people? From tagging to bagging Huge thanks to our sponsor, Prophet Security Security teams are drowning in alerts - many companies generate upwards of 1000 or more alerts a day, and nearly half go ignored. That's where Prophet Security comes in. Their AI SOC platform automatically triages and investigates alerts, so your team can focus on real threats instead of busywork. Faster response, less burnout, and lower risk to your business. Learn more atprophetsecurity.ai.
Malicious Go module, new Mirai botnet, Silk Typhoon exploits cloud
Malicious Go module steals credentials via Telegram Mirai-based botnet resurfaces targeting systems globally Silk Typhoon hackers exploit cloud trust to hack downstream customers Huge thanks to our sponsor, Prophet Security Ever feel like your security team is stuck in a loop of alert fatigue and manual investigations? Meet Prophet Security. Their Agentic AI SOC Platform automates the tedious stuff: triaging, investigating, and responding to alerts - so your analysts can focus on real threats. Think 10x faster response times and a smarter way to secure your business. Learn more at prophetsecurity.ai. Find the stories behind the headlines at CISOseries.com.
Week in Review: Celebrating 5 years of Cyber Security Headlines
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino. This is our milestone edition, celebrating five years of the daily Cyber Security Headlines news podcast. Our guests today will be the CSH reporters themselves, reflecting on some stories from this week as well as their favorite stories from the past few years. Joining Rich live will be Hadas Cassorla and Steve Prentice, with videos from Sarah Lane and Lauren Verno. Thanks to our show sponsor, Conveyor Does logging into a portal security questionnaire feel like punishment? We get it. Other solutions offer...
Apple's urgent update, Scattered Spider sentence, Microsoft seeks SSD feedback
Apple urges iPhone, iPad and Mac update ASAP Scattered Spider operative gets 10 years and a big fine Microsoft seeks customer feedback on SSD failure issues Huge thanks to our sponsor, Conveyor Does logging into a portal security questionnaire feel like punishment? We get it. Other solutions offer browser extensions that require you to do all the copy-pasting. It's slow, tedious, and frustrating. Conveyor takes care of it for you. Our AI auto-scrolls, finds every question, and fills in accurate answersall automatically.Oh, and our AI completes security questionnaires of any format, not just portals. Visit www.conveyor.com to learn more. Find...
Apple zero-day patch, Jailbreaking ChatGPT-5 Pro, 7-year old Cisco Vulnerability exploited
A patch today keeps the zero-day away Jailbreaking ChatGPT-5 Pro The thing about vulnerabilities is they stay vulnerable Huge thanks to our sponsor, Conveyor It's Thursday. Have you been personally victimized by a portal security questionnaire this week? Most solutions just give you a browser extension to copy and paste answers in, still leaving hours of manual work. With Conveyor, you don't have to slog through it yourself. Just open the portal and Conveyor's AI will scroll through each page, find the questions, and fill in answers for youstart to finish. See how at www.conveyor.com Find the stories behind the...
UK drops Apple backdoor mandate, Allianz Life breach impacts 1.1M, attack stifles speed cameras
UK agrees to drop 'backdoor' mandate for Apple devices Massive Allianz Life data breach impacts 1.1M people Speed cameras knocked out after cyber attack Huge thanks to our sponsor, Conveyor If portal questionnaires were a person, you'd block them by now. Endless clicks, bad navigation, and expanding questions stacked like russian nesting dolls, all add up to hours of your life you'll never get back. Conveyor's AI browser extension auto-completes any portal questionnaire without the copy and paste like those other browser extensions on the market. Spend less time battling portals and more time on work that matters. Learn more...
Workday breach, post-quantum alliance, Chinese group targets Taiwan
Workday confirms data breach An alliance to unify post-quantum cryptography New Chinese threat actor targeting Taiwan Huge thanks to our sponsor, Conveyor If the thought of logging into a portal questionnaire makes you want to throw your laptop away, you're not alone. Most solutions just give you a browser extension to copy and paste answers, still leaving hours of manual work. With Conveyor, you don't have to slog through it yourself. Just open the portal and Conveyor's AI will scroll through each page, find the questions, and fill in answers for youstart to finish. Spend less time battling portals and...
Cisco firewall warning, Colt Telecom cyberattack, CISA's OT request
Cisco warns of maximum-severity defect in firewall software UK's Colt Telecom suffers cyberattack CISA implores OT environments to lock down critical infrastructure Huge thanks to our sponsor, Conveyor Have you been personally victimized by portal security questionnaires? Conveyor is here to help. Endless clicks, bad navigation, and expanding questions stacked like Russian nesting dolls, all add up to hours of your life you'll never get back. With Conveyor's AI-powered browser extension, you can open a portal questionnaire, scan for questions, and watch it auto-populate your answers back into the portal without the copy and paste. See how at www.conveyor.com Find...
Week in Review: ShinyHunters-Scattered Spider merge, DARPA AI prize, Water infrastructure volunteers
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Steve Zalewski, co-host, Defense in Depth Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Likeright now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like...
NFC fraud reappears, Canada government breach, Zoom's critical flaw
New wave of NFC relay fraud, call hijacking, and root exploits in banking sector Canada's House of Commons suffers cyberattack Zoom fixes critical Windows client flaw that could enable privilege escalation Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001....
Court filing system hack explained, PA AG weighs in on attack, Fortinet attacks raise concerns
Hack of federal court filing system exploited security flaws known since 2020 Pennsylvania attorney general says cyberattack knocked phone, email systems offline Spike in Fortinet VPN brute-force attacks raises zero-day concerns Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001....
Fortinet SSL VPNs getting hammered, The Netherlands critical infrastructure compromise, Africa the most targeted for cyber attacks
The hits just keep on coming Where's the Little Dutch Boy when you need him? I felt the ransomware down in Africa Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,...
North Korean crypto theft, Microsoft rolls out back up, four charged in global scheme
North Korean crypto theft Microsoft rolls out PC back up during attack U.S. charges four in $100M global fraud scheme Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting,...
DARPA code prize, ScarCruft adds ransomware, Columbia breach tally
DARPA awards $4 million prize for AI code review at DEF CON North Korea ScarCruft group adds ransomware to its activities Columbia University hack affects over 860,000 Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key...
Week in Review: UK LegalAid collapse, public ransomware approval, Salesforce breach impact
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Montez Fitzpatrick, CISO, Navvis Thanks to our show sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO All links and the video of this episode can be found on CISO Series.com
Hybrid Exchange flaw, France telecom breach, Dialysis company attack
Microsoft warns of high-severity flaw in hybrid Exchange deployments France's third-largest mobile operator suffers breach Dialysis company's April attack affects 900,000 people Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Gemini AI hijacked, Nvidia rejects AI chip backdoors, phishers abuse Microsoft 365
Hackers hijacked Google's Gemini AI with a poisoned calendar invite to take over a smart home Nvidia rejects US demand for backdoors in AI chips Google says hackers stole its customers' data by breaching its Salesforce database Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
PBS confirms data breach, TSMC fires engineers over theft, Cloudflare: Perplexity is web scraping
PBS confirms data breach after employee info leaked on Discord servers TSMC fires engineers over suspected semiconductor secrets theft Cloudflare on Perplexity web scraping techniques to avoid robot.txt and network blocks Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
Microsoft & Google lead zero day exploits, Plague Linux malware maintains SSH access, panel to create US Cyber Force
Microsoft and Google among most affected as zero day exploits jump 46% Vietnamese hackers use PXA Stealer, hit 4,000 IPs and steal 200,000 passwords globally New Plague Linux malware stealthily maintains SSH access Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
Akira's SonicWall zero-day, UK Legal-Aid suffers, Luxembourg 5G attack
Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Week in Review: Surveillance camera vulnerabilities, data sovereignty conundrum, French submarine cyberattack
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Derek Fisher, Director of the Cyber Defense and Information Assurance Program, Temple University also check out Derek's substack. Thanks to our show sponsor, Dropzone AI Security teams everywhere are drowning in alerts. That's why companies like Zapier and CBTS turned to Dropzone AIthe leader in autonomous alert investigation. Their AI investigates everything, giving your analysts time back for real security work. No more 40-minute rabbit holes. If you're at BlackHat, find them in Startup City. Otherwise, check out their self-guided demo...
ATM Raspberry Pi breach, Easterly West Point cancellation, Chinese company-hacker link
NATM network breached and attacked through 4G Raspberry Pi Easterly's appointment to West Point rescinded Report links Chinese companies to tools used by state-sponsored hackers Huge thanks to our sponsor, Dropzone AI Security teams everywhere are drowning in alerts. That's why companies like Zapier and CBTS turned to Dropzone AIthe leader in autonomous alert investigation. Their AI investigates everything, giving your analysts time back for real security work. No more 40-minute rabbit holes. If you're at BlackHat, find them in Startup City. Otherwise, check out their self-guided demo atdropzone.ai. This is how modern SOCs are scaling without burning out. Find...
Oh No! Lenovo, French submarine data breach, Russian pharmacy cyberattack
Oh No! Lenovo You sunk my battleship! Or did you? Russians unable to get a taste of their own medicine Huge thanks to our sponsor, Dropzone AI Security teams everywhere are drowning in alerts. That's why companies like Zapier and CBTS turned to Dropzone AIthe leader in autonomous alert investigation. Their AI investigates everything, giving your analysts time back for real security work. No more 40-minute rabbit holes. If you're at BlackHat, find them in Startup City. Otherwise, check out their self-guided demo atdropzone.ai. This is how modern SOCs are scaling without burning out. Find the stories behind the headlines...
Critical Authentication Flaw Identified in Base44 Vibe Coding Platform French telecom giant Orange discloses cyberattack FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation Huge thanks to our sponsor, Dropzone AI What if your SOC could investigate every single alert without burning out your team? That's exactly what Dropzone AI does. They're the leader in autonomous security investigations, and companies like Zapier and Fortune 500s are already on board. Their AI works alongside your analysts, handling the routine so humans can be strategic. See them at BlackHat in Startup City, booth 6427. Or experience it yourselfdropzone.ai has a self-guided...
Russian flights grounded, Naval group breach, dating app exposed
Hacktivist attack grounds Russian flights Naval group denies breach, hackers beg to differ Dating app breach exposes thousands of women's pictures Huge thanks to our sponsor, Dropzone AI Let me tell you about Dropzone AIthey're revolutionizing how security teams work. Companies like CBTS and Zapier use their AI to investigate alerts automatically, freeing up analysts for the work that really matters. We're talking 40-minute investigations done in 3 minutes. You can meet the Dropzone team at BlackHat in Startup City, or just head todropzone.ai for a self-guided demo. Trust me, this is the future of security operations.
NASCAR announces breach, Plankey for CISA, 365 Admin outage
NASCAR announces data breach following March cyberattack Plankey appears to be on track to lead CISA Microsoft investigates another outage affecting 365 admin center Huge thanks to our sponsor, Dropzone AI Today's sponsor is Dropzone AI, the leader in AI-powered SOC automation. Major companies like Zapier and UiPath are using Dropzone to give their security teams superpowers. Imagine your analysts focusing on real threats while AI handles every routine investigationin minutes, not hours. If you're heading to BlackHat, stop by their booth in Startup City. But you don't have to waitcheck out their self-guided demo atdropzone.ai and see why Fortune...
Week in Review: Aruba's hardcoded passwords, Clorox wipes supplier's mess, AI tool deletes everything
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Nick Espinosa, host, The Deep Dive Radio Show Thanks to our show sponsor, Nudge Security Nudge Security discovers new apps, accounts, and data-sharing in real-time and helps guide employees toward secure behaviors. Instead of trying to control everything, we give IT and security teams the visibility and automation they need to secure the Workforce Edge. All links and the video of this episode can be found on CISO Series.com
SonicWall releases patches, The Com warning, Compromised Amazon Q extension
SonicWall announces SMA 100 patches FBI warns about The Com Compromised Amazon Q extension deletes everything Huge thanks to our sponsor, Nudge Security Nudge Security discovers new apps, accounts, and data-sharing in real-time and helps guide employees toward secure behaviors. Instead of trying to control everything, we give IT and security teams the visibility and automation they need to secure the Workforce Edge. Find the stories behind the headlines at CISOseries.com.
Goodbye toha, AI deletes live data, Adobe apps advisory activated
Goodbye toha, or as they say in Russian, "Trust the AI," they said. "What could go wrong?" they said Adobe apps advisory activated Huge thanks to our sponsor, Nudge Security Trying to squeeze a few more items into your budget? Nudge Security can help by discovering up to TWO YEARS of historical SaaS spend along with usage insights so you can eliminate wasted spend. In fact, Nudge Security customer KarmaCheck was able to recoup 150% of their investment in Nudge within the first 6 months. See where you can save money by starting a free trial at nudgesecurity.com/spend.
Sharepoint hack linked to Chinese groups, NGOs targeted with phishing tactics, engineer admits US missile theft
Microsoft links Sharepoint ToolShell attacks to Chinese hackers Russian threat actors target NGOs with new OAuth phishing tactics Silicon Valley engineer admits theft of US missile tech secrets Huge thanks to our sponsor, Nudge Security Nudge Security discovers every SaaS app used in your org, secures configurations, enforces MFA, and manages app-to-app access so you can prevent identity based attacks. Start a free 14-day trial today at NudgeSecurity.com
SharePoint patched, World Leaks hits Dell, $44 million crypto theft
SharePoint RCE flaws patched and exploited from China Dell acknowledges World Leaks data breach $44 million stolen from crypto exchange Huge thanks to our sponsor, Nudge Security Nudge Security discovers every GenAI tool ever used in your org, even those you've never heard of. For each tool, you'll see who introduced it, who else is using it, where it's integrated into other tools, and a vendor security profile. Get your free GenAI inventory today at NudgeSecurity.com.
Aruba password warning, SharePoint zero day, Russian vodka maker attacked
Hewlett Packard warns of hardcoded passwords in Aruba access points SharePoint zero-day exploited via RCE, no patch available Russian vodka producer suffers ransomware attack Huge thanks to our sponsor, Nudge Security Discover every SaaS account ever created by anyone in your org within minutes of starting a free trial. Harden configs, enforce MFA, revoke risky app-to-app access, and more. Learn more at NudgeSecurity.com Find the stories behind the headlines at CISOseries.com.
Week in Review: Pentagon's Chinese Engineers, Gemini's email phish, 20-year-old railroad flaw persists
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Cyrus Tibbs, CISO, PennyMac Thanks to our show sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com
Taiwan semiconductor sector hacked, Salt Typhoon breaches National Guard, Congress ponders Stuxnet
Chinese hackers use Cobalt Strike on Taiwan's semiconductor sector Salt Typhoon breaches National Guard and steals network configurations Congress considers Stuxnet to manage OT threats Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Google's AI tool finds bugs, Europol disrupts hacktivist group, SquidLoader targets Hong Kong
Google says 'Big Sleep' AI tool found bug hackers planned to use Google fixes actively exploited sandbox escape zero day in Chrome China's cyber sector amplifies Beijing's hacking of U.S. targets Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
Chinese engineers at Pentagon, HazyBeacon malware, MITRE framework: AADAPT
Pentagon welcomes Chinese engineers into its environment HazyBeacon: It's not a beer, but it leaves a bitter aftertaste What the world needs now is another framework Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
EU age verification, train brakes vulnerability, Grok-4 jailbroken
EU states to test age verification app (Reuters) AAR pledges to start fixing 20-year old vulnerability next year (Security Week) Grok-4 jailbroken in two days (Infosecurity Magazine) DoD awards contracts for agentic AI (Reuters) eSIM vulnerability exposes billions of IoT devices (Infosecurity Magazine) UK launches Vulnerability Research Initiative (Bleeping Computer) Interlock ransomware using FileFix for malware (Bleeping Computer) Disinformation groups spoofs European journalists (The Record) Elmo gets hacked (AP News) Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with...
CitrixBleed2 urgent fix, Gemini email flaw, Louis Vuitton cyberattack
CISA gives one day for Citrix Bleed 2 fix Google Gemini flaw hijacks email summaries for phishing Louis Vuitton says UK customer data stolen in cyber-attack Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Week in Review: ChatGPT URL vulnerability, McDonald's password problem, Perfekt Bluetooth blunder
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Jim Bowie, vp, CISO, Tampa General Hospital Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Likeright now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows...
Outlook outage continues, Iranian APT activity, Russian ransomware arrest
Look Out! Another Outlook Outage Iranian APTs increased activity against U.S. industries in late spring Russian basketball player arrested in France over alleged ransomware ties Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like...
AMD has CPU meltdown, Mozilla Thunderbird has vulnerabilities, Indian defense sector attacked
AMD warns of new Meltdown, Spectre-like bugs affecting CPUs Multiple vulnerabilities in Mozilla Thunderbird could allow for arbitrary code execution Bitcoin Depot breach exposes data of nearly 27,000 crypto users, More than $40 million stolen from GMX crypto platform Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over...
Rubio Spoofed, RondoDox Botnet, Batavia Spyware
Four members of President Trump's cabinet impersonated Is this some kind of a game? Batavia attacks Russian industrial companies Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and...
Call of Duty game pulled, U.S. military gets cybersecurity boost, Bank employee helped hackers
Call of Duty game pulled from PC store after reported exploit U.S. military gets cybersecurity boost Bank employee helped hackers steal $100M Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,...
Ingram Micro cyberattack, Telefonica possible breach, LLM URL recommendation problem
Ingram Micro suffers ransomware attack Hacker leaks Telefnica data allegedly from new breach ChatGPT prone to recommending wrong URLs, creating a new phishing opportunity Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,...
Undetectable Android spyware is detectable, Hunters ransomware quits, Salt Typhoon dormant
Undetectable Android spyware leaks user logins Hunters ransomware group shuts doors Medical device company Surmodics reports cyberattack Huge thanks to our sponsor, Palo Alto Networks You're moving fast in the cloud and so are attackers. But while SecOps and cloud security teams are working in silos, attackers are exploiting the gaps between them. Cortex Cloud by Palo Alto Networks bridges this divide, unifying teams and stopping attacks with real-time cloud security that includes AI-powered protection, detection and automated response capabilities. Threats are stopped in minutes instead of days, and teams can finally protect cloud environments at the speed and scale...
Columbia hack, hunger relief ransomware, Qantas breach
Student data lost in Columbia University hack German hunger relief charity hit by ransomware Qantas contact center breached Huge thanks to our sponsor, Palo Alto Networks You're moving fast in the cloud and so are attackers. But while SecOps and cloud securityteams are working in silos, attackers are exploiting the gaps between them. Cortex Cloud by Palo Alto Networks bridges this divide, unifying teams and stopping attackswith real-time cloud security that includes AI-powered protection, detection and automatedresponse capabilities. Threats are stopped in minutes instead of days, and teams can finally protect cloudenvironments at the speed and scale of modern attacks....
Google issues Chrome security update, ICC targeted by new attack, Microsoft nixes Authenticator password management
Chrome Zero-Day CVE-2025-6554 under active attack Google issues security update International Criminal Court targeted by new 'sophisticated' attack Kelly Benefits says 2024 data breach impacts 550,000 customers, Esse Health says recent data breach affects over 263,000 patients Huge thanks to our sponsor, Palo Alto Networks You're moving fast in the cloud and so are attackers. But while SecOps and cloud securityteams are working in silos, attackers are exploiting the gaps between them. Cortex Cloud by Palo Alto Networks bridges this divide, unifying teams and stopping attackswith real-time cloud security that includes AI-powered protection, detection and automatedresponse capabilities. Threats are stopped...
New Iran warning, Chinese surveillance company banned, CISA names new executive director
U.S. agencies issue urgent warning over Iran threat Canada bans Chinese surveillance company CISA names new executive director Huge thanks to our sponsor, Palo Alto Networks You're moving fast in the cloud and so are attackers. But while SecOps and cloud securityteams are working in silos, attackers are exploiting the gaps between them. Cortex Cloud by Palo Alto Networks bridges this divide, unifying teams and stopping attackswith real-time cloud security that includes AI-powered protection, detection and automatedresponse capabilities. Threats are stopped in minutes instead of days, and teams can finally protect cloudenvironments at the speed and scale of modern attacks....
Hawaiian Airlines cyberattack, United Natural Foods update, Russia throttles Cloudflare
Hawaiian Airlines suffers cyberattack United Natural Foods says cyber incident will impact quarterly income Russia throttles Cloudflare making sites inaccessible Huge thanks to our sponsor, Palo Alto Networks You're moving fast in the cloud and so are attackers. But while SecOps and cloud securityteams are working in silos, attackers are exploiting the gaps between them. Cortex Cloud by Palo Alto Networks bridges this divide, unifying teams and stopping attackswith real-time cloud security that includes AI-powered protection, detection and automatedresponse capabilities. Threats are stopped in minutes instead of days, and teams can finally protect cloudenvironments at the speed and scale of...
Week in Review: Qilin adds lawyers, Iranian spearphishing campaign, Microsoft Direct Send hack
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Bil Harmer, operating partner and CISO, Craft Ventures. Check out Bil's page, KillSwitchAdvisory. Thanks to our show sponsor, ThreatLocker Alert fatigue, false positives, analyst burnoutyou know the drill. What if you could stop threats before they run? ThreatLocker gives CISOs what they've been asking for: real control at the execution layer. Only approved apps, scripts, and executables run. Period. Known-good is enforced. Everything else? Denied by default. Ringfencing and storage control keep even trusted tools in their laneso PowerShell doesn't become...
Iranian-backed spearphishing campaign, Microsoft Outlook fix, Glasgow suffers cyberattack
Iranian-backed spearphishing campaign seeks out cybersecurity experts Microsoft fixes Outlook bug causing crashes when opening emails Glasgow City Council suffers cyberattack Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Patient death linked to ransomware, BreachForums busted again, nOAuth vulnerability
NHS confirms patient death linked to ransomware attack BreachForums busted again Thousands of SaaS apps still vulnerable to nOAuth Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
70 Microsoft Exchange servers targeted, Apple, Netflix, Microsoft sites hacked, data breach hits Aflac
Hackers target over 70 Microsoft Exchange servers to steal credentials via keyloggers Apple, Netflix, Microsoft sites 'hacked' for tech support scams The 2022 initiative by Cloudflare, CrowdStrike and Ping Identity provided cybersecurity support to critical infrastructure sectors seen as potential targets of Russia-linked attacks Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
Retaliatory Iranian cyberattacks, steel giant confirms breach, ransomware hits healthcare system again
DHS warns of retaliatory Iranian cyberattacks Steel giant Nucor confirms breach Ransomware hits healthcare system again Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
CMC officially points finger at Scattered Spider for Marks & Spencer and Co-op attacks Aflac investigating suspicious activity on its U.S. network Russian dairy producers suffer cyberattack Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Howard Holton, COO and industry analyst, GigaOm Thanks to our show sponsor, Adaptive Security As deepfake scams and GenAI phishing evolve,Adaptive equips security teams with AI-powered phishing simulations featuring realistic personalized deepfakes and engaging security awareness training. Their new AI Content Creator turns threat intel and policy updates into interactive, multilingual training instantly. Trusted by Fortune 500s and backed by Andreessen Horowitz and OpenAI, Adaptive helps youstay ahead of AI-driven threats. Learn more at adaptivesecurity.com. All links and the video of...
Cisco, Atlassian fixes, Ryuk member arrested, Viasat Typhoon attack
Cisco, Atlassian fix high-severity vulnerabilities Alleged Ryuk ransomware gang member arrested and extradited Telecom company Viasat attacked by Salt Typhoon Huge thanks to our sponsor, Adaptive Security OpenAI's first cybersecurity investment As deepfake scams and GenAI phishing evolve, Adaptive equips security teams with AI-powered phishing simulations featuring realistic personalized deepfakes and engaging security awareness training. Their new AI Content Creator turns threat intel and policy updates into interactive, multilingual training instantly. Trusted by Fortune 500s and backed by Andreessen Horowitz and OpenAI, Adaptive helps youstay ahead of AI-driven threats. Learn more at adaptivesecurity.com. Find the stories behind the headlines at...
Episource Breach, Predatory Sparrow strikes again, Swiss banks data leak
Over 5 million impacted by Episource breach Predatory Sparrow strikes Iran again Data leak at Swiss banks Huge thanks to our sponsor, Adaptive Security OpenAI's first cybersecurity investment As deepfake scams and GenAI phishing evolve, Adaptive equips security teams with AI-powered phishing simulations featuring realistic personalized deepfakes and engaging security awareness training. Their new AI Content Creator turns threat intel and policy updates into interactive, multilingual training instantly. Trusted by Fortune 500s and backed by Andreessen Horowitz and OpenAI, Adaptive helps youstay ahead of AI-driven threats. Learn more at adaptivesecurity.com.
Hackers exploit Langflow flaw, TP-Link routers still vulnerable, Russia detects SuperCard malware attacks
Hackers exploit critical Langflow flaw to unleash Flodrix botnet Organizations warned of vulnerability exploited against discontinued TP-Link routers Russia detects first SuperCard malware attacks skimming bank data via NFC Huge thanks to our sponsor, Adaptive Security OpenAI's first cybersecurity investment As deepfake scams and GenAI phishing evolve, Adaptive equips security teams with AI-powered phishing simulations featuring realistic personalized deepfakes and engaging security awareness training. Their new AI Content Creator turns threat intel and policy updates into interactive, multilingual training instantly. Trusted by Fortune 500s and backed by Andreessen Horowitz and OpenAI, Adaptive helps youstay ahead of AI-driven threats. Learn more...
2FA middleman, Archetyp seized, Zoomcar hacked
Beware the SMS 2FA middleman Police seize Archetyp Market Zoomcar hack impacts 8.4 million users Huge thanks to our sponsor, Adaptive Security As deepfake scams and GenAI phishing evolve, Adaptive equips security teams with AI-powered phishing simulations featuring realistic personalized deepfakes and engaging security awareness training. Their new AI Content Creator turns threat intel and policy updates into interactive, multilingual training instantly. Trusted by Fortune 500s and backed by Andreessen Horowitz and OpenAI, Adaptive helps youstay ahead of AI-driven threats. Learn more at adaptivesecurity.com.
Washington Post hacked, WestJet suffers cyberattack, Texas DoT breach
Washington Post investigates hacking incident on journalists' emails Canadian airline WestJet is containing a cyberattack Crash records stolen from Texas DOT Huge thanks to our sponsor, Adaptive Security OpenAI's first cybersecurity investment As deepfake scams and GenAI phishing evolve, Adaptive equips security teams with AI-powered phishing simulations featuring realistic personalized deepfakes and engaging security awareness training. Their new AI Content Creator turns threat intel and policy updates into interactive, multilingual training instantly. Trusted by Fortune 500s and backed by Andreessen Horowitz and OpenAI, Adaptive helps youstay ahead of AI-driven threats. Learn more at adaptivesecurity.com. Find the stories behind the headlines...
Week in Review: Google and Cloudflare outages, Copilot Zero-Click, Cloudflare's Claude flair
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Christina Shannon, CIO, KIK Consumer Products Thanks to our show sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes Vanta. With Vanta, GRC can be so. much. easierwhile also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC programincluding compliance, risk, and customer trustand streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams...
Microsoft Entra attack, Thursday's Cloud outages, Mark Green retires
Hackers attacks target Microsoft Entra ID accounts using pentesting tool Google Cloud and Cloudflare outages reported House Homeland Chairman Mark Green announces his departure Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes Vanta. With Vanta, GRC can be so. much. easierwhile also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC programincluding compliance, risk, and customer trustand streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using...
Zero-click data leak flaw in Copilot Operation Secure targets infostealer operations FIN6 targets recruiters Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes Vanta. With Vanta, GRC can be so. much. easierwhile also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC programincluding compliance, risk, and customer trustand streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive....
40K IoT cameras stream secrets to browsers, Marks & Spencer taking online orders post-cyberattack, PoC Code escalates Roundcube Vuln threat
CISA, Microsoft warn of Windows zero-day used in attack on 'major' Turkish defense org 40K IoT cameras worldwide stream secrets to anyone with a browser Marks & Spencer begins taking online orders again, out for seven weeks due to cyberattack Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes Vanta. With Vanta, GRC can be so. much. easierwhile also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC programincluding compliance, risk, and customer trustand streamlines the way...
Brute forcing phone numbers linked to Google accounts The Guardian launches Secure Messaging service United Natural Foods hit by cyberattack Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes Vanta. With Vanta, GRC can be so. much. easierwhile also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC programincluding compliance, risk, and customer trustand streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred...
Presidential cyber executive order signed Neuberger warns of U.S. infrastructure's cyberattack weakness Mirai botnet infects TBK DVR devices Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes Vanta. With Vanta, GRC can be so. much. easierwhile also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC programincluding compliance, risk, and customer trustand streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty...
Link to episode page This week's Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Rusty Waldron, chief business security officer, ADP Thanks to our show sponsor, Conveyor Let me guess, another security questionnaire just landed in your inbox. Which means all the follow up tasks you don't have time for are close behind.What are you going to do? Here's a better question: what would Sue do? Sue is Conveyor's new AI Agent for Customer Trust. She handles the entire security review process like answering every customer request from sales, completing every questionnaire or executing...
Kettering data published, Reddit sues Anthropic, North Face breached
Stolen Kettering Health data published Reddit sues Anthropic for scraping North Face website customer accounts breached Huge thanks to our sponsor, Conveyor Let me guess, another security questionnaire just landed in your inbox. Which means all the follow up tasks you don't have time for are close behind. What are you going to do? Here's a better question: what would Sue do? Sue is Conveyor's new AI Agent for Customer Trust. She handles the entire security review process like answering every customer request from sales, completing every questionnaire or executing every communications and coordination task in-between. No more manual work....
Russian bomber maker popped, vishing targets Salesforce, MS helps out governments
Ukraine claims cyberattack on Russian bomber maker Vishing campaign targets Salesforce Microsoft lends a hand to European governments Huge thanks to our sponsor, Conveyor Ever wish you had a teammate that could handle the most annoying parts of customer security reviews? You know, chasing down SMEs for answers, updating systems, coordinating across teamsall the grunt work nobody wants to do. Plus, having to finish the dang questionnaire itself. Well. That teammate existsConveyor just launched Sue, the first AI Agent for Customer Trust. Sue really is the dream teammate. She never misses a deadline, answers every customer request from sales, completes...
Meta, Yandex take heat on browsing identifiers, Acreed malware makes gains, HPE warns of critical auth bypass
Meta and Yandex are de-anonymizing Android users' web browsing identifiers LummaC2 fractures as Acreed malware becomes top dog Hewlett Packard Enterprise warns of critical StoreOnce auth bypass Huge thanks to our sponsor, Conveyor Tired of herding cats to complete customer security questionnaires? Your team probably spends hours daily juggling the back and forth of completing these security requests. That's why Conveyor created Sue, the first AI Agent for Customer Trust. Sue doesn't just handle completing security questionnaires and sending SOC 2 to prospects she manages all the communication and follow-up too. You simply get notified when everything's done so you...
MS and CrowdStrike partner, Qualcomm bugs exploited, new CISA cut details
Microsoft and CrowdStrike partner to link threat actor names Qualcomm sees Adreno bugs under active exploitation New details on proposed CISA cuts Huge thanks to our sponsor, Conveyor Does trying to get the security questionnaire done and back to your customer ever feel like you're herding cats? It's not answering questions - most of you have automation software for that. It's all of the manual back and forth that becomes a slog like communicating between teams, tracking people down to get their review, updating sources and updating systems. Conveyor just launched an AI agent, Sue, to do all of these...
Cisco IOS XE exploit, Senators' CSRB request, Australia ransomware law
Exploit for maximum severity Cisco IOS XE flaw now public Senators as for reinstatement of cyber review board to work on Salt Typhoon investigation Australian ransomware victims now must report their payments Huge thanks to our sponsor, Conveyor Conveyor launched the first AI Agent for Customer Trust. So wtf does that mean? It means the AI agent goes beyond just sharing NDA-gated documents like a SOC 2 with customers or answering security questionnaires. Conveyor's AI Agent, Sue, handles the entire security review process from start to finish. She answers every customer request from sales, completes every questionnaire and executes every...
Week in Review: Chrome password replacer, Luna Moth exploits, ChatGPT declines shutdown command
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Steve Knight, former CISO, Hyundai Capital America Thanks to our show sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com
Windows startup failures, Victoria's Secret cyberattack, stolen cookie threat
Windows 11 might fail to start after installing KB5058405, says Microsoft Victoria's Secret website goes offline following cyberattack Billions of stolen cookies available, worrying security experts Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Microsoft updates Update, LexisNexis leak, cyber insurance premiums
Microsoft wants to update all the things LexisNexis breach impacts 364,000 people Cyber insurance premium volume expected to double Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
MathWorks confirms ransomware attack, Adidas has data breach, Dutch intelligence warns of cyberattack
MathWorks, Creator of MATLAB, Confirms Ransomware Attack Adidas warns of data breach after customer service provider hack Dutch Intelligence Agencies Say Russian Hackers Stole Police Data in Cyberattack Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
Malicious npm codes, Nova Scotia cyberattack, ChatGPT refuses shutdown command
Malicious npm and VS Code packages stealing data Nova Scotia Power confirms ransomware attack Researchers claim ChatGPT o3 bypassed shutdown in controlled test Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
CISA warns Commvault clients of campaign targeting cloud applications Russian hacker group Killnet returns with slightly adjusted mandate Fake VPN and browser NSIS installers used to deliver Winos 4.0 malware Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Week in Review: Disabling Microsoft Defender, corrupted power inverters, bipartisan training bill
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest George Finney, CISO, The University of Texas System check out George's new book plus all his other achievements at his website, WellAwareSecurity. Thanks to our show sponsor, Conveyor Still spending hours maintaining a massive spreadsheet of Q&A pairs or using RFP tools to answer security questionnaires? Conveyor's AI doesn't need hand-holding and gets you accurate answers every time with limited knowledge base maintenance. It reads directly from your connected sourcesdocuments, wikis, websites, Confluence, Google drive, and even your Conveyor trust center....
Signal shutters Recall, Windows Server vulnerability, pathology lab breach
Signal adds Recall blocker Critical Windows Server 2025 dMSA vulnerability warning Pathology lab suffers data breach Huge thanks to our sponsor, Conveyor Still spending hours maintaining a massive spreadsheet of Q&A pairs or using RFP tools to answer security questionnaires? Conveyor's AI doesn't need hand-holding and gets you accurate answers every time with limited knowledge base maintenance. It reads directly from your connected sourcesdocuments, wikis, websites, Confluence, Google drive, and even your Conveyor trust center. You don't maintain a knowledge base. You connect to one. And our AI does the rest for you. See what real auto-fill magic looks like...
Kettering Health outage, Lumma disrupted, Opexus "major lapse"
Ransomware attack knocks out Kettering Health Lumma malware operation disrupted Federal agencies impacted by "major lapse" at Opexus Huge thanks to our sponsor, Conveyor Half-baked AI answers to security questionnaires are worse than no answer at all. Conveyor's AI gets it right the first timewith market-leading accuracy rates and full citations for every response. Because "good enough" doesn't cut it when you're filling in questionnaires daily. Accuracy isn't just a featureit's the foundation. Because we know that when AI gets it wrong, you're stuck with more work. If AI isn't living up to its promise with other tools, check out...
US DOJ opens investigation into Coinbase's recent cyberattack Dutch government passes law to criminalize cyber-espionage Ransomware attack on food distributor spells more pain for UK supermarkets Huge thanks to our sponsor, Conveyor What if your sales team could answer security questions themselveswithout blowing up your Slack or email every 10 minutes? With Conveyor, they can. Conveyor is the trust center and security questionnaire automation tool your infosec friends love to use. Whether through Slack or the Conveyor app, sales and presales teams can easily get AI-generated answers to any customer security question, with your pre-set rules and reviews in place....
Legal Aid breached, patients at risk from cyberattacks, 23andMe buyer
UK's Legal Aid Agency breached NHS patients put at risk from cyberattacks 23andMe has a buyer Huge thanks to our sponsor, Conveyor Ever spent an hour in a clunky portal questionnaire with UI from 1999 just to lose your work because it timed out? Conveyor's got you. Our browser extension completes questionnaires in the most tedious portals for you by auto-importing all the questions and generating AI answers. For popular portals, it can go full autopilot and fill in reviewed answers into the portal on one click. You shouldn't have to fight a portal just to prove your security posture....
UK retailer update, Microsoft Defender disabler, deepfakes target officials
Scattered Spider facilitates UK retail hacks and is moving to the U.S. Defendnot tool can disable Microsoft Defender FBI warns government officials about new waves of deepfakes Huge thanks to our sponsor, Conveyor Are you dealing with security questionnaire chaos this week? If so, get Conveyor's AI to knock them out for you. Connect Conveyor to any source, easily upload any format of questionnaire or use the browser extension for portals and their AI handles the restfrom parsing the questions to generating answers and auto-tagging collaborators. Let Conveyor do the work for you. Learn more at www.conveyor.com. Find the stories...
Week in Review: Hackers pump stocks, Microsoft stops screenshots, AI encrypts cybersecurity
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Nick Espinosa, host, The Deep Dive Radio Show. Here's where you can find him: Daily Podcast on SoundCloud | YouTube | Forbes | Twitter/X | Facebook | BlueSky | Mastodon Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Likeright now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls...
Coinbase hackers bribe staff, Windows 11 hacked at Pwn2Own, Telegram purges black market group
Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom Windows 11 and Red Hat Linux hacked on first day of Pwn2Own The Internet's biggest-ever black market just shut down amid a Telegram purge Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over...
Attack on steel producer, EUVD online, CISA advisory overhaul
Steel producer disrupted by cyberattack European Vulnerability Database (EUVD) is online CISA pauses advisory overhaul Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security...
Radware clarifies patch, retailer data stolen, Alabama suffers cyberattack
Radware says recently WAF bypasses were patched in 2023 Marks & Spencer confirms data stolen in ransomware attack Alabama suffers cybersecurity event Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,...
GlobalX breach, Google settles lawsuits, UK software security guidelines
Global Crossing Airlines Group confirms cyberattack Google settles privacy lawsuits UK launches software security guidelines Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security...
Japan finance hacks, Pearson suffers cyberattack, Teams blocks screen captures
Hackers hijack Japanese financial accounts to conduct billions in trades Education giant Pearson hit by cyberattack exposing customer data Microsoft Teams will soon block screen capture during meetings Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize...
Week in Review: Agriculture ransomware increase, Congress challenges CISA cuts, Disney's slacker hacker
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Dan Holden, CISO, BigCommerce Thanks to our show sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com
Cisco IOS XE vulnerability, Pentagon CIO nomination, new SonicWall vulnerability
Cisco patches a level 10 vulnerability in IOS XE President nominates former Unilever CISO to be Pentagon CIO SonicWall patches a new zero-day vulnerability Thanks to today's episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Europol shuts down DDoS-for-hire services, CrowdStrike lays off 500 workers, GOV.UK embraces passkeys
Europol shuts down six DDoS-for-hire services used in global attacks CrowdStrike says it will lay off 500 workers Passkeys set to protect GOV.UK accounts against cyber-attacks Thanks to today's episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Congress challenges CISA cuts, Texas school breached, NSO pays WhatsApp
Congress challenges Noem over proposed CISA cuts Texas school district breach impacts over 47,000 people NSO Group to pay WhatsApp $167 million in damages Thanks to today's episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Signal clones, easyjson warning, UK retail hacker
Signal clone gets hacked Sounding the alarm on easyjson Ransomware group takes credit for UK retail attacks Thanks to today's episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Microsoft Authenticator passkeys, StealC malware upgraded, CISA budget slashed
Microsoft ends Authenticator password autofill in favor of Edge StealC malware enhanced with stealth upgrades and data theft White House proposes cutting $491M from CISA budget Thanks to today's episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Week in Review: Cybersecurity CEO busted, Cloudflare's DDoS increase, FBI's help request
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest DJ Schleen, Head of Security, Boats Group Thanks to our show sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com
UK retailer Co-Op suffers cyberattack FBI shares list of 42,000 LabHost phishing domains NSO group looking at hefty damages in WhatsApp case Thanks to today's episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Alleged 'Scattered Spider' member extradited to U.S. Experts see little progress after major Chinese telecom hack Polish police take down impersonation scammers Thanks to today's episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. For the stories behind the headlines, visit CISOseries.com.
Apple Airplay-Enabled Devices Can Be Hacked, Google tracked 75 zero days, France ties Russian APT28 hackers to 12 cyberattacks
Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi Google tracked 75 zero days exploited in the wild in 2024 France ties Russian APT28 hackers to 12 cyberattacks on French orgs Thanks to today's episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
Uyghur software malware, DDoS jumps, 4chan back
Uyghur Language Software Hijacked to Deliver Malware Cloudflare sees a big jump in DDoS attacks 4chan back online Thanks to today's episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
SAP zero-day active, another OAuth exploit, cybersecurity CEO arrested
SAP zero-day vulnerability under widespread active exploitation Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts Cybersecurity firm CEO charged with installing malware on hospital systems Thanks to today's episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Week in Review: Secure by Design departure, Microsoft's security report, LLMs outrace vulnerabilities
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude, CISO emeritus, The Carlyle Group Thanks to our show sponsor, Dropzone AI Alert investigation is eating up your security team's day30 to 40 minutes per alert adds up fast. Dropzone AI's SOC Analyst transforms this reality by investigating every alert with expert-level thoroughness at machine speed. Our AI SOC Analyst gathers evidence, connects the dots across your security tools, and delivers clear reports with recommended actionsall in minutes. No playbooks to build, no code to write. Just consistent,...
Russian army map malware, edge tech attack report, Commvault flaw
Russian army targeted by Android malware hidden in mapping app Attackers hit security device defects hard in 2024 Critical Commvault Command Center flaw warning Huge thanks to our sponsor, Dropzone AI Alert investigation is eating up your security team's day30 to 40 minutes per alert adds up fast. Dropzone AI's SOC Analyst transforms this reality by investigating every alert with expert-level thoroughness at machine speed. Our AI SOC Analyst gathers evidence, connects the dots across your security tools, and delivers clear reports with recommended actionsall in minutes. No playbooks to build, no code to write. Just consistent, high-quality investigations that...
Blue Shield of California shared private data,FBI IC3 report, Ex-Army sergeant jailed
Blue Shield of California shared private health data of millions with Google The FBI issues its 2024 IC3 report Ex-Army sergeant jailed for selling military secrets Huge thanks to our sponsor, Dropzone AI Security analysts need practical experience to build investigation skills, but getting expert guidance for every alert is impossible. That's why Dropzone AI created COACHa free Chrome extension that serves as an AI security mentor for SOC analysts at any level. COACH reads alerts across all major security platforms, explains their context, provides alternative hypotheses, and guides analysts through industry-standard investigation methodologies. Unlike our AI SOC Analyst product,...
Microsoft Recall updates, Russian orgs deal with networking software updates, SSL.com certificate issuance vulnerability
Microsoft Recall on Copilot+ PC: testing the security and privacy implications Russian organizations targeted by backdoor masquerading as secure networking software updates SSL.com Scrambles to Patch Certificate Issuance Vulnerability Huge thanks to our sponsor, Dropzone AI Is your security team spending too much time chasing alerts instead of stopping threats? Dropzone AI modernizes your security operations by handling the routine investigations that consume your team's day. Our AI SOC Analyst works with your existing security tools, learns your environment, and delivers clear, actionable reports within minutes. Your human analysts can finally focus on the most critical threats. Organizations using our...
Google OAuth abused, Japan's trading scams, hijacking with Zoom
Google OAuth abused in DKIM replay attack Japan warns of sharp rise in unauthorized trading North Koreans hijacking Zoom's Remote Control Huge thanks to our sponsor, Dropzone AI Security threats don't clock out at 5 PM, but your analysts need to sleep sometime. Dropzone AI delivers around-the-clock alert investigations with the same attention to detail at midnight as at noon. Our AI SOC Analyst ensures no more morning backlogs and no more off-hours blind spots. Just reliable, continuous protection that ensures every alert gets the attention it deserves, regardless of when it arrives. See how SOC teams are achieving true...
Microsoft Entra lockouts, wine tasting malware, job scam solution
Widespread Microsoft Entra lockouts cause by new security feature rollout Malware delivered through diplomatic wine-tasting invites British companies told to hold in-person interviews to thwart North Korea job scammers Huge thanks to our sponsor, Dropzone AI Growing your MSSP client roster while your alerts are multiplying? Dropzone AI works alongside your team, investigating alerts just like your best human analysts would. Our AI SOC Analyst cuts investigation time from an hour to minutes while handling five times more alerts per analyst. Unlike complex SOAR solutions, Dropzone deploys quickly and adapts to your environment without the need for playbooks or coding....
Week in Review: CISA workforce cuts, AI slopsquatting risk, CVE funding saga
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by David Spark with guest Trina Ford, CISO, iHeartMedia Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Likeright now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access...
Cyberthreat sharing law renewal, APTs love ClickFix, GoDaddy mutes Zoom
Bipartisan push for renewal of cyberthreat information sharing law ClickFix becoming a favorite amongst state-sponsored hackers GoDaddy puts Zoom on mute for about 90 minutes Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows...
MITRE bailout, Krebs exits SentinelOne, Apple fixes zero-days
MITRE gets last-minute bailout from CISA Krebs exits SentinelOne after security clearance pulled Apple fixes two zero-days exploited in targeted iPhone attacks Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. For the stories behind the headlines, visit CISOseries.com. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001....
BREAKING: CVE Funding Doesn't Lapse
CISA issued a statement that it execution an option on its contract with MITRE to continue funding the CVE program.
Government CVE funding set to end, 4chan down following an alleged hack, China accuses US of launching advanced cyberattacks
Government CVE funding set to end Tuesday 4chan, the internet's most infamous forum, is down following an alleged hack China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001....
AI code dependencies are a supply chain risk Morocco investigates social security leak European Commission increases security measures for US-bound staff Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,...
CISA cuts planned, Windows 'inetpub' warning, health lab breach
Major workforce cuts planned for CISA Microsoft warns Windows users not to delete 'inetpub' folder Data breach at testing lab affects 1.6 million people Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like...
Week in Review: Fake ChatGPT passport, Apple appeals UK encryption, Oracle's obsolete servers
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Carla Sweeney, SVP, InfoSec, Red Ventures Thanks to our show sponsor, Nudge Security Are you struggling to secure your exploding SaaS footprint? With Nudge Security, you can discover all SaaS apps and accounts, manage access, ensure secure configurations, vet unfamiliar tools, and automate daily identity security tasks. Start a free 14-day trial All links and the video of this episode can be found on CISO Series.com
President orders probe of former CISA Director Chris Krebs Nissan Leaf cars can be hacked for remote spying and physical takeover Infosec experts warn of China Typhoon retaliation against tariffs Thanks to our episode sponsor, Nudge Security Are you struggling to secure your exploding SaaS footprint? With Nudge Security, you can discover all SaaS apps and accounts, manage access, ensure secure configurations, vet unfamiliar tools, and automate daily identity security tasks. Start a free 14-day trial Find the stories behind the headlines at CISOseries.com.
OCC major incident, Oracle confirms hack, Smokeloader servers seized
U.S. Comptroller suffers 'major incident' Oracle confirms "obsolete servers" hacked Police seize Smokeloader malware servers and detain customers Thanks to our episode sponsor, Nudge Security Nudge Security is the only solution for SaaS security and governance that can discover up to two years of historical SaaS spend along with usage insights so you can uncover wasted spend and sources of unnecessary risk. Start a free 14-day trial today For the stories behind the headlines, visit CISOseries.com.
New WhatsApp vulnerability, Microsoft patches 125 Windows Vulns, Fake Microsoft Office add-in tools push malware
WhatsApp vulnerability could facilitate remote code execution Spyware targeting Chinese diaspora Microsoft Patches 125 Windows Vulns, Including Exploited CLFS Zero-Day Thanks to our episode sponsor, Nudge Security Nudge Security provides advanced security posture management for Okta, Microsoft 365, Google Workspace, and other critical apps. With Nudge, you'll be alerted of risks like weak or missing MFA, inactive admin accounts, and risky integrations, plus you can automate remediation tasks and on-going identity governance. Start a free 14-day trial today
Apple encryption appeal, Xanthorox AI tool, weaponizing CRM
Apple appeals UK encryption back door order Researchers warn about AI-driven hacking tool PoisonSeed campaign weaponizes CRM system Thanks to our episode sponsor, Nudge Security Nudge Security discovers every GenAI tool ever used in your org, even those you've never heard of. For each tool, you'll see who introduced it, who else is using it, where it's integrated into other tools, and a vendor security profile. Get your free GenAI inventory today.
NSA Haugh fired, New WinRAR flaw, ChatGPT fake passport
Haugh fired from leadership of NSA and Cyber Command WinRAR flaw bypasses Windows Mark of the Web security alerts Researcher creates fake passport using ChatGPT Thanks to our episode sponsor, Nudge Security Nudge Security helps you mitigate security risks stemming from SaaS sprawl by discovering every SaaS account ever created by anyone in your org within minutes of starting a free trial. And, you can automate on-going governance tasks like security posture checks, user access reviews, employee offboarding, and more. Start a free 14-day trial Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Howard Holton, COO and industry analyst, GigaOm Thanks to our show sponsor, Qualys Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts...
Google patches Quick Share, ChatGPT temporary outage, UK Mail breach
Google patches Quick Share vulnerability ChatGPT suffered brief outage Wednesday UK's Royal Mail investigates data leak claims Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise TruRisk Management. Visit qualys.com/etm for...
North Korean IT workers move into Europe, Stripe API skimming unveils theft techniques, Verizon API flaw exposes call history
North Korean IT worker army expands operations in Europe Stripe API skimming campaign unveils new techniques for theft Verizon call filter API flaw exposed customers' incoming call history Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure...
Mozilla Thunderbird takes on Gmail, surge in scans on PAN GlobalProtect VPNs, Microsoft uncovers bootloader vulnerabilities
Mozilla Thunderbird finally takes on Gmail with new email service Surge in scans on PAN GlobalProtect VPNs hints at attacks Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure...
FTC's warning to 23andMe buyer, global phishing threats, Samsung breach
FTC sends warning to future 23andMe buyer Global phishing threat targets 88 countries Samsung data breach tied to old stolen credentials Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise TruRisk...
FBI warns of increase in free online document converter scams Resurge malware exploits Ivanti flaw BlackLock hackers exposed through leak site vulnerability Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise...
Week in Review: Microsoft Trust abuse, 23andMe bankruptcy risks, NIST's growing backlog
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Jonathan Waldrop, CISO, The Weather Company Jonathan will be speaking at The CrowdStrike Crowd Tour, on Tuesday, April15, 2025 in Atlanta details here. He will also be speaking at the C Vision International Think Tank on April 24, 2025, also in Atlanta details here. Thanks to our show sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the...
JavaScript injection campaign, solar power vulnerabilities, SIM swap lawsuit
150,000 sites compromised by JavaScript injection Vulnerabilities in numerous solar power systems found T-Mobile pays $33 million in SIM swap lawsuit Huge thanks to our episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. Find the stories behind the headlines at CISOseries.com.
Ransomware group claims attack on US telecom firm, New ReaderUpdate malware variants target macOS users, Oracle customers claim stolen data
New ransomware group claims attack on US Telecom firm WideOpenWest NSA warned of vulnerabilities in Signal app a month before Houthi strike chat New ReaderUpdate malware variants target macOS users Huge thanks to our episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
EncryptHub exploit, Copilot agents, PETs in government
EncryptHub linked to Microsoft Management Console exploit Security Copilot gets AI agents A call for more PETs in government Huge thanks to our episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Hundreds of cyber criminals arrested, 23andMe data, Ukraine railway partially taken down
More than 300 cyber criminals arrested in Africa 23andMe bankruptcy puts millions of DNA records at risk Ukraine's state railway partially down after attack Huge thanks to our episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Tornado cash sanctions lifted, Russia Cloudflare outage, Microsoft Trust abused
U.S. Treasury lifts sanctions on Tornado Cash Web service outage in Russia due to reported Cloudflare block Microsoft Trust Signing service abused to code-sign malware Huge thanks to our episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. Find the stories behind the headlines at CISOseries.com.
Week in Review: Google acquires Wiz, water utility improvements, more GitHub attacks
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Christina Shannon, CIO, KIK Consumer Products Thanks to our show sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find and remove your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you...
Stalkerware company breach, Microsoft Zero Day, Global Jira attack
Stalkerware company SpyX suffers data breach Nation-state groups hit organizations with Microsoft Windows zero-day Swiss telecom Ascom the latest victim of HellCat's Jira campaign Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find and remove your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you...
PA teachers union breach, Infosys settles lawsuit, Sperm bank data theft
Attackers swipe data from Pennsylvania teachers union Infosys settles $17.5M lawsuit after third-party breach Top U.S. sperm bank discloses data breach Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find and remove your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO...
Google Acquires Wiz, CISA must reinstate terminated employees, Commerce Department bans DeepSeek
CISA scrambles to contact fired employees after court rules layoffs 'unlawful' Google acquires cybersecurity firm Wiz for $32 billion US Commerce department bureaus ban China's DeepSeek on government devices, sources say Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find and remove your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get...
23,000 repositories targeted in popular GitHub action Apache Tomcat RCE exploit hits serversno authentication required Microsoft 365 users targeted in new BEC campaigns Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find and remove your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go...
VPN brute-force attacks, water utilities bill, LockBit developer extradited
Black Basta creates tool to automate VPN brute-force attacks Bipartisan Senate bill offers improved cybersecurity for water utilities LockBit developer extradited from Israel, appears in New Jersey court Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find and remove your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your...
Week in Review: ONCD dominates cyber, undocumented Bluetooth commands, DoJ Google breakup
Link to episode page Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Likeright now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that'sa new way...
Medusa ransoms infrastructure, Google breakup sought, more Booking.com phishing
Medusa ransomware continues to attack infrastructure DoJ seeks to break up Google Another phishing campaign hits Booking.com Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you...
Microsoft patches 57 security flaws, Sola aims to build the 'Stripe for security', US council wants to counter China threats
Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days US communications regulator to create council to counter China technology threats Signal no longer cooperating with Ukraine on Russian cyberthreats, official says Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO...
New CISA head, Ballista botnet, PowerSchool breach report
Sean Plankey nominated to head CISA Ballista Botnet hits TP-Link devices PowerSchool publishes breach report Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security...
Healthcare breaches expose thousands, X outage, MGM suit dropped
Four healthcare breaches expose over 560,000 records Cyber attack allegedly behind X outages Case against MGM ransomware attack dropped Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And...
ONCD consolidates power, undocumented Bluetooth commands, Japan NTT Breach
ONCD set to consolidate power in U.S. cyber Undocumented commands found in Bluetooth chip used by a billion devices Japanese telecom NTT breach affects 18,000 companies Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows...
Week in Review: Hegseth orders stand down, ransomware by snailmail, Mark Cuban's lifeline
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by David Spark with guest Brett Perry, CISO, Dot Foods Thanks to our show sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. All links and the video of this episode can be found on CISO Series.com
Company hacked via webcam, Toronto Zoo update, federal contractor obligations
Ransomware gang bypasses EDR via a webcam Toronto Zoo updates January 2024 attack damage House bill requires federal contractors to implement vulnerability disclosure policies Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. Then add: Find the stories behind the headlines at CISOseries.com.
Former top NSA cyber official protests probationary firings Differing names for hackers hinders law enforcement, says security agent Google releases AI scam detection for Android to fight conversational fraud Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. Find the stories behind the headlines at CISOseries.com.
Apple vs UK encryption backdoor, VMware bugs allow sandbox escape, JavaGhost targets AWS
Apple goes to court to fight UK demand for iCloud encryption backdoor 3 VMware Zero-Day bugs allow sandbox escape The Firefox I loved is gone - how to protect your privacy on it now Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
CISA denies claims, Ransomware group claims attack, Latin America's security crisis
CISA denies claims of deprioritizing Russian threats Ransomware group claims attack on U.S. newspaper publisher Latin America's escalating cybersecurity crisis Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Hegseth orders standdown, Microsoft terminates Skype, Cuban offers lifeline
Hegseth orders Cyber Command to stand down on Russia planning Microsoft hangs up on Skype after 14 years Mark Cuban offers to fund government tech unit that was cut Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. Find the stories behind the headlines at CISOseries.com.
Week in Review: Apple encryption, gamification for security, DISA breach
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Andrew Wilder, CISO, Vetcor Thanks to our show sponsor, Conveyor Let me guess, another security questionnaire just landed in your inbox. Which means all the follow up tasks you don't have time for are close behind. What are you going to do? Here's a better question: what would Sue do? Sue is Conveyor's new AI Agent for Customer Trust. She handles the entire security review process like answering every customer request for a SOC 2 from sales, completing every questionnaire or...
Chinese cyber espionage jumped 150% last year Nakasone warns of U.S. falling behind adversaries in cyberspace PolarEdge botnet exploits Cisco, ASUS, QNAP, and Synology Huge thanks to our sponsor, Conveyor Let me guess, another security questionnaire just landed in your inbox. Which means all the follow up tasks you don't have time for are close behind. What are you going to do? Here's a better question: what would Sue do? Sue is Conveyor's new AI Agent for Customer Trust. She handles the entire security review process like answering every customer request for a SOC 2 from sales, completing every questionnaire...
Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot Cellebrite halts product use in Serbia following Amnesty surveillance report New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus Huge thanks to our sponsor, Conveyor It's 2025. This is your second sign to get a trust center if you don't already have one. Reduce manual work by 80% when you can share one link to your trust center and let customers download what they need on demand. Trusted by the world's top B2B companies, Conveyor's enterprise-grade trust center is specially designed to handle multiple products,...
DISA breach, Swedish backdoors, Dems looking into system access
US employee screening firm confirms breach Swedish law enforcement seeking messaging app backdoors Dems warn of exposed entry points on government systems Huge thanks to our sponsor, Conveyor Ever wish you had a teammate that could handle the most annoying parts of customer security reviews? You know, chasing down SMEs for answers, updating systems, coordinating across teamsall the grunt work nobody wants to do. Plus, having to finish the dang questionnaire itself. Well. That teammate existsConveyor just launched Sue, the first AI Agent for Customer Trust. Sue really is the dream teammate. She never misses a deadline, answers every customer...
Australia bans Kaspersky, Government screens hijacked, EU sanctions Lazarus Group
Australia bans Kaspersky over security concerns Government screens hijacked with AI Video of President Trump and Musk EU sanctions North Korean official linked to Lazarus Group Huge thanks to our sponsor, Conveyor Does trying to get the security questionnaire done and back to your customer ever feel like you're herding cats? It's not just answering questions. It's all of the manual back and forth that becomes a slog like communicating between teams, tracking people down to get their review, updating sources and updating systems. Between all of this, you're also expected to field security documentation requests from customers. Well, Conveyor...
$1.5B Bybit hack, UK E2E pulled, PayPal phishing emails
Hacker steals nearly $1.5 billion from Bybit crypto wallet Apple pulls iCloud end-to-end encryption in the UK PayPal "New Address" feature abused in phishing scam Huge thanks to our sponsor, Conveyor It's 2025. This is your sign to get a trust center if you don't already have one. Speed up security reviews and reduce the headaches when you can share one link to your trust center and let customers download what they need on demand. Trusted by the world's top B2B companies, Conveyor's enterprise-grade trust center is specially designed to handle multiple products, complex orgs, and with AI first so...
Week in Review: More telecoms breached, Chase blocks Zelle, more DeepSeek bans
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest TC Niedzialkowski, former CISO Thanks to our show sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io. All links and the video of this episode can be found on CISO Series.com
NioCorp BEC scam, Australian IVF breach, SEC's cyber unit
Minerals company loses $500,000 to BEC scam Australian IVF provider investigating cyber incident SEC replaces cryptocurrency fraud unit with emerging tech team Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io. Find the stories behind the headlines at CISOseries.com.
Signal conversations hacked, Ransomware group hits infrastructure, Patch Palo Alto flaw
Russian hackers tap into Signal conversations Ransomware group hits critical infrastructure globally CISA says patch Palo Alto flaw immediately Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io.
OpenSSH flaws enable new attacks, Microsoft prepares for deprecation, Zwipe files for bankruptcy
New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks Patch Now Microsoft reminds admins to prepare for WSUS driver sync deprecation Zwipe runs out of time for biometric card revenues, files for bankruptcy Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io.
Zservers takedown, Zelle payment blocks, Finastra data breach
Dutch Police take down Zservers Chase to block Zelle payments to sellers on social media Finastra notifies victims of October data breach Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io. For the stories behind the headlines, visit CISOseries.com.
Device code attacks, phone TOAD solution, more telecoms breached
Hackers steal emails in device code phishing attacks Anti-TOAD feature seeks to prevent in-call sideloading attacks Chinese hackers breach more U.S. telecoms via unpatched Cisco routers Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io.
Week in Review: CISA officials furloughed, DeepSeek's weak security, Cairncross as cyberdirector
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Doug Mayer, vp, CISO, WCG Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Likeright now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,...
Apple backdoor spat, Sarcoma hits Unimicron, Sault Tribe attacked
U.S. lawmakers demand UK retraction of Apple backdoor Sarcoma ransomware claims breach at giant PCB maker Unimicron Ransomware attack disrupts Michigan's Sault Tribe operations Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,...
DOGE hacks America? U.S. adversaries turn to cybercriminals? New LiDAR system ID faces a km away?
DOGE is hacking America This Ad-Tech company is powering surveillance of US military personnel Apple and Google take down malicious mobile apps from their app stores Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows...
LockBit host sanctioned A peak at DeepSeek's weak security Sandworm targeting Ukraine with trojanized KMS Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security...
Urgent iOS update fixes critical USB security flaw CISA officials placed on administrative leave Attack disrupts newspaper giant's operations Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and...
DOGE outrage and lawsuit, CISA KEV additions, DeepSeek encryption lapses
Shock and lawsuit over security failures in DOGE takeover CISA adds Microsoft Outlook and Sophos XG Firewall to its Known Exploited Vulnerabilities catalog DeepSeek App transmits sensitive user and device data without encryption Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and...
Week in Review: APTs using Gemini, ransomware payments decrease, abandoned AWS risk
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Caitlin Sarian, owner and CEO, Cybersecurity Girl LLC Thanks to our show sponsor, ThreatLocker ThreatLocker (R) is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. All links and the video of this episode can be found on CISO Series.com
Outlook RCE bug, Kimsuky forceCopy malware, Treasury tightens DOGE
Critical RCE bug in Microsoft Outlook now exploited in attacks Kimsuky uses forceCopy malware to steal browser-stored credentials Treasury agrees to block additional DOGE staff from accessing sensitive payment systems Huge thanks to our episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. Find the stories behind the headlines at CISOseries.com.
Spain arrests hacker of U.S. and Spanish military agencies Robocallers called the FCC pretending to be from the FCC Ransomware payments decreased 35% year-over-year Huge thanks to our episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. For the stories behind the headlines, visit CISOseries.com.
Meta identifies risky AI systems, Ferret malware joins 'Contagious Interview' campaign, credential theft rises as a target
Meta says it may stop development of AI systems it deems too risky Ferret Malware Added to 'Contagious Interview' Campaign Credential Theft Becomes Cybercriminals' Favorite Target Huge thanks to our episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. Find the stories behind the headlines at CISOseries.com.
Exploited vulnerabilities rising, ban on DeepSeek, crypto scams make comeback
Exploited vulnerabilities up significantly from previous year First U.S. state to declare ban on DeepSeek Crypto scams make comeback on X Huge thanks to our episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
APTs using Gemini, India's Tata cyberattack, new WhatsApp spyware
Google describes APTs using Gemini AI India's Tata Technologies suffers ransomware attack Meta confirms new zero-click WhatsApp spyware Huge thanks to our episode sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Week in Review: Google vishing response, DeepSeek peak week, ransomware victim costs
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Alexandra Landegger, Global Head of Cyber Strategy & Transformation, RTX Thanks to our show sponsor, Conveyor Let me guess, another security questionnaire just landed in your inbox. Which means all the follow up tasks you don't have time for are close behind. What are you going to do? Here's a better question: what would Sue do? Sue is Conveyor's new AI Agent for Customer Trust. She handles the entire security review process like answering every customer request from sales, completing every...
Blood Center cyberattack, DeepSeek data leak, CISA's future unclear
New York Blood Center suffers ransomware attack DeepSeek's exposed database leaks sensitive data CISA's future unclear under new administration Huge thanks to our sponsor, Conveyor Let me guess, another security questionnaire just landed in your inbox. Which means all the follow up tasks you don't have time for are close behind. What are you going to do? Here's a better question: what would Sue do? Sue is Conveyor's new AI Agent for Customer Trust. She handles the entire security review process like answering every customer request from sales, completing every questionnaire or executing every communications and coordination task in-between. No...
Tenable acquires Vulcan Cyber, Chinese and Iranian hackers are using U.S. AI, US Navy bans use of DeepSeek
Tenable acquiring Israel's Vulcan Cyber in $150 million deal Chinese and Iranian Hackers Are Using U.S. AI Products to Bolster Cyberattacks U.S. Navy bans use of DeepSeek due to 'security and ethical concerns' Huge thanks to our sponsor, Conveyor Ever wish you had a teammate that could handle the most annoying parts of customer security reviews? You know, chasing down SMEs for answers, updating systems, coordinating across teamsall the grunt work nobody wants to do.Plus, having to finish the dang questionnaire itself.Well. That teammate existsConveyor just launched Sue, the first AI Agent for Customer Trust. Sue really is the dream...
Most ransomware victims shut down operations shutdowns EU sanctions GRU members for Estonia cyberattacks Lynx ransomware runs a tight ship Huge thanks to our sponsor, Conveyor Tired of herding cats to complete customer security questionnaires? Your team probably spends hours daily juggling the back and forth of completing these security requests. That's why Conveyor created Sue, the first AI Agent for Customer Trust. Sue doesn't just handle completing security questionnaires and sending SOC 2 to prospects she manages all the communication and follow-up too. You simply get notified when everything's done so you can do a quick review. Stop wrangling...
Google responds to "most sophisticated" voice phishing attack Security consortium creates Opengrep DeepSeek suspends new user registrations Huge thanks to our sponsor, Conveyor Tired of herding cats to complete customer security questionnaires? Your team probably spends hours daily juggling the back and forth of completing these security requests. That's why Conveyor created Sue, the first AI Agent for Customer Trust. Sue doesn't just handle completing security questionnaires and sending SOC 2 to prospects she manages all the communication and follow-up too. You simply get notified when everything's done so you can do a quick review. Stop wrangling cats and see...
DHS Advisory Committee memberships halted UnitedHealth updates number of data breach victims to 190 million Meta's Llama Framework flaw exposes AI systems to remote code execution risks Huge thanks to our sponsor, Conveyor Conveyor launched the first AI Agent for Customer Trust. So wtf does that mean? It means the AI agent goes beyond just sharing NDA-gated documents like a SOC 2 with customers or answering security questionnaires. Conveyor's AI Agent, Sue, handles the entire security review process from start to finish. She answers every customer request from sales, completes every questionnaire and executes every communications and coordination task in-between.It's...
Week in Review: Tik Tok's return, Noem's CISA plans, failed startup risks
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Shaun Marion, vp, CSO, Xcel Energy Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Likeright now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like...
TSA's Pekoske ousted, CISOs' boardroom gain, Cisco vulnerability fix
TSA cyber chief David Pekoske ousted by new administration CISOs gain boardroom traction Influence but still lack soft skills, says Splunk Cisco Fixes vulnerability in Meeting Management Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key...
DHS terminates the Cyber Security Review Board, Major cybersecurity vendors' credentials found on Dark Web, Trump pardons creator of Silk Road
Trump administration fires members of cybersecurity review board in 'horribly shortsighted' decision Major Cybersecurity Vendors' Credentials Found on Dark Web PowerSchool hacker claims they stole data of 62 million students Thanks to today's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls withVanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also...
7-Zip flaw, CERT-UA impersonation, AI EO revoked
7-Zip flaw bypasses Windows security warnings Attackers impersonate Ukraine's CERT-UA AI Executive Order revoked Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires...
HPE breach claims, CIA analyst guilty, Hotel data exposed
HPE investigates breach claims Former CIA analyst pleads guilty to sharing Top Secret files Data of nearly half million hotel guests exposed Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,...
Tik Tok returns, Noem's CISA plans, Avery labels breach
Tik Tok is back, with strings attached Noem promises to curtail CISA Label company Avery announces data breach Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programswe rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps...
Week in Review: IRS PIN available, AI ransomware group, UK ransomware ban
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Phil Beyer, head of security, Flex Thanks to our show sponsor, Dropzone.ai What if your SOC could handle 10x the alerts without burning out your team? Dropzone AI automates Tier 1 investigations and frees your analysts to tackle bigger challenges. It's how smart teams are staying ahead. See how it worksschedule a demo today at dropzone.ai. All links and the video of this episode can be found on CISO Series.com
Biden EO, Star Blizzard Using WhatsApp, Healthcare Breaches
Biden signs cybersecurity executive order Star Blizzard targeting WhatsApp US healthcare sector saw 585 breaches in 2024 Huge thanks to our sponsor, Dropzone AI What if your SOC could handle 10x the alerts without burning out your team? Dropzone AI automates Tier 1 investigations and frees your analysts to tackle bigger challenges. It's how smart teams are staying ahead. See how it worksschedule a demo today at dropzone.ai. For the stories behind the headlines, head on over to CISOSeries.com
Get Meta out of your life, GoDaddy slapped, TikTok could stay alive
How to delete Facebook, Messenger, or Instagram - if you want Meta out of your life GoDaddy slapped with wet lettuce for years of lax security and 'several major breaches' TikTok could possibly stay alive after Sunday's upcoming ban Huge thanks to our sponsor, Dropzone AI Alert fatigue is real, and it's draining. Dropzone AI takes on the tedious investigations, so you can focus on making an impact where it matters most. It's smarter tools for a smarter SOC. Check it out at dropzone.ai. For the stories behind the headlines, head on over to CISOSeries.com
Snyk's mysterious package, Baltic cable suspicions, second BeyondTrust vulnerability
Snyk mysteriously deploys apparently malicious packages Baltic sea cable cuts can't be accident, says EU tech chief CISA warns of second BeyondTrust vulnerability Huge thanks to our sponsor, Dropzone AI Does your SOC feel like it's drowning in alerts? Dropzone AI cuts through the noise, triaging 100% of alerts and giving you clear, actionable insights. Ready to break free? Check out the demo at dropzone.ai. For the stories behind the headlines, head on over to CISOSeries.com
Telefonica breach, new ransomware group leverages AI, Allstate accused of selling data
Telefonica breach exposes internal data and employee credentials New ransomware group leverages AI Allstate accused of selling consumer driving data Huge thanks to our sponsor, Dropzone AI Running a SOC is toughtoo many alerts, not enough time. Dropzone AI changes that. It reduces manual investigations by up to 90%, giving your team the bandwidth to focus on strategic threats. Imagine the impact on your operations. Visit dropzone.ai today. For the stories behind the headlines, head on over to CISOSeries.com
IRS Identity Protection PIN now available for filing season CISA sees enrollment surge in cyberhygiene for critical infrastructure City services in Winston-Salem affected by cyberattack Huge thanks to our sponsor, Dropzone AI Feeling buried under endless alerts? We get it. Dropzone AI takes over the grindinvestigating every alert 24/7. No more chasing false positives or wasting time on noise. It's all about clarity and focus. Ready to transform your day? Head to dropzone.ai to learn more. For the stories behind the headlines, head on over to CISOSeries.com
Week in Review: Flax Typhoon sanctioned, French military ransomware, ICAO breach claims
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Bil Harmer, operating partner and CISO, Craft Ventures Thanks to our show sponsor, Nudge Security Nudge Security helps you mitigate security risks stemming from SaaS sprawl by discovering every SaaS account ever created by anyone in your org within minutes of starting a free trial. And, you can automate on-going governance tasks like security posture checks, user access reviews, employee offboarding, and more. Start a free 14-day trial All links and the video of this episode can be found on CISO...
Worldwide Proton outage, Baymark Health breach, Treasury breach update
Proton recovers from worldwide outage BayMark Health Services announces data breach U.S. Treasury breach linked to Silk Typhoon group Huge thanks to our sponsor, Nudge Security Are you struggling to secure your exploding SaaS footprint? With Nudge Security, you can discover all SaaS apps and accounts, manage access, ensure secure configurations, vet unfamiliar tools, and automate daily identity security tasks. Start a free 14-day trial Find the stories behind the headlines at CISOseries.com.
PowerSchool hacked, Cyber Force study, EC gets GDPR fine
PowerSchool hacked Lawmakers expected to revive attempts for new Cyber Force study European Commission receives first GDPR fine Huge thanks to our sponsor, Nudge Security Nudge Security is the only solution for SaaS security and governance that can discover up to two years of historical SaaS spend along with usage insights so you can uncover wasted spend and sources of unnecessary risk. Start a free 14-day trial today
Cyber Trust label, UK deepfake laws, Treasury attack details
Cyber Trust marks to roll out in 2025 UK to criminalize sexually explicit deepfakes CISA says government hack limited to Treasury Huge thanks to our sponsor, Nudge Security Nudge Security provides advanced security posture management for Okta, Microsoft 365, and Google Workspace. With Nudge, you'll be alerted of identity security risks like weak or missing MFA, inactive admin accounts, and risky integrations, plus you can automate remediation tasks and on-going identity governance. Start a free 14-day trial today
Wallet drainer impact, U.S. telecom breach list grows, Moxa router vulnerabilities
Wallet drainer malware makes major impact U.S. telecom breach list grows Urgent warning on Moxa router vulnerabilities Huge thanks to our sponsor, Nudge Security Nudge Security discovers every GenAI tool ever used in your org, even those you've never heard of. For each tool, you'll see who introduced it, who else is using it, where it's integrated into other tools, and a vendor security profile. Get your free GenAI inventory today.
Flax Typhoon sanctions, Atos dismisses ransomware, German airport outage
U.S. sanctions China's Integrity Technology for role in Flax Typhoon attacks French military contractor Atos dismisses ransomware attack claims German airports hit by IT outage Huge thanks to our sponsor, Nudge Security Nudge Security helps you mitigate security risks stemming from SaaS sprawl by discovering every SaaS account ever created by anyone in your org within minutes of starting a free trial. And, you can automate on-going governance tasks like security posture checks, user access reviews, employee offboarding, and more. Start a free 14-day trial. Find the stories behind the headlines at CISOseries.com.
Week in Review: China hacks Treasury, Chrome extension hijack, tanker sabotages cables
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Quincy Castro, CISO, Redis Thanks to our show sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running...
China hacks Treasury, Russian tanker sabotage, Lumen ejects Typhoon
Beijing-linked hackers penetrated U.S. Treasury systems Russian tanker suspected of undersea data cable sabotage Lumen says it has locked the Salt Typhoon group out of its network Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help...
U.S. soldier arrested, Election interference sanctions, RI data leak
U.S. soldier arrested for alleged leak of Trump and Harris call logs Iranian and Russian entities sanctioned for election interference Rhode Island's health benefits data leaked Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep...
Cisco data leak, Microsoft domain transition, stories of the year
Cisco confirms data leak Microsoft announces urgent .NET domain transition Stories of the year from Cyber Security Headlines reporters Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from...
Cyberhaven extension hacked, ZAGG data breach, Volkswagen cloud leak
Cybersecurity company's Chrome extension hijacked for data theft Hackers steal ZAGG customer credit cards in third-party breach Volkswagen software company Cariad suffers Amazon cloud breach Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your...
Week in Review: Microsoft deactivation flaw, BeyondTrust on KEV, LLM generated malware
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Steve Zalewski, CISO in Residence Thanks to our show sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization...
General Dynamics phished, Japan Airlines attack, Addiction Centers breach
General Dynamics says employees targeted in phishing attack Japan Airlines systems are back to normal after cyberattack American Addiction Centers suffers data breach Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running...
State Department's disinformation office to close after funding terminated Pittsburgh Regional Transit suffers ransomware attack Another Mirai botnet targets NVRs and TP-Link routers Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running...
Government to name witness in encrypted chat sting
Using LLMs to generate malware variants NSO liable for WhatsApp hacks OpenAI fined for privacy violations Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com....
FlowerStorm attacks Microsoft 365, BeyondTrust on KEV, Ascension Health fallout
PaaS platform "FlowerStorm" attacking Microsoft 365 users CISA adds BeyondTrust flaw to its Known Exploited Vulnerabilities catalog Ascension Health ransomware attack impacted nearly 6 million people Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep...
Week in Review: Data breach impact study, US weighs TP-Link ban, BeyondTrust cyberattack
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude, CISO, The Carlyle Group Thanks to our show sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep...
Amazon health malware, BeyondTrust suffers cyberattack, FortiNet wireless vulnerability
Android malware found on Amazon Appstore disguised as health app BeyondTrust suffers cyberattack Fortinet warns of critical flaw in Wireless LAN Manager Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently...
Interpol romance baiting, TikTok at court, TP-Link investigation
Interpol kills off Pig Butchering Supreme Court to hear TikTok ban challenge US weighs TP-Link ban Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com....
CISA cloud directive, Texas Tech breach, Meta GDPR fine
CISA delivers new directive for securing cloud environments Texas Tech reports a data breach affecting 1.4 million people Meta fined $263 million for alleged GDPR violations Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep...
Serbian authorities use spyware, Ransomware impacts Rhode Island, ConnectOnCall breach
Serbian authorities accused of using Cellebrite to spy on journalists Ransomware attack shuts down Rhode Island's public assistance system ConnectOnCall breach exposes close to a million patients Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help...
Health chatbot exposed, credit union cyberattack, infrastructure cyberweapon attack
UnitedHealth's AI-driven insurance claims chatbot left exposed to the internet South Carolina credit union suffers cyberattack IOCONTROL cyberweapon targets infrastructure in the US and Israel Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your...
Week in Review: Salt Typhoon saga, Microsoft MFA bypass, Yahoo cuts Paranoids
Link to episode page This week's Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Jimmy Sanders, president, ISSA International. ISSA International April 2025- will be celebrating its 40th Anniversary in April 2025. Watch for notifications at ISSA.org Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation...
Microsoft MFA bypass, cybercrime marketplace takedown, Sophos hacker charged
Microsoft MFA bypassed in AuthQuake attack Cybercrime marketplace Rydox taken down U.S. charges Chinese national for hacking thousands of Sophos firewall devices Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently...
Operation PowerOFF hits DDoS sites FCC proposes new telco cybersecurity rules ZLoader returns Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. For the stories...
Telecom security bill, Google's quantum chip, Chinese cyber firm sanctions
Senator announces new bill to secure telecom companies Google unveils new quantum chip U.S. sanctions Chinese cybersecurity firm for firewall hacks Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and...
Romanian energy attack, medical device disruption, Deloitte responds to data theft claims
Romanian energy giant battles ongoing attack Ransomware disrupts medical device maker Deloitte responds to data theft claims Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit...
Massachusetts hospital breach, Recall's next deployment, Blue Yonder restoration
Anna Jaques Hospital confirms details of Christmas Day ransomware breach Microsoft expands Recall preview to Intel and AMD Copilot+ PCs Blue Yonder announces restoration progress after November 21 attack Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker...
Week in Review: Cloudflare's lost logs, cyber-unsafe employees, FBI encryption request
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Sean Kelly with guest Edward Frye, head of security, Luminary Cloud. Thanks to our show sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. WithVanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews.Visit vanta.com to learn...
Feds investigate group 764, Russians hack hackers, AWS PQC migration
Feds find cybercriminal tools used by sextortion group Russian hackers hack hackers Amazon's post-quantum migration plan Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. Get the stories behind...
Phone encryption urged, Pegasus spyware discoveries, Japan I-O Data 0-day
FBI and CISA urge Americans to use encrypted apps rather than calling, iVerify scanner finds seven Pegasus spyware infections, Japan warns of IO-Data zero-day router flaws exploited in attacks Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security...
Stoli U.S. bankrupts, German Crimenetwork seized, FBI telecom advisory
Stoli files for bankruptcy in U.S. after ransomware attack Police seize largest German online criminal marketplace FBI advises telecoms to boost security following Chinese hacking campaign Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com...
Hydra Market leader sentenced to life Former Polish spy chief arrested in Pegasus spyware probe SpyLoan malware targets millions Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. Get...
Ransomware affiliate arrested, UK hospital hacked, Cloudflare's lost logs
Ransomware affiliate Mikhail Matveev arrested Another UK hospital system hacked Cloudflare says it lost 55% of logs pushed to customers for 3.5 hours Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more...
Advantech WiFi flaws, T-Mobile block attack, UK hospital cyberattack
Patch alert after flaws identified in Advantech industrial Wi-Fi access points T-Mobile confirms Salt Typhoon attack was blocked UK hospital network postpones procedures after cyberattack Huge thanks to our sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your...
Interpol's African operation, Blue Yonder ransomwared, Snowflake suspect update
Interpol takes down over 1,000 cybercrime suspects in Africa Starbucks and UK grocers impacted by supply chain attack Hacker in Snowflake extortions may be a U.S. soldier Huge thanks to our sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help...
Microsoft 365 outage update, China's cyber campaign fallout, Fake IT worker scheme
Microsoft 365 outage update "Hair on Fire" over China's cyber campaign North Korean fake IT worker scheme unveiled Huge thanks to our sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware,...
DoJ seizes PopeyeTools, IGT suffers cyberattack, Windows update blocked
DoJ seizes credit card marketplace PopeyeTools Gambling giant IGT suffers cyberattack Windows update blocked on some gaming PCs Huge thanks to our sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware,...
Week in Review: Drinking water threat, CISO liability insurance, Microsoft zero-day event
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Jimmy Benoit, vp, cybersecurity, PBS Thanks to our show sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization...
MITRE offers updated list of most dangerous software vulnerabilities CISOs can now obtain professional liability insurance BianLian group refines its game Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and...
Scattered Spider arrest, telcos attacked, Apple exploit
US charges Scattered Spider members Chinese threat actors infiltrate more telcos Apple issues emergency security update Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com....
Easterly to step down, Maxar discloses breach, Microsoft hacking event
CISA director Jen Easterly to step down Space tech giant Maxar discloses employee data breach Microsoft launches Zero Day Quest hacking event Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently...
EPA warns of critical risks, Four million WordPress sites exposed, Sextortion scams bypass filters
EPA warns of critical risks in drinking water infrastructure Four million WordPress sites exposed Sextortion scams bypass Microsoft security filters Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected...
T-Mobile confirms breach, AnnieMac data stolen, NewGlove malware threat
T-Mobile confirms telecom breach hack Customer data stolen from AnnieMac New Glove infostealer malware bypasses Chrome's cookie encryption Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware,...
Week in Review: Most common passwords, Secure-by-design, DNA firm vanishes
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Brett Conlon, CISO, American Century Investments Thanks to our show sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your...
NordPass popular passwords, Healthcare extortion sentence, China breached telecoms
China threat actors breached U.S. broadband providers to spy on U.S. government officials 123456 tops the list of most popular passwords again Hacker gets 10 years in prison for U.S. healthcare extortion scheme Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn...
Volt Typhoon's new botnet, China APT hits Tibet, DoD leaker sentenced
Volt Typhoon rebuilding botnet Chinese group targets Tibetan media DoD leaker sentenced Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. Get the stories behind...
Dutch cybersecurity incident affects Giant Food and Hannaford Indictment against Snowflake breach suspects is released Surge in zero-day vulnerability exploits is new normal, says Five Eyes Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep...
Halliburton cyberattack costs, Israel credit card DDoS, Forth announces breach
Cyberattack cost Halliburton $35 million thus far DDoS attack makes credit card readers malfunction in Israel Debt relief firm Forth announces data breach for customers and non-customers Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help...
Regulator limits phone use, Hacked police emails, UK seniors scammed
U.S. financial regulator calls for reduced cell phone use at FBI warns of spike in hacked police emails and fake subpoenas Cyberscoundrels target UK senior citizens with Winter Fuel Payment texts Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about...
Week in Review: Sophos Chinese hacker warning, AI flaws and vulnerabilities
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Ken Athanasiou, CISO, VF Corporation Thanks to our show sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn...
Interlock targets healthcare, Canada dissolves TikTok, HP critical flaws
Interlock ransomware gang aims at U.S. healthcare, IT and government Canada tells TikTok to dissolve its Canadian business Hewlett Packard warns of critical RCE flaws in Aruba Networking software Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security...
Nokia investigates breach claims, Nigerian cybercrime bust, SelectBlinds e-skimmer breach
Nokia says it has no evidence that hackers breached company data Nigerian cybercrime bust arrests 130 people 200,000 SelectBlinds customers impacted by e-skimmer Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more...
ElizaRAT hits India, Washington court outage, Snowflake hacker arrested
ElizaRAT hits India IT outage impacts Washington courts Alleged Snowflake hacker arrested Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation.
Schneider Electric breached again, Russia behind fake video, Ohio's ransomware lawsuits
Schneider Electric breached for second time this year U.S. says Russia behind fake Haitian voter video Ohio's capital city faces lawsuits for handling of ransomware attack Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com...
Entra MFA mandatory, German pharma cyberattack, LightSpy iPhone enhancements
Microsoft Entra "security defaults" to make MFA setup mandatory Ransomware attack hits German pharmaceutical wholesaler AEP Upgraded LightSpy spyware targets iPhones with more destructive power Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visitvanta.com to learn...
Week in Review: Deepfake targets Wiz, Black Basta leverages Teams, Russia's Linux plans
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest David Cross, SVP/CISO, Oracle. Also check out David's travel blog and recent "Secure by Default" white paper at IT ISAC. Thanks to our show sponsor, Dropzone AI Security operations are evolving, and AI is leading the way. Dropzone AI autonomously investigates 100% of your alerts with precision, freeing up your team to focus on real threats. See how this works in action. Visit dropzone.ai and schedule a demo today. Add to Description: All links and the video of this episode can...
Peruvian bank heist, Task Manager error, CyberPanel vulnerabilities exploited
Peruvian bank warns of data theft after dark web revelations Windows 11 Task Manager displays wrong number of running processes CyberPanel sees vulnerabilities exploited soon after disclosure Thanks to today's episode sponsor, Dropzone AI Security operations are evolving, and AI is leading the way. Dropzone AI autonomously investigates 100% of your alerts with precision, freeing up your team to focus on real threats. See how this works in action. Visit dropzone.ai and schedule a demo today. Find the stories behind the headlines at CISOseries.com.
CISA's plan, North Korea comes to Play, FakeCall's new tricks
CISA launches International Cybersecurity Plan North Korean hackers tied to Play ransomware FakeCall learns new tricks Thanks to today's episode sponsor, Dropzone AI Tired of false positives slowing your SOC down? Dropzone AI uses advanced AI to filter out the noise and focus on real threats. 24/7, every alert, no manual intervention. Want to learn more? Schedule a demo and see the power of Dropzone AI at dropzone.ai.
Five Eyes program, Chinese activity, Russian Linux
Five Eyes launches startup security program Canada and the Netherlands seeing increased Chinese activity Russia might fork the Linux community Thanks to today's episode sponsor, Dropzone AI Facing alert overload? Dropzone AI autonomously investigates every alert, reducing noise and providing decision-ready reports. Discover how our AI solutions can enhance your SOC's efficiency. Check out our demo gallery and see how Dropzone AI works at dropzone.ai.
RedLine and Meta infostealer takedown, Russian-backed malware, French telecom breach
Global law enforcement gains access to RedLine and Meta infostealer networks Russian-backed malware poses as Ukrainian anti-recruitment tool Massive breach impacts French telecom giant Thanks to today's episode sponsor, Dropzone AI Imagine an AI analyst that never sleeps. Dropzone AI autonomously handles every alert, cutting manual analysis by 90%. It's like adding a new team member, but one that works 24/7. Experience the difference AI can make. Visit dropzone.ai to test drive the future of security operations.
Change Healthcare data breach confirmed as largest-ever in U.S. healthcare history Authorities investigate telecom hacks following reports of campaign intrusions Delta sues CrowdStrike over sensor update that prompted mass flight disruptions Thanks to today's episode sponsor, Dropzone AI Is your SOC overwhelmed by endless alerts? Dropzone AI's autonomous SOC Analyst investigates 100% of alerts, around the clock. No playbooks, no code. Just actionable insights to reduce false positives and save your team time. Ready to see it in action? Schedule a demo today at dropzone.ai.
Week in Review: Solar Winds fines, Microsoft loses security logs, employee security awareness lacking
Link to episode page This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Dmitriy Sokolovskiy, senior vice president, information security, Semrush Thanks to our show sponsor, SpyCloud SpyCloud disrupts cybercrime by telling you what criminals know about your business, so you can take action on exposed identity data to prevent cyber attacks like ransomware. To learn more how to level the playing field against bad actors and combat cyber attacks, visit spycloud.com/headlines. All links and the video of this episode can be found on CISO Series.com
Researchers reveal upgraded Qilin ransomware-as-a-service CISA adds Microsoft SharePoint flaw to its KEV catalog Rhysida ransoms Easterseals Thanks to today's episode sponsor, SpyCloud Ransomware continues to impact organizations. A new report released by SpyCloud shares insights from your peers in security the majority of whom were affected by ransomware in the past year. The report has some fascinating industry-specific stats you'll want to see plus confirms some stark truths: that the industry you're in can affect your likelihood of being hit with ransomware. Check it out at spycloud.com/headlines. Find the stories behind the headlines at CISOseries.com.
CISA data rules, Fortinet zero-day, UK Cyber Essentials
CISA proposes new security requirements for personal data Fortinet patches actively exploited zero-day UK report on Cyber Essentials certification Thanks to today's episode sponsor, SpyCloud Stolen data is a hot commodity for cybercriminals. Using infostealer malware, bad actors can siphon valid session cookies from employee devices, scoring the keys to access your networks and systems. According to SpyCloud's latest research, security teams are now seeing stolen cookies among the top three entry points for initial access for ransomware. Get the full insights, including other risk factors at spycloud.com/headlines.
SolarWinds disclosure fines, Zendesk helps Internet Archive, Samsung zero-day
Four cyber companies fined for SolarWinds disclosure failures Zendesk helps Internet Archive after hacker breached email system Samsung zero-day under active exploit Thanks to today's episode sponsor, SpyCloud Researchers at SpyCloud recently found that one in five individuals was infected with infostealer malware in the last year. Unfortunately, research now confirms that infostealer infections open the door to ransomware. But organizations with visibility into identity data stolen by malware infections are better-suited to prevent a future attack. Learn more about the connection between infostealers and ransomware in SpyCloud's new report at spycloud.com/headlines.
U.S. rule on selling sensitive data, Cisco data stolen, Nidec breach
Proposed rules ban U.S. companies from selling sensitive data Cisco data stolen by IntelBroker Nidec breach exposes 50,000+ documents Thanks to today's episode sponsor, SpyCloud Did you know that infostealer malware can be a precursor to ransomware? Infostealers are a trending tactic used by cybercriminals to exfiltrate valuable identity data like credentials, PII, and session cookies. According to recent SpyCloud research, 75% of organizations were affected by ransomware more than once in the past year! Visit spycloud.com/headlines to find out how to keep your organization from becoming one of the statistics.
Microsoft logs lost, Omni Family breach, Internet Archive Zendesk breach
Microsoft warns it lost some customers' security logs for a month Omni Family Health data breach impacts almost half a million individuals Internet Archive breached again through stolen access tokens Thanks to today's episode sponsor, SpyCloud It turns out infostealer infections are a major contributing factor to a company's ransomware risk, with some industries faring better than others. Get the new research from our sponsor, SpyCloud, and see if your ransomware defense strategy stacks up against your peers. Visit spycloud.com/headlines Find the stories behind the headlines at CISOseries.com.
Week in Review: Amazon passkeys usage, healthcare ransomware stats, major cybercrime takedowns
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Steve Person, CISO, Cambia Health Thanks to our show sponsor, Conveyor It's spooky season, and nothing's scarier than all of your account execs asking if you're done with their customer security questionnaires. Don't worryConveyor is here to help. Conveyor's market leading AI automates the most time-consuming parts of customer security reviews: answering security questionnaires and sharing security docs like your SOC 2 with customers. Get instant AI answers to questionnaires and host an enterprise-grade trust center where customers can download documents...
Globe Life extortion, hacker USDoD arrested, Anonymous Sudan indicted
Insurance giant Globe Life facing extortion attempts after data theft from subsidiary Infamous hacker USDoD possibly arrested in Brazil Anonymous Sudan masterminds indicted Thanks to today's episode sponsor, Conveyor It's spooky season, and nothing's scarier than all of your account execs asking if you're done with their customer security questionnaires. Don't worryConveyor is here to help. Conveyor's market leading AI automates the most time-consuming parts of customer security reviews: answering security questionnaires and sharing security docs like your SOC 2 with customers. Get instant AI answers to questionnaires and host an enterprise-grade trust center where customers can download documents and...
AI models tested, breaking encryption, Intel security review
Putting AI models to the EU test Chinese researchers don't break classical encryption yet Chinese group calls for security reviews on all Intel products Thanks to today's episode sponsor, Conveyor There's so many reasons why infosec and presales teams choose Conveyor for automating their security reviews, but here are the main three: OneConveyor's market-leading AI provides instant, accurate answers to any format of security questionnairewithout requiring constant knowledge base updates and maintenance. TwoConveyor offers an enterprise-grade trust center that automates every customer security review request, so you're not constantly distracted with questions and SOC 2 requests. And threeConveyor's sales team....
VW alleged data theft, Finland seizes Sipultie, Calgary library cyberattack
VW says IT infrastructure unaffected after alleged data theft Finland seizes servers of 'Sipultie' dark web market Calgary Public Library services limited after cyberattack Thanks to today's episode sponsor, Conveyor Does the thought of a whopper 300 question security questionnaire in your most dreaded portal give you nightmares? Conveyor can help you sleep peacefully. How? They are the market leaders in instant and accurate AI answers to any format of security questionnaire. They even offer a zero-touch option for portal-based questionnairesjust paste the URL, and ConveyorAI automatically answers the questions and exports them back to the portal for you. End...
Pokmon game developer breached, TrickMo's new variants, Ivanti zero-days exploited
Pokmon game developer breached TrickMo hits with 40 new trojan variants Nation-state actor exploits Ivanti zero-days Thanks to today's episode sponsor, Conveyor It's spooky season, and nothing's scarier than all of your account execs asking if you're done with their customer security questionnaires. Don't worryConveyor is here to help. Conveyor's market leading AI automates the most time-consuming parts of customer security reviews: answering security questionnaires and sharing security docs like your SOC 2 with customers. Get instant AI answers to questionnaires and host an enterprise-grade trust center where customers can download documents and self-serve answers to their own questions. End...
Iran exploits Windows, Microsoft deprecates tunnels, NATO cyberexpert swap
Iranian hackers exploit Windows flaw to elevate privileges Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server NATO's 'most experienced expert on cyber rotated out of cyber section Thanks to today's episode sponsor, Conveyor What's the ultimate jumpscare? That moment when the security questionnaire in the portal didn't auto-save all your work. Good news: with Conveyor, that's one horror you won't have to face. Conveyor is the market leader in instant, generative AI answers for security questionnaires, no matter the format. They even offer a zero-touch option for portal-based questionnaires where you can just paste the URL, and the...
Week in Review: Neuberger's insurance warning, instant identification sunglasses, Salt Typhoon dangers
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Quincy Castro, CISO, Redis. Thanks to our show sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more...
Coker's Internet Security plan, hurricane scams, Firefox zero day
White House prioritizes secure internet routing, using memory safe languages Federal Trade Commission and CISA warn of hurricane-related scams Mozilla warns of Firefox zero day: patch now Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit...
Australia's cybersecurity bill, Qualcomm zero-day, Russia bans Discord
Australian Parliament introduces standalone cybersecurity law Qualcomm zero-day used to target Android devices Russia and Turkey ban Discord Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. For the...
GoldenJackal uses new tools against governments Cross-site scripting flaw found in major WordPress plugin Ukraine's defense ministry launched military CERT Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation....
Salt Typhoon attack, Cyberattack hits major U.S. water utility, Russia attacked on Putin's birthday
Salt Typhoon attack potentially exposes wiretap data Cyberattack hits major U.S. water utility A not- so- happy birthday present for Russia's president Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about...
Neuberger's Insurance suggestion, Kaspersky PlayStore removal, Detroit suffers cyberattack
Insurers should stop funding ransomware payments, says Neuberger Google removes Kaspersky antivirus software from Play Store Cyberattack hits Detroit-area government services Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire...
Week in Review: T-Mobile breach cost, Senate's deepfake scam, Public records flaws
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Jonathan Waldrop, CISO, The Weather Company. Here's a link to CISA's Cybersecurity Awareness Month announcement, sent to us by Jonathan. Thanks to our show sponsor, SpyCloud SpyCloud disrupts cybercrime by telling you what criminals know about your business, so you can take action on exposed identity data to prevent cyber attacks like ransomware. To learn more how to level the playing field against bad actors and combat cyber attacks, visit spycloud.com/headlines. All links and the video of this episode can be...
Largest DDoS blocked, Adobe Commerce compromise, neural data law
Cloudflare blocks largest recorded DDoS attack Adobe Commerce and Magento stores compromised by CosmicSting bug DOJ and Microsoft take down 107 domains used in Star Blizzard phishing attacks Huge thanks to our sponsor, SpyCloud Ransomware continues to impact organizations. A new report released by SpyCloud shares insights from your peers in security the majority of whom were affected by ransomware in the past year. The report has some fascinating industry-specific stats you'll want to see plus confirms some stark truths: that the industry you're in can affect your likelihood of being hit with ransomware. Check it out at spycloud.com/headlines. Get...
Russian cybercriminal arrests, Irish police fined, Rackspace blame game
Russian authorities arrest nearly 100 cybercriminals in raid Northern Ireland police fined for exposing officer identities Rackspace breach sparks vendor blame game Huge thanks to our sponsor, SpyCloud Stolen data is a hot commodity for cybercriminals. Using infostealer malware, bad actors can siphon valid session cookies from employee devices, scoring the keys to access your networks and systems. According to SpyCloud's latest research, security teams are now seeing stolen cookies among the top three entry points for initial access for ransomware. Get the full insights, including other risk factors at spycloud.com/headlines. Get the story behind the headlines at CISOSeries.com
LockBit ties to Evil Corp, public records flaws, ransomware hits Texas hospital
UK ties LockBit affiliate to Evil Corp Public records systems riddled with security flaws Ransomware disrupts emergency services at Texas hospital Huge thanks to our sponsor, SpyCloud Researchers at SpyCloud recently found that one in five individuals was infected with infostealer malware in the last year. Unfortunately, research now confirms that infostealer infections open the door to ransomware. But organizations with visibility into identity data stolen by malware infections are better-suited to prevent a future attack. Learn more about the connection between infostealers and ransomware in SpyCloud's new report at spycloud.com/headlines. Get the story behind the headlines at CISOSeries.com
T-mobile data breach fines, Iranian hackers charged, Deepfake scam hits U.S. senate
T-Mobile data breaches cost company $31.5 million Iranian hackers charged for targeting 2024 U.S. election Deepfake scam hits U.S. senate Huge thanks to our sponsor, SpyCloud Did you know that infostealer malware can be a precursor to ransomware? Infostealers are a trending tactic used by cybercriminals to exfiltrate valuable identity data like credentials, PII, and session cookies. According to recent SpyCloud research, 75% of organizations were affected by ransomware more than once in the past year! Visit spycloud.com/headlines to find out how to keep your organization from becoming one of the statistics. Get the story behind the headlines at CISOSeries.com
Recall redesign: reinforced and removable Embargo moves ransomware attacks to cloud environments Dallas suburb deals with ransomware attack Huge thanks to our sponsor, SpyCloud It turns out infostealer infections are a major contributing factor to a company's ransomware risk, with some industries faring better than others. Get the new research from our sponsor, SpyCloud, and see if your ransomware defense strategy stacks up against your peers. Visit spycloud.com/headlines Get the story behind the headlines at CISOSeries.com
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Jason Elrod, CISO, Multicare Health System Missed the live show? Watch it on YouTube. And make sure to check out Jason's book (coming soon) at CyberCISOmarksmanship.com, as well as his newsletter at LimitlessCyber.com. And huge thanks to our sponsor Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to...
Train station WiFi hack, Mozilla tracking complaint, NIST password changes
Public Wi-Fi hacked at some of the UK's busiest train stations Data privacy watchdog files complaint against Mozilla for ad tracking feature NIST drops password complexity, mandatory reset rules Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security...
DragonForce ransomware, Salt Typhoon hits ISPs, ChatGPT SpAIware
DragonForce uses ransomware's greatest hits Salt Typhoon strikes US ISPs Finding SpAIware on the ChatGPT Mac app Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation.
Kansas water targeted, CrowdStrike apology, MoneyGram goes dark
Kansas water plant pivots to analog after cyber event CrowdStrike exec apologizes in Congress for global IT outage MoneyGram goes offline after cyber incident Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn...
Proposed ban on autonomous vehicles, updated Telegram policy, Necro infects Android devices
U.S. proposes ban on Chinese, Russian tech in autonomous vehicles Telegram updates policies to expose 'bad actors' Necro Trojan infects 11 million android devices through Google Play apps Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews....
LinkedIn halts AI training, Ukraine bans Telegram, hack-for-hire lawsuit
LinkedIn halts AI data processing in UK due to privacy concerns, Ukraine bans Telegram Use for government and military, Dismissed German cyber chief falsely accused of associating with Russian spies Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on...
Week in Review: LinkedIn's AI chicanery, AT&T FCC settlement, Craigslist defense network
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Mike Rosen, CISO, ZwillGen, advisor to NightDragon and Villager at Team8, whose favorite story of the week was Starlink's ability to detect stealth aircraft. Check it out. Thanks to our show sponsor, Conveyor Why do teams choose Conveyor over the competition for customer security reviews? A few reasons. One. Market-leading AI accuracy for any format of security questionnaire with limited knowledge base maintenance.Two. Enterprise-grade trust center that automates every customer security request.Three. Conveyor's sales team is actually fun to work with....
INC targets healthcare, Providence schools cyberattack, Apple iPads bricked
New INC ransomware targets U.S. healthcare sector Providence public schools deal with irregular internet activity Apple pulls iPadOS 18 update that was bricking M4 iPad Pro devices Thanks to today's episode sponsor, Conveyor It's Friday and Conveyor hopes you don't have a meaty security questionnaire waiting for you on the other side of this podcast. If you do, you should check them out. As the market-leader in instant, generative AI answers to entire security questionnaires, Conveyor helps you complete questionnaires fast, no matter the format they're in, so you don't feel like you're getting crushed by the wave of unfinished...
Derailing Raptor Train, Volunteer Civil Cyber Defense, US AI safety summit
Feds derail Raptor Train Newmark creates Volunteer Network for Civil Cyber Defense US to host global AI safety summit Thanks to today's episode sponsor, Conveyor Does the next security questionnaire that hits your inbox make you want to throw your laptop out the window? If so, don't do it. You should check out Conveyor first. Conveyor is the market-leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that's right. Upload any file like excels, word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension...
Exploding pager analysis, construction company vulnerability, cyberattack job loss
Exploding pager tragedy experts look towards supply chain sabotage Construction companies potentially vulnerable through accounting software Cyberattacks result in job losses Thanks to today's episode sponsor, Conveyor Are customer security reviews constantly interrupting your day? You should check out Conveyor. With an enterprise-grade trust center to securely share your security posture, SOC 2, and security FAQs and security questionnaires and market-leading AI accuracy for instant security questionnaire answers, you'll fly through any customer security request and get back to your regular job. Learn more about the AI security review automation platform your infosec friends love at www.conveyor.com. Mention this podcast...
Intellexa faces new sanctions, London hospitals impact, Apple releases update
Spyware giant Intellexa faces new U.S. sanctions Nearly 1 million impacted by ransomware attack on London hospitals Apple releases long-awaited update Thanks to today's episode sponsor, Conveyor Why do teams choose Conveyor over the competition for customer security reviews? A few reasons. One. Market-leading AI accuracy for any format of security questionnaire with limited knowledge base maintenance. Two. Enterprise-grade trust center that automates every customer security request. Three. Conveyor's sales team is actually fun to work with. Learn why Conveyor is the security review platform your infosec friends love at www.conveyor.com Get the story behind the headlines at CISOSeries.com.
Fortinet confirms customer data breach RansomHub threatens to leak stolen Kawasaki data Update: Transport for London requires in-person password resets after hack Thanks to today's episode sponsor, Conveyor Ever feel like completing security questionnaires has become your full time side hustle you're not even getting paid extra for? If so, you should check out Conveyor. Conveyor is the market-leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that's right. Upload any file like excels, word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension...
Week in Review: Wisconsin Medicare MOVEit, cop sues data broker, WHOIS vulnerability
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by David Spark with guest Patrick Heim, co-founder and partner, SYN Ventures Huge thanks to our sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at vanta.com/headlines. All...
Lazarus Group's VMConnect campaign spoofs CapitalOne Mastercard buys security firm Recorded Future WordPress to require two-factor authentication for plugin developers Huge thanks to our sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That's vanta.com/headlines. Get the story behind the...
$20 WHOIS vulnerability, India's Cyber Commandos, Word hits drone makers
The $20 WHOIS vulnerability India training thousands of "cyber commandos" A Word of warnings for Taiwanese drone makers Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That's vanta.com/headlines. Get the story behind the headlines atCISOSeries.com
Slim CD data breach, International sextortion bust, TfL mixed messages
Slim CD notifies 1.7M customers of data breach Delaware men charged in international sextortion scheme London transit agency drops claim it has 'no evidence' of customer data theft Huge thanks to our sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at...
Payment processing breach, dark web admins charged, Predator spyware resurges
1.7 million impacted in payment processing breach Dark web administrators charged in U.S. Resurgence of Predator Spyware sparks privacy concerns Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That's vanta.com/headlines. Get the story behind the headlines atCISOSeries.com
Avis rentals breach, Microsoft disables ActiveX, Wisconsin Medicare breach
Car rental company Avis discloses data breach Microsoft Office 2024 to disable ActiveX controls by default Wisconsin Medicare users had information leaked in MOVEit breach Huge thanks to our sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. Get the...
Week in Review: MFA bypass bust, Airport security SQL, GitHub help malware
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Justin Somaini, partner, YL Ventures Thanks to our show sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io. All links and the video of this episode can be found on CISO Series.com
Planned Parenthood suffers cyberattack DoJ propaganda domains takedown Microchip Technology confirms data theft Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io. Find the stories behind the headlines at CISOseries.com.
Spyware research report They found a way to make Cicadas more annoying MacroPack red teaming tool used for malware Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io.
Halliburton data stolen, Columbus sues researcher, White House protects internet
Halliburton confirms data stolen in cyberattack City of Columbus sues researcher after ransomware attack White House publishes plan to protect a key component of the internet Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io. For the stories behind the headlines, visit CISOseries.com.
London transport cyberattack, German ATC attack, Sweden's heightened risk
Transport for London suffers cyberattack German air traffic control agency confirms cyberattack Sweden warns of heightened risk of Russian sabotage Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io. Find the stories behind the headlines at CISOseries.com
Seattle airport woes, aircraft cockpit SQL, North Korea's FudModule
Seattle Airport issues travelers' advisory for Labor Day travel SQL injection able to bypass airport TSA security checks North Korea uses FudModule Rootkit in Chrome zero-day exploit Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io. Find the stories behind the headlines at CISOseries.com.
DICK'S Sporting Goods cyberattack, Brain Cipher hacked Paris
DICK'S Sporting Goods suffers cyberattack Brain Cipher claims attack on Paris museums, promises data leak Play ransomware hackers claim attack on Microchip Technology Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io. Find the stories behind the headlines at CISOSeries.com
Iran hacking, Labour Party backlog, more Telegram warrants
Iran targeting presidential administration officials Iran working with ransomware gangs UK Labour Party chided over cyberattack backlog Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io. Find the stories behind the headlines at CISOSeries.com
Another MOVEit incident, U.S. Marshals disputes breach, Park'N Fly data swiped
Texas credit union user data exposed in another MOVEit breach US Marshals Service disputes ransomware gang's breach claims Park'N Fly notifies 1 million customers of data breach Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io. Find the stories behind the headlines at CISOSeries.com
SonicWall access flaw, Microsoft security summit, Telegram details
SonicWall warns of critical access control flaw Microsoft to host security summit More details on Telegram CEO's arrest Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io. Find the stories behind the headlines at CISOSeries.com
Halliburton suffers cyberattack, Telegram CEO arrested, Georgia Tech lawsuit
Halliburton takes systems offline following cyberattack French police arrest Telegram CEO Pavel Durov DOJ joins suit against Georgia Tech over Defense Department cybersecurity failures Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That's www.scrut.io. Find the stories behind the headlines at CISOSeries.com
Week in Review: NPD breach update, Hawaii hacker sentenced, Poisoned LLM coders
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude, CISO, The Carlyle Group Thanks to today's episode sponsor, Nudge Security When your CEO asks "Hey, are we using that SaaS app that was just breached?", how quickly and confidently can you answer? Stop guessing with Nudge Security. Discover all SaaS accounts ever introduced by anyone in your org, in minutes and get alerted when any SaaS app used in your org is breached. Start a 14-day trial now at nudgesecurity.com/saas All links and the video of this...
Russia's questionable DDoS, FAA's cybersecurity proposal, Windows Recall reappears
Kremlin complains of DDoS attack, digital experts not so sure FAA proposes new cybersecurity rules for airplanes Windows Recall to reappear Thanks to today's episode sponsor, Nudge Security Do you know who's using genAI tools in your org? Find out today withNudge Security. Their patented approach to SaaS discovery gives you a full inventory of all apps ever introduced by anyone in your org, in minutes, including genAI apps. And, automated workflows help you scale security and governance without breaking a sweat. Start a free trial today atnudgesecurity.com/genai For the stories behind the headlines, head to CISOseries.com.
Japanese auto security, Feds tap encrypted messages, Microsoft breaks Linux dual-booting
Security initiative from Japanese auto companies Feds tapping into encrypted messaging haul Microsoft breaks Linux dual-boot systems Thanks to today's episode sponsor, Nudge Security How big is your SaaS attack surface? Find out today with Nudge Security. Nudge Security discovers all SaaS accounts ever created by anyone in your org, in minutes, and gives you automated workflows to scale SaaS security and governance. Take control of your SaaS security posture. Start a free trial today atnudgesecurity.com/cisoseries
Toyota third-party breach, Hawaii registry hack, Iran disrupting campaigns
Toyota confirms third-party data breach impacting customers Man who hacked Hawaii state registry sentenced U.S. Intelligence blames Iran for Trump campaign hack Thanks to today's episode sponsor, Nudge Security When your CEO asks "Hey, are we using that SaaS app that was just breached?", how quickly and confidently can you answer? Stop guessing with Nudge Security. Discover all SaaS accounts ever introduced by anyone in your org, in minutes and get alerted when any SaaS app used in your org is breached. Start a 14-day trial now at nudgesecurity.com/saas For the stories behind the headlines, visit CISOseries.com.
National Public Data breach update, Flaws in macOS apps, FlightTracker configuration issue
'Only' 1.3 million affected by National Public Data Breach Flaws in Microsoft macOS Apps allowing secret recording Configuration issue exposes flight tracking site Thanks to today's episode sponsor, Nudge Security Do you know who's using genAI tools in your org? Find out today with Nudge Security. Their patented approach to SaaS discovery gives you a full inventory of all apps ever introduced by anyone in your org, in minutes, including genAI apps. And, automated workflows help you scale security and governance without breaking a sweat. Start a free trial today at nudgesecurity.com/genai
Entra forces MFA, another AnyDesk heist, Google Pixel vulnerability
Microsoft Entra admins must enable MFA or lose access to admin portals Cybercrime gang uses fake Windows update screen to hide data theft Google Pixel devices shipped with vulnerable Verizon app Thanks to today's episode sponsor, Nudge Security How big is your SaaS attack surface? Find out today with Nudge Security. Nudge Security discovers all SaaS accounts ever created by anyone in your org, in minutes, and gives you automated workflows to scale SaaS security and governance. Take control of your SaaS security posture. Start a free trial today at nudgesecurity.com/cisoseries For the stories behind the headlines, head to CISOseries.com.
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Edwin Covert, head of cyber risk engineering, Bowhead Specialty Underwriters and edwincovert.com Thanks to our show sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about...
GitHub vulnerability warning regarding ArtiPacked RansomHub affiliate launches new EDR-killing tool SolarWinds issues hotfix for web help desk vulnerability Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from...
Gemini AI privacy, AI Risk Repository, Russian phishing
Google details privacy commitments with Gemini AI MIT releases AI Risk Repository Russian spies using highly targeted phishing Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware,...
FBI shutters Radar, NIST post-quantum standards, 2.7B record leaked
FBI shutters Radar ransomware gangs servers NIST finalizes post-quantum encryption standards 2.7 billion National Public Data records leaked Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware,...
U.S. operation of "laptop farm" for North Korea shutdown Over 100 Ukrainian government computers compromised Trump campaign says they were hacked Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and...
Iranian hackers ramping up U.S. election interference AMD SinkClose flaw helps install nearly undetectable malware ADT discloses breach that impacts more than 30,000 customers demands Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your...
Week in Review: CrowdStrike releases Falcon, ransomware as terrorist threat
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest DJ Schleen, distinguished security architect, Yahoo Thanks to our show sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That's vanta.com/headlines....
Chameleon reappears targeting Canadian restaurant chain Rhysida claims attack on Bayhealth Hospital in Delaware BlackSuit/Royal achieves $500m in ransomware demands Huge thanks to our sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That's vanta.com/headlines. For the stories behind the...
McLaren hospitals disruption linked to INC ransomware attack CrowdStrike to give customers control over Falcon sensor updates Ronin Network hacked by "white hats" Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That's vanta.com/headlines
Android kernel zero-day, voter portal flaw, ransomware as terrorism
Google patches Android kernel zero-day Researchers find flaws in Georgia voter portal Law would make ransomware a terrorist threat Huge thanks to our sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That's vanta.com/headlines.
CrowdStrike strikes back against Delta, Keytronic loses millions to ransomware, Flaw in Apache OFBiz
CrowdStrike strikes back against Delta's claims of negligence Ransomware attack costs Keytronic $17 million Patch required for high-severity flaw in Apache OFBiz Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That's vanta.com/headlines
Software update malware, investors sue CrowdStrike, cybercriminals in prisoner swap
Hackers use ISP to send malware through software updates CrowdStrike sued by investors following update failure Historic prisoner swap includes cybercriminals returned to Russia Huge thanks to our sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That's vanta.com/headlines. For...
Week in Review: CrowdStrike problems grow, record breaking ransom, Argentina's Minority Report
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Dennis Pickett, vp, CISO, Westat Thanks to our show sponsor, Dropzone AI Dropzone AI's Analyst investigates alerts with unmatched speed and precision, providing clear, actionable reports. Experience the power of autonomous threat detection. Meet Dropzone AI at BSides Las Vegas. Visit dropzone.ai for a 3-month free trial. All links and the video of this episode can be found on CISO Series.com
Cencora confirms patient data stolen in February cyberattack Phishing campaign targets OneDrive users Argentina will use AI to predict future crimes Huge thanks to our sponsor, Dropzone AI Picture an analyst who works tirelessly around the clock. Dropzone AI's Analyst investigates every alert and provides comprehensive, actionable reports. Boost your SOC's capabilities with a 3-month free trial at dropzone.ai. For the stories behind the headlines, head to CISOseries.com
Elections and DDoS, dating apps leak locations, Germany blames China
DDoS attacks won't impact US elections Dating apps leaked precise location data Germany formally blames China for 2021 cyberattack Huge thanks to our sponsor, Dropzone AI Think of Alex, your new team member who never takes a break. Dropzone AI's Analyst investigates every alert and delivers detailed reports without playbooks or code. Experience Alex's dedication with a 3-month free trial at dropzone.ai.
Delta's legal maneuver, Record-breaking ransom, Meta $1.4B settlement
Delta enlists Microsoft's legal nemesis over CrowdStrike losses Dark Angels receives record-breaking ransom payment Meta to pay $1.4 billion biometric lawsuit Huge thanks to our sponsor, Dropzone AI Dropzone AI's Analyst investigates alerts and responds to threats with unmatched speed and precision. No playbooks, no code required. Transform your SOC's performance with a 3-month free trial at dropzone.ai. For the stories behind the headlines, head to CISOseries.com.
HealthEquity data breach, CrowdStrike impact grows, Proofpoint exploit
4.3 million impacted by HealthEquity data breach Microsoft admits CrowdStrike incident far greater than first reported Proofpoint exploit allows for millions of fake emails Huge thanks to our sponsor, Dropzone AI Imagine an analyst who never misses an alert. Dropzone AI autonomously investigates every alert and provides decision-ready reports, enhancing your SOC's efficiency. Try it free for 3 months at dropzone.ai.
PyPi package targets MacOS, Columbus, Ohio suffers cyber incident, Windows July update problems
Hackers exploiting PyPi package targets MacOS Columbus, Ohio suffers cyber incident Windows July updates come with some BitLocker and remote connectivity challenges Huge thanks to our sponsor, Dropzone AI Meet Dropzone AI, the analyst who never rests. Investigating every alert with unparalleled speed and precision, delivering clear, actionable reports. No playbooks, no code. Experience the power of AI with a 3-month free trial at dropzone.ai. For the stories behind the headlines, head to CISOseries.com.
Week in Review: CrowdStrike developments, LA court shutdown, MGM casino claims win
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Jana Moore, CISO, Belron, also vice president, EmpoWer Supporting women in infosec. Thanks to our show sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires. Our listeners get $1,000 off at Vanta dot com/headlines. All links and the video...
Microsoft Defender exploited, assassin's encryption frustration, NK elite hackers
Hackers exploiting Microsoft Defender SmartScreen bug IT leaders note increase in severity of cyber-attacks, ransomware and BEC stand out, Trump shooting investigation revives the end-to-end encryption issue Huge thanks to our sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines....
CrowdStrike dishes details Google scuttles third-party cookie deprecation BreachForums leaked on Telegram Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires. Our listeners get $1,000 off at vanta.com/headlines.
Google's $23 billion plan to buy Wiz falls apart U.S. government looking for answers amidst CrowdStrike aftermath dYdX exchange hacked in DNS hijack attack Thanks to our episode sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories...
CrowdStrike update, Russian criminals sanctioned, ransomware shuts down courts
CrowdStrike says "significant number" back up and running Russian cyber criminals sanctioned for infrastructure attacks Ransomware attack shuts down largest trial court in U.S. Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires. Our listeners get $1,000 off at vanta.com/headlines.
Microsoft confirms CrowdStrike update also hit cloud Windows PCs Cybercriminals exploit CrowdStrike problem to distribute malware CISA adds some big names to its KEV catalog Huge thanks to our sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the...
Week in Review: Crowdstrike Microsoft outage, AT&T breach implications, CDK pays up
Link to blog post get exact one from https://cisoseries.com This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Adam Arellano, former vp, enterprise cybersecurity, PayPal Thanks to our show sponsor, Conveyor Why do teams choose Conveyor over the competition to automate answering security questionnaires? A few reasons. One. Market-leading AI accuracy Two. They don't have to maintain a crazy knowledge base anymore because ConveyorAI can read from any source like external support sites, documents, past questionnaires and more. Three. It can process ANY customer file format even PDFs! It will even auto-scroll and auto-complete...
Windows outage, Fin7 sells malware, Synnovis blood shortage
Windows outage worldwide UK national blood stocks suffer the effects of ransomware Security flaws in SAP AI Core cloud-based platform Thanks to today's episode sponsor, Conveyor It's Friday and Conveyor hopes you don't have a meaty security questionnaire waiting for you on the other side of this podcast. If you do, you should check them out. As the market leader in instant, generative AI answers to entire security questionnaires, Conveyor helps you complete questionnaires fast, no matter the format they're in, so you don't feel like you're getting crushed by the wave of unfinished work. Learn why we're the software...
UK ransomware reporting, Project Oscar, ransoms spike
UK mandatory ransomware reporting gets watered-down Google introduces AI agent to look for software bugs Critical infrastructure ransomware costs spike Thanks to today's episode sponsor, Conveyor Does the anticipation of the next monster security questionnaire wrecking your day ever make you feel like a balloon floating above a cactus field? If so, you should check out Conveyor. Conveyor is the market-leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that's right. Upload any file like Excel, Word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a...
Rite Aid update, AT&T ransom laundered, Hacktivists leak Disney data
Rite Aid says 'limited' cybersecurity incident affected over 2 million people AT&T ransom laundered through mixers and gambling services Hacktivists leak Disney data to protect artist rights Thanks to today's episode sponsor, Conveyor Why do teams choose Conveyor over the competition to automate answering security questionnaires? A few reasons. One. Market-leading AI accuracy Two. They don't have to maintain a crazy knowledge base anymore because ConveyorAI can read from any source like external support sites, documents, past questionnaires and more. Three. It can process ANY customer file format - even PDFs! It will even auto-scroll and auto-complete portal-based questionnaires. Don't...
Alphabet in talks to acquire Wiz AT&T allegedly paid hacker to delete data Details on Squarespace domain hacks Thanks to today's episode sponsor, Conveyor Does the mountain of security questionnaires in your inbox make you feel like you're in a rowboat trying to make it through a tsunami? If so, you should check out Conveyor. As the market leader in instant, generative AI answers to entire security questionnaires, Conveyor helps you complete them fast, no matter the format they're in, and never feel like you're getting crushed by the wave of unfinished work. Learn more about the AI security review...
Rite Aid breach, AT&T breach implications, CDK paid ransom
Rite Aid announces data breach following June cyberattack The personal security implications of the AT&T breach US offers support to prevent Paris Olympics cyber and disinformation attacks Thanks to today's episode sponsor, Conveyor Ever feel like completing security questionnaires has become your full-time side hustle you're not even getting paid extra for? If so, you should check out Conveyor. Conveyor is the market leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that's right. Upload any file like Excel, Word docs and even PDFs for instant processing and tackle any portal-based...
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Andrew Cannata, CISO, Primo Water Thanks to our show sponsor, Entro Security What are you doing to secure your company's non-human identities? Vaults and scanners are helpful, but they don't give the context for where your secrets are, how they're being used, or when it's time to remove or rotate them. The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. All links and the video of this...
PHP vulnerability exploit, Auto Parts breach, dark patterns report
PHP vulnerability exploited, spreading malware and DDoS attacks Advance Auto Parts reveals damage from Snowflake breach FTC report reveals dark patterns used to trick consumers Thanks to today's episode sponsor, Entro Reclaim control over your Non-human identities! Entro enables security teams to manage and secure the lifecycle of non-human identities and secrets from inception to rotation. Think of it like an airtag for your secrets - know where they are, how they're being used, and their risk level in one seamless platform. Visit https://entro.security/ to learn more. For the stories behind the headlines, head to CISOseries.com.
Australia targets foreign tech, banks sunset OTP, Veeam vulnerability exploited
Australia targets government tech under foreign control Singapore banks replace OTP with digital tokens New group targets Veeam vulnerability Thanks to today's episode sponsor, Entro What are you doing to secure your company's non-human identities? Vaults and scanners are helpful, but they don't give the context for where your secrets are, how they're being used, or when it's time to remove or rotate them. The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. Visit https://entro.security/ to learn more.
Russian bot takedown, Burdensome cyber regs, Fujitsu data exposed
US disrupts Russian AI-powered disinformation bot farm Senate takes aim at 'overly burdensome' cybersecurity regs Fujitsu confirms customer data exposed in cyberattack Thanks to today's episode sponsor, Entro Reclaim control over your Non-human identities! With Entro, security teams can now manage and secure the lifecycle of Non-human identities and secrets. Like an air tag for your non-human identities, The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. Visit https://entro.security/ to learn more. For the stories behind the headlines, visit CISOseries.com.
Billions of stolen passwords, cybersecurity regulations even trickier, Apple removes popular apps
Record-breaking 10 billion stolen passwords exposed Supreme court ruling makes cybersecurity regulations even trickier Apple removes popular apps at Russia's request Thanks to today's episode sponsor, Entro Did you know that an attack on non-human identities and secrets is one of the top 2 cyber attack vectors out there ? With Entro, security teams can now manage and secure the lifecycle of Non-human identities and secrets. The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. Visit https://entro.security/ to learn more.
Alabama Education breach, OpenAI secrets breach, Florida Health breach
Alabama Department of Education suffers data breach New York Times claims hackers stole OpenAI secrets in a 2023 security breach RansomHub claims to have published Florida health department data Thanks to today's episode sponsor, Entro Reclaim control over your Non-human identities! Entro enables security teams to manage and secure the lifecycle of non-human identities and secrets from inception to rotation. Think of it like an airtag for your secrets - know where they are, how they're being used, and their risk level in one seamless platform. Visit https://entro.security/ to learn more. For the stories behind the headlines, head to CISOseries.com.
Senator pressures CISA, Velvet Ant exploits Cisco, Europol crushes Cobalt
Senate leader demands answers from CISA re March Ivanti hack China's Velvet Ant hackers exploiting new Cisco zero-day Europol law enforcement takes down Cobalt Strike servers Huge thanks to our sponsor, Demoed Buyers do 70% of their product research before talking to a company. That blew our minds. Why not give buyers as much information about your product as possible to help them decide? Eliminating friction has always been key to a solid sales strategy. With Demoed, buyers can research faster and more effectively. Sign up at demoed.com For the stories behind the headlines, head to CISOseries.com.
Evolve Bank data breach is evolving Patelco Credit Union cyberattack disrupts services for nearly 500,000 members LockBit claims cyberattack on Croatia's largest hospital Huge thanks to our sponsor, Demoed Did you know that Demoed is the first platform that allows you to watch a live product demo and ask questions without receiving a barrage of follow-ups? We change buyer-vendor engagement: fewer follow-ups for buyers, more leads for vendors. Sign up now at demoed.com For the stories behind the headlines, visit CISOseries.com.
14 million Linux systems threatened, Critical patch for Juniper routers, Millions impacted by Prudential breach
14 million Linux systems threatened by 'RegreSSHion' vulnerability Critical patch issued for Juniper routers Millions not thousands impacted by Prudential breach Huge thanks to our sponsor, Demoed "I have extra time in my day" is something no security professional has ever said. Vendors on Demoed host 15-minute pitches highlighting their value and differentiation. Demoed allows buyers to browse and get educated without sales pressurewindow shopping for enterprise sales. Sign up now at demoed.com
Update on the TeamViewer network breach HubSpot looks into customer account hacks U.S. businesses struggle to obtain cyber insurance Huge thanks to our sponsor, Demoed Demoed is a unique platform that connects buyers and sellers. Buyers want to see more products, and vendors want more leads. Demoed solves this for both by making buyers anonymous. Buyers can watch demos without follow-ups, hiding their identity until they are ready. Sign up now at demoed.com. For the stories behind the headlines, head to CISOseries.com.
Week in Review: CDK Blacksuit developments, Criminal nuclear failures. U.S. Kaspersky ban
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Jim Bowie, CISO, Tampa General Hospital Thanks to our show sponsor, Prelude Security When executives ask the question, are we vulnerable to this threat? How long does it take you to get a confident answer? Prelude automatically transforms threat intelligence into validated detections, so you can know with certainty in just a manner of minutes. Visit preludesecurity.com/threats to upload your own threat intelligence and see for yourself. All links and the video of this episode can be found on CISO Series.com
Gas chromatograph vulnerabilities, Cloudflare rebukes Polyfill, Evolve Bank breach
Gas chromatograph vulnerabilities reveal medical IoT challenges We never authorized polyfill.io to use our name, says Cloudflare Evolve Bank confirms data breach, undermining LockBit's Federal Reserve claim Huge thanks to our sponsor, Prelude Security When executives ask the question, are we vulnerable to this threat? How long does it take you to get a confident answer? Prelude automatically transforms threat intelligence into validated detections, so you can know with certainty in just a manner of minutes. Visit preludesecurity.com to upload your own threat intelligence and see for yourself. For the stories behind the headlines, head to CISOseries.com.
Android lying Snowblind in the sun Identity verification service exposed data for over a year Polyfill.io JavaScript attack impacts thousands of sites Huge thanks to our sponsor, Prelude Security 30 minutes to peace of mind. That's what you'll get with Prelude's automated threat management platform where you can upload any piece of threat intelligence and quickly generate threat-hunting queries, detection rules, and more. Visit preludesecurity.com and get all of this in 30 minutes or get a pizza on Prelude.
Julian Assange plea, Latest MOVEit bug, Neiman Marcus data sale
Julian Assange to plead guilty and return to Australia Fresh MOVEit bug under attack just hours after disclosure Criminal selling Neiman Marcus customer info for $150K Huge thanks to our sponsor, Prelude Security Don't be left wondering if you're protected the next time a new threat hits the news. Week in review listeners can upload their threat intelligence to Prelude and receive a free bundle of relevant detection rules, hunt queries, and security tests. Any piece of threat intelligence. All in 30 minutes. Upload yours at prelude security dot com forward slash threats.
Indonesia battles Lockbit, DOJ charges cybercrime group, SEC reports following CDK Global attack
Indonesia battles Lockbit 3.0 ransomware DOJ charges cybercrime group for $71 million in damages SEC reports pile in following CDK Global attack Huge thanks to our sponsor, Prelude Security What would your security teams do with more time back in their day? Prelude provides an end-to-end threat management automation platform that quickly generates hunt queries, detection rules, and security tests from your threat intelligence to help you stay ahead of threats. Upload your own threat intelligence at preludesecurity.com and get all of that in just 30 minutes or less.
BlackSuit behind CDK, Microsoft spoofing bug, Nuclear compliance failures
CDK Global outage caused by BlackSuit ransomware attack Bug allows Microsoft corporate email account spoofing UK's largest nuclear site pleads guilty over cybersecurity failures Huge thanks to our sponsor, Prelude Security When executives ask the question, are we vulnerable to this threat? How long does it take you to get a confident answer? Prelude automatically transforms threat intelligence into validated detections, so you can know with certainty in just a manner of minutes. Visit preludesecurity.com to upload your own threat intelligence and see for yourself. For the stories behind the headlines, head to CISOseries.com.
Week in Review: Breach restoration breached, Vermont privacy debate, Qilin blames victims, posts data
Link to blog post This week's Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Bil Harmer, operating partner and CISO, Craft Ventures, also at wilharm3.com. Thanks to our show sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security Our listeners get...
CDK Global hacked again, LockBit activity, Kraken extorted for bug bounty
CDK Global gets hacked twice LockBit Activity on the rise Kraken extorted by security researcher Thanks to today's episode sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines.
Nvidia most valuable, Markopolo's meeting infostealer, Medibank MFA blame
Nvidia becomes world's most valuable company Markopolo scam delivers infostealer through fake meeting software Medibank hack blamed on MFA failure Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com.
AMD investigates breach after data for sale on hacking forum Qilin demands $50 million ransom from UK hospital Hackers derail Amtrak Guest Rewards accounts Thanks to today's episode sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories...
Snowflake breach escalates, MITRE has a memo for the president, Velvet Ant persists
Snowflake breach escalates with ransom demands and death threats MITRE has a memo for the president Velvet Ant maintains three-year cyber espionage campaign Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines.
CISA tabletop exercise, Keytronic confirms breach, Linux emoji malware
CISA leads first tabletop exercise for AI cybersecurity Keytronic confirms data breach after ransomware gang leaks stolen files New Linux malware controlled through Discord emojis Thanks to today's episode sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the...
Week in Review: New York Times theft, Club Penguin hack, NHS wants blood
Link to blog post This week's Cyber Security Headlines Week in Review is hosted byRich Stroffolino with guest Janet Heins, CISO, ChenMed and janetheins.com Thanks to our show sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off atVanta.com/headlines. All links and the...
Cyberinsurance claims increase, NATO's Russia vigilance, Remcos RAT phishing
Record high for North American cyber insurance claims NATO members to increase vigilance over Russian sabotage attempts Remcos RAT discovered inside UUEncoding emails Thanks to today's episode sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind...
Life360 faces extortion attempt, White House reports increase in federal attacks, Black Basta exploits zero-day flaw in windows
Life360 faces extortion attempt after Tile data breach White House report highlights increase in federal attacks Russian hacker with ties to LockBit and Conti gangs arrested Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines.
Snowflake hack update, BreachForums down again, Cylance data for sale
Pure Storage hacked via Snowflake workspace BreachForums down again and official Telegram channels deleted BlackBerry Cylance data up for sale Thanks to today's episode sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, visit...
Cyber assistance coming to rural hospitals UK and Canada launch investigation into 23andMe breach Mandiant and Snowflake sending out breach notices Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines.
Microsoft resets Recall, LastPass outage update, New York Times breach
Microsoft resets Recall plans LastPass says outage caused by bad Chrome extension update New York Times source code stolen using exposed GitHub token Thanks to today's episode sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind...
Link to blog post This week's Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Andrew Wilder, CISO, Community Veterinary Partners, also cybersecurityintheboardroom.com. Thanks to our show sponsor, Conveyor Why did the AI cross the road? To complete your security questionnaires for you. Conveyor, the company using market-leading AI to automate the entire security review, wants you to check them out and book a call so they can stop writing these cheesy podcast ads. If you're ready for AI to instantly complete security questionnaires for you, visit www.conveyor.com to try a free proof of concept....
FCC moves forward with BGP security, LockBit victims get lifeline, Gitloker attacks target GitHub repositories
FCC moves forward with BGP security measures LockBit ransomware gang victims get lifeline from FBI Gitloker attacks target GitHub repositories Thanks to today's episode sponsor, Conveyor Why did the AI cross the road? To complete your security questionnaires for you. Conveyor, the company using market-leading AI to automate the entire security review, wants you to check them out and book a call so they can stop writing these cheesy podcast ads. If you're ready for AI to instantly complete security questionnaires for you, visit www.conveyor.com to try a free proof of concept. Mention this podcast for 5 free questionnaire credits...
Psychology vs. threat actors, AI leveling up, Qilin hit Synnovis
US researches using psychology against threat actors AI leveling up unsophisticated threat actors London Hospital attacks linked to Qilin Thanks to today's episode sponsor, Conveyor Conveyor is the market leading AI-powered platform that automates the entire customer security review process from easily sharing your security posture and SOC 2 to letting AI answer security questionnaires instantly with 90% accuracy. Use Conveyor to fly through any customer security review in minutes. There's a reason our customers have dubbed Conveyor their 'favorite security tool of the year'. Test it out in a free proof of concept at www.conveyor.com and mention this podcast...
London hospitals hit by ransomware, Christie's stolen data sold, RansomHub claims Frontier breach
Ransomware attack forces London hospitals to cancel operations Christie's stolen data sold to highest bidder RansomHub claims responsibility for Frontier breach Thanks to today's episode sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click auto complete of your security questionnaires with AI. Teams like Lucid Software are finding in a free proof of concept that our AI is more accurate than the rest. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
Authorities unmask criminals behind malware loaders 3 billion records stolen from background check firm Creds for 361 million accounts added to HIBP Thanks to today's episode sponsor, Conveyor What are infosec teams measuring these days? More often than not, their impact on the business through revenue. A director of GRC told us the most direct value for their CEO was showing the efficiencies and the dollars that security has been able to bring in from enabling sales through the security review. See how best in class infosec teams measure their performance in Conveyor's ultimate guide to the security review KPIs...
Ticketmaster breached, Ticketek Australia breached, HHS notification change
Ticketmaster hack affects 560 million customers, third-party denied liability Australia's Ticketek sees customer details exposed in cyber security breach HHS changes tack, allows Change Healthcare to file breach notifications for others Thanks to today's episode sponsor, Conveyor Conveyor, the market-leading AI software for answering security questionnaires and securely sharing your security documents just released their ultimate guide to benchmarking your team's performance on customer security reviews. Get all of the detailed metrics and learn how best in class infosec teams measure and tie their impact to revenue. Download the report at www.conveyor.com by clicking on the banner at the top....
Week in Review: Arc launch sabotaged, Cencora health breach, BlackBasta's oil hit
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Dimitri Van Zantvliet, CISO, Dutch Railways Thanks to our show sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for...
Senator calls for UnitedHealth leadership to be held responsible Europol seizes 2,000 domains in dropper takedown Malware bricked over 600,000 routers Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to...
New NK hackers, Dutch bank breached, Wayback Machine attacked
New North Korean hacking group emerges Dutch bank ABN Amro discloses data breach Internet Archive, including Wayback Machine, impacted by DDoS Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to...
BreachForums returns, First American data breach, Chinese nationals sanctioned
BreachForums returns just weeks after FBI-led takedown First American data breach impacts 44,000 people Chinese nationals sanctioned for botnet that stole 'billions' in COVID-19 relief funds Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass...
New ransomware uses Windows BitLocker to encrypt victim data Sav-Rx discloses data breach impacting 2.8 million Americans New ATM malware poses significant global threat Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you....
Arc browser sabotaged, Cencora pharma breach, Albany County breach
Arc browser's Windows launch sabotaged by malvertising Cencora breach exposed patient info from 11 drug companies Albany County investigating cybersecurity breach ahead of holiday weekend Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for...
Week in Review: Healthcare admin breach, China and Rockwell fallout, Military cyber service
Link to blog post This week's Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Mike Lockhart, CISO, EagleView. Make sure also to check out Mike's charity, the Grady Foundation for mental, physical and economic health. You can learn more and donate here. Thanks to our show sponsor, Tines Break away from traditional SOAR with Tines. Trusted by security teams at McKesson, Canva, and Mars, Tines is scalable and accessible for the whole team. Use Tines to automate security team toil, enrich alerts with data from across your tech stack, and foster a culture of...
Chinese hack military, Search engine outage, Mattis speaks out
Chinese hackers hide on military and government networks for 6 years Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search Mattis speaks out against separate military cyber service Thanks to today's episode sponsor, Tines Break away from traditional SOAR with Tines. Trusted by security teams at McKesson, Canva, and Mars, Tines is scalable and accessible for the whole team. Use Tines to automate security team toil, enrich alerts with data from across your tech stack, and foster a culture of cybersecurity. Start building for free at tines.com/ciso For the stories behind the headlines, head to CISOseries.com.
NY Stock Exchange owner fined, $50 million towards hospital security, LockBit no longer reigns supreme
NY Stock Exchange owner fined $10 million by SEC US agency pledges $50 Million to automate hospital security LockBit no longer reigns supreme Thanks to today's episode sponsor, Tines Digital threats evolve rapidly, making it difficult for security teams to keep pace. Tines security automation is different from traditional SOAR -- it allows teams to move faster and make better decisions in real-time. Built by security practitioners, for security practitioners, Tines powers mission-critical security workflows at McKesson, Canva, and Mars. Start building for free at tines.com/ciso
UK ransomware reporting, Tech Against Scams, secure Windows 11 defaults
Brits to propose mandatory ransomware reporting Industry heavyweights launch Tech Against Scams Microsoft targets secure defaults in Windows 11 Thanks to today's episode sponsor, Tines Automate the toil with SOAR that actually works for your team. With Tines, your whole team can build complex workflows, without having to write or manage code. Security teams at McKesson, Canva, and Mars use Tines to build, run, and monitor their most important workflows, from endpoint detection and response, to vulnerability management. Start building for free at tines.com/ciso
Cyber service amendment, GetCaught abuses services, chatbot jailbreaks
Military cyber service proposal picks up steam Threat actors abusing legitimate services in campaign Chatbots susceptible to jailbreaks Thanks to today's episode sponsor, Tines Security teams work best when all members are empowered to do their best work. With Tines, analysts and engineers have everything they need to automate the processes they're closest to. The result? Hundreds or even thousands of hours that can be used on more impactful work. Built by security practitioners, for security practitioners. Get started today at tines.com/ciso
Grandoreiro Trojan reappears, Kimsuky's new backdoor, More healthcare breaches
Grandoreiro banking Trojan reappears, hits banks worldwide Kimsuky deploys new backdoor in latest attack on South Korea Healthcare breaches in Australia and Texas Huge thanks to this week's episode sponsor, Tines From endpoint detection and response to vulnerability management, Tines empowers security teams to automate even their most complex workflows. It's fast, flexible, and secure by design. Your team can get up and running in minutes, not weeks. No code. No custom development. The world's smartest security teams trust Tines to support their mission-critical processes. Learn why at tines.com/ciso For the stories behind the headlines, head to CISOseries.com.
Week in Review: Okta chief speaks, Volt typhoon threat, FBI siezes BreachForums
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Ryan Bachman, evp and global CISO, GM Financial Thanks to our show sponsor, vanta.com/ciso Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first...
Nissan NA breach, VMware Pwn2Own fix, GE Ultrasound flaws
Nissan North America breach impacts over 53,000 employees VMware fixes workstation flaws, thanks Pwn2Own hackers Security flaws discovered in GE Ultrasound machines Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso...
FBI seized BreachForums, Android threat detection, US AI investment
FBI seizes BreachForums Android getting live threat detection Senators recommend billions for AI investments Editor's note: post updated to fix audio issue Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso...
Singing River breach, D-Link exploit released, Google AI spots scams
Singing River patient data was swiped in ransomware attack PoC exploit released for D-Link router zero-day Google to use GenAI to help identify phone scams Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for...
FCC implements new classification, MITRE releases embedded devices framework, World renowned auction house attacked
FCC implements new classification to combat robocall groups MITRE releases threat-modeling framework for embedded devices World renowned auction house attacked ahead of mega-auction Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit...
Boeing confirms ransomware, Dell announces breach, Ascension Healthcare attacked
Boeing confirms $200 million ransomware extortion attempt Dell announces data breach affecting 49 million customers Ascension healthcare suffers cyberattack, goes offline Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to...
Week in Review: Neuberger's operational approach, LockBit is back, Fed's DMARC warning
Link to blog post This week's Cyber Security Headlines Week in Review is hosted by Rich Stroffolino with guest Sasha Pereira, CISO, WASH Thanks to our show sponsor, Vanta.com/ciso Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visitvanta.com/ciso...
F5 Big-IP warning, UK Army breach, BetterHelp pays out
F5 Networks warns of new Big-IP vulnerabilities UK armed forces' personal data hacked in MoD breach BetterHelp sends refund notices regarding data sharing lawsuit Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you....
Lockbit hit Wichita, AI export bans, Pathfinder on Intel
Lockbit takes credit for Wichita attack US looks at AI model export bans The Spectre of Pathfinder haunts Intel CPUs Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take...
LockBit ringleader indicted, DocGo cyberattack, UK military data compromise
US indicts LockBit ransomware ringleader DocGo discloses cyberattack that compromised patient health data Payroll data breach exposed data of UK military personnel Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso...
LockBit's website is back Germany takes action amid alleged Russian attack Chinese-linked ArcaneDoor targets global network infrastructure Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
Neuberger proposes improvements, Olympic cybersecurity preparations, Microsoft VPN warning
NSC's Neuberger suggests operational approach for on mitigating cyberattacks French cybersecurity teams prepare for "unprecedented" Olympic threat Feds warn about North Korean exploitation of improperly configured DMARC Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first...
Week in Review: Dropbox Sign breach, Cybersecurity consultant arrested, Ukraine Microsoft hack
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestPhil Beyer, former CISO, Etsy Thanks to today's episode sponsor, Dropzone.ai Dropzone.ai's AI Autonomous Analyst is transforming cybersecurity as we know it. By replicating the techniques of elite analysts and autonomously investigating every alert, our patented system force multiplies your SOC team by 10X without adding headcount. Experience the future of threat detection and response atdropzone.ai. Request a trial today! All links and the video of this episode can be found on CISO Series.com
Goldoon botnet exploits D-Link routers CISA adds Gitlab flaw to its KEV catalog Dropbox discloses breach of digital signature service Thanks to our episode sponsor, Dropzone AI Dropzone.ai's AI Autonomous Analyst is transforming cybersecurity as we know it. By replicating the techniques of elite analysts and autonomously investigating every alert, our patented system force multiplies your SOC team by 10X without adding headcount. Experience the future of threat detection and response at dropzone.ai. Request a trial today! For the stories behind the headlines, head to CISOseries.com.
Chinese disinformation, NCSC AMS, new State Secrets law
Chinese disinformation proving ineffectual NCSC release Advanced Mobile Solutions risk model China implements new State Secrets Law Thanks to our episode sponsor, Dropzone AI Cybersecurity leaders, are you being asked to leverage the power of Gen AI in your SOC? Dropzone.ai's AI Autonomous Analyst empowers your team to thoroughly investigate every alert. No playbooks, no code, just intelligent, adaptable alert investigation. Test drive on dropzone.ai to immediately see the results for yourself.
UnitedHealth Group CEO faces congress, U.S. wireless carriers face majors fine, Marriott backtracks protection claims
UnitedHealth Group CEO faces congress & cause of hack revealed Major U.S. wireless carriers face $200M FCC fine Marriott backtracks claims of encryption protection Thanks to our episode sponsor, Dropzone AI Dropzone.ai is proud to announce our selection as a Top 10 Finalist for the prestigious RSA Innovation Sandbox. Our AI Autonomous Analyst is revolutionizing the way SOC teams operate, replicating the techniques of elite analysts and autonomously investigating every alert. Meet us at RSAC and book a time at dropzone.ai.
USPS phishing, UK IoT law, industrial USB attacks
USPS phishing sites are popular UK bans bad IoT credentials USB malware attacks targeting industrial sites Thanks to our episode sponsor, Dropzone AI Attention cybersecurity professionals! Are you investigating 100% of the alerts from your IT and security systems? Dropzone.ai's AI Analyst autonomously investigates every alert without playbooks or code, enabling you to turn over every rock. Visit dropzone.ai to learn more and request a trial. Offload your tier-1 analysis to an AI analyst that never sleeps so you can.
Kaiser Permanente breach, DSH Safety Board, Okta stuffing attack
Kaiser Permanente website tracking tools may have compromised customer data DHS announces AI safety board Okta warns of "unprecedented" credential stuffing attacks on customers Thanks to our episode sponsor, Dropzone AI Introducing Dropzone.ai, the industry's first AI Autonomous SOC Analyst. Their patented LLM replicates the techniques of elite analysts, autonomously investigating every alert without playbooks or code. Force multiply your SOC team by 10X without adding headcount. Visit dropzone.ai to request a trial and experience the power of AI-driven cybersecurity. For the stories behind the headlines, head to CISOseries.com.
Week in Review: GitHub comments abused, networkless" attack techniques, Police bodycam AI reports
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestChristina Shannon, CIO,KIK Consumer Products Thanks to our show sponsor, Veracode Get ready to experience the future of application security at RSAC 2024 withVeracode. Join us as we unveil cutting-edge innovations and insights to tackle today's most pressing security challenges. From live demos showcasing our newest products to engaging discussions with industry experts. See you at RSAC! All links and the video of this episode can be found on CISO Series.com
Google postpones cookies, Brocade vulnerability warning, ICICI card gaffe
Google postpones third-party cookie deprecation Brocade SAN appliances and switches exposed to hacking ICICI Bank exposes credit cards to wrong users Thanks to this week's episode sponsor, Veracode Don't miss out on this opportunity to elevate your cybersecurity strategy. Build and scale secure software from code to cloud with speed and trust. Visit our booth #2045 at RSAC 2024 to discover how Veracode is shaping the future of Application Security in the AI era. For the stories behind the headlines, head to CISOseries.com.
Chinese keyboard flaws, hacked news story, TikTok on the clock
Chinese keyboard app flaws exposed Threat actors plant fake assassination story ByteDance on the clock to divest TikTok Thanks to this week's episode sponsor, Veracode Research reveals AI-generated code mirrors human-written code's security flaws. Even seasoned programmers struggle to spot errors, with incorrect AI-generated answers abound. Veracode knows the stakes. While AI accelerates coding, relying on hunches won't suffice. Trust multi-faceted, data-driven insights to mitigate risk from the start. Don't compromise on security. Choose Veracode, your security partner in the AI-driven era of development.
Iranian hackers charged, Siemens fixing Palo bug, Russia hacks water plant
Iranian nationals charged with hacking U.S. companies and agencies Siemens working to fix device affected by Palo Alto firewall bug Russian hackers claim cyberattack on Indiana water plant Thanks to this week's episode sponsor, Veracode Are you truly listening to both your security and development teams? Make informed decisions with Veracode. Our developer-friendly security tools integrate with your existing tech stack to secure code from the start. Bridge the gap between security and development for more efficient operations and stronger defenses. Visit veracode.com for a collaborative approach to security. For the stories behind the headlines, visit CISOseries.com.
TikTok ban update, Sandworm hits Ukraine, North Korean streaming animators
TikTok ban passes the US House Sandworm targets critical Ukrainian orgs North Koreans animating streaming shows Thanks to this week's episode sponsor, Veracode AI coding companions assist in generating high-quality code snippets, while Veracode swoops in to conduct thorough security assessments, identifying and fixing vulnerabilities quickly. With this dynamic duo, developers can innovate with confidence, knowing their code is both efficient and secure. Secure more code with Co-Pilot or any AI coding companion and Veracode. We'll be your wingman anytime.
RedLine stealer GitHub connection MITRE's breached was through Ivanti zero-day vulnerabilities Researchers find dozens of fake E-ZPass toll websites following FBI warning Thanks to this week's episode sponsor, Veracode Imagine your intelligent coding companion, backed by the robust security expertise of Veracode. Together, we form the ultimate duo, empowering developers to write better code while ensuring it's secure from the get-go. Learn more at RSAC 2024 with Veracode. For the stories behind the headlines, head to CISOseries.com
Week in Review: Cisco MFA breach, Bad bots surge, Microsoft mail breach fallout
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestDan Walsh, CISO,Paxos Thanks to our show sponsor, Conveyor Happy Friday! Are you tired of hearing about Conveyor's AI security review automation software? We'll stop talking about it if you book a call. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com. Don't forget to mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. All links and the video of this episode can be found on CISO Series.com
LabHost police bust, Michigan healthcare attack, Windows Fibers vulnerability
Police bust reveals sophisticated phishing-as-a-service platform Overlooked Windows Fibers offer handy route for malicious payload deployment Michigan healthcare organization suffers data breach Thanks to today's episode sponsor, Conveyor Happy Friday! Are you tired of hearing about Conveyor's AI security review automation software? We'll stop talking about it if you book a call. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com. Don't forget to mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. For the stories behind the headlines, head to CISOseries.com.
Water utility threats, GPT-4 hacking, SIM swap solicitation
Sandworm-linked group tied to attack on water utilities GPT-4 reads security advisories Cell carrier workers solicited for SIM swaps Thanks to today's episode sponsor, Conveyor Conveyor is the market leading AI-powered platform that automates the entire customer security review process from sharing your security posture and SOC 2 in a single portal to using that same information to automate answering security questionnaires with 90% accuracy. Use Conveyor to fly through any customer security review in minutes. It might sound like every other software claim out there, but there's a reason our customers have dubbed Conveyor their 'favorite security tool of...
Cisco MFA breach, Bad Bots surge, LockBit 3.0 propagates
Cisco announces breach of multifactor authentication message provider Bad bots drive 10% annual surge in account takeover attacks LockBit 3.0 variant generates custom, self-propagating malware Thanks to today's episode sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires with AI so you can spend almost zero time on the manual tasks that make you want to cry into your laptop. Teams like Lucid Software are finding in a free proof of concept that our AI is better than the rest. Learn more at...
Threads out in Turkey, Palo Alto backdoor, Microsoft' security overhaul
Meta to close Threads in Turkey Palo Alto fixes backdoor zero-day Details on Microsoft's security overhaul Thanks to today's episode sponsor, Conveyor What are infosec teams measuring these days? More often than not, their impact on sales. As infosec teams become hands on in the sales cycle, proving your value becomes key. A director of GRC said last week that the most direct value for their CEO was showing the efficiencies and the dollars that security has been able to bring in from enabling sales. See these trends and more in Conveyor's '2024 State of the Security Review" report at...
U.S. surveillance reauthorization, Roku breach update, Microsoft breach exposed agencies
House passes reauthorization of U.S. surveillance program Roku says 576,000 accounts compromised in latest security breach Microsoft breach exposed federal agencies Thanks to today's episode sponsor, Conveyor It's Conveyor again, the market-leading AI software for answering security questionnaires and securely sharing your security posture and documents. Conveyor's 'State of the Security Review" report for 2024 was just released and it's all about what the "new era" of infosec holds. Learn how positioning security and compliance early in the sales cycles increases win rates by 42% and what infosec teams need to prepare for as they move closer to the sales...
Week in Review: Government hospital warning, Sisence breach, Financial firms lose $12b
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestMike Levin, deputy CISO,3M Thanks to our show sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated fast. WithVanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta's market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and...
Palo Alto Networks fixes several DoS vulnerabilities in PAN-OS operating system Sisense breach exposes customers to potential supply chain attack Threat actors gaming GitHub Search Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta's market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora...
CISA expands automated malware analysis US Cyber Command launched "hunt forward" missions Spectre v2: Linux Boogaloo CHECK OUT Capture the CISO season 2 here. Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta's market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use...
Ukraine cyber head suspended, LG TV vulns, Microsoft exposed passwords
Ukraine's head of cybersecurity suspended and assigned to combat zone Over 90,000 LG Smart TVs exposed to remote attack Microsoft exposed internal passwords in security lapse Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta's market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and...
Cyberattack impacts vet firm, data privacy bill movement, DOJ hack exposes thousands
Cyberattack causes major disruptions for UK vet firm Data privacy bill pushes forward with bipartisan support Department of Justice hack exposes hundreds of thousands Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta's market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use...
Hospital hack warning, Five Eyes follow-up, NYC municipal hack
Government warns hospitals of hackers targeting IT help desks U.S. government contractor Acuity responds to alleged Five Eyes breach New York City becomes latest in municipal government hack attempts Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta's market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian,...
Week in Review: Five Eyes breach, Microsoft's Chinese hack response, AT&T customer breach
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byDavid Sparkwith guestSteve Gentry, Advisor,Clari Thanks to our show sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta's market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security...
Five Eyes breach, cancer center breach, Pixel zero-day flaw
Classified Five Eyes data theft announced Cancer center data breach affects 800,000 Android Pixel phone zero-day flaws being exploited by forensic companies Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta's market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to...
Microsoft security failings, NIST NVD backlog, Chrome DBSC beta
Report criticizes Microsoft's Chinese hack response NIST needs help with vulnerability backlog Chrome tests feature to prevent session hijacking Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta's market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and...
Cyber incident reporting rule, Google blocks spoofed emails, PandaBuy breach
CISA releases draft rule for cyber incident reporting Google now blocks spoofed emails for better phishing protection Breach at online shopping platform PandaBuy affects 1.3 million customers Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta's market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health,...
Google to delete Incognito tracking data Hallucinated software packages as a security vulnerability FCC investigating phone infrastructure security Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta's market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove...
AT&T data leak, Linux backdoor discovery, DHS phone data policy
Data of 73 million AT&T customers leaked on dark web Accidental Linux backdoor discovery likely prevented thousands of infections DHS expected to stop buying access to your phone info Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta's market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian,...
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestYaron Levi, CISO,Dolby, andsageinsights.io Thanks to our show sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis' free data risk assessment. It takes minutes to set up and in 24 hours you'll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. All links and the video of this episode can be found on CISO Series.com
17 billion records exposed, Treasury FinSec warning, Hot Topic attacks
17 billion personal records exposed in data breaches in 2023 U.S. Treasury warns financial sector about AI cybersecurity threats Retail chain Hot Topic hit by new credential stuffing attacks Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis' free data risk assessment. It takes minutes to set up and in 24 hours you'll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
Spyware fuels rise in zero-day exploits CISA warns about Microsoft SharePoint vulnerability Facebook snooped on encrypted Snapchat traffic Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis' free data risk assessment. It takes minutes to set up and in 24 hours you'll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries.
APT31 targets families, UK newspaper attacked, Apple MFA bombing
APT31 targeting family members to surveil targets Ransomware gang attacks UK newspaper supporting the homeless MFA bombing attacks target Apple users Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis' free data risk assessment. It takes minutes to set up and in 24 hours you'll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. For the stories behind the headlines, visitCISOseries.com.
EU targets tech giants, China bans US tech, US cyber force
EU targets tech giants with DMA China starts US tech ban in government Think tank calls for US military cyber service Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis' free data risk assessment. It takes minutes to set up and in 24 hours you'll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries.
New Kimsuky technique, KDE Linux warning, Atlassian critical flaws
Kimsuky turns to compiled HTML Help files for cyberattacks KDE issues warning after theme wipes Linux user's files Critical flaw in Atlassian Bamboo data center and server must be fixed immediately Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis' free data risk assessment. It takes minutes to set up and in 24 hours you'll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
Week in Review: McDonald's outage explained, SIM swap fraud, spyware agreement support
Link to blog post This week'sCyber Security Headlines Week in Review, is hosted byRich Stroffolinowith guest Gerald Auger Ph.D., Chief Content Creator,Simply Cyber Thanks to our show sponsor, Vanta Managing the requirements for modern security programs is increasingly challenging. Vanta's trust management platform helps you quickly assess risk, streamline security reviews, and automate compliance for SOC 2, ISO 27001, HIPAA, and more. Plus, you can save time by completing security questionnaires with Vanta AI. Join over 7,000 global companies that use Vanta to automate evidence collection, unify risk management, and secure customer trust. To learn more, go to vanta.com/ciso All...
Microsoft Server crashes, npm package discrepancies, Nemesis marketplace raided
Microsoft confirms Windows Server issue behind domain controller crashes Over 800 npm packages found with discrepancies Nemesis darknet marketplace raided in Germany-led operation Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to...
Water task force, Loop DoS attacks, GitHub vulnerability fixer
US plans Water Sector Cybersecurity Task Force Loop DoS attack exploits the infinite regress of UDP GitHub tool uses AI to fix vulnerabilities Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to...
Mid-stream ESports hack, System glitch costs millions, LockBit reemerges with vengeance
Mid-stream hack postpones ESports league Bank loses $40 million after "systems glitch" LockBit reemerges with vengeance Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
Change Healthcare payout, FTC probe into Reddit, Japanese tech giant breached
UnitedHealth fronts over $2 billion in recovery efforts Spyware agreement gains more international support FTC probes Reddit's AI data licensing ahead of IPO Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to...
Global McDonald's outage blamed on third-party vendor, not cyberattack Google adds real-Time URL protection for Chrome Network outages hit Birmingham Alabama Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and...
Week in Review: Russian Microsoft exfiltration, JetBrains Rapid7 feud, Change Healthcare fallout
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestAlexandra Landegger, Executive Director and CISOCollins Aerospace Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and...
Change Healthcare fallout, Fortinet SQL warning, Yacht company breach
Change Healthcare - AHA asks for aid, HHS questions HIPAA compliance Fortinet warns of severe SQLi vulnerability in FortiClientEMS software Yacht company MarineMax announces cyberattack Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more,...
Researchers find vulnerabilities in Gemini New York Times denies it "hacked" OpenAI for lawsuit Leaked GitHub secrets up 28% Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their...
LockBit claims hack, CISA understaffed, US and Russia election concerns
LockBit takes credit for hacking South African pension fund CISA's OT attack response team understaffed US and Russia accuse each other of potential election cyberattacks Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more,...
Roku forces reset, French agencies targeted, Fintech firm taken offline
Roku forces reset after 15,000 accounts compromised French government agencies targeted in "unprecedented" attacks Fintech firm taken offline by ransomware attack Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and...
Microsoft breach update, CISA flags JetBrains, ChatGPT creds sale
Microsoft says Russian hackers breached its systems, accessed source code CISA adds JetBrains TeamCity bug to its KEV catalog Over 225,000 compromised ChatGPT credentials for sale Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn...
Week in Review: German Webex gaffe, Google engineer indicted, Cloudflare's AI firewall
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestDavid Cross, SVP/CISO,Oracle. Also check out David's travel blog, DavidCrossTravels.com Thanks to our show sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires in OneTrust so you can spend almost zero time on the manual tasks that make you want to throw your computer out the window. Teams are finding in a free proof of concept that our AI is better than the rest. Learn more atwww.conveyor.com. Mention this...
FlipperZero attacks Teslas, Google engineer indicted, PetSmart attack warning
Flipper Zero WiFi attack can unlock and steal Tesla cars Former Google engineer indicted for stealing AI secrets for Chinese companies PetSmart warns customers of credential stuffing attack Thanks to today's episode sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires in OneTrust so you can spend almost zero time on the manual tasks that make you want to throw your computer out the window. Teams are finding in a free proof of concept that our AI is better than the rest. Learn...
Online fraud hits record losses, states urge Meta to crack down on scammers, Apple issues update for zero-day flaw
Online fraud hits record losses States urge Meta to crack down on scammers Apple issues update for zero-day flaw Thanks to today's episode sponsor, Conveyor Happy Thursday. Are you tired of us talking about how Conveyor's AI security review automation software? We'll stop talking about it if you come talk to them. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com. Don't forget to mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. For the stories behind the headlines, head to CISOseries.com.
US cyber strategy update, spyware sanctions, ALPHV exits
US cybersecurity strategy update on the way US Treasury issues first spyware sanctions UK denies responsibility for ALPHV takedown Thanks to today's episode sponsor, Conveyor Conveyor is the only GPT-powered customer trust portal that automates the entire customer security review process from sharing your security posture and documents in a single portal to automating security questionnaire responses with 90% accuracy so you can fly through any customer security review in minutes. It might sound like every other compliance software claim out there, but there's a reason our customers have dubbed Conveyor their 'favorite security tool of the year'. Test our...
North Korea semiconductor hacks, ALPHV goes dark, China AI vouchers
North Korea targets semiconductor industry ALPHV infrastructure goes dark China to offer computing vouchers to AI startups Thanks to today's episode sponsor, Conveyor AI is getting pretty smart so you shouldn't settle for mediocre security questionnaire automation software that only generates the right answer 20 to 50 percent of the time or have to wait a day for the vendor's team to check the answers. Conveyor's security questionnaire automation tool not only boasts industry leading AI accuracy reducing time spent on security reviews by 80%, but now also autofills in OneTrust portal questionnaires with a single click. Trying a proof...
NSO code verdict, Change Healthcare fallout, law firm breach
NSO Group to ordered to give Pegasus code to WhatsApp Change Healthcare confirms BlackCat, Schumer asks for aid Law firm announces data breach affecting 325,000 people Thanks to today's episode sponsor, Conveyor We've got a returning sponsor this week Conveyor. They're the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires in OneTrust so you can spend almost zero time on the manual tasks that make you want to throw your computer out the window. Teams are finding in a free proof of concept that their AI is...
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestRuss Ayres, SVP of Cyber & Deputy CISO,Equifax Thanks to our show sponsor, Egress People are the biggest risk to your organization's security, and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security...
Cencora pharma breach, Gen-AI explodes BEC, Chinese doorbell warning
Pharma giant Cencora announces data breach GenAI drives surge in BEC attacks Popular video doorbell easy hijacked Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email...
EO limits PII, Australia's espionage struggle, Lazarus zero-day
Biden signs order limiting the sale of personal data Australia claims its seeing unprecedented "foreign interference" Lazarus Group targeting Windows and PyPi Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security...
NIST framework 2.0, Optum linked to BlackCat, ScreenConnect exploitations continue
NIST releases cybersecurity framework 2.0 Optum attack linked to BlackCat ransomware ScreenConnect exploitations continue Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure...
SolarWinds attackers changing tactics Brand domains used in spam operation Steel giant hit with cyberattack Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your...
British police taunt LockBit administrator PayPal files patent for new stolen cookies detector Vending machine crash reveals face recognition tech Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and...
Week in Review: LockBit gets bitten, airline bot gaffe, exploding car keys
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestThom Langford, CISO,Velonetic Thanks to our show sponsor, Conveyor Conveyor AI is so good, it can now autofill OneTrust portal questionnaires in one click. Yes, we've been talking about it all week. Conveyor's security questionnaire automation tool not only boasts industry leading AI accuracy, but now fills in One Trust portals with a single click. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. All...
LockBit was building next gen encryptor before takedown Thousands of wireless customers suffer outage Prescription delays due to Change Healthcare cyberattack Thanks to today's episode sponsor, Conveyor Conveyor, the security questionnaire automation software one of their customers dubbed "my favorite security tool of the year", is now even better.They've upgraded our browser extension for portal-based questionnaires and it can now autofill OneTrust portal questionnaires in one click.You can test the AI in a free proof of concept at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at...
LockBit gang doesn't keep its word, the LockBit bounty, White House tackles U.S. maritime threats
Thanks to today's episode sponsor, Conveyor Happy Thursday. Are you tired of us talking about how Conveyor's AI can now autofill OneTrust security questionnaires in one-click? Well, we'll stop talking about it if you come talk to them. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept by booking a demo at www.conveyor.com. And mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
LockBit update, Signal usernames, NSA Cyber Director retires
LockBit takedown update Signal now lets users keep phone numbers private NSA Cybersecurity Director Rob Joyce to retire Thanks to today's episode sponsor, Conveyor No more portal scaries.Conveyor just launched AI autofill of OneTrust portal questionnaires. That means no more clicking question-by-question to copy-paste each answer when a customer sends you a OneTrust security questionnaire. Conveyor's AI will read and autofill the whole page for you. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind...
LockBit disrupted by global police operation Cactus leaks Schneider Electric data on dark web ALPHV gang takes credit for LoanDepot, Prudential attacks Thanks to today's episode sponsor, Conveyor Conveyor, the security questionnaire automation software one of our customers dubbed "my favorite security tool of the year", is now even better.They've upgraded their browser extension for portal-based questionnaires and it can now autofill OneTrust portal questionnaires in one click.You can test the AI in a free proof of concept at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines...
Chrome protects home, Zeus mastermind guilty, airline chatbot gaffe
Google Chrome feature blocks attacks against home networks Mastermind behind Zeus and IcedID malware pleads guilty Air Canada must honor refund invented by its chatbot, says court Thanks to today's episode sponsor, Conveyor Conveyor AI is so good, it can now autofill OneTrust portal questionnaires in one click. Yes, you heard us right. Conveyor's security questionnaire automation tool not only boasts industry leading AI accuracy, but now fills in One Trust portals with a single click. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits...
Week in Review: LLMs improve cyberattacks, Rhysida gets decrypted, US Blackcat bounty
Link to blog post This week's Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Trina Ford, CISO, iHeartMedia Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go...
Microsoft zero-day warning, Neuberger addresses Munich, trojan steals faces
Microsoft warns of new Exchange Server zero-day Neuberger: Pace of ransomware takedown operations isn't enough Gold Pickaxe malware steals your face Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and...
Trans-Northern Pipelines confirms cyberattack Threat actors using LLMs to improve cyberattacks Email provider published internal emails in plain text Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their...
Prudential data breached, Facebook Marketplace leak, BoA 3rd party breach
Prudential Financial data breached in cyberattack Facebook Marketplace user records leaked on hacking forum Bank of America customers at risk after third party breach Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go...
Repository framework, Romanian healthcare attack, Ivanti backdoored
CISA releases repository security framework Ransomware takes down Romanian healthcare management system Ivanti flaw used to deploy backdoor Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute...
Raspberry Robin warning, Hyundai ransomware attack, Cisco job cuts
Raspberry Robin a new one-day exploit targeting Windows Hyundai Europe suffers Black Basta ransomware attack Cisco to cut thousands of jobs as it focuses on high growth areas Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk....
Week in Review: Volt Typhoon warning, Cloudflare's nation-state breach, $25 million deepfake
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestDoug Mayer, vp, CISO,WCG Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute...
Volt Typhoon warning, Cisco fixes Expressway, credit union theft
CISA, FBI issue sobering warning about Volt Typhoon Cisco fixes critical Expressway flaws 3 million records from thousands of credit unions exposed Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso...
CISA collaboration initiative on thin ice Iran focusing cyber efforts Ransomware payments cross $1 billion in 2023 Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product...
United front against spyware, spyware to blame for most Google zero-days, insider data breach hits Verizon
Tech giants and world govs unite to tackle spyware threats Spyware vendors to blame for most Google zero-days Insider data breach hits almost half of Verizon's employee base Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vantais the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner withVantato automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more,...
Spoutible API Leak, Fake IDs at scale, Sudo Windows
Spoutible API vulnerability leaks user data Illicit service cranks out fake IDs Sudo coming to Windows Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo....
Cloudflare announces nation-state level breach AnyDesk says hackers breached production servers, reset passwords Chicago children's hospital announces cyberattack Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute...
Week in Review: Microsoft email explanation, Brazilian banking trojan, Mercedes GitHub error
Link to blog post Cyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestMary Rose Martinez, vp, CISOMarathon Petroleum Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their...
FBI Director's warning, Apple flaw warning, Pentagon supplier breach
FBI director warns of Chinese hacker threat to U.S. critical infrastructure CISA warns of exploited Apple flaw Pentagon Intelligence supplier allegedly hacked Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso...
Volt Typhoon takedown, refusing ransoms, Binance's big leak
FBI grounds Volt Typhoon More companies refuse to pay ransoms Binance internal info exposed on GitHub Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo....
Mercedes-Benz leak, Juniper Networks patch, ZLoader is back
Mercedes-Benz exposes sensitive data, source code Juniper Networks issues out-of-band fix for high severity flaws New ZLoader malware, now with 64-bit Windows compatibility Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to...
Microsoft takes another hit, Energy giant hit by ransomware, the NSA is secretly buying your data
Microsoft takes another hit Energy giant hit by ransomware The NSA is secretly buying your data Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo....
Urgent patch alert for Jenkins Cisco flaw exposes Unified Comms systems Pro-Ukraine hackers wipe 2 petabytes of data from Russian intelligence center Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso...
Week in Review: TeamViewer still abused, ransomware's hidden costs, X supports passkeys
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guest Mike Kelley, vp, CISO,The E.W. Scripps Company and partner, OTAWireless.com. Thanks to our show sponsor, Conveyor Conveyor, the security questionnaire automation software known for generating the most accurate AI answers to questionnaires is launching a much-requested feature. Conveyor's AI can now use uploaded security documents like a SOC 2 and security policy whitepapers to auto-generate precise answers to entire questionnaires in seconds. See why customers like Lucid and Carta are raving about the software and try the AI yourself in a free proof of concept...
Hewlett Packard breach, exposed API study, Ukraine infrastructure attacks
Hewlett Packard Enterprise (HPE) attacked through Microsoft 365 email system Study reveals 18,000 exposed API secrets, including $20 million in vulnerable Stripe tokens Ukrainian energy, postal, and transportation services hit by cyberattacks Thanks to today's episode sponsor, Conveyor Conveyor, the security questionnaire automation software known for generating the most accurate AI answers to questionnaires is launching a much-requested feature. Conveyor's AI can now use uploaded security documents like a SOC 2 and security policy whitepapers to auto-generate precise answers to entire questionnaires in seconds. See why customers like Lucid and Carta are raving about the software and try the AI...
EquiLend offline, AI fueling ransomware, "mother of all breaches"
Cyberattack knocks EquiLend offline Brits warn of the AI impact on ransomware Data leak claims to hold over 26 billion records Thanks to today's episode sponsor, Conveyor Conveyor, the security questionnaire automation software one of our customers dubbed "my favorite security tool of the year", is now even better. How? Conveyor's AI can now use uploaded security documents like a SOC 2 or security policy document to auto-generate precise answers to entire security questionnaires in seconds. You can test the AI in a free proof of concept at www.conveyor.com.
CISA boss swatted, Subway investigates LockBit, Australia sanctions hacker
CISA boss targeted in "harrowing" swatting attack Subway puts a LockBit investigation on the menu Australia sanctions REvil hacker behind Medibank data breach Thanks to today's episode sponsor, Conveyor Ever wish AI could auto-generate answers to security questionnaires for you just based on your SOC 2 or other documents? Spoiler alert - it can and you can now try it for free with Conveyor's AI security questionnaire automation software. Set up takes a few seconds. Get a free Conveyor account and simply upload your security documents. Then, upload a new questionnaire to see AI generate answers in seconds based on...
Thailand's data leak, CISA's Ivanti order, security funding drips
Thailand court attempts to suppress data leak CISA issues emergency directive on Ivanti zero-days Cybersecurity startup funding down 50% Huge thanks to our episode sponsor, Conveyor What's worse than a last minute security questionnaire in your inbox? Having to maintain a thousand question and answer pairs to use to respond to a questionnaire. Now, Conveyor's AI security questionnaire automation software can use security documents like a SOC 2 and a pared down question and answer bank to auto-generate precise answers to entire questionnaires in seconds. Try a free proof of concept today at www.conveyor.com.
Russia Microsoft breach, JPMorganChase hacking increase, TeamViewer still abused
Russian hackers breach Microsoft executive emails to learn about themselves JPMorgan Chase says hacking attempts are increasing TeamViewer still being abused to breach networks in new ransomware attacks Thanks to today's episode sponsor, Conveyor AI can now literally answer any question in seconds, yet infosec teams are still in a living nightmare manually filling out questionnaires. Conveyor AI's can now use your uploaded security documents to auto-generate precise answers to entire questionnaires. The software one of our customers dubbed "my favorite security tool of the year" in 2023 has gotten even better and it takes just minutes to get started....
Week in Review: SEC X breach, pwned highlights leak, Kyivstar attack cost
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestJerich Beason, CISO,WM Thanks to our show sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy's automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That's SavvyIdentity-First SaaS Security. Learn more at savvy.security/headlines. All links and the video of this episode can be...
Atlassian Jira outage, iPhone spyware solution, Russia's Europe espionage
Atlassian outage briefly affected multiple cloud services iShutdown helps discover spyware on iPhones Russian state hackers COLDRIVER deploy malware in European espionage campaign Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy's automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That's SavvyIdentity-First SaaS Security. Learn more at savvy.security/headlines. For the stories behind...
Drone threats, PixieFail firmware, HIBP dataset
Chinese drones considered national security threat PixieFail could spell trouble for cloud providers Have I Been Pwned adds "statistically significant" data leak Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy's automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That's SavvyIdentity-First SaaS Security. Learn more at savvy.security/headlines.
Google patches zero-day, Citrix zero-day warning, Phemedrone stealer warning
Google patches first Chrome zero-day vulnerability of the year Urgent warning from Citrix to patch two zero-day vulnerabilities New malware strain persists despite patch Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy's automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That's SavvyIdentity-First SaaS Security. Learn more at savvy.security/headlines.
Turkey blocks some VPNs OpenAI publishes election guidance Spanish municipality faces stiff ransomware demand Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy's automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That's SavvyIdentity-First SaaS Security. Learn more at savvy.security/headlines.
Water nonprofit targeted, Denmark energy update, SEC X update
Ransomware gang targets clean water nonprofit Denmark energy sector attacks likely not Sandworm after all SEC says X account breach did not lead to further breaches Thanks to our episode sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy's automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That's SavvyIdentity-First SaaS Security. Learn more at savvy.security/headlines. For...
Week in Review: Merck settles NotPetya, Google accounts hacked, GitHub abuse rises
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestAllan Cockriel, Group CISO,Shell Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta's platform firsthand and access resources plus a...
Ivanti zero-day, Akira targets backups, school data exposed
Ivanti VPN hit by zero-days Akira targeting backups Sensitive school data accidentally exposed online Remember to subscribe to the Cyber Security Headlines newsletter here. Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta's platform...
Texas healthcare breach, enormous Brazil leak, Tortilla decryptor released
Texas healthcare provider suffer data breach Entire population of Brazil possibly exposed in data leak Decryptor for Tortilla ransomware released Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta's platform firsthand and access resources...
Bitcoin price spikes after SEC Twitter account hijack Twitter account hijack wave affects Mandiant China claims it cracked Apple AirDrop Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta's platform firsthand and access resources...
google hacked, loanDepot attacked, Netgear compromised
Google accounts hacked: No passwords required loanDepot joins growing list of US mortgage lenders attacked Netgear and Hyundai's X accounts latest to be compromised in crypto scam Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To...
Merck and its insurers settle $1.4 billion NotPetya case BreachForums admin Popompurin breaches terms of pretrial freedom Iranian crypto exchange Bit24.cash accidentally exposes customer data Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta's...
Week in Review: Hospitals sue cloud, Google settles Incognito, ransomware payment ban
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestJohna Till Johnson, CEO,Nemertes, and podcaster atHeavy Strategy. Thanks to our show sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visitnetspi.com/ASM All links and the video of this episode can be found on CISO Series.com
Mandiant Twitter hack, breach firm breached, Spanish mobile attacked
Mandiant Twitter account restored after crypto scam hack Law firm that handles data breaches hit by data breach Spanish mobile carrier suffers outage after account takeover Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more. For the stories behind the headlines, head to...
Ransomware bans, voice cloning contest, slow data exports
A call for formal ban on ransomware payments FTC asks for ideas to fight voice cloning Cyberattack impacts French township Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more.
Google $5 billion suit settled, Orbit Chain loses $80M, FDA cyber agreement
Google settles $5 billion 'incognito mode' lawsuit Over $80 million in crypto stolen from Orbit Chain Watchdog calls for updated medical device cyber agreement Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more. Take the hassle out of dealing with alert fatigue, validation,...
Sweden grocer cyberattack, Black Basta flaw, Boston hospital cyberattack
Swedish national grocer stung by Cactus Flaw in Black Basta decryptor allows recovery of victims' files - temporarily Cyberattack hist Boston area hospital Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more. For the stories behind the headlines, head to CISOseries.com.
German hospital ransomware, Ohio Lottery attacked, First American update
LockBit hits German hospital system over the holidays Ohio Lottery cyberattack claimed by DragonForce First American says funds are secure Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin the holidays again this year! Prepare and spread holiday cheer with recoverfromransomware.com! The trusted DFIR experts at Barricade Cyber Solutions have saved 3,000 and counting businesses from ransomware attacks, including small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and systems recovery. Book a meeting directly with the CEO to discover how to recover from ransomware. Visit recoverfromransomware.com. For the stories behind...
Barracuda backdoors, undocumented iPhone hardware, NYT sues OpenAI
Threat actors install backdoor on Barracuda appliances iPhone triangulation exploit used undocumented features New York Times starts the publisher LLM lawsuits Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin the holidays again this year! Prepare and spread holiday cheer with recoverfromransomware.com! The trusted DFIR experts at Barricade Cyber Solutions have saved 3,000 and counting businesses from ransomware attacks, including small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and systems recovery. Book a meeting directly with the CEO to discover how to recover from ransomware. Visit recoverfromransomware.com.
National Amusements breached, Rockstar game leak, LoanCare parent hacked
CBS and Paramount owner hacked a year ago Rockstar Games allegedly suffers source code leak LoanCare says 1.3 million people affected by cyberattack Thanks to today's episode sponsor, Barricade Cyber Solutions When you're hit with ransomware, remember recoverfromransomware.com. Barricade Cyber Solutions' experienced DFIR team is ready to help your business recover from ransomware now. You'll work directly with the CEO to resolve your case quickly and efficiently. Whether you're experiencing a ransomware attack or want to get ahead of one by discussing a prevention plan, contact Barricade Cyber Solutions at recoverfromransomware.com. For the stories behind the headlines, visit CISOseries.com.
First American cyberattack, Iran APT campaign, ransomware victims spike
First American suffers cyberattack, website down Iran-linked group targets defense contractors worldwide November saw record numbers of ransomware leak site victims Thanks to today's episode sponsor, Barricade Cyber Solutions Encountering a ransomware attack? Keep cool and reach out to Barricade Cyber Solutions, the trusted DFIR experts. Barricade is known for helping small and medium businesses just like yours restore their business data and successfully recover from ransomware. Escape the ransomware nightmare and bring your business back online now. Contact Barricade Cyber Solutions today at recoverfromransomware.com. That's recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
HCL investigates ransomware, Agent Tesla returns, JavaScript bank malware
Indian tech company HCL investigating ransomware attack Agent Tesla and an old Microsoft Office vulnerability create new problems New JavaScript malware targets banks Thanks to today's episode sponsor, Barricade Cyber Solutions Is ransomware affecting your business operations? Contact Barricade Cyber Solutions at recoverfromransomware.com. Barricade Cyber Solutions are elite DFIR experts who come to the rescue for businesses like yours daily. The trusted team at Barricade Cyber traces the source of infiltration and fortifies your defenses. Depend on Barricade Cyber Solutions for your data and system security prevention and recovery. Go to recoverfromransomware.com and set up a time to connect with...
BlackCat is back, CSAM in AI data, ESO breach
BlackCat came back Child abuse images found in AI datasets ESO solutions breach impacts million Thanks to today's episode sponsor, Barricade Cyber Solutions Has your organization fallen victim to ransomware? Remain calm and head over to recoverfromransomware.com. Barricade Cyber Solutions is the "go-to" for ransomware recovery services that small to medium business executives can trust. Over the past 5 years, Barricade Cyber Solutions has saved 3,000+ businesses in your shoes. Trust the elite DFIR team at Barricade Cyber Solutions with your data and system security recovery. Book a free consultation with the CEO at recoverfromransomware.com now.
FBI disrupts BlackCat, International operation nabs thousands, Sony data leak
FBI disrupts BlackCat ransomware network International operation arrests thousands of cybercriminals Sony's video game plans leaked by ransomware group Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin your holiday. Remember to visit recoverfromransomware.com! Barricade Cyber Solutions are THE trusted DFIR experts, and they've saved 3,000 and counting businesses from ransomware attacks, small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and security systems recovery. Book a meeting directly with the CEO to discuss securing your future today. Head over to recoverfromransomware.com to learn more. For the stories behind the headlines,...
Play ransomware warning, QakBot is back, Mr. Cooper hack
Play ransomware is no game The return of QakBot Hacking with Mr. Cooper Huge thanks to our sponsor, Barricade Cyber Solutions Facing a ransomware attack? Don't panic, remain calm and remember to contact Barricade Cyber Solutions, the DFIR team trusted to quickly recover business data with exclusive ransomware recovery services for small and medium businesses alike. Recover from ransomware and get your business back online with Barricade Cyber Solutions. Visit recoverfromransomware.com to schedule a call with the team today.
Box suffers outage, MongoDB suffers breach, States lag in tackling political deepfakes
Box storage platform suffers outage MongoDB suffers breach States lag in tackling political deepfakes Thanks to today's episode sponsor, Barricade Cyber Solutions Experiencing ransomware? Barricade Cyber Solutions will help you recover from the nightmare. Trust the industry DFIR experts who have rescued over 3,000 businesses cases over the past 5 years. Remember to visit recoverfromransomware.com and connect with Barricade Cyber Solutions rapid ransomware recovery team. This elite team works quickly to recover and restore your business data and services. All you need to remember is recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
Week in Review: Irish water hack, Joe Sullivan speaks, UK ransomware predictions
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestRusty Waldron, Chief Business Security Officer,ADP Thanks to our show sponsor, Barricade Cyber Solutions Are ransomware attackers causing your business MAJOR disruptions? Connect with Barricade Cyber Solutions, the trusted DFIR experts specializing in helping small to medium businesses, like yours, recover from ransomware. Barricade Cyber Solutions has a proven track record of successfully handling over 3,000 business cases and counting with advanced recovery services to quickly restore business data and services. Recover from ransomware with Barricade Cyber Solutions at recoverfromransomware.com. All links and the video of...
French police arrest alleged Hive banker Train bricking accusations lead to lawsuit against ethical hackers New Hacker Group 'GambleForce' Targets APAC through SQL injection Thanks to today's episode sponsor, Barricade Cyber Solutions Has your organization faced a ransomware attack? Keep calm, breathe, and head over to recoverfromransomware.com. Barricade Cyber Solutions is the industry choice for ransomware recovery services that small and medium business leaders can rely on. With a track record of rescuing over 3,000+ businesses like yours in the last 5 years alone, you can trust Barricade Cyber Solutions' elite DFIR team for the recovery of your business' data...
UK ransomware report, OAuth abuse, push notification changes
UK ransomware report isn't pretty MS warns of OAuth abuse Apple discloses pushback to push notification disclosure Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin the holidays again this year! Prepare and spread holiday cheer with recoverfromransomware.com! The trusted DFIR experts at Barricade Cyber Solutions have saved 3,000 and counting businesses from ransomware attacks, including small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and systems recovery. Book a meeting directly with the CEO to discover how to recover from ransomware. Visit recoverfromransomware.com.
Ukraine telco down, Sullivan advocates for CISOs, GAO on AI
Cyberattack shuts down Ukrainian telco Former Uber CISO advocates for CISO protections GAO report on government AI usage Thanks to today's episode sponsor, Barricade Cyber Solutions When you're hit with ransomware, remember recoverfromransomware.com. Barricade Cyber Solutions' experienced DFIR team is ready to help your business recover from ransomware now. You'll work directly with the CEO to resolve your case quickly and efficiently. Whether you're experiencing a ransomware attack or want to get ahead of one by discussing a prevention plan, contact Barricade Cyber Solutions at recoverfromransomware.com.
Internet fragmentation, EU AI Act, Lazarus loves Log4Shell
US tries to avoid internet fragmentation EU reaches agreement on AI Act North Korea finds continued success with Log4Shell Thanks to today's episode sponsor, Barricade Cyber Solutions Encountering a ransomware attack? Keep cool and reach out to Barricade Cyber Solutions, the trusted DFIR experts. Barricade is known for helping small and medium businesses just like yours restore their business data and successfully recover from ransomware. Escape the ransomware nightmare and bring your business back online now. Contact Barricade Cyber Solutions today at recoverfromransomware.com. That's recoverfromransomware.com.
5G network vulnerability, SLAM affects CPUs, CISA Qlik warning
5G network security vulnerabilities discovered, impacting chipset vendors and smartphones SLAM Spectre-based vulnerability affects CPUs CISA adds Qlik bugs to exploited vulnerabilities catalog Thanks to today's episode sponsor, Barricade Cyber Solutions Caught in a ransomware crisis? Barricade Cyber Solutions is your lifeline for recovery. Trust the industry's experienced DFIR experts, with a track record of saving over 3,000 businesses in the last 5 years. Remember to visit recoverfromransomware.com to connect with Barricade Cyber Solutions' trusted ransomware recovery team. This elite squad moves quickly to restore your business data and services. Visit recoverfromransomware.com today. For the stories behind the headlines, head...
Week in Review: Credit Union outages, Roblox, Twitch targeted, Nuclear site breached
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestAndy Ellis, operating partnerYL Ventures Thanks to our show sponsor, Barricade Cyber Solutions Are ransomware attackers causing disruptions? Remember to stay composed and immediately contact Barricade Cyber Solutions, the trusted ransomware recovery experts specializing in small to medium businesses. Barricade Cyber Solutions has a proven track record of successfully handling over 3,000 business cases and counting- with advanced recovery services for rapid business restoration. Recover from ransomware with Barricade Cyber Solutions. Visit recoverfromransomware.com to learn more. All links and the video of this episode can be...
Aviva cyberattack warning, anti-aircraft data theft, car fleet vulnerability
Insurance firm sees cyberattacks as more likely than fire or theft North Korean hackers steal anti-aircraft system data Vulnerability discovered in fleet management software Huge thanks to our sponsor, Barricade Cyber Solutions Is ransomware affecting your business? Contact Barricade Cyber Solutions at recoverfromransomware.com. Barricade Cyber Solutions are elite DFIR experts who come to the rescue for businesses like yours daily. The trusted team at Barricade Cyber traces the source of infiltration and fortifies your defenses. Depend on Barricade Cyber Solutions for your data and system security. Remember recoverfromransomware.com, that's recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
Krebs on ICANN Lookups Wyden warns of spying push notifications Google unveils Gemini Huge thanks to our sponsor, Barricade Cyber Solutions Has your organization fallen victim to ransomware? Remain calm and head over to recoverfromransomware.com. Barricade Cyber Solutions is the "go-to" for ransomware recovery services that small to medium business executives can trust. Over the past 5 years, Barricade Cyber Solutions has saved 3,000+ businesses in your shoes. Trust the elite DFIR team at Barricade Cyber Solutions with your data and system security recovery. Book a free consultation at recoverfromransomware.com now.
Spyware trial implicating former Mexican president kicks off Federal agency breached through Adobe ColdFusion vulnerability Malicious loan app downloaded 12 million times from Google Play Huge thanks to our sponsor, Barricade Cyber Solutions Don't let ransomware ruin your holiday. Remember to visit recoverfromransomware.com! Barricade Cyber Solutions are THE trusted DFIR experts, and they've saved 3,000 and counting businesses from ransomware attacks, small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and security systems recovery. Book a meeting directly with the CEO to discuss securing your future today. Visit recoverfromransomware.com. That's recoverfromransomware.com. For the stories...
Nuclear site hacked, Iranian water breaches, ChatGPT data leaks
UK nuclear site attacked by state-linked attackers US confirms Iranian actors behind water breaches The infinite regress of ChatGPT data exfiltration Huge thanks to our sponsor, Barricade Cyber Solutions Facing a ransomware attack? Don't panic, remain calm and remember to contact Barricade Cyber Solutions, the DFIR team trusted to quickly recover business data with exclusive ransomware recovery services for small and medium businesses alike. Recover from ransomware and get your business back online with Barricade Cyber Solutions. Visit recoverfromransomware.com to schedule a call with the team today. That's recoverfromransomware.com.
Credit Unions outage, Roblox-Twitch extortion, Apple zero-days
Credit unions facing outages due to ransomware attack on cloud provider Roblox, Twitch allegedly targeted by ransomware cartel Apple fixes two new iOS zero-days in emergency updates Huge thanks to our sponsor, Barricade Cyber Solutions Experiencing ransomware? Barricade Cyber Solutions will help you recover from the nightmare. Trust the industry DFIR experts who have rescued over 3,000 business cases over the past 5 years. Remember to visit recoverfromransomware.com and connect with Barricade Cyber Solutions rapid ransomware recovery team. This elite team works quickly to recover and restore your business data and services. Visit recoverfromransomware.com today. For the stories behind the...
Week in Review: Okta breach expands, Former Uber CISO speaks, OpenAI's chatbot leak secrets
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestChristina Shannon, CIO,KIK Consumer Products Thanks to our show sponsor, SpyCloud SpyCloud disrupts cybercrime by telling you what criminals know about your business and your customers, so you can take action on exposed authentication data to prevent ransomware, session hijacking, account takeover, and online fraud. With knowledge of the specific data criminals have in hand like credentials, cookies, and PII compromised by breaches and malware infections security teams have better visibility into the expanding attack surface that puts their organization at risk of cyberattacks and can...
Manufacturing tops extortion, RETVec battles spam, new Zyxel warnings
Manufacturing industry tops cyber extortion trend Google's RETVec the latest warrior on bad emails Zyxel warns of vulnerabilities in NAS devices Huge thanks to our sponsor, SpyCloud New research from SpyCloud reveals a critical discovery: nearly a third of ransomware victim companies this year were infected with infostealer malware like Raccoon, Vidar or Redline before they were attacked. These infostealers exfiltrate authentication data from infected systems to aid follow-on attacks everything from passwords to 2FA codes, and even cookies that enable session hijacking without the need for credentials at all. SpyCloud specializes in recapturing and remediating data siphoned from infostealers...
Okta breach expands, JAXA cyberattack, leaky GPTs
All Okta customers exposed in breach JAXA hit by cyberattack OpenAI's chatbots leak secrets Huge thanks to our sponsor, SpyCloud For some people ignorance is bliss but that's not an option for those of us in cybersecurity. SpyCloud has a free tool that lets you check your company's darknet exposure, and you might find some things that are pretty alarming. Go to spycloud.com/ciso to see your company's exposure from data breaches and even infostealer malware infections that can open the door to ransomware. SpyCloud's focus is helping businesses act on what criminals are using right now to target them addressing...
Ransomware gang busted in Ukraine, North Texas water utility cyberattack, Former Uber CISO breaks 6-year silence
Ransomware gang busted in Ukraine by international operation North Texas water utility hit with cyberattack Former Uber CISO speaks out after 6-year silence Huge thanks to our sponsor, SpyCloud SpyCloud has discovered that infostealer malware infections are an early warning signal for ransomware. In fact, nearly a third of ransomware victim companies this year were infected with infostealer malware like Raccoon, Vidar or Redline before they were attacked. Are you thinking about infostealers as a precursor to ransomware? SpyCloud believes that knowing what criminals have stolen from your managed, unmanaged and undermanaged infected machines is step one to stopping ransomware...
International AI agreement, water utility attack, Ukraine cyberattack on Russian aviation
International AI agreement PA water utility hit by cyberattack Ukraine claims cyber attack against Russian aviation Huge thanks to our sponsor, SpyCloud Our sponsor today, SpyCloud, wants us to pay attention to a ransomware precursor that's not being talked about enough: infostealer malware. If you think you're covered by endpoint protection and anti-virus solutions, think again. The SpyCloud team discovered that the presence of infostealers including Racoon, Vidar, and Redline on machines accessing work applications may indicate a likely future ransomware attack. They believe the first step in thwarting ransomware lies in knowing the data criminals have stolen from malware-infected...
London & Zurich, Fidelity National Financial attacks, Royal Family's hospital, Vanderbilt University Med Center attacks, US Nuclear lab and Gulf Air breaches
London & Zurich, and Fidelity National Financial attacks Royal Family's hospital and Vanderbilt University Med Center suffer cybersecurity incidents Gulf Air exposed to data breach Huge thanks to our sponsor, SpyCloud For some people ignorance is bliss but that's not an option for those of us in cybersecurity. SpyCloud has a free tool that lets you check your company's darknet exposure, and you might find some things that are pretty alarming. Go to spycloud.com/ciso to see your company's exposure from data breaches and even infostealer malware infections that can open the door to ransomware. SpyCloud's focus is helping businesses act...
Cyber exec hacked hospital, 'Citrix Bleed' vuln targeted, Binance CEO steps down in $4 billion settlement
Cyber exec admits hacking hospital as a sales tactic 'Citrix Bleed' vulnerability targeted by nation-state hackers Binance CEO steps down in $4 billion settlement Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and...
Healthcare hit with MOVEit, malware uses trig, OpenAI shakeup
Healthcare platform impacted by MOVEit Threat actors find a use for trigonometry What's happening with OpenAI Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your existing solution is...
Clorox CISO departs months after cyberattack ALPHV/BlackCat Ransomware gang files SEC complaint Drenan Dudley acting national cyber director while Coker confirmation process continues Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start...
Week in Review: UK Health data shared, SSH keys vulnerable
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestJay Wilson, CISO,Insurity Thanks to our show sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. Learn more at Sysdig.com All links and the video of this episode can be found on CISO Series.com
Fortinet Injection bug, Another Samsung breach, government Rhysida warning
Fortinet warns of critical command injection bug in FortiSIEM Another data breach for Samsung Rhysida warning from FBI and CISA Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. For the stories behind the headlines, head toCISOseries.com.
Microsoft Copilot, YouTube addresses AI uploads, CISA's AI roadmap
Microsoft goes all in on Copilot YouTube's AI disclosure requirement CISA's AI Roadmap Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second.
IPStorm botnet dismantled, Social media giants will face child safety lawsuits, Authorities warn of Royal ransom gang threat
IPStorm botnet dismantled after hacker's guilty plea Federal court rules social media giants must face child safety lawsuits Authorities warn of Royal ransom gang's activities and rebranding Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack...
Cyber Security Headlines: Australian ports attacked, impacts of AI on terrorist content, Google sees faked Bard ads
Australian ports hit with cyberattack AI companies join on to Christchurch Call to Action Generative AI threatens to dismantle terrorist content detection Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second.
China bank ransomed, UK health data shared, Boeing data published
Industrial and Commercial Bank of China suffers ransomware attack UK health data donated for medical research shared with insurance companies Boeing data published by LockBit Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. For the stories behind the headlines, head to CISOseries.com.
Week in Review: Okta explains hack, Google Calendar as C2, Selling military data
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted bySean Kellywith guestHoward Holton, CTO,GigaOm Thanks to today's episode sponsor, OffSec OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself...
US most breached, ChatGPT gets DDoS, Clop exploits SysAid
US most breached country last quarter OpenAI blames DDoS attacks for ongoing ChatGPT outages Clop exploits SysAid vulnerability Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon,...
Shields Ready campaign, AI imagery rules for the election, App Defense Alliance moves to Linux Foundation
US launches "Shields Ready" campaign Microsoft and Meta announced AI imagery rules App Defense Alliance moves under the Linux Foundation Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the crme de la crme of talent. It's more than just an...
Marina Bay Sands customer data hacked, Atlassian bug escalated to 10.0 severity, Fake crypto app steals over $700,000
Singapore's Marina Bay Sands customer data stolen in cyberattack Atlassian bug escalated to 10.0 severity Fake Ledger Live app steals over $700,000 in crypto Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec...
Dropper bypasses Google, CISA's zero-day worries, Google Calendar as C2
Android Dropper-as-a-Service Bypasses Google's Defenses Increase in zero-day exploits worries CISA Google Calendar as a C2 infrastructure Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the crme de la crme of talent. It's more than just an event it's a...
Okta explains hack source and response timeline Looney Tunables now being exploited Lazarus Group uses KandyKorn against blockchain engineers Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO,...
Week in Review: Cloudflare's power outage, Washington breaches, Wiki-Slack attack
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestShawn Bowen, CISO,World Kinect Corporation Thanks to our show sponsor, Hunters There's nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters' SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It's time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your...
Cloudflare's power outage, Apache HelloKitty attempt, Boeing incident continues
Power outage darkens Cloudflare dashboard and APIs Apache ActiveMQ flaw sees HelloKitty attempt Boeing says cyber incident affects parts and distribution Thanks to today's episode sponsor, Hunters There's nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters' SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It's time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can...
UK summit pledge to tackle AI risks, 'Kill switch' shuts down Mozi botnet, EU regulator bans Meta's ad practices
Countries at UK summit pledge to tackle AI risks 'Kill switch' deliberately shuts down notorious botnet EU regulator bans Meta's targeted advertising practices Thanks to today's episode sponsor, Hunters There's nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters' SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It's time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how...
Canada bans WeChat, no ransom pledge, India's opposition sees state-sponsored attacks
Canada bans WeChat on government devices 40 countries sign no ransom pledge Apple warns Indian opposition leaders about iPhone attacks Thanks to today's episode sponsor, Hunters If your SIEM is causing an endless cycle of noisy alerts, manually writing generic detection rules, and limited data ingestion & retention, your SOC might need an upgrade. Hunters is a SaaS platform, purpose built for your Security Operations team. Solaris Group, a leading German FinTech, implemented Hunters to replace their SIEM eliminating the burden of redundant detection engineering and manual event correlation. Solaris Group's SOC analysts can now focus their time and energy...
AI Executive Order, Russia' VirusTotal, Roaming leaks locations
Executive order outlines generative AI rules in the US Russia launchings its own VirusTotal Roaming data could leak geolocations Thanks to today's episode sponsor, Hunters Piecing together a SIEM not only takes forever, but it wastes your security team's valuable resources. Hunters is a SIEM alternative purpose built to help your Security Operations mature to the next level in a fraction of the time. Spontnana, a next-generation Travel-as-a-Service platform, uses Hunters' built-in correlation and enrichment capabilities to make better security decisions and experienced value from day one. Are you ready to evaluate Hunters as a SIEM alternative? Visit Hunters.security to...
DC Elections breach, LockBit Boeing breach, StripedFly's stealthy sting
DC Board of Elections breach may include entire voter roll LockBit claims Boeing breach StripedFly malware infects 1 million Windows and Linux hosts Thanks to today's episode sponsor, Hunters Hunters is a SIEM alternative, built for your security team. Hunters empowers companies to replace their SIEM with unlimited ingestion and normalization of security data at a predictable cost. Using Hunters, a CISO at a leading online retailer "tripled the amount of data ingested by her security team while cutting costs from a legacy SIEM provider by 75%." To learn more about the benefits of replacing your legacy SIEM with Hunters...
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestArvin Bansal, former CISO, Nissan Americas Thanks to our show sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you'll be able to focus on strategy and security,...
ILeakage attack steals emails, passwords from Apple devices and browsers CISA protests potential 25% budget cut as "catastrophic" Surge in hyper-volumetric HTTP DDoS attacks Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you'll be able to focus...
SMIC advanced chips, Roundcube exploit, Philadelphia email access
SMIC making advanced chips with ASML tech Roundcube webmail exploited with zero-day Philadelphia's week somehow gets worse Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you'll be able to focus on strategy and security, not maintaining compliance....
Cisco IOS XE infections remain high, California sidelines GM's driverless cars, Canada accuse China of 'Spamouflage' campaign
Cisco IOS XE Update: Number of infected devices via zero-day remains high California sidelines GM's driverless cars, citing safety risk Canada accuse China of 'Spamouflage' disinformation campaign Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you'll be...
Chrome IP Protection, Microsoft Security Copilot, Cisco patches IOS XE
Chrome testing IP Protection Microsoft tests Security Copilot Cisco releases IOS XE patches Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you'll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies...
Okta system attacked, another Cisco vulnerability, RagnarLocker arrest
Okta HAR support system attacked Cisco identifies additional IOS XE vulnerability Key Ragnar Locker player arrested in Paris Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you'll be able to focus on strategy and security, not maintaining...
Week in Review: Water cyber-regs rescinded, Cisco zero-day attacks, Signal debunks zero-day
Link to blog post This week'sCyber Security Headlines Week in Reviewis hosted byRich Stroffolinowith guestAndrew Wilder, CISO,Community Veterinary Partners Thanks to our show sponsor, Vanta "Growing a business? That likely means more tools, third-party vendors, and data sharing AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you'll be able to focus on strategy and security, not...
Cops sting RagnarLocker, more 23andMe leaks, Casio discloses breach
International sting operation brings down RagnarLocker More 23andMe records leaked Casio discloses data breach Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you'll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing...
WinRAR exploitation, Five Eyes warns about China, ServiceNow data exposure
State-backed attackers exploit WinRAR zero-day Five Eyes warns of Chinese IP theft ServiceNow data exposure issue identified Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you'll be able to focus on strategy and security, not maintaining compliance....
Zero-day attacks affect 10,000 Cisco devices, US government warns of Confluence vuln exploitation, D-Link confirms data breach
Zero-day attacks affect over 10,000 Cisco devices US government warns of widespread exploitation of Confluence vulnerability D-Link confirms data breach caused by phishing attack Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you'll be able to focus...
Security camera warnings, Signal denies zero-day, Equifax fined in UK
Israeli government warns to secure home security cameras Signal debunks zero-day report Equifax fined for 2017 data breach Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you'll be able to focus on strategy and security, not maintaining...
CDW possibly attacked, AvosLocker joint advisory, EPA rescinds water regs
LockBit claims attack on CDW FBI and CISA publish joint advisory regarding AvosLocker ransomware EPA rescinds cyber regulations for water sector Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you'll be able to focus on strategy and...
Week in Review: Internet-wide zero-day DDoS, 23andMe data breach, curl flaw overhyped
Link to blog post This week'sCyber Security Headlines Week in Review, is hosted byRich Stroffolinowith guestMartin Choluj, VP SecurityClickHouse Thanks to our show sponsor, Hyperproof Are you struggling to showcase the value of your work? It's a classic challenge in the risk and compliance space: leadership just doesn't understand what exactly you do and why it matters. With Hyperproof, the leading risk and compliance management platform, you get access to real-time reports that can help your leadership team understand the impact of the valuable work you do every day. Get a demo at hyperproof.io. All links and the video of...
Microsoft thwarts Akira, Sullivan appeals conviction, ToddyCat targets telcos
Microsoft thwarts large-scale ransomware attack Former Uber CISO files appeal ToddyCat group targets telcos Thanks to today's episode sponsor, Hyperproof Is your company scaling? Do you need to quickly add more compliance frameworks but don't know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today.
Hijacked 404 pages, Chinese attackers target Confluence, Adobe's "icon of transparency"
404 pages hijacked Atlassian Confluence attacked by state-backed actors Adobe's "icon of transparency" Thanks to today's episode sponsor, Hyperproof It's more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That's where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at Hyperproof.io.
Zero-day fuels largest-ever DDoS attack, 23andMe resets user passwords after data leak, Exchange gets 'better' patch for critical bug
Internet-wide zero-day bug fuels largest-ever DDoS attack 23andMe resets user passwords after genetic data posted online Microsoft Exchange gets 'better' patch to mitigate critical bug Thanks to today's episode sponsor, Hyperproof We get it. You're a risk manager or compliance professional, and you're overworked. You're trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io. For the stories behind the headlines,...
Middle East hacktivists, Curl security flaw, HelloKitty improves ransomware
Hacktivist attacks abound in the Middle East Network protocol open-source tool Curl faces worst security flaw in a long time HelloKitty ransomware source code leaked on hacking forum Thanks to today's episode sponsor, Hyperproof Imagine. You have an audit coming up, but instead of the usual rush, you actually feel prepared. You've collected your evidence. You can see which risks have been mitigated. And best of all, you don't have to send out any last-minute emails to other teams begging them for that one screenshot. Sounds like a dream, right? With Hyperproof's risk and compliance platform, this could be your...
MGM Resorts quotes ransomware tab at $110 million Blackbaud in $49.5 million settlement for May 2020 ransomware attack 23andMe investigates breach claims Thanks to today's episode sponsor, Hyperproof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof, you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo. For the stories behind...
Week in Review: Progress FTPbug, CloudFlare DDoS mistake, Lazarus Meta recruiters
Link to blog post This week'sCyber Security Headlines Week in Review, is hosted byRich Stroffolinowith guestBob Schuetter, CISO,Ashland Thanks to our show sponsor, Conveyor Got a scary security questionnaire to complete and you'd rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor: the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate auto-generated answers by and decreasing the time spent on questionnaire answering by 91%. Try a free one-week proof of concept at www.conveyor.com. All links and the...
Apple zero-day patch, Cisco 911 patch, ICS exposure warning
Apple rolls out patch for active iOS Zero-Day Cisco patches urgent Emergency Responder flaw Researchers warn of 100,000 exposed ICS systems Thanks to our episode sponsor, Conveyor We can all agree that AI can take one job from us: answering security questionnaires. Enter Conveyor: the AI security review platform helping infosec teams attack security questionnaires from all angles. Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds. Lucid tried a free one week proof of concept and...
Red Cross hacktivist rules, Looney Tunables hit Linux, CISA violates First Amendment
Red Cross issues hacktivist rules Looney Tunables hits major Linux distros CISA may have violated the First Amendment Thanks to our episode sponsor, Conveyor Will security questionnaires ever go away? Maybe. But as long as they're still here, you might as well get AI to complete them for you. Enter Conveyor. The AI security questionnaire automation software that auto-generates 80-90% accurate answers to entire questionnaires in seconds so all you have to do is review. There's even a browser extension for the world's worst portals. Not sure if it'll work for you? Try a free one-week proof of concept at...
GPU driver exploits, EU strengthens spyware protections, NSA's AI Security Center
Arm and Qualcomm warn about exploited GPU drivers EU Parliament strengthens spyware protections for journalists NSA creates AI Security Center Thanks to our episode sponsor, Conveyor Does the mountain of security questionnaires in your inbox make you feel like a 2 dollar umbrella in a hurricane? Then you might want to check out Conveyor: the AI security review platform helping infosec teams attack security questionnaires from all angles. Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds....
Progress FTP bug under active exploit, Norway urges Europe-wide Meta data collection ban, KillNet claims attack against Royal Family website
Critical Progress FTP bug now being exploited in attacks Norway urges Europe-wide ban on Meta's targeted data collection KillNet claims DDoS attack against Royal Family website Thanks to our episode sponsor, Conveyor Got a scary security questionnaire to complete and you'd rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor: the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate auto-generated answers by and decreasing the time spent on questionnaire answering by 91%. Try a free one-week proof...
Cloudflare's protection bypass, ALPHV healthcare victim, Lazarus Meta recruiter
Cloudflare DDoS protections bypassed using Cloudflare McLaren Health Care becomes latest ALPHV/BlackCat victim Lazarus Group poses as Meta recruiters to spearfish Spanish engineers Thanks to our episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas? Then you might want to check out Conveyor: the AI security review platform helping infosec and sales teams attack security questionnaires from all angles. Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to...
Week in Review: New MOVEIt troubles, fallout from government email breach, H&R Block faces RICO charges
Link to blog post This week'sCyber Security Headlines Week in Review, is hosted byRich Stroffolinowith guestAndrew Storms, VP of security,Replicated Thanks to our show sponsor, AppOmni Are you confident in your organization's SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What's behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they're blind to the true extent of their SaaS attack surface risk. Don't gamble with your data. Get the visibility and insights...
Government email damage, Johnson Controls attacked, Google's 5th zero-day
Chinese hackers stole emails from US State Dept in Microsoft breach Johnson Controls faces $51 million ransomware demand Google fixes year's fifth Chrome zero-day Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps' unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That's where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure...
GPU pixel-stealing, info-stealing on GitHub, Sony hackers hit NTT Docomo
GPUs vulnerable to pixel-stealing attacks Info-stealing commits hit GitHub Alleged Sony hackers hit NTT Docomo Thanks to today's episode sponsor, AppOmni Are you confident in your organization's SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What's behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they're blind to the true extent of their SaaS attack surface risk. Don't gamble with your data. Get the visibility and insights you need to protect your...
Multiple threat actors lay claim to Sony hack, Philippines health org struggling with ransomware recovery, Flair Airlines leaked user data for months
Multiple threat actors lay claim to Sony hack Philippines health org struggling to recover from ransomware attack Canadian Flair Airlines leaked user data for months Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps' unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That's where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and...
Mixin Network breach, Kia and Hyundai thefts explode, stress testing voting equipment
Mixin Network loses $200 million Kia and Hyundai exploit linked to massive car thefts Stress testing voting equipment Thanks to today's episode sponsor, AppOmni Are you confident in your organization's SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What's behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they're blind to the true extent of their SaaS attack surface risk. Don't gamble with your data. Get the visibility and insights you need...
Car audio manufacturer Clarion hacked ALPHV claims responsibility High-ranking Egyptian politician targeted by Predator spyware City of Dallas issues report on May cyberattack Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps' unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That's where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your...
Week in Review: UK and US cyberlaws, Microsoft's bad week, Cisco buys Splunk
Link to blog post This week'sCyber Security Headlines Week in Review, is hosted byRich Stroffolinowith guestShawn Bowen, CISO,World Kinect Corporation Thanks to our show sponsor, Hyperproof Is your company scaling? Do you need to quickly add more compliance frameworks but don't know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. All links and the video...
UK's new cyberlaws, Cisco buys Splunk, Transunion denies breach
UK launches comprehensive new online safety laws Cisco buys Splunk TransUnion denies breach Huge thanks to our sponsor, Hyperproof Is your company scaling? Do you need to quickly add more compliance frameworks but don't know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. For the stories behind the headlines, head to CISOseries.com.
Canadian airport DDoS, Huawei ships chips, Signal goes post-quantum
Cyber attack disrupted Canadian airports Huawei ships chips for surveillance cameras Signal adds quantum-resistant encryption Huge thanks to our sponsor, Hyperproof It's more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That's where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at Hyperproof.io.
DHS to simplify cyber incident reporting rules, UK passes Online Safety Bill, PIILOPUOTI marketplace takedown
DHS council seeks to simplify cyber incident reporting rules UK passes the Online Safety Bill Finland and Europol take down PIILOPUOTI marketplace Huge thanks to our sponsor, Hyperproof We get it. You're a risk manager or compliance professional, and you're overworked. You're trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io. For the stories behind the headlines, visit CISOseries.com.
Microsoft leaks AI data, UK CMA AI principles, Germany warns of natural gas terminal attacks
Microsoft leaks terabytes of internal data UK CMA outlines principles for AI regulation Germany warns of attacks on LNG terminals Huge thanks to our sponsor, Hyperproof Imagine. You have an audit coming up, but instead of the usual rush, you actually feel prepared. You've collected your evidence. You can see which risks have been mitigated. And best of all, you don't have to send out any last-minute emails to other teams begging them for that one screenshot. Sounds like a dream, right? With Hyperproof's risk and compliance platform, this could be your reality. Get a demo at hyperproof.io.
Lazarus hit CoinX, Thailand's CardX breach, trucking software attack
Lazarus Group suspected in CoinEx robbery Thailand financial company CardX discloses leak Ransomware hits trucking software provider Huge thanks to our sponsor, Hyperproof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof, you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo. For the stories behind the headlines, head to CISOseries.com.
Week in Review: Las Vegas heists, mental health, Tesla's no-hands option
Link to blog post This week'sCyber Security Headlines Week in Review, is hosted byRich Stroffolinowith guest Davi Ottenheimer, VP, Trust and Ethics,Inrupt Thanks to our show sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor's security questionnaire automation software powered by OpenAI. Compared to the tools on the market, Conveyor's AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That's it. That's the ad. We'll let you get back to the show, but if you want to take away...
Caesars reportedly paid millions to stop Scattered Spider Cybersecurity incident impacts Canada's Weather Network Blocked LockBit affiliate deploys 3AM instead Huge thanks to our sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor's security questionnaire automation software - powered by OpenAI. Compared to the tools on the market, Conveyor's AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That's it. That's the ad. We'll let you get back to the headlines, but if you want to take away the...
US asks to not pay ransoms, CISA's open source roadmap, Save the Children ransomware attack
NSC asks governments not to pay ransoms CISA's open source software security roadmap Save the Children hit with ransomware Huge thanks to our sponsor, Conveyor Got a scary security questionnaire to complete and you'd rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor - the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate answers and decreasing the time spent on questionnaire answering by 91%. We're excited about the success customers like Lucid and Carta have seen using...
MGM Resorts slot machines and ATMs disrupted by "cybersecurity incident" Hackers access sensitive data of thousands of Airbus vendors Cryptoqueen's sidekick sentenced for $4 billion scam Huge thanks to our sponsor, Conveyor Here's how to measure if your security questionnaire answering software is effective. We benchmarked the RFP and compliance tools on the market and most are only generating accurate responses to questionnaires 20-50% of the time. Ready for 80-90% auto-generated accurate answers so you can fly through your review? Then you should try Conveyor's AI-security questionnaire automation tool. Don't believe us? Try a free proof of concept at www.conveyor.com...
Rising infrastructure attacks, Sponsor backdoor, Sri Lanka loses data in attack
UK government sees record critical IT infrastructure attacks Charming Kitten unleashes Sponsor backdoor Ransomware costs Sri Lankan government months of data Huge thanks to our sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor's security questionnaire automation software - powered by OpenAI. Compared to the tools on the market, Conveyor's AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That's it. That's the ad. We'll let you get back to the headlines, but if you want to take away...
Evil Telegram fake apps send spyware Akamai announces mitigation of largest DDoS on a US financial company Rhysida attacks three more hospitals Huge thanks to our sponsor, Conveyor What's scarier than the Sunday scaries? Opening your inbox to a 200 question, 15 tab macro-enabled workbook containing a customer security questionnaire to complete. Let Conveyor's AI security questionnaire automation tool, powered by OpenAI, help your answering process go a lot faster. Spend 91% less time on questionnaires when you get precise answers auto-generated for you. Try a free proof of concept to see how fast you can get through questionnaires with...
Week in Review: Microsoft MSA answers, Keystroke monitoring software, G-Man Mudge
Link to blog post This week'sCyber Security Headlines Week in Review, is hosted byRich Stroffolinowith guestDan Walsh, CISO,VillageMD Thanks to our show sponsor, Comcast DataBee DataBee, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee makes your data a gold mine, rich with information that enables you to examine the past, react to the present, and protect the future of your business. Learn more at https://comca.st/DataBee. All links and the video of this episode can be found on...
China's MSA key hack, cyberwar crimes, North Korea targeting Russia
How Chinese hackers stole a Microsoft signing key The ICC to prosecute cyberwar crimes North Korean cyberattacks against Russian targets Thanks to today's episode sponsor, Comcast DataBee, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee makes your data a gold mine, rich with information that enables you to examine the past, react to the present, and protect the future of your business. Learn more at https://comca.st/DataBee.
CISA close to finalizing incident reporting rules Krebs on cracked LastPass keys Connected cars not great for privacy and security Thanks to today's episode sponsor, Comcast Are you still using whiteboards and pivoting between tools to find out who owns what data sources and the relationships between data points? It's time to improve your OODA loop and enhance your security and compliance efforts with DataBee, from Comcast Technology Solutions. Learn how DataBee weaves together and enriches data from across the enterprise to provide deeper insights into your security, risk and compliance posture. Visit https://comca.st/DataBee.
CISA hires 'Mudge', Call for Congress to address AI-generated CSAM, Stake.com loses $41 million in crypto
CISA hires 'Mudge' to work on security-by-design principles All 50 states call on Congress to address AI-generated CSAM Stake.com loses $41 million to hot wallet hackers Thanks to today's episode sponsor, Comcast What if you could integrate enterprise-wide business intelligence with your security data for better contextual insights into potential threats and compliance issues? You can. With DataBee, from Comcast Technology Solutions. Learn how DataBee enables users to leverage integrated insights to mitigate risks and stay compliant. Visit https://comca.st/DataBee. For the stories behind the headlines, visit CISOseries.com.
PDF MalDoc warning, MinIO storage compromises, Okta helpdesk attacks
New PDF MalDoc allows evasion of antivirus MinIO Storage system being used to compromise servers Okta warns of IT help desk attacks Thanks to today's episode sponsor, Comcast Data rules everything around us but why are the people who need data the most unable to access it? What if you could boost the productivity of your security teams and their ability to collaborate by providing them access to the same shared and enriched data? You can. With DataBee, from Comcast Technology Solutions. Learn how DataBee can help your organization make better informed decisions, quickly and cost-effectively. Visit https://comca.st/DataBee For the...
X collects employment histories, Sandworm Chisel analysis, Callaway breach
X to collect member employment data Technical details of Sandworm malware 'Infamous Chisel' released Golf club maker Callaway suffers breach Thanks to today's episode sponsor, Comcast DataBee "Data is the currency of the 21st century", yet for so many cybersecurity professionals, it's still too difficult to access, correlate and use this 'currency' for better, faster security and compliance decision-making. That's why Comcast Technology Solutions created DataBee, a cloud-native security data fabric platform that can help you turn your security data into valuable business 'currency'. Learn more at https://comca.st/DataBee. For the stories behind the headlines, head to CISOseries.com.
Gamaredon hackers hit Ukraine military Movie giant Paramount Global suffers data breach Takeover swarm exploits OpenFire Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
China hacked Japan's NISC, trafficking fuels cyber scams, China approves generative AI
Chinese threat actors breached Japan's cybersecurity agency Human trafficking into cyber scams China set to approve first generative AI services Huge thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don't wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
FBI dismantles Qakbot operation, University of Michigan cuts internet after cyberattack, Microsoft criticizes UN cybercrime treaty
FBI dismantles Qakbot operation that took millions in ransom University of Michigan severs ties to internet after cyberattack Microsoft joins growing list of organizations criticizing UN cybercrime treaty Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security...
UK flight outage, the malware Big 3, spyware firm breached
UK network outage grounds flights The malware loader Big 3 Another spyware firm breached Huge thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don't wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
Cisco fixes flaws, Windows BSOD reappears, FBI Barracuda warning
Cisco fixes flaws in NX-OS AND FXOS software Windows preview updates bring blue screen of death FBI warns Barracuda bug still has bite Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the...
Week in Review: Health hackers evolve, generative AI cyberattacks, NK spooks drills
Link to blog post This week'sCyber Security Headlines Week in Review, is hosted byRich Stroffolinowith guestGerald Auger Ph.D., Chief Content Creator, Simply Cyber Thanks to our show sponsor, HyperProof Is your company scaling? Do you need to quickly add more compliance frameworks but don't know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. All links...
Lazarus Group exploits ManageEngine to drop new RATS on internet and healthcare Vulnerabilities in Rockwell ThinManager threaten industrial control systems Mississippi hospital system suffers cyberattack Huge thanks to our sponsor, HyperProof Is your company scaling? Do you need to quickly add more compliance frameworks but don't know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit to get started today. For...
Tornado Cash indictment, UN cybercrime treaty, Lazarus crypto cashout
Tornado Cash developers face indictment UN begins final cybercrime treaty talks FBI warns of North Korean crypto cash out Huge thanks to our sponsor, HyperProof It's more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That's where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at Hyperproof.io.
CISOs' cybersecurity confidence, Healthcare cyberbreach report, Duo outage
CISOs proclaim cybersecurity confidence, but majority admit to SaaS incidents Cyber Health Report: Hacker entry point shifts from email to network Duo outage causes Azure Auth authentication errors Huge thanks to our sponsor, HyperProof We get it. You're a risk manager or compliance professional, and you're overworked. You're trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io. For the stories...
ChatGPT botnet, Brits tip ransomware targets, Tesla's insider breach
ChatGPT used in crypto botnet Brits tipping off ransomware targets Tesla data breach caused by insiders Huge thanks to our sponsor, HyperProof Imagine. You have an audit coming up, but instead of the usual rush, you actually feel prepared. You've collected your evidence. You can see which risks have been mitigated. And best of all, you don't have to send out any last-minute emails to other teams begging them for that one screenshot. Sounds like a dream, right? With Hyperproof's risk and compliance platform, this could be your reality. Get a demo at hyperproof.io.
NK attacks drills, Android APK malware, space industry warning
North Korean hackers suspected of targeting S. Korea-US drills Android malware apps use APK compression to evade detection Security agencies warn space industry of increased attacks Huge thanks to our sponsor, HyperProof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof, you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo....
Week in Review: Ford WiFi vulnerability, LockBit's publication struggle, Government ZeroTrust confidence
Link to blog post This week'sCyber Security Headlines Week in Review, is hosted byRich Stroffolinowith guest,Jon Oltsik, distinguished analyst and fellow,Enterprise Strategy Group Thanks to our show sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don't know exactly WHO has access to WHAT data in your environment. For example, roles labeled as "read-only" can often edit and delete sensitive data. Veza automatically finds and fixes every bad permissionin every appacross your environment. All links and the video of this episode can be found on CISO Series.com
Cybercriminals finetune AI, Government ZeroTrust confidence, Citrix vulnerability warning
Influence operators fine-tuning AI to deceive targets 67% of government agencies claim confidence in adopting zero trust CISA warns of urgent Citrix vulnerability Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don't know exactly WHO has access to WHAT data in your environment. For example, roles labeled as "read-only" can often edit and delete sensitive data. Veza automatically finds and fixes every bad permissionin every appacross your environment. For the stories behind the headlines, head to CISOseries.com.
LockBit struggles, Google's quantum resilient key, orgs excitedly unprepared for AI
LockBit struggles to publish leaked data Google's quantum resilient security key Organizations optimistic and unprepared for AI Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don't know exactly WHO has access to WHAT data in your environment. For example, roles labeled as "read-only" can often edit and delete sensitive data. Veza automatically finds and fixes every bad permissionin every appacross your environment.
LinkedIn accounts hijacked, Chinese spies hack US congressman's email, US watchdog plans to regulate data brokers
Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don't know exactly WHO has access to WHAT data in your environment. For example, roles labeled as "read-only" can often edit and delete sensitive data. Veza automatically finds and fixes every bad permissionin every appacross your environment. For the stories behind the headlines, visit CISOseries.com.
Moovit bug, Black Hat's NOC, DDoS origins
Moovit bug allowed for free rides A look at Black Hat's network operations center Business and gaming disputes lead to DDoS attacks Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don't know exactly WHO has access to WHAT data in your environment. For example, roles labeled as "read-only" can often edit and delete sensitive data. Veza automatically finds and fixes every bad permissionin every appacross your environment.
Ford WiFi vulnerability, Government reviews Azure hack, TripAdvisor ransomware
Ford says cars with WiFi vulnerability still safe to drive Cyber Safety Review Board to analyze cloud security in wake of Microsoft hack Knight ransomware distributed in fake TripAdvisor complaint emails Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don't know exactly WHO has access to WHAT data in your environment. For example, roles labeled as "read-only" can often edit and delete sensitive data. Veza automatically finds and fixes every bad permissionin every appacross your environment. For the stories behind the headlines, head to CISOseries.com.
Week in Review: Microsoft slapped by Tenable, Tampa Hospital lawsuit, Zoom's AI decision
Link to blog post This week'sCyber Security Headlines Week in Review, August 7-11, is hosted byRich Stroffolinowith guest,Michael Woods, CISO,GE Thanks to our show sponsor, Conveyor We can all agree there's one thing the AI bots can take from us: completing customer security questionnaires. That's why we built Conveyor's GPT-questionnaire response tool. It auto-generates precise, accurate answers to entire questionnaires with accuracy far superior to existing tools on the market. It's so accurate, your customers can now use it in our new 'upload questions to trust portal' feature. It's exactly as it sounds. Customers can upload questions and the AI...
CISA's .NET warning, Compellent exposes VMWare, DEFCON AI challenge
CISA Warns organizations of exploited vulnerability affecting .NET, Visual Studio Dell Compellent hardcoded key exposes VMware vCenter admin creds DEF CON: Thousands of security researchers vie to outsmart AI in Las Vegas Thanks to today's episode sponsor, Conveyor We can all agree there's one thing the AI bots can take from us: completing customer security questionnaires. That's why we built Conveyor's GPT-questionnaire response tool. It auto-generates precise, accurate answers to entire questionnaires with accuracy far superior to existing tools on the market. It's so accurate, your customers can now use it in our new 'upload questions to trust portal' feature....
AI Cyber Challenge, eavesdropping typing app, Android cellular security
AI Cyber Challenge announced at Black Hat Tencent typing app had real time "eavesdropper" Google adds cellular security to Android Thanks to today's episode sponsor, Conveyor Your scariest questionnaires that are HUNDREDS of questions long are no match for Conveyor's GPT-security questionnaire tool - the most accurate questionnaire automation tool on the market. It's so accurate that you can even let customers upload their own questions in your portal to get instant answers generated from your content. For questionnaires you still need complete, infosec and sales teams are spending 89% less time on answering questionnaires because they're getting accurate answers...
Google's Messages app now encrypts chats, Electoral Commission apologizes to UK voters, Banks hit with fines for using chat apps
Google's Messages app now uses RCS to encrypt chats Electoral Commission apologizes for security breach involving UK voters' data Banks hit with over $500 million in fines for using out-of-band chat apps Thanks to today's episode sponsor, Conveyor Did you catch the biggest release of the year? No, not Barbenheimer. It's Conveyor's GPT-powered security questionnaire response tool: the most accurate questionnaire automation tool on the market. It's so good, you can let your customers upload their own questions in your trust portal to get instant answers based on your content. And of course, it's not just for your customers. You...
White House rolls out school cyber initiatives North Koreans breach Russian missile developer Large language models getting worse at math Thanks to today's episode sponsor, Conveyor GPT for security questionnaires? Conveyor has already built that for you. Conveyor's GPT-questionnaire response tool is so accurate, you can use it in two ways. One: Let your customers upload their own questions in your trust portal to get AI-generated answers based on the content in your portal. And Two: It's not just for your customers. You can use the GPT-questionnaire response tool internally as well to get auto-generated precise answers to entire questionnaires...
Tenable smacks Microsoft, hospital ransomware attacks, accurate acoustic spyware
Microsoft resolves vulnerability following criticism from Tenable CEO FBI investigating ransomware attack crippling hospitals across 4 states New acoustic attack steals data from keystrokes with 95% accuracy Thanks to today's episode sponsor, Conveyor Did you catch the biggest release of the year? No, not Barbenheimer. It's Conveyor's GPT-powered security questionnaire response tool: the most accurate questionnaire automation tool on the market. It's so good, you can let your customers upload their own questions in your trust portal to get instant answers based on your content. And of course, it's not just for your customers. You can use the GPT-questionnaire response...
Week in Review: IDOR vulnerability warning, Israel refinery cyberattack, spies bemoan AI training
Link to Blog Post This week'sCyber Security Headlines Week in Review, July 31-August 4, is hosted byRich Stroffolinowith guest,Jeff Hudesman, CISO,Pinwheel Thanks to our show sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit opal.dev.
Fortinet tops vuln list, malicious Chrome Rilite, more Ivanti issues
Fortinet VPN bug tops CISA's list of most exploited vulnerabilities in 2022 Chrome malware Rilide targets enterprise users via PowerPoint guides Researchers discover bypass for recently fixed Ivanti EPMM vulnerability Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. For the stories behind the headlines, head to...
Australia considers WeChat ban, US company aiding APTs, Veilid coming to DEF CON
Australian Senate recommends banning WeChat US company accused of aiding APT Hacking group to detail P2P protocol at DEF CON Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev.
Musk sues disinformation researchers, Cloud host found facilitating state-backed cyberattacks, UK spy agencies want to relax 'burdensome' AI laws
Musk sues disinformation researchers for driving away advertisers Researchers claim cloud host facilitated state-backed cyberattacks UK spy agencies want to relax 'burdensome' laws on AI data use Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. For the stories behind the headlines, visit CISOseries.com.
National plan for cyber education, DeFi code exploit, study on cyber insurance
White House releases National Cyber and Workforce Education Strategy Latest DeFi exploit sees millions in losses No link found between cyber insurance and paying ransoms Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev.
Israel refinery cyberattack, TSA pipeline guidelines, CISA's IDOR warning
Israel's largest oil refinery website offline amid cyber attack claims TSA renews cybersecurity guidelines for pipelines CISA AND Australia warn of IDOR vulnerabilities after major breaches Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. For the stories behind the headlines, head to CISOseries.com.
Week in Review: Stolen Microsoft key, government Maximus breach, Clop on clearweb
Link to Blog Post This week'sCyber Security Headlines Week in Review, July 24-28, is hosted byRich Stroffolinowith guest,TC Niedzialkowski, CISO,Nextdoor Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. All links and the video of...
Maximus breach, Ubuntu Linux vulnerabilities, Cardio company cyberattack
Millions affected by data breach at US government contractor Maximus Two severe Linux vulnerabilities impact 40% of Ubuntu users Heart monitoring technology provider confirms cyberattack Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For...
Cyber exec convicted, SEC disclosure, how the government gets breached
Russian court convicts cyber security executive of treason SEC to require incident disclosure Government cyber attacks rely on valid credentials Thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don't wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
TETRA encryption flaws, Zenbleed strikes, Norway's government hit with Ivanti flaw
Vulnerability found in TETRA encryption Ryzen CPUs vulnerable to Zenbleed exploit Norwegian government breached with Ivanti zero-day Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com.
Cyber Security Headlines: Clop leaks on clearweb, EU pushes back on CSA centralization, rising data breach costs
Clop moves leaked data to clearweb sites EU governments push back on centralized cyber reporting Cost of data breaches up 15% Thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don't wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
Azure hack deepens, JumpCloud is Lazarus, DHL MOVEIt victim
Microsoft key stolen by Chinese hackers provided access far beyond Outlook JumpCloud breach traced back to North Korean state hackers DHL investigating MOVEit breach as number of victims surpasses 20 million Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with...
Week in Review: Fast acting Gamaredon, WormGPT AI weapon, Microsoft Azure mystery
Link to Blog Post This week'sCyber Security Headlines Week in Review, July 17-21, is hosted byRich Stroffolinowith our guest,Dimitri van Zantvliet, CISO,Dutch Railways Thanks to our show sponsor, OpenVPN According to Oriel Hernan Villalba Pinzetta, a System Administrator with CEDEC's cybersecurity and IT department, "The pandemic meant we could not come to the office, and we needed to facilitate access to our local resources," says Villalba. "Cloud Connexa was really easy and fast to set up, two things we really needed in that moment."Read more here. All links and the video of this episode can be found on CISO Series.com
New Redis worm, more ColdFusion confusion, Este Lauder breached
New P2PInfect worm targeting Redis servers on Linux and Windows systems Adobe releases new patches for exploited ColdFusion vulnerabilities Este Lauder breached by two ransomware groups And now a word from our sponsor, OpenVPN According to Oriel Hernan Villalba Pinzetta, a System Administrator with CEDEC's cybersecurity and IT department, "The pandemic meant we could not come to the office, and we needed to facilitate access to our local resources," says Villalba. "Cloud Connexa was really easy and fast to set up, two things we really needed in that moment." Read more at the link in our show notes. For the...
A rise in complex DDoS attacks, Mi6 warns of data traps, Microsoft expands log access
Complex DDoS attacks on the rise MI6 warns of Chinese data traps Microsoft expands cloud log access And now a word from our sponsor, OpenVPN Karim Hakim, CTO at Hakim Misr Paco, says that CloudConnexa has given him some long-sought peace of mind. "OpenVPN has helped my company to access remote nodes securely without worrying about security protocols," he says. "My company has been looking for a similar solution for years, and we finally got what we were looking for." Read more at the link in our show notes.
US launches IoT security labeling program, Renewable tech could pose electric grid risk, US blacklists two more spyware firms
US government launches IoT security labeling program Renewable technologies could pose risk to US electric grid US blacklists two spyware firms run by Israeli former general And now a word from our sponsor, OpenVPN Stephen Haecker, Chief Technology Officer at Carteras Colectivas, relies on Cloud Connexa customer support for his remote team. "I have used them about once per month to help with our growing networks," he says, "and the service quality is great with quick turnarounds." Haecker appreciates the consistency of the support team, and their personalized approach. Read more at the link in our show notes. For the...
JumpCloud Breach, LockBit attacks Wisconsin, Typos leak military emails
JumpCloud breached by APT Wisconsin allegedly hit by LockBit Typos leaking military emails And now a word from our sponsor, OpenVPN Zach Belhadri, the Infrastructure Manager at Knight Capital, shares why using Cloud Connexa for his team's security has been a game changer. With the Cybershield feature, he's able to prevent malware, phishing, and other threats by restricting access to only authorized and trusted internet destinations. He calls Cloud Connexa "an awesome product with huge potential." Read more at the link in our show notes.
Fast-acting Gamaredon, WormGPT improves phishing, Microsoft email mystery
Russia-linked Gamaredon starts stealing data 30 to 50 minutes after initial compromise New AI tool WormGPT allows for sophisticated cyber attacks Microsoft still unsure how hackers stole Azure AD signing key And now a word from our sponsor, OpenVPN We asked Anthony Hook, the CTO at Dataweavers, if he would recommend Cloud Connexa to other companies. His response? A resounding yes! With Cloud Connexa, he says "we bypassed the clunky client-owned VPNs and networks, gaining a seamless, secure, and efficient connectivity solution." Read more at the link in our show notes. For the stories behind the headlines, head to CISOseries.com.
Week in Review: Threat actors access government email, USB drive attacks spiking, cloud environment breaches
Link to Blog Post This week'sCyber Security Headlines Week in Review, July 10-14, is hosted bySean Kellywith our guest,Yaron Levi, CISO,Dolby Thanks to our show sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. VisitOpal.dev. All links and the video of this episode can be found on CISO Series.com
USB malware spikes, Honeywell, Rockwell vulnerabilities, ransomware remains profitable
USB drive malware attacks spiking again in first half of 2023 Users of Honeywell Experion DCS platforms urged to patch 9 vulnerabilities immediately Ransomware gangs have extorted $449 million this year Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. For the stories behind the headlines, head to...
NATO cyber pledges, tax prep data shared, a decrease in crypto crime
What we know about NATO cyber pledges Tax prep companies "recklessly" shared data Report finds decrease in crypto crime Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale.
Silk Road advisor sentenced, HCA Health data breach, Google hit with AI tool training lawsuit
Silk Road's senior advisor sentenced to 20 years in prison 11 million HCA patients impacted by data breach Google hit with lawsuit alleging it stole user data to train its AI tools Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. For the stories behind the headlines, visit...
JumpCloud resets API keys, Genesis Market for sale, an EU-US data transfer agreement
JumpCloud resets customer API keys Would you be interested in a slightly used dark web market? US and EU agree on new data transfer agreement Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale.
BigHead Windows ransomware, RedEnergy targets utilities. more MOVEIt problems
New 'Big Head' ransomware displays fake Windows update alert RedEnergy stealer-as-a-ransomware threat targeting energy and telecom sectors Three new MOVEit bugs spur CISA warning as more victims report breaches Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. For the stories behind the headlines, head to CISOseries.com.
Link to Blog Post This week'sCyber Security Headlines Week in Review, July 3-7, is hosted byRich Stroffolinowith our guest,Hadas Cassorla, CISO,M1 Thanks to today's episode sponsor, SlashNext SlashNext, a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry's first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today. All links and the video of this episode can be found on CISO Series.com
Shell confirms MOVEit-related breach after ransomware group leaks data 28,000 impacted by data breach at Pepsi Bottling Ventures INTERPOL nabs hacking crew OPERA1ER's leader behind $11 million cybercrime Thanks to today's episode sponsor, SlashNext SlashNext, a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry's first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today. For the stories behind the headlines, head to CISOseries.com.
Japanese port hit with ransomware, EU court orders Meta data changes, White House can't contact social companies
Japan's major port hit with ransomware European court orders changes to Meta's data practices Injunction restricts White House contact with social media companies Thanks to today's episode sponsor, SlashNext SlashNext, a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry's first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today.
BlackCat ransomware pushes Cobalt Strike via WinSCP search ads CISA issues warning for cardiac device system vulnerability 330,000 FortiGate firewalls still unpatched to CVE-2023-27997 RCE flaw Thanks to today's episode sponsor, SlashNext SlashNext, a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry's first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today. For the stories behind the headlines, head to CISOseries.com.
Semiconductor giant attacked, State websites hacked, Russian Telecom infiltrated
Semiconductor giant says IT supplier was attacked, LockBit makes related claims Several US states investigating 'SiegedSec' hacking campaign Russian telecom confirms hack after group backing Wagner boasted about an attack Thanks to today's episode sponsor, SlashNext For the stories behind the headlines, head to CISOseries.com.
Week in Review: SolarWinds CISO blamed, Military smartwatch mystery, submarine cable risk
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 26-30, is hosted byRich Stroffolinowith our guest,Cassio Goldschmidt, CISO,ServiceTitan Thanks to our show sponsor, AppOmni Over provisioned users could expose your organization's most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate.With AppOmni's identity and threat detection capabilities, you can detect and respond to suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started atAppOmni.com. All links and the video of this episode can be...
SolarWinds CISOs blamed, ThirdEye Windows malware, Government extends canary
SEC notice to SolarWinds CISO and CFO roils cybersecurity industry Newly uncovered ThirdEye Windows-based malware steals sensitive data Cyber Command to expand 'canary in the coal mine' unit working with private sector Thanks to today's episode sponsor, AppOmni Over provisioned users could expose your organization's most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's identity and threat detection capabilities, you can detect and respond to suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get...
Federal networks fail CISA rules, US AI chip bans, MOVEit victims grow
Federal network devices fail CISA requirements US considering more AI chip export bans The scope of MOVEit vulnerability Thanks to today's episode sponsor, AppOmni Are you continuously monitoring the common misconfigurations occurring in your SaaS ecosystem? From inactive connected SaaS apps retaining access to sensitive data, to threat actors manipulating conditional access rules, these misconfigurations can pose a significant threat to your SaaS security. Take action with AppOmni. Secure your organization's most sensitive data and continuously monitor your SaaS estate for data exposure and misconfigurations. Visit AppOmni.com to get a free risk assessment.
Over 6,500 arrested since EncroChat hack, Third-party vendor hack exposes American and Southwest data, Microsoft service outage woes continue
Thanks to today's episode sponsor, AppOmni Over provisioned users could expose your organization's most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's identity and threat detection capabilities, you can detect and respond to suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com. For the stories behind the headlines, visit CISOseries.com.
Monopoly darknet operator charged Activision Blizzard games hit with DDoS 5G deadline could impact flights Thanks to today's episode sponsor, AppOmni Are you continuously monitoring the common misconfigurations occurring in your SaaS ecosystem? From inactive connected SaaS apps retaining access to sensitive data, to threat actors manipulating conditional access rules, these misconfigurations can pose a significant threat to your SaaS security. Take action with AppOmni. Secure your organization's most sensitive data and continuously monitor your SaaS estate for data exposure and misconfigurations. Visit AppOmni.com to get a free risk assessment.
CISA adds vulnerabilities, mysterious military smartwatches, more Office problems
CISA adds 6 flaws to known exploited vulnerabilities catalog US military personnel report receiving smartwatches in the mail Microsoft 365 users new Outlook and Teams problems Thanks to today's episode sponsor, AppOmni Over provisioned users could expose your organization's most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's identity and threat detection capabilities, you can detect and respond to suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com. For the stories...
Week in Review: Microsoft confirms cyberattack, more MOVEit damage, reddit hit with ransomware
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 19-23, is hosted byRich Stroffolinowith our guest,Janet Heins, CISO,iHeartMedia Thanks to our show sponsor, Wing Security The first step to securing your organization's SaaS usage is knowing which SaaS applications your employees are using. 3rd party included. Wing offers a completely free, SaaS Shadow IT Discovery tool. You can find it atwing.securityand self onboard. No sales in the process, no credit card needed, no time-limit. Just go ahead and discover your SaaS usage. All links and the video of this episode can be found on CISO Series.com
Canadian breaches increase, new China backdoor, kinetic warfare threat
Cybersecurity breaches more than double among Canadian businesses Experienced China-based hacking group has new backdoor tool Cyberattacks on OT, ICS lay groundwork for kinetic warfare Thanks to today's episode sponsor, Wing Security The first step to securing your organization's SaaS usage is knowing which SaaS applications your employees are using. 3rd party included. Wing offers a completely free, SaaS Shadow IT Discovery tool. You can find it at wing.security and self onboard. No sales in the process, no credit card needed, no time-limit. Just go ahead and discover your SaaS usage. For the stories behind the headlines, head to CISOseries.com.
DoJ targets nation-state actors, Apple fixes Triangulation zero-day, Schumer unveils strategy to regulate AI
New DoJ cyber prosecution team will go after nation-state threat actors Apple fixes zero-days used to deploy Triangulation spyware Schumer unveils strategy to regulate AI Thanks to today's episode sponsor, Wing Security Shadow IT is an evolving pain and a security risk, especially in today's decentralized work environments. Now's the time to regain control of your SaaS usage by taking advantage of Wing's Free SaaS Shadow IT discovery solution. Check out wing.security to self-onboard today, no strings attached. For the stories behind the headlines, visit CISOseries.com.
Rorschach ransomware, Australian government data leak, security market outpaces tech
Rorschach ransomware takes the speed crown Data leak impacts Australian government Cyber security market growth outpaces tech sector Thanks to today's episode sponsor, Wing Security Can you answer these three questions confidently? 1. How many SaaS applications are used in your organization? 2. Which permissions did users provide these applications? and 3. What is the data that flows in and in between these applications? Wing provides the answers. In fact, it discovers your SaaS usage completely for free, no time limit. Visit wing.security to self-onboard.
Reddit's ransom, UK shuffles cyber chief, Binance reaches SEC deal
Reddit hit with ransom demand UK's cyber chief moves on to organized crime Binance reaches deal with the SEC Thanks to today's episode sponsor, Wing Security The first step to securing your organization's SaaS usage is knowing which SaaS applications your employees are using. 3rd party included. Wing offers a completely free, SaaS Shadow IT Discovery tool. You can find it at wing.security and self onboard. No sales in the process, no credit card needed, no time-limit. It takes minutes to discover your organization's SaaS usage.
Microsoft's June cyberattacks, third MOVEit vulnerability, US Clop bounty
Microsoft says early June service outages were cyberattacks Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted US govt offers $10 million bounty for info on Clop ransomware Thanks to today's episode sponsor, Wing Security The folks at Wing believe that SaaS Shadow IT discovery is the basic first step to securing your SaaS usage. They believe it so strongly that they launched a completely free SaaS Shadow IT Discovery solution. Check out wing.security to self-onboard today, no strings attached, no time limit. Wing.security. For the stories behind the headlines, head to CISOseries.com.
Week in Review: Microsoft banking warning, undetectable BatCloak malware, more MOVEit vulnerabilities
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 12-16, is hosted bySean Kellywith our guest,Phil Beyer, former Head of Security, Etsy Thanks to our show sponsor, Conveyor Your scariest questionnaires that are hundreds of questions long are no match for Conveyor's GPT-questionnaire tool now with a browser extension for complex portals. Get GPT-generated precise answers to entire questionnaires so your review takes seconds. Now you can spend 89% less time completing questionnaires when you get accurate answers you don't have to re-write. Try a free proof of concept with your own data to see it in...
US federal agencies affected by MOVEit breach, Pentagon leak suspect indicted, Suspected LockBit ransomware affiliate nabbed
US federal agencies affected by MOVEit vulnerability Pentagon leak suspect indicted by a federal grand jury Suspected LockBit ransomware affiliate nabbed Thanks to today's episode sponsor, Conveyor Your scariest questionnaires that are hundreds of questions long are no match for Conveyor's GPT-questionnaire tool - now with a browser extension for complex portals. Get GPT-generated precise answers to entire questionnaires so your review takes seconds. Now you can spend 89% less time completing questionnaires when you get accurate answers you don't have to re-write. Try a free proof of concept with your own data to see it in action. See what...
China ESXi exploit, WooCommerce vulnerability, Lockbit ransom report
China-linked APT group spotted exploiting a VMware ESXi zero-day Hundreds of thousands of ecommerce sites impacted by critical plugin vulnerability 7-Nation LockBit report shows US paid over $90m in ransoms since 2020 Thanks to today's episode sponsor, Conveyor Let's gladly pass the most thankless job in cybersecurity completing customer security questionnaires to the AI bots. Conveyor's GPT-questionnaire response tool auto-generates precise, accurate answers to entire questionnaires. With accuracy far superior to other tools, you can spend almost zero time reviewing generated answers. There's an in platform auto-fill feature or a browser extension for tricky portals. Stop settling for mediocre tools...
Amazon server outage, Fortinet zero-day exploited, US intelligence buys personal data
Amazon server outage broke fast food apps among other things Update: Fortinet warns of possible zero-day exploited in limited attacks US intelligence confirms it buys Americans' personal data Thanks to today's episode sponsor, Conveyor What's better than using Conveyor's GPT-questionnaire response tool to generate precise answers to security questionnaires? Letting customers upload their own questionnaires to your portal and getting back answers in seconds - all based on the content in your knowledge base. Think of it like a security questionnaire ATM. A prospect clicks through an NDA, uploads questions and gets all the answers they need from the bot,...
Fortigate firewall flaw, BatCloak's undetectable malware, Swiss government cyberattacks
Critical RCE flaw discovered in Fortinet FortiGate firewalls BatCloak engine makes malware fully undetectable Swiss Government targeted by series of cyberattacks Thanks to today's episode sponsor, Conveyor Tried to use GPT to fill out questionnaires yet? We already built that for you. Conveyor's GPT-questionnaire response tool auto-generates precise, accurate answers to entire questionnaires. With accuracy far superior to other tools, you can spend almost zero time reviewing generated answers. There's also a browser extension for complex portals and other scary questionnaires. Best part is, it actually works. Try a free proof of concept with your own data to see it...
Faked journalist hack, Strava leaks locations, Reddit API protests
Faked crypto journalists steal real crypto Strava heat maps leak addresses API changes lead to Reddit protests Thanks to today's episode sponsor, Conveyor Let's gladly pass the most thankless job in cybersecurity completing customer security questionnaires to the AI bots. Conveyor's GPT-questionnaire response tool auto-generates precise, accurate answers to entire questionnaires. With accuracy far superior to other tools, you can spend almost zero time reviewing generated answers. There's an in platform auto-fill feature or a browser extension for tricky portals. Stop settling for mediocre tools that only provide lousy "near hits" from your library. Try a free proof of concept...
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 5-9, is hosted byRich Stroffolinowith our guest,Joshua Scott, Head of Security and IT,Postman Thanks to our show sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, "How can I manage our expanding attack surface?" Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their "Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk...
New PowerDrop malware targets U.S. aerospace defense industry Zipper giant YKK confirms cyberattack targeted U.S. networks Barracuda urges customers to replace vulnerable appliances immediately Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, "How can I manage our expanding attack surface?" Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their "Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk...
Google email authentication, SEC data breaches, Clop asks victims to email
Google improves brand email authentication SEC drops cases due to data protection failures Clop asks victims to contact it for a ransom Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, "How can I manage our expanding attack surface?" Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their "Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend...
Microsoft $20M COPPA settlement, Hactivists take credit for Outlook.com outages, SEC accuses Coinbase of breaking US regulations
Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, "How can I manage our expanding attack surface?" Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their "Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more...
Satellite hacking at DEF CON Atomic Wallet investigating losses SEC sues Binance Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, "How can I manage our expanding attack surface?" Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their "Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city...
Switzerland Xplain attack, BlackSuit resembles Royal, Microsoft retires Cortana
Xplain hack impacts Swiss cantonal police and Fedpol BlackSuit shows similarities to Royal Microsoft is retiring Cortana on Windows Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, "How can I manage our expanding attack surface?" Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their "Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with...
Week in Review: Amazon Ring privacy violations, Gigabyte firmware problems, AI extinction threat
Link to Blog Post This week's Cyber Security Headlines - Week in Review, May 29-June 2, is hosted by Sean Kelly with our guest, Howard Holton, CTO, GigaOm Thanks to today's episode sponsor, Barricade Cyber Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them...
Amazon Ring privacy violations, Kaspersky triangulation APT, CyberCommand Hartman
Amazon Ring, Alexa accused of privacy violations by FTC Kaspersky reports on new mobile APT campaign targeting iOS devices White House to choose Army general Hartman to be Cyber Command No. 2 Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again....
More Toyota leaks, Gigabyte firmware issues, Twitter Community Notes for images
Toyota finds more cloud leaks Gigabyte firmware update system insecure Twitter expands Community Notes to images Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com
Experts warn of extinction from AI, Hackers demand $3 million from Scandinavian Airlines, Theranos founder surrenders to 11-year prison term
Leading experts warn of a risk of extinction from AI Hackers demand $3 million from Scandinavian Airlines Theranos founder turns herself in for 11-year prison term Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for...
GobRAT targets Linux, RPMSG messages exploited, Augusta Georgia cyberattack
New GobRAT remote access trojan targeting Linux routers in Japan Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks Hackers hold city of Augusta hostage in a ransomware attack Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You...
Week in Review: Industrial infrastructure threat, BEC attempts on the rise, TikTok's Texas progress
Link to Blog Post Cyber Security Headlines Week in Review, May 22-26, is hosted byRich Stroffolinowith our guest,Rich Greenberg,ISSADistinguished Fellow and Honor Roll Thanks to our show sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security's new CIEM Buyer's Guide to learn more about fortifying your cloud from the inside out atsonraisecurity.com. All...
GDPR is 5 years old, and over 1 million people have asked to be forgotten GitLab security update patches critical vulnerability Mysterious malware designed to cripple industrial systems linked to Russia And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. DownloadSonrai Security's new CIEM Buyer's Guide to learn more about...
Google launches GUAC, Barracuda zero-day, campaign targets Kenyan debt
Google launches GUAC Barracuda gateways breached by zero-day Cyberattacks focus on Kenya's Chinese debt And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. DownloadSonrai Security's new CIEM Buyer's Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com.
TikTok sues Montana, US sanctions orgs behind North Korea's 'illicit' IT worker army, Fake Twitter images spook stock market
TikTok sues Montana after state bans app US sanctions orgs behind North Korea's 'illicit' IT worker army Fake images on Twitter briefly spook the stock market And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. DownloadSonrai Security's new CIEM Buyer's Guide to learn more about fortifying your cloud from the...
Meta's Record EU fine, China bans Micron, Tornado Cash hacked
Meta receives record fine over EU data transfers China bans Micron over cybersecurity risks Crypto mixer hijacked And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. DownloadSonrai Security's new CIEM Buyer's Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com.
HP rushes to fix bricked printers after faulty firmware update PyPI repository under attack: User sign-ups and package uploads temporarily halted New security flaw exposed in Samsung devices And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. DownloadSonrai Security's new CIEM Buyer's Guide to learn more about fortifying your cloud...
Link to Blog Post This week'sCyber Security Headlines Week in Review, May 15-19, is hosted byRich Stroffolinowith our guest,Dave Hannigan, CISO,Nubank Thanks to our show sponsor, Hunters There is nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters' SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It's time to move to a platform that reduces risk, complexity and cost for the SOC. Visithunters.securityto learn how you can Move...
Supreme Court shields Twitter from liability and leaves Section 230 untouched Montana governor bans TikTok Millions of smartphones distributed worldwide with preinstalled 'Guerrilla' malware Thanks to today's episode sponsor, Hunters There is nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters' SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It's time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to...
Lancefly in Asia, Meta EU fine, TLD phishing
Lancefly group hits Asia Meta facing record EU privacy fine New TLDs a vector for phishing Thanks to today's episode sponsor, Hunters There is nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters' SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It's time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can Move Beyond SIEM and...
An inside look at RaaS White House cyber strategy goes big on education Chinese attackers hit TP-Link routers Thanks to today's episode sponsor, Hunters If your SIEM is causing an endless cycle of noisy alerts, manually writing generic detection rules, and limited data ingestion & retention, your SOC might need an upgrade. Hunters is a SaaS platform, purpose built for your Security Operations team. Solaris Group, a leading German FinTech, implemented Hunters SOC Platform to eliminate the burden of redundant detection engineering and manual event correlation allowing SOC analysts to focus on higher-value tasks. Visit hunters.security to learn how your...
Philadelphia Inquirer cyber attack, DOT breach exposes federal employee data, 3 million data breach notices sent to SchoolDude users
Cyber attack hits Philadelphia Inquirer Transportation Department cyber breach exposes federal employee data 3 million data breach notices being sent to SchoolDude users Thanks to today's episode sponsor, Hunters Relying on a SIEM in 2023 is like living in a college dorm room, post-graduation - you're operating in an environment you've out-grown. The Hunters SOC Platform is purpose built to help your Security Operations mature to the level you need to be at. ChargePoint, the world's largest network of electric vehicle charging stations, uses Hunters SOC Platform to leverage its out-of-the-box detection content to more efficiently respond to new threats...
Discord suffers data breach, Toyota data exposed, ABB confirms incident
Discord suffers data breach Car location data of 2 million Toyota customers exposed for ten years Swiss tech giant ABB confirms 'IT security incident' Thanks to today's episode sponsor, Hunters Hunters is a SOC platform, built for your security team. Hunters empowers companies to move beyond SIEM with unlimited ingestion and normalization of security data at a predictable cost. Using Hunters, a CISO at a leading online retailer "tripled the amount of data ingested by her security team while cutting costs from a legacy SIEM provider by 75%." It's time to Move Beyond SIEM. Visit hunters.security to learn more and...
Week in Review: Easterly AI warning, Windows admin alerts, Dallas ransomware fallout
Link to Blog Post Cyber Security Headlines Week in Review, May 8-12, is hosted byRich Stroffolinowith our guest, Paul Connelly, Former CISO, HCA Healthcare Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it's about foresight, agility, and resilience.Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest "Risk to Resilience World Tour" The...
Twitter encrypts messages, Microsoft's Outlook patch, Seoul hospital breached
Twitter launches encrypted private messages Microsoft releases fix for patched Outlook issue exploited by Russian hackers North Korea-linked APT group breaches the Seoul National University Hospital Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest "Risk to Resilience...
Leaked Intel keys, trading security for fps, new phishing-as-a-service tool
The long term impact of leaked Intel Boot Guard keys AtlasOS shrugs at Windows security features Cisco warns of new phishing-as-a-service tool Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest "Risk to Resilience World Tour" The largest...
'Snake' malware network takedown, 'PlugwalkJoe' behind massive 2020 Twitter hack, Justice Department takes down 13 DDoS-for-Hire sites
Operation Medusa takes down 'Snake' malware network 'PlugwalkJoe' pleads guilty to massive 2020 Twitter hack Justice Department takes down 13 DDoS-for-Hire sites Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest "Risk to Resilience World Tour" The largest...
Dallas still reeling from ransomware Hacked Facebook pages buying Facebook ads Court rules on Merck cyber insurance claim Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest "Risk to Resilience World Tour" The largest cybersecurity roadshow of its...
Easterly's AI warning, Ex-Uber Sullivan sentenced, Play's Massachusetts ransomware
Top US cyber official warns AI may be the 'most powerful weapon of our time' Ex-Uber CSO given three-year probation sentence, avoids prison after guilty verdict Ransomware group behind Oakland attack targets city in Massachusetts Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities...
Week in Review: Ex-Uber Sullivan's sentence, SolarWinds detected earlier, AI godfather quits
Link to Blog Post This week'sCyber Security Headlines Week in Review, May 1-5, is hosted byRich Stroffolinowith our guest,Allison Miller, Cybersecurity and Technology Executive Thanks to our show sponsor, Trend Micro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest "Risk to Resilience World...
Royal ransoms Dallas, new PaperCut exploit, CISA's Mirai warning
City of Dallas hit by Royal ransomware attack impacting IT services Researchers uncover new exploit for PaperCut vulnerability that can bypass detection Mirai botnet loves exploiting unpatched TP-Link routers, CISA warns Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their...
Meta FTC troubles, CISA urges Covered List, malicious HTML attachments
FTC comes down on Meta monetizing minors CISA urges adoption of Covered List Almost half of HTML attachments found malicious Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest "Risk to Resilience World Tour" The largest cybersecurity roadshow of...
Authorities seize 9 crypto exchanges, T-Mobile discloses 2nd data breach of 2023, 'Godfather of AI' quits Google
Authorities seize 9 crypto exchanges used for money laundering T-Mobile discloses 2nd data breach of 2023 'Godfather of AI' quits Google and warns of misinformation dangers Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest "Risk to Resilience World...
Juice jacking, data breach lawsuits, Telegram ban lifted
The academic threat of juice jacking Data breach lawsuits on the rise Telegram ban lifted in Brazil Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest "Risk to Resilience World Tour" The largest cybersecurity roadshow of its kind. Find...
Veeam backup targeted, DOJ SolarWinds discovery, Americold frozen out
Hackers target vulnerable Veeam backup servers exposed online DOJ detected the SolarWinds hack 6 months earlier than first disclosed Cold storage giant Americold outage caused by network breach Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest "Risk to...
Week in Review: Energy sector 3CX attack, PaperCut pain continues, all-in-one infostealer
Link to Blog Post This week'sCyber Security Headlines Week in Review, April 24-28, is hosted bySean Kellywith our guest,Steve Zalewski, former CISO, Levi Strauss and co-host, Defense in Depth. Thanks to today's episode sponsor, Tines Ready to take security automation up a notch? With Tines, it's easier than ever! The no-code automation platform is redefining and simplifying security operations start building mission-critical workflows and apps that streamline processes AND ensure crucial data stays safe while extending the influence of your security team throughout your organization. VisitTines.comto find out more! All links and the video of this episode can be found...
New BellaCiao malware, PaperCut is Clop, Europe tech crackdown
Charming Kitten APT uses a new BellaCiao malware Microsoft blames clop affiliate for PaperCut attacks Big tech crackdown looms as EU, UK ready new rules And now a word from our sponsor, Tines Ready to take security automation up a notch? With Tines, it's easier than ever! The no-code automation platform is redefining and simplifying security operations - start building mission-critical workflows and apps that streamline processes AND ensure crucial data stays safe while extending the influence of your security team throughout your organization. Visit Tines.com to find out more! For the stories behind the headlines, head to CISOseries.com.
Messaging malware update, China reclassifies cyberattacks, more cyberattacks don't use malware
Messaging app update distributes malware China reclassifies cyberattacks Malware-free cyberattacks on the rise And now a word from our sponsor, Tines Ask anyone at RSA; security teams can't operate in a silo. No SOAR solutions enable users to dynamically collect information outside their systems and use it at multiple points in an automated workflow - but Tines does! With Tines, users can exchange real-time information outside its platform and use it to drive automated workflows. Visit Tines.com/build to learn more!
US policing AI use for civil rights violations, Bill proposes security testing centers for government tech, Microsoft Edge leaking browsing data to Bing
US policing use of AI for civil rights violations Bill proposes new security testing centers for critical government tech Microsoft Edge is leaking user browsing data to Bing And now a word from our sponsor, Tines To proactively protect against threats, you need a culture of cybersecurity - and solutions that facilitate this. With Tines' no-code automation platform, you can: 1. Remediate threats faster. 2. Improve automation. 3. Control access to your data. 4. Create a culture of cybersecurity. Tines allows users to leverage real-time information across any stage of an automated workflow! Visit Tines.com to learn more. For the...
Threat group taxonomy, disabling EDR, North Dakota's AI cyber tools
A call to standardize threat group naming Threat actors using new tool to disable EDR North Dakota turns to AI for cyber And now a word from our sponsor, Tines Ready to take security automation up a notch? With Tines, it's easier than ever! The no-code automation platform is redefining and simplifying security operations - start building mission-critical workflows and apps that streamline processes AND ensure crucial data stays safe while extending the influence of your security team throughout your organization. Visit Tines.com to find out more.
Energy sector orgs in US, Europe hit by same supply chain attack as 3CX CISA adds 3 actively exploited flaws to KEV catalog, including critical PaperCut bug Hyena code poised to devour GPT4 And now a word from our sponsor, Tines Ask anyone at RSA; security teams can't operate in a silo. No SOAR solutions enable users to dynamically collect information outside their systems and use it at multiple points in an automated workflow - but Tines does! With Tines, users can exchange real-time information outside its platform and use it to drive automated workflows. Visit Tines.com/build to learn more!...
"New class" of Russian attackers, GitHub helps open source security, used routers leak info
NCSC warns of "new class" of Russian adversaries GitHub adds Action to help open source security Used routers hold on to secrets Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization's leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera's customers find that leveraging the Pentera automated security validation platform as part of their exposure...
Week in Review: 3CX double supply chain attack, Remcos Tax-Day RAT, Surveillance kills morale
Link to Blog Post This week'sCyber Security Headlines Week in Review, April 17-21, is hosted byRich Stroffolinowith our guest, Shawn Bowen, CISO,World Fuel Services Thanks to our show sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization's leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera's customers find that leveraging the Pentera automated security validation platform as part of...
Microsoft 365 outage, Capita burglary evidence, 3CX attack update
Microsoft 365 outage blocks access to web apps and services Capita has 'evidence' customer data was stolen in digital burglary 3CX supply chain attack was the result of a previous supply chain attack Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization's leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera's customers find that leveraging...
Elon Musk wants to develop TruthGPT, Southwest disrupted by 'technical issue', Officials warn of hackers targeting Cisco routers
Elon Musk wants to develop TruthGPT Southwest's operations resume after a 'technical issue' US, UK warn of govt hackers targeting Cisco routers Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization's leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera's customers find that leveraging the Pentera automated security validation platform as part of their exposure...
LockBit on macOS, low code security, and QuaDream shuts down
Ransomware comes for macOS The security considerations of low code Israeli offensive cyber company shutting down Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization's leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera's customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to...
Tax Day RAT warning, NCR POS outage, Urgent Chrome fix
Microsoft warns of Remcos RAT campaign targeting tax accountants NCR suffers POS outage after BlackCat ransomware attack Google releases urgent Chrome update to fix actively exploited zero-day vulnerability Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization's leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera's customers find that leveraging the Pentera automated security validation...
Link to Blog Post This week'sCyber Security Headlines Week in Review, April 10-14, is hosted byRich Stroffolinowith our guest,Dmitriy Sokolovskiy, CISO,Avid Thanks to our show sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salesforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections including which end users have enabled them, and the level of data access they've been granted. VisitAppOmni.comtoday...
Google Cloud's weak passwords, pressure on breach disclosure, Discord cooperating on Pentagon leak
Weak passwords targeted on Google Cloud Potential IT snitches warned about employment stitches Discord cooperating with leaked document investigation And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections including which end users have enabled them, and the level of data access they've been granted....
Windows Nokoyawa ransomware, LinkedIn pushes verification, Russia's Ukraine cyberwar
Windows zero-day exploited in Nokoyawa ransomware attacks LinkedIn and Microsoft Entra introduce a new way to verify professional contacts Russian places Ukraine internet infrastructure clearly in its sights, both high tech and low And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections including which...
Microsoft warns of Azure shared key abuse, Attackers hide stealer behind AI Facebook ads, OpenAI bug bounty program
Microsoft warns of Azure shared key authorization abuse Attackers hide stealer behind AI chatbot Facebook ads OpenAI to launch bug bounty program And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections including which end users have enabled them, and the level of data access...
Netherlands adopting RPKI, WordPress backdoor, tracing the Pentagon leak
Netherlands to adopt RPKI Widespread backdoor installed on WordPress sites Tracing leaked Pentagon documents And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections including which end users have enabled them, and the level of data access they've been granted. Visit AppOmni.com today to request...
Apple zero-day updates, Flipper Zero ban, China Micron probe
Apple releases updates to address zero-day flaws Flipper Zero banned by Amazon for being a 'card skimming device' China to probe Micron over cybersecurity, in chip war's latest battle And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections including which end users have enabled...
Week in Review: North Korea hacks 3CX, DISH ransomware lawsuits, Genesis Market seized
Link to Blog Post This week'sCyber Security Headlines Week in Review, April 3-7, is hosted byRich Stroffolino with our guest, Rich Gautier, former CISO, Department of Justice, Criminal Division Was your address caught up in the Genesis Market? Check it here: https://www.politie.nl/en/information/checkyourhack.html#check Thanks to our show sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive...
Criminal records incident, Samsung's ChatGPT leak, Money Message ransomware
Criminal records office yanks web portal offline amid 'cyber security incident' Samsung reportedly leaked its own secrets through ChatGPT Money Message ransomware gang claims MSI breach, demands $4 million Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches.Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing teams who can access what, and quickly block unauthorized access or...
Spanish hacker arrested, UK offensive cyber principles, eFile malware
Prominent Spanish hacker arrested The UK's Offensive Cyber Capabilities Principles eFile site serving malware Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches.Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing teams who can access what, and quickly block unauthorized access or vulnerable points of attack.Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium....
Genesis Market seized by police, Rorschach now the fastest ransomware encryptor, Tax software serving malware
Genesis Market platform seized by police Rorschach is now the fastest ransomware encryptor Tax return software caught serving up malware Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches.Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing teams who can access what, and quickly block unauthorized access or vulnerable points of attack.Discover, visualize, and secure your cloud...
TMX data leak, remote work security, WD network breach
TMX reveals customer data leak The security costs of remote work Western Digital confirms network breach Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches.Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing teams who can access what, and quickly block unauthorized access or vulnerable points of attack.Discover, visualize, and secure your cloud data in minutes with...
3CX's NK connection, WordPress Elementor hack, DISH faces lawsuits
More evidence links 3CX supply-chain attack to North Korean hacking group Hackers exploiting WordPress Elementor Pro Vulnerability, leaving millions of sites at risk DISH slapped with multiple lawsuits after ransomware cyber attack Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches.Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing teams who can access what, and quickly block...
Week in Review: Supply-chain attack on 3CX, AI pause request, WiFi protocol flaw
Link to Blog Post This week'sCyber Security Headlines Week in Review, March 27-31, is hosted byRich Stroffolinowith our guest,Brett Conlon, CISO,American Century Investments Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it's about foresight, agility, and resilience.Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest "Risk to Resilience World Tour" The largest...
Supply-chain attack on business phone provider 3CX could impact thousands of companies Vulkan files leak reveals Putin's global and domestic cyberwarfare tactics Bing search results hijacked via misconfigured Microsoft app Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in...
802.11 flaw, activists targeted in threat campaign, call for an AI "pause"
Flaw found in WiFi protocol Environmental activists targeted by threat actors Open letter calls for AI "pause" Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest "Risk to Resilience World Tour" The largest cybersecurity roadshow of its...
Microsoft unveils OpenAI-based cyber tools, Google accused of destroying antitrust evidence, A million pen tests show security is getting worse
Microsoft unveils OpenAI-based chat tools to combat cyberattacks Google accused of willfully destroying evidence in antitrust battle A million pen tests show companies' security postures are getting worse Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest...
Pinduoduo malware, CFTC sues Binance, Twitter takes down source code
Pinduoduo malware confirmed Binance sued by CFTC Twitter source code takedown Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest "Risk to Resilience World Tour" The largest cybersecurity roadshow of its kind. Find the closest city to...
UK bans TikTok, Windows Snipping patch, Puerto Rico hack
UK bans TikTok from government mobile phones Microsoft pushes OOB security updates for Windows Snipping tool flaw Vice Society claims attack on Puerto Rico Aqueduct and Sewer Authority Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it's about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest...
Week in Review: post-ransomware lawsuits, cybersecurity as a hindrance, ChatGPT imposters
Link to Blog Post This week'sCyber Security Headlines Week in Review, March 20-24, is hosted byDavid Sparkwith our guest,Kurt Sauer, VP, Information security,Workday Thanks to today's episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas?Then you might want to check out Conveyor: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do come in, use our GPT-Questionnaire response...
Dole data breach, Nexus banking trojan, Pwn2Own Vancouver 2023
Dole discloses data breach after February ransomware attack New Android banking trojan targets financial apps Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked Thanks to this week's episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas? Then you might want to check out Conveyor: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do come in,...
More markup leaks, Clop victims go public, Big Tech lobbies on spy law
Another image editor leaks data More Clop victims come forward Big tech lobbies to limit spying law Thanks to this week's episode sponsor, Conveyor Does the thought of answering another security questionnaire make you feel like clearing out the ice cream section at your local grocery store? Though we fully support the ice cream thing, you might want to check out Conveyor first: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download security info and for any remaining questionnaires...
BreachForums to shut down, Zero-day used to drain Bitcoin ATMs, DC Health Link hacker motivated by Russian patriotism
BreachForums to shut down amidst law enforcement concerns Hackers use zero-day to drain $1.6 million from Bitcoin ATMs DC Health Link hacker motivated by Russian patriotism Thanks to this week's episode sponsor, Conveyor Does the mountain of security questionnaires in your inbox make you feel like a 2 dollar umbrella in a hurricane? Then you might want to check out Conveyor: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do...
China leads zero-days, HinataBot DDoS attacks, screenshot vulnerability
China led zero-days in 2022 HinataBot focuses on DDoS attacks Vulnerability lets you uncrop screenshots Thanks to this week's episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas? Then you might want to check out Conveyor: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do come in, use our GPT-Questionnaire Eliminator response tool or white-glove questionnaire completion...
NBA data breach, Emotet in OneNote, Dutch shipping ransomware
NBA is warning fans of a data breach after a third-party newsletter service hack Emotet malware now distributed in Microsoft OneNote files to evade defenses Dutch shipping giant Royal Dirkzwager confirms Play ransomware attack Thanks to this week's episode sponsor, Conveyor Love security questionnaires? Then you're going to hate Conveyor: the end-to-end trust platform built to eliminate questionnaires. Infosec teams have reduced questionnaires by 80% by giving their customers access to our self-serve trust portal to download docs and answers. For any remaining questionnaires that do come in, use our GPT-Questionnaire Eliminator response tool or white-glove questionnaire completion service to...
Week in Review: Critical Outlook bug PoC, CISA Plex warning, YouTube AI infostealers
Link to Blog Post This week'sCyber Security Headlines Week in Review, March 13-17, is hosted byRich Stroffolinowith our guest,JJ Agha, CISO, FanDuel All links and the video of this episode can be found on CISO Series.com
Telerik breaches Government, Critical Outlook bug, LockBit threatens SpaceX
US Government IIS server breached via Telerik software flaw Critical Microsoft Outlook bug PoC shows how easy it is to exploit LockBit threatens release of thousands of SpaceX blueprints Brought to you by the CISO Series. For the stories behind the headlines, head to CISOseries.com.
Suspects charged in DEA hack, Americans lose billions to scams, TikTok divestment
Two charged in DEA portal hack Americans lose billions in scams TikTok considering divestment Brought to you by the CISO Series.
Microsoft phishing warning, Amazon Ring hacked, CISA's vulnerability program
Microsoft warns of large-scale use of phishing kits to send millions of emails daily Ransomware group claims hack of Amazon's Ring CISA creates new ransomware vulnerability warning program Brought to you by the CISO Series. For the stories behind the headlines, head to CISOseries.com.
North Korea targets security researchers, the UK's National Protective Security Authority, bank failures hit crypto
North Korea targets security researchers UK launches National Protective Security Authority Bank failures bleed into crypto Brought to you by the CISO Series.
Authorities bust NetWire RAT, CISA warns of Plex bug after LastPass breach, Blackbaud to pay $3 million for misleading disclosure
FBI and international authorities catch a NetWire RAT CISA warns of actively exploited Plex bug after LastPass breach Blackbaud to pay $3 million for misleading ransomware disclosure For the stories behind the headlines, visit CISOseries.com.
Week in Review: Royal ransomware warning, water system warning, cloud exploitation rising
Link to Blog Post This week'sCyber Security Headlines Week in Review, March 6-10, is hosted byRich Stroffolinowith our guest,Nick Espinosa, Host, The Deep Dive Radio Show (Daily Podcast&Daily Videos) Thanks to our show sponsor, Packetlabs Trust the ethical hackers at Packetlabs for expert penetration testing services. Our certified professionals specialize in strengthening your security posture. Download our free Penetration Testing Buyers Guide at ciso.packetlabs.netand get the top 20 questions to ask third party vendors before hiring them. Let us guide you through the process and help you find the perfect match for your organization's security needs. All links and the...
Biden's budget seeks increase in cybersecurity spending AT&T alerts 9 million customers of data breach after vendor hack GitHub makes 2FA mandatory next week for active developers Thanks to today's episode sponsor, Packetlabs Trust the ethical hackers at Packetlabs for expert penetration testing services. Our certified professionals specialize in strengthening your security posture. Download our free Penetration Testing Buyers Guide at ciso.packetlabs.net and get the top 20 questions to ask third party vendors before hiring them. Let us guide you through the process and help you find the perfect match for your organization's security needs. For the stories behind the...
TSA cybersecurity regulations, Lazarus Group zero-day, a video ransom note
TSA issues cybersecurity regulations Lazarus Group deploys zero-day Ransomware gang uses video ransom note Thanks to today's episode sponsor, Packetlabs Reduce cyber insurance premiums and minimize risk. Learn how a thorough penetration test can benefit your business. Download our Penetration Testing Buyers Guide at ciso.packetlabs.ca. Packetlabs is an ethical hacking firm that will simulate real-world, covert attacks to get answers to your "what if" scenarios. Protect your business from cyber attacks and get the most out of your penetration testing investment with Packetlabs, your friendly neighborhood ethical hackers.
Bipartisan bill allows US TikTok ban, Twitter content moderation concerns, Emotet malware returns
Bipartisan bill allows for US ban of TikTok EU concerned with Twitter's content moderation plans Emotet malware returns after three-month hiatus Thanks to today's episode sponsor, Packetlabs Looking for the right cybersecurity service provider can be a daunting task. How do you know if they're trustworthy and reliable? Packetlabs has made it easier for you with our free Penetration Testing buyers guide. We've compiled a list of the top 20 questions you should ask potential providers to ensure you make an informed decision. Download the guide today at ciso.packetlabs.net. For the stories behind the headlines, visit CISOseries.com.
DoppelPaymer disrupted, EPA warns about water security, rising cloud exploitation
Police disrupt DoppelPaymer EPA releases cybersecurity notice for water systems Cloud exploitation on the rise Thanks to today's episode sponsor, Packetlabs Struggling to justify cybersecurity investments to decision-makers? Meet ROSI, the superhero of cybersecurity investments! Calculate your Return On Security Investment to quantify the value of prevention and save money by avoiding cybersecurity breaches. ROSI builds synergies between your business, security, and finance teams, bringing everyone together. Download our free buyer's guide to learn the ROSI formula, how to reduce cyber insurance premiums, and what to look for in a provider. Visit ciso.packetlabs.net and unleash the power of ROSI in...
CISA's Royal warning, Chick-fil-A attacked, Play leaks Oakland
U.S. Government warns of Royal ransomware attacks against critical infrastructure Credential Stuffing attack on Chick-fil-A Play Ransomware gang has begun to leak data stolen from City of Oakland Thanks to today's episode sponsor, Packetlabs Concerned about your organization's data security? Privacy breaches, ransomware attacks, insider threats, and intellectual property theft are on the rise. A one-size-fits-all vulnerability assessment scan no longer suffices. Get our Penetration Testing Buyer's guide to help plan, scope, and execute your projects. Discover valuable information on frameworks, standards, methodologies, cost factors, reporting options, and what to look for in a provider. Choose the right ethical hacking...
Week in Review: National Cyber Strategy, CISA scolds software industry, NewsCorp lurked
Link toBlog Post This week's Cyber Security Headlines - Week in Review, February 27-March 3, is hosted by Rich Stroffolino with our guest, Nick Vigier, CISO, Talend Thanks to our show sponsor, Conveyor Just because your security questionnaire is from the stone age, doesn't mean you have to answer it with cave-era tools. At Conveyor, we implemented GPT-3 into our first-of-its-kind questionnaire eliminator so teams of all sizes can blast through questionnaires faster than you can say "prehistoric". Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the top SaaS companies in...
National Cybersecurity Strategy, CISA delivers Decider, Bookstore chains hacked
White House gets tough with new National Cyber Strategy CISA releases free 'Decider' tool to help with MITRE ATT&CK mapping British retail chain WH Smith says data stolen in cyberattack Thanks to this week's episode sponsor, Conveyor Just because your security questionnaire is from the stone age, doesn't mean you have to answer it with cave-era tools. At Conveyor, we implemented GPT-3 into our first-of-its-kind questionnaire eliminator so teams of all sizes can blast through questionnaires faster than you can say "prehistoric". Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the...
Russia bans foreign messaging apps, GitHub scans for secrets, Bootkit beats Secure Boot
Russia bans foreign private messaging apps GitHub expands secret scanning Bootkit bypasses Secure Boot Thanks to this week's episode sponsor, Conveyor "I HATE security questionnaires with the fury of a thousand suns." said one of our customers. Makes sense, since tools used to answer them haven't changed in years. At Conveyor, we're on a mission to get teams out of the questionnaire stone age by implementing GPT-3 into our first-of-its-kind questionnaire eliminator. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the top SaaS companies in the GPT-3 powered future by using...
US Marshals hit by ransomware, DISH outages caused by ransomware, More bad news for LastPass
US Marshals hit by ransomware DISH outages caused by confirmed ransomware attack Some more bad news for LastPass Thanks to this week's episode sponsor, Conveyor AI can now literally answer any question on the internet in seconds, yet infosec teams are still in a living nightmare manually filling out security questionnaires with existing tools. Get out of the questionnaire stone age with Conveyor's new questionnaire eliminator tool powered by GPT-3. It provides perfectly crafted answers to questionnaires all within minutes and review now takes seconds. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more...
CISA wants security responsibility, changes in security since Russia invaded Ukraine, Canadian government bans TikTok on its devices
CISA says to stop passing the security buck The cyber security fallout of Russia's war in Ukraine Canada bans TikTok on government devices Thanks to this week's episode sponsor, Conveyor Just because your security questionnaire is from the stone age, doesn't mean you have to answer it with cave-era tools. At Conveyor, we implemented GPT-3 into our first-of-its-kind questionnaire eliminator so teams of all sizes can blast through questionnaires faster than you can say "prehistoric". Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the top SaaS companies in the GPT-3 powered...
News Corp reveals that attackers remained on its network for two years TELUS investigating leak of stolen source code, employee data Dish Network goes offline after likely cyberattack, employees cut off Thanks to this week's episode sponsor, Conveyor AI can now literally answer any question on the internet in seconds, yet infosec teams are still living a nightmare manually filling out security questionnaires with existing tools. Get out of the questionnaire stone age with Conveyor's new questionnaire eliminator tool powered by GPT-3. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need in minutes....
Week in Review: European airport attacks, military email spill, Dole ransomware attack
Link to Blog Post This week'sCyber Security Headlines Week in Review, February 20-24, is hosted byRich Stroffolinowith our guest,Jared Mendenhall, Head of Information Security,Impossible Foods Thanks to our show sponsor, Barricade Cyber Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us for the security...
Dole ransomware attack, stress devours CISOs, new Lazarus backdoor
Fruit giant Dole suffers ransomware attack impacting operations Stress pushing CISOs out the door Lazarus group likely using new backdoor to exfiltrate sensitive data Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the...
Havok framework, Carbon Black flaw, ransomware attack time
Threat actors cry Havoc, let slip a new post-exploitation framework VMware warns of critical Carbon Black flaw Ransomware attack time shrinking rapidly Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of...
Apple updates advisories, US military email leak, Russian TV website crash
Apple updates advisories as security firm discloses new class of vulnerabilities Sensitive US military emails spill online Russian state TV website goes down during Putin speech Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us...
Samsung guards against zero-clicks, ransomware cat and mouse, Norway seizes Laxarus crypto
Samsung guards against zero-click attacks Rethinking ransomware cat and mouse Norway seizes Lazarus Group crypto Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of your data and systems. Visit barricadecyber.com
Hackers backdoor Microsoft IIS servers with new Frebniis malware Twitter limits SMS-based 2-factor authentication to Blue subscribers only Fortinet issues patches for 40 flaws Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the...
Week in Review: Clop's GoAnywhere claims, Bing Search injection attack, AI flies F-16
Link to Blog Post This week'sCyber Security Headlines Week in Review, February 13-17, is hosted bySean Kellywith our guest,George Al-Koura, CISO,Ruby Thanks to our show sponsor, CISO Series "If it is important it will likely be in the Cyber Security Headlines update in the morning And it allows me and my team to dig in a little more on aspects that might affect our technology stack," said Shawn Bowen, CISO for World Fuel Services. Security leaders listen and make decisions based on what they hear on this very show. Do you have a solution that just needs to find the...
VM Server problems, Google Translate BEC, DFIR burnout increases
February updates break some Windows Server 2022 VMs BEC groups use Google Translate to target high value victims Evolving cyberattacks and alert fatigue creating DFIR burnout Thanks to today's episode sponsor, US, yes, CISO Series "If it is important it will likely be in the Cyber Security Headlines update in the morning And it allows me and my team to dig in a little more on aspects that might affect our technology stack," said Shawn Bowen, CISO for World Fuel Services. Security leaders listen and make decisions based on what they hear on this very show. Do you have a...
Exposed Israeli influence group, a record DDoS attack, Cut cables knocks out airline
Israeli influence group exposed Another day, another record DDoS Cut cables lead to Lufthansa outage Thanks to today's episode sponsor, US, yes, CISO Series "Every week, one of the stories from Cyber Security Headlines comes up in our team meetings," said Brett Conlon, CISO for American Century Investments who admits he starts his day with this very show. And did you know that Cyber Security Headlines has longevity? It's a daily news show but we see significant downloads for four months after episodes air. That means your ad campaign will continue to live long after the premier airing. To learn...
Hackers breached Pepsi Bottling, AI flies F-16 fighter jet, Hyundai and Kia issue security update
Hackers breached Pepsi Bottling network AI has successfully piloted an F-16 fighter jet Hyundai and Kia to update anti-theft software on millions of vehicles Thanks to today's episode sponsor, US, yes, CISO Series "I value Cyber Security Headlines early every morning as it provides me advance notice of what I might need to explore first thing at the start of the day." That's active listener David Cross, SVP, CISO of Oracle SaaS Cloud. And for sponsors of Cyber Security Headlines what you get are the ears and eyes of avid security leaders. Sponsorship includes the podcast, our blog, and our...
Namecheap phishes customers, Bing hit with injection attack, regulators stop BUSD minting
Namecheap sent phishing emails to customers New Bing search hit with injection attack Regulators stop minting of BUSD stablecoin Thanks to today's episode sponsor, US, yes, CISO Series "Those cyber security headlines are fantastic. It's the first thing I look at in the am." That's a quote from active listener Jared Mendenhall, head of information security at Impossible Foods. Cyber Security Headlines is our fastest growing show on the CISO Series network. It's grown 20-fold since we launched. And it did so during the pandemic while other shows started to slide. That's because at only 6-7 minutes every day, Cyber...
Reddit admits it was hacked and data stolen, says "don't panic" Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day CISA has a possibly-maybe fix for VMware ESXi ransomware campaign Thanks to today's episode sponsor, US, yes, CISO Series If you're looking to reach a committed audience of cybersecurity professionals every day, then consider advertising right here on Cyber Security Headlines, a show that consistently ranks in the top ten for tech news on Apple Podcasts in the U.S. That's pretty impressive for a show that's a niche within a niche. Cyber Security Headlines sponsorship includes continuous week-long brand...
Week in Review: Critical CVEs predicted, FAA needs 7 years, background check breach
Link toBlog Post This week'sCyber Security Headlines Week in Review, February 6-10, is hosted byRich Stroffolinowith our guest,Ed Covert, head of Cyber Risk Engineering,Bowhead Specialty Thanks to our show sponsor, us! CISO Series! "If it is important it will likely be in theCyber Security Headlinesupdate in the morning And it allows me and my team to dig in a little more on aspects that might affect our technology stack," said Shawn Bowen, CISO for World Fuel Services. Security leaders listen and make decisions based on what they hear on this very show. Do you have a solution that just needs...
Microsoft Outlook outage, UK/US ransomware sanctions, Killnet IPs published
Microsoft Outlook outage prevents users from sending, receiving emails Britain and US make major move against ransomware gangs by sanctioning seven individuals Experts publish a list of proxy IPs used by the pro-Russia group Killnet Thanks to today's episode sponsor, us, yes, CISO Series "If it is important it will likely be in the Cyber Security Headlines update in the morning And it allows me and my team to dig in a little more on aspects that might affect our technology stack," said Shawn Bowen, CISO for World Fuel Services. Security leaders listen and make decisions based on what they...
NIST IoT encryption, Chinese phones collect PII, the AI chatbot race is on
NIST standardizes crypto for IoT Chinese phones collect PII Chinese firms also working on AI chatbots Thanks to today's episode sponsor, US, yes, CISO Series "Every week, one of the stories from Cyber Security Headlines comes up in our team meetings," said Brett Conlon, CISO for American Century Investments who admits he starts his day with this very show. And did you know that Cyber Security Headlines has longevity? It's a daily news show but we see significant downloads for four months after episodes air. That means your ad campaign will continue to live long after the premier airing. To...
Tech firms race to integrate AI, FAA needs until 2030 to fix safety system, Biden addresses children's online safety
ARMO, Microsoft, Google race to integrate AI into their products FAA needs until 2030 to fix its safety system Biden's State of the Union addresses children's online safety and privacy again Thanks to today's episode sponsor, US, yes, CISO Series "I value Cyber Security Headlines early every morning as it provides me advance notice of what I might need to explore first thing at the start of the day." That's active listener David Cross, SVP, CISO of Oracle SaaS Cloud. And for sponsors of Cyber Security Headlines what you get are the ears and eyes of avid security leaders. Sponsorship...
Cyber insurance predictions, British steel supplier cyber attack, Microsoft pins Charliue Hebdo attack
Cyber insurer predicts a rise in critical CVEs British steel supplier hit by "cyber incident" Microsoft pins recent attack on Charlie Hebdo Thanks to today's episode sponsor, US, yes, CISO Series "Those cyber security headlines are fantastic. It's the first thing I look at in the am." That's a quote from active listener Jared Mendenhall, head of information security at Impossible Foods. Cyber Security Headlines is our fastest growing show on the CISO Series network. It's grown 20-fold since we launched. And it did so during the pandemic while other shows started to slide. That's because at only 6-7 minutes...
Hackers actively exploiting zero-day in Fortra's GoAnywhere MFT Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack Fraudulent "CryptoRom" apps slip through Apple and Google App Store review process Thanks to today's episode sponsor, US, yes, CISO Series If you're looking to reach a committed audience of cybersecurity professionals every day, then consider advertising right here on Cyber Security Headlines, a show that consistently ranks in the top ten for tech news on Apple Podcasts in the U.S. That's pretty impressive for a show that's a niche within a niche. Cyber Security Headlines sponsorship includes continuous week-long brand awareness in...
Week in Review: Charter Communications breach, ChatGPT grows stronger, Microsoft verifies phishers
Link to Blog Post This week's Cyber Security Headlines - Week in Review, January 30-February 3, is hosted by Rich Stroffolino with our guest, David Nolan, VP, Enterprise Risk & Chief Information Security Officer Aaron's Thanks to our show sponsor, Hunters Hunters is a complete SOC platform, purpose built for your Security Operations team. Hunters' brand new IOC Search is a game-changing search tool that determines if a known 'Indicator of Compromise' has been in your organization's environment - without needing to write a single line of code. Type an IOC into the search bar, hit 'enter' and get results...
London ransomware alert, FDIC cyberdefense fail, UK fears ChatGPT
City of London on high alert after ransomware attack Watchdog warns FDIC fails to test banks' cyberdefenses effectively Foreign states already using ChatGPT maliciously, UK IT leaders believe Thanks to this week's episode sponsor, Hunters Hunters is a complete SOC platform, purpose built for your Security Operations team. Hunters' brand new IOC Search is a game-changing search tool that determines if a known 'Indicator of Compromise' has been in your organization's environment - without needing to write a single line of code. Type an IOC into the search bar, hit 'enter' and get results within seconds. Visithunters.aito learn more. For...
FDIC cyber risk improvements, high-risk containers, record crypto hacks
Watchdog calls for improved bank cyber testing Containers hold high-risk vulnerabilities 2022 set a record for crypto hacks Thanks to this week's episode sponsor, Hunters Hunters is a complete SOC platform, purpose built for your Security Operations team. Hunters' brand new IOC Search is a game-changing search tool that determines if a known 'Indicator of Compromise' has been in your organization's environment - without needing to write a single line of code. Type an IOC into the search bar, hit 'enter' and get results within seconds. Visithunters.aito learn more.
Microsoft phishers are 'Verified' Cloud Partners, DocuSign brand impersonation attack, Google Fi data breach
Microsoft grants phishers 'Verified' Cloud Partner status DocuSign brand impersonation attack targets thousands of users Google Fi says hackers accessed customer information Thanks to this week's episode sponsor, Hunters Hunters is a SaaS platform, purpose built for your Security Operations team. Solaris Group, a leading German FinTech, implemented Hunters SOC Platform to eliminate the burden of threat detection and correlation allowing SOC analysts to focus on higher-value tasks. It's time to move beyond SIEM. Visithunters.aito learn more. For the stories behind the headlines, visit CISOseries.com
Criminal crypto flows, TikTok CEO heads to the House, Killnet launches German DDoS
Criminal crypto goes through 5 exchanges TikTok CEO heads to the House KillNet launches German DDoS Thanks to this week's episode sponsor, Hunters The Hunters SOC Platform helps your security team identify, understand, triage, and respond to incidents at a much faster pace. ChargePoint, the world's largest network of electric vehicle charging stations, uses Hunters SOC Platform to leverage its out-of-the-box detection content to more efficiently respond to new threats and vulnerabilities. VisitHunters.aito learn more.
Charter Communications breach, Sandworm hacks Ukraine, VMware exploit release
Charter Communications says vendor breach exposed some customer data Russia's Sandworm hackers blamed in fresh Ukraine malware attack Experts plans to release VMware vRealize log RCE exploit this week Thanks to this week's episode sponsor, Hunters Hunters is a complete SOC platform, built for your security team. By providing unlimited ingestion and normalization of security data without ruining your bottom line, a CISO at a leading online retailer was able to "triple her data ingestion while cutting costs from her SIEM provider by 75%." It's time to move beyond SIEM, with Hunters. Visit hunters.ai to learn more. For the stories...
Link to Blog Post This week'sCyber Security Headlines Week in Review, January 23-27, is hosted byDavid Sparkwith our guest,Kathleen Mullin, CISO,Cancer Treatment Centers of America Thanks to our show sponsor, SafeBase If a prospective customer asked about your trust program or security policies, where would you send them? Chances are, you'd need to send an NDA, hunt down documentation, go back and forth via email, and answer a litany of questions. SafeBase is the better way. SafeBase's Smart Trust Center allows you to send *one link* to customers or buyers, so they can easily access the security and compliance information...
FBI seizes Hive, Layoffs at IBM, Microsoft outage over
FBI seizes Hive ransomware group infrastructure after lurking in servers for months Layoffs come to IBM - Kyndryl, Watson and Russia to blame Microsoft says services have recovered after widespread outage Thanks to this week's episode sponsor, SafeBase If a prospective customer asked about your trust program or security policies, where would you send them? Chances are, you'd need to send an NDA, hunt down documentation, go back and forth via email, and answer a litany of questions. SafeBase is the better way. SafeBase's Smart Trust Center allows you to send *one link* to customers or buyers, so they can...
North Korean crypto tactics, Russian DDoS record, China tech exports
A look at North Korean crypto stealing tactics Russia saw record DDoS attacks China leads in facial recognition tech exports Thanks to this week's episode sponsor, SafeBase These days, customer trust can be an organization's strongest competitive advantage. But how can you develop and maintain customer trust over the long term? The answer is SafeBase. After implementing SafeBase's Smart Trust Center, many companies see shorter deal cycles, higher-value contracts, and stronger long-term customer relationships. Some even achieve a 90% reduction in security questionnaires. Learn more at safebase.com
Pakistan investigating nationwide blackout, FBI identifies Horizon Bridge hackers, GoTo hack larger than first reported
Pakistani authorities investigating whether cyberattack caused nationwide blackout FBI identifies hackers behind Horizon Bridge crypto theft GoTo says hackers stole encrypted backups and MFA settings Thanks to this week's episode sponsor, SafeBase Jump start your journey to long-lasting customer trust with SafeBase. Our Smart Trust Center helps your organization build customer trust through improved transparency, secure document sharing, process control and insights, and proactive communication. Security and GRC leaders at companies like Jamf, Instacart, and Snyk all rely on SafeBase as a central enabler of their trust program. Learn more and check out the case studies at SafeBase.com For the...
LA School leaks, GAO security ignored, PLAY ransomware in UK
LA School attack exposed Social Security numbers Government Accountability Office names and shames PLAY ransomware hits UK car dealerships Thanks to this week's episode sponsor, SafeBase If a prospective customer asked about your trust program or security policies, where would you send them? Chances are, you'd need to send an NDA, hunt down documentation, go back and forth via email, and answer a litany of questions. SafeBase is the better way. SafeBase's Smart Trust Center allows you to send *one link* to customers or buyers, so they can easily access the security and compliance information they need. Meanwhile, you get...
PayPal accounts breached in large-scale credential stuffing attack Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner ODIN Intelligence hack exposes a huge trove of police raid files Thanks to this week's episode sponsor, SafeBase These days, customer trust can be an organization's strongest competitive advantage. But how can you develop and maintain customer trust over the long term? The answer is SafeBase. After implementing SafeBase's Smart Trust Center, many companies see shorter deal cycles, higher-value contracts, and stronger long-term customer relationships. Some even achieve a 90% reduction in security questionnaires. Learn more at safebase.com For...
Week in Review: NortonLifeLock password breach, Ransomware revenue falls, ChatGPT goes phishing
Link to Blog Post This week's Cyber Security Headlines - Week in Review, January 16-20, is hosted by Rich Stroffolino with our guest, George Finney, CISO, Southern Methodist University Thanks to our show sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don't support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at...
Ransomware revenue falls, Vice attacks university, Android Hook malware
Ransomware revenue falls by $300 million in 2022 as more victims refuse to pay Vice Society claims ransomware attack against University of Duisburg-Essen Android users beware of new Hook malware with RAT capabilities Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don't support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity?...
Vendors bypassing security patches ChatGPT creates polymorphic malware Bitwarden acquires Passwordless.dev Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don't support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com.
Ransomware impacts 1,000 ships, Crypto influencer victimized by malware, Microsoft patches Azure flaws
Ransomware attack impacts 1,000 ships Crypto influencer victimized by malware pushed by ads on Google Microsoft patches flaws in Azure cloud services Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don't support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com. For the stories behind the headlines,...
Cyber attack disrupts esport event Qbot overtakes Emotet CircleCI breach caused by infostealer Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don't support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com.
NortonLifeLock password breach, Canadian liquor hack, severe jsonwebtoken flaw
NortonLifeLock warns that hackers breached Password Manager accounts Hacker steals credit card info from Canada's largest alcohol retailer Severe security flaw found in "jsonwebtoken" library Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don't support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com. For the stories...
Week in Review: FAA system failure delays flights, LastPass hit with lawsuit, Writing malware with ChatGPT
Link to Blog Post This week'sCyber Security Headlines Week in Review, January 9-13, is hosted byRich Stroffolinowith our guest,Shaun Marion, CISO,McDonald's Thanks to our show sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salesforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections including which end users have enabled them, and the level of data access they've been granted. VisitAppOmni.comto request a free...
Chromium browser flaw, Twitter leak developments, IcedID strikes again
Experts detail Chromium browser security flaw putting confidential data at risk Twitter says 200 million-user leak not obtained from its systems, others disagree IcedID malware strikes again: Active Directory domain compromised in under 24 hours Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections including which end users have...
FAA system failure, Royal Mail cyber incident, police app leaks ops data
FAA system failure delays flights Royal Mail hit by "cyber incident" Police app leaked operations data Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections including which end users have enabled them, and the level of data access they've been granted. Visit AppOmni.com to request a free risk assessment.
Iowa schools closed by cyberattack, TikTok CEO questioned by EU, OIG cracks fed agency passwords
Iowa school district cancels classes due to cyberattack TikTok CEO questioned by EU about its data practices Government watchdog cracks federal agency's passwords Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections including which end users have enabled them, and the level of data access they've been granted. Visit...
Car API flaws, Experian bypass, ChatGPT malware
API vulnerabilities found across car brands Bypassing Experian Security Trying to write malware with ChatGPT Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections including which end users have enabled them, and the level of data access they've been granted. Visit AppOmni.com to request a free risk assessment.
Turla hackers return, LastPass faces lawsuit, Windows reporter hacked
Russian Turla hackers hijack decade-old malware infrastructure to deploy new backdoors LastPass hit with lawsuit over August breach Hackers abuse Windows error reporting tool to deploy malware Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections including which end users have enabled them, and the level of data access...
Week in Review: PyTorch malicious compromise, Ransomware cloned victim, LockBit gang apologizes
Link to Blog Post This week'sCyber Security Headlines Week in Review, January 2-6, is hosted bySean Kellywith our guest,Bryan Willett, CISO,Lexmark Thanks to our show sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started atAppOmni.com. All links and the video of this...
Slack's GitHub theft, CircleCI breach warning, NATO tests AI
Slack's private GitHub code repositories stolen over holidays CircleCI warns of security breach rotate your secrets! NATO tests AI's ability to protect critical infrastructure against cyberattacks Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For...
'Mudge' joins Rapid7, Meta fined $400 million, GDPR costs Coinbase $100 million
'Mudge' joins cybersecurity firm Rapid7 Meta fined $400 million by European regulator Coinbase strikes a $100 million deal with regulators Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, visit...
FTX founder pleads not guilty, LA housing authority cyberattack, Ukrainian vishing operation bust
FTX founder has pleaded not guilty to fraud charges LA housing authority operations disrupted by cyberattack Ukrainian authorities bust major vishing call center Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind...
Google tracking lawsuits, ransomware victim cloned, LockBit hospital apology
Google to pay $29.5 million to settle lawsuits over user location tracking Ransomware gang cloned victim's website to leak stolen data LockBit gang apologizes, gives SickKids Hospital free decryptor Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started...
NETGEAR fixes a severe bug in its routers. Patch it ASAP! PyTorch discloses malicious dependency chain compromise over holidays LockBit ransomware claims attack on Port of Lisbon in Portugal Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started...
Google Home snooping, 3Commas API leak, Ireland investigating Twitter data sale
Snooping bug found on Google Home speakers 3Commas API database leaked Ireland investigating Twitter users data for sale Thanks to this week's episode sponsor, Tines Tines is the solution for security teams struggling with too much work, a talent shortage, and inevitable security incidents. Tines breaks the silos that exist between technologies and teams, so employees can focus on meaningful, not menial, tasks. Fewer manual errors and faster response times. Visit Tines.com to learn more.
Ransomware hammers hospitals, Citrix servers not applying patches, Log4Shell at 1-year old
Ransomware continues to hammer hospitals Citrix servers found vulnerable despite patches Log4Shell celebrates an anniversary Thanks to this week's episode sponsor, Tines If you're overwhelmed by your workload, Tines is the solution you've been looking for. Tines no-code automation checks boxes legacy SOAR tools can only dream of. Break the silos between tools and teams, focus on meaningful work, and eliminate manual errors while improving your response times. Visit Tines.com to stay ahead of the curve without breaking a sweat!
Facebook reaches Cambridge Analytica settlement, BTC.com lost $3 million in cyberattack, Hackers steal $8 million from BitKeep users
Facebook reaches settlement related to Cambridge Analytica scandal BTC.com lost $3 million in cyberattack Hackers use trojan to steal $8 million from BitKeep users Thanks to this week's episode sponsor, Tines Ever feel like you're stuck in a never-ending cycle of alerts? It's exhausting and frustrating. But here's the good news: Tines! Tines helps you focus on meaningful, not menial, tasks. Fewer mistakes, faster response times. And best of all, Tines' no-code automation platform can handle massive complexity and easily connect to your unique tech stack. Visit Tines.com now! For the stories behind the headlines, visit CISOseries.com
Severe LastPass breach, Inglis resigns post, Xfinity accounts hacked
LastPass admits to severe data breach, encrypted password vaults stolen Chris Inglis to resign as national cyber director Comcast Xfinity accounts hacked in widespread 2FA bypass attacks Thanks to our episode sponsor, Tines Wondering how the world's leading security teams are figuring out how to do more with less? The answer is Tines! Tines is a hyper-flexible automation platform loved by customers like Okta, Canva, Kayak, and Coinbase. Tines enables security teams to focus on what matters most by taking care of the grunt work! Learn more atTines.com. For the stories behind the headlines, head to CISOseries.com.
Malware in search ads, Guardian hit with ransomware, Okta source code accessed
FBI warns of malware in search ads Guardian hit with suspected ransomware Attackers grab Okta source code Thanks to this week's episode sponsor, Tines Tis the season for more alerts and fewer resources available to manage them. But you can still be jolly--with Tines! Tines eliminates the need for security teams to waste time on repetitive, manual tasks. Powered by a no-code approach, security teams createand maintainpowerful automations that deliver immediate results. Visit Tines.com to learn more!
McGraw Hill data leak, UK ICO names breached firms, Twitter aided Pentagon propaganda
McGraw Hill exposed student grades and personal info UK privacy regulator names and shames breached firms Twitter aided the Pentagon in covert online propaganda campaign Thanks to this week's episode sponsor, Tines If you're like most security teams, you currently face more phishing attacks and alert fatigue. The holiday season is the most wonderful time of the year for shoppers... but it's also a busy time for cybercriminals. Tines' no-code automation platform can help you transform your SecOps and stay one step ahead. Visit Tines.com to sign up for free today! For the stories behind the headlines, visit CISOseries.com
Cyber Security Headlines: Glupteba botnet returns, the future of ransomware, and Epic Games' privacy fine
Botnet shrugs off Google The future of ransomware Epic Games receives record privacy fines Thanks to this week's episode sponsor, Tines If you're like most security teams, you're juggling multiple mission-critical priorities. But what if there was a way to break the silos in your environment? A way to focus on meaningful tasks? A way to reduce errors and achieve faster response times? Check out Tines.com to start experiencing the true benefits of proactive security operations powered by no-code automation.
Russia infiltrates satellites, Gmail's end-to-end encryption, NSA's Russia warning
CISA says Russia's Fancy Bear infiltrated US satellite network Google introduces end-to-end encryption for Gmail on the web NSA cyber director warns of Russian digital assaults on global energy sector Thanks to this week's episode sponsor, Tines Before Tines, co-founders Eoin and Thomas spent 15 years as senior security operators. Frustrated by the inability to solve for the challenges their teams were facing, they built their own solution. Tines allows security teams to robustly automate mundane, repetitive tasks without code so they can focus on their most important work. Visit Tines.com to learn more! For the stories behind the headlines,...
Week in Review: Antivirus data wipers, TSA expands facial recognition, Uber breach
Link to Blog Post This week'sCyber Security Headlines Week in Review, December 12-16, is hosted byRich Stroffolinowith our guest,Jeremy Embalabala, CISO,HUB International Thanks to our show sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com All links and the video of this episode can be found...
Japanese MirrorStealer malware, HTML smuggling SVGs, DDoS-for-hire arrests
Hackers target Japanese politicians with new MirrorStealer malware Crooks use HTML smuggling to spread QBot malware via SVG files FBI charges 6, seizes domains linked to DDoS-for-hire service platforms Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com. For the stories...
EU drafts new US-data sharing agreement, Microsoft signed malicious drivers, InfraGard data leak
EU gets closer to US-data sharing agreement Microsoft signed malicious drivers InfraGard data for sale on dark web Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com.
Twitter data leak, Uber hit with another breach, Chinese police arrest crypto laundering gang
Twitter addresses claims of recent data leak Uber hit with another breach after attack on third-party vendor Police in China arrest gang who laundered $1.7 billion via crypto Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com. For the stories behind...
India's foreign ministry leaks passport details Cloudflare Zero Trust suite available to at-risk groups Greece outlaws spyware Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com.
Pwn2Own Toronto winners, EDR data wipers, MuddyWater's new campaign
Pwn2Own Toronto 2022 nets almost $1M for 63 zero days Antivirus and EDR solutions tricked into acting as data wipers Iran-linked MuddyWater APT launches new campaign Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com. For the stories behind the headlines,...
Week in Review: DHS reviews Lapsus$, AI generated malware, unsupported applications warning
Link to Blog Post This week'sCyber Security Headlines Week in Review, December 5-9, is hosted byRich Stroffolinowith our guest,Ken Athanasiou, CISO,VF Corporation Thanks to our show sponsor, PlexTrac The best pentesting teams trust PlexTrac. PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports. Check outPlexTrac.com/CISOSeriesto learn why PlexTrac is the premier pentest reporting and collaboration platform. All links...
North Korea-linked APT37 exploits Internet Explorer zero-day flaw Firewalls of several major vendors bypassed with generic attack method New 'Zombinder' platform binds Android malware with legitimate apps Thanks to today's episode sponsor, PlexTrac The best pentesting teams trust PlexTrac. PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier...
Pentagon cloud deal, Apple now encrypts iCloud backups, CloudSEK hacked by cybersecurity firm?
Pentagon awards cloud deal to four major providers Apple finally adds encryption to iCloud backups CloudSEK claims it was hacked by another cybersecurity firm Thanks to today's episode sponsor, PlexTrac The Plextrac platform is your offensive security team's secret weapon. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a "5X ROI in 1 year," a "30% increase in efficiency," have "cut their reporting cycle by 65%," and experienced a "18 to 22% time savings per engagement." Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help...
AI generated malware, Rackspace confirms ransomware, Meta Oversight Board rules on cross-check
Are we in the age of AI generated malware Rackspace confirms ransomware attack Meta Oversight Board rules on cross-check system Thanks to today's episode sponsor, PlexTrac The best pentesting teams trust PlexTrac. PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and collaboration platform.
Baseboard software vulnerabilities, threat group stole COVID funds, AI generated code
Vulnerabilities found in popular baseboard software Chinese threat group stole COVID-19 relief funds The question of AI generated code Thanks to today's episode sponsor, PlexTrac The Plextrac platform is your offensive security team's secret weapon. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a "5X ROI in 1 year," a "30% increase in efficiency," have "cut their reporting cycle by 65%," and experienced a "18 to 22% time savings per engagement." Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results.
Open source software host Fosshost shutting down, CEO unreachable DHS Cyber Safety Review Board to review Lapsus$ attacks Rackspace rocked by 'security incident' that has taken out hosted Exchange services Thanks to today's episode sponsor, PlexTrac The best pentesting teams trust PlexTrac. PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports. Check out PlexTrac.com/CISOSeries to learn why PlexTrac...
Week in Review: Encouraging cyber volunteers, TikTok invisible malware, SiriusXM car issues
Link to Blog Post This week'sCyber Security Headlines Week in Review, November 28-December 2, is hosted byRich Stroffolinowith our guest,Terrance Cooley, CISO, Air Force JADC2 R&D Center. Thanks to our show sponsor, Automox Are you ready to ditch manual patching and all the complexity and hassle that comes with it? With Automox, you can automatically patch your Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Modern patching should be easy. And now it is. With automated cross-OS patching, you'll save time and sleep better at night knowing your IT environment is secure. VisitAutomox.comto learn more and start a...
LastPass data accessed, Sirius smartcar flaw, Medibank data dump
Intruders gain access to user data in LastPass incident Sirius XM flaw unlocks smart cars thanks to code flaw Medibank hackers announce 'case closed' and dump huge data file on dark web Thanks to this week's episode sponsor, Automox And now a word from our sponsor, Automox. Are you ready to ditch manual patching and all the complexity and hassle that comes with it? With Automox, you can automatically patch your Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Modern patching should be easy. And now it is. With automated cross-OS patching, you'll save time and sleep better...
White House targeted, Google links spyware, Android apps fake accounts
Elon Musk's Starlink and the White House targeted by Killnet hackers Google links Windows exploit framework used to send spyware Malicious Android app creates fake accounts on multiple platforms Thanks to this week's episode sponsor, Automox Threat exposure is a growing business risk. Today, vulnerabilities are piling up faster than traditional remediation processes and tools can fix them. But fixing vulnerabilities doesn't have to be a fire drill. Now you can eliminate threats and manage exposed endpoints with Automox Automated Vulnerability Remediation, the only cloud-native solution that harmonizes your SecOps and ITOps workflow and lets you fix vulnerabilities dramatically faster...
Hackers use trending TikTok 'Invisible Challenge' to spread malware Cyber Monday online sales hit record Sandworm gang launches Monster ransomware attacks on Ukraine Thanks to this week's episode sponsor, Automox Are you tired of using multiple tools to patch your third-party applications? With Automox you'll gain complete visibility of all your software and the ability to patch it, automatically, from a single platform. Fix missing third-party patches with the click of a button to dramatically reduce the time, effort, and complexity it takes to maintain a strong security posture. Visit Automox.com to learn more and start a free trial today....
Google warns of "patch gap," Chinese spam hits Twitter
Project Zero warns of "patch gap" Twitter hit with spam campaign Canadian food company refuses ransom demands Thanks to this week's episode sponsor, Automox Are you ready to say goodbye to manual patching? With Automox you can automatically patch your Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Modern patching can and should be easy. Save time and sleep better at night knowing your IT environment is secure with automated cross-OS patching. Visit Automox.com to learn more and start a free trial today.
FCC China ban, Windows servers freeze, WhatsApp data leak
FCC announces ban on Chinese telecom and surveillance equipment New Windows Server updates cause domain controller freezes, restarts WhatsApp data leak: 500 million user records for sale Thanks to this week's episode sponsor, Automox Automox allows you to automate the configuration, patching, and compliance of your Windows, macOS, and Linux systems all from the cloud. Visit Automox.com to start a free trial and have all your endpoints safe and secure in just 15 minutes. Automox is also offering special pricing from now until December 31st so you can start 2023 off right and get automated patching without breaking your budget....
Twitter enlists George Hotz, $575 million crypto scheme, DrafKings $300K theft
Twitter enlists hacker George Hotz for 12 week "internship" Estonian duo arrested for masterminding $575 million Ponzi scheme Hackers steal $300K from DraftKings customers Thanks to today's episode sponsor, Compyl Preparing a Thanksgiving meal can be stressful, but managing your security and compliance program doesn't have to be. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete visibility and comprehensive reporting along the way. Learn about Compyl today at www.compyl.com. For the stories behind the headlines, visit CISOseries.com
Emotet returns, Google helps with Cobalt Strike, Ticketmaster blames bots for Swift snafu
Emotet returns with a malspam vengeance Google publishes YARA rules for Cobalt Strike Ticketmaster blames "bot attacks" for ticketing fiasco Thanks to today's episode sponsor, Compyl This thanksgiving, sit around the table and be thankful for Compyl. Compyl is an all-in-one platform that supercharges your security program and takes control of your compliance and audits. Automate workflows, audit collection, compliance management, and all the boring security stuff. Learn about Compyl today at www.compyl.com.
Ransomware infects Discord, Twitter welcomes Trump, Black Friday scams
New ransomware encrypts files, then steals your Discord account Donald Trump returns to Twitter after Elon Musk's poll More than half of Black Friday spam emails are scams Thanks to today's episode sponsor, Compyl We all know that CISOs are overworked and stressed. CISOs made Compyl to reduce the noise, accelerate security maturity and let you and your team quickly make decisions that directly affect what's important to your business. Learn about Compyl at www.compyl.com. For the stories behind the headlines, head to CISOseries.com.
Week in Review: The fall of FTX, Australia Medibank fallout, supply chain failures
Link to Blog Post This week'sCyber Security Headlines Week in Review, November 14-18, is hosted byRich Stroffolinowith our guest,John Scrimsher, CISO,Kontoor Brands Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like SalesForce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk.With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they've been granted. VisitAppOmni.comto request a free risk assessment....
Musk's ultimatum, Iran breaches government using Log4Shell, Amazon RDS data leak
Musk's ultimatum to employees leaves Twitter at risk Iranian APT breaches government agency using Log4Shell Hundreds of Amazon RDS snapshots discovered leaking user data And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they've been granted. Visit...
Disneyland phishing, Ukraine's IT army in action, NSA goes low-key with private researchers
Disneyland phishes with Punycode The effectiveness of Ukraine's IT army NSA seeks to lower barriers to work with private sector And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they've been granted. Visit AppOmni.com to request a...
Amazon cuts 10,000, FIFA apps warning, Breach impact 98%
Amazon to cut 10,000 employees in tech and corporate roles Privacy experts cautious about FIFA World Cup Apps 98% of organizations have been severely impacted by cyber supply chain breach And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of...
Australia ransom ban, scourge of brand impersonation sites, GitHub gets private reporting
Australia considers ban on ransomware payments Thousands of sites used for brand impersonation GitHub gets private reporting And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they've been granted. Visit AppOmni.com to request a free risk assessment.
Android phone owner accidentally finds a way to bypass lock screen Thales hit by Lockbit 3.0 again At least $1 billion of client funds missing at FTX And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they've...
Alleged LockBit operator to be extradited from Canada to U.S. Musk's ends remote work and promised to fight spam. CISO Kissner quits. Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire...
Crypto Winter comes for FTX, oil and gas flow control vulnerability, images hide malware in PyPI
Crypto Winter comes for FTX Vulnerability found in oil and gas utilities Vulnerability found in oil and gas utilities And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines,...
Powerball drawing delayed, Australian health record leak, Hushpuppi gets 11 year sentence
$2 billion Powerball drawing delayed by security issues Hackers leak Australian health records on dark web Hushpuppi gets 11 years in prison for cyber fraud And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com....
China stocking up vulnerabilities, DOJ seizes 50,000 bitcoin, DOJ takes down Z-Library
China stockpiling vulnerabilities US seizes Silk Road bitcoins DOJ takes down Z-Library And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
Treasury thwarts Killnet, UK scanning devices, Denmark train cyberattack
US Treasury thwarts DDoS attack from Russian Killnet group British government scanning all Internet devices hosted in UK Denmark trains halted by cyberattack And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the...
Week in Review: Thomson Reuters leak, LockBit dominates ransomware, Stripe cuts jobs
Link to Blog Post This week'sCyber Security Headlines Week in Review, October 31-November 4, is hosted byRich Stroffolinowith our guest,Marcos Marrero, CISO,H.I.G. Capital Thanks to today's episode sponsor, Votiro UFOs are everywhere. They're in your applications, cloud storage, endpoints, and emails. That's right UFOs UnidentifiedFileObjects are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can't be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That's where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files without detection, and without slowing down business....
Boeing subsidiary incident, Stripe job cuts, news website malware
Cyber incident at Boeing subsidiary causes flight planning disruptions Stripe to lay off 14% of workforce Over 250 US news websites deliver malware via supply chain attack Thanks to today's episode sponsor, Votiro UFOs are everywhere. They're in your applications, cloud storage, endpoints, and emails. That's right UFOs Unidentified File Objects are hiding in files across your organization.UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can't be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That's where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files without detection,...
W4SP malware stings PyPI LastPass warns of security hubris Dropbox breached Thanks to today's episode sponsor, Votiro UFOs are everywhere.They're in your applications, cloud storage, endpoints, and emails.That's right UFOs Unidentified File Objects are hiding in files across your organization.UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can't be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That's where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/
LockBit dominates ransomware, CISA on voting integrity, ransomware reporting
LockBit dominates ransomware CISA on voting integrity A call for more ransomware reporting Thanks to today's episode sponsor, Votiro UFOs are everywhere.They're in your applications, cloud storage, endpoints, and emails.That's right UFOs Unidentified File Objects are hiding in files across your organization.UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can't be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That's where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/
Antivirus used to spread malware, White House ransomware summit, Ed tech company hit with FTC complaint
Threat group rides antivirus software to install malware White House organizes ransomware summit Ed tech company exposed user data Thanks to today's episode sponsor, Votiro UFOs are everywhere.They're in your applications, cloud storage, endpoints, and emails.That's right UFOs Unidentified File Objects are hiding in files across your organization.UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can't be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That's where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files without detection, and without slowing down business. Do you believe? Learn more...
Thomson Reuters leaks 3TB of sensitive data Massive cyberattack hits Slovak and Polish Parliaments Twitter trolls bombard platform after Elon Musk takeover Thanks to today's episode sponsor, Votiro UFOs are everywhere. They're in your applications, cloud storage, endpoints, and emails. That's right UFOs Unidentified File Objects are hiding in files across your organization.UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can't be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That's where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files without detection, and without slowing down business....
Link to Blog Post This week'sCyber Security Headlines Week in Review, October 24-28, is hosted byRich Stroffolinowith our guest, Will Gregorian, former Senior Director, Technology Operations and Security, Rhino Thanks to this week's episode sponsor, Votiro UFOs are everywhere. They're in your applications, cloud storage, endpoints, and emails. That's right UFOs UnidentifiedFileObjects are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can't be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That's where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files...
Russia's satellite warning, New York Post hacked, Fast Company breach
Russia warns West: We can target your commercial satellites New York Post says its site was hacked after posting offensive tweets White House announces 100-day cyber sprint for chemical sector Thanks to this week's episode sponsor, Votiro UFOs are everywhere.They're in your applications, cloud storage, endpoints, and emails. That's right UFOs Unidentified File Objects are hiding in files across your organization.UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can't be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That's where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on...
Sigstore opens free service, Medibank hacked, 20-year old SQLite bug
Sigstore opens free software signing service Australian health insurer hacked Researcher details 20-year old SQLite bug Thanks to this week's episode sponsor, Votiro UFOs are everywhere.They're in your applications, cloud storage, endpoints, and emails. That's right UFOs Unidentified File Objects are hiding in files across your organization.UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can't be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That's where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files without detection, and without slowing down business. Do you believe? Learn more at...
See Tickets card breach, US charges Chinese agents, Tata Power's data leaked
See Tickets discloses 2.5 year-long credit card breach US charges Chinese agents in Huawei obstruction case Hive begins leaking Tata Power's data Thanks to this week's episode sponsor, Votiro UFOs are everywhere.They're in your applications, cloud storage, endpoints, and emails. That's right UFOs Unidentified File Objects are hiding in files across your organization.UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can't be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That's where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files without detection, and without slowing down business....
CISA warns of Daixin Team Exploit POCs used to host malware Iranian nuclear agency hacked Thanks to this week's episode sponsor, Votiro UFOs are everywhere.They're in your applications, cloud storage, endpoints, and emails. That's right UFOs Unidentified File Objects are hiding in files across your organization.UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can't be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That's where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs
Windows JavaScript zero-day, Iran-based hack-and-leak, METRO retailer attack
Exploited Windows zero-day lets JavaScript files bypass Mark of the Web security warnings FBI warns of 'hack-and-leak' operations from group based in Iran Wholesale giant METRO confirmed to have suffered a cyberattack Thanks to this week's episode sponsor, Votiro UFOs are everywhere.They're in your applications, cloud storage, endpoints, and emails.That's right UFOs Unidentified File Objects are hiding in files across your organization.UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can't be detected by traditional scanning solutions like Anti-Virus and Sandboxing.That's where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on...
Week in Review: Dutch Police Trick DeadBolt, GenZ meh on Cybersecurity, Submarine cable severed
Link to Blog Post This week'sCyber Security Headlines Week in Review, October 17-21, is hosted byRich Stroffolinowith our guest,Lee Parrish, CISO,Newell Brands Thanks to this week's episode sponsor, SafeBase Security questionnaires are a pain, and sharing sensitive documents takes too much back and forth. As a result, security can be wrongly viewed as a roadblock rather than a sales enabler.That's whereSafeBasecomes in. Our Smart Trust Center makes it easy to showcase your security program, share sensitive documents, and streamline security reviews. It's the missing piece of your security and sales workflow, and the only security tool that gives you time...
Submarine cables severed, Microsoft's BlueBleed problem, Health system breach
Internet connectivity worldwide impacted by severed EU subsea cables Microsoft BlueBleed customer data leak claimed to be 'one of the largest' in years Health system data breach due to Meta Pixel hits 3 million patients Thanks to this week's episode sponsor, SafeBase Security questionnaires are a pain, and sharing sensitive documents takes too much back and forth. As a result, security can be wrongly viewed as a roadblock rather than a sales enabler.That's where SafeBase comes in. Our Smart Trust Center makes it easy to showcase your security program, share sensitive documents, and streamline security reviews. It's the missing piece...
Ransom Cartel linked to REvil, Gen Z security awareness, Open Compute Project's Caliptra
Ransom Cartel linked to REvil Do we need cybersecurity training for Gen Z? Open Compute Project announces Caliptra Thanks to this week's episode sponsor, SafeBase Security questionnaires. If those two words sent a shiver down your spine, you need to check out SafeBase.SafeBase's Smart Trust Center is a centralized source of truth for your organization's security and compliance information. After implementing SafeBase, many companies see a 90% reduction in custom questionnaires. Imagine how much time you'd save. Visit safebase.com to find out more.
Verizon notifies customers their accounts were breached German cyber chief removed over alleged Russian ties Fortinet vulnerability being actively exploited Thanks to this week's episode sponsor, SafeBase Security questionnaires are a pain, and sharing sensitive documents takes too much back and forth. As a result, security can be wrongly viewed as a roadblock rather than a sales enabler.That's where SafeBase comes in. Our Smart Trust Center makes it easy to showcase your security program, share sensitive documents, and streamline security reviews. It's the missing piece of your security and sales workflow, and the only security tool that gives you time...
Ransomware hits German newspaper, Meta battles on content moderation report, and KakaoTalk goes down in Korea
Ransomware halts German newspaper circulation Meta disputes Indian content moderation report KakaoTalk called a "national communication network" in Korea Thanks to this week's episode sponsor, SafeBase Security questionnaires are a pain, and sharing sensitive documents takes too much back and forth. As a result, security can be wrongly viewed as a roadblock rather than a sales enabler.That's where SafeBase comes in. Our Smart Trust Center makes it easy to showcase your security program, share sensitive documents, and streamline security reviews. It's the missing piece of your security and sales workflow, and the only security tool that gives you time back....
Ukraine novel ransomware, Drones drop pineapple, Tata Power attacked
Microsoft says Ukraine, Poland targeted with novel ransomware attack Wi-Fi spy drones snoop on financial firm Indian power generation giant Tata Power hit by a cyber attack Thanks to this week's episode sponsor, SafeBase Security questionnaires. If those two words sent a shiver down your spine, you need to check out SafeBase.SafeBase's Smart Trust Center is a centralized source of truth for your organization's security and compliance information. After implementing SafeBase, many companies see a 90% reduction in custom questionnaires. Imagine how much time you'd save. Visit safebase.com to find out more. For the stories behind the headlines, head to...
Week in Review: CISOs' Uber scapegoating, US Airport DDoS, Digital license plates
Link to Blog Post This week'sCyber Security Headlines Week in Review, October 10-14, is hosted byRich Stroffolinowith our guest,Matt Honea, Head Of Security,SmartNews Thanks to today's episode sponsor, NoName Security Prevent API attacks in real-time with automated AI and ML-based detection fromNoname Security. Monitor API traffic for data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. Integrate with your existing IT workflow management system like Jira, ServiceNow, or Slack for seamless remediation. Learn more atnonamesecurity.com/runtime-protection All links and the video of this episode can be found on CISO Series.com
Polonium targets Israel, CISO-Board relationships, UK Supply chain
Polonium APT targets Israel with a new custom backdoor dubbed PapaCreep RSA Conference reveals CISO-Board relationships UK government urges action to enhance supply chain security Thanks to today's episode sponsor, Noname Security Prevent API attacks in real-time with automated AI and ML-based detection from Noname Security. Monitor API traffic for data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. Integrate with your existing IT workflow management system like Jira, ServiceNow, or Slack for seamless remediation. Learn more at nonamesecurity.com/runtime-protection For the stories behind the headlines, head to CISOseries.com.
Npm timing attack, legit software spreading malware, Mango Markets hacked for $100 million
Npm timing attack could impact supply chain Legit software used to spread malicious WhatsApp mod Mango Markets hit by $100 million hack Thanks to today's episode sponsor, Noname Security Are you sure your APIs are secure? Noname Security discovers all the APIs running on your network and analyzes them to spot design flaws, misconfigurations, and vulnerabilities. You can even catalog sensitive data and quickly see how many APIs are able to access credit card data, phone numbers, SSNs, and other sensitive PII data. Learn more at nonamesecurity.com/posture-management
UK warns of Chinese security threat, Toyota data leak, CISOs at risk of being overworked
UK warns of Chinese global security threat Toyota data leak impacts 300,000 customers CISOs at risk of being overworked Thanks to today's episode sponsor, Noname Security Stop API vulnerabilities before production with Noname Security. Automatically run over 100 dynamic tests that simulate malicious traffic, including the OWASP API Top Ten. Integrate with your existing CI/CD pipelines and tools, such as Jenkins and Postman, as well as all your ticketing and workflow tools such as ServiceNow, Slack, and Jira. Learn more at nonamesecurity.com/active-testing For the stories behind the headlines, head to CISOseries.com
Finger heat can leak your password US airport sites targeted by KillNet Intel confirms UEFI leak Thanks to today's episode sponsor, Noname Security Prevent API attacks in real-time with automated AI and ML-based detection from Noname Security. Monitor API traffic for data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. Integrate with your existing IT workflow management system like Jira, ServiceNow, or Slack for seamless remediation. Learn more at nonamesecurity.com/runtime-protection
Urgent Fortinet vulnerability, Windows update flaw, CISO scapegoating danger
Fortinet warns admins to patch critical auth bypass bug immediately Windows 11 22H2 errors break provisioning Security chiefs fear 'CISO scapegoating' following Uber-Sullivan verdict Thanks to today's episode sponsor, Noname Security Are you sure your APIs are secure? Noname Security discovers all the APIs running on your network and analyzes them to spot design flaws, misconfigurations, and vulnerabilities. You can even catalog sensitive data and quickly see how many APIs are able to access credit card data, phone numbers, SSNs, and other sensitive PII data. Learn more at nonamesecurity.com/posture-management For the stories behind the headlines, head to CISOseries.com.
Link to Blog Post This week'sCyber Security Headlines Week in Review, October 3-7, is hosted bySean Kelly, with our guest,Patrick Benoit, VP, Global Cyber, GRC/BISO,CBRE Thanks to this week's episode sponsor, Hunters Hunters is a SaaS platform, purpose built for Security Operation teams. Providing unlimited data ingestion and normalization at a predictable cost, Hunters helps SOC teams mitigate real threats faster and more reliably than SIEM. VisitHunters.aito learn more. All links and the video of this episode can be found on CISO Series.com
Uber coverup ruling, Optus data spilled, Easylife's trigger fine
Former Uber security chief found guilty of data breach coverup Optus confirms 2.1 million ID numbers exposed in data breach Retailer Easylife fined 1.5m for data protection breaches Thanks to today's episode sponsor, Hunters Hunters is a SaaS platform, purpose built for Security Operation teams. Providing unlimited dataingestion and normalization at a predictable cost, Hunters helps SOC teams mitigate real threats faster and more reliably than SIEM. Visit Hunters.ai to learn more. For the stories behind the headlines, head to CISOseries.com.
CommonSpirit Health "IT security issue," MySQL backdoor, P2P payment fraud rises
CommonSpirit Health hit with "IT security issue" MySQL servers backdoored Fraud hitting P2P payment apps Thanks to today's episode sponsor, Hunters Hunters is a SaaS platform, purpose built for Security Operation teams. Providing unlimited dataingestion and normalization at a predictable cost, Hunters helps SOC teams mitigate real threats faster and more reliably than SIEM. Visit Hunters.ai to learn more.
Musk offers to proceed with Twitter deal TikTok security deal becomes a political pawn Netwalker ransomware affiliate sentenced to 20 years in prison Thanks to today's episode sponsor, Hunters Hunters is a SaaS platform, purpose built for your Security Operation team. Cimpress, theparent company of VistaPrint, implemented Hunters SOC Platform to replace its SIEM. Thanks to Hunters, Cimpress no longer needs to babysit alerts and detection logic they've improved their SOC's efficiency, and optimized costs. Visit Hunters.ai to learn more. For the stories behind the headlines, visit CISOseries.com
LA School Data Leaked, Exchange mitigations bypassed, Supreme Court looks at Section 230
LA school data published on leak site Exchange zero-day mitigations bypassed Supreme Court will look legal protections for apps and sites Thanks to today's episode sponsor, Hunters Hunters helps your security team overcome data volume and complexity while significantlyreducing false positives. Upwork uses Hunters SOC Platform to "remain threat focused". Because of Hunters, Upwork has been able to stop going through the daily repetitive task of looking at alerts, and doing repetitive, manual investigations. Learn more at: Hunters.ai
Microsoft Zero days, Lazarus attacks Dell, NSA employee caught
Microsoft confirms two Exchange Server zero days are being used in cyberattacks Lazarus hackers abuse Dell driver bug using new FudModule rootkit Ex-NSA employee charged with violating Espionage Act, selling U.S. cyber secrets Thanks to today's episode sponsor, Hunters Hunters is a SaaS platform, purpose built for Security Operation teams. Providing unlimited dataingestion and normalization at a predictable cost, Hunters helps SOC teams mitigate real threats faster and more reliably than SIEM. Visit Hunters.ai to learn more. For the stories behind the headlines, head to CISOseries.com.
Link to Blog Post This week'sCyber Security Headlines Week in Review, September 26-30, is hosted byRich Stroffolinowith our guest,Sara Lazarus, VP and head of trust and security,Stavvy Thanks to today's episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more atVotiro.com. All links and the video of this episode can be...
Russia's cyber winter, military contractor attack, IRS smishing warning
Finnish intelligence warns Russia 'highly likely' to turn to cyber in winter Researchers uncover covert attack campaign targeting military contractors IRS warns of "industrial scale" smishing surge Thanks to today's episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com.
Leaked ransomware used in attack, Cloudflare Turnstile, Fast Company hit with cyber attack
Leaked ransomware builder used in attacks Cloudflare hopes Turnstile can replace CAPTCHAs Fast Company goes dark after cyber attack Thanks to today's episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at Votiro.com.
Lazarus targets macOS, Geopolitical DDoS, Meta takes down influence networks
Lazarus Group targets macOS users Geopolitics behind recent DDoS surge Meta takes on influence networks Thanks to today's episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at Votiro.com.
Jamf buys ZecOps, porn phishing DDoS, Cloudflare Zero Trust SIM
Jamf buys ZecOps Porn phishing scam turns into a DDoS Cloudflare announced secure eSIM offering Thanks to today's episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at Votiro.com.
Uber hacker arrested, Microsoft SQL hacked, CircleCI GitHub hack
London Police arrest 17-year-old hacker suspected of Uber and GTA 6 breaches Microsoft SQL servers hacked in TargetCompany ransomware attacks Attackers impersonate CircleCI platform to compromise GitHub accounts Thanks to today's episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to...
Week in Review: Uber and Twitter hacks, MFA exploits, Ransomware in decline?
Link to Blog Post This week'sCyber Security Headlines Week in Review, September 19-23, is hosted byRich Stroffolinowith our guest,Joseph Lewis, Director, Cyber Assessment Strategy,US Department of Energy Thanks to this week's sponsor, 6clicks 6clicksis your AI-powered GRC platform, featuring a fully integrated content library. 6clicks provides organizations with a powerful GRC platform to build highly scalable risk and compliance functions and advisors with the tools to streamline and scale their services, saving everyone enormous time and money. Reimagine risk. Improve cybersecurity. Demonstrate compliance. For more information visit6clicks.com/cisoseries. All links and the video of this episode can be found on CISO...
MFA fatigue hacking, Senate blasts counterintelligence, Australian telco breach
MFA Fatigue: Hackers' new favorite tactic in high-profile breaches Senate reports details inefficiencies, confusion at key U.S. counterintelligence center Australian telco Optus suffers massive data breach Thanks to today's episode sponsor, 6clicks With 6clicks, organizations can manage enterprise risk easier than ever before. 6clicks helps you identify your risks, group them into risk registers, and run risk assessments. It highlights causes and potential impacts, outlines risk treatment plans, and helps you manage the full treatment lifecycle all while informing your holistic GRC posture with built-in data linkages. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to...
15-year old Python bug, LinkedIn Smart Link phishing, US military using Augury
15-year old Python bug causing problem LinkedIn Smart Links used for phishing US military buys Augury network monitoring tool Thanks to today's episode sponsor, 6clicks Your GRC solution is only as valuable as the reports it can generate. Provide an exceptional analytics experience for all your GRC stakeholders with the 6clicks reporting suite. Unlock powerful insights and prove compliance using dashboards and charts, pixel perfect reporting, presentations, and data storytelling via LiveDocs.. For more information visit 6clicks.com/cisoseries.
American Airlines hack, $160M swiped from Wintermute, 2K and Rockstar cyberattacks
American Airlines announce breach of customer and staff info Crypto market maker hacked for $160 million 2K and Rockstar fall victim to cyber attacks Thanks to today's episode sponsor, 6clicks The 6clicks GRC solution comes with a fully integrated content library full of hundreds of standards, assessment templates, libraries, playbooks, and more. With the content library included in every 6clicks license, organizations can get started on their GRC implementation faster than ever before. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com
Chromeloader evolves, ransomware falls, US reviews social media campaigns
The shifting ways of Chromeloader Ransomware attacks fall in first half Pentagon orders review of social media influence campaigns Thanks to today's episode sponsor, 6clicks Experience the magic of Hailey, the 6clicks artificial intelligence engine for risk and compliance. With Hailey, organizations can automatically show cross-compliance between regulations or identify gaps to external compliance requirements in their policies. Eliminate manual and costly risk and compliance processes by joining the hundreds of businesses that trust 6clicks. For more information visit 6clicks.com/cisoseries.
Uber says there is no evidence that users' private information was compromised LastPass says hackers accessed its systems for just 4 days Netgear Routers impacted by FunJSQ module flaw Thanks to today's episode sponsor, 6clicks 6clicks has pioneered a unique Hub & Spoke architecture to underpin its AI-powered GRC solution and cater to markets requiring scalable, multi-tenanted GRC. This model enables organizations to deploy multiple, autonomous GRC entities connected to a single hub for roll-up reporting, management, and visibility. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
Week in Review: Uber hacked, intermittent encryption ransomware, Twitter overheats
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 6-10, is hosted byRich Stroffolinowith our guest,Quincy Castro, CISO,Redis Thanks to today's episode sponsor, Edgescan Scalable automated and continuous Attack Surface Management (ASM) and vulnerability detection integrated with a world-class cyber security team provide 100% false-positive-free alerts and expert remediation guidance.Edgescan.com All links and the video of this episode can be found on CISO Series.com
Gamers targeted on YouTube, Biden supply chain order, Queen Elizabeth II phishing scam
Gamers targeted by self-spreading stealer on YouTube Biden order further scrutinizes foreign tech supply chains Phishing attacks being launched in the name of Queen Elizabeth II Thanks to today's episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com
Teams leaks tokens, cyberscammer human trafficking, Treasury Tornado Cash guidance
Teams stores tokens in cleartext Cyberscammers caught up in human trafficking US Treasury issues guidance on Tornado Cash Thanks to today's episode sponsor, Edgescan Scalable automated and continuous Attack Surface Management (ASM) and vulnerability detection integrated with a world-class cyber security team provide 100% false-positive-free alerts and expert remediation guidance.
Apple's second zero-day, heat beats tweets, herd mentality phishing
Apple Releases iOS and macOS updates to patch actively exploited zero-day flaw Extreme California heat knocks key Twitter data center offline New phishing scheme uses 'herd mentality' approach to dupe victims Thanks to today's episode sponsor, Edgescan Edgescan combines full-stack coverage with integrated reporting and business-level prioritization to deliver a single source of truth for your entire vulnerability management program with zero false positives. For the stories behind the headlines, head to CISOseries.com.
Google buys Mandiant, Redbleed mitigations hurt, Meta hands over PyTorch
Google closes on Mandiant Paying the iron price for Retbleed mitigation Meta hands over the keys to PyTorch Thanks to today's episode sponsor, Edgescan Edgescan offers a single platform solution that covers the full stack, from Web Applications to APIs to the Network and data layer. Continuous Attack Surface Management coupled with automated & strategic Pen-testing as a Service (PTaaS) yields fully scalable coverage.
Intermittent encryption warning, HP firmware bugs, SEC crypto office
Ransomware gangs switching to new intermittent encryption tactic Firmware bugs in many HP computer models left unfixed for over a year U.S. SEC to set up new office for crypto filings Thanks to today's episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind...
Week in Review: TikTok breach, China accuses US, CISA feedback
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 6-10, is hosted byRich Stroffolinowith our guest,Jason Elrod, CISO,Multicare Health System Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely and they want to do it all from the cloud. That's why they both chooseSnyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments all of it. And while developers are building securely,Snykgives security teams a bird's eye view of all...
China accuses US, London buses hacked, New APT42 group
China accuses US of cyberattacks and cyberespionage London's biggest bus operator hit by cyber "incident" Researchers reveal new Iranian threat group APT42 Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely and they want to do it all from the cloud. That's why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird's eye view...
CISA incident reporting, Linux-focused IoT malware, Albania cuts ties over cyberattack
CISA asks for feedback on reporting rules New Linux-focused malware targets IoT Albania cuts diplomatic ties over cyberattack Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely and they want to do it all from the cloud. That's why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird's eye view of all of their...
Ex-Uber exec heads to trial, Twitter fires back at Mudge, FBI K-12 warning
Uber's ex-cyber exec heads to trial Twitter fires back at Mudge for "parroting" Elon Musk FBI warns of ransomware attacks on school districts Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely and they want to do it all from the cloud. That's why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird's eye...
Sextortion ring busted, TikTok denies breach, Cloudflare cuts off Kiwi Farms
Transnational sextortion ring dismantled TikTok denies breachtok Cloudflare cuts off Kiwi Farms Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely and they want to do it all from the cloud. That's why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird's eye view of all of their projects and cloud environments, so they...
Federal agencies share supply chain security tips Apple settles lawsuit with developer over App Store rejections and scams Hackers were inside Neopets systems for 18 months Thanks to today's episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which...
Google launches open-source bug bounty Ragnar Locker claims attack on airline Cloudflare won't terminate services for controversial customers Thanks to today's episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who's resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you'll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations' most valuable assets. Visit Code42.com/showme to learn more.
Google Translate malware, White House aviation briefing, book distributor ransomed
Google Translate app is actually Windows crypto-mining malware White House to give aviation executives classified cyberthreat briefing Book distributor Baker & Taylor hit by ransomware Thanks to our episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there's a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.
Log4Shell Hits Israel, Russian cyberattacks on Montenegro, AlphaBay Turns 1
Microsoft warns Iranians using Log4Shell Montenegro hit with Russian cyberattacks AlphaBay Turns 1 Thanks to this week's episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don't need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Es should define any IRM program: expertise, education, and enforcement. Shift your security culture from "watchdog" to "guide dog" and everyone wins. Learn more at Code42.com/showme.
Hackers breach LastPass, new Agenda ransomware, Facebook Cambridge settlement
Hackers breach LastPass developer system to steal source code New Agenda ransomware appears in the threat landscape Facebook-Cambridge Analytica data breach lawsuit ends in 11th hour settlement Thanks to this week's episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and...
Week in Review: Satellite hacks, Insurers balk, Twitter's cybersecurity
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 6-10, is hosted byRich Stroffolinowith our guest,John McClure, CISO,Sinclair Broadcast Group Thanks to today's episode sponsor, Code42 It's not just about the data leaving your company what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydris an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn...
North Korea at BlackHat, Ransomware attacks jump, Pentagon software requirements
North Korean malware present at Black Hat Ransomware attacks jump as new malware strains proliferate Pentagon may require flaw-free software Thanks to today's episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more...
Nobelium's MagicWeb, pro-Western influence campaigns, $100 million in NFTs stolen
Microsoft reveals Nobelium's MagicWeb Details emerge on large-scale pro-Western influence campaigns Stolen NFTs prove big business Thanks to today's episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who's resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you'll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations' most valuable assets. Visit Code42.com/showme to learn more.
Ex-security chief accuses Twitter of cybersecurity negligence Ukraine and Poland join forces to counter Russian cyberattacks Hackers use Binance exec deepfake in crypto exchange scam Thanks to today's episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there's a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme. For the stories behind the headlines, head over to CISOseries.com
State-backed attacks not insured, LockBit hit with DDoS, Cozy Bear gets around MFA
State-backed attacks excluded from cyber insurance LockBit hit with DDoS Cozy Bear using Microsoft accounts to bypass MFA Thanks to today's episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don't need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Es should define any IRM program: expertise, education, and enforcement. Shift your security culture from "watchdog" to "guide dog" and everyone wins. Learn more at Code42.com/showme.
Urgent iPhone update, ZIP password fault, Hacking decommissioned satellites
iPhone users urged to update to patch 2 zero-days Encrypted ZIP files can have two correct passwords White hat hackers broadcast through decommissioned satellite Thanks to today's episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require...
Week in Review: Ukraine at Black Hat, Starlink hacked, cybersecurity workforce inequity
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 6-10, is hosted byRich Stroffolinowith our guest,Stephen Harrison, VP Cyber Defense,MGM Resorts Thanks to today's episode sponsor, 6clicks With6clicks, organizations can manage enterprise risk easier than ever before. 6clicks helps you identify your risks, group them into risk registers, and run risk assessments. It highlights causes and potential impacts, outlines risk treatment plans, and helps you manage the full treatment lifecycle. For more information visit6clicks.com/cisoseries. All links and the video of this episode can be found on CISO Series.com
Google blocks DDoS, Moore leaves Cyber Command, BlackByte's ransomware options
Google blocks largest HTTPS DDoS attack 'reported to date' Cyber Command loses Moore A new version of BlackByte offers extortion options Thanks to today's episode sponsor, 6clicks With 6clicks, organizations can manage enterprise risk easier than ever before. 6clicks helps you identify your risks, group them into risk registers, and run risk assessments. It highlights causes and potential impacts, outlines risk treatment plans, and helps you manage the full treatment lifecycle. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
PyPi packages turn installed apps to backdoors Project Sugarush targets Israeli shipping RedAlpha ramps up phishing efforts Thanks to today's episode sponsor, 6clicks Manage the full assessment lifecycle and get your business audit-ready more easily than ever using 6clicks. Identify overlap from completed audits and assessments with other standards and frameworks using Hailey-AI to streamline compliance with multiple audit requirements. With built-in content, organizations can get started on their audit and assessments faster than ever before. For more information visit 6clicks.com/cisoseries.
Oracle audits Tik Tok, Digital Ocean dumps Mailchimp, Twilio targets Signal
Oracle begins auditing TikTok's algorithms Digital Ocean dumps Mailchimp after attack leaked customer data Signal users exposed in targeted Twilio attack Thanks to today's episode sponsor, 6clicks 6clicks is where vulnerability management and GRC unite. With 6licks, organizations can ingest their vulnerabilities from all scanners, link assets to vulnerabilities, raise risks and issues to remediate, and close vulnerabilities as they are remediated all while informing their risk and compliance posture in a single platform for cohesive reporting. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
Chat app backdoor, PyPi cryptominer, corporate access prices drop
Chat app used as a backdoor PyPi package drops crytominer Access to corporate networks sees a value dip Thanks to today's episode sponsor, 6clicks Protect your supply chain from third-party risk with the power of 6clicks. Organizations can better manage their vendor risk by automating the vendor assessment lifecycle and detecting vendor assessment findings. Users can identify and raise risks linked to vendors post-assessment and group them into risk registers. Then, manage, remediate and report on risks directly from 6clicks. For more information visit 6clicks.com/cisoseries.
Ukraine cyber chief at Black Hat, Lockheed Martin breach?, $25 Starklink hack
Ukraine's cyber chief makes surprise visit to Black Hat Killnet claims to have hacked Lockheed Martin Starlink successfully hacked using $25 modchip Thanks to today's episode sponsor, 6clicks Identify, track, respond, and remediate issues and incidents from your various GRC workflows with 6clicks. With an issue submission form, 6clicks makes it easy and efficient for employees to submit incidents directly to an incident management team for triaging and response. Use the built-in incident response playbooks, or your own, to standardize incident response across the organization. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 6-10, is hosted byRich Stroffolinowith our guest,Jack Kufahl, CISO,Michigan Medicine Thanks to today's episode sponsor, Edgescan Edgescansimplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. All links and the video of this episode can be found on CISO Series.com
Cisco admits corporate network compromised by gang with links to Lapsus$ CISA should split from DHS says Chris Krebs Ransomware data theft epidemic fueling BEC attacks Thanks to today's episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com.
Open Cybersecurity Schema Framework launches, Intel SGX flaw, CISA adds DogWalk to patch list
Introducing the Open Cybersecurity Schema Framework New flaw found in Intel SGX CISA adds to its Known Exploited Vulnerabilities database Thanks to today's episode sponsor, Edgescan Scalable automated and continuous Attack Surface Management (ASM) and vulnerability detection integrated with a world-class cyber security team provide 100% false-positive-free alerts and expert remediation guidance.
Chinese kids defrauded, Twitter Saudi spy, Facebook data divulged
Chinese fraudsters target kids playing online games Former Twitter employee convicted in Saudi spy case Facebook divulges data leading to abortion prosecution Thanks to today's episode sponsor, Edgescan Edgescan combines full-stack coverage with integrated reporting and business-level prioritization to deliver a single source of truth for your entire vulnerability management program with zero false positives. For the stories behind the headlines, head to CISOseries.com
Treasury sanctions Tornado Cash, Twilio confirms hack, Chinese hacking group targets backdoors
Treasury sanctions Tornado Cash Twilio confirms hack Chinese hacking group targets backdoors Thanks to today's episode sponsor, Edgescan Edgescan offers a single platform solution that covers the full stack, from Web Applications to APIs to the Network and data layer. Continuous Attack Surface Management coupled with automated & strategic Pen-testing as a Service (PTaaS) yields fully scalable coverage.
Emergency Alert flaws, Kaspersky VPN bug, Pick Fick quick
Critical flaws found in US Emergency Alert System Security experts urge Fick's speedy confirmation as first U.S. cyber ambassador High-severity bug in Kaspersky VPN client opens door to PC takeover Thanks to today's episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the...
Week in Review: Cyberattacks hit Taiwan, Missile manufacturer hit, Class action donuts
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 6-10, is hosted byRich Stroffolinowith our guest,Yael Nagler,CISO,Walker & Dunlop Thanks to this week's sponsor, HYAS "Did you know a cybersecurity breach doesn't have to mean that your business is shut down or your data is stolen? Malware, ransomware, data exfiltration: They all report to a command and control infrastructure to receive instructions. HYAS's unrivaled understanding of adversary infrastructure empowers you to cut off threats from their command and control, along with any related infrastructure. Like that old roach motel, hackers can get in, but they can't communicate...
Cyberattacks hit Taiwan, Cisco router flaws, DoJ prefers paper
Cyberattacks hit Taiwan to coincide with Speaker Pelosi's visit4 Cisco addresses critical flaws in Small Business VPN routers DOJ now relies on paper for its most sensitive court documents, official says Thanks to today's episode sponsor, HYAS We know IT and security teams are already overloaded facing constant pressure to improve security without additional resources. That's why it's so important to find solutions that bolster your security, not your workload. HYAS Protect deploys in under 30 minutes, easily integrates into existing infrastructure, constantly updates with the latest threat intelligence, renders attacks inert (regardless of how they infiltrated your environment), and...
Ukraine takes down bot farm, Solana wallets drained, Semikron cyberattack
Ukraine takes down massive bot farm Thousands of Solana wallets drained Semikron hit by cyberattack Thanks to today's episode sponsor, HYAS Cybercriminals try their hardest to cover their tracks, but no matter what, they always leave a trail. HYAS Insight gives you access to all of the data you need to trace an attack back to its source. This helps you map out the complete attack campaign infrastructure, letting you proactively defend against future attacks and even potentially provide key data to law enforcement. Take your cybersecurity investigations further than you ever thought possible with HYAS Insight. Visit HYAS.com
$190M crypto theft, T-Mobile store owner busted, EU missile maker extorsion
US crypto firm hit by $190 million theft T-Mobile store owner busted running phone unlocking scheme EU missile maker denies breach but confirms extortion attempt Thanks to today's episode sponsor, HYAS Cybercriminals try their hardest to cover their tracks, but no matter what, they always leave a trail. HYAS Insight gives you access to all of the data you need to trace an attack back to its source. This helps you map out the complete attack campaign infrastructure, letting you proactively defend against future attacks and even potentially provide key data to law enforcement. Take your cybersecurity investigations further than...
Akamai distrubs massive DDoS, Australian faces spyware charges, Meta struggles with Kenya hate speech
Akamai disrupts record DDoS in Europe Australian man faces spyware charges Meta accused of failing to tackle hate speech in Kenya Thanks to today's episode sponsor, HYAS Cybercriminals try their hardest to cover their tracks, but no matter what, they always leave a trail. HYAS Insight gives you access to all of the data you need to trace an attack back to its source. This helps you map out the complete attack campaign infrastructure, letting you proactively defend against future attacks and even potentially provide key data to law enforcement. Take your cybersecurity investigations further than you ever thought possible...
Fake investment network, DawDropper Android malware, North Korea's SharpTongue
Huge network of 11,000 fake investment sites targets Europe DawDropper Android apps serve up banking malware North Korea-linked SharpTongue spies on email accounts with a malicious browser extension Thanks to today's episode sponsor, Hyas. Better production environment security starts with visibility. After all, how can you protect your most valuable asset if you don't know A: what's expected and B: when something's happening that isn't expected? This is why HYAS Confront monitors traffic to alert you to anomalies, letting you address risks, threats, and changes, while blocking infiltrations before they become successful attacks. Don't just react, take your security back...
Week in Review: Chinese, Huawei misdeeds, Poor cybersecurity training, Data breach costs
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 6-10, is hosted byRich Stroffolinowith our guest,Deneen DeFiore, VP, CISO,United Airlines Thanks to our show sponsor, Snyk Developers want to code fast and security wants to ship securely. And that's why they both chooseSnyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure all of it. And while developers are building securely, Snyk gives security teams a bird's eye view of all of their projects, so they can prioritize...
Hackers dodge macros, 365 down again, 22M health record breach
Hackers opting for new attack methods after Microsoft blocked macros by default Microsoft 365 outage knocks down admin center in North America 22 million US health records breached thus far in 2022 Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that's why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird's eye...
Subzero malware, JusTalk logs leak, average data breach cost
Microsoft warns of Subzero malware JusTalk logs leak The cost of an average data breach Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that's why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird's eye view of all of their projects, so they can prioritize and focus their efforts in the right...
$6 million music platform hack, Rogers coding error, increased North-Korean bounty
Hacker swipes $6 million from blockchain music platform Coding error to blame for Rogers outage US doubles reward for tips on North Korean-backed hackers Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that's why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird's eye view of all of their projects, so they...
LockBit hits Italy, Quantum bill heads to Senate, Windows adds brute force defense
LockBit hits Italy Quantum cybersecurity bill heads to the Senate Windows adds brute force defense Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that's why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird's eye view of all of their projects, so they can prioritize and focus their efforts in the right...
FBI uncovers Chinese and Huawei misdeeds 5.4 million Twitter accounts available for sale Microsoft warns that new Windows updates may break printing Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that's why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird's eye view of all of their projects, so they can prioritize...
Week in Review: Hiring slows, new infrastructure woes, Tik Tok grows
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 6-10, is hosted byRich Stroffolinowith our guest,Renee Guttmann, Former CISO, Campbell Soup, Coca Cola, Time Warner Thanks to this week's sponsor, 6clicks 6clicksis your AI-powered GRC platform, featuring a fully-integrated content library. 6clicks provides organizations with a powerful GRC platform to build highly scalable risk and compliance functions and advisors with the tools to streamline and scale their services, saving everyone enormous time and money. Reimagine risk. Improve cybersecurity. Demonstrate compliance. For more information visit6clicks.com/cisoseries. All links and the video of this episode can be found on CISO...
Microsoft Teams outage, heatwave melts Oracle, hiring cyber mercenaries
Microsoft Teams outage also takes down Microsoft 365 services Heatwave forced Google and Oracle to shut down in London Hackers for hire: adversaries employ "cyber mercenaries" Thanks to today's episode sponsor, 6clicks Experience the magic of Hailey, the 6clicks artificial intelligence engine for risk and compliance. With Hailey, organizations can automatically show cross-compliance between regulations or identify gaps to external compliance requirements in their policies. Eliminate manual and costly risk and compliance processes by joining the hundreds of businesses that trust 6clicks. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
Microsoft security job cuts, Neopet data leak, Russia malware trickery
Microsoft cuts security jobs amidst weakening economy Is your cute little Neopet leaking your personal data? Russia disguises malware as Ukrainian app for hacking Russia Thanks to today's episode sponsor, 6clicks The 6clicks GRC solution comes with a fully integrated content library full of hundreds of standards, assessment templates, libraries, playbooks, and more. With the content library included in every 6clicks license, organizations can get started on their GRC implementation faster than ever before. For more information visit 6clicks.com/content. For the stories behind the headlines, head over to CISOseries.com
Leaky GPS Trackers, Russian Malware Spoof Pro-Ukraine App, MacOS Backdoor to the Cloud
Car GPS tracker exposes location data Russian malware groups spoof pro-Ukraine apps MacOS backdoor speaks to the cloud Thanks to today's episode sponsor, 6clicks Your GRC solution is only as valuable as the reports it can generate. Provide an exceptional analytics experience for all your GRC stakeholders with the 6clicks reporting suite. Unlock powerful insights and prove compliance using dashboards and charts, pixel perfect reporting, presentations, and data storytelling via LiveDocs. For more information visit 6clicks.com/analytics/overview.
Cyberattack hits Albania, Speculative execution not patched, DARPA studies open-source
Albania hit with cyberattack Vendors not patching for speculative execution DARPA looks into open-source Thanks to today's episode sponsor, 6clicks 6clicks has pioneered a unique Hub & Spoke architecture to underpin its AI-powered GRC solution and cater to markets requiring scalable, multi-tenanted GRC. This model enables organizations to deploy multiple, autonomous GRC entities connected to a single hub for roll-up reporting, management, and visibility. For more information visit 6clicks.com/lp-enterprise-hub-spoke.
Dozens of cities and towns are paying tech workers to abandon Silicon Valley CISA orders agencies to patch new Windows zero-day used in attacks Password recovery tool infects industrial systems with Sality malware Thanks to today's episode sponsor, 6clicks The 6clicks AI-powered GRC platform with an integrated content library is the most intelligent way to get ISO 27001 certified. It allows you to automate audits, manage risks, track assets, and report in real-time. Join hundreds of businesses that trust 6clicks and start your ISO 27001 journey today. For more information visit 6clicks.com/lp-iso-27001. For the stories behind the headlines, head to...
Week in Review: Microsoft phishing warning, Callback phishing scams, Log4J forever
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 6-10, is hosted byRich Stroffolinowith our guest,Carla Sweeney, VP Information SecurityRed Ventures Thanks to our episode sponsor, Edgescan Edgescansimplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives,Edgescanoffers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. All links and the video of this episode can be found on CISO Series.com
Ex-C.I.A. engineer convicted in biggest theft ever of Agency secrets Chinese hackers targeted U.S. political reporters just ahead of January 6 attack, researchers say Twitter outage briefly hits thousands Thanks to today's episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines,...
Massive phishing operation, Android malware gets millions of millions, Spectre-like x86 attack
Microsoft warns of massive phishing operation Android malware downloaded over 3 million times More speculative-execution attacks found for x86 Thanks to today's episode sponsor, Edgescan Scalable automated and continuous Attack Surface Management (ASM) and vulnerability detection integrated with a world-class cyber security team provide 100% false-positive-free alerts and expert remediation guidance.
FTC anonymization crackdown, TikTok privacy change, gov't contractor pays $9 million
FTC is cracking down on false claims of anonymizing data TikTok halts privacy policy change in Europe Government contractor pays $9 million over whistleblower allegations Thanks to today's episode sponsor, Edgescan Edgescan combines full-stack coverage with integrated reporting and business-level prioritization to deliver a single source of truth for your entire vulnerability management program with zero false positives. For the stories behind the headlines, head to CISOseries.com
Ransomware hits French telco, NSO Group acquisition called off, Krebs on Experian security
Ransomware hits French telco NSO Group acquisition called off Krebs on Experian security Thanks to today's episode sponsor, Edgescan Edgescan offers a single platform solution that covers the full stack, from Web Applications to APIs to the Network and data layer. Continuous Attack Surface Management coupled with automated & strategic Pen-testing as a Service (PTaaS) yields fully scalable coverage.
China censors 1B hack, Pentagon's bug bounty, Tech hiring cools
China tries to censor what could be biggest data hack in history Pentagon: We'll pay you if you can find a way to hack us Tech's red-hot hiring spree shows signs of cooling Thanks to today's episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the...
Week in Review July 4-8, 202
Link to Blog Post Cyber Security Headlines Week in Review July 4-8, 2022 This week'sCyber Security Headlines Week in Review, June 6-10, is hosted byRich Stroffolinowith our guest,David Cross, SVP/CISOOracle SaaS Cloud Thanks to today's episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? WithVotiroyou can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more atVotiro.com. All links and the video of this...
July 8, 2022
Cisco and Fortinet release security patches for multiple products Canada's RCMP have been using powerful malware to snoop on people's communications Online programming IDEs can be used to launch remote cyberattacks Thanks to today's episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at Votiro.com. For the stories behind the...
July 7, 2022
Attackers moving off Cobalt Strike Cyberattacks against law enforcement on the rise Apple announces lockdown mode Thanks to today's episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at Votiro.com.
July 6, 2022
Hacker may have stolen personal data of 1 billion Chinese citizens Ukrainian police take down phishing gang behind payments scam NIST unveils 'quantum-proof' cryptography algorithms Thanks to today's episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com
July 5, 2022
Jenkins discloses dozens of zero-day bugs in multiple plugins Rogue HackerOne employee steals bug reports to sell on the side Patchable and preventable security issues lead causes of Q1 attacks Thanks to today's episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines,...
July 1, 2022
A new sophisticated malware is attacking SOHO routers New study shows over half of employees use prohibited apps Google battles bots, puts Workspace admins on alert Thanks to today's episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv's Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters....
June 30, 2022
NATO to create rapid response cyber force FBI warns of deep fakes for remote work Ship controls identified as another major attack surface Thanks to today's episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv's Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. If you'd like...
June 29, 2022
Stolen PII and deepfakes used to apply for tech jobs Russia fines foreign firms for data violations Premier League crypto sponsorships expose fans to big losses Thanks to today's episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv's Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters....
June 28, 2022
Ransomware gang launches bug bounty KillNet claims DDoS on Lithuania ICS security bill passes House Thanks to today's episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv's Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. If you'd like to learn more about Optiv ADR, please visit...
June 27, 2022
New phishing method bypasses MFA using Microsoft WebView2 apps Russian threat actors may be behind the explosion at Texas liquefied natural gas plant Google reveals sophisticated Italian spyware campaign targeting victims in Italy, Kazakhstan Thanks to today's episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv's Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats...
Week in Review June 20-24, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 6-10, is hosted byRich Stroffolinowith our guest,Marnie Wilking, CISO,Wayfair Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group forOptiv, discusses what challenges CISOs are facing in today's ever-changing climate: Increasing security Decreasing risk Lowering cost Learn more atwww.optiv.com/IAM-Microsoft. All links and the video of this episode can be found on CISO Series.com
June 24, 2022
Cloud email threats soar 101% in a year NHS warns of scam COVID-19 text messages Fancy Bear uses nuke threat lure to exploit 1-click bug Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv, discusses what challenges CISOs are facing in today's ever-changing climate: Increasing security Decreasing risk Lowering cost Learn more at www.optiv.com/IAM-Microsoft. For the stories behind the headlines, head to CISOseries.com.
June 23, 2022
Daycare apps found insecure Encryption flaws found in Mega Microsoft retires cloud facial recognition Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv, discusses what challenges CISOs are facing in today's ever-changing climate: Increasing security Decreasing risk Lowering cost Learn more at www.optiv.com/IAM-Microsoft.
June 22, 2022
Cloudflare outage impacts crypto exchanges Biden signs a pair of cybersecurity bills 7-zip now supports Windows 'Mark-of-the-Web' security feature Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv, discusses what challenges CISOs are facing in today's ever-changing climate: Increasing security Decreasing risk Lowering cost Learn more at www.optiv.com/IAM-Microsoft. For the stories behind the headlines, head to CISOseries.com
June 21, 2022
Windows downloads blocked in Russia The importance of receipts Chrome extensions can be used for fingerprinting Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv, discusses what challenges CISOs are facing in today's ever-changing climate: Increasing security Decreasing risk Lowering cost Learn more at www.optiv.com/IAM-Microsoft.
June 20, 2022
US DoJ announces shut down of Russian RSOCKS Botnet Experts warn of a new eCh0raix ransomware campaign targeting QNAP NAS Mixed results for Russia's aggressive Ukraine information war, experts say Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv, discusses what challenges CISOs are facing in today's ever-changing climate: Increasing security Decreasing risk Lowering cost Learn more at www.optiv.com/IAM-Microsoft. For the stories behind the headlines, head to CISOseries.com.
Week in Review June 13-17, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 6-10, is hosted byRich Stroffolinowith our guest,Ariel Weintraub, CISO,MassMutual Thanks to today's episode sponsor, Datadog Check outDatadog's on-demand fireside chat with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teamsand in the process helped teams achieve superior results and earned himself senior leadership positions. Watch now atdatadoghq.com/ciso/ All links and the video of this episode can be found on CISO Series.com
June 17, 2022
House Armed Services chair calls national security software, systems 'too vulnerable' Microsoft Office 365 AutoSave can assist cloud ransomware attacks OMIGOD! There's more to OMIGOD Thanks to today's episode sponsor, Datadog Watch Datadog's on-demand webinar for a 30-minute discussion on driving DevSecOps best practices in the enterprise with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teamsand in the process helped teams achieve superior results and earned himself senior leadership positions. Cormac shares stories and leadership lessons that are applicable to any enterprise technical leader looking to help...
June 16, 2022
Cloudflare repels another record DDoS Africa's largest supermarket chain hit with ransomware Resurgence in travel not ignored by threat actors Thanks to today's episode sponsor, Datadog Check out Datadog's on-demand fireside chat with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teamsand in the process helped teams achieve superior results and earned himself senior leadership positions. Watch now at datadoghq.com/ciso/
June 15, 2022
US defense contractor discusses takeover of NSO spyware DoJ will no longer prosecute ethical hackers Attack on Kaiser Permanente exposes data of thousands of customers Thanks to today's episode sponsor, Datadog Watch Datadog's on-demand webinar for a 30-minute discussion on driving DevSecOps best practices in the enterprise with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teamsand in the process helped teams achieve superior results and earned himself senior leadership positions. Cormac shares stories and leadership lessons that are applicable to any enterprise technical leader looking to help...
June 14, 2022
Leaky continuous integration logs Exchange servers used to deploy Black Cat Bluetooth can be used to track phones Thanks to today's episode sponsor, Datadog Check out Datadog's on-demand fireside chat with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teamsand in the process helped teams achieve superior results and earned himself senior leadership positions. Watch now at datadoghq.com/ciso/
June 13, 2022
Amazon's chat app has a child sex abuse problem Ransomware decryptors now for sale on gaming platform China's biggest online influencers go dark Thanks to today's episode sponsor, Datadog Watch Datadog's on-demand webinar for a 30-minute discussion on driving DevSecOps best practices in the enterprise with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teamsand in the process helped teams achieve superior results and earned himself senior leadership positions. Cormac shares stories and leadership lessons that are applicable to any enterprise technical leader looking to help their firm...
Week in Review June 6-10, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 6-10, is hosted byRich Stroffolinowith our guest,Upendra Mardikar, CSO,Snap Finance Thanks to our sponsor, PlexTrac PlexTracis the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a "5X ROI in 1 year," a "30% increase in efficiency," have "cut their reporting cycle by 65%," and experienced a "18 to 22% time savings per engagement." Check outPlexTrac.com/CISOSeriesto learn how...
June 10, 2022
MFA could be long haul for some federal agencies says CISA official New Emotet variant stealing users' credit card information from Google Chrome Symantec: More malware operators moving in to exploit Follina Thanks to today's episode sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a "5X ROI in 1 year," a "30% increase in efficiency," have "cut their reporting cycle by 65%," and experienced...
June 9, 2022
Lack of reporting hurting the ransomware fight CISA warns of China-linked network snooping Personal information marketplace taken down Thanks to today's episode sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a "5X ROI in 1 year," a "30% increase in efficiency," have "cut their reporting cycle by 65%," and experienced a "18 to 22% time savings per engagement." Check out PlexTrac.com/CISOSeries to learn how...
June 8, 2022
Passwords are finally dead Hackers steal credit cards from online gun shops Shields data breach affects 2 million patients Thanks to today's episode sponsor, PlexTrac The best penetration tests begin and end with PlexTrac. PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and management platform....
June 7, 2022
The once and future AlphaBay Karakurt adopts bill collector tactics China concludes its cybersecurity review of Didi Thanks to today's episode sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a "5X ROI in 1 year," a "30% increase in efficiency," have "cut their reporting cycle by 65%," and experienced a "18 to 22% time savings per engagement." Check out PlexTrac.com/CISOSeries to learn how PlexTrac...
June 6, 2022
Evasive phishing mixes reverse tunnels and URL shortening services Exploit released for Atlassian Confluence RCE bug, patch now Lawmakers are racing to pass tech antitrust reforms before midterms Thanks to today's episode sponsor, PlexTrac The best penetration tests begin and end with PlexTrac. PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports. Check out PlexTrac.com/CISOSeries to learn why...
Week in Review May 30-June 3, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, May 30-June 3, is hosted byRich Stroffolinowith our guest,Steve Zalewski, Co-host,Defense in Depth Thanks to today's episode sponsor, Feroot All links and the video of this episode can be found on CISO Series.com
June 3, 2022
Leaked Conti chats confirm gang's ability to conduct firmware-based attacks Critical UNISOC chip vulnerability affects millions of Android smartphones ExpressVPN removes servers in India after refusing to comply with government order Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For...
June 2, 2022
Europol shuts down FluBot Hive ransomware kicks Costa Rica when its down CISA issues advisory on voting machine vulnerabilities Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com.
June 1, 2022
Follina vulnerability under active exploitation Tension inside Google over conduct of fired researcher IBM to pay $1.6 billion for poaching customer account Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines, head to CISOseries.com
May 31, 2022
China censoring open-source code Follina zero-day hits Office EnemyBot botnet acts fast Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com.
May 30, 2022
Pro-Russian hacker group KillNet plans to attack Italy today Microsoft warns that hackers are using more advanced techniques to steal credit card data China makes offer to ten nations help to run their cyber-defenses Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more...
May 27, 2022
Up to 83% of known compromised passwords would satisfy regulatory requirements Broadcom confirms deal to acquire VMware Experts warn of rise in ChromeLoader malware Thanks to today's episode sponsor, Optiv Up for a Zero Trust Crash Course? Join our expert, Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide," as he delivers the following takeaways: - An introduction to Zero Trust - An overview of Optiv's Zero Trust principles - How to visualize your Zero Trust journey and place it in the proper context Catch Jerry's Zero Trust crash course or learn more by...
May 26, 2022
Popular open source libraries leaked keys for "research" DuckDuckGo gives Microsoft a pass on trackers Microsoft weathers the vulnerability storm Thanks to today's episode sponsor, Optiv Need a guide on your Zero Trust journey? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust.
May 25, 2022
Interpol warns nation-state malware could become a commodity on dark web soon General Motors Hit by cyber-attack exposing car owners' personal info Canada to ban China's Huawei and ZTE from its 5G networks Thanks to today's episode sponsor, Optiv Up for a Zero Trust Crash Course? Join our expert, Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide," as he delivers the following takeaways: - An introduction to Zero Trust - An overview of Optiv's Zero Trust principles - How to visualize your Zero Trust journey and place it in the proper context Catch...
May 24, 2022
Cyberattack divorces Zola users from registries A look at the RansomHouse data-extortion operation Now we have to worry about pre-hijacking attacks Thanks to today's episode sponsor, Optiv Need a guide on your Zero Trust journey? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust. For the stories behind the headlines, go to...
May 23, 2022
Ransomware victim trolls hackers with obscene pics CISOs list top cyber threats to enterprises in 2022 YouTube removes more than 9,000 Ukraine war-related channels Thanks to today's episode sponsor, Optiv Need a guide on your Zero Trust journey? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust. For the stories behind the...
Week in Review May 16-20, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, May 16-20, is hosted byRich Stroffolinowith our guest,Jerich Beason, CISO, Commercial Bank,CapitalOne Thanks to today's episode sponsor, Torq All links and the video of this episode can be found on CISO Series.com
May 20, 2022
Greenland health services limited from cyberattacks Phishing attacks surge in Q1 Google details 2021 zero-days And now let's thank today's sponsor, Torq Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can't be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io.
May 19, 2022
VMware bugs abused to deliver Mirai malware Microsoft to debut of zero trust GDAP tool Bank of Zambia refuses to pay ransom to cyberattack group Hive And now let's thank today's sponsor, Torq Myth 4: Automation Will Replace Skilled Security Professionals Not true. Any business that attempts to automate security will quickly find that most high-stakes security issues are far too complex to be detected and remediated by automation tools alone. Human security professionals need to take the lead delivering nuanced insight about the business impact of a large-scale breach. To learn more about the realities of automation, head to...
May 18, 2022
Buffalo massacre suspect signaled plans on Discord for months Google faces litigation for unauthorised use of medical records Venezuelan doctor accused of developing and distributing ransomware And now let's thank today's sponsor, Torq Myth 3: Only Enterprises Need Security Automation Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance, there are about 1 billion known types of malware in existence, and they imperil businesses of all sizes equally. To learn more about the realities of automation, head...
May 17, 2022
Costa Rican ransomware rhetoric somehow gets uglier DOJ files its first criminal cryptocurrency sanctions case Trying to fix open source supply chain security And now let's thank today's sponsor, Torq Myth 2: Security Automation Is Just a New Term for Automated Security Testing Wrong. While scanning and testing may be one example of a security automation use case, it's hardly the only one. Automation can be used to do things like help manage complex security workflows and optimize collaboration between different stakeholders. These are tasks that were not traditionally automated. To learn more about the realities of automation, head to...
May 16, 2022
Ukraine CERT-UA warns of new attacks launched by Russia-linked Armageddon APT Microsoft fixes new PetitPotam Windows NTLM relay attack vector Hackers are exploiting critical bug in Zyxel firewalls and VPNs And now let's thank today's sponsor, Torq Myth 1: Automation Is Only a Reactive Part of SecOps Incorrect. Proactive management of security incidents is just as important, like automatically scanning IaC configurations to detect vulnerabilities, automating collaboration between devs, IT ops and SecOps to prevent risks before they're threats. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com.
Week in Review May 9-13, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, May 9-13, is hosted byRich Stroffolinowith our guest,Rich Lindberg, CISO, JAMS Thanks to our sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one ofDatadog's engineers on how teams can speed up investigations by assessing security and observability data using Datadog's unified platform to reduce security threats by detecting vulnerabilities. Watch the on-demand webinar now to learn how to get full-stack security for your production environment atdatadoghq.com/ciso/ All links and the video...
May 13, 2022
Google will use mobile devices to thwart phishing attacks CISA urges organizations to patch actively exploited F5 BIG-IP vulnerability Kick China off social media, says tech governance expert Thanks to our episode sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one of Datadog's engineers on how teams can speed up investigations by assessing security and observability data using Datadog's unified platform to reduce security threats by detecting vulnerabilities. Watch the on-demand webinar now to learn how to get full-stack security for your...
May 12, 2022
Old botnets are new again Meta withdraws Oversight Board guidance request EU proposes new CSAM rules Thanks to our episode sponsor, Datadog In this on-demand webinar, you'll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Built on top of the observability platform, Datadog brings unprecedented integration between security and devops aligned to shared organizational goals. Watch the on-demand webinar now to learn how to get full-stack security for your...
May 11, 2022
Russian TV hacked on Victory Day US pledges to help Ukraine keep internet and lights running Pentagon's concerns China may prompt vetting startups Thanks to our episode sponsor, Datadog In this on-demand webinar, you'll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Built on top of the observability platform, Datadog brings unprecedented integration between security and devops aligned to shared organizational goals. Watch the on-demand webinar now to learn...
May 10, 2022
Ransomware state of emergency in Costa Rica Microsoft launches service to fill the cyber skills gap College closes permanently due to ransomware Thanks to our episode sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one of Datadog's engineers on how teams can speed up investigations by assessing security and observability data using Datadog's unified platform to reduce security threats by detecting vulnerabilities. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/
May 9, 2022
Google Play now blocks paid app downloads, updates in Russia NIST releases updated guidance for defending against supply-chain attacks US State Department offering $10 million reward for information about Conti members Thanks to our episode sponsor, Datadog In this on-demand webinar, you'll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Built on top of the observability platform, Datadog brings unprecedented integration between security and devops aligned to shared organizational...
Week in Review May 2-6, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, May 2-6, is hosted byRich Stroffolinowith our guest,Shawn Bowen, CISO,World Fuel Services Thanks to our episode sponsor, Censys WhyCensys? Our Attack Surface Management tool is designed from the ground up to seamlessly integrate with existing security workflows. It's the only ASM tool that discovers modern cloud specific assets like storage buckets and our scanning platform finds more than 85% more services than our nearest competitor. Start with Censys atcensys.io. All links and the video of this episode can be found on CISO Series.com
May 6, 2022
Decade-old bugs discovered in Avast, AVG antivirus software Thailand and Hong Kong Banks used most in BEC Every ISP in the US must block these 3 pirate streaming services Thanks to today's episode sponsor, Censys Why Censys? Our Attack Surface Management tool is designed from the ground up to seamlessly integrate with existing security workflows. It's the only ASM tool that discovers modern cloud specific assets like storage buckets and our scanning platform finds more than 85% more services than our nearest competitor. Start with Censys at censys.io. For the stories behind the headlines, head to CISOseries.com.
May 5, 2022
CuckooBees campaign stings targets for years Health and Human Services hammered over security Docker images used to DDoS Russian sites Thanks to today's episode sponsor, Censys Censys' Attack Surface Management tool discovers and inventories all Internet-facing assets including traditional assets like hosts, IPs, and cloud services like storage buckets across all accounts and networks. ASM gives you a continuous picture of your attack surface. Start with Censys at censys.io.
May 4, 2022
Google claims to have blocked billions of malicious app downloads NortonLifeLock willfully infringed malware patents Former eBay exec pleads guilty to cyber stalking Thanks to today's episode sponsor, Censys Tom the CTO can't go into the boardroom unprepared. It's his job to know all the risks to his company especially the one that could land him on the front page of the newspaper. His best bet for survival is staying ahead of the most critical threats. Tom, you can be that source of truth; start with Censys at censys.io right now. For the stories behind the headlines, head to CISOseries.com
May 3, 2022
Solana network goes dark after bot swarm The spyware in Spain falls mostly on the politicians Security isn't top of mind for mental health apps Thanks to today's episode sponsor, Censys All Pat the Security Practitioner wants is to do a good job and be the frontline in keeping his company safe. He's got great tools, but nothing that can show him if there are company assets that have somehow made their way onto the internet. If only Pat knew about Censys' Attack Surface Management tool. Now you do start with Censys at censys.io.
May 2, 2022
Top 15 exploited security vulnerabilities in 2021 India gives orgs 6 hours to report cyber incidents The White House wants more powers to crack down on rogue drones Thanks to today's episode sponsor, Censys What Chris the CISO wants is to protect against revenue loss and damage to his company's brand from data breaches and compliance failures. But he's got a blind spot around his internet exposure. What assets are out there on the internet that his team doesn't know about? Well, Chris, it's simple start with Censys at censys.io. For the stories behind the headlines, visitCISOseries.com.
Week in Review Apr 25-29, 2022
Link to Blog Post This week's Cyber Security Headlines - Week in Review, Apr 25-29, is hosted by Rich Stroffolino with our guest, Hadas Cassorla, CISO, M1 Financial Thanks to our episode sponsor, Feroot All links and the video of this episode can be found on CISO Series.com
April 29, 2022
Global security spending set to hit $198bn by 2025 New malware loader Bumblebee adopted by known ransomware access brokers Cloudflare thwarts record DDoS attack Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines, head to...
April 28, 2022
Russia experiences hacks at scale State Department puts a price on NetPetya's head Two-thirds of organizations hit with ransomware Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com.
April 27, 2022
Elon Musk's Twitter takeover could be bad for security and privacy Stormous Ransomware targets Coca Cola US offers $10 million reward for help locating Russian hackers Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines,...
April 26, 2022
Mandiant finds record zero-days in 2021 Bored Ape Yacht Club hacked Oracle patches critical Java vulnerability Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com.
April 25, 2022
Hackers find 122 vulnerabilities, 27 deemed critical, during first round of DHS bug bounty program Anonymous has leaked 5.8 TB of Russian data since declaring cyber war AWS's Log4j patches blew holes in its own security Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications....
April 22, 2022
Critical chipset bugs open millions of Android devices to remote spying New Five Eyes alert warns of Russian threats targeting critical infrastructure Machine-learning models vulnerable to undetectable backdoors And here's a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines,...
April 21, 2022
Okta reports on Lapsus$ breach Popular VPNs use risky certificates Project Zero disclosed a new vulnerability record And here's a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at Votiro.com.
April 20, 2022
LinkedIn is now the most popular phish bait Lenovo patches firmware vulnerabilities impacting millions of users Ukraine war stokes internet connectivity concerns in Taiwan And here's a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com
April 19, 2022
Catalan leaders targeted by NSO spyware Researchers share a deep dive into PYSA ransomware operations Most security teams feeling the talent shortage And here's a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at Votiro.com.
April 18, 2022
Microsoft: Office 2013 will reach end of support in April 2023 Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns Mute button in conferencing apps may not actually mute your mic And here's a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything including Microsoft 365. Learn more at...
April 15, 2022
Data breach disclosures surge 14% in Q1 2022 Windows 11 tool to add Google Play secretly installed malware DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii Thanks to our episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don't need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from "watchdog" to "guide dog" and everyone wins. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.
April 14, 2022
Industrial cybersecurity companies form coalition Microsoft disrupts ZLoader T-Mobile hired someone to get their data back Thanks to our episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme.
April 13, 2022
RaidForums hacker marketplace shut down in cross-border law enforcement operation Sandworm hackers fail to take down Ukrainian energy provider CISA warns of Russian state hackers exploiting WatchGuard bug Thanks to our episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who's resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you'll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations' most valuable assets. Visit Code42.com/showme to learn more. For the stories behind the...
April 12, 2022
NSO Group spyware reportedly used against European Commission The malware is coming from inside the phone OpenSSH gets ready for quantum computing Thanks to our episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there's a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme.
April 11, 2022
New Meta information stealer distributed in malspam campaign NB65 group targets Russia with a modified version of Conti's ransomware Elon Musk unveils vision for Twitter after joining board Thanks to our episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don't need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from "watchdog" to "guide dog" and everyone wins. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.
Week in Review Apr 4-8, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Apr 4-8, is hosted byRich Stroffolinowith our guest,Brett Conlon, CISO,American Century Investments Thanks to our sponsor, Code42 It's not just about the data leaving your company what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydris an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more...
April 8, 2022
Newly discovered flaw could allow hacking of Samsung Android devices Adobe Creative Cloud Experience makes malware easier to hide Parrot redirect service infects 16,500 sites to push malware Thanks to our episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and...
April 7, 2022
US disrupted Russian botnet Twitter shadowbans Russian government accounts DOJ charges Russian national with operating Hydra Thanks to our episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who's resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you'll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations' most valuable assets. Visit Code42.com/showme to learn more.
April 6, 2022
Germany takes down world's largest darknet market Anonymous leaks personal details of Russian soldiers CISA adds Spring4Shell to list of exploited vulnerabilities Thanks to our episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there's a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme. For the stories behind the headlines, visit CISOseries.com
April 5, 2022
Russian secret police exposed in data leak MailChimp hit with breach The Bureau of Cyberspace and Digital Policy goes live Thanks to our episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don't need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from "watchdog" to "guide dog" and everyone wins. Learn more at Code42.com/showme.
April 4, 2022
New Borat remote access malware is no laughing matter Apple rushes out patches for 0-days in MacOS, iOS National Security Agency employee indicted for 'leaking top secret info' Thanks to our episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and...
Week in Review Mar 28-Apr 1, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Mar 28-Apr 1, is hosted byRich Stroffolinowith our guest,Fredrick Lee, CISO,Gusto Thanks to our episode sponsor, Varonis All links and the video of this episode can be found on CISO Series.com
April 1, 2022
Palo Alto Networks error exposed customer support cases, attachments New AcidRain data wiper malware targets modems and routers Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk Thanks to our episode sponsors, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis' leading data security platform. For the stories behind the headlines, head to CISOseries.com.
March 31, 2022
Hackers abusing the power of subpoena Lapsus$ claims hack of Globant Brian Krebs sued by Ubiquiti for defamation Thanks to our episode sponsors, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries.
March 30, 2022
Ukraine destroys panic-spreading bot farms Yandex is sending iOS user data to Russia Ronin Network victimized in record-breaking crypto heist Thanks to our episode sponsors, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis' leading data security platform. For the stories behind the headlines, visit CISOseries.com.
March 29, 2022
Ukraine ISP taken down by cyber attack Windows can now block drivers Deepfakes take a turn for the banal Thanks to our episode sponsors, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn't stand a chance. Learn more at www.varonis.com/cisoseries.
March 28, 2022
Critical Sophos Firewall vulnerability allows remote code execution Okta: "We made a mistake" delaying the Lapsus$ hack disclosure CISA adds 66 new flaws to the Known Exploited Vulnerabilities Catalog Thanks to our episode sponsors, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to "Zero Trust." Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
Week in Review Mar 21-25, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Mar 21-25, is hosted byRich Stroffolinowith our guest,John Prokap, CISO,Success Academy Charter Schools Thanks to our episode sponsor, Varonis Customer: "The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically." Hear more at www.varonis.com/cisoseries. All links and the video of this episode can be found on CISO Series.com
March 25, 2022
UK police arrest 7 people in connection with Lapsus$ North Korean hackers exploit Chrome zero-day weeks before patch Anonymous claims to have hacked the Central Bank of Russia Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
March 24, 2022
Microsoft expands program to fill cyber skills gap Cyber Crime Losses Up 64% in 2021 Microsoft confirms Lapsus$ breach Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don't need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware automatically with Varonis. Visit www.varonis.com/cisoseries.
March 23, 2022
Ransomware attack on Okta leads to data breach Lapsus$ leaks 37GB of Microsoft source code Anonymous hacks Nestl for operating in Russia Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis' leading data security platform. For the stories behind the headlines, visit CISOseries.com
March 22, 2022
Ransomware puts the breaks on Bridgestone Phishing with browser-in-a-browser attacks Conti Leaks leaks Conti code Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn't stand a chance. Learn more at www.varonis.com/cisoseries.
March 21, 2022
CISA, FBI tell satellite communications network owners to watch out for hacks after Ukraine attack Hackers claim to breach TransUnion South Africa with 'Password' password Developer sabotages own npm module prompting open-source supply chain security questions Thanks to our episode sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to "Zero Trust." Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. For the stories behind the...
Week in Review Mar 14-18, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Mar 14-18, is hosted byDavid Sparkwith our guest,Eric Hussey, CISO,Aptiv Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we hadVaronis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more atwww.varonis.com/cisoseries. All links and the video of this episode can be found on CISO Series.com
March 18, 2022
Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries.
March 17, 2022
Phony Instagram 'support staff' emails hit insurance company Facebook hit with $18.6 million GDPR fine over 12 data breaches in 2018 Microsoft Defender tags Office updates as ransomware activity Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don't need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware automatically with Varonis. Visit www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
March 16, 2022
More destructive wiper malware strikes Ukraine German security agency recommends replacing Kaspersky antivirus HackerOne apologizes to Ukrainian hackers for blocking payouts Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis' leading data security platform. For the stories behind the headlines, visit CISOseries.com
March 15, 2022
Ukraine's IT army hit with malware Mobile endpoints see a lot of malicious apps AMD vulnerable to Spectre v2 Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn't stand a chance. Learn more at www.varonis.com/cisoseries.
March 14, 2022
Ubisoft changes employee passwords after "cyber security incident" Cyber Command chief tells Congress chip shortage has national security implications LockBit claims hack on Bridgestone tires Thanks to our episode sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to "Zero Trust." Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
Week in Review Mar 7-11, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Mar 7 11, is hosted byRich Stroffolinowith our guest,Anshu Gupta, Investor,Silicon Valley CISO Investments Thanks to our sponsor, Torq Security Automation Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can't be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head...
March 11, 2022
Russia creates its own TLS certificate authority to bypass sanctions Online sleuths are using face recognition to ID Russian soldiers Basic text-color trick can fool phishing filters There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can't be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an...
March 10, 2022
Chipmakers warn of new speculative execution bugs US worked to shore up Ukraine's cyber defense in 2021 Twitter Tor service launches There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 4: Automation Will Replace Skilled Security Professionals Not true. Any business that attempts to automate security will quickly find that most high-stakes security issues are far too complex to be detected and remediated by automation tools alone. Human security professionals need to take the lead delivering nuanced insight about the business impact of a large-scale breach....
March 9, 2022
Google to purchase cybersecurity firm Mandiant for $5.4 billion Security vendors help infrastructure orgs protect against Russian cyberattacks Russian VPN demand soars amidst social media crackdown There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 3: Only Enterprises Need Security Automation Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance, there are about 1 billion known types of malware in existence, and they...
March 8, 2022
Leaked Nvidia data used in malware Russia says it's okay to download a car Sharkbot takes a bite out of the Play Store There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 2: Security Automation Is Just a New Term for Automated Security Testing Wrong. While scanning and testing may be one example of a security automation use case, it's hardly the only one. Automation can be used to do things like help manage complex security workflows and optimize collaboration between different stakeholders. These are tasks...
March 7, 2022
Charities and NGOs that provide support to Ukraine hit by malware 'Most advanced' China-linked backdoor ever raises alarms for cyber-espionage investigators Hackers allegedly leak Samsung data, source code There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 1: Automation Is Only a Reactive Part of SecOps Incorrect. Proactive management of security incidents is just as important, like automatically scanning IaC configurations to detect vulnerabilities, automating collaboration between devs, IT ops and SecOps to prevent risks before they're threats. To learn more about the realities of automation,...
Week in Review Feb 28-Mar 4, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Feb 28-Mar 4, is hosted byRich Stroffolinowith our guest,Ody Lupescu, CISO,Ethos Life Thanks to our episode sponsor, Torq There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can't be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application...
March 4, 2022
Cyberattack attempts on Ukraine surge tenfold Ukraine's "IT army" targets Belarus railway network, Russian GPS Eight-character passwords can be cracked in less than 60 minutes There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can't be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the...
March 3, 2022
Conti and Trickbot code leaks API attacks surge in 2021 Log4Shell still being used in the wild There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 4: Automation Will Replace Skilled Security Professionals Not true. Any business that attempts to automate security will quickly find that most high-stakes security issues are far too complex to be detected and remediated by automation tools alone. Human security professionals need to take the lead delivering nuanced insight about the business impact of a large-scale breach. To learn more about the realities of...
March 2, 2022
Russia-Ukraine War update Nvidia confirms company data was stolen in hack Half of employees use unauthorized file services at work There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 3: Only Enterprises Need Security Automation Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance, there are about 1 billion known types of malware in existence, and they imperil businesses of all sizes equally. To learn more...
March 1, 2022
Toyota suspends Japanese production due to cyberattack Microsoft providing threat intelligence to Ukraine Twitter to label tweets from state-owned media There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 2: Security Automation Is Just a New Term for Automated Security Testing Wrong. While scanning and testing may be one example of a security automation use case, it's hardly the only one. Automation can be used to do things like help manage complex security workflows and optimize collaboration between different stakeholders. These are tasks that were not traditionally automated. To...
February 28, 2022
Ukraine recruits volunteer IT army to hack list of Russian entities Russia demands Google restore access to its media YouTube channels in Ukraine Chipmaker giant Nvidia hit by ransomware attack There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 1: Automation Is Only a Reactive Part of SecOps Incorrect. Proactive management of security incidents is just as important, like automatically scanning IaC configurations to detect vulnerabilities, automating collaboration between devs, IT ops and SecOps to prevent risks before they're threats. To learn more about the realities of automation, head...
Week in Review Feb 21-25, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Feb 21-25, is hosted byRich Stroffolinowith our guest,Mark Eggleston, CISO,CSC Thanks to our episode sponsor, Tines Tinesis hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over totines.com/gameshowto register. All links and the video of this episode can be found on CISO Series.com
February 25, 2022
Cyberattacks accompany Russian military assault on Ukraine Putin's government warns Russian critical infrastructure of potential cyberattacks Manufacturing was the top industry targeted by ransomware last year Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. For the stories behind the headlines, head to CISOseries.com.
February 24, 2022
Samsung shipped devices with flawed encryption New York state gets cybersecurity center Microsoft Defender adds support for GCP Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register.
February 23, 2022
IRS is allowing taxpayers to opt out of facial recognition UK Defence Secretary warns Russia of cyber-retaliation Slack confirms outage for some users Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. For the stories behind the headlines, head to cisoseries.com
February 22, 2022
Researches find decryption for Hive ransomware In the Google Play Store, no one can hear you scream Linux leads in patching speeds Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register.
February 21, 2022
White House attributes Ukraine DDoS incidents to Russia's GRU Master key for Hive ransomware retrieved using a flaw in its encryption algorithm New phishing campaign targets Monzo online-banking customers Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. For the stories behind the headlines, head to CISOseries.com.
Week in Review Feb 14-18, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Feb 14-18, is hosted byRich Stroffolinowith our guest,Mike Hanley, CSO,GitHub Thanks to our episode sponsor, PlexTrac PlexTracis the Purple Teaming Platform. Use the Runbooks Module to facilitate your tabletop exercises, red team engagements, breach and attack simulations, and pentest automation to improve communication and collaboration. PlexTrac upgrades your program's capabilities by making the most of every team member and tool. Check outPlexTrac.com/CISOSeriesto learn why PlexTrac is the perfect platform for CISOs! All links and the video of this episode can be found on CISO Series.com
February 18, 2022
DOJ beefs up efforts to combat criminal use of cryptocurrencies Canada's major banks go offline in mysterious hours-long outage Hackers slip into Microsoft Teams chats to distribute malware Thanks to our episode sponsor, PlexTrac PlexTrac is the Purple Teaming Platform. Use the Runbooks Module to facilitate your tabletop exercises, red team engagements, breach and attack simulations, and pentest automation to improve communication and collaboration. PlexTrac upgrades your program's capabilities by making the most of every team member and tool. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to...
February 17, 2022
State-sponsored hackers hits defense contractors Unskilled hacker targeted aviation industry for years Privacy Sandbox heading to Android Thanks to our episode sponsor, PlexTrac Solve your talent shortage with PlexTrac. Use PlexTrac to automate security tasks and workflows to keep your red, blue, and purple teams focused on the real security work. Gain precious time back in your team's day and improve their morale by making them more effective with PlexTrac. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
February 16, 2022
Cyberattacks take down Ukrainian military and bank websites Super Bowl ad shines a light on QR code risks CISA directs agencies to patch actively exploited Chrome and Magento bugs Thanks to our episode sponsor, PlexTrac PlexTrac is the solution to deal with your data. Aggregate findings from all assessments to produce the analytics needed to make informed decisions. Produce data visualizations and add them to reports with one click to communicate effectively to leadership. PlexTrac is the premier product for security data management. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind...
February 15, 2022
FTC warns VoIP providers about robocalls SEC outlines new cybersecurity rules for investment firms Rampant plagiarism hits NFT marketplace Thanks to our episode sponsor, PlexTrac Gain a real-time view of security posture with PlexTrac by consolidating scanner findings, assessments, and bug bounty tools. Visualize your posture in the Analytics Module to quickly assess and prioritize, creating a more effective workflow. Map risks to the MITRE ATT&CK framework to create a living risk register. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
February 14, 2022
San Francisco 49ers hit by Blackbyte ransomware attack Linux malware attacks are on the rise, and businesses aren't ready for it Fake Windows 11 upgrade installers deliver RedLine malware Thanks to our episode sponsor, PlexTrac PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com.
Week in Review Feb 7-11, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Feb 7-11, is hosted byRich Stroffolinowith our guest,Dave Stirling, CISO,Zions Bancorporation Thanks to our episode sponsor, Datadog Datadog Security Monitoringis part of the Datadog Cloud Security Platform, which protects an organization's production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you'll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework....
February 11, 2022
Donation site for Ottawa truckers' "Freedom Convoy" protest exposed donors' data FritzFrog botnet returns to attack healthcare, education, government sectors If you use Zoom on a Mac, you might want to check your microphone settings Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization's production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you'll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere...
February 10, 2022
Ukraine takes down social media bot farm Federal use of cell siphoning tech on the rise Microsoft expands security business Thanks to our episode sponsor, Datadog Datadog's Cloud Security Platform delivers real-time threat detection and continuous configuration audits across your entire production environment, so you can bring speed and scale to your security organization. The Cloud Security Platform is built on top of Datadog's observability platform, which breaks down silos between Security and DevOps teams and aligns them to shared organizational goals. To learn more about how Datadog Security Monitoring can solve cloud complexity challenges with a unified platform, download...
February 9, 2022
DOJ arrests New York couple, seizing $3.6 billion in bitcoin Google sees 50% drop in compromises after 2SV enrollment Puma employee data stolen as a result of Kronos attack Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization's production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you'll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey...
February 8, 2022
Stolen crypto used to fund North Korean missile program Microsoft disables protocol used by malware Meta may pull out of the EU Thanks to our episode sponsor, Datadog Datadog's Cloud Security Platform delivers real-time threat detection and continuous configuration audits across your entire production environment, so you can bring speed and scale to your security organization. The Cloud Security Platform is built on top of Datadog's observability platform, which breaks down silos between Security and DevOps teams and aligns them to shared organizational goals. To learn more about how Datadog Security Monitoring can solve cloud complexity challenges with a unified...
February 7, 2022
US House passes bill to boost chip manufacturing and R&D One in seven ransomware extortion attempts leak key operational tech records New Argo CD bug could let hackers steal secret info from Kubernetes apps Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization's production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you'll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in...
Week in Review Jan 31-Feb 4, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Jan 24-Feb 4, is hosted byRich Stroffolinowith our guest,Brian Lozada, CISO,HBOMax Thanks to our episode sponsor, Pentera Align validation to the MITRE ATT&CK framework and the OWASP Top 10. By aligning to industry standards, security teams ensure that their testing covers the latest adversary techniques. Most attacks succeed by leveraging the most common TTPs, so challenging the attack surface against these frameworks provides comprehensive coverage of adversary techniques in the wild. In addition, it allows security executives to clearly report to management on security control efficacy and enterprise readiness...
February 4, 2022
iPhone flaw exploited by second Israeli spy firm Target shares its own web skimming detection tool with the world MFA adoption pushes phishing actors to reverse-proxy solutions Thanks to our episode sponsor, Pentera Align validation to the MITRE ATT&CK framework and the OWASP Top 10. By aligning to industry standards, security teams ensure that their testing covers the latest adversary techniques. Most attacks succeed by leveraging the most common TTPs, so challenging the attack surface against these frameworks provides comprehensive coverage of adversary techniques in the wild. In addition, it allows security executives to clearly report to management on security...
February 3, 2022
Iran-linked APT activity on the rise Hacker claims responsibility for North Korean internet disruptions TikTok: the once and future national security threat Thanks to our episode sponsor, Pentera To continuously know the exploitable attack surface, automate your validation. Security validation must be as dynamic as the attack surface it's securing. Periodical and manual tests aren't enough to challenge the changes an organization undergoes. Security teams need to have an on-demand view of their assets and exposures, and the only way to get there is by automating your testing. Find out more at pentera.io
February 2, 2022
Cyber attack disrupts German oil firm operations Tesla recalls Full Self Driving feature that lets cars roll through stop signs FBI recommends using burner phones at the Olympics Thanks to our episode sponsor, Pentera To understand the exploitable attack surface, security teams need to cover the full scope of potential attacks. Adversaries take the path of least resistance to the critical assets. This means using a variety of techniques to progress an attack, leveraging any vulnerability and its relevant correlations along the way. For this reason, the validation methods used must match - they need to go beyond the static...
February 1, 2022
Your GPU knows your secrets UPnP behind Eternal Silence router campaign DeFi platform hacked for $80 million Thanks to our episode sponsor, Pentera To understand the exploitable attack surface, take the adversarial perspective. The way to know which vulnerabilities are exploitable is towell, exploit them. This way, security teams get a concise attack vector pointing to the organization's weakest link. From here remediation requests handed to IT are focused, manageable, and based on true business impact. Find out more at pentera.io
January 31, 2022
Novel device registration trick enhances multi-stage phishing attacks US bans major Chinese telecom over national security risks Over 20,000 data center management systems exposed to hackers Thanks to our episode sponsor, Pentera Pentera introduces Automated Security Validation! The newly-minted unicorn out of Israel takes a whole new approach to penetration testing - allowing every organization to continuously test the integrity of all cybersecurity layers - including against ransomware - leveraging proprietary ethical exploits to emulate real-world attacks at scale. All day, everyday. This week Pentera will discuss how to identify your exploitable attack surface, so stay tuned for their 'Tip...
Week in Review Jan 24-28, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Jan 24-28, is hosted byRich Stroffolinowith our guest,Gary Hayslip, CISO,Softbank Investment Advisers Thanks to our episode sponsor, deepwatch All links and the video of this episode can be found on CISO Series.com
January 28, 2022
US says national water supply 'absolutely' vulnerable to hackers Microsoft mitigated a record 3.47 Tbps DDoS attack on Azure users BotenaGo Mirai botnet code leaked to GitHub Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind...
January 27, 2022
White House releases new cybersecurity strategy Trickbot gets trickier VPNLab shuttered in global takedown Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
January 26, 2022
Canada's foreign ministry hacked Hactivists target Belarus rail system to stop Russian military buildup Segway victimized by Magecart attack Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com
January 25, 2022
SBA launches cybersecurity program Ransomware gangs step up insider recruitment American Olympians warned to take cybersecurity precautions Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
January 24, 2022
Ukraine attack update: experts find strategic similarities with NotPetya Molerats use Google Drive and Dropbox as attack infrastructure Senators introduce bill to protect satellites from getting hacked Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind...
Week in Review Jan 17-21, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Jan 17-21, is hosted byRich Stroffolinowith our guest,Julie Tsai, Cybersecurity Leader Thanks to our episode sponsor, Datadog JoinDatadogin their upcoming webinar to learn how to dissect the anatomy of an attack vector in the cloud with the use of their unified Cloud Security Platform. Visitdatadoghq.com/cisoto register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt. All links and the video of this episode can be found on CISO Series.com
January 21, 2022
NATO and Ukraine sign deal to boost cybersecurity Microsoft Sees Log4j attacks exploiting SolarWinds Serv-U bug Large-scale cyberattack hits the Red Cross Thanks to our episode sponsor, Datadog Join Datadog in their upcoming webinar to learn how to dissect the anatomy of an attack vector in the cloud with the use of their unified Cloud Security Platform. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt. For the stories behind the headlines, head to CISOseries.com.
January 20, 2022
CISA warns of data-wiping attacks EU working on its own DNS service Biden expands the NSA's cybersecurity purview Thanks to our episode sponsor, Datadog In Datadog's upcoming webinar, you'll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt.
January 19, 2022
Beijing 2022 Winter Olympics app loaded with privacy risks Europol shuts down cybercriminals' VPN service of choice Newspaper accuses Israeli police of spying on its own citizens Thanks to our episode sponsor, Datadog Join Datadog in their upcoming webinar to learn how to dissect the anatomy of an attack vector in the cloud with the use of their unified Cloud Security Platform. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt. For the stories behind the headlines, head to CISOseries.com
January 18, 2022
Ukraine points fingers in recent cyber attacks Another dark web marketplace calls it quits Renewable energy targeted for cyber espionage Thanks to our episode sponsor, Datadog In Datadog's upcoming webinar, you'll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt.
January 17, 2022
Microsoft discloses malware attack on Ukraine government networks New unpatched Apple Safari browser bug allows cross-site user tracking Now you can get your vulnerability alerts by phone Thanks to our episode sponsor, Datadog Join Datadog in their upcoming webinar to learn how to dissect the anatomy of an attack vector in the cloud with the use of their unified Cloud Security Platform. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt. For the stories behind the headlines, head to CISOseries.com.
Week in Review Jan 10-14, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Jan 10-14, is hosted byRich Stroffolinowith our guest,Tyler Young, Director, Information Security,Relativity Thanks to our episode sponsor, BlackBerry All links and the video of this episode can be found on CISO Series.com
January 14, 2022
New undetected backdoor runs across three OS platforms Microsoft RDP bug enables data theft, smart-card hijacking Ukrainian police arrests ransomware gang that hit over 50 firms Thanks to our episode sponsor, BlackBerry CISO'sListen Up. Is your team challenged with distinguishing threat signal from noise, reducing cyber costs and finding security talent? We're here to help. BlackBerry Guard is a Managed Extended Detection & Response(XDR) service that merges the Cylance artificial intelligence cybersecurity platform with 24x7 support from award winning responders and prevention experts. Spend time on key security initiatives, instead of the fallout from breaches. Learn more at BlackBerry.com For...
January 13, 2022
EU planning supply chain attack simulations TellYouThePass ransomware returns A look at Senate confirmations for cyber positions Thanks to our episode sponsor, BlackBerry With ransomware attacks like REvil, DarkSide, Conti, and recently Log4Shell, how confident are you in your cyber solution to prevent threats today and into the future? With BlackBerry's Prevention-First endpoint security, we prevent breaches vs responding to and mitigating future attacks. With our Cylance Artificial Intelligence(AI), threats are detected and prevented pre-execution. Traditional AV vendors can't do this. Get Prevention-First protection to keep your data and organization safe. Learn more at BlackBerry.com.
January 12, 2022
Apple to allow third-party app payment options in South Korea Hotel chain switches to Chrome OS to recover from ransomware attack Hackers leveraging Log4j to install NightSky ransomware Thanks to our episode sponsor, BlackBerry Cybersecurity Professionals Listen up. Ransomware is on the rise and you can't afford to rely on ineffective endpoint technology to PREVENT attacks. With BlackBerry's 7th generation Artificial Intelligence(AI) and Machine Learning(ML) technology powered by Cylance, malicious attacks are detected and prevented on average of 25 months BEFORE appearing online. With our prevention-first approach, Cylance technology neutralizes malware before the exploitation stage of the kill-chain. Can your...
January 11, 2022
Open source developer poisons his own well Hacker group self-pwns Microsoft finds TCC bypass vulnerability in macOS Thanks to our episode sponsor, BlackBerry CISO'sListen Up. Is your team challenged with distinguishing threat signal from noise, reducing cyber costs and finding security talent? We're here to help. BlackBerry Guard is a Managed Extended Detection & Response(XDR) service that merges the Cylance artificial intelligence cybersecurity platform with 24x7 support from award winning responders and prevention experts. Spend time on key security initiatives, instead of the fallout from breaches. Learn more at BlackBerry.com
January 10, 2022
Hackers have been sending malware-filled USB sticks to U.S. companies disguised as gifts Swiss army asks its personnel to use the Threema instant-messaging app Norton 360 faces blowback for crypto feature Thanks to our episode sponsor, BlackBerry Cybersecurity Professionals Listen up. Ransomware is on the rise and you can't afford to rely on ineffective endpoint technology to PREVENT attacks. With BlackBerry's 7th generation Artificial Intelligence(AI) and Machine Learning(ML) technology powered by Cylance, malicious attacks are detected and prevented on average of 25 months BEFORE appearing online. With our prevention-first approach, Cylance technology neutralizes malware before the exploitation stage of the...
Week in Review Jan 3-7, 2022
Link to Blog Post This week'sCyber Security Headlines Week in Review, Jan 3-7, is hosted byRich Stroffolinowith our guest,Adam Glick, CISO,SimpliSafe Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visitdeepwatch.comto see how we help to prevent breaches for our customers, by working together. All links and the video of this episode can be found on...
January 7, 2022
Honda, Acura cars hit by Y2K22 bug that rolls back clocks New trick could let malware fake iPhone shutdown to spy on users secretly Attackers exploit flaw in Google Docs' comments feature Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working...
January 6, 2022
Microsoft's digital signature verification exploited New York AG warns of credential stuffing attacks Google acquires Siemplify Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
January 5, 2022
FTC warns of potential penalties for failing to fix Log4j flaws UScellular discloses data breach after billing system hack SlimPay fined for exposing data of 12 million customers for 5 years Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together....
January 4, 2022
Broward Health discloses major data breach Beware of the command line copy-paste backdoor HomeKit bug can crash iOS devices Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
January 3, 2022
Microsoft Exchange year 2022 bug breaks email delivery Uber email breach allows anyone to email as Uber Crypto security breaches cause $4.25 billion in losses in 2021 Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind...
December 30, 2021
Defense bill includes cybersecurity provisions for private-sector Server firmware rootkit discovered Microsoft Defender showing Log4j false positives Thanks to our episode sponsor, Lookout Complexity is the enemy of security. With an integrated Zero Trust platform, Lookout makes things simple. Whether data is on employees' smartphones or in the cloud, Lookout enables organizations to protect sensitive information no matter where it goes. Discover why IDC named the Lookout CASB a major player in its latest MarketScape at lookout.com/idc.
December 29, 2021
LastPass confirms credential stuffing attack against its users Alexa issues deadly challenge to 10-year-old girl Apple aims to retain talent with up to $180,000 bonuses Thanks to our episode sponsor, Lookout Complexity is the enemy of security. With an integrated Zero Trust platform, Lookout makes things simple. Whether data is on employees' smartphones or in the cloud, Lookout enables organizations to protect sensitive information no matter where it goes. Discover why IDC named the Lookout CASB a major player in its latest MarketScape at lookout.com/idc. For the stories behind the headlines, head to CISOseries.com
December 28, 2021
Study looks at ransomware market share Researchers find abundant toolkits to get around 2FA Shutterfly hit with ransomware Thanks to our episode sponsor, Lookout Complexity is the enemy of security. With an integrated Zero Trust platform, Lookout makes things simple. Whether data is on employees' smartphones or in the cloud, Lookout enables organizations to protect sensitive information no matter where it goes. Discover why IDC named the Lookout CASB a major player in its latest MarketScape at lookout.com/idc.
December 27, 2021
Rook ransomware is yet another spawn of the leaked Babuk code Russia fines Google $100m over "illegal" content Fake Christmas Eve termination notices used as phishing lures Thanks to our episode sponsor, Lookout Complexity is the enemy of security. With an integrated Zero Trust platform, Lookout makes things simple. Whether data is on employees' smartphones or in the cloud, Lookout enables organizations to protect sensitive information no matter where it goes. Discover why IDC named the Lookout CASB a major player in its latest MarketScape at lookout.com/idc. For the stories behind the headlines, head to CISOseries.com.
December 24, 2021
CISA releases free scanner to spot Log4j exposure Researchers disclose unpatched vulnerabilities in Microsoft Teams software Microsoft Office patch bypassed for malware distribution in apparent 'dry run' Thanks to our episode sponsor, Lookout Is 2022 the beginning of the end for on-prem security? Two years after remote work became the norm, we're at an inflection point for both threats and security solutions. Just as you wouldn't bring a sword to a gunfight, organizations need to take advantage of integrated cloud solutions to tackle emerging challenges. Check out Lookout's 2022 predictions at lookout.com/predictions. For the stories behind the headlines, head to...
December 23, 2021
Five Eyes issues Log4Shell advisory NSO Group deal with Uganda spurred backlash Microsoft PhotoDNA inverted to reveal images Thanks to our episode sponsor, Lookout Is 2022 the beginning of the end for on-prem security? Two years after remote work became the norm, we're at an inflection point for both threats and security solutions. Just as you wouldn't bring a sword to a gunfight, organizations need to take advantage of integrated cloud solutions to tackle emerging challenges. Check out Lookout's 2022 predictions at lookout.com/predictions.
December 22, 2021
Hack DHS program expanded to include Log4j Tech companies agree to protect data on undersea cable US returns $154 million stolen by Sony employee Thanks to our episode sponsor, Lookout Is 2022 the beginning of the end for on-prem security? Two years after remote work became the norm, we're at an inflection point for both threats and security solutions. Just as you wouldn't bring a sword to a gunfight, organizations need to take advantage of integrated cloud solutions to tackle emerging challenges. Check out Lookout's 2022 predictions at lookout.com/predictions. For the stories behind the headlines, head to CISOseries.com
December 21, 2021
Mobile network vulnerability goes back to 2G UK agency shares password trove with Have I Been Pwned Who watches the DarkWatchman? Thanks to our episode sponsor, Lookout Is 2022 the beginning of the end for on-prem security? Two years after remote work became the norm, we're at an inflection point for both threats and security solutions. Just as you wouldn't bring a sword to a gunfight, organizations need to take advantage of integrated cloud solutions to tackle emerging challenges. Check out Lookout's 2022 predictions at lookout.com/predictions.
December 20, 2021
Log4J New patch and a field day for ransomware Western Digital warns customers to update their My Cloud devices Sainsbury's payroll hit by Kronos attack Thanks to our episode sponsor, Lookout Is 2022 the beginning of the end for on-prem security? Two years after remote work became the norm, we're at an inflection point for both threats and security solutions. Just as you wouldn't bring a sword to a gunfight, organizations need to take advantage of integrated cloud solutions to tackle emerging challenges. Check out Lookout's 2022 predictions at lookout.com/predictions. For the stories behind the headlines, head to CISOseries.com.
Week in Review Dec 13-17, 2021
Link to Blog Post This week's Cyber Security Headlines - Week in Review, Dec 13-17, is hosted by Rich Stroffolino with our guest, Patti Titus, Chief Privacy and Information Security Officer, Markel Thanks to our episode sponsor, Tines All links and the video of this episode can be found on CISO Series.com
December 17, 2021
Hackers begin exploiting second Log4j vulnerability as a third flaw emerges Researchers uncover new coexistence attacks on Wi-Fi and Bluetooth chips North American propane distributor 'Superior Plus' discloses ransomware attack Thanks to our episode sponsor, Tines Tines is no-code automation for security teams, trusted by the world's best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we'll donate $100 to your favorite charity we're that certain you'll love what you see. Head over to tines.com/charity to book your 10 minute demo and send $100 to your favorite cause. For the stories...
December 16, 2021
Log4J vulnerability used by APTs Attacks on web apps surge Meta expands bug bounty program to include scraping Thanks to our episode sponsor, Tines Tines is no-code automation for security teams, trusted by the world's best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we'll donate $100 to your favorite charity we're that certain you'll love what you see. Head over to tines.com/charity, to book your 10 minute demo and send $100 to your favorite cause.
December 15, 2021
Kronos ransomware outage drives widespread payroll chaos Log4j vulnerability update Microsoft Patch Tuesday addresses zero-day exploited to spread Emotet malware Thanks to our episode sponsor, Tines Tines was founded by experienced security practitioners who cared about their teams. When they couldn't find an automation platform that delivered, they founded a company and built their own. A few years later, customers like Coinbase, McKesson, and GitLab run their most important security workflows on Tines everything from phishing response to employee onboarding. To learn more, visit tines.com. For the stories behind the headlines, head to CISOseries.com
December 14, 2021
New details on the Log4Shell attacks Apple releases Android AirTag detector UKG hit with ransomware Thanks to our episode sponsor, Tines Tines was founded by experienced security practitioners who cared about their teams. When they couldn't find an automation platform that delivered, they founded a company and built their own. A few years later, customers like Coinbase, McKesson, and GitLab run their most important security workflows on Tines everything from phishing response to employee onboarding. To learn more, visit tines.com.
December 13, 2021
German cybersecurity watchdog issues red alert on Log4j Cyber incident reporting mandates suffer another congressional setback Russia blocks Tor web over privacy concerns Thanks to our episode sponsor, Tines You already know how crucial automation is. But why do security analysts still spend so much time on manual tasks? Let's face it legacy tools just haven't delivered on the automation hype. Here's the secret: automation only works when it's built by those who know the process or workflow best your security analysts. So, meet Tines: it's no-code automation, built for the whole team to use. Find out more at tines.com....
Week in Review Dec 6-10, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, Dec 6-10, is hosted by David Sparkwith our guest,Paul Truitt, Principal, Mazars Thanks to our episode sponsor, Tines Tinesis no-code automation for security teams, trusted by the world's best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we'll donate $100 to your favorite charity we're that certain you'll love what you see. Head over totines.com/charityto book your 10 minute demo and send $100 to your favorite cause. All links and the video of this episode can be found on CISO...
December 10, 2021
Volume of attacks on IoT/OT devices increasing Cloudflare and others form incident response cyber insurance IT execs half as likely to face the axe after breaches, shortages to blame? Thanks to our episode sponsor, Tines Tines is no-code automation for security teams, trusted by the world's best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we'll donate $100 to your favorite charity we're that certain you'll love what you see. Head over to tines.com/charity to book your 10 minute demo and send $100 to your favorite cause. For the stories behind...
December 9, 2021
Ransomware hits GitLab and Confluence QNAP is having another bad day A look at health data leaks in 2021 Thanks to our episode sponsor, Tines Tines is no-code automation for security teams, trusted by the world's best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we'll donate $100 to your favorite charity we're that certain you'll love what you see. Head over to tines.com/charity, to book your 10 minute demo and send $100 to your favorite cause.
December 8, 2021
AWS outage impacts Ring, Netflix, and Amazon deliveries Google announces lawsuit against Glupteba blockchain botnet Microsoft seized domains used by cyberespionage group Thanks to our episode sponsor, Tines Tines was founded by experienced security practitioners who cared about their teams. When they couldn't find an automation platform that delivered, they founded a company and built their own. A few years later, customers like Coinbase, McKesson, and GitLab run their most important security workflows on Tines everything from phishing response to employee onboarding. To learn more, visit tines.com. For the stories behind the headlines, head to CISOseries.com
December 7, 2021
Biden admin looks to accelerate cybersecurity hiring spree Text message service helped governments track phones US goes on the offensive against ransomware Thanks to our episode sponsor, Tines Tines was founded by experienced security practitioners who cared about their teams. When they couldn't find an automation platform that delivered, they founded a company and built their own. A few years later, customers like Coinbase, McKesson, and GitLab run their most important security workflows on Tines everything from phishing response to employee onboarding. To learn more, visit tines.com.
December 6, 2021
Omicron phishing scam already spotted in UK Pegasus spyware reportedly hacked iPhones of U.S. State Department and diplomats Realistic looking fake Office 365 spam quarantine alerts on the rise Thanks to our episode sponsor, Tines You already know how crucial automation is. But why do security analysts still spend so much time on manual tasks? Let's face it legacy tools just haven't delivered on the automation hype. Here's the secret: automation only works when it's built by those who know the process or workflow best your security analysts. So, meet Tines: it's no-code automation, built for the whole team to...
Week in Review Nov 29-Dec 3, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, Nov 29-Dec 3, is hosted byRich Stroffolinowith our guest,Pat Benoit, vp, Global Cyber GRC/BISO,CBRE Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive withVotiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removedand full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. VisitVotiro.comand learn why millions of users trust Votiro to disarm...
December 3, 2021
Emotet now spreads via fake Adobe Windows App Installer packages Data from 400,000 Planned Parenthood patients compromised Double extortion ransomware victims soar 935% Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removedand full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to...
December 2, 2021
AT&T customers hit with malware CISA announces advisory panel Palo Alto Networks looks at speed of compromise in the cloud Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removedand full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of...
December 1, 2021
Twitter bans sharing private images and videos without consent DNA testing firm discloses data breach affecting over 2 million people Critical 'Printing Shellz' bugs impact 150 HP printer models Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removedand full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why...
November 30, 2021
Dark web market shuts down after DDoS Clearview facing fines in the UK New Chinese surveillance system will target journalists and students Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removedand full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm...
November 29, 2021
RATDispenser spreads multiple remote access trojans into the wild North Korea-linked Zinc group posed as Samsung recruiters to target security firms Interpol arrests over 1,000 suspects linked to cyber crime Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removedand full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn...
November 24, 2021
Over nine million Android devices infected Researcher discloses zero-day exploit due to low bounty payouts Threat actors compromise exposed services in 24 hours Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to...
November 23, 2021
GoDaddy data breach impacts millions Microsoft looks at brute-force attacks Printers used to bypass fingerprint authentication Thanks to our episode sponsor, deepwatch What is the value of good security? Can you quantify what mature detection and response means for your organization? A recent Forrester study found that a deepwatch MDR customer achieved 432% ROI and over 10 million dollars in benefits and savings from their solution over a 3 year period. Visit deepwatch.com/tei-report for the full report and to learn how your team could see the same success.
November 22, 2021
US banks will be required to report cyberattacks within 36 hours Microsoft Exchange malware campaign uses stolen internal reply-chain emails Conti ransomware group suffers a data breach Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind...
Week in Review Nov 15-19, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, Nov 15-19, is hosted bySean Kellywith our guest,Richard Rushing, CISO,Motorola Mobility Thanks to our episode sponsor, Vulcan Cyber All links and the video of this episode can be found on CISO Series.com
November 19, 2021
PerSwaysion phishing campaign still ongoing, and pervasive FBI: FatPipe VPN zero-day exploited by APT for 6 months RedCurl corporate espionage hackers resume attacks with updated tools Thanks to our episode sponsor, Vulcan Cyber The fact that CISA felt the need to release the massive "Known Exploited Vulnerabilities Catalog" recently says everything we need to know about the state of our collective cyber debt. Attend the Vulcan Cyber virtual summit on December 9th and learn how your peers are working to take on cyber risk and mitigate known vulnerabilities at scale. Go to vulcan.io and click the button at the top...
November 18, 2021
CISA releases cyber response playbooks Exec pleads guilty on internet address fraud Iranian ransomware targeting US organizations Thanks to our episode sponsor, Vulcan Cyber Vulnerability scanners are commoditized. Cloud service providers provide free scanners. Open source scanners are plentiful. Your team doesn't need another scanner, but they need to get better at identifying and prioritizing the risk that is buried in that scan data. Attend the Vulcan Cyber virtual user conference and learn how to assess and mitigate risk across all of your surfaces. Go to vulcan.io and click the button at the top of the screen to register for...
November 17, 2021
Emotet botnet makes comeback with help from TrickBot Leaked Robinhood customer data now up for sale WordPress sites defaced in fake ransomware attacks Thanks to our episode sponsor, Vulcan Cyber Matt Hurewitz is the associate director of application security at Best Buy. Matt has a theory that a risk-based approach to application security is more effective than a faith-based approach. We agree. Attend the Vulcan Cyber virtual summit on December 9th to hear how Matt and the Best Buy team approach application security. Learn from the best. Registration is free for your entire team. Go to vulcan.io and click the...
November 16, 2021
DHS launches program to close cyber talent gap China expands cybersecurity review requirements Microsoft blocks Edge redirects Thanks to our episode sponsor, Vulcan Cyber Ryan Gurney spent years as CSO and security exec for companies like Google Looker, Zendesk, Engine Yard, and eBay. Ryan has seen a few things and is done pretending cyber security is something it isn't. Attend the Vulcan Cyber virtual summit on December 9th to get Ryan's take on the difference between negligent and effective cyber security. It's a fine line. Go to vulcan.io and click the button at the top of the screen to register...
November 15, 2021
FBI email system reportedly hacked to send fake DHS cyberattack messages FBI email hacker blames poor coding US Education Department urged to boost K-12 schools' ransomware defenses Thanks to our episode sponsor, Vulcan Cyber Cyber risk isn't easy to quantify, much less mitigate. Use the same approach endorsed by leading security teams at Honeywell, Zoom, and Wells Fargo to tackle cyber risk. Attend the Vulcan Cyber virtual summit on December 9th and learn how the new Vulcan Security Posture Rating will give you the insights you need to reduce risk and secure your business. Go to vulcan.io and click the...
Week in Review Nov 8-12, 2021
Link to Blog Post This week's Cyber Security Headlines - Week in Review, Nov 8-12, is hosted by Rich Stroffolino with our guest, John Overbaugh, CISO, Alpine Software Group Thanks to our episode sponsor, Vulcan Cyber The fact that CISA felt the need to release the massive "Known Exploited Vulnerabilities Catalog" recently says everything we need to know about the state of our collective cyber debt. Attend the Vulcan Cyber virtual summit on December 9th and learn how your peers are working to take on cyber risk and mitigate known vulnerabilities at scale. Go to vulcan.io and click the button...
November 12, 2021
EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms Gmail accounts are used in 91% of all baiting email attacks Microsoft warns of uptick in HTML smuggling Thanks to our episode sponsor, Vulcan Cyber The fact that CISA felt the need to release the massive "Known Exploited Vulnerabilities Catalog" recently says everything we need to know about the state of our collective cyber debt. Attend the Vulcan Cyber virtual summit on December 9th and learn how your peers are working to take on cyber risk and mitigate known vulnerabilities at scale. Go to vulcan.io...
November 11, 2021
Trend Micro details long running hacker-for-hire group WP Reset PRO plugin works a little too well Zero-day found in Palo Alto Networks security appliances Thanks to our episode sponsor, Vulcan Cyber Vulnerability scanners are commoditized. Cloud service providers provide free scanners. Open source scanners are plentiful. Your team doesn't need another scanner, but they need to get better at identifying and prioritizing the risk that is buried in that scan data. Attend the Vulcan Cyber virtual user conference and learn how to assess and mitigate risk across all of your surfaces. Go to vulcan.io and click the button at the...
November 10, 2021
Robinhood breach impacts millions of customers Meta shares bullying and harassment numbers for the first time Meta to remove sensitive ad-targeting categories as new bill takes aim at online platform algorithms Thanks to our episode sponsor, Vulcan Cyber Matt Hurewitz is the associate director of application security at Best Buy. Matt has a theory that a risk-based approach to application security is more effective than a faith-based approach. We agree. Attend the Vulcan Cyber virtual summit on December 9th to hear how Matt and the Best Buy team approach application security. Learn from the best. Registration is free for your...
November 9, 2021
US infrastructure bill includes cybersecurity provisions Chipmakers respond to US call for supply chain info REvil hackers arrested Thanks to our episode sponsor, Vulcan Cyber Ryan Gurney spent years as CSO and security exec for companies like Google Looker, Zendesk, Engine Yard, and eBay. Ryan has seen a few things and is done pretending cyber security is something it isn't. Attend the Vulcan Cyber virtual summit on December 9th to get Ryan's take on the difference between negligent and effective cyber security. It's a fine line. Go to vulcan.io and click the button at the top of the screen to...
November 8, 2021
Feds likely to fall short of deadline for strengthening encryption, multifactor authentication Experts spot phishing campaign impersonating security firm Proofpoint Facebook outage a prime example of insider threat by machine Thanks to our episode sponsor, Vulcan Cyber Cyber risk isn't easy to quantify, much less mitigate. Use the same approach endorsed by leading security teams at Honeywell, Zoom, and Wells Fargo to tackle cyber risk. Attend the Vulcan Cyber virtual summit on December 9th and learn how the new Vulcan Security Posture Rating will give you the insights you need to reduce risk and secure your business. Go to vulcan.io...
Week in Review Nov 1-5, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, Nov 1-5, is hosted byRich Stroffolinowith our guest,Davi Ottenheimer, vp, trust and digital ethics,Inrupt Thanks to our episode sponsor, Trend Micro Reimage your Cloud! That's the theme forCLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role's unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone from novice application coders to experienced security...
November 5, 2021
Expired certificate breaks Windows 11 snipping tool, emoji panel, and more Iranian hacking group leaks patient and LGBTQ info Popular 'coa' npm library hijacked to steal user passwords Thanks to our episode sponsor, Trend Micro Reimage your Cloud! That's the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role's unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone from novice application...
November 4, 2021
CISA creates exploited bug catalog Bots used to scam 2FA codes US sanctions companies selling hacking tools Thanks to our episode sponsor, Trend Micro Reimage your Cloud! That's the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role's unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone from novice application coders to experienced security practitioners! Join for FREE on November 16th,...
November 3, 2021
Facebook deletes 1 billion faceprints in Face Recognition shutdown Tesla recalls nearly 12,000 vehicles due to software error Android patches actively exploited zero-day kernel bug Thanks to our episode sponsor, Trend Micro Reimage your Cloud! That's the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role's unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone from novice application coders to experienced...
November 2, 2021
Cyberattack disrupts healthcare in Canadian provinces Researchers discover Pink botnet Facebook takes down government-run troll farm in Nicaragua Thanks to our episode sponsor, Trend Micro Reimage your Cloud! That's the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role's unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone from novice application coders to experienced security practitioners! Join for FREE on November...
November 1, 2021
Iranian Black Shadow hacking group breaches Israeli Internet hosting firm All Windows versions impacted by new LPE zero-day vulnerability International jeweler Graff hit by Conti gang, with data of its rich clients at risk Thanks to our episode sponsor, Trend Micro Reimage your Cloud! That's the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role's unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has...
Week in Review Oct 25-29, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, Oct 25-29, is hosted byRich Stroffolinowith our guest,Jason Fruge, CISO,Rent-a-Center Thanks to our episode sponsor, Banyan Security Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments. Replace your traditional network access boxes VPNs, bastion hosts, and gateways with a cloud-based zero trust remote access solution and enable a safe and reliable "work from anywhere" environment. Visit banyansecurity.iofor more...
October 29, 2021
Android spyware spreading as antivirus software in Japan Half of home workers buy potentially insecure technology EU investigating leak of private key used to forge Covid passes And now a word from our sponsor, Banyan Security Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments. Replace your traditional network access boxes VPNs, bastion hosts, and gateways with a cloud-based zero trust remote access solution and enable a safe and...
October 28, 2021
Chinese surveillance tech pulled from US retailers Microsoft warns of rise in password spraying attacks The FTC is looking into the Facebook Files And now a word from our sponsor, Banyan Security Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments. Replace your traditional network access boxes VPNs, bastion hosts, and gateways with a cloud-based zero trust remote access solution and enable a safe and reliable "work from anywhere"...
October 27, 2021
Iranian gas stations out of service after cyberattack Nevada and North Dakota top cybercrime lists Researcher cracked 70% of sampled WiFi networks And now a word from our sponsor, Banyan Security Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments. Replace your traditional network access boxes VPNs, bastion hosts, and gateways with a cloud-based zero trust remote access solution and enable a safe and reliable "work from anywhere" environment....
October 26, 2021
Microsoft report on Nobelium Healthcare organizations struggle with breaches ProtonMail wins appeal on surveillance data And now a word from our sponsor, Banyan Security Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments. Replace your traditional network access boxes VPNs, bastion hosts, and gateways with a cloud-based zero trust remote access solution and enable a safe and reliable "work from anywhere" environment. Visit banyansecurity.io for more information.
October 25, 2021
Crypto-miner and malware found hidden inside npm libraries Facebook sues Ukrainian who scraped the data of 178 million users BlackMatter ransomware victims quietly helped using secret decryptor And now a word from our sponsor, Banyan Security Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments. Replace your traditional network access boxes VPNs, bastion hosts, and gateways with a cloud-based zero trust remote access solution and enable a safe and...
Week in Review Oct 18-22, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, Oct 18-22, is hosted byRich Stroffolinowith our guest,Matthew Southworth, CISO,Priceline Thanks to our episode sponsor, Tessian and the Human Layer Security Summit Want to know what we learned from analyzing 2 million malicious emails? AtTessian's Human Layer Summityou'll hear about new threat intelligence into the state of spear phishing. Guest speakers from TrustedSec and KnowBe4 will discuss what kind of attacks are getting through typical enterprise defences, what that means for user protection and what security leaders need to do about it. Join in on the conversation to learn...
October 22, 2021
Cybercrime matures as hackers are forced to work smarter FIN7 tries to trick pentesters into launching ransomware attacks China VPN exposes data for 1M users Thanks to our episode sponsor, Tessian and the Human Layer Security Summit Want to know what we learned from analyzing 2 million malicious emails? At Tessian's Human Layer Summit you'll hear about new threat intelligence into the state of spear phishing. Guest speakers from TrustedSec and KnowBe4 will discuss what kind of attacks are getting through typical enterprise defences, what that means for user protection and what security leaders need to do about it. Join...
October 21, 2021
Russian firms see DDoS spike Sinclair hack linked to Russian organization Microsoft expires old Windows updates Thanks to our episode sponsor, Tessian and the Human Layer Security Summit Want to get the latest security insights from Cisco, Forrester, Intercontinental Exchange and Knowbe4? At Tessian's Human Layer Security Summit you'll get fresh insights and actionable advice to help you build an effective, future proof security strategy. Hear from top CISOs and InfoSec Leaders who will speak on the HOTTEST topics in cyber today. Join thousands of your peers by registering now at tessian.com/summit
October 20, 2021
Ransomware reports signal lack of preparedness and willingness to pay Acer hacked twice in a week by the same threat actor FCC takes aim at spam texts Thanks to our episode sponsor, Tessian and the Human Layer Security Summit Worried if your security stack is enough for today's attack landscape? A recent Forrester Consulting study says, Human Layer Security could be the missing link. At Tessian's Human Layer Security Summit, hear why a commissioned study conducted by Forrester Consulting on behalf of Tessian has identified Human Layer Security as the missing link in enterprise security stacks. The study shows that...
October 19, 2021
Sinclair TV disrupted by ransomware Water system proves easy target for ransomware REvil shuts down again Thanks to our episode sponsor, Tessian and the Human Layer Security Summit Want to know what we learned from analyzing 2 million malicious emails? At Tessian's Human Layer Summit you'll hear about new threat intelligence into the state of spear phishing. Guest speakers from TrustedSec and KnowBe4 will discuss what kind of attacks are getting through typical enterprise defences, what that means for user protection and what security leaders need to do about it. Join in on the conversation to learn about what we...
October 18, 2021
Missouri Governor vows to prosecute St. Louis Post-Dispatch for reporting security vulnerability NFTs now come with wallet-emptying malware Experts hack a fully patched iOS 15 running on iPhone 13 at China's Tianfu Cup hacking contest Thanks to our episode sponsor, Tessian and the Human Layer Security Summit Calling all security trailblazers! Want to get the latest security insights from Cisco, Forrester, Intercontinental Exchange and Knowbe4? At Tessian's Human Layer Security Summit you'll get fresh insights and actionable advice to help you build an effective, future proof security strategy. Hear from top CISOs and InfoSec Leaders who will speak on the...
Week in Review Oct 11-15, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, Oct-11-15, is hosted by David Sparkwith our guest,Christopher Zell, CISO,Wendy's Thanks to our episode sponsor, Bitsight All links and the video of this episode can be found on CISO Series.com
October 15, 2021
New "Yanluowang" ransomware variant discovered Financial regulator addresses hybrid working security risks DocuSign phishing campaign targets low-ranking employees Thanks to our episode sponsor, Bitsight These are challenging times for security professionals. From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody's, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com For the stories behind the headlines, head to CISOseries.com.
October 14, 2021
Windows 11 Patch Tuesday causes AMD performance issues Student used zero-day for school prank US leaves China and Russia off the anti-ransomware invite list Thanks to our episode sponsor, Bitsight Did you know that organizations with poor patching practices are 8 times more likely to experience a ransomware incident? From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody's, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com
October 13, 2021
Olympus suffers second cyberattack in 2021 Microsoft's Patch Tuesday squashes four zero-day vulns White House directs federal agencies to step up EDR Thanks to our episode sponsor, Bitsight In spite of all the recent attacks, did you know that only 17% of organizations continuously monitor their third party vendors? From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody's, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com For the...
October 12, 2021
Microsoft report details the changing cybercrime landscape LibreOffice issues fix for signed document spoofing You got nuclear secrets in my peanut butter! Thanks to our episode sponsor, Bitsight Did you know that 1-in-10 organizations are now creating cybersecurity-specific committees at the board level? From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody's, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com
October 11, 2021
Google issues warning for 2 billion Chrome users Bank of America insider charged with money laundering for BEC scams Medtronic recalls insulin pump controllers over cyberattack risks Thanks to our episode sponsor, Bitsight These are challenging times for security professionals. From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody's, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com For the stories behind the headlines, head to CISOseries.com.
Week in Review Oct 4-8, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, Oct 4-8, is hosted byRich Stroffolinowith our guest, Adrian Ludwig, Chief Trust Officer, Atlassian Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive withVotiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removedand full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trustVotiroto disarm billions of files each...
October 8, 2021
Twitch blames server error for massive data leak Intel's 80bn European chip plant investment plan not bound for UK because Brexit FIN12 hits healthcare with quick and focused ransomware attacks Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removedand full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users...
October 7, 2021
Introducing the Ransom Disclosure Act Facebook details why it suffered a massive outage Twitch's source code leaked Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removedand full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year.
October 6, 2021
Telegram adds 70 million users on the day of Facebook and WhatsApp outage Android October patch fixes three critical bugs Apache fixes actively exploited zero-day vulnerability Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removedand full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm...
October 5, 2021
Major telco exchange company hacked Facebook whistleblower comes out of the shadows Amazon creates amazing phishing tool just in time for Christmas Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removedand full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each...
October 4, 2021
Transnational fraud ring stole millions from Army members, veterans Canadian vaccine passport app exposes data Business leaders admit willingness to pay five-figure ransoms Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removedand full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files...
Week in Review - Sep 27-Oct 1, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, Sep 27-Oct-1, is hosted byRich Stroffolinowith our guest,Steve Zalewski, co-host,Defense in Depth Thanks to our episode sponsor, VMware ACCELERATE YOUR OWN ZERO TRUST JOURNEY. The strongest defense against modern threats comes from a Zero Trust posture. The trick is getting there quickly and easily from where you already are. At VMworld 2021 we'll show you how we help you operationalize Zero Trust whatever your starting point. Learn how to get the strongest security for your workloads and workspaces across your Multi-Cloud and Edge with solutions that protect inside and...
October 1, 2021
New leak of Epik data exposes company's entire server New Azure AD bug lets hackers brute-force passwords without getting caught Contactless payment card hack affects Apple Pay, Visa Thanks to our episode sponsor, VMware DO YOU KNOW ANYONE ON THE DEVELOPMENT TEAM WHO'D SAY, 'SECURITY SHOULD BE EVERYONE'S RESPONSIBILITY? Probably not. That's why Forrester and VMware have done some new research that dives into how the Development team perceives Security and what Security teams can do to make the right thing easy. We are hosting a VMworld 2021 session on this report titled "Security is Important, Said No Developer Ever."...
September 30, 2021
Ransomware gangs cause headaches for hacker forums too Don't look a Grifthorse in the mouth Ransomware's impact on patient care Thanks to our episode sponsor, VMware INCIDENT RESPONSE FIRMS ENGAGE POST-BREACH IT'S A FASCINATING VANTAGE POINT WITH LESSONS TO LEARN. Join me and thousands of our peers at VMworld 2021 to hear Dr. Amelia Estwick, Director of Threat Research here at VMware, share her perspective on the ground truth for organizations that have experienced breaches. Not to be missed! Register today at vmware.com/vmworld
September 29, 2021
Microsoft 365 MFA outage locks users out of their accounts Exploit released for VMware vulnerability after CISA warning Crypto developer pleads guilty to North Korean plot Thanks to our episode sponsor, VMware PREPARE FOR THE POST-PANDEMIC THREAT LANDSCAPE. At VMworld 2021, you'll gain fresh insight and actionable knowledge to help keep your focus on building resilient, cyber-vigilant teams that can proactively detect, prevent, mitigate, and remediate these attacks. The Security Track has 150+ breakout sessions with hands-on labs, demos, and interactive experiences. Join thousands of your peers by registering now at vmware.com/vmworld For the stories behind the headlines, head to...
September 28, 2021
Russia muscling Big Tech Data on billions of Clubhouse and Facebook users up for sale Malware targets gamer accounts Thanks to our episode sponsor, VMware BEFORE YOU BUILD AND EVOLVE WHAT COMES NEXT YOU HAVE TO IMAGINE IT. Join me and thousands of our peers at VMworld 2021, the virtual conference where we share how innovation across the VMware portfolio helps make your vision a reality. Register now and join us at vmware.com/vmworld
September 27, 2021
Researcher drops three iOS zero-days that Apple refused to fix Microsoft releases rollback fix for updates New Cooperative ransomware negotiations get hijacked Thanks to our episode sponsor, VMware DO YOU KNOW ANYONE ON THE DEVELOPMENT TEAM WHO'D SAY, 'SECURITY SHOULD BE EVERYONE'S RESPONSIBILITY? Probably not. That's why Forrester and VMware have done some new research that dives into how the Development team perceives Security and what Security teams can do to make the right thing easy. We are hosting a VMworld 2021 session on this report titled "Security is Important, Said No Developer Ever." Join in on our conversation to...
Week in Review - Sep 20-24, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, Sep 20-24, 2021, is hosted byRich Stroffolinowith our guest,Brett Conlon, CISO,Edelman Financial Engines Thanks to our episode sponsor, Kanu Solutions Over the next few weeksKanu Solutionsis offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can participate in...
September 24, 2021
Second farming cooperative shut down by ransomware this week Canadian VoIP provider battles massive DDoS attack REvil double-crosses ransomware affiliates using sneaky backdoor tactics Thanks to our episode sponsor, Kanu Solutions Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can...
September 23, 2021
Let's Encrypt root certificate may cause problems for older devices Now we have to worry about PhaaS Time to patch all the VMware things Thanks to our episode sponsor, Kanu Solutions Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can...
September 22, 2021
Capoae malware brute-forces WordPress sites for cryptomining Malicious email surge predicted for Q4 Farming group warns of supply chain chaos after ransomware attack Thanks to our episode sponsor, Kanu Solutions Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can participate...
September 21, 2021
Google expands app permissions reset Epik confirms it got hacked Telegram suspends Russian election bots Thanks to our episode sponsor, Kanu Solutions Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can participate in Kanu Solutions' Lunch-n-Learn by registering at kanusolutions.com/events.
September 20, 2021
Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill A new banking Trojan abuses YouTube for remote configuration Admin of DDoS service behind 200,000 attacks faces serious prison time Thanks to our episode sponsor, Kanu Solutions Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a...
Week in Review - Sep 13-17, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, Sep 13-17, 2021, is hosted byRich Stroffolinowith our guest,Geoff Belknap, CISO,LinkedIn Thanks to our episode sponsor, Sonrai Sonraiis changing Public Cloud Security by focusing on protecting data from over-privileged human and non-human identities. Sonrai provides a single pane of glass built on an analytic platform that protects organizations by leveraging CSPM, CIEM, and cloud DLP at the confidence level required by your environment. Learn more aboutSonrai Cloud Securityatwww.sonrai.com All links and the video of this episode can be found on CISO Series.com
September 17, 2021
New Windows security updates break network printing Bitdefender releases decryptor as REvil shows signs of return Biden announces joint deal with U.K. and Australia to counter China Thanks to our episode sponsor, Sonrai Are you a security expert who's afraid to admit you don't know what the heck is going on in your cloud? Relax. Public cloud security is overwhelming. Figuring out where to start, and what to do to track and improve your security posture, is the first step. Sonrai tracks everything in your cloud - sensitive data, identities, and platform configuration - and tells you what issues are...
September 16, 2021
Travis CI security vulnerability is bad news for open source Ransomware accounts for a quarter of cyber insurance claims Microsoft goes passwordless Thanks to our episode sponsor, Sonrai Sonrai is changing Public Cloud Security by focusing on protecting data from over-privileged human and non-human identities. Sonrai provides a single pane of glass built on an analytic platform that protects organizations by leveraging CSPM, CIEM, and cloud DLP at the confidence level required by your environment. Learn more about Sonrai Cloud Security at www.sonrai.com
September 15, 2021
Apple issues urgent updates to fix new zero-day linked to Pegasus spyware Update Google Chrome to patch 2 new zero-day flaws under attack New Zloader attacks disable Windows Defender to evade detection Thanks to our episode sponsor, Sonrai Sonrai is gaelic for data - and that's what Sonrai Security is all about. Finding, classifying, and locking down sensitive data in AWS, Azure, or Google Cloud. Sonrai can see every identity's path to every piece of data - continuously. Learn more at sonraisecurity.com. For the stories behind the headlines, head to CISOseries.com.
September 14, 2021
SSID Stripping is a new take on spoofing Industrial control systems hammered by cyber attacks Olympus has fallen...to ransomware Thanks to our episode sponsor, Sonrai Are you a security expert who's afraid to admit you don't know what the heck is going on in your cloud? Relax. Public cloud security is overwhelming. Figuring out where to start, and what to do to track and improve your security posture, is the first step. Sonrai tracks everything in your cloud - sensitive data, identities, and platform configuration - and tells you what issues are most important, plus it measures improvement over time....
September 13, 2021
Windows MSHTML zero-day exploits shared on hacking forums REvil ransomware operators targeting new victims Yandex pummeled by Meris DDoS botnet Thanks to our episode sponsor, Sonrai Are you a security expert who's afraid to admit you don't know what the heck is going on in your cloud? Relax. Public cloud security is overwhelming. Figuring out where to start, and what to do to track and improve your security posture, is the first step. Sonrai tracks everything in your cloud - sensitive data, identities, and platform configuration - and tells you what issues are most important, plus it measures improvement over...
Week in Review - Sep 6-10, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, Sep 6-10, 2021, is hosted by Rich Stroffolino with our guest, Matt Crouse, CISO,Taco Bell Thanks to our episode sponsor, Semperis One thing we've learned from attacks like SolarWinds: Cybercriminals can lurk in your Active Directory environment for weeks or months before dropping malware. How do you root them out? First, you need to uncover security gaps in Active Directory that can lead to a breach. DownloadPurple Knight, a free security assessment tool from Semperis that scans your environment for pre-attack and post-attack indicators of exposure and compromise. Check...
September 10, 2021
US considers limiting CISA director's term 'Azurescape' Kubernetes attack allows cross-container cloud compromise Hackers leak VPN account passwords from 87,000 FortiGate devices Thanks to our episode sponsor, Semperis One thing we've learned from attacks like SolarWinds: Cybercriminals can lurk in your Active Directory environment for weeks or months before dropping malware. How do you root them out? First, you need to uncover security gaps in Active Directory that can lead to a breach. Download Purple Knight, a free security assessment tool from Semperis that scans your environment for pre-attack and post-attack indicators of exposure and compromise. Check it out at...
September 9, 2021
Brad Smith relives early days of the SolarWinds attack Internet Explorer zero-days are still something to worry about German police bought NSO Pegasus spyware Thanks to our episode sponsor, Semperis Have you fixed PrintNightmare yet? Ransomware groups including Vice Society are already exploiting this critical flaw in the Windows Print Spooler service. But you can fight back: Download Purple Knight, a free Active Directory security assessment tool that scans your environment for PrintNightmare and more than 70 other attack indicators. To download your free tool, go to Purple-Knight.com.
September 8, 2021
Ransomware gang threatens to leak data if victim contacts FBI, police Personal details of French visa applicants exposed by cyber-attack Brazil President Bolsonaro restricts powers of social media companies to remove accounts and content Thanks to our episode sponsor, Semperis It's no secret that Active Directory is a prime target for cybercriminals: AD is more than 20 years old, and security settings can get sloppy over time. If you haven't checked your Active Directory environment for risky settings, you might be in for a surprise. To find and fix security gaps, download Purple Knight, a free security assessment tool from...
September 7, 2021
ProtonMail shares user IP address with law enforcement IoT attacks double in six months Study looks at criteria for ransomware targeting Thanks to our episode sponsor, Semperis How would your organization score in an Active Directory security assessment? The average grade for first-time users of Purple Knight, a free security assessment tool from Semperis, is about 68%a barely passing grade. Security and identity managers are shocked at the security gaps this tool has uncovered. But with knowledge comes power. Download Purple Knight so you can find and fix Active Directory security problems. Check it out at Purple-Knight.com.
September 6, 2021
Cyber Command urges patching of massively exploited Confluence bug DDoS hits New Zealand back up again in 30 minutes Salesforce email service used for phishing campaign Thanks to our episode sponsor, Semperis Do you know your Active Directory security vulnerabilities? Cybercriminals love to exploit Active Directory: It has dozens of security gaps because of misconfigurations and new sophisticated hacking tools. But hang on, help is on the way: Download Purple Knight, a free Active Directory security assessment tool from Semperis that scans your environment for 70-plus indicators of exposure and compromise. Check it out at Purple-Knight.com. For the stories behind...
Week in Review - Aug 30-Sep 3, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, Aug 30-Sep 3, 2021, is hosted bySteve Prenticewith our guest,Marnie Wilking, Global Head of Security & Technology Risk Management, Wayfair Thanks to our episode sponsor, Semperis All links and the video of this episode can be found on CISO Series.com
September 3, 2021
WhatsApp faces $267M fine for breaching Europe's GDPR UK VoIP telcos disrupted by cyberattacks White House doubles down on holiday cyberattack warnings Thanks to our episode sponsor, Semperis One thing we've learned from attacks like SolarWinds: Cybercriminals can lurk in your Active Directory environment for weeks or months before dropping malware. How do you root them out? First, you need to uncover security gaps in Active Directory that can lead to a breach. Download Purple Knight, a free security assessment tool from Semperis that scans your environment for pre-attack and post-attack indicators of exposure and compromise. Check it out at...
September 2, 2021
BrakTooth bites major SoC vendors The cost of ransomware to schools Posts surrounding January 6th disappear from Facebook data Thanks to our episode sponsor, Semperis Have you fixed PrintNightmare yet? Ransomware groups including Vice Society are already exploiting this critical flaw in the Windows Print Spooler service. But you can fight back: Download Purple Knight, a free Active Directory security assessment tool that scans your environment for PrintNightmare and more than 70 other attack indicators. To download your free tool, go to Purple-Knight.com.
September 1, 2021
QNAP announces OpenSSL bugs fallout Cyberattackers are now quietly selling off their victim's internet bandwidth Indonesian government's Covid-19 app accidentally exposes over 1 million people Thanks to our episode sponsor, Semperis It's no secret that Active Directory is a prime target for cybercriminals: AD is more than 20 years old, and security settings can get sloppy over time. If you haven't checked your Active Directory environment for risky settings, you might be in for a surprise. To find and fix security gaps, download Purple Knight, a free security assessment tool from Semperis that checks for 70-plus indicators of exposure and...
August 31, 2021
Manual Windows 11 installs might not get updates LockBit to publish Bangkok Air customer data Intermittent encryption hopes to make ransomware worse Thanks to our episode sponsor, Semperis How would your organization score in an Active Directory security assessment? The average grade for first-time users of Purple Knight, a free security assessment tool from Semperis, is about 68%a barely passing grade. Security and identity managers are shocked at the security gaps this tool has uncovered. But with knowledge comes power. Download Purple Knight so you can find and fix Active Directory security problems. Check it out at Purple-Knight.com.
August 30, 2021
"Worst cloud vulnerability you can imagine" discovered in Microsoft Azure Work from home increased worldwide phishing attacks T-Mobile hacker brute-forced his way through the network Thanks to our episode sponsor, Semperis Do you know your Active Directory security vulnerabilities? Cybercriminals love to exploit Active Directory: It has dozens of security gaps because of misconfigurations and new sophisticated hacking tools. But hang on, help is on the way: Download Purple Knight, a free Active Directory security assessment tool from Semperis that scans your environment for 70-plus indicators of exposure and compromise. Check it out at Purple-Knight.com. For the stories behind the...
Week in Review - August 23-27, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, August 23-27, 2021, is hosted bySteve Prenticewith our guest,Edward Contreras, (@CISOEdwardC)CISO,Frost Bank Thanks to our episode sponsor, Privacy.com Privacy.comlets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions...
August 27, 2021
21-year-old claims responsibility for massive T-Mobile hack Microsoft and Google to invest billions to bolster US cybersecurity Ragnarok ransomware releases master decryptor after shutdown Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for...
August 26, 2021
Most government agencies use facial recognition Botnet scans for vulnerabilities in Realtek chipsets Does cyber insurance make ransomware worse? Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up...
August 25, 2021
Modded WhatsApp delivers Triada trojan Bahraini activists targeted with new iOS zero-click exploit New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real...
August 24, 2021
Apple started scanning for CSAM in 2019 Power Apps had leaky APIs Razer mice squeak past user privileges Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for...
August 23, 2021
Microsoft Exchange under attack with ProxyShell flaws Australians hit by 'Flubot' malware that arrives by text message Cyberattack hits State Department Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and...
Week in Review - August 16-20, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, August 16-20, 2021, is hosted byRich Stroffolinowith our guest,Will Gregorian, Head of Security and Technical Operations,Rhino Thanks to our episode sponsor, Copado The traditional development lifecycle is a game of tradeoffs. You either deploy at blazing speed and put yourself at risk of bugs and breaches or you shore up your security and release software at a snail's pace. But withCopado DevOps, you get the best of both worlds. Leverage Copado's low-code DevOps platform to drive 94% fewer production bugs, 95% faster releases and an average ROI of 307%....
August 20, 2021
Liquid cryptocurrency exchange loses $94 million following hack New unofficial Windows patch fixes more PetitPotam attack vectors New York man sentenced to prison for stealing students' nude photos after hacking their accounts Thanks to our episode sponsor, Copado The traditional development lifecycle is a game of tradeoffs. You either deploy at blazing speed and put yourself at risk of bugs and breaches or you shore up your security and release software at a snail's pace. But with Copado DevOps, you get the best of both worlds. Leverage Copado's low-code DevOps platform to drive 94% fewer production bugs, 95% faster releases...
August 19, 2021
T-Mobile says hackers stole records belonging to 48.6 million individuals OIG issues report on US Census Bureau breach Operator of the Helix bitcoin mixer pleads guilty to money laundering Thanks to our episode sponsor, Copado DevOps is the biggest revolution since the cloud. And Copado happens to be the #1 native DevOps solution for Salesforce and SaaS. So say goodbye to tedious deployments, disconnected teams and security risks. Copado provides visibility over your entire lifecycle and empowers your developers to release software 5 times faster. Want to experience the Copado effect? Get a demo at Copado.com For the stories behind...
August 18, 2021
Chase bank accidentally leaked customer info to other customers Kalay cloud platform flaw exposes millions of IoT devices Data sovereignty laws place new burdens on CISOs Thanks to our episode sponsor, Copado It's no secret software risk has never been higher. In fact, 4 in 5 technology leaders lack confidence in their organizatons' ability to combat cybercrime. Ultimately, your business is only as secure as the software that drives it. That's why Copado's DevOps solution includes built-in security and compliance guardrails to help you derisk your cloud and ramp up software releases. To get a free demo, visit Copado.com. For...
August 17, 2021
Terrorist watchlist exposed online DHS considering using private companies to scan social media Reportedly leaked T-Mobile data for sale online Thanks to our episode sponsor, Copado Implementing Salesforce is like buying a private jet. While you could drive it around your neighborhood, wouldn't you rather learn how to fly it into the clouds? Enter Copado the #1 Native DevOps Solution for Salesforce. Copado unites pro-code and low-code developers on the same platform to unlock visibility, traceability and security from end to end. Want to take Copado for a test drive? Get your demo at Copado.com
August 16, 2021
Ford bug exposed customer and employee records from internal systems Huawei accused in suit of installing data 'back door' in Pakistan project Threat actors turning to RDDoS attacks as a new ransom vector Thanks to our episode sponsor, Copado The traditional development lifecycle is a game of tradeoffs. You either deploy at blazing speed and put yourself at risk of bugs and breaches or you shore up your security and release software at a snail's pace. But with Copado DevOps, you get the best of both worlds. Leverage Copado's low-code DevOps platform to drive 94% fewer production bugs, 95% faster...
Week in Review - August 9-13, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, August 9-13, 2021, is hosted byRich Stroffolinowith our guest,Ben Sapiro, CISO,Canada Life Thanks to our episode sponsor, Sotero All links and the video of this episode can be found on CISO Series.com
August 13, 2021
Another unpatched PrintNightmare zero-day PrintNightmare vulnerability weaponized by ransomware gang Notorious darknet market comes back to life Thanks to our episode sponsor, Sotero It's a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page....
August 12, 2021
China signals tech crackdown will deepen Poly Network hacker has a change of heart PrintNightmare finally patched for good Thanks to our episode sponsor, Sotero It's a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of...
August 11, 2021
eCh0raix ransomware now targets both QNAP and Synology NAS devices At Least 30,000 internet-exposed exchange servers vulnerable to Proxyshell attacks US Senate sends infrastructure bill to House Thanks to our episode sponsor, Sotero It's a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com...
August 10, 2021
Ransomware demands surge in 2021 Flaw found in IOT random number generators Apple says nation states cannot add to CSAM scanning lists Thanks to our episode sponsor, Sotero It's a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at...
August 9, 2021
Actively exploited bug bypasses authentication on millions of routers A zero-day RCE in Cisco ADSM has yet to be fixed Password of three random words better than complex variation, experts say Thanks to our episode sponsor, Sotero It's a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief,...
Week in Review - August 2-6, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, August 2-6, 2021, is hosted byRich Stroffolinowith our guest,Sandy Dunn,Blue Cross of Idaho Thanks to our episode sponsor, PlexTrac All links and the video of this episode can be found on CISO Series.com
August 6, 2021
US partners with Amazon, Google, and Microsoft to help fight cyber threats Conti ransomware gang falls victim to insider data leak Microsoft announces new 'Super Duper' browser security feature Thanks to our episode sponsor, PlexTrac PlexTrac is the Purple Teaming Platform. Use the Runbooks Module to facilitate your tabletop exercises, red team engagements, breach and attack simulations, adversary emulation, and pentest automation to improve communication and collaboration. PlexTrac provides the platform to measure real progress and demonstrate real results. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to...
August 5, 2021
Google and Amazon patch DNS-as-a-Service bugs Asian telcos hit by separate Chinese cyber attacks US government struggles against the cyber security skills shortage Thanks to our episode sponsor, PlexTrac Level up your team's capabilities with PlexTrac. Regardless of size, resources, or maturity, every team can take steps to improve defenses against imminent threats like ransomware. PlexTrac is the perfect platform to make the most proactive engagements by tracking tactics, visualizing metrics, supporting communication, and measuring remediation. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
August 4, 2021
Federal agencies are failing to protect sensitive data, Senate report finds Spear phishing attackers increasingly targeting non-C-suite employees All apps on Google Play Store will need privacy policy by next April Thanks to our episode sponsor, PlexTrac PlexTrac is the solution to deal with your data. Aggregate findings from all assessments to produce the analytics needed to make informed decisions. Produce data visualizations and add them to reports with one click to communicate effectively to leadership. PlexTrac is the premier product for security data management. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the...
August 3, 2021
APT targeting Microsoft IIS servers Pegasus spyware confirmed on journalist phones Someone is spoofing military ship locations Thanks to our episode sponsor, PlexTrac Gain a real-time view of security posture with PlexTrac by consolidating scanner findings, assessments, and bug bounty tools. Visualize your posture in the Analytics Module to quickly assess and prioritize, creating a more effective workflow. Robust filtering allows for effortless options in viewing and communicating your data. Track your signal through the noise with PlexTrac. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
August 2, 2021
BlackMatter ransomware gang rises from the ashes of DarkSide, REvil Remote print server gives anyone Windows admin privileges on a PC Justice Department says Russians hacked federal prosecutors Thanks to our episode sponsor, PlexTrac PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com.
July 30, 2021
Biden warns that severe cyberattacks could escalate to an actual war New ransomware gangs emerge on cybercrime forums New Android malware uses VNC to spy and steal victim passwords Thanks to our episode sponsor, Varonis We all know devasting ransomware goes beyond the endpoint. Big game ransomware defense for your cloud and on-prem data is on everyone's mind. Varonis can help ease your worries with a free ransomware preparedness assessment. Visit varonis.com/risk for more information. For the stories behind the headlines, head to CISOseries.com
Week in Review - July 26-30, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, July 26-30, 2021, is hosted byRich Stroffolinowith our guest,Robb Reck(@robbreck), founder and host,Colorado = Cybersecurity Thanks to our sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don't need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware automatically with Varonis. Visit varonis.com/risk All links and the video of this episode can be found on CISO Series.com
July 29, 2021
Federal agencies directed to develop cyber security standards for infrastructure Controversial vulnerability search engine re-released at Defcon The most exploited vulnerabilities of the year Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis' leading data security platform.
July 28, 2021
Microsoft rushes fix for PetitPotam attack PoC Apple releases urgent zero day bug patch for Mac, iPhone and iPad devices Google launches new Bug Hunters vulnerability rewards platform Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at varonis.com/risk For the stories behind the headlines, head to CISOseries.com.
July 27, 2021
No More Ransom project five-years in Google Cloud Commits to APIs WhatsApp CEO details 2019 Pegasus spyware attack Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn't stand a chance. Learn more at varonis.com/risk
July 26, 2021
French president pushes for Israeli inquiry into NSO spyware concerns Microsoft shares mitigations for new PetitPotam NTLM relay attack Fake Windows 11 installers already distributing malware Thanks to our episode sponsor, Varonis Still in the news is REvil's ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking for? Visit varonis.com/risk to help make sure your data is protected. For the stories behind the headlines, head to CISOseries.com.
July 23, 2021
NSO Group says to blame its customers Saudi Aramco confirms data leak Sophos to acquire Braintrace Thanks to our episode sponsor, Varonis We all know devasting ransomware goes beyond the endpoint. Big game ransomware defense for your cloud and on-prem data is on everyone's mind. Varonis can help ease your worries with a free ransomware preparedness assessment. Visit varonis.com/risk for more information.
Week in Review - July 19-23, 202
Link to Blog Post This week'sCyber Security Headlines Week in Review, July 19-23, 2021, is hosted bySteve Prentice(@stevenprentice) with our guest, Shawn M. Bowen, CISO, World Fuel Services Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don't need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware automatically with Varonis. Visit varonis.com/risk All links and the video of this episode can be found on CISO Series.com
July 22, 2021
Israel creates task force to look into NSO spyware Bill could increase the FTC's role in fighting ransomware NPM package stealing saved browser passwords Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis' leading data security platform.
July 21, 2021
China fires back at US after Exchange hack accusations Unpatched iPhone bug allows remote device takeover 16-year-old bug in printer software gives hackers admin rights Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at varonis.com/risk For the stories behind the headlines, head to CISOseries.com
July 20, 2021
Leaked NSO group data hints at widespread Pegasus spyware infections UK and White House blame China for Microsoft Exchange Server hack Saudi Aramco data breach sees 1TB of stolen data for sale Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn't stand a chance. Learn more at varonis.com/risk For the stories behind the headlines, head to CISOseries.com.
July 19, 2021
Israeli firm uses Windows zero-days to deploy spyware Cyberattacks increased 17% in Q1 of 2021, with 77% being targeted attacks Another unpatched bug in Windows print spooler Thanks to our episode sponsor, Varonis Still in the news is REvil's ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking for? Visit varonis.com/risk to help make sure your data is protected. For the stories behind the headlines, head to CISOseries.com.
July 16, 2021
Facebook says it disrupted Iranian Tortoiseshell hacking campaign US offers $10 million reward to combat state-sponsored cyberattacks Report identifies top threats to Tokyo Olympic Games Thanks to our episode sponsor, Varonis We all know devasting ransomware goes beyond the endpoint. Big game ransomware defense for your cloud and on-prem data is on everyone's mind. Varonis can help ease your worries with a free ransomware preparedness assessment. Visit varonis.com/risk for more information. For the stories behind the headlines, head to CISOseries.com
Week in Review - July 12-16, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, July 12-16, 2021, is hosted bySteve Prentice(@stevenprentice) with our guest,Norman Hunt, deputy CISO,GEICO Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visitvaronis.com/riskfor a demo ofVaronis' leading data security platform. ll links and the video of this episode can be found on CISO Series.com
July 15, 2021
China issues new zero-day rules Google discloses four zero-days tied to Russian APT Microsoft announces Windows 365 at Inspire 2021 Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis' leading data security platform.
July 14, 2021
REvil web sites mysteriously shut down New BIOPASS malware livestreams victim's computer screen New CISA director confirmed, White House gains cyber-director Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at varonis.com/risk For the stories behind the headlines, head to CISOseries.com.
July 13, 2021
Ransomwhere site hopes to provide transparency Microsoft to buy RiskIQ The scope of China's Great Firewall internet censorship Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn't stand a chance. Learn more at varonis.com/risk
July 12, 2021
Cyber-attack hits Iran's transport ministry and railways Hackers use a new technique to disable macro security warnings in weaponized docs MacOS targeted in WildPressure APT malware campaign Thanks to our episode sponsor, Varonis Still in the news is REvil's ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking for? Visit varonis.com/risk to help make sure your data is protected. For the stories behind the headlines, head to CISOseries.com.
July 9, 2021
Phishing campaign spells double-trouble for Kaseya customers Google sued by 36 states over Play Store fees Morgan Stanley falls victim to third-party data breach Thanks to our episode sponsor, Viakoo Want to use 802.1x or TLS certificates on IoT devices, but believe it's hard to manage? It isn't if you use Viakoo. Let Viakoo show you how to manage certificates enterprise-wide from a single console and quickly improve your cyber hygiene. We're available at Viakoo.com. For the stories behind the headlines, head to CISOseries.com
Week in Review - July 5-9, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, July 5-9, 2021, is hosted bySteve Prentice(@stevenprentice) with our guest, Shawn M. Bowen, CISO, World Fuel Services Thanks to our episode sponsor, Viakoo IT vulnerability remediation solutions don't work for IoT. Viakoo's award-winning agentless and automated IoT vulnerability remediation solution can quickly shrink the attack surface created by distributed and unmanaged IoT devices. SeeViakooat Black Hat, and visit us atViakoo.com. All links and the video of this episode can be found on CISO Series.com
July 8, 2021
Russian APT targets Republican National Committee White House urges mayors to review cyber security posture Incomplete PrintNightmare emergency patch released Thanks to our episode sponsor, Viakoo IT vulnerability remediation solutions don't work for IoT. Viakoo's award-winning agentless and automated IoT vulnerability remediation solution can quickly shrink the attack surface created by distributed and unmanaged IoT devices. See Viakoo at Black Hat, and visit us at Viakoo.com.
July 7, 2021
Kaseya patches imminent after zero-day exploits REvil lowers ransom for universal decryptor Pentagon cancels $10 billion JEDI cloud contract that Amazon and Microsoft were fighting over Thanks to our episode sponsor, Viakoo Did you know IP cameras are responsible for 1/3rd of all IoT cyber breaches? And that 7 out of 10 cameras are running out of date firmware? Viakoo has proven solutions to automate cyber hygiene on cameras and other IoT devices. Sign up for a personalized demo at Viakoo.com. And come visit us at Black Hat this year. For the stories behind the headlines, head to CISOseries.com.
July 6, 2021
REvil confirms Kaseya attack White House will attribute Hafnium Exchange hacks Cyber reinsurance rates see a spike Thanks to our episode sponsor, Viakoo Using a discovery solution like Armis, Forescout, Ordr, and others? Great news when you discover vulnerable IoT devices you can automate firmware, certificate, and password management to make those devices secure. Learn more at Viakoo.com.
July 5, 2021
Kaseya was fixing zero-day just as REvil sprang their attack DHS announces most successful cybersecurity hiring initiative in its history Robinhood ordered to pay $70 million over 'harm' caused to millions of traders Thanks to our episode sponsor, RevCult On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Get afree Salesforce Security Self-Assessmentto understand your Salesforce security weaknesses. For the stories behind the headlines, head to...
July 2, 2021
Russian military cyber-unit behind large-scale brute-force attacks Authorities seize DoubleVPN service used by cybercriminals Microsoft research team reveals critical vulns in Netgear routers Thanks to our episode sponsor, Keyavi Cyber criminals who attack healthcare systems know medical record information has tremendous value for stealing identities. If you infuse personally identifiable information with geographical awareness and intelligence, you dramatically reduce the risk of patient identity theft. Join a live demo session on www.keyavi.com/sessions to learn more.
Week in Review - June 28-July 2, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 28-July 2, 2021, is hosted bySteve Prentice(@stevenprentice) with our guest,Gerhard Rickert, VP, Information Security,Central Pacific Bank Thanks to our episode sponsor, Keyavi Worried about being the next ransomware victim, like Colonial Pipeline? Cyber criminals stole gigabytes of data before their first extortion attempt, demanding payment to decrypt Colonial's information. Despite a multi-million-dollar ransom payment, the pipeline's stolen data is in the hands of these attackers forever. Head towww.keyavi.com/sessionsto learn more about protecting data from extortion attempts. All links and the video of this episode can be found on...
July 1, 2021
Secrecy orders abound in Microsoft's government data requests When proof of concepts go wrong Maine passes strong facial recognition ban Thanks to our episode sponsor, Keyavi Worried about being the next ransomware victim, like Colonial Pipeline? Cyber criminals stole gigabytes of data before their first extortion attempt, demanding payment to decrypt Colonial's information. Despite a multi-million-dollar ransom payment, the pipeline's stolen data is in the hands of these attackers forever. Head to www.keyavi.com/sessions to learn more about protecting data from extortion attempts.
June 30, 2021
Data for 700 million LinkedIn users posted for sale House lawmakers introduce American Cybersecurity Literacy Act to mitigate cyber risks UK foreign secretary's private mobile number has been online for at least 11 years Thanks to our episode sponsor, Keyavi Ransomware is big business. This nightmare usually gives cyber criminals multiple opportunities to hold your data hostage. After stealing it, attackers can also threaten to reveal the contents of your data publicly and damage reputations in the process. If your data self-protects, it becomes totally useless to criminals. Visit www.keyavi.com/sessions to learn how to protect your data from extortion. For...
June 29, 2021
Windows 11 CPU confusion continues EA ignored domain vulnerabilities for months Ransomware increasingly hiding in VMs Thanks to our episode sponsor, Keyavi 7 in 10 white-collar employees in the U.S. are still working remotely. Virtual teams boomed in 2020 and are here to stay. Locking down networks, restricting collaboration and prohibiting BYOD may limit some security risks. But a much bigger attack surface today exposes remote workers to far greater risks. Visit www.keyavi.com/sessions slash-sessions -- to learn how self-protecting data equals peace of mind.
June 28, 2021
Microsoft admits to signing rootkit malware in supply-chain fiasco Senate fails to confirm new CISA director before two-week break, drawing criticism Hackers release free games laced with cryptomining malware Thanks to our episode sponsor, Keyavi Google Security VP Royal Hansen said recently that the biggest security challenge over the next 10 years will be "shifting the focus of security from the technical hygiene of code and configuration to self-defending data." Guess what? Self-protecting data isn't 10 years away it's here now! Visit www.keyavi.com/sessions to see how the previously impossible is now possible. For the stories behind the headlines, head to...
June 25, 2021
Dell bug puts 30 million PCs at risk Irish health services still feel the impact of ransomware Google delays third-party cookie ban Thanks to our episode sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Read our 'CISOs Guide to Salesforce' at RevCult.com.
Week in Review - June 21-25, 2021
Link to Blog Post This week's Cyber Security Headlines - Week in Review, June 21-25, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Ira Winkler, CISO, Skyline Technology Solutions Thanks to our sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Get a free Salesforce Security Self-Assessment at RevCult.com to understand your Salesforce security weaknesses. All links and the video of this episode can...
June 24, 2021
Antivirus pioneer John McAfee found dead in Spanish prison MITRE releases D3FEND framework Tulsa issues fraud warning after police citation leak Thanks to our episode sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Get a free Salesforce Security Self-Assessment at RevCult.com to understand your Salesforce security weaknesses. For the stories behind the headlines, head to CISOseries.com
June 23, 2021
DirtyMoe is a rapidly growing Windows botnet Majority of web apps in 11 industries are vulnerable all the time Lexmark printers open to arbitrary code-execution Zero-Day Thanks to our episode sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Read our 'CISOs Guide to Salesforce' at RevCult.com. For the stories behind the headlines, head to CISOseries.com
June 22, 2021
Data leak marketplace dials up the pressure Bay Area water treatment plant targeted in cyber attack CISA lacks info on federal agency security Thanks to our episode sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Get a free Salesforce Security Self-Assessment at RevCult.com to understand your Salesforce security weaknesses.
June 21, 2021
New iPhone bug can permanently break WiFi simply by connecting to a rogue hotspot New York City Law Department hacked SASE: 64% of businesses are adopting or plan to adopt in the next year Thanks to our episode sponsor, Viakoo If you discover vulnerable IoT devices on your network, stop port-blocking them. Instead, use Viakoo to remediate vulnerabilities and keep devices delivering their value as full network citizens. Visit Viakoo.com to learn more. And come visit us at Black Hat this year. For the stories behind the headlines, head to CISOseries.com.
June 18, 2021
Ukrainian and South Korean police raids collar Clop ransomware gang suspects Over one billion CVS Health records exposed online Scammers using fake Ledger devices to swipe cryptocurrency Thanks to our episode sponsor, Keyavi Cyber criminals who attack healthcare systems know medical record information has tremendous value for stealing identities. If you infuse personally identifiable information with geographical awareness and intelligence, you dramatically reduce the risk of patient identity theft. Join a live demo session on www.keyavi.com/sessions to learn more. For the stories behind the headlines, head to CISOseries.com
Week in Review - June 14-18, 2021
Link to Blog Post This week's Cyber Security Headlines - Week in Review, June 14-18, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Peter Liebert (@LiebertPeter), CISO, Cerner Government Services. With all the cybersecurity tools you have, why is your data still vulnerable? You're assuming data cannot protect itself. BUT NOW IT CAN! Need to revoke access after data leaves your possession? Authorize remote locations real-time? Or change permissions on the fly? Seeing is believing. Sign-up at www.keyavi.com/sessions -- that's K-E-Y-A-V-I-dot-com-slash-sessions -- and take control of your data today. All links and the video of this episode can...
June 17, 2021
Biden gives Putin a no-hacking list Facebook's Oversight Board accepts policy opinion Researchers reverse engineer deepfakes Thanks to our episode sponsor, Keyavi Worried about being the next ransomware victim, like Colonial Pipeline? Cyber criminals stole gigabytes of data before their first extortion attempt, demanding payment to decrypt Colonial's information. Despite a multi-million-dollar ransom payment, the pipeline's stolen data is in the hands of these attackers forever. Head to www.keyavi.com/sessions to learn more about protecting data from extortion attempts.
June 16, 2021
Windows 11 leaked "Face of Anonymous" suspect deported from Mexico to face US hacking charges Apple reveals two iOS zero-day vulnerabilities that allow attackers to access fully patched devices Thanks to our episode sponsor, Keyavi Ransomware is big business. This nightmare usually gives cyber criminals multiple opportunities to hold your data hostage. After stealing it, attackers can also threaten to reveal the contents of your data publicly and damage reputations in the process. If your data self-protects, it becomes totally useless to criminals. Visit www.keyavi.com/sessions to learn how to protect your data from extortion. For the stories behind the headlines,...
June 15, 2021
Interpol shuts down thousands of fake pharmacies Chip shortage could lead to counterfeit chip crisis Windows 10 support ends in 2025 Thanks to our episode sponsor, Keyavi 7 in 10 white-collar employees in the U.S. are still working remotely. Virtual teams boomed in 2020 and are here to stay. Locking down networks, restricting collaboration and prohibiting BYOD may limit some security risks. But a much bigger attack surface today exposes remote workers to far greater risks. Visit www.keyavi.com/sessions to learn how self-protecting data equals peace of mind.
June 14, 2021
U.S. suffers over 7 ransomware attacks an hour Chief Operating Officer of network security company charged with cyberattack on medical center REvil hits US nuclear weapons contractor Thanks to our episode sponsor, Keyavi Google Security VP Royal Hansen said recently that the biggest security challenge over the next 10 years will be "shifting the focus of security from the technical hygiene of code and configuration to self-defending data." Guess what? Self-protecting data isn't 10 years away it's here now! Visit www.keyavi.com/sessions to see how the previously impossible is now possible. For the stories behind the headlines, head to CISOseries.com.
June 11, 2021
JBS paid $11 million ransom to cybercriminals Electronic Arts' gaming source code stolen in hack Largest stolen creds market seized by law enforcement Thanks to our sponsor: Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. VisitTrendMicro.com/Perspectivestoday to register. For the stories behind the headlines, head toCISOseries.com
Week in Review - June 7-11, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, June 7-11, 2021, is hosted bySteve Prentice(@stevenprentice) with our guest,Robert Wood, CISO,Centers for Medicare & Medicaid Services Thanks to our sponsor: Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register. All links and the video of this episode can...
June 10, 2021
Cyber-attack disrupts NYC Law Department Amazon successfully presses to omit consumer protections from Senate China bill Intel fixes high severity vulnerabilities with June 2021 platform update Thanks to our sponsor: Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. VisitTrendMicro.com/Perspectivestoday to register. For the stories behind the headlines, head toCISOseries.com
June 9, 2021
StackOverflow, Twitch, Reddit, others down in Fastly CDN outage Hundreds arrested in massive global crime sting using messaging app Capitol Hill tech vendor is the latest ransomware victim Thanks to our sponsor: Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register. For the stories behind the headlines, head to CISOseries.com.
June 8, 2021
US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers Energy chief cites risk of cyberattacks crippling power grid Researchers discover first known malware targeting Windows containers Thanks to our sponsor: Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register. For the stories behind the headlines, head to CISOseries.com.
June 7, 2021
VMware vulnerability with 9.8 severity rating is under attack GitHub updates policy to remove exploit code when used in active attacks Colonial Pipeline breached via single compromised password Thanks to our sponsor: Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register. For the stories behind the headlines, head to CISOseries.com.
June 4, 2021
NYC transportation authority hacked using Pulse Secure zero-day Cybercriminals hold contest to find new cryptocurrency exploits FBI confirms REvil as JBS ransomware attacker Thanks to our episode sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000's scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. For the stories behind the headlines, head toCISOseries.com
Week in Review - May 31-Jun 4, 2021
Link to Blog Post This week's Cyber Security Headlines - Week in Review, May 31- Jun 4, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Bryan Zimmer, Head of Security, Humu Thanks to our sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000's scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. All links...
June 3, 2021
Florida teen faces charges for DDoS attack on school district UC Browser calls home Ransomware disrupts Massachusetts ferry service Thanks to our episode sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000's scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. For the stories behind the headlines, head toCISOseries.com
June 2, 2021
Critical WordPress plugin zero-day under active exploitation Cyberattack forces meat producer to shut down operations in U.S., Australia Russia suspected LinkedIn data shows Austin is biggest winner in tech migration Thanks to our episode sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000's scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. For the stories behind...
June 1, 2021
Amazon to opt-in users to Amazon Sidewalk Rowhammer attacks show the downside of density Hacking shuts down Swedish infectious disease database Thanks to our episode sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000's scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. For the stories behind the headlines, head toCISOseries.com
May 31, 2021
Two new attacks allow alteration of certified PDF documents US says agencies fended off latest Russian hack involving four new malware families New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers Thanks to our episode sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000's scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. For the stories...
May 28, 2021
Twitter urges Indian government to respect free speech French authorities take down their third dark web marketplace Japanese government's data breached after Fujitsu compromise Thanks to our episode sponsor, Sumo Logic Empower your SOC teams with a single platform that addresses security, compliance and configuration. Register for Sumo Logic's Modern SOC Summit June 8-9. Whether you are just getting started or want a technical deep dive, this event has something for you. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen. For the stories behind the headlines, head to...
Week in Review - May 24-28, 2021
Link to Blog Post This week's Cyber Security Headlines - Week in Review, May 24-28, 2021, is hosted by Steve Prentice, with our guest, Jimmy Sanders, CISO, Netflix DVD Thanks to our episode sponsor, Sumo Logic It's time to rethink your security for digital transformation success. Register for Sumo Logic's Modern SOC Summit June 8-9 to debate, discuss and share best practices for modernizing security operations for the rapidly evolving threat landscape. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen. All links and the video of this episode...
May 27, 2021
Belgium disrupts cyber-espionage campaign Facebook says Russia is still the largest producer of misinformation WhatsApp sues over Indian IT laws Thanks to our episode sponsor, Sumo Logic It's time to rethink your security for digital transformation success. Register for Sumo Logic's Modern SOC Summit June 8-9 to debate, discuss and share best practices for modernizing security operations for the rapidly evolving threat landscape. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen.
May 26, 2021
DHS to issue first-ever cybersecurity regulations for pipelines after Colonial hack Audio technology maker Bose discloses data breach after ransomware attack Malware exploited macOS zero-day flaw to secretly take screenshots Thanks to our episode sponsor, Sumo Logic Join security leaders and practitioners at Sumo Logic's Modern SOC Summit June 8-9. Explore, learn and think about the future of your security strategy and direction with a half day program designed for all skill and interest levels. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen. For the stories behind the...
May 25, 2021
8.3 million plaintext passwords leaked Dozens of US towns buy surveillance gear from firms tied to human rights abuses Russia threatens to slow Google Thanks to our episode sponsor, Sumo Logic Empower your SOC teams with a single platform that addresses security, compliance and configuration. Register for Sumo Logic's Modern SOC Summit June 8-9. Whether you are just getting started or want a technical deep dive, this event has something for you. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen.
May 24, 2021
Air India hack covers ten years and three other airlines Wormable Windows IIS vulnerability also affects WinRM on Windows 10 and server systems Insurance giant CNA pays $40m to ransomware crooks Thanks to our episode sponsor, Sumo Logic It's time to rethink your security for digital transformation success. Register for Sumo Logic's Modern SOC Summit June 8-9 to debate, discuss and share best practices for modernizing security operations for the rapidly evolving threat landscape. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen. For the stories behind the headlines,...
May 21, 2021
Millions of Android users' data exposed due to cloud authentication failures UK regulator fines AmEx for spamming violations Russian hacker sentenced to 5 years for $1.5 million tax fraud Thanks to our episode sponsor, Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register. For the stories behind the headlines, head...
May 20, 2021
Colonial Pipeline confirms it paid the ransom Qlocker ransomware operators shut down SolarWinds CEO speaks about supply chain attack Thanks to our episode sponsor, Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register.
Week in Review - May 17-21, 2021
Link to Blog Post This week's Cyber Security Headlines - Week in Review, May 17-21, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Ty Sbano, CISO, Sisense Thanks to our episode sponsor, Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register. All links and the video of this...
May 19, 2021
DDoS attacks are back, stronger than ever Proof of concept exploit released for wormable Windows vulnerability Tech audit of Colonial Pipeline found 'glaring' problems in 2018 Thanks to our episode sponsor, Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register. For the stories behind the headlines, head to CISOseries.com.
May 18, 2021
Double encryption ransomware attacks on the rise The UK seeks advice on defending against supply-chain attacks Eufy leaks customer camera feeds to strangers Thanks to our episode sponsor, Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register.
May 17, 2021
Insurer AXA hit by ransomware after dropping support for ransom payments Darkside says it lost control of servers and money a day after Biden threat CEOs could face jail time for IoT attacks by 2024 Thanks to our episode sponsor, Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register. For...
May 14, 2021
Colonial Pipeline makes ransom payment of nearly $5 million Biden signs executive order to bolster federal cyber defenses Apple failed to disclose security incident affecting millions of users Thanks to our episode sponsor, Altitude Networks Wouldn't it be great if you could INSTANTLY KNOW if a file containing sensitive information was shared in the wrong way, anywhere in your company AND security had a real time slack notification with a magic "undo button"?! Altitude Networks solves these challenges and protects you from all data leak risks on Google Workspace and Office 365! Altitude Networks is addressing the data security gap...
May 13, 2021
FBI warns of phishing sites using search ads Researcher finds WiFi vulnerable to "frag attacks" Data transfer demonstrated on Apple's Find My network Thanks to our episode sponsor, Altitude Networks Imagine an employee just left and went to a competitor: did they take proprietary documents or critical roadmaps with them? Did they add a backdoor access via personal accounts to documents? You're a cloud-forward company on G Suite, how would you know your data is at risk? Altitude Networks can automatically tell you who is trying to steal your critical cloud data from G Suite and Office 365. Altitude Networks...
Week in Review - May 10-14, 2021
Link to Blog Post This week's Cyber Security Headlines - Week in Review, May 10-14, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Al Ghous, CISO, Envision Digital Thanks to our episode sponsor, Altitude Networks All links and the video of this episode can be found on CISO Series.com
May 12, 2021
U.S. declares emergency in 17 states over fuel pipeline cyber attack Japanese manufacturer Yamabiko targeted by Babuk ransomware Microsoft May 2021 Patch Tuesday fixes 55 flaws, 3 zero-days Thanks to our episode sponsor, Altitude Networks Imagine an employee just left and went to a competitor: did they take proprietary documents or critical roadmaps with them? Did they add a backdoor access via personal accounts to documents? You're a cloud-forward company on G Suite, how would you know your data is at risk? Altitude Networks can automatically tell you who is trying to steal your critical cloud data from G Suite...
May 11, 2021
Darkside behind the Colonial Pipeline attack Insurance provider ends ransomware reimbursement Tor exit nodes plagued by malware Thanks to our episode sponsor, Altitude Networks Uh oh, Johnny left the company 6 months ago, but still has access to numerous files in Google Drive via his personal account! Do you know how many other former employees and contractors still have access to our documents? It's a lot more than you might think. Altitude Networks automatically discovers sharing to personal accounts and can eliminate it with one click. Altitude Networks is addressing the data security gap in Google Workspace and Office 365....
May 10, 2021
Colonial hackers stole data ahead of pipeline shutdown Microsoft pulls Windows 10 AMD driver causing PCs not to boot New TsuNAME flaw could let attackers take down authoritative DNS servers Thanks to our episode sponsor, Altitude Networks Uh oh, Johnny left the company 6 months ago, but still has access to numerous files in Google Drive via his personal account! Do you know how many other former employees and contractors still have access to our documents? It's a lot more than you might think. Altitude Networks automatically discovers sharing to personal accounts and can eliminate it with one click. Altitude...
May 7, 2021
DOD announces expansion of bug bounty program Data leak uncovers Amazon product review scam DHS to embark on historic hiring initiative Thanks to our episode sponsor, Boxcryptor We think CISOs also have a right to sleep peacefully at night. Therefore, we recommend encrypting your sensitive business data for an extra layer of protection. Now in its 10th year, Boxcryptor offers strong end-to-end encryption for more than 30 cloud providers, NAS, file servers, and local data to organizations of all sizes. Start your free trial now at Boxcryptor.com. For the stories behind the headlines, head to CISOseries.com.
Week in Review - May 3-7, 2021
Link to Blog Post This week's Cyber Security Headlines Week in Review, May 3-7, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Mitch Parker (@mitchparkerciso), CISO, Indiana University Health. Thanks to our episode sponsor, Boxcryptor We think CISOs also have a right to sleep peacefully at night. Therefore, we recommend encrypting your sensitive business data for an extra layer of protection. Now in its 10th year,Boxcryptoroffers strong end-to-end encryption for more than 30 cloud providers, NAS, file servers, and local data to organizations of all sizes. Start your free trial now atBoxcryptor.com. All links and the video of...
May 6, 2021
Facebook's Oversight Board upholds Trump suspension Phishing for workplace credentials Report looks at third-party SDKs in school apps Thanks to our episode sponsor, Boxcryptor We think CISOs also have a right to sleep peacefully at night. Therefore, we recommend encrypting your sensitive business data for an extra layer of protection. Now in its 10th year, Boxcryptor offers strong end-to-end encryption "Made in Germany" for OneDrive, Dropbox, Google Drive, and Co. as well as for Microsoft Teams. For more information visit Boxcryptor.com.
May 5, 2021
A new set of vulnerabilities may affect 60 percent of the world's public email servers worldwide Hundreds of millions of Dell computers potentially vulnerable to attack Apple products hit by fourfecta of zero-day exploits Thanks to our episode sponsor, Boxcryptor We think CISOs also have a right to sleep peacefully at night. Therefore, we recommend encrypting your sensitive business data for an extra layer of protection. Now in its 10th year, Boxcryptor offers strong end-to-end encryption for more than 30 cloud providers, NAS, file servers, and local data to organizations of all sizes. Start your free trial now at Boxcryptor.com....
May 4, 2021
A look at the Project Signal ransomware campaign Moscow facial recognition system used against protestors Facebook Oversight Board to release Trump decision Wednesday Thanks to our episode sponsor, Boxcryptor We think CISOs also have a right to sleep peacefully at night. Therefore, we recommend encrypting your sensitive business data for an extra layer of protection. Now in its 10th year, Boxcryptor offers strong end-to-end encryption "Made in Germany" for OneDrive, Dropbox, Google Drive, and Co. as well as for Microsoft Teams. For more information visit Boxcryptor.com.
May 3, 2021
New Spectre exploits beat AMD and Intel mitigations Microsoft finds critical code execution bugs in IoT, OT devices New ransomware group uses SonicWall zero-day to breach networks Thanks to our episode sponsor, Boxcryptor We think CISOs also have a right to sleep peacefully at night. Therefore, we recommend encrypting your sensitive business data for an extra layer of protection. Now in its 10th year, Boxcryptor offers strong end-to-end encryption for more than 30 cloud providers, NAS, file servers, and local data to organizations of all sizes. Start your free trial now at Boxcryptor.com. For the stories behind the headlines, head...
April 30, 2021
Babuk ransomware operators announce shutdown Now we need to worry about deepfake satellite images QNAP hit with AgeLocker ransomware Thanks to our episode sponsor, Aptible Compliance teams have a ton of work to do such as completing access reviews, mitigating risks, and collecting evidence towards an audit pst Aptible Comply can help automate all of those things. The last thing the compliance team should be spending time on is sharing infosec documentation. That's why we also created Rooms. Now your security docs are instantly available to your customers; no back-and-forth to sign NDAs, watermark docs, or provide new docs. Focus...
Week in Review - April 26-30, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, April 26-30, 2021, is hosted bySteve Prentice(@stevenprentice) with our guest,Jerich Beason(@blanketSec), CISO,Epiq. Thanks to our episode sponsor, Aptible What do the compliance leaders at Datadog, Pagerduty, Fullstory, Sift, PartnerStack, and many other marque companies have in common? They all understand that the ultimate goal of their work is to build trust with customers. And that's why they all useAptible Complyto automate compliance management, and then they use the Rooms functionality to share their security documentation, making building customer trust easy. If you want to build trust like the best...
April 29, 2021
Linux malware used to backdoor systems for years Intel and Microsoft partner to detect cryptojacking Android contact tracing logs exposed to preinstalled apps Thanks to our episode sponsor, Aptible Remember this? It's the end of the quarter which means urgent sales requests for security documentation. Well, thanks to Aptible Comply those days are over. Comply Rooms is a completely free, sales enablement tool built specifically for compliance teams to provide immediate, self-serve, and secure access to trust packets. With Rooms you just upload your security docs and NDA, then input your customer's emails to invite them where they download automatically...
April 28, 2021
Ransomware gang threatens to expose police informants if ransom is not paid Vulnerabilities in Eaton product can allow hackers to disrupt power supply FBI shares four million email addresses used by Emotet with Have I Been Pwned Thanks to our episode sponsor, Aptible What do the compliance leaders at Datadog, Pagerduty, Fullstory, Sift, PartnerStack, and many other marque companies have in common? They all understand that the ultimate goal of their work is to build trust with customers. And that's why they all use Aptible Comply to automate compliance management, and then they use the Rooms functionality to share their...
April 27, 2021
Software bug opened macOS to malware An analysis of the COMB21 password leak Authorities warn of FluBot Android malware Thanks to our episode sponsor, Aptible Compliance teams have a ton of work to do such as completing access reviews, mitigating risks, and collecting evidence towards an audit pst Aptible Comply can help automate all of those things. The last thing the compliance team should be spending time on is sharing infosec documentation. That's why we also created Rooms. Now your security docs are instantly available to your customers; no back-and-forth to sign NDAs, watermark docs, or provide new docs. Focus...
April 26, 2021
Emotet malware officially removed from all infected devices globally Computer security world in mourning over death of Dan Kaminsky Password manager Passwordstate hacked to deploy malware on customer systems Thanks to our episode sponsor, Aptible Remember this? It's the end of the quarter which means urgent sales requests for security documentation. Well, thanks to Aptible Comply those days are over. Comply Rooms is a completely free, sales enablement tool built specifically for compliance teams to provide immediate, self-serve, and secure access to trust packets. With Rooms you just upload your security docs and NDA, then input your customer's emails to...
April 23, 2021
Prometei botnet exploits Exchange server bugs Facebook wants to 'normalize' the mass scraping of personal data Microsoft 365 outage affects email delivery Thanks to our episode sponsor, Palo Alto Networks In 1666, Sir Isaac Newton famously used a prism to disperse white light into colors. Today, cloud security professionals use Prisma Cloud from Palo Alto Networks to disperse full lifecycle security and full stack protection across their multi- and hybrid-cloud environments. We think Sir Isaac would approve. Learn more about Prisma Cloud at paltoaltonetworks.com/Prisma For the stories behind the headlines, head to CISOseries.com.
Week in Review - April 19-23, 2021
Link to Blog Post This week's Cyber Security Headlines - Week in Review, April 19-23, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, George Finney, CISO, Southern Methodist University Thanks to our episode sponsor, Palo Alto Networks All links and the video of this episode can be found on CISO Series.com
April 22, 2021
EU weighs regulations on "high-risk" AI DOJ forms ransomware task force Facebook disrupts two state-sponsored hacking groups Thanks to our episode sponsor, Palo Alto Networks Ralph Waldo Emerson famously wrote that "It's not the destination, it's the journey." For your cloud security journey, you need a reliable partner. On April 27th, Prisma Cloud by Palo Alto Networks will be hosting Spectrum, a virtual event with sessions to help you create a comprehensive cloud security strategy. Learn more at go.paloaltonetworks.com/spectrum
April 21, 2021
Hundreds of networks reportedly hacked in Codecov supply-chain attack Remote code execution vulnerabilities uncovered in smart air fryer Biden administration unveils plan to defend electric sector from cyberattacks Thanks to our episode sponsor, Palo Alto Networks In Latin, the word "spectrum" means "image". Spectrum also happens to be a cloud security event that's all about container imagesand CI/CD pipeline security, cloud transformation strategies, and much more. Join Prisma Cloud by Palo Alto Networks on April 27 for a virtual event covering all things cloud security. Learn more at go.paloaltonetworks.com/spectrum For the stories behind the headlines, head to CISOseries.com.
April 20, 2021
Security conferences set for in-person return Apple approves Parler's return to the App Store Geico exposed driver's license numbers for months Thanks to our episode sponsor, Palo Alto Networks In 1666, Sir Isaac Newton famously used a prism to disperse white light into colors. Today, cloud security professionals use Prisma Cloud from Palo Alto Networks to disperse full lifecycle security and full stack protection across their multi- and hybrid-cloud environments. We think Sir Isaac would approve. Learn more about Prisma Cloud at paltoaltonetworks.com/Prisma
April 19, 2021
Codecov discloses 2.5-month-long supply chain attack BazarLoader malware aims at Slack and BaseCamp users Windows 10 update causing DNS and shared folder issues Thanks to our episode sponsor, Palo Alto Networks Ralph Waldo Emerson famously wrote that "It's not the destination, it's the journey." For your cloud security journey, you need a reliable partner. On April 27th, Prisma Cloud by Palo Alto Networks will be hosting Spectrum, a virtual event with sessions to help you create a comprehensive cloud security strategy. Learn more at go.paloaltonetworks.com/spectrum For the stories behind the headlines, head to CISOseries.com.
April 16, 2021
US pins SolarWinds attack on Cozy Bear, boots 10 Russian diplomats Second Google Chromium zero-day released on Twitter this week Google rolls out Chrome 90 with HTTPS by default Thanks to our episode sponsor, Sonatype With security concerns around software supply chains ushered to center stage in recent months, organizations around the world are turning to Sonatype as trusted advisors. The company's Nexus platform offers the only full-spectrum control of the cloud-native software development lifecycle including third-party open source code, first-party source code, infrastructure as code, and containerized code.
Week in Review - April 12-16, 2021
Link to Blog Post https://cisoseries.com/cyber-security-headlines-week-in-review-april-12-16-2021 This week's Cyber Security Headlines - Week in Review, April 12-16, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Davi Ottenheimer, vp, trust and digital ethics, Inrupt. Thanks to our episode sponsor, Sonatype With security concerns around software supply chains ushered to center stage in recent months, organizations around the world are turning to Sonatype as trusted advisors. The company's Nexus platform offers the only full-spectrum control of the cloud-native software development lifecycle including third-party open source code, first-party source code, infrastructure as code, and containerized code. All links and the video of...
April 15, 2021
FBI patches Exchange server backdoors IcedID looks to fill the Emotet malware void Draft plan to improve US power grid security Thanks to our episode sponsor, Sonatype Ask any software developer, and they'll tell you the truth about two things: 1. Conventional code analysis and appsec tools are noisy and not well integrated into the dev workflow. 2: Tools that don't actually make life easier for them just add friction and are ignored. Rather than slowing devs down with process-heavy security gates or circuitous quality alerts, Sonatype believes developers are better served by gentle, timely, and effective nudges that actually...
April 14, 2021
Chrome Zero-Day exploit posted on Twitter April Patch Tuesday patches 114 bugs including NSA's two at 9.8 severity Cyberattacks are the number-one threat to the global financial system, Fed chair says Thanks to our episode sponsor, Sonatype With security concerns around software supply chains ushered to center stage in recent months, organizations around the world are turning to Sonatype as trusted advisors. The company's Nexus platform offers the only full-spectrum control of the cloud-native software development lifecycle including third-party open source code, first-party source code, infrastructure as code, and containerized code. For the stories behind the headlines, head to CISOseries.com.
April 13, 2021
Nvidia announces AI-powered tools for cybersecurity Biden announces nominations for cybersecurity positions Apple updates chip security mid-production Thanks to our episode sponsor, Sonatype Ask any software developer, and they'll tell you the truth about two things: 1. Conventional code analysis and appsec tools are noisy and not well integrated into the dev workflow. 2: Tools that don't actually make life easier for them just add friction and are ignored. Rather than slowing devs down with process-heavy security gates or circuitous quality alerts, Sonatype believes developers are better served by gentle, timely, and effective nudges that actually help them improve the...
April 12, 2021
Israel carries out cyberattack on Iran nuclear facility Joker malware infects over 500,000 Huawei Android devices Critical cloud bug in VMWare Carbon Black allows takeover Thanks to our episode sponsor, Sonatype With security concerns around software supply chains ushered to center stage in recent months, organizations around the world are turning to Sonatype as trusted advisors. The company's Nexus platform offers the only full-spectrum control of the cloud-native software development lifecycle including third-party open source code, first-party source code, infrastructure as code, and containerized code. For the stories behind the headlines, head to CISOseries.com.
April 9, 2021
Office 365 phishing hides behind HTML that stacks up like Legos Tech support scammers sending fake antivirus subscription bills PHP user database leaked in recent Git server attack Thanks to our episode sponsor, Sotero Okay, here's a story that'll warm your heart. A pharmaceutical company was having a really hard time making sensitive data available to downstream systems. Due to their security requirements, they were forced to transfer the data manually, which delayed the data's availability by an entire month. Guess what they did? They turned to our sponsor Sotero to keep the data encrypted as the data is sent...
Week in Review - April 5-9, 2021
Link to Blog Post This week's Cyber Security Headlines - Week in Review, April 5-9, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Justin Berman, former CISO, Dropbox Thanks to our episode sponsor, Sotero All this week we have been excited to welcome our new sponsor Sotero. We have told you about their encryption solutions that keep data encrypted while the data is in use and in motion. This is the breakthrough that many of us have been waiting for. Well, Sotero has just uploaded to our site a technical whitepaper that takes a deep dive into this...
April 8, 2021
Slack and Discord file sharing used to spread malware Facebook comments on recent user data leak Cring ransomware hits unpatched VPNs Thanks to our episode sponsor, Sotero What could your business do if it could keep data encrypted while the data is in motion or in use? Well, a lot of companies have the answer because they're using a new encryption technology from Sotero. Sotero's data encryption solutions keep data encrypted while the data is in use and in motion. These companies are using Sotero to attract new customers and drive new revenue streams. You really want to check this...
April 7, 2021
European Union institutions targeted in a cyber-attack LinkedIn spearphishing campaign uses custom decoy job offers Ransomware attacks increased by 485% in 2020 over 2019 Thanks to our episode sponsor, Sotero I'm wondering if any of you have had a chance to check out the new data encryption technology from Sotero. Their solutions let you keep data encrypted while the data is in use and in motion. A lot of companies are using Sotero to speed up data analysis, store data in the cloud without giving up the encryption key, and to build in use and in motion encryption into their...
April 6, 2021
Supreme Court rules in Google's favor on Java API case Firmware malware on the rise APTs exploiting vulnerabilities in FortiOS Thanks to our episode sponsor, Sotero In yesterday's Cybersecurity Headlines episode, we told you about an exciting encryption technology from a company called Sotero. They offer data security solutions that encrypt data while the data is in use and in motion. For those of you whose businesses have been held back by the risks of sharing data or storing data in the cloud, you'll want to check them out at Soterosoft.com.
April 5, 2021
533 million Facebook users have personal data leaked online Sierra Wireless resumes production after ransomware attack Malware attack is preventing car inspections in eight US states Thanks to our episode sponsor, Sotero This is a hot data security company with solutions that encrypt data while the data is in motion and in use. This is the breakthrough that everyone's been waiting for. By keeping data encrypted in use and in motion, companies are deploying data in the cloud and to 3rd-party partners and systems with complete confidence. Check them out at Soterosoft.com. For the stories behind the headlines, head to...
April 2, 2021
$3 will get you private webcam feeds sold as home video tapes Ubiquiti attacker tried to extort us, company confirms Crooks offer $500 for work logins, $25/month if they stay valid Thanks to our episode sponsor, Remediant Former Incident Response practitioners Tim Keeler and Paul Lanzi founded Remediant, a leader in Privileged Access Management. They did it to solve the one problem they saw repeatedly - standing administrator privileges. Repeatedly, they saw these rights weaponized by adversaries to deploy ransomware and move laterally across a network. Remediant uniquely addresses the challenge of standing privilege and be a force multiplier to...
Week in Review - March 29-April 2, 2021
Link to Blog Post https://cisoseries.com/cyber-security-headlines-week-in-review-march-29-april-2-2021/ Thanks to our episode sponsor, Remediant Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management, one that a Fortune 100 company calls "the world's best protection against major incidents." Remediant uniquely: Deploys and inventories thousands of privileged accounts in hours Locks down lateral movement & ransomware spread by removing standing privilege with a single action Administer privileges just-in-time with MFA To learn more, visit remediant.com All links and the video of this episode can be found on CISO Series.com
April 1, 2021
North Korean hackers targeting security researchers Report details data sent from mobile operating systems Does CISA have the resources to succeed? Thanks to our episode sponsor, Remediant Did you know the average large enterprise workstation has 480 admins with 24x7 access to it? This access is called standing privilege and is an adversary's favorite tool and a security team's biggest undiscovered risk. Precision PAM leader Remediant addresses this risk by providing just enough access just in time, eliminating standing privilege with continuous scanning and agentless, vaultless simplicity. To learn more, visit remediant.com
March 31, 2021
Intel sued under wiretapping laws for tracking user activity on its website Whistleblower: Ubiquiti breach "catastrophic" Gibberish tweet from US nuclear-agency was from unattended child Thanks to our episode sponsor, Remediant Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and a Fortune 100 company calls "the world's best protection against major incidents." Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges just-in-time with MFA. To learn more, visit remediant.com For the...
March 30, 2021
Emails from DHS officials obtained in SolarWinds hack Docker Hub images contain cryptominers Commits with backdoor pushed to PHP Thanks to our episode sponsor, Remediant Former Incident Response practitioners Tim Keeler and Paul Lanzi founded Remediant, a leader in Privileged Access Management. They did it to solve the one problem they saw repeatedly - standing administrator privileges. Repeatedly, they saw these rights weaponized by adversaries to deploy ransomware and move laterally across a network. Remediant uniquely addresses the challenge of standing privilege and be a force multiplier to Security programs worldwide. To learn more about Tim & Paul's story, watch...
March 29, 2021
Apple releases emergency update for iPhones, iPads, and Apple Watch Android system update may contain spyware Senators offer to let NSA hunt cyber actors inside the US Thanks to our episode sponsor, Remediant Did you know the average large enterprise workstation has 480 admins with 24x7 access to it? This access is called standing privilege and is an adversary's favorite tool and a security team's biggest undiscovered risk. Precision PAM leader Remediant addresses this risk by providing just enough access just in time, eliminating standing privilege with continuous scanning and agentless, vaultless simplicity. To learn more, visit remediant.com For the...
March 26, 2021
Fake COVID credentials flourish on the dark web Mamba ransomware gang abusing open source tools An analysis of COVID-19 vaccine websites Thanks to our episode sponsor, Trend Micro Threat actors want what you're storing in the cloud. Trend Micro's Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.
Week in Review - March 22-26, 2021
Link to Blog Post https://cisoseries.com/cyber-security-headlines-week-in-review-march-22-26-2021/ This week's Cyber Security Headlines - Week in Review, March 22-26, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Will Lin (@williamlin), managing director & co-founder, ForgePoint Capital Thanks to our episode sponsor, Trend Micro Threat actors want what you're storing in the cloud. Trend Micro's Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud. All links and the video of this episode can be found on CISO Series.com
March 25, 2021
Voting information on millions of Israeli's leaked ahead of election Facebook disrupts Chinese group targeting Uyghur community Privacy and security issues with Slack's Connect DM rollout Thanks to our episode sponsor, Trend Micro Threat actors want what you're storing in the cloud. Trend Micro's Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.
March 24, 2021
US government calls for better information sharing in wake of SolarWinds, Exchange attacks Hospitals hide pricing data from search results New Android zero-day vulnerability Is under active attack Thanks to our episode sponsor, Trend Micro Threat actors want what you're storing in the cloud. Trend Micro's Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud. For the stories behind the headlines, head to CISOseries.com.
March 23, 2021
SCOTUS: Facebook's still on the hook for nonconsensual user tracking Democrats prepare swarm of antitrust bills targeting Big Tech Microsoft Exchange servers flooded with ransomware Thanks to our episode sponsor, Trend Micro Threat actors want what you're storing in the cloud. Trend Micro's Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.
March 22, 2021
REvil Ransomware gang demands $50 million from Acer Feds indict hacktivist behind Verkada surveillance camera breach SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests Thanks to our episode sponsor, Trend Micro Threat actors want what you're storing in the cloud. Trend Micro's Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud. For the stories behind the headlines, head to CISOseries.com.
March 19, 2021
Over $4.2 billion in cybercrime losses reported to FBI in 2020 Fake iPhone charger blows up in researcher's face Taxpayers attacked with Trojan-inflicting phishing campaign Thanks to our episode sponsor, Trend Micro The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it's time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO
Week in Review - March 15-19, 2021
Link to Blog Post Cyber Security Headlines Week in Review, March 15-19, 2021, is hosted bySteve Prentice(@stevenprentice) with our guest,Jesse Whaley, CISO,Amtrak Thanks to our episode sponsor, Trend Micro The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it's time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO All links and the video of this episode can be found on CISO Series.com
March 18, 2021
Telcos targeted by Chinese attackers Mimecast source code stolen by SolarWinds attackers Hiding data in Twitter images Thanks to our episode sponsor, Trend Micro The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it's time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO
March 17, 2021
Microsoft shares one-click ProxyLogon mitigation tool for Exchange servers Microsoft Teams, Exchange and more went down for four hours on Monday Signal is down in China after 100 million reported downloads Thanks to our episode sponsor, Trend Micro The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it's time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO For the stories behind the headlines, head to CISOseries.com.
March 16, 2021
Cyber criminals impacted by OVH data center fire Journalist hit with $16 SMS attack Hackers steal NFTs Thanks to our episode sponsor, Trend Micro The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it's time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO
March 15, 2021
DearCry ransomware using ProxyLogon exploits Google faces suit over snooping on "Incognito" browsing Detecting deepfakes by analyzing light reflections in the eyes Thanks to our episode sponsor, Trend Micro The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it's time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO For the stories behind the headlines, head to CISOseries.com
March 12, 2021
Raided phone network Sky ECC says no, police didn't break our encryption 'Even 20-year-old interns' could watch unsecured webcam feeds Russia blocks itself by mistake Thanks to our episode sponsor, Trend Micro With organizations rapidly migrating to the cloud, CISOs have new challenges to address. Trend Micro Cloud One is a connected SaaS platform comprised of six solutions that address all your cybersecurity needs from workloads, to file storage, containers and more. Empower your IT teams to do more with less with Trend Micro Cloud One. Visit us at Trendmicro.com for more info.
Week in Review - March 8-12, 2021
Link to Blog Post https://cisoseries.com/cyber-security-headlines-week-in-review-march-8-12 This week's Cyber Security Headlines - Week in Review, March 8-12, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Dan Walsh, CISO, VillageMD Thanks to our episode sponsor, Trend Micro With organizations rapidly migrating to the cloud, CISOs have new challenges to address. Trend Micro Cloud One(tm) is a connected SaaS platform comprised of six solutions that address all your cybersecurity needs from workloads, to file storage, containers and more. Empower your IT teams to do more with less with Trend Micro Cloud One. Visit us at Trendmicro.com for more info. All links...
March 11, 2021
Cloud hosting data centers burn down New initiative hopes to secure the open source supply chain Dependency confusion attacks flourishing Thanks to our episode sponsor, Trend Micro With organizations rapidly migrating to the cloud, CISOs have new challenges to address. Trend Micro Cloud One is a connected SaaS platform comprised of six solutions that address all your cybersecurity needs from workloads, to file storage, containers and more. Empower your IT teams to do more with less with Trend Micro Cloud One. Visit us at Trendmicro.com for more info.
March 10, 2021
Microsoft March Patch Tuesday fixes 82 flaws, 2 zero-days Hackers access surveillance cameras at Tesla, Cloudflare, banks, more CISA urges people get serious about Exchange Server exploitation Thanks to our episode sponsor, Trend Micro With organizations rapidly migrating to the cloud, CISOs have new challenges to address. Trend Micro Cloud One is a connected SaaS platform comprised of six solutions that address all your cybersecurity needs from workloads, to file storage, containers and more. Empower your IT teams to do more with less with Trend Micro Cloud One. Visit us at Trendmicro.com for more info. For the stories behind the...
March 9, 2021
SUPERNOVA malware linked to threat actor Spiral Intel working on FHE silicon Gender disparity remains an issue in cyber security Thanks to our episode sponsor, Trend Micro With organizations rapidly migrating to the cloud, CISOs have new challenges to address. Trend Micro Cloud One is a connected SaaS platform comprised of six solutions that address all your cybersecurity needs from workloads, to file storage, containers and more. Empower your IT teams to do more with less with Trend Micro Cloud One. Visit us at Trendmicro.com for more info.
March 8, 2021
REvil ransomware gang uses extended voice calls to pressure victims New Microsoft tool checks Exchange Servers for ProxyLogon hacks Ongoing phishing attacks target US brokers with fake FINRA audits Thanks to our episode sponsor, Trend Micro With organizations rapidly migrating to the cloud, CISOs have new challenges to address. Trend Micro Cloud One is a connected SaaS platform comprised of six solutions that address all your cybersecurity needs from workloads, to file storage, containers and more. Empower your IT teams to do more with less with Trend Micro Cloud One. Visit us at Trendmicro.com for more info. For the stories...
March 5, 2021
Fake (right-wing) news does better than real news on Facebook Security firm Qualys says it was victimized in Accelion zero-day CISA issues emergency 'fix Exchange zero-days NOW!' directive Thanks to our episode sponsor, TrustMAPP The last audit firm that assessed your security compliance did the interviews, wrote a report, and then left. That's just half the job. Now you have to identify maturity gaps, cost out and prioritize remediations, and track improvement over time. That's where TrustMAPP comes in.
Week in Review | March 1-5, 2021
Link to Blog Post https://cisoseries.com/cyber-security-headlines-week-in-review-march-1-5-2021 This week's Cyber Security Headlines - Week in Review, March 1-5, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, John Overbaugh (@johnoverbaugh), vp, security, CareCentrix Thanks to our episode sponsor, TrustMAPP Maturity Assessment, Profile, and Plan Learn the MAPP methodology for managing security as a business. While the information security industry has undergone convulsive change, it is coalescing around maturity-based management of key business processes. The MAPP approach provides practical implementation of the maturity model. This paper describes a three-step maturity-centric approachMaturity Assessment, a Profile, and a Plan (MAPP). An information security MAPP...
March 4, 2021
Virginia's Consumer Data Protection Act signed into law Exchange Server zero-days exploited in the wild Facebook to lift political ad ban Thanks to our episode sponsor, TrustMAPP Does your board want to see yet more heat maps? No, they do not. They want to see that security investments align with business goals, and that their costs are objectively justified. TrustMAPP's data visualization helps you communicate with your board in a way they can understand and approve.
March 3, 2021
Microsoft announces end-to-end encryption support for Teams, plus passwordless logins U.S. unprepared for AI competition with China, commission finds Tom Cruise deepfake videos rattle security experts Thanks to our episode sponsor, TrustMAPP Are you a vCISO? Building your practice and client base is hard enough don't waste time building the tools you need to operate. TrustMAPP's turnkey SaaS platform gets you up and running quickly, so you can focus on your business. For the stories behind the headlines, head to CISOseries.com.
March 2, 2021
Gab user data leaked Biden administration to keep tech export ban rules Hackers give websites great SEO before installing malware Thanks to our episode sponsor, TrustMAPP First it was GDRP in the EU, then California's CCPA. Now Virginia is set to pass its own Consumer Data Protection Act. Are you ready? Get ready with TrustMAPP.
March 1, 2021
Ryuk ransomware now self-spreads to other Windows LAN devices Go malware sees 2000% increase, adopted by APTs and e-crime groups Former SolarWinds CEO blames intern for 'solarwinds123' password leak Thanks to our episode sponsor, TrustMAPP Attention defense contractors! Are you ready for CMMC? TrustMAPP addresses your CMMC and NIST 800-171 maturity and compliance assessments needs today, and automatically builds a roadmap to achieve your desired level of maturity posture. For more information, visit TrustMAPP.com For the stories behind the headlines, head to CISOseries.com.
February 26, 2021
Biden orders review of supply chain security China uses malicious Firefox Extension to spy on Tibetans Attackers scan for unpatched VMware servers after PoC exploit release Thanks to our episode sponsor, PlexTrac PlexTrac is the Purple Teaming Platform. Use the Runbooks Module to facilitate your tabletop exercises, red team engagements, breach and attack simulations, and pentest automation to improve communication and collaboration. PlexTrac upgrades your program's capabilities by making the most of every team member and tool. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
Week in Review | February 22 through 26, 2021
Link to Blog Post This week'sCyber Security Headlines Week in Review, February 22-26, 2021, is hosted bySteve Prentice(@stevenprentice) with our guest,Naomi Buckwalter(@ineedmorecyber), director of information security and IT,Beam Technologies Please join us live every Thursday at 4pm PT/7pm ET by registering for the open discussion. Thanks to our episode sponsor, PlexTrac PlexTrac is the solution to deal with your data. Aggregate findings from all assessments to produce the analytics needed to make informed decisions. Produce data visualizations and add them to reports with one click to communicate effectively to leadership. PlexTrac is the premier product for security data management. Check...
February 25, 2021
Microsoft and FireEye push for breach reporting rules US Federal Reserve hit with massive IT outage Path cleared for California's net neutrality law Thanks to our episode sponsor, PlexTrac Solve your talent shortage with PlexTrac. Use PlexTrac to automate security tasks and workflows to keep your red, blue, and purple teams focused on the real security work. Gain precious time back in your team's day and improve their morale by making them more effective with PlexTrac. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
February 24, 2021
Most firms now fear nation state attack Firefox 86 gets privacy boost with Total Cookie Protection Shadow attacks let attackers replace content in digitally signed PDFs Thanks to our episode sponsor, PlexTrac PlexTrac is the solution to deal with your data. Aggregate findings from all assessments to produce the analytics needed to make informed decisions. Produce data visualizations and add them to reports with one click to communicate effectively to leadership. PlexTrac is the premier product for security data management. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head...
February 23, 2021
SHAREit fixes security holes Organizations feel the impact of the Accellion exploit China spyware cribs the NSA Thanks to our episode sponsor, PlexTrac Gain a real-time view of security posture with PlexTrac by consolidating scanner findings, assessments, and bug bounty tools. Visualize your posture in the Analytics Module to quickly assess and prioritize, creating a more effective workflow. Map risks to the MITRE ATT&CK framework to create a living risk register. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
February 22, 2021
Silver Sparrow malware found on 30,000 Macs has security pros stumped SolarWinds hackers stole source code for Microsoft Azure, Exchange, Intune New hack lets attackers bypass MasterCard PIN by using it as Visa card Thanks to our episode sponsor, PlexTrac PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind...
February 19, 2021
Dating-app video calls could have been spied on Microsoft pulls buggy Windows update that blocked security updates Windows, Linux servers targeted by new WatchDog botnet Thanks to our episode sponsor, Kenna Security Ready to shift gears to risk-based vulnerability management? Now's the time. Through Kenna Security's on-demand educational series Kenna Katalyst, you can learn the six steps needed to start your own risk-based vulnerability management program and make vulnerability management well, more manageable. And you can earn 1 CPE credit through (ISC). Learn more at kennasecurity.com/katalyst.
Week in Review | February 15 through 19, 2021
Link to Blog Post This week's Cyber Security Headlines - Week in Review, February 15-19, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Mike Johnson, co-Host CISO Vendor Relationship Podcast. Thanks to our episode sponsor, Kenna Security In just one hour, learn how to prioritize your riskiest vulnerabilities and lower your cyber risk through Kenna Katalyst, the newest on-demand educational series from Kenna Security designed to kickstart your risk-based vulnerability management program and equip you with expert tips you can implement today. Backed by (ISC), participants can earn 1 CPE credit. Start now at kennasecurity.com/katalyst. All links and...
February 18, 2021
SolarWinds attack launched from within the US Facebook restricts Australian news sharing Security researcher finds native Apple Silicon malware Thanks to our episode sponsor, Kenna Security Ready to shift gears to risk-based vulnerability management? Now's the time. Through Kenna Security's on-demand educational series Kenna Katalyst, you can learn the six steps needed to start your own risk-based vulnerability management program and make vulnerability management well, more manageable. And you can earn 1 CPE credit through (ISC). Learn more at kennasecurity.com/katalyst.
February 17, 2021
Security bugs left unpatched in Android app with one billion downloads LastPass will restrict free users to only one type of device starting next month North Korea accused of hacking Pfizer for Covid-19 vaccine data Thanks to our episode sponsor, Kenna Security In just one hour, learn how to prioritize your riskiest vulnerabilities and lower your cyber risk through Kenna Katalyst, the newest on-demand educational series from Kenna Security designed to kickstart your risk-based vulnerability management program and equip you with expert tips you can implement today. Backed by (ISC), participants can earn 1 CPE credit. Start now at kennasecurity.com/katalyst....
February 16, 2021
France links Russian Sandworm hackers to hosting provider attacks Privacy problems with Azure and Canonical Microsoft estimates thousands of developers touched SolarWinds malware Thanks to our episode sponsor, Kenna Security Kenna Katalyst is Kenna Security's newest on-demand educational series designed to help you shift gears to risk-based vulnerability management. Get the six key steps you need to go risk-based along with actionable tips to help your team focus on the risks that matter most. Participants can earn 1 CPE credit through (ISC). Learn more at kennasecurity.com/katalyst.
February 15, 2021
SuperMicro supply chain hack used for counterintelligence for a decade Egregor ransomware operators arrested in Ukraine Scammers target US tax pros in ongoing IRS phishing attacks Thanks to our episode sponsor, Kenna Security Ready to shift gears to risk-based vulnerability management? Now's the time. Through Kenna Security's on-demand educational series Kenna Katalyst, you can learn the six steps needed to start your own risk-based vulnerability management program and make vulnerability management well, more manageable. And you can earn 1 CPE credit through (ISC). Learn more at kennasecurity.com/katalyst. For the stories behind the headlines, head to CISOseries.com
February 12, 2021
Pitiful password enabled recent water treatment facility hack Border patrol scans millions of faces, catches 0 imposters at airports India using a glitchy app to inoculate 300 million people by August Thanks to our episode sponsor Altitude Networks Wouldn't it be great if you could INSTANTLY KNOW if a file containing sensitive information was shared in the wrong way, anywhere in your company AND security had a real time slack notification with a magic "undo button"?! Altitude Networks solves these challenges and protects you from all data leak risks on G Suite and Office 365! Check it out at AltitudeNetworks.com...
Week in Review | February 8 through 12, 2021
Link to Blog Post This week's Cyber Security Headlines - Week in Review, February 8-12, 2021 is hosted by Steve Prentice (@stevenprentice) with our guest, Johna Till Johnson (@JohnaTillJohnso), CEO, Nemertes Research. Thanks to our episode sponsor,Altitude Networks Imagine an employee just left and went to a competitor: did they take proprietary documents or critical roadmaps with them? Did they add a backdoor access via personal accounts to documents? You're a cloud-forward company on G Suite, how would you know your data is at risk? Altitude Networks can automatically tell you who is trying to steal your critical cloud data...
February 11, 2021
SIM swapping gang targeting celebrities arrested Researcher demonstrates the vulnerability of open source to supply chain attacks Google study looks at high-risk victims of email attacks Thanks to our episode sponsor Altitude Networks "Uh oh! Charles just accidentally shared the board deck by link on the company slack channel and the link is open to all employees! I hope we can take it down before the M&A information leaks!" Does this scenario sound familiar? Make sure it doesn't happen at your company!! Altitude Networks provides always-on data security for GSuite and Office365. Check it out at AltitudeNetworks.com and be sure...
February 10, 2021
Office 365 will help admins find impersonation attack targets U.S. agencies publish ransomware factsheet Europol busts international cybercriminal group Thanks to our episode sponsor Altitude Networks Imagine an employee just left and went to a competitor: did they take proprietary documents or critical roadmaps with them? Did they add a backdoor access via personal accounts to documents? You're a cloud-forward company on G Suite, how would you know your data is at risk? Altitude Networks can automatically tell you who is trying to steal your critical cloud data from G Suite and Office 365. Check it out at AltitudeNetworks.com and...
February 9, 2021
A look at Iranian spyware operations Florida water treatment plant hacked to distribute harmful chemicals Microsoft to add 'nation-state activity alerts' to Defender Thanks to our episode sponsor Altitude Networks Remember that time when someone at work accidentally shared a Google document to your personal email? Well, that happens a lot and it leaves a backdoor to cloud data for former employees or contracts. Altitude Networks is the only solution that will protect you from this and many other data leak risks on G Suite and Office 365! Check it out at AltitudeNetworks.com and be sure your sensitive data isn't...
February 8, 2021
New phishing attack uses Morse code to hide malicious URLs Hacked by SolarWinds, Mimecast lays off staff despite record profits Activists complain of weakened voting security standard Thanks to our episode sponsor Altitude Networks Uh oh, Johnny left the company 6 months ago, but still has access to numerous files in Google Drive via his personal account! Do you know how many other former employees and contractors still have access to our documents? It's a lot more than you might think. Altitude Networks automatically discovers sharing to personal accounts and can eliminate it with one click. Check it out at...
February 5, 2021
Canada calls Clearview AI's facial recognition 'mass surveillance' Amazon pulls Big-Brother move, puts AI cameras in delivery vans Myanmar blocks Facebook following military coup Thanks to our episode sponsor HID Global: Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global's advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at www.hidglobal.com/mfa
Week in Review: February 1 through 5, 2021
Link to Blog Post This week's Cyber Security Headlines - Week in Review, February 1-5, 2021 is hosted by Steve Prentice (@stevenprentice) with our guest, Shawn Bowen, CISO,RestaurantBrandsInternational(RBI) Thanks to our episode sponsor HID Global Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global's advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at www.hidglobal.com/mfa All links and the video of this episode can be found on CISO Series.com
February 4, 2021
Microsoft sees a rise in business email compromise attacks on schools Facebook takes a proactive content stance after Myanmar coup SolarWinds CEO says its email systems were compromised for months Thanks to our episode sponsor HID Global: Evolving organizations need strong MFA.With the broadest selection of authentication options in the industry, HID Global's advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more atwww.hidglobal.com/mfa
February 3, 2021
Another SolarWinds vulnerability used to hack National Finance Center SonicWall confirms actively exploited zero-day Microsoft Defender now detects macOS vulnerabilities Thanks to today's sponsors, HID Global: Evolving organizations need strong MFA.With the broadest selection of authentication options in the industry, HID Global's advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more atwww.hidglobal.com/mfa
February 2, 2021
Deloitte's CDC vaccine system comes up short Myanmar internet and telecom disruptions continue due to coup Sprite Spider emerges as one of the most destructive ransomware threat actors this year Thanks to our sponsor, HID Global Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global's advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at https://hidglobal.com/mfa For the stories behind the headlines, head to CISOseries.com.
February 1, 2021
Suspected Russian hack extends far beyond SolarWinds software Russian hack brings changes and uncertainty to US court system Section 230 emerges as Robinhood's shield from lawsuits Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global's advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at https://hidglobal.com/mfa. For the stories behind the headlines, head to CISOseries.com.
January 29, 2021
Unhappy #DataPrivacyDay to us all WhatsApp adds biometric authentication to web, desktop versions Sources: Facebook preps suit against Apple over App Store rules And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern #4: "Homegrown Vulnerability Management Tools":Large enterprises are full of homegrown vulnerability management tools that were abandoned due to complexity or cumbersome builds. See how Nucleus automates your vulnerability management workflows, replacing the need for custom tools completely, atnucleussec.com/demo
Week in Review: January 25 through 29, 2021
Link to Blog Post This week's Cyber Security Headlines Week in Review, January 25-29, 2021, is hosted by Steve Prentice @stevenprentice with our guest, Steve Zalewski, Deputy CISO, Levi Strauss. Thanks to our sponsor, Nucleus Security All this week on our daily news podcast, Nucleus Security has been sharing some antipatterns in vulnerability management, such as relying on spreadsheets to track risks, relying on homegrown vulnerability management tools that were abandoned due to complexity or cumbersome builds, and the challenge of hiring enough vulnerability analysts to do triage. Learn how Nucleus can rescue you from these types of challenges and...
January 28, 2021
10-year old sudo bug patched Mass Emotet uninstall planned for March 25th Microsoft's security business exceeds $10 billion in revenue And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern #4: "Homegrown Vulnerability Management Tools":Large enterprises are full of homegrown vulnerability management tools that were abandoned due to complexity or cumbersome builds. See how Nucleus automates your vulnerability management workflows, replacing the need for custom tools completely, atnucleussec.com/demo
January 27, 2021
Google's Threat Analysis Group warns of social engineering hack aimed at security researchers Verizon outage started in Brooklyn TikTok fixes flaws allowing theft of private user information And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern #3: "The Army of Analysts": Manual vulnerability analysis doesn't scale. In large enterprises, it's impossible to hire enough vulnerability analysts to manually analyze and triage vulnerability scan results fast enough. Learn how Nucleus automates vulnerability analysis and triage with a demo-on-demand at nucleussec.com/demo. For the stories behind the headlines, head to CISOseries.com.
January 26, 2021
Google's cookie replacement performs well in tests Twitter Birdwatch pilot launches WhatsApp wormable malware found on Android And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern #2: "CVSS prioritization": CVSS scores are useful, but you need much more than scores to determine what to fix and when to fix it; Business context and vulnerability intelligence are key to prioritizing vulnerabilities in large enterprises. Learn how Nucleus can help with intelligent vulnerability prioritization at nucleussec.com/demo
January 25, 2021
President Biden takes on cybersecurity on day one SonicWall firewall maker hacked using zero-day in its VPN device Intel probes reports of quarterly earnings hack And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern No. 1: "Spreadsheet Hell": Relying on Microsoft Excel to track risks and answer questions about your vulnerability data is inefficient and insecure. Learn how Nucleus can rescue you from spreadsheet hell and provide the data insights you need with a demo-on-demand at nucleussec.com/demo.
January 22, 2021
Technologists comb through Parler videos with facial recognition EU privacy watchdogs go after employers who spy on workers Google investigates top AI ethicist's exfiltration of thousands of files Thanks to our episode sponsor Armis Armis research shows that on average, companies are blind to 40% of the devices in their environment. This blind spot includes traditional desktops, laptops, cloud and virtual instances, BYOD, and IoT and more. Without a real-time, comprehensive view of all these assets or the risks associated with them, businesses are vulnerable. Armis Asset Management can help by providing 5x more visibility over exciting solutions.
Week in Review: January 18 through 22, 2021
Link to Blog Post This week's Cyber Security Headlines Week in Review, January 18-22, 2021 is hosted by Steve Prentice @stevenprentice with our guest Joshua Scott, Head of Information Security at Postman. Thanks to our episode sponsor Armis Armis has research shows that on average, companies are blind to 40% of the devices in their environment. This blind spot includes traditional desktops, laptops, cloud and virtual instances, BYOD, and IoT and more. Without a real-time, comprehensive view of all these assets or the risks associated with them, businesses are vulnerable. Armis Asset Management can help by providing 5x more visibility...
January 21, 2021
Malwarebytes breached by the group that attacked Solarwinds Google researcher finds security flaws impacting popular chat apps Executive Order addresses malicious use of public clouds Thanks to our episode sponsor Armis Armis research shows that on average, companies are blind to 40% of the devices in their environment. This blind spot includes traditional desktops, laptops, cloud and virtual instances, BYOD, and IoT and more. Without a real-time, comprehensive view of all these assets or the risks associated with them, businesses are vulnerable. Armis Asset Management can help by providing 5x more visibility over exciting solutions. For more on any of...
January 20, 2021
FireEye releases report and network auditing tool for SolarWinds-type hacks SolarWinds malware arsenal widens with Raindrop DNSpooq bugs let attackers hijack DNS on millions of devices Thanks to our episode sponsor Armis One of the biggest challenges security teams face is they do not have a clear picture of all assets in their environment. The resulting 'blind spot' means they have no way to efficiently, credibly, and automatically manage security. Armis Asset Management eliminates this blind spot providing 5X more visibility than other solutions. Head over to armis.com to learn more. For more on any of these stories, head to...
January 19, 2021
Parler resurfaces online Darknet forum Joker's Stash shutting down Microsoft Defender to enable auto-remediation by default Thanks to our episode sponsor Armis All cybersecurity programs start with gaining full visibility into all the assets in the environment. Yet security teams continue to struggle to see every thing they have. This asset blind spot means security teams don't have an accurate picture of what needs to be managed and secured. Head over to armis.com to see how Armis Asset Management helps you overcome this Cybersecurity Asset Management challenge. For more on any of these stories, head to cisoseries.com
January 18, 2021
Xiaomi added to Pentagon blacklist Dating apps are using images from the siege to ban rioters' accounts NSA suggests enterprises use designated DNS-over-HTTPS resolvers Thanks to our episode sponsor Armis Lack of complete visibility to all assets in any environment is a huge cybersecurity challenge for every organization. And fragmentation across tools and systems along with broken remediation makes Cybersecurity Asset Management near impossible. Armis Asset Management addresses this issue providing 5X the visibility of other solutions in the market today. Download our white paper today. For more on any of these stories, head to cisoseries.com
January 15, 2021
Hackers waltzed past MFA used by CISA on cloud accounts Social media convulses after Capitol attack Google fixes bug that delayed COVID contact-tracing apps Thanks to our episode sponsor, IT Asset Management Group Are you checking your IT asset disposal vendor's homework? Organizations should record unique IDs of each asset disposed of and reconcile their records against the data that is provided by their disposal vendor. This practice reduces exposures that can occur from poorly monitored data disposition events. You can learn more tips like this from IT Asset Management Group's free data disposition program guide. Download the program guide...
Week in Review: January 11 through 15, 2021
Link to blog post This week's Cyber Security Headlines Week in Review, January 11-15, 2021 is hosted by Steve Prentice @stevenprentice with our guest Allan Alford, @AllanAlfordinTX. Thanks to our episode sponsor, IT Asset Management Group Organizations must have adequate written policies and procedures to meet the regulatory requirements for the disposal of their retired data containing devices. These policies should be readily available and regularly reviewed by leadership. IT Asset Management Group offers a free policy template to help establish or improve your written policies for IT asset disposal practices. Download the policy template today atitamg.com/CISO All links and...
January 14, 2021
Europol confirms dark web marketplace takedown Google to reportedly block all political ads... again DoD halts deployment of cybersecurity system Thanks to our episode sponsor, IT Asset Management Group Are you checking your IT asset disposal vendor's homework? Organizations should record unique IDs of each asset disposed of and reconcile their records against the data that is provided by their disposal vendor. This practice reduces exposures that can occur from poorly monitored data disposition events. You can learn more tips like this from IT Asset Management Group's free data disposition program guide. Download the program guide today atitamg.com/CISO For more...
January 13, 2021
Hackers leak stolen Pfizer COVID-19 vaccine data online Social media's big terrible week Parler archived due to "mind-numbing" mistake Thanks to our episode sponsor, IT Asset Management Group Poorly managed IT asset disposal, lack of due diligence, and a disposal program without clearly defined responsible parties has now resulted in millions of dollars in regulatory penalties. Is it clear who is responsible for the performance of your data disposition practice? IT Asset Management Group's free program guide includes tips for establishing stakeholders at your organization and expectations for all practitioners. Download the program guide today atitamg.com/CISO For more on any...
January 12, 2021
SolarWinds breach now linked to Turla UK ruling limits the reach of "general warrants" UN data breach exposes staff records Thanks to our episode sponsor, IT Asset Management Group How does your organization measure a successful IT asset disposal program? Are decisions driven by dollars saved, ease of use, or security and compliance risk reduction? You should not have to choose one over the other. Utilizing IT Asset Management Group's best practices guide will ensure your data disposition program performs for all stakeholders in your organization. Download the program guide today atitamg.com/CISO For more on any of these stories, head...
January 11, 2021
Parler removed from Apple, Google, and Amazon Facial-recognition app Clearview sees a spike in use after Capitol attack Emotet tops malware charts in December after reboot Thanks to our episode sponsor, IT Asset Management Group Organizations must have adequate written policies and procedures to meet the regulatory requirements for the disposal of their retired data containing devices. These policies should be readily available and regularly reviewed by leadership. IT Asset Management Group offers a free policy template to help establish or improve your written policies for IT asset disposal practices. Download the policy template today atitamg.com/CISO For more on any...
January 8, 2021
Our sponsor, Omada's identity governance tip of the day Deploy identity capabilities in phases. If you try to do a massive lift and shift problems will occur and it will probably take longer than you expect. See where you can add value early on. First, launch the solution's basic functionality. What can be done without writing custom code? Where you can deliver value at each iteration? You want to show continuous success rather than the fastest total completion time. Learn more at omada.net. For links to the full stories, head over to CISOseries.com.
Week in Review: January 4 through 8, 2021
Link to Blog Post This week's Cyber Security Headlines Week in Review - January 4-8, 2021 is hosted by Steve Prentice, with our guest, Ross Young, CISO, Caterpillar Financial (LinkedIn). Thanks to our episode sponsor, Omada Get stakeholders on board early. Sounds simple, but the hard part is making sure everyone has the right level of information they need at the right time to do their job. So start thinking early about the needs of your CISO, the security staff, auditors, compliance officers, and intellectual property controllers. The goal is increased awareness for all which will reduce resistance for everyone....
January 7, 2021
Rioters storm US Capitol, Trump's Twitter suspended SolarWinds attackers accessed DOJ's email server WhatsApp to share user data with Facebook Our sponsor, Omada's identity governance tip of the day According to Gartner, if you use a SaaS solution for identity governance and administration you'll save an average of 30 percent in initial integration costs. Here are some items to look for when choosing an IGA SaaS solution: Does it have high availability? Is it configurable to your specific business needs and can that be transferred to a tiered deployment environment? Learn more tricks to managing identity in the cloud at...
January 6, 2021
Google, Alphabet employees unionize NYSE no longer plans to de-list Chinese firms Amazon banned from using AWS trademark in China Our sponsor, Omada's identity governance tip of the day Upon launching a project map your business priorities to best-practice identity processes. Then, perform a fit-gap analysis between functional areas in the process to the ideal goal. Where are key data and systems going? Where are there gaps? Are there deviations from best practices? You now have a blueprint of business processes and gaps. Knowing is half the battle. Let Omada help by visiting them at omada.net. For links to the...
January 5, 2021
Microsoft source code accessed by SolarWinds attackers Slack suffers massive outage UK judge denies Assange extradition to US Our sponsor, Omada's identity governance tip of the day Well-tested process frameworks are great starting points. No need to reinvent. Just tweak processes that have already proven effective such as automating identity management, access requests, cross-application segregation of duties, and least privilege access. Head over to omada.net to see how Omada can help you get two steps ahead with your identity management. For links to the full stories, head over to CISOseries.com.
January 4, 2021
Russian SolarWinds hack damage escalates Backdoor account discovered in more than 100,000 Zyxel firewalls and VPN gateways Wall Street to kick out Chinese telecom giants Our sponsor, Omada's identity governance tip of the day Get stakeholders on board early. Sounds simple, but the hard part is making sure everyone has the right level of information they need at the right time to do their job. So start thinking early about the needs of your CISO, the security staff, auditors, compliance officers, and intellectual property controllers. The goal is increased awareness for all which will reduce resistance for everyone. Discover how...
December 31, 2020
T-Mobile discloses data breach CISA updates SolarWinds guidance Emotet strikes Lithuanian health infrastructure Thanks to our sponsor ReversingLabs Newly created digital data that supports productivity is growing greater than forty percent annually. With more employees working remote and businesses reliant on this digital content, what steps are you taking to ensure this data is secure? Learn more about how ReversingLabs can help establish secure digital business processes today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
December 30, 2020
Google Docs bug exposes users private documents Kawasaki discloses security breach, potential data leak Brexit deal warns of security dangers of Netscape Communicator Thanks to our sponsor ReversingLabs We've seen a 430% growth in next generation cyber attacks actively targeting open-source software projects. Worse yet, contemporary malware implements evasive techniques to avoid detection by AV and Sandbox technologies. What can you do to stay on top of these new threats? Learn more about how ReversingLabs can help your software development teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
December 29, 2020
Defending the COVID-19 vaccine supply chain Cellular aggregation tool detailed in police records CISA releases malware detection tool for Azure and Microsoft 365 Thanks to our sponsor ReversingLabs The SolarWinds attack has highlighted the need to scan "gold" software images prior to their release or consumption, and look for software tampering, invalid digital signing, and build quality issues. Do you have the right controls in place to assess these risks? Learn more about how ReversingLabs can help your security and release teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
December 28, 2020
Microsoft resellers seen as Russian cyberattack mules GoDaddy employees fail holiday bonus phishing test SolarWinds releases updated advisory for new SUPERNOVA malware Thanks to our sponsor ReversingLabs Less than thirty percent of organizations have a formal threat hunting program, yet threat hunting has shown to improve overall security postures by over ten percent. What actions are you taking to upskill your security staff and bring threat hunting practices into your daily security practices? Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
December 23, 2020
Treasury Department's senior leaders were targeted by SolarWinds hack Draft lawsuit alleges Google and Facebook agreed to team up against antitrust action Three VPN providers with criminal ties taken down Thanks to our sponsor ReversingLabs Ransomware is responsible for causing the most destructive amount of downtime - more than seventeen hours. Are you equipped to fight ransomware? Do you have the latest intelligence and indicators of compromise to block these attacks? Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo For the stories behind the headlines, head to CISOseries.com.
December 22, 2020
Attackers staged a dry-run against SolarWinds in October 2019 NSO Group spyware reportedly used against journalists CIA agents exposed with stolen data Thanks to our sponsor ReversingLabs Open source packages from repos such as PyPI, npm, RubyGems and NuGet can be complex, and contain tens of thousands of files. Are you confident these files are safe before you include them in your builds? What steps are you taking to reduce third-party risk? Learn more about how ReversingLabs can help your software and security teams today, and watch an on-demand demo at reversinglabs.com/demo For the stories behind the headlines, head to...
December 21, 2020
SolarWinds supply chain attack updates Trump officials plan to split up Cyber Command and NSA Google explains the cause of its recent outage Thanks to our sponsor ReversingLabs Seventy seven percent of organizations are increasing investments in automation to simplify and speed response times. How are you leveraging Machine Learning and AI to solve cyber skills shortages and mitigate risks to your business? Learn more about how ReversingLabs can automate threat analysis and accelerate security response today. Watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
December 18, 2020
Ex-Homeland Security adviser: 'We're being hacked' Ignore Facebook 'Christmas bonus' come-on Twitter to start removing COVID-19 vaccine misinformation Thanks to our sponsor ReversingLabs A ransomware attack occurs every 10 seconds. What are you doing to detect hidden malware and expose key Indicators of compromise before they exploit your business. Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
December 17, 2020
Trump considers clemency for Silk Road founder Researcher warned of SolarWinds security issues last year What can the US do to prevent cyberattacks? Thanks to our sponsor ReversingLabs A ransomware attack occurs every 10 seconds. What are you doing to detect hidden malware and expose key Indicators of compromise before they exploit your business. Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
December 16, 2020
Microsoft seizes SolarWinds domain quarantine starts today Twitter will use Amazon Web Services to power user feeds Data breach at Canadian financial services firm highlights perils of insider threats Thanks to our sponsor ReversingLabs 96% of commercial applications include open source components. Is open source software putting your supply chain at risk? Learn more about how ReversingLabs can inspect your new software packages and open source components today, and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
December 15, 2020
SolarWinds Orion carrying malware Multiple US agencies impacted by SolarWinds supply-chain attack New EU data use legislation could lead to big tech fines Thanks to our sponsor ReversingLabs Cybersecurity staffing shortages exceed 3 million security professions globally, and the skills gap continues to widen. Learn how ReversingLabs automates the time-consuming task of analyzing malware, and how its explainable threat intelligence scales your security team to address complex cyberthreats. Watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
December 14, 2020
Adrozek malware can infect over 30K Windows PCs a day Subway UK finds TrickBot on its menu Ransomware in schools grew in 2020, more on the way in 2021 Thanks to our sponsor ReversingLabsToday the most advanced threats lay hiddendeep within files and objects. In only milliseconds, ReversingLabs is able to analyze the world's most complex files, providing security executives with the risk insights they need to ensure business resiliency, while enabling a security staff of just a few to act as if they're a staff of hundreds, armed with an intelligence that eliminates your biggest risks. Learn more about...
December 11, 2020
Breaking up Facebook won't be easy Intel source 'Spider' outed in election lawsuit's redaction gaff AI is coming for your job slowly Thanks to our sponsor, Code42. Code42's annual Data Exposure Report on Insider Risk reveals that 42% of data breaches in the past year were caused by a malicious or criminal insider. Read the report for tips on how to stop your insider risk from becoming an insider threat. For the stories behind the headlines, go to CISOseries.com.
December 10, 2020
The Cybersecurity community responds to FireEye hack Christopher Krebs sues over threats of violence Google makes changes to how Chrome extensions handle data Thanks to our sponsor, Code42. Code42, insider risk detection and response leader, is excited to announce the release of its annual Data Exposure Report on Insider Risk. The report reveals that employees are nine times more likely to leak sensitive data than they were pre-COVID. The report will launch today at 1pm ET at this link. For the stories behind the headlines, go to CISOseries.com.
December 9, 2020
Microsoft's December 2020 Patch Tuesday fixes 58 vulnerabilities Unpatched bugs open GE radiological devices to remote code execution Cloudflare and Apple design a new privacy-friendly internet protocol Thanks to our sponsor, Code42. Tomorrow Code42 will release its annual Data Exposure Report on Insider Risk. Last year's report revealed that 63% of new hires who admit to taking data with them to a new job are repeat offenders. Tune in tomorrow for highlights from this year's report. For the stories behind the headlines, go to CISOseries.com.
December 8, 2020
Google publishes cross-site leaks wiki NSA warns of state-sponsored attacks on remote-work systems Greater Baltimore Medical Center hit with ransomware attack Thanks to our sponsor, Code42. Organizations are moving faster than ever before and security tools like DLP, UEBA and CASB can't keep up. Code42 Incydr takes a Zero Trust approach to managing and mitigating data risk from insider threats. Learn more about Code42 Incydr, the insider risk platform that offers insider risk detection and response. For the stories behind the headlines, go to CISOseries.com.
December 7, 2020
Drug dealers offer Pfizer vaccine on the Dark Web Data theft from Italian defense manufacturer was an inside job Philadelphia food bank loses $1 million in BEC scam Thanks to our sponsor, Code42. Code42 is a cybersecurity company that offers a completely new approach to the old problem of insider threats. Code42's insider risk platform, Incydr, helps organizations foster a culture of speed and collaboration while still preventing data loss without blocking. Learn more at Code42.com. For the stories behind the headlines, go to CISOseries.com.
December 4, 2020
Spotify celebrity pages defaced to plug Trump, Taylor Swift Clop ransomware gang rips off 2M credit cards from retailer E-Land 8% of all Google Play apps vulnerable to old security bug Thanks to our episode sponsor, AuthSafe. Are online frauds a concern for your organization? Is it a hurdle for progress? Timely predictions and detections with cognitive engines, should do the trick. SecureLayer7 presents Authsafe. A technology to prevent and detect Fraud attacks old and new. With the help of credential stuffing, manual strive as well as specialized automated tools, Authsafe prevents your organization's systems from being hampered. Learn more...
December 3, 2020
Malicious hackers target the Covid-19 vaccine 'cold chain' Hackers target US think tanks Massachusetts passes ban on police facial recognition Thanks to our episode sponsor, SecureLayer7. Managing the vulnerabilities and workflows within an organization can be a handful of a task. What your organization needs is a product that is capable of overseeing the workflows and security status for you. SecureLayer7 presents BugDazz. A pentest as a service cloud delivery platform, which makes it easier to keep tabs on the security of the systems. Read more:SecureLayer7.net For the stories behind the headlines, go to CISOseries.com.
December 2, 2020
US Supreme Court eyes narrowing of CFAA FBI warns of BEC scammers using email auto-forwarding in attacks Trump lawyer calls for Christopher Krebs' execution Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net For the stories behind the headlines, go to CISOseries.com.
December 1, 2020
Baltimore schools struggling with ransomware UK tightens restrictions on Huawei 5G equipment ZeroLogon now detected by Windows Defender Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net For the stories behind the headlines, head to CISOseries.com.
November 30, 2020
Biden transition team forced to build its own cybersecurity protections China owns the lion's share of internet cross-border data flow U.S. Supreme Court to rule on hacking laws Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net For the stories behind the headlines, head...
November 25, 2020
Brazil continues to recover from its worst cyberattack Apple's security chief indicted on bribery charges Baidu apps are leaking data Thanks to our sponsor, Dtex Traditional Employee Monitoring solutions are creepy. Capturing screenshots, recording keystrokes, monitoring web browsing and following social media activities is unnecessary and damages culture. DTEX InTERCEPT is the first and only solution that delivers the real-time workforce monitoring capabilities today's organizations need and employees will embrace. Learn more at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
November 24, 2020
New Jersey passes anti-doxxing law TikTok patches account takeover flaw Watch out of DDoS on Black Friday Thanks to our sponsor, Dtex Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free 30-day trial at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
November 23, 2020
GoDaddy employees duped in cryptocurrency hack Global financial industry facing fresh round of cyberthreats Egregor ransomware prints its own ransom notes Thanks to our sponsor, Dtex Reliance on 'person of interest' identification and potential analyst bias have put first-generation insider threat solutions on the shelf. DTEX InTERCEPT offers IT and SecOps teams a new approach. Only DTEX InTERCEPT collects and analyzes user behavior, history, trends, and context answering the Who, What, When and How leading up to, and following, any potential Insider Threat event. Learn more at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
November 20, 2020
Worldwide campaign targets ZeroLogon exploit Brandon Wales takes over at CISA Maybe ransomware operators aren't trustworthy after all? Thanks to our sponsor, Dtex Remote Workforce Security is a thing. Network detection and web proxy solutions have been rendered nearly useless as employees are working remotely and away from the corporate network. DTEX's Workforce Cyber Intelligence Platform not only allows employers with visibility to monitor user behavior for cybersecurity best practices, but also to protect the employee from external attack. Learn more at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
November 19, 2020
Trump's tweets to lose protected status post-presidency macOS Big Sur lets apps slip past security safety nets Deepfake bot used to abuse women runs wild on Telegram Thanks to our sponsor, Dtex Endpoint DLP tools that rely on intrusive, resource intensive content inspection rules do nothing but slow down endpoint performance and upset your SecOps team. DTEX takes a behavioral approach to DLP. Only DTEX allows you to see the full lifecycle of user behavior activity and understand the who, what, when and how of a possible data loss incident. No false positives. Learn more at dtexsystems.com. For more on...
November 18, 2020
Trump fires CISA director Chris Krebs Facebook and Twitter grilled over US election actions Darktrace pays out nearly $2 million in overtime pay class action suit Thanks to our sponsor, Dtex Traditional Employee Monitoring solutions are creepy. Capturing screenshots, recording keystrokes, monitoring web browsing and following social media activities is unnecessary and damages culture. DTEX InTERCEPT is the first and only solution that delivers the real-time workforce monitoring capabilities today's organizations need and employees will embrace. Learn more at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
November 17, 2020
Apple responds to macOS privacy concerns The ransomware landscape is increasingly crowded Microsoft pauses Windows 10 updates in December Thanks to our sponsor, Dtex Reliance on 'person of interest' identification and potential analyst bias have put first-generation insider threat solutions on the shelf. DTEX InTERCEPT offers IT and SecOps teams a new approach. Only DTEX InTERCEPT collects and analyzes user behavior, history, trends, and context answering the Who, What, When and How leading up to, and following, any potential Insider Threat event. Learn more at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
November 16, 2020
Qualcomm receives U.S. permission to sell 4G chips to Huawei Microsoft says three APTs have targeted seven COVID-19 vaccine makers Cobalt Strike 4.0 toolkit shared online Thanks to our sponsor, Dtex Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free 30-day trial at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
November 13, 2020
Finland pushes through change to ID code law Researchers find Trickbot is still kicking New study looks at the source of Android malware And here's a special offer from our sponsor, Blumira. Staffing a 24/7 full-time security operations center with trained security analysts isn't a reality for many organizations. Blumira's end-to-end detection and response platform is designed to centralize log data, alert you to priority threats, then walk you through remediation with step-by-step security playbooks. Organizations and teams of any size, without security expertise, can leverage Blumira for automated detection and response. Deploy Blumira in hours with a free 14-day...
November 12, 2020
Facebook extends ban on political ads EU tightens cybersurveillance export laws Palo Alto Networks acquires Expanse And here's a special offer from our sponsor, Blumira. CISOs are all trying to do more with less these days; balancing compliance, security and business objectives. Consolidate your security with one end-to-end detection and response platform. Blumira works as a force multiplier, enabling your small teams to detect threats and respond to them quickly. Get a free 14-day trial of Blumira's cloud SIEM that you can deploy in hours, not weeks or months. That's Blumira.com. For more on any of today's stories, head to...
November 11, 2020
Biden aide Bill Russo attacks Facebook's post-election role Twitter could face its first GDPR penalty within days New Ghimob malware can spy on 153 Android mobile applications And here's a special offer from our sponsor, Blumira. Staffing a 24/7 full-time security operations center with trained security analysts isn't a reality for many organizations. Blumira's end-to-end detection and response platform is designed to centralize log data, alert you to priority threats, then walk you through remediation with step-by-step security playbooks. Organizations and teams of any size, without security expertise, can leverage Blumira for automated detection and response. Deploy Blumira in hours...
November 10, 2020
Inrupt launches enterprise privacy platform India's Bigbasket confirms cyberattack What's in a name? Turns out malware And here's a special offer from our sponsor, Blumira. The shift to cloud-based productivity and collaboration tools is a necessity and reality for many CISOs these days - but visibility into cloud threats can be challenging with limited staff and resources. Automating your security operations workflow is easier with Blumira's detection and response platform. Integrate Office 365 with Blumira to start realizing security value in a matter of hours with a free 14-day trial at Blumira.com. For more on any of today's stories, head...
November 9, 2020
Net neutrality and broadband expansion possible under Biden presidency Trump lawsuit site to report rejected votes leaked voter data Facebook releases disinformation probation policy And here's a special offer from our sponsor, Blumira. CISOs are all trying to do more with less these days; balancing compliance, security and business objectives. Consolidate your security with one end-to-end detection and response platform. Blumira works as a force multiplier, enabling your small teams to detect threats and respond to them quickly. Get a free 14-day trial of Blumira's cloud SIEM that you can deploy in hours, not weeks or months. That's Blumira.com. For...
November 6, 2020
Facebook updates its premature victory policy Michigan approves Proposal 2 Vermont National Guard called in to help with cyberattack Thanks to our sponsor, Trusona. Modern enterprise security starts at the desktop. By removing passwords from your desktop sign-in, you can instantly mitigate eight of the most common attack vectors, including SIM swapping, keylogging and credential stuffing. And with a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into their SSO for simple, secure access to all corporate applications, including Office 365. Bring your security up to date and learn more attrusona.com/desktopSSO. For more on any of the...
November 5, 2020
Facebook and Instagram add pop-up banners about election results Election night was seemingly free of cybersecurity drama California passes Prop 24 Thanks to our sponsor, Trusona. Secure your workforce with desktop MFA (passwords not included). Security leaders have been tasked with securing a remote workforce across a vulnerable variety of locations and Trusona is here to help. With a single passwordless desktop MFA sign-in, employees are automatically authenticated into their SSO for simple, secure access to all corporate applications, including Office 365. To learn more, visittrusona.com/desktopSSO. For more on any of our stories, head to CISOseries.com.
November 4, 2020
Instagram banner falsely advertises Wednesday as Election Day for some subscribers Robocalls urging voters to skip Election Day are subject of FBI investigation Ant Group falls afoul of Chinese regulators, causing Alibaba to drop 8 percent Thanks to our sponsor, Trusona. Trusonaenables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don't have to work around. For the...
November 3, 2020
Twitter clarifies its election results policy Google discloses Windows zero-day Maze ransomware operators call it quits Thanks to our sponsor, Trusona. Trusonaenables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don't have to work around. For more on all the stories, head toCISOseries.com.
November 2, 2020
Cybersecurity specialists list their election week fears Fact checking now extends back in time Hacker selling 34 million user records through broker Thanks to our sponsor, Trusona. Trusonaenables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don't have to work around. For more on all the stories, head to CISOseries.com.
October 30, 2020
Hackers steal funds from the Wisconsin Republican Party Ransomware attackers leak Georgia county voter information The FBI is investigating ransomware attacks on hospitals Thanks to our sponsor, F5. According to the 2020 State of Application Services report, 98% of organizations depend on applications to run or support their business. Innovative apps are essential for organizations that want to be first to market and first to profit. Learn more about securing your apps at the F5 Security Summit on November 10th. Register now. For more on this week's stories, head toCISOseries.com.
October 29, 2020
NSA refuses to say if it still uses encryption backdoors Ryuk ransomware smashes hospital networks across the U.S. Section 230 hearing devolves into political rants Thanks to our sponsor, F5. Learn about the cause of digital security breaches in your organization at the F5 Security Summit on November 10. At this premier industry event, you'll gain insights into breach root causes, and it may not be because of attacker innovation. Find out moreregister today to attend this free premier virtual security event. For more on this week's stories, head toCISOseries.com.
October 28, 2020
TikTok partners with Shopify on social commerce YouTube will add Election Day warning label: "Results may not be final" FBI: Hackers stole government source code via SonarQube instances Thanks to our sponsor, F5. A recent Forrester analysis of app security leader F5's SSL/TLS Visibility solution, which dynamically orchestrates traffic to your security stack, found the average customer will see an ROI of 373%. Register now for the F5 Security Summit, a leader in the app security space, to find out more about how to maximize your investments in security inspection technologies. Attendance is complimentary, Register today. For more on this...
October 27, 2020
Twitter to "pre-bunk" voter misinformation Microsoft to force load some webpages in Edge Google removed three apps for violating data collection policies Thanks to our sponsor, F5. Join experts across F5, a leader in the app security space, on November 10th, to gain valuable, innovative insights into enabling advanced application security, sophisticated cyber-attacks, trends in online fraud and how to manage risks in the cloud. Sign up now to join this must-attend virtual security event For more on this week's stories, head toCISOseries.com.
October 26, 2020
New Emotet attacks urges recipients to upgrade Microsoft Word Windows 10 now hides the SYSTEM control panel Samsung Group titan Lee Kun-hee dies aged 78 Thanks to our sponsor, F5. 58% of organizations say maintaining security and compliance when managing apps in a multi-cloud environment is their biggest challenge. Be sure to attend the premier virtual security summit on November 10th where F5, an expert in app security, will cover how to protect your applications from today's advanced attacks and tomorrow's emerging threats. Register now. For more on this week's stories, head to CISOseries.com.
October 23, 2020
Firefox testing 'Site Isolation' feature Cisco patches DoS bugs in network security products Proposed German legislation authorizes access to encrypted messages Thanks to our episode sponsor, AuthSafe. Are online frauds a concern for your organization? Is it a hurdle for progress? Timely predictions and detections with cognitive engines, should do the trick. SecureLayer7 presents Authsafe. A technology to prevent and detect Fraud attacks old and new. With the help of credential stuffing, manual strive as well as specialized automated tools, Authsafe prevents your organization's systems from being hampered. Learn more at Authsafe.ai For the stories behind the headlines, go to...
October 22, 2020
DOJ official accuses China of protecting cybercriminals Once again, Oracle releases enormous security update NSA warns of top vulnerabilities exploited by China Thanks to our episode sponsor, SecureLayer7. Managing the vulnerabilities and workflows within an organization can be a handful of a task. What your organization needs is a product that is capable of overseeing the workflows and security status for you. SecureLayer7 presents BugDazz. A pentest as a service cloud delivery platform, which makes it easier to keep tabs on the security of the systems. Read more:SecureLayer7.net For the stories behind the headlines, go to CISOseries.com.
October 21, 2020
Justice Department charges Google in antitrust lawsuit Microsoft partners with SpaceX to launch Azure Space initiative Twitter is temporarily changing how you retweet Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net For the stories behind the headlines, go to CISOseries.com.
October 20, 2020
US files charges against high profile attackers A new browser wants to look at social media algorithms Microsoft Exchange and OWA are increasingly malware targets Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net For the stories behind the headlines, head to CISOseries.com.
October 19, 2020
Google offers details on Chinese hacking group that targeted Biden campaign Hackers use BaseCamp to host and distribute malware China quietly opens up to the real internet - temporarily Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net For the stories behind the headlines,...
October 16, 2020
US DOJ unseals charges against malware money laundering ring Microsoft launches the Zero Trust Deployment Center Hack disrupts Barnes & Noble brick and mortar Thanks to this week's sponsor, Trusona. Trusonaenables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don't have to work around. For more, head toCISOSeries.com
October 15, 2020
Twitter hack sparks a call for monitoring social media platforms Zoom prepares to roll out end-to-end encryption Businesses are decreasing average malware dwell time Thanks to this week's sponsor, Trusona. Trusonaenables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don't have to work around. For more, head toCISOSeries.com
October 14, 2020
Security experts warn of Amazon Prime Day scams Office 365 remains a favorite for cyberattack persistence Homomorphic encryption finally finds the spotlight Thanks to this week's sponsor, Trusona. Trusonaenables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don't have to work around. For more, head to CISOSeries.com
October 13, 2020
Five Eyes alliance call for encryption backdoors (again) Trickbot isn't quite done yet Chinese facial recognition data leaks are rampant Thanks to this week's sponsor, Trusona. Trusonaenables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don't have to work around. More available atCISOseries.com.
October 12, 2020
Google is giving data to police based on search keywords, court docs show Tyler Technologies pays ransomware gang for decryption key U.K. businesses suffered a cyberattack every 45 sec. during Spring lockdown Thanks to this week's sponsor, Trusona. Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don't have to work around. More available at CISOseries.com.
October 9, 2020
UK issues a report on Huawei 5G rollback Facebook will stop running political ads after the US election US seizes domains tied to Iranian misinformation campaign Thanks to our sponsor, Detectify. Detectifyis where security engineers and developers come to collaborate and build safer web apps using ethical hacker knowledge. Using payload-based testing, Detectify checks for 2000+ known vulnerabilities and helps you stay on top of emerging threats.Start a free 2-week trial today! For more, head to CISOseries.com.
October 8, 2020
Singapore introduces cybersecurity rating for 'smart' devices Watch out for Emotet, warns DHS Big takedowns don't stop Dark Web markets, says Europol Thanks to our sponsor, Detectify. Detectify is where security engineers and developers come to collaborate and build safer web apps using ethical hacker knowledge. Using payload-based testing, Detectify checks for 2000+ known vulnerabilities and helps you stay on top of emerging threats. Start a free 2-week trial today! For more, head to CISOseries.com.
October 7, 2020
Paying ransomware ransom is now illegal, according to the Treasury Department Cisco ordered to pay $1.9 billion for security patent infringement Covid tracking in Microsoft Excel loses 16,000 test results in England Thanks to our sponsor, Detectify. Detectify is where security engineers and developers come to collaborate and build safer web apps using ethical hacker knowledge. Using payload-based testing, Detectify checks for 2000+ known vulnerabilities and helps you stay on top of emerging threats. Start a free 2-week trial today! More available at CISOseries.com.
October 6, 2020
Ransomware disrupts COVID-19 vaccine trials SEC sues John McAfee over cryptocurrency promotion Firmware bootkit spotted in the wild Thanks to our sponsor, Detectify. Detectify is where security engineers and developers come to collaborate and build safer web apps using ethical hacker knowledge. Using payload-based testing, Detectify checks for 2000+ known vulnerabilities and helps you stay on top of emerging threats. Start a free 2-week trial today! For more, head to CISOseries.com.
October 5, 2020
Covid tracking apps from a Google-Apple partnership gaining traction in the U.S. FBI works more closely with spy agencies to hunt foreign hackers Phishing-with-worms campaign is declared a game-changer in password theft, account takeovers Thanks to our sponsor, Detectify. Detectify is where security engineers and developers come to collaborate and build safer web apps using ethical hacker knowledge. Using payload-based testing, Detectify checks for 2000+ known vulnerabilities and helps you stay on top of emerging threats. Start a free 2-week trial today! More available at CISOseries.com.
October 2, 2020
Huawei failed to address network security flaws US Treasury Department warns about fines for ransomware payments H&M fined for GDPR violations Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence. In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems. Learn more by watching an on-demand demo atreversinglabs.com/demo For more, head toCISOSeries.com
October 1, 2020
Facebook faces down QAnon, bogus election ads, and privacy on the Gram Who took down 911 in 14 states on Monday? Controversial data company Palantir's stock is up following Wall Street debut Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence. In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems. Learn more by watching an...
September 30, 2020
French shipping giant hit with ransomware attack Ransomware operators release personal information on Las Vegas students Android 12 will play nice with third-party apps stores Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence. In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems. Learn more by watching an on-demand demo atreversinglabs.com/demo For more, head toCISOSeries.com
September 29, 2020
TikTok's latest court win means videos still available - for now Universal Health Services hospitals hit country-wide by Ryuk ransomware Windows XP and Windows Server 2003 source code leaked online Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence. In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems. Learn more by watching an on-demand demo...
September 28, 2020
China's biggest chip maker hit by US sanctions Elon Musk unhappy over Microsoft's exclusive licensing of OpenAI Google removes 17 Android apps doing WAP billing fraud from the Play Store Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence. In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems. Learn more by watching an on-demand demo...
September 25, 2020
DHS acknowledges leak of facial recognition images Judge rules the TikTok ban be delayed or defended Local government email systems are vulnerable to cyberattacks HUGE thanks to our sponsor, Trusona Trusonaenables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don't have to work around. For more, go to CISOseries.com.
September 24, 2020
Public-sector mega-vendor Tyler admits it was hacked ByteDance asks courts to block Trump order against TikTok Shopify says insiders to blame for stealing customer data HUGE thanks to our sponsor, Trusona Trusonaenables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don't have to work around. For more, go to CISOseries.com.
September 23, 2020
Maze ransomware adopts Ragnar Locker virtual machine approach Email addresses and passwords allegedly from NIH, WHO, and Gates Foundation dumped online Russian hackers use fake NATO training documents to breach government networks HUGE thanks to our sponsor, Trusona Trusonaenables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don't have to work around. For more, go to CISOseries.com.
September 22, 2020
CISA issues emergency directive to roll out a Windows Server patch 93% of organizations suffer data breaches through outbound email Facebook threatens withdrawal from EU HUGE thanks to our sponsor, Trusona Trusonaenables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don't have to work around. For more, go to CISOseries.com.
September 21, 2020
Trump approves Oracle's TikTok deal and delays app store ban ByteDance says it's not aware of $5 billion education fund in TikTok deal California judge halts Trump's WeChat ban HUGE thanks to our sponsor, Trusona Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona's passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don't have to work around. For more, go to CISOseries.com.
September 18, 2020
Oracle's bid calls for access to TikTok's source code Patient dies in the wake of a ransomware attack Backdoors and bugs discovered in HiSilicon video encoders Thanks to our sponsor, Dtex Systems Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free 30-day trial atdtexsystems.com. For more on CISO Series, go to cisoseries.com.
September 17, 2020
DOJ charges five Chinese citizens with global hacking campaign Two Russians phished $17 million in cryptocurrency, DOJ says Bluetooth flaw BLESA leaves billions of devices open to hackers Thanks to our sponsor, Dtex Systems Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free 30-day trial atdtexsystems.com. For more on CISO Series, go to cisoseries.com.
September 16, 2020
Senator calls for US to reject Oracle's TikTok deal MFA bypass bugs opened Microsoft 365 to attack Ex-Facebook employee reveals extent of bot manipulation intended for political gain Thanks to our sponsor, Dtex Systems Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free 30-day trial at dtexsystems.com. For more on CISO Series, go to cisoseries.com.
September 15, 2020
ByteDance chooses Oracle's bid to become TikTok's trusted technology partner Thousands of Magento stores compromised in a skimming campaign CISA warns Chinese state hackers are targeting enterprise infrastructure Thanks to our sponsor, Dtex Systems Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free 30-day trial at dtexsystems.com. For more on CISO Series, go to cisoseries.com.
September 14, 2020
SoftBank close to a deal to sell Arm to Nvidia, creating a powerhouse Zoom now offers two-factor authentication China may kill TikTok's US operations rather than see them sold Thanks to our sponsor, Dtex Systems Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence.Learn more and start a free trial 30-day at dtexsystems.com. For more on CISO Series, go to cisoseries.com.
September 11, 2020
Portland passes bans on facial recognition technology. Bluetooth SIG publishes details on Blurtooth vulnerability. Microsoft detects attempted cyberattacks against US presidential campaigns. Thanks to our sponsor, Remediant Remediantis a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and one Fortune 100 company calls them "the world's best protection against major incidents." Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges just-in-time with MFA.
September 10, 2020
NSA, CIA have proof of Russians hacking Florida voting systems, says Woodward's 'Rage' DHS whistleblower alleges he was ordered to halt Russia analysis because Trump looked 'bad' U.S. Supreme Court will decide legality of bug bounties Thanks to our sponsor, Remediant Remediantis a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and one Fortune 100 company calls them "the world's best protection against major incidents." Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges...
September 9, 2020
China launches initiative to set global data-security rules Google releases new development platform that includes no-code tools and serverless computing Intel's supercomputer faces further delay Thanks to our sponsor, Remediant Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and one Fortune 100 company calls them "the world's best protection against major incidents." Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges just-in-time with MFA. For more, head to CISOSeries.com
September 8, 2020
Visa discovers new skimming malware. The US issues a space policy directive on cybersecurity. Netwalker ransomware hits Argentina's immigration systems. Thanks to our sponsor, Remediant Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and one Fortune 100 company calls them "the world's best protection against major incidents." Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges just-in-time with MFA.
September 4, 2020
Facebook formally codifies policy on third-party vulnerabilities. Apple delays changes to device ID collection. Geofence warrants strike out in federal court. Thanks to our sponsor, Trusona. Trusonaenables enterprises to provide enhanced security and usability to the workforce by removing passwords from the Windows 10 login experience. The solution works with your existing infrastructure without requiring any software or hardware upgrades like Windows Hello, cameras, biometric readers or on-premises servers making it the most cost-effective and user-friendly to deploy. For more, head to CISOSeries.com
September 3, 2020
U.S. spying exposed by Snowden was illegal, court rules DHS starts countdown clock on vulnerability disclosure policies Canadian police more reliant than ever on predictive computing Thanks to our sponsor, Trusona. Trusonaenables enterprises to provide enhanced security and usability to the workforce by removing passwords from the Windows 10 login experience. The solution works with your existing infrastructure without requiring any software or hardware upgrades like Windows Hello, cameras, biometric readers or on-premises servers making it the most cost-effective and user-friendly to deploy. For more, head to CISOSeries.com
September 2, 2020
Facebook threatens to block sharing of news stories in Australia Maximum lifespan of SSL/TLS certificates is now 398 days Elections offices across the U.S. using faulty electronic technology Thanks to our sponsor, Trusona. Trusonaenables enterprises to provide enhanced security and usability to the workforce by removing passwords from the Windows 10 login experience. The solution works with your existing infrastructure without requiring any software or hardware upgrades like Windows Hello, cameras, biometric readers or on-premises servers making it the most cost-effective and user-friendly to deploy. For more, head to CISOSeries.com
September 1, 2020
Apple accidentally notarized malware on macOS Security researchers detail a Netwalker play-by-play Mozilla find out "Why We Still Can't Browse in Peace" Thanks to our sponsor, Trusona. Trusonaenables enterprises to provide enhanced security and usability to the workforce by removing passwords from the Windows 10 login experience. The solution works with your existing infrastructure without requiring any software or hardware upgrades like Windows Hello, cameras, biometric readers or on-premises servers making it the most cost-effective and user-friendly to deploy. For more, head to CISOSeries.com
August 31, 2020
China's new salvo in TikTok war means restrictions on AI technology exports Slack fixes 'critical' vulnerability that left desktop app users open to attack Cisco engineer resigns then destroys WebEx accounts and virtual machines Thanks to our sponsor, Trusona. Trusonaenables enterprises to provide enhanced security and usability to the workforce by removing passwords from the Windows 10 login experience. The solution works with your existing infrastructure without requiring any software or hardware upgrades like Windows Hello, cameras, biometric readers or on-premises servers making it the most cost-effective and user-friendly to deploy. For more, head to CISOSeries.com
August 28, 2020
You can teach a Qbot new tricks Researchers expose unsecure printers The FBI releases details about ransomware scheme at Tesla Thanks to our sponsor Trend Micro For more, head to CISOSeries.com
August 27, 2020
Facebook warns Apple privacy changes will decimate ads Feds' stern warning for banks: Watch out for BeagleBoyz Feds put the kibosh on Russian's million-dollar malware scheme Thanks to our sponsor Trend Micro For more, head to CISOSeries.com
August 26, 2020
Epic judge will protect Unreal Engine but not Fortnite US military researchers may have found a more productive vulnerability discovery process Beijing's electronic dragnet closes on Hong Kong Thanks to our sponsor Trend Micro For more, head to CISOSeries.com
August 25, 2020
Application Guard for Office is now in public preview The WeChat executive order also faces a lawsuit It's like GitHub, but for China Thanks to our sponsor Trend Micro For more, head to CISOSeries.com
August 24th, 2020
TikTok plans to sue Trump administration over U.S. ban Former Uber security chief faces criminal charges for hiding 2016 breach Major wave of vishing attacks targets teleworkers Thanks to our sponsor Trend Micro For more, head to CISOSeries.com
August 21, 2020
Former Uber security chief charged with paying hush money to conceal breach Google fixes severe Gmail bug only after researcher goes public Pandemic work-from-home empowers voice phishers
August 20, 2020
Guardicore Labs discovers a previously unknown botnet CISA releases details on a new North Korean trojan Facebook enforces a ban on groups that discuss "potential violence"
August 19, 2020
Oracle enters race to buy TikTok's US operations Jack Daniel's hit with ransomware 200,000 Healthcare records exposed through GitHub credentials leak For more, head to CISOSeries.com
August 18, 2020
Trend Micro Finds Mac Malware in Xcode Projects Chrome To Warn Of Insecure Forms Security Breach Numbers Decrease, But Severity Increases in 2020 For more, head to CISOseries.com
August 17, 2020
President Trump creates 90-day deadline for ByteDance to divest from U.S. TikTok business Will the US be safer with a reduction in the reliance of Chinese manufacturing? A database designed to prevent harmful speech from going viral For more, head to CISOseries.com
Welcome to Cyber Security Headlines
This is just a welcome message to introduce subscribers to the Cyber Security Headlines podcast. A daily dose of information security news.
Android Mirax RAT, North Korea's Friend-Request Hacks, Adobe PDF Zero-Day, and FBI Phishing Takedown | Cybersecurity Today David Shipley covers multiple trust-based cyber threats: Mirax Android malware pushed via Meta ads posing as free streaming apps, functioning as a remote access trojan and turning infected phones into residential proxies, amid reports of widespread scam advertising on Meta platforms. Researchers link a North Korean APT37 campaign to Facebook friend requests that shift to Messenger and Telegram before delivering a tampered PDF viewer that installs Rock Rat and exfiltrates data via Zoho WorkDrive. Adobe issues an emergency patch for an Acrobat/Reader zero-day...
Banks Panic As Anthropic Mythos Exposes Software Vulnerabilties
Mythos Sparks Urgent Bank Meetings, AI Shrinks Exploit Windows, CEO Phishing Beats MFA + Crypto Fraud Bust Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Host David Shipley covers urgent meetings among U.S., Canadian, and U.K. financial leaders after Anthropic's Mythos announcement, with regulators and major banks assessing potential systemic risk; Mythos is described as capable of finding and chaining zero-days and is limited to a preview...
Jeff Williams CTO Cofounder of Contrast Security and OWASP co-founder on Mythos and AI Security
AI-Powered AppSec, OWASP Origins, and Anthropic's "Mythos" Model: Jeff Williams on What Changes Next Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Jim hosts Jeff Williams (Contrast Security co-founder/CTO and former OWASP global chair) for a wide-ranging discussion that begins with Anthropic's new "Mythos" model, described as powerful for finding zero-day vulnerabilities, and expands into how AppSec must evolve. Williams explains Contrast's runtime instrumentation approach, recounts OWASP's...
Fortinet EMS Zero-Day, Anthropic's AI Finds Thousands of Bugs, Iranian Hackers Target US ICS
Fortinet EMS Zero-Day Exploited, Anthropic's AI Finds Thousands of Bugs, and Iranian Hackers Target US ICS Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Host David Shipley reports Fortinet issued emergency hotfixes for a new actively exploited FortiClient EMS unauthenticated RCE zero-day (CVE-2026-35616) affecting 7.4.0.5/7.4.0.6, with over 2,000 exposed instances online and a full fix coming in 7.4.0.7. Anthropic says its Claude "Mythos" model (Project Glasswing) has...
North Korea's $285M Crypto Heist, China Breaches FBI System, Delve Faces New Allegations
Host David Shiple covers major cybersecurity news: investigators attribute a record $285 million April 1 hack of crypto platform Drift Protocol to North Korea, describing a three-week setup involving a fake "Carbon Vote Token," wash trading to inflate value, social engineering to pre-approve backdoored transactions, Drift's removal of a timelock, and rapid collateralized withdrawals that crashed Drift's token and are now tracked by TRM Labs; the report notes North Korea's 2025 crypto theft total of $2.5B and lifetime total surpassing $7B after this incident, alongside mention of a North Korea-linked supply-chain compromise of the widely used Axios package. Stryker Medical...
Electric Vehicles and EV Security - Steve Visconti CEO of Xiid Corporation with David Shipley
EV Charging Infrastructure Security: How Hackers Could Disrupt Chargers, Networks, and the Grid Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst In this holiday weekend edition of Cybersecurity Today, Jim Love introduces David Shipley's interview with Steve Visconti, CEO of Xiid Corporation, about cybersecurity risks in electric vehicle (EV) charging infrastructure. Visconti explains Xiid's software-based security layer for IP networks, aimed at critical infrastructure across enterprise, public...
Cisco Source Code Stolen in Trivy Fallout, Axios Supply Chain Attack, and Active Exploitation of Fortinet and Citrix Flaws David Shipley reports multiple major security incidents: attackers used credentials stolen in the Trivy supply-chain attack via a malicious GitHub action to breach Cisco's internal development environment, clone 300+ GitHub repos, steal source code (including AI products) and AWS keys, and impact customer-related code; Cisco contained the breach, re-imaged systems, and rotated credentials. A separate supply-chain attack hit the widely used JavaScript library Axios after its maintainer account was compromised, pushing poisoned NPM versions that installed a dropper/RAT via a fake...
Russian State Hackers Go After IoS Devices
Mac Malware 'Infinity Stealer,' DarkSword iOS Exploits, China Telecom Espionage & TeamTNT Supply Chain Hits Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst David Shipley reports from Seoul on major threats: Malwarebytes details Infinity Stealer, a new macOS info-stealer delivered via "ClickFix" social engineering and built as a compiled Python payload (Nuitka) that steals browser credentials, Keychain data, crypto wallets, and developer secrets while notifying attackers via...
RSAC Recap: Agentic AI and Interview With Commvault CISO Bill O'Connell
RSAC Recap: Agentic AI Takes Over, Security Funding Shifts, and Why CISOs Must Focus on Resilience Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Jim Love and co-host David Shipley recap the RSA Conference in San Francisco, noting that "zero trust" marketing has faded and "agentic AI" (especially "agentic SOC") dominated vendor messaging. David highlights a major market shift: AI is pressuring cybersecurity company valuations and could...
Anonymous Tip System Breach May Expose Tipsters
Anonymous Tip System Breach Exposes Millions of Records, Google Warns Q-Day by 2029, and New AI Documentation Supply-Chain Risks Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Jim Love reports that a breach at P3 Global Intel, whose tip-submission systems are used by police, government agencies, and schools, allegedly exposed over 8 million submissions including highly sensitive personal data and raised concerns about anonymity due to features...
RSAC Presenter Says "Time to Kill One of Cybersecurity's Most Overworked Terms"
RSAC: Retiring "APT," FCC's US-Made Router Ban, Zoom Call Scraping, Iran-Targeting Wiper, and Cyber Terrorism Insurance From RSAC 2026, host David Shipley highlights ESET researcher Robert Lipowsky's argument to retire the overused "advanced persistent threat" label and instead describe actors by motivation and activity, noting blurred lines between nation-state and criminal tooling. He also reports RSAC vendor trends (zero trust fading, "agentic AI" everywhere) and standout booth themes. In Washington, the FCC bans authorization of any new WiFi router models not made in the United States, citing supply-chain risk and attacks like Volt Flax and Salt Typhoon, impacting an industry...
Startup Accused Of Helping Fake Privacy and Security Audits
Compliance Startup Audit-Faking Claims, Trivy Supply-Chain Backdoor, Russia Targets Signal/WhatsApp, and Iran-Linked Stryker Disruption Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst This episode covers allegations that Y Combinator-backed compliance startup Delve helped customers fake privacy and security audits by generating fabricated evidence that auditors then rubber-stamped, alongside Delve's denial and a report of sensitive Delve data being externally accessible. It also details a TeamTNT/Team PCP-style supply-chain...
The Fundamental Mistake in Cybersecurity Risk Management
Cybersecurity Isn't Managing RiskIt's Managing Threats... And That's the Problem Host David Shipley speaks with Jeff Gardiner, a former university CISO and now at Morgan Stanley, about Gardiner's doctoral research arguing that cybersecurity has structurally misclassified "risk management" as threat management. Gardiner explains that real risk is an expected loss calculation (impact likelihood), while many cybersecurity frameworks and training emphasize vulnerabilities, exploitability, and system configuration without likelihood or business impact. He describes examples where teams labeled unlikely issues as "extremely high risk," discusses interviews where leaders universally expect cybersecurity staff to be risk managers, and cites findings that only about...
FBI Seizes Iran-Linked Handala Leak Site After Stryker Intune Wipe Attack: Cybersecurity Today
FBI Seizes Iran-Linked Handala Leak Site After Stryker Intune Wipe Attack; Apple iPhone Exploit Patch; North Korean Fake IT Workers Grow Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst The episode reports that the FBI has seized the data leak site used by the Iran-linked hacktivist group Handala, which has been widely linked to the Stryker attack where attackers compromised admin accounts, stole data, and used Microsoft...
Another Medical Device Firm Hit
Medical Device Breaches, Anti-Scam Pledge Scrutiny, AI Font Trick, and Iran-Linked Cyber Updates. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst The episode covers several cybersecurity stories: Intuitive Surgical disclosed a March 12 phishing-led intrusion where stolen credentials enabled access to its internal administrative network and data theft (customer/business contacts and employee records), while clinical platforms and Da Vinci/Ion systems remained unaffected. Eleven tech and retail firms...
Notorious Hacker Group "The Comm," Operation Synergia Takedown, Stryker Cyberattack Update & More
Alleged Canadian 'The Comm' Hacker Arrested, Interpol's Operation Synergia Takedown, Stryker Cyberattack Update and more.. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Host David Shipley covers new details on the alleged takedown of "Waifu," a Canadian hacker tied to the cybercrime group The Com, after a harassment campaign against investigator Allison Nixon helped lead to his identification and arrest; he now faces U.S. charges including extortion...
AI Anxiety: Cybersecurity Today with Special Guest Krish Banerjee, Managing Director (Partner) & Canada Lead - Data & AI - Accenture
Gemini in Google Workspace, Agentic AI, and Managing AI Anxiety (with Accenture's Krish Banerjee) Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst In a special edition of Project Synapse shared with Cybersecurity Today, host Jim Love and co-host John Pinard (a VP and CSO at a Canadian financial institution) speak with Krish Banerjee, Accenture's managing director and partner leading AI in Canada. They discuss Google integrating Gemini...
AI Agent Hacks McKinsey Chatbot in 2 Hours
AI Agent Hacks McKinsey Chatbot in 2 Hours, NPM Phantom Raven, Router Malware & Trojaned AI Models This episode covers how researchers at CodeWall used an autonomous AI security agent to gain read/write access to McKinsey's internal chatbot Lilli database in about two hours by chaining exposed APIs and an SQL injection, potentially exposing 46.5 million chats, 728,000 files, 57,000 accounts, and 95 system prompts, with McKinsey saying the issues were fixed and no unauthorized access was found. It also reports on the Phantom Raven supply-chain campaign that published 88 malicious NPM packages using a runtime-downloaded payload to steal developer...
Cyber Security Today Special Report: Attack from Iran
This includes our regular Wednesday/Thursday segment but with an update from this breaking story on the attack on a large US medical company.
Fake Claude Code Installs, Arpa Phishing, Iranian and Russian Teams Mount Cyber Retaliation
Fake Claude Code Installs, Arpa Phishing, Zombie ZIP Malware Evasion, and Iran/Israel Cyber Retaliation This episode covers four major security stories: the "InstaFix" campaign using Google sponsored ads and cloned Claude Code install pages to trick developers into pasting terminal commands that deploy the TeraStealer credential-stealing malware; a phishing technique abusing the special-use .arpa domain and IPv6 reverse DNS to evade email and domain-based defenses, using attacker-controlled DNS zones, traffic distribution systems, and lures like surveys and account notices; the "Zombie ZIP" technique that manipulates ZIP headers to bypass AV/EDR scanning, tied to CVE-2026-0866 and demonstrated to evade most VirusTotal...
Coruna iOS Exploit Kit Goes Mass-Market: Cybersecurity Today for March 9, 2026 with David Shipley
Coruna iOS Exploit Kit Goes Mass-Market, FBI Wiretap Platform Breach Probe, Windows Terminal ClickFix, and Iran-War Cyber Escalation This episode covers several major cybersecurity developments: Google's Threat Intelligence Group details Coruna, a sophisticated iOS exploit kit with 23 exploits and multiple chains affecting iOS 1317.2.1, shifting from targeted surveillance use to cryptocurrency-scam distribution and a PlasmaLoader payload aimed at stealing wallet data. The FBI is investigating suspicious activity involving its Digital Collection System Network used to support wiretaps and surveillance, with concerns about third-party vendor exposure and broader federal agency targeting. Microsoft reports a new ClickFix variation that abuses Windows...
Cybersecurity Today Month in Review: World In Turmoil
Cybersecurity Today Month in Review: Iran Conflict Cyber Spillover, IoT Cameras, AI Hacking Tools, and Resilience Planning In this weekend month-in-review episode, host Jim Love and panelists David Shipley, Laura Payne, Neil Bisson, and Chris "CJ" Johnson discuss cyber and infrastructure impacts tied to the US/IsraelIran conflict, including reported compromise of traffic camera networks for targeting, Iran's defensive internet shutdown, propaganda via a hacked prayer app, and GPS/AIS spoofing that misdirected ships in the Strait of Hormuz, raising oil and helium supply-chain concerns. They warn of potential Iranian retaliation via DDoS, ransomware, and critical infrastructure attacks (especially water/OT), amplified by...
Wikipedia Hit By JavaScript Worm, ICE Contractor Data Base Leaked and more...
Wikipedia JavaScript Worm, ICE Contractor Data Leak Claim, and Leak Base Takedown Wikipedia admins contained a self-propagating JavaScript worm that spread via infected user script files, executing in logged-in editors' browsers and using authenticated sessions to copy itself into other scripts, sometimes affecting global scripts; administrators restricted edits, reverted and suppressed changes, replaced compromised scripts, and continue investigating the originating account. A hacktivist group calling itself the Department of Peace claims it leaked records tied to DHS's Office of Industry Partnership involving 6,681 organizations that applied for ICE-related contracts, releasing the dataset via Distributed Denial of Secrets, while DHS has...
AI Driven Warfare
AI-Driven Warfare, Open-Source Attack Tooling, CISA Shakeups, Healthcare Ransomware, and GPS Jamming Risks Host David Shipley covers reports that hacked Tehran traffic cameras and an AI-powered targeting system helped a joint U.S.-Israeli operation ("Epic Fury") track and strike Iran's leadership, highlighting the growing role of compromised infrastructure and AI in modern conflict. Researchers also link the open-source toolkit Cyber Strike AI to automated attacks against Fortinet FortiGate devices, compromising over 600 systems across 55 countries and raising concerns about proliferating offensive AI tools. At CISA, CIO Robert Costello resigns amid leadership turmoil and staffing challenges. Healthcare ransomware disruptions include a...
CISA Leadership Shakeup, OpenClaw Hijack, Robot Vacuums and More
OpenClaw AI Agent Hijack, CISA Leadership Shakeup, Iran Cyber Campaign, Air-Gap Malware, and Robot Vacuum Flaw Jim Love covers multiple cybersecurity stories: Oasis Security revealed "ClawJacked," a high-severity OpenClaw AI agent framework flaw caused by missing rate limiting on the local gateway, enabling malicious web pages to brute-force passwords via WebSockets, register a trusted device, and take over agents; OpenClaw patched it within 24 hours and users are urged to update to version 2020 6.2 0.25 and tighten governance for non-human identities. CISA sees a leadership change as acting director Madhu Gottumukkala steps down amid criticism and reports he uploaded...
Cybersecurity Today Weekend with Carey Frey, VP and Chief Security Officer at TELUS
Identity, AI Agents, and the Session Token Time Bomb | Carey Frey (CSO, TELUS) on Cybersecurity Today In this Cybersecurity Today weekend edition, David Shipley interviews Carey Frey, Chief Security Officer at TELUS, about the evolution of identity security and why it's a growing risk in the age of generative and agentic AI. Frey recounts his career from Canada's Communications Security Establishment to leading TELUS's internal security and managed cybersecurity services, then explains how convenience-driven identity decisions led from PKI's unrealized promise to passwords, bearer/session tokens, and today's widespread session cookie theft. He describes lessons from TELUS's deployment of FIDO2...
Cisco SD-WAN Bug Actively Exploited
Cisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, enabling authentication bypass and rogue peering sessions, and orders U.S. federal agencies to inventory systems, collect logs and forensic artifacts, hunt for compromise, and apply Cisco's fixes by 5:00 PM ET on February 27, 2026, with no workarounds. At RSA, researchers show how flaws in Model Context Protocol (MCP)a key integration layer for agentic AIcould lead to remote code execution and...
Discord Finds Age Identification May Have Privacy Concerns
Discord Drops Persona Age Verification, SolarWinds Serv-U Critical RCEs, Splunk Windows Priv Esc, and Smart TV Screenshot Surveillance Lawsuits In this episode of Cybersecurity Today, host Jim Love covers Discord ending its age-verification experiment with Persona after user backlash and researcher findings that Persona's front-end code suggested up to 269 verification checks, including watch list screening and risk scoring, amid already-thin trust following an earlier breach that exposed government ID images. The show also highlights SolarWinds Serv-U 15.5.0.4 patches for four critical (CVSS 9.1) remote code execution vulnerabilities (CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541), noting they require high privileges and that self-hosted...
Amazon Kiro Prod Disruption, Claude Code Security, Salt Typhoon Warning, and Youth Radicalization
AI-Accelerated FortiGate Breaches, Amazon Kiro Prod Disruption, Claude Code Security, Salt Typhoon Warning, and Youth Radicalization Risks Episode of Cybersecurity Today (hosted by David Shipley) covering: a Russian-speaking hacker using AI-written automation tools to breach 600+ Fortinet FortiGate firewalls across 55 countries by exploiting weak passwords and exposed management interfaces without MFA, with advice to lock down edge management access, enforce MFA, and strengthen password policies; an Amazon Kiro AI coding tool incident tied to a misconfigured role that allegedly deleted and recreated a production environment, causing a 13-hour disruption to AWS Cost Explorer services in one of two mainland...
Agentic AI Security Is Broken and How To Fix It: Ido Shlomo, Co-founder and CTO of Token Security
Jim Love discusses how rapid adoption of agentic AI is repeating the industry pattern of shipping technology without security, citing issues like vulnerabilities in Anthropic's MCP and insecure open-source agent tools. He interviews Ido Shlomo, co-founder and CTO of Token Security, who argues AI agents are fundamentally hard to secure because they are non-deterministic, have infinite input/output space, and often require broad permissions to be useful. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and...
CISA Orders Emergency Patch for Actively Exploited Dell Flaw;
CISA Orders Emergency Patch for Actively Exploited Dell Flaw; Texas Sues TP-Link; Massive ID Verification Data Leak; SSA Database Leak Allegations Host Jim Love covers four cybersecurity stories: Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst CISA ordered federal civilian agencies to patch an actively exploited critical Dell RecoverPoint for Virtual Machines vulnerability (CVE-2026-2769) within three days, citing hard-coded credentials that allow unauthenticated root access and links...
OpenClaw: Info Stealers Take Your Soul
Info Stealers Target OpenClaw, a Robot Vacuum API Flaw Exposes Thousands, Best Buy Fraud Shows Zero Trust Context, and Canada Goose Data Leaked via Supplier The episode covers multiple security incidents and lessons. Hudson Rock details how an info stealer malware infection can vacuum OpenClaw data, including authentication tokens, master keys, device private cryptographic keys, and the agent-defining soul.md file that can reveal a "mirror" of a user's life; the attack was not targeted, raising concerns about upcoming dedicated OpenClaw-stealing modules. A hobbyist coder using an AI coding tool to reverse-engineer DJI Romo communications unintentionally accessed roughly 7,000 robot vacuums...
BeyondTrust Zero-Day Exploited,
This episode covers multiple active threats and security changes. It warns of an actively exploited critical BeyondTrust remote access vulnerability (CVE-2026-1731, CVSS 9.9) enabling pre-authentication remote code execution in Remote Support and Privileged Remote Access, noting SaaS was patched while on-prem deployments require urgent manual updates and may already be compromised. Microsoft details an evolution of the ClickFix social engineering technique where victims are tricked into running NSLookup commands that use attacker-controlled DNS responses as a malware staging channel, leading to payload delivery (including a Python-based RAT) and persistence via startup shortcuts, alongside increased Lumma Stealer activity. Cybersecurity Today would...
The Dark Side of Valentine's Day: AI Romance Scams | Cybersecurity Today
This special Valentine's Day episode of Cybersecurity Today examines romance scams (often called pig butchering) and how fraudsters exploit trust, vulnerability, and loneliness. Host Jim Love speaks with McAfee Head of Threat Research Abhishek Karnik about new findings showing the scale and demographics of these scams, including widespread encounters with fake or AI-generated profiles, frequent financial solicitations, and that men are also heavily impacted. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You...
The Dark Side of Valentine's Day: AI Romance Scams | Cybersecurity Today
This special Valentine's Day episode of Cybersecurity Today examines romance scams (often called pig butchering) and how fraudsters exploit trust, vulnerability, and loneliness. Host Jim Love speaks with McAfee Head of Threat Research Abhishek Karnik about new findings showing the scale and demographics of these scams, including widespread encounters with fake or AI-generated profiles, frequent financial solicitations, and that men are also heavily impacted. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You...
Exploited Microsoft Vulnerabilities, Phishing Tactics & Romance Scams: Cybersecurity Today
In this episode of Cybersecurity Today with host Jim Love, we discuss six critical exploited Microsoft vulnerabilities, new phishing tactics using your own servers, and a zero-click vulnerability in Claude's code desktop extensions. We also explore trends in modern romance scams highlighting the younger, tech-savvy adult targets. Tune in for expert insights and practical tips to stay secure. Special thanks to Meter for their support. Hashtag Trending would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale....
In this episode of Cybersecurity Today, host Jim Love discusses the increasing risks posed by unsupported edge devices in global infrastructure. Highlighted by a recent cyber incident in Poland's energy sector, edge devices are becoming critical vulnerabilities due to their role in network security. The Cybersecurity and Infrastructure Security Agency (CISA) has issued new advisories urging immediate action to update or remove unsupported edge devices. The episode also covers issues with Microsoft Exchange online wrongly flagging legitimate emails as phishing, Google's warning on post-quantum cybersecurity preparedness, and continuing exposures tied to the Open Claw security incident. Meter, a full-stack networking...
Emerging AI Threats and Innovations in Cybersecurity
In today's episode of Cybersecurity Today, host David Shipley discusses the latest developments and challenges in cybersecurity, including integrating AI into various systems, the rise of AI-driven security flaws, and the violent turn of cryptocurrency crime. The episode highlights a partnership between Open Claw and VirusTotal to scan AI skills for malware, the success of Anthropic's AI in identifying security vulnerabilities, and a violent home invasion linked to cryptocurrency theft. Additionally, the show covers the RCMP's first terrorism-related peace bond for a minor, and New York's proposed moratorium on data center development amidst growing concerns over environmental and economic impacts....
Cybersecurity Today: Month In Review - Microsoft Patch Fails, Fortinet Issues, and AI Risks
Welcome to Cybersecurity Today's Month In Review Join host Jim Love, alongside cybersecurity experts David Shipley, Laura Payne, and Mike Puglia, as they dive into last month's major topics in the cybersecurity world. This episode covers ongoing issues with Microsoft patches, continuous security concerns with Fortinet, and the risks and ramifications of AI activities. They also discuss the implications of poor software quality and the persistent threats in the cyber world. Plus, hear the latest on Mage Cart scams and the debate over local admin rights. Don't miss this packed episode full of insights and expert analysis. Cybersecurity Today would...
OpenClaw, MoltBot, Clawdbot - From Bad to Worse
In this episode of Cybersecurity Today, host Jim Love discusses the latest advancements in AI-driven cyber attacks and their implications for security infrastructure. The episode covers a variety of topics, including the vulnerabilities in OpenClaw Marketplace, a rapid AI-assisted AWS attack, and data breaches linked to the Shiny Hunters group targeting Harvard and the University of Pennsylvania. From discussing the porous architecture of AI agents to exploring how attackers exploited AWS credentials in unsecured S3 buckets, this episode sheds light on the accelerated risks posed by AI in cybersecurity. Additionally, Jim Love speaks about the critical need for proactive measures...
Critical Cybersecurity Updates: Fortinet, Docker, and Android Malware
In this episode of Cybersecurity Today, Jim Love covers major vulnerabilities and security threats, including the exposure of over 3 million Fortinet devices, a critical flaw in Docker's AI assistant, and a sophisticated Android malware campaign using Hugging Face repositories. Discover the latest updates on these critical issues and gain insights into the measures being taken to mitigate these threats. Sponsored by Meter, providing integrated networking solutions for performance and scale. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution...
Google's Proxy Network Takedown, AI Agent Hijack, and More: Cybersecurity Today for February 2, 2026
Cybersecurity Today: Google's Proxy Network Takedown, AI Agent Hijack, and More In today's episode of Cybersecurity Today, host David Shipley covers major cybersecurity stories, including Google's disruption of the massive residential proxy network IP Idea, the hijacking vulnerability of AI agent platform MT Book, and attackers abusing single sign-on platforms. We also delve into the coordinated cyber attack on Poland's energy sector by Russian state-linked actors and the misuse of eScan antivirus updates to deliver malware. Stay informed about the latest in cybersecurity with us! Cybersecurity Today would like to thank Meter for their support in bringing you this podcast....
In-Depth Look at Phishing and Cybersecurity Culture with David Shipley | Cybersecurity Today
In this episode of Cybersecurity Today, host Jim Love welcomes David Shipley, CEO of Beauceron Security, as a guest. Together, they delve into the latest research from Beauceron Security with assistance from he University of Montreal. They discuss the effectiveness of phishing simulations, the importance of reporting suspicious activities, and the psychological factors that lead to clicking on phishing emails. The episode also highlights the surprising advantages small businesses have over larger organizations in phishing defense, and how management's attitude towards cybersecurity significantly impacts a company's overall security culture. Don't miss this thorough, insightful conversation that will change how you...
The Rise of Actionable AI Agents: Navigating the Security Landscape
In this episode of Cybersecurity Today, host Jim Love explores the burgeoning world of actionable AI agents, examining key developments from companies like Google and Anthropic. The episode delves into the rapid rise of MoltBot, an open-source AI agent tool that has taken the developer community by storm. Jim also highlights the significant security concerns associated with these advanced AI systems, including delegated control, exposable credentials, and the potential for real-world consequences due to misuse. The podcast wraps up with a discussion on the future implications of these technologies and a preview of upcoming research by David Shipley from Beauceron...
What's App Privacy Lawsuit
Cybersecurity Today: WhatsApp Privacy Lawsuit, Google's Personal AI, Canada Computers Breach, and Mass Password Leak In this episode, host Jim Love discusses pressing cybersecurity issues, including a lawsuit against WhatsApp for allegedly misleading users about message privacy, concerns over Google's new personal AI and its data security implications, a delayed response to a credit card skimming attack at Canada Computers, and the exposure of 149 million stolen passwords. Sponsored by Meter, the podcast also highlights the risks of using the same passwords and the importance of timely breach responses. Cybersecurity Today would like to thank Meter for their support in...
AWS Flaw Could Have Put Every Account At Risk
Cybersecurity Today: Critical Fortinet Flaws, Windows 11 Issues, and Major Cloud Security Near Miss In today's episode of Cybersecurity Today, host David Shipley covers several pressing cybersecurity topics including the continued exploitation of Fortinet flaws despite recent patches, Windows 11 systems failing to boot after January updates, a thwarted cyber attack on Poland's energy sector by the Sandworm group, a sophisticated phishing campaign targeting the energy sector, and a critical AWS vulnerability that posed a significant risk to cloud security globally. Stay informed on these key issues and more. Cybersecurity Today would like to thank Meter for their support in...
VoidLink: An In-Depth Look at the Nest Generation of AI Generated Malware
Discovering Void Link: The AI-Generated Malware Shaking Up Cybersecurity In this episode, we explore the fascinating discovery of 'Void Link,' one of the first documented cases of advanced malware authored almost entirely by artificial intelligence. Hosts delve into an eye-opening interview with experts from Checkpoint ResearchPedro Drimel and Sven Rathwho were integral to uncovering this next-gen cyber threat. Learn how Void Link's design, rapid development, and sophisticated features signify a new age in malware creation, and understand the implications for cybersecurity, particularly in cloud and Linux environments. This episode provides a compelling look into the tools and methodologies behind the...
11 Year Old LInux Bug Allows Root Access
Fortinet Firewall Breached, Hidden Linux Vulnerability & Ransomware Boss Pleads Guilty | Cybersecurity Today In this episode of Cybersecurity Today, host David Shipley discusses the latest breach involving Fortinet FortiGate firewalls, an 11-year-old critical Linux vulnerability that was recently discovered, and a rare courtroom case where a ransomware boss pleaded guilty. The episode also highlights a report on widespread credential exposure in the retail sector. Stay informed on the latest cybersecurity news and developments. Sponsored by Meter. 00:00 Introduction and Sponsor Message 00:39 Fortinet Firewalls Breached 02:05 Critical Linux Vulnerability Exposed 03:31 Ransomware Boss Pleads Guilty 04:52 Widespread Credential Exposure...
The First Wave Of Sophisticated AI Generated Malware
Critical Cybersecurity Updates: Microsoft, Goot Loader, Anthropic, and AI-Generated Malware In this episode of Cybersecurity Today, host Jim Love discusses the latest security patches and threats in the industry. Topics include Microsoft's recent patch for a Windows Admin Center flaw, the resurgence and evolution of Goot Loader malware, Anthropic's quiet patching of key vulnerabilities in their Git MCP server, and the emergence of Void Link, an advanced AI-generated malware targeting Linux-based servers. Tune in to learn about the implications of these updates and what steps you can take to protect your systems. Cybersecurity Today would like to thank Meter for...
Cisco Patches Async OS Bug
Critical Security Flaws Patched by Cisco and Fortinet Amidst Recent Cyber Threats In this episode of Cybersecurity Today, host David Chipley covers several pressing cybersecurity issues. Cisco has patched a maximum severity zero-day vulnerability in its Async OS software, which has been exploited by a Chinese state-linked group. Fortinet has also addressed a critical vulnerability in its 40 Seam product, which is being actively exploited in the wild. The Dutch National Police are still recovering from a Citrix breach, emphasizing the need for modern infrastructure. Meanwhile, a spear-phishing campaign targeting US organizations uses Venezuela-themed lures. The episode wraps up with...
She Hacks Purple: An Interview With Cybersecurity Expert Tanya Janca
Building Secure Software with Tanya Janca: From Coding to Cybersecurity Advocacy In this episode of Cybersecurity Today, host Jim Love interviews Tanya Janca, also known as She Hacks Purple, a renowned Canadian application security expert and author. Tanya shares her journey from a software developer and musician to becoming a penetration tester and cybersecurity advocate. She discusses her work in training developers on secure coding practices and application security, emphasizing the need for integrated security training in academic programs and the software development lifecycle. Tanya also talks about the challenges women face in the cybersecurity field and her efforts to...
Staples Slips Up On Data Removal
Cybersecurity Challenges: Data Privacy Failures, AI Risks, and New Malware Threats In this episode of Cybersecurity Today, host David Shipley covers a range of pressing issues. The discussion kicks off with Staples Canada reselling laptops without wiping customer data, highlighting loopholes in Canada's privacy laws. Next, David delves into a new class of attacks known as 'Reprompt' that target Microsoft Co-pilot, exposing vulnerabilities in large language models. The episode also explores a critical flaw in ServiceNow's virtual agent that allowed attackers to impersonate legitimate users, emphasizing the importance of robust identity verification. Lastly, a newly discovered advanced Linux malware framework...
HPE Open View Vulnerability Hits CISA Known Exploited List
Cybersecurity Today: Credit Card Skimming, Valley Rat Malware, WhatsApp Exploit & AI Defenses In this episode of Cybersecurity Today, hosted by Jim Love, we explore several critical cybersecurity threats and advancements. We cover a massive credit card skimming campaign active since early 2022, a severe bug in HPE OneView, the stealthy Valley Rat malware, and a potential zero-click exploit in WhatsApp. Additionally, we delve into AI-driven advancements in cybersecurity defense being developed at US National Laboratories. Stay informed and vigilant with the latest insights in cybersecurity. 00:00 Introduction and Sponsor Message 00:48 Credit Card Skimming Campaign Uncovered 02:49 Critical Vulnerability...
FBI Warns of QR Code Phishing & Europol's Major Cybercrime Crackdown CST Monday Jan 12 2026
In this episode of Cybersecurity Today, host David Shipley covers the FBI's warning about North Korean state-sponsored QR code phishing campaigns targeting U.S. organizations. Additionally, he discusses Europol's arrest of 34 individuals in Spain tied to the infamous Black Acts crime syndicate and the uncertainty surrounding CISA's pre-ransomware notification initiative after the departure of its lead developer. Stay informed with the latest in cybersecurity news and learn how to protect yourself and your organization from emerging threats. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless...
Cybersecurity Today: The Month in Review - Key Stories and Insights
In this episode of Cybersecurity Today, brought to you by Meter, we review key events and stories from the past few weeks. Join host Jim along with experts Tammy Harper from Flair, Laura Payne from White Tuque, and David Shipley from Beauceron Security as they discuss major cybersecurity events that unfolded over the holidays, including the MongoDB vulnerability 'Mongo Bleed', the compromises at Rainbow Six Siege, and the ethical implications of hacktivism. The panel also explores the complexities of AI in cybersecurity, the vulnerability of critical infrastructure, and the dichotomy between ethical hacking and cybercrime in the industry. As always,...
Window's Blue Screen of Death Vulnerability
Cybersecurity Today: Sideloaded App Issues, Fake Blue Screen Attacks, and Rising Ransomware Threats In this episode of Cybersecurity Today, host Jim Love discusses HSBC blocking sideloaded apps with its banking app, new social engineering attacks using fake Windows blue screens to install malware, and the discovery of long-standing compromised Chrome extensions. Additionally, a new report reveals a significant rise in ransomware victims in 2025 despite major takedowns of ransomware groups. Special thanks to Meter for their support. 00:00 Introduction and Sponsor Message 00:21 HSBC Blocks Sideloaded Apps 02:44 Fake Blue Screen of Death Malware 04:49 Compromised Chrome Extensions 06:33 Ransomware...
Kimwolf Bot Strikes - "Routers Will Not Protect You"
In this episode of Cybersecurity Today, host Jim Love discusses the latest in cybersecurity threats including the rapidly growing Kim Wolf botnet affecting millions of devices, the rising threats to file-sharing environments, and the intersection of cybercrime with physical supply chains. He also covers an audacious hacktivist takedown of white supremacist websites. Tune in to learn about the evolving landscape of cybersecurity and practical measures you can take to protect your systems. Thank you to our sponsor Meter for supporting this podcast. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a...
Infrastructure Under Attack: Cybersecurity Today for Monday January 5, 2026
In this episode of 'Cybersecurity Today', host David Shipley discusses significant cyber events and their implications. The podcast explores hints by President Donald Trump regarding the use of cyber tactics in a U.S. operation that resulted in a power outage in Venezuela. The episode also delves into the April 2025 data breach at Nova Scotia Power, detailing the company's efforts to keep incident specifics confidential and the extensive recovery measures taken. Lastly, it updates listeners on the Trust Wallet compromise linked to the Sha-Hulud supply chain attack, elucidating how the breach occurred and its aftermath. The episode underscores the growing...
Final Encore Episode - Research, Cybersecurity Awareness and Training
In this episode, host Jim Love discusses the importance of cybersecurity awareness and training, featuring insights from Michael Joyce of the Human-Centric Cybersecurity Partnership at the University of Montreal and David Shipley of Beauceron Security. They explore the impact of cybersecurity awareness programs, the decay of sustained vigilance post-training, and the nuances between phishing reporting and clicking behaviors. The conversation also critiques recent research claims that question the efficacy of phishing training, emphasizing the need for continuous, empirically supported approaches in cybersecurity education. The episode highlights the value of balanced, layered defenses involving both technical solutions and informed user behavior....
Inside the Dark Web: Exploring Cybercrime with Expert David Dcary-Htu
In this episode, the host shares a pre-recorded favorite interview with David Decary-Hetu, a criminologist at the University of Montreal. They discuss the dark web, its technology, and its role in cybercrime. Decary-Hetu explains how the dark web operates, its users, and the dynamics between researchers and law enforcement in tackling cyber threats. Key topics include the economics of illicit markets, the cat-and-mouse game between law enforcement and criminals, the role of cryptocurrencies, and the evolution of cyber threats. The episode offers insights into the social aspects of cybercrime and the measures being taken to combat it. 00:00 Introduction and...
MongoDB - MongoBleed Vulnerability Exploit Reported On Christmas Day
Cybersecurity Today: MongoDB Vulnerability 'Mongo Bleed' Exploited, Rainbow Six Siege Hacked, Trust Wallet Compromise, and GrubHub Crypto Scams In this episode of Cybersecurity Today, David Shipley covers significant cybersecurity incidents that occurred over the holiday period. The major topics include the 'Mongo Bleed' vulnerability in MongoDB that was disclosed and then publicly exploited on Christmas Day, leading to potential data leaks. Ubisoft's Rainbow Six Siege faced a breach enabling attackers to manipulate in-game functions and distribute billions worth of in-game currency for free. Trust Wallet's browser extension was compromised, resulting in a loss of approximately $7 million in cryptocurrencies. Finally,...
A Hacker Tells His Story
This is an interview with former hacker Brian Black. Brian is now on the right side of the battle and bringing his skills to to the fight against hackers. He finds the weaknesses in corporate security so that it can be patched. This was one of my favourite interviews this year. Listening to what Brian has learned and understanding how we can use that knowledge and experience kept me on the edge of my seat. Once more I want to thank Meter for making this possible. Visit them at meter.com/cst
The Ransomware Ecosystem: An Encore Holiday Episode
Jim takes a break for some R&R during the holidays and shares his favorite podcast episodes from the year. He acknowledges that some listeners might have heard these episodes already, while others may find them new. The podcast's production is supported by Meter, a company providing integrated networking solutions. Additionally, support from listeners through the Buy Me a Coffee program has helped sustain the shows and expand their content offerings. Jim thanks Meter and the listeners, wishing everyone a Merry Christmas and a Happy New Year. 00:00 Introduction and Holiday Plans 00:33 Sponsor Acknowledgment 01:08 Support and Growth 01:55 Final...
Year End Repeat: Pig Butchering: Operation Shamrock Fights Back
Over the holidays we are rerunning some of our favourite episodes. This one first aired this summer and was one of my first conversations with the fascinating head of Operation Shamrock. We'll be back with regular programming on January 5th.
Arrests In 0365 Scheme: Cybersecurity Today With David Shipley
Global Cybercrime Crackdowns and Rising Threats This episode of 'Cybersecurity Today' hosted by David Shipley covers significant cybersecurity news. Nigerian police arrested three suspects linked to a Microsoft 365 phishing platform known as Raccoon O365. U.S. prosecutors charged 54 individuals in an ATM malware scheme tied to a Venezuelan criminal organization. Two incident responders pleaded guilty to conducting ransomware attacks while employed to help victims of such attacks. Denmark officially blamed Russia for a cyber attack on a water utility, exacerbating geopolitical tensions. Each segment highlights the intricate and international nature of modern cybercrime and the ongoing challenges in cybersecurity....
Year-End Review: The Highs and Lows of Cybersecurity in 2025
Cybersecurity Today brings you a special year-end episode, featuring noteworthy guests Tammy Harper from Flare, Laura Payne from White Tuque, David Shipley from Beauceron Security, and John Pinard, co-host of Project Synapse. This episode delves into the pivotal cybersecurity stories of 2025, including a detailed discussion on MFA phishing attacks, the effectiveness of cybersecurity training, and the troubling trends in ransomware payments. Also covered are the evolving roles of AI in both defending and perpetrating cyber crimes. The guests share their insights, hopes, and concerns for the industry's future, emphasizing the importance of awareness, empathy, and community. Tune in as...
On the Zero Day of Christmas - Cisco Devices Under Attack
Cybersecurity Today: Cisco Zero Day Exploited & Maritime Cyber Attack Unfolds In this episode of Cybersecurity Today, host David Shipley discusses a series of critical cybersecurity incidents, including the exploitation of a zero-day flaw in Cisco email security infrastructure by a China-linked group, a Hollywood-style attack on an Italian ferry involving remote access malware, and a new data theft spree by the ClOP ransomware gang targeting file-sharing servers. Shipley also highlights the broader implications of cybersecurity on physical safety and national security. This episode is brought to you by Meter, a complete networking stack provider for enterprises. 00:00 Introduction and...
React2Shell Vulnerability, Black Force Phishing Kit, Microsoft OAuth Attacks, and PornHub Data Breach
In this episode of Cybersecurity Today, host Jim Love discusses a range of pressing cybersecurity threats. The show covers the escalating React2Shell vulnerability, which has led to widespread automated exploitation campaigns involving crypto miners and back doors. Additionally, Jim reports on the Black Force phishing kit, which bypasses multifactor authentication and is gaining traction among cybercriminals. Microsoft OAuth consent attacks are also highlighted, with users being tricked into granting access to their accounts. Finally, the episode touches on PornHub's data breach involving the Shiny Hunters cybercrime group and the importance of patching vulnerabilities and being cautious during the holiday season....
Cybersecurity Today: Apple Security Updates, AI Search Engine Scams, Torrent Malware, and Stanford's AI Penetration Testing
In this episode of Cybersecurity Today, host David Shipley discusses significant developments in the cybersecurity landscape. Apple releases security updates to address two actively exploited WebKit vulnerabilities. Scammers manipulate AI-powered search tools to recommend fake support numbers, reflecting a growing security risk. Bitdefender uncovers malware hidden in torrent subtitles for the movie 'One Battle After Another.' Lastly, an AI named Artemis outperforms human penetration testers in a Stanford hacking experiment, highlighting the evolving role of AI in cybersecurity. Also included are insights on the implications of these events for future cybersecurity challenges. Cybersecurity Today would like to thank Meter for...
The Hidden Danger of Storing Secrets Online | Interview with Jake Knott from Watchtower
In this episode of Cybersecurity Today, host Jim Love discusses the shocking discovery of over 80,000 leaked credentials and secrets in online code formatting tools with Jake Knott, a principal security researcher from Watchtower. They delve into the vulnerabilities exposed by these tools, the inadvertent leaking of sensitive information, and how attackers can easily exploit these weaknesses. The conversation covers the types of secrets found, the responses from various organizations, and best practices to prevent such exposures. Tune in to understand the critical importance of protecting your credentials and the steps you can take to avoid falling victim to these...
Spiderman and Cybersecurity.
Cybersecurity Today: Spider-Man Phishing Kit, Gogs Zero-Day Exploits, and Recent Patches In this episode, host Jim Love discusses recent cybersecurity issues including the Spider-Man phishing kit targeting European banks and cryptocurrency users, a zero-day vulnerability in the self-hosted Git service Gogs, and various security updates. The Spider-Man kit creates highly convincing phishing pages, while the Gogs vulnerability allows remote code execution by exploiting symbolic links. Additionally, updates are covered for a Windows PowerShell zero-day and a zero-click flaw in Google's Gemini Enterprise. The show emphasizes the importance of vigilance and timely patching to mitigate these threats. 00:00 Introduction and Technical...
Google Chrome's AI Safety Plan? More AI
Cybersecurity Today: Google Chrome's AI Safety Plan, React2Shell Fixes, & New Ransomware Tactics In this episode of Cybersecurity Today, host Jim Love discusses Google's new security blueprint for AI-powered Chrome agents, highlighting measures against indirect prompt injections and model errors. Learn about Next JS's new tool for addressing the critical React2Shell vulnerability and the emerging threat from Storm 0249 using EDR tools for ransomware. The episode also covers new data showing manufacturers remain top ransomware targets. Sponsored by Meter. 00:00 Introduction and Sponsor Message 00:22 Google's New Security Plan for Chrome Agents 03:41 Next JS Scanner for React2Shell Vulnerability 05:41...
DevelopmentTools May Allow Remote Compromise
Explosive React Vulnerability and AI Tool Flaws Uncovered: Major Implications for Cybersecurity In this episode of Cybersecurity Today, host David Shipley discusses a new significant React vulnerability, React2Shell, that has caused widespread confusion and debate in the security community. This major flaw, affecting a widely used web framework, poses significant risks like remote code execution and malware deployment across numerous organizations. The episode also highlights flaws in AI coding tools discovered by researcher Ari Marzouk, which could compromise integrated development environments (IDEs) and software supply chains. Additionally, a ransomware breach at Marquis Software Solutions, impacting over 70 US banks and...
Cybersecurity Today Month In Review - December 5th, 2025
Cybersecurity Today: The Rise of Living Off the Land Strategies & More In this episode of Cybersecurity Today's Month in Review, host Jim Love is joined by Laura Payne from White Tuque and David Shipley from Beauceron Security. They discuss several pressing cybersecurity issues, including the growing threat of 'living off the land' strategies where attackers use legitimate software to stay undetected, the risks associated with public Wi-Fi and QR codes, and the recent breaches involving Oracle's E-Business Suite and SonicWall's management devices. The panel also reflects on the often conflicting cybersecurity advice circulating today and emphasizes the importance of...
Shady Panda Hides For Years In Legitimate Browser Extensions: Cybersecurity Today
In this episode of 'Cybersecurity Today,' host Jim Love discusses several significant cybersecurity issues. Highlights include a maximum severity vulnerability in React Server Components dubbed React2Shell (CVE-2025-55182), a recently patched Windows shortcut flaw by Microsoft, and new attacks using the Evilginx phishing platform in schools. Additionally, the show explores a long-running campaign by 'Shady Panda,' which used browser extensions to harvest data, and an unexpected failure by Google's AI tool that led to the deletion of a developer's hard drive. The episode also thanks Meter for their continued support. 00:00 Introduction and Sponsor Message 00:48 React Vulnerability: React2Shell 03:13 Microsoft's...
Living off the Land Attacks and Emerging Cyber Threats
This episode of Cybersecurity Today, hosted by Jim Love, delves into various cybersecurity threats and latest news. Topics include 'living off the land' attacks using Microsoft's native utilities, spoofing Calendly invites for phishing Google and Meta credentials, a significant breach at the University of Pennsylvania linked to Oracle E-Business Suite vulnerabilities, and findings on AI jailbreaks tied to syntactic patterns by researchers from MIT, Northeastern University, and Meta. The episode emphasizes the ongoing challenges and evolving strategies in cybersecurity. 00:00 Introduction and Sponsor Message 00:43 Living Off the Land Attacks Explained 03:41 Fake Calendly Invites and Phishing Campaigns 05:47 Oracle...
Cybersecurity Today: QR Code Parking Scams, Evil Twin WiFi Attacks & Microsoft's Teams Flaw
In this episode of Cybersecurity Today, host David Shipley discusses a range of pressing cybersecurity issues. Topics include the surge in QR code parking scams, with recent cases in Monaco, Ottawa, and across Europe; an Australian man sentenced for evil twin WiFi attacks targeting travelers; the shutdown of the Code Red emergency notification system due to ransomware; and critical vulnerabilities in Microsoft Teams' guest access feature. Shipley also examines the newly launched hacklore.org website aiming to debunk cybersecurity myths, while critiquing its dismissal of real-world threats. Stay informed on how criminals exploit simple deception, human assumptions, and technology lapses to...
Espionage and Intelligence - What Cybersecurity Professionals Can Learn
The Intersection of Espionage Techniques and Cybersecurity Threats This episode explores the parallels between espionage and cybersecurity, particularly focusing on social engineering tactics used in both domains. Hosted by Jim Love, the podcast features insights from Neil Bisson, a retired intelligence officer from CSIS, and David Shipley, CEO of Beauceron Security. They discuss the vulnerabilities in human behavior that can be exploited, the similarity between human intelligence operations and phishing attacks, and how AI is transforming the landscape of social engineering. Practical advice on recognizing and mitigating these threats is also provided. The episode underscores the importance of empathy, skepticism,...
Cybersecurity Update: Incorrect Company Naming, Major Breaches, and New Malware Campaigns
In this episode, the host addresses a previous mistake in naming a company involved in a breach, correcting SitusAMC for Ascensus, and extends apologies. Key topics include US banks assessing a breach fallout from financial tech vendor SitusAMC, ransomware group CioP targeting Broadcom through Oracle's vulnerabilities, a new malware campaign hiding in Blender 3D models named SteelC, supply chain attacks in the JavaScript ecosystem through NPM packages with Shai-Hulud malware, and a phishing scam using lookalike domains to deceive Microsoft account holders. Listeners are reminded to manually type URLs to avoid phishing scams, and are informed about the Thanksgiving weekend...
Major US Bank Data Linked Through Breach At SitusAMC
In today's episode of Cybersecurity Today, hosted by Jim Love, several major cybersecurity incidents are discussed. US banks are assessing the impact of a security breach at SitusAMC, where the ALFV ransomware group claimed to have stolen three terabytes of data. CIOP has targeted Broadcom through Oracle's E-Business Suite vulnerabilities. A new malware campaign hides inside Blender 3D models, exploiting the auto-run feature to deploy Steel C malware. The JavaScript ecosystem faces a supply chain attack from the Shai-Hulud malware compromising 500 NPM packages. Additionally, a phishing campaign leveraging visual deception with look-alike domains is targeting Microsoft account holders. The...
Checkout.com Takes a Bold Stance, SolarWinds Case Dismissed, and FCC Reverses Mandate
In this episode, host David Shipley discusses some of the most pressing issues in cybersecurity today. Checkout.com refuses to pay a ransom to cyber extortion group Shiny Hunters and instead donates to cybersecurity research. The U.S. SEC ends its long-standing case against SolarWinds and their CISO Tim Brown, highlighting ongoing debates about cybersecurity accountability. Additionally, the FCC reverses cybersecurity mandates originally set after the Salt Typhoon hacks, drawing criticism and raising questions about national security preparedness. The episode emphasizes the critical role of policy and regulation in affecting cybersecurity outcomes and encourages the tech community to participate actively in shaping...
Understanding Cybersecurity Threats: Insights from Intelligence Experts
In this episode of Cybersecurity Today, host Jim Love welcomes retired intelligence officer Neil Bisson and regular guest David Shipley for an in-depth discussion on current cybersecurity threats facing both Canada and the US. They explore the roles of major state actors like China, Russia, Iran, and North Korea in cyber espionage and sabotage, alongside the motivations driving such activities. The conversation delves into the challenges faced by corporations and critical infrastructure, the importance of understanding motivations behind cyber attacks, and the need for greater cooperation between the private sector and intelligence agencies. The episode also highlights the crucial steps...
Major CloudFlare Outages, Black Friday Phishing Surge, AI Privacy Breach at Ontario Hospital, and Salesforce Data Theft Investigation
In this episode of Cybersecurity Today, host Jim Love discusses several major cybersecurity events. CloudFlare faced significant outages affecting major platforms like Amazon and YouTube, along with continued issues for Microsoft 365 users. NordVPN warned of a surge in fake shopping websites as Black Friday approaches, with phishing attempts climbing 36% between August and October. An AI transcription tool caused a privacy breach at an Ontario hospital, leading to a privacy probe. Finally, Salesforce is investigating a data theft wave linked to Gainsight, illustrating the risks of OAuth token misuse. The episode is supported by Meter, a network infrastructure provider....
Cybersecurity Today: CloudFlare Outage, Microsoft's AI Risk, New Red Team Tool, and More!
In this episode of 'Cybersecurity Today,' host Jim Love covers multiple pressing topics: CloudFlare's major outage affecting services like OpenAI and Discord, Microsoft's new AI feature in Windows 11 and its potential malware risks, a new red team tool that exploits cloud-based EDR systems, and a new tactic using calendar invites as a stealth attack vector. Additionally, a critical SAP vulnerability scoring a perfect 10 on the CVSS scale is discussed alongside a peculiar event where Anthropic's AI mistakenly tried to report a cybercrime to the FBI. The episode wraps up with a mention of the book 'Alyssa, A Tale...
Fortinet Zero Day In Active Exploitation, North Korean Infiltration Grows And More: .Cybersecurity Today for November 16 2025
Critical Cybersecurity Updates: Fortinet Zero Day, North Korean Infiltration & JLR Cyber Attack In this episode of Cybersecurity Today, host David Chipley discusses the latest critical updates in the cybersecurity world. Fortinet faces a massive zero-day vulnerability actively exploited, leading to major security patches. North Korean IT workers have infiltrated 136 companies, massively impacting corporate security and funneling millions to the DPRK. Jaguar Land Rover's cyber attack results in a startling $220 million loss, affecting the UK's economy. Lastly, we delve into widespread copy-pasted flaws across leading AI platforms like Meta and Nvidia. Stay updated, stay secure! 00:00 Introduction and...
Cybercrime and the Future: An In-Depth Discussion with Tammy Harper, Flare.io
In this episode of Cybersecurity Today, host Jim Love is joined by Tammy Harper, a senior threat intelligence researcher at Flare, to explore the future landscape of cybercrime. The conversation delves into various aspects like the evolution of underground markets, state-backed cyber sanctuaries, and decentralized escrow systems. Harper presents insights on extortion as a service, the implications of artificial intelligence in cybercrime, and the potential impact of quantum computing on encryption. The episode also discusses the changing nature of digital sovereignty and its effects on cybersecurity. This thorough examination offers a glimpse into the challenges and transformations in the world...
Cybersecurity Today: Oracle Breach, CrowdStrike Report, and New iPhone Scam
In this episode, host Jim Love discusses several significant cybersecurity events and updates. The Washington Post confirmed a security breach affecting nearly 10,000 individuals due to an exploited Oracle E-Business Suite vulnerability. CrowdStrike's 2025 Global Threat Report highlights the rise of 'enterprising adversaries' and a surge in malware-free intrusions. In addition, a new phishing scam targets iPhone users by mimicking Apple's device recovery alerts. Finally, a listener raised concerns about security issues with SonicWall's management devices and systems. The show concludes with information on upcoming content and thanks to Meter for sponsoring the podcast. 00:00 Introduction and Sponsor Message 00:40...
In this episode of Cybersecurity Today, host David Shipley covers the latest threats in the cybersecurity landscape. Highlights include the emergence of the quantum root redirect (QRR) phishing kit, a sophisticated automated phishing platform targeting Microsoft 365 credentials across 90 countries. The hospitality industry is also being hit with a new 'click fix' phishing campaign, compromising booking systems and targeting hotel guests. Researchers discover new vulnerabilities in ChatGPT, exposing private data via indirect prompt injection attacks. Additionally, the University of Pennsylvania confirms a massive data breach, highlighting the risks of not implementing comprehensive MFA protocols. Stay informed with the latest...
US Congressional Budget Office Breach, AI in Cyber Attacks & Veterans Defend Canada
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst In today's episode, we cover the breach at the US Congressional Budget Office and its implications on national security, Microsoft Teams' chat feature being exploited for phishing attacks, and the increasing use of AI in cyber attacks. We also highlight how Canadian veterans are being retrained for careers in cybersecurity through the Coding for Veterans program. Hosted by Jim...
A Former Black Hat Hacker Advises Us On Security Weaknesses
Unveiling the Double-Edged Sword of AI in Cybersecurity with Brian Black In this episode of Cybersecurity Today, host Jim Love interviews Brian Black, the head of security engineering at Deep Instinct and a former black hat hacker. Brian shares his journey into hacking from a young age, his transition to ethical hacking, and his experiences working with major companies. The discussion delves into the effectiveness of cybersecurity defenses against modern AI-driven attacks, the importance of understanding organizational data, and the challenges of maintaining robust security in the age of AI. Brian emphasizes the need for preemptive security measures and shares...
Innovative Tools and Tactics in Cybersecurity
In this episode of 'Cybersecurity Today,' hosted by Jim Love, the focus is on recent developments and tactics in cybersecurity. The episode discusses Meter's networking solutions, the innovative tactics of the ransomware group Killen using common Windows tools, and three new open-source offerings aimed at improving security: Heisenberg for software bills of materials, OpenAI's Aardvark for automated vulnerability detection, and Open PCC for securing AI data flows. The show emphasizes the importance of detecting unusual behaviors in legitimate tools and highlights the need for proactive security measures in development pipelines. Listeners are encouraged to explore these initiatives further through show...
Ransomware Insider Threats, AI Vulnerabilities, and Major Security Gaffes
In this episode of Cybersecurity Today, host Jim Love dives into several shocking security lapses and emerging threats. Highlights include ransomware negotiators at Digital Mint accused of being behind attacks, a new AI vulnerability that exploits Windows' built-in stack, and a misuse of OpenAI's API for command and control in malware operations. Additionally, AMD confirms a flaw in its Zen 5 CPUs that could lead to predictable encryption keys, and the Louvre faces scrutiny after a major theft reveals poor password practices and maintenance failures. The episode underscores the importance of basic security measures like strong passwords and regular audits...
Alarm Bells in Ivy League School
In this episode, host David Shipley discusses a significant cybersecurity breach at the University of Pennsylvania, which involved offensive emails sent from legitimate university addresses. The attackers claim to have accessed sensitive data, though their statements remain unverified. Shipley emphasizes the importance of vigilant communication and rapid response systems in mitigating damage. The episode also covers urgent cybersecurity alerts issued by Western agencies for Microsoft Exchange and WSUS servers, highlighting the necessity of continuous system updates and robust security measures. Lastly, Australia's cybersecurity agency warns against ongoing attacks on unpatched Cisco devices, urging immediate action. The episode underscores the theme...
Cybersecurity Today: October Recap - Addressing AI, DNS Failures, and Security Vulnerabilities
In this episode of 'Cybersecurity Today,' the panel, including Laura Payne from White TOK and David Shipley from Boer on Securities, reviews the major cybersecurity events of October. Key topics include DNS failures at AWS and Microsoft, the rise of AI and its associated security concerns, and several severe cloud and on-premises vulnerabilities in platforms like SharePoint and WSUS. The discussion highlights a surge in sophisticated phishing threats, the integration of AI in cyber attacks, and the critical importance of multifactor authentication. The panel also examines the implications of recent security breaches affecting critical infrastructure and the broader impact of...
Massive Data Exposures, Insider Threats, and State-Sponsored Cyber Attacks
In this episode of Cybersecurity Today, host Jim Love covers a series of alarming cybersecurity incidents. Key highlights include Ernst and Young exposing a massive 4TB database to the open internet, a former L3 Harris executive guilty of selling zero-day exploits to a Russian broker, a sophisticated zero-day spyware campaign hitting Chrome, and a nation-state cyberattack on US telecom provider Ribbon Communications. Tune in to understand the critical lessons from these breaches and the emerging risks in cybersecurity. 00:00 EY's Massive Data Exposure 02:05 US Defense Contractor's Insider Threat 03:33 Chrome's Zero Day Vulnerability 05:24 Nation-State Hackers Breach US Telecom...
Is Russia Cracking Down on Cyber Criminals? Fake Death Scams & Exposed AI Servers | Cybersecurity Today
In this episode of Cybersecurity Today, host Jim Love explores the potential shift in Russia's stance on cyber criminals, including arrests of major network operators. Discover the latest phishing scams where hackers fabricate death notices to steal passwords, a critical vulnerability exposing thousands of AI servers, and a massive malware campaign on YouTube. Plus, discuss the dual nature of AI in cybersecurityboth as a transformative technology and a new threat. Join the conversation on the future of cybersecurity! 00:00 Introduction: Cybersecurity Headlines 00:26 Russia's Crackdown on Cybercriminals 02:47 Phishing Scam Targets LastPass Users 04:59 AI Server Vulnerability Exposes API Keys...
Pwn2Own Ireland 2025: Major Cybersecurity Revelations & Critical Vulnerabilities
In this episode of Cybersecurity Today, host David Shipley covers the latest updates from the Pwn2Own 2025 event in Ireland, where top hackers earned over $1 million for uncovering 73 zero-day vulnerabilities. Despite significant hype, AI's impact on cybersecurity remains limited. We also dive into a critical Microsoft WSUS flaw under active exploitation and its implications for U.S. government cyber defenses amid a federal shutdown. Lastly, ESET reports reveal North Korea's increased cyber espionage targeting European drone manufacturers. Stay informed on the ever-evolving landscape of cybersecurity threats and defenses. 00:00 Introduction and Headlines 00:29 Pwn to Own 2025 Highlights 02:35...
Navigating Cybersecurity in Small and Medium Businesses with White Hat Hacker Graham Berry
In this episode of Cybersecurity Today, host Jim Love sits down with Graham Barrie a CISO and white hat hacker, to discuss the critical importance of cybersecurity for small and medium-sized businesses. From the moment Berry fell in love with technology through a Tandy TRS 80 to his current role helping businesses secure their data, this conversation covers the evolution of cybersecurity. They delve into how Berry assists businesses in understanding cybersecurity risks, communicating effectively with clients, and preparing for and recovering from cyber incidents. This episode is packed with insightful stories, practical advice, and a deep dive into the...
Cybersecurity Today: New Threats from AI and Code Extensions
In today's episode, host Jim Love discusses the discovery of the 'Glass Worm,' a self-spreading malware hidden in Visual Studio Code extensions downloaded over 35,000 times. The worm, hiding its malicious JavaScript in invisible unicode characters, steals developer credentials and drains crypto wallets. He also covers the security flaws in AI-powered IDEs like Cursor and Windsurf, leaving 1.8 million developers vulnerable. Lastly, a new survey from ISACA reveals that AI-driven attacks are now the top cybersecurity concern for 2026, overtaking ransomware and insider threats. Love advises how developers and security teams can mitigate these threats. 00:00 Introduction and Shoutout 01:10...
Ransomware Dominates Cyber Attacks & AI Tools for Cybersecurity | Tech News Update
In this episode of Cybersecurity Today, your host Jim Love discusses Microsoft's latest findings on how ransomware and extortion account for over half of all cyber attacks globally, highlighting the shift toward financially driven crimes. Learn about the breach at the Kansas City National Security Campus due to a SharePoint vulnerability and how Anthropic's new open-source sandbox aims to make AI coding safer. Additionally, discover how AI tools can help spot scams as Jim shares his personal experience and practical tips. Stay informed on the latest cybersecurity trends and essential defense strategies. 00:00 Introduction and Headlines 00:26 Ransomware Dominates Cyber...
CyberWire Daily
Too many flaws, not enough time.
NIST struggles with an NVD backlog. Cisco and Splunk ship critical patches. Researchers flag a systemic flaw in Anthropics MCP. ShinyHunters leak 13.5 million McGraw Hill accounts. Cargo theft goes cyber. A Tennessee hospital breach hits 337,000 patients. Two Americans are sentenced in a North Korean fake-IT-worker scheme. Our guest is Rob Allen, Chief Product Officer at ThreatLocker, describing security gaps addressed by zero trust. OpenAI lets security teams take off the training wheels. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and...
A heavy patch Tuesday lands.
Patch Tuesday. CISA directs furloughed employees back to work. Experts warn Anthropics Glasswing signals a new era of AI-driven vulnerability discovery. Federal prosecutors crack down on chip smuggling. Sweden says a pro-Russian cyber group attempted to disrupt power plant operations. A fake app in Apples App Store drains crypto wallets. Virginia bans the sale of precise geolocation data. Our guest is Johnny Hand, VP for AI Excellence at TrendAI, discussing AI operational discipline. Do you need to buy a separate seat for your AI agent? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss...
France builds its own digital future.
France pushes digital sovereignty. Adobe rushes an Acrobat Reader patch. Booking.com confirms a targeted breach. SAP fixes a critical SQL injection bug. A sanctions-dodging fraud network resurfaces. ViperTunnel infiltrates U.S. and U.K. firms. GlassWorm spreads across developer tools. Researchers dissect Predator spywares kernel engine. A lawsuit challenges AI transcription in hospitals. Ted Shorter from Keyfactor unpacks quantum computing at scale. On our Threat Vector segment, David Moulton and Elad Koren pull back the curtain on agentic-first security. Preparing for post-quantum perils. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for...
W3LL runs dry.
The FBI disrupts a multi-million-dollar phishing ring. A North Korea-linked supply chain attack hits OpenAI. Developers face a Slack phishing campaign. A critical Python notebook flaw is exploited in hours. ShinyHunters target Rockstar Games. A Japanese shipping firm reports a breach. Tracking the cybersecurity winners and losers in Trumps 2027 budget, plus a claimed cyberattack on UAE infrastructure. Business breakdown. Our guest is Justin Kohler, Chief Product Officer at SpecterOps, discussing Identity Attack Path Management. Crackdowns at home push scam networks abroad. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up...
Mark Logan: March towards your goals. [CEO] [Career Notes]
Please enjoy this encore of Career Notes. Mark Logan, CEO of One Identity, sits down to share his story, explaining how he fit into different roles growing up in different companies. Mark has nearly two decades of C-Suite experience at an array of different organizations, finally landing on his current position as the CEO at One Identity. Sharing his different roles, he also gives a quote from Steve Jobs, saying "it's not what I say yes to, it's what I say no to." He believes that's a key area for his workers because when he is able to make up...
Walking through the anatomy of a cyberattack. [CyberWire-X]
What does a modern cyberattack really look like from the inside? In this CyberWire-X episode, Dave Bittner speaks with John Anthony Smith, Founder and Chief Security Officer of Fenix24. This conversation takes us step by step as an attacker breaks into a target environment probing for weaknesses, exploiting entry points, escalating privileges, and moving laterally until they reach their objective. While the attack unfolds, listeners are privy to a behind-the-scenes commentary that reveals the tradecraft: the scripts, misconfigurations, overlooked alerts, and the moments defenders could have stopped the intrusion and, most importantly, prepared for the day through a defense that...
A wolf in admin clothing. [Research Saturday]
Today we are joined by Selena Larson, Threat Researcher from Proofpoint research team and co-host of Only Malware in the Building, talking about their work on "(Don't) TrustConnect: It's a RAT in an RMM hat." Proofpoint uncovered TrustConnect, a malware-as-a-service platform posing as a legitimate remote monitoring and management (RMM) tool, but actually functioning as a remote access trojan (RAT) sold to cybercriminals for $300/month. The operation used a fake business website, legitimate-looking certificates, and branded installers (like fake Microsoft Teams or Zoom apps) to trick victims, while providing attackers with full remote control, file transfer, and surveillance capabilities. Although...
The AI arms race hits finance.
The Treasury Secretary and Fed Chair summon bankers over AI concerns. A hacker claims more than 10 petabytes stolen from Chinas National Supercomputing Center. Recalibrating the quantum timeline. Researchers demo prompt injection against Apple Intelligence. Payroll Pirates target Canadians. Gmail gets end-to-end encryption on mobile devices. A Chrome update fixes critical vulnerabilities. A Pennsylvania cop admits creating more than 3,000 AI-generated pornographic deepfakes. Our guest is Henry Comfort, Co-Founder and CEO of Geordie AI, winner of this years RSAC Innovation Sandbox. FCC floats firmer filters for fraudulent phone calls. Remember to leave us a 5-star rating and review in your...
Hackers ignore the ceasefire.
Iran-linked hackers signal cyberattacks will continue despite the cease-fire. Microsoft restores access after suspending open-source developer accounts. John Deere settles its right-to-repair fight. A suspected Adobe Reader zero-day surfaces. Palo Alto Networks and SonicWall patch high-severity flaws. New macOS malware targets crypto wallets. A threat cluster abuses live chat to bypass MFA. CISA orders urgent Ivanti patching. Researchers track a stealthy DDoS-for-hire botnet. Our guest is Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. macOS has a 49 day time limit. Remember to leave us a 5-star rating and review...
CyberAv3ngers unleashed.
Federal agencies warn Iranian-linked hackers are probing U.S. critical infrastructure, while the DOJ disrupts a Russian router hijacking campaign. Cyberattacks hit Minnesota government systems and force a Massachusetts hospital to divert ambulances. Anthropic limits access to its new AI bug-hunting model, hackers leak terabytes of LAPD data, and researchers warn of a rise in AI recommendation poisoning. Our guest is Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." Japan trades red tape for training data. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an...
Proposed cuts put CISA in focus.
CISA faces a $700 million budget cut. Russian and Iranian cyber cooperation raises concerns. New BPFDoor variants emerge. Cybercrime losses climb again. Researchers advance a GPU Rowhammer attack. Northern Ireland schools go offline after a breach. An alleged hacker-for-hire faces U.S. charges. And German police name the suspected REvil mastermind. Our guest is John Anthony Smith, Founder and Chief Security Officer at Fenix24, explaining why more technology hasn't made us more secure. A frustrated researcher drops the hammer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence...
Patching can't wait.
Fortinet releases an emergency update for a critical vulnerability. A major outage disrupts Russian banking apps. A new report highlights critical skills gaps. CyberCorp scholars struggle to secure jobs. Scammers use QR codes in fake traffic violation schemes. A proposed lawsuit accuses Perplexity of oversharing users AI transcripts. Cambodia outlaws scam centers. Scammers impersonate Harvard IT staff. With wrench attack threats of violence, life imitates art. Kevin Magee from Microsoft for Startups describes emerging trends. On Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the...
Anjali Hansen: Cross team collaboration works best. [Privacy Counsel] [Career Notes]
Please enjoy this encore of Career Notes. Anjali Hansen, a Senior Privacy Counselor from Noname Security shares her story as she climbed through the ranks to get to where she is today. When Anjali started,she wanted to do international law. She started working for the International Trade Commission after law school,where she was able to gain most of her experience and real world abilities. Working with online fraud and abuse, she shares, concerned her,because it felt like governments could not protect organizations from threats occurring, which is how she got interested in cybercrime. From there, she moved to Noname Security,andinworking...
This week, we are joined by Santiago Pontiroli, Threat Intelligence Research Lead from Acronis TRU team, discussing their work on "New year, new sector: Transparent Tribe targets Indias startup ecosystem." The Acronis Threat Research Unit uncovered a new campaign by Transparent Tribe showing the group has expanded beyond traditional government and defense targets to Indias startup ecosystem, especially cybersecurity and OSINT-focused firms. The attackers use startup-themed lures delivered via ISO files and malicious shortcuts to deploy Crimson RAT, a highly obfuscated tool capable of surveillance, data theft, and system control. Despite this shift, the campaign closely mirrors the groups long-standing...
War comes for the cloud.
Cloud data centers come under fire in wartime. A massive dark web intelligence database is exposed. Chinese hackers exploit a video conferencing zero-day. The intelligence community rolls out cyber modernization plans. React2Shell attacks spread at scale. Iowa sues UnitedHealth over the Change Healthcare breach. France moves to bar kids from social media. Researchers warn about hidden risks in power regulation. An insider extortion plot locks admins out of hundreds of servers. Our guest Brandon Karpf, friend of the show, with insights on the war in Iran. Espresso exploit exposes executive emails. Remember to leave us a 5-star rating and review...
The WhatsApp impostor.
A fake WhatsApp spreads spyware. The State Department pushes embassies to counter influence ops. Cisco patches critical bugs. CrystalRAT hits Telegram. A Texas hospital breach affects 250,000. HHS reshuffles IT oversight. China-linked spies target Europe. EvilTokens hijacks Microsoft accounts. Ransomware hits a North Dakota water plant. Sumedh Thakar, President and CEO of Qualys, discusses how cybersecurity is shifting toward managing real business risk. Tales of a tortoise's termination have been greatly exaggerated. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never...
A war of missiles and messages.
Irans cyber campaign continues. North Korea targets the axios NPM package. Cisco suffers a Trivy-related breach. Claudes code leak unveils broad capabilities. The DODs zero-trust efforts are slow-going. A proposed class action suit accuses Perplexity of oversharing. Google patches another Chrome zero-day. The FBI warns against using foreign-developed mobile apps. Christy Wyatt, CEO from Absolute Security, discussing why cyber risk is now a business continuity problem. A city circulates cameras to cultivate crime control. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and...
Water sector feels the pressure.
Iranian-linked hackers warn of possible irreparable attacks on U.S. water systems. CISA pushes urgent fixes for a critical Citrix flaw. The Dutch Finance Ministry takes systems offline after a breach. Space Force may scrap next-gen GPS control software. Attackers exploit a Fortinet server bug. Lloyds exposes customer transaction data. AI and regulation reshape cyber careers. The FTC settles with a dating app over data sharing. Sam Rubin, SVP, Palo Alto Networks Unit 42 Consulting and Threat Intelligence, discusses Iran's shift to identity weaponization. Wikipedia wrestles with a wayward writer. Remember to leave us a 5-star rating and review in your...
Bringing it all together. [CISOP]
Please enjoy this encore of CISO Perspectives.
In the season finale of CISOP, Kim Jones is joined by N2Ks own Ethan Cook to reflect on the conversations that shaped this season. Together, they revisit standout moments from Kims interviews, unpacking their significance and getting Ethans fresh perspective on the cybersecurity workforce challengeas someone viewing the industry from the outside.
Since the mid-season reflection, Kim has explored a wide range of workforce issues, including skills mapping, talent identification, and the evolving strategies needed to close cybersecuritys talent gap.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Inbox intrusion hits FBI chief.
Iran-linked hackers claim a breach of the FBI directors personal email. ShinyHunters hit the European Commission. F5 and Citrix warn of actively exploited flaws. A WordPress plugin exposes hundreds of thousands of sites. Infinity Stealer targets macOS users. A Russian APT adopts a new iOS exploit kit. Treasury weighs a cyber insurance backstop. DHS clears suspended CISA staff. Our guest is Brian Long, CEO and Co-Founder of Adaptive Security, discussing deepfake job hires and the new identity attack surface. Bureaucrats bless a black-box behemoth. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an...
David Nosibor: Taking calculated risks. [Product Lead] [Career Notes]
Please enjoy this encore of Career Notes. David Nosibor, Product Lead for SafeCyber at UL Solutions, started his career in a unique way by not letting himself be pigeonholed. Within his company, David was able to grow to the position he is in now and says that his position feels like a lot of roles tied into one. He says that on any given day he is tackling all sorts of elements, such as marketing, operations, working with the engineering team, figuring out ways to acquire customers, retain them, and also working on sales and business development capabilities. He also...
CyberWire Daily at 10: The breaches we still talk about. [Special Edition]
In this special edition of CyberWire Dailys 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss the biggest breaches over the past 10 years. The foundational 2014 Sony hack kicks off our conversation, then Maria and Dave highlight: the 2015 OPM breach, which exposed sensitive security-clearance data and was attributed to long-term access by China amid outdated government systems and security 2017s WannaCry and NotPetya's global disruption and Equifax's ongoing fallout the 2020 SolarWinds breach underscored supply-chain risks and raised concerns about potential personal criminal liability for CISOs. The conversation illustrates two main threat-actor categoriesnation-state espionage and financially...
When safe documents arent. [Research Saturday]
Omer Ninburg, CTO of Novee Security, joins us on this episode of Research Saturday to discuss their work on "From PDF to Pwn: Scalable 0day Discovery in PDF Engines and Services Using Multi-Agent LLMs." Historically, Portable Document Formats the immutable, localized PDF was once considered a safe component inside enterprise environments. That is no longer the case. To demonstrate how PDF services and engines can be exploited, the team at Novee used their proprietary, multi-agent LLM system to uncover vulnerability patterns, and systematically scale them into a broad discovery campaign across two PDF vendor ecosystems. The research uncovered 16 verified...
Langflow locked and loaded.
CISA warns of actively exploited Langflow vulnerability. CISA flags critical PTC Windchill vulnerability. Phishing activity surges amid war in Iran. Google moves up their post-quantum timeline. Alleged RedLine infostealer developer faces thirty years in a US prison. Bearlyfy hacktivists launch disruptive ransomware campaign in Russia. FCC moves to crack down on robocallers and foreign call centers. Anti-piracy group takes down AnimePlay streaming platform. N2Ks Maria Varmazis and Dave Bittner are previewing the biggest breaches in the past 10 years. And what happens when hackers call the game? Remember to leave us a 5-star rating and review in your favorite podcast...
Why is the vendor role so contentious in the cyber ecosystem? [CISOP]
As the emphasis on improving cybersecurity has continued to grow, so has the number of vendors offering a range of cybersecurity services. However, despite the value many of these vendors bring, the relationship between vendors and clients has become strained. In this episode, Kim explores this relationship, offering his thoughts on this relationship and what both sides can do to better to improve this dynamic. Want more CISO Perspectives? Check out a companionblog postby our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Its the perfect follow-up if...
Wrapping RSAC 2026 up with a bow.
RSAC wraps. CISA warns shutdown furloughs are weakening cyber defenses. China-linked actors burrow into global telecom infrastructure. Irans Pay2Key resurfaces. India probes suspected Pakistan-linked CCTV spying. Florida suspends a firm over offshore medical data exposure. Cisco patches fresh flaws. Russian police arrest the alleged LeakBase operator. Intern Kevin files his latest man-on-the street report. Google gets grabby with your homepage. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn....
Your private call isnt so private.
The UKs cyber security chief urges a full court press against threats. RSAC highlights. The U.S. State Department has launched a Bureau of Emerging Threats. The TeamPCP cybercriminal group targets an open source library. TP-Link patches multiple router vulnerabilities. A critical vulnerability hits Windchill and FlexPLM platforms. A phishing campaign impersonates Palo Alto Networks recruiters. Malicious Chrome extensions are harvesting users conversations with AI tools. Intern Kevin files his latest report from the RSAC show floor. Your private zoom call may already have a podcast deal. Remember to leave us a 5-star rating and review in your favorite podcast app....
Reports from RSAC and beyond.
RSAC spotlights public-private partnership gaps. DarkSword leaks to GitHub. The FCC blocks new foreign-made routers. Citrix patches a critical NetScaler flaw. DOE rolls out an energy-sector cyber strategy. CanisterWorm spreads through npm. Researchers flag suspected KACE SMA exploitation. QualDerm reports a 3.1-million-record breach. A Russian access broker gets 81 months. Intern Kevin checks in from RSAC. Maria Varmazis speaks with Jake Braun, longtime DEF CON organizer and former White House official about the DEF CON 33 Hackers' Almanack. Slow down, you vibe too fast. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an...
But what do you really want? [CISOP]
Despite being adopted and prioritized by many organizations, cybersecurity still faces a significant challenge where leaders still cannot articulate their needs, and find and develop talent. Rather, organizations oftentimes follow the same strategy many others are utilizing, which involves poaching talent with enticing salaries. In this episode of CISO Perspectives, host Kim Jones sits down with Ed Vasko, the CEO at High Wire Networks, to discuss this approach and the impacts it is having on the cyber talent ecosystem. Throughout the conversation, Ed and Kim discuss their experience when assessing talent and some of the mistakes made by the industry,...
Policy drops and phishing pops.
The White House rolls out its AI legislative framework. The FBI warns Iranian actors are using Telegram for command and control, while Russian operators phish Signal users. Authorities dismantle a massive fake CSAM network, Tycoon 2FA rebounds after disruption, VoidStealer debuts a stealthy Chrome key-theft trick, QNAP patches Pwn2Own flaws, and CISA orders urgent fixes for a critical Cisco firewall bug. Plus, our Monday business breakdown. Brandon Karpf and Maria Varmazis ponder the practicality of orbital data centers. One radio to rule the range. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an...
CyberWire Daily at 10: From an idea to the airwaves. [Special Edition]
In this special edition of CyberWire Dailys 10th anniversary series, Maria Varmazis hosts a thoughtful and engaging conversation with N2K CyberWire CEO Peter Kilpe and CyberWire Daily host Dave Bittner, exploring the origin story of the podcast that started it all. From early ambitions to behind-the-scenes turning points, they trace how the show found its voice and evolved from a startup experiment into a trusted cornerstone of the cybersecurity community. Along the way, they share candid anecdotes, hard-earned lessons, and reflections on how both the industry and CyberWire Daily have transformed over the past decade. Learn more about your ad...
Roya Gordon: Becoming a trailblazer. [Research] [Career Notes]
Please enjoy this encore of Career Notes. Roya Gordon, a Security Research Evangelist at ICS cybersecurity firm Nozomi Networks, started her career as an intelligence specialist in the U.S. Navy. After her time serving, Roya spent time as a Control Systems Cybersecurity Analyst at the Idaho National Laboratory and then took the role of Cyber Threat Intelligence Manager at Accenture. She shares her story after the NSA accepted her and then quickly diverted, creating a new path for Roya to follow. She shares the jobs she went after along the way, leading up to Nozomi Networks and how she wishes...
A subtle flaw, a massive blast radius. [Research Saturday]
Yuval Avrahami from Wiz joins to share their work on "CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild." Wiz Research uncovered CodeBreach, a critical supply chain vulnerability caused by a subtle misconfiguration in AWS CodeBuild pipelines that allowed attackers to take over key GitHub repositories, including the widely used AWS JavaScript SDK that powers the AWS Console. By exploiting an unanchored regex filter, unauthenticated attackers could trigger privileged builds, steal credentials, and potentially inject malicious code into software used across a majority of cloud environments. AWS has since remediated the issue and introduced stronger...
Millions of devices still up for grabs.
Feds take down major IoT botnets. The FBI seizes hacktivist infrastructure. A data breach hits Kaplan, while a hacker claims access to millions of law enforcement tips. Fake Zoom calls deliver malware. A crypto security tool turns out to be spyware. A critical AI framework flaw gets exploited in hours. An insider extortion case ends in conviction. And a streaming scam pulls in over $10 million. A look back at ten years of Cyberwire podcasts. Intern Kevin gets ready for RSAC. A cyberattack leaves breathalyzers offline. Remember to leave us a 5-star rating and review in your favorite podcast app....
Strategic approaches to talent: A practical guide. [CISOP]
Even as cybersecurity has grown and become universially accepted, the field has continued to struggle when attempting to assess and aquire talent. Oftentimes, there is a disconnect between what organizations need and what they interview for leading vague job postings and ineffective hirings. In this episode of CISO Perspectives, host Kim Jones sits down with Jeff Welgan, the Chief Strategist and CEO at SkillRex, to discuss how we assess talent. Throughout the conversation, Jeff and Kim will discuss the problems associated with traditional workforce management and how modernizing this approach can provide a strategic advantage. Want more CISO Perspectives? Check...
iPhone exploits go mainstream.
DarkSword targets iPhones for indiscriminate exploitation. Cybercrime and the Iran war. The FBI confirms purchasing commercially available location data. The DHS secretary nominee gets grilled on CISA funding. A Zimbra Collaboration Suite vulnerability is being used in targeted espionage. A new Android malware targets sensitive data stored in user notes. AWS warns of ongoing Interlock ransomware activity. Tracking pixels grab more than they should. Perry Carpenter and Mason Amadeus from The FAIK Files podcast speak with Hany Farid about the real-world harms of synthetic media. Do Boomers balance breaches better? Remember to leave us a 5-star rating and review in...
Persistent threats in a shifting battlefield.
Irans cyber ops stay resilient. U.S. lawmakers press Big Tech on EU rules. Researchers expose a Fancy Bear server. Japan moves toward offensive cyber. CISA calls for cross-agency teamwork. New malware targets network infrastructure. AI fooled by font-based attacks. Schneider Electric warns of critical flaws. Quantum cryptography earns top honors. Guest Bradon Rogers, Chief Customer Officer at Island, discusses making AI browsers safe for enterprises. Smart glasses on the witness stand. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss...
Europe clamps down on global hackers.
The EU imposes sanctions after cyberattacks. DHS boosts surveillance spending. AI firms recruit weapons-risk experts. Stryker disruption, no patient impact. LeakNet leans on ClickFix. Sears chatbot data spills. A Chinese security firm leaks a private key. Tech giants team up on scams. Teens sue xAI over alleged AI-generated abuse. On todays Threat Vector segment, David Moulton and guest Erica L. Shoemate, founder of The EN Strategy Group, explore how AI is fundamentally reshaping the security landscape. Cyber crooks cause a complimentary curbside convenience. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode?...
Mid season reflection with Kim Jones. [CISOP]
In this mid-season episode, Kim takes a step back to reflect on the journey so farrevisiting key conversations, standout moments, and recurring themes that have shaped the season. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, uncovering deeper patterns and takeaways. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've beenand what's still to come.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Watch out for cybercrime frequent flyers.
Drone strikes hit a key chip supply chain. China-linked hackers target Southeast Asian militaries. Attackers race ahead with AI. ShinyHunters claim a massive Telus breach. Microsoft issues a hotpatch. Malware turns up on Steam. Fileless attacks grow. Airline miles become cybercrime currency. Monday business breakdown. Tim Starks from CyberScoop unpacks the Stryker attack and the nebulous nature of Iranian cyber activity. AI playmates puzzle preschoolers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure to...
Christian Lees: It's not always textbook. [CTO] [Career Notes]
Please enjoy this encore of Career Notes. Christian Lees, CTO at Resecurity, shares his story and insight on coming into the cybersecurity world. He considers himself a late bloomer because he did not go to college until he was 23. He wasnt sure of what he wanted to do, and a family friend gave him a computer and the rest was history, he says. He fell in love with computers and started working at different companies trying to get ahead. He says it's not always textbook, and sometimes you just need to cut your teeth on something to get where...
Your AI sidekick might be a spy. [Research Saturday]
This week, we are joined by Or Eshed, Co-Founder and CEO from LayerX Security, discussing their work on "How We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts." Researchers uncovered a coordinated campaign of 16 malicious browser extensions posing as ChatGPT productivity tools while secretly stealing user accounts. The extensions intercept ChatGPT session authentication tokens and send them to attacker-controlled servers, allowing threat actors to impersonate users and access their conversations, files, and connected services like Google Drive or Slack. The findings highlight how AI-focused browser extensions are creating a new attack surface, emphasizing the need...
Socks pulled, patches pushed.
Europol dismantles the SocksEscort proxy service. Cyber operations highlight imbalance in the war in Iran. Google rushes Chrome zero-day patches. Veeam fixes critical backup flaws. A former incident responder faces ransomware charges. Thomson Reuters staff push back on an ICE contract. Attackers abuse backup tools for data theft. CISA flags a critical n8n vulnerability. Maria Varmazis is joined by Jack R. Bialik, engineer and author, to discuss the hidden risks of a fully-digital society, and talk about his book "In Lost in Time: Our Forgotten and Vanishing Knowledge." A Phony photo fuels a phantom flight fiasco. Remember to leave us...
Is the role of the CISO adding to the confusion? [CISOP]
Show Notes: As cybersecurity has matured, the field has become more formalized within businesses with CISOs leading the way. However, despite the value of the CISO and its widespread adoption, the role has continued to lose agency with other board members. In this episode of CISO Perspectives, host Kim Jones sits down with Patty Ryan, the CISO at QuidelOrtho, to assess the value of the role. Throughout the conversation, Patty and Kim will discuss the challenges facing CISOs, why the role has lost its agency, and what can be done to reverse the current trajectory. Want more CISO Perspectives?: Check...
Oops, those were the FBI files.
Iran threatens tech firms as hackers strike Stryker. The EU advances efforts toward digital sovereignty. A foreign hacker stumbles upon the FBIs Epstein files. DOGE used ChatGPT to cull humanities grants. Meta claims increased efforts against scams. A Wisconsin ambulance provider discloses a data breach. CISA shortens the patch deadline for a critical SolarWinds vulnerability. We preview this years RSAC 2026 Innovation Sandbox with Cecilia Marinier and Paul Kocher. Dangerous digital diets miss the mark. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing,...
AI as Tradecraft: How Threat Actors Are Operationalizing AI [Microsoft Threat Intelligence Podcast]
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippois joined by Greg Schlomer and VladHonyanyyto discuss new research on Jasper Sleet, a North Koreanaligned threat actor incorporating AI into active operations. The conversation examines how AI is being integrated across the attack lifecycle from highly tailored phishing lures and fabricated job applicant personas to accelerating malware development and refining operational workflows. Rather than treating AI as a novelty, Jasper Sleet is using it to increase speed, scale, and adaptability while reducing many of the friction points that once slowed campaigns. They also explore what this shift means...
AI as Tradecraft: How Threat Actors Are Operationalizing AI [Microsoft Threat Intelligence Podcast]
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippois joined by Greg Schlomer and VladH.to discuss new research on Jasper Sleet, a North Koreanaligned threat actor incorporating AI into active operations. The conversation examines how AI is being integrated across the attack lifecycle from highly tailored phishing lures and fabricated job applicant personas to accelerating malware development and refining operational workflows. Rather than treating AI as a novelty, Jasper Sleet is using it to increase speed, scale, and adaptability while reducing many of the friction points that once slowed campaigns. They also explore what this shift means...
New command amid mounting cyber risks.
Rudd takes the helm at NSA and Cyber Command. A watchdog probes alleged Social Security data mishandling. Patch Tuesday lands. Governments brace for cyber fallout from Iran. BeatBanker spreads via a fake Starlink app. InstallFix targets developers. ZombieZIP hides malware in archives. And DHS reassigns CBP officials in a FOIA secrecy dispute. Ben Yelin unpacks Anthropics lawsuit against the Pentagon. AI eyewear leads to awkward exposures. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure...
Signals, scams, and a Salesforce snatch.
Russian hackers target Signal and WhatsApp. Permit scammers impersonate local officials. Anthropic sues over a Pentagon blacklist. The White House moves to restore fraud victims. ShinyHunters target Salesforce data. Ericsson reports a breach. macOS users face ClickFix malware. AWS credentials are phished. And CISA warns of an exploited Ivanti flaw. Our guest is Brian Baskin, Threat Researcher at Sublime Security, discussing tax season employee impersonation scams. Who fact-checks the fact-checkers? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a...
What role does higher education play in cyber? [CISOP]
Show Notes: Cybersecurity has continued to grow and mature as a field over the past decade which has given rise to numerous degree pathways across dozens of collegiate institutions; however, the value of these degrees has continued to be a topic of debate. In this episode of CISO Perspectives, host Kim Jones sits down with Dr. Lara Ferry, the Vice President of Research at Arizona State University, to explore higher education's role in cyber. Throughout the conversation, Lara and Kim will discuss the challenges facing degree programs, the disconnects between organizations and institutions, and how the gap can be better...
From Tehran to the Apple II.
Israel claims a strike on Irans cyber warfare headquarters. The Trump administration releases a new national cyber strategy. DHS shakes up its IT and cybersecurity leadership. Velvet Tempest uses ClickFix to drop loaders and RATs. Researchers uncover a Linux cryptocurrency clipboard hijacker. The DOJ brings a Ghanaian romance scammer to justice. Online advertising enables government tracking. Monday business breakdown. Our guest is Jon France, CISO from ISC2, sharing some insights and findings from their 2025 ISC2 Cybersecurity Workforce Study. An Apple II app gets audited by AI. Remember to leave us a 5-star rating and review in your favorite podcast...
Cyber without borders: Reporters notebook. [Special Edition]
In this special Reporters Notebook, Maria Varmazis, host here at N2K CyberWire, takes listeners behind the scenes of our three-part series on Cyber Coalition 2025 in Tallinn, Estonia. After exploring real-time incident response, cross-border coordination, and the broader stakes of collective cyber defense, this episode offers a more personal, behind-the-scenes look at how the reporting came together. Hosted by the NATO Cooperative Cyber Defense Centre of Excellence, the exercise brought together allied military, government, and industry teams inside NATOs secure cyber range. Here, Maria reflects on moments that didnt make the final cut the atmosphere inside the facilities, the pace...
Anna Belak: Acquiring skills to make you into a unicorn. [Thought Leadership] [Career Notes]
Please enjoy this encore of Career Notes. Anna Belak, Director of Thought Leadership at Sysdig, shares her story from physics to cyber. Anna explains how she went into college with the thinking of getting a physics degree and then for her PhD decided to switch to material science and engineering. Both were not something she enjoyed and ultimately decided to go into cyber. She shares some advice on how you should never limit yourself to your degree, as well as always learning new skills and honing in on skills you already have. She say's by doing these things it will...
The scareware rabbit hole. [Research Saturday]
This week we are joined by Marcelle Lee, cybersecurity consultant and researcher, discussing "CTI tradecraft: Investigating a mobile scareware campaign." She details how a routine click on a Google News story led to a mobile scareware pop-upand a deeper investigation into a broader campaign. Using free tools like Censys, URLScan, VirusTotal, and CyberChef, she pivoted from two domains to uncover more than 100 related domains, shared infrastructure, and links to questionable antivirus apps in the Google Play Store. The findings are mapped to the MITRE ATT&CK framework, showing how freely available resources can power meaningful, actionable threat intelligence. The research...
Iran is muddying the waters.
Irans MuddyWater breaches multiple U.S. organizations. The FBI probes a breach of wiretap management systems. A China-linked threat actor targets South American telecoms. Cisco patches critical firewall flaws. CISA flags actively exploited bugs in Hikvision cameras and Rockwell industrial systems. A House committee advances the controversial KIDS online safety bill. The FBI arrests a suspect accused of stealing millions in seized crypto from the U.S. Marshals Service. Ben Yelin and Ethan Cook unpack the dispute between Anthropic and the Pentagon. Wikimedia worm wreaks widespread wiki woes. Remember to leave us a 5-star rating and review in your favorite podcast app....
Do certifications matter? [CISOP]
Show Notes: As the cybersecurity industry has grown, the field has struggled to answer the question: do certifications matter? In this episode of CISO Perspectives, host Kim Jones sits down with N2K's own, Simone Petrella, to answer this question and discuss why the value of certifications continue to be debated. Throughout the conversation, Simone and Kim will discuss the challenges associated with certifications, and how the industry can adjust the ways it sees and utilizes them. Got cybersecurity, IT, or project management certification goals? For the past 25 years, N2K's practice tests have helped more than half a million professionals...
Unit 42's Iran Threat Brief: What We're Seeing [Threat Vector]
Unit 42 is tracking more than 60 active hacktivist groups and Iran-linked threat actors right now. What are they actually doing, what should you believe, and what should you do about it? In this episode of Threat Vector, David Moulton sits down with Justin Moore, Senior Manager of Threat Intelligence Research at Unit 42, and Andy Piazza, Senior Director of Threat Intelligence at Unit 42, to walk through the Unit 42 Iran Threat Brief and what the observed activity means for defenders. You'll learn: - What Unit 42 is actually observing from groups like Handala Hack, FAD Team, and Dark...
The internet joins the war.
Hacktivist activity surges in the Middle East. Defense tech firms distance themselves from Claude. International law enforcement take down the Leakbase cybercrime forum. A pair of Cisco SD-WAN vulnerabilities are under active exploitation. Google releases an urgent Chrome security update. Age-verification is put under the microscope. TikTok is leaving end-to-end encryption out of your DMs. Our guest is Daniel Barbu, Director of EMEA Security from Adobe, discussing fostering a humancentered, enablementdriven, and collaborative approach to AI. Clever code catches cardiac clues. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for...
When zero-days escape the lab.
A suspected U.S. exploit kit shows up in global iOS attacks. Facebook goes down briefly worldwide. A critical help-desk flaw enables remote code execution. Juniper PTX routers face a major bug. LastPass warns of phishing. Telegram becomes a cybercrime marketplace. Healthcare groups fight relaxed IT rules. A stolen Gemini API key runs up massive bills. CISAs CIO departs. Our guest is Brian Long, CEO and Co-Founder of Adaptive Security, discussing how AI is reshaping social engineering. The problem of posthumous profiles. CyberWire Guest Today on our Industry Voices segment we are joined by Brian Long, CEO and Co-Founder of Adaptive...
When the map lies at sea.
GPS jamming hits the Strait of Hormuz. An Iran linked threat actor uses AI to target Iraqi government officials. Hacktivists leak thousands of DHS contract records. A Hawaii cancer center suffers a data breach. Google patches over a hundred Android vulnerabilities. A new report tallies the scale of third party breaches. An MS-Agent AI framework flaw allows full system compromise. On today's Threat Vector segment, Evan Gordenker, Director of AI Security and DPRK Operations at Unit 42, joins David Moulton to unpack North Koreas hiring scams. Tire tech turns tattletale. Remember to leave us a 5-star rating and review in...
Does diversity matter in cyber? [CISOP]
Show Notes: As cybersecurity matures, one area still lags: diversity. In this thought-provoking episode ofCISO Perspectives, host Kim Jones takes the mic solo to address a topic that remains both critical and controversial. Kim explores the current state of diversity in the cybersecurity field, why progress has been slow, and how inclusive teams drive greater innovation and resilience. Tune in for an honest conversation that challenges the status quo and pushes the industry forward. Want more CISO Perspectives?: Check out a companion blog post by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and...
The parallel war online.
Cyberwar shadows the US Israel attack on Iran. Hackers hijack Pakistani news broadcasts. President Trump orders all federal agencies to stop using AI technology from Anthropic. The Health Care Cybersecurity and Resiliency Act clears a hurdle. A new RAT streamlines double extortion attacks against Windows systems. CISA updates warnings on a zero-day targeting Ivanti Connect Secure devices. A North Korea-linked group targets air-gapped systems. Monday business breakdown. On our Afternoon Cyber Tea segment from Microsoft Security, host Ann Johnson speaks with Rob Surez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield, about cybersecurity in healthcare. Tim Starks...
Cyber Without Borders: Standing guard 210 kilometers from risk. [Special Edition]
In the final installment of our three-part series on Cyber Coalition 2025, Maria Varmazis, host here at N2K CyberWire, and Liz Stokes, CyberWire Producer, step back from the cyber range to reflect on what their time in Tallinn really meant. This episode moves beyond the mechanics of the exercise and into the broader stakes of collective cyber defense in an increasingly uncertain geopolitical moment. Recorded two months after their visit, the conversation blends field tape and personal reflections from standing outside the Russian Embassy in Old Town to recalling the weight inside NATOs secure facilities. Estonias history, including the 2007...
Larry Cashdollar: Always learning new technology. [Intelligence response engineer]
Please enjoy this encore of Career Notes. Larry Cashdollar, Principal Security Intelligence Response Engineer at Akamai Technologies, sits down with Dave Bittner to discuss his life leading up to working at Akamai. He shares his story from his beginnings to now, describing what college life was like as a young computer enthusiast. He says "If you look at my 1986 yearbook, I think it was my sixth grade class, it says computer scientist for my career path. So I had a love of computers when I was really young. I guess I knew what field I wanted to get into...
The parking lot of digital danger. [Research Saturday]
This week we are joined by Dr. Rene Burton, Vice President of Infoblox Threat Intel, discussing "Parked Domains and Direct Search: An Underreported Security Risk." Parked domains are no longer harmless ad pages new research finds that in todays direct search or zero-click parking ecosystem, more than 90% of visits to certain parked lookalike domains lead to scams, malware, or deceptive content, often hidden behind layers of traffic distribution systems and device fingerprinting. The report details three previously unpublished domain portfolio actors who weaponize typosquatting, DNS manipulation including rare double fast flux techniques highlighted in a 2025 advisory from Cybersecurity...
Leadership shakeup at CISA.
CISAs acting director exits. Trumps pick to lead the NSA hits Senate headwinds. The Pentagon pressures Anthropic over AI guardrails. A new WiFi attack sidesteps encryption. CISA flags flaws in EV chargers. Juniper patches a critical router bug. ManoMano discloses a massive breach. Europol cracks down on The Com. Greece delivers verdicts in Predatorgate. An alleged carding kingpin lands in U.S. custody. Jeff Williams, Founder of OWASP and Co-Founder/CTO of Contrast Security, shares how NIST is rethinking its role in analyzing software vulnerabilities as EU launches GCVE. Metas mischievous monocles meet their match. Remember to leave us a 5-star rating...
Rogue peers and hidden exploits.
Five Eyes flags active exploitation of Cisco SD-WAN flaws. Ransomware incidents surge, but fewer victims are paying. The FTC eases its stance on COPPA to encourage age verification. Authorities in Poland and Germany charge 11 in a Facebook credential harvesting scheme. Top UK news outlets unite on AI licensing standards, as the UK touts gains in cyber resilience. Researchers say a hacker abused Anthropics Claude to breach Mexican government networks. Gamers revolt over AI in game development. On our Industry Voices, we are joined by Linda Gray Martin, Chief of Staff and SVP, and Britta Glade, SVP of Content and...
A new front in the data sovereignty debate.
Trump tells diplomats to fight digital sovereignty. DeepSeek allegedly trains on banned Nvidia chips. Google knocks out Gallium. Hackers tamper with patient records in New Zealand. Popular mental health apps leak risk. Wynn confirms a ShinyHunters breach. Telecoms dodge New York cyber rules. Russia targets Telegrams founder. And a defense insider heads to prison for selling cyber weapons to Moscow. Andrew Dunbar, CISO of Shopify, discusses how identity and trust become the new perimeter and how commerce needs both. Barking backlash brews beneath big-game broadcast. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss...
Multiple root-level risks resolved.
SolarWinds patches four critical remote code execution vulnerabilities. A ransomware attack on Conduant puts the data of over 25 million Americans at risk. RoguePilot enables Github repository takeovers. ZeroDayRat targets Android and iOS devices. North Koreas Lazarus group deploy Medusa ransomware against organizations in the U.S. and the Middle East. Attackers breakout times drop to under half an hour. CISA maintains its mission despite staffing challenges. Russian satellites draw fresh scrutiny. Two South Korean teenagers are charged with breaching Seouls public bike service. Krishna Sai, CTO at SolarWinds, discusses why leaders should focus less on speculating about an AI bubble,...
The basics broke telecom.
A senior FBI cyber official warns Salt Typhoon remains an ongoing threat. Data protection authorities issue a joint statement raising serious concerns about AI image creation. A Japanese semiconductor equipment maker confirms a ransomware attack. New number formats seek to reduce AI overhead. A low-skilled Russian-speaking threat actor compromised more than 600 Fortinet FortiGate firewalls. Spanish authorities have arrested four alleged members of Anonymous. CISA tags a pair of Roundcube Webmail flaws. Cybersecurity stocks fell sharply on news of a new security feature in Claude AI. Monday business breakdown. Brandon Karpf, friend of the show discussing sovereignty in space and...
Cyber without borders: The human side of cyber defense. [Special Edition]
In this second installment of our three-part series on Cyber Coalition 2025, Maria Varmazis, host of T-Minus Space Daily and CyberWire Producer Liz Stokes, take listeners inside a single day at NATOs cyber headquarters in Tallinn, Estonia focusing on the human side of cyber defense. Hosted by the NATO Cooperative Cyber Defence Centre of Excellence and led by NATO Allied Command Transformation, Cyber Coalition is a defensive-only exercise built around collaboration, coordination, and information sharing across allied nations. This episode highlights how that plays out in practice, from legal teams working through cross-border policy questions to military defenders coordinating with...
Mary Writz: Take a negative and make it into a positive. [VP Product Strategy] [Career Notes]
Please enjoy this encore of Career Notes. Mary Writz, Vice President of Product Strategy at ForgeRock, shares how each career path she has taken has led her to where she is now. Mary describes how she has been a woman working in a male dominated field for most of her career and how she had to take charge, and she had to get the men to take charge with her. She says "I was often leading people, mostly men older than me, potentially smarter than me, more well paid than me. So I had to learn how to think about...
Telegram for the throne. [Research Saturday]
Today we have Tomer Bar, VP of Security Research at SafeBreach Labs, discussing their work on "Prince of Persia: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope". In this first installment of SafeBreachs deep dive into the Iranian-linked APT known as Prince of Persia, originally exposed by Palo Alto Networks Unit 42, researchers reveal that the group never truly went dark after 2022but instead evolved. Led by Tomer, the investigation uncovers new variants of Foudre and Tonnerre malware, expanded campaign scale, active C2 infrastructure through late 2025, and a shift toward Telegram-based command-and-control. The research provides rare,...
Facing a slow-burn confrontation.
Dutch authorities warn Russia is escalating hybrid operations across Europe. Ransomware shuts down the University of Mississippi Medical Center. PayPal notifies customers of a data breach. The FBI says ATM jackpotting is on the rise. An FBI confidential informant had a hand in online fentanyl sales. TrustConnect malware masquerades as a legitimate remote monitoring and management tool. Researchers uncover the first Android malware to integrate generative AI. A critical zero-day hits Grandstream VOIP phones. The IRS slashes IT staff and technology executives. Our guest is James Turgal, a 22-year FBI vet and VP of global cyber risk and board relations...
MFA meets its match.
Starkiller represents a significant escalation in phishing infrastructure. A blockchain lender breach affects nearly a million users. The Kimwolf botnet disrupts a peer-to-peer privacy network. Researchers identifiy vulnerabilities in widely used Visual Studio Code extensions. DEF CON bans three men named in the Epstein files. Texas sues TP-Link over supply chain security. Experts question the impact of cyber versus kinetic damage in Venezuela. African law enforcement arrest hundreds of suspected scammers. Tim Starks from CyberScoop explains CISAs upcoming town hall meetings over ICS reporting rules. Warsaw walls off Wi-Fi-wired wheels. Remember to leave us a 5-star rating and review in...
Rooted and patient.
A China-linked group exploits a critical Dell zero-day for 18 months. A Microsoft 365 Copilot bug risks sensitive email oversharing. A new Linux botnet leans on old-school IRC for command and control. Switzerland tightens critical infrastructure rules with mandatory cyber reporting. AstarionRAT emerges as a custom post-exploitation implant. Researchers find serious flaws in popular PDF platforms. A suspected Iranian-aligned campaign targets protest supporters. Notepad++ rolls out a double-lock update fix. And a Spanish court orders NordVPN and ProtonVPN to block illegal football streams. Our guest is Keith Mularski, Former FBI Special Agent and Chief Global Ambassador at Qintel, reflecting on...
The lights stay on, but dimmer.
The government shutdown leaves CISA at reduced capacity. Ransomware and misconfigured AI threaten cyber-physical infrastructure. Operation DoppelBrand targets Fortune 500 financial and technology firms. Researchers uncover infostealers targeting OpenClaw AI. Identity-based attacks accounted for nearly two-thirds of initial intrusions last year. Researchers compromise popular cloud-based password managers. Authorities have arrested a man suspected of links to Phobos ransomware. Monday business breakdown. On Threat Vector, host David Moulton talks with Steve Elovitz about the 750 major breaches his team analyzed in a single year. Digital detour delivers a Dutchman to detention. Remember to leave us a 5-star rating and review in...
Cyber without borders: How Estonia turned crisis into cyber power. [Special Edition]
In this three-part series, Maria Varmazis, host of T-Minus Space Daily and CyberWire Producer Liz Stokes, take you inside NATOs flagship cyber defense exercise, Cyber Coalition 2025. Hosted by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia, the exercise brings together military, government, and industry teams from across the alliance to respond to realistic, high-pressure cyberattack scenarios targeting critical infrastructure and operational networks. Throughout the series, Maria and Liz will guide you through what they witnessed on the ground from real-time threat detection and incident response to the strategic collaboration shaping NATOs cyber resilience in an increasingly...
Mike Arrowsmith: Facing adversity in the workplace. [CTrO] [Career Notes]
Please enjoy this encore of Career Notes. Mike Arrowsmith, Chief Trust Officer at NinjaOne, leads the organizations IT, security, and support infrastructure to ensure they meet customers security and data privacy demands as it scales. Mike discusses how his career path has led him to the position he currently holds and how exciting the world of cybersecurity can be. He mentioned how he mentored students in college thinking of going into the field,and he used a metaphor to help describe the industry, saying "We are working against adversaries that are always typically one step ahead. Figuratively, if you could imagine,...
Stealer in the status bar. [Research Saturday]
Today we have Ziv Mador, VP of Security Research from LevelBlue SpiderLabs discussing their work on "SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp." Researchers at LevelBlue SpiderLabs have identified a new Brazilian banking Trojan dubbed Eternidade Stealer, spread through WhatsApp hijacking and social engineering campaigns that use a Python-based worm to steal contacts and distribute malicious MSI installers. The Delphi-compiled malware targets Brazilian victims, profiles infected systems, dynamically retrieves its command-and-control server via IMAP email, and deploys banking overlays to harvest credentials from financial institutions and cryptocurrency platforms. The campaign reflects the continued evolution of Brazils cybercrime ecosystem, combining...
Total defense meets total threat.
Global leaders call for collaboration at the Munich Cyber Security Conference. Phishing campaigns exploit fake video conference invitations. Italian authorities say cyber attacks on the Winter Olympics have met overall mitigation. AI reshapes the economics of ransomware attacks. CISA tags a critical Microsoft Configuration Manager vulnerability. Foxveil is a new malware loader targeting legitimate platforms. Researchers examine macOS infostealers. California fines Disney $2.75 million for violating the Consumer Privacy Act. Maria Varmazis, host of T-Minus space daily and CyberWire Producer Liz Stokes preview their coverage of the NATO Cyber Coalition 2025 Cyber Exercise in Tallinn, Estonia. When pull requests get...
AI or I-Spy?
Malicious Chrome extensions pose as AI tools. Google says nation-states are increasingly abusing its Gemini artificial intelligence tool. Data extortion group World Leaks deploys a new malware tool called RustyRocket. An Atlanta healthcare provider data breach affects over 625,000. Apple patches an iOS zero-day thats been around since version 1.0. A government shutdown would furlough more than half of CISAs staff. Dutch police arrest the alleged seller of the JokerOTP phishing automation service. Our guest is Simon Horswell, Senior Fraud Specialist at Entrust, discussing evolving romance scams for Valentine's Day. Fun with filters provides fuel for phishers. Remember to leave...
When Windows breaks and chips crack.
Patch Tuesday. Preliminary findings from the European Commission come down on TikTok. Switzerlands military cancels its contract with Palantir. Social engineering leads to payroll fraud. Google hands over extensive personal data on a British student activist. Researchers unearth a global espionage operation called The Shadow Campaigns. Notepads newest features could lead to remote code execution. Our guest is Hazel Cerra, Resident Agent in Charge of the Atlantic City Office for the United States Secret Service. Ring says its all about dogs, but critics hear the whistle. Remember to leave us a 5-star rating and review in your favorite podcast app....
A spyware swiss army knife.
ZeroDayRAT delivers full mobile compromise on Android and iOS. The UK warns infrastructure operators to act now as severe cyber threats mount. Russia moves to block Telegram. The FTC draws a line on data sales to foreign adversaries. Researchers unpack DeadVax, a stealthy new malware campaign, while an old-school Linux botnet resurfaces. BeyondTrust fixes a critical flaw. And in AI, are we moving too fast? One mild training prompt may be enough to knock down safety guardrails. Our guest is Omer Akgul, Researcher at RSA Conference, discussing his work on "The Case for LLM Consistency Metrics in Cybersecurity (and Beyond)."...
Bringing it all together. [CISO Persepctives]
Please enjoy this encore of CISO Perspectives. In the season finale of CISOP, Kim Jones is joined by N2Ks own Ethan Cook to reflect on the conversations that shaped this season. Together, they revisit standout moments from Kims interviews, unpacking their significance and getting Ethans fresh perspective on the cybersecurity workforce challengeas someone viewing the industry from the outside. Since the mid-season reflection, Kim has explored a wide range of workforce issues, including skills mapping, talent identification, and the evolving strategies needed to close cybersecuritys talent gap. Survey: We want to hear your perspectives on this season, fill out our...
Your phone works for them now.
Ivanti zero-days trigger emergency warnings around the globe. Singapore blames a China-linked spy crew for hitting all four major telcos. DHS opens a privacy probe into ICE surveillance. Researchers flag a zero-click RCE lurking in LLM workflows. Ransomware knocks local government payment systems offline in Florida and Texas. Chrome extensions get nosy with your URLs. BeyondTrust scrambles to patch a critical RCE. A Polish data breach suspect is caught eight years later. Its the Monday Business Breakdown. Ben Yelin gives us the 101 on subpoenas. And federal prosecutors say two Connecticut men bet big on fraud, and lost. Remember to...
Simone Petrella: Fake it, until you make it. [CEO] [Career Notes]
Simone Petrella, CEO of cybersecurity training workforce firm CyberVista, spent her career in the Department of Defense as a threat intelligence analyst before founding CyberVista. She says that running a company has a new set of challenges each day thrown at you. She explains that the way she finds the most success is by letting her team contribute to each matter, and having a say in the decisions made as they pertain to each department. Simone says "I would say is I am a firm firm believer in the idea of empowering people to really own and kind of run...
The phishing kit that thinks like a human. [Research Saturday]
Piotr Wojtyla, Head of Threat Intel and Platform at Abnormal AI, is discussing their work on "InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime." A new AI-powered phishing kit called InboxPrime AI is rapidly gaining traction in underground forums, automating the creation and delivery of highly believable phishing emails that mimic legitimate business communications and leverage Gmails web interface to evade detection. First spotted in October 2025, the kit combines AI-generated content, template variation, sender identity spoofing, and built-in spam checks to maximize inbox placement and dramatically lower the barrier to running large-scale phishing campaigns. Its shift to a...
Patch or pull the plug.
CISA cracks down on aging edge devices. Congress looks to sure up energy sector security. DHS facial recognition software may fall short. Romanias national oil pipeline operator suffers a cyberattack. The European Commission may fine TikTok for being addictive. DKnife is a China-linked threat actor operating a long-running adversary-in-the-middle framework. Researchers say OpenClaw is being abused at scale. Our guest is Mike Carr, Field CTO at Xona, talking about how Italy should be thinking about protecting the 2026 Winter Olympics. A BASE jumper attempts a daring AI alibi. Remember to leave us a 5-star rating and review in your favorite...
The quietest weapon in Americas loudest strike.
Cyber weapons knock out Iranian air defenses during strikes on nuclear sites. ShinyHunters dump more than a million stolen records from Harvard and Penn. Betterment confirms a breach exposing data from roughly 1.4 million accounts. Researchers uncover a sprawling scam network impersonating law firms. Italy blocks cyberattacks aimed at Olympics infrastructure. Critical bugs put n8n and Google Looker servers at risk of full takeover. A state-backed Shadow Campaign hits governments worldwide. OpenClaw shows how AI-powered attacks are becoming faster, cheaper, and harder to stop. Our guest is Tony Scott, CEO of Intrusion and former federal CIO, sharing his perspective on...
A softer touch on cyber.
The White House preps a major overhaul of U.S. cybersecurity policy. A key Commerce security office loses staff as regulatory guardrails weaken. Lawmakers Press AT&T and Verizon after months of silence on Salt Typhoon. A vulnerability in the React Native Metro development server is under active exploitation. Amaranth Dragon leverages a WinRAR flaw. A coordinated reconnaissance campaign targets Citrix NetScaler infrastructure. CISA warns a SolarWinds Web Help Desk flaw is under active exploitation. Zach Edwards, Senior Threat Researcher at Silent Push, is discussing a hole in the kill chain leaving law enforcement empty-handed. Cops in Northern Ireland get an unwanted...
The algorithm gets questioned.
French police raid Xs Paris offices. The Feds take over $400 million from a dark web cryptocurrency mixer. The NSA says zero-trust goes beyond authentication. Researchers warn of a multi-stage phishing campaign targeting Dropbox credentials. A new GlassWorn campaign targets macOS developers. Critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile are under active exploitation. Researchers disclose a major data exposure on Moltbook, a social network built for AI agents. States bridge the gaps in election security. Nitrogen ransomware has a fatal flaw that permanently destroys data. Supersize your passwords you want fries with that? Remember to leave us a 5-star...
Mid season reflection with Kim Jones. [CISO Perspectives]
Please enjoy this encore of CISO Perspectives.
In this mid-season episode, Kim takes a step back to reflect on the journey so farrevisiting key conversations, standout moments, and recurring themes that have shaped the season. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, uncovering deeper patterns and takeaways. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've beenand what's still to come.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Wind and solar take a cyber hit.
Poland says weak security left parts of its power grid exposed. A Russian-linked hacker alliance threatens Denmark with a promised cyber offensive. Fancy Bear moves fast on a new Microsoft Office flaw, hitting Ukrainian and EU targets. Researchers find a sprawling supply chain attack buried in the ClawdBot AI ecosystem. A new report looks at how threats are shaping the work of journalists and security researchers. A stealthy Windows malware campaign blends Pulsar RAT with Stealerv37. A former Google engineer is convicted of stealing AI trade secrets for China. The latest cybersecurity funding and deal news. On our Afternoon Cyber...
Richard Melick: Finding the right pattern to solve the problem. [Threat reporting] [Career Notes]
Please enjoy this encore of Career Notes. Richard Melick, Director of Threat Reporting for Zimperium, talks about his journey, from working in the military to moving up to the big screens. He shares that he's been in the business of solving unique cybersecurity problems for so long that he has found his own path that works very well for him. He says, "if I go to a unique problem and try to solve it, I find that I'm solving it the same way that I would've solved it five years ago, because I found my pattern." Richard reflects on his...
Leaky chats collide with shifting security standards.
A popular chatbot exposes millions of private user messages. The White House rescinds Biden-era federal software security guidance. A senior Secret Service official urges more scrutiny of domain registration. The Presidents NSA pick champions section 702. France looks to reduce reliance on U.S. digital infrastructure. CISA shares guidance on insider threats. Hugging Face infrastructure was abused to distribute an Android RAT. Ivanti discloses a pair of critical zero-days. Popular dating sites suffer a data breach. Our guest is Tim Starks from CyberScoop, discussing how the US looks to push its view of AI cybersecurity standards to the rest of the...
Proxy wars and open doors.
Google dismantles a huge residential proxy network. Did the FBI take down the notorious RAMP cybercrime forum? A long running North Korea backed cyber operation has splintered into three specialized threat groups. U.S. military cyber operators carried out a covert operation to disrupt Russian troll networks ahead of the 2024 elections. Phishing campaigns target journalists using the Signal app. SolarWinds patches vulnerabilities in its Web Help Desk product. Amazon found CSAM in its AI training data. Initial access brokers switch up their preferred bot. China executes scam center kingpins. Our guest is Tom Pace, CEO of NetRise, explaining how open-source...
When the Director uses the wrong chat window.
CISAs interim director uploaded sensitive government material into the public version of ChatGPT. The cyberattack on Polands power grid compromised roughly 30 energy facilities. The EU and India sign a new partnership that includes expanded cyber cooperation. Meta rolls out enhanced WhatsApp security features. Researchers uncover a campaign targeting LLM service endpoints. Fortinet and OpenSSL patch multiple vulnerabilities. A high-severity WinRAR vulnerability continues to see widespread exploitation six months after it was patched. The SoundCloud data breach affected nearly 30 million users. Ben Yelin explains the California lawsuit accusing social media platforms of harming kids. A Spanish resort town gets...
The hackers made me do it, or did they?
Microsoft rushes an emergency fix for an actively exploited Office zero-day. A suspected cyberattack halts rail service in Spain. The FBI probes Signal chats in Minnesota. The UK moves to overhaul policing for the cyber age. Romania investigates a hitman-for-hire site. A UK court awards $4.1 million in a Saudi spyware case. Google agrees to a voice assistant settlement. CISA maps post-quantum crypto readiness. Prosecutors charge an Illinois man over a Snapchat hacking scheme targeting hundreds of women. Our guest today is Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing some insight into the AI and quantum...
How do you gain experience in cyber without a job in cyber? [CISO Persepctives]
Please enjoy this encore of CISO Perspectives. We're sharing a episode from another N2K show we thought you might like. It's the third episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: While the cybersecurity industry has expanded and grown in recent years, newcomers still struggle to gain relevant "experience" before officially beginning their cyber careers. In this episode of CISO Perspectives, host Kim Jones sits down with Kathleen Smith, the Chief Outreach Officer at clearedjobs.net and the co-host of Security Cleared Jobs: Whos Hiring & How, to discuss this dilemma and what...
When encryption meets enforcement.
Microsoft granted the FBI access to laptops encrypted with BitLocker. The EU opens an investigation into Groks creation of sexually explicit images. Glimmers of access pierce Irans internet blackout. Koi Security warns npm fixes fall short against PackageGate exploits. Some Windows 11 devices fail to boot after installing the January Patch Tuesday updates. CISA warns of active exploitation of multiple vulnerabilities across widely used enterprise and developer software. ESET researchers have attributed the cyberattack on Polands energy sector to Russias Sandworm. This week's business breakdown. Brandon Karpf joins us to talk space and cyber. CISA sits out RSAC. Remember to...
Lauren Van Wazer: You have to be your own North Star. [CISSP] [Career Notes]
Please enjoy this encore of Career Notes. Lauren Van Wazer, Vice President, Global Public Policy and Regulatory Affairs for Akamai Technologies, shares her story as she followed her own North Star and landed where she is today. She describes her career path, highlighting how she went from working at AT&T to being able to work in the White House. She shares how she is a coach and a leader to the team she works with now, saying "my view is I've got their back, if they make a mistake, it's my mistake, and if they do well, they've done well."...
Caught in the funnel. [Research Saturday]
Today we have Andrew Northern, Principal Security Researcher at Censys, discussing "From Evasion to Evidence: Exploiting the Funneling Behavior of Injects". This research explains how modern web malware campaigns use multi-stage JavaScript injections, redirects, and fake CAPTCHAs to selectively deliver payloads and evade detection. It shows that these attack chains rely on stable redirect and traffic-distribution chokepoints that can be monitored at scale. Using the SmartApe campaign as a case study, the report demonstrates how defenders can turn those chokepoints into high-confidence detection and tracking opportunities. The research can be found here: From Evasion to Evidence: Exploiting the Funneling Behavior...
TikTok lives to scroll another day.
At long last, a TikTok deal. Officials urge lawmakers to keep an eye on the quantum ball. Fortinet confirms active exploitation of a critical authentication bypass flaw. Ireland plans to authorize spyware for law enforcement. Okta warns customers of sophisticated vishing kits. Under Armour investigates data breach claims. CISA adds a Zimbra Collaboration Suite flaw to the known exploited vulnerabilities list. Poor OpSec enables recovery of data stolen by the INC ransomware gang. The DOJ deports a pair of Venezuelans convicted of ATM jackpotting. Our guest is Chris Nyhuis, Founder and CEO of Vigilant, sharing practical steps to protect money,...
Stabilized but smaller.
CISAs acting director assures Congress the agency has stabilized. Google and Cisco patch critical vulnerabilities. Fortinet firewalls are being hit by automated attacks that create rogue accounts. A global spam campaign leverages unsecured Zendesk support systems. LastPass warns of attempted account takeovers. Greek authorities make arrests in a sophisticated fake cell tower scam. Executives at Davos express concerns over AI. Pwn2Own Automotive proves profitable. Our guest is Kaushik Devireddy, AI data scientist at Fable Security, with insights on a fake ChatGPT installer. New password, same as the old password. Remember to leave us a 5-star rating and review in your...
DOGE and the data trail.
DOGE staff face scrutiny over possible Hatch Act violations. GitLab fixes a serious 2FA bypass. North Korean hackers target macOS developers through Visual Studio Code. Researchers say the VoidLink malware may be largely AI-built. MITRE rolls out a new embedded systems threat matrix. Oracle drops a massive patch update. Minnesota DHS reports a breach affecting 300,000 people. Germany looks to Israel for cyber defense lessons. A major illicit marketplace goes dark. Our guest is Ashley Jess, Senior Intelligence Analyst from Intel 471, with a crash course on underground cyber markets. And auditors emerge as an unlikely line of cyber defense....
Million-dollar hacks and a manhunt.
Authorities pursue Black Basta. British authorities launch a new national service to fight fraud and cybercrime. LinkedIn private messages get infected with RATs. Researchers uncover a new malicious extension that intentionally crashes the browser. Ingram Micro discloses a ransomware-related data breach. A Jordanian man pleads guilty to selling stolen access to corporate networks. Business Breakdown. Tim Starks from CyberScoop discusses Sean Plankey's renomination to lead CISA. Grave oversight in the funeral biz. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never...
Are we a trade or a profession? [CISO Perspectives]
Please enjoy this encore of CISO Perspectives. We're sharing a episode from another N2K show we thought you might like. It's the second episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: Cybersecurity has an identity problem where the industry as a whole is struggling to determine whether it is a trade or a profession. In this episode of CISO Perspectives, host Kim Jones sits down with Larry Whiteside Jr., the Chief Advisory Officer for The CISO Society, to discuss this identity crisis and how the industry as a whole connects to both...
Investing in the security tech market with NightDragon. [T-Minus Space Daily Special Edition]
While our team is away from the mic observing the Martin Luther King, Jr. holiday in the United States, we share this thoughtful discussion from our T-Minus Space Daily team. Signals Intelligence (SIGINT) is the practice of intercepting and analyzing electronic signals, like phone calls, emails, radar, and telemetry, to gather actionable intelligence for national security, defense, and military operations. Its primarily conducted by agencies like NSA, but over the last decade many companies in the commercial sector have grown in this vital area of national defense, especially in space. Our guest is Dave DeWalt, CEO of NightDragon, who shared...
Pentesting at the speed of thought. [CyberWire-X]
While our team is observing the Martin Luther King, Jr. holiday in the United States, please enjoy this CyberWire-X episode featuring the team from Horizon3.ai. In this CyberWire-X episode, Dave Bittner speaks with Horizon3.ai co-founder and CEO Snehal Antani about how continuous autonomous penetration testing is reshaping security resilience. Antani reflects on his journey from CIO to DoD operator, where he learned that the hardest part of security isnt patching its prioritizing what matters and proving defenses work before attackers do. He explains why vulnerability scans fall short, how AI hackers simulate adversary behavior at machine speed, and why organizations...
Deepen Desai: A doctor in computer viruses. [CISO] [Career Notes]
Please enjoy this encore of Career Notes. Deepen Desai, Global Chief Information Security Officer at Zscaler, shares his story as a doctor that treats computer viruses. He describes how he got into the security field and his work with Zscaler. He says what it's like learning and growing in this field and shares great advice for people who are up and coming in the field. Deepen describes working with an incredible team and how much joy it brings him to see his team learning and growing beyond their roles working with him. He says he want's to be remembered as...
Picture perfect deception. [Research Saturday]
Today we are joined by Ben Folland, Security Operations Analyst from Huntress, discussing their work on "ClickFix Gets Creative: Malware Buried in Images." This analysis covers a ClickFix campaign that uses fake human verification checks and a realistic Windows Update screen to trick users into manually running malicious commands. The multi-stage attack chain leverages mshta.exe, PowerShell, and .NET loaders, ultimately delivering infostealers like LummaC2 and Rhadamanthys, with payloads hidden inside PNG images using steganography. While technically sophisticated, the campaign hinges on simple user interaction, underscoring the importance of user awareness and controls around command execution. The research can be found...
Who turned out the lights?
Who turned out the lights in Venezuela? The European Space Agency confirms a series of cyberattacks. Dutch police nab the alleged operator of a notorious malware testing service. The U.S. and allies issue new guidance on OT security. Researchers warn of automated exploitation of a critical Hewlett-Packard Enterprise OneView flaw. TamperedChef cooks up trojanized PDF documents to deliver backdoor malware. A bluetooth vulnerability puts devices at risk. Cisco patches a maximum-severity zero-day exploited since November. Jen Easterly heads up RSAC. Our guest is Zak Kassas from Ohio State University, discussing GPS alternatives. Vintage phones face modern problems. Remember to leave...
A long day without bars.
Verizon hit by a major wireless outage. Poland blocks an attack on its power grid. A massive database of French citizens exposed. Microsoft shuts down a cybercrime-as-a-service operation. The UK backs away from digital ID plans. California probes Grok deepfakes. The FTC settles with GM over location data. Palo Alto Networks patches a serious firewall flaw. Plus, John Serafini of HawkEye on modern signals intelligence, and federal agents seize devices from a Washington Post reporter. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing,...
CVEs dont sleep.
Patch Tuesday fallout, China sidelines Western security vendors, and a critical flaw puts industrial switches at risk of remote takeover. A ransomware attack disrupts a Belgian hospital, crypto scams hit investment clients, and Eurail discloses a data breach. Analysts press Congress to go on offense in cyberspace, and Sean Plankey gets another shot at leading CISA. In our Threat Vector segment, David Moulton sits down with Ian Swanson, AI Security Leader at Palo Alto Networks about supply chain security. And, an AI risk assessment cites a football match that never happened. Remember to leave us a 5-star rating and review...
Source code in the wild aisle.
Stolen Target source code looks real. CISA pulls the plug on Gogs. SAP rushes patches for critical flaws. A suspected Russian spy emerges in Sweden, while Cloudflare threatens to walk away from Italy. Researchers flag a Wi-Fi chipset bug, a long-running Magecart skimming campaign, and a surge in browser-in-the-browser phishing against Facebook users. Mandiant releases a new Salesforce defense tool, and NIST asks how to secure agentic AI before it secures itself. Our guests are Christine Blake and Madison Farabaugh from Inside the Media Minds. Plus, a Dutch court says seven years is still the going rate for a USB-powered...
Is the cyber talent ecosystem broken? [CISO Perspectives]
Please enjoy this encore of CISO Perspectives We're sharing an episode from another N2K show we thought you might like. It's the first episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: The cyber talent ecosystem faces severe indigestion, which has stifled growth and closed doors to new talent. In this episode of CISO Perspectives, host Kim Jones sits down with Ed Adams, the Head of Cybersecurity for North America at the Bureau Veritas Group, to discuss what has caused this indigestion and how leadership can better address these challenges. A key aspect...
A picture worth a thousand breaches.
The FBI warns of Kimsuky quishing. Singapore warns of a critical vulnerability in Advantech IoT management platforms. Russias Fancy Bear targets energy research, defense collaboration, and government communications. Malaysia and Indonesia suspend access to X. Researchers warn a large-scale fraud operation is using AI-generated personas to trap mobile users in a social engineering scam. BreachForums gets breached. The NSA names a new Deputy Director. Monday Biz Brief. Our guest is Sasha Ingber, host of the International Spy Museum's SpyCast podcast. The commuter who hacked his scooter. Remember to leave us a 5-star rating and review in your favorite podcast app....
Laura Hoffner: Setting your sights high. [Intelligence] [Career Notes]
Please enjoy this encore of Career Notes. Laura Hoffner, Executive Vice President at Concentric, shares her story about her time working as a Naval Intelligence Officer and supporting special operations around the globe for 12 years, to now, where she transitioned to the Naval Reserves and joined the Concentric team. Laura has known since she was in the seventh grade that she wanted to work with SEALs and work in intelligence, so she set her goals high and achieved them shortly after graduating college. She credits being a Naval Intelligence Officer to helping her get to where she is today...
Walking on EggStremes. [Research Saturday]
This week, we are joined by Martin Zugec, Technical Solutions Director from Bitdefender, sharing their work and findings on "EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company." Built for long-term espionage, the campaign uses DLL sideloading, in-memory execution, and abused Windows services to stay stealthy and persistent. We walk through how the multi-stage framework delivers a powerful backdoor with reconnaissance, lateral movement, data theft, and keylogging capabilitiesand what this operation reveals about the evolving tactics defenders need to watch for. The research can be found here: EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine...
Is interim the new permanent?
The NSA reshuffles its cybersecurity leadership. A new report unmasks ICEs latest surveillance system. CISA marks a milestone by retiring ten Emergency Directives. Trend Micro patches a critical vulnerability. Grok dials back the nudes, a bit. Cambodia extradites a cybercrime kingpin to China. Ghost Tap malware intercepts payment card data. Researchers disrupt a highly sophisticated VMware ESXi hypervisor exploit. European law enforcement arrest dozens of suspects linked to the international cybercriminal group Black Axe. Our guest is Sonali Shah, CEO of Cobalt, who says 2026 is the year AI stops being a concept and becomes the central battleground of cybersecurity....
America goes solo on cyber.
The US withdraws from global cybersecurity institutions. A maximum-severity vulnerability called Ni8mare allows full compromise of a workflow automation platform. Cisco patches ISE. Researchers uncover a sophisticated multi-stage malware campaign targeting manufacturing and government organizations in Italy, Finland, and Saudi Arabia. The growing rift of defining AI risk. Microsoft gives 365 admins a one-month deadline to enable MFA. The Illinois Department of Human Services inadvertently exposed personal and protected health information of more than 700,000 residents. An Illinois man is charged with hacking Snapchat accounts to steal nudes. Our guest is Caitlin Clarke, Senior Director for Cybersecurity Services at Venable,...
Cyberattack in the fast lane.
Jaguar Land Rover reveals the fiscal results of last years cyberattack. A Texas gas station chain suffers a data spill. Taiwan tracks Chinas energy-sector attacks. Google and Veeam push patches. Threat actors target obsolete D-Link routers. Sedgwick Government Solutions confirms a data breach. The U.S. Cyber Trust Mark faces an uncertain future. Google looks to hire humans to improve AI search responses. Our guest is Deepen Desai, Chief Security Officer of Zscaler, discussing whats powering enterprise AI in 2026. AI brings creative cartography to the weather forecast. Remember to leave us a 5-star rating and review in your favorite podcast...
X marks the violation.
Groks non-consensual imagery draws scrutiny from the European Commission. Researchers link several major data breaches to a single threat actor. The UK unveils a new Cyber Action Plan. A stealthy ClickFix campaign targets the hospitality sector. VVS Stealer malware targets Discord users. Covenant Health and AFLAC report data leaks. Google silences a critical Dolby flaw. Ilona Cohen, Chief Legal and Policy Officer at HackerOne discusses What the SolarWinds Dismissal Really Means for CISOs: Less Personal Risk, More Scrutiny on Disclosures. UK students enjoy a digital snow day. Remember to leave us a 5-star rating and review in your favorite podcast...
A city goes dark as cyber questions multiply.
Venezuela blames physical attacks for blackout as cyber questions swirl. Trump reverses a chip technology sale over national security issues, and removes sanctions linked to Predator spyware. Greek officials say an air traffic shutdown was not a cyberattack. The U.S. Army launches a new officer specialization in AI and machine learning. The Kimwolf botnet infects more than two million devices worldwide. ZoomStealer uses browser extensions to grab sensitive online meeting data. The European Space Agency confirms a cybersecurity incident. Former lawmakers and cyber policy leaders warn that U.S. cyber defenses are slipping. On todays Afternoon Cyber Tea host Ann Johnson...
Michael Scott: A team of humble intellects. [Information security] [Career Notes]
Please enjoy this encore of Career Notes. Chief Information Security Officer at Immuta, Michael Scott shares his story from working at a forgotten internet service provider to leading the security fight for major food chain restaurants. Michael explains how the different roles at various companies he has worked with paved his way to where he is now at Immuta. He works with a group of colleagues and he leads in a different style, describing that "It really is just a collection of a lot of, we call humble intellects" working with him. Michael attributes adversity to being a cornerstone of...
Dont trust that app!
While our team is out on winter break, please enjoy this episode of Research Saturday. Today we are joined by Selena Larson, co-host of Only Malware in the Building and Staff Threat Researcher and Lead Intelligence Analysis and Strategy at Proofpoint, sharing their work on "Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing." Proofpoint researchers have identified campaigns where threat actors use fake Microsoft OAuth apps to impersonate services like Adobe, DocuSign, and SharePoint, stealing credentials and bypassing MFA via attacker-in-the-middle phishing kits, mainly Tycoon. These attacks redirect users to fake Microsoft login pages to capture credentials, 2FA tokens,...
Cyber and its "Hive" Mind
While our team is out on winter break, please enjoy this episode of Cyber Things from our partners at Armis. Welcome to Episode 2 of Cyber Things, a special edition podcast produced in partnership by Armis and N2K CyberWire in an homage to Stranger Things. Host Rebecca Cradick, VP of Global Communications at Armis, is joined by Curtis Simpson, CISO at Armis, to dive deep into the rise of the Hive Mind: the collective, connected threat ecosystem where attackers share tools, data, and tactics across the dark web, evolving faster than ever through AI-powered reconnaissance and automation. This is essential...
While our team is out on winter break, please enjoy this episode of Threat Vector from our partners at Palo Alto Networks. In this episode of Threat Vector, host David Moulton talks with Wendi Whitmore, Chief Security Intelligence Officer at Palo Alto Networks, about the increasing scale of China-linked cyber threats and the vulnerabilities in outdated OT environments. Wendi shares critical insights on how nation-state threats have evolved, why AI must be part of modern defense strategies, and the importance of real-time intelligence sharing. They also dive into scenario planning as a key to resilience. If you want to know...
Lorrie Cranor: Why Security Fails Real People [Afternoon Cyber Tea]
While our team is out on winter break, please enjoy this episode of Afternoon Cyber Tea with Ann Johnson from our partners at Microsoft Security. Dr. Lorrie Cranor, Director of theCyLabSecurity and Privacy Institute at Carnegie Mellon Universityjoins AnnJohnson, Corporate Vice President, Microsoft,on this week's episode of Afternoon Cyber Tea to discuss the critical gap between security design and real-world usability. They explore why security tools oftenfailusers, the ongoing challenges with passwords andpassword lessauthentication, and how privacy expectations have evolved in an era of constant data collection. Dr. Cranor emphasizes the importance of user-centered design, practical research, behavioral insights, and...
The New Frontlines of Cybersecurity: Lessons from the 2025 Digital Defense Report [Microsoft Threat Intelligence Podcast]
While our team is out on winter break, please enjoy this episode of The Microsoft Threat Intelligence Podcast from our partners at Microsoft. In this episode of theMicrosoft Threat Intelligence Podcast, host SherrodDeGrippois joined by ChloMessdaghiand Crane Hassold to unpack the key findings of the 2025 Microsoft Digital Defense Report; a comprehensive look at how the cyber threat landscape is accelerating through AI, automation, and industrialized criminal networks. They explore how nation-state operations and cybercrime have fused into a continuous cycle of attack and adaptation, with actors sharing tooling, infrastructure, and even business models. The conversation also examines AIs growing...
Season finale: Leading security in a brave new world. [CISOP]
In the season finale of CSO Perspectives, Ethan Cook and Kim Jones reflect on a season of conversations exploring what it means to lead security in a rapidly evolving brave new world. From the realities behind AI hype and the slow-burn impact of quantum computing to the business forces shaping cybersecurity innovation, they revisit key lessons and lingering challenges facing todays CISOs. The episode closes with an optimisticbut candidlook at why fundamentals, critical thinking, and leadership still matter as the industry moves forward. Want more CISO Perspectives? Check out companionblog postsby our very own Ethan Cook, where he breaks down...
The Hidden Risk in Your Stack [Data Security Decoded]
While our team is out on winter break, please enjoy this episode of Data Security Decoded from our partners at Rubrik. In this episode of Data Security Decoded, host Caleb Tolin sits down with Hayden Smith, CEO of Hunted Labs, as he breaks down how software supply chain attacks really work, why open source dependencies create unseen exposure, and what modern threat actors are doing to exploit trust at scale. Caleb and Hayden dive deep into real-world attacks, emerging TTPs, AI-powered threat hunting, and what organizations must do today to keep pace. Listeners walk away with a clear picture of...
Charity Wright: Pursue what you love. [Threat intelligence] [Career Notes]
While our team is out on winter break, please enjoy this episode of Career Notes. Threat intelligence analyst at Recorded Future, Charity Wright, shares her story from the army to her career today. Transitioning from the army to cybersecurity was an exciting change for her. During college she was recruited by the U.S. army where she started her journey and learned new skills paving her pathway to threat intelligence where she is now. She shares that she works with a great team of junior analysts who are constantly checking each others' biases which helps keep Charity grounded in her work....
Excel-lerating cyberattacks. [Research Saturday]
While our team is out on winter break, please enjoy this episode of Research Saturday. This week, we are joined by Tom Hegel, Principal Threat Researcher from SentinelLabs research team, to discuss their work on "Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition." The latest Ghostwriter campaign, linked to Belarusian government espionage, is actively targeting Ukrainian military and government entities as well as Belarusian opposition activists using weaponized Excel documents. SentinelLabs identified new malware variants and tactics, including obfuscated VBA macros that deploy malware via DLL files, with payload delivery seemingly controlled based on a targets location and...
Beyond cyber: Securing the next horizon. [Special Edition]
While our team is out on winter break, please enjoy this Special Edition episode. Cybersecurity is no longer confined to the digital world or just a technical challenge, its a global imperative. The NightDragon Innovation Summit convened a group of industry leaders to discuss how public and private entities can work together to address emerging threats and harness the power of AI, cybersecurity, and innovation to strengthen national defense. In this special edition podcast, we capture a glimpse into the knowledge and expertise shared at the NightDragon Innovation Summit. We are joined by NightDragon Founder and CEO Dave DeWalt, DataBee...
Yippee-ki-yay, cybercriminals! [OMITB]
While our team is out on winter break, please enjoy this episode of Only Malware in the Building. Welcome in! Youve entered, Only Malware in the Building. Wrap yourself in a warm blanket, pour your favorite mug of tea, and join us each month as we unwrap the seasons juiciest cyber mysteries. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by her co-hostsN2KNetworksDave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security...
And the Breachies go to
In todays episode, we dig into the Electronic Frontier Foundations annual Breachies, highlighting some of the years most avoidable, eye-opening, and sometimes head-shaking data breaches. From companies collecting far more data than they need to third-party missteps and quiet misconfigurations, the Breachies offer a revealing look at how familiar privacy failures keep repeatingand why they matter for users. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest...
Eyes in the sky, red flags on the ground.
The White House bans foreign-made drones. African law enforcement agencies crackdown on cybercrime. A new phishing campaign targets Russian military personnel and defense-related organizations. A University of Phoenix data breach affects about 3.5 million people. A pair of Chrome extensions covertly hijack user traffic. Romanias national water authority suffered a ransomware attack. A cyberattack in France disrupts postal, identity, and banking services for millions of customers. NIST and MITRE announce a $20 million partnership for AI research centers. A think-tank says the U.S. needs to go on the cyber offensive. Tim Starks from CyberScoop discusses the passage of the defense...
Tech Investment Strategies and Overview [CISOP]
In this CISOP episode of CSO Perspectives, Host Kim Jones sits down with John Funge, venture capitalist at DataTribe, to explore how investors view the cybersecurity landscape. Kim reflects on the tension between innovation, profit motives, and the real needs of security practitionersraising questions about whether the industry prioritizes mitigation over true solutions. John offers a candid look inside the VC decision-making process, breaking down how teams, market fit, and long-term defensibility shape investment choices. Together, they examine how founders, investors, and CISOs can better align to drive meaningful, effective security innovation. Want more CISO Perspectives? Check out a companionblog...
Everything old is new again.
NATO suspects Russia is developing a new anti-satellite weapon to disrupt the Starlink network. A failed polygraph sparks a DHS probe and deepens turmoil at CISA. A look back at Trumps cyber policy shifts. MacSync Stealer adopts a stealthy new delivery method. Researchers warn a popular open-source server monitoring tool is being abused. Cyber criminals are increasingly bypassing technical defenses by recruiting insiders. Scripted Sparrow sends millions of BEC emails each month. Federal prosecutors take down a global fake ID marketplace. Monday business brief. Our guest is Eric Woodruff, Chief Identity Architect at Semperis, discussing "NoAuth Abuse Alert: Full Account...
Eric Escobar: Collaboration is key. [Pen tester] [Career Notes]
Please enjoy this encore of Career Notes. Principal consultant and pen tester at Secureworks, Eric Escobar, shares his career path translating his childhood favorite Legos to civil engineering and pivoting to cybersecurity.Eric was always headed toward engineering and got both his bachelor and master degrees in civil engineering. Upon breaking into a network with a friend, he was bitten by the cybersecurity bug. Making the switch to the red team and basically becoming a bankrobber for hire, Eric tests the security of many companies' networks. He feels that curiosity is an essential trait for cybersecurity and collaboration is key as...
The lies that let AI run amok. [Research Saturday]
Darren Meyer, Security Research Advocate at Checkmarx, is sharing their work on "Bypassing AI Agent Defenses with Lies-in-the-Loop." Checkmarx Zero researchers introduce lies-in-the-loop, a new attack technique that bypasses humanintheloop AI safety controls by deceiving users into approving dangerous actions that appear benign. Using examples with AI code assistants like Claude Code, the research shows how prompt injection and manipulated context can trick both the agent and the human reviewer into enabling remote code execution. The findings highlight a growing risk as AI agents become more common in developer workflows, underscoring the limits of human oversight as a standalone security...
Where encryption meets executive muscle.
Trump signs the National Defense Authorization Act for 2026. Danish intelligence officials accuse Russia of orchestrating cyberattacks against critical infrastructure. LongNosedGoblin targets government institutions across Southeast Asia and Japan. A new Android botnet infects nearly two million devices. WatchGuard patches its Firebox firewalls. Amazon blocks more than 1,800 North Korean operatives from joining its workforce. CISA releases nine new Industrial Control Systems advisories. The U.S. Sentencing Commission seeks public input on deepfakes. Prosecutors indict 54 in a large-scale ATM jackpotting conspiracy. Our guest is Nitay Milner, CEO of Orion Security, discussing the issue with data leaking into AI tools, and...
OneView gives attackers the full tour.
Hewlett Packard Enterprise patches a maximum-severity vulnerability in its OneView infrastructure management software. Cisco warns a critical zero-day is under active exploitation. An emergency Chrome update fixes two high-severity vulnerabilities. French authorities make multiple arrests. US authorities dismantle an unlicensed crypto exchange accused of money laundering. SonicWall highlights an exploited zero-day. Researchers earn $320,000 for demonstrating critical remote code execution flaws in cloud infrastructure components. A U.S. Senator urges electronic health record vendors to give patients greater control over who can access their medical data. Our guest is Larry Zorio, CISO from Mark43, discussing first responders and insider cyber risks....
The cloud that spies back.
Researchers detail a years-long Russian state-sponsored cyber espionage campaign. Israels cyber chief warns against complacency. Vulnerabilities affect products from Fortinet and Hitachi Energy. Studies show AI models are rapidly improving at offensive cyber tasks. MITRE expands its D3FEND cybersecurity ontology to cover operational technology. Texas sues smart TV manufacturers, alleging illegal surveillance. A fraudulent gift card locks an Apple user out of their digital life. Our guest is Doron Davidson from CyberProof Israel discussing agentic SOCs and agentic transformation of an MDR. Fat racks crack the stacks. Remember to leave us a 5-star rating and review in your favorite podcast...
Cyber shock to the oil trade.
Venezuelas state oil company blames a cyberattack on the U.S. An Iranian hacker group offers cash bounties for doxing Israelis. Germanys lower house of parliament suffers a major email outage. South Koreas e-commerce breach exposes personal information of nearly all of that nations adults. Researchers report active exploitation of two critical Fortinet authentication bypass vulnerabilities, and three critical vulnerabilities in the FreePBX VoIP platform. An auto-industry credit reporting agency suffers a data breach. Google is shutting down its dark web reporting service. European law enforcement dismantles a Ukrainian fraud network. Our guest is Christiaan Beek, Senior Director Threat Intelligence &...
Quantum [CISOP]
In this episode, host Kim Jones tacks a topic that is rapidly moving from theoretical to operational reality: quantum computing. While classical computing will remain the backbone of our systems for years to come, quantum technologies are advancing fast enough that CISOs must begin preparing today. Kim explores what quantum computing really means, why it matters for cybersecurity, and how leaders should begin planning for its inevitable impact. To help demystify the subject, Kim is joined by longtime colleague and cybersecurity practitioner Michael Sottilenow the CSO of a quantum computing firmwho brings decades of hands-on experience across industries and a...
Another day, another emergency patch.
Apple and Google issue emergency updates to patch zero-days. Google links five additional Chinese state-backed hacking groups to React2Shell. Frances Ministry of the Interior was hit by a cyberattack. Atlassian patches roughly 30 third-party vulnerabilities. Microsoft says its December 2025 Patch Tuesday updates are breaking Message Queuing. Researchers uncovered a massive exposed database with nearly 4.3 billion professional records openly accessible online. Britains new MI6 chief warns of an aggressive, expansionist, and revisionist Russia. Monday Business Brief. On todays Threat Vector, Michael Heller from Unit 42 chats with security leaders Greg Conti and Tom Cross to unpack the hacker mindset...
Amanda Fennell: There's a cyber warrior in all of us [Information] [Career Notes]
Please enjoy this encore of Career Notes. Chief security officer and chief information officer at Relativity, Amanda Fennell shares her story from archeology to cybersecurity. She shares the path that lead her towards becoming an archeologist and how it turned out not being exactly what she expected. She then shares how she got into the cyber business and how her past has impacted what she's doing now. She describes how she would like to be remembered in the cyber world, she says "I do hope that I left things better than I found them, not just the security of a...
Root access to the great firewall. [Research Saturday]
Daniel Schwalbe, DomainTools Head of Investigations and CISO, is sharing their work on "Inside the Great Firewall." This two-part research project analyzes an extraordinary 500600GB leak that exposes the internal architecture, tooling, and human ecosystem behind Chinas Great Firewall. Across both parts, you break down thousands of leaked documents, source code repositories, diagrams, packet captures, and telemetry that reveal how systems like the Traffic Secure Gateway, MAAT, Redis-based analytics, and modular DPI engines work together to censor, surveil, and fingerprint users at scale. Taken together, the research shows how the Great Firewall functions not just as a technical system, but...
One rule to rule them all.
A new executive order targets states AI regulations, while the White House shifts course on an NSA deputy director pick. The UK fines LastPass over inadequate security measures. Researchers warn of active attacks against Gladinet CentreStack instances. OpenAI outlines future cybersecurity plans. MITRE ranks the top 25 vulnerabilities of 2025. CISA orders U.S. federal agencies to urgently patch a critical GeoServer vulnerability. An anti-piracy coalition shuts down one of Indias most popular illegal streaming services. Our guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, unpacks purple team table top exercises to prepare for AI-generated attacks. Hackers set...
Weak passwords meet strong motives
CISA warns that pro-Russia hacktivist groups are targeting US critical infrastructure. Google patches three new Chrome zero-day vulnerabilities. North Korean actors exploit React2Shell to deploy a new backdoor. Researchers claim Docker Hub secret leakage is now a systemic problem. Attackers exploit an unpatched zero-day in Gogs, the self-hosted Git service. IBM patches more than 100 vulnerabilities across its product line. Storm-0249 abuses endpoint detection and response tools. The DOJ indicts a former Accenture employee for allegedly misleading federal customers about cloud security. Our guest is Kavitha Mariappan, Chief Transformation Officer at Rubrik, talking about understanding & building resilience against identity-driven...
When preview pane becomes preview pain.
Patch Tuesday. Federal prosecutors charge a Houston man with smuggling Nvidia chips to China, a Ukrainian woman for targeting critical infrastructure, and an Atlanta activist for wiping his phone. The power sector sees cyber threats doubling. The new Spiderman phishing kit slings its way across the dark web. Our guest is Dick O'Brien, Principal Intelligence Analyst from Symantec and Carbon Black Threat Hunter Team, discussing Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites. The Pentagon unveils a killer chatbot. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for...
The bug that got everyones attention.
Organizations worldwide scramble to address the critical React2Shell vulnerability. Major insurers look to exclude artificial intelligence risks from corporate policies. Three Chinese hacking groups converge on the same Sharepoint flaws. Ransomware crews target hypervisors. A UK hospital asks the High Court to block publication of data stolen by the Clop gang. The White House approves additional Nvidia AI chip exports to China. The ICEBlock app creator sues the feds over app store removal. The FBI warns of virtual kidnapping scams. The FTC upholds a ban on a stalkerware maker. Dave Lindner, CISO of Contrast Security, discusses nation-state adversaries targeting source...
AI and cyber practicum [CISOP]
In this episode, host Kim Jones examines the rapid rise of enterprise AI and the tension between innovation and protection, sharing an RSA anecdote that highlights both excitement and concern. He outlines the benefits organizations hope to gain from AI while calling out often-overlooked risks like data quality, governance, and accountability. Kim is joined by technologist Tony Gauda to discuss why AI represents a fundamental shift in how systems and decisions are designed. Together, they explore AI-driven operations, cultural barriers to experimentation, and how CISOs can adopt AI responsibly without compromising security. Want more CISO Perspectives? Check out a companionblog...
Americas tech turn.
How might Trumps new National Security Strategy impact cyber? The UKs NCSC warns LLMs may never get over prompt injection. At least 18 U.S. universities were hit by a months-long phishing campaign. Russia blocks FaceTime. A bipartisan group of senators reviving efforts to strengthen protections across the health sector. Portugal provides legal safe harbor for good-faith security research. A large-scale campaign targets Palo Alto GlobalProtect portals. A Maryland man gets 15 months in prison for his part in a North Korean IT worker scam. Business Brief. Tim Starks from CyberScoop unpacks the President's pending cybersecurity strategy release. An AI image...
Jon DiMaggio: Two roads diverged. [Strategy] [Career Notes]
Please enjoy this encore of Career Notes. Chief security strategist from Analyst1, Jon DiMaggio shares his story on how he grew to become a part of the cybersecurity world. He describes different jobs that paved the way to the knowledge he has in the industry right now, and he even shares about an experience that led him to a path that split and which decision he would make, would be crucial in his career. He explains which way he ended up going and how a critical part of his career helped to determine that path. He says "there's two paths...
When macOS gets frostbite. [Research Saturday]
Jaron Bradley, Director of Jamf Threat Labs, is sharing their work on "ChillyHell: A Deep Dive into a Modular macOS Backdoor." Jamf Threat Labs uncovers a newly notarized macOS backdoor called ChillyHell, tied to past UNC4487 activity and disguised as a legitimate applet. The malware showcases robust host profiling, multiple persistence mechanisms, timestomping, and flexible C2 communications over both DNS and HTTP. Its modular design includes reverse shells, payload delivery, self-updates, and a brute-force component targeting user credentials. The research can be found here: ChillyHell: A Deep Dive into a Modular macOS Backdoor Learn more about your ad choices. Visit...
Chinas quiet crawl into critical networks.
Chinese threat actors deploy Brickstorm malware. The critical React2Shell vulnerability is under active exploitation. Cloudflares emergency patch triggered a brief global outage. Phishing kits pivot to fake e-commerce sites. The European Commission fines X(Twitter) 120 million for violating the Digital Services Act. Predator spyware has a new bag of tricks. A Russian physicist gets 21 years in prison for cybercrimes. Twin brothers are arrested for allegedly stealing and destroying government data. Our guest is Blair Canavan, Director of Alliances - PKI & PQC Portfolio from Thales, discussing post quantum cryptography. Smart toilet encryption claims dont hold water. Remember to leave...
Pay cuts and a personnel freefall.
CISA staff may see pay cuts in 2026. Threat actors advertise a full chain zero-day exploit for iOS. A US-led international coalition releases joint guidance on integrating AI into operational technology. Microsoft lowers sales growth targets for its agentic AI products. A major fintech provider suffers a ransomware-linked breach. Arizonas Attorney General sues Temo over data collection practices. Lessons learned from Capitas handling of Black Basta. The UK sanctions Russias GRU. My guest is Dave Baggett, co-founder and CEO of INKY (recently acquired by Kaseya), about the challenges of email security. A U.S. Bankruptcy Court insists on AI transparency. Remember...
Just another day of scamming and jamming.
The DOJ shuts down another scam center in Myanmar. OpenAI confirms a Mixpanel data breach. A new phishing campaign targets company executives. A bipartisan bill looks to preserve the State and Local Cybersecurity Grant Program. Universities suffer Oracle EBS data breaches. India reports GPS jamming at eight major airports. Kaiser Permanente settles a class action suit over tracking pixels. The FTC plans to require a cloud provider to delete unnecessary student data. An international initiative is developing guidelines for commercial spyware. Our N2K Producer Liz Stokes speaks with Kristiina Omri, Director of Special Programs for CybExer Technologies about the cyber...
The Unseen World [Cyber Things]
Enjoy this episode of Cyber things from Armis. Catch the next episode on your favorite podcast app on December 15th. Welcome to Cyber Things, a special edition podcast produced in partnership by Armis and N2K CyberWire that plunges into the hidden world beneath our connected reality. Inspired byStranger Things, we explore the digital realm's own Upside Down -a space teeming with unseen devices, silent intruders, and invisible threats that quietly impact our everyday lives. In this first episode, we tackle the core challenge of modern defense: seeing the unseen. Rebecca Cradick, VP of Global Communications at Armis, is joined by...
ShadyPandas patient poisoning.
ShadyPanda plays the long game. India mandates tracking software on mobile devices. Korea weighs punitive damages after a massive breach. Qualcomm patches a critical boot flaw impacting millions. OpenAI patches a Codex CLI vulnerability. Google patches Android zero-days. Cybersecurity issues prompt an FDA permanent recall for an at-home ventilator system. Switzerland questions the security of hyperscale clouds and SaaS services. One of the worlds largest cyber insurers pulls back from the market. On our Threat Vector segment, David Moulton sits down with Stav Setty to unpack the Jingle Thief campaign. In Russia, Porsches take a holiday. Remember to leave us...
AI's impact on business [CISOP]
In this episode, Kim Jones sits down with Eric Nagel, a former CISO with a rare blend of engineering, legal, and patent expertise, to unpack what responsible AI really looks like inside a modern enterprise. Eric breaks down the difference between traditional machine learning and generative AI, why nondeterministic outputs can be both powerful and risky, and how issues like bias, hallucinations, and data leakage demand new safeguardsincluding AI firewalls. He also discusses what smaller organizations can do to manage AI risk, how tools like code-generation models change expectations for developers, and the evolving regulatory landscape shaping how companies must...
From cryptomixers to recipe mixers.
European authorities take down an illegal cryptomixer. An Australian man is sentenced for running an airport evil twin WiFi campaign. Researchers unmask a Scattered LAPSUS$ Hunters impresario. CISA flags a cross-site scripting flaw in OpenPLC ScadaBR. A major South Korean retailer suffers a data breach affecting over 33 million customers. Threat actors abuse digital calendar subscription features. New Yorks new hospital cybersecurity mandates may raise the bar nationwide. Scammers target Cyber Monday shoppers. Monday business brief. Ann Johnson speaks with Microsofts Amy Hogan-Burney on the Afternoon Cyber Tea segment. Google gets caught reheating someone elses holiday recipe. Remember to leave...
AI in the GRC: What's real, what's risky and what's next. [Special Edition]
Join us for a timely and insightful live discussion on the evolving role of artificial intelligence in governance, risk, and compliance. Host Dave Bittner from N2K | CyberWire is joined by Kayne McGladrey from Hyperproof, Matthew Cassidy, PMP, CISA from Grant Thornton (US), and Alam Ali from Hyperproof to explore the current state of artificial intelligence in governance, risk, and compliance. The panel will discuss what AI is truly doing well today, the risks and challenges organizations need to watch for, and how AI is poised to influence the future of GRC. They will also share practical insights and real-world...
Danielle Jablanski: Finding the path to success [Strategy] [Career Notes]
Please enjoy this encore of Career Notes. Operational technology cybersecurity strategist from Nozomi Networks, Danielle Jablanski shares her story of building a target map to end up where she is today. She shares how she started in college and how different paths in life got her to be on the target of success where she is today. She says " you build out that kind of target of where you want to be, and understand that getting to that point might mean doing things you don't enjoy for a number of years, but figuring that out is another way to...
A new stealer hiding behind AI hype. [Research Saturday]
Please enjoy this encore of Research Saturday. This week, we are joined by Michael Gorelik, Chief Technology Officer from Morphisec, discussing their work on "New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms." A new threat dubbed Noodlophile Stealer is exploiting the popularity of AI-powered content tools by posing as fake AI video generation platforms, luring users into uploading media in exchange for malware-laced downloads. Distributed through convincing Facebook groups and viral campaigns, the malware steals browser credentials, cryptocurrency wallets, and can deploy a remote access trojan like XWorm. The campaign uses a layered, obfuscated delivery chain disguised as...
Pass the intel, please. [Only Malware in the Building]
Please enjoy this encore of Only Malware in the Building. Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by her co-hostsN2KNetworksDave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts...
Hacker Movies Then vs Now [Threat Vector]
We dive into a nostalgic yet revealing journey through classic hacker films, from WarGames to The Net and beyond, to assess what they got right, what they wildly imagined, and what those stories say about culture, fears, and cyber reality today. David Moulton, Senior Director of Thought Leadership for Unit 42 talks with Ben Hasskamp, Global Content Leader at Palo Alto Networks, who has been writing deeply on this intersection of media, tech, and risk. Together, well examine how cinematic depictions of hacking have shaped public perception, influenced policy, and sometimes eerily foreshadowed modern cyber threats. Expect a blend of...
Identifying vulnerabilities in space with Bigbear.ai. [Deep Space]
Please enjoy this encore of T-Minus Deep Space. BigBear.ai is at the forefront of innovation for national security, and is committed to supporting the critical infrastructure driving Americas competitive edge. The company deploys cutting-edge Al, machine learning, and computer vision solutions to defend critical operations and win with decision advantage. Our guests are Eric Conway, Vice President of Technology, and Joe Davis, Cybersecurity Research Scientist at Bigbear.ai. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Want to hear your company in the show? You too...
Hacktivists go galactic.
Report sheds light on cyber activity targeting space-related organizations during the Gaza War. Russian threat actor targets US civil engineering firm. FBI says $262 million has been stolen in account takeover scams this year. HashJack attack tricks AI browser assistants. London councils disrupted by cyberattacks. Russias Gamaredon and North Koreas Lazarus Group appear to be sharing infrastructure. Canon says subsidiary was breached by Oracle EBS flaw. Dave Bittner was joined by Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing a deep dive on Akira ransomware. And Campbells Soup CISO placed on leave following lawsuit. Remember to leave...
Message in the malware.
CISA warns of spyware targeting messaging apps. CodeRED, this is not a test. Infostealer campaign spreads via malicious Blender files. Shai-Huluds second coming. Real estate finance firm SitusAMC investigates breach. Dartmouth College discloses Oracle EBS breach. Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administrations upcoming cyber strategy. And tis the season for deals and digital deception. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure to follow...
A midseason takeaway. [CISO Perspectives]
In this mid-season episode, Kim takes a step back to reflect on the conversations he has had so far. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, diving into how new technologies are impacting longstanding challenges, both from a security standpoint and from an attacker's view. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've beenand what's still to come.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Inside job interrupted.
CrowdStrike fires an insider who allegedly shared screenshots with hackers. Google agrees, it wasnt Salesforce. Cox Enterprises confirms Oracle EBS breach. Alleged Transport for London hackers plead not guilty. Hackers exploit new WSUS bug to deploy ShadowPad backdoor. Iberia discloses breach of customer data. Harvard discloses voice-phishing breach exposing alumni and donor data. We have our Monday Business Briefing. Our guest today is Brandon Karpf, friend of the show discussing maritime GPS jamming and spoofing. And the launderers who wanted a bank for Christmas. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an...
How realistic is A House of Dynamite? [T-Minus Deep Space]
The new Netflix movie A House of Dynamite, chronicles what happens when the unthinkable unfolds. How realistic is it? We ask the movies advisor and expert, Lieutenant General Daniel Karbler (Ret.). Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Heres our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com...
Satya Gupta: Rising to your contribution. [CTO] [Career Notes]
Please enjoy this encore of Career Notes. Co-founder and CTO of Virsec, Satya Gupta shares his story of how he has over 25 years of expertise in embedded systems, network security and systems architecture. He also talks about how a colleague of his told him something that resinated with him, he said " thatwas really a remarkable statement that I heard from that person. You rise to the point where you can actually contribute." He also discusses how he got into the startup atmosphere and how different scenarios in his life helped to lead him to the successful man he...
DataTribe's Cyber Innovation Day: Cyber: The Wake of Tech Innovation. [Special Edition]
On this Special Edition podcast, we share a panel fromDataTribe'sCyber Innovation Day2025, "Cyber: The Wake of Tech Innovation."
The podcast tech host panel includedDave Bittner, host of CyberWire Dailypodcast,Maria Varmazis, host ofT-Minus Space Dailypodcast, andDaniel Whitenack, co-host ofPractical AIpodcast, sharing a wide-ranging discussion.
Together, Dave, Maria and Dan examine the intersection of frontier innovation and cyber innovation through the lens of cyber, space, and AI.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Two RMMs walk into a phish [Research Saturday]
Alex Berninger, Senior Manager of Intelligence at Red Canary, and Mike Wylie, Director, Threat Hunting at Zscaler, join to discuss four phishing lures in campaigns dropping RMM tools. Red Canary and Zscaler uncovered phishing campaigns delivering legitimate remote monitoring and management (RMM) toolslike ITarian, PDQ, SimpleHelp, and Aterato gain stealthy access to victim systems. Attackers used four main lures (fake browser updates, meeting invites, party invitations, and fake government forms) and often deployed multiple RMM tools in quick succession to establish persistent access and deliver additional malware. The report highlights detection opportunities, provides indicators of compromise, and stresses the importance...
AI meets the chain of command.
Cyber Command names a new head of AI. The UK introduces its long-delayed Cyber Security and Resilience Bill. Researchers highlight a critical Oracle Identity Manager flaw. Salesforce warns customers of a third-party data breach. Italys state-owned railway operator leaks sensitive information. SonicWall patches firewalls and email security devices. The US charges four individuals with conspiring to illegally export restricted Nvidia AI chips to China. The SEC drops its lawsuit against SolarWinds. NSO group claims a permanent injunction could cause irreparable and potentially existential harm. Maria Varmazis of the T-Minus Space Daily show sits down with General Daniel Karbler (Ret.) to...
In this special episode of Threat Vector, host David Moulton, Senior Director of Thought Leadership for Unit 42, sits down with Stav Setty, Principal Researcher at Palo Alto Networks, to unpack Jingle Thief a cloud-only, identity-driven campaign that turned Microsoft 365 into a gift card printing press. Stav explains how the Morocco based group known as Atlas Lion lived off the land inside M365 for months at a time, using tailored phishing and smishing pages, URL tricks, and internal phishing to compromise one user and quietly pivot to dozens more. Together, David and Stav walk through how the attackers abused...
Eviction notice for Media Land.
The US and allies sanction Russian bulletproof hosting providers. The White House looks to sue states over AI regulations. The US Border Patrol flags citizens suspicious travel patterns. Lawmakers seek to strengthen the SECs cybersecurity posture. A new Android banking trojan captures content from end-to-end encrypted apps. A hidden browser API raises security concerns. Fortinet patches a zero-day. A Philippine former mayor gets life in prison for scam center human trafficking. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discussing why security data lakes are ideal for AI in the SOC. Green energy gets hijacked for a blockchain...
The oversized file that stalled the internet.
Cloudflares outage is rooted in an internal configuration error. The Trump administration is preparing a new national cyber strategy. CISA gives federal agencies a week to secure a new Fortinet flaw. MI5 warns that China is using LinkedIn headhunters and covert operatives to target lawmakers. Experts question the national security risks of TP-Link routers. The China-aligned PlushDaemon threat group hijacks software updates. Researchers discover WhatsApps entire global member directory accessible online without protection. LG Energy Solution confirms a ransomware attack. ShinySp1d3r makes its debut. Rotem Tsadok, Director of Security Operations and Forensics at Varonis, is sharing lessons learned from thousands...
A morning without Cloudflare.
Cloudflare suffers a major outage. Google issues an emergency Chrome update. Logitech discloses a data breach. CISA plans a major hiring push. The House renews the State and Local Cybersecurity Grant Program. The GAO warns military personnel are oversharing online. Tech groups urge governments worldwide to reject proposals that weaken or bypass encryption. Australian authorities blame outdated software for the death of a telecom customer. An alleged Void Blizzard hacker faces extradition to the US. Our guest is Kevin Kennedy from ManTech discussing the future battlefield and the importance of integrating non-kinetic effects. AI meets the IRS. What could possibly...
Fraud and Identity [CISO Perspectives]
Managing identity has been an evolving challenge as networks have only continued to grow and become more sophisticated. In this current landscape, these challenges have only become further exacerbated with new emerging technologies. In this episode of CISO Perspectives, host Kim Jones sits down with Richard Bird from Singular AI to discuss this evolving paradigm. Throughout this conversation, Kim and Richard tackle how managing identity has evolved and how security leaders can get ahead of AI to better secure their systems and networks. Want more CISO Perspectives? Check out a companionblog postby our very own Ethan Cook, where he breaks...
The rise of AI-driven cyber offense.
The Pentagon is spending millions on AI hacking. The New York Times investigates illicit crypto funds. Researchers uncover widespread remote code execution flaws in AI inference engines. Police in India arrest CCTV hackers. Payroll Pirates use Google Ads to steal credentials and redirect salaries. A large-scale brand impersonation campaign delivers Gh0st RAT to Chinese-speaking users.A bitcoin mining company CEO gets scammed. Monday biz brief. On our Industry Voices segment with our Knowledge Partner SpecterOps, Chief Technology Officer Jared Atkinson is discussing Attack Path Management: Identities in Transit. Bitcoin big wigs learn to bite through plastic. Remember to leave us a...
Chenxi Wang: Overcoming the obstacle of fear. [Venture Capital] [Career Notes]
Please enjoy this encore of Career Notes. Founder and general partner of Rain Capital, Chenxi shares her story and how she conquered and got over the obstacle of fear to reach her goals in life. "I realized a lot of times my obstacle is my own fear rather than a real obstacle" Wang states, she also shares her story of breaking glass ceilings as a female founder and working in the field of cybersecurity. She hopes to be remembered for being a kind person and developing her own venture fund, as she shares her story to the top, she states...
When clicks turn criminal. [Research Saturday]
Dr. Rene Burton, Vice President of Threat Intelligence from Infoblox, is sharing the team's work on "Deniability by Design: DNS-Driven Insights into a Malicious Ad Network." Infoblox returns with new threat actor research uncovering Vane Viper, a Cyprus-based holding company behind PropellerAdsone of the worlds largest advertising networks. The report reveals that Vane Viper isnt just being exploited by criminals but operates as a criminal infrastructure itself, built to profit from fraud, malware, and disinformation through offshore entities and complex ownership structures. The findings highlight the growing convergence between adtech, cybercrime, and state-linked influence operations, suggesting that elements of the...
Operation spyGPT.
Anthropic reports China-linked hackers used Claude AI in an automated espionage campaign. Google reconsiders its upcoming Developer Verification policy for Android. AT&T customers affected by two data breaches in 2024 can now file claims. Nearly 10,000 Washington Post employees were affected by a data breach. ASUS and Imunify360 patch critical flaws. DoorDash discloses a data breach. Checkout.com donates the ransom to researchers. Kraken ransomware benchmarks systems before encryption. Mike Arrowsmith, Chief Trust Officer of NinjaOne, shares his thoughts on how cyber may be heading for its California fire insurance moment. AI ChatBot toys behave badly. Remember to leave us a...
404: Cybercrime not found.
Operation Endgame expands global takedowns. The U.S. is creating a Scam Center Strike Force. Microsoft rolls out its delayed Prevent screen capture feature for Teams. Proton Pass patches a clickjacking flaw. Researchers uncover previously undisclosed zero-day flaws in both Citrix and Cisco Identity Services Engine. Android-based digital picture frames contain multiple critical vulnerabilities. Lumma Stealer rebounds after last months doxxing campaign. Our guest is Garrett Hoffman, Senior Manager of Cloud Security Engineering from Adobe, talking about achieving cloud security at scale. X marks the spot where your passkey stops working. Remember to leave us a 5-star rating and review in...
Closing cracks before hackers do.
Patch Tuesday. Google sues a phishing-as-a-service network linked to global SMS scams, and launches private ai compute. Hyundai notifies vehicle owners of a data breach. Amazon launches a bug bounty program for its AI models. The Rhadamanthys infostealer operation has been disrupted. An initial access broker is set to plead guilty in U.S. federal court. Our guest is Bob Maley, CSO from Black Kite, discussing a new AI assessment framework. Bitcoin Queens $7.3 billion crypto laundering empire collapses. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence...
Transitioning from service to civilian life. [T-Minus Deep Space]
Lieutenant Rob Sarver and Alex Gendzier are the authors of Warrior to Civilian: The Field Manual for the Hero's Journey, the definitive guide to transition to civilian life for veterans and their spouses and families. The book aims to provide actionable advice to veterans looking for work, while coaching those in hiring positions to give veterans the fair shake they deserve after serving our country. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our...
The changing face of fraud. [CISO Perspectives]
Fraud has always been a consistent challenge. As the world has continued to become increasingly interconnected and as new technologies have become widely available, threat actors have continued to evolve their tactics. In this episode of CISO Perspectives, host Kim Jones sits down with Mel Lanning from the Better Business Bureau to discuss fraud and how it has been evolving in recent years. From exploiting cryptocurrencies to utilizing emerging technologies, Kim and Mel look into how threat actors are changing and refining tactics in the current threat landscape. This episode of N2K Pro's CISO Perspectives podcast is brought to you...
Rebooting the government, one cyber law at a time.
Ending the government shutdown revives an expired cybersecurity law. The DoD finalizes a new model for building U.S. military cyber forces. A North Korean APT exploits Google accounts for full device control. The EU dials back AI protections in response to pressure from Big Tech companies and the U.S. government. Researchers discover a critical vulnerability in the Monsta FTP web-based file management tool. The Landfall espionage campaign targets Samsung Galaxy devices in the Middle East. Five Eyes partners fret eroding cooperation on counterintelligence and counterterrorism. Israeli spyware maker NSO Group names the former U.S. ambassador to Israel as its new...
Michael DeBolt: From acting to cyber. [Intelligence] [Career Notes]
Please enjoy this encore of Career Notes. Chief intelligence officer at Intel 471, Michael shares his story where he started as an actor and quickly changed over to intelligence and what the transition was like for him. Michael grew up wanting to be an actor and even was able to land some acting jobs, after going into the Marine Corps he decided to leave acting behind and start a new path in his journey. He says looking for a purpose really helped to shape him, saying "looking back on it, I feel like my life purpose has really been all...
A fine pearl gone rusty. [Research Saturday]
Tal Peleg, Senior Product Manager, and Coby Abrams, Cyber Security Researcher of Varonis, discussing their work and findings on Rusty Pearl - Remote Code Execution in Postgres Instances. The flaw could allow attackers to execute arbitrary commands on a database servers operating system, leading to potential data theft, destruction, or lateral movement across networks. While the vulnerability existed in PostgreSQL, Amazon RDS and Aurora were not affected, thanks to built-in protections like SELinux and AWSs automated threat detection. Still, the research underscores the importance of patching and configuration hygiene in managed database environments. The research can be found here: Rusty...
Legislating in the shadow of hackers.
The CBO was hacked by a suspected foreign actor. Experts worry Trumps budget cuts weaken U.S. cyber defenses. Regulation shapes expectations. ClickFix evolves on macOS. Notorious cybercrime groups form a new federated alliance. Congressional leaders look to counter Chinas influence in 6G networks. An EdTech firm pays $5.1 million to settle data breach claims. Nevada did not pay the ransom. Our guest is CEO and Co-Founder Ben Nunez from Evercoast, winner of the 8th Annual DataTribe Challenge. The FBI tries to uncover the archivist. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an...
The role of AI in Zero Trust. [CyberWire-X]
Zero Trust has been top of mind for years, but how is AI changing what that actually looks like in practice? In this episode of CyberWire-X, Dave Bittner is joined by Deepen Desai, Chief Security Officer at Zscaler, to discuss the transformative impact of AI on Zero Trust security frameworks. The discussion outlines how AI enhances threat prevention, automates data discovery, and improves user experience while addressing the practical financial implications of adopting AI in security. Hear how organizations must embrace AI to stay competitive and secure against evolving threats. For additional resources on Zero Trust + AI, visit Zscaler's...
Stomping out critical bugs.
Cisco patches critical vulnerabilities in its Unified Contact Center Express (UCCX) software. CISA lays off 54 employees despite a federal court order halting workforce reductions. Gootloader malware returns. A South Korean telecom is accused of concealing a major malware breach. Russias Sandworm launches multiple wiper attacks against Ukraine. China hands out death sentences to scam compound kingpins. My guest is Dr. Sasha O'Connell, Senior Director for Cybersecurity Programs at Aspen Digital. Metas moral compass points to profit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup,...
From small charges to big busts.
Operation Chargeback takes down global fraud networks. An investigation reveals the dangers of ADINT. M&S profits plunge after a cyberattack. Google patches a critical Android flaw. Asian prosecutors seize millions from an accused Cambodian scam kingpin. Ohio residents are still guessing water bills months after a cyberattack. Houston firefighters deny blame in city data breach. Nikkei reports a slack breach exposing 17,000 records.The GoogleWiz deal clears DOJ review. Ann Johnson welcomes her Microsoft colleague Frank X. Shaw to Afternoon Cyber Tea. Norway parks its Chinese Bus in a cave, just in case. Remember to leave us a 5-star rating and...
A storm brews behind the firewall.
China-Linked hackers target Cisco firewalls. MIT Sloan withdraws controversial AI-Driven Ransomware paper. A new study questions the value of cybersecurity training. Hackers exploit OpenAIs API as a malware command channel. Apple patches over 100 Security flaws across devices. A Florida-based operator of mental health and addiction treatment centers exposes sensitive patient information. OPM plans a mass deferment for Cybercorps scholars affected by the government shutdown. Lawmakers urge the FTC to investigate Flock Safetys cybersecurity gaps. Cybercriminals team with organized crime for high-tech cargo thefts. Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies discussing ICEs controversial...
Privacy needs where you least expect it. [CISO Perspectives]
When discussing privacy risks, many often look to implementing strong encryption, secure data storage practices, and data sanitization processes to help ensure sensitive information remains protected. Though these practices are good and should be prioritized, many often miss other key areas that need just as much focus. As the internet of things has only continued to grow larger and larger, so has the risk these devices inherently create as they collect and store more information than many would instinctively assume. In this episode of CISO Perspectives, host Kim Jones sits down with Merry Marwig, the Vice President of Global Communications...
FCC resets cyber oversight.
The FCC plans to roll back cybersecurity mandates that followed Salt Typhoon. The alleged cybercriminal MrICQ has been extradited to the U.S. Ransomware negotiators are accused of conducting ransomware attacks. Ernst & Young accidentally exposed a 4-terabyte SQL Server backup. A hacker claims responsibility for last weeks University of Pennsylvania breach. The UK chronicles cyberattacks on Britains drinking water suppliers. Monday business brief. Our guest is Caleb Tolin, host of Rubrik's Data Security Decoded podcast. Hackers massage the truth. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily...
Arti Lalwani: Supporting and being the change. [Risk Management] [Career Notes]
Risk Management and Privacy Knowledge Leader at A-LIGN, Arti Lalwani shares her story from finance to risk management and how she made the transition. Arti started her career in finance after graduating with a finance degree. Quickly learning the field was not for her, she decided to dip her toes into the tech world. She credits her mentors for helping her and said "they were able to push me up and get me there faster than I even thought." Arti says that she would like to be a part, and hopes to be apart, of the change where women are...
Attack of the automated ops. [Research Saturday]
Today we are joined by Dario Pasquini, Principal Researcher at RSAC, sharing the team's work on WhenAIOpsBecome AI Oops: Subverting LLM-driven IT Operations via Telemetry Manipulation. A first-of-its-kind security analysis showing that LLM-driven AIOps agents can be tricked by manipulated telemetry, turning automation itself into a new attack vector. The researchers introduce AIOpsDoom, an automated reconnaissance + fuzzing + LLM-driven telemetry-injection attack that performs adversarial reward-hacking to coerce agents into harmful remediationseven without prior knowledge of the target and even against some prompt-defense tools. They also present AIOpsShield, a telemetry-sanitization defense that reliably blocks these attacks without harming normal agent...
CISAs steady hand in a stalled senate.
CISA says cooperation between federal agencies and the private sector remains steady. Long-standing Linux kernel vulnerability in active ransomware campaigns confirmed. A Chinese-linked group targets diplomatic organizations in Hungary, Belgium, and other European nations. A government contractor breach exposes data of over 10 million Americans. Luxury fashion brands fall victim to impersonation scams. Phishing shifts from email to LinkedIn. Advocacy groups urge the FTC to block Meta from using chatbot interactions to target ads. A man pleads guilty to selling zero-days to the Russians. Emily Austin, Principal Security Researcher at Censys, discusses why nation state attackers continue targeting critical infrastructure....
The Malware Mash!
Happy Halloween from the team at N2K Networks! We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video here. Lyrics I was coding in the lab late one night when my eyes beheld an eerie sight for my malware threat score began to rise and suddenly to my surprise... It did the Mash It did the Malware Mash The Malware Mash It was a botnet smash It did the Mash It caught on 'cause of Flash The Malware Mash It did the Malware Mash From the Stuxnet worm squirming toward...
Dial M for malware.
A Texas telecom confirms a nation-state attack. A global outage disrupts Azure and Microsoft 365 services. Malicious npm packages steal sensitive data from Windows, Linux, and macOS systems. Hacktivists have breached multiple critical infrastructure systems across Canada. Major chipmakers spill the TEE. TP-Link home routers fall under federal scrutiny. Cloud Atlas targets Russias agricultural sector. Israels cloud computing deal with Google and Amazon allegedly includes a secret winking mechanism.The FCC tamps down on overseas robocalls. Mike Anderson, from Netskope, discusses why CIOs should think like HR leaders when considering Agentic AI. Danes Draw the line at digital doppelgngers. Remember to...
Logging off in Myawaddy.
Explosions rock a shuttered Myanmar cybercrime hub. The Aisuru botnet shifts from DDoS to residential proxies. Dentsu confirms data theft at Merkle. Boston bans biometrics. Proton restores journalists email accounts after backlash. Memento labs admits Dante spyware is theirs. Australia accuses Microsoft of improperly forcing users into AI upgrades. CISA warns of active exploitation targeting manufacturing management software. A covert cyberattack during Trumps first term disabled Venezuelas intelligence network. Our guest is Ben Seri, Co-Founder and CTO of Zafran, discussing the trend of AI native attacks. New glasses deliver fashionable paranoia. Remember to leave us a 5-star rating and review...
Windows servers under siege
WSUS attacks escalate as emergency patch fails to fully contain exploited flaw. Schneider Electric and Emerson are listed among victims in the Oracle EBS cyberattack. Google debunks reports of a massive GMail breach. A new banking trojan mimics human behavior for stealth. Swedens power grid operator confirms a cyberattack. Italian spyware targets Russian and Belarusian organizations. The U.S. declines to sign the new UN cyber treaty. Ransomware payments fall to record lows. U.S. Cyber Chief calls for a clean American tech stack to counter China's global surveillance push. On today's Threat Vector segment, David Moulton speaks with two cybersecurity leaders...
The impact of data privacy on cyber. [CISO Perspectives]
Privacy is one of the most universally valued rights. Yet, despite its importance, data breaches exposing millions of people's sensitive information have become routine. Many have come to assume that their personal data has already been, or inevitably will be, compromised. Despite this reality, prioritizing privacy is more important than ever. In this episode of CISO Perspectives, host Kim Jones sits down with Kristy Westphal, the Global Security Director of Spirent Communications, to explore data privacy's impacts on cybersecurity efforts. Together, Kristy and Kim discuss why privacy cannot be an afterthought but rather must be something actively addressed through proactive...
The UNs big push for global cybercrime rules.
The UN launches the worlds first global treaty to combat cybercrime. A House Democrats job portal left security clearance data exposed online. A new data leak exposes 183 million email addresses and passwords. Threat actors target Discord users with an open-source red-team toolkit. A new campaign targets unpatched WordPress plugins. The City of Gloversville, New York, suffers a ransomware attack. Jen Easterly hopes AI could eliminate the buggy software that fuels cybercrime. A Connecticut health system agrees to an $18 million settlement following a ransomware attack. Monday business brief. Tim Starks from CyberScoop is discussing concerns over budget cuts and...
Derek Manky: Putting the rubber to the road. [Threat Intelligence] [Career Notes]
Please enjoy this encore of Career Notes. Chief Security Strategist and VP of Global Threat Intelligence at FortiGuard Labs, Derek Manky, shares his story from programmer to cybersecurity and how it all came together.Derek started his career teaching programming because he had such a passion for it. When he joined Fortinet, Derek said putting where it "really started putting the rubber to the road and connecting my previous experience with programming and debugging and knowledge of operating systems and all that with real-world applications." Derek advises that it doesn't need to be complicated getting into the cybersecurity field and that...
A look behind the lens. [Research Saturday]
Noam Moshe, Clarotys Vulnerability Research Team Lead, joins Dave to discuss Team 82's work on "Turning Camera Surveillance on its Axis." Team82 disclosed four vulnerabilities in Axis.Remotingdeserialization, a MiTM pass-the-challenge NTLMSSP flaw, and an unauthenticated fallback HTTP endpointthat enable pre-auth remote code execution against Axis Device Manager and Axis Camera Station. They found more than 6,500 Axis.Remoting services exposed online (over half in the U.S.), letting attackers enumerate targets, install malicious Axis packages, and hijack, view, or shut down managed camera fleets.Axis published an urgent advisory, issued patches for ADM 5.32, Camera Station 5.58 and Camera Station Pro 6.9, accepted...
The spy who sold out.
A former defense contractor is charged with attempting to sell trade secrets to Russia. Researchers uncover critical vulnerabilities in TP-Link routers. Microsoft patches a critical Windows Server Update Service flaw. CISA issues eight new ICS advisories. Shadow Escape targets LLMs database connections. Halloween-themed scams spike. Our guest is Chris Inglis, first National Cyber Director, speaking on cybercrime and the upcoming documentary on cyber war, "Midnight in the War Room". WhatsApps missing million-dollar exploit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll...
Cyber solidarity on the chopping block.
CISA Layoffs threaten U.S. cyber coordination with states, businesses, and foreign partners. Google issues its second emergency Chrome update in a week, and puts Privacy Sandbox out of its misery. OpenAIs new browser proves vulnerable to indirect prompt injection. SpaceX disables Starlink devices used by scam compounds. Reddit sues alleged data scrapers. Blue Cross Blue Shield of Montana suffers a data breach. A new Android infostealer abuses termux to exfiltrate data. Irans MuddyWater deploys a wide-ranging middle east espionage campaign. Were joined by Lauren Zabierek and Camille Stewart Gloster discussing the next evolution of #ShareTheMicInCyber. When customer service fails, try...
Hackers peek behind the nuclear curtain.
A foreign threat actor breached a key U.S. nuclear weapons manufacturing site. The cyberattack on Jaguar Land Rover is the most financially damaging cyber incident in UK history. A new report from Microsoft warns that AI is reshaping cybersecurity at an unprecedented pace. The ToolShell vulnerability fuels Chinese cyber operations across four continents. Fake browser updates are spreading RansomHub, LockBit, and data-stealing malware. Hackers deface LA Metro bus stop displays. A Spyware developer is warned by Apple of a mercenary spyware attack. Pwn2Own payouts proceed. Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on a...
The SMB slip-up.
CISA warns a Windows SMB privilege escalation flaw is under Active exploitation. Microsoft issues an out of band fix for a WinRE USB input failure. Nation state hackers had long term access to F5. Envoy Air confirms it was hit by the zero-day in Oracles E-Business Suite. A nonprofit hospital system in Massachusetts suffers a cyberattack. Russians COLDRiver group rapidly retools its malware arsenal. GlassWorm malware hides malicious logic with invisible Unicode characters. European authorities dismantle a large-scale Latvian SIM farm operation. Myanmars military raids a notorious cybercrime hub. Josh Kamdjou, from Sublime Security discusses how teams should get ahead...
Regulation takeaways with Ethan Cook. [CISO Perspectives]
On this episode, host Kim Jones is joined by Ethan Cook, N2Ks lead analyst and editor, for a deeper, more reflective conversation on cybersecurity regulation, privacy, and the future of policy. This episode steps back from the news cycle to connect the dots and explore where the regulatory landscape is heading and why it matters. Ethan, who will join the show regularly this season to provide big-picture analysis after major policy conversations, shares his perspective on the evolving balance between government oversight, innovation, and individual responsibility. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our...
The day the cloud got foggy.
An AWS outage sparks speculation. An F5 exposure and breach raise patching and supply-chain concerns. Salt Typhoon breaches a European telecom via a Netscaler flaw. A judge bans NSO Group from Whatsapp. China alleges irrefutable evidence of NSA hacking. Connectwise patches adversary in the middle risks. A Dolby decoder flaw enables zero-click remote code execution on Android. A Cyber M&A and funding surge signals a busy consolidation cycle. Our guest Jeff Collins, CEO of WanAware, sharing how hospital consolidations are reshaping IT asset visibility and what it takes to close these gaps. One mans quest to make AI art legit....
Kristin Strand: Be firm in your goals. [Consultant] [Career Notes]
Please enjoy this encore of Career Notes. Cybersecurity Associate Consultant at BARR Advisory, Kristin Strand, shares her journey from the military to teaching and now to cybersecurity.Kristin shares how she'd wanted to be a teacher since she was young. She joined the Army to help pay for college and throughout her career has taken advantage of programs to help her move on to her next challenge. From teaching, Kristin decided to transition to IT and came to cybersecurity through a Department of Labor program. She's also currently training to be a drill sergeant. Kristin advises you stand firm to your...
Smile for the malware. [Research Saturday]
Eclypsium researchers Jesse Michael and Mickey Shkatov to share their work on "BadCam - Now Weaponizing Linux Webcams." Eclypsium researchers disclosed BadCam, a set of vulnerabilities in certain Lenovo USB webcams that run Linux and do not validate firmware signatures, allowing attackers to reflash the devices and turn them into BadUSB-style tools. An adversary who supplies a backdoored camera or who gains remote code execution on a host can weaponize the webcam to emulate human-interface devices, inject keystrokes, deliver payloads, and maintain persistence even re-infecting systems after OS reinstalls. The findings were presented at DEF CON 2025, Lenovo issued updated...
Prospers not so prosperous week.
Prosper data breach reportedly affected more than 17 million accounts. Microsoft revokes certificates used in Rhysida ransomware operation. Threat actors exploit Cisco flaw to deploy Linux rootkits. Europol disrupts cybercrime-as-a-service operation. BeaverTail and OtterCookie merge and display new functionality. Singapore cracks down on social media. On our Industry Voices segment, we are joined by Danny Jenkins who is talking about defending against AI. And who let the bots out? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat....
When hackers go BIG in cyber espionage.
F5 discloses long-term breach tied to nation-state actors. PowerSchool hacker receives a four-year prison sentence. Senator scrutinizes Cisco critical firewall vulnerabilities. Phishing campaign impersonates LastPass and Bitwarden. Credential phishing with Google Careers. Reduce effort, reuse past breaches, recycle into new breach. Qilin announces new victims. Manoj Nair, from Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. And AI faces the facts. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never...
Prince of fraud loses crown.
A record-breaking Bitcoin seizure. Patch Tuesday notes. Capita fined for unlawful access to personal data. Unity site skimmed by malicious script. Vietnam Airlines breached potentially exposing 20 million passengers. An automotive giant experiences a third-party breach. Tim Starks from CyberScoop is discussing how Sen. Peters tries another approach to extend expired cyber threat information-sharing. In our latest Threat Vector, David Moulton sits down with Harish Singh about hybrid work. And inside North Korea's blueprints for deception. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily...
When GoAnywhere goes wrong.
Fortra confirms an exploitation of the maximum-severity GoAnywhere flaw. Harvard investigates a claim of a breach. Banking Trojan targets Brazilian WhatsApp users. Reduction-in-force hits CISA. SimonMed says 1.2 million hit by Medusa ransomware. Netherlands invokes the Goods Availability Act against a Chinese company. We have our Business Breakdown. On todays Industry Voices, we are joined by Mickey Bresman sharing insights on hybrid identity security. And, beware of the shuffler. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat....
What Happened to Hacker Culture? [Threat Vector]
While the N2K team is observing Indigenous Peoples' Day, we thought you'd enjoy this episode of the Threat Vector podcast from our N2K Cyberwire network partner, Palo Alto Networks. New episodes of Threat Vector release each Thursday. We hope you will explore their catalog and subscribe to the show. Join David Moulton, Senior Director of Thought Leadership for Unit 42, as he sits down with Kyle Wilhoit,Technical Director of Threat Research at Unit 42, for an intimate conversation about the evolution of hacker culture and cybersecurity. From picking up 2600: The Hacker Quarterly magazines at Barnes & Noble and building...
Chetan Conikee: Create narratives of your journey. [CTO] [Career Notes]
Please enjoy this encore of Career Notes. Founder and CTO of ShiftLeft, Chetan Conikee shares his story from computer science to founding his own company.When choosing a career, Chetan notes that "the liking and doing has to matter and be in conjunction with each other." Explaining the parallels in his home country of India and where he studied his for his masters in the US, Chetan stresses the need to find someone who inspires you to follow and learn from. On being an entrepreneur, he says, "The entrepreneurial mindset is a sum total of many sufferings that lead to success."...
No honor among thieves. [Research Saturday]
John Fokker, Head of Threat Intelligence at Trellix is discussing "Gang Wars: Breaking Trust Among Cyber Criminals." Trellix researchers reveal how the once-organized ransomware underworld is collapsing under its own paranoia.
Once united through Ransomware-as-a-Service programs, gangs are now turning on each other staging hacks, public feuds, and exit scams as trust evaporates. With affiliates jumping ship and rival crews sabotaging each other, the RaaS model is fracturing fast, signaling the beginning of the end for ransomwares criminal empires.
The research can be found here:
Gang Wars: Breaking Trust Among Cyber Criminals
Learn more about your ad choices. Visit megaphone.fm/adchoices
When the breachers get breached.
International law enforcement take down the Breachforums domains. Researchers link exploitation campaigns targeting Cisco, Palo Alto Networks, and Fortinet. Juniper Networks patches over 200 vulnerabilities. Apple and Google update their bug bounties. Evaluating AI use in application security (AppSec) programs. Microsegmentation can contain ransomware much faster and yield better cyber insurance terms. The new RondoDox botnet exploits over 50 vulnerabilities. Researchers tag 13 unpatched Ivanti Endpoint Manager flaws. Our guest is Jason Manar, CISO of Kaseya, sharing his insight into how the private and public sectors can work together for national security. Hackers mistake a decoy for glory. Remember to...
Cyber defenders pulled into deportation duty.
DHS reassigns cyberstaff to immigration duties. A massive DDoS attack disrupts several major gaming platforms. Discord refuses ransom after a third-party support system breach. Researchers examine Chaos ransomware and creative log-poisoning web intrusions. The FCC reconsiders its telecom data breach disclosure rule. Experts warn of teen recruitment in pro-Russian hacking operations. Ukraines parliament approves the establishment of Cyber Forces. Troy Hunt criticizes data breach injunctions as empty gestures. Our guest is Sarah Graham from the Atlantic Councils Cyber Statecraft Initiative (CSI) discussing their report, "Mythical Beasts: Diving into the depths of the global spyware market." And, Spy Dogs secret site...
Chinese hackers serve up espionage.
Chinese hackers infiltrate a major U.S. law firm. The EU Commission President warns Russia is waging a hybrid war against Europe. Researchers say LoJax is the latest malware from Russias Fancy Bear. Salesforce refuses ransom demands. London Police arrest two teens over an alleged ransomware attack on a preschool. Microsoft tightens Windows 11 setup restrictions. SINET and DataTribe spotlight 2025 cybersecurity innovators. On our Industry Voices segment, we are joined by Sean Deuby, Semperis Principal Technologist, discussing identity system security and the growth of the HIP Conference. Employees overshare with ChatGPT. Remember to leave us a 5-star rating and review...
Critical GoAnywhere bug fuels ransomware wave.
Microsoft tags a critical vulnerability in Fortras GoAnywhere software. A critical Redis vulnerability could allow remote code execution. Researchers tie BIETA to Chinas MSS technology enablement. Competing narratives cloud the Oracle E-Business Suite breach. An Ohio-based vision care firm will pay $5 million to settle phishing-related data breach claims. Trinity of Chaos claims to be a new ransomware collective. LinkedIn files a lawsuit against an alleged data scraper. This years Nobel Prize in Physics recognizes pioneering research into quantum mechanical tunneling. On todays Industry Voices segment, we are joined by Alastair Paterson from Harmonic Security, discussing shadow AI and the...
Oracle zero-day serves up persistent access.
A critical zero-day in Oracle E-Business Suite is under active exploitation. ICE plans a major expansion of its social media surveillance operations. Discord confirms a third-party data breach. A critical vulnerability in the Unity game engine could allow arbitrary code execution. New variants of the XWorm remote access trojan spread through phishing campaigns. Researchers uncover a critical command injection flaw in Dell UnityVSA storage appliances. Theres been a sharp surge in reconnaissance scans targeting Palo Alto Networks login portals. A new hacking competition offers $4.5 million in prizes for exploits targeting major cloud and AI software. Monday Business Brief. On...
Sloane Menkes: What is the 2%? [Consultant] [Career Notes]
Please enjoy this encore of Career Notes. Principal in PricewaterhouseCoopers Cyber Risk and Regulatory Practice, Sloane Menkes, shares her story of how non-linear math helped to shape her life and career.Sloane credits a high school classmate for inspiring her mantra "What is the 2%?" that she employs when she feels like things are shutting down. She talks about her experiences in calculus class at the US AIr Force Academy that helped to enlighten her and inform the intuitive problem solving skill or way of thinking that she'd been employing in her life. She joined Office of Special Investigations and working...
2025 DataTribe Challenge: Forging the future of cyber. [Special Edition]
TheDataTribe Challengeis a launchpad for elite cybersecurity and cyber-adjacent startups ready to break out. 2025 marks the 8th annual edition of the event with a change in venue and some exciting new updates. We take you on a journey from inception withLeo Scott, Managing Director and Chief Innovation Officer atDataTribe, and 3 past DataTribe Challenge winners at different levels on their growth tracks following their participation in the event. You'll meetAnita D'Amico, former CEO of Code DX (acquired bySynopsisin 2021) and 2019 winner;Greg Baker, Co-Founder ofBalance Theoryand 2022 winner; andBrian Proctor, Founder and CEO ofFrenosand 2024 winner. Learn more about...
Assaf Dahan, Director of Threat Research, Cortex XDR, at Palo Alto Networks, discussing Phantom Taurus, a new China APT uncovered by Unit 42. Unit 42 researchers have identified Phantom Taurus, a newly designated Chinese state-aligned APT conducting long-term espionage against government and telecommunications organizations across Africa, the Middle East, and Asia. Distinguished by its stealth, persistence, and rare tactics, the group has recently shifted from email-focused data theft to directly targeting databases and deploying a powerful new malware suite called NET-STAR, designed to compromise IIS web servers and evade detection. This suite, featuring modular, fileless backdoors and advanced evasion capabilities,...
WhatsApp worm spreads.
A fast-spreading malware campaign is abusing WhatsApp as both lure and launchpad. Carmaker Renault suffers a data breach. DrayTek patches a critical router flaw. CISA alerts cover a range of vulnerabilities. A new phishing kit lowers the bar for convincing lures. A Catholic hospital network pays $7.6 million to settle data breach litigation. A major breach at FEMA exposes employee data. Google expands Gmails end-to-end encryption (E2EE) capabilities. On our Industry Voices segment, we are joined by Brian Vecci, Field CTO at Varonis, discussing move fast but dont break things: Innovating at light speed without putting data at risk. The...
CISA furlough sparks fears.
CISA furloughs most of its workforce due to the government shutdown. The U.S. Air Force confirms it is investigating a SharePoint related breach. Google warns of a large-scale extortion campaign targeting executives. Researchers uncover Android spyware campaigns disguised as popular messaging apps. An extortion group claims to have breached Red Hats private GitHub repositories. A software provider for recreational vehicle and power sport dealers suffers a ransomware breach. Patchwork APT deploys a new Powershell loader using scheduled tasks for persistence. A Tennessee Senator urges aggressive U.S. action to prepare for a post-quantum future. Cynthia Kaiser, SVP of Halcyons Ransomware Research...
When politics break the firewall.
Major federal cybersecurity programs expire amidst the government shutdown. Global leaders and experts convene in Riyadh for the Global Cybersecurity Forum. NIST tackles removable media. ICE buys vast troves of smartphone location data. Researchers claim a newly patched VMware vulnerability has been a zero-day for nearly a year. ClickFix-style attacks surge and spread across platforms. Battering RAM defeats memory encryption and boot-time defenses. A new phishing toolkit converts ordinary PDFs into interactive lures. A trio of breaches exposes data of 3.7 million across North America. Tim Starks from CyberScoop unpacks a report from Senate Democrats on DOGE. The Lone Star...
One flaw to rule the root.
CISA issues an urgent warning about active exploitation of a critical vulnerability in the sudo utility. Broadcom patches two high-severity vulnerabilities in VMware NSX. South Korea raises its national cyber threat level after a datacenter fire. Formbricks patches a critical token validation flaw. Microsoft blocks a credential phishing campaign that made use of malicious SVG files. Landlords are accused of scraping sensitive payroll data. Cybercriminals lay the groundwork for large-scale FIFA fraud. Burnout takes a heavy toll on cybersecurity professionals. On our Threat Vector segment, host David Moulton is joined by Kyle Wilhoit talking about the evolution of hacker culture...
The November that never ended.
A Chinese state-sponsored group exploited enterprise devices in a global espionage effort. The UK Government guarantees 1.5 billion financing to help Jaguar Land Rovers recovery efforts. A maximum-severity flaw in Fortras GoAnywhere Managed File Transfer product is under active exploitation. The AI boom faces sustainability questions. Akira ransomware bypasses MFA on SonicWall devices. Dutch teens are arrested for allegedly spying for Russia. Luxury retailer Harrods confirms a data breach. An Interpol crackdown targets African cybercrime rings. Weve got our Monday business briefing. Brandon Karpf joins us to discuss the cybersecurity ecosystem in Japan. Cyber crooks offer a BBC journalist an...
Joe Carrigan: Build your network. [Security engineer] [Career Notes]
Please enjoy this encore of Career Notes. Senior security engineer with the Johns Hopkins University Information Security Institute and the Institute for Assured Autonomy, Joe Carrigan, shares what he calls his life mistake and what spurred him to finally choose a career in technology.Throughout his life, Joe had interest in technology, he even worked at the computer lab in college, but never set his sights on that for a career. A conversation with a stranger guided him in that direction and he's been there ever since. As co-host of the CyberWire's Hacking Humans, Joe sees some heartbreaking results of scams...
Sunny-side spyware. [Research Saturday]
This week, we are joined by Martin Zugec, Technical Solutions Director from Bitdefender, sharing their work and findings on "EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company. A newly identified Chinese APT group has been observed deploying a sophisticated, fileless malware framework called EggStreme against a Philippine military company. The multi-stage toolkit uses DLL sideloading and in-memory execution to evade detection, with its core backdoor, EggStremeAgent, enabling reconnaissance, lateral movement, keylogging, and data theft. Researchers note the campaigns persistence and stealth highlight professional, geopolitically motivated espionage activity linked to Chinese national interests. The research can be...
CISA sounds the alarm on Cisco flaws.
CISA gives federal agencies 24 hours to patch a critical Cisco firewall bug. Researchers uncover the first known malicious MCP server used in a supply chain attack. The New York SIM card threat may have been overblown. Microsoft tags a new variant of the XCSSET macOS malware. An exposed auto insurance claims database puts PII at risk. Amazon will pay $2.5 billion to settle dark pattern allegations. Researchers uncover North Koreas hybrid playbook of cybercrime and insider threats. An old Hikvision security camera vulnerability rears its ugly head. Dan Trujillo from the Air Force Research Laboratorys Space Vehicles Directorate joins...
Critical GoAnywhere bug exposed.
Fortra flags a critical flaw in its GoAnywhere Managed File Transfer (MFT) solution. Cisco patches a critical vulnerability in its IOS and IOS XE software. Cloudflare thwarts yet another record DDoS attack. Rhysida ransomware gang claims the Maryland Transit cyberattack. The new Obscura ransomware strain spreads via domain controllers. Retailers use of generative AI expands attack surfaces. Researchers expose GitHub Actions misconfigurations with supply chain risk. Mandiant links the new BRICKSTORM backdoor to a China-based espionage campaign. Kansas students push back against an AI monitoring tool. Ben Yelin speaks with Michele Kellerman, Cybersecurity Engineer for Air and Missile Defense at...
AI to the rescue.
British authorities arrest a man in connection with the Collins Aerospace ransomware attack. CISA says attackers breached a U.S. federal civilian executive branch agency last year. Researchers uncover two high-severity vulnerabilities in Supermicro server motherboards. A Las Vegas casino operator confirms a cyber attack. Analysts track multiple large-scale, automated email phishing campaigns. Libraesva issues an emergency patch for its Email Security Gateway. Our guest is Jason Clark, Chief Strategy Officer (CSO) at Cyera, tackling the security threat of Agentic AI. Robocars get misdirected by mirrors. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss...
Espionage in the airwaves.
The Secret Service dismantles an illegal network. Jaguar Land Rover (JLR) extends the shutdown production plants. The EU probes tech giants over online scams. Iranian APT Nimbus Manticore expands operations in Europe. North Korean Kimsuky deploys a shortcut-based espionage campaign. Github and Ruby Central roll out supply-chain security upgrades. Lastpass warns of macOS ClickFix campaign using fake GitHub repos. AT&Ts CISO warns hackers mimic Salt Typhoon's unconventional tactics. CISO Perspectives host Kim Jones previews the upcoming season. An attorney pays $10K for AI hallucinations. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an...
Grounded by ransomware.
A major ransomware attack disrupts airport operations across Europe. Congress is on the verge of letting major cyber legislation expire. A critical flaw nearly allowed total compromise of every Entra ID tenant. Automaker Stellantis confirms a data breach. Fortra patches a critical flaw in its GoAnywhere MFT software. Europol leads a major operation against online child sexual exploitation. Three of the cybersecurity industrys biggest players opt out of MITREs 2025 ATT&CK Evaluations. A compromised Steam game drains a cancer patients donations. Business Breakdown. Andrzej Olchawa and Milenko Starcik from VisionSpace join Maria Varmazis, host of T-Minus Space on hacking satellites....
Roselle Safran: So much opportunity. [Entrepreneur] [Career Notes]
Please enjoy this encore of Career Notes. CEO and Founder of KeyCaliber, Roselle Safran, takes us on her circuitous career journey from startup to White House and back to startup again.With a degree in civil engineering, Roselle veered off into a more technical role at a startup and she says "caught the startup bug." After convincing a hiring manager that she could learn on the job, she transitioned to computer forensics and started on the path of cybersecurity. Roselle worked in government for the Department of Homeland Security and then to the Executive Office of the President leading all of...
Browser attacks without downloads. [Research Saturday]
Today we are joined by Nati Tal, Head of Guardio Labs, discussing their work CAPTCHAgeddon or unmasking the viral evolution of the ClickFix browser-based threat. CAPTCHAgeddon Shaked Chens deep dive into the ClickFix fake-captcha wave reveals how a red-team trick morphed into a dominant, download-free browser threat that tricks users into pasting clipboard PowerShell/shell commands and leverages trusted infrastructure, including Google Scripts. Guardios DBSCAN-based payload clustering exposes distinct attacker toolkits and distribution paths from malvertising and compromised WordPress to social posts and Git repos and argues defenders need behavioral, intelligence-driven protections, not just signatures. The research can be found here:...
The email that tricked an AI.
OpenAI patches a ChatGPT flaw that could have exposed Gmail data. CISA documents malware exploiting two Ivanti Endpoint Manager Mobile (EPMM) flaws. WatchGuard patches a critical flaw in its Firebox firewalls. MI6 launches a dark web snitch site. The DoD looks to cut its cybersecurity job hiring time just 25 days. Researchers trick ChatGPT agents into solving CAPTCHAs. A UK teen faces accusations of being part of the Scattered Spider gang. The Senate confirms a new assistant secretary of defense for cyber policy. A former CIA officer is accused of selling classified information to private clients. Karin Ophir Zimet, Torq's...
Brute force break-in.
SonicWall confirms a breach in its cloud backup platform. Google patches a high-severity zero-day in Chrome. Updates on the Shai-Hulud worm. Chinese phishing emails impersonate the chair of the House China Committee. The UKs NCA takes the reins of the Five Eyes Law Enforcement Group. RevengeHotels uses AI to deliver VenomRAT to Windows systems. A major VC shares details of a recent ransomware attack. A lawsuit targets automated license plate readers. Our guest is Brock Lupton, Product Strategist at Maltego, discussing the human side of intelligence work. From mic check to malware, a crypto phishing story. Remember to leave us...
Code beneath the sand.
A new self-replicating malware infects the NPM repository. Microsoft and Cloudflare disrupt a Phishing-as-a-Service platform. Researchers uncover a new Fancy Bear backdoor campaign. The VoidProxy phishing-as-a-service (PhaaS) platform targets Microsoft 365 and Google accounts. A British telecom says its ransomware recovery may stretch into November. A new Rowhammer attack variant targets DDR5 memory. Democrats warn proposed budget cuts could slash the FBIs cyber division staff by half at a heated Senate Judiciary Committee hearing. On our Industry Voices segment, we are joined by Abhishek Agrawal from Material security discussing challenges of securing the Google Workspace. Pompompurin heads to prison. Remember...
AI chips flow east.
A controversial Trump administration deal gives the U.A.E. access to cutting-edge U.S. AI chips. FlowiseAI warns of a critical account takeover vulnerability. A new social engineering campaign impersonates Meta account suspension notices. A macOS Spotlight 0-day flaw bypasses Apples Transparency, Consent, and Control (TCC) protections. Are cost saving from outsourced IT services worth the risk? Poland boosts its cybersecurity budget after a surge in Russian-backed attacks. NTT Group joins the Comm-ISAC. Jaguar Land Rovers global shutdown continues. A data breach affects millions of customers of top luxury brands. On today's Threat Vector segment, David Moulton speaks with Palo Alto Networks...
The return of CISO Perspectives. [CISO Perspectives]
This season on CISO Perspectivesyour host, Kim Jones is digging into the issues shaping the future of cybersecurity leadership. From the regulations every CISO needs to understand, to the unexpected places privacy risks are emerging, to the new ways fraud and identity are collidingthese conversations will sharpen your strategies and strengthen your defenses. Industry leaders join the discussion to share their insights, challenges, and hard-earned lessons. Together, well connect the dots across regulation, privacy, fraud, leadership, and talenthelping you build a stronger, more resilient cybersecurity ecosystem. This is CISO Perspectives. Real conversations. Real strategies. Real impact. Learn more about your...
FBI botnet cleanup backfires.
FBI botnet disruption leaves cybercriminals scrambling to pick up the pieces. Notorious ransomware gangs announce their retirement, but dont hold your breath. Hacktivists leak data tied to Chinas Great Firewall. A new report says DHS mishandled a key program designed to retain cyber talent at CISA. GPUGate malware cleverly evades analysis. WhiteCobra targets developers with malicious extensions. North Koreas Kimsuky group uses AI to generate fake South Korean military IDs. My guest is Tim Starks from CyberScoop, discussing offensive cyber operations. A cyberattack leaves students hung out to dry. Remember to leave us a 5-star rating and review in your...
Helen Patton: A platform to talk about security. [CISO] [Career Notes]
Please enjoy this encore of Career Notes. Advisory CISO at Cisco, Helen Patton, shares that a combination of dumb luck, hard work and serendipity that got her to where she is today.Growing up in the country in Australia, Helen notes that computers were not really a thing. She happened into technology after moving to the US, as she was the only person in her office under 40. Of course she would be comfortable with computers and able to handle a database conversion, right? That launched her into a career that spanned supporting small nonprofits, working at one of the biggest...
Data leak without a click. [Research Saturday]
Today we are joined by Amanda Rousseau, Principal AI Security Researcher from Straiker, discussing their work on "The Silent Exfiltration: ZeroClick Agentic AI Hack That Can Leak Your Google Drive with One Email." Straikers research found that enterprise AI agents can be silently manipulated to leak sensitive data, even without user clicks or alerts. By chaining small gaps across tools like Gmail, Google Drive, and calendars, attackers achieved zero-click exfiltration, system mapping, and even policy rewrites. The findings highlight that excessive agent autonomy creates a new attack surface, requiring least-privilege design, runtime guardrails, and continuous red-teaming to stay secure. The...
WhatsAppened to Samsung?
Samsung patches a critical Android zero-day vulnerability. Microsoft resolves a global Exchange Online outage. CISA reaffirms its commitment to the CVE program. California passes a bill requiring web browsers to let users automatically send opt-out signals. Apple issues spyware attack warnings. The FTC opens an investigation into AI chatbots on how they protect children and teens. A hacker convicted of attempting to extort more than 20,000 psychotherapy patients is free on appeal. Our guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect M&A deal value and integrity. Schools face insider threats from students. Remember...
Cyber and AI take center stage.
The House passes a defense policy bill that includes new provisions on cybersecurity and artificial intelligence. Senator Wyden accuses Microsoft of gross cybersecurity negligence after a 2024 ransomware attack crippled healthcare giant Ascension. The White House shelves plans to split U.S. Cyber Command and the NSA. The Pentagon finalizes its long-awaited Cybersecurity Maturity Model Certification (CMMC 2.0) rule. Akira ransomware group targets SonicWall devices. Officials warn solar-powered highway infrastructure should be checked for hidden radios. The Atlantic Council maps the global spyware market. Researchers uncover serious flaws in Apples AirPlay. A European DDoS mitigation provider thwarts a record-breaking attack. My...
86 reasons to update.
Patch Tuesday. A data leak sheds light on North Korean APT Kimsuky. Apple introduces Memory Integrity Enforcement. Ransomware payments have dropped sharply in the education sector in 2025. A top NCS official warns ICS security lags behind, and a senator calls U.S. cybersecurity a hellscape. A Ukrainian national faces federal charges and an $11 million bounty for allegedly running multiple ransomware operations. Our guest is Jake Braun sharing the latest on Project Franklin. WhoFi makes WiFi a new spy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily...
Chalk one up for defenders.
The open source community heads off a major npm supply chain attack. The Treasury Department sanctions cyber scam centers in Myanmar and Cambodia. Scammers abuse iCloud Calendar invites to send callback phishing emails. Researchers discover a new malware variant exploiting exposed Docker APIs. Phishing attacks abuse the Axios user agent and Microsofts Direct Send feature. Plex warns users of a data breach. Researchers flag a surge in scans targeting Cisco ASA devices. CISA delays finalizing its incident reporting rule. The GAO says federal cyber workforce figures are incomplete and unreliable. Our guest is Kevin Magee, Global Director of Cybersecurity Startups...
Big tech, bigger fines.
The EU fines Google $3.5 billion over adtech abuses. Cloudflare blocks record-breaking Distributed Denial of Service (DDoS) attacks. The Salesforce-Salesloft breach began months earlier with GitHub access. Researchers say the new TAG-150 cybercriminal group has been active since March. Hackers use stolen secrets to leak more than 6,700 Nx private repositories. Subsea cable outages disrupt internet connectivity across India, Pakistan, and parts of the UAE. Monday Business Breakdown. On our Industry Voices segment Todd Moore, Global Vice President, Data Security at Thales, unpacks the perils of insider risk. Hackers claim Burger Kings security flaws are a real whopper. Remember to...
Andrew Maloney: Never-ending thirst for knowledge. [COO] [Career Notes]
Please enjoy this encore of Career Notes. COO and Co-Founder of Query. AI, Andrew Maloney, shares how the building blocks he learned in the military helped him get where he is today.Coming from a blue collar family with a minimal knowledge of computers, Andrew went into computer operations in the Air Force. While deployed to Oman just after the start of the Iraq War, Andrew said he got his break into security. That's where he learned the components that fit together in order to effectively secure an environment. Andrew's words of wisdom: You've got to keep pushing and you've got...
Dont trust that app! [Research Saturday]
Today we are joined by Selena Larson, co-host of Only Malware in the Building and Staff Threat Researcher and Lead Intelligence Analysis and Strategy at Proofpoint, sharing their work on "Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing." Proofpoint researchers have identified campaigns where threat actors use fake Microsoft OAuth apps to impersonate services like Adobe, DocuSign, and SharePoint, stealing credentials and bypassing MFA via attacker-in-the-middle phishing kits, mainly Tycoon. These attacks redirect users to fake Microsoft login pages to capture credentials, 2FA tokens, and session cookies, targeting nearly 3,000 Microsoft 365 accounts across 900 environments in 2025. Microsofts...
Wheels left spinning after cyber incident.
A cyberattack disrupts Bridgestones manufacturing operations. CISA warns of critical vulnerabilities in products used across multiple sectors. Additional cybersecurity firms confirm data exposure in the recent SalesforceSalesloft Drift attack. A configuration vulnerability in Sitecore products leads to remote code execution. HHS promises stricter enforcement of healthcare information access rules. Texas sues an education software provider over a December 2024 data breach. A federal jury orders Google to pay $425 million over improperly collected user data. Nations unite for global guidance on SBOMs. On our Industry Voices segment, we are joined by Aron Anderson, Enterprise Security Manager of Adobe, on embracing...
Chinas cyberstorm goes global.
Salt Typhoon marks Chinas most ambitious campaign yet. A major Google outage hit Southeastern Europe. A critical zero-day flaw in FreePBX gets patched. Scattered Lapsus$ Hunters claim the Jaguar Land Rover hack. Researchers uncover a major evolution in the XWorm backdoor campaign. GhostRedirector is a new China-aligned threat actor. CISA adds a pair of TP-Link router flaws to its Known Exploited Vulnerabilities (KEV) catalog. The feds put a $10 million bounty on three Russian FSB officers. Experts warn sweeping cuts to ODNI could cripple U.S. cyber defense. Our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation,...
Ransomware in the rearview.
Jaguar Land Rover suffers a major cyberattack. ICE gains access to a powerful spyware tool. Researchers find Fancy Bear snuffling around a new Outlook backdoor. Cloudflare and Palo Alto Networks confirm compromised Salesforce data. A researcher discovers an unsecured Navy Federal Credit Union (NFCU) server. A new ClickFix scam spreads MetaStealer malware. Specialty healthcare providers struggle to protect sensitive patient data. CISA appoints a new Executive Assistant Director for Cybersecurity. On Afternoon Cyber Tea, Ann Johnson and Harvards Amy Edmondson discuss how psychological safety helps cybersecurity teams speak up, spot risks, and learn from failure. Our guest today is Tim...
Blizzard warning: Amazon freezes midnight hack.
Researchers disrupt a cyber campaign by Russias Midnight Blizzard. The Salesloft Drift breach continues to ripple outward. WhatsApp patches a critical flaw in its iOS and Mac apps. A fake PDF editing tool delivers the TamperChef infostealer. A hacker finds crash data Tesla claimed not to have. Spain cancels a 10 million contract with Huawei. A fraudster bilks Baltimore for over $1.5 million. Weve got a breakdown of the latest Business news. In our Threat Vector segment, Michael Sikorski and guest ThomasP.Bossert explore the path from policy and national security strategy to building operational cyber defense. We preview our spicy...
Hot sauce and hot takes: An Only Malware in the Building special. [OMITB]
Welcome in! Youve entered, Only Malware in the Building but this time, its not just another episode. This is a special edition you wont want to miss. For the first time, our hosts are together in-studio and theyre turning up the heat. Literally. Join Selena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED, along withN2KNetworksDave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel, as they take on a fiery hot wings challenge while answering personal questions about themselves, their careers, and the stories that shaped them. Think youve seen them tackle malware mysteries before?...
Live from Black Hat: Ransomware, Responsible Disclosure, and the Rise of AI [Microsoft Threat Intelligence Podcast]
While our team is observing the Labor Day holiday in the US, we hope you will enjoy this episode of The Microsoft Threat Intelligence Podcast . New episodes airs on the N2K CyberWIre network every other Wednesday. In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is live from Black Hat 2025 with a special lineup of Microsoft security leaders and researchers. First, Sherrod sits down with Tom Gallagher, VP of Engineering and head of the Microsoft Security Response Center (MSRC). Tom shares how his team works with researchers worldwide, why responsible disclosure matters, and how programs...
The labor behind the labor. [Special Edition]
This Labor Day, were celebrating more than just a holiday. Join us in celebrating not just the work, but the people who make it possible the labor behind the labor.Were honoring the people who bring their creativity, dedication, and passion to every corner of N2K. The work you hear, read, and see from us doesnt happen by accident. Its the result of talented colleagues who pour themselves into their craft, often in ways that dont always get the spotlight. From shaping sound and refining scripts to building certification content and producing video, their labor is the heartbeat of what we...
Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes]
Please enjoy this encore of Career Notes. Social engineer and CEO of Hekate, Marina Ciavatta, shares her story of how people think her job is a la Mission Impossible coming from the ceiling with a rope and stealing stuff in the dead of the night. Marina does physical pentesting. Starting with an unused degree in journalism, Marina turned her talent for writing into a job as a content producer for a technology company and this appealed to her self-proclaimed nerdism. She fell in love with hacking and got into pentesting thanks to a friend. Marina recommends those interested in physical...
Cracks in the wall. [Research Saturday]
This week, we are joined by Jamie Levy, Director of Adversary Tactics at Huntress, who is discussing their work on "Active Exploitation of SonicWall VPNs." Huntress has released an urgent threat advisory on active exploitation of SonicWall VPNs, with attackers bypassing MFA, pivoting to domain controllers, and ultimately deploying Akira ransomware. The campaigns involve techniques such as disabling defenses, clearing logs, credential theft, and Bring Your Own Vulnerable Driver (BYOVD) attacks with legitimate Windows drivers. Organizations using SonicWall devices are strongly advised to disable SSL VPN access or restrict it via IP allow-listing, rotate credentials, and hunt for indicators of...
Ransomware sick day.
A suspected ransomware attack disrupts hundreds of Swedish municipalities. Google warns Gmail users of emerging cyberattacks tied to the ShinyHunters group. A malicious supply chain attack hits the npm registry. Senators press AFLAC for answers following a data breach. Law enforcement takedowns splinter the ransomware ecosystem. The FBI and Dutch police take down a major online fakeID marketplace. Florida proposes requiring healthcare providers to strengthen data breach preparedness and reporting. Our guest is Kathleen Peters, Chief Innovation Officer at Experian North America, explaining why AI is both accelerating and mitigating fraud. An affiliate army pushes fake casinos worldwide. Remember to...
Listening in on the listeners.
The FBI shares revelations on Salt Typhoons reach. Former NSA and FBI directors sound alarm on infrastructure cybersecurity gaps. Google is launching a new cyber disruption unit. A new report highlights cyber risks to the maritime industry. A Pennsylvania healthcare provider suffers a data breach affecting over six hundred thousand individuals. Citrix patches a critical vulnerability under active exploitation. The U.S. sanctions a North Korean-linked fraud network. Ransomware is rapidly evolving with generative AI. Our guest is Brandon Karpf, speaking with T-Minus host Maria Varmazis connecting three seemingly disparate stories. Who needs a tutor when youve got root access? Remember...
Whistle-blown and wide open.
A whistle-blower claims DOGE uploaded a sensitive Social Security database to a vulnerable cloud server. Allies push back against North Korean IT scams. ZipLine is a sophisticated phishing campaign targeting U.S.-based manufacturing. Researchers uncover a residential proxy network operating across at least 20 U.S. states. Flock Safety license plate readers face increased scrutiny. A new report chronicles DDoS through the first half of the year. LLM guard rails fail to defend against run-on sentences. A South American APT targets the Colombian government. Our guest is Harry Thomas, Founder and CTO at Frenos, on the benefits of curated and vetted AI...
Rolling the dice on cybersecurity.
A cyberattack disrupts state systems in Nevada. A China-linked threat actor targets Southeast Asian diplomats. A new attack method hides malicious prompts inside images processed by AI systems.Experts ponder preventing AI agents from going rogue. A new study finds AI is hitting entry-level jobs hardest. Michigans Supreme Court upholds limits on cell phone searches. Sen. Wyden accuses the judiciary of cyber negligence. CISA issues an urgent alert on a critical Git vulnerability. Hackers target Marylands transit services for the disabled. Our guest is Cristian Rodriguez, Field CTO for the Americas from CrowdStrike, examining the escalating three-front war in AI. A...
A farmers market of stolen data.
Farmers Insurance discloses a data breach affecting over a million people. Agentic AI tools fall for common scams. A new bill in Congress looks to revive letters of marque for the digital age. Cybercriminals target macOS users with the Shamos infostealer. New Android spyware masquerades as antivirus to target Russian business executives. CISA seeks public comments on SBOM updates. A major third party electronics manufacturer reports a ransomware attack. Salesforce patches multiple vulnerabilities in its Tableau products. Over 370,000 user Grok conversations were accidentally indexed by Google. Ben Yelin examines the UKs decision to drop digital backdoor requirements. WIRED gets...
Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes]
Please enjoy this encore of Career Notes. Senior Vice President and Executive in Residence with Rapid7 and Chairman for Cyversity, Julian Waits, grew up in the era of the Justice League and Superman and it shaped his career.Julian always wanted to do something where he could find a way to help society to basically help others. Starting out as a Baptist minister with aspirations of being a professional musician, Julian found it more practical to take some technology classes and practice his saxophone when he had time. His first tech job was at Texaco where he worked on early networks...
Beyond the smoke screen. [Research Saturday]
This week, we are joined by Dr. Rene Burton, VP of Infoblox Threat Intel, who is discussing their work on VexTrio, a notorious traffic distribution system (TDS) involved in digital fraud. The VexTrio investigation uncovers a massive global ad fraud and scam operation powered by just 250 virtual machines, tying it directly to named individuals and shell companies across Europe. The research exposes VexTrios full criminal supply chainincluding fake apps, dating scams, affiliate networks, and payment processorsalongside a powerful CDN infrastructure ranked among the worlds top 10k domains. It also calls on the adtech industry to take accountability for enabling...
A free speech showdown.
The FTC warns one countrys online safety may be anothers censorship. A new bipartisan bill aims to reduce barriers to federal cyber jobs. MURKY PANDA targets government, technology, academia, legal, and professional services in North America. MITRE updates their hardware weaknesses list. Customs and Border Protection conducts a record number of device searches at U.S. borders. A recent hoax exposes weaknesses in the cybersecurity communitys verification methods. A Houston man gets four years in prison for sabotaging his employers computer systems. A Florida-based provider of sleep apnea equipment suffers a data breach. Interpol dismantles a vast cybercriminal network spanning Africa....
Behind the lock lies a flaw.
Zero-day clickjacking flaws affect major password managers. The FBI warns that Russian state-backed hackers are exploiting a long-known Cisco flaw. Apple releases emergency patches for a zero-day flaw in the Image I/O framework. Home Depot faces a proposed class action lawsuit accusing it of secretly using facial recognition at self-checkout kiosks. A VPN browser extension has been exposed for secretly spying on users. Browser fingerprinting overtakes cookies as the dominant method of online tracking. Agentic AI browsers prove easily scammed. A Scattered Spider member earns 10 years in federal prison. Ron Zayas, CEO of Ironwall by Incogni, to discuss the...
Undoing the undo bug.
Microsoft releases emergency out-of-band (OOB) Windows updates. Trump targets NSAs leading AI and cyber expert in clearance revocations. A breach may have compromised the privacy of Ohio medical marijuana patients. Cybercriminals exploit an AI website builder to rapidly create phishing sites. Warlock ransomware operators target Microsofts SharePoint ToolShell vulnerability. Google and Mozilla patch Chrome and Firefox. European officials report two cyber incidents targeting water infrastructure. A federal appeals court has upheld fines against T-Mobile and Sprint for illegally selling customer location data. Authorities dismantle DDoS powerhouse Rapper Bot. On our Industry Voices segment, we are joined by Matt Radolec, VP...
Inside Intels internal web maze.
A researcher uncovers vulnerabilities across Intels internal websites that exposed sensitive employee and supplier data. The Kimsuky group (APT43) targets South Korean diplomatic missions. A new DDoS vulnerability bypasses the 2023 Rapid Reset fix. Drug development firm Inotiv reports a ransomware attack to the SEC. The UK drops their demand that Apple provide access to encrypted iCloud accounts. Hackers disguise the PipeMagic backdoor as a fake ChatGPT desktop app. The source code for a powerful Android banking trojan was leaked online. A Nebraska man is sentenced to prison for defrauding cloud providers to mine nearly $1 million in cryptocurrency. On...
Workdays bad day.
HR software giant Workday discloses a data breach. Researchers uncover a zero-day in Elastics EDR software. Ghost-tapping is an emerging fraud technique where cybercriminals use NFC relay attacks to exploit stolen payment card data. Germany may be on a path to ban ad blockers. A security researcher documents multiple serious flaws in McDonalds systems. Theres a new open-source framework for testing 5G security flaws. New Yorks Attorney General sues the banks behind Zelle over fraud allegations. The DOJ charges the alleged Zeppelin ransomware operator and seizes over $2.8 million in cryptocurrency. Tim Starks from CyberScoop discusses the overlooked changes that...
Strengthening product security through ethical hacker collaboration. [CyberWire-X]
Bug bounty programs have become a critical bridge between businesses and ethical hackers, but what does it take to make that relationship thrive? In this episode, Ani Turner, Senior Security Engineer and bug bounty program lead at Adobe, and Jasmin Landry, a seasoned ethical hacker and top-performing researcher on Adobes program, dive into the goals, benefits, and hidden challenges of running and contributing to a bug bounty program. From the motivations that drive hackers and businesses, to the misconceptions that persist in the space, this conversation explores what really makes a bug bounty program successful and how trust, communication, and...
The CVE countdown clock. [Research Saturday]
Bob Rudis, VP Data Science from GreyNoise, is sharing some insights into their work on "Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities." New research reveals a striking trend: in 80% of cases, spikes in malicious activity against enterprise edge technologies like VPNs and firewalls occurred weeks before related CVEs were disclosed. The report breaks down this 6-week critical window, highlighting which vendors show the strongest early-warning patterns and offering tactical steps defenders can take when suspicious spikes emerge. These findings reveal how early attacker activity can be transformed into actionable intelligence, enabling defenders to anticipate and neutralize threats...
Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]
Please enjoy this encore of Career Notes. Head of Cyber Governance with Red Sift, Dr. Rois Ni Thuama shares the circuitous route of her career into cyber governance.She notes the route "looks really clean, but actually it was a bit more Jeremy Bearimy." While at Trinity College, Rois was moved to be part of history unfolding in South Africa and pause her studies. While there, she began making music videos and wildlife documentaries. Upon her return to London, Rois started working in corporate governance and risk at a music technology startup. This ignited her enthusiasm for startups. She now works...
Media server mayday.
Plex urges users to immediately update their Media Server due to an undisclosed security flaw. Cisco warns of a critical remote code execution flaw in their Secure Firewall Management Center software.Rockwell Automation discloses multiple critical and high-severity flaws. Hackers breached a Canadian House of Commons database. Active law enforcement and government email accounts are sold online for as little as $40. Telecom giant Colt Technology Services suffers a cyber incident disrupting its customer portal. Taiwan launches new measures to boost hospital cybersecurity after ransomware attacks. NIST has released a concept paper proposing control overlays for securing AI systems. A date...
Dialysis down, data out.
A ransomware attack exposes personal medical records of VA patients. New joint guidance from CISA and the NSA emphasizes asset inventory and OT taxonomy. The UK government reportedly spent millions to cover up a data breach. Researchers identified two critical flaws in a widely used print orchestration platform. Phishing attacks increasingly rely on personalization. Rooting and jailbreaking frameworks pose serious enterprise risks. Fortinet warns of a critical command injection flaw in FortiSIEM. Estonian nationals are sentenced in a crypto Ponzi scheme. Michele Campobasso from Forescout joins us to unpack new research separating the hype from reality around vibe hacking. Meet...
When spies get spied on.
Patch Tuesday. The Matrix Foundation patches high-severity vulnerabilities in its open-source communications protocol. The Curly COMrades Russian-aligned APT targets critical infrastructure. Microsoft tells users to ignore new CertificateServicesClient (CertEnroll) errors. Researchers uncover a malware campaign hiding the NjRat Remote Access Trojan in a fake Minecraft clone. Motorcycle manufacturer Royal Enfield suffers a ransomware attack. The DOJ details a major operation against the BlackSuit ransomware group. Our guest is Jack Jones, father of Factor Analysis of Information Risk (FAIR) and the FAIR Controls Analytics Model (FAIR-CAM), sharing insights on cyber risk quantification. Data Brokers digital hide-and-seek. Remember to leave us a...
Kimsuky gets kim-sunk.
Hackers leak backend data from the North Korean state-sponsored hacking group Kimsuky. A ransomware attack on a Dutch clinical diagnostics lab exposes medical data of nearly half a million women. One of the worlds largest staffing firms suffers a data breach. Saint Paul, Minnesota, confirms the Interlock ransomware gang was behind a July cyberattack. Researchers jailbreak ChatGPT-5. A cyber incident takes the Pennsylvania Attorney Generals Office entirely offline. A new report quantifies global financial exposure from Operational Technology (OT) cyber incidents. Finnish prosecutors charge a Russian captain for allegedly damaging five critical subsea cables in the Baltic Sea. On our...
Deadlines in the cloud.
CISA issues an Emergency Directive to urgently patch a critical vulnerability in Microsoft Exchange hybrid configurations. SoupDealer malware proves highly evasive. Google patches a Gemini calendar flaw. A North Korean espionage group pivots to financial crime. Russias RomCom exploits a WinRAR zero-day. Researchers turn Linux-based webcams into persistent threats. The Franklin Project enlists volunteer hackers to strengthen cybersecurity at U.S. water utilities. DoD announces the winner of DARPAs two-year AI Cyber Challenge. The U.S. extradites Ghanaian nationals for their roles in a massive fraud ring. Our guest is Steve Deitz, President of MANTECH's Federal Civilian Sector, with a look at...
Ed Amoroso: Security shouldn't be the main dish. [Computer Science] [Career Notes]
Please enjoy this encore of Career Notes. Chief Executive Officer and Founder of TAG Cyber, Ed Amoroso, shares how he learned on the job and grew his career.In his words, Ed "went from my dad having an ARPANET connection and I'm learning Pascal, to Bell Labs, to CISO, to business, to quitting, to starting something new. And now I'm riding a new exponential up and it's a hell of a ride." Hear from Ed how he sees security as a side dish that you'll progress into naturally once you've paid your dues and mastered a skill like networking, software or...
When malware plays pretend. [Research Saturday]
Nicols Chiaraviglio, Chief Scientist from Zimperium's zLabs, joins to discuss their work on "Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed." Zimperiums zLabs team has been tracking an evolving banker trojan dubbed DoubleTrouble, which has grown more sophisticated in both its distribution and capabilities. Initially spread via phishing sites impersonating European banks, it now uses malicious APKs hosted in Discord channels, and boasts features like screen recording, keylogging, UI overlays, and app blockingall while heavily abusing Androids Accessibility Services. Despite advanced obfuscation and dynamic evasion techniques, Zimperiums on-device detection tools have successfully identified both known and previously unseen variants, helping...
Reflections in a broken vault.
Researchers uncover multiple vulnerabilities in a popular open-source secrets manager. Software bugs threaten satellite safety. Columbia University confirms a cyberattack. Researchers uncover malicious NPM packages posing as WhatsApp development tools.A new EDR killer tool is being used by multiple ransomware gangs. Home Improvement stores integrate AI license plate readers into their parking lots. The U.S. federal judiciary announces new cybersecurity measures after cyberattacks compromised its case management system. CISA officials reaffirm their commitment to the CVE Program. Our guest is David Wiseman, Vice President of Secure Communications at BlackBerry, discussing the challenges of secure communications. AI watermarking breaks under spectral...
Exchange hybrid flaw raises cloud alarm.
Microsoft warns of a high-severity vulnerability in Exchange Server hybrid deployments. A Dutch airline and a French telecom report data breaches. Researchers reveal new HTTP request smuggling variants. An Israeli spyware maker may have rebranded to evade U.S. sanctions. CyberArk patches critical vulnerabilities in its secrets management platform. The Akira gang use a legit Intel CPU tuning driver to disable Microsoft Defender. ChatGPT Connectors are shown vulnerable to indirect prompt injection. Researchers expose new details about the VexTrio cybercrime network. SonicWall says a recent SSLVPN-related cyber activity is not due to a zero-day. Ryan Whelan from Accenture is our man...
Chasing Silicon shadows.
Two Chinese nationals are arrested for allegedly exporting sensitive Nvidia AI chips. A critical security flaw has been discovered in Microsofts new NLWeb protocol. Vulnerabilities in Dell laptop firmware could let attackers bypass Windows logins and install malware. Trend Micro warns of an actively exploited remote code execution flaw in its endpoint security platform. Google confirms a data breach involving one of its Salesforce databases. A lack of MFA leaves a Canadian city on the hook for ransomware recovery costs. Nvidias CSO denies the need for backdoors or kill switches in the companys GPUs. CISA flags multiple critical vulnerabilities in...
Hello, hacker speaking.
Cisco reveals a phishing related data breach. SonicWall warns users to disable SSLVPN services after reports of ransomware gangs exploiting a likely zero-day. Researchers uncover a stealthy Linux backdoor and new vulnerabilities in Nvidias Triton Inference Server. A new malware campaign targets Microsoft 365 users with fake OneDrive emails. The U.S. Treasury warns of rising criminal activity involving cryptocurrency ATMs. Cloudflare accuses an AI startup of using stealthy methods to bypass restrictions on web scraping. A global infostealer campaign compromises over 4,000 victims across 62 countries. Marty Momdjian, General Manager of Ready1 by Semperis, tells us about Operation Blindspot, a...
New sheriff in cyber town.
The Senate confirms a new national cyber director. A new commission explores the establishment of a separate Cyber Force. Cybercriminals exploit link wrapping to launch sophisticated phishing attacks. AI agents are hijacked, cameras cracked, and devs phished. Gene sequencers and period trackers settle allegations of oversharing personal data and inadequate security. Today we are joined by Tim Starks from CyberScoop discussing how China accuses the US of exploiting Microsoft zero-day in a cyberattack. OpenAI scrambles after a chat leak fiasco. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our...
Hannah Kenney: Focused on people. [Risk] [Career Notes]
Please enjoy this encore of Career Notes. Manager in BARR Advisory's Cyber Risk Advisory Practice, Hannah Kenney, shares her journey from never considering technology as a career to having it click in an informations systems class in college.After noticing she was the only one in the room who enjoyed the lecture, Hannah knew she wanted to go down the technology route. In talking about her work, Hannah describes it as creative problem solving. She hopes "people see me as someone who viewed cybersecurity and risk as something that is focused on people first and foremost." We thank Hannah for sharing...
nOAuth-ing to see here. [Research Saturday]
This week, we are joined by Eric Woodruff, Chief Identity Architect at Semperis, discussing "nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications". Semperis researchers identified a critical authentication flaw known as nOAuth in 9 out of 104 tested SaaS applications integrated with Microsoft Entra ID. This low-complexity but severe vulnerability allows attackers with just a users email address and access to an Entra tenant to impersonate users, exfiltrate data, and move laterally within affected appswith no viable defense or detection available to customers. The findings spotlight ongoing risks tied to improper use of email claims in authentication...
SUSE flaw found hiding in plain port.
A critical vulnerability in SUSE [SOO-suh] Manager allows attackers to run commands with root privilege. A joint CISA and U.S. Coast Guard threat hunt at a critical infrastructure site reveals serious cybersecurity issues. Healthcare providers across the U.S. report recent data breaches. Cybercriminals infiltrate a bank by physically planting a Raspberry Pi on a network switch. Russian state-backed hackers target Moscow diplomats to deploy ApolloShadow malware. Luxembourg investigates a major telecom outage tied to Huawei equipment. Chinas cyberspace regulator summons Nvidia over alleged security risks linked to its H20 AI chips. A new report examines early indicators of system compromise....
Open source, open target.
A sweeping malware campaign by North Koreas Lazarus Group targets open source ecosystems. President Trump announces a new electronic health records system. A new report reveals deep ties between Chinese state-sponsored hackers and Chinese tech companies. Researchers describe a new prompt injection threat targeting LLMs via browser extensions. Palo Alto Networks Unit 42 proposes a new Attribution Framework. Honeywell patches six vulnerabilities in its Experion Process Knowledge System. Researchers track the rapid evolution of a sophisticated Android banking trojan. Scattered Spider goes quiet following recent arrests. Our guests are Jermaine Roebuck and Ann Galchutt from CISA, discussing "Open-Source Eviction Strategies...
State of emergency in St Paul.
Officials in St. Paul, Minnesota declare a state of emergency following a cyberattack. Hackers disrupt a major French telecom. A power outage causes widespread service disruptions for cloud provider Linode. Researchers reveal a critical authentication bypass flaw in an AI-driven app development platform. A new study shows AI training data is chock full of PII. Fallout continues for the Tea dating safety app. Hackers are actively exploiting a critical SAP NetWeaver vulnerability to deploy malware. CISA and the FBI update their Scattered Spider advisory. A Florida prison exposes personal information of visitors to all of its inmates. Our guest today...
Tea time is over.
Things get worse in the Tea dating app breach. CISA adds three vulnerabilities to its Known Exploited Vulnerabilities catalog. Researchers uncover a critical flaw in Googles AI coding assistant. A Missouri Health System agrees to a $9.25 million settlement over claims it used web tracking tools. Sploitlight could let attackers bypass Apples TCC framework to steal sensitive data. Malware squeaks its way into a mouse configuration tool. Threat actors hide the Oyster backdoor in popular IT tools. The FBI nabs over $2.4 million in Bitcoin from the Chaos ransomware gang. Our guest is Jaeson Schultz, Technical Leader for Cisco Talos...
Ground control to Kremlin.
Russias flagship airline suffers a major cyberattack. U.S. insurance giant Allianz Life confirms the compromise of personal data belonging to most of its 1.4 million customers. A womens dating safety app spills the tea. NASCAR confirms a data breach. Researchers believe the newly emerged Chaos ransomware group may be a rebrand of BlackSuit. Over 200,000 WordPress sites remain vulnerable to account takeover attacks. Lawmakers introduce legislation to Stop AI Price Gouging and Wage Fixing. States band together to regulate data brokers. My Caveat cohost Ben Yelin explains the impending expiration of the Cybersecurity and Information Sharing Act. Expel missed the...
Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]
Please enjoy this encore of Career Notes. Distinguished Security Strategist at Splunk, Ryan Kovar, shares his journey that started in the US Navy and how it contributed to his leadership in life after the military.Cutting his teeth as sysadmin on the USS Kitty Hawk, Ryan worked as a contractor following the Navy. At Splunk, he leads the SURGe research team to solve what he calls the "blue collar for the blue team problems". He works hard on incorporating diversity of thought. Ryan notes, "I've been doing cybersecurity or IT now for over 20 years and of that 20 years of...
Muddled Libra: From Spraying to Preying in 2025 [Threat Vector]
Please enjoy this Special Edition episode of the Threat Vector podcast with an update on our previous Muddled Libra coverage. Muddled Libra is back and more dangerous than ever. In this episode of Threat Vector, David Moulton speaks with Sam Rubin and Kristopher Russo from Unit 42 about the resurgence of the threat group also known as Scattered Spider. They break down the groups shift to destructive extortion, modular attack teams, and cloud-first tactics. Discover why traditional defenses fail, how attackers now exploit trusted tools, and what forward-leaning security leaders are doing to stay ahead. With real-world case studies, strategic...
A dark web titan falls.
International law enforcement arrest the suspected operator of a major Russian dark web cybercrime forum. DHS is said to be among the agencies hit by the Microsoft SharePoint zero-day. The Fire Ant cyberespionage group targets global enterprise infrastructure. A Steam game is compromised to distribute info-stealing malware. Mitel Networks issues security patches for MiVoice MX-ONE communications platform. CISA nominee Sean Plankey faces tough questions at his Senate confirmation hearing. A malicious prompt was hiding in Amazons Q Developer extension for VS Code. Our guest is Brandon Karpf, friend of the show, cybersecurity expert, and founder of T-Minus Space Daily, joining...
Powering AI with politics.
The White House unveils its plan for global AI dominance. Microsoft warns that recent SharePoint server exploitation may extend to ransomware. A phishing campaign targeting the U.S. Department of Educations grants portal. The FBI issues a warning about The Com cybercriminal group. SonicWall urges users to patch a critical vulnerability. A new supply chain attack has compromised several popular NPM packages. Joe Carrigan, co-host of the Hacking Humans podcast, joins to discuss how scammers are exploiting misconfigured point-of-sale terminals. Japanese police release a free decryption tool for Phobos ransomware. AI takes the wheel and drives right off a cliff. Remember...
SharePoint springs a leak.
The National Nuclear Security Administration was among the organizations impacted by the SharePoint zero-day. Experts testify before congress that OT security still lags.The FBI warns healthcare and critical infrastructure providers about Interlock ransomware. New York proposes new cybersecurity regulations for water and wastewater systems along with grants to fund them. Researchers uncover an active cryptomining campaign targeting cloud environments. A new variant of the Coyote banking trojan exploits Microsofts Windows UI Automation (UIA) framework for credential theft. The DoD pilots an agentic AI project aimed at helping military planners critique and enhance war plans. Clorox sues its former IT service...
The SharePoint siege goes strategic.
Confusion persists over the Microsoft Sharepoint zero-days. CrushFTP confirms a zero-day under active exploitation. The UK government proposes a public sector ban on ransomware payments. A new ransomware group is using an AI chatbot to handle victim negotiations. Australias financial regulator accuses a wealth management firm of failing to manage cybersecurity risks. Researchers uncover a WordPress attack that abuses Google Tag Manager. Arizona election officials question CISA following a state portal cyberattack. Hungarian police arrest a man accused of launching DDoS attacks on independent media outlets. On our Threat Vector segment guest host Michael Sikorski and Michael Daniel of the...
Microsoft flaws fuel global breaches.
Microsoft issues emergency updates for zero-day SharePoint flaws. Alaska Airlines resumes operations following an IT outage. The UK government reconsiders demands for Apple iCloud backdoors. A French Senate report raises concerns over digital sovereignty. Meta declines to sign the EUs new voluntary AI code of practice. A new report claims last years CrowdStrike outage disrupted over 750 hospitals. The World Leaks extortion group has breached Dells Customer Solution Centers. Hewlett-Packard Enterprise (HPE) issues a critical warning about two severe security flaws in Aruba Instant On Access Points. A single compromised password leads to a UK transport companys demise. An AI...
Anisha Patel: Right along with them. [Program management] [Career Notes]
Please enjoy this encore of Career Notes: Associate Director at Raytheon Intelligence and Space in the Cyber Protection Services Division Anisha Patel always loved math and it defined her career journey. As a first-generation American from an Asian household, Anisha said she was destined for a STEM-focused career and chose electrical engineering. She began her career and remains at Raytheon (formerly E-Systems) working in several areas of the business thanks to her skills and informal mentors. Starting a rotational assignment in program management (7 years ago), Anisha said she "went to the dark side and then the hole closed and...
Creeping like a spider. [Research Saturday]
This week, we are pleased to be joined by George Glass, Associate Managing Director of Kroll's Cyber Risk business, as he is discussing their research on Scattered Spider and their targeting of insurance companies. While Scattered Spider has recently turned its attention to the airline industry, George focuses on the broader trend of the groups industry-by-industry approach and what that means for defenders across sectors. George and Dave discuss the groups history, their self-identification as a cartel, and their increasingly aggressive tactics, including the use of fear-based social engineering, physical threats, and the recruitment of insiders at telecom providers. They...
UK calls out Russias playbook.
The UK sanctions Russian military intelligence officers tied to GRU cyber units. An AI-powered malware called LameHug targets Windows systems. Google files a lawsuit against the operators of the Badbox 2.0 botnet. A pair of healthcare data breaches impact over 3 million individuals. Researchers report a phishing attack that bypasses FIDO authentication by exploiting QR codes. A critical flaw in Nvidias Container Toolkit threatens managed AI cloud services. A secure messaging app is found exposing sensitive data due to outdated configurations. Meta investors settle their $8 billion lawsuit. Our guest is Will Markow, CEO of FourOne Insights and N2K CyberWire...
When hackers become the hunted.
Pro-Russian Hackers, scam lords, and ransomware gangs face global justice. Louis Vuitton ties customer data breaches to a single cyber incident. The White House is developing a Zero Trust 2.0 cybersecurity strategy. OVERSTEP malware targets outdated SonicWall Secure Mobile Access (SMA) devices. An Australian political party suffers a massive ransomware breach. Our guest Jacob Oakley speaks with T-Minus Space Daily host Maria Varmazis. Jacob is Technical Director at SIXGEN and Space Lead for the DEFCON Aerospace Village. An Italian YouTuber faces a retro reckoning. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an...
Chromes high-risk bug gets squashed.
Google and Microsoft issue critical updates. CISA warns of active exploitation of a critical flaw in Wing FTP Server. Cloudflare restores their DNS Resolver service following a brief outage. A critical vulnerability in a PHP documentation tool allows attackers to execute code on affected servers. NSA and FBI officials say theyve disrupted Chinese cyber campaigns targeting U.S. critical infrastructure. A UK data breach puts Afghan soldiers and their families at risk. Researchers find malware hiding in DNS records. A former U.S. Army soldier pleads guilty to charges of hacking and extortion. Ben Yelin joins us with insights on the Senate...
The Grok that broke the camels back.
A DOGE employee leaks private API keys to GitHub. North Koreas Contagious Interview campaign has a new malware loader. A New Jersey diagnostic lab suffers a ransomware attack. A top-grossing dark web marketplace goes dark in what experts believe is an exit scam. MITRE launches a cybersecurity framework to address threats in cryptocurrency and digital financial systems. Experts fear steep budget cuts and layoffs under the Trump administration may undermine cybersecurity information sharing. A Maryland IT contractor settles federal allegations of cyber fraud. Kim Jones and Ethan Cook reflect on CISO perspectives. A crypto hacker goes hero and gets a...
Taxing times for cyber fraudsters.
British and Romanian authorities make arrests in a major tax fraud scheme. The Interlock ransomware gang has a new RAT. A new vulnerability in Google Gemini for Workspace allows attackers to hide malicious instructions inside emails. Suspected Chinese hackers breach a major DC law firm. Multiple firmware vulnerabilities affect products from Taiwanese manufacturer Gigabyte Technology. Nvidia warns against Rowhammer attacks across its product line. Louis Vuitton joins the list of breached UK retailers. Indian authorities dismantle a cyber fraud gang. CISA pumps the brakes on a critical vulnerability in American train systems. Our guest is Cynthia Kaiser, SVP of Halcyons...
Click here to steal. [Research Saturday]
Today we are joined by Selena Larson, Threat Researcher at Proofpoint, and co-host of Only Malware in the Building, as she discusses their work on "Amatera Stealer - Rebranded ACR Stealer With Improved Evasion, Sophistication." Proofpoint researchers have identified Amatera Stealer, a rebranded and actively developed malware-as-a-service (MaaS) variant of the former ACR Stealer, featuring advanced evasion techniques like NTSockets for stealthy C2 communication and WoW64 Syscalls to bypass user-mode defenses. Distributed via ClearFake web injects and the ClickFix technique, Amatera leverages multilayered PowerShell loaders, blockchain-based hosting, and creative social engineering to compromise victims. With enhanced capabilities to steal browser...
MK Palmore: Lead from where you stand. [CISO] [Career Notes]
Please enjoy this encore of Career Notes. Director of Google Cloud's Office of the CISO, MK Palmore, dedicated much of his life to public service and now brings his experience working for the greater good to the private sector. A graduate of the US Naval Academy, including the Naval Academy Prep School that he calls the most impactful educational experience of his life, MK commissioned into the US Marine Corps following his service academy time. He joined the FBI and that is where he came into the cybersecurity realm. MK is passionate about getting more diversity, equity and inclusion into...
Behind the firewall, trouble brews.
Fortinet patches a critical flaw in its FortiWeb web application firewall. Hackers are exploiting a critical vulnerability in Wing FTP Server. U.S. Cyber Commands fiscal 2026 budget includes a new AI project. Czechias cybersecurity agency has issued a formal warning about Chinese AI company DeepSeek. The DoNot APT group targets Italys Ministry of Foreign Affairs. Mexicos former president is under investigation for alleged bribes to secure spyware contracts. The FBI seizes a major Nintendo Switch piracy site. CISA releases 13 ICS advisories. A retired US Army lieutenant colonel pleads guilty to oversharing classified information on a dating app. Our guest...
Cybercrime has a hefty price tag.
UK police make multiple arrests in the retail cyberattack case. French authorities arrest a Russian basketball player at the request of the U.S. A German court declares open season on Metas tracking pixels. The European Union unveils new rules to regulate artificial intelligence. Londons Iran International news confirms cyberattacks from Banished Kitten. Treasury sanctions a North Korean hacker over fake IT worker schemes. Microsoft confirms a widespread issue preventing organizations from deploying the latest Windows updates. Agreements over AI help end a year-long Hollywood strike. Researchers take an in-depth look at ClickFix. Im joined by Ben Yelin and Ethan Cook...
Plug-ins gone rogue.
Patch Tuesday. An Iranian ransomware group puts a premium on U.S. and Israeli targets. Batavia spyware targets Russias industrial sector. HHS fines a Texas Behavioral Health firm for failed risk analysis. The Anatsa banking trojan targets financial institutions in the U.S. and Canada. Hackers abuse a legitimate commercial evasion framework to package infostealer payloads. Researchers discovered malicious browser extensions infecting over 2.3 million users. Joe Carrigan, co-host on Hacking Humans discusses phishing kits targeting CFOs. Can felines frustrate algorithms? Purr-haps Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our...
Memory leaks and login sneaks.
Researchers release proof-of-concept exploits for CitrixBleed2. Grafana patches four high-severity vulnerabilities. A hacker claims to have breached Spanish telecom giant Telefnica. Italian police arrest a Chinese man wanted by U.S. authorities for alleged industrial espionage. Beware of a new ransomware group called Bert. Call of Duty goes offline after reports of RCE vulnerabilities. President Trump's spending bill allocates hundreds of millions for cybersecurity. Nearly 26 million job seekers resumes and personal data are leaked. CISA adds four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. Outsmarting AI scraper bots with math. Remember to leave us a 5-star rating...
SafePay, unsafe day.
Ingram Micro suffers a ransomware attack by the SafePay gang. Spanish police dismantle a large-scale investment fraud ring. The SatanLock ransomware group says it is shutting down. Brazilian police arrest a man accused of stealing over $100 million from the countrys banking system. Qantas confirms contact from a potential cybercriminal following its recent customer data breach. The XWorm RAT evolves to better evade detection. Cybercriminals ramp up fraudulent domains ahead of Amazon Prime day. Apple sues a former engineer allegedly stealing confidential data. Our guest is Rob Allen, Chief Product Officer at Threat Locker, discussing why 'Default Deny' could be...
Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]
Please enjoy this encore of Career Notes. Ground Labs' Head of Engineering, Swati Shekhar, shares her circuitous route from and back to engineering. Always being interested in leveraging the tools available to solve problems, Swati talks about how she found her place in engineering. She mentions how she had her first real experience with a computer when she was 17 in her first year at college. Aside from being one of 30 young women in a sea of 500 young men there, Swati described it as a "good culture shock becauseanything that takes you out of your comfort zone actually...
Botnets back, tell a friend. [Research Saturday]
Please enjoy this encore of Research Saturday. This week we are joined by Silas Cutler, Principal Security Researcher at Censys, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in...
Turning data into decisions. [Deep Space]
Please enjoy this encore from our T-Minus Space Daily segment Deep Space. Parker Wishik from The Aerospace Corporation explores how experts are turning data into decisions in the space industry on the latest Nexus segment. Parker is joined by Jackie Barbieri, Founder and CEO of Whitespace, and Dr. Steve Lewis, Leader of The Aerospace Corporationss SPEAR team. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading Aerospace Advances Massless Payloads for Space Missions Aerospace Experts Are Turning Data into Decisions Aerospace recently assembled a...
Secure Your Summer: Top Cyber Myths, Busted [Threat Vector]
While the N2K CyberWire team is observing Independence Day in the US, we thought you'd enjoy this episode of Threat Vector from our podcast network. Listen in and bust those cyber myths. In this episode of Threat Vector, David Moulton talks with Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. Lisa shares insights from this years Oh Behave! report and dives into why cybersecurity habits remain unchangedeven when we know better. From password reuse to misunderstood AI risks, Lisa explains how emotion, storytelling, and system design all play a role in protecting users. Learn why secure-by-design is the future,...
The bug that let anyone in.
Sudo patch your Linux systems. Cisco has removed a critical backdoor account that gave remote attackers root privileges. The Hunters International ransomware group rebrands and closes up shop. The Centers for Medicare and Medicaid Services (CMS) notifies 103,000 people that their personal data was compromised. NimDoor is a sophisticated North Korean cyber campaign targeting macOS. Researchers uncover a massive phishing campaign using thousands of fake retail websites. The FBIs top cyber official says Salt Typhoon is largely contained. Microsoft tells customers to ignore Windows Firewall error warnings. A California jury orders Google to pay $314 million for collecting Android user...
Houken blends stealth and chaos.
French authorities report multiple entities targeted by access brokers. A ransomware group extorts a German hunger charity. AT&T combats SIM swapping and account takeover attacks. A Missouri physician group suffers a cyber attack. Qantas doesnt crash, but their computers do. Researchers uncover multiple critical vulnerabilities in Agorum Core Open. A student loan administrator in Virginia gets hit by the Akira ransomware group. The Feds sanction a Russian bulletproof hosting service. Johnson Controls notifies individuals of a major ransomware attack dating back to 2023. Will Markow, CEO of FourOne Insights and N2K CyberWire Senior Workforce Analyst shares the latest technology workforce...
North Koreas covert coders caught.
The Feds shut down a covert North Korean IT operation. Google releases an emergency update to fix a new Chrome zero-day. A major U.S. trade show and event marketing firm suffers a data breach. NetScaler patches a pair of critical vulnerabilities. A sophisticated cyber attack targets The Hague. An Iran-linked hacking group threatens to release emails allegedly stolen from aides to President Trump. A ransomware attack exposes sensitive data linked to multiple Swiss federal government offices. The U.S. Treasury Department faces scrutiny after a string of cyberattacks. The FBIs phone security tips draw fire from Senator Wyden. Tim Starks from...
U.S. braces for Iranian cyber intrusions.
CISA warns organizations of potential cyber threats from Iranian state-sponsored actors.Scattered Spider targets aviation and transportation. Workforce cuts at the State Department raise concerns about weakened cyber diplomacy. Canada bans Chinese security camera vendor Hikvision over national security concerns.Cisco Talos reports a rise in cybercriminals abusing Large Language Models. MacOS malware Poseidon Stealer rebrands.Researchers discover multiple vulnerabilities in Bluetooth chips used in headphones and earbuds. The FDA issues new guidance on medical device cybersecurity. Our guest is Debbie Gordon, Co-Founder of Cloud Range, looking Beyond the Stack - Why Cyber Readiness Starts with People. An IT workers revenge plan backfires....
Jamil Jaffer: You should run towards risk. [Strategy] [Career Notes]
Please enjoy this encore of Career Notes. Senior Vice President for Strategy, Partnerships, and Corporate Development at IronNet Cybersecurity, Jamil Jaffer, shares how his interest in technology brought him full circle.Always a tech guy, Jamil paid he way through college doing computer support. Jamil went to law school and worked in various jobs in Washington DC including a stint in the newly-created National Security division of the Justice Department just after 9/11. When talking about adversity, Jamil notes, "Adversity has happened in life, but you gotta run at those things. To me, you know, I like risk. I think risk...
A tale of two botnets. [Research Saturday]
This week we are joined by Kyle Lefton, Security Researcher from Akamai, who is diving into their work on "Two Botnets, One Flaw - Mirai Spreads Through Wazuh Vulnerability." Akamai researchers have observed active exploitation of CVE-2025-24016, a critical RCE vulnerability in Wazuh, by two Mirai-based botnets. The campaigns highlight how quickly attackers are adapting proof-of-concept exploits to spread malware, underscoring the urgency of patching vulnerable systems. One botnet appears to target Italian-speaking users, suggesting regionally tailored operations. The research can be found here: Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability Learn more about your ad choices. Visit...
Turbulence in the cloud.
Hawaiian Airlines reports a cybersecurity incident. Microsoft updates its Windows Resiliency Initiative after the 2024 CrowdStrike crash. CitrixBleed2 is under active exploitation in the wild. Researchers disclose a critical vulnerability in Open VSX. Malware uses prompt injection to evade AI analysis. A new report claims Cambodia turns a blind eye to scam compounds. Senators propose a ban on AI tools from foreign adversaries. An NSA veteran is named top civilian at U.S. Cyber Command. Maria Varmazis speaks with Ian Itz from Iridium Communications on allowing IoT devices to communicate directly with satellites. One Kansas City hackers bold marketing campaign ends...
No panicjust patch.
Patches, patches and more patches.A patient death has been linked to the 2023 ransomware attack on an NHS IT provider. U.S. authorities indict the man known online as IntelBroker. A suspected cyberattack disrupts Columbia Universitys computer systems. A major license plate reader company restricts cross-state data access after reports revealed misuse of its network by police agencies. Our guest is Andy Boyd, former Director of CIA's Center for Cyber Intelligence (CCI) and currently an operating partner at AE Industrial Partners. Discounted parking as a gateway cybercrime. Remember to leave us a 5-star rating and review in your favorite podcast app....
Open-source, open season.
Cybercriminals target financial institutions across Africa using open-source tools. Threat actors are using a technique called Authenticode stuffing to abuse ConnectWise remote access software. A fake version of SonicWalls NetExtender VPN app steals users credentials. CISA and the NSA publish a guide urging the adoption of Memory Safe Languages. Researchers identify multiple security vulnerabilities affecting Brother printers. Fake AI-themed websites spread malware. Researchers track a sharp rise in signup fraud. A new Common Good Cyber Fund has been launched to support nonprofits that provide essential cybersecurity services. Tim Starks from CyberScoop joins us to discuss calls for a federal cyberinsurance...
Irans digital threat after U.S. strikes.
Cybersecurity warnings about possible Iranian retaliation have surged. A potential act of sabotage disrupts the NATO Summit in The Hague. Canadian cybersecurity officials discover Salt Typhoon breached a major telecom provider. The U.S. House bans WhatsApp from all government devices. APT28 uses Signal chats in phishing campaigns targeting Ukrainian government entities. A China-linked APT has built a covert network of over 1,000 compromised devices for long-term espionage. FileFix is a new variant of the well-known ClickFix method. SparkKitty targets Android and iOS users for image theft. Scammers steal $4 million from Coinbase users by posing as support staff. On todays...
Irans digital retaliation looms.
US warns of heightened risk of Iranian cyberattacks. Cyber warfare has become central to Israel and Irans strategies. Oxford City Council discloses data breach. Europe aiming for digital sovereignty. Michigan hospital network says data belonging to 740,000 was stolen by ransomware gang. RapperBot pivoting to attack DVRs. A picture worth a thousand wallets. New Zealands public sector bolsters cyber defenses. On our Industry Voices segment today, we are joined by Imran Umar, Zero Trust Lead at Booz Allen Hamilton, discussing Zero Trust and Thunderdome. And a cyberattack spoils Russias dairy flow. Remember to leave us a 5-star rating and review...
Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes]
Please enjoy this encore of Career Notes. Jadee Hanson, CIO and CISO at Code 42, started her technology journey thanks to the help of a teacher in high school.She began college studying computer science and ended with a degree in computer information systems as it had more of the business side. Working in the private sector for companies such as Deloitte, Target and Code 42, Jadee gained experience and specialized in insider risk. She notes"utopia for me and my team is to get to a spot where the team is just firing on all cylinders and being really proactive about...
Signed, sealed, exploitable. [Research Saturday]
Dustin Childs, Head of Threat Awareness at Trend Micro Zero Day Initiative, joins to discuss their work on "ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains." The research explores two critical vulnerabilities (ZDI-23-1527 and ZDI-23-1528) that could have enabled attackers to hijack the Microsoft PC Manager supply chain via overly permissive SAS tokens in WinGet and official Microsoft domains. While the issues have since been resolved, the findings highlight how misconfigured cloud storage access can put trusted software distribution at risk. The post also includes detection strategies to help defenders identify and...
A blast from the breached past.
An historic data breach that wasnt. Aflac says it stopped a ransomware attack. Cloudflare thwarts a record breaking DDoS attack. Mocha Manakin combines clever social engineering with custom-built malware. The Godfather Android trojan uses a sophisticated virtualization technique to hijack banking and crypto apps. A British expert on Russian information warfare is targeted in a sophisticated spear phishing campaign. A federal judge dismisses a lawsuit against CrowdStrike filed by airline passengers. Banana Squad disguises malicious code as legitimate open-source software. The U.S. Justice Department wants to seize over $225 million in cryptocurrency linked to romance and investment scams. Ben Yelin...
Juneteenth: Reflecting, belonging, and owning your seat at the table. [Special Edition]
We put together an open conversation between our podcast hosts, CyberWire Daily's Dave Bittner, T-Minus Space Dailys Maria Varmazis, and CISO Perspectives podcasts Kim Jones. Their conversation goes deeper than just the historical significance of Juneteenth, diving into candid conversations on allyship, representation, and the enduring value of diversity in the cybersecurity and space fields. Grab your coffee and join us in the room. Resources: Juneteenth CISO Perspectives podcast: Does diversity matter in cyber? Mid season reflection with Kim Jones. T-Minus Space Daily podcast: Dr. Sian Proctor sharing her poem "Space to Inspire" on Instagram. Deep Space: Inspiration4 with Dr....
Typhoon on the line.
Viasat confirms it was breached by Salt Typhoon. Microsofts June 2025 security update giveth, and Microsofts June 2025 security update taketh away. Local privilege escalation flaws grant root access on major Linux distributions. BeyondTrust patches a critical remote code execution flaw. SMS low cost routing exposes users to serious risks. Erie Insurance says their ongoing outage isnt ransomware. Backups are no good if you cant find them. Veeam patches a critical vulnerability in its Backup software. SuperCard malware steals payment card data for ATM fraud and direct bank transfers. We preview our Juneteenth special edition. Backing up humanity. Remember to...
Cant DOGE the inquiry.
A House oversight committee requests DOGE documents from Microsoft. Predatory Sparrow claims a cyberattack on an Iranian bank. Microsoft says data that happens in Europe will stay in Europe. A complex malware campaign is using heavily obfuscated Visual Basic files to deploy RATs. A widely used CMS platform suffers potential RCE bugs. North Koreas Kimsuky targets academic institutions using password-protected research documents. Asus patches a high-severity vulnerability in its Armoury Crate software. CISAs new leader remains in confirmation limbo. Our guest is Brian Downey, VP of Product Management from Barracuda, talking about how security sprawl increases risk. Operation Fluffy Narwhal...
Darknet drug marketplace closed for business.
International law enforcement takes down a darknet drug marketplace. The Washington Post is investigating a cyberattack targeting several journalists' email accounts. Anubis ransomware adds destructive capabilities. The GrayAlpha threat group uses fake browser update pages to deliver advanced malware. Researchers uncover a stealthy malware campaign that hides a malicious payload in a JPEG image. Tenable patches three high-severity vulnerabilities in Nessus Agent. Attackers can disable Secure Boot on many Windows devices by exploiting a firmware flaw. Lawmakers introduce a bipartisan bill to strengthen coordination between CISA and HHS. Harry Coker reflects on his tenure as National Cyber Director. Maria Varmazis...
Mark Nunnikhoven: Providing clarity about security. [Cloud strategy]
Please enjoy this encore of Career Notes. Distinguished Cloud Strategist at Lacework, Mark Nunnikhoven, has gone from taking technology to its limits for his own understanding to providing clarity about security for others.Mark fell in love with his Commodore 128 and once he realized he could bend the machine to his will, it set him on the path to technology. While he had some bumps in the road, dropping out of high school and not following the traditional path in college, Mark did complete his masters in information security. His professional life took him from Canadian public service to the...
Hiding in plain sight with vibe coding.
This week, Dave is joined by Ziv Karliner, Pillar Securitys Co-Founder and CTO, sharing details on their work on "New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents." Vibe Coding - where developers use AI assistants like GitHub Copilot and Cursor to generate code almost instantly - has become central to how enterprises build software today. But while its turbo-charging development, its also introducing new and largely unseen cyber threats. The team at Pillar Security identified a novel attack vector, the"Rules File Backdoor", which allows attackers to manipulate these platforms into generating malicious code.It represents a...
Cloudflares cloudy day resolved.
Cloudflare says yesterdays widespread outage was not caused by a cyberattack. Predator mobile spyware remains highly active. Microsoft is investigating ongoing Microsoft 365 authentication services issues. An account takeover campaign targets Entra ID users by abusing a popular pen testing tool. Palo Alto Networks documents a JavaScript obfuscation method dubbed JSFireTruck. Trend Micro and Mitel patch multiple high-severity vulnerabilities. CISA issues multiple advisories. My Hacking Humans cohost Joe Carrigan joins us to discuss linkless recruiting scams. Uncle Sam wants an AI chatbot. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up...
Scam operations disrupted across Asia.
Interpols Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragons Graphite spyware. France calls for comments on tracking pixels. Fog ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by posing as job seekers on LinkedIn and Indeed. Erie Insurance suffers ongoing outages following a cyberattack. Our N2K Lead Analyst Ethan Cook shares insights on Trumps antitrust policies. DNS neglect leads...
Ghost students haunting online colleges.
Patch Tuesday. Mozilla patches two critical FireFox security flaws. A critical flaw in Salesforce OmniStudio exposes sensitive customer data stored in plain text. The Badbox botnet continues to evolve. AI-powered ghost students enrolling in online college courses to steal government funds. Hackers steal nearly 300,000 vehicle crash reports from the Texas Department of Transportation. ConnectWise rotates its digital code signing certificates. The chair of the House Homeland Security Committee announces his upcoming retirement. Our guest is Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, wondering if AI may be the Cerberus of our time. Friendly...
Jedai tricks, human risks.
An unsecured Chroma database exposes personal information of Canva Creators. A researcher brute-forces Google phone numbers. Five zero-day vulnerabilities in Salesforce Industry Cloud are uncovered. Librarian Ghouls target Russian organizations with stealthy malware. SAP releases multiple security patches including a critical fix for a NetWeaver bug. Sensata Technologies confirms the theft of sensitive personal data during an April ransomware attack.SentinelOne warns of targeted cyber-espionage attempts by China-linked threat actors. Skitnet gains traction amongst ransomware gangs. The UKs NHS issues an urgent appeal for blood donors. On todays Threat Vector, host David Moulton talks with Arjun Bhatnagar, CEO of Cloaked, about...
White House reboots cybersecurity priorities.
A new White House executive Order overhauls U.S. cybersecurity policy. The EU updates its cybersecurity blueprint. The Pentagons inspector general investigates Defense Secretary Hegseths Signal messages. Chinese hackers target U.S. smartphones. A new Mirai botnet variant drops malware on vulnerable DVRs. 17 popular Gluestack packages on NPM have been compromised. Attackers exploit vulnerabilities in Fortigate security appliances to deploy Qilin ransomware. A Nigerian man gets five years in prison for a hacking and fraud scheme. Our guest is Tim Starks from CyberScoop, discussing Sean Cairncross journey toward confirmation as the next National Cyber Director. Fire Stick flicks spark a full-on...
Ell Marquez: It's okay to be new. [Linux] [Career Notes]
Please enjoy this encore of Career Notes. Linux and Security Advocate at Intezer Ell Marquez shares her journey from the family ranch to security. Needing a life change due to a bunch of circumstances that had occurred that left her almost homeless, Ell found out about a six week Linux boot camp that took her down the path toward technology. She fell in love with security at at BSides Conference and hasn't looked back. Ell says she recently started a campaign called "it's okay to be new" noting that no matter how long you've been in the industry, you need...
A new stealer hiding behind AI hype. [Research Saturday]
This week, we are joined by Michael Gorelik, Chief Technology Officer from Morphisec, discussing their work on "New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms." A new threat dubbed Noodlophile Stealer is exploiting the popularity of AI-powered content tools by posing as fake AI video generation platforms, luring users into uploading media in exchange for malware-laced downloads. Distributed through convincing Facebook groups and viral campaigns, the malware steals browser credentials, cryptocurrency wallets, and can deploy a remote access trojan like XWorm. The campaign uses a layered, obfuscated delivery chain disguised as legitimate video editing software, making it both...
Beware of BADBOX.
The DOJ files to seize over $7 million linked to illegal North Korean IT workers. The FBI warns of BADBOX 2.0 malware targeting IoT devices. Researchers uncover a major security flaw in Chrome extensions. ESET uncovers Iranian hackers targeting Kurdish and Iraqi government officials. Hitachi Energy, Acronis and Cisco patch critical vulnerabilities. 20 suspects are arrested in a major international CSAM takedown. Hackers exploit a critical flaw in Roundcube webmail. Todays guest is Ian Bramson, Global Head of Industrial Cybersecurity at Black & Veatch, exploring how organizations can close the cyberattack readiness gap. ChatGPT logs are caught in a legal...
Chinas largest data leak exposes billions.
Researchers discover what may be Chinas largest ever data leak. CrowdStrike cooperates with federal authorities following last years major software bug. A researcher discovers over half a million sensitive insurance documents exposed online. Microsoft offers free cybersecurity programs to European governments. The FBI chronicles the Play ransomware gang. Google warns a threat group is targeting Salesforce customers. A former Biden cybersecurity official warns that U.S. critical infrastructure remains highly vulnerable to cyberattacks. The State Department offers up to $10 million for information on the RedLine infostealer malware. Our guest is Anneka Gupta, Chief Product Officer at Rubrik, on the challenges...
Appetite for tracking: A feast on private data.
Researchers uncover a major privacy violation involving tracking scripts from Meta and Yandex. A compliance automation firm discloses a data breach. PumaBot stalks vulnerable IoT devices. The Ramnit banking trojan gets repurposed for ICS intrusions. The North Face suffers a credential stuffing attack. Kaspersky says the Black Owl team is a cyber threat to Russia. CISA releases ISC advisories. An Indian grocery delivery startup suffers a devastating data wiping attack. The UK welcomes their new Cyber and Electromagnetic (CyberEM) Command. Our guest is Rohan Pinto, CTO of 1Kosmos, discussing the implications of AI deepfakes for biometric security. The cybersecurity sleuths...
Zero-day dj vu.
Google issues an emergency patch for a Chrome zero-day. A new malware campaign uses fake DocuSign CAPTCHA pages to trick users into installing a RAT. A high-severity Splunk vulnerability allows non-admin users to access and modify critical directories. Experts warn congress that Chinese infiltrations are preparations for war. Senators look to strengthen cybersecurity collaboration in the U.S. energy sector. Crocodilus Android malware adds fake contacts to victims phones. SentinelOne publishes a detailed analysis of their recent outage. Cartier leaves some of its cyber sparkle exposed. Our guest is Jon Miller, CEO and Co-founder of Halcyon, discussing Bring Your Own Vulnerable...
AVCheck goes dark in Operation Endgame.
An international law enforcement operation dismantles AVCheck. Trumps 2026 budget looks to cut over one thousand positions from CISA. Cyber Commands defensive wing gains sub-unified command status. A critical vBulletin vulnerability is actively exploited. Acreed takes over Russian markets as credential theft kingpin. Qualcomm patches three actively exploited zero-days in its Adreno GPU drivers. Researchers unveil details of a Cisco IOS XE Zero-Day. Microsoft warns a memory corruption flaw in the legacy JScript engine is under active exploitation. A closer look at the stealthy Lactrodectus loader. On todays Afternoon Cyber Tea, Ann Johnson speaks with Hugh Thompson, RSAC program committee...
Brandon Karpf: A sailor of the 21st century. [Transitioning service member] [Career Notes]
Please enjoy this encore of Career Notes. Lieutenant in the US Navy and Skillbridge Fellow at the CyberWire, Brandon Karpf, knew he wanted to join the military at a young age. He achieved that through the US Naval Academy where he was a member of the mens heavyweight rowing team. Commissioned as a cryptologic warfare officer, Brandon was sent to MIT for a graduate degree where he experienced the exact opposite of the Naval Academys highly structured life. Brandons later work with both NSA and US Cyber Command helped him gain experience and cyber operations skills. As he transitions from...
Triofox and the key to disaster. [Research Saturday]
This week, we are joined by John Hammond, Principal Security Researcher at Huntress, who is sharing his PoC and research on "CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild." A critical 9.0 severity vulnerability (CVE-2025-30406) in Gladinet CentreStack and Triofox is being actively exploited in the wild, allowing remote code execution via hardcoded cryptographic keys in default configuration files. Huntress researchers observed compromises at multiple organizations and confirmed hundreds of vulnerable internet-exposed servers, urging immediate patching or manual machineKey updates. Mitigation guidance, detection, and remediation scripts have been released to help users identify and secure affected...
All systems not go.
SentinelOne suffers a global service outage. A major DDoS attack hits a Russian internet provider. U.S. banking groups urge the SEC to scrap cybersecurity disclosure rules. Australia mandates reporting of ransomware payments. Researchers uncover a new Browser-in-the-Middle (BitM) attack targeting Safari users. A Florida health system pays over $800,000 to settle insider breach concerns. CISA issues five urgent ICS advisories. Our guest is Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and the importance of digital executive protection. The feds are putting all our digital data in one basket. CyberWire Guest On...
When "out of the box" becomes "out of control."
Childrens DNA in criminal databases. ASUS routers get an unwanted houseguest. New APT41 malware uses Google Calendar for command-and-control. Interlock ransomware gang deploys new Trojan. Estonia issues arrest warrant for suspect in massive pharmacy breach. The enemy within the endpoint. New England hospitals disrupted by cyberattack. Tim Starks from CyberScoop is discussing Whatever we did was not enough: How Salt Typhoon slipped through the governments blind spots. And Victorias Secrets are leaked. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never...
Fingers point east.
The Czech Republic accuses Chinese state-backed hackers of cyber-espionage. CISAs leaders head for the exits. Cybercriminals are using fake AI video generator websites to spread malware. A stealthy phishing campaign delivers the Remcos RAT via DBatLoader. A fake Bitdefender website spreads malware targeting financial data. Medusa ransomware claims to have breached global real estate firm RE/MAX. An Iranian national faces up to 30 years in prison for ransomware targeting US cities. Our guest is Tony Velleca, CyberProof's CEO, discussing exposure management and a more risk-focused approach to prioritize threats. Mind reading for fun and profit. Remember to leave us a...
BEAR-ly washed and dangerous.
Laundry Bear airs dirty cyber linen in the Netherlands. AI coding agents are tricked by malicious prompts in a Github MCP vulnerability.Tenable patches critical flaws in Network Monitor on Windows. MathWorks confirms ransomware behind MATLAB outage. Feds audit NVD over vulnerability backlog. FBI warns law firms of evolving Silent Ransom Group tactics. Chinese hackers exploit Cityworks flaw to breach US municipal networks. Everest Ransomware Group leaks Coca-Cola employee data. Nova Scotia Power hit by ransomware. On todays Threat Vector, David Moulton speaks with his Palo Alto Networks colleagues Tanya Shastri and Navneet Singh about a strategy for secure AI by...
AWS in Orbit: Automated Satellite Management. [T-Minus Space]
While our team is observing Memorial Day in the United States, please enjoy this episode from our team from T-Minus Space Daily recorded recently at Space Symposium. You can learn more about AWS in Orbit at space.n2k.com/aws. Our guests on this episode are Dax Garner, CTO at Cognitive Space and Ed Meletyan, AWS Sr Solutions Architect. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS Aerospace and Satellite Want to hear your company in the show? You too can reach the most influential...
Hugh Thompson on Building the RSA Conference [Afternoon Cyber Tea]
While our team is observing Memorial Day in the United States, please enjoy this episode from the N2K CyberWire network partner, Microsoft Security. You can hear new episodes of Ann Johnson's Afternoon Cyber Tea podcast every other Tuesday. Dr. Hugh Thompson, Executive Chairman of RSA Conference and Managing Partner at Crosspoint Capital joins Ann on this week's episode of Afternoon Cyber Tea. They discuss what goes into planning the worlds largest cybersecurity conferencefrom theme selection to llama-related surprises on the expo floorand how the RSA community continues to evolve. Hugh also shares how his background in applied math led him...
Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]
Please enjoy this encore of Career Notes. Product Manager in Anti-Fraud Solutions at SpyCloud, Pattie Dillon shares her journey from raising her family to specializing in the anti-fraud space.Upon reentering the workforce, Pattie worked on identity verification and developed a system with privacy concerns in mind. She moved to work in gift cards and was exposed to money laundering. Traveling along the fraud spectrum, Pattie learned about underground data and feels that this data can be leveraged to actually prevent and fight online fraud. Pattie believes if you don't try, you'll never know. We know we appreciate Pattie sharing her...
Purple teaming in the modern enterprise. [CyberWire-X]
In large enterprise software companies, Red and Blue Teams collaborate through Purple Teaming to proactively detect, respond to, and mitigate advanced threats. In this episode of CyberWire-X, N2K's Dave Bittner is joined byAdobesJustin Tiplitsky, Director of Red TeamandIvan Koshkin, Senior Detection Engineerto discuss how their teams work together daily to strengthenAdobes security ecosystem. They share real-world insights on how this essential collaboration enhances threat detection, refines security controls, and improves overall cyber resilience.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Pandas with a purpose. [Research Saturday]
This week, we are joined by Deepen Desai, Zscaler's Chief Security Officer and EVP of Cyber and AI Engineering, taking a dive deep into Mustang Pandas latest campaign. Zscaler ThreatLabz uncovered new tools used by Mustang Panda, including the backdoors TONEINS, TONESHELL, PUBLOAD, and the proxy tool StarLoader, all delivered via phishing. They also discovered two custom keyloggers, PAKLOG and CorKLOG, and an EDR evasion tool, SplatCloak, highlighting the group's focus on surveillance, persistence, and stealth in cyberespionage operations.4o. The research can be found here: Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 Latest Mustang Panda Arsenal: PAKLOG, CorKLOG,...
When malware masters meet their match.
Operation Endgame dismantles cybercriminal infrastructure. DOGEs use of the Grok AI chatbot raises ethical and privacy concerns. Malware on the npm registry uses malicious packages to quietly gather intelligence on developer environments. Researchers link Careto malware to the Spanish government. Exploring proactive operations via letters of marque. Hackers hesitate to attend the HOPE conference over travel concerns. Our guest is Jeffrey Wheatman, Cyber Risk Expert at Black Kite, warning us to "Beware the silent breach." AI threatens to spill secrets to save itself. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode?...
Lights out for Lumma.
A joint operation takes down Lumma infrastructure. The FTC finalizes a security settlement with GoDaddy. The Telemessage breach compromised far more U.S. officials than initially known. Twin hackers allegedly breach a major federal software provider from the inside. U.S. telecom providers fail to notify the Senate when law enforcement agencies request data from Senate-issued devices.DragonForce makes its mark on the ransomware front. A data leak threatens survivors of domestic abuse in the UK. Lexmark discloses a critical vulnerability affecting over 120 printer models. Our guest is David Holmes, CTO for Application Security at Imperva, with insights into the role of...
Bear in the network.
A joint advisory warns of Fancy Bear targeting Western logistics and technology firms. A nonprofit hospital network in Ohio suffers a disruptive ransomware attack. The Consumer Financial Protection Bureau (CFPB) drops plans to subject data brokers to tighter regulations. KrebsOnSecurity and Google block a record breaking DDoS attack. A phishing campaign rerouted employee paychecks. Atlassian patches multiple high-severity vulnerabilities. A Wisconsin telecom provider confirms a cyberattack caused a week-long outage. VMware issues a Security Advisory addressing multiple high-risk vulnerabilities. Prosecutors say a 19-year-old student from Massachusetts will plead guilty to hacking PowerSchool. Our guest is Rob Allen, Chief Product Officer...
The Take It Down Act walks a fine line.
President Trump signs the Take It Down Act into law. A UK grocer logistics firm gets hit by ransomware. Researchers discover trojanized versions of the KeePass password manager. Researchers from CISA and NIST promote a new metric to better predict actively exploited software flaws. A new campaign uses SEO poisoning to deliver Bumblebee malware. A sophisticated phishing campaign is impersonating Zoom meeting invites to steal user credentials. CISA has added six actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. A bipartisan bill aims to strengthen the shrinking federal cybersecurity workforce. Our guest is Chris Novak, Vice President of...
Redacted realities: Inside the MoJ hack.
The UKs Ministry of Justice suffers a major breach. Mozilla patches two critical JavaScript engine flaws in Firefox. Over 200,000 patients of a Georgia-based health clinic see their sensitive data exposed. Researchers track increased malicious targeting of iOS devices. A popular printer brand serves up malware. PupkinStealer targets Windows systems. An Alabama man gets 14 months in prison for a sim-swap attack on the SEC. Our guest is Ian Tien, CEO at Mattermost, sharing insights on enhancing cybersecurity through effective collaboration. Ethical Hackers win the day at Pwn2Own Berlin. Remember to leave us a 5-star rating and review in your...
Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes]
Please enjoy this encore of Career Notes. Host of the CyberWire Podcast, Dave Bittner, wanted to work with the Muppets, so naturally he landed in cybersecurity. Dave and his Cookie Monster puppet spent much of his childhood putting on shows for his parents friends. During one of those performances, he was discovered and got his start at the local PBS station. A radio, television and film major in college, Dave owned his own company and as the most tech-savvy member of the group, handled that side of things. Dave notes his cybersecurity challenges back then consisted of maybe a corrupt...
Leveling up their credential phishing tactics. [Research Saturday]
This week, Dave speaks with Max Gannon of Cofense Intelligence to dive into his team's research on "The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders." Threat actors continuously develop new tactics, techniques, and procedures (TTPs) to bypass existing defenses. When defenders identify these methods and implement countermeasures, attackers adapt or create more sophisticated approaches. This research explores how cybercriminals are leveling up their credential phishing tactics usingPrecision-Validated Phishing, a technique that leveragesreal-time email validationto ensure only high-value targets receive the phishing attempt. The research can be found here: The Rise of Precision-Validated Credential Theft: A New Challenge...
Preparing for the cyber battlespace.
NATO hosts the worlds largest cyber defense exercise. The DOJ charges a dozen people in a racketeering conspiracy involving the theft of over $230 million in cryptocurrency. Japan has enacted a new Active Cyberdefense Law. Lawmakers push to reauthorize the Cybersecurity Information Sharing Act. Two critical Ivanti Endpoint Manager Mobile vulnerabilities are under active exploitation. Hackers use a new fileless technique to deploy Remcos RAT. The NSAs Director of Cybersecurity hangs up their hat. Our guest is Christopher Cleary, VP of ManTech's Global Cyber Practice, discussing the cyber battlespace of the future. Coinbase flips the script on an extortion attempt....
Bypassing Bitlocker encryption.
Google issues an emergency patch for a high-severity Chrome browser flaw. Researchers bypass BitLocker encryption in minutes. A massive Chinese-language black market has shut down. The CFPB cancels plans to curb the sale of personal information by data brokers. A cyberespionage campaign called Operation RoundPress targets vulnerable webmail servers. Google warns that Scattered Spider is now targeting U.S. retail companies. The largest steelmaker in the U.S. shut down operations following a cybersecurity incident. Our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. The long and the short of layoffs. Remember to leave us...
Get to patching: Patch Tuesday updates.
A busy Patch Tuesday. Investigators discover undocumented communications devices inside Chinese-made power inverters. A newly discovered Branch Privilege Injection flaw affects Intel CPUs. A UK retailer may claim up to 100mn from its cyber insurers after a major cyberattack. A Kosovo national has been extradited to the U.S. for allegedly running an illegal online marketplace. CISA will continue alerts on its website following industry backlash. On our Industry Voices segment, Neil Hare-Brown, CEO at STORM Guidance, discusses Cyber Incident Response (CIR) retainer service provision. Shoring up the future of the CVE program. Remember to leave us a 5-star rating and...
Jamming in a ban on state AI regulation.
House Republicans look to limit state regulation of AI. Spain investigates potential cybersecurity weak links in the April 28 power grid collapse. A major security flaw has been found in ASUS mainboards automatic update system. A new macOS info-stealing malware uses PyInstaller to evade detection. The U.S. charges 14 North Korean nationals in a remote IT job scheme. Europes cybersecurity agency launches the European Vulnerability Database. CISA pares back website security alerts. Moldovan authorities arrest a suspect in DoppelPaymer ransomware attacks. On todays Threat Vector segment, David Moulton speaks with Noelle Russell, CEO of the AI Leadership Institute, about how...
No quick fix for a ClickFix attack.
A major student engagement platform falls victim to the ClickFix social engineering attack. Google settles privacy allegations with Texas for over one point three billion dollars. Stores across the UK face empty shelves due to an ongoing cyberattack. Ascension Health reports that over 437,000 patients were affected by a third-party data breach. A critical zero-day vulnerability in SAP NetWeaver is being actively exploited. Researchers uncover two major cybersecurity threats targeting IT admins and cloud systems. U.S. prosecutors charge three Russians and one Kazakhstani in connection with the takedown of two major botnets. A new tool disables Microsoft Defender by tricking...
Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]
Enjoy this encore of Career Notes. Executive Security Advisor at IBM Security Limor Kessem says she started her cybersecurity career by pure chance. Limor made a change from her childhood dream of being a doctor and came into cybersecurity with her passion, investment, discipline, and perseverance. Limor talks about how we must tighten our core security and at the same time we allow innovation to help us move forward with the times.She's been fortunate to have been able to stand up for others and has had others support her. She said that is very motivating and has allowed her to...
Beyond cyber: Securing the next horizon. [Special Edition]
Cybersecurity is no longer confined to the digital world or just a technical challenge, its a global imperative. The NightDragon Innovation Summit convened a group of industry leaders to discuss how public and private entities can work together to address emerging threats and harness the power of AI, cybersecurity, and innovation to strengthen national defense. In this special edition podcast, we capture a glimpse into the knowledge and expertise shared at the NightDragon Innovation Summit. We are joined by NightDragon Founder and CEO Dave DeWalt, DataBee CEO Nicole Bucala, Liberty Mutual Insurance EVP and CISO Katie Jenkins, Sophos CEO Joe...
Hijacking wallets with malicious patches. [Research Saturday]
This week, we are joined by Lucija Valenti, Software Threat Researcher from ReversingLabs, who is discussing "Atomic and Exodus crypto wallets targeted in malicious npm campaign." Threat actors have launched a malicious npm campaign targeting Atomic and Exodus crypto wallets by distributing a fake package called "pdf-to-office," which secretly patches locally installed wallet software to redirect crypto transfers to attacker-controlled addresses. ReversingLabs researchers discovered that this package used obfuscated JavaScript to trojanize specific files in targeted wallet versions, enabling persistence even after the malicious package was removed. This incident highlights the growing threat of software supply chain attacks in the...
Scrutinizing the security of messaging apps continues.
The messaging app used by CBP and the White House faces continued security scrutiny. Hacktivists breach the airline used for U.S. deportation flights. The FBI warns that threat actors are exploiting outdated, unsupported routers. Education giant Pearson confirms a cyberattack. Researchers report exploitation of Windows Remote Management (WinRM) for stealthy lateral movement in Active Directory (AD) environments. A sophisticated email attack campaign uses malicious PDF invoices to deliver a cross-platform RAT. A zero-day vulnerability in SAP NetWeaver enables remote code execution. An Indiana health system reports a data breach affecting nearly 263,000 individuals. Our guest is Alex Cox, Director of...
Targeting schools is not cool.
The LockBit ransomware gang has been hacked. Google researchers identify a new infostealer called Lostkeys. SonicWall is urging customers to patch three critical device vulnerabilities. Apple patches a critical remote code execution flaw. Cisco patches 35 vulnerabilities across multiple products. Iranian hackers cloned a German modeling agencys website to spy on Iranian dissidents. Researchers bypass SentinelOnes EDR protection. Education tech firm PowerSchool faces renewed extortion. CrowdStrike leans into AI amidst layoffs. Our guest is Caleb Barlow, CEO of Cyberbit, discussing the mixed messages of the cyber skills gaps. Honoring the legacy of Joseph Nye. Remember to leave us a 5-star...
AWS in Orbit: Empowering exploration on the Moon, Mars, and more.
From the N2K CyberWire network T-Minus team, please enjoy this podcast episode recorded at Space Symposium 2025. Find out how AWS for Aerospace and Satellite is empowering exploration on the Moon, Mars, and beyond with Lunar Outpost. You can learn more about AWS in Orbit at space.n2k.com/aws. Our guests on this episode are AJ Gemer, CTO at Lunar Outpost and Salem El Nimri, CTO at AWS Aerospace & Satellite. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS Aerospace and Satellite Audience Survey...
When spyware backfires.
A jury orders NSO Group to pay $167 millions dollars to Meta over spyware allegations. CISA warns of hacktivists targeting U.S. ICS and SCADA systems. Researcher Micah Lee documents serious privacy risks in the TM SGNL app used by high level Trump officials. The NSA plans significant workforce cuts. Nations look for alternatives to U.S. cloud providers. A medical device provider discloses a cyberattack disrupting its ability to ship customer orders. The Panda Shop smishing kit impersonates trusted brands. Accentures CFO thwarts a deepfake attempt. Our temporary intern Kevin Magee from Microsoft wraps up his reporting from the RSAC show...
No hocus pocusMagicINFO flaw is the real threat.
A critical flaw in a Samsungs CMS is being actively exploited. President Trumps proposed 2026 budget aims to slash funding for CISA. ClickFix malware targets both Windows and Linux systems through advanced social engineering. CISA warns of a critical Langflow vulnerability actively exploited in the wild. A new supply-chain attack targets Linux servers using malicious Go modules found on GitHub. The Venom Spider threat group targets HR professionals with fake resume submissions. The Luna Moth group escalates phishing attacks on U.S. legal and financial institutions. The U.S. Treasury aims to cut off a Cambodia-based money laundering operation. Our guest is...
Hardcoded credentials and hard lessons.
Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber-espionage campaign targeting critical national infrastructure in the Middle East. Threat brokers advertise a new SS7 zero-day exploit on cybercrime forums. The StealC info-stealer and malware loader gets an update. Passkeys blaze the trail to a passwordless future. On our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at the New...
Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes]
Please enjoy this encore of Career Notes. Chief Scientist at LivePerson Joe Bradley takes us down his circuitous career journey that led him back to math.Joe had many ambitions from opera singer to middle school teacher, spent some time at two national labs and went back to his first love of math and physics. He notes that many of the most mathematically intuitive people that he's met are people that also have a creative outlet and a lot of times it's music.Adding a business aspect to his technical work, Joe came to his current position. He recommends going deep into...
When AI gets a to-do list. [Research Saturday]
This week, we are joined by Shaked Reiner, Security Principal Security Researcher at CyberArk, who is discussing their research on"Agents Under Attack: Threat Modeling Agentic AI." Agentic AI empowers LLMs to take autonomous actions, like browsing the web or executing code, making them more usefulbut also more dangerous. Threats like prompt injections and stolen API keys can turn agents into attack vectors. Shaked Reiner explains how treating agent outputs like untrusted code and applying traditional security principles can help keep them in check. The research can be found here: Agents Under Attack: Threat Modeling Agentic AI Learn more about your...
Wired, but not fired.
RSAC 2025 comes to an end. Canadian power company hit by cyberattack. Ascension Health discloses another breach. UK luxury department store Harrods discloses attempted cyberattack. Microsoft fixes bug flagging Gmail as spam. An unofficial version of the Signal app shared in photo. EU fines TikTok for violating GDPR with China data transfer. US Treasury to cut off Southeast Asian cybercrime key player. Passwordless by default coming your way. Our guest is Kevin Magee, from Microsoft, sharing a medley of interviews he gathered on the show floor of RSAC 2025. Remember to leave us a 5-star rating and review in your...
AI on the offensive.
Updates from RSAC 2025. Former NSA cyber chief Rob Joyce warns that AI is rapidly approaching the ability to develop high-level software exploits. An FBI official warns that China is the top threat to U.S. critical infrastructure. Mandiant and Google raise alarms over widespread infiltration of global companies by North Korean IT workers. France accuses Russias Fancy Bear of targeting at least a dozen French government and institutional entities. SonicWall has issued an urgent alert about active exploitation of a high-severity vulnerability in its Secure Mobile Access appliances. A China-linked APT group known as TheWizards is abusing an IPv6 networking...
Less CISA, more private sector power?
DHS Secretary Kristi Noem justifies budget cuts in her RSAC keynote. The EFF pens an open letter to Trump backing Chris Krebs. Scattered Spider is credited with the Marks & Spencer cyberattack. Researchers discover a critical flaw in Apples AirPlay protocol. The latest CISA advisories. On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. What do you call an AI chatbot that finished at the bottom of its class in med school? Remember to leave us a 5-star rating and...
Trends shaping the future at RSAC.
RSAC 2025 is well under way, and Kevin the Intern files his first report. Authorities say Spain and Portugals massive power outage was not a cyberattack. Concerns are raised over DOGE access to classified nuclear networks. The FS-ISAC launches the Cyberfraud Prevention Framework. Real-time deepfake fraud is here to stay. On todays Threat Vector, host David Moulton speaks with Daniel B. Rosenzweig, a leading data privacy and AI attorney, about the growing complexity of privacy compliance in the era of big data and artificial intelligence. Protecting your companywith a fat joke. Remember to leave us a 5-star rating and review...
Lights out, lines down.
A massive power outage strikes the Iberian Peninsula. Iran says it repelled a widespread and complex cyberattack targeting national infrastructure. Researchers find hundreds of SAP NetWeaver systems vulnerable to a critical zero-day. A British retailer tells warehouse workers to stay home following a cyberattack. VeriSource Services discloses a breach exposing personal data of four million individuals. Global automated scanning surged 16.7% in 2024. CISA discloses several critical vulnerabilities affecting Planet Technologys industrial switches and network management products. A Greek court upholds a VPN providers no-logs policies. Law enforcement dismantles the JokerOTP phishing tool. Our guest is Tim Starks from CyberScoop...
Please enjoy this encore episode of Career Notes. CEO and co-founder of Sternum, Natali Tshuva shares how she took her interest in science and technology and made a career and company out of it.Beginning her computer science undergraduate degree at age 14 through a special program in Israel, Natali says it opened up a new world for her. Her required service in the IDF found Natali as a member of Unit 8200, the Israeli intelligence. In the Israeli corporate space following the IDF, Natali discovered how cybersecurity could actually create impact in the real world environment and found a way...
Microsoft for Startups: The benefits of the cyber startup ecosystem. [Special Edition]
Welcome to the Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft. In this episode, we are shining a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. This episode is part of our exclusive RSAC series where we dive into the real world impact of the Microsoft for Startups Founders Hub. Along with Microsofts Kevin Magee, Dave Bittner talks with an entrepreneur and startup veteran, and founders from three incredible startups who are part of the Founders Hub, each tackling big problems with even bigger ideas. Dave and Kevin...
Chinas new cyber arsenal revealed. [Research Saturday]
Today we are joined by Crystal Morin, Cybersecurity Strategist from Sysdig, as she is sharing their work on "UNC5174s evolution in Chinas ongoing cyber warfare: From SNOWLIGHT to VShell." UNC5174, a Chinese state-sponsored threat actor, has resurfaced with a stealthy cyber campaign using a new arsenal of customized and open-source tools, including a variant of their SNOWLIGHT malware and the VShell RAT. Sysdig researchers discovered that the group targets Linux systems through malicious bash scripts, domain squatting, and in-memory payloads, indicating a high level of sophistication and espionage intent. Their evolving tactics, such as using spoofed domains and fileless malware,...
Pentagon hits fast-forward on software certs.
The Defense Department is launching a new fast-track software approval process. A popular employee monitoring tool exposes over 21 million real-time screenshots. The U.S. opens a criminal antitrust investigation into router maker TP-Link. A pair of health data breaches affect over six million people. South Koreas SK Telecom confirms a cyberattack. A critical zero-day puts thousands of SAP applications at potential risk. Researchers raise concerns over AI agents performing unauthorized actions. Policy Puppetry can break the safety guardrails of all major generative AI models. New research tallies the high costs of data breaches. A preview of the RSAC Innovation Sandbox...
Lessons from the latest breach reports.
Verizon and Mandiant call for layered defenses against evolving threats. Cisco Talos describes ToyMaker and Cactus threat actors. Researchers discover a major Linux security flaw which allows rootkits to bypass traditional detection methods. Ransomware groups are experimenting with new business models. Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division shares the latest on Salt Typhoon. Global censorship takes a coffee break. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure to follow CyberWire...
States struggle with cyber shift.
The White Houses shift of cybersecurity responsibilities to the states is met with skepticism. Baltimore City Public Schools suffer a ransomware attack. Russian state-backed hackers target Dutch critical infrastructure. Microsoft resolves multiple Remote Desktop issues. A new malware campaign is targeting Docker environments for cryptojacking. A new phishing campaign uses weaponized Word documents to steal Windows login credentials. Zyxel Networks issues critical patches for two high-severity vulnerabilities. CISA issues five advisories highlighting critical vulnerabilities in ICS systems. Our guest is Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division, sharing the findings of their latest IC3 report. So long,...
Proton66s malware highway.
The Russian Proton66 is tied to cybercriminal bulletproof hosting services. A new Rust-based botnet hijacks vulnerable routers. CISA budget cuts limit the use of popular analysis tools. A pair of healthcare providers confirm ransomware attacks. Researchers uncover the Scallywag ad fraud network. The UN warns of cyber-enabled fraud in Southeast Asia expanding at an industrial scale. Fog ransomware resurfaces and points a finger at DOGE. The cybercrime marketplace Cracked relaunches under a new domain. On our Industry Voices segment, Bob Maley, CSO of Black Kite, shares insights on the growing risk of third-party cyber incidents. Taking the scenic route through...
When fake fixes hide real attacks.
Adversary nations are using ClickFix in cyber espionage campaigns. Japans Financial Services Agency issues an urgent warning after hundreds of millions in unauthorized trades. The critical Erlang/OTPs SSH vulnerability now has public exploits. A flawed rollout of a new Microsoft Entra app triggers widespread account lockouts. The alleged operator of SmokeLoader malware faces federal hacking charges. A new scam blends social engineering, malware, and NFC tech to drain bank accounts. GSA employees may have been oversharing sensitive documents. Yoni Shohet, Co-Founder and CEO of Valence Security, who cautions financial organizations of coming Chinese open source AI. Crosswalks in the crosshairs...
Rich Hale: Understanding the data. [CTO] [Career Notes]
Please enjoy this encore episode of Career Notes. Chief Technology Officer of ActiveNav Rich Hale takes us through his career aspirations of board game designer (one he has yet to realize), through his experience with the Royal Air Force to the commercial sector where his firm works to secure dark data.During his time in the Air Force, Rich was fortunate to serve on a wide range of different platforms from training aircraft to bombers, and all the way into procurement and policy. Transitioning to the commercial sector, Rich notes he was well prepared for some aspects, but lacking in some...
Crafting malware with modern metals. [Research Saturday]
This week, we are joined by Nick Cerne, Security Consultant from Bishop Fox, to discuss "Rust for Malware Development." In pursuit of simulating real adversarial tactics, this blog explores the use of Rust for malware development, contrasting it with C in terms of binary complexity, detection evasion, and reverse engineering challenges. The author demonstrates how Rust's inherent anti-analysis traits and memory safety features can create more evasive malware tooling, including a simple dropper that injects shellcode using lesser-known Windows APIs. Through hands-on comparisons and decompiled output analysis, the post highlights Rusts growing appeal in offensive security while noting key OPSEC...
SSH-attered trust.
A critical vulnerability in Erlang/OTP SSH allows unauthenticated remote code execution. Theres a bipartisan effort to renew a key cybersecurity info sharing law. A newly discovered Linux kernel vulnerability allows local attackers to escalate privileges. A researcher uncovers 57 risky Chrome extensions with a combined 6 million users. AttackIQ shares StrelaStealer simulations. A major live events service provider notifies employees and customers of a data breach. CISA warns of an actively exploited SonicWall vulnerability. An airport retailer agrees to a multi-million dollar settlement stemming from a ransomware attack. A preview of RSAC 2025 with Linda Gray Martin and Britta Glade....
Microsoft squashes windows server bug.
Microsoft issues emergency updates for Windows Server. Apple releases emergency security updates to patch two zero-days. CISA averts a CVE program disruption. Researchers uncover Windows versions of the BrickStorm backdoor. Atlassian and Cisco patch several high-severity vulnerabilities. An Oklahoma cybersecurity CEO is charged with hacking a local hospital. A Fortune 500 financial firm reports an insider data breach. Researchers unmask IP addresses behind the Medusa Ransomware Group. CISA issues a warning following an Oracle data breach. On our Industry Voices segment, we are joined by Rob Allen, Chief Product Officer at ThreatLocker, to discuss a layered approach to zero trust....
CVE program gets last-minute lifeline.
The CVE program gets a last-minute reprieve. A federal whistleblower alleges a security breach at the NLRB. Texas votes to spin up their very own Cyber Command. BreachForums suffers another takedown. A watchdog group sues the federal government over SignalGate allegations. The SEC Chair reveals a 2016 hack. ResolverRAT targets the healthcare and pharmaceutical sectors worldwide. Microsoft warns of blue screen crashes following recent updates. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the EC-Council Certified Ethical Hacker (CEH) exam. 4chan gets Soyjacked. Remember to leave us a 5-star rating and...
OCC breach jolts financial sector.
Some U.S. banks pause electronic communications with the OCC following a major breach of the agencys email system. Uncertainty spreads at CISA. China accuses three alleged U.S. operatives of conducting cyberattacks during Februarys Asian Games. Microsoft Teams suffers filesharing issues. Fraudsters use ChatGPT to create fake passports. Car rental giant Hertz confirms data stolen in last years Cleo breach. Researchers describe a novel process injection method called Waiting Thread Hijacking. A new macOS malware-as-a-service threat is being sold on underground forums. A UK man is sentenced to over eight years for masterminding the LabHost phishing platform. Kim Jones joins us...
AI ambitions clash with cyber caution.
The Department of the Interior removes top cybersecurity and tech officials. The DOJ looks to block foreign adversaries from acquiring sensitive personal data of U.S. citizens. Microsoft issues emergency updates to fix an Active Directory bug. Hackers are installing stealth backdoors on FortiGate devices. Researchers warn of a rise in Dangling DNS attacks. A pair of class action lawsuits allege a major adtech firm secretly tracks users online without consent. Google is fixing a 20-year-old Chrome privacy flaw. The Tycoon2FA phishing-as-a-service platform continues to evolve. My guest is Tim Starks from CyberScoop, discussing the latest from CISA and Chris Krebs....
Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]
Please enjoy this encore of Career Notes. Vice President for Cyber and Information Solutions within Mission Systems at Northrop Grumman, Jennifer Walsmith takes us on her pioneering career journey.Following in her father's footsteps at the National Security Agency, Jennifer began her career out of high school in computer systems analysis. Jennifer notes she saw the value of a college degree and at her parents' urging attended night school. She completed her bachelors in computer science at University of Maryland, Baltimore County with the support of the NSA. Jennifer talks about the support of her team at NSA where she was...
The new malware on the block. [OMITB]
This week, we are sharing an episode of our monthly show, Only Malware in the Building. We invite you to join Dave Bittner and cohost Selena Larson as they explore "The new malware on the block." Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined byN2KNetworksDave Bittner and our newest totally unbiased co-host, Archy, a highly sophisticated AI...
CISA shrinks while threats grow.
CISA braces for widespread staffing cuts. Russian hackers target a Western military mission in Ukraine. China acknowledges Volt Typhoon. The U.S. signs on to global spyware restrictions. A lab supporting Planned Parenthood confirms a data breach. Threat actors steal metadata from unsecured Amazon EC2 instances. A critical WordPress plugin vulnerability is under active exploitation. A new analysis details a critical unauthenticated remote code execution flaw affecting Ivanti products. Joining us today is Johannes Ullrich, Dean of Research at SANS Technology Institute, with his take on "Vibe Security." Does AI understand, and does that ultimately matter? Remember to leave us a...
Former cybersecurity officials lose clearances.
Trump targets former cybersecurity officials. Senator blocks CISA nominee over telecom security concerns. The acting head of NSA and Cyber Command makes his public debut. Escalation of Cyber Tensions in U.S.-China Trade Relations. Researchers evaluate the effectiveness of Large Language Models (LLMs) in automating Cyber Threat Intelligence. Hackers at Black Hat Asia pown a Nissan Leaf. A smart hub vulnerability exposes WiFi credentials. A new report reveals routers riskiness. Operation Endgames nabs SmokeLoader botnet users. Our guest is Anushika Babu, Chief Growth Officer at AppSecEngineer, joins us to discuss the creative ways people are using AI. The folks behind the...
Major breach at the US Treasurys OCC.
Treasurys OCC reports a major email breach. Patch Tuesday updates. A critical vulnerability in AWS Systems Manager (SSM) Agent allowed attackers to execute arbitrary code with root privileges. Experts urge Congress to keep strict export controls to help slow Chinas progress in AI. A critical bug in WhatsApp for Windows allows malicious code execution.CISA adds multiple advisories on actively exploited vulnerabilities. Insider threat allegations rock a major Maryland medical center. Microsofts Ann Johnson from Afternoon Cyber Tea is joined by Jack Rhysider, the creator and host of the acclaimed podcast Darknet Diaries. Feds Aim to Rewrite Social Security Code in...
Using AI to sniff out opposition.
Is DOGE using AI to monitor federal employees? Googles latest Android update addresses two zero-days. Scattered Spider continues its phishing and malware campaigns. Ransomwares grip is slipping. ToddyCat exploits a critical flaw in ESET products. Oracle privately confirms a legacy system breach. Over 5,000 Ivanti Connect Secure appliances remain exposed online to a critical remote code execution vulnerability. CISA confirms active exploitation of a critical vulnerability in CrushFTP. In our Industry Voices segment, we are joined by Matt Radolec, VP of Incident Response at Varonis, on turning to gamers to to Build Resilient Cyber Teams. AI outphishes human red teams....
UK Apple showdown gonna be public.
UK court blocks government's attempt to keep Apple encryption case secret. Port of Seattle says last year's breach affected 90,000 people. Verizon Call Filter App flaw exposes millions' call records. Hackers hit Australian pension funds. A global threat hiding in plain sight. Cybercriminals are yelling CAPTCH-ya! Meta retires U.S. fact-checking program. Our guest today is Rob Boyce from Accenture and hes discussing Advanced Persistent Teenagers (APTeens). And Googles AI Goes Under the Sea. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll...
Rick Howard: Give people resources. [CSO] [Career Notes]
Please enjoy this encore of Career Notes. Chief Security Officer, Chief Analyst, and Senior Fellow at the CyberWire, Rick Howard, shares his travels through the cybersecurity job space. The son of a gold miner who began his career out of West Point in the US Army, Rick worked his way up to being the Commander of the Army's Computer Emergency Response Team. Rick moved to the commercial sector working for Bruce Schneier running Counterpane's global SOC. Rick's first CSO job was for Palo Alto Networks where he was afforded the opportunity to create the Cybersecurity Canon Hall of Fame and...
Bybits $1.4B breach. [Research Saturday]
Zach Edwards from Silent Push is discussing their work on "New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks." Silent Push analysts uncovered significant infrastructure used by the Lazarus APT Group, linking them to the $1.4 billion Bybit crypto heist through the domain bybit-assessment[.]com registered just hours before the attack. The investigation revealed a pattern of test entries, VPN usage, and fake job interview scams targeting crypto users, with malware deployment tied to North Korean threat actor groups like TraderTraitor and Contagious Interview. The team also identified numerous companies being impersonated in these scams,...
A leadership shift.
President Trump fires the head of NSA and Cyber Command. The Health Sector Coordinating Council asks the White House to abandon Biden-era security updates. Senators introduce bipartisan legislation to help fight money laundering. A critical vulnerability has been discovered in the Apache Parquet Java library. The State Bar of Texas reports a ransomware-related data breach. New Android spyware uses a password-protected uninstallation method. A Chinese state-backed threat group exploits a critical Ivanti vulnerability for remote code execution. Todays guest is Dave Dewalt, Founder and CEO of NightDragon, with the latest trends and outlook from cyber leaders. Malware masquerades as the...
The invisible force fueling cyber chaos.
A joint advisory labels Fast Flux a national security threat. Europol shuts down a major international CSAM platform. Oracle verifies a data breach. A new attack targets Apache Tomcat servers. The Hunters International group pivots away from ransomware. Hackers target Juniper routers using default credentials. A controversy erupts over a critical CrushFTP vulnerability. Johannes Ullrich, Dean of Research at SANS Technology Institute unpacks Next.js. Abracadabra, alakazam poof! Your credentials are gone. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss...
Chrome & Firefox squash the latest flaws.
Google and Mozilla patch nearly two dozen security flaws. The UKs Royal Mail Group sees 144GB of data stolen and leaked. A bizarre campaign looks to recruit cybersecurity professionals to hack Chinese websites. PostgreSQL servers with weak credentials have been compromised for cryptojacking. Google Cloud patches a vulnerability affecting its Cloud Run platform. Oracle faces a class-action lawsuit over alleged cloud services data breaches. CISA releases ICS advisories detailing vulnerabilities in Rockwell Automation and Hitachi Energy products. General Paul Nakasone offers a candid assessment of Americas evolving cyber threats. On todays CertByte segment, a look at the Cisco Enterprise Network...
Hackers beware, fines are in the air.
The UK unveils the full scope of its upcoming Cyber Security and Resilience Bill. Apple warns of critical zero-day vulnerabilities under active exploitation. The InterLock ransomware group claims responsibility for a cyberattack on National Presto Industries. Microsoft flags a critical vulnerability in Canon printer drivers. Check Point Software confirms a data breach. The FTC warns 23andMes bankruptcy trustees to uphold their privacy obligations. A Canadian hacker has been arrested and charged for allegedly breaching systems tied to the Texas Republican Party. A GCHQ intern pleads guilty to stealing top-secret data. On our Threat Vector segment, host David Moulton from Palo...
Ransom demands and medical data for sale.
A cyberattack targeting Oracle Health compromises patient data. The DOJ nabs over $8 million tied to romance scams. Trend Micro examines a China-linked APT group conducting cyber-espionage. A new Android banking trojan called Crocodilus has emerged. North Koreas Lazarus Group targets job seekers in the crypto industry. CISA IDs a new malware variant targeting Ivanti Connect Secure appliances. Maria Varmazis, host of N2Ks T-Minus Space Daily show chats with Jake Braun, former White House Principal Deputy National Cyber Director and chairman of DEF CON Franklin. They discuss designating space as critical infrastructure. Nulling out your pizza payment. Remember to leave...
Alyssa Miller: We have to elevate others. [BISO] [Career Notes]
Please enjoy this encore episode of Career Notes. Business Information Security Officer at S&P Global Ratings, Alyssa Miller, joins us to talk about her journey to become a champion to create a welcoming nature and acceptance of diversity in the cybersecurity community.Starting her first full-time tech position while still in college, Alyssa noted the culture shock being in both worlds. Entering as a programmer and then moving to pen testing where she got her start in security, Alyssa grew into a leader who is committed to elevating those around her. Some stumbling blocks along the way gave her pause and...
Breaking barriers, one byte at a time. [Research Saturday]
This week, we are joined by Jon Williams, Vulnerability Researcher from Bishop Fox, discussing "Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware." Bishop Fox researchers reverse-engineered the encryption protecting SonicWall SonicOSX firmware, enabling them to access its underlying file system for security research. They presented their process and findings at DistrictCon Year 0 and released a tool called Sonicrack to extract keys from VMware virtual machine bundles, facilitating the decryption of VMware NSv firmware images. This research builds upon previous work, including techniques to decrypt static NSv images and reverse-engineer other encryption formats used by SonicWall. The research can be found here:...
New sandbox escape looks awfully familiar.
Mozilla patches Firefox flaw similar to actively exploited Chrome vulnerability. Russia-based RedCurl gang deploys ransomware for the first time. Ukraine's railway operator recovers from cyberattack. India cracks down on Googles billing monopoly. Morphing Meerkat's phishing kit abuses DNS mail exchange records. 300,000 attacks in three weeks. Our guest is Chris Wysopal, Founder and Chief Security Evangelist of Veracode, who sits down with Dave to discuss the increase in the average fix time for security flaws. And Liz Stokes joins with another Fun Fact Friday. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an...
FamousSparrows sneaky resurgence.
Chinas FamousSparrow is back. A misconfigured Amazon S3 bucket exposes data from an Australian fintech firm. Researchers uncover a sophisticated Linux-based backdoor targeting industrial systems. Infiltrating the BlackLock Ransomware groups infrastructure. Solar inverters in the security spotlight. Credential stuffing gets automated. CISA updates the Known Exploited Vulnerabilities catalog. The UKs NCA warns of online groups involved in sadistic cybercrime and real-world violence. Authorities arrest a dozen individuals linked to the now-defunct Ghost encrypted communication platform. Our guest is Tal Skverer, Research Team Lead from Astrix, discussing the OWASP NHI Top 10 framework. Remembering our friend Matt Stephenson. Remember to leave...
No click, all tricks.
Researchers uncover a new Windows zero-day. A covert Chinese-linked network targets recently laid-off U.S. government workers. Malicious npm packages are found injecting persistent reverse shell backdoors. A macOS malware loader evolves. DrayTek router disruptions affect users worldwide. A new report warns of growing cyber risks to the commercial space sector. CISA issues four ICS advisories. U.S. Marshals arrest a key suspect in a multi million dollar cryptocurrency heist. Our guest is Brian Levine, Co-Founder and CEO of FormerGov.com, speaking about creating a networking directory for former government and military professionals. The UKs NCSC goes full influencer to promote 2FA. Remember...
The nightmare you cant ignore.
Critical Remote Code Execution vulnerabilities affect Kubernetes controllers. Senior Trump administration officials allegedly use unsecured platforms for national security discussions. Even experts like Troy Hunt get phished. Google acknowledges user data loss but doesnt explain it. Chinese hackers spent four years inside an Asian telecom firm. SnakeKeylogger is a stealthy, multi-stage credential-stealing malware. A cybercrime crackdown results in over 300 arrests across seven African countries. Ben Yelin, Caveat co-host and Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, joins to discuss the Signal national security leak. Pew Research Center figures...
Scammers celebrate with a bang.
Money laundering runs rampant in Cambodia. Privacy advocates question a new data sharing EO from the White House. An NYU website hack exposes the data of millions. A game demo gets pulled from Steam after users report infostealing malware. The Cloak ransomware group claims a cyberattack on the Virginia Attorney Generals Office. 23andMe files for Chapter 11 bankruptcy. Medusa ransomware is using a malicious driver to disable security tools on infected systems. Clearview AI settles a class-action lawsuit over privacy violations. A look back at the CVE program. In todays Industry Voices segment, we are joined by Joe Ryan, Head...
Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]
Please enjoy this encore of Career Notes. Historian and Curator at the International Spy Museum. Dr. Andrew Hammond, shares how he came to share the history of espionage and intelligence as a career.Starting out in the Royal Air Force when 9/11 happened, Andrew found himself trying to understand what was going on in the world. Studying history and international relations gave him some perspective and led him on his career path which included an introduction to museum industry at the 9/11 Museum. After a stint in academia in the UK, Andrew found his way back to the US and eventually...
Excel-lerating cyberattacks. [Research Saturday]
This week, we are joined by Tom Hegel, Principal Threat Researcher from SentinelLabs research team, to discuss their work on "Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition." The latest Ghostwriter campaign, linked to Belarusian government espionage, is actively targeting Ukrainian military and government entities as well as Belarusian opposition activists using weaponized Excel documents. SentinelLabs identified new malware variants and tactics, including obfuscated VBA macros that deploy malware via DLL files, with payload delivery seemingly controlled based on a targets location and system profile. The campaign, which began preparation in mid-2024 and became active by late 2024,...
Brute force and broken trust.
Over 150 government database servers are dangerously exposed to the internet. Threat actors are exploiting a vulnerability in CheckPoints ZoneAlarm antivirus software. Albabat ransomware goes cross-platform. ESET reports on the Chinese Operation FishMedley campaign. VanHelsing ransomware targets Windows systems in the U.S. and France. CISA issues five ICS advisories warning of high-severity vulnerabilities across critical infrastructure systems. A former NFL coach is indicted for allegedly hacking into the accounts of thousands of college athletes. Brandon Karpf joins us with a look at cyberspace in space. A fraud detection firm gets shut down for fraud. Remember to leave us a 5-star...
Cant escape RCE flaws.
Veeam patches a critical vulnerability in its Backup & Replication software. A spyware data breach highlights ongoing risks. Clearview AI attempted to purchase sensitive data such as Social Security numbers and mug shots. The Netherlands parliament looks to reduce reliance on U.S. software firms. A Pennsylvania union notifies over 517,000 individuals of a data breach. Researchers discover a RansomHub affiliate deploying a new custom backdoor called Betruger. A new info-stealer spreads through game cheats and cracks. David Wiseman, Vice President of Secure Communications at BlackBerry, joins us to explore how organizations can effectively implement CISAs encrypted communications guidelines. What to...
Remote hijacking at your fingertips.
A critical vulnerability could let attackers hijack and potentially disable vulnerable servers. Europol warns of a shadow alliance between state-backed threat actors and cybercriminals. Sekoia examines ClearFake. A critical PHP vulnerability is under active exploitation. A sophisticated scareware phishing campaign has shifted its focus to macOS users. Phishing as a service attacks are on the rise. A new jailbreak technique bypasses security controls in popular LLMs. Microsoft has uncovered StilachiRAT. CISA confirms active exploitation of a critical Fortinet vulnerability. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the ISACA Certified Information...
Tomcat got your server?
An Apache Tomcat vulnerability is under active exploitation. CISA rehires workers ousted by DOGE. Lawmakers look to protect rural water systems from cyber threats. Western Alliance Bank notifies 22,000 individuals of a data breach. A new cyberattack method called BitM allows hackers to bypass multi-factor authentication. A Chinese cyberespionage group targets Central European diplomats. A new cyberattack uses ChatGPT infrastructure to target the financial sector and U.S. government agencies. Australia sues a major securities firm over inadequate protection of customer data. Our Threat Vector segment examines how unifying security capabilities strengthens cyber resilience. Cybercriminals say, Get me Edward Snowden on...
A reel disaster for GitHub.
A phishing campaign targets nearly 12,000 GitHub repositories. The BlackLock ransomware group is one to watch. A federal judge orders reinstatement of workers at CISA. Over 100 car dealership websites suffer a supply chain attack, and Hellcat breaches Jaguar Land Rover. Researchers uncover a major vulnerability affecting RSA encryption keys. A Life Insurance Company notifies 355,500 individuals of a December 2024 data breach. A researcher releases a decryptor for Akira ransomware. A new mapping database aims to help NGOs and high-risk individuals find security tools. Tim Starks from CyberScoop reports that trade groups fear a cybersecurity blackout if a key...
Ingrid Toppelberg: Knowing how to take risks will pay off. [Cybersecurity education] [Career Notes]
Please enjoy this encore of Career Notes. Chief Product Officer at Cybint Solutions, Ingrid Toppelberg, shares her journey from consulting to bootcamp coach and cybersecurity education. As a young girl, Ingrid wanted to do everything from being a teacher to the head of the World Bank. After consulting for several years, Ingrid found cybersecurity. What she found fascinating about the cyber world is how important it is for absolutely everyone at all levels to know about cybersecurity.Ingrid also develops and conducts bootcamps to reskill displaced people into cybersecurity. Ingrid says to those interested in cyber, "just do it. We need...
Trailblazers in Cybersecurity: Lessons from the Women Leading the Charge [Threat Vector]
We thought you might enjoy this episode of Threat Vector podcast from the N2K CyberWIre network as we continue our observance of Women's History Month. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app. In this special Womens History Month episode of Threat Vector, host David Moulton speaks with four trailblazing women in cybersecurity who are shaping the industry: Kristy Friedrichs, Chief Partnerships Officer; Tanya Shastri, SVP of Product Management; Sama Manchanda, Consultant at Unit 42; and Stephanie Regan, Principal Technical Architect at Unit 42. They share their journeys into cybersecurity, discuss...
The ransomware clones of HellCat & Morpheus. [Research Saturday]
Jim Walter, Senior Threat Researcher on SentinelLabs research team, to discuss their work on "HellCat and Morpheus | Two Brands, One Payload as Ransomware Affiliates DropIdentical Code." Over the past six months, new ransomware groups like FunkSec, Nitrogen, and Termite have emerged, while established threats such as Cl0p and LockBit 4.0 have resurfaced. Two prominent Ransomware-as-a-Service (RaaS) operations, HellCat and Morpheus, have gained traction, with research indicating that affiliates of both are using nearly identical ransomware payloads. Despite similarities in their encryption techniques and ransom notes, there is no conclusive evidence linking HellCat and Morpheus to the Underground Team, though...
Balancing budget cuts and cybersecurity.
The White House is urging federal agencies not to lay off cybersecurity teams. Google doesnt deny receiving a secret legal order from the UK government. Microsoft researchers identify a simple method to bypass AI safety guardrails. Scammers are impersonating the Clop ransomware gang. Cisco issues security advisories for multiple IOS XR vulnerabilities. CISA warns of multiple ICS security issues. A LockBit ransomware developer has been extradited to the U.S. GCHQs former director calls for stronger cybersecurity collaboration. Rick Howard and Kim Jones pass the mic for the CISO Perspectives podcast. Sniffing out Stingrays. Remember to leave us a 5-star rating...
FCC draws the line on Chinese tech threats.
The FCC looks to counter Chinese cyber threats. Turmoil at CISA. Volt Typhoon infiltrated a power utility for over 300 days. Europe takes the lead at Ukraines annual cyber conference. Facebook discloses a critical vulnerability in FreeType. A new Android spyware infiltrated the Google Play store. Our guest is Alvaro Alonso Ruiz, Co-Founder and CCO of Leanspace, who is discussing software in space with T-Minus Space Daily host Maria Varmazis. A UK hospital finds thousands of unwelcome guests on their network. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for...
Will Plankey lead CISA to victory?
The White House names their nominee for CISAs top spot. Patch Tuesday updates. Apple issues emergency updates for a zero-day WebKit vulnerability. Researchers highlight advanced MFA-bypassing techniques. North Korea's Lazarus Group targets cryptocurrency wallets and browser data. Our guest today is Rocco DAmico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats. Making sense of the skills gap paradox. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure to follow...
X marks the hack.
X-Twitter had multiple waves of outages yesterday. Signals president warns against agentic AI. A new lawsuit alleges DOGE bypassed critical security safeguards. Is the Five Eyes Alliance fraying? The Minja attack poisons ai memory through user interaction. Researchers report increased activity from the SideWinder APT group. A critical Veritas vulnerability enables remote code execution. A Kansas healthcare provider breach exposes 220,000 patients data. New York sues Allstate over data exposure in insurance websites. CISA warns of critical Ivanti and VeraCode vulnerabilities. FTC to refund $25.5 million to victims of tech support scams. On our Industry Voices segment, we are joined...
PHP flaw sparks global attack wave.
PHP exploits are active in the wild. Security researchers discover undocumented commands in a popular Wi-Fi and Bluetooth-enabled microcontroller. The ONCD could gain influence in this second Trump administration. The Akira ransomware gang leverages an unsecured webcam. Mission, Texas declares a state of emergency following a cyberattack. The FBI and Secret Service confirm crypto-heists are linked to the 2022 LastPass breach. A popular home appliance manufacturer suffers a cyberattack. Switzerland updates reporting requirements for critical infrastructure operators. Our guest is Errol Weiss, Chief Security Officer at the Health-ISAC, who warns the cavalry isnt comingwhy the private sector must take the...
Peter Baumann: Adding value to data. [CEO] [Career Notes]
Please enjoy this encore of Career Notes. CEO of ActiveNav, Peter Baumann, takes us on his career journey from minor home electrical experiments to the business of data discovery.He began his career as an electrical engineer, but felt an entrepreneurial spirit was part of his makeup. Following his return to college to study business and finance, Peter talks about being set on the path to shine the light on the data to provide discovery capability. To those interested in the field, he suggests having a broad familiarity of different approaches. We thank Peter for sharing his story with us. Learn...
Botnets back, tell a friend. [Research Saturday]
This week we are joined by Silas Cutler, Principal Security Researcher at Censys, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response...
The end of the line for Garantex.
Law enforcement shutters Garantex crypto exchange. NTT discloses breach affecting corporate customers. Malvertising campaign hits nearly a million devices. AIs role in Canadas next election. Scammers target Singapores PM in AI fraud. Botnets exploit critical IP camera vulnerability. In our International Women's Day and Womens History Month special, join Liz Stokes as she shares the inspiring stories of women shaping the future of cybersecurity. And how did Insider threats turn a glitch into a goldmine? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing,...
From China with love (and Malware).
US Justice Department charges employees of Chinese IT contractor i-Soon. Silk Typhoon targets the IT supply chain for initial access. Chrome extensions that change shape. Attackers target airflow misconfigurations. LibreOffice vulnerability opens the door to script-based attacks. NSO group leaders face charges in spyware case. Today, our own Dave Bittner is our guest as he appeared on the Adopting Zero Trust podcast at ThreatLockers Zero Trust World 2025 event with hosts Elliot Volkman and Neal Dennis and guest Dr. Chase Cunningham. And turning $1B into thin air. Remember to leave us a 5-star rating and review in your favorite podcast...
US Treasury targets darknet kingpin.
US Treasury Department sanctions Iranian national accused of running the Nemesis criminal marketplace. Hunters International threatens to leak data stolen from Tata Technologies. Apple challenges U.K.s iCloud encryption backdoor order. UK competition regulator says no investigation into Microsoft's OpenAI partnership. Stealthy malware campaign targets the UAE's aviation and satellite industry. This week on our CertByte segment, N2Ks Chris Hare is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate (CCNA) exam. And hackers hit the books. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up...
CISA keeps watch on Russia.
CISA says it will continue monitoring Russian cyber threats. Broadcom patches zero-days that can lead to VM escape. Google patches 43 Bugs, including two sneaky zero-days. CISA flags vulnerabilities exploited in the wild. Palau's health ministry recovers from ransomware attack. Lost and found or lost and leaked? On this week's Threat Vector segment, David Moulton previews an episode with Hollie Hennessy on IoT cybersecurity risk mitigation and next weeks special International Women's Day episode featuring trailblazing women from Palo Alto Networks sharing their cybersecurity journeys and leadership insights. And is that really you? Remember to leave us a 5-star rating...
Is it cyber peace or just a buffer?
Cyber Command ordered to halt offensive operations against Russia during Ukraine negotiations. Ransomware actors exploit Paragon Partition Manager vulnerability. Amnesty International publishes analysis of Cellebrite exploit chain. California orders data broker to shut down for violating the Delete Act. On our Afternoon Cyber Tea segment with host Ann Johnson of Microsoft Security, Ann speaks with Igor Tsyganskiy, Microsoft's Global Chief Information Security Officer, about "The Power of Partnership in Cyber Defense." And its the end of an era. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence...
Taree Reardon: A voice for women in cyber. [Career Notes]
Senior Threat Analyst and Shift Lead for VMware Taree Reardon shares her journey to becoming leader for women in the cybersecurity field.A big gamer who has always been interested in hacking and forensics, Taree found her passion while learning about cybersecurity. She's dedicated to diversity and inclusion and found her footing on a team made up of 50% women. Taree spends her days tracking and blocking attacks and as a champion for women. Trusting yourself is top on her list of advice. We thank Taree for sharing her story.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Caught in the contagious interview. [Research Saturday]
This week we are joined by Phil Stokes, threat researcher at SentinelOne's SentinelLabs, discussing their work on "macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed." Apple recently pushed an update to its XProtect tool, blocking several variants of the DPRK-linked Ferret malware family, which targets victims through the "Contagious Interview" campaign. The malware uses fake job interview processes to trick users into installing malicious software, and new variants, including FlexibleFerret, remain undetected by XProtect. SentinelOne's research reveals a deeper investigation into this malware, which uses social engineering to expand its attack vectors, including targeting developers through platforms like...
Pay the ransom or risk data carnage.
Qilin ransomware gang claims responsibility for attack against Lee Enterprises. Thai police arrest suspected hacker behind more than 90 data leaks. JavaGhost uses compromised AWS environments to launch phishing campaigns. LotusBlossum cyberespionage campaigns target Southeast Asia. Malware abuses Microsoft dev tunnels for C2 communication. Protecting the food supply. Todays guest is Keith Mularski, Chief Global Ambassador at Qintel and former FBI Special Agent, discussing crypto being the target of the cyber underground. And an interview with Iron Man? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence...
The masterminds behind a $1.5 billion heist.
FBI attributes $1.5 billion Bybit hack to DPRK hackers. Cellebrite suspends services in Serbia following allegations of misuse. A Belgium spy agency is hacked. New groups, bigger attacks. Sticky Werewolf strikes again. US DNI orders legal review of UK's request for iCloud backdoor. A cybersecurity veteran takes CISAs lead. DOGE accesses sensitive HUD data. Cleveland Municipal Court remains closed following cyber incident. Our guest today is an excerpt from our Caveat podcast. Adam Marr, Arctic Wolf CISO and former FBI special agent, joins Dave to discuss banning TikTok and increasing regulations for social media companies. And can hacking be treason?...
Live from Orlando, it's Hacking Humans! [Hacking Humans]
In this special live episode of Hacking Humans, recorded at ThreatLockers Zero Trust World 2025 conference in Orlando, Florida, Dave Bittner is joined by T-Minus host Maria Varmazis. Together, they explore the latest in social engineering scams, phishing schemes, and cybercriminal exploits making headlines. Their guest, Seamus Lennon, ThreatLockers VP of Operations for EMEA, shares insights on Zero Trust security and the evolving threat landscape. Maria's story this week follows the IRS warning about a fake Self Employment Tax Credit scam on social media, urging taxpayers to ignore misinformation and consult professionals. Dave's got the story of the Better Business...
Hacked in plain sight.
A major employee screening provider discloses a data breach affecting over 3.3 million people. Signal considers exiting Sweden over a proposed law that would give police access to encrypted messages. House Democrats call out DOGEs negligent cybersecurity practices. Critical vulnerabilities in Rsync allow attackers to execute remote code. A class action lawsuit claims Amazon violates Washington States privacy laws. CISA warns that attackers are exploiting Microsofts Partner Center platform. A researcher discovers a critical remote code execution vulnerability in MITREs Caldera security training platform. An analysis of CISAs JCDC AI Cybersecurity Collaboration Playbook. Ben Yelin explains Apple pulling iCloud end-to-end...
Orange you glad you didn't fall for this?
A hacker claims to have stolen internal documents from a major French telecommunications company. A security breach hits Russias financial sector. Cyberattacks targeting ICS and OT surged dramatically last year. Chinese group Silver Fox is spoofing medical software. The UK Home Offices new vulnerability reporting policy risks prosecuting ethical hackers. Ransomware actors are shifting away from encryption. A sophisticated macOS malware campaign is distributing Poseidon Stealer. The LightSpy surveillance framework evolves into a cross-platform espionage tool. A Chinese botnet is targeting Microsoft 365 accounts using password spraying attacks. Our guest today is Lauren Buitta, Founder and CEO at Girl Security,...
Can the U.S. keep up in cyberspace?
Retired Gen. Paul Nakasone warns the U.S. is falling behind in cyberspace. Australia orders government entities to remove and ban Kaspersky products. FatalRAT targets industrial organizations in the APAC region. A major cryptocurrency exchange reports the theft of $1.5 billion in digital assets. Apple removes end-to-end encryption (E2EE) for iCloud in the UK. Researchers uncover a LockBit ransomware attack exploiting a Windows Confluence server. Researchers uncover zero-day vulnerabilities in a widely used cloud logging utility.A PayPal email scam is tricking users into calling scammers. Republican leaders in the House request public input on national data privacy standards. A Michigan man...
Please enjoy this encore of Career Notes. Senior technical project manager Dwayne Price takes us on his career journey from databases to project management.Always fascinated with technology and one who appreciates the aspects of the business side of a computer implementations, Dwayne attended UMBC for both his undergraduate and graduate degrees in information systems management. A strong Unix administration background prepared him to understand the relationship between Unix administration and database security. He recommends those interested in cybersecurity check out the NICE Framework as it speaks to all the various different types of roles in cybersecurity, Dwayne prides himself on...
From small-time scams to billion-dollar threats. [Research Saturday]
This week, we are joined by Selena Larson from Proofpoint, and co-host of the "Only Malware in the Building" podcast, as she discusses the research on "Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk." The cybersecurity industry has historically prioritized Advanced Persistent Threats (APTs) from nation-state actors over cybercrime, but this distinction is outdated as cybercriminals now employ equally sophisticated tactics. Financially motivated threat actors, especially ransomware groups, have evolved to the point where they rival state-backed hackers in technical capability and impact, disrupting businesses, infrastructure, and individuals on a massive scale. To enhance security, defenders must...
The political shake-up at the FBI.
The Senate confirms Kash Patel as FBI director. The SEC rebrands its Crypto Assets and Cyber Unit. Microsoft's quantum chip signals an urgent need for post-quantum security. Chat log leaks reveal the inner workings of BlackBasta. CISA advisories highlight Craft CMS and ICS devices. Researchers release proof-of-concepts for Ivanti Endpoint Manager vulnerabilities. Warby Parker gets a $1.5 million HIPAA fine. Our guest is Steve Schmidt, Amazon CSO, with a behind the scenes look at securing a major event. Researchers explore the massive, mysterious YouTube wormhole. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss...
No rest for the patched.
The CISA and FBI warn that Ghost ransomware has breached organizations in over 70 countries. President Trump announces his pick to lead the DOJs National Security Division. A new ransomware strain targets European healthcare organizations. Researchers uncover four critical vulnerabilities in Ivanti Endpoint Manager. Microsoft has patched a critical improper access control vulnerability in Power Pages. The NSA updates its Ghidra reverse engineering tool. A former U.S. Army soldier admits to leaking private call records. Our guest is Stephen Hilt, senior threat researcher at Trend Micro, sharing the current state of the English cyber underground market. The pentesters breach was...
Pennies for access.
Credential theft puts sensitive corporate and military networks at risk. A federal judge refuses to block DOGE from accessing sensitive federal data. New York-based Insight Partners confirms a cyber-attack. BlackLock ransomware group is on the rise. OpenSSH patches a pair of vulnerabilities. Russian threat actors are exploiting Signals Linked Devices feature. Over 12,000 GFI KerioControl firewalls remain exposed to a critical remote code execution (RCE) vulnerability.CISA issued two ICS security advisories. Federal contractors pay $11 million in cybersecurity noncompliance fines. In our CertByte segment, Chris Hare is joined by Steven Burnley to break down a question targeting the ISC2 SSCP...
PAN-ic mode: The race to secure PAN-OS.
Palo Alto Networks confirms a recently patched firewall vulnerability is being actively exploited. CISA warns of an actively exploited iOS vulnerability. Juniper Networks has issued a critical security advisory for an API authentication bypass vulnerability. The acting commissioner of the Social Security Administration (SSA) resigns after Elon Musks team sought access to sensitive personal data of millions of Americans. The EagerBee malware framework is actively targeting government agencies and ISPs across the Middle East. Proofpoint researchers document a new macOS infostealer. A new phishing kit uses timesheet notification emails to steal credentials and two-factor authentication codes. JPMorgan Chase will begin...
LIVE! From Philly [Threat Vector]
While we are taking a publishing break to observe Washington's Birthday here in the United States, enjoy this primer on how to create a podcast from our partners at Palo Alto Networks direct from the CyberMarketingCon 2024. Podcasts have become vital tools for sharing knowledge and insights, particularly in technical fields like cybersecurity. "Threat Vector," led by David Moulton, serves as an essential guide through the complex landscape of cyber threats, offering expert interviews and in-depth analysis. In this session, David will discuss the process behind creating "Threat Vector," highlighting the challenges and rewards of developing a podcast that resonates...
Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]
Please enjoy this encore of Career Notes. Senior Program Manager for Governance, Risk and Compliance at Illumio, Maria Thompson-Saeb shares experiences that led to her career in cybersecurity. Interested in computers and not a fan of math, Maria opted for information systems management rather than computer science. She started her career as a government contractor. Once in the private sector, Maria moved into the Unix and Linux environments where she says "something that would totally change everything." She gained an interest in security and took it upon herself to train up and move into that realm. Maria notes it was...
Bot or not? The fake CAPTCHA trick spreading Lumma malware. [Research Saturday}
Nati Tal, Head of Guardio Labs, discussestheir work on "DeceptionAds Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising." Guardio has uncovered a large-scale malvertising campaign dubbed DeceptionAds, which tricks users into running a malicious PowerShell command under the guise of proving theyre human. This fake CAPTCHA scheme delivers Lumma info-stealer malware while bypassing security measures like Googles Safe Browsing. Even after disclosure and takedown efforts, the campaign resurfacedraising concerns about the effectiveness of existing defenses against ad-driven cyber threats. The research can be found here: DeceptionAds Fake Captcha Driving Infostealer Infections and a...
AIs blind spots need human eyes.
Nakasone addresses AI at the Munich Cyber Security Conference. Court documents reveal the degree to which DOGE actually has access. Dutch police dismantle a bulletproof hosting operation. German officials investigate Apples App Tracking. Hackers exploited security flaws in BeyondTrust. CISA issues 20 new ICS advisories. The new Astoroth phishing kit bypasses 2FA. Hackers waste no time exploiting a SonicWall proof-of-concept vulnerability. Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. Have I Been Pwned ponders whether resellers are worth the trouble. Remember to...
Salt in the wound.
Salt Typhoon is still at it. Russian cyber-actor Seashell Blizzard expands its reach. The EFF sues DOGE to protect federal workers data. House Republicans pursue a comprehensive data privacy bill. Fortinet patches a critical vulnerability. Google views cybercrime as a national security threat. Palo Alto Networks issues 10 new security advisories. Symantec suspects a Chinese APT sidehustle. Guest Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware. A massive IoT data breach exposes 2.7 billion records. Here come the AI agents. Remember to leave us a 5-star rating and review...
DOGEgeddon: The cyber crisis hiding in plain sight.
Is DOGE a cyberattack against America? The White House plans to nominate a new national cyber director. Patch Tuesday updates. Ivanti discloses a critical stack-based buffer overflow vulnerability. The GAO identifies cybersecurity gaps in the U.S. Coast Guards efforts to secure the Maritime Transportation System. An Arizona woman pleads guilty to running a laptop farm for North Korea. A notorious swatter gets a prison sentence. Our guests are Gianna Whitver and Maria Velasquez, co-hosts of the Breaking Through in Cybersecurity Marketing podcast. Plague-themed phishing tests take it too far. Remember to leave us a 5-star rating and review in your...
Apples race to secure your iPhone.
Apple releases emergency security updates to patch a zero-day vulnerability. CISA places election security workers on leave. Elon Musk leads a group of investors making an unsolicited bid to acquire OpenAI. The man accused of hacking the SECs XTwitter account pleads guilty. Law enforcement seizes the leak site of the 8Base ransomware gang. Researchers track a massive increase in brute-force attacks targeting edge devices. Experts question the U.K. governments demand for an encryption backdoor in Apple devices. Todays guest is John Fokker, Head of Threat Intelligence at Trellix, joining us to discuss their work on "Blurring the Lines: How Nation-States...
Read all about itor maybe not.
A cyberattack disrupts newspaper publishing. A major AI summit takes place in Paris this week. A federal judge restricts DOGE from accessing Treasury Department systems. Cybersecurity cooperation between Canada and the U.S. remains strong. The Kraken ransomware group leaks credentials allegedly linked to Cisco. Europol urges banks to start preparing for quantum-safe cryptography. Microsoft expands its Copilot bug bounty program. The PlayStation Network (PSN) experienced a major outage over the weekend. Indiana man sentenced to 20 years for $37m cryptocurrency fraud. Our guest is Mike Woodard, VP of Product Management for App Security at Digital.ai, sharing strategies to minimize risk...
Avi Shua: Try to do things by yourself. [CEO] [Career Notes]
Please enjoy this encore of Career Notes. CEO and co-founder of Orca Security Avi Shua shares his thoughts on ways to succeed in cybersecurity.Avi's excitement about cybersecurity began when he was 13 as he tried to think of ways to get around the school's network security. He joined the Israeli Army's Intelligence Unit 8200 and experienced some unique cybersecurity training programs that he would eventually come to teach. Learning to solve problems on your own is a skill Avi acquired and took into his professional career. In his current position, Avi works to advance Orca's mission. He loves that his...
Cleos trojan horse. [Research Saturday]
Mark Manglicmot, SVP of Security Services from Arctic Wolf, is sharing their research on "Cleopatras Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software." Arctic Wolf Labs discovered an ongoing exploitation campaign targeting Cleo Managed File Transfer (MFT) products, beginning on December 7, 2024. Threat actors used a malicious PowerShell stager to deploy a Java-based backdoor, dubbed Cleopatra, which features in-memory file storage and cross-platform compatibility across Windows and Linux. Despite Cleo's previous patch for CVE-2024-50623, attackers appear to have leveraged an alternative access method, exploiting the software's autorun feature to execute payloads...
DOGE-eat-DOGE world.
Security concerns grow over DOGEs use of AI. The British government demands access to encrypted iCloud accounts. Researchers identify critical vulnerabilities in the DeepSeek iOS app. Microsoft Edge uses AI to block scareware. A phishing campaign targets Facebook users with fake copyright infringement notices. Researchers discover malicious machine learning models on Hugging Face. A major data broker faces yet-another data breach lawsuit. CISA warns of a critical Microsoft Outlook vulnerability under active exploitation. Guest John Anthony Smith, Founder and Chief Security Officer at Fenix24, shares insights into why backups are the most important security control. The UKs cyber weather report...
FCC around and find out.
Chaos and security concerns continue in Washington. Spanish authorities arrest a man suspected of hacking NATO, the UN, and the US Army. A major U.S. hiring platform exposes millions of resumes. Another British engineering firm suffers a cyberattack. Cisco patches multiple vulnerabilities. Cybercriminals exploit SVG files in phishing attacks. SparkCat SDK targets cryptocurrency via Android and iOS apps. CISA directs federal agencies to patch a high-severity Linux kernel flaw. Thailand leaves scamming syndicates in the dark. Positive trends in the fight against ransomware. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discusses the evolution of security data lakes...
DOGE days numbered?
The DOGE team faces growing backlash. The Five Eyes release guidance on protecting edge devices. A critical macOS kernel vulnerability allows privilege escalation, memory corruption, and kernel code execution. Google and Mozilla release security updates for Chrome and Firefox. Multiple Veeam backup products are vulnerable to man-in-the-middle attacks. Zyxel suggests you replace those outdated routers. A former Google engineer faces multiple charges for alleged corporate espionage. CISA issues nine new advisories for ICS vulnerabilities. A house Republican introduces a cybersecurity workforce scholarship bill. On our CertByte segment, a look at ISC2s CISSP exam. Google updates its stance on AI weapons....
A wolf in DOGEs clothing?
DOGEs unchecked access to federal networks sparks major cybersecurity fears. Senator Hawleys AI ban targets China and raises free speech concerns. Apple service ticket portal vulnerability exposed millions of users data. North Korean FlexibleFerret malware targets macos via job scams and fake zoom apps. February 2025 android security update fixes 48 vulnerabilities, including exploited zero-day. Grubhub data breach exposes customer and driver information. Abandoned cloud infrastructure creates major security risks. Texas to launch its own Cyber Command amid rising cyber threats. Dell PowerProtect vulnerabilities pose critical security risks. On our Threat Vector segment, David Moulton and his guests look at...
Federal agencies in power struggle crossfire.
Federal agencies become battlegrounds in an unprecedented power struggle. XE Group evolves from credit-card skimming to exploiting zero-day vulnerabilities. WhatsApp uncovers a zero-click spyware attack linked to an Israeli firm.Texas expands its ban on Chinese-backed AI and social media apps. Data breaches expose the personal and medical information of over a million people.NVIDIA patches multiple critical vulnerabilities. Arm discloses critical vulnerabilities affecting its Mali GPU Kernel Drivers and firmware. The UK government aims to set the global standard for securing AI. Tim Starks from CyberScoop has the latest from Senate confirmation hearings. The National Cryptologic Museum rights a wrong. Remember...
Margaret Cunningham: A people scientist with a technology focus. [Behavioral science} [Career Notes]
Please enjoy this encore episode with Principal Research Scientist for Human Behavior at Forcepoint, Margaret Cunningham. She shares her story of how she landed in cybersecurity. With a background in psychology and counseling and not feeling that one-on-one counseling was her thing, Margaret had a transformational moment in her PhD program in applied experimental technology when she realized she could "provide helping services and good work services at a broader scale." Margaret found her professional footing at DHS's Human Systems Integration Branch of Science and Technology Department as the person who figured out how to measure how new technologies impacted...
A Digital Eye on supply-chain-based espionage attacks. [Research Saturday]
This week, Dave Bittner is joined by Juan Andres Guerrero-Saade (JAGS) from SentinelOne's SentinelLabs to discuss the work his team and Tinexta Cyber did on "Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels." Tinexta Cyber and SentinelLabs have been tracking threat activities targeting business-to-business IT service providers in Southern Europe. Based on the malware, infrastructure, techniques used, victimology, and the timing of the activities, we assess that it is highly likely these attacks were conducted by a China-nexus threat actor with cyberespionage motivations. The relationships between European countries and China are complex, characterized...
The end of a cybercrime empire.
Authorities dismantle a Pakistan-based cybercrime network. Lawmakers question the feasibility of establishing a U.S. Cyber Force as a standalone military branch. The DOJ sues to block HPEs acquisition of Juniper Networks. Tangerine Turkey deploys cryptomining malware. Major healthcare providers send breach notifications. Norwegian police seize a Russian-crewed ship suspected of damaging a communications cable. Researchers discover critical vulnerabilities in GitHub Copilot. D-Link patches a critical router vulnerability. CISA and the FDA have warned U.S. healthcare organizations of severe security vulnerabilities in Chinese-made patient monitors. Pauses in funding create confusion for federal cybersecurity vendors. We bid a fond farewell to a...
Cracked and Nulled taken down.
International law enforcement takes down a pair of notorious hacking forums. Wiz discovers an open DeepSeek database. Time Bandit jailbreaks ChatGPT. Ransomware hits one of the largest U.S. blood centers. A cyberattack takes the South African Weather Service offline. Researchers describe a new browser syncjacking attack. TeamViewer patches a high-severity privilege escalation flaw. Over three dozen industry groups urge Congress to pass a national data privacy law. CISA faces an uncertain future. N2Ks Brandon Karpf speaks with Ellen Chang, Vice President Ventures at BMNT and Head of BMNT Ventures. OpenAI Cries Foul After Getting a Taste of Its Own Medicine....
Cats and RATS are all the rage.
Hackers linked to China and Iran are using AI to enhance cyberattacks. An AI-powered messaging tool for Slack and Discord is reportedly leaking user data. British engineering giant Smiths Group suffers a cyberattack. Rockwell Automation details critical and high-severity vulnerabilities. Researchers warn of new side-channel vulnerabilities in Apple CPUs. The Hellcat ransomware gang looks to humiliate its victims. SparkRAT targets macOS users and government entities. Flashpoint looks at FleshStealer malware. Cybercriminals leverage trust in government websites. Our guest is Ivan Novikov, CEO at Wallarm, sharing insights on the recent United States ruling that bars certain Chinese and Russian connected car...
It was DDoS, not us.
DeepSeek blames DDoS for recent outages. Hackers behind last years AT&T data breach targeted members of the Trump family, Kamala Harris, and Marco Rubios wife.The EU sanctions Russians for cyberattacks against Estonia. ENGlobal confirms personal information was taken in last years ransomware attack. CISA issues a critical warning about a SonicWall vulnerability actively exploited. A large-scale phishing campaign exploits users trust in PDF files and the USPS. Apple patches a zero-day affecting many of their products. A ransomware attack on an Ohio-based operator of skilled nursing and rehabilitation facilities affects over 70,000. President Trump has a tumultuous first week back...
China's chatbot sends tech stocks into tailspin.
Chinese AI startup DeepSeek shakes up the market. Trump freezes cyber diplomacy funding and puts a vital U.S.-EU data-sharing agreement at risk. A trojanized RAT targets script kiddies. U.K. telecom giant TalkTalk investigates a data breach. Researchers uncover a critical flaw in Metas Llama Stack AI framework. Attackers leverage hidden text salting in emails. The FlowerStorm phishing framework targets multiple brands to steal customer credentials. A critical zero-day hits SonicWall VPN appliances. Swedish authorities seized a cargo ship suspected of damaging a key fiber optic cable. Freezing out crypto-kidnappers. Our guest is Jon Miller, CEO and Co-founder from Halcyon, sharing...
Dave Farrow: The guy that enabled the business. [Security leadership] [Career Notes]
Please enjoy this encore episode with VP of Information Security at Barracuda Dave Farrow, and how he shares how a teenage surfer fell in love with software development and made his way in the cybersecurity field. Dave chose to study electrical engineering in college because he wanted to learn something that didn't make sense to him. He says he's done things in his career that he said he'd never do: for example, he went into and fell in love with software development. Taking on leadership of a bug bounty program at Barracuda blossomed into the creation of an internal security...
LightSpy's dark evolution. [Research Saturday]
This week, we are joined by Ismael Valenzuela, VP of Threat Research & Intelligence, and Jacob Faires, Principal Threat Researcher, from Blackberry discussing the team's work on "LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign." In April 2024, BlackBerry uncovered a significant evolution of the LightSpy malware campaign, attributed to Chinese cyber-espionage group APT41. The newly introduced DeepData framework, a modular Windows-based surveillance tool, expands data theft capabilities with 12 specialized plugins for tasks like communication surveillance, credential theft, and system intelligence gathering. The campaign targets a wide range of communication platforms, including WhatsApp, Signal, and...
The end of warrantless searches?
A federal court finds the FBIs warrantless section 702 searches unconstitutional. The DOJ charges five in a fake IT worker scheme. The Texas Attorney General expands his investigation into automakers data sharing. CISA highlights vulnerabilities in the aircraft collision avoidance system. Estonia will host Europe's new space cybersecurity testing ground. Hackers use hardware breakpoints to evade EDR detection. Subarus Starlink connected vehicle service exposed sensitive customer and vehicle data. Asian nations claim progress against criminal cyber-scam camps. Our guest today is Dr. Chris Pierson, Founder and CEO of BlackCloak, with his outlook on 2025. Sticking AI crawlers in the tar...
A warning from the cloud.
CISA and FBI detail exploit chains used by Chinese hackers to compromise Ivanti Cloud Service Appliances. Energy systems in Central Europe use unencrypted radio signals. A critical SonicWall vulnerability is under active exploitation. The Nnice ransomware strain isnt. Cisco discloses a critical vulnerability in its Meeting Management tool. GhostGPT is a new malicious generative AI chatbot. ClamAV patches critical vulnerabilities in the open-source anti-virus engine. A new report questions the effectiveness of paying ransomware demands. DOGE piggybacks on the United States Digital Service. On our Industry Voices segment, we are joined by Joe Gillespie, Senior Vice President at Booz Allen,...
The uncertain future of cyber safety oversight.
The latest cyber moves from the Trump White House. Pompompurin faces resentencing. An attack on a government IT contractor impacts Medicaid, child support, and food assistance programs. Helldown ransomware targets unpatched Zyxel firewalls. Murdoc is a new Mirai botnet variant. Cloudflare maps the DDoS landscape. North Koreas Lazarus group uses fake job interviews to deploy malware. Hackers are abusing Google ads to spread AmosStealer malware. Pwn2Own Automotive awards over $382,000 on its first day. In our CertByte segment, Chris Hare and Steven Burnley take on a question from N2Ks Agile Certified Practitioner (PMI-ACP) Practice Test. NYC Restaurant week tries to...
Trumps opening moves.
President Trump rolls back AI regulations and throws TikTok a lifeline. Attackers pose as Ukraines CERT-UA tech support. A critical vulnerability is found in the Brave browser. Sophos observes hacking groups abusing Microsoft 365 services and exploiting default Microsoft Teams settings. Researchers uncover critical flaws in tunneling protocols. A breach exposes personal information of thousands of students and educators. Oracle patches 320 security vulnerabilities. Kaspersky reveals over a dozen vulnerabilities in a Mercedes-Benz infotainment system. Tim Starks from CyberScoop discusses executive orders on cybersecurity and the future of CISA. We preview coming episodes of Threat Vector. Honesty isnt always the...
AWS in Orbit: Data Automation and Space Domain Awareness with Kayhan Space. [AWS in Orbit]
You can learn more about AWS in Orbit at space.n2k.com/aws. Our guests today are Araz Feyzi, Co-founder and CTO at Kayhan Space and Tim Sills, Lead Security Solutions Architect at AWS for Aerospace and Satellite. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS Aerospace and Satellite Audience Survey We want to hear from you! Please complete our short survey. Itll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show?...
Baan Alsinawi: Trust ourselves and be courageous. [Compliance] [Career Notes]
Please enjoy this encore of the Managing Director at Cerberus Sentinel, Chief Compliance Officer and the President of TalaTek, Baan Alsinawi as she shares her cybersecurity journey from a teenager who wanted to understand computers and held several positions in IT from help desk to systems engineering and cybersecurity. Founding her own business focusing on compliance, Baan says she spends maybe only 20% of her day on technical tasks and that there is always so more to do. Finding the right people for her team is a marker of success for Baan. She talks of the importance of sharing the...
A cute cover for a dangerous vulnerability. [Research Saturday]
Nati Tal, Head of Guardio Labs, sits down to share their work on CrossBarking Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack. Guardio Labs has uncovered a critical vulnerability in the Opera browser, enabling malicious extensions to exploit Private APIs for actions like screen capturing, browser setting changes, and account hijacking. Highlighting the ease of bypassing extension store security, researchers demonstrated how a puppy-themed extension exploiting this flaw could infiltrate both Chrome and Opera's extension stores, potentially reaching millions of users. This case underscores the delicate balance between enhancing browser productivity and ensuring robust security measures, revealing...
Hacking the bureau.
The FBI warns agents of hacked call and text logs. The US Treasury sanctions entities tied to North Koreas fake IT worker operations. Russian hacking group Star Blizzard attempted to infiltrate WhatsApp accounts of nonprofits supporting Ukraine. Yubico discloses a critical vulnerability in its Pluggable Authentication Module)software. Google releases an open-source library for software composition analysis. CISA hopes to close the software understanding gap. Pumakit targets critical infrastructure. Simplehelp patches multiple flaws in their remote access software. The FTC bans GM from selling driver data. HHS outlines their efforts to protect hospitals and healthcare. Our guest Maria Tranquilli, Executive Director...
Bolstering the digital shield.
President Biden issues a comprehensive cybersecurity executive order. Updates on Silk Typhoons US Treasury breach. A Chinese telecom hardware firm is under FBI investigation. A critical vulnerability has been found in the UEFI Secure Boot mechanism. California-based cannabis brand Stiiizy suffers a data breach. North Koreas Lazarus Group lures freelance developers. The FTC highlights major security failures at web hosting giant GoDaddy. Veeam patches a critical vulnerability in their Backup for Microsoft Azure product. Hackers leak sensitive data from over 15,000 Fortinet firewalls. Our guest today is Oren Koren, Veriti's Co-founder and CPO, sharing insights about the state of healthcare...
Massive malware cleanup.
The FBI deletes PlugX malware from thousands of U.S. computers. Researchers uncover vulnerabilities in Windows 11 allowing attackers to bypass protections and execute code at the kernel level. A look at (a busy) Patch Tuesday. Researchers uncovered six critical vulnerabilities in a popular Linux file transfer tool. Texas sues Allstate for allegedly collecting, using, and selling driving data without proper consent. An executive order enables AI developers to build data centers on federal lands. On our Industry Voices segment, we are joined by Mike Hamilton, Chief Information Officer at Cloudflare, discussing how tech sprawl emulates the snake game. Meta profits...
National security in the digital age.
A draft cybersecurity executive order from the Biden administration seeks to bolster defenses. Researchers identify a mass exploitation campaign targeting Fortinet firewalls. A Chinese-language illicit online marketplace is growing at an alarming rate. CISA urges patching of a second BeyondTrust vulnerability. The UK proposes banning ransomware payments by public sector and critical infrastructure organizations. A critical flaw in Googles authentication flow exposes millions to unauthorized access.OWASP releases its first Non-Human Identities (NHI) Top 10. A Microsoft lawsuit targets individuals accused of bypassing safety controls in its Azure OpenAI tools. Our guest is Chris Pierson, Founder and CEO of BlackCloak, discussing...
Multi-factor frustration.
An MFA outage affects Microsoft 365 Office apps. The Biden administration introduces new export controls to block adversaries from accessing advanced AI chips. A Dutch university cancels lectures after a cyberattack. Three Russian nationals have been indicted for operating cryptocurrency mixers. Juniper Networks releases security updates for Junos OS. Spains largest telecommunications company confirms a data breach. The Banshee infostealer leverages a stolen Apple encryption algorithm. Researchers uncover a novel ransomware campaign targeting Amazon S3 buckets. A major data broker suffers a major data breach. Our guest Philippe Humeau, CEO and Founder of CrowdSec, shares the biggest issues currently facing...
The hidden cost of data hoarding. [Research Saturday]
This week, we are joined by Kyla Cardona and Aurora Johnson from SpyCloud discussing their research "Chinas Surveillance State Is Selling Citizen Data as a Side Hustle." Chinese technology companies, under CCP mandate, collect vast amounts of data on citizens, creating opportunities for corrupt insiders to steal and resell this information on dark markets. These stolen datasets, aggregated into "Social Work Libraries" (SGKs), mirror lower-tech versions of CCP internal security databases. Kyla and Aurora discuss how Chinese cybercriminals use these SGKs and their implications compared to Western, European, and Russian cybercrime ecosystems. With expertise in Chinese OSINT and cybersecurity policy,...
Michael Bishop Jr.: Good, bad or indifferent. [Security] [Career Notes]
Please enjoy this encore episode, where we are joined by Senior Security Officer at Centers for Medicare and Medicaid Services Michael Bishop Jr. as he shares his journey from Army infantryman deployed to Iraq to working in cybersecurity. After 12 years in the U.S. Army, Mike found himself in a rough spot. Looking for work and having some personal challenges, Mike's mentor, an Army officer he met while enlisted, recognized Mike's struggles and helped to nudge him toward cybersecurity. Mike credits his mentor with helping him transition to where he is today. Undergoing training for cybersecurity, he was tested in...
When retaliation turns digital.
New details emerge about Chinese hackers breaching the US Treasury Department. The Supreme Court considers the TikTok ban. Chinese hackers exploit a zero-day flaw in Ivanti Connect Secure VPN. A new credit card skimmer malware targets WordPress checkout pages. The Banshee macOS info-stealer has been updated. A California health services organization reports a data breach. A Florida firm pays a $337,750 HIPAA settlement following a 2018 breach. Samsung patches Android devices. A Proton Mail outage hits users worldwide. A popular e-card site recovers from malware. CertByte segment host Chris Hare interviews our guest Casey Marks, ISC2's Chief Qualifications Officer, about...
Bidens final cyber order tackles digital weaknesses.
The Biden administration is finalizing an executive order to bolster U.S. cybersecurity. Ivanti releases emergency updates to address a critical zero-day vulnerability. A critical vulnerability is discovered in Kerio Control firewall software. Palo Alto Networks patches multiple vulnerabilities in its retired migration tool. Fake exploits for Microsoft vulnerabilities lure security researchers. A medical billing company data breach affects over 360,000. A cyberattack disrupts the city of Winston-Salem. CrowdStrike identifies a phishing campaign exploiting its recruitment branding. Our guest is Danny Allen, CTO from Snyk, sharing how a balanced approach between AI and human oversight can strengthen cybersecurity. The worst of...
A new Mirai-based botnet.
Researchers ID a new Mirai-based botnet. Android devices get their first round of updates for the new year. Criminals exploit legitimate Apple and Google services in sophisticated voice phishing attacks. Japan attributes over 200 cyberattacks to the Chinese hacking group MirrorFace. A PayPal phishing scam exploits legitimate platform functionality. SonicWall addresses critical vulnerabilities in its SonicOS software. CISA warns of active exploitation of vulnerabilities in Mitel MiCollab. A new government backed labelling program hopes to help consumers choose more secure devices. On todays CertByte segment, Chris Hare and Steven Burnley unpack a question from N2Ks ISC2 Certified in Cyber Security...
U.S. sanctions spark cyber showdown with China.
China criticizes U.S. sanctions. School districts face cyberattacks over the holiday season. The U.N.s International Civil Aviation Organization (ICAO) is investigating a potential data breach. Eagerbee malware targets government organizations and ISPs in the Middle East. A major New York medical center notifies 674,000 individuals of a data breach. Hackers infiltrate Argentinas Airport Security Police (PSA) payroll system. An industrial networking firm identifies critical vulnerabilities in its cellular routers, secure routers, and network security appliances. Phishing click rates among enterprise users surged in 2024. A California man is suing three banks for allegedly enabling criminals to steal nearly $1 million...
Chinas shadow over U.S. telecom networks.
New reports shed light on both Volt and Salt Typhoons. Tenable updates faulty Nessus Agents and resumes plugin updates. A new infostealer campaign targets gamers on Discord. A fake version of a popular browser extension has been discovered stealing login credentials and conducting phishing attacks. ESET warns Windows 10 users of a potential security fiasco. A vulnerability in Nuclei allows attackers to bypass template signature verification and inject malicious code. An Indiana dental practice pays a $350,000 settlement over an alleged ransomware coverup. Tim Starks, Senior Reporter from CyberScoop, joins us today to discuss a new United Nations cybercrime treaty...
Dominique West: Security found me. [Strategy] [Career Notes]
Technical account manager Dominique West takes us on her career journey from engineering to cybersecurity.Even though her undergraduate degree was in information systems, Dominique did not learn about cybersecurity until she personally experienced credit card fraud. She had a range of positions from working the help desk in an art museum to vulnerability management and cloud security. Dominique mentions remembering feeling isolated as the only black person and one of few women in many situations. These experiences spurred her into action to create Security in Color to help others navigate their way into cybersecurity and share resources are available to...
Crypto client or cyber trap? [Research Saturday]
Karlo Zanki, Reverse Engineer at ReversingLabs, discussing their work on "Malicious PyPI crypto pay package aiocpa implants infostealer code." ReversingLabs' machine learning-based threat hunting system identified a malicious PyPI package, aiocpa, designed to exfiltrate cryptocurrency wallet information. Unlike typical attacks involving typosquatting, the attackers published a seemingly legitimate crypto client tool to build trust before introducing malicious updates. ReversingLabs used its Spectra Assure platform to detect behavioral anomalies and worked with PyPI to remove the package, highlighting the growing need for advanced supply chain security tools to counter increasingly sophisticated threats. The research can be found here: Malicious PyPI crypto...
AI-powered propaganda.
The U.S. sanctions Russian and Iranian groups over election misinformation. Apple settles a class action lawsuit over Siri privacy allegations. DoubleClickjacking exploits a timing vulnerability in browser behavior. FireScam targets sensitive info on Android devices. ASUS issues a critical security advisory for several router models. A former crypto boss faces extradition amidst allegations of defrauding investors out of more than $40 billion. HHS unveils proposed updates to HIPAA. Millions of email servers have yet to enable encryption. Our guest is Joe Saunders, Co-Founder & CEO of RunSafe Security discussing the complexities of safeguarding critical infrastructure. Using Doom to prove youre...
A breach in the U.S. Treasury.
Chinese hackers breach the U.S. Treasury Department. At least 35 Chrome extensions are compromised. Federal authorities arrest a U.S. Army soldier over accusations of sensitive data stolen from AT&T and Verizon. A misconfigured Amazon cloud server exposes sensitive data from over 800,000 VW EV owners. Rhode Island confirms a data breach linked to ransomware group Brain Cipher. Ascension healthcare confirms the exposure of the personal and medical data of 5.6 million customers. A recent patch to Windows BitLocker encryption proves inadequate. A suspected Chinese hacking campaign is exploiting a vulnerability in Palo Alto firewalls for espionage. The DOJ bans the...
Scotlands position to lead cyber and space. [Deep Space]
Sharon Lemac-Vincere is an academic that focuses her research on the intersection of space and cyber. She has released a report on space and cybersecurity which outlines how Scotland can lead the way in both industries. You can connect with Sharon on LinkedIn, and read her paper on The Cyber-Safe Gateway : Unlocking Scotland's Space Cybersecurity Potential on this website. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. Itll help...
Disrupting Cracked Cobalt Strike [The Microsoft Threat Intelligence Podcast]
While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show,The Microsoft Threat Intelligence Podcast by Microsoft Threat Intelligence. See you in 2025! On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the collaborative effort between Microsoft and Fortra to combat the illegal use of cracked Cobalt Strike software, which is commonly employed in ransomware attacks. To break down the situation, our host, Sherrod DeGrippo, is joined by Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator with the DCU, and Bob Erdman, Associate VP Research and Development...
Future-proofing finance: FS-ISACs blueprint for cryptographic agility. [Special Edition]
Brandon Karpf sits down with Mike Silverman, Chief Strategy and Innovation Officer at FS-ISAC, to discuss the white paper Building Cryptographic Agility in the Financial Sector.
Authored by experts from FS-ISACs Post-Quantum Cryptography Working Group, the paper addresses the vulnerabilities posed by quantum computing to current cryptographic algorithms. It provides financial institutions with strategies to safeguard sensitive data and maintain trust as these emerging threats evolve.
Discover the challenges and actionable steps to build cryptographic agility in this insightful conversation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Navigating AI Safety and Security Challenges with Yonatan Zunger [The BlueHat Podcast]
While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show,The BlueHat Podcast by Microsoft and MSRC. See you in 2025! Yonatan Zunger, CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He...
Streamlining the US Navy's innovation process: A conversation with Acting CTO Justin Fanelli.
Please enjoy this encore episode of a Special Edition.
N2KsBrandon Karpfspeaks with guestJustin Fanelli, Acting CTO of theUS Navy, about the US Navy streamlining the innovation process. For some background, you can refer to thisarticle.
Additional resources:
PEO Digital Innovation Adoption Kit
Atlantic CouncilsCommission on Defense Innovation Adoption
For industry looking to engage with PEO Digital:Industry Engagement
Learn more about your ad choices. Visit megaphone.fm/adchoices
Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture] [Career Notes]
VP of Global Solutions Architecture at eSentire Tia Hopkins shares her career journey and talks about its beginnings in engineering and pivots into cybersecurity leadership. Tia shares how she liked to take things apart when she was young, including the brand new computer her mother bought her and how she was fascinated by all the pieces of it spread all across her bedroom floor.As she started studying engineering, Tia learned she was more of a technologist than an engineer. Tia got her start in technology without completing her formal education by what she says is "grit and right place, right...
On the prowl for mobile malware. [Research Saturday]
This week, we are joined by Asheer Malhotra and Vitor Ventura from Cisco Talos, and they are discussing "Operation Celestial Force employs mobile and desktop malware to target Indian entities." Cisco Talos revealed Operation Celestial Force, an espionage campaign by the Pakistani threat group "Cosmic Leopard," targeting Indian defense, government, and technology sectors.
Active for at least six years, the operation has recently increased its use of mobile malware and commercial spyware for surveillance.
The research can be found here:
Operation Celestial Force employs mobile and desktop malware to target Indian entities
Learn more about your ad choices. Visit megaphone.fm/adchoices
A cyber carol.
Please enjoy this encore episode of Only Malware in the Building. Welcome in! Youve entered, Only Malware in the Building. Grab your eggnog and don your coziest holiday sweater as we sleuth our way through cyber mysteries with a festive twist! Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather...
Putting a dent in the cybersecurity workforce gap.
Please enjoy this encore episode of Solution Spotlight.
In this special edition of Solution Spotlight, N2K President, Simone Petrella is talking with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding DE&I initiatives.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire: The 12 Days of Malware. [Special edition]
Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game!Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of...
A social engineering carol.
Gather 'round for a holiday treat like no other! In this festive edition of Only Malware in the Building, we present A Social Engineering Carola cunning twist on the classic Dickens tale, penned and created by our very own Dave Bittner. Follow a modern-day Scrooge as they navigate the ghostly consequences of phishing, vishing, and smishing in this holiday cybersecurity fable.
Don't miss the accompanying video, packed with holiday cheer and cyber lessons to keep you safe this season! Check it out now!
Learn more about your ad choices. Visit megaphone.fm/adchoices
Lessons from the Viasat cybersecurity attack. [T-Minus]
Please enjoy this encore of T-Minus Space Daily. A few hours prior to the Russian invasion of Ukraine on February 24, 2022, Russias military intelligence launched a cyberattack against ViaSats KA-SAT satellite network, which was used by the Ukrainian Armed Forces. It prevented them from using satellite communications to respond to the invasion. After the ViaSat hack, numerous cyber operations were conducted against the space sector from both sides of the conflict. What have we learnt from the Viasat attack? Clmence Poirier has written a report on the Viasat cybersecurity attack during the war in Ukraine. Hacking the Cosmos: Cyber...
Decoding XDR: Allie Mellen on Whats Next [Threat Vector]
While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, Threat Vector by Palo Alto Networks. See you in 2025! Announcement: We are pleased to share an exciting announcement about Cortex XDR at the top of our show. You can learn more here. Check out our episode on "Cyber Espionage and Financial Crime: North Koreas Double Threat" with Assaf Dahan, Director of Threat Research at Palo Alto Networks Cortex team. Join host David Moulton on Threat Vector, as he dives deep into the rapidly evolving XDR landscape with Allie Mellen, Principal Analyst...
Court puts the spy in spyware.
A federal judge finds NSO Group liable for hacking WhatsApp. China accuses the U.S. government of cyberattacks. The UKs Operation Destabilise uncovers a vast criminal network. An alleged LockBit developer says he did it for the money. Apache releases a security update for their Tomcat web server. Siemens issues a security advisory for their User Management Component. Italys data protection authority fines OpenAI $15.6 million. Researchers demonstrate a method to bypass the latest Wi-Fi security protocol. Apple sends potential spyware victims to a nonprofit for help. Our guest is Sven Krasser, CrowdStrike's Senior Vice President Data Science and Chief Scientist,...
Jim Zufoletti: Building your experience portfolio. [Entrepreneur] [Career Notes]
CEO and co-founder of SafeGuard Cyber Jim Zufoletti shares his journey starting out as an intrepreneur and transformation into a serial entrepreneur in cybersecurity.Jim shares how he got his feet wet working for others as an intrepreneur and catching the entrepreneurial bug in the mid-90s. He has co-founded a number of companies starting with FreeMarkets, a B2B ecommerce company. After that went public and Jim moved on, he went to business school at the University of Virginia and crossed paths with his future co-founder of SafeGuard Cyber. At UVA, Jim was inspired by a professor who exposed him to the...
Quishing for trouble. [Research Saturday]
Adam Khan, VP of Security Operations at Barracuda, joins to discuss his team's work on "The evolving use of QR codes in phishing attacks." Cybercriminals are evolving phishing tactics by embedding QR codes, or quishing, into PDF documents attached to emails, tricking recipients into scanning them to access malicious websites that steal credentials. Barracuda researchers found over half a million such emails from June to September 2024, with most impersonating brands like Microsoft, DocuSign, and Adobe to exploit urgency and trust. To counter these attacks, businesses should deploy multilayered email security, use AI-powered detection tools, educate employees on QR code...
Ukraines fight to restore critical data.
Russian hackers attack Ukraines state registers. NotLockBit is a new ransomware strain targeting macOS and Windows. Sophos discloses three critical vulnerabilities in its Firewall product. The BadBox botnet infects over 190,000 Android devices. BeyondTrust patches two critical vulnerabilities. Hackers stole $2.2 billion from cryptocurrency platforms in 2024. Officials dismantle a live sports streaming piracy ring. Rockwell Automation patches critical vulnerabilities in a device used for energy control in industrial systems. A new report from Dragos highlights ransomware groups targeting industrial sectors. A Ukrainian national is sentenced to 60 months in prison for distributing the Raccoon Infostealer malware. We bid a...
Breached but not broken.
CISA urges senior government officials to enhance mobile device security. Russian state-sponsored hacker group Sandworm is targeting Ukrainian soldiers. A website bug in GPS tracking firm Hapn is exposing customer information. Multiple critical vulnerabilities have been identified in Sharp branded routers. Irelands Data Protection Commission fines Meta $263 million for alleged GDPR violations. Google releases an urgent Chrome security update to address four high-rated vulnerabilities. Cyberattacks on India-based organizations surged 92% year-over-year. Cybercriminals target Google Calendar to launch phishing attacks. Fortinet patches a critical vulnerability in FortiWLM. Juniper Networks warns of a botnet infection targeting routers with default credentials. Our...
Hacking allegations and antitrust heat.
The U.S. considers a ban on Chinese made routers. More than 200 Cleo managed file-transfer servers remain vulnerable. The Androxgh0st botnet expands. Schneider Electric reports a critical vulnerability in some PLCs. A critical Apache Struts 2 vulnerability is being actively exploited. Malicious campaigns are targeting Chinese-branded IoT devices. A Nebraska-based healthcare insurer discloses a data breach affecting over 225,000 individuals. IntelBroker leaks 2.9GB of data from Ciscos DevHub environment. CISA issues a Binding Operational Directive requiring federal agencies to enhance cloud security. On todays CERTByte segment, Chris Hare and Dan Neville unpack a question targeting the Network+ certification. INTERPOL says,...
The cost of peeking at U.S. traffic.
The Biden administration takes its first step to retaliate against China for the Salt Typhoon cyberattack. The Feds release a draft National Cyber Incident Response Plan. Telecom Namibia suffers a cyberattack. The Australian Information Commissioner has reached a $50 million settlement with Meta over the Cambridge Analytica scandal. CISA releases its 2024 year in review. LastPass hackers nab an additional five millions dollars. Texas Tech University notifies over 1.4 million individuals of a ransomware attack. Researchers discover a new DarkGate RAT attack vector using vishing. A fraudster gets 69 months in prison. On our Threat Vector segment, David Moulton speaks...
Rhode Island cyberattack exposes sensitive data.
A cyberattack in Rhode Island targets those who applied for government assistance programs. U.S. Senators propose a three billion dollar budget item to rip and replace Chinese telecom equipment. The Clop ransomware gang confirms exploiting vulnerabilities in Cleos managed file transfer platforms. A major Southern California healthcare provider suffers a ransomware attack. A leading US auto parts provider discloses a cyberattack on its Canadian business unit.SRP Federal Credit Union notifies over 240,000 individuals of cyberattack. A sophisticated phishing campaign targets YouTube creators. Researchers identify a high-severity vulnerability in Mullvad VPN. A horrific dark web forum moderator gets 30 years in...
Please enjoy this encore episode of Career Notes. Senior security researcher from Secureworks Marcelle Lee shares her career journey into cybersecurity and how she helps solve hard problems in her daily work. Marcelle came into cybersecurity not through any traditional path. She describes her route from a different field and starting in cyber at her local community college through a grant program. Marcelle took full advantage of the opportunities she had and grew her career from there. She recommends finding your specialty, but continue to build other skills. As a woman in the field, she is a strong proponent of...
Watching the watchers. IoT vulnerabilities exposed by AI. [Research Saturday]
This week, we are joined by Andrew Morris, Founder and CTO of GreyNoise, to discusstheir work on "GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI." GreyNoise discovered two critical zero-day vulnerabilities in IoT-connected live streaming cameras, used in sensitive environments like healthcare and industrial operations, by leveraging its AI-powered detection system, Sift. The vulnerabilities, CVE-2024-8956 (insufficient authentication) and CVE-2024-8957 (OS command injection), could allow attackers to take full control of affected devices, manipulate video feeds, or integrate them into botnets for broader attacks. This breakthrough underscores the transformative role of AI in identifying threats...
Hackers in handcuffs.
The U.S. dismantles the Rydox criminal marketplace. File-sharing provider Cleo urges customers to immediately patch a critical vulnerability. A Japanese media giant reportedly paid nearly $3 million to a Russia-linked ransomware group. The largest Bitcoin ATM operator in the U.S. confirms a data breach. Microsoft quietly patches two potentially critical vulnerabilities. Researchers at Claroty describe a malware tool used by nation-state actors to target critical IoT and OT systems. Dell releases patches for a pair of critical vulnerabilities. A federal court indicts 14 North Korean nationals for a scheme funding North Koreas weapons programs. Texas accuses a data broker of...
When AI goes offline.
ChatGPT and Meta face widespread outages. Trump advisors explore splitting NSA and CyberCom leadership roles. A critical vulnerability in Apache Struts 2 has been disclosed. AuthQuake allowed attackers to bypass Microsoft MFA protections. Researchers identify Nova, a sophisticated variant of the Snake Keylogger malware. Adobe addresses critical vulnerabilities across their product line. Chinese law enforcement has been using spyware to collect data from Android devices since 2017. A new report highlights the gaps in hardware and firmware security management. A Krispy Kreme cyberattack creates a sticky situation. N2Ks Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and...
When exploits go wild and patches race the clock.
Microsoft confirms a critical Windows zero-day vulnerability. Global law enforcement agencies dismantle 27 DDoS platforms. Researchers compromise memory in AMD virtual machines. Ivanti reports multiple critical vulnerabilities in its Cloud Services Application. Group-IB researchers expose a sophisticated global phishing campaign. A zero-day vulnerability in Cleos managed file transfer software is under active exploitation. The U.S. sanctions a Chinese firm for a 2020 firewall exploit. Congress looks to require the FCC to regulate telecom cybersecurity. Our guest is Malachi Walker, Security Strategist at DomainTools, discussing their role in ODNI's newly established Sentinel Horizon Program. SpartanWarriorz dodge a Telegram crackdown. Remember to...
Buckets of trouble.
Researchers uncover a large-scale hacking operation tied to the infamous ShinyHunters. A Dell Power Manager vulnerability lets attackers execute malicious code. TikTok requests a federal court injunction to delay a U.S. ban. Radiant Capital attributed a $50 million cryptocurrency heist to North Korea. Japanese firms report ransomware attacks affecting their U.S. subsidiaries. WhatsApps ViewOnce feature faces continued scrutiny. SpyLoan malware targets Android users through deceptive loan apps. A major Romanian electricity distributor is investigating an ongoing ransomware attack. A critical flaw in OpenWrt Sysupgrade has been fixed. Contenders for top cyber roles in the next Trump administration visit Mar-a-Lago. On...
Router security in jeopardy.
A critical zero-day is confirmed by a Japanese router maker. Romania annuls the first round of its 2024 presidential election over concerns of Russian interference. A sophisticated malware campaign targets macOS users. Mandiant uncovers a method to bypass browser isolation using QR codes. Belgian and Dutch authorities arrest eight individuals linked to online fraud schemes. A medical device company discloses a ransomware attack. A community hospital in Massachusetts confirms a ransomware attack affecting over three hundred thousand. The Termite ransomware gang claims responsibility for the attack on Blue Yonder. Synology patches multiple vulnerabilities in its Router Manager (SRM) software. The...
Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]
CEO and Founder of Votiro Aviv Grafi shares his story from serving as a member of the IDF's intelligence forces to leading his own venture. Aviv says his service in the IDF shaped a lot of his thinking and problem solving. Following his military service, Aviv worked to gain more real world and business experience. Starting his own business as a pentester was where the seeds for what would become Votiro would form. Aviv talks about the roller coaster that you experience when starting your own venture and offers some advice. And, we thank Aviv for sharing his story with...
Digital Mindhunters: a novel look at cybersecurity and artificial intelligence. [Special Edition]
In this special edition podcast, N2K's Executive Editor Brandon Karpf talks with author, CEO and cybersecurity advisor Dr. Bilyana Lilly about her new novel "Digital Mindhunters." Book Overview In a high-stakes game of espionage and deception, a female analyst uncovers Russia's plot to wield artificial intelligence, espionage, and disinformation as weapons of chaos against the United States. As she races against time to thwart an assassination plot, she finds herself entangled in a web of international intrigue and discovers a parallel threat from a Chinese spy network aiming to steal data, manipulate American voters, and harness technology to dismantle the...
The JPHP loader breaking away from the pack. [Research Saturday]
Shawn Kanady, Global Director of Trustwave SpiderLabs, to discuss their work on "Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader." Trustwave SpiderLabs has uncovered Pronsis Loader, a new malware variant using the rare programming language JPHP and stealthy installation tactics to evade detection.
The malware is capable of delivering high-risk payloads like Lumma Stealer and Latrodectus, posing a significant threat. Researchers highlight its unique capabilities and infrastructure, offering insights for bolstering cybersecurity defenses.
The research can be found here:
Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader
Learn more about your ad choices. Visit megaphone.fm/adchoices
The NTLM bug that sees and steals.
Researchers uncover a critical Windows zero-day. An alleged Ukrainian cyberattack targets one of Russias largest banks. Russian group BlueAlpha exploits CloudFlare services. Microsoft flags Chinese hacking group Storm-0227 for targeting critical infrastructure and U.S. government agencies. SonicWall patches high-severity vulnerabilities in its secure access gateway. Atrium Health reports a data breach affecting over half a million individuals. Rockwell Automation discloses four critical vulnerabilities in its Arena software. U.S. authorities arrest an alleged member of the Scattered Spider gang. Our guest is Hugh Thompson, RSAC program committee chair, discussing the 2025 Innovation Sandbox Contest and its new investment component. C3PO gets...
Dismantling the Manson cybercrime market.
Europol dismantles the Manson cybercrime market. Operation Destabilise stops two major Russian-speaking money laundering networks. New details emerge on Chinas attacks on U.S. telecoms. Black Lotus Labs uncovers a covert campaign by the Russian-based threat actor Secret Blizzard. Cisco issues patches for a high impact bootloader vulnerability. Trend Micro researchers uncovered Earth Minotaur targeting Tibetan and Uyghur communities. Payroll Pirates target HR payroll systems to redirect employee funds .Pegasus spyware may be more prevalent than previously believed. Our guest today is Jon France, CISO at ISC2, with insights from the ISC2 2024 Workforce Study. How businesses can lose customers one...
The end of MATRIX.
International law enforcement takes down the MATRIX messaging platform. SailPoint discloses a critical vulnerability in its IdentityIQ platform. A Solana library has been backdoored. SolarWinds discloses a critical vulnerability in its Platform product. Researchers identify 16 zero-day vulnerabilities in Fuji Electrics remote monitoring software. Cisco urges users to patch a decade-old vulnerability. CISA warns of active exploitation of Zyxel firewall devices. A critical XSS vulnerability has been identified in MobSF. Googles December 2024 Android security update addresses 14 high-severity vulnerabilities. The Federal Trade Commission settles with data brokers over alleged consent violations. On todays CertByte segment, Chris Hare and Dan...
Nam3l3ss but not harmless.
More than 760,000 see their personal data exposed on the BreachForums cybercrime forum. The new head of the UKs NCSC warns against underestimating growing cyber threats. The Consumer Financial Protection Bureau (CFPB) looks to prevent data brokers from selling Americans personal and financial information. A U.S. government and energy sector contractor discloses a ransomware attack. The smoked ham Windows backdoor is being actively deployed. A new report warns of overreliance on Chinese-made LIDAR technology. SmokeLoader malware targets companies in Taiwan. NIST proposes new password guidelines. South Korean police make arrests over 240,000 satellite receivers with built-in DDoS attack capabilities. On...
The international effort making digital spaces safer.
A major cybercrime crackdown by Interpol nabs hundreds of suspects and millions in stolen funds. Zabbix has disclosed a critical SQL injection vulnerability. A novel phishing campaign exploits Microsoft Words file recovery feature. Researchers track the Rockstar 2FA phishing toolkit. Critical vulnerabilities are found in Advantechs industrial wireless access points. North Koreas Kimsuky hacking group shifts their tactics. The U.N. forms an advisory body to address growing threats to critical undersea cable infrastructure.The U.K. is laser-focused on AI security research. Russian authorities arrest the Wazawaka ransomware affiliate. Our guest is Marshall Heilman, CEO of DTEX Systems, sharing his experience with...
Debra Danielson: Be fearless. [CTO] [Career Notes]
Please enjoy this encore episode, where we are joined by Chief Technology Officer and Senior Vice President, Engineering for Digital Guardian Debra Danielson, as she shares her career journey. From aspirations of becoming an astronaut studying mechanical and aerospace engineering, Finding her first job at a local software company that turned into a long term commitment after it was acquired by another firm. Debra mentions that when she was heads-down programming, there were many women in the field and when she emerged from the cube to take on management and leadership positions, the ratio of women had dropped dramatically. She...
Leaking your AWS API keys, on purpose? [Research Saturday]
Please enjoy this encore episode: Noah Pack, a SANS Internet Storm Center Intern, sits down to discuss research on "What happens when you accidentally leak your AWS API keys?" This research is a guest diary from Noah and shares a project he worked on after seeing an online video of someone who created a python script that emailed colleges asking for free swag to be shipped to him. The research states "In this article, I will share some research, resources, and real-world data related to leaked AWS API keys." In this research, Noah shares what he learned while implementing his...
Science fiction meets reality with Ronald D. Moore. [T-Minus Deep Space]
T-Minus Space Daily Podcast Host Maria Varmazis was asked to host a fireside chat with Sci-Fi legend Ronald D. Moore at the Beyond Earth Symposium in Washington DC. Ronald D. Moore is an American screenwriter and television producer. He is best known for his work on Star Trek, the re-imagined Battlestar Galactica and For All Mankind TV series. Check out the full conversation on our YouTube Page here! Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and youll never miss a beat....
Solution Spotlight: Simone Petrella talking with Lee Parrish, CISO of Newell Brands, about his book and security relationship management. [Special Edition]
Please enjoy this encore episode:
On this Solution Spotlight, guest Lee Parrish, author and CISO at Newell Brands, joins N2KPresidentSimone Petrella to discuss his book "The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security" and security relationship management.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Grappling with a ransomware attack.
Blue Yonder continues to grapple with ransomware attack. AI-powered scams surge this shopping season. Gaming engine exploited to deliver malware. Chinese hackers ride the router wave. TikToks beauty filter ban. Redefining cybersecurity education for the future. On our Industry Voices segment, Dave sits down with Damon Fleury, SpyClouds Chief Product Officer to discuss defending against what criminals know about you and the role of holistic digital identity in cyber defense. And when do cyber criminals start their holiday scheming? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily...
Taking aim at cybercrime.
Smashing cybercrime syndicates. CyberVolk goes global. Tech troubles mostly resolved. A malware web weaved by Salt Typhoon targets global sectors. Love at first exploit. Ransomware attack on Blue Yonder brews trouble. Google faces a UK court battle. Lateral moves and lost data. I sit down with Clemence Poirer, Senior Cyberdefense Researcher at the Center for Security Studies (CSS) at ETH Zurich | Space Cybersecurity to discuss cybersecurity attacks in space. And finally, a Cybersecurity sales pitch goes rogue. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence...
Novel attacks and creative phishing angles.
APT28 uses a novel technique to breach organizations via nearby WiFi networks. Your Apple ID is (not) suspended. UK highlighting Russian threats at NATO Cyber Defence Conference. US senators request an audit of TSA's facial recognition technology. Supply chain software company sustains ransomware attack. Critical QNAP vulnerability could allow remote code execution. Outdated Avast Anti-Rootkit driver exploited. No more internet rabbit holes for China. Guest Lesley Carhart from Dragos on "The Shifting Landscape of OT Incident Response." Stop & Shop turns cyber oops into coffee and cookies. Remember to leave us a 5-star rating and review in your favorite podcast...
Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]
Enjoy this encore episode where we are joined by Co-founder and Chief Strategy Officer for Corelight Greg Bell, as he describes the twists and turns of his career bringing him back to his childhood joy of computers.Working in a myriad of fields from human rights to Hollywood to writing a history of conspiracy belief before pivoting back to technology. Focusing on the relationships within the open source community, Greg works to change and improve the world through his mission-based organization. For those looking to begin their career in cyber, Greg offers that great mentorship and working for great organizations where...
Exposing AI's Achilles heel. [Research Saturday]
This week, we are joined by Ami Luttwak, Co-Founder and CTO from Wiz, sharing their work on "Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35 percent of Cloud Environments." A critical vulnerability in the NVIDIA Container Toolkit, widely used for GPU access in AI workloads, could allow attackers to escape containers and gain full access to host environments, jeopardizing sensitive data. Wiz estimates that at least 33% of cloud environments are affected and urges immediate updates to NVIDIA's patched version. This discovery highlights the broader issue of young, under-secured codebases in AI tools,...
A not so BASIC farewell.
META details its efforts against pig butchering. The Salt Typhoon attack on major U.S. telecoms sparks interest from Congress. Microsoft dismantles 240 domains linked to the ONNX phishing-as-a-service platform. A major U.S. gambling and lottery provider suffers a cyberattack. Hackers exploit newly patched zero-days in Palo Alto Networks firewalls. Researchers say Fortinet VPN servers lack sufficient logging. A pilot program looks to improve security for small U.S. water utilities. Bitdefender warns of scammers using Black Friday-themed spam emails. Our guest is DataDomes CEO and Co-founder, Benjamin Fabre, discussing how "Fake Accounts Threaten Black Friday Gaming Sales." A fond farewell for...
No more spinach for PopeyeTools.
The feds take down the PopeyeTools cybercrime market. Five alleged Scattered Spider members have been charged. CISA warns of critical vulnerabilities in VMwares vCenter Server. Global AI experts convene to discuss safety. MITRE updates its list of Top 25 Most Dangerous Software Weaknesses. US and Australian agencies warn critical infrastructure organizations about evolving tactics by the BianLian ransomware group. A new report looks at rising threats to the U.S. manufacturing industry. Researchers at ESET uncover the WolfsBane Linux backdoor. A pair of malicious Python packages impersonating ChatGPT went undetected for over a year. A data breach at a French hospital...
When location data becomes a weapon.
A WIRED investigation uncovers the ease of tracking U.S. military personnel. Apple releases emergency security updates to address actively exploited vulnerabilities. Latino teenagers and LGBTQ individuals are receiving disturbing text messages spreading false threats. Crowdstrike says Liminal Panda is responsible for telecom intrusions. Oracle patches a high-severity zero-day vulnerability. Trend Micro has disclosed a critical vulnerability in its Deep Security 20 Agent software. A rural hospital in Oklahoma suffers a ransomware attack. A leading fintech firm is investigating a security breach in its file transfer platform. Researchers deploy Mantis against malicious LLMs. Ben Yelin from the University of Maryland Center...
Biden vs. Trump: A tale of two cybersecurity strategies.
Pundits predict Trump will overhaul U.S. cybersecurity policy. Experts examine escalating cybersecurity threats facing the U.S. energy sector. Palo Alto Networks patches a pair of zero-days. Akira and SafePay ransomware groups claim dozens of new victims. A major pharmacy group is pressured to pay a $1.3 million ransomware installment. Threat actors are exploiting Spotify playlists and podcasts. An alleged Phobos ransomware admin has been extradited to the U.S. Rapper Razzlekhan gets 18 months in prison for her part in the Bitfinex cryptocurrency hack. On todays Threat Vector, David Moulton speaks with Assaf Dahan, Director of Threat Research at Palo Alto...
A new era for CISA under Trump?
CISAs Director Easterly plans to step down in the coming year. DHS issues recommendations for AI in critical infrastructure.Palo Alto Networks confirms active exploitation of a critical zero-day vulnerability in its firewalls. Threat actors exploit Microsofts 365 Admin Portal to send sextortion emails. A China-based APT targets a zero-day in Fortinets Windows VPN. The EPA reports on vulnerabilities in drinking water systems. A critical authentication bypass vulnerability affects a popular WordPress plugin. Researchers track a rise in the ClickFix social engineering technique. An 18 year old faces up to twenty years behind bars for swatting. Our guest is Rob Boyce,...
Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]
Please enjoy this encore episode where Vice President of Raytheon's Cyber Offense, Defense Expert Teresa Shea speaks of her journey from math to adapting new technologies on the cutting edge, With a love of math, Teresa was offered a scholarship by the Society of Women Engineering and decided to pursue a degree in electrical engineering. Unsurprisingly, there were few other women in her program, Teresa interned with and then proceeded to work for the National Security Agency becoming their SIGINT director. Following her government career, Teresa worked to help bring new technologies to government through her work at Raytheon. We...
Credential harvesters in the cloud. [Research Saturday]
This week we are joined by, BlakeDarch, Head of Cloudforce One at Cloudflare, to discuss their work on "Unraveling SloppyLemmings Operations Across South Asia." Cloudforce One's investigation into the advanced threat actor "SloppyLemming" reveals an extensive espionage campaign targeting South and East Asia, with a focus on Pakistan's government, defense, telecommunications, and energy sectors. Leveraging multiple cloud service providers, SloppyLemming employs tactics like credential harvesting, malware delivery, and command-and-control (C2) operations, often relying on open-source adversary emulation tools like Cobalt Strike. Despite its activities, the actor's poor operational security (OPSEC) has allowed investigators to gain valuable insights into its infrastructure...
One tap, total access: Pegasus exploits unveiled.
Unredacted court filings from WhatsApps 2019 lawsuit against NSO Group reveal the scope of spyware infections. Glove Stealer can bypass App-Bound Encryption in Chromium-based browsers. Researchers uncover a new zero-day vulnerability in Fortinets FortiManager. Rapid7 detects an updated version of LodaRAT. CISA warns of active exploitation of Palo Alto Networks Expedition tool. Misconfigured Microsoft Power Pages accounts expose sensitive data. Iranian state hackers mimic North Koreans in fake job scams. Australia warns its critical infrastructure providers about state sponsored embedded malware. An especially cruel cybercriminal gets ten years in the slammer. Guest Ambuj Kumar, Co-founder and CEO of Simbian, joins...
Eavesdropping on Americas eyes and ears.
The Feds confirm Chinese penetration of U.S. telecom wiretap systems. Anne Neuberger outlines top cybersecurity challenges facing the upcoming Trump administration. Former Air National Guardsman Jack Teixeira gets a 15-year prison sentence for leaking classified U.S. military documents. A Chinese national faces up to 20 years in prison after pleading guilty to money laundering for pig-butchering scams. Researchers say a popular pregnancy app has serious, unaddressed security vulnerabilities. NIST misses its deadline for clearing the NVD backlog. A B2B demand generation company confirms a leak affecting 122 million people. HHS warns healthcare organizations to be on the lookout for Godzilla....
Bitcoin Jesus and Sheboygan face problems.
Federal agencies and Five Eyes partners list the past years most exploited vulnerabilities. U.S. authorities hand down indictments in the Snowflake customer breach. Patch Tuesday updates. Zoom discloses multiple vulnerabilities. A China-linked hacker group has compromised Tibetan media and university websites. A cyberattack on a Dutch company affects over 2,000 U.S. grocery stores. Sheboygan suffers a ransomware attack. The White House plans to support a controversial UN cybercrime treaty. On todays CertByte segment, N2Ks Chris Hare is joined by Dan Neville to break down a question from the CompTIA Security+ certification Practice Test. Bitcoin Jesus faces $48 million in tax...
Ransomware as a public health crisis.
At the U.N. Anne Neuberger frames ransomware as a growing public health crisis. Amazon confirms a MOVEit-related data breach. SAP provides patches and mitigations for a variety of flaws. Researchers identify North Korean hackers embedding malware in macOS applications. Form I-9 Compliance reports a data breach impacting over 193,000 individuals. Hot Topic confirms a breach affecting over 54 million customers. Halliburton reports a $35 million ransomware event. Ymir ransomware follows in the footsteps of RustyStealer. Threat actors prepare for a second Trump presidency. A Venezuelan man gets 25 years for romance scam kidnappings. Our guest is Tim Starks from CyberScoop...
Solution Spotlight: Rebuilding trust in the wake of tech calamities. [Special Edition]
In this special edition of our podcast, Simone Petrella sits down with cybersecurity luminary Alex Stamos, Chief Information Security Officer at SentinelOne, to delve into one of the most challenging years in tech history. 2024 has seen unprecedented breaches of multinational corporations, high-stakes attacks from state actors, massive data leaks, and the largest global IT failure on record. As both a seasoned security executive and respected thought leader, Stamos offers a firsthand perspective on how the security landscape is evolving under these pressures. In this exclusive keynote discussion, Stamos draws from his extensive experience to share hard-won lessons from the...
Kevin Magee: Focus on the archer. [CSO] [Career Notes]
Enjoy this special encore episode where we are joined by Chief Security Officer of Microsoft Canada Kevin Magee, he's sharing his background as a historian and how it applies to his work in cybersecurity.Likening himself to a dashing Indiana Jones, Kevin talks about how he sees history unfolding and the most interesting things right now are happening in security. Spending time tinkering with things in the university's computer room under the stairs gave way to Kevin's love affair with technology. As Chief Security Officer, Kevin says he uses an analogy: "I think we focus on the arrows, not the the...
A firewall wake up call. [Research Saturday]
Enjoy this special encore episode, where we are joined by Jon Williams from Bishop Fox, as he is sharing their research on "Its 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable." SonicWall published advisories forCVE-2022-22274andCVE-2023-0656a year apart after finding that NGFW series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities. The research states "Our research found that the two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern." They also found that when they scanned SonicWall firewalls with management interfaces exposed to the internet, they...
CISA issues urgent warning.
CISA issues a warning about a critical security flaw in Palo Alto Networks Expedition tool. A federal agency urges employees to limit phone use in response to Chinese hacking. Law enforcement is perplexed by spontaneously rebooting iPhones. A key supplier for oilfields suffers a ransomware attack. Hewlett Packard Enterprise (HPE) patches multiple vulnerabilities in its Aruba Networking access points. Cybercriminals use game-related apps to distribute Winos4.0. Germany proposes legislation protecting security researchers. The TSA proposes new cybersecurity regulations for critical transportation infrastructure. Our guest is Aaron Griffin, Chief Architect from Sevco Security, sharing the discovery of a significant Apple iOS...
Canada cuts TikTok ties.
Canada orders ByteDance to shut down local operations. Cisco releases urgent patches for multiple vulnerabilities. SteelFox malware delivers a crypto-miner and info-stealer. North Korean campaigns pursue fake jobs and remote workers. A suspected cyber intrusion disrupts Washington state court systems. Over 200,000 customers of SelectBlinds have their credit card info stolen. Cyber experts encourage congress to pursue bipartisan readiness studies despite DoD pushback. On our Industry Voices segment, we welcome guest Jeremy Huval, Chief Innovation Officer at HITRUST, discussing the AI explosion and the need to consider the risks before implementation. Curiosity killed the cat lovers computer. Remember to leave...
Thats a wrap on election day.
Election day wrap-up. The FBI issues a warning about cybercriminals selling government email credentials. Google issues an emergency update for Chrome. An Interpol operation nets dozens of arrests and IP takedowns. Microchip Technology disclosed $21.4 million in expenses related to a cybersecurity breach. Ransomware makes a Georgia hospital revert to paper records. South Korea fines Meta $15 million over privacy violations. A cyberattack disables panic alarms on British prison vans. A small city in Kansas recovers from a devastating pig butchering scheme. Our guest today is Javed Hasan, CEO and Co-Founder of Lineaje, discussing the growing risks within open source...
Confidence on election day.
On election day U.S. officials express confidence. A Virginia company is charged with violating U.S. export restrictions on technology bound for Russia. Backing up your GMail. Google mandates MFA. Google claims an AI-powered vulnerability detection breakthrough. Schneider Electric investigates a cyberattack on its internal project tracking platform. A Canadian man suspected in the Snowflake-related data breaches has been arrested. On our Threat Vector segment, David Moulton sits down with Christopher Scott, from Unit 42 to explore the essentials of crisis leadership and management. I spy air fry? Remember to leave us a 5-star rating and review in your favorite podcast...
FBI fights fake news.
The FBI flags fake videos claiming to be from the agency. Okta patches an authentication bypass vulnerability. Microsoft confirms Windows Server 2025 Blue Screen of Death issues. Scammers exploit DocuSigns APIs to send fake invoices that bypass spam filters. Hackers use smart contracts for command and control. ICS suppliers face challenges convincing customers to secure their environments. Barracuda tracks a phishing campaign impersonating OpenAI. X-Twitter makes controversial changes to its block feature. A Nigerian man gets 26 years in prison for email fraud. On our Solution Spotlight, N2K's Simone Petrella interviews Alex Stamos, CISO at SentinelOne, at the ISC2 Security...
Dinah Davis: Building your network. [R&D] [Career Notes]
Please enjoy this encore episode, where we are joined by VP of R&D at Arctic Wolf Networks Dinah Davis, as sheshares how she arrived in the cybersecurity industry after finding her niche. Dinah recalls how at a time of indecision, a computer course at university and a job with the Canadian government helped to solidify her career direction. Dinah mentions how "security and cryptography specifically was this perfect mix of real world problem solving and mathematics and computer science all combined into one ball of happiness." Networking played a key role in Dinah's journey. She recommends that those interested in...
Velvet Ant's silent invasion. [Research Saturday]
This week, we are joined by, Amnon Kushnir from Sygnia, who is sharing their work on "China-Nexus Threat Group Velvet Ant Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches." In early 2024, Sygnia observed the Velvet Ant threat group exploiting a zero-day vulnerability (CVE-2024-20399) to infiltrate Cisco Switch appliances and operate undetected within enterprise networks. This attack enables threat actors to escape Ciscos command interface and install malware directly on the devices OS, bypassing standard security tools. The incident underscores the risks posed by third-party appliances and the importance of enhanced monitoring and threat detection to counter advanced...
A push to debunk election disinformation.
Georgias Secretary of State Pushes Social Media to Remove Russian Disinformation. CISA introduces its first international strategic plan. Microsoft issues a warning about the Quad7 botnet. Researchers uncover a zero-click vulnerability in Synology devices. CISA warns of critical ICS vulnerabilities. The U.S.and Israel outline the latest cyber activities of an Iranian threat group. Researchers track an online shopping scam operation called Phish n Ships. A Colorado Pathology lab notifies 1.8 million patients of a data breach. Our guest is Gary Barlet, Public Sector CTO at Illumio, with a timely look at election security. Packing a custom PC full of meth....
Guarding the Vote
CISA spins up an election operations war room. Microsoft neglected to restrict access to gender-detecting AI. Yahoo uncovers vulnerabilities in OpenTexts NetIQ iManager. QNAP issues urgent patches for its NAS devices. Sysdig uncovers Emerald Whale. A malvertising campaign exploits Metas ad platform to spread the SYS01 infostealer. Senator Ron Wyden wants to tighten rules aimed at preventing U.S. technologies from reaching repressive regimes. Researchers use AI to uncover an IoT zero-day. Sophos reveals a five year battle with firewall hackers. Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and differ across individuals and...
The Malware Mash
Happy Halloween from the team at N2K Networks! We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video here. Lyrics I was coding in the lab late one night when my eyes beheld an eerie sight for my malware threat score began to rise and suddenly to my surprise... It did the Mash It did the Malware Mash The Malware Mash It was a botnet smash It did the Mash It caught on 'cause of Flash The Malware Mash It did the Malware Mash From the Stuxnet worm squirming toward...
Colorado election officials downplay a partial password leak. Over 22,000 CyberPanel instances were targeted in a ransomware attack. Google issues a critical security update for Chrome. Microsoft says Russias SVR is conducting a wide-ranging phishing campaign. The FakeCall Android banking trojan gains advanced evasion and espionage capabilities. A New 0patch Fix Blocks Malicious Theme Files. iOS malware LightSpy adds destructive features. LinkedIn faces class-action lawsuits over alleged privacy violations. The U.S. charges a Russian national as part of Operation Magnus. On this weeks CertByte segment, Chris Hare is joined by Dan Neville to break down a question targeting the Certified...
Securing democracy.
Chinese hacking into US telecoms draws federal scrutiny. ESET examines Evasive Pandas CloudScout toolset. A new ChatGPT jailbreak bypassed security safeguards. Nintendo warns users of a phishing scam. The Five Eyes launch the Secure Innovation initiative for startups. CISA releases Product Security Bad Practices guidelines. Apples new bug bounty program offers a million bucks for critical vulnerabilities. The City of Columbus drops its suit of a cybersecurity researcher. On our Solution Spotlight today, N2Ks Simone Petrella speaks with Chris Porter, CISO at Fannie Mae, on cultivating cybersecurity culture and talent. Spooky spam is back. Remember to leave us a 5-star...
In this Solution Spotlight episode, our very own Simone Petrella sits down with Chris Porter, the Chief Information Security Officer at Fannie Mae. As a seasoned expert in the financial and cybersecurity sectors, Chris shares insights into how Fannie Mae navigates the complexities of securing one of the nation's most critical financial institutions. Together, they discuss Fannie Mae's evolving cybersecurity posture, balancing innovation with risk management, and the critical strategies employed to protect sensitive data in an increasingly digital and interconnected world. Chris also delves into the importance of collaboration across the industry, highlighting partnerships and intelligence-sharing as vital components...
Operation Magnus strikes back.
Operation Magnus disrupts notorious infostealers. Pennsylvania officials debunk election disinformation attributed to Russia. TeamTNT targets Docker daemons. Delta sues CrowdStrike. NVIDIA released a critical GPU Display Driver update. Fog and Akira ransomware exploit SonicWall VPNs. A researcher demonstrates Downgrade attacks against Windows systems. Qilin ransomware grows more evasive and disruptive. Pwn2Own Ireland awards over $1 million for more than 70 zero-day vulnerabilities. Our guest is Grant Geyer, Chief Strategy Officer at Claroty, talking about safeguarding our nation's critical food infrastructure. At long last, its legal to fix your McFlurry. Remember to leave us a 5-star rating and review in your...
Stephen Hamilton: Getting the mission to the next level. [Military] [Career Notes]
Enjoy this special encore episode where we are joined by Army Cyber Institute Technical Director and Chief of Staff Colonel Stephen Hamilton, as he takes us on his computer science journey. Fascinated with computers since the second grade, Stephen chose West Point after high school to study computer science. Following graduation he moved into the signal branch as it most closely matched his interest in ham radio as no branch related directly to computing. He was pulled from the motor pool to help with another area's computing needs and then worked his way to teaching computer science at. West Point...
Mission possible? Navigating tech adoption in the DoD. [Special Edition]
In this episode, N2K's Brandon Karpf interviews Pete Newell, CEO and Founder of BMNT, about the challenges facing technology adoption within the Department of Defense (DoD). They discuss the concept of mission acceleration, focusing on the DoDs struggle to keep pace with rapid changes on the battlefield and the importance of a human-centered approach to technology adaptation. Newell emphasizes that true innovation in defense is more of a "people problem" than a technology issue, requiring shifts in organizational culture and internal education. Tune in to hear insights on accelerating change in defense through better problem articulation and training. Learn more...
LLM security 101. [Research Saturday]
This week, we are pleased to be joined by Mick Baccio, global security advisor for Splunk SURGe, sharing their research on "LLM Security: Splunk & OWASP Top 10 for LLM-based Applications." The research dives into the rapid rise of AI and Large Language Models (LLMs) that initially seem magical, but behind the scenes, they are sophisticated systems built by humans. Despite their impressive capabilities, these systems are vulnerable to numerous cyber threats. Splunk's research explores the OWASP Top 10 for LLM Applications, a framework that highlights key vulnerabilities such as prompt injection, training data poisoning, and sensitive information disclosure. The...
UnitedHealth breach numbers confirmed.
UnitedHealth confirms breach numbers. Patient privacy pains. Amazon vs. APT29. CDK vulnerability threatens user security. Fog and Akira take aim at SonicWall. Level up or log off. LinkedIn in hot water. Open source, closed doors. Watt's the risk? Today, we are joined by Itzik Alvas, Entro Securitys CEO and Co-Founder, discussing their research team's work on non-human identities and secrets management. And Muni Metro hits Ctrl+Alt+Delete on floppy disks! Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat....
A giant FortiJump for cybercriminals.
Fortinet confirms a recently rumored zero-day. Officials investigate how restricted chips ended up in products from Huawei. The White House unveils a coordinated AI strategy for national security. Researchers jailbreak LLMs with Deceptive Delight. A new ransomware group exploits vulnerable device drivers. Sensitive documents from a UN trust fund are leaked online. Penn State pays over a millions dollars to settle allegations of inadequate security in government contracts. CISA adds a SharePoint vulnerability to its Known Exploited Vulnerabilities Catalog. A Microsoft report warns of growing election disinformation. On our industry voices segment, Eric Herzog, CMO of Infinidat, discusses merging cybersecurity...
NotLockBit takes a bite out of macOS.
NotLockBit mimics its namesake while targeting macOS. Symantec uncovers popular mobile apps with hardcoded credentials. Avast releases a Mallox ransomware decryptor. Akira ransomware reverts to tactics tried and true. Lawmakers ask the DOJ to prosecute tax prep firms for privacy violations. The SEC levies fines for misleading disclosures following the SolarWinds breach. Software liability remains a sticky issue. Updated guidance reiterates the feds commitment to the Traffic Light Protocol. A task force has cybersecurity recommendations for the next U.S. president. Todays guest is Jrme Segura, Sr. Director of Research at Malwarebytes, sharing their work on "Scammers advertise fake AppleCare+ service...
Zero-day exploited in the wild.
A zero-day affects Samsung mobile processors. A critical vulnerability is discovered in the OneDev DevOps platform. German authorities warn against vulnerable industrial routers. The Bumblebee loader buzzes around corporate networks. Ghostpulse hides payloads in PNG files. A Michigan chain of dental centers agrees to a multimillion dollar data breach settlement. A White House proposal tamps down international data sharing. Fortinet is reportedly patching an as-yet undisclosed severe vulnerability. In our Threat Vector segment, host David Moulton speaks with Nathaniel Quist about cloud extortion operations, the rise of ransomware attacks, and the challenges businesses face in securing public cloud environments. Russian...
On the run, caught on arrival.
An alleged Australian scammer wanted by the FBI gets nabbed in Italy. The Internet Archive has been breached again. Researchers discover vulnerabilities in encrypted cloud storage platforms. Cisco confirms stolen files but insists its not a data breach. A Chinese disinformation group targets Senator Marco Rubio. Malicious chatbot prompts can hide inside harmless ones. The DoD wants to offer senior cyber executives part-time roles as military reservists. Six years out, the specter of Spectre remains. Russian prosecutors seek prison for REvil operators. Guest Pete Newell, Founder and CEO of BMNT, talks with N2K's Brandon Karpf about challenges associated with technology...
Aarti Borkar: Make your own choices. [Product] [Career Notes]
Enjoy this special encore episode where we are joined by the Head of Product for IBM Security Aarti Borkar, who shares her journey which included going after her lifelong love of math rather than following in her parents' footsteps in the medical field. In following her passions, Aarti found herself studying computer engineering and computer science, and upon taking a pause from her studies, she found a niche working at IBM in a mix of databases and networking. In her current position, Aarti describes her favorite discussion topics very often involve being around the use of AI for converting security...
New targets, new tools, same threat. [Research Saturday]
This week we are joined by Chester Wisniewski, Global Field CTO from Sophos X-Ops team, to discuss their work on "Crimson Palace returns: New Tools, Tactics, and Targets." Sophos X-Ops has observed a resurgence in cyberespionage activity, tracked as Operation Crimson Palace, targeting Southeast Asian government organizations. After a brief lull, Cluster Charlie resumed operations in September 2023, using new tactics such as web shells and open-source tools to bypass detection, re-establish access, and map target network infrastructure, demonstrating ongoing efforts to exfiltrate data and expand their foothold. The research can be found here: Crimson Palace returns: New Tools, Tactics,...
No more cyber Snorlax naps.
Microsoft describes a macOS vulnerability. A trio of healthcare organizations reveal data breaches affecting nearly three quarters a million patients. Group-IB infiltrates a ransomware as a service operation. Instagram rolls out new measures to combat sextortion schemes. Updates from Bitdfender address Man-in-the-Middle attacks. An Alabama man is arrested for allegedly hacking the SEC. In our Industry Voices segment, Gerry Gebel, VP of Strata Identity, describes how to ensure identity continuity during IDP disrupted, disconnected and diminished environments. CISOs want to see their role split into two positions. Game Freaks Servers Take Critical Hit. Remember to leave us a 5-star rating...
Authorities bring down another hacker.
Brazilian authorities arrest the alleged USDoD hacker. The DoJ indicts the alleged operators of Anonymous Sudan. CISA and its partners warn of Iranian brute force password attempts. A new report questions online platforms ability to detect election disinformation. Recent security patches address critical vulnerabilities in widely-used platforms. North Korean threat actors escalate their fake IT worker schemes. CISA seeks comment on Product Security Bad Practices. Dealing effectively with post-breach stress. Tim Starks, Senior Reporter at CyberScoop, joins us to discuss Whats new from this years Counter Ransomware Initiative summit. Redbox DVD rental machines get a reboot. Remember to leave us...
Sri Lanka says no more to financial fakers!
Authorities arrest over 200 Chinese nationals in Sri Lanka over financial scams. Officials in Finland take down an online drug market. Cisco investigates an alleged data breach. A major apparel provider suffers a data breach. Oracles latest patch update includes 35 critical issues. Microsoft has patched several high-severity vulnerabilities. The NCSCs new boss calls for global collaboration to fight cybercrime. CISA warns of critical vulnerabilities affecting software from Microsoft, Mozilla, and SolarWinds.Hackers steal data from Verizons push-to-talk (PTT) system. On our CertByte segment, Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's...
Election Propaganda: Part 3: Efforts to reduce the impact of future elections.
Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWires Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1 & 2! Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWires Chief Analyst and Senior...
A must patch list in the making.
CISA adds a Fortinet flaw to its must patch list. Splunk releases fixes for 11 vulnerabilities in Splunk Enterprise. ErrorFather is a new malicious Android banking trojan. New evidence backs secure-by-design practices. CISA warns that threat actors are exploiting unencrypted persistent cookies. The FIDO Alliance standardizes passkey portability. Cybercriminals linger on Telegram. On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. We mark the passing of the co creator of the BBS. Remember to...
Solution Spotlight: A first look at ISC2's 2024 Cybersecurity Workforce Study. [Special Edition]
In this special edition of Solution Spotlight, join us for an exclusive conversation between ISC2's Executive Vice President of Corporate Affairs, Andy Woolnough, and N2K's Simone Petrella. Together, they take a deep dive into ISC2's 2024 Cybersecurity Workforce Study, offering a first look at the most pressing findings. Discover insights from a survey of 15,852 cybersecurity professionals and decision-makers across the globe, including the size of the current workforce, the demand for more professionals, and alarming trends around layoffs, budget cuts, and skills shortages. Andy and Simone also explore the growing disconnect between the skills in high demand by hiring...
Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]
Enjoy this special encore episode, where we are joined by a High Performance Computing Systems Administrator at Brigham Young University. Billy Wilson tells his cybersecurity career story translating language skills to technical skills.According to Billy's employer, moving to a technical position at his alma mater occurred because Billy showed this potential and a thirst for learning.He is currently pursuing his master's degree from SANS Technology Institute for Information Security Engineering while working to secure BYU's data for their computationally-intensive research. Billy notes that not everyone has one overarching passion which gives him variety in his work. And, we thank Billy...
Ransomware on repeat. [Research Saturday]
In this episode, Trevor Hilligoss, VP of SpyCloud Labs at SpyCloud, discusses the increasing threat of ransomware, emphasizing the role of infostealer malware in facilitating these attacks. He draws from SpyCloud's 2024 Malware and Ransomware Defense Report, highlighting how compromised identity data from infostealers creates opportunities for ransomware operators. With 75% of organizations experiencing multiple ransomware attacks in the past year, Trevor explores findings from over 500 security leaders in the US and UK, discussing the challenges businesses face and how they can use insights from this research to defend against ransomware and other cybercrimes. The research can be found...
Patient portals down, ransomware up.
A Colorado health systems patient portal has been compromised. Malicious uploads to open-source repositories surge over the past year. Octo2 malware targets Android devices. A critical vulnerability in Veeam Backup & Replication software is being exploited. The U.S. and U.K. team up for kids online safety. The European Council adopts the Cyber Resilience Act. New York State adopts new cyber regulations for hospitals. The FBI created its own cryptocurrency to help thwart fraudsters. Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters." Getting dumped via AI. Remember to leave us a 5-star rating and...
Hacked, attacked, and sued.
The Internet Archive gets breached and DDoSed. Dutch police arrest the alleged proprietors of an illicit online market. Fidelity Investments confirms a data breach. Marriott settles for $52 million over a multi-year data breach. Critical updates from Mozilla, FortiNet, Palo Alto Networks, VMWare, and Apple. Mongolian Skimmer targets Magento installations. On our Industry Voices segment, we speak with Ben April, Chief Technology Officer at Maltego Technologies GMBH, about "Overcoming information overload: Challenges in social media investigations." Bankruptcy pulls back the curtain on a data brokerage firm. Remember to leave us a 5-star rating and review in your favorite podcast app....
Attacks amidst anniversaries.
Hackers target Russias court information system. Patch Tuesday rundown. GoldenJackal targets government and diplomatic entities in Europe, the Middle East, and South Asia.Cybercriminals are exploiting Floridas disaster relief efforts. Australia introduced its first standalone cybersecurity law. CISA and the FBI issue guidance against Iranian threat actors. Mamba 2FA targets Microsoft 365 accounts. Casio reports a data breach. On our Solution Spotlight, Simone Petrella speaks with Andy Woolnough from ISC2's about their 2024 Cybersecurity Workforce Study. Keeping the AI slop off Wikipedia. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for...
Election Propaganda: Part 2: Modern propaganda efforts.
In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWires Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1! Make sure to check out Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWires Chief Analyst and Senior Fellow,...
Key player unmasked in global ransomware takedown.
Western authorities I.D. a key member of Evil Corp. A major U.S. water utility suffers a cyberattack. ODNI warns of influence campaigns targeting presidential and congressional races. A California deepfakes law gets blocked. Europol leads a global effort against human trafficking. Trinity ransomware targets the healthcare industry. Qualcomm patches a critical zero-day in its DSP service. ADT discloses a breach of encrypted employee data. North Korean hackers use stealthy Powershell exploits. On our Threat Vector segment, David Moulton and his guests tackle the pressing challenges of securing Operational Technology (OT) environments. Machine Learning pioneers win the Nobel Prize. Remember to...
Tapped and trapped.
Chinese hackers breach U.S. telecom wiretap systems. A third-party debt collection provider exposes sensitive information of Comcast customers. Homeland Securitys cybercrime division chronicles their success. Google removes Kaspersky antivirus from the Play store. Ukrainian hackers take down Russian TV and Radio channels. A crypto-thief pleads guilty to wire fraud and money laundering. A pig-butchering victim gets his money back. On our Industry Voices segment, Jeff Reed, Chief Product Officer at Vectra AI, joins us to talk about how modern attackers don't hack in, they log in. AI knows - the truth is out there. Remember to leave us a 5-star...
Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]
Enjoy this encore episode where we are joined by Co-founder and socio-technical lead at Cygenta, Dr. Jessica Barker, as she shares her story from childhood career aspirations of becoming a farmer to her accidental pivot to working in cybersecurity. With a PhD in civic design, Jessica looked at the creation of social and civic places until she was approached by a cybersecurity consultancy interested in the human side of cybersecurity. She jumped in and the rest is history. Having experienced some negativity as a woman in cybersecurity, Jessica is a strong proponent of diversity in the field. She suggests that...
Podcast bait, malware switch. [Research Saturday]
Joshua Miller from Proofpoint is discussing their work on "Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset." Proofpoint identified Iranian threat actor TA453 targeting a prominent Jewish figure with a fake podcast interview invitation, using a benign email to build trust before sending a malicious link. The attack attempted to deliver new malware called BlackSmith, containing a PowerShell trojan dubbed AnvilEcho, designed for intelligence gathering and exfiltration. This malware consolidates all of TA453's known capabilities into a single script rather than the previously used modular approach. The research can be found here:...
Caught red-handed.
Interpol arrests eight in an international cybercrime crackdown. A MedusaLocker variant targets financial organizations. Cloudflare mitigates a record DDoS attempt. Insights from the Counter Ransomware Initiative summit. Fin7 uses deepnudes as a lure for malware. Researchers discovered critical vulnerabilities in DrayTek routers. CISA issues urgent alerts for products from Synacor and Ivanti. A former election official gets nine years in prison for a voting system data breach. Microsoft and the DOJ seize domains used by Russias ColdRiver hacking group. On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. to learn how the...
The Global Race for the 21st Century
In this episode, Dmitri Alperovitch discusses his book World on the Brink: How America Can Beat China in the Race for the Twenty-First Century with host Ben Yelin. Alperovitch highlights the rising tensions between the U.S. and China, focusing on Taiwan as a critical flashpoint that could ignite a new Cold War. He shares insights on the strategies America must adopt to maintain its status as the worlds leading superpower while addressing the challenges posed by China. By examining both strengths and weaknesses, as well as providing a timely blueprint for navigating the complexities of global relations in the 21st...
Election Propaganda Part 1: How does election propaganda work?
Rick Howard, N2K CyberWires Chief Analyst and Senior Fellow, discusses personal defensive measures that an average citizen, regardless of political philosophy, can take in order to not succumb to propaganda. References: David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Jeff Berman, Rene DiResta, 2023. Disinformation & How To Combat It [Interview]. Youtube. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of foreign interference [News]. The Washington Post. Quentin Hardy, Rene DiResta, 2024. The Invisible Rulers Turning Lies Into Reality [Interview]. YouTube. Rob Tracinski, Rene DiResta, 2024. The Internet Rumor Mill [Interview]....
Breaking news blocked.
A global news agency suffers a cyberattack. CISA and the FBI provide guidance on cross site scripting attacks. A Texas health system diverts patients following a ransomware attack. Western Digital patches a critical vulnerability in network attached storage devices. California passes a law protecting domestic abuse survivors from being tracked. Verizon and PlayStation each suffer outages. CISA responds to critiques from the OIG. T-Mobile settles with the FCC over multiple data breaches. The DOJ indicts a Minnesota man on charges of selling counterfeit software license keys. On our Industry Voices segment kicking off Cybersecurity Awareness Month, we are joined by...
Escape from GPU island.
A critical vulnerability has been discovered in the NVIDIA Container Toolkit. Representatives from around the world are meeting in Washington to address ransomware. The Pentagon shoots down the notion of a separate cyber service. A genetic testing company leaves sensitive information in an unsecured folder. A public accounting firm breach affects 127,000 individuals. The DOJ charges a British national with hacking U.S. companies. Californias Governor vetoes an AI safety bill. CISOs deserve a seat at the table. Tim Starks from CyberScoop describes the House Homeland Security chairs proposed cyber workforce bill. Password laziness leaves routers vulnerable. Remember to leave us...
Steve Blank, national security, and the dilemma of technology disruption. (Part 2 of 2) [Special Edition]
In this 2-part special edition series, guest Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K's Brandon Karpf about national security and the dilemma of technology disruption. Listen to part 1 here. In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adversaries like China to the bureaucratic obstacles hindering defense innovation, Blank breaks down the dilemma of technology disruption in national security. Learn how the U.S. can...
Jason Clark: Challenge the way things are done. [Strategy] [Career Notes]
Enjoy this encore episode where we are joined by the Chief strategy officer and chief security officer for Netskope, Jason Clark, shares his journey as he challenges the status quo and works to expand diversity in cybersecurity. Jason started his career by breaking the mold and heading to the Air Force rather than his family legacy of Army service. Following his military service, he became a CISO for the New York Times at age 26 and kept building from there. Jason advises, "You should always be seeking out jobs you're actually not qualified for. I think that's how you grow....
Beyond the permissions wall. [Research Saturday]
We are joined by Yves Younan, Senior Manager, Talos Vulnerability Discovery and Research from Cisco, discussing their work on "How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions." Cisco Talos has uncovered eight vulnerabilities in Microsoft applications for macOS that could allow attackers to exploit the system's permission model by injecting malicious libraries. By leveraging permissions already granted to these apps, attackers could gain access to sensitive resources like the microphone, camera, and screen recording without user consent. While Microsoft considers these issues low risk and has declined to fix them, the vulnerabilities pose a...
Darknet dollars exposed.
International Law Enforcement Seizes Domains of Russian Crypto Laundering Networks. The real-world risk of a recently revealed Linux vulnerability appears low. Criminal Charges Loom in the Iranian Hack of the Trump Campaign. Meta is fined over a hundred million dollars for storing users passwords in plaintext. Delawares public libraries grapple with the aftermath of a ransomware attack. Tor merges with Tails. Progress Software urges customers to patch multiple vulnerabilities. A critical vulnerability in VLC media player has been discovered. Our guests are Mark Lance, Vice President of DFIR and Threat Intelligence at GuidePoint Security, and Andrew Nelson, Principal Security Consultant...
Salt Typhoons cyber storm.
Salt Typhoon infiltrates US ISPs. Researchers hack the connected features in Kia vehicles.WiFi portals in UK train stations suffer Islamophobic graffiti. International partners release a joint guide for protecting Active Directory. A key house committee approves an AI vulnerability reporting bill. Indias largest health insurer sues Telegram over leaked data. HPE Aruba Networking patches three critical vulnerabilities in its Aruba Access Points. OpenAI plans to restructure into a for-profit business. CISA raises the red flag on Hurricane Helene scams. Our guest is Ashley Rose, Founder & CEO at Living Security, on the creation of Forresters newest cybersecurity category, Human Risk...
Blue screen blues.
CrowdStrikes Adam Meyers testifies before congress. The State Department is set to provide nearly $35 million in foreign aid to strengthen global cybersecurity. Foreign adversaries claim ongoing access to presidential campaign documents. Researchers warn of critical vulnerabilities in fuel tank monitoring systems. Hackers claim a Chrome 2FA feature bypass takes less than ten minutes. Exploiting ChatGPTs long-term memory. Politicians and staffers find personal data exposed on the dark web. A critical vulnerability in Ivantis Virtual Traffic Manager is being actively exploited. On our CertByte segment, Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question...
PIVOTT Act drafts the next wave of digital defenders.
The House Homeland Security Chair introduces a major cyber workforce bill. Google rolls out new Gmail security tools. Telegram makes a big shift in its privacy policy. Microsoft doubles down on cybersecurity. A Kansas water treatment facility suffers a suspected cyberattack. MoneyGram reports network outages. Kaspersky antivirus users get an automatic upgrade, maybe. North Korean IT workers infiltrate Fortune 100 companies. Gartner analysts urge cybersecurity leaders to focus on prevention, response, and recovery. In this weeks Threat Vector, host David Moulton is joined by Daniel Kendzior, Global Data & AI Security Practice Lead at Accenture, to explore the seismic shifts...
Can connected cars jeopardize national security?
The US is set to propose a ban on Chinese software and hardware in connected cars. Dell investigates a breach of employee data. Unit 42 uncovers a North Korean PondRAT and a red team tool called Splinter. Marko Polo malware targets cryptocurrency influencers, gamers, and developers. An Iranian state-sponsored threat group targets Middle Eastern governments and telecommunications.The alleged Snowflake hacker remains active and at large. German officials quantify fallout from the CrowdStrike incident. Apples latest macOS update has led to widespread issues with cybersecurity software and network connectivity. Our guest is Vincenzo Ciancaglini, Senior Threat Researcher from Trend Micro, talking...
Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]
Enjoy this special encore episode, where we are jjoined by Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader.Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurityspace. Kyla recommends putting yourself out there: taking courses, getting more knowledge, getting internships, meeting people and going to conferences. Kyla thinks her generation has an inquisitive mind and feels that is where advocacy and education come...
Steve Blank, national security, and the dilemma of technology disruption. (Part 1 of 2)
In this 2-part special edition series, guest Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K's Brandon Karpf about national security and the dilemma of technology disruption. In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adversaries like China to the bureaucratic obstacles hindering defense innovation, Blank breaks down the dilemma of technology disruption in national security. Learn how the U.S. can overcome its outdated systems, accelerate...
Hook, line, and sinker. [Research Saturday]
Jonathan Tanner, Senior Security Researcher from Barracuda, discussing their work on "Stealthy phishing attack uses advanced infostealer for data exfiltration." The recent phishing attack, detailed by Barracuda, uses a sophisticated infostealer malware to exfiltrate a wide array of sensitive data. The attack begins with a phishing email containing an ISO file with an HTA payload, which downloads and executes obfuscated scripts to extract and transmit browser information, saved files, and credentials to remote servers. This advanced infostealer is notable for its extensive data collection capabilities and complex exfiltration methods, highlighting the increasing sophistication of cyber threats. The research can be...
They really are watching what we watch.
An FTC report confirms online surveillance and privacy concerns. Ukraine bans Telegram for state and security officials. Sensitive customer data from Indias largest health insurer is leaked. German law enforcement shuts down multiple cryptocurrency exchange services. HZ RAT sets its sights on macOS systems. Stolen VPN passwords remain a growing threat. Law enforcement dismantles the iServer phishing-as-a-service platform. Todays guest is Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, talking with N2K's Brandon Karpf about national security and the dilemma of technology disruption. CISAs boss pushes for accountability. Remember to leave us a...
Derailing the Raptor Train botnet.
The US government disrupts Chinas Raptor Train botnet. A phishing campaign abuses GitHub repositories to distribute malware.Ransomware group Vanilla Tempest targets U.S. healthcare providers.Hackers demand $6 million for stolen airport data. The FCC opens applications for a $200 million cybersecurity grant program. GreyNoise Intelligence tracks mysterious online Noise Storms. Scammers threaten Walmart shoppers with arrest. CISA adds five critical items to its known exploited vulnerabilities list. Craigslist founder will donate $100 million to strengthen US cybersecurity. Our guest today is Victoria Samson, Chief Director at Secure World Foundation, talking about space security and stability. Cybercriminals fall prey to very infostealers...
High-stakes sabotage.
Exploding pagers in Lebanon are not a cyberattack. Europol leads an international effort to shut down the encrypted communications app Ghost. Microsoft IDs Russian propaganda groups disinformation campaigns. Californias Governor signs bills regulating AI in political ads. A multi-step zero-click macOS Calendar vulnerability is documented. A new phishing campaign targets Apple ID credentials.The US Cyber Ambassador emphasizes deterrence. Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work on maintaining security support at all levels of cyber maturity. AI tries to out-Buffett Warren Buffett. Remember to leave us a 5-star rating and...
One small step for scammers.
The US charges a Chinese national for spear-phishing government employees. The feds impose new sanctions on the makers of Predator spyware. Dealing with fake data breaches. Researchers discover a critical vulnerability in Google Cloud Platform. D-Link has patched critical vulnerabilities in three popular wireless router models. Snowflake ups their authentication game. A US mining company confirms a cyberattack. Researchers identify critical threats targeting construction industry accounting software. Tim Starks from CyberScoop joins us with his reporting on the US Postal Services ability to meet the challenges of the upcoming election. Ciscos second round of layoffs hit hard. Remember to leave...
Agencies warn of voter data deception.
The FBI and CISA dismiss false claims of compromised voter registration data. The State Department accuses RT of running global covert influence operations. Chinese hackers are suspected of targeting a Pacific Islands diplomatic organization. A look at Apples Private Cloud Compute system. 23andMe will pay $30 million to settle a lawsuit over a 2023 data breach. SolarWinds releases patches for vulnerabilities in its Access Rights Manager. Browser kiosk mode frustrates users into giving up credentials. Brian Krebs reveals the threat of growing online harm communities. Our guest is Elliot Ward, Senior Security Researcher at Snyk, sharing insights on prompt injection...
Breaking the information sharing barrier.
Rick Howard, N2K CyberWires Chief Analyst and Senior Fellow, turns over hosting responsibilities to Errol Weiss, the Chief Security Officer (CSO) of the HEALTH-ISAC and one of the original contributors to the N2K CyberWire Hash Table. He will make the business case for information sharing. References: White and Williams LLP, Staff Osborne Clarke LLP , 2018. Threat Information Sharing and GDPR [Legal Review]. FS-ISAC. Senator Richard Burr (R-NC), 2015. S.754 - 114th Congress (2015-2016): To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes[Law]. Library of Congress. Staff, n.d. National Council...
Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]
Enjoy this encore of Carerr Notes, where the Program Director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security Ben Yelin shares his journey from political junkie to Fourth Amendment specialist. Several significant life defining political developments like the disputed 2000 election, 9/11, and the Iraqi war occurred during his formative years that shaped Ben's interest in public policy and his desire to pursue a degree in law. An opportunity to be a teaching assistant turned out to be one of those sliding door scenarios that led Ben to where he is...
Alex Delamotte, Threat Researcher from SentinelOne Labs, joins to share their work on "Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials." SentinelOnes Labs team has uncovered new research on Xeon Sender, a cloud hacktool used to launch SMS spam attacks via legitimate APIs like Amazon SNS. First seen in 2022, this tool has been repurposed by multiple threat actors and distributed on underground forums, highlighting the ongoing trend of SMS spam through cloud services and SaaS. The research can be found here: Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials Learn more about your ad choices....
Mini-breach, mega-hype.
Fortinet reveals a data breach. The feds sanction a Cambodian senator for forced labor scams. UK police arrest a teen linked to the Transport for London cyberattack. New Linux malware targets Oracle WebLogic. Citrix patches critical Workspace app flaws. Microsoft unveils updates to prevent outages like the CrowdStrike incident. U.S. Space Systems invests in secure communications. Illegal gun-conversion sites get taken down. Tim Starks of CyberScoop tracks Russian hackers mimicking spyware vendors. Cybersecurity hiring gaps persist. Hackers use eye-tracking to steal passwords. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up...
UKs newest cybersecurity MVPs.
The UK designates data centers as Critical National Infrastructure. Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system. BYOD is a growing security risk. A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from a 2023 data breach.Google Cloud introduces air-gapped backup vaults. TrickMo is a newly discovered Android banking malware. GitLab has released a critical security update. A $20 domain purchase highlights concerns over WHOIS trust and security. Our guest is Jon France, CISO at ISC2, with insights on Communicating Cyber Risk of New Technology to the Board. And, could Pikachu be...
A Patch Tuesday overload.
Patch Tuesday rundown. Microsoft integrates post-quantum cryptography (PQC) algorithms into its SymCrypt cryptographic library.The FTC finalizes rules to combat fake reviews and testimonials. A payment card thief pleads guilty. On our latest CertByte segment, N2Ks Chris Hare and George Monsalvatge share questions and study tips from the Microsoft Azure Fundamentals (AZ-900) Practice Test. Hard Drive Heaven: How Iconic Music Sessions Are Disappearing. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure to follow CyberWire Daily...
Solution Spotlight: Mary Haigh, Global CISO of BAE Systems, on building a cybersecurity team.
On this Solution Spotlight, guest Dr.Mary Haigh, Global CISO ofBAE Systems, speaks withN2KPresidentSimone Petrellaabout moving beyond the technical to build a cybersecurity team.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Stealth, command, exfiltrate: The three-headed cyber dragon of Crimson Palace.
Crimson Palace targets Asian organizations on behalf of the PRC. Europes AI Convention has lofty goals and legal loopholes. The NoName ransomware gang may be working as a RansomHub affiliate. Wisconsin Physicians Service Insurance Corporation, SLIM CD, and Acadian Ambulance Service each suffer significant data breaches. CISA adds three vulnerabilities to its Known Exploited Vulnerabilities Catalog. Researchers from Ben-Gurion University in Israel develop new techniques to exfiltrate data from air-gapped computers. In our latest Threat Vector segment, David Moulton, Director of Thought Leadership at Unit 42, sits down with Ryan Barger, Director of Offensive Security Services, to explore how AI...
A ticking clock to exploitation.
Patch Now alerts come from Progress Software and Veeam Backup & Restoration. Car rental giant Avis notifies nearly 300,000 customers of a data breach. The UKs National Crime Agency struggles to retain top cyber talent. Two Nigerian brothers get prison time for their roles in a deadly sextortion scheme. SpyAgent malware uses OCR to steal cryptocurrency. A Seattle area school district suffers a cybercrime snow day. Our guest is Amer Deeba, CEO of Normalyze, discussing datas version of hide and go seek - the emergence of shadow data. A crypto leader resigns after being held at gunpoint. Remember to leave...
Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]
Enjoy this special encore episode where we are joined by, Microsoft's Corporate Vice President of Cybersecurity Business Development Ann Johnson brings us on her career journey from aspiring lawyer to cybersecurityexecutive. After pivoting from studying law, Ann started working with computers and found she had a deep technical aptitude for technology and started earning certifications landing in cybersecurity because she found an interest in PKI. At Microsoft, Ann says she solves some of the hardest problems every day. She recommends getting a mentor and finding your area of expertise. She leaves us with three dimensions she hopes to be her...
The playbook for outpacing China. [Research Saturday]
This week, N2K's very own Brandon Karpf sits down with Kevin Lentz, Team Leader of the Cyber Pacific Project at the Global Disinformation Lab, and they discuss the recent threatcasting report "Cyber Competition in the Indo-Pacific Gray Zone 2035." This report, developed using the Threatcasting Method, examines how the U.S. and Indo-Pacific allies can coordinate their cyber defense efforts in response to future competition with China. It presents findings, trends, and recommendations based on twenty-five scenarios simulated by a cross-functional group of experts to anticipate and address emerging threats over the next decade. The research can be found here: Cyber...
Blizzard warning: Russias GRU unleashes new cyber saboteurs.
Cadet Blizzard is part of Russias elite GRU Unit. Apache releases a security update for its open-source ERP system. SonicWall has issued an urgent advisory for a critical vulnerability. Researchers uncover a novel technique exploiting Linuxs Pluggable Authentication Modules. Googles kCTF team has discloses a critical security vulnerability affecting the Linux kernels netfilter component. Predator spyware has resurfaced. US health care firm Confidant Health exposes 5.3 terabytes of sensitive health information. Dealing with the National Public Data breach. On our Solution Spotlight: Mary Haigh, Global CISO of BAE Systems, speaks with N2K's Simone Petrella about moving beyond the technical to...
U.S. rains on Russias fake news parade.
The DOJ disrupts Russias Doppelganger. NSA boasts over 1,000 public and private partners. The FBI warns of North Korean operatives launching complex and elaborate social engineering attacks. Iran pays the ransom to sure up their banking system. Cisco has disclosed two critical vulnerabilities in its Smart Licensing Utility. A Nigerian man gets five years in prison for Business Email Compromise schemes. Planned Parenthood confirms a cyberattack. Our guests are Sara Siegle and Cam Potts from NSA, Co-Hosts of the new show, No Such Podcast. OnlyFans hackers get more than they bargained for. Remember to leave us a 5-star rating and...
From secure to clone-tastic.
Researchers find Yubikeys vulnerable to cloning. Google warns of a serious zero-day Android vulnerability. Zyxel releases patches for multiple vulnerabilities. D-Link urges customers to retire unsupported vulnerable routers. Hackers linked to Russia and Belarus target Latvian websites. The Federal Trade Commission (FTC) reports a sharp rise in Bitcoin ATM-related scams. Dutch authorities fine Clearview AI over thirty million Euros over GDPR violations. Threat actors are misusing the MacroPack red team tool to deploy malware. CISA shies away from influencing content moderation. Our guest is George Barnes, Cyber Practice President at Red Cell Partners and Fmr. Deputy Director of NSA discussing...
Brazil nixes Twitters successor.
Brazil blocks access to X/Twitter. Transport for London has been hit with a cyberattack. Threat actors have poisoned GlobalProtect VPN software to deliver WikiLoader. Voldemort is a significant international cyber-espionage campaign. Researchers uncover an SQL injection flaw with implications for airport security. Three men plead guilty to running an MFA bypass service. The FTC has filed a complaint against security camera firm Verkada. CBIZ Benefits & Insurance Services disclosed a data breach affecting nearly 36,000. The cybersecurity implications of a second Trump term. On our Industry Insights segment, guest Caroline Wong, Chief Strategy Officer at Cobalt, discusses application security and...
AWS in Orbit: Building Opportunity with Axiom Space. [AWS in Orbit]
You can learn more about AWS in Orbit at space.n2k.com/aws. Our guests today are Jason Aspiotis, Global Director, In-Space Data & Security at Axiom Space and Jay Naves, Sr. Solutions Architect at AWS Aerospace & Satellite Solutions. AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and youll never miss a beat. And...
Tom Gorup: Fail fast and fail forward. [Operations]
Enjoy this encore episode with Vice President of Security and Support Operations of Alert Logic Tom Gorup shares how his career path led him from tactics learned in Army infantry using machine guns and claymores to cybersecurity replacing the artillery with antivirus and firewalls. Tom built a security automation solution called the Grunt (in recollection of his role in the Army) that automated firewall blocks. He credits his experience in battle-planning for his expertise in applying strategic thinking to work in cybersecurity, noting that communication is key in both scenarios. Tom advises that those looking into a new career shouldn't...
The impact of CISO Circles and cultivating a security culture.
In this Special Edition podcast, N2K's Executive Editor Brandon Karpf speaks with Danielle Ruderman, Senior Manager for Wordwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M, about CISO Circles, security challenges faced in higher education, and fostering the culture of security.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Pop goes the developer. [Research Saturday]
Tim Peck, a Senior Threat Researcher at Securonix, is discussing their work on "Threat actors behind the DEV#POPPER campaign have retooled and are continuing to target software developers via social engineering." The DEV#POPPER campaign continues to evolve, now targeting developers with malware capable of operating on Linux, Windows, and macOS systems. The threat actors, believed to be North Korean, employ sophisticated social engineering tactics, such as fake job interviews, to deliver stealthy malware that gathers sensitive information, including browser credentials and system data. The research can be found here: Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and...
High stakes for high tech: California's AI safety regulations take center stage.
AI regulations move forward in California. DDoS attacks are on the rise. CISA releases a joint Cybersecurity Advisory on the RansomHub ransomware. A persistent malware campaign has been targeting Roblox developers. Two European men are indicted for orchestrating a widespread swatting campaign. Critical vulnerabilities in an enterprise network monitoring solution could lead to system compromise. An Ohio judge issues a restraining order against a cybersecurity expert following a ransomware attack. Our guest is Dr. Zulfikar Ramzan, Chief Scientist at Aura, sharing his take on AI's growing role with online criminals. Admiral Hopper's lost lecture is lost no more. Miss an...
Crime, compliance, and controversy.
French authorities outline the allegations against Telegrams CEO. Google finds familiar spyware in Mongolian government websites. The Mirai botnet leverages obsolete security cameras. Irans Peach Sandstorm targets the space industry. A federal appeals court says platforms may be liable to algorithmically recommended content. Scam cycles are getting shorter. McDonalds officials are grimacing after hackers take over their Instagram account. Our guests today are Dave DeWalt, Founder and CEO of NightDragon, and Nicole Bucala, CEO and GM at DataBee, sharing their joint initiative which aims to propel future cybersecurity innovations. A would-be extortionist fails to cover his tracks. Miss an episode?...
From screen share to spyware.
Threat actors use a malicious Pidgin plugin to deliver malware. The BlackByte ransomware group is exploiting a recently patched VMware ESXi vulnerability. The State Department offers a $2.5 million reward for a major malware distributor. A Swiss industrial manufacturer suffers a cyberattack. The U.S. Marshals Service (USMS) responds to claims of data theft by the Hunters International ransomware gang. ParkN Fly reports a data breach affecting 1 million customers. Black Lotus Labs documents the active exploitation of a zero-day vulnerability in Versa Director servers. Federal law enforcement agencies warn that Iran-based cyber actors continue to exploit U.S. and foreign organizations....
Cyber revolt or just digital ruckus?
Hacktivists respond to the arrest of Telegrams CEO in France. Stealthy Linux malware stayed undetected for two years. Versa Networks patches a zero-day vulnerability. Google has patched its tenth zero-day vulnerability of 2024. Researchers at Arkose labs document Greasy Opal. A flaw in Microsoft 365 Copilot allowed attackers to exfiltrate sensitive user data. Gafgyt targets crypto mining in cloud native environments. Microsoft investigates an Exchange Online message quarantine issue. Our guest is Bar Kaduri, research team leader at Orca Security talking about AI Goat, the first open source AI security learning environment based on the OWASP top 10 ML risks....
From secret chats to public spats.
Telegrams CEO is arrested by French police, presumably over moderation failures. A cyberattack disrupted services at Seattle-Tacoma International Airport and the Port of Seattle. SonicWall has warned customers of a critical vulnerability that could lead to unauthorized access or a firewall crash. Dutch and French regulators fined Uber 290 million for failing to protect the privacy of EU drivers. Microsoft will host a cybersecurity conference next month in response to the disastrous CrowdStrike software update. Radio Free Europe/Radio Liberty looks at Irans active attempts to interfere in the upcoming U.S. presidential election. Our guests are Danielle Ruderman, Senior Manager for...
Ellen Sundra: Actions speak louder than words. [Engineering] [Career Notes]
Enjoy this special encore episode, where we are joined by Vice President of Global Systems Engineering Ellen Sundra and she shares her career path from life as a college grad who found her niche by creating a training program to a leader in cybersecurity. She realized that training and educating people was her passion. Ellen sees her value in providing soft skills as a natural balance to her technical team at Forescout Technologies. Being a woman in a male-dominated world proved to be a challenge and gaining her confidence to share her unique point of view helped her excel in...
Quantum-proof and ready: NIST unveils the future of encryption. [Special Edition]
In this Special Edition podcast, N2K's Executive Editor Brandon Karpf speaks with Dustin Moody, mathematician at NIST, about their first 3 recently finalized post-quantum encryption standards. NIST finalized a key set of encryption algorithms designed to protect against future cyberattacks from quantum computers, which operate in fundamentally different ways from traditional computers. Listen as Brandon and Dustin discuss these algorithms and how quantum computing will change the way we view encryption and cyber attacks in the future. Resources: NIST Releases First 3 Finalized Post-Quantum Encryption Standards (NIST) FIPS 203 FIPS 204 FIPS 205 What is Post Quantum Cryptography? (NIST) National...
MaaS infrastructure exposed. [Research Saturday]
Robert Duncan, VP of Product Strategy from Netcraft, is discussing their work on "Mule-as-a-Service Infrastructure Exposed." Netcraft's new threat intelligence reveals the intricate connections within global fraud networks, showing how criminals use specialized services like Mule-as-a-Service (MaaS) to launder scam proceeds. By mapping the cyber and financial infrastructure, including bank accounts, crypto wallets, and phone numbers, Netcraft exposes how different scams are interconnected and identifies weak points that can be targeted to disrupt these operations. This insight provides an opportunity to prevent fraud and protect against financial crimes like pig butchering, investment scams, and romance fraud. The research can be...
Hackers strike LiteSpeed cache again.
The exploitation of the LiteSpeed Cache Wordpress plugin has begun. Halliburton confirms a cyberattack. Velvet Ant targets Cisco Switch appliances. The Qilin ransomware group harvests credentials stored in Google Chrome. Ham radio enthusiasts pay a million dollar ransom. SolarWinds releases a hotfix to fix a hotfix. A telecom company will pay a million dollar fine over President Biden deepfakes. The Justice Department is suing the Georgia Institute of Technology and an affiliated company for allegedly failing to meet required cybersecurity standards for Pentagon contracts. Todays guest is Dustin Moody, mathematician at NIST, speaking with N2K's Brandon Karpf about post-quantum encryption...
Almost letting hackers rule the web.
A Wordpress plugin vulnerability puts 5 million sites at risk. Google releases an emergency Chrome update addressing an actively exploited vulnerability. Cisco patches multiple vulnerabilities. Researchers say Slack AI is vulnerable to prompt injection. Widely used RFID smart cards could be easily backdoored. The FAA proposes new cybersecurity rules for airplanes, engines, and propellers. A member of the Russian Karakurt ransomware group faces charges in the U.S. The Five Eyes release a guide on Best Practices for Event Logging and Threat Detection. The Kremlin claims widespread online outages are due to DDoS, but experts think otherwise. In our Threat Vector...
Cyberattack cripples major American chipmaker.
A major American chipmaker discloses a cyberattack. Cybercriminals exploit Progressive Web Applications (PWAs) to bypass iOS and Android defenses. Mandiant uncovers a privilege escalation vulnerability in Microsoft Azure Kubernetes Services. ALBeast hits ALB. Microsofts latest security update has caused significant issues for dual-boot systems. The DOEs new SolarSnitch program aims to sure up solar panel security. Researchers uncover LLM poisoning techniques. An Iranian-linked group uses a fake podcast to lure a target. Our guest is Parya Lotfi, CEO of DuckDuckGoose, discussing the increasing problem of deepfakes in the cybersecurity landscape. Return to sender - AirTag edition. Miss an episode? Sign-up...
Cybersecurity on the ballot.
The Dems 2024 party platform touches on cybersecurity goals. The feds warn of increased Iranian influence operations. A severe security flaw has been discovered in a popular WordPress donation plugin. The Lazarus Group exploits a Windows zero-day to install a rootkit. Krebs on Security takes a closer look at the significant data breach at National Public Data. Toyota confirms a data breach after their data shows up on a hacking forum. A critical Jenkins vulnerability is added to CISAs Known Exploited Vulnerabilities catalog. Cybercriminals steal credit card info from the Oregon Zoo. Guest CJ Moses, CISO at Amazon, discussing partnership...
Mic, camera, and more at risk.
Cisco Talos discovers vulnerabilities in Microsoft applications for macOS. OpenAI disrupts an Iranian influence campaign. Jewish Home Lifecare discloses a data breach affecting over 100,000. Google tests an auto-redaction feature in Chrome for Android. Unicoin informs the SEC that it was locked out of G-Suite for four days. House lawmakers raise concerns over China-made WiFi routers. Moodys likens the switch to post-quantum cryptography to the Y2K bug. Diversity focused tech nonprofits grapple with flagging support. Tim Starks of CyberScoop is back to discuss his investigation of a Russian hacking group targeting human rights groups. Smart phones get some street smarts....
Robert Lee: Keeping the lights on. [ICS] [Career Notes]
Enjoy this special encore with CEO and co-founder of Dragos Robert Lee, as he talks about how he came to cybersecurity through industrial control systems.Growing up with parents in the Air Force, Robert's father tried to steer him away from military service. Still Rob chose to attend the Air Force Academy where he had greater exposure to computers through ICS. Robert finds his interest lies in things that impact the physical world around us. In his work, Dragos focuses on identifying what people are doing bad and helping people understand how to defend against that. Rob describes the possibility of...
Essential tools with critical security challenges. [Research Saturday]
Snir Ben Shimol from ZEST Security on their work, "How we hacked a cloud production environment by exploiting Terraform providers." In this blog, ZEST discusses the security risks associated with Terraform providers, particularly those from community sources.
The research highlights the importance of carefully vetting providers, regular scanning, and following best practices like version pinning to mitigate potential vulnerabilities in cloud infrastructure management.
The research can be found here:
The hidden risks of Terraform providers
Learn more about your ad choices. Visit megaphone.fm/adchoices
Demo-lition derby: iVerify and Google clash over pixel app pitfalls.
Google and iVerify clash over the security implications of an Android app. CISA has issued a warning about a critical vulnerability in SolarWinds Web Help Desk. Ransomware attacks targeting industrial sectors surge. Microsoft is rolling out mandatory MFA for Azure. Banshee Stealer is a new macOS-targeted malware developed by Russian threat actors. A popular flight tracking website exposes users personal and professional information. San Francisco goes after websites generating deepfake nudes. Daniel Blackford, Director of Threat Research at Proofpoint, joins us to discuss emerging tactics used by threat actors and trends in e-crime tied to nation states. Scammers Use Google...
Weeding out 'worms' for Window's users.
Microsoft urges users to patch a critical TCP/IP remote code execution vulnerability. Texas sues GM over the privacy of location and driving data. Google says Irans APT42 is responsible for recent phishing attacks targeting presidential campaigns. Doppelgnger struggles to sustain its operations. Sophos X-Ops examines the Mad Liberator extortion gang. Fortra researchers document a potential Blue Screen of Death vulnerability on Windows. Chinas Green Cicada Network creates over 5,000 AI-controlled inauthentic X(Twitter) accounts. Kim Dotcom is being extradited to the United States. Our guest is Rui Ribeiro, CEO at JScrambler, to discuss how the extensive use of first and third-party...
A health bots security slip-up.
Researchers at Tenable uncovered severe vulnerabilities in Microsofts Azure Health Bot Service. Scammers use deepfakes on Facebook and Instagram. Foreign influence operations target the Harris presidential campaign. An Idaho not-for-profit healthcare provider discloses a data breach. Research reveals a troubling trend of delayed and non-disclosure of ransomware attacks by organizations. Patch Tuesday roundup. Palo Alto Networks Unit 42 revealed a significant security risk in open-source GitHub projects. Enzo Biochem will pay $4.5 million to settle charges of inadequate security protocols. Our guest is Stephanie Schneider, Cyber Threat Intelligence Analyst at LastPass, joins us to discuss the ongoing Snowflake account attacks...
From dispossessor to disposed.
The FBI is the repossessor of Dispossessor. The NCA collars and extradites a notorious cybercriminal. A German company loses sixty million dollars to business email compromise. DeathGrip is a new Ransomware-as-a-Service (RaaS) platform. Russia blocks access to Signal. NIST publishes post-quantum cryptography standards. DARPA awards $14 million to teams competing in the AI Cyber Challenge. On our Solution Spotlight, N2K President Simone Petrella talks with Lee Parrish, CISO of Newell Brands, about his book "The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security". AI generates impossible code - for knitters and crocheters. Miss an episode? Sign-up for...
Solution Spotlight: Simone Petrella talking with Lee Parrish, CISO of Newell Brands, about his book and security relationship management. [Special Edition]
On this Solution Spotlight, guest Lee Parrish, author and CISO at Newell Brands, joins N2KPresidentSimone Petrella to discuss his book "The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security" and security relationship management.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Confidential or compromised?
The Trump campaign claims its email systems were breached by Iranian hackers. A Nashville man is arrested as part of an alleged North Korean IT worker hiring scam. At Defcon, researchers reveal significant vulnerabilities in Googles Quick Share. Ransomware attacks hit an Australian gold mining company as well as multiple U.S. local governments. GPS spoofing is a matter of time. Cisco readies another round of layoffs. Nearly 2.7 billion records of personal information for people in the United States have been shared on a hacking forum. Our own Rick Howard speaks with Mark Ryland, Director of Amazon Security, about formal...
What does materiality mean exactly?
Rick Howard, N2K CyberWires Chief Analyst and Senior Fellow, discusses the meaning of cybersecurity materiality. References: Amy Howe, 2024. Supreme Court strikes down Chevron, curtailing power of federal agencies [Blog] Cydney Posner, 2023. SEC Adopts Final Rules on Cybersecurity Disclosure [Explainer]. The Harvard Law School Forum on Corporate Governance. Cynthia Brumfield, 2022. 5 years after NotPetya: Lessons learned Analysis]. CSO Online. Eleanor Dallaway, 2023. Closed for Business: The Organisations That Suffered Fatal Cyber Attacks that Shut Their Doors For Good [News]. Assured. Gary Cohen, 2021. Throwback Attack: Chinese hackers steal plans for the F-35 fighter in a supply chain heist...
Andrea Little Limbago: Look at the intersection of the of humans and technology. [Social Science]
Enjoy this special encore episode: Computational Social Scientist Andrea Little Limbago shares her journey as a social scientist in cybersecurity. Andrea laments that she wishes she'd known there is no straight line between what you think you want to do and then where you end up going. Beginning her career in international relations and courted by the Department of Defense's Joint Warfare Analysis Center while teaching at New York University, Andrea began her work in cybersecurity. Her team was one of the first to start thinking about the intersection of cybersecurity and geopolitics and quantitative modeling. Andrea reminds us there...
Prompts gone rogue. [Research Saturday]
Shachar Menashe, Senior Director of Security Research at JFrog, is talking about "When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI." A security vulnerability in the Vanna.AI tool, called CVE-2024-5565, allows hackers to exploit large language models (LLMs) by manipulating user input to execute malicious code, a method known as prompt injection.
This poses a significant risk when LLMs are connected to critical functions, highlighting the need for stronger security measures.
The research can be found here:
When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI
Learn more about your ad choices. Visit megaphone.fm/adchoices
The 18-year stowaway.
Deep firmware vulnerabilities affect chips from AMD. CISA warns of actively exploited Cisco devices. Solar inverters are found vulnerable to disruption. Iran steps up efforts to interfere with U.S. elections. The UN passes its first global cybercrime treaty. ADT confirms a data breach. A longstanding browser flaw is finally fixed. Crash reports help unlock the truth. Rob Boyce of Accenture shares his thoughts live from Las Vegas at the Black Hat conference. These scammers messed with the wrong guy. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure to...
Cybersecurity leaders gear up for the ultimate test.
Black Hat kicks off with reassurances from global cyber allies. Researchers highlight vulnerabilities in car head units, AWS and 5G basebands. Alleged dark web forum leaders are charged in federal court. Tens of thousands of ICS devices are vulnerable to weak automation protocols. Kimsuky targets universities for espionage. Ransomware claims the life of a calf and its mother. A look at job risk in the face of AI. In our Threat Vector segment, host David Moulton speaks with Nir Zuk, Founder and CTO of Palo Alto Networks, about the future of cybersecurity. An alleged cybercrime rapper sees his Benjamins seized....
When updates attack.
Crowdstrike releases a postmortem. LoanDepot puts a multimillion dollar price tag on their ransomware incident. RHADAMANTHYS info stealer targets Israelis. Zola ransomware is an advanced evolution of the Proton family. Firefox fixes several high-severity vulnerabilities. Researchers at Certitude uncover a vulnerability in Microsoft 365s anti-phishing measures. Threat actors exploit legitimate anti-virus software for malicious purposes. Samsungs new bug bounty program offers rewards up to a million dollars. Guest Adam Marr, CISO at Arctic Wolf, joining us to share his observations on the ground at Black Hat USA 2024. Ransomware gangs turn the screws and keep up with the times. Miss...
Cyberattack calls for an early dismissal.
Thousands of education sector devices have been maliciously wiped after an attack on a UK MDM firm. A perceived design flaw in Microsoft Authenticator leaves users locked out of accounts. SharpRino charges ahead to deploy ransomware. North Koreas Stressed Pungsan provides initial access points for malware distribution. Magniber ransomware targets home users and SMBs. Google patches an Android zero-day. A new Senate bill aims to treat ransomware as terrorism. Microsoft ties security to employee compensation. Guest Kim Kischel, Director of Cybersecurity Product Marketing at Microsoft, discusses how AI is impacting the unified security operations center. A victim of business email...
TikTok in the hot seat...again.
The justice department sues TikTok over alleged violations of childrens online privacy laws. Bad blood between Crowdstrike and Delta Airlines. The UK once again delays upgrades to their cybercrime reporting center. Apache OFBiz users are urged to patch a critical vulnerability. SLUBStick is a newly discovered Linux Kernel attack. CISA releases a handy guide to help software suppliers manage security risk. StormBamboo poisons DNS queries to deliver targeted malware. The White House looks to help close the cybersecurity skills gap with $15 million in scholarships. Our guest US Congressional candidate from Oklahoma, Madison Horn, speaking with my Caveat co host...
Cybersecurity is radically asymmetrically distributed.
Rick Howard, N2K CyberWiresChief Analyst and Senior Fellow, discusses the idea that Cybersecurity is radically asymmetrically distributed. It means that cybersecurity risk is not the same for all verticals and knowing that may impact the first principle strategies you choose to protect your enterprise. For a complete reading list and even more information, check out Ricks more detailed essay on the topic. References: Andr Munro, 2024. Liberal democracy [Explainer]. Encyclopedia Britannica. David Weedmark, 2017. Why do some states require emissions testing? [Explainer]. Autoblog. Kara Rogers, 2020. What Is a Superspreader Event? [Explainer]. Encyclopedia Britannica. Lara Salahi, 2021. 1 Year Later:...
Ron Brash: Problem fixer in critical infrastructure. [OT] [Career Notes]
Director of Cyber Security Insights at Verve Industrial aka self-proclaimed industrial cybersecurity geek Ron Brash shares his journey through theindustrial cybersecurity space. From taking his parents 286s and 386s to task to working for the "OG of industrial cybersecurity," Ron has pushed limits. Starting off in technical testing, racing through university at 2x speed, and taking a detour through neuroscience with machine learning, Ron decided to return to critical infrastructure working with devices that keep the lights on and the water flowing. Ron hopes his work makes an impact and his life is memorable for those he cares about.We thank...
Spinning the web of tangled tactics. [Research Saturday]
This week, we are joined by Jason Baker, Senior Threat Consultant at GuidePoint Security, and he is discussing their work on "Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider." In early 2024, a current RansomHub RaaS affiliate was identified as a former Alphv/Black Cat affiliate and is believed to be linked to the Scattered Spider group, known for using overlapping tools, tactics, and victims. The high-confidence assessment by GuidePoints DFIR and GRIT teams is supported by the consistent use of tools like ngrok and Tailscale, social engineering tactics, and systematic playbooks in intrusions. The research can...
A high-stakes swap.
Notorious Russian cybercriminals head home after an historic prisoner exchange. An Israeli hacktivist group claims responsibility for a cyberattack that disrupted internet access in Iran. The U.S. Copyright Office calls for federal legislation to combat deep fakes. Cybercriminals are using a Cloudflare testing service for malware campaigns. The GAO instructs the EPA to address rising cyber threats to water and wastewater systems. Claroty reports a vulnerability in Rockwell Automations ControlLogix devices. Apple has open-sourced its homomorphic encryption (HE) library. CISA warns of a high severity vulnerability in Avtech Security cameras, and the agency appoints its first Chief AI Officer. We...
Ransomware strikes a nerve.
The U.S. blood supply is under pressure from a ransomware attack. CrowdStrike shareholders sue the company. Theres a critical vulnerability in Bitdefenders GravityZone Update Server. BingoMod RAT targets Android users. Hackers use Google Ads to trick users into a fake Google Authenticator app. Western Sydney University confirms a major data breach. Marylands leads the way in gift card scam prevention. NSA is all-in on AI. My guest is David Moulton, host of Palo Alto Networks' podcast Threat Vector. Attention marketers: AI isnt the buzzword you think it is. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and...
When DDoS and defense collide.
A global Microsoft outage takes down Outlook and Minecraft. The US Senate passes The Kids Online Safety and Privacy Act. Lame Duck domain names are targets for takeovers. A GeoServer vulnerability exposes thousands to remote code execution. China proposes a national internet ID. Email attacks surge dramatically in 2024. Columbus Ohio thwarts a ransomware attack. When it comes to invading your privacy, the Paris 2024 Olympics app goes for the gold. Our guest is Rakesh Nair, Senior Vice President of Engineering and Product at Devo, discussing the issues that security teams face when dealing with data control and data orchestration....
Breaking Bad (records).
ZScaler uncovers the largest ransomware payment to date. IBM says the average cost of a breach is closing in on five million dollars. Hackers exploited Proofpoint's email protection platform to send millions of phishing emails. NIST launches Dioptra to test ML models. AcidPour targets Linux data storage devices for wiping. WhatsApp for Windows allows Python to run wild. The White House releases the National Standards Strategy for Critical and Emerging Technology (USG NSSCET) Implementation Roadmap. A bipartisan Senate bill aims to fund cybersecurity apprenticeships. CISA adds three exploits to its vulnerability catalog. Ben Yelin joins us today to discuss a...
Are North Korean hackers going 'Seoul' searching?
South Korea investigates a substantial leak of military intelligence to the north. Google fixes a Workspace authentication weakness. Wiz identifies an API authentication vulnerability in Selenium Grid. The UKs Science Secretary warns Britain is highly vulnerable to cyber threats. Global shipping faces a surge in cyber attacks. Apple has resolved the iCloud Private Relay outage. Google Chrome offers to scan encrypted archives for malware. Barath Raghavan and Bruce Schneier examine the brittleness of modern IT infrastructure. Guest Brian Gumbel, President and COO at Dataminr, joins us to discuss the convergence of cyber-physical realms. Rick Howard previews his latest CSO Perspectives...
The current state of the zero trust.
Rick Howard, N2K CyberWires Chief Analyst and Senior Fellow, discusses the current state of zero trust with CyberWire Hash Table guest John Kindervag, the originator of the zero trust idea. References: Jonathan Jones, 2011. Six Honest Serving Men by Rudyard Kipling [Video]. YouTube. Dave Bittner, Rick Howard, John Kindervag, Kapil Raina, 2021. Zeroing in on zero trust. [Podcast]. CyberWire-X Podcast - N2K Cyberwire. Dawn Cappelli, Andrew Moore, Randall Trzeciak, 2012. The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) [Book]. SEI Series in Software Engineering). Goodreads. Rick Howard, 2023. Cybersecurity...
Encore: Camille Stewart: Technology becomes more of an equalizer. [Legal] [Career Notes]
Cybersecurity attorney Camille Stewart shares how her childhood affinity for making contracts pointed to her eventual career as an attorney. Having a computer scientist father contributed to Camille's technical acumen and desire to include technology in her life's work. Camille has worked various facets of cybersecurity law from the private sector, federal government, on the Hill and in the Executive Branch, and now as part of Big Tech as Head of Security Policy and Election Integrity for Google Play and Android where she creates policy geared towards making sure users are safe on their platform and equipped to make informed...
Streamlining the US Navy's innovation process: A conversation with Acting CTO Justin Fanelli. [Special Edition]
N2KsBrandon Karpfspeaks with guestJustin Fanelli, Acting CTO of theUS Navy, about the US Navy streamlining the innovation process. For some background, you can refer to thisarticle.
Additional resources:
PEO Digital Innovation Adoption Kit
Atlantic CouncilsCommission on Defense Innovation Adoption
For industry looking to engage with PEO Digital:Industry Engagement
Learn more about your ad choices. Visit megaphone.fm/adchoices
The Black Basta ransomware riddle. [Research Saturday]
Dick O'Brien from Symantec Threat Hunter team is talking about their work on "Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day." Also going to provide some background/history on Black Basta. CVE-2024-26169 in the Windows Error Reporting Service, patched on March 12, 2024, allowed privilege escalation.
Despite initial claims of no active exploitation, recent analysis indicates it may have been exploited as a zero-day before the patch.
The research can be found here:
Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day
Learn more about your ad choices. Visit megaphone.fm/adchoices
FBI and DOJ thwart North Korean cyber scheme.
A North Korean hacker is indicted for major cyberattacks. CrowdStrikes in recovery mode. Phishing thrives in the wake of BSOD chaos. Wiz spells out no to Alphabet's $23bn offer. France goes full clean-up. Israel's secret shield in spyware saga. KOSA and COPPA 2.0 promise safer surfing for kids. N2Ks CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon, about the culture of security and what it means to the CSO role. And last but not least, hacking can happen to anyone. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And...
Playing doctor with cyberattacks.
A North Korean hacking group targets healthcare, energy and finance. Leaked Leidos documents surface on the dark web. A Middle Eastern financial institution suffered a record-breaking DDoS attack. The latest tally on the fallout from the Crowdstrike outage. A cybersecurity audit of HHS reveals significant cloud security gaps. Docker patches a critical vulnerability for the second time. Google announced enhanced protections for Chrome users. In our latest Threat Vector segment, David Moulton speaks with Sama Manchanda, a Consultant at Unit 42, to explore the evolving landscape of social engineering attacks. If youre heading to Paris for the Summer Olympics, smile...
Ghost accounts haunt GitHub.
Stargazer Goblin hosts malicious code repositories on GitHub. Crowdstrike blames buggy validations checks for last weeks major incident. The Breachforums database reveals threat actor OPSEC. Windows Hello for Business (WHfB) was found vulnerable to downgrade attacks. A medical center in the U.S. Virgin Islands is hit with ransomware. Interisle analyzes the phishing landscape. The FTC orders eight companies to explain algorithmic pricing. Meta cracks down on the Nigerian Yahoo Boys. A fake IT worker gets caught in the act. My conversation with Nic Fillingham and Wendy Zenone, co-hosts of Microsoft Security's "The Bluehat Podcast. Researchers wonder if proving youre human...
Don't mess with the NCA.
UK law enforcement relieves DigitalStress. Congress summons Crowdstrikes CEO to testify. FrostyGoop malware turned off the heat in Ukraine. EvilVideo is a zero-day exploit for Telegram. Daggerfly targets Hong Kong pro-democracy activists. Google has abandoned its plan to eliminate third-party cookies. The FCC settles with Tracfone Wireless over privacy and cybersecurity lapses. Wiz says no to Google and heads toward an IPO. N2Ks Brandon Karpf speaks with guest Justin Fanelli, Acting CTO of the US Navy, about streamlining the fleets innovation process. Targets in-store AI misses the mark. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and...
CrowdStrike and Microsoft battle blue screens across the globe.
Mitigation continues on the global CrowdStrike outage. UK police arrest a suspected member of Scattered Spider. A scathing report from DHS says CISA ignored a directive to cut ties with a faulty contractor. Huntress finds SocGholish distributing AsyncRAT. Ransomware takes down the largest trial court in the U.S. A US regulator finds many major banks inadequately manage cyber risk. CISA adds three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Australian police forces combat SMS phishing attacks. Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, shares insights on the challenges of protecting the upcoming Summer Olympics....
The current state of Cyber Threat Intelligence.
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Cyber Threat Intelligence with CyberWire Hash Table guest John Hultquist, Mandiants Chief Analyst.
References:
Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads.
Josephine Wolff, October 2023. How Hackers Swindled Vegas [Explainer]. Slate.
Rick Howard, 2023. Cybersecurity First Principles Book Appendix[Book Support Page]. N2K Cyberwire.
Staff, September 2023. mWISE Conference 2023 [Conference Website]. Mandiant.
Staff, n.d. VirusTotal Submissions Page [Landing Zone]. VirusTotal.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Encore: James Hadley: Spend time on what interests you. [CEO] [Career Notes]
Founder and CEO of Immersive Labs James Hadley takes us through his career path from university to cybersecurity startup.James tells us about his first computer and how he liked to push it to its limits and then some. He joined GCHQ after college and consulted across government departments. Teaching in GCHQ's cyber summer school was where James felt a shift in his career. As a company founder, he shares that he is very driven, very fast and also very caring. James offers advice to those looking to get into the industry recommending they chase what interests them rather than certifications....
Olympic scammers go for gold. [Research Saturday]
This week, we are joined by Selena Larson, Staff Threat Researcher, Lead Intelligence Analysis and Strategy at Proofpoint, as well as host of the "Only Malware in the Building" podcast, as she is discussing their research on "Scammers Create Fraudulent Olympics Ticketing Websites." Proofpoint recently identified a fraudulent website selling fake tickets to the Paris 2024 Summer Olympics and quickly suspended the domain. This site was among many identified by the French Gendarmerie Nationale and Olympics partners, who have shut down 51 of 338 fraudulent websites, with 140 receiving formal notices from law enforcement. The research can be found here:...
Cybersecurity snow day.
A Crowdstrike update takes down IT systems worldwide. A U.S. District Court judge dismissed most charges against SolarWinds. Sophos examines the ransomware threat to the energy sector. European web hosting companies suspend Doppelgnger propaganda. An Australian digital prescription services provider confirms a ransomware attack affecting nearly 13 million. A pair of Lockbit operators plead guilty. N2Ks CSO Rick Howard speaks with AWS CISO Chris Betz about strong security cultures and AI. A look inside the worlds largest live-fire cyber-defense exercise. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure...
SSM On-Prem Flaw is a 10/10 disaster.
Cisco has identified a critical security flaw in its SSM On-prem. The world's largest recreational boat and yacht retailer reports a data breach. The UKs NHS warns of critically low blood stocks after a ransomware attack. Port Shadow enables VPN person in the middle attacks. Ivanti patches several high-severity vulnerabilities. FIN7 is advertising a security evasion tool on underground forums. Indian crypto exchange WazirX sees $230 million in assets suspiciously transferred. Wiz documents vulnerabilities in SAP AI Core. DDoS for hire team faces jail time. Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins us to discuss their...
Criminal networks crumble.
Interpol pursues West African cybercrime groups. Bassett Furniture shuts down manufacturing following a ransomware attack. A gastroenterologist group notifies patients of a data breach. An Apache HugeGraph flaw is being actively exploited. Octo Tempest updates its toolkit. Satori uncovers evil twin campaigns on Google Play. The cost of the Change Healthcare breach crosses the two billion dollar mark. Cybersecurity venture funding saw a surge last quarter. Cyber regulatory agencies face legal challenges. On our Industry Insights segment, Trevor Hilligoss, Vice President of SpyCloud Labs at SpyCloud, joins us to talk about exploring the intricate world of cybercrime enablement services. Fighting...
Squarespace's square off with hijacked domains.
Some Squarespace users see their domains hijacked. Kaspersky Lab is shutting down US operations. BackPack APKs break malware analysis tools. Hackers use 7zip files to deliver Poco RAT malware. CISAs red-teaming reveals security failings at an unnamed federal agency. Microsoft fixes an Outlook bug triggering false security alerts. Switzerland mandates open source software in the public sector. On our Industry Voices segment, N2Ks Rick Howard speaks with Alex Lawrence and Matt Stamper from Sysdig about their 555 Cloud Security Benchmark. Bellingcat sleuths pinpoint an alleged cartel member. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll...
Conspiracy theories in politics.
The assassination attempt on former President Trump sparks online disinformation. AT&T pays to have stolen data deleted. Rite Aid recovers from ransomware. A hacktivist group claims to have breached Disneys Slack. Checkmarx researchers uncover Python packages exfiltrating user data. HardBit ransomware gets upgraded with enhanced obfuscation. Threat actors can weaponize proof-of-concept (PoC) exploits in as little as 22 minutes. Google may be in the market for Wiz. Rick Howard previews his analysis of the MITRE ATT&CK framework. Blockchain sleuths follow the money. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And...
The current state of MITRE ATT&CK.
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of MITRE ATT&CK with CyberWire Hash Table guests Frank Duff, Tidal Cybers Chief Innovation Officer, Amy Robertson, MITRE Threat Intelligence Engineer and ATT&CK Engagement lead, and Rick Doten, Centenes VP of Information Security. References: Amy L. Robertson, 2024. ATT&CK 2024 Roadmap [Essay]. Medium. Blake E. Strom, Andy Applebaum, Doug P. Miller, Kathryn C. Nickels, Adam G. Pennington, Cody B. Thomas, 2018. MITRE ATT&CK: Design and Philosophy [Historical Paper]. MITRE. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of...
Encore: Malek Ben Salem: Taking those challenges. [R&D] [Career Notes]
Americas Security R&D Lead for Accenture Malek Ben Salem shares how she pivoted from her love of math and background in electrical engineering to a career in cybersecurity R&D. Malek talks about her interest in astrophysics as a young girl, and how her affinity for math and taking on challenges lead her to a degree in electrical engineering. She grew her career using math for data mining and forecasting eventually pursuing a masters and PhD in computer science where she shifted her focus to cybersecurity. Malek now develops and applies new AI techniques to solve security problems at Accenture. We...
On the prowl for mobile malware. [Research Saturday]
This week, we are joined by Asheer Malhotra and Vitor Ventura from Cisco Talos, and they are discussing "Operation Celestial Force employs mobile and desktop malware to target Indian entities." Cisco Talos revealed Operation Celestial Force, an espionage campaign by the Pakistani threat group "Cosmic Leopard," targeting Indian defense, government, and technology sectors.
Active for at least six years, the operation has recently increased its use of mobile malware and commercial spyware for surveillance.
The research can be found here:
Operation Celestial Force employs mobile and desktop malware to target Indian entities
Learn more about your ad choices. Visit megaphone.fm/adchoices
AT&T's not so LOL hack.
AT&T wireless announces a massive data breach. NATO will build a cyber defense center in Belgium. The White House outlines cybersecurity budget priorities.A popular phone spyware app suffers a major data breach.Some Linksys routers are sending user credentials in the clear. Sysdig describes Crystalray malware. A massive phishing campaign is exploiting Microsoft SharePoint servers. Germany strips Huawei and ZTE from 5G infrastructure. Our guest is Brigid Johnson, Director of AWS Identity, on the importance of identity management. The EU tells X-Twitter to clean up its act or pay the price. Miss an episode? Sign-up for our daily intelligence roundup, Daily...
Inside the crypto scam empire.
A major Pig Butchering marketplace has ties to the Cambodian ruling family. Lulu Hypermarket suffers a data breach. GitLab patches critical flaws. Palo Alto Networks addresses BlastRadius. ViperSoftX malware variants grow ever more stealthy. A New Mexico man gets seven years for SWATting. State and local government employees are increasingly lured in by phishing attacks. Hackers impersonate live chat agents from Etsy and Upwork. The GOPs official platform looks to roll back AI regulation. On todaysThreat Vector, David Moulton from Palo Alto Networks Unit 42 discusses the evolving threats of AI-generated malware with experts Rem Dudas and Bar Matalon. NATO...
Old school, new threat.
Blast-RADIUS targets a network authentication protocol. The US disrupts a Russian disinformation campaign. Anonymous messaging app NGL is slapped with fines and user restrictions. The NEA addresses AI use in classrooms. Gay Furry Hackers release data from a conservative think tank. Microsoft and Apple change course on OpenAI board seats. Australia initiates a nationwide technology security review. A Patch Tuesday rundown. Guest Jack Cable, Senior Technical Advisor at CISA, with the latest from CISA's Secure by Design Alert series. Our friend Graham Cluley ties the knot. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never...
Uniting against APT40.
The UKs NCSC highlights evolving cyberattack techniques used by Chinese state-sponsored actors.A severe cyberattack targets Frankfurt University of Applied Sciences. Russian government agencies fall under the spell of CloudSorcerer. CISA looks to Hipcheck Open Source security vulnerabilities. Avast decrypts DoNex ransomware. Neiman Marcus data breach exposes over 31 million customers. Lookout spots GuardZoo spyware. Cybersecurity funding surges. Our guest is Caroline Wong, Chief Strategy Officer at Cobalt, to discuss the state of pentesting and adapting to the impact of AI in cybersecurity. Scalpers Outsmart Ticketmasters Rotating Barcodes. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll...
The age old battle between iPhone and Android.
Microsoft is phasing out Android use for employees in China. Mastodon patches a security flaw exposing private posts. OpenAI kept a previous breach close to the vest. Nearly 10 billion passwords are leaked online. A Republican senator presses CISA for more information about a January hack. A breach of the Egyptian Health Department impacts 122,000 individuals. South Africa's National Health Laboratory Service (NHLS) suffers a ransomware attack. Eldorado is a new ransomware-as-a-service offering. CISA adds a Cisco command injection vulnerability to its Known Exploited Vulnerabilities catalog. N2Ks CSO Rick Howard catches up with AWS Vice President of Global Services Security...
Encore: Richard Clarke: From presidential inspiration to cybersecurity policy pioneer. [Policy] [Career Notes]
CEO and consultant Richard Clarke took his inspiration from President John F Kennedy and turned it into the first cybersecurity position in federal government.Determined to help change the mindset of war, Richard went to work for the Department of Defense at the Pentagon following college during the Vietnam War. From Assistant Secretary of the State Department, he moved to the White House to work for President George W. Bush's administration where he kept an eye on Al-Qaeda and was tasked to take on cybersecurity. Lacking any books or courses to give him a basic understanding of cybersecurity, Richard made it...
Encore: Welcome to New York, it's been waitin' for you. [Research Saturday]
Joshua Miller from Proofpoint joins Dave to discuss findings on "Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware." In mid May, TA453, also known as Charming Kitten, APT42, Mint Sandstorm, and Yellow Garuda, was found sending a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. The research states that "the email solicited feedback on a project called Iran in the Global Security Context and requested permission to send a draft...
Deep dive into the 2024 Incident Response Report with Unit 42's Michael "Siko" Sikorski [Threat Vector]
As our team is offline taking an extended break for the July 4th Independence Day holiday in the US, we thought you'd enjoy an episode from one of N2K Network shows, Threat Vector. This episode of Threat Vector outlines a conversation between host David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, and Michael "Siko" Sikorski, Unit 42's CTO and VP of Engineering, discussing the Unit 42's 2024 Incident Response Report. They provide insights into key cyber threats and trends, including preferred attack vectors, the escalating use of AI by threat actors, software vulnerabilities, the concept of...
Encore: The curious case of the missing IcedID. [Only Malware in the Building]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we...
The Supreme Court is bringing a judicial shakeup.
The Supreme Court overturning Chevron deference brings uncertainty to cyber regulations. Stolen credentials unmask online sex abusers. CISA updates online maritime resilience tools. Patelco Credit Union suffers a ransomware attack. Spanish and Portuguese police arrested 54 individuals involved in a vishing fraud scheme. Splunk patches critical vulnerabilities in their enterprise offerings. HHS fines a Pennsylvania-based Health System $950,000 for potential HIPAA violations related to NotPetya. CISOs look to mitigate personal risks. On the Learning Layer we reveal the long-awaited results of Joe Carrigans CISSP certification journey. Avoiding an Independence Day grill-security flare-up. Miss an episode? Sign-up for our daily intelligence...
Take a trip down regreSSHion lane.
A new OpenSSH vulnerability affects Linux systems. The Supreme Court sends social media censorship cases back to the lower courts. Chinese hackers exploit a new Cisco zero-day. HubSpot investigates unauthorized access to customer accounts. Japanese media giant Kadokawa confirmed data leaks from a ransomware attack. FakeBat is a popular malware loader. Volcano Demon is a hot new ransomware group. Google launches a KVM hypervisor bug bounty program. Johannes Ullrich from SANS Technology Institute discusses defending against API attacks. Goodnight, Sleep Tight, Dont Let the Hackers Byte! Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never...
A swift fix for a serious router bug.
Juniper issues an emergency patch for its routers. A compromised helpdesk portal sends out phishing emails. Prudential updates the victim count in their February data breach. Rapid7 finds trojanized software installers in apps from a popular developer in India. Australian authorities arrest a man for running a fake mile-high WiFi network. Florida Man's Violent Bid for Bitcoin Ends Behind Bars. N2Ks CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM). A scholarship scammer gets a one-way ticket home. Miss an episode? Sign-up for our daily intelligence...
The current state of IAM: A Rick-the-toolman episode.
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K CyberWire, discusses the current state of Identity and Access Management (IAM) with CyberWire Hash Table guests Ted Wagner, SAP National Security Services, and Cassio Sampaio Chief Product Officer for Customer Identity, at Okta. References: John Kindervag, 2010. No More Chewy Centers: Introducing The Zero Trust Model Of Information Security [White Paper]. Palo Alto Networks. Kim Key, 2024. Passkeys: What They Are and Why You Need Them ASAP [Explainer]. PCMag. Lance Whitney, 2023. No More Passwords: How to Set Up Apples Passkeys for Easy Sign-ins [Explainer]. PCMag. Rick Howard, 2022....
Encore: Carole Theriault: Constantly learning new things. [Media] [Career Notes]
Communications consultant and podcaster Carole Theriault always loved radio and through her career dabbled in many areas .She landed in a communications and podcasting role where she helps technical firms create audio and digital content. In fact, Carole is the CyberWire's UK Correspondent. She says cybersecurity is good place to go because of the many different avenues available and "you don't even have to be a tech head" (though Carole has quite a technical pedigree). Our thanks to Carole for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
APT36's cyber blitz on India. [Research Saturday]
Ismael Valenzuela, Vice President Threat Research & Intelligence, from Blackberry Threat Research and Intelligence team is discussing their work on "Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages." BlackBerry has identified Transparent Tribe (APT36), a Pakistani-based advanced persistent threat group, targeting India's government, defense, and aerospace sectors from late 2023 to April 2024, using evolving toolkits and exploiting web services like Telegram and Google Drive. Evidence such as time zone settings and spear-phishing emails with Pakistani IP addresses supports their attribution, suggesting alignment with Pakistan's interests. The research can be found here: Transparent Tribe Targets...
TeamViewer and APT29 go toe to toe.
TeamViewer tackles APT29 intrusion. Microsoft widens email breach alerts. Uncovering a malware epidemic. Google's distrust on Entrust. Safeguarding critical systems. FTC vs. MGM. Dont forget to backup your data. Polyfill's accidental expos. Our guest is Caitlyn Shim, Director of AWS Cloud Governance, and she recently joined N2Ks Rick Howard at AWS re:Inforce event. They're discussing cloud governance, the growth and development of AWS, and diversity. And a telecom titan becomes telecom terror. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a...
Solution Spotlight: Progress on the National Cyber Workforce and Education Strategy. [Special Edition]
On this Solution Spotlight, guestSeeyew Mo, Assistant National Cyber Director,Office of the National Cyber Directorat the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) withN2KPresidentSimone Petrella. Seeyew shares a progress report on theNational Cyber Workforce and Education Strategynearly one year out. For more information, you can visit the press release:National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs. The progress report Seeyew and Simone discuss can be found here:National Cyber Workforce and Education Strategy: Initial Stages of Implementation. Learn more about your ad choices....
E-commerce or E-spying?
Arkansas sues Temu over privacy issues. Polyfil returns and says they were wronged. An NYPD database was found vulnerable to manipulation. Google slays the DRAGONBRIDGE. Malwarebytes flags a new Mac stealer campaign. Patch your gas chromatographs. Microsoft warns of an AI jailbreak called Skeleton Key. CISA tracks exploited vulnerabilities in GeoServer, the Linux kernel, and Roundcube Webmail. In our 'Threat Vector' segment, host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. Metallica is not hawking metal crypto....
2024 Cyber Talent Study by N2K and WiCyS. [Special Edition]
Maria Varmazis, N2K host ofT-Minus Space Daily, talks withWiCySExecutive DirectorLynn DohmandN2K'sSimone Petrella,Dr. Heather Monthie, andJeff Welganabout the 2024 Cyber Talent Study. N2K and WiCyS have come together under a common mission to attract, retain, and advance more women in cybersecurity. Together, we strive to support women throughout theircareer journey, and secure the future of our industry. This groundbreaking report leverages skills data from the professional members of Women in CyberSecurity (WiCyS), and offers valuable insights into cybersecurity competencies within the industry. The Cyber Talent Study establishes a new benchmark for understanding the capabilities and potential of women in cybersecurity, and...
LockBit picks a brawl with banks.
LockBit drops files that may or may not be from the Federal Reserve. Progress Software patches additional flaws in MOVEit file transfer software. A popular polyfil open source library has been compromised. DHS starts staffing up its AI Corps. Legislation has been introduced to evaluate the manual operations of critical infrastructure during cyber attacks. Researchers discover a new e-skimmer targeting CMS platforms. A breach at Neiman Marchus affects nearly 65,000 people. South African health services grapple with ransomware amidst a monkeypox outbreak. Medusa is back. On the Learning Layer, Sam and Joe discuss the CISSP's CAT format and how to...
U.S. and China dance the telecom tango.
The US scrutinizes Chinese telecoms. Indonesias national datacenter is hit with ransomware. RedJulliett targets organizations in Taiwan. Researchers can tell where you are going by how fast you get there. A previously dormant botnet targeting Redis servers becomes active. Thousands of customers may have had info compromised in an attack on Levis. A new industry alliance hopes to prevent memory-based cyberattacks. Guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach with N2K President Simone Petrella. Assange agrees to a plea deal. Our 2024...
The claim heard round the world.
LockBit claims to have hit the Federal Reserve. CDK Global negotiates with BlackSuit to unlock car dealerships across the U.S. Treasury proposes a rule to restrict tech investments in China. An LA school district confirms a Snowflake related data breach. Rafel RAT hits outdated Android devices. The UKs largest plutonium stockpiler pleads guilty to criminal charges of inadequate cybersecurity. Clearview AI settles privacy violations in a deal that could exceed fifty million dollars. North Korean hackers target aerospace and defense firms. Rick Howard previews CSOP Live. Our guest is Christie Terrill, CISO at Bishop Fox, discussing how organizations can best...
Encore: Sal Aurigemma: How things work. [Education] [Career Notes]
Associate Professor of Computer Information Systems at the University of Tulsa Sal Aurigemma shares how his interest in how things worked shaped his career path in nuclear power and computers, Being introduced to computers in high school and learning about the Chernobyl event led Sal to study nuclear engineering followed by time in the Navy as a submarine officer. On the submarine, Sal had to understand how systems worked from soup to nuts and that let him back to IT. As a computer engineer, Sal spent a lot of time on network troubleshooting and was eventually introduced to cybersecurity. Following...
Piercing the through the fog. [Research Saturday]
Kerri Shafer-Page from Arctic Wolf joins us to discuss theirwork on "Lost in the Fog: A New Ransomware Threat." Starting in early May, Arctic Wolf's Incident Response team investigated Fog ransomware attacks on US education and recreation sectors, where attackers exploited compromised VPN credentials to access systems, disable Windows Defender, encrypt files, and delete backups.
Despite the uniformity in ransomware payloads and ransom notes, the organizational structure of the responsible groups remains unknown.
The research can be found here:
Lost in the Fog: A New Ransomware Threat
Learn more about your ad choices. Visit megaphone.fm/adchoices
U.S. tightens the cybersecurity belt.
Biden bans Kaspersky over security concerns. Accenture says reports of them being breached are greatly exaggerated. SneakyChef targets diplomats in Africa, the Middle East, Europe and Asia. A serious firmware flaw affects Intel CPUs. More headaches for car dealerships relying on CDK Global. CISA Alerts Over 100,000 Individuals of Potential Data Breach in Chemical Security Tool Hack. SquidLoader targets Chinese organizations through phishing. A new nonprofit aims to establish certification standards in maritime cybersecurity. A sneak peek of our latest podcast, Only Malware in the Building. Using the court system for customer support. Our 2024 N2K CyberWire Audience Survey is...
Cyberattack leaves dealerships feeling stuck in neutral.
Over 15,000 car dealerships hit the brakes after a software supplier cyber incident. The EUs Chat Control gets put on hold. A hacker leaks contact details of over 33,000 Accenture employees. A major forklift manufacturer shuts down operations in the wake of a ransomware attack. IntelBroker claims to have leaked source code from Apple. An investigation questions the ethics of AI firm Perplexity. A radiology practice notifies over half a million people of a data breach. Federal contractors pay millions in fines for inadequate cyber security during the COVID-19 pandemic. Stolen files from the Kansas City Police department are posted...
T-Minus Overview- Our Moon [T-Minus Radio Program]
Please enjoy this bonus episode from our T-Minus Space Daily team. The N2K CyberWire team is observing the Juneteenth holiday here in the US. Welcome to the T-Minus Overview Radio Show. In this program well feature some of the conversations from our daily podcast with the people who are forging the path in the new space era, from industry leaders, technology experts and pioneers, to educators, policy makers, research organizations, and more. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and youll...
Servers seized, terrorists teased.
Europol and partners shut down 13 terrorist websites. A data breach at the LA County Department of Public Health affects over two hundred thousand. The Take It Down act targets deepfake porn. The Five Eyes alliance update their strategies to protect critical infrastructure. VMware has disclosed two critical-rated vulnerabilities in vCenter Server. The alleged heads of the "Empire Market" dark web marketplace are charged in Chicago federal court. A new malware campaign tricks users into running malicious PowerShell fixes.Researchers thwart Memory Tagging Extensions in Arm chips. A major e-learning platform discloses a breach. On our Industry Voices segment, we are...
Scattered Spider hacker snagged in Spain.
Spanish authorities snag a top Scattered Spider hacker. HC3 issues an alert about PHP. WIRED chats with ShinyHunters about the breach affecting Snowflake customers. Meta delays LLM training over European privacy concerns. D-Link urges customers to upgrade routers against a factory installed backdoor. A new Linux malware uses emojis for command and control. Vermonts Governor vetoes a groundbreaking privacy bill. California fines Blackbaud millions over a 2020 data breach. Guest Patrick Joyce, Proofpoint's Global Resident CISO, sharing some key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. N2Ks CSO Rick Howard for a preview of his latest...
The current state of XDR: A Rick-the-toolman episode.
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of eXtended Detection and Response (XDR) with CyberWire Hash Table guests Rick Doten, Centenes VP of Security, and Milad Aslaner, Sentinel Ones XDR Product Manager. References: Alexandra Aguiar, 2023. Key Trends from the 2023 Hype Cycle for Security Operations [Gartner Hype Cycle Chart]. Noetic Cyber. Daniel Suarez, 2006. Daemon [Book]. Goodreads. Dave Crocker, 2020. Who Invented Email, Email History, How Email Was Invented [Websote]. LivingInternet. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010, Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion...
Encore: Rosa Smothers: Secure the planet. [Intelligence] [Career Notes]
Senior VP of Cyber Operations at KnowBe4, Rosa Smothers, talks about her career as an early cybersecurity professional in what she describes as the Wild, Wild West to her path through government intelligence work.Rosa shares how she always knew she wanted to be involved with computers and how being a big Star Trek nerd and fan particularly of Spock and Uhura helped shape her direction. Following 9/11, Rosa wanted to work for the government and pursue the bad guys and she did just that completing her bachelor's degree and starting in the Defense Intelligence Agency as a cyber threat analyst...
Exploring the mechanics of Infostealer malware. [Research Saturday]
This week, we are joined by a Security Researcher from SpyCloud Labs, James, who is discussing their work on "Unpacking Infostealer Malware: What weve learned from reverse engineering LummaC2 and Atomic macOS Stealer." Infostealer malware has become highly prevalent, with SpyCloud tracking over 50 families and finding that 1 in 5 digital identities are at risk. This research analyzes the workings and intentions behind infostealers like LummaC2 and Atomic macOS Stealer, focusing on the types of data extracted and the broader security implications. The research can be found here: Reversing LummaC2 4.0: Updates, Bug Fixes Reversing Atomic macOS Stealer: Binaries,...
A hacking keeps you humble.
Microsofts President admits security failures in congressional testimony. Paul Nakasone joins OpenAIs board. The feds hold their first AI tabletop exercise. CISA reports on the integration of space-based infrastructure. Cleveland city hall remains closed after a cyber attack. Truist commercial bank confirms a data breach. Rockwell Automation patches three high-severity vulnerabilities. University of Illinois researchers develop autonomous AI hacking agents. Arynn Crow, Sr Manager of AWS User Authentication Products, talks with N2Ks Brandon Karpf about security through MFA and FIDO Alliance passkeys, and her work on the Digital Identity Advancement Foundation. Can an AI run for mayor? Our 2024 N2K...
Whistleblower warns of profit over protection.
A whistleblower claims that Microsoft prioritized profit over security. U.S. warnings of global election interference continue to rise. Cyber insurance claims hit record levels. Location tracking firm Tile suffers a data breach. A new phishing kit creates Progressive Web Apps. Questioning the governments cyber silence. On todays Threat Vector segment, host David Moulton, Director of Thought Leadership at Unit 42, is joined by Data Privacy Attorney Daniel Rosenzweig. Together, they unravel the complexities of aligning data privacy and cybersecurity laws with technological advancements. AI powered cheating lands one student in hot water. Our 2024 N2K CyberWire Audience Survey is underway,...
COATHANGER isnt hanging up just quite yet.
Dutch military intelligence warns of the Chinese Coathanger RAT. Pure Storage joins the growing list of Snowflake victims. JetBrains patches a GitHub IDE vulnerability. A data broker hits the brakes on selling driver location data. Flaws in VLC Media player allow remote code execution. Patch Tuesday updates. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey, taking on Domain 8, Software Development Security. Farewell, computer engineering legend Lynn Conway. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100...
Hijacking your heritage.
23andMes looming bankruptcy could pause class-action privacy lawsuits. The FCC focuses on BGP. The White House looks to big tech to help secure rural hospitals. Cylance confirms a data breach. Arm warns of GPU kernel driver vulnerabilities. The world's largest law firm faces class action over the MOVEit hack. SAP releases high priority patches. Apple redefines AI - literally - and offers up Private Cloud Compute at their developers conference. Guest Chris Novak, Senior Director of Cyber Security Consulting at Verizon, shares highlights and key takeaways of their recently published 2024 Data Breach Investigations Report (DBIR). Share your love but...
Rethinking recalls.
Microsoft makes Recall opt-in. The Senate holds hearings on federal cybersecurity standards. Snowflakes scrutiny snowballs. New York Times source code is leaked online. Ransomware leads to British hospitals' desperate need for blood donors. Cisco Talos finds 15 serious vulnerabilities in PLCs. Sticky Werewolf targets Russia and Belarus. Frontier Communications warns 750,000 customers of a data breach. Chinese nationals get prison time in Zambia for cybercrimes. N2Ks CSO Rick Howard speaks with Danielle Ruderman, Security GTM Leader, AWS about what keeps CISOs up at night. DIY cell towers can land you in hot water. Our 2024 N2K CyberWire Audience Survey is...
Encore: Geoff White: Suddenly all of the pieces start to line up. [Journalism] [Career Notes]
Investigative journalist and author Geoff Whitetalks about tracing a line through the dots of his career covering technology. Geoff shares that he has always been "quite geeky," but came to covering technology after several roles in the journalism industry. Newspapers, magazines and television were all media Geoff worked in before covering technology. Geoff got into journalism not due to the glamour sometimes associated with it, but because he wanted to fight for the public to cover stories that helped those who didn't have massive amounts of money, power or a huge lobbying campaign in political circles. When writing his book,...
Riding the hype for new Arc browser. [Rsearch Saturday]
Jrme Segura, Senior Director of Threat Intelligence at Malwarebytes, is discussing their work on "Threat actors ride the hype for newly released Arc browser." The Arc browser, newly released for Windows, has quickly garnered positive reviews but has also attracted cybercriminals who are using deceptive Google search ads to distribute malware disguised as the browser. These malicious campaigns exploit the hype around Arc, using techniques like embedding malware in image files and utilizing the MEGA cloud platform for command and control, highlighting the need for caution with sponsored search results and the effectiveness of Endpoint Detection and Response (EDR) systems....
A snapshot of security woes.
Microsoft's recall raises red flags. Ukraine's CERT sounds alarm. Russian hacktivists cause trouble in EU elections. DEVCORE uncovers critical code execution flaw. LastPass leaves users locked out. Apple commits to five years of iPhone security. An AI mail fail. Inside the FCC's plan to strengthen BGP protocol. Dave sits down with our guest Camille Stewart Gloster, Former Deputy National Cyber Director at the White House, as she shares a retrospective of her public service career. And lets all Cheers to cybersecurity. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a...
CISA's calls for a JCDC makeover.
CSAC recommends key changes to the Joint Cyber Defense Collaborative. Cloud vendor Snowflake says single-factor authentication is to blame in their recent breach. Publishers sue Google over pirated ebooks. The FBI shares LockBit decryption keys. V3B is a phishing as a service campaign targeting banking customers. Commando Cat targets Docker servers to deploy crypto miners. Our guest is Danny Allan, Snyk's CTO, discussing how in the rush to implement GenAI, some companies are bypassing best practices and security policies. Club Penguin fans stumble upon a cache of secrets in the house of mouse. Our 2024 N2K CyberWire Audience Survey is...
Opening up on hidden secrets.
OpenAI insiders describe a culture of recklessness and secrecy. Concerns over Ugandas biometric ID system. Sophos uncovers a Chinese cyberespionage operation called Crimson Palace. Poland aims to sure up cyber defenses against Russia. Zyxel warns of critical vulnerabilities in legacy NAS products. Arctic Wolf tracks an amateurish ransomware variant named Fog. A TikTok zero-day targets high profile accounts. Cisco patches a Webex vulnerability that exposed German government meetings. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey, diving into Domain 7, Security Operations. A Canadian data breach leads to...
Ransomware hit causes pathology paralysis.
Ransomware disrupts London hospitals. Researchers discover serious vulnerabilities in Progress' Telerik Report Server and Atlassian Confluence Data Center and Server. Over three million people are affected by a breach at a debt collection agency. A report finds Rural hospitals vulnerable to ransomware. An Australian mining firm finds some of its data on the Dark Web. Google patches 37 Android vulnerabilities. Russian threat actors target the Summer Olympics in Paris. On our Industry Voices segment, we are joined by Sandy Bird, CTO at Sonrai. Sandy discusses the risks of unused identity infrastructure. The Amazon rainforest goes online. Our 2024 N2K CyberWire...
Things arent looking so Shiny(Hunters) at cloud provider Snowflake.
Signs point to a major cybersecurity event at cloud provider Snowflake. Hugging Face discloses "unauthorized access" to its Spaces platform. Australian legislation seeks jail time for deepfake porn. CISA adds two vulnerabilities to the KEV catalog. Spanish police investigate a potential breach of drivers license info. NSA shares mobile device best practices. Everbridge crisis management software company reports a data breach. N2Ks CSO, Chief Analyst, and Senior Fellow, Rick Howard joins us to preview CSO Perspectives Season 14 which launches today! Google tries to explain those weird AI search results. Our 2024 N2K CyberWire Audience Survey is underway, make your...
Solution Spotlight on the 2024 NICE Conference Keynote: A Journey with No Destination: A CISOs Pathway to a Cybersecurity Career. [Special Edition]
As part of our series on the 2024 NICE Conference, we turn our focus to the one of the keynote speakers of the conference. This years conference theme Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap highlights the collective effort to strengthen the cybersecurity landscape. By joining forces with key partners, we can foster a more robust cybersecurity ecosystem to bridge the workforce gap. In her keynote coming up on Tuesday, June 4th, Deneen DeFiore, Chief Information Security Officer of United Airlines, will discuss "A Journey with No Destination: A CISOs Pathway to a Cybersecurity Career." Prior to...
SolarWinds and the SEC.
Rick Howard, N2Ks CSO and The CyberWires Chief Analyst and Senior Fellow, presents the argument for why the SEC was misguided when it charged the SolarWinds CISO, Tim Brown, with fraud the after the Russian SVR compromised the SolarWinds flagship product, Orion. Our guests are, Steve Winterfeld, Akamais Advisory CISO, and Ted Wagner, SAP National Security Services CISO. References: Andrew Goldstein, Josef Ansorge, Matt Nguyen, Robert Deniston, 2024. Fatal Flaws in SECs Amended Complaint Against SolarWinds [Analysis]. Crime & Corruption. Anna-Louise Jackson, 2023. Earnings Reports: What Do Quarterly Earnings Tell You? [Explainer]. Forbes. Brian Koppelman, David Levien, Andrew Ross Sorkin,...
Solution Spotlight on the 2024 NICE Conference: Business Roundtable.
As part of our series on the 2024 NICE Conference, we turn our focus to the Business Roundtable. This years conference theme Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap highlights the collective effort to strengthen the cybersecurity landscape. By joining forces with key partners, we can foster a more robust cybersecurity ecosystem to bridge the workforce gap.Business Roundtable is an association of chief executive officers of Americas leading companies working to promote a thriving U.S. economy and expanded opportunity for all Americans through sound public policy. The Business Roundtable launched its Cybersecurity Workforce Corporate Initiative in December...
1700 IPs and counting. [Research Saturday]
Amit Malik, Director of Threat Research at Uptycs, is sharing their work on "New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware." The Uptycs Threat Research Team has discovered a large-scale Log4j campaign involving over 1700 IPs, aiming to deploy XMRig cryptominer malware. This ongoing operation was initially detected through the team's honeypot collection, prompting an in-depth analysis of the campaign. The research says "The JNDI plugin is particularly useful to attackers because it allows them not only to fetch the values of environment variables in the target system but also to freely define the...
Encore: Diane M. Janosek: It's only together that we are going to rise. [Education] [Career Notes]
Commandant for the National Security Agency's National Cryptologic School Diane M. Janosek shares the story of her career going global Diane explains how she's always been drawn to doing things that could help and raise the nation. From a position as a law clerk during law school, to the role of a judicial clerk, and joining the White House Counsel's office, Diane was exposed to many things and felt she experienced the full circle. Moving on to the Pentagon and finally, the NSA, Diane transitioned into her current role where she orchestrates the educational environment for military and civilian cyber...
New cybersecurity bill aims to untangle federal regulations.
Draft legislation looks to streamline federal cybersecurity regulations. Clarity.fm exposed personal information of business leaders and celebrities. Researchers find european politicians personal info for sale on the dark web. The BBCs pension scheme suffers a breach. OpenAI disrupts covert influence operations making use of their platform. Hackers brick over 600,000 routers. Cracked copies of Microsoft office deliver a malware mix. A senator calls for accountability in the Change Healthcare ransomware attack. On our Industry Voices segment, we hear from SpyClouds Chip Witt, on navigating the threat of digital identity exposure. Florida man becomes Moscows fake-news puppet. Our 2024 N2K CyberWire...
Operation Endgame: Hackers' hideouts exposed.
Operation Endgame takes down malware operations around the globe. A major botnet operator is arrested. Ticketmasters massive data breach is confirmed, and so is Googles SEO algorithm leak. Journalists and activists in Europe were targeted with Pegasus spyware. Okta warns users of credential stuffing attacks. NIST hopes to clear out the NVD backlog. On our Threat Vector segment, host David Moulton speaks with Greg Jones, Chief Information Security Officer at Xavier University of Louisiana. Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, joins us to discuss software security. LightSpy surveillance malware comes to macOS. ChatGPT briefly gets a god...
Alleged leaked files expose a dirty secret.
An alleged leak of Googles search algorithm contradicts the companys public statements. German researchers discover a critical vulnerability in a TP-Link router. Breachforums is backmaybe. The Seattle Public Library suffers a ransomware attack. A Georgia man gets ten years for money laundering and romance scams, and the Treasury department sanctions a group of botnet operators. 44,000 individuals are affected by the breach of a major U.S. title insurance company. Microsoft describes North Koreas Moonstone Sleet. Advocating for a more architectural approach to cybersecurity. Maria Varmazis speaks with WiCyS Executive Director Lynn Dohm and a panel of N2K experts about the...
FBI untangles the web that is Scattered Spider.
The FBI untangles Scattered Spider. The RansomHub group puts a deadline on Christies. Prescription services warn customers of data breaches. Personal data from public sector workers in India is leaked online. Check Point says check your VPNs. The Internet Archive suffers DDoS attacks. A Minesweeper clone installs malicious scripts. N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guest Carrie Hernandez Marshall, CEO and Co-Founder from Rebel Space Technologies, about the need to extend cybersecurity into space. If you cant beat em, troll em. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in...
Memorial Day special.
Rick Howard, N2K CyberWires Chief Analyst, CSO, and Senior Fellow, commemorates Memorial Day. References: Abraham Lincoln, 1863. The Gettysburg Address [Speech]. Abraham Lincoln Online. Amanda Onion, Original 2009, Updated 2023. Memorial Day 2022: Facts, Meaning & Traditions [Essay]. HISTORY. Brent Hugh, 2021. A Brief History of John Browns Body [Essay]. Digital History. Bob Zeller, 2022. How Many Died in the American Civil War? [Essay]. HISTORY. General George Marshall, 2014. President Lincolns Letter to Mrs Bixby [Movie Clip - Saving Private Ryan]. YouTube. JOHN LOGAN, 1868. Logans Order Mandating Memorial Day [Order]. John A. Logan College. John Williams, Chicago Symphony Orchestra,...
Encore: Richard Torres: Getting that level of experience is going to be crucial. [Security Operations] [Career Notes]
Director of security operations at Syntax Richard Torres talks about his path leading him working in juvenile justice to becoming a private investigator to physical security at a nuclear power plant to cybersecurity presently.Always a fan of police shows, Richard became a member of the Air Force Junior ROTC in high school and began his path there. Richard shares the challenges of working in several facets of the security industry including his transition from SWAT team member to cybersecurity. He notes the role that diplomacy plays when you're trying to get honesty and be steered in the right direction. Our...
International effort dismantles LockBit. [Research Saturday]
Jon DiMaggio, a Chief Security Strategist at Analyst1, is sharing his work on "Ransomware Diaries Volume 5: Unmasking LockBit." On February 19, 2024, the National Crime Agency (NCA), a UK sovereign law enforcement agency, in collaboration with the FBI, Europol, and nine other countries under "Operation Cronos," disrupted the LockBit ransomware gangs data leak site used for shaming, extorting, and leaking victim data. The NCA greeted visitors to LockBits dark web leak site with a seizure banner, revealing they had been controlling LockBits infrastructure for some time, collecting information, acquiring victim decryption keys, and even compromising the new ransomware payload...
Cybercriminals target London drugs.
LockBit drops 300 gigabytes of data from London Drugs. Video software used in courtrooms worldwide contains a backdoor. Google patches another Chrome zero-day. The EU seeks collaboration between research universities and intelligence agencies. Atlas Lion targets retailers with gift card scams. Researchers explore an Apple reappearing photo bug. Hackers access a Japanese solar power grid. Congress floats a bill to enhance cyber workforce diversity. Ben Yelin joins us with a groundbreaking legal case involving AI generated CSAM. Whistling past the expired domain graveyard. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running...
Checkmate at check in.
Spyware is discovered on U.S. hotel check in systems. A Microsoft outage affects multiple services. Bitdefender uncovers Unfading Sea Haze. University of Maryland researchers find flaws in Apples Wi-Fi positioning system. Scotlands NRS reveals a sensitive data leak. Rapid7 tracks the rise in zero-day exploits and mass compromise events. The SEC hits the operator of the New York Stock Exchange with a ten million dollar fine. Operation Diplomatic Specter targets political entities in the Middle East, Africa, and Asia. The FCC considers AI disclosure rules for political ads. N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guests Brianna...
Privacy nightmare or useful tool?
Some say Microsofts Recall should be. A breach of a Texas healthcare provided affects over four hundred thousand. Police in the Philippines shut down services following a breach. Ivanti patches multiple products. GitHub fixes a critical authentication bypass vulnerability. Researchers discover critical vulnerabilities in Honeywells ControlEdge Unit Operations Controller. The DoD releases their Cybersecurity Reciprocity Playbook. Hackers leak a database with millions of Americans criminal records. Mastercard speeds fraud detection with AI. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey, diving into Domain 5: Identity and Access Management....
The secrets of a dark web drug lord.
The alleged operator of Incognito Market is collared at JFK. The UK plans new ransomware reporting regulations. Time to update your JavaScript PDF library. CISA adds a healthcare interface engine to its Known Exploited Vulnerabilities (KEV) catalog. HHS launches a fifty million dollar program to help secure hospitals. A Fluent Bit vulnerability impacts major cloud platforms. The EPA issues a cybersecurity alert for drinking water systems. BiBi Wiper grows more aggressive. Siren is a new threat intelligence platform for open source software. On our Industry Voices segment, guest Amit Sinha, CEO of DigiCert, joins N2Ks Rick Howard to discuss Innovation:...
Double key encryption debate.
Germanys BSI sues Microsoft for more information on recent security incidents. Julian Assange can appeal his U.S. extradition. AI chatbots may have itchy trigger fingers. CISA warns of vulnerabilities affecting Google Chrome and D-Link routers. Ham Radios association suffers a data breach. New underground marketplaces pop up to replace BreachForums. An updated banking trojan targets users in Central and South America. Cybercoms founders share its origin story. Examining gender bias in open source software contributors. For our Industry Voices segment, guest Chris Pierson, CEO at BlackCloak, met up with N2Ks Brandon Karpf at the 2024 RSA Conference to discuss personal...
Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy] [Career Notes]
Cyber Initiative and Special Projects Fellow at the Hewlett Foundation Monica Ruiz shares her career development from aspirations of being a weather woman to her current role as a grantmaker and connector in cybersecurity.Monica discusses how her international study experience changed her outlook and brought her to the field of security. She shares the difficulties she faced as a woman of color when when not that many people look like you, and how she used that as her reason to move forward and better the cybersecurity field through her work. Our thanks to Monica for sharing her story with us....
From secret images to encryption keys. [Research Saturday]
This week, we are joined by Hosein Yavarzadeh from the University of California San Diego, as he is discussing his work on "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor" This paper introduces new methods that let attackers read from and write to specific parts of high-performance CPUs, such as the path history register (PHR) and prediction history tables (PHTs). These methods allow two main types of attacks. One can reveal a program's control flow history, as shown by recovering a secret image through the libjpeg routines. The other enables detailed transient attacks, demonstrated by extracting an AES encryption...
10 years on: The 10th anniversary of the first indictment of Chinese PLA actors. [Special Edition]
On this Special Edition podcast, Dave Bittner speaks with guest Dave Hickton, Founding Director, Institute for Cyber Law, Policy, and Security at the University of Pittsburgh, and former US Attorney, on this 10th Anniversary of the first indictment of Chinese PLA actors. Hear directly from Mr. Hickton what lead to the indictment, the emotions that went along with this unprecedented action, and the legacy of the event. On May 19, 2014, a grand jury in the Western District of Pennsylvania (WDPA) indicted five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American victims in...
MediSecure data breach hits Aussie healthcare.
Australia warns of a large-scale ransomware data breach. The justice department charges five with helping North Korean IT workers evade sanctions. The FCC wants to beef up BGP. Antidot is a new Android banking trojan. The SEC enhances disclosure obligations. Researchers uncover vulnerabilities in GE ultrasound devices. A Baltimore neo-nazi pleads guilty to conspiring to take down an electrical grid. On our Solution Spotlight: N2Ks Simone Petrella speaks with Alicja Cade, Director in Google Cloud's Office of the CISO, about the CISO role, board communication, and cyber workforce development. Tanks for the warm water, but you can keep the vulnerabilities....
FBI strikes against a cybercrime syndicate.
The FBI seizes BreachForums. NCSC rolls out a 'Share and Defend' initiative. ESports gaming gets a level up in their security. The spammer becomes the scammer. Bitdefender is sounding the alarm. The city of Wichita gets a wake-up call. In our Threat Vector segment, host David Moulton discusses the challenges and opportunities of AI adoption with guest Mike Spisak, the Managing Director of Proactive Security at Unit 42. And no one likes a cyber budgeting blunder. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember...
A bipartisan blueprint for American leadership.
U.S. Senators look to enhance American leadership in AI. Federal Agencies Warn of Rising Cyberattacks on Civil Society. The Pentagon says theyre satisfied with Microsofts post-breach security pivots. Patch Tuesday updates. A Mississippi health system alerts users of a post-ransomware data breach. The FTC cautions automakers over data collection. CISOs feel pressure to understate cyber risks. On the Learning Layer, Sam and Joe continue their certification journey. Guest Sarah Powazek of UC Berkeley's Center for Long-Term Cybersecurity (CLTC) speaks with N2Ks Brandon Karpf about cyber civil defense clinics. A crypto mixing service developer finds himself behind bars. Our 2024 N2K...
Google strikes back.
Google patches another Chrome zero-day. UK insurance agencies and the NCSC team up to reduce ransom payments. The FCC designates a robocall scam group. Vermont passes strong data privacy laws. A malicious Python package targets macOS users. ESET unpacks Ebury malware. Dont answer Jennys email. Guest is author Barbara McQuade discussing her book "Attack from Within: How Disinformation is Sabotaging America. The White House says, Keep your crypto mining away from our missile silos! Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave...
A battle for digital sovereignty.
IntelBroker claims to have breached a Europol online platform. The U.S. and China are set to discuss AI security. U.S. agencies warn against BlackBasta ransomware operators. A claimed Russian group attacks British local newspapers. Cinterion cellular modems are vulnerable to malicious SMS attacks. A UK IT contractor allegedly failed to report a major data breach for months. Generative AI is a double edged sword for CISOs. Reality Defender wins the RSA Conference's Innovation Sandbox competition. Our guest is Chris Betz, CISO of AWS, discussing how to build a strong culture of security. Solar storms delay the planting of corn. Our...
Encore: Brandon Robinson: Built from the ground up. [Sales Engineer] [Career Notes]
Cybersecurity Sales Engineer Brandon Robinson shares how he built his career in technology and the barriers he experienced along the way. He talks about how his job involves him interacting with customers at the highest levels making sure their solution is meeting needs. In addition, Brandon describes how as a black man and a trailblazer, he's been met with resistance. His positive spin on moving ahead involves relying on himself. Brandon's advice: find your passion, don't be intimidated and you will be met with success. Our thanks to Brandon for sharing his story with us. Learn more about your ad...
The double-edged sword of cyber espionage. [Research Saturday]
Dick O'Brien from Symantec Threat Hunter team is discussing their research on Graph: Growing number of threats leveraging Microsoft API. The team observed an increasing number of threats that have begun to leverage the MicrosoftGraph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services. The research states "the technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes." The research can be found here: Graph: Growing number of threats leveraging Microsoft API Learn more...
Treasury's offensive in financial defense.
Project Fortress looks to protect the US financial system. News from San Francisco as RSA Conference winds down. Dell warns customers of compromised data. Google updates Chrome after a zero day is exploited in the wild. Colleges in Quebec are disrupted by a cyberattack. CopyCop uses generative AI for misinformation. The FBI looks to snag members of Scattered Spider. Betsy Carmelite, Principal at Booz Allen, shares our final Woman on the Street today from the 2024 RSA Conference. Guest Deepen Desai, Chief Security Officer at Zscaler, joins us to offer some highlights on their AI security report. A solar storms...
Healthcare in the crosshairs.
Ascension healthcare shuts down systems following a cybersecurity event. Updates from RSA Conference. The FDA recalls an insulin pump app. Polish officials blame Russia for recent cyber attacks. IntelBroker claims to have compromised a pair of UK banks. New Mexicos top cop accuses Meta of failing to protect kids. British Columbia reports "sophisticated cybersecurity incidents" on government networks. Researchers uncover a vulnerability in UPS software affecting critical infrastructure. Zscaler investigates a claimed data breach. On the Learning Layer, host Sam Meisenberg and N2Ks Urban Alliance Intern, David Nguyen, discuss David's AZ-900 exam experience. The Library of Congress stands strong. Remember...
The takedown of a ransomware ringleader.
International law enforcement put a leash on a LockBit leader. Updates from RSA Conference, including our Man on the Street Rob Boyce, Managing Director at Accenture. TikTok sues the U.S. government. The Commerce Department restricts chip sales to Huawei. A third-party breach exposes payroll records of Britains armed forces. BogusBazaar operates over 75,000 fake webshops. Android security updates address 26 vulnerabilities. A Philadelphia real estate investment trust gets hit with ransomware. BetterHelp will pay $7.8 million to settle FTC charges of health data misuse. On the Learning Layer, Sam and Joe dive into CISSP Domain 4, Communication and Network Security,...
Hack-proofing the future to shape cyberspace.
Secretary Blinken and Senator Warner weigh in on cybersecurity at RSA Conference. Ransomware profits are falling. Proton Mail is under scrutiny for information sharing. A senior British lawmaker blames China for a UK cyberattack. Medstar Health notifies patients of a potential data breach. A study finds cybersecurity education programs across the U.S vary wildly. Brandon Karpf, N2K Man on the Street, stops by to share his thoughts on the 2024 RSA Conference. An Australian pension fund gets lost in the clouds. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for...
Charting the course: Biden's blueprint for global cybersecurity.
Secretary of State Antony Blinken is set to unveil a new international cybersecurity strategy at the RSA Conference in San Francisco. Paris prepares for Olympic-sized cybersecurity threats. Wichita, Kansas is recovering from a ransomware attack. A massive data breach hits citizens of El Salvador. Researchers steal cookies to bypass authentication. Cuckoo malware targets macOS systems. Iranian threat actors pose as journalists to infiltrate network targets. A former Microsoft insider analyzes the companys recommitment to cybersecurity. Guest Mark Terenzoni, Director of Risk Management at AWS, joins N2Ks Rick Howard to discuss the benefits of security lakes in a post-AI world. Ukrainian...
Encore: Elizabeth Wharton: Strong shoulders for someone else to stand on. [Legal] [Career Notes]
Technology attorney and startup chief of staff Elizabeth Wharton shares her experiences and how she came to work with companies in technology. Elizabeth talks about how she always liked solving problems and Nancy Drew mysteries, but not litigation. These morphed finding into her home in the policy legal world and some time later, technology law. Elizabeth describes how she loves planning and strategy in her work and encourages others to ask questions and absorb all of the information. Our thanks to Elizabeth for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Geopolitical tensions rise with China. [Research Saturday]
Adam Marr, CISO at Arctic Wolf, is diving deep into geopolitical tension with China including APT31, iSoon and TikTok with Dave this week. They also discuss some of the history behind China cyber operations.
Adam shares information on how different APT groups are able to create spear phishing campaigns, and provides info on how to combat these groups.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ransomware attack turns legal attack.
A Texas operator of rehab facilities faces multiple lawsuits after a ransomware attack. Microsoft warns Android developers to steer clear of the Dirty Stream. The Feds warn of North Korean social engineering. A flaw in the R programming language has been patched. Zloader borrows stealthiness from ZeuS. The GAO highlights gaps in NASAs cybersecurity measures. Indonesia is a spyware hot-spot. Germany summons a top Russian envoy to address cyber-attacks linked to Russian military intelligence. An Israeli PI is arrested in London following allegations of a cyberespionage campaign. In our Industry Voices segment, Allison Ritter, Senior Product Manager from Cyberbit shares...
Dropbox sign breach exposes secrets.
Dropboxs secure signature service suffers a breach. CISA is set to announce a voluntary pledge toward enhanced security. Five Eyes partners issue security recommendations for critical infrastructure. Microsoft acknowledges VPN issues after recent security updates. LockBit releases data from a hospital in France. One of REvils leaders gets 14 years in prison. An Phishing-as-a-Service provider gets taken down by international law enforcement. China limits Teslas over security concerns. In our Threat Vector segment, David Moulton from Unit 42 explores Adversarial AI and Deepfakes with two expert guests, Billy Hewlett, and Tony Huynh. NightDragon founder and CEO Dave Dewalt joins us...
Retirement plan breach shakes financial giant.
A breach at J.P. Morgan Chase exposes data of over 451,000 individuals. President Biden Signs a National Security Memorandum to Strengthen and Secure U.S. Critical Infrastructure. Verizons DBIR is out. Cornell researchers unveil a worm called Morris II. A prominent newspaper group sues OpenAI. Marriott admits to using inadequate encryption. A Finnish man gets six years in prison for hacking a psychotherapy center. Qantas customers had unauthorized access to strangers travel data. The Feds look to shift hiring requirements toward skills. In our Industry Voices segment, Steve Riley, Vice President and Field CTO at Netskope, discusses generative AI and governance....
Ransomware is just a prescription for chaos.
UnitedHealths CEO testimony before congress reveals details of the massive data breach. Major US mobile carriers are hit with hefty fines for sharing customer data. Muddling Meerkat manipulates DNS. A report from Sophos says ransomware payments skyrocketed this past year. The DOE addresses risks and benefits of AI. LightSpy malware targets macOS. A crucial Kansas City weather and traffic system is disabled by a cyberattack. A Canadian pharmacy chain shuts down temporarily following a cyberattack. Guest Kayla Williams, CISO from Devo, joins us to share CISO insights into the pressure of their roles they feel mounting on them and gives...
An unprecedented surge in credential stuffing.
Okta warns of a credential stuffing spike. A congressman looks to the EPA to protect water systems from cyber threats. CISA unveils security guidelines for critical infrastructure. Researchers discover a stealthy botnet-as-a-service coming from China. The UK prohibits easy IoT passwords. New vulnerabilities are found in Intel processors. A global bank CEO shares insights on cybersecurity. Users report mandatory Apple ID resets. A preview of N2K CyberWire activity at RSA Conference. Police in Japan find a clever way to combat gift card fraud. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode?...
Encore: Jack Rhysider: Get your experience points in everything. [Media] [Career Notes]
Host of Darknet Diaries podcast Jack Rhysider shares his experiences from studying computer engineering at university to his strategy of using gamification on his career that led to him landing in the security space. Jack talks about how his wide experiences came together in security and what prompted him to learn podcasting. Jack endeavors to share the whole story through his podcasts while making them entertaining, enlightening and inspirational. Our thanks to Jack for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Christopher Doman, Co-Founder and CTO at Cado Security, is talking about their research on "Cerber Ransomware: Dissecting the three heads." This research delves into Cerber ransomware being deployed onto servers running the Confluence application via the CVE-2023-22518 exploit.
The research states "Cerber emerged and was at the peak of its activity around 2016, and has since only occasional campaigns, most recently targeting the aforementioned Confluence vulnerability."
The research can be found here:
Cerber Ransomware: Dissecting the three heads
Learn more about your ad choices. Visit megaphone.fm/adchoices
Kaiser Permanente's privacy predicament.
Healthcare providers report breaches affecting millions. PlugX malware is found in over 170 countries. Hackers exploit an old vulnerability to launch Cobalt Strike. A popular Wordpress plugin is under active exploitation. Developing nations may serve as a test bed for malware developers. German authorities question Microsoft over Russian hacks. CISA celebrates the success of their ransomware warning program. Our guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, discussing open source software. Password trends are a mixed bag. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our...
Cyber Talent Insights: Strengthening the cyber talent pipeline apparatus. (Part 3 of 3) [Special Edition]
Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape. In this episode, we center our conversation around the Cyber Workforce Pipeline. We discuss where the next great wave of talent is going to come. We talk more about these sources of new talent, such as K-12 programs, higher education, and trade school programs, transitioning military, and other initiatives and programs focused on cultivating the next generation of cyber professionals. Explore Cyber Talent Insights N2Ks Cyber...
The shadowy adversary in Cisco's crosshairs.
Cisco releases urgent patches for their Adaptive Security Appliances. Android powered smart TVs could expose Gmail inboxes. The FTC refunds millions to Amazon Ring customers. The DOJ charges crypto-mixers with money laundering. A critical vulnerability has been disclosed in the Flowmon network monitoring tool. A Swiss blood donation company reopens following a ransomware attack. Multiple vulnerabilities are discovered in the Brocade SANnav storage area network management application. Brokewell is a new Android banking trojan. Metas ad business continues to face scrutiny in the EU. Ann Johnson, host of Microsoft Securitys Afternoon Cyber Tea podcast speaks with LinkedIn's CISO Geoff Belknap....
Iran's covert cyber operations exposed.
The DOJ indicts four Iranian nationals on hacking charges. Legislation to ban or force the sale of TikTok heads to the Presidents desk. A Russian hack group claims a cyberattack on an Indiana water treatment plant. A roundup of dark web data leaks. Mandiant monitors dropping dwell times. Bcrypt bogs down brute-forcing. North Korean hackers target defense secrets. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs &...
Visa crackdown against spyware swindlers.
The State Department puts visa restrictions on spyware developers. UnitedHealth says its recent breach could affect tens of millions of Americans. LockBit leaks data allegedly stolen from the DC government. Microsoft says APT28 has hatched a GooseEgg. The White House and HHS update HIPAA rules to protect private medical data. Keyboard apps prove vulnerable. A New Hampshire hospital suffers a data breach. Microsofts DRM may be vulnerable to compromise. On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain. GoogleTeller just cant keep quiet. Remember to leave us...
Renewed surveillance sparks controversy.
Section 702 gets another two years. MITRE suffers a breach through an Ivanti VPN. CrushFTP urges customers to patch an actively exploited flaw. SafeBreach researchers disclose vulnerabilities in Windows Defender that allow remote file deletion. Ukrainian soldiers see increased attention from data-stealing apps. GitHubs comments are being exploited to distribute malware. VW confirms legacy Chinese espionage and data breaches. CISA crowns winners of the Presidents Cup Cybersecurity Competition. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists in anticipation of...
Encore: Kiersten Todt: problem solving and building solutions. [Policy] [Career Notes]
Managing director of the Cyber Readiness Institute Kiersten Todt shares how she came to be in the cybersecurity industry helping to provide free tools and resources for small businesses through a nonprofit.She describes how her work on the Hill prior to and just after 9/11 changed. Kiersten talks about the diversity of skills that benefit work in cybersecurity and offers her advice on going after what you want to do. Our thanks to Kiersten for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cloud Architect vs Detection Engineer: Mutual benefit. [CyberWire-X]
In this episode of CyberWire-X, N2K CyberWires Podcast host Dave Bittner is joined by Brian Davis, Principal Software Engineer, and Thomas Gardner, Senior Detection Engineer, both from Red Canary. They engage in a cloud architect vs. detection engineer discussion. Through the conversation, they illustrate how one person benefits the other's work and how they work together. Red Canary is our CyberWire-X episode sponsor.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The art of information gathering. [Research Saturday]
Greg Lesnewich, senior threat researcher at Proofpoint, sits down to discuss "From Social Engineering to DMARC Abuse: TA427s Art of Information Gathering." Since 2023, TA427 has directly solicited foreign policy expertsfor their opinions on nuclear disarmament, US-ROK policies, and sanction topics via benign conversation starting emails. The research states "While our researchers have consistently observed TA427 rely on social engineering tactics and regularly rotating its email infrastructure,in December 2023 the threat actor began to abuse lax Domain-based Message Authentication, Reporting and Conformance (DMARC) policiesto spoof various personas and,in February 2024, began incorporating web beacons for target profiling." The research can...
Swift responses to cyberattacks.
Two swift responses to recent cyberattacks. Frontier Communications discloses cyberattack. Texas town repels water system cyberattack by unplugging. List of undesirables falls into the wrong hands. CryptoChameleon phishing kit impersonates LastPass. Ransomware payments trending down in Q1 2024 and a warning for small to medium-sized businesses. US auto manufacturers targeted by FIN7. Akira ransomware has made $42 million since March 2023. No more WhatsApp or Threads in China. Concerning drop in US cybersecurity job listings. Our guest is Zscalers Chief Security Officer Deepen Desai exploring encrypted attacks amidst the AI revolution. Meghan Markle hacked by Kate supporters. Remember to leave...
Cyber Talent Insights: Charting your path in cybersecurity. (Part 2 of 3) [Special Edition]
Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape. In this episode, we shift our point of view to provide guidance for an individual's first career or perhaps considering a career change transitioning into the field. We discuss a market-driven approach to career development. We also explore how to discover ones niche in cybersecurity, including how to stand out in this competitive market and align personal interests with career goals. Lastly, we examine the role...
From phishing to felony.
A major Phishing-as-a-service operation gets taken down by international law enforcement. US election officials are warned of nation-state influence operations. The house votes to limit the feds purchase of citizens personal data. A Michigan healthcare provider suffered a ransomware attack. Critical infrastructure providers struggle to trust cybersecurity tools. Cloudflare reports on DDoS. Kaspersky uncovers new Android banking malware. Kubernetes cryptominers leverage previously patched flaws. The Massachusetts Attorney General emphasizes the responsible use of AI. Our guest Caleb Barlow, CEO of Cyberbit, joins us to talk about badge swipe fraud as more are returning to the office. Colorado passes a law...
The rebirth of Russia's cyber warfare.
A Russian hacker group boldly targets critical infrastructure. The Change Healthcare ransomware attack is projected to cost over a billion dollars. Three hundred bucks is the going rate for a SIM swap. PuTTY potentially reveals private keys. Cisco Talos reports a surge in brute-force attacks. Ivanti updates its MDM product. Omni Hotels & Resorts confirm a data breach. Financially motivated hackers target Businesses in Latin America with steganography. A prolific cryptojacker faces decades in prison. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. The ransomware equivalent of a...
Weathering the phishing front.
Cisco Dou warns of a third-party MFA-related breach. MGM Resorts sues to stop an FTC breach investigation. Meanwhile the FTC dings another mental telehealth service provider. Open Source foundations call for caution after social engineering attempts. The NSA shares guidance for securing AI systems. IntelBroker claims to have hit a US geospatial intelligence firm. The UK clamps down on deepfakes. Hard-coded passwords provide the key to smart-lock vulnerabilities. On our Industry Voices segment, Ryan Lougheed, Director of Product Management at Onspring, discusses the benefits of artificial intelligence in governance, risk and compliance (GRC). A Law Firms Misclick Ends 21 Years...
Hunting vulnerabilities.
Palo Alto Networks releases hotfixes for an exploited zero-day. Delinea issues an urgent update for a critical flaw. Giant Tiger data is leaked online. A European semiconductor manufacturer deals with a data breach. Roku suffers its second breach of the year. Operators of the Hive RAT face charges. A former Amazon security engineer gets three years in prison for hacking cryptocurrency exchanges. Zambian officials arrest 77 in a scam call center crack down. Our guest Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division describes dual ransomware. And Rob Boyce, Managing Director at Accenture, shares his thoughts on security...
AWS in Orbit: Extending the resilient edge to space. [T-Minus AWS in Orbit]
You can learn more about AWS in Orbit at space.n2k.com/aws. N2K Space is working with AWS to bring the AWS in Orbit podcast series to the 39th Space Symposium in Colorado Springs from April 8-11. Our guests today are Clint Crosier, Director at AWS Aerospace and Satellite, and Jim Tran, Vice President of Government Solutions at Iridium. AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. Remember to leave us a 5-star rating and review in your favorite podcast...
Encore: Stu Sjouwerman: Trying for a win, win, win game. [CEO] [Career Notes]
Founder and CEO Stu Sjouwerman takes us on a journey of how his career developed from starting a software service company to currently focusing on the infosec side of the business where his team essentially helps to create human firewalls. Stu talks about learning all aspects of the business while creating startups and suggests you learn to speak the language of the area you are looking to get into. He even touches on predicting the future and taking over the world.Our thanks to Stu for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
AWS in Orbit: Building a resilient outernet. [T-Minus AWS in Orbit]
You can learn more about AWS in Orbit at space.n2k.com/aws. N2K Space is working with AWS to bring the AWS in Orbit podcast series to the 39th Space Symposium in Colorado Springs from April 8-11. Our guests today are Salem El Nimri, Chief of Space Technology at AWS Aerospace and Satellite, and Declan Ganley, Chairman and CEO at Rivada Space Networks. AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. Remember to leave us a 5-star rating and review...
Breaking down a high-severity vulnerability in Kubernetes. [Research Saturday]
Tomer Peled, a Security & Vulnerability Researcher from Akamai is sharing their work on "What a Cluster: Local Volumes Vulnerability in Kubernetes." This research focuses on a high-severity vulnerability in Kubernetes, allowing for remote code execution with system privileges on all Windows endpoints within a Kubernetes cluster.
The research states "The discovery of this vulnerability led to the discovery of two others that share the same root cause: insecure function call and lack of user input sanitization."
The research can be found here:
What a Cluster: Local Volumes Vulnerability in Kubernetes
Learn more about your ad choices. Visit megaphone.fm/adchoices
Privacy, power, and the path forward.
Section 702 edges closer to a vote. CISA provides guidance on Sisense and Microsoft breaches. A major conservative think tank reports a breach. Obsolete D-Link devices are under active exploitation, and Palo Alto warns of a zero-day. Raspberry Robin grows more stealthy. A lastpass employee thwarts a deepfake phishing attempt. Are AI models growing more persuasive? Our guest Kevin Magee from Microsoft Canada joins us to talk about cross domain prompt injection and AI. Floppies keep the trains running on time. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for...
Cyber Talent Insights: Navigating the landscape for enterprise organizations. (Part 1 of 3) [Special Edition]
Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape. In the first episode of the series on cybersecurity workforce development, we dive into the complex world of cyber workforce management and planning, particularly as it pertains to the perspective of the enterprise. We explore the current state of the cybersecurity workforce, navigate various challenges in talent acquisition, and explore the nuances of job classifications, titles, compensation, and the dynamics of remote, onsite, and hybrid work...
Apple's worldwide warning on mercenary attacks.
Apple warns targeted users of mercenary spyware attacks. CISA expands its Malware Next-Gen service to the private sector. US Cyber Command chronicles their hunt forward operations. Taxi fleets leak customer data. Trend Micro tracks DeuterBear malware. The BatBadBut vulnerability enables command injection on Windows. Cybercriminals manipulate GitHub's search functionality. Scully Spider may be utilizing AI generated Powershells scripts. A study from ISC2 sheds light on salary disparities. On our Threat Vector segment, host David Moulton, Director of Thought Leadership at Unit 42, welcomes Donnie Hasseltine, VP of Security at Second Front Systems and a former Recon Marine, as they delve...
From deadlock to debate on a revised Section 702 bill.
The House moves forward on Section 702 reauthorization. Ukraine suspends a top cybersecurity official. A Wisconsin health coop suffers a data breach. Sophos uncovers a malicious backdoor. Fortinet issues patches for critical and high severity vulnerabilities. A Microsoft server exposed employee passwords, keys, and credentials. LG releases patches to secure smart TVs. The IMF warns of cyberattacks potential to trigger bank runs. It was a busy patch Tuesday. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's CISSP study journey and how to avoid frustration when you get a practice question wrong. X...
Unraveling a healthcare ransomware web.
Change Healthcare gets hit with another ransom demand. A French football team warns fans of a cyberattack. The Home Depot breach is chalked up to a misconfigured SaaS application. The FCC looks to sure up car connectivity security to protect survivors of domestic violence. Targus reports a disruptive cyberattack. A massive doxxing event hits El Salvador. India's top audio and wearables brand investigates a customer data breach. The Israeli military jams GPS. Microsoft Securitys Ann Johnson, host of Afternoon Cyber Tea podcast, shares a segment of her latest episode featuring Jason Healey, founding scholar and director for cyber efforts at...
A possible breakthrough in data privacy legislation.
Might there be motion from Congress on data privacy legislation? Maryland passes a pair of privacy bills. A database allegedly from the EPA shows up on Russian cybercrime forums. HHS issues an alert for the Healthcare and Public Health sectors. CISA gears up for their Cyber Storm. A leading UK veterinary service provider suffers a cyber incident. A hardcoded backdoor is discovered in deprecated Network Attached Storage devices. NSAs new cybersecurity director takes the reins. Guest Caleb Barlow, CEO of Cyberbit, shares his insights on the evolving role of the CISO. The bull market for Zero-days. Remember to leave us...
Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] [Career Notes]
Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security. As a child who wrote a book about a green goldfish who dealt with bullying, Selena always liked investigating and researching things. Specializing in cybersecurity journalism led to the realization of how closely aligned or similar skills are required from an investigative journalist and a cyber threat intelligence analyst. Our thanks to Selena for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Leaking your AWS API keys, on purpose? [Research Saturday]
Noah Pack, a SANS Internet Storm Center Intern, sits down to discuss research on "What happens when you accidentally leak your AWS API keys?" This research is a guest diary from Noah and shares a project he worked on after seeing an online video of someone who created a python script that emailed colleges asking for free swag to be shipped to him. The research states "In this article, I will share some research, resources, and real-world data related to leaked AWS API keys." In this research, Noah shares what he learned while implementing his experiment. The research can be...
Deciphering the Acuity cybersecurity incident.
Acuity downplays its recent breach. IcedID gives way to a new malware strain. Russia arrests alleged credit card thieves. Wiz uncovers security flaws in Hugging Face AI models. NERC and the E-ISAC review lessons learned from simulated attacks on the electrical grid. UK police track honey traps targeting MPs. Microsoft says China is actively trying to influence US elections. A major global lens maker suffers a cyber attack. Guest Dick O'Brien from the Symantec Threat Hunter Team shares how ransomware operators adapt to disruption. And SEO under threat of legal action. Remember to leave us a 5-star rating and review...
Securing secrets: The State Department's cyber hunt.
The State Department investigates an alleged breach. The FCC looks at regulating connected vehicles. A big-tech consortium hopes to mitigate AI-related job losses. Google aims to thwart cookie-thieves. SurveyLama exposes sensitive info of over four millions users. Omni Hotels & Resorts is recovering from a cyberattack. A national cancer treatment center suffers a breach. How cyber is approached on both sides of the pond. In our Industry Voices segment , George Jones, CISO at Critical Start, discusses strategies for maximizing cybersecurity investments to achieve optimal risk reduction. Playing the identity theft long-game. Remember to leave us a 5-star rating and...
Biden administration brings down the hammer.
The Cyber Safety Review Board hands Microsoft a scathing report. Jackson County, Missouri declares a state of emergency following a ransomware attack. The concerning growth of Chinese brands in U.S. critical infrastructure. Malware campaigns make use of YouTube. OWASP issues a data breach warning. Trend Micro tracks LockBits faltering rebound. Indias government cloud service leaks personal data. ChatGPT jailbreaks spread on popular hacker forums. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's CISSP study journey and focus on the when and how of studying for Domain 1. And you can no longer...
From lawsuit to logoff: Google's incognito mode makeover.
Google agrees to delete billions of user records. NIST addresses the NVD backlog. India rescues hundreds of citizens from scam jobs in Cambodia. The UK and US agree to collaborate on AI safety. The FTC tracks an explosion in impersonation fraud. A PandaBuy breach exposes over 1.3 million customers. Prudential Financial informs over 36,000 customers of a data breach. A look at safeguarding sensitive data. Our guest is Jeff Reich, Executive Director of the Identity Defined Security Alliance (IDSA), with insights on identity security best practices. A dash of curiosity reveals a hotel chain vulnerability. Remember to leave us a...
Unmasking the xzploitation.
The xz backdoor sets the open source community back on its heels. AT&T resets passwords on millions of customer accounts. Researchers track a macOS infostealer. Poland investigates past internal use of Pegasus spyware. The latest Vultur banking trojan grows trickier than ever. We note the passing of a security legend. On our Solution Spotlight, N2K President Simone Petrella talks about Bits, Bytes, and Loyalty: How to Improve Team Retention with Yameen Huq of the Aspen Institute. A ghost ship trips Africas internet. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up...
Encore: Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]
Liji Samuel from NSA sits down to share her exciting career path through the years until she found a job working for as Chief of Standards and Certification at NSA's Cyber Collaboration Center. She starts by sharing that she had always wanted to work in the STEM field, explaining that growing up she was surrounded with older cousins who were choosing STEM careers and it became an interesting topic for her. She accounts working for a number of companies that helped her grow into the role she is in now. Cybersecurity became a big buzzword for her, causing her to...
The supply chain in disarray. [Research Saturday]
Elad, a Senior Security Researcher from Cycode is sharing their research on "Cycode Discovers a Supply Chain Vulnerability in Bazel." This security flaw could let hackers inject harmful code, potentially affecting millions of projects and users, including Kubernetes, Angular, Uber, LinkedIn, Databricks, DropBox, Nvidia, Google, and many more. The research states "We reported the vulnerability to Google via its Vulnerability Reward Program, where they acknowledged our discovery and proceeded to address and fix the vulnerable components." Please take a moment to fill out an audience survey! Let us know how we are doing! The research can be found here: Cycode...
Pentagons cybersecurity roadmap.
The Pentagon unveils its cybersecurity roadmap. A major Massachusetts health insurer reveals a massive data breach. Hot Topic reports credential stuffing. Cisco warns of password spraying targeting VPNs. The FS-ISAC highlights the risk of generative AI to financial institutions. The FEC considers efforts to combat deceptive artificial intelligence. A look at Thread Hijacking attacks. Guests Linda Gray Martin and Britta Glade from RSA Conference join us to discuss what's new and what to look forward to at this years big show. Plus my conversation with Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, with insights on their recent Notice...
AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]
You can learn more about AWS in Orbit at space.n2k.com/aws. Baptiste Tripard is the Chief Marketing Officer at Alteia. Aiga Stokenberga is the Senior Transport Economist at the World Bank. We explore how Alteia and the World Bank are leveraging AWS's cloud, AI, and space capabilities to monitor critical road networks at scale to support large scale infrastructure investments. From road networks to bridges, they share real-world applications that are making a difference in emerging economies. AWS in Orbit is a podcast collaboration between N2K and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing,...
A battle against malware.
PyPI puts a temporary hold on operations. OMB outlines federal AI governance. Germany sounds the alarm on Microsoft Exchange server updates. Cisco patches potential denial of service vulnerabilities. The US puts a big bounty on BlackCat. Darcula and Tycoon are sophisticated phishing as a service platforms. Dont dilly-dally on the latest Chrome update. On our Threat Vector segment, host David Moulton has guest Sam Rubin, VP and Global Head of Operations at Unit 42, to discuss Sam's testimony to the US Congress on the multifaceted landscape of ransomware attacks, AI, and automation, the need for more cybersecurity education. And Data...
Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]
Vice President for Cyber and Information Solutions within Mission Systems at Northrop Grumman, Jennifer Walsmith takes us on her pioneering career journey.Following in her father's footsteps at the National Security Agency, Jennifer began her career out of high school in computer systems analysis. Jennifer notes she saw the value of a college degree and at her parents' urging attended night school. She completed her bachelors in computer science at University of Maryland, Baltimore County with the support of the NSA. Jennifer talks about the support of her team at NSA where she was one of the first women to have...
If there's something strange in your neighborhood, don't call Facebook.
Facebook's Secret Mission to Unmask Snapchat. The White House wants AI audits. Hackers exploit the open-source Ray AI framework. Finnish Police ID those responsible for the 2021 parliament breach. Operation FlightNight targets Indian government and energy sectors. Chinese APT groups target ASEAN entities. A notorious robocaller is rung up for nearly ten million dollars. In our latest Learning Layer, join Sam Meisenberg as he unpacks the intricacies of the CISSP diagnostic with Joe Carrigan from Johns Hopkins University. And Ann Johnson from Microsoft's Afternoon Cyber Tea visits the world of Smashing Security with Graham Cluley and Carole Theriault . And...
In honor of Women's History Month, please enjoy this episode of the Palo Alto Networks Unit 42's Threat Vector podcast featuring host David Moulton's discussion with Jacqueline Wudyka about the SEC's Cybersecurity Law. In this episode, join host David Moulton as he speaks with Stephanie Regan, a senior consultant at Unit 42. Stephanie, with a background in law enforcement, specializes in compromise assessment and incident response. Discover her insights into combating the Muddled Libra threat group and similar adversaries. Stephanie highlights the crucial role of reconnaissance in investigations and the importance of strong multi-factor authentication (MFA) to counter phishing and...
The great firewall breached: China's covert cyber assault on America exposed.
An alleged sinister hacking plot by China. CISA and the FBI issued a 'secure-by-design' alert. Ransomware hits municipalities in Florida and Texas. The EU sets regulations to safeguard the upcoming European Parliament elections. ReversingLabs describe a suspicious NuGet package. Senator Bill Cassidy questions a costly breach at HHS. A data center landlord sues over requests to reveal its customers. On our Industry Voices segment, Jason Kikta, CISO & Senior Vice President of Product at Automox, discusses ways to increase IT efficiency while avoiding tool overload & complexity. And Google's AI Throws Users a Malicious Bone. Remember to leave us a...
Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]
Head of Cyber Governance with Red Sift, Dr. Rois Ni Thuama shares the circuitous route of her career into cyber governance.She notes the route "looks really clean, but actually it was a bit more Jeremy Bearimy." While at Trinity College, Rois was moved to be part of history unfolding in South Africa and pause her studies. While there, she began making music videos and wildlife documentaries. Upon her return to London, Rois started working in corporate governance and risk at a music technology startup. This ignited her enthusiasm for startups. She now works in a company with several coworkers from...
Python developers under attack.
A supply chain attack targets python developers. Russia targets German political parties. Romanian and Spanish police dismantle a cyber-fraud gang. Pwn2Own prompts quick patches from Mozilla. President Biden nominates the first assistant secretary of defense for cyber policy at the Pentagon. An influential think tank calls for a dedicated cyber service in the US. Unit42 tracks a StrelaStealer surge. GM reverses its data sharing practice. Our guest is Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, who shares trends in cloud-native security. And a Fordham Law School professor suggests AI creators take a page from medical doctors....
Senior security researcher from Secureworks Marcelle Lee shares her career journey into cybersecurity and how she helps solve hard problems in her daily work. Marcelle came into cybersecurity not through any traditional path. She describes her route from a different field and starting in cyber at her local community college through a grant program. Marcelle took full advantage of the opportunities she had and grew her career from there. She recommends finding your specialty, but continue to build other skills. As a woman in the field, she is a strong proponent of diversity and encouraging others to find what excites...
HijackLoader unleashed: Evolving threats and sneaky tactics. [Research Saturday]
Liviu Arsene from CrowdStrike joins to discuss their research "HijackLoader Expands Techniques to Improve Defense Evasion." The research has found that HijackLoader continues to become increasingly popular among adversaries for deploying additional payloads and tooling. In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. Researchers state "this new approach has the potential to make defense evasion stealthier." Please take a moment to fill out an audience survey! Let us know how we are doing! The research can be found here: HijackLoader Expands Techniques to Improve Defense...
When it rains, it pours.
Advanced wiper malware hits Ukraine. Nemesis gets dismantled. Apple deals with an unpatchable vulnerability. FortiGuard rises to the rescue. CISA and FBI join forces against DDoS attacks. US airlines data security and privacy policies are under review. Hackers hit thousands in Jacksonville Beach. Geoffrey Mattson, CEO of Xage Security sits down to discuss CISA's 2024 JCDC priorities. And Hotel keycard locks cant be that hard to crack. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be...
A CIA Psychologist on the Minds of World Leaders, Pt. 2 with Dr. Ursula Wilder [SpyCast]
In honor of Women's History Month, please enjoy this episode of the International Spy Museum's SpyCast podcast featuring part 2 of Andrew Hammond's discussion with Dr. Ursula Wilder of the Central Intelligence Agency. Summary Dr. Ursula Wilder (LinkedIn) joins Andrew (X;LinkedIn) to discuss the intersections between psychology and intelligence. Ursula is a clinical psychologist with over two decades of experience working at the Central Intelligence Agency. What Youll Learn Intelligence How psychology can be useful to national security Historical examples of leadership analysis Leadership personality assessments & the Cuban Missile Crisis Psychoanalytic theory and espionage Reflections Human nature throughout history...
Safeguarding American data from foreign hands.
The House Unanimously Passes a Bill to Halt Sale of American Data to Foreign Foes. The U.S. Sanctions Russian Individuals and Entities for a Global Disinformation Campaign. China warns of cyber threats from foreign hacking groups. A logistics firm isolates its Canadian division after a cyber attack. Ivanti warns of another critical vulnerability. Researchers find hundreds of vulnerable Firebase instances. Microsoft phases out weaker encryption. Formula One fans fight phishing in the fast lane. Glassdoor is accused of adding real names to profiles without user consent. Our guest is Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike, discussing how...
Sloane Menkes: What is the 2%? [Consultant] [Career Notes]
Principal in PricewaterhouseCoopers Cyber Risk and Regulatory Practice, Sloane Menkes, shares her story of how non-linear math helped to shape her life and career.Sloane credits a high school classmate for inspiring her mantra "What is the 2%?" that she employs when she feels like things are shutting down. She talks about her experiences in calculus class at the US AIr Force Academy that helped to enlighten her and inform the intuitive problem solving skill or way of thinking that she'd been employing in her life. She joined Office of Special Investigations and working with Howard Schmidt is where Sloane first...
Biden's cyber splash in protecting the nation's water systems.
The White House Mobilizes a National Effort to Shield Water Systems from Cyber Threats and Announces Major Investment in U.S. Chip Manufacturing. The U.S. and Allies Issue Fresh Warnings on China's Volt Typhoon Cyber Threats to Critical Infrastructure. Microsoft Streamlines 365 Services with a Unified Cloud Domain. Ukrainian authorities take down a credential theft operation. LockBit claims another pharmaceutical company. A popular Wordpress plugin puts tens of thousands of websites at risk. A breach at Mintlify compromises GitHub tokens. An Idaho man pleads guilty to online extortion. The SEC fines firms for AI washing. Weve got part two of our...
The SEC's Cybersecurity Law, a New Compliance Era with Jacqueline Wudyka. [Threat Vector]
In honor of Women's History Month, please enjoy this episode of the Palo Alto Networks Unit 42's Threat Vector podcast featuring host David Moulton's discussion with Jacqueline Wudyka about the SEC's Cybersecurity Law. In this episode of Threat Vector, we dive deep into the new SEC cybersecurity regulations that reshape how public companies handle cyber risks. Legal expert and Unit 42 Consultant Jacqueline Wudyka brings a unique perspective on the challenges of defining 'materiality,' the enforcement hurdles, and the impact on the cybersecurity landscape. Whether you're a cybersecurity professional, legal expert, or just keen on understanding the latest in cyber...
SIM swap scammer pleads guilty.
A SIM-swapper faces prison and fines. Here come the class action suits against UnitedHealth Group. Aviation and Aerospace find themselves in the cyber crosshairs. A major mortgage lender suffers a major data breach. A look at election misinformation. The UK shares guidance on migrating SCADA systems to the cloud. Collaborative efforts to contain Smoke Loader. Trend Micro uncovers Earth Krahang. Troy Hunt weighs in on the alleged AT&T data breach. Ben Yelin unpacks the case between OpenAI and the New York Times. And fool me once, shame on you Remember to leave us a 5-star rating and review in your...
Roselle Safran: So much opportunity. [Entrepreneur] [Career Notes]
CEO and Founder of KeyCaliber, Roselle Safran, takes us on her circuitous career journey from startup to White House and back to startup again.With a degree in civil engineering, Roselle veered off into a more technical role at a startup and she says "caught the startup bug." After convincing a hiring manager that she could learn on the job, she transitioned to computer forensics and started on the path of cybersecurity. Roselle worked in government for the Department of Homeland Security and then to the Executive Office of the President leading all of the security operations. She jumped back into...
The hot pursuit of Volt Typhoon.
Volt Typhoon retains the attention of US investigators. The IMF reports a cyber breach. Fujitsu finds malware on internal systems. Securonix researchers describe DEEP#GOSU targeting South Korea. Subsea cable breaks leave West and Central Africa offline. Health care groups oppose enhanced cyber security regulations. A Pennsylvania school district grapples with a ransomware attack. AT&T denies a data leak. Our guest Kevin Magee of Microsoft Canada shared his experiments with board reporting. And Apex Legends eSports competitors get some unexpected upgrades. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our...
TheWorkforce Framework for Cybersecurity (NICE Framework)(NIST Special Publication 800-181, revision 1) provides a set of building blocks for describing the Tasks, Knowledge, and Skills (TKS) that are needed to perform cybersecurity work by individuals or teams. Through these building blocks, the NICE Framework enables organizations to develop their workforces to perform cybersecurity work, and it helps learners to explore cybersecurity work and to engage in appropriate learning activities to develop their knowledge and skills. On this Special Edition podcast, N2K CyberWire's Dave Bittner is joined by the team at NIST and FIU's Jack D. Gordon Institute for Public Policy to...
Encore: Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]
Dawn Cappelli, OT CERT Director at Dragos, sitsdown to share what she has learned after her 25+year career in the industry. She recalls wanting to have been a rockstar when she grew up, now she refers to herself as the fairy godmother of security. She shares some of the amazing things she got to work on throughout her career, including working with the Secret Service when the Olympics came to Salt Lake City, Utah in 2002. She shares how she was able to rise through the ranks to get to where she is now. Dawn talks about how she wasn't...
Robert Duncan from Netcraft is sharing their research on "Phishception - SendGrid abused to host phishing attacks impersonating itself." Netcraft has recently observed that criminals abused Twilio SendGrids email delivery, API, and marketing services to launch a phishing campaign impersonating itself. Hackers behind this novel phishing campaign used SendGridsTracking Settingsfeature, which allows users to track clicks, opens, and subscriptions with SendGrid. The malicious link was masked behind a tracking link hosted by SendGrid. Please take a moment to fill out an audience survey! Let us know how we are doing! The research can be found here: Phishception SendGrid is abused...
Flight fiasco: UK Defence Minister's jet faces GPS jamming.
Russias accused of jamming a jet carrying the UKs defense minister. Senators introduce a bipartisan Section 702 compromise bill. The Cybercrime Atlas initiative seeks to dismantle cybercrime. StopCrypt ransomware grows stealthier. A Scottish healthcare provider is under cyber attack. Workers in France are at risk of data exposure. CERT-BE warns of critical vulnerabilities in Arcserve UDP software. The FCC approves IoT device labeling. Researchers snoop on AI chat responses. A MITRE-Harris poll tracks citizens concern over critical infrastructure. On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive's CTO...
A CIA Psychologist on the Minds of World Leaders, Pt. 1 with Dr. Ursula Wilder [SpyCast]
In honor of Women's History Month, please enjoy this episode of the International Spy Museum's SpyCast podcast featuring part 1 of Andrew Hammond's discussion with Dr. Ursula Wilder of the Central Intelligence Agency. Summary Dr. Ursula Wilder (LinkedIn) joins Andrew (X;LinkedIn) to discuss the intersections between psychology and intelligence. Ursula is a clinical psychologist with over two decades of experience working at the Central Intelligence Agency. What Youll Learn Intelligence How psychology can be useful to national security Historical examples of leadership analysis Leadership personality assessments & the Cuban Missile Crisis Psychoanalytic theory and espionage Reflections Human nature throughout history...
TikTok showdown: U.S. lawmakers target privacy and security.
The US House votes to enact restrictions on TikTok. HHS launches an investigation into Change Healthcare. An Irish Covid-19 portal puts over a million vaccination records at risk. Google distributes $10 million in bug bounty rewards. Nissan Oceana reports a data breach resulting from an Akira ransomware attack. Meta sues a former VP for alleged data theft. eSentire sees Blind Eagle focusing on the manufacturing sector. Claroty outlines threats to health care devices. A major provider of yachts is rocked by a cyber incident. In our Threat Vector segment, David Moulton explores the new SEC cybersecurity regulations with legal expert...
Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]
Teresa Rothaar, a governance, risk, and compliance (GRC) analyst at Keeper Security sits down to share her story, from performer to cyber. She fell in love with writing as a young girl, she experimented with writing fanfiction which made her want to grow up to be in the arts. After attending college she found that she was good at math, lighting the way for her to start her cyber career. Teresa moved to being a writer at Keeper, finding she wanted to spread out and try more, so she ended up becoming an analyst while still doing writing on the...
The usual suspects are up to their usual tricks.
ODNIs Annual Threat Assessment highlights the usual suspects. The White House meets with UnitedHealth Groups CEO. A convicted LockBit operator gets four years in prison. The Clop ransomware group leaks data from major universities. Equilend discloses a data breach. Fortinet announces critical and high-severity vulnerabilities. GhostRace exploits speculative race conditions in popular CPUs. Incognito Market pulls the rug and extorts its users. Patch Tuesday notes. On the Learning Layer, Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. They explore Joe's journey on the road to taking his CISSP test....
Biden's budget boost for cybersecurity.
Bidens budget earmarks thirteen billion bucks for cybersecurity. DOJ targets AI abuse. A US trade mission to the Philippines includes cyber training. CISA and OMB release a secure software attestation form. CyberArk explores AI worms. Russia arrests a South Korean on cyber espionage charges. French government agencies are hit with DDoS attacks. Jessica Brandt is named director of the Foreign Malign Influence Center. Afternoon Cyber Tea host Ann Johnson speaks with her guest Keren Elazari about the hacker mindset. Google builds itself the Bermuda Triangle of Broadband. Remember to leave us a 5-star rating and review in your favorite podcast...
Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]
Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader.Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurityspace. Kyla recommends putting yourself out there: taking courses, getting more knowledge, getting internships, meeting people and going to conferences. Kyla thinks her generation has an inquisitive mind and feels that is where advocacy and education come in with cybersecurity. She shares for any young person "thinking...
CISAs news trifecta.
A roundup of news out of CISA. California reveals data brokers selling the sensitive information of minors. Permiso Security shares an open-source cloud intrusion detection tool. Darktrace highlights a campaign exploiting DropBox. EU's Cyber Solidarity Act forges ahead. A White House committee urges new economic incentives for securing OT systems. Paysign investigates claims of a data breach. Our guest is Alex Cox, Director Threat Intelligence, Mitigation, and Escalation at LastPass, to discuss what to expect after LockBit. And Axios highlights the clowns and fools behind ransomware attacks. Remember to leave us a 5-star rating and review in your favorite podcast...
Ground Labs' Head of Engineering, Swati Shekhar, shares her circuitous route from and back to engineering. Always being interested in leveraging the tools available to solve problems, Swati talks about how she found her place in engineering. She mentions how she had her first real experience with a computer when she was 17 in her first year at college. Aside from being one of 30 young women in a sea of 500 young men there, Swati described it as a "good culture shock becauseanything that takes you out of your comfort zone actually makes you learn and grow." She notes...
Setting better cyber job expectations to attract and retain talent. [Special Edition]
In honor of Women's History Month, please enjoy this encore of Dr. Sasha Vanterpool's webinar.
In this webinar, N2K Networks Cyber Workforce Consultant Dr. Sasha Vanterpool shares how to update job descriptions to better reflect cyber role expectations to improve hiring, training, and retention.
To view the original webinar on demand, visit here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Understanding the multi-tiered impact of ransomware. [Research Saturday]
This week we are joined by Jamie MacColl and Dr. Pia Hsch from RUSI discussing their work on "Ransomware: Victim Insights on Harms to Individuals, Organisations and Society." The research reveals some of the harms caused by ransomware, including physical, financial, reputational, psychological and social harms.
Researchers state "Based on interviews with victims and incident responders, this paper outlines the harm ransomware causes to organisations, individuals, the UK economy, national security and wider society."
The research can be found here:
Ransomware: Victim Insights on Harms to Individuals, Organisations and Society
Learn more about your ad choices. Visit megaphone.fm/adchoices
From breach to battle: The escalating threat of Midnight Blizzard.
Russian hackers persist against Microsofts internal systems. Change Healthcare systems are slowly coming back online. Russian propaganda sites masquerade as local news. Swiss government info is leaked on the darknet. Krebs on Security turns the tables on the Radaris online data broker. The NSA highlights the fundamentals of Zero Trust. The British Library publishes lessons learned from their ransomware attack. Researchers run a global prompt hacking competition. CheckPoint looks at Magnet Goblin. Experts highlight the need for psychological safety in cyber security. Our guest is Dinah Davis, Founder and Editor-In-Chief of Code Like A Girl, sharing the work they do...
Encore: Breaking Through: Securing the advancement of women in cybersecurity. {Special Editions]
In honor of International Women's Day, please enjoy this encore of our 2023 Women in Cyber panel. In the dynamic field of cybersecurity, its well established that creating more opportunities for diversity and inclusion is essential for developing a highly skilled workforce. As an industry, we are starting to see the fruits of that labor, but there is a growing need for diverse leadership to nurture continuous innovation and resilience in cybersecurity. As part of N2Ks 2023 Women in Cyber content series, were excited to host an engaging virtual panel discussion moderated by N2K's President Simone Petrella featuring insights, experiences,...
A secret scheme resulting in stolen secrets.
A former Google software engineer is charged with stealing AI tech for China. State attorneys general from forty-one states call out Meta over account takeover issues. Researchers demonstrate a Stuxnet-like attack using PLCs. Buyer beware - A miniPC comes equipped with pre installed malware. A Microsoft engineer wants the FTC to take a closer look at Copilot Designer. Theres a snake in Facebooks walled garden. Bruce Schneier wonders if AI can strengthen democracy. On our Industry Voices segment, guest Jason Lamar, Senior Vice President of Product at Cobalt, joins us to discuss offensive security strategy. And NIST works hard to...
Encore: Dinah Davis: Building your network. [R&D] [Career Notes]
In honor of International Women's Day, please enjoy this encore of Dinah Davis sharing her story. Coming from her love of math, VP of R&D at Arctic Wolf Networks Dinah Davisshares how she arrived in the cybersecurity industry after finding her niche. Dinah recalls how at a time of indecision, a computer course at university and a job with the Canadian government helped to solidify her career direction. Dinah mentions how "security and cryptography specifically was this perfect mix of real world problem solving and mathematics and computer science all combined into one ball of happiness." Networking played a key...
No cyber blues on Super Tuesday.
CISA says Super Tuesday ran smoothly. The White House sanctions spyware vendors. The DoD launches its Cyber Operational Readiness Assessment program. NIST unveils an updated NICE Framework. Apple patches a pair of zero-days. The GhostSec and Stormous ransomware gangs join forces. Cado Security tracks a new Golang-based malware campaign. Google updates its search algorithms to fight spammy content. Canada's financial intelligence agency suffers a cyber incident. On our Industry Voices segment, our guest Amitai Cohen, Attack Vector Intel Lead at Wiz joins us to discuss cloud threats. Moonlighting on the dark side. Remember to leave us a 5-star rating and...
From Nation States to Cybercriminals: AI's Influence on Attacks with Wendi Whitmore [Threat Vector]
In honor of Women's History Month, please enjoy this episode of the Palo Alto Networks' Unit 42 podcast, Threat Vector, featuring David Moulton's discussion with Wendi Whitmore about the evolving threat landscape. In this conversation, David Moulton from Unit 42 discusses the evolving threat landscape with Wendi Whitmore, SVP of Unit 42. Wendi highlights the increasing scale, sophistication, and speed of cyberattacks, with examples like the recent Clop ransomware incident, and emphasizes that attackers, including nation-state actors and cybercriminals, are leveraging AI, particularly generative AI, to operate faster and more effectively, especially in social engineering tactics. To protect against these...
Change Healthcare hackers cash in $22 million ransom.
Is the ALPHV gang pulling up a twenty two million dollar rug? Meta platforms are experiencing outages. Ukraine claims a cyberattack on the Russian Ministry of Defense. Malicious phishers hope to hook hashes. TeamCity users are warned of critical vulnerabilities. The Discord leaker pleads guilty. AmEx suffers a third-party data breach. Amazon is flooded with fake copycat publications. Our guest is Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division to discuss Volt Typhoon. And, Dude, she is just not that into you. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an...
Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy]
In honor of International Women's Day, please enjoy this encore of Monica Ruiz sharing her story. Cyber Initiative and Special Projects Fellow at the Hewlett Foundation Monica Ruiz shares her career development from aspirations of being a weather woman to her current role as a grantmaker and connector in cybersecurity.Monica discusses how her international study experience changed her outlook and brought her to the field of security. She shares the difficulties she faced as a woman of color when when not that many people look like you, and how she used that as her reason to move forward and better...
Cyberattack causes a code red on US healthcare.
The US healthcare sector is struggling to recover from a cyberattack. Russia listens in via Webex. The former head of NCSC calls for a ransomware payment ban. An Indian content farm mimics legitimate online news sites. The FTC reminds landlords that algorithmic price fixing is illegal. FCC employees are targeted by a phishing campaign. Experts weigh in on NISTs updated cybersecurity framework. Police shut down the largest German-speaking cybercrime market. Guest Mike Hanley, Chief Security Officer and the Senior Vice President of Engineering at GitHub, shares insights with Ann Johnson of Afternoon Cyber Tea. And celebrating the most inspiring women...
Encore: Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]
Product Manager in Anti-Fraud Solutions at SpyCloud, Pattie Dillon shares her journey from raising her family to specializing in the anti-fraud space.Upon reentering the workforce, Pattie worked on identity verification and developed a system with privacy concerns in mind. She moved to work in gift cards and was exposed to money laundering. Traveling along the fraud spectrum, Pattie learned about underground data and feels that this data can be leveraged to actually prevent and fight online fraud. Pattie believes if you don't try, you'll never know. We know we appreciate Pattie sharing her story with us. Learn more about your...
The return of a malware menace. [Research Saturday]
This week we are joined by, Selena Larson from Proofpoint, who is discussing their research, "Bumblebee Buzzes Back in Black." Bumblebee is a sophisticated downloader used by multiple cybercriminal threat actors and was a favored payload from its first appearance in March 2022 through October 2023 before disappearing.
After a four month hiatus, Proofpoint researchers found that the downloader returned. Its return aligns with a surge of cybercriminal threat activity after a notable absence of many threat actors and malware.
The research can be found here:
Bumblebee Buzzes Back in Black
Learn more about your ad choices. Visit megaphone.fm/adchoices
WhatsApp's legal triumph cracks the spyware vault.
A court orders NSO Group to hand over their source code. The Five Eyes reiterate warnings about Ivanti products. Researchers demonstrate a generative AI worm. Fulton County calls LockBits bluff. SMS codes went unprotected online. Golden Corral serves up a buffet of personal data. Ransom demands continue to climb. A US Senator calls on the FTC to investigate auto industry privacy practices. Dressing up data centers. Our guest is Dominic Rizzo, founder and director of OpenTitan and CEO at zeroRISC, discussing the first open-source silicon project to reach commercial availability. And Cops cant keep their suspects straight. Remember to leave...
Iran's cyber quest in Middle Eastern aerospace.
Iran-Linked Cyber-Espionage Targets Middle East's Aerospace and Defense. SpaceX is accused of limiting satellite internet for US troops. Savvy Seahorse' Floods the Net with Investment Scams. GUloader Malware draws on a crafty graphic attack vector. Repo confusion attacks persist. European consumer groups question Metas data collection options. Allegations of Russia targeting civilian critical infrastructure in Ukraine. Cisco patches high-severity flaws. The US puts a Canadian cyber firm on its Entity List. On the Threat Vector segment, we have a conversation between host David Moulton and Michael "Siko" Sikorski, Unit 42's CTO and VP of Engineering, discussing Unit 42's 2024 Incident...
Protecting American data.
President Biden is set to sign an executive order restricting overseas sharing by data brokers. US Federal agencies warn of exploited Ubiquiti EdgeRouters. A new ransomware operator claims to have hacked Epic Games. A cross-site scripting issue leaves millions of Wordpress sites vulnerable. The Rhysida ransomware group posts a multi-million dollar ransom demand on a Childrens Hospital in Chicago. Mandiant tracks Chinese threat actors targeting Ivanti VPNs. The former head of DHS weighs in on a federal cyber insurance backstop. Domain Registrars offer bulk name blocking for brands. Our guest is Magpie Graham, Principal Adversary Hunter Technical Director at Dragos,...
Out with the old, in with the new.
NISTs Cybersecurity Framework gets an upgrade. ONCD makes a case against memory-related software bugs. A recent cyberattack targets Canada's Royal Canadian Mounted Police. US dethrones Russia as top target in cyber breaches. Caveat podcast cohost Ben Yelin discusses remedies in the generative AI copyright cases.And, Reggaeton Be Gone, a creative way to deal with your neighbors music choices. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest...
LockBit reloaded: Unveiling the next chapter in cybercrime.
LockBits reawakening. China's ramp up to safety for vital sectors. Data leak leaves China feeling exposed. Malware hidden by North Korea in fake developer job listings. UK Watchdog rebukes firm for biometric scanning of staff at leisure centers. SVR found adapting for the cloud environment. DOE proposes cybersecurity guidelines for the electric sector. Wideness of breach in the financial industry revealed. Moving on to better things. Things are looking up in the cybersecurity startup ecosystem. UK's National Cyber Security Centre announced they are launching a Cyber Governance Training Pack for boards. N2Ks President Simone Petrella talks with Elastic's CISO Mandy...
Encore: Chris Cochran: Rely on your strengths in the areas of the unknown. [Engineering] [Career Notes]
Director of Security Engineering at Marqeta and Host of Hacker Valley Studio podcastChris Cochran describes his transitions throughout the cybersecurity industry, from an intelligence job with the Marine Corps, to starting the intelligence apparatus for the House of Representatives, then on to leading Netflix's threat intelligence capability. Chris points out that when pivoting to different roles and responsibilities, you must rely on your own strengths to move forward and bring value to your work Our thanks to Chris for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Web host havoc: Unveiling the Manic Menagerie campaign. [Research Saturday]
Assaf Dahan and Daniel Frank from Palo Alto Networks Cortex sit down with Dave to talk about their research "Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor." From late 2020 to late 2022, Unit 42 researchers discovered an active campaign that targeted several web hosting and IT providers in the United States and European Union. The research states "They have further deepened their foothold in victims environments by mass deployment of web shells, which granted them sustained access, as well as access to internal resources of the compromised websites." The research can be found here: Manic Menagerie...
Crackdown on privacy leads to a multi-million dollar fine.
The FTC fines Avast over privacy violations. ConnectWise's ScreenConnect is under active exploitation. AT&T restores services nationwide. An Australian telecom provider suffers a data breach. EU Member States publish a cybersecurity and resilience report. Microsoft unleashes a PyRIT. A new infostealer targets the oil and gas sector. A cyberattack cripples a major US healthcare provider. Our guest is Kevin Magee from Microsoft Canada with insights on why cybersecurity startups in Ireland are having so much success building new companies there. And a USB device is buzzing with malware. Remember to leave us a 5-star rating and review in your favorite...
AT&T outage leaves major cities offline.
AT&T experiences a major outage. The LockBit takedown continues. An updated Doppelgnger is spreading misinformation. A roundup of critical infrastructure initiatives. Toshiba and Orange make a quantum leap. An eyecare provider hack comes into focus. A phony iphone repair scheme leads to convictions. In our Learning Layer segment, Sam Meisenberg shares the latest learning science research. And we are shocked - shocked! - to discover that phone chargers can be used to attack our devices. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing,...
Anchoring security for US ports.
President Biden to sign EO to bolster maritime port security. Apple announces post-quantum encryption for iMessage. Malwarebytes examines the i-Soon data leak. Law enforcement airs LockBits dirty laundry. Varonis highlights vulnerabilities affecting Salesforce platforms. An appeals court overturns a $1 billion piracy verdict. NSAs Rob Joyce announces his retirement. Anne Neuberger chats with WIRED. A leading staffing firm finds its data for sale on the dark web. In our sponsored Industry Voices segment, Navneet Singh, VP of Marketing Network Security at Palo Alto Networks, discusses the transition to the cloud and shares some examples from healthcare. Hackers and hobbyists push...
The reign of digital terror ends.
Operation Cronos leaves LockBit operations on borrowed time. An alleged leak reveals internal operations from the Chinese Ministry of Public Security. An Israeli airline thwarts communications hijacking attempts. The alleged Raccoon Infostealer operator has been extradited to the US. ConnectWise patches critical vulnerabilities. Schneider Electric confirms a Cactus ransomware attack. Alleged Maryland money launderers face indictments. Russian hackers target media outlets in Ukraine. Our guest is Tomislav Pericin, Chief Software Architect at Reversing Labs , on the rise of software supply chain attacks. and Tinder hopes to reel in the catfish. Remember to leave us a 5-star rating and review...
AWS in Orbit: Leveraging generative AI to do more at the rugged space edge with AWS. [T-Minus]
Kathy ODonnell is the leader of Space Solutions Architecture for AWS Aerospace and Satellite. In this extended conversation, we dive into how AWS is supporting generative AI in the space domain. She walks us through some incredible case studies with AWS customers who are using generative AI and space technologies to improve life here on Earth. Learn more about generative AI use cases for space at AWS re:Invent. AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can...
Whats a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]
In this episode of CyberWire-X, N2Ks CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by Tim Miller, Technical Marketing Engineer for Panoptica, Cisco's Cloud Application Security solution, (Panoptica is the result of Cisco's incubation engine (Outshift) for new products and markets), and Kevin Ford, Esris CISO. They discuss the complexity reduction need that Cloud-Native Application Protection Platforms (CNAPPs) provide. Outshift by Cisco is our CyberWire-X episode sponsor.
To learn more about Cloud-Native Application Protection Platforms,check out Panopticas website athttps://panoptica.appandconsider attending theCisco Live EMEA in Amsterdam, February 5-8, 2024.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Encore: Dominique Shelton Leipzig: No matter the statistics, even if against the odds, focus on what you want. [Legal] [Career Notes]
Privacy and data security lawyer, Dominique Shelton Leipzig shares that she has always wanted to be a lawyer, ever since she was a little girl. She talks about what her role is with clients in protecting and managing their data, sometimes adhering to up to 134 different data protection laws for global companies. Learn that not a lot has changed for an African-American woman partner at an Amlaw 100 firm as far as diversity during Dominique's career, and how Dominique suggests young lawyers should address those odds. Our thanks to Dominque for sharing her story with us. Learn more about...
Hackers come hopping back. [Research Saturday]
Ori David from Akamai is sharing their research "Frog4Shell FritzFrog Botnet Adds One-Days to Its Arsenal." FritzFrog takes advantage of the fact that only internet facing applications were prioritized for Log4Shell patching and targets internal hosts, meaning that a breach of any asset in the network by FritzFrog can expose unpatched internal assets to exploitation. The research states "FritzFrog has traditionally hopped around by using SSH brute force, and has successfully compromised thousands of targets over the years as a result." Over the years Akamai has seen more than 20,000 FritzFrog attacks, and 1,500+ victims. The research can be found...
FBI initiates router revolution.
The FBI kicks Moobot out of small business routers. Sensitive data has been stolen from a state government network. AMC proposes a multi-million-dollar settlement after improperly sharing subscribers viewing habits. The U.S. targets an Iranian military ship in the Red Sea with a cyberattack. Lawmakers propose transparency in the use of algorithms in criminal trials. CERT-EU highlights a spear phishing spike. An infamous Zeus and IcedID operator pleads guilty. Our guests are Dr. Josh Brunty, Head Coach, and Brad Wolfenden, Program Director, of US Cyber Games join us to share the details of how their 2024 season is shaping up....
An AI arms race.
Microsoft highlights adversaries experiments with AI LLMs. A misconfiguration exposes a decades worth of emails. SentinelOne describes Kryptina ransomware as a service. The European Court of Human Rights rules against backdoors. Senator Wyden calls out a location data broker. GoldFactory steals facial scans to bypass bank security. The Glow fertility app exposes the data of twenty five million users. Qakbot returns. Our Guest Rob Boyce from Accenture talks about tailored extortion. And hacking the airport taxi line leads to prison. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our...
Its always DNS, but that may just be FUD.
Its always DNS, but that may just be FUD. The DoD notifies victims of a cloud email server leak. New Jersey cops sue online data brokers. Crooks use WiFi jammers to thwart security systems. A copyright case against OpenAI is partially dismissed. Patch Tuesday includes two actively exploited zero days. CharmingCypress gathers political intelligence. Ann Johnson from Microsoft Securitys Afternoon Cyber Tea podcast talks with Frank Cilluffo, Director for Cyber and Critical Infrastructure Security at the McCrary Institute of Auburn University, about cyber and critical infrastructure. And beware Cupids misleading arrow. Remember to leave us a 5-star rating and review...
Phishing threats unleashed.
Attackers lock up Azure accounts with MFA. Bank of America alerts customers to a third party data breach. Malicious cyber activity targets elections worldwide. CISA highlights a vulnerability in Roundcube Webmail. Lawmakers introduce a bipartisan bill to enhance healthcare cybersecurity. Siemens and Schneider Electric address multiple industrial vulnerabilities. Perception in tech gender parity still has a ways to go. Dave Bittner speaks with Guests Andrew Scott, Associate Director of China Operations at CISA, and Brett Leatherman, Section Chief for Cyber at the FBI, about Chinese threat actor Volt Typhoon. And the scourge of online obituary spam. Remember to leave us...
DOJ strikes justice.
The DOJ shuts down the Warzone rat. Ransomware hits over twenty Romanian hospitals, and Rysida gets a decryptor. Canada may ban the Flipper Zero. Chinese espionage claims against the US are light on facts. Australia looks to criminalize doxxing. Federal IT leaders seek better coordination with CISA and the JCDC. Wired looks at the effect of cyberattacks on inequality. Our guest is Manny Felix, Founder and CEO of US Cyber Initiative, sharing their work in unlocking cyber career opportunities for young people. And this thumb drive will self-destruct in five seconds. Remember to leave us a 5-star rating and review...
Encore: Graham Cluley: Have to be able to communicate to everybody. [Media] [Career Notes]
Computer security writer, podcaster and public speaker Graham Cluley describes learning to program on his own from magazines, creating text adventure games for donations, and his journey from programming to presenting and writing with a bit of tap dancing on the side. Along the way, Graham collaborated with others and learned to communicate so that all could understand, not just techies. Our thanks to Graham for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ransomware is coming. [Research Saturday]
Jon DiMaggio, Chief Security Strategist for Analyst1, is discussing his research on "Ransomware Diaries Volume 4: Ransomed and Exposed - The Story of RansomedVC." While there is evidence to support that RansomedVC runs cybercrime operations, Jon questions the claims it made regarding the authenticity of the data it stole and the methods it used to extort victims. The research states "I uncovered sensitive information about the group's leader, Ransomed Support (also known as Impotent), relating to secrets from his past." In this episode John shares his 6 key findings after spending months engaging with the lead criminal who runs RansomedVC....
Imitation game: LastPass vs LassPass.
A LastPass imitator sneaks its way past Apples app store review. Bitdefender identifies a new macOS backdoor. The Air Force and Space Force collaborate for stronger cyber defense. CISA offers an election security advisory program. The FCC bans AI robocalls. The Feds put a bounty on the Hive ransomware group. Senators introduce a bipartisan drone security act. Cisco Talos IDs a new cyber espionage campaign. Fighting the good fight against software bloat. On our Solution Spotlight, N2K President Simone Petrella talks with Amy Kardel, Senior Vice President for Strategic Workforce Relationships at CompTIA about the cyber talent gap. And sports...
Volt Typhoons stealthy threat to US critical infrastructure.
A joint advisory warns of Volt Typhoons extended network infiltration. Check your Cisco devices for patches. Fortinet clarifies its latest vulnerabilities. Internet outages plague Pakistan on election day. Kaspersky describes the new Coyote banking trojan. Cyber insurance is projected to reach new heights. The White House appoints a leader for the AI Safety Institute, and sees pushback on proposed reporting regulations. Can we hold AI liable for its foreseeable harms? Joe Carrigan joins us with insights on the Mother of All Data Breaches. The potential of Passkeys versus the comfort of passwords. Remember to leave us a 5-star rating and...
Taking a bite out of Apple.
A security researcher has been charged in an alleged multi-million dollar theft scheme targeting Apple. A House committee hearing explores OT security. Fortinet withdraws accidental CVEs. 2023 saw record highs in ransomware payments. A youtuber finds a cheap and easy bypass for Bitlocker encryption. Political pressure proves challenging for the JCDC. New Hampshire tracks down those fake Biden robocalls. European security agencies bolster warnings about Ivanti devices. HHS fines a New York medical center millions over an identity theft ring. On our sponsored Industry Voices segment, Navneet Singh, Vice President of Marketing Network Security at Palo Alto Networks, shares some...
Cracking down on spyware.
The global community confronts spyware. Canon patches critical vulnerabilities in printers. Barracuda recommends mitigations for Web Application Firewall issues. Group-IB warns of ResumeLooters. Millions are at risk after a data breach in France. Research from the UK reveals contradictory approaches to cybersecurity. Metas Oversight Board recommends updates to Facebooks Manipulated Media policy. Weve got a special segment from the Threat Vector podcast examining Ivanti's Connect Secure and Policy Secure products. And its time to brush up on IOT security. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily...
A serious breach showdown.
Anydesk confirms a serious breach. Clorox and Johnson Controls file cyber incidents with the SEC. Theres already a potential Apple Vision Pro kernel exploit. A $25 million deepfake scam. Akamai research hops on the FritzFrog botnet. The US sanctions Iranians for attacks on American water plants. Commando Cat targets Docker API endpoints. Pennsylvania courts fall victim to a DDoS attack. A new leader takes the reins at US Cyber Command and the NSA. Our guest is Dr. Heather Monthie from N2K Networks, with insights on the White House's recent easing of education requirements for federal contract jobs. And remembering one...
Encore: Bilyana Lilly: Turn challenges into opportunities. [Policy] [Career Notes]
Cybersecurity and disinformation researcher Bilyana Lilly shares her career path from studying where she was always a foreigner to an expert on the Russian perspective. While studying international law in Kosovo, Bilyana realized there are no winners in war. Through her work, she hopes to bring a greater understanding of Russia's strategic thinking. Our thanks to Bilyana for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Weathering the internet storm. [Research Saturday]
Johannes Ullrich from SANS talking about the Internet Storm Center and how they do research. Internet Storm Center was created as a mix of manual reports submitted by security analysts during Y2K and automated firewall collection started by DShield. The research shares how SANS used their "agile honeypots" to "zoom in" on events to more effectively collect data targeting specific vulnerabilities. Internet Storm Center has been noted on three separate attacks that were observed. The research can be found here: Jenkins Brute Force Scans Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887) Scans/Exploit Attempts for Atlassian Confluence RCE Vulnerability...
A digital leaker gets 40 years behind bars.
Former CIA leaker sentenced to 40 years. Interpol arrests suspected cybercriminals and takes down servers. Cloudflare discloses a Thanksgiving Day data breach. The FBI removes malware from outdated routers. President Biden plans to veto a Republican-led bill overturning cyber disclosure rules. Attackers target poorly managed Linux systems. Infected USB devices take advantage of popular websites for malware distribution. Blackbaud faces a data deletion mandate from the FTC. Our guest is Adam Marr, CISO of Arctic Wolf, to kick off our continuing discussion of 2024 election security. A cybersecurity incident in Georgia leads to a murder suspect on the run. Remember...
Defending America against China's ominous onslaught.
Directors Wray and Easterly warn congress of threats from Chinese hackers. Myanmar authorities extradite pig butchering suspects. Automation remains a challenge. Snyk Security Labs plugs holes in Leaky Vessels. Pegasus spyware targets human rights groups in Jordan. Subtle-paws scratch at Ukrainian military personnel. White Phoenix brings your ransomed files back from the ashes. In todays Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, speaks with MDR Senior Manager Oded Awaskar, about how AI might change the world of security operations and threat-hunting. A wee lil trick for bypassing Chat GPT guardrails. Remember to leave us a...
VPN compromise causes concerns.
Global Affairs Canada investigates a major data breach. New York sues Citibank over inadequate online security. Alpha ransomware launches a dedicated leak site on the dark web. A leaked database with 50 million records may or may not be real. CISA and the FBI provide guidance for SOHO routers.Patch em if ya got em. Krustyloader exploits Ivanti weaknesses. Unit 42 tracks a large-scale scareware campaign. Alex Stamos calls Microsofts security strategies morally indefensible. Our guests are Gianna Whitver and Maria Velasquez from the Cybersecurity Marketing Society to talk about their new podcast "Breaking Through in Cybersecurity Marketing." And do you...
A Typhoon counter.
The U.S. counters a Chinese hacking campaign. Juniper issues out of band patches. Schneider Electric suffers a ransomware attack. Over a million and a half individuals are affected by an insurance consulting firm breach. AT&T finds DarkGate malware leveraging Microsoft teams. The White House is set to require AI developers to share safety test results. Resecurity finds high level credentials posted online. Zscaler says Zloader malware is back. The Georgia county prosecuting former President Trump got hit with a cyberattack. Microsofts Ann Johnson speaks with guest Deneen DeFiore, Vice President and Chief Information Security Officer at United Airlines, about cybersecurity...
Seeking dismissal of SEC allegations.
Solarwinds seeks dismissal of SEC allegations. Urgent calls to implement fixes for Jenkins open-source software automation tools. A New Jersey township closes schools and offices after a cyberattack. The Centre for Cybersecurity Belgium warns of a critical vulnerability in GitLab. The FBI arrests a notorious swatter. HHS releases cybersecurity performance goals. The feds remind organizations to preserve online messaging. Mercedes-Benz exposes data after an authentication token was left unsecured. A dark web drug dealer pleads guilty. Our guest is Caleb Barlow from Cyberbit, discussing hacker celebrities and why yours truly did not make the list. And threats of airport terrorism...
Rashmi Bharathan: Connecting is important. [Auditor] [Career Notes]
Rashmi Bharathan, an Information Technology Internal Auditor from Wintrust Financial Corporation sits down to share her story as a woman with 10 years in the IT industry and how she got her start. From childhood Rashmi always wanted to be a good leader, helping those around her, now she shares how helping people is a passion of hers and spends a lot of her time volunteering to help those coming into this industry. She says "It's all about, you should know your connections. That is more important. So I would say that networking and volunteering is really going to help...
Whats a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]
In this episode of CyberWire-X, N2Ks CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by Tim Miller, Technical Marketing Engineer for Panoptica, Cisco's Cloud Application Security solution, (Panoptica is the result of Cisco's incubation engine (Outshift) for new products and markets), and Kevin Ford, Esris CISO. They discuss the complexity reduction need that Cloud-Native Application Protection Platforms (CNAPPs) provide. Outshift by Cisco is our CyberWire-X episode sponsor.
To learn more about Cloud-Native Application Protection Platforms,check out Panopticas website athttps://panoptica.appandconsider attending theCisco Live EMEA in Amsterdam, February 5-8, 2024.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hooked on pirated macOS applications. [Research Saturday]
Jaron Bradley from Jamf Threat Labs is sharing their work on "Jamf Threat Labs discovers new malware embedded in pirated applications." Jamf Threat Labs has detected a series of pirated macOS applications that have been modified to communicate to attacker infrastructure. The research states "These applications are being hosted on Chinese pirating websites in order to gain victims." The discovery marksnew and advanced malware, similar to the ZuRu malware,first discovered by Objective-Seein 2021 within the iTerm2 application. The research can be found here: Jamf Threat Labs discovers new malware embedded in pirated applications Learn more about your ad choices. Visit...
A new purchase is cause for a call out.
Senator Wyden calls out the NSA for purchasing Americans internet records. Senators look to add IT and ICS environments to federal employee cyber competitions. The FTC asks big tech about their investments in AI. Turns out the GSA bought a bunch of Chinese security cameras. Akira ransomware claims a breach of Lush cosmetics. ESET reports on the Blackwood cyberespionage group. Wired looks at Predatory Sparrow. The U.S. stands firm on the United Nations Cybercrime Treaty. Our guest is Tony Surak, CMO & Operating Partner from DataTribe, with insights on the state of venture capital in cyber. And a Trickbot gang...
Another day, another Blizzard attack.
Cozy Bear breaches Hewlett Packard Enterprise. An investigation reveals global surveillance based on digital advertising. Cisco patches critical vulnerabilities. Meta aims to enhance the online safety of minors. iOS notifications are exploited for tracking. EquiLends systems go offline after a cyberattack. A DC theater faced financial crisis after seeing their bank account drained. Critical infrastructure is targeted in Ukraine. The latest insights on ransomware. Guest Lance Hood joins us from TransUnion to share how fraud attacks on financial industry call centers are rising. And Teslas get POwned in Tokyo. Remember to leave us a 5-star rating and review in your...
The fight against exploiting Americans.
Biden prepares executive order on foreign access to data. Britains NCSC warns of a significant ransomware increase. Cisco Talos confirms ransomware surge. BuyGoods.com leaks PII and KYC data. Fortra faces scrutiny over slow disclosure. AI fights financial fraud. Intel471 highlights bulletproof hosting. NSO Group lobbies to revamp their image. Tussling in Missouri over election security. Integrating cyber education. Our guests are N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talking about a new partnership for a comprehensive Cyber Talent Study. And the moral panic of Furbies. Remember to leave us a 5-star rating and review in your favorite...
The mother of all data breaches.
The mother of all data breaches. CISA director Easterly is the victim of a swatting incident. An AI robocall in New Hampshire seeks to sway the election. Australia sanctions an alleged Russian cyber-crime operator. Atlassian Confluence servers are under active exploitation. Apple patches a webkit zero-day. Black Basta hits a major UK water provider. Hackers who targeted an Indian ISP launch and online search portal. A Massachusetts hospital suffered a Christmas day ransomware attack. Ann Johnson host of the Afternoon Cyber Tea podcast, speaks with Caitlin Sarian, known to many as Cybersecurity Girl. And HP claims bricked printers are a...
Midnight Blizzard brings the storm.
Russian state hackers breach Microsoft. LockBit claims Subway restaurants hack. A Swedish datacenter is hit with ransomware. VMware patches a vulnerability targeted by Chinese espionage groups. Sentinel Labs warns of North Korean APTs focus on cybersecurity pros. FTC order another data broker to restrict location data. US Feds release security guidance for water and wastewater sectors. Senators question the DOJ on facial recognition technology.Ukraines Monobank gets DDoSed. N2Ks CSO Rick Howard joins us to share some insight into what he and the Hash Table are cooking up for the upcoming season of his CSO Perspectives podcast. The passing of a...
Encore: Matt Devost: Solving hard problems and pursuing your passions. [CEO] [Career Notes]
CEO, Matt Devost, describes many firsts in his career including hacking into systems on an aircraft carrier at sea. He shares how he enjoys solving hard problems and the red teamer perspective, and how he was able to translate those into a career. For those interested in cybersecurity, Matt advises opportunities for self-directed learning including heading down to your basement and building your own lab. Our thanks to Matt for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's...
A firewall wake up call. [Research Saturday]
Jon Williams from Bishop Fox is sharing their research on "Its 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable." SonicWall published advisories forCVE-2022-22274andCVE-2023-0656a year apart after finding that NGFW series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities. The research states "Our research found that the two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern." They also found that when they scanned SonicWall firewalls with management interfaces exposed to the internet, they found that 76% are vulnerable to one or both issues. The research...
New malware, new threats.
Microsoft warns of an Iranian cyberespionage group. The CyberSafety Review Board receives critical reviews of its own. VMWare warns of active product exploitation. Tax info gets leaked in accounting firm breach. Kansas State University reports a cyber incident. CISA adds Citrix Netscaler vulnerabilities to its Known Exploited Vulnerabilities catalog. Councils in the UK suffer online disruptions. Cyber insurance can be a double edged sword. More email security breaches lead to firings. In our Solution Spotlight, N2K President Simone Petrella speaks with Michelle Amante of the Partnership for Public Service With an update on the Cybersecurity Talent Initiative. And its shields...
A credential dump hits the online underground.
A massive credential dump hits the online underground. CISA and the FBI issue joint guidance on drones. TensorFlow frameworks are prone to misconfigurations. Swiss federal agencies are targets of nuisance DDoS. Cybercriminals hit vulnerable Docker servers. Quarkslab identifies PixieFAIL in UEFI implementations. Google patches Chrome zero-day. The Bigpanzi botnet infects smart TVs. Proofpoint notes the return of TA866. In our Threat Vector segment, David Moulton dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. And we are shocked- SHOCKED! - to learn that Facebook is tracking us. Remember to leave...
Exploring the cosmic frontier: Unveiling the future of space law. [Caveat]
Bryce Kennedy, President of the Association of Commercial Space Professionals (ACSP), is sharing what is on horizon in space law. Bryce is also a space lawyer and a regular contributor to our T-Minus daily space podcast right here on the N2K podcast network. You can hear more from the T-Minus space daily show here. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Caveat Briefing A companion weekly newsletter is available CyberWire Pro members on...
Maximum severity vulnerability needs critical updates.
Atlassian issues critical updates. CISA and the FBI warn of AndroxGh0st. A GPU vulnerability hits major manufacturers. A Foxconn subsidiary in Taiwan gets hacked. Australians suffer breached credit cards through credential stuffing. A parade of horrible hackers and scammers. CISO accountability is highlighted at ShmooCon. Cybersecurity VC funding plummets. On the Learning Layer, N2Ks Executive Director of Product Innovation Sam Meisenberg lets us in on an A+ tutoring session. Dont ask ChatGPT to handle your Amazon product listings. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence...
Vulnerabilities and security risks.
Ivanti products are under active zero-day exploitation. Phemedrone is a new open-source info-stealer. Bishop Fox finds exposed SonicWall firewalls. GitLab and VMware patch critical vulnerabilities. The Secret Service foils a phishing scam. Europol shuts down a cryptojacking campaign. Ransomware hits a Majorca municipality. RUSI looks at ransomware. Ben Yelin explains the New York Times going after OpenAI over the data scraping. And the sad case of an Ohio lottery winner. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a...
Putting a dent in the cybersecurity workforce gap. [Special Edition]
In this special edition of Solution Spotlight, N2K President, Simone Petrella is talking with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding DE&I initiatives.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Encore: Examining the current state of security orchestration. [CyberWire-X]
In this encore episode of CyberWire-X, N2Ks CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if its possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Encore: Kathleen Booth: Get your foot in the door and prove your worth. [Marketing] [Career Notes]
Vice President of Marketing, Kathleen Booth, shares her career path from political science and international development to marketing for a cybersecurity company. Early dreams of acting morphed into goals of making the world a better place. Chief marketer and podcaster Kathleen is doing just that. She shares how proving your worth can lead to success. Listen for Kathleen's advice on getting your foot in the door. Our thanks to Kathleen for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Dual Russian cyber gangs hit 23 companies. [Research Saturday]
Ryan Westman, Senior Manager, Threat Intelligence, eSentire's Threat Response Unit (TRU), is discussing their research "Two Russian-speaking cyber gangs attack employees from 23 different companies." They are using malicious Google ads, promoting popular business software such as Zoom, Slack, and Adobe. The customers targeted are companies in the manufacturing, software, legal, retail and healthcare industries. The attacking threat actors belong to the Russian-speaking Malware-as-a-Service (MaaS) groups called BatLoader and FakeBat. The research can be found here: Two Competing, Russian-Speaking Cybercrime Groups Attack Employees from 23 Companies in the Manufacturing, Software, Legal, Retail, and Healthcare Sectors Using Malicious Google Ads Learn...
Casting a wider hiring net.
The Feds look to cast a wider hiring net. Legislators focus on deepfakes. Cookie stealers bypass MFA on Google accounts. A Fast food hiring chat bot got hacked. Medusa casts her gaze toward extortion. Akira ransomware is active in Finland. GitLab patches critical vulnerabilities. Bosch thermostats are vulnerable to some hot firmware. CSAM vendors crypto sophistication grows. CISA released ICS advisories. On our Solution Spotlight, N2Ks Simone Petrella speaks with Kim Jones, Director of Intuit's CyberCRAFT team, about the SEC's heightened focus on cybersecurity. And a little listener feedback, Karaoke style. Remember to leave us a 5-star rating and review...
Unveiling the Shadow Strike: A zero-day assault on Ivanti VPN users.
A zero-day hits Ivanti VPN customers. CISA highlights an active MS Sharepoint Server flaw. Cisco patches a critical vulnerability. Atomic Stealer gets updates. Sensitive school emergency planning documents are exposed online. The FCC reports on risky communications equipment. The White House will introduce new cybersecurity requirements for hospitals. Mandiant explains their X-Twitter hack. Our guest is Palo Alto Networks Unit 42s David Moulton, host of the new Threat Vector podcast. And we are shocked - shocked! - to learn that an online sex for money scheme is a scam. Remember to leave us a 5-star rating and review in your...
A pivotal global menace.
The World Economic Forum names AI a top global threat. The SEC suffers social media breach. The FTC settles with a data broker over location data sales. A massive data leak hits Brazil. Chinese researchers claim and AirDrop hack. A major real estate firm suffers data theft. Pikabot loader is seeing use by spammers. Ukraines Blackhit hits Russias M9 Telecom. Stuxnet methods are revealed. A Patch Tuesday rundown. Our guest is Tim Eades from the Cyber Mentor Fund to discuss the growing prevalence of restoration as a part of incident response. And Hackers could screw up a wrench. Remember to...
Swatting on the rise.
Swatting is on the rise. LoanDepot, the Toronto Zoo and the World Council of Churches all confirm ransomware attacks. Iran-linked hackers target Albania. Sea Turtle focuses on espionage and information theft. Fake security researchers offer phony ransomware recovery services. Could AI make KYC EOL? Avast enhances Babuk decryption. Joe Carrigan looks at the human side of email security. And a group of midwives fail to deliver. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure...
A conclusion on the xDedic Marketplace investigation.
The DOJ concludes its xDedic Marketplace investigation. A cyberattack shuts down a major mortgage lender. The Swiss Air Force suffers third party breach. An update on SilverRAT. The Space Force emphasizes collaboration for effective cyber growth. The DOE announces cyber resilience funding. Merck reaches a settlement on NotPetya. NIST warns of AI threats. Our guest is Dragos CEO Robert M. Lee, with a look at intellectual property theft in manufacturing. And Chump Change fines for big tech. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup,...
Encore:Johannes Ullrich: Superhero origin stories and lessons that last. [Education] [Career Notes]
Dean of Research, Johannes Ullrich, relays his experiences from studying the hard sciences to his career shift to cybersecurity. Basic principles, superhero origin stories, physics labs and radiation all figure in. And theres a lot in common with network security best practices. Have a listen to what Johannes has learned and what he hopes to impart on his students. Our thanks to Johannes for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Diving deep into Phobos ransomware. [Research Saturday]
Guilherme Venere from Cisco Talos joins to discuss their research on "A deep dive into Phobos ransomware, recently deployed by 8Base group." Cisco Talos discovered that 8Bases Phobos ransomware payload contains an embedded configuration, which is a significant difference between 8Bases Phobos variant and other Phobos samples that have been observed in the wild since 2019. In this 2-part research series, Talos conducts a deep dive into the Phobos ransomware, including its affiliate structure, activity and capabilities, as well as the one private key that could enable decryption of all the samples analyzed. The research can be found here: A...
Disruptions to the internet.
BGP attack disrupts Internet service. Data breach law firm breached. Remcos RAT returns. Poison packages in the PyPI repository. Hacktivist personae and GRU fronts. BreachForums impresario re-arrested. Cyber National Mission Force gets a new leader. On our Solution Spotlight, Simone Petrella talks with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap. LinkedIn as a dating platform? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure to follow CyberWire Daily on...
Russian hackers hide in Ukraine telecoms for months.
Sandworm was in Kyivstar's networks for months. Museums face online outages. Emsisoft suggests a ransomware payment ban. An ambulance service suffers a data breach. Mandiants social media gets hacked. GXC Team's latest offerings in the C2C underground market. 23andMe blames their breach on password reuse. Lawyers are using outdated encryption. On todays Threat Vector segment, David Moulton chats with Garrett Boyd, senior consultant at Palo Alto Networks Unit 42 about the importance of internal training and mentorship in cybersecurity. And in Russia, holiday cheers turn to political jeers. Remember to leave us a 5-star rating and review in your favorite...
A digital disappearance in Utah.
Cyber-kidnapping in Utah. Hospitals sue for data recovery. The US Department of Homeland Security assesses cyber threats to the US. Mac malware is on the rise. Cameras hacked by Russian intelligence services provide targeting information. Ransomware roundup. An NPM dependency campaign. Google recommends enhanced safe browsing. Rob Boyce from Accenture describes the Five Families and the trend of hacker collaboration. And the FTC wants to hear your cloned voice. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat....
Apple's clickless exploit.
A zero-click exploit affects iPhones belonging to Kaspersky employees. A GRU cyber campaign incorporates novel malware. The Indian government targets Apple over hacking attempts. Microsoft disables App Installer. Australian courts AV is compromised. A BlackBasta decryptor is released. Cyber Toufan claims attacks against Israeli targets. Patients in Oklahoma face online extortion. LoanCare customers data is at risk. Google settles a private browsing lawsuit. Barracuda patches a zero-day. That Chinese spy balloon was making a local call. And then Caleb Barlow, a friend of our show, shares password security tips you should know. Remember to leave us a 5-star rating and...
Microsoft EVP Charlie Bell on the Future of Security [Afternoon Cyber Tea]
Microsoft Security EVP Charlie Bell joins Ann on this week's episode of Afternoon Cyber Tea. Charlie has over four decades in the tech industry, from developing space shuttle software to leading the creation of Amazon Web Services' decentralized engineering system and now leading Microsofts effort to makethe digital worldsafe and secure for everyone on the planet. Ann and Charlie discuss AI, the Security ecosystem, and why he thinks speed and acceleration of problem-solving are so relevant today. Resources: View Charlie Bell on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Listen to: Uncovering Hidden Risks Listen to: Security Unlocked...
Encore: Tom Quinn: The mark of making a difference. [CISO] [Career Notes]
Financial firm CISO,Tom Quinn, takes us from his first experience with modern computers in the military to his current role as a Chief Information Security Officer. It's important to understand how the technology works, but it's also important to understand how people work. And, to make a difference. Our thanks to Tom for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Encore: What malicious campaign is lurking under the surface? [Research Saturday]
Israel Barak, CISO from Cybereason, sits down with Dave to discuss their research, "Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation." Cybereason researchers recently found an attack lurking beneath the surface which was assessed to be the work of Chinese APT Winnti. Cybereason briefed the FBI and the DOJ on the investigation into the malicious campaign. The research states, "For years, the campaign had operated undetected, siphoning intellectual property and sensitive data." The team quickly made two reports on the campaign, one sharing an examination on the tactics and techniques. The second gives a detailed analysis of the...
T-Minus Overview- Space Cybersecurity. [t-minus]
Welcome to the T-Minus Overview Radio Show. In this program well feature some of the conversations from our daily podcast with the people who are forging the path in the new space era, from industry leaders, technology experts and pioneers, to educators, policy makers, research organizations, and more. In this episode were covering cybersecurity for space. What is it? What are the threats to space systems, why is there such an emphasis on it right now, and what are people doing about it? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode?...
Peter Bauer: CEO of Mimecast [Cyber CEOs Decoded]
In this episode, Marc catches up with Mimecast CEO and co-founder Peter Bauer. They cover Peter's CEO journey, including what it was like growing up in South Africa, why he opted out of attending university, highlights from Mimecast's 20-year history, and what Peter learned from taking the company public and then private again. You'll also learn: When and how to raise capital, and how to manage meeting the board's expectations. How CEOs can overcome self-doubt and continuously reimagine their role to look at challenges with new eyes. How to view the company's history as a story with chapters and eras,...
Encore: Active visibility into OT systems. [Control Loop]
Rockwell Stratix routers vulnerable to Cisco zero-day. SecurityWeeks ICS Cyber Security Conference. Malware attacks against IoT devices increase by 400%. Nuclear power plant operator cited over cybersecurity plan. CISAs ICS advisories. Guest Garrett Bladow, Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. On the Learning Lab, Mark Urban shares the second part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos Director of Intelligence Services. Control Loop News Brief. Rockwell Stratix routers vulnerable to Cisco zero-day. PN1653 | Stratix 5800 & 5200...
NACD Accelerate, Ian Furrs Volunteer Work, & Bidemi (Bid) Ologunde Member Spotlight [RH-ISAC Podcast]
In this episode of the Retail & Hospitality ISAC podcast, host Luke Vander Linden is joined by John Scrimsher, chief information security officer (CISO) at Kontoor Brands, Inc., and Marcel Bucsescu, senior director of credentialing and strategic engagement at NACD, to expand upon the NACD Accelerate program. Then Ian Furr, security integration engineer at RH-ISAC, talks about his volunteer work with the Information Technology Disaster Resource Center (ITDRC) and the Fairfax County Fire and Rescue Department. Finally, Luke chats with Bidemi (Bid) Ologunde, intelligence analyst at Expedia Group, about his own podcast, The Bid Picture, background, and the trajectory of...
Espionage and the Metaverse with Cathy Hackl [SpyCast]
Summary Cathy Hackl (Twitter, LinkedIn) joins Andrew (Twitter;LinkedIn) to discuss the potential implications of the metaverse on intelligence. Cathy has been called the Godmother of the Metaverse. What Youll Learn Intelligence What the metaverse is Security and counterintelligence in a virtual world Futurism within intelligence agencies Potential risks and consequences of the metaverse Reflections How virtual spaces can affect our physical world The necessity to evolve alongside technology And much, much more Episode Notes The web will continue to evolve and change with time, but whats coming next? And how will this evolution affect the ways that intelligence organizations around...
On this episode, Perry celebrates the one year birthday of ChatGPT by taking a look at AI from technological, philosophical, and folkloric perspectives. We see how AI was formed based on human words and works, and how it can now shape the future of human legend and belief. Guests: Brandon Karpf, Vice President at N2K Networks (LinkedIn) (Website) Dr. Lynne S. McNeill, Associate Professor at Utah State University (LinkedIn) (Twitter) Dr. John Laudun, Professor at University of Louisiana at Lafayette (LinkedIn) (Twitter) (Website) Lev Gorelov, Research Director at Handshake Consulting (LinkedIn) (Twitter) (Website) Resources Interview with the AI, part one,...
Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House's cybersecurity workforce and education strategy. [Interview Selects]
This interview from August 18th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Simone Petrella sits down with Camille Stewart Gloster, Deputy National Cyber Director at the The White House discuss the White House's cybersecurity workforce and education strategy.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire: The 12 Days of Malware. [Special Edition]
Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game!Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of...
Sentenced to hospital detention.
A Lapsus$ hacker is sentenced to hospital detention. Online ads and phishing drain crypto wallets. Cyberespionage continues. LockBit and ALPHV say they want to form a ransomware cartel. The 8220 gang's cryptojacking. DarkGate RAT's propagation. The evolution of Bandook. A prominent title insurance company takes systems offline. Rick Howard speaks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence. And Trumps Dumps lead to BidenCash. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence...
Kingdom come, kingdom fall.
German officials take down a dark web market. Google patched zero-day. Terrapin attack targets SSL. A look at payment fraud. Agent Tesla is spreading through an old vulnerability. An iPhone thief explains his techniques. Ukrainian reprisals for Russia's Kyivstar attack. Israeli officials warn of data wipers. Rick Howard speaks with Scott Roberts of Interpress about Driving Intelligence with MITRE ATT&CK, and leveraging limited resources to build an evolving threat repository. And go ahead and click that like button - just dont expect to get paid. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss...
Leading the charge in cybercrime take downs.
Interpol leads cybercrime take downs. ALPHV/Blackcat is in a tug of Tor with the FBI. The Senate confirms a new leader for Cyber Command and NSA. Rite Aid is banned from using facial recognition. CISA prepares a new approach to information sharing. Remote encryption of ransomware. CitrixBleed is exploited to access customer data. An update on the Kyivstar cyberattack. The Tallinn Mechanism solidifies Western support for Ukraine's cybersecurity. In todays Learning Layer segment, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam. And GCHQ introduces youngsters to code breaking. Remember to leave...
A dark web take down.
The FBI takes down ALPHV/BlackCat. Comcast reveals breach of nearly 36 million Xfinity customers. Microsoft and Cyberspace Solarium Commission release water sector security report. Malware increasingly uses public infrastructure. Iran's Seedworm and its telco targets. QR code scams. Feds release joint analysis of 2022 election integrity. Joint advisory on Play ransomware group. In todays Mr Security Answer Person, John Pescatore considers the risks of AI. Rick Howard talks with Lauren Brennan of GuidePoint Security about evaluating and maturing your SOC. Iranian gas stations running on empty. Remember to leave us a 5-star rating and review in your favorite podcast app....
14 million customers and stolen data.
A US mortgage company reveals major data breach. Updates from CISA. NSA provides guidance on SBOMs. MongoDB warns customers of a breach. BlackCat/ALPHV is still a market leader, but feeling competitive pressure. Reassessing the effects of Log4shell. The International Committee of the Red Cross calls for restraint in cyber warfare. Ransomware hits a cancer center. Ann Johnson, host of Microsoft Securitys Afternoon Cyber Tea podcast goes beyond basics with her guest Tanya Janca, founder of WeHackPurple. And what can I do to make you take home this chatbot today? Remember to leave us a 5-star rating and review in your...
Oren Koren: Crossing music and cybersecurity. [Career Notes]
Oren Koren, Co-Founder and Chief Product Officer from Veriti sits down to share his amazing story. Before entering the vendor side of the cyber world, Oren served for 14 years in the Israeli 8200 unit where he led a variety of cybersecurity activities and researches that eventually earned him four 8200-unit cyber innovation awards. When he left the Israel Defense Forces, he joined Check Point Software to lead their AI-based innovations and advanced data analytics projects that redefined threat hunting and SIEM applications. This eventually inspired him to start his own company, with fellow co-founder Adi Ikan. Oren shares that...
Shedding light on fighting Ursa. [Research Saturday]
Host of the CyberWire Daily podcast segment Threat Vector, David Moulton sits down with Mike "Siko" Sikorski from Palo Alto Networks Unit 42 to discuss their research on "Fighting Ursa Aka APT28: Illuminating a Covert Campaign." Unit 42 just published new threat intelligence on Fighting Ursa (aka APT28), a group associated with Russia's military intelligence, on how they are exploiting a Microsoft Outlook vulnerability (CVE-2023-23397) to target organizations in NATO member countries, Ukraine, Jordan, and the UAE. These organizations are of strategic importance in defense, foreign affairs, economy, energy, transportation, and telecommunications. The research can be found here: Fighting Ursa...
Remapping privacy.
Google boosts Maps privacy, a court shields password disclosure, feds foil a massive scam operation, Iran-Israel cyber tensions escalate, Idaho National Labs reports a significant data breach, a security engineer's cybercrime confession. N2Ks Rick Howard reports from the recent MITRE ATT&CK con, speaking with Blake Strom of Microsoft about 10 years of the MITRE ATT&CK Framework. And Brian Krebs' relentless investigation into the Target breach. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And be sure to...
Taking down the storm.
Microsoft takes down the Storm-1152 cybercrime operation. GambleForce is a newly discovered threat actor. The SVR exploits a JetBrains TeamCity vulnerability. US Postal Service impersonation. Malicious ads associated with Zoom. An update on the cyberattack against Kyivstar. Apache issues a Struts 2 security advisory. The FCC adopts new data breach rules. In our latest Threat Vector segment, David Moulton and Palo Alto Networks Madeline Sedgwick discuss the skills and methods necessary for understanding threat actor intent and behaviors. And the State Department's Global Engagement Center is under fire. Remember to leave us a 5-star rating and review in your favorite...
The United Kingdom's catastrophic ransomware attack.
The UK faces a looming threat of a catastrophic ransomware attack. The Senate confirms a new National Cyber Director. The rivalry between malware groups BatLoader and FakeBat. BazarCall phishing attack and its unusual use of Google Forms. A serious vulnerability threatens K-12 student data. Spiderman game developer Insomniac Games becomes the latest ransomware victim. Todays guest is Tim Starks from the Washington Posts Cybersecurity 202 with Chinas influence operations in Taiwan, along with a look back at 2023. We'll touch on Microsoft's Patch Tuesday and why outdated password policies are still a problem. Remember to leave us a 5-star rating...
An internet blackout.
A cyberattack on Ukraine's largest telecom operator. Ukraine's GUR claims a hit on Russia's tax service, while the fate of the ALPHV/BlackCat group remains shrouded in mystery. The Air Force disciplines members over a classified documents breach, and Apple releases urgent security updates. From Spain, a significant arrest in the Kelvin Security hacking group. On todays Industry Voices segment, my conversation with Andre Durand, CEO and Founder of Ping Identity, on digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud. Plus, a cautionary tale about burning bridges. Remember to leave us a 5-star rating and...
China sets sights on US critical infrastructure.
China allegedly targets US critical infrastructure, while a small Irish village goes without water due to an Iranian CyberAv3ngers attack. The EU sets a global precedent with new AI regulations. Unraveling the latest maneuvers of the Lazarus Group. The Sandman APT's links to Chinese cyber threats. "5Ghoul" vulnerabilities represent a new challenge in telecom security. The deceptive dangers of the MrAnon infostealer in a booking app. The GRU's phishing tactics lead to the spread of Headlace malware. On todays Solution Spotlight segment, Kristie Grinnell from DXC Technology talks with N2Ks President Simone Petrella about DXCs All in on Cyber program....
Encore: Tracy Maleeff: Ask more people to dance. [Analyst] [Career Notes]
Cyber analyst, Tracy Maleeff, shares her unexpected journey from the library to cybersecurity and offers advice for those both seeking to make a change and those doing the hiring. It's not just about the invitation, it's more than that.Our thanks to Tracy for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]
You can learn more about AWS in Orbit at space.n2k.com/aws. Baptiste Tripard is the Chief Marketing Officer at Alteia. Aiga Stokenberga is the Senior Transport Economist at the World Bank. We explore how Alteia and the World Bank are leveraging AWS's cloud, AI, and space capabilities to monitor critical road networks at scale to support large scale infrastructure investments. From road networks to bridges, they share real-world applications that are making a difference in emerging economies. AWS in Orbit is a podcast collaboration between N2K and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing,...
On the hunt for popping up kernel drives. [Research Saturday]
Dana Behling, researcher from Carbon Black, sharing their work on "Hunting Vulnerable Kernel Drivers." The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers, six of which allow kernel memory access, accepting firmware access. TAU reported the issues to the vendors whose drivers had valid signatures at the time of discovery, but only two vendors fixed the vulnerabilities. TAU is calling for more comprehensive approaches in the future than the current banned-list method used by Microsoft. The research states "By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges." The research...
Russia here, Russia there, Russia everywhere.
Legal action against Star Blizzard's FSB operators. A critical Bluetooth vulnerability has been discovered. How the GRU faked celebrity videos in its Doppelgnger campaign. The persistence of Log4j vulnerabilities. Lack of encryption as a contributor to data loss. Supply chain breaches plague the energy sector. Our guest is Allan Liska, creator of a new comic book featuring the adventures of Johnny Dollar, a hard-nosed cyber insurance investigator. And Russian activists make clever use of QR codes. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily...
New vulnerability packs a punch.
Unpacking LogoFAIL's threat to Windows and Linux. The US DHS's new healthcare cybersecurity strategy, and dual Russian influence campaigns. A look at supply chain risks, increased bot activity in retail, Meta's end-to-end encryption in Messenger and Android's Autospill vulnerability. On todays Industry Voices segment, we welcome Todd Thorsen, CISO from CrashPlan, with insights on data resiliency. And the discovery of an alleged software 'kill switch' in Polish trains. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and youll never miss a beat. And...
Push notifications pushing surveillance.
Governments target push notification metadata. Dissecting the latest GRU cyber activities. A look at Russia's AI-powered Doppelgnger influence campaigns, and how cyber warfare is evolving beyond the battlefield. We've got updates on the Adobe ColdFusion vulnerability, the expanding 23andMe data breach, and insights into the financial impacts of ransomware. Our guest is Camille Stewart Gloster, Deputy National Cyber Director for Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Plus, discover how the TSA is embracing AI for future security. Remember to leave us a 5-star rating and review in your favorite podcast...
Sleeper malware denied at Sellafield nuclear site.
The UK Government's denial of a cyber incident at Sellafield. Theres been a surge in Iranian cyberattacks on US infrastructure. Misuse of Apple's lockdown mode, the mysterious AeroBlade's activities in aerospace, and a clever "Disney+" scam. Plus The latest application security trends, and a new cybersecurity futures study. In our Industry Voices segment, On todays Industry Voices segment, we welcome Matt Radolec, Vice President of Incident Response and Cloud Operations at Varonis explaining the intersection of AI, cloud and insider threats. And insights on resilience from the UK's Deputy PM. CyberWire Guest On todays Industry Voices segment, we welcome Matt...
Iran behind attacks on PLCs.
The US and Israel attribute attacks on PLCs to Iran. Agent Raccoon backdoors organizations on three continents. XDSpy is reported to be phishing the Russian defense sector. Trends in digital banking fraud. Repojacking Go module repositories. Ann Johnson from Afternoon Cyber Tea speaks with Lynn Dohm, executive director of WiCyS, about the power of diverse perspectives. And when it comes to security, don't look to the stars. CyberWire Guest Guest is Ann Johnson from Afternoon Cyber Tea talking with Lynn Dohm, executive director of WiCyS, about the power of diverse perspectives. Tune in to Microsoft Securitys Afternoon Cyber Tea podcast...
Bernard Brantley: Tomorrow is a new day. [CISO] [Career Notes]
Bernard Brantley, CISO from Corelight sits down to share his inspiring career path with others. Bernard started at the very bottom of the tech stack, and shares how he was extremely unclear about what it was that he wanted to do in life and how he was going to get there. Ultimately he reached a point now where he has the self confidence and an incredible level of success that allows him to be authentic and proudly share his story. Bernard overcame dropping out of the military academy and was trying to figure out how he could take these big...
Exploits and vulnerabilities. [Research Saturday]
Ryan from Bishop Fox joins to describe their work on "Building an Exploit for FortiGate Vulnerability CVE-2023-27997." After Lexfo published details of a pre-authentication remote code injection vulnerability in the Fortinet SSL VPN, Bishop Fox worked up a proof of concept demo. This research share how they were able to create that proof-of-concept exploit, step by step. The researchers state "Our debugging environment consisted of a FortiGate 7.2.4virtual machine which we modified to disable some self-verification functionality. After bypassing these integrity checks, we were able to install an SSH server, BusyBox, and debugging tools such as GDB." The research can...
Wyden blocks the senate vote.
Senator Wyden blocks the Senate vote on the new NSA and Cyber Command lead. GPS interference is attributed to Iran. Meta identifies and removes Chinese and Russian accounts and groups for coordinated inauthenticity. The EU Council president proposes European cyber force with offensive capabilities. Twisted Spider is observed conducting new ransomware campaigns. Staples sustains a cyberattack. Apple releases security updates for two actively exploited zero-days. On todays Mr. Security Answer Person segment, John Pescatore joins us to talk about Microsoft's Secure Future Initiative. And how can you tell if your bot is involved in insider trading? CyberWire Guests On todays...
Widespread exploitation of severe vulnerability in ownCloud.
Reports of a Critical Vulnerability in ownCloud. Sites serving bogus McAfee virus alerts. Japans space agency reports a breach. Okta revises the impact of their recent breach. Cryptomixer gets taken down in an international law enforcement operation. "SugarGh0st" RAT prospects targets in Uzbekistan and South Korea. NATO cyber exercise runs against the background of Russia's hybrid war. On todays Threat Vector segment, David Moulton of Palo Alto Networks Unit 42 talks with guest John Huebner about the intricacies of managing threat intelligence feeds. And Russian DDoSers are looking for volunteers. Remember to leave us a 5-star rating and review in...
Major crackdown on international cybersecurity.
A major ransomware gang is taken down in an international sweep. CISA and the WaterISAC respond to the Aliquippa cyberattack. Attacks against infrastructure operators hit business systems. Qlik Sense installations are hit with Cactus ransomware. Researchers discover a Google Workspace vulnerability. A hacktivist auxiliary compromises a Russian media site. In an exclusive interview, Eric Goldstein, Executive Assistant Director at CISA, describes their new Secure by Design Alerts program launching today. Tim Starks from the Washington Post shares some insights on the latest legislation dealing with section 702 surveillance. And security teams need not polish up that resum after a breach....
Hospitals on the hotplate after ransomware attacks.
Ransomware targets healthcare organizations. WildCard deploys SysJoker malware. DPRK cryptocurrency theft. The status of Ukraine's IT Army. A Russian news outlet unmasks Killmilk. Our Industry Insights guest today is Guy Bejerano, CEO and Co-Founder of SafeBreach, discussing risk reduction in action. And theres discord on dark markets about large language models. CyberWire Guest Our Industry Insights guest today is Guy Bejerano, CEO and Co-Founder of SafeBreach, discussing risk reduction in action: the future of BAS and continuous threat exposure management. You can connect with Guy on LinkedIn and find out more about SafeBreach on their website. For links to all...
Hacktivists assemble to attack Pennsylvania water utility.
Iranian hacktivists claim an attack on a Pennsylvania water utility. North Korea's increased attention to supply-chains. Rhysida's action against British and Chinese targets. Sandworm activity puts European power utilities on alert. Neanderthals and the Telekopye bot. Mirai-based botnet activity. Our guest is Chris Betz, the new CISO of AWS Security, with insights on the upcoming AWS re:Invent conference. And just how easy is it to track the comings and goings at Mar-a-Lago? CyberWire Guest Our guest today is Chris Betz, the new CISO of AWS Security giving us some insight into what to expect at the AWS re:Invent conference. You...
Chris Hare: Find just three people. [Development] [Career Notes]
This week, we invite our very own Chris Hare, N2K's Project Management Specialist Content Developer, to join and discuss her career. Growing up, Chris shares that she wanted to be a veterinarian, which slowly turned into her becoming a writer for the first part of her career. She shares that she started off writing marketing copy for the technology and E-commerce space, writing for everyone from NASA to adopting the written voice of the comedian, Wayne Brady. She shares that she was able to come up into her career after finding three people that were willing to help her when...
Encore: Another infection with new malware. [Research Saturday]
Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot. The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection. The research can be found here: KmsdBot: The Attack and Mine Malware Learn more about your ad choices. Visit...
Solution Spotlight: Simone Petrella is speaking with Tatyana Bolton from Google about ways to tackle the cyber talent gap. [Interview Selects]
This interview from October 20th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, our very own Simone Petrella is speaking with Tatyana Bolton from Google about ways to tackle the cyber talent gap.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cops in the catfish game. [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
On the eve of the holiday season, officials in many countries issue warnings and take action against cybercrime.
CISA issues joint Cybersecurity Advisory on Citrix Bleed. Law enforcement takes down "pig butchering" operations. Altman will return to OpenAI. Israeli honeypots deployed during the war. A renaissance in electronic warfare. And a response in the form of countermeasures. Ihab Shraim, Chief Technology Officer at CSC, shares how the growing popularity of AI is giving cybercriminals a new avenue to take advantage of some of the largest companies in the world. And online safety during the holidays. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/223 Selected reading. CISA issues joint Cybersecurity Advisory on...
Threat actors with mixed motives: from the political to the financial.
OpenAI's continuing turmoil. Crypto firm sustains API attack. Konni campaign phishes with a Russian document as bait. LockBit's third-party compromise of Canadian government personnel data. Ukraine removes senior security officials under suspicion of graft. Dave Bittner sits down with Steve Winterfeld from Akamai to discuss emerging threats in the financial services sector. And Idaho National Laboratory sustains data breach. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/222 Selected reading. Company that created ChatGPT is thrown into turmoil after Microsoft hires its ousted CEO (AP News) The Doomed Mission Behind Sam Altmans Shock Ouster...
Fortunes of commerce in Silicon Valley; fortunes of war on the banks of the Dnipro.
Leadership turmoil at OpenAI. Citrix Bleed vulnerability implicated in ransomware attacks. QakBot seems to have a successor. The FSB deploys LitterDrifter in cyberespionage against Ukraine. Russian security firm says China and North Korea are the source of most cyberattacks against Russia. Privateers and auxiliaries engage targets of opportunity. Ann Johnson from Afternoon Cyber Tea talks about leading edge cyber innovation with Nadav Zafrir. And alleged war crimes may include cyber operations conducted in support of other, conventional, kinetic war crimes. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/221 Selected reading. OpenAI announces leadership...
Ian Blumenfeld: Swimming in a pool of cyber. [Research] [Career Notes]
Ian Blumenfeld, a Research Director from Two Six Technologies sits down to share his story with us. Ian begins his story by sharing he wanted to be a scientist, slowly he began to figure out and pinpoint more of what he liked about science, which ended up being math. Ian explains how math began to become a passion for him, and he eventually tried to pursue a career in it by teaching. He discovered teaching was not the thing for him and then started to move into the direction he wanted too, taking on more and more challenging roles until...
Breaking Through: Securing the advancement of women in cybersecurity. [Special Edition]
In the dynamic field of cybersecurity, its well established that creating more opportunities for diversity and inclusion is essential for developing a highly skilled workforce. As an industry, we are starting to see the fruits of that labor, but there is a growing need for diverse leadership to nurture continuous innovation and resilience in cybersecurity. As part of N2Ks 2023 Women in Cyber content series, were excited to host an engaging virtual panel discussion moderated by N2K's President Simone Petrella featuring insights, experiences, and strategies for advancing more women into leadership roles within the field. This virtual discussion explores different...
The malicious YoroTrooper in disguise. [Research Saturday]
Asheer Malhotra from Cisco Talos discussing their research and findings on "Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan." Cisco Talos' research team, released research attributing the work of the espionage-focused threat actor, YoroTrooper, to individuals based in Kazakhstan. The research states "YoroTrooper attempts to obfuscate the origin of their operations, employing various tactics to make its malicious activity appear to emanate from Azerbaijan, such as using VPN exit nodes local to that region." They also found that the YoroTrooper continues to rely heavily on phishing emails that direct victims to credential harvesting sites. The research can be found here:...
AWS in Orbit: Securing the space frontier with AI cybersecurity solutions. [T-Minus AWS in Orbit]
Buffy Wajvoda is the Global Leader for Space Solutions Architecture at AWS Aerospace and Satellite. In this extended conversation, we dive into how AWS is supporting cybersecurity in the space domain. You can learn more at AWS re:Invent. AWS in Orbit is a podcast collaboration between N2K and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can learn more about AWS in Orbit at space.n2k.com/aws. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup,...
Cyber escalation in a hybrid war, and some notes on the markets, both gray and C2C.
Scattered Spider prompts warnings from CISA and the FBI. Phobos ransomware is an affiliate crimeware-as-a-service program. A "hack-for-hire" contractor. Scama in the C2C market. Our guest is Lee Clark from the RH-ISAC with a look at Holiday Season Cyber Threat Trends. Tim Eades from Cyber Mentor Fund shares recent trends in cyber venture capital, with tips on finding a good match. And the tempo of cyber operations in Russia's hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/220 Selected reading. FBI and CISA Release Advisory on Scattered Spider Group (Cybersecurity and Infrastructure...
Shopping during wartime? Focus, people.
Cyber safety for the holidays. Using regulatory risk to pressure a ransomware victim. A call for regulatory action against a supply chain threat. Rhysida malware: a warning and a description. Extending local breaches in Google Workspace. Protestware in open-source products. GRU's Sandworm implicated in campaign against Danish electrical power providers. Jason Meller, Founder & CEO of Kolide joins us as part of our sponsored Industry Voices segment to discuss the findings from The Shadow IT Report. In this Threat Vector segment, David Moulton sits down with Sama Manchanda, a consultant at Unit 42 to discuss the fascinating world of social...
Examining the current state of security orchestration. [CyberWire-X]
In this episode of CyberWire-X, N2Ks CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if its possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together.
Learn more about your ad choices. Visit megaphone.fm/adchoices
A quick Patch Tuesday retrospective, and then a look at what the threat groups are up to.
A look back at Patch Tuesday. BlackCat uses malicious Google ads. Social engineering in the third quarter of 2023. Are small businesses in denial about ransomware? Molerats have some new tools. Israel turns to NSO Group's Pegasus to search for hostages taken by Hamas. Tim Starks from the Washington Post examines the potential aftermath of a Russian group hitting a Chinese bank. In our Learning Layer, Sam Meisenberg helps a student understand and create a strategy for the CISSP CAT. And a cyberespionage campaign is attributed to Russia's SVR. For links to all of today's stories check out our CyberWire...
The cyber underworld is getting a bit faster and a lot looser, and the gangs may be drawing some unwelcome attention.
CISA and the FBI issue an update on Royal Ransomware. A look at Smash-and-grab ransomware attacks as well as Cloud vulnerabilities. A pre-Black Friday look at card skimmers. Fences, and their place in organized cybercrime. DP World Australia restores port operations. Joe Carrigan on scammers taking advantage of the Bitrex crypto market being shut down. In our Industry Voices segment, Usama Houlila from CrossRealms International shares his insights on the pivotal role of AI in cybersecurity. And LockBit may be drawing unwelcome attention to itself. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/217...
Ransomware and DDoS hit diverse sectors. The DDoS is a nuisance, the ransomware more serious.
Australian ports are recovering from a cyberattack. SysAid is hit by Cl0p user Lace Tempest. Ransomware targets China's largest bank. LockBit doxes Boeing as Boeing hangs tough on paying ransom. Docker Engine for DDoS. Rick Howard looks at the SECs targeting of SolarWinds CISO. And Anonymous Sudan claims attacks on ChatGPT and Cloudflare. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/216 Selected reading. Freight giant DP World recovers from cyber attack, but warns investigation and remediation is 'ongoing' (ABC) DP World port operations in Australia recovering after cyber-attack (The Loadstar) Ransomware attack against...
Grace Cassy, and Associate Fellow from Ten Eleven Ventures sits down to share her career path, getting her to where she is now. Grace spent 10 years in the UK Diplomatic Service, working on global security policy in Asia, Europe, and the Americas. Earlier in her career she was an advisor to Prime Minister Tony Blair, specializing in Asia and national security. She also co-founded Epsilon Advisory Partners, a strategy and growth firm working with world-leading global technology companies and investors. Now she is a Co-founder at CyLon and is an Early Stage Investor in cybersecurity companies. She says "I...
Shields Ready for attacks against critical infrastructure. These may be indiscriminate, and they may be opportunistic.
CISA, FEMA, and Shields Ready. Ransomware operators exploit 3rd-party tools. A Bittrex bankruptcy phishing campaign. Spammers abuse Google Forms quizzes. Imperial Kitten in action against Israeli targets. Iranian cyberattacks against Israel are called "reactive and opportunistic." In our sponsored Industry Voices segment, Adam Bateman from Push Security outlines how attackers are targeting cloud identities. Luke Vander Linden from RH-ISAC speaks with Target's Ryan Miller and Leah Schwartzman about the evolving fraud landscape retailers are facing with the holidays approaching. And Sandworm and Ukraine's power grid: 2022 attacks may foreshadow the winter of 2023 and 2024. For links to all of...
No major threats showed up in yesterdays US elections, so now we can start thinking about the risk during the holidays.
CISA claims "No credible threats" to yesterday's US elections. Criminals seek to profit from the .ai top level domain. A Singapore resort sustains a cyberattack. A look ahead at holiday cyber threats. A major Chinese cyberespionage effort against Cambodia. The four cyber phases of a hybrid war. Robert M. Lee from Dragos explains how outside forces affect OT and critical infrastructure security. Our guest is Dan Neault of Imperva sharing how organizations are behind the eight-ball when relying upon real-time analytics. Cyber and electronic threats to space systems. For links to all of today's stories check out our CyberWire daily...
Cybercriminals at the service of the state, and an array of new underworld tools.
Data brokers offer information on active US military personnel. Current BlueNoroff activity. A new Gootloader variant is active in the wild. Atlassian vulnerabilities actively exploited. The prevalence of breaches. Update on a Barracuda vulnerability. Hacktivism and the cyber course of the Hamas-Israel war. Bot-hunting in Ukraine. Microsofts Ann Johnson from Afternoon Cyber Tea speaks with Sharon Barber, Chief Information Officer at Lloyds Banking Group, about cyber trends in financial services. Ben Yelin looks at the ease of purchasing US military personnel data from data brokersAnd election security is in the newsan off-year election is an election nonetheless. For links to...
Precautions, preparations, and resilience against cybercrime and hacktivism.
A precautionary shutdown at a major US mortgage lender. Call centers as targets. A push to decouple data and identity. The cyber front in the Hamas-Israeli war. Hacktivism and state-sponsored cyberattacks against Israel. The instructive case of TASS and managing influence operations. Deepen Desai from Zscaler talking about the TOITOIN Trojan. Our guest is Joe Nocera, of PwC sharing their latest Global Digital Trust Insights survey and the impact of the SEC's new cybersecurity disclosure rules. And cybercrime on the side of Ukraine (or at least, cybercrime against Russia). For links to all of today's stories check out our CyberWire...
CyberCon 2023: A unique mix of critical infrastructure and cybersecurity. [Special Edition]
As we progress in this technological age, both cybersecurity and critical infrastructure continue to be at the forefront of prevention, protection, mitigation, and recovery conversation topics. From a frontline worker to the top of the C-Suite, security is something we all should be aware of and concerned about. The CyberCon event began in 2018 and provides an opportunity to learn more about cybersecurity and critical infrastructure as well as collaborate with fellow security professionals. Dave Bittner recently spoke at CyberCon 2023 at Bismarck State College in North Dakota. While there, he had the opportunity to interview 4 members of the...
Jeffrey Wheatman: Sometimes you just need to open the raincoat. [Career Notes]
Jeffrey Wheatman, Cyber Risk Evangelist, from Black Kite joins to share his amazing story. As a strategic thought leader with extensive expertise in cybersecurity, Jeffrey Wheatman is regarded foremost as an expert in guiding public sector clients and Fortune 500 companies in connection with their cyber risk management programs. In his current role as Cyber Risk Evangelist at Black Kite, Jeffrey works to get the message out about the business impact of third-party risk and solutions to treat those risks. Jeffrey shared his career, along with is passion for cyber by explaining some of the roles he did moving up...
Aleksandar Milenkoski and JAGS from SentinelOne sits down to share their work on "Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit." After observing a new threat activity cluster by an unknown threat actor in August of this year, SentinelLabs dubbed it Sandman. The research states "Sandman has been primarily targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent." Sandman has deployed a novel modular backdoor utilizing the LuaJIT platform, they call this malware "LuaDream," which exfiltrates system and user information, paving the way for further precision attacks. The research can be...
In the offense-defense see-saw, the defense seems to be rising.
An Apache vulnerability is being used to install ransomware. Exploitation of Citrix vulnerability in the wild. AP sustains DDoS attack. HHS reaches settlement in HIPAA data breach incident. More evidence of OSINT's reach. On the Solution Spotlight: Simone Petrella and Rick Howard speak with Ben Rothke about his article and thoughts on "Is there really an information security jobs crisis?" Andrea Little Limbago from Interos joins us to discuss SEC and the disclosure rules. And, Microsoft draws a lesson from Russia's war: cyber defense now has the advantage over cyber offense. For links to all of today's stories check out...
The beginning of an international consensus on AI governance may be emerging from Bletchley Park.
Bletchley Declaration represents a consensus starting point for AI governance. Lazarus Group prospects blockchain engineers with KANDYKORN. Boeing investigates cyber incident affecting parts business. NodeStealers use in attacks against Facebook accounts. Citrix Bleed vulnerability exploited in the wild. MuddyWater spearphishes Israeli targets in the interest of Hamas. India to investigate alleged attacks on iPhones. Tim Starks from the Washington Post on the SECs case against Solar Winds. In todays Threat Vector segment David Moulton from Unit 42 is joined by Matt Kraning of the Cortex Expanse Team for a look at Attack Surface Management. And Venomous Bear rolls out some...
Hacktivism in two hybrid wars (with an excursus on gastropods).
The Hamas-Israel war continues to be marked by hacktivism. Arid Viper's exploitation of Arabic speaker's Android devices. Iran shows improved cyberespionage capabilities. A URL shortener in the C2C market. Taking down the Mozi botnet. Ransomware in healthcare. Two are Russians arrested on treason charges, accused of hacking for Ukraine. In our sponsored Industry Voices segment, Anna Belak from Sysdig shares a new threat framework for the cloud. Rick Howard previews his new online course on cyber security first principles. And no, Russia hasnt really replaced its currency with Arctic Ocean gastropods. For links to all of today's stories check out...
What would it take to get you kids into a nice, late-model malware mealkit?
Malicious packages are found attached to NuGet. Russia will establish its own substitute for VirusTotal. Commodity tools empower low-grade Russian cybercriminals. Malware mealkits, and other notes from the cyber underground. Insights from a Cybersecurity workforce study. Mr Security Answer Person John Pescatore looks at MFA. Drew Rose from Living Security on the very scary human side of cyber attacks. And more details from President Bidens Executive Order on artificial intelligence. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/208 Selected reading. IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations (ReversingLabs) Russia to launch...
Bringing AI up rightrealizing its potential without its becoming a threat. (And how deepfakes might be an informational fleet-in-being.)
The Hive ransomware gang may be back, and rebranded. Coinminers exploit AWS IAM credentials. LockBit claims to have obtained sensitive information from Boeing. Ukrainian auxiliaries disrupt Internet service in Russian-occupied territory, while internet and telecoms are down in Gaza. Deepfakes have an effect even when they're not used. Joe Carrigan explains executive impersonations on social media. Our guest is David Brumley, cybersecurity professor at Carnegie Mellon and CEO of software security firm, ForAllSecure, discussing spooky zero days and vulnerabilities. And President Biden releases a US Executive Order on artificial intelligence. For links to all of today's stories check out our...
The Malware Mash! [Bonus]
Enjoy this CyberWire classic.
They did the Mash...they did the Malware Mash...
Learn more about your ad choices. Visit megaphone.fm/adchoices
Nicole Sundin: Women helping women. [Chief Product Officer] [Career Notes]
Nicole Sundin, a Chief Product Officer from Axio sits down to discuss her career path and what it is like to be a woman in the cybersecurity field. As a UX leader, Nicole has devoted her entire career to building awareness around the benefits of usable security and human-centered security to the broader cybersecurity community. She also shares some of her background as she moved her way up the later to get to where she is today. As a female in a male-dominated industry, Nicole shares her unique insights on embracing the responsibility of serving as a role model to...
No rest for the wicked HiatusRAT. [Research Saturday]
Danny Adamitis from Lumen's Black Lotus Labs sits down to discuss their work on "No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action." Last March Lumen's Black Lotus Lab researchers discovered a novel malware calledHiatusRATthat targeted business-grade routers. The research states "In the latest campaign, we observed a shift in reconnaissance and targeting activity; in June we observedreconnaissance againstaU.S.militaryprocurementsystem,and targeting of Taiwan-based organizations." This shift in information gathering and targeting preference exhibited in the latest campaign is synonymous with thestrategic interestof the Peoples Republic of China according to the 2023 ODNI threat assessment. The...
Social engineering as a blunt instrumentalmost like swatting without the middleman.
Eastern European gangs overcome their reservations about working with anglophone criminals. Mirth Connect is vulnerable to a critical flaw. A look at a mercenary spyware strain. PepsiCo as phishbait. Ben Yelin explains the FCCs renewed interest in Net Neutrality. Our guest is Wade Baker from the Cyentia Institute with insights on measuring risk. And Europol thinks police should take a good look at quantum computing and law enforcement. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/206 Selected reading. Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction (Microsoft Security) MGM Resorts hackers...
Some intelligence services understand the value of being underestimated.
StripedFly gets reclassified. YoroTrooper is interested in the Commonwealth of Independent States. The current state of DDoS attacks. Ukrainian hacktivists deface Russian artists' Spotify pages. Trolls amplify a Musky meme. In our Industry Voices segment, Matt Howard from Virtru explains securing data at the employee edge. Our guest is Seth Blank from Valimail, to discuss email security and DMARC. And while trolls might like Mr.Musk, the crooks heart Mr. Gosling. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/205 Selected reading. Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner (Zeroday) Kazakhstan-associated YoroTrooper...
AI aint misbehavin, except when it does. Also, privateers and hacktivist auxiliaries get busy.
Teaching AI to misbehave. Ransomware's effect on healthcare downtime. Two reports on the state of cybersecurity in the financial services sector. Possible connections between Hamas and Quds Force. Ukrainian cyber authorities report a rise in privateering Smokeloader attacks. Russian hacktivist auxiliaries strike Czech targets. My conversation with Sherrod DeGrippo, host of The Microsoft Threat Intelligence Podcast. Jay Bhalodia from Microsoft Federal shares insights on multi-cloud security. And Winter Vivern exploits a mail service 0-day. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/204 Selected reading. AI vs. human deceit: Unravelling the new age of...
Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.
DDoS activity during the Hamas-Israeli war. Insurance firm reports cyber incident. Recent arrests in cybercrime sweeps. Ukrainian hacktivist auxiliaries compromise customer data at Russia's Alfa Bank. How long does it take to read the fine print? Ann Johnson from Afternoon Cyber Tea talks with Noopur Davis from Comcast about building secure tech from the start. Antonio Sanchez of Fortra shares cybersecurity challenges for enterprises including why having too many tools creates too much complexity. And hey, Mariannedont let the bedbugs bite. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/203 Selected reading. Cyber attacks...
How people get over on the content moderators.
Okta discloses a data exposure incident. Cisco works to fix a zero-day. DPRK threat actors pose as IT workers. The Five Eyes warn of AI-enabled Chinese espionage. Job posting as phishbait. The risk of first-party fraud. Hacktivists trouble humanitarian organizations with nuisance attacks. Content moderation during wartime. Malek Ben Salem of Accenture describes code models. Our guest is Joe Oregon from CISA, discussing the tabletop exercise that CISA, the NFL, and local partners conducted in preparation for the next Super BowI.And the International Criminal Court confirms that its sustained a cyberespionage incident. For links to all of today's stories check...
Jennifer Reed: Balance the gender scales. [Principal] [Career Notes]
This week, we welcome Jennifer Reed, a Principal Solutions Architect at Amazon Web Services (AWS) to sit down and share her amazing story. After Jennifer graduated high school, she immediately went into Marine Corps training, which she shared was a shock to her because she was the only woman when she got out into the fleet and every single place that she went. She eventually moved on from the military after learning some programming tools, and went into the financial services industry doing systems engineering. She got called back to active duty, and then afterwards landed at AWS. She shares...
AMBERSQUID hides in the depths. [Research Saturday]
Sysdig's Alessandro Brucato and Michael Clark join Dave to discuss their work on "AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation." Attackers are targeting what are typically considered secure AWS services, like AWS Fargate and Amazon SageMaker. This means that defenders generally arent as concerned with their security from end-to-end. The research states "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS requirement for approval of more resources, as would be the case if they only spammed EC2 instances." This poses additional challenges targeting multiple services since it requires finding and killing all miners in each exploited...
Disinformation and its often overlooked potential for denial-of-services.
Hacktivism and influence operations in the Hamas-Israel war. An OilRig cyberespionage campaign prospects a Middle Eastern government. Emailed bomb threats in the Baltic. Darkweb advertising yields insight into ExelaStealer malware. Casio discloses breach of customer data. The FCC proposes a return to net neutrality, while Consumer Financial Protection Bureau proposes data-handling rules under Dodd-Frank. Deepen Desai from ZScaler shares insights on MOVEit transfer vulnerabilities. Our own Simone Petrella speaks with Googles Tatyana Bolton about the challenges of bridging the cyber talent gap. And RagnarLocker has been taken down by international law enforcement. For links to all of today's stories check...
Vigilance isnt purely receptive. Without criticism, it will become blind with detail.
Nation-states exploit the WinRAR vulnerability. Criminals leak more stolen 23andMe data. QR codes as a risk. NSA and partners offer anti-phishing guidance. A Ukrainian hacktivist auxiliary takes down Trigona privateers. Hacktivism and influence operations remain the major cyber features of the Hamas-Israeli war. On todays Threat Vector, David Moulton speaks with Kate Naunheim, Cyber Risk Management Director at Unit 42, about the new cybersecurity regulations introduced by the SEC. Our own Rick Howard talks with Jen Miller Osborn about the 10th anniversary of ATT&CKcon. And the epistemology of open source intelligence: tweets, TikToks, Instagramstheyre not necessarily ground truth. Threat Vector...
Hacktivist discipline is inversely correlated with sincerity of commitment.
Hamas and Israel exchange accusations in a hospital strike. Using Gazan cell data to develop intelligence, and using hostages' devices to spread fear. Black Basta ransomware is out and about, again. Qubitstrike is a newly discovered cryptojacking campaign. Preparing for post-quantum security. Tim Starks from the Washington Post looks at one US Senators ability to gum up cyber legislation. In the Learning Layer, N2K's Sam Meisenberg explores the challenges and best practices of rolling out a large-scale corporate re-skilling program. And attention people of Pompei: that volcano alert is bogus. Probably. Learning Layer. On this segment of Learning Layer, N2K's...
Notes from the cyber phases of two hybrid wars. Alerts on Cisco, Atlassian vulnerability exploitation. Updated guidance on security by design.
A bogus RedAlert app delivered spyware as well as panic. BloodAlchemy backdoors ASEAN southeast asian targets. A serious Cisco zero-day is being exploited. Valve implements additional security measures for Steam. A warning on Atlassian vulnerability exploitation. Allies update their security-by-design guide. Ukrainian telecommunications providers hit by cyberattack. Ben Yelin explains attempts to tamp down pornographic deepfakes. Our guest is Ashley Rose from Living Security with a look at measuring human risk. And, as always, criminals see misery as opportunity. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/198 Selected reading. Malicious RedAlert - Rocket...
Cyber phases in two hybrid wars. A ransomware gang claims an attack against a major firm. Social engineering implicated in Shadow PC breach. Privateering, coin mining, and other worries.
Hacktivism and disinformation in the war between Hamas and Israel. LockBit claims an attack on CDW. Shadow PC's breach. Void Rabisu deploys a lightweight RomCom backdoor against the Brussels conference. Rick Howard describes Radical Asymmetric Distribution. Our guest is Jason Birmingham from Broadridge Financial Solutions with a look at asset management. And coin mining as a potential front for espionage or a staging area for sabotage. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/197 Selected reading. How hackers piled onto the Israeli-Hamas conflict (POLITICO) Israel-Gaza War Now Includes Accompanying Cyber Warfare (Channel Futures)...
Susan Hinrichs: The cross between computer science and security. [chief scientist] [Career Notes]
Susan Hinrichs,Chief Scientist atAviatrix sits down to share her story, with over 30 years in experience spanning a variety of networking and security disciplines and has held leadership and academic roles, she sits down to discuss her amazing career. Earlier in her career, Susan served as System Architect atCiscowhere she spent nine years designing and developing Centri Firewall and a variety of network security management tools. She worked as a Lecturer, Computer and Network Security for eight years at theUniversity of Illinois at Urbana-Champaign(UIUC)where she developed a hands-on Security Lab introduction course for students in her first year, and later...
Unwanted guests harvest your information. [Research Saturday]
Amit Malik from Uptycs joins us to discuss their research titled "Unwanted Guests: Mitigating Remote Access Trojan Infection Risk." Uptycs threat research teamidentified a new threat referred to as QwixxRAT. The Uptycs team discovered this tool being widely distributed by the threat actor through Telegram and Discord platforms. The research states "QwixxRAT is meticulously designed to harvest an expansive range of information from browser histories and credit card details, to keylogging insights." This newly found tool poses a risk to both businesses and individual users Unwanted Guests: Mitigating Remote Access Trojan Infection Risk Learn more about your ad choices. Visit...
Hacktivism in the war between Hamas and Israel, with a possibility of escalation. Healthcare cybersecurity. Looting FTX. CISA releases resources to counter ransomware.
Hacktivism and nation-state involvement in the cyber phases of war in the Middle East, and the use of Telegram. Russian groups squabble online. Healthcare cybersecurity and its implications for patient care. The Looting of FTX on the day of its bankruptcy. Joe Carrigan shares research from the Johns Hopkins University Information Security Institute. Our guest is Mike Walters from Action1, marking the 20th anniversary of Patch Tuesday. And CISA releases two new resources against ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/196 Selected reading. Israeli Cyber Companies Rally as Digital, Physical Assaults...
Hacktivism, auxiliaries, and the cyber phases of two hybrid wars. Challenges of content moderation. Cyberespionage in the supply chain. Dont buy all the hype, but do fix your Linux libraries.
Hacktivists join both sides of Hamas's renewed war. Disinformation and content control in social media. Storm-0062 exploits an Atlassian 0-day. Curl and Libcurl vulnerabilities. Betsy Carmelite from Booz Allen on how to expand and diversify the Cyber Talent Pool. Our guest is Kuldip Mohanty, CIO of North Dakota. And some further reflections on hacktivism and the laws of war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/195 Selected reading. False Alarm of Hezbollah Aircraft Infiltration Underlines Israeli Concern of Multi-Front War (FDD) Israel-Hamas conflict extends to cyberspace (CSO Online) Hamas-Israel Cyber War Escalates:...
Cyber phases of two hybrid wars prominently feature influence operations. Rapid Reset is a novel and powerful DDoS vulnerability. Credential phishing resurgent. And a look back at Patch Tuesday.
Cyber operations in Hamas's war, Cryptocurrency as a source of funding, and Russian hacktivist auxiliaries shifting their focus. Not all influence operations involve disinformation. Rapid Reset is a Novel DDoS attack. A resurgent credential phishing campaign. Ann Johnson from Afternoon Cyber Tea speaks with Ram Shankar Siva Kumar and Dr. Hyrum Anderson about the promise, peril, and impact of AI. Our own Rick Howard talks cyber intelligence in the medical vertical with Taylor Lehmann of Google. And a quick look back at Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/194 Selected...
The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cybercrime.
Disinformation and Hacktivism in the war between Hamas and Israel. KillNet and the IT Army of Ukraine say they'll follow ICRC guidelines. The current state of DPRK cyber operations. The Grayling cyberespionage group is active against Taiwan. A Magecart campaign abuses 404 pages. 23andMe suffers abreach. Voter records in Washington, DC, have been compromised. In our Solution Spotlight, Simone Petrella speaks with Raytheons Jon Check about supporting and shaping the next generation of the cyber workforce. Grady Summers from SailPoint outlines the importance of organizations managing and protecting access to critical data. And a look at CISOs willingness to pay...
Solution spotlight: Paths to cybersecurity. [Interview Select]
Solution Spotlight: Simone Petrella is talking with Diane Janosek, Executive Director of Capitol Technology University's Center for Women in Cyber, about paths to cybersecurity and ways to address cybersecurity workforce intelligence through education.
You can view the video of this interview here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Susie Squier: You're never alone. [President] [Career Notes]
Susie Squier, President of the Retail and Hospitality ISAC, or Information Sharing and Analysis Center, sits down to share her incredible story starting to get her into the cyber community. She first started getting into PR through an internship she did in college, then moved around a few times gaining experience everywhere she went. Susie shares some wise advice, discussing not only her managing style, but also how she handles situations, along with how she deals with adversity. She says "I also have realized over time that I'm never in this alone, whether that's your personal life or your work...
Targets from DuckTail. [Research Saturday]
Deepen Desai from Zscaler joins to take a look into their research about "DuckTail." In May of 2023, Zscaler ThreatLabz began an intelligence collection operation to decode DuckTails maneuvers. Through an intensive three-month period of monitoring, Zscaler was able obtain unprecedented visibility into DuckTails end-to-end operations, spanning the entire kill chain from reconnaissance to post-compromise. The research states "DuckTail threat actors primarily target users working in the digital marketing and advertising space. Unfortunately, the tech layoffs occurring in 2022 and 2023 introduced more eager candidates into the digital market - meaning more prime targets for DuckTail." The research can be...
Advice on security, from Washington, DC and Washington State. The Predator Files have bad news on privacy. Notes on the hybrid war. And LoveGPT is not your soulmate.
NSA and CISA release a list of the ten most common misconfigurations along with Identity and access management guidelines. The Predator Files. Cyber cooperation between Russia and North Korea. Hacktivist auxiliaries hit Australia. Hacktivists and hacktivist auxiliaries scorn the application of international humanitarian law. The direction of Russian cyber operations. Dave Bittner speaks with Andrea Little Limbago from Interos to talk about geopolitics, cyber and the C-suite. Rick Howard talks with John Hultquist, Chief Analyst at Mandiant, at the mWISE 2023 Cybersecurity Conference about cyber threat intelligence. And, finally, adventures in catphishing: LoveGPT. For links to all of today's stories...
Security risks in the hardware and software supply chains. Patches and proofs-of-concept. A look at recent incidents hitting major corporations. Online surveillance and social credit in Russia.
Apple patches actively exploited iOS 17 vulnerability. Qakbot's survival of a major takedown. BADBOX puts malware into the device supply chain. LoonyTunables and a privilege-escalation risk. Scattered Spider believed responsible for cyberattack against Clorox. Sony discloses information on its data breach. In todays Threat Vector segment, Chris Tillett, Senior Research Engineer at Palo Alto Networks and member of the Advisory Board at Titaniam Labs, joins host David Moulton to delve inside the mind of an insider threat. Dave Bittner sits down with Eric Goldstein, Executive Assistant Director at CISA, to discuss shared progress against the ransomware threat. And the Kremlin...
A phishnet for the C-suite. Rootkit delivered by typosquatting. Stream-jacking in YouTube. Risk management. Hybrid war, and the laws thereof.
EvilProxy phishes for executives. Typosquatting to deliver a rootkit. Stream-jacking on YouTube. A global look at risk management. Assistance from a diverse set of international partners. In our Solution Spotlight segment, Simone Petrella speaks with Diane Janosek, Executive Director of Capitol Technology University's Center for Women in Cyber, about paths to cybersecurity and ways to address cybersecurity workforce intelligence through education. Dave Bittner previews the 3rd annual SOC Analyst Appreciation Day with Kayla Williams of Devo. And some guidelines for hacktivists engaged in hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/190...
Where ICS touches the Internet. BunnyLoader traded in C2C markets. Phantom Hacker scams. API risks. Cybersecurity attitudes and behavior. DHS IG reports on two cyber issues. Updates on the hybrid war.
Nearly 100,000 ICS services exposed to the Internet. BunnyLoader in the C2C market. Phantom Hacker scams. API risks. Cybersecurity attitudes and behaviors. Homeland Security IG finds flaws in TSA pipeline security programs, and privacy issues with CBP, ICE, and USSS use of commercial telemetry. Kyiv prepares for Russian attacks on Ukraine's power grid. Ben Yelin on the Department of Commerce placing guardrails on semi-conductor companies. As part of our sponsored Industry Voices segment, Dave Bittner sits down with Nick Ascoli, Founder and CTO at Foretrace, to discuss the last year in data leaks. And Russian disinformation is expected to aim...
Adventures of ransomware, and other developments in cybercrime. Cyberespionage and hybrid warfare. A government shutdown averted. Cybersecurity Awareness Month is underway.
Double-tapping ransomware hits the same victim twice. Exim mail servers are found exposed to attack. Iran's OilRig deploys Menorah malware against Saudi targets. North Korea's Lazarus Group targets a Spanish aerospace firm. Update your ransomware scorecards: LostTrustis a rebrand of MetaEncryptor. Increased domestic surveillance in Russia, done partly so propaganda can be more effectively targeted. Killnet claims to have hit the British Royal family with a DDoS attack. Michael Denning, CEO at SecureG for Blu Ventures, shares developments in zero trust as a part of our Industry Voices segment. Rob Boyce from Accenture Security talks about Dark Web threat actors...
Ted Wagner: Get that hands on experience. [CISO] [Career Notes]
This week, we are joined by Ted Wagner, Chief Information Security Officer at SAP National Security Services, or SAP NS2. Ted sits down to share his story on how he got introduced into the industry and why he chose this as a career path. He went straight into the Armyas a second lieutenant in the artillery field after high school, which after his time was up he decided to move on and started working for a company that allowed him to do a management training program. After that he found himself working on IT projects which got him interested in...
Downloading cracked software. [Research Saturday]
David Liebenberg from Cisco Talos joins to discussing Talos' discovery of cracked Microsoft Windows software being downloaded by enterprise users across the globe. Downloading and running this compromised software not only serves as an entry point for threat actors, but can serve as a gateway to access control systems and establish backdoors. Talos identified additional malware, including RATs, on endpoints running this cracked software, which allows an attacker to gain unauthorized remote access to the compromised system, providing the attacker with various capabilities, such as controlling the system, capturing screenshots, recording keystrokes and exfiltrating sensitive information. This research article was...
Malicious ads in a chatbot. A vulnerability gets some clarification. Cl0p switches from Tor to torrents. Influence operations as an adjunct to WMD. And NSAs new AI Security Center.
Malicious ads in a chatbot. Google provides clarification on a recent vulnerability. Cl0p switches from Tor to torrents. Influence operations as an adjunct to weapons of mass destruction. Our guest Jeffrey Wells, former Maryland cyber czar and partner at Sigma7 shares his thoughts on what the looming US government shutdown will mean for the nations cybersecurity. Tim Eades from Cyber Mentor Fund discussing the 3 whos a cybersecurity entrepreneur needs to consider. And NSA has a new AI Security Center. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/187 Selected reading. Malicious ad served...
Buckworm APTs specialized tools. Cyberattack against Johnson Controls. Oversight panel reports on Section 702. Cyber in election security, and in the US industrial base. Hacktivism versus Russia.
The Budworm APT's bespoke tools. Johnson Controls sustains a cyberattack. The US Privacy and Civil Liberties Oversight Board reports on Section 702. The looming government shutdown and cyber risk. Cybersecurity in the US industrial base. X cuts back content moderation capabilities. In our Industry Voices segment, Nicholas Kathmann from LogicGate describes the struggle when facing low cost attacks. Sam Crowther from Kasada shares his team's findings on Stolen Auto Accounts. And Ukrainian hacktivists target Russian airline check-in systems. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/186 Selected reading. Budworm: APT Group Uses Updated...
What up in the underworlds C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And theres a market for bugs.
A Joint Advisory warns of Beijing's "BlackTech" threat activity. ShadowSyndicate is a new ransomware as a service operation. A Smishing Triad in the UAE. Openfire flaw actively exploited against servers. AtlasCross is technically capable and, above all, "cautious." Xenomorph malware in the wild. DDoS and API attacks hit the financial sector. In our Industry Voices segment, Joe DePlato from Bluestone Analytics demystified dark net drug markets. Our guest is Richard Hummel from Netscout with the latest trending DDoS vectors. And the FCC chair announces plans to restore net neutrality. For links to all of today's stories check out our CyberWire...
Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.
An advanced phishing campaign hits hospitality industry. An information-stealing campaign deploys ZenRAT. More MOVEit-related data breaches are disclosed. Mixin Network suspends deposits and withdrawals. The OpenSea NFT market warns of third-party risk to its API. Phishing for Ukrainian military drone operators. Mr. Security Answer Person John Pescatore shares thoughts in Cisco acquiring Splunk. Ann Johnson from the Afternoon Cyber Tea podcast interviews Deb Cupp sharing a lesson in leadership. And the UK adopts a hunt-forward approach to cyber war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/184 Selected reading. Luxury Hotels Major Target...
Cyberespionage in East and Southeast Asia, for both intelligence collection and domestic security, Spyware tools tracked. Shifting cyber targets in Russias hybrid war. Securing the Super Bowl.
The Gelsemium APT is active against a Southeast Asian government. A multi-year campaign against Tibetan, Uighur, and Taiwanese targets. Stealth Falcon's new backdoor. Predator spyware is deployed against Apple zero-days. An update on Pegasus spyware found in Meduza devices. Theres a shift in Russian cyberespionage targeting. A rumor of cyberwar inoccupied Crimea. In our Industry Voices segment, Amit Sinha, CEO of Digicert, describes digital trust for the software supply chain. Our guest is Arctic Wolfs Ian McShane with insights on the MGM and Caesars ransomware incident. And if youre looking for a Super Bowl pick, go with an egg-laying animaland,...
Threat intelligence discussion with Chris Krebs. [Special Edition]
In this extended interview, Simone Petrella sits down with Chris Krebs of the Krebs Stamos Group at the mWise 2023 Cybersecurity Conference to discuss threat intelligence .
Learn more about your ad choices. Visit megaphone.fm/adchoices
Merritt Baer: No one has to go down for you to go up. [CISO] [Career Notes]
This week our guest is Merritt Baer, a Field CISO from Lacework, and a cloud security unicorn, sits down to share her incredible story working through the ranks to get to where she is today. Before working at Lacework Merritt served in the Office of the CISO at Amazon Web Services, as part of a small elite team that formed a Deputy CISO. She provided technical cloud security guidance to AWS largest customers, like the Fortune 100, on security as a bottom line proposition. She also has experience in all three branches of government and the private sector and served...
Behind the Google shopping ad masks. [Research Saturday]
Maxim Zavodchik from Akamai joins Dave to discuss their research on "Xurum: New Magento Campaign Discovered." Akamai researchers have discovered an ongoing server-side template injection campaign that is exploiting digital commerce websites. This campaign targets Magento 2 shops, and was dubbed Xurum in reference to the domain name of the attackers command and control (C2) server. The research states "The attacker uses an advanced web shell named wso-ng that is activated only when the attacker sends the cookie magemojo000 to the backdoor GoogleShoppingAds component." The research can be found here: Xurum: New Magento Campaign Discovered Learn more about your ad...
Enter Sandman. A look at an initial access broker. Irans OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermudas government sustains cyberattacks.
A new APT is found: enter Sandman. Tracking an initial access broker called Gold Melody. Irans OilRig group is active against Israeli targets. Cyber ops as an instrument of soft power. Recovery and investigation in the casino ransomware attacks. In our Solutions Spotlight, Simone Petrella speaks with MK Palmore from Google Cloud about talent retention and the cybersecurity skills gap. Our guest is Kristen Marquardt of Hakluyt with advice for cyber startups. And Bermuda points to Russian threat actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/182 Selected reading. Sandman APT | A...
Dont get snatched. Trends in phishing, cyber insurance claims, and threats to academic institutions. Hacktivism in the hybrid war. Updates on the ICC attack. MGM says its casinos are back.
CISA and the FBI warn of Snatch ransomware. A look at phishing trends. Ransomware is increasingly cited in cyber insurance claims. Trends in cyber threats to academic institutions. A Russian hacktivist auxiliary disrupts Canadian border control and airport sites. The ICC remains tight-lipped concerning cyberattack. N2Ks Simone Petrella sits down with Chris Krebs at the mWise conference. In todays Threat Vector segment, David Moulton from Unit 42 takes a peek into the modern threat landscape with Wendi Whitmore, SVP of Unit 42. And MGM Resorts says its well on the way to recovery. For links to all of today's stories...
Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.
The International Criminal Court reports a "cybersecurity incident." ShroudedSnooper intrusion activity is both novel and simple. Criminal malware targets Chinese-speaking victims. The costs of insider risk. More on the casino attacks (and related social engineering capers). In our Learning Layer segment,Sam Meisenberg drops into a CISSP tutoring session and offers some test-taking tips. Our guest is Aaron Brazelton, Dean of Admissions and Advancement at the Alabama School of Cyber Technology and Engineering. And the Clorox incident shows how one company navigates unfamiliar new SEC rules. Join Sam Meisenberg as he drops into a CISSP tutoring session talking about the difference...
Ransomware in Colombia. An accidental data exposure. Cyberespionage hits unpatched systems. An attack on IT systems disrupts industrial production. Bots and bad actors.
Colombia continues its recovery from last week's cyberattacks. AI training data is accidentally published to GitHub. The cyberespionage techniques of Earth Lusca. Clorox blames product shortages on a cyber attack. Cybersecurity incidents in industrial environments. Where the wild bots are. Joe Carrigan looks at top level domain name exploitation. Our guest is Kristen Bell from GuidePoint Security with a look at vulnerability vs. exploitability. And theres talk of potential Russia-DPRK cooperation in cyberspace. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/179 Selected reading. More than 50 Colombian state, private entities hit by cyberattack...
A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraines SSU.
Cyber threats trending from East Asia. The Lazarus Group is suspected in the CoinEx crypto theft. Pig butchering, enabled by cryptocurrency. BlackCat is active against Azure storage. a Ukrainian view of cyber warfare. A US-Canadian water commission deals with a ransomware attack. Eric Goldstein from CISA shares insights on cyber threats from China. Neil Serebryany of Calypso explains the policies, tools and safeguards in place to enable the safe use of generative AI. And more details emerge in the Las Vegas casinos ransomware incidents. Danny Ocean, call your office. For links to all of today's stories check out our CyberWire...
Karl Mattson: Defer gratification. (CISO) [Career Notes]
Karl Mattson, CISO at Noname Security, joins us to share his story. Having started out as a "military brat," traveling the world as the child of a Marine, Karl later joined the Army not long after high school. In the Army, Karl was assigned the career field of intelligence analyst and started working with the NSA. He says that was a real career break. Following the Army, Karl worked in the financial services world as a CISO. At Noname, Karl began by building out internal risk and IT functions into a strong, what he calls spectacular team. Karl recommends "deferring...
A look into the emotions and anxieties of the highest levels of decision-making. [Research Saturday]
Guest Manuel Hepfer from ISTARI shares his research on cyber resilience which includes discussions with 37 CEOs to gain insight into how they manage cybersecurity risk. ISTARI and Oxford University's Sad Business School dive into the minds and experiences of CEOs on how they manage cybersecurity risk. Ask any CEO to name the issues that keep them awake at night and cybersecurity risk is likely near the top of the list with good reason. With the accelerating digitalisation of business models comes vulnerability to cyberattack. And while spending on cybersecurity increases every year, so does the number of serious incidents....
Peach Sandstorm cyberespionage. Criminal attacks against a Colombian telco and two major US casino firms. A thief in the browser. And the Greater Manchester Police are on a virtual manhunt.
"Peach Sandstorm" is an Iranian cyberespionage campaign. A Cyberattack against a telecom provider affects government and corporate online operations in Colombia. Python NodeStealer takes browser credentials. Caesars Entertainment files its 8-K. Some MGM Entertainment systems remain down. Betsy Carmelite from Booz Allen talking about how to leverage cyber psychology. Ron Reiter of Sentra outlines the threats for connected cars. And a third-party incident exposes personal data of the Manchester police. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/177 Selected reading. Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets (Microsoft) Hackers...
Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.
The MGM Resorts incident is now believed to be ransomware, and how does that inform our view of Materiality of a cyber incident? MetaStealer targets businesses. Cloud access with stolen credentials. The cloud as an expansive attack surface. Johannes Ullrich from SANS describes malware in dot-inf files. In our Industry Voices segment Dave speaks with Oliver Tavakoli, CTO at Vectra, on the complexity and challenges of cloud service security. And welcome back, or not, Your Highness the Large Language Model, Prince of Nigeria. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/176 Selected reading....
How one access broker gets its initial access (its through novel phishing). Be alert for deepfakes, US authorities say. The Pentagons new cyber strategy. And a reminder: yesterday was Patch Tuesday.
An access broker's phishing facilitates ransomware. 3AM is fallback malware. Cross-site-scripting vulnerabilities are reported in Apache services. US agencies warn organizations to be alert for deepfakes. The US Department of Defense publishes its 2023 Cyber Strategy. Ann Johnson from the Afternoon Cyber Tea podcast speaks with with Jenny Radcliffe about the rise in social engineering. Deepen Desai from Zscaler shares a technical analysis of Bandit Stealer. And a quick reminder: yesterday was Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/175 Selected reading. Malware distributor Storm-0324 facilitates ransomware access (Microsoft Security) 3AM:...
Phishing with Facebook Messenger bots. Redfly hits a national power grid. Nice platform you got thereshame if something happened to it. MGM Resorts grapples with a cybersecurity issue.
Phishing with Facebook Messenger accounts. Redfly cyberespionage targets a national grid. The exploit trade in the C2C underground market. Phishing attack exploits Baidu link. A repojacking vulnerability. A hacktivist auxiliary looks to its own interests. Ben Yelin marks the start of the Google antitrust trial. In our Industry Voices segment, Adam Bateman from Push Security explains how identities are the new perimeter.And MGM Resorts are dealing with a cybersecurity issue. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/174 Selected reading. Sponsor with batch-filed whiskers: Ballistic Bobcats scan and strike backdoor (ESET) Charming Kitten's...
UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Cyber diplomacy, free and frank..
UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Author David Hunt discusses his new book,Irreducibly Complex Systems: An Introduction to Continuous Security Testing. In our Industry Voices segment, Mike Anderson from Netskope outlines the challenges of managing Generative AI tools. And a senior Russian cyber diplomat warns against US escalation in cyberspace. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/173 Selected reading. Ransomware, extortion and the cyber crime ecosystem (NCSC) HijackLoader (Zscaler) New HijackLoader malware is rapidly growing...
Caroline Wong: A passion for teaching. [CSO] [Career Notes]
Caroline Wong, Chief Strategy Officer from Cobalt sits down to share her story of her 15+ years in cybersecurity leadership, including practitioner, product, and consulting roles. As well as being a member of our very own Hash Table, Caroline also authored the popular textbook, Security Metrics: A Beginner's Guide and teachers cybersecurity courses on LinkedIn Learning as well as hosts the Humans of InfoSec podcast. Caroline's father pushed her to start her career in engineering, she went to UC Berkeley and got accepted into their Electrical Engineering and Computer Sciences program. As a college student, she was looking for an...
No honor in being a criminal. [Research Saturday]
This week, our guest is Reece Baldwin from Kasada discussing their work on "No Honour Amongst Thieves: Unpacking a New OpenBullet Malware Campaign." TheKasadaThreat Intelligence team has recently identified a malware campaign targeting users ofOpenBullet, a tool popular within criminal communities to conduct credential stuffing attacks. This malware campaign was first uncovered when the team was digging around in a Telegram channel setup to share OpenBullet configurations. Reading through a few of the configurations they identified a function, ostensibly designed to bypass Googles reCAPTCHA anti-bot solution. Th research states "While the versatility of OpenBullets configuration files enable complex attacks, they...
Apple issues an emergency patch. Aerospace sector under attack. DPRK spearsphishes security researchers. Notes from the hybrid war, including Starlinks judgments on jus in bello.
Apple issues emergency patches. "Multiple nation-state actors" target the aerospace sector. The DPRK targets security researchers. SpaceX interrupted service to block a Ukrainian attack against Russian naval units last year. The International Criminal Court will prosecute cyber war crimes. Operation KleptoCapture extends to professional service providers. Malek Ben Salem of Accenture ponders the long-term reliability of LLM-powered applications. Our guest is Elliott Champion from CSC on how cybercriminals are taking advantage of the Threads platform. And congratulations to the SINET 16. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/172 Selected reading. BLASTPASS: NSO...
Microsoft releases results of investigation into cloud email compromise. A buggy booking service. Adversary emulation for OT networks. Identity protection trends. Notes from the hybrid war.
Microsoft releases results of their investigation into cloud email compromise. A vulnerability affects a resort booking service. Adversary emulation for OT networks. Identity protection and identity attack surfaces. Sanctioning privateers (with a bonus on vacation ideas). Rob Boyce from Accenture Security tracks new trends in ransomware. Our Threat Vector segment features Mastering IR Sniping A Deliberate Approach to Cybersecurity Investigations with Chris Brewer. And Estonia warns of ongoing cyber threats. On this segment of Threat Vector, Chris Brewer, a Director at Unit 42 and expert in digital forensics and incident response, joins host David Moulton discussing Mastering IR Sniping: A...
Agent Tesla still hits unpatched systems. Hot wallet hacks. AI and DevSecOps. Notes on Fancy Bear and NoName057(16). And some curious trends in the cyber labor market.
Theres a new Agent Tesla variant. Lost credentials and crypto wallet hacks. Tension between DevSecOps and AI. Fancy Bear makes an attempt on Ukrainian energy infrastructure. A look at NoName057(16). Tim Starks from the Washington Post's Cybersecurity 202. Simone Petrella and Helen Patton discuss People as a security first principle. And cybersecurity jobs seem to be getting tougher (say the people who are doing them). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/170 Selected reading. New Agent Tesla Variant Being Spread by Crafted Excel Document (Fortinet Blog) World's Largest Cryptocurrency Casino Stake Hacked...
In todays symposium, we talk about a new strand of Chae$ malware, some developments in social engineering, privateers in a hybrid war, cyber ops as combat support, and some default passwords.
A New variant of Chae$ malware is described. A "Smishing Triad" impersonates postal services. A MinIO storage exploit reported. Okta warns of attackers seeking senior admin privileges. LockBit compromises a UK security contractor. DDoS takes down a German financial regulator's site. Infamous Chisel as GRU combat support. Joe Carrigan on Meta uncovering a Chinese influence effort. Our guest is Connie Stack, CEO of Next DLP, discussing data breach notification procedure. And please -PLEASE- remember to change your default passwords. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/169 Selected reading. Threat Profile: Chae$ 4...
Interview Select: Jeff Welgan, Chief Learning Officer at N2K Networks is expanding on the NICE framework in strategic workforce intelligence. [Interview selects]
This interview from August 25th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Jeff Welgan, Chief Learning Officer at N2K Networks, to expand on the NICE framework in strategic workforce intelligence.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Doten: There is a rainbow of different roles in cybersecurity. [VP] [Career Notes]
This week's guest is Rick Doten, the VP of Information Security at Centene Corporation, he sits down to share his story and provide wise words of wisdom after conquering this industry for 30 years. Rick, like many others in the field started off not knowing what he wanted to do, so he tried out a few things, including doing in-user training and desktop support, eventually evolving to do systems analysis work and designing software. Rick shares that his main day to day roles are spending time helping out the corporate global CISO, CTO, and head of platform within the organization,...
Thwarting Muddled Libra. [Research Saturday]
Kristopher Russo and Stephanie Regan from Palo Alto Networks Unit 42 join Dave to talk about Threat Group Assessment: Muddled Libra. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses.
Posing threats to organizations in the software automation, BPO, telecommunications and technology industries, Muddled Libra is a threat group that favors targeting large outsourcing firms serving high-value cryptocurrency institutions and individuals.
The research can be found here:
Threat Group Assessment: Muddled Libra
Learn more about your ad choices. Visit megaphone.fm/adchoices
DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.
A VMConnect supply chain attack is connected to the DPRK.Reports of an aledgedly "fully undetectable information stealer." DB#JAMMER brute forces exposed MSSQL databases. A Cyberattack on a Canadian utility. The state of DevSecOps. A look at hacktivism, today and beyond. Betsy Carmelite from Booz Allen on threat intelligence as part of a third-party risk management program. Our guest is Adam Marr from Arctic Wolf Networks, with an analysis of Chinese cyber tactics. And a free decryptor is released for Key Group ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/168 Selected reading. VMConnect...
GREF and Earth Estries from China. GRUs Sandworm surfaces again, wielding Infamous Chisel. Hacktivist nuisances in the hybrid war. A zero-day is discovered. And the Wolverines are back online.
China deploys tools used against Uyghurs in broader espionage. The Five Eyes call out a GRU cyberespionage campaign. Russian hacktivist auxiliaries hit Czech banks and the platform formerly known as Twitter. A Spring-Kafka zero-day is discovered. Deepen Desai from Zscaler explains RedEnergy Stealer-as-a-Ransomware attacks.Luke Nelson of UHY Consulting on ransomwares impact on schools. And, hey, go Wolverines: the University of Michigan overcomes a cyberattack that delayed the academic year. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/167 Selected reading. BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps (We Live...
An international hunt bags Qakbots infrastructure. Anticipating remediation. Adversaries in the middle. More effective phishbait. Air travel disruption was a glitch, not an attack. Hybrid war update.
An international operation takes down Qakbot. Chinese threat actors anticipated Barracuda remediations. A look at adversary-in-the-middle attacks, making phishbait more effective and the emergence of a new ransomware threat. Narrative themes in Russian influence operations. My conversation with Natasha Eastman from (CISA), Bill Newhouse from (NIST), and Troy Lange from (NSA) to discuss their recent joint advisory on post-quantum readiness. Microsofts Ann Johnson from Afternoon Cyber Tea speaks with Cyber Threat Alliance President and CEO Michael Daniel about the current state of cybercrime. And when toilet bowls are outlawed, only outlaws will have toilet bowls. Listen to the full conversation...
A joint advisory on post-quantum readiness. [Special Edition]
In this extended interview, Dave Bittner sits down with Natasha Eastman from the Cybersecurity and Infrastructure Security Agency (CISA), Bill Newhouse from the National Institute of Standards and Technology (NIST), and Troy Lange from the National Security Agency (NSA) to discuss their their recent joint advisory on post-quantum readiness and how to prepare for post-quantum cryptography.
You can find the joint advisory here:
Quantum-Readiness: Migration to Post-Quantum Cryptography
Quantum computing: A threat to asymmetric encryption.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Name collision. Spawn of LockBit. Quishing the unwary and the hasty. Trends in healthcare cybersecurity. Inquiries surrounding Russias hybrid war against Ukraine.
Name collision as a DNS risk. A LockBit derivative is active against targets in Spain. QR codes as phishbait. Cybersecurity trends in Healthcare. A Russian hacktivist auxiliary hits Polish organizations, while investigation of railroad incidents in Poland continues. Ben Yelin looks at the SEC cracking down on NFTs. Mr. Security Answer Person John Pescatore opens up the listener mail bag. And a look at a probably accidental glitch affecting air travel in the UK. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/164 Selected reading. What's in a name? Strange behaviors at top-level domains...
DPRK's Lazarus Group exploits ManageEngine issues. SIM swapping as a threat to organizations. Ransomware hits a cloud provider. Spawn of LockBit. Train whistling. Influence laundering.
The DPRK's Lazarus Group exploits ManageEngine issues. A Data breach at Kroll is traced to SIM swapping. Unusually destructive ransomware hits CloudNordic. Spawn of LockBit. Polish trains are disrupted by hacktivists. Rick Howard looks at the MITRE attack framework. Our guests are Andrew Hammond and Erin Dietrick from the International Spy Museum. And Influence laundering as a long-term disinformation tactic. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/163 Selected reading. North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw (SecurityWeek) Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure (Help Net Security)...
Dina Haines: Keep the boat afloat. [Partnership manager] [Career Notes]
This week, we welcome Dina Haines, an Industry Partnership Manager with the National Security Agency's Cybersecurity Collaboration Center. Dina found from a young age, she was always interested in the field, taking after her father who worked in the space industry, paving the way for her to fall in love with the field. She worked in the private sector for a bit, moving around every now and again, eventually landing the position she works now. Dina says her day to day job is helping the NSA to bend and protect cyberspace by bringing in private industry. She says "I try...
Google's not being ghosted from vulnerabilities. [Research Saturday]
Tal Skverer from Astrix Security joins to discuss their work on "GhostToken Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts." Astrixs Security Research Group revealed a 0-day flaw in Googles Cloud Platform (GCP) on June 19, 2022, which was found to affect all Google users. The research states "The vulnerability, dubbed GhostToken, could allow threat actors to change a malicious application to be invisible and unremovable, effectively leaving the victims Google account infected with a trojan app forever." Google issued a patch to this vulnerability in April of this year, but researchers explain why this...
Phishing kits in the C2C market. Cyberespionage, Pyongyang and Beijing editions. Ransomware under the radar. A new hacktivist group says it doesnt much care for NATO corruption.
Telekopye and the rise of commodified phishing kits. Lazarus Group fields new malware. Implications of China's campaign against vulnerable Barracuda appliances. Abhubllka ransomware's targeting and low extortion demands. Malek Ben Salem of Accenture outlines generative AI Implications to spam detection. Jeff Welgan, Chief Learning Officer at N2K Networks, unpacks the NICE framework and strategic workforce intelligence. And a new hacktivist group emerges, and takes a particular interest in NATO members. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/162 Selected reading. eBay Users Beware Russian 'Telekopye' Telegram Phishing Bot (Dark Reading) Telekopye: Hunting Mammoths...
Trends in the cybercriminal underworld. The prosecution of Lapsus$ and Tornado Cash. More developments in Russias hybrid war.
Theres a new sophistication in BEC campaigns. Trends in brand impersonationcrooks still like to pretend theyre from Redmond. The future of Russian influence operations in the post-Prigozhin era. Andrea Little Limbago from Interos shares insights on the new cyber workforce strategy. In our latest Threat Vector segment David Moulton of Palo Alto Networks is joined by Stephanie Ragan, Senior Consultant at Unit 42 to discuss Muddled Libra. And more on the doxing of a deputy Duma chair, who seems to have been selling hot iPhones as a side hustle (maybe). And the growing problem of Synthetic identity fraud. On this...
A creepy new geolocation payload for Smoke Loader. Speed of criminal attack, malware delivery, and the evolution of malicious AI. Ransomware at a Belgian social services agency.
The Smoke Loader botnet has a creepynew payload. Ransomware gets faster. How AI has evolved in malicious directions. The Snatch ransomware gang threatens to snitch. The FSB continues to use both USBs and phishing emails as attack vectors. A ransomware attack shutters Belgian social service offices. Tim Starks from the Washington Post explains a Biden administration win in a DC court. Our guest Ben Sebree of CivicPlus describes how the public sector could combat cybercrime during cloud adoption. And the deadline for comment on US cybersecurity regulations? Its been extended. For links to all of today's stories check out our...
A cyberespionage operation of unclear provenance shifts its targets. Cyberattacks on voting in Ecuador. Other notes from the cyber underworld. And doxing the Duma.
HiatusRAT shifts its targets. Ecuador's difficulties with voting is attributed to cyberattacks. Carderbee is an APT targeting Hong Kong. auDA (OOO-duh) turns out not to have been breached. Ukrainian hacktivists claim to dox a senior member of Russia's Duma. Russian influence operations take aim at NATO's July summit. Joe Carrigan describes attacks on LinkedIn accounts. Our guest is John Hernandez from Quest to discuss why he believes the MOVEit flaw is a wakeup call for CISOs. Security, not by obscurity, but by typo. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/160 Selected reading....
DPRK tried to hit RoK-US military exercises. Australian domain administrator auDA may have been breached. WoofLocker's tech support scam. US warns of cyber threats to space systems.
The DPRK's Kimsuky attempts to hit joint military exercises. Australian domain administrator auDA (OW-duh) may have been breached. WoofLocker's version of a tech support scam. The US Intelligence Community warns of cyber threats to space systems. Rick Howard looks at forecasting cyber risk. Deepen Desai from Zscaler shares ransomware trends. And more wartime disinformation out of Russia. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/159 Selected reading. Suspected N. Korean Hackers Target S. Korea-US Drills (SecurityWeek) N. Korean Kimsuky APT targets S. Korea-US military exercises (Security Affairs) North Korean hackers target US-South Korea...
Luke Vander Linden: With age comes knowledge. [VP] [Career Notes]
This week, our guest is Luke Vander Linden, Vice President of Membership & Marketing from RH-ISAC and host of the RH-ISAC podcast here at the CyberWire. Luke sits down to share his story all the way back to when he was a very young age where he was a child model and actor to where he is now working in the cyber industry. Luke fell into the marketing field after his time as a child actor, where he really started to find his passion. After finding his passion, he decided to branch out to different areas in the field, working...
Politicians targeted by RomCom. [Research Saturday]
Dmitry Bestuzhev from Blackberry joins to discuss their work on "RomCom Resurfaces: Targeting Politicians in Ukraine and U.S.-Based Healthcare Providing Aid to Refugees from Ukraine." Research suggests that the RomCom threat team has been tracked carefully following the geopolitical events surrounding the war in Ukraine, and are now targeting politicians in Ukraine who are working closely with Western countries. This group is different from others in that their focus is more onsecrets or information which can be useful in geopolitics and specifically the war in Ukraine, instead of financial gain. The research says "Although it is unclear at this point...
Phishing for Zimbra credentials. Developments in PlayCrypt and Cuba ransomware. #NoFilter exploitation. Cyber gangs (and some services) threaten security researchers. Anglo-Saxonia update.
Phishing for Zimbra credentials. PlayCrypt ransomware described. The Cuba ransomware group adopts new tools. #NoFilter. Cyber criminals threaten security researchers. Our guest is Kevin Paige from Uptycs with thoughts on the Blackhat conference. Eric Goldstein, Executive Assistant Director at CISA joins us discussing next steps on the Secure by Design journey. And Russian disinformation takes on "Anglo-Saxonia." For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/158 Selected reading. Mass-spreading campaign targeting Zimbra users (We Live Security) PlayCrypt Ransomware Group Wreaks Havoc in Campaign Against Managed Service Providers (Adlumin SaaS Security) Cuba Ransomware Deploys New...
A seemingly legitimate but actually bogus host for a proxy botnet. PowerShell Gallery vulnerabilities. Cyber incident at Clorox. Scamming would be beta-testers. Cyber updates from Russias hybrid war.
Building a proxy botnet. Active flaws in PowerShell Gallery. A cyber incident disrupts Clorox. Scams lure would-be mobile beta-testers. Lessons learned from the Russian cyberattack on Viasat. An update on cyber threats to Starlink. Robert M. Lee from Dragos shares his thoughts on the waves of layoffs that have gone through the industry. Steve Leeper of Datadobi explains mitigating risks associated with illegal data on your network. And hey, world leader: its never too late to stop manifesting a chronic cranio-urological condition, as they more-or-less say in the Quantum Realm. For links to all of today's stories check out our...
China accuses the US of cyberespionage. Backdoors found in NetScaler. Account hijacking campaigns. Raccoon Stealer gets an update. Cryptocurrency recovery scams. Narrative control in the hybrid war.
China accuses the US of installing backdoors in a Wuhan lab. NetScaler backdoors are found. A Phishing scam targets executives. LinkedIn sees a surge in account hijacking. Raccoon Stealer gets an update. Cryptocurrency recovery scams. We kick off our new Learning Layer segment with N2Ks Sam Meisenberg. And a Moscow court fines Reddit and Wikipedia, for unwelcome content about Russia's war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/156 Selected reading. Ministry warns of data security risks after US agencies identified behind cyberattack on Wuhan Earthquake Monitoring Center (Global Times) China accuses U.S....
Investigating Chinas Storm-0558. Monti ransomware is back. Evasive phishing. Realtors MLS taken down in ransomware incident. News from Russias hybrid war. And in-game scams.
New targets of Chinese cyberespionage are uncovered. Monti ransomware is back. An evasive phishing campaign exposed. A Realtors' network taken down by cyberattack. A closer look at NoName057(16). Perspective on cyberwar - remember Pearl Harbor, but dont see it everywhere. Ben Yelin on the Consumer Financial Protection Bureaus plans to regulate surveillance tech. Microsofts Ann Johnson and Charlie Bell ponder the future of security. And scammers are targeting kids playing Fortnite and Roblox. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/155 Selected reading. Chinese spies who read State Dept. email also hacked GOP...
Attacks on industrial systems in Europe and Africa. LolekHosted arrests. Notes from the hybrid war. The CSRB will investigate the cyberespionage campaign that exploited Microsoft Exchange.
An African power generator has been targeted by ransomware. The APT31 group is believed to be responsible for attacks on industrial systems in Eastern Europe. There have been arrests related to the takedown of LolekHosted. Ukraine's SBU has alleged that Russia's GRU is using specialized malware to attack Starlink. Microsoft has decided not to extend licenses for its products in Russia. Rick Howard opens his toolbox on DDOS. In our Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House release of its cybersecurity workforce and education strategy. And the Cyber Safety Review Board will be investigating cases...
Dr. Georgianna Shea: Don't wait to take the initiative. [Technologist] [Career Notes]
Dr. Georgianna Shea, the Chief Technologist at the Transformative Cyber Innovation Lab at the Foundations for Defensive Democracies (FDD) sits down to share her incredible story, moving around to different roles and how that has lead her to where she is today. Her careers have taken her to many different states throughout the years, as she has learned and grew into the roles she took on, from Hawaii to D.C., Dr. Shea has done it all. Sharing some advice, Dr. Shea says "My words of wisdom are take advantage of every opportunity and don't wait for anybody. I try to...
It's raining credentials. [Research Saturday]
Alex Delamotte from SentinelLabs joins Dave to discuss their work on "Cloudy With a Chance of Credentials | AWS-Targeting Cred Stealer Expands to Azure, GCP." As actors find more ways to profit from compromising services, SentinelLabs finds that cloud service credentials are becoming increasingly targeted. The lack of threats explicitly targeting Azure and GCP credentials up to this point means there are likely many fresh targets. The research states "These campaigns share similarity with tools attributed to the notorious TeamTNT cryptojacking crew. However, attribution remains challenging with script-based tools, as anyone can adapt the code for their own use." The...
Tehrans social engineering. CSRB reports on Lapsus$. Call for comment on open-source standards. Coping with a tight labor market. Two private sector incidents in Russias hybrid war.
Charming Kitten collects against Iranian expatriate dissidents. The Cyber Safety Review Board reports on Lapsus$. A Call for comment on open-source, memory-safe standards. How NSA is coping with the cyber labor market. Yandex is restructuring. The Washington Posts Tim Starks joins us with the latest cyber security efforts from the DOD. Our guest is Dan L. Dodson, CEO of Fortified Health Security with insights on protecting patient data. And How Viasat was hacked. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/153 Selected reading. Germany says Charming Kitten hackers target Iran dissidents (Deutsche Welle)...
A new Magecart campaign. Gootloaders legal bait. Cryptowallet vulnerabilities. News from the hybrid war. And DARPAs AI Cybersecurity Challenge.
A New Magento campaign is discovered. Gootloader malware-as-a-service afflicts law firms. Researchers find security flaws affecting cryptowallets. Panasonic warns of increasing attacks against IoT. A Belarusian cyberespionage campaign outlined. The five cyber phases of Russia's hybrid war, and lessons in resilience from Ukraine's experience. In our Threat Vector segment, Kristopher Russo, Senior Threat Researcher for Unit 42 joins David Moulton to discuss Muddled Libra. Kayla Williams from Devo describes their work benefiting the community at BlackHat. And a new DARPA challenge seeks to bring artificial intelligence to cybersecurity. On this segment of Threat Vector, Kristopher Russo, Senior Threat Researcher for...
Cyberespionage by several intelligence services, some of contracted out. Developments in the cyber underworld. Vulnerabilities reported in CPUs. Some notes on Patch Tuesday.
Reports of a Wide-ranging cyberespionage campaign by China's Ministry of State Security. EvilProxy phishing tool targets executives, and defeats multifactor authentication. Vulnerabilities in CPUs. Yashma ransomware targets a wide range of countries. MacOS threat trends. Is there a Russian attempt to disrupt British elections? Rob Boyce from Accenture checks in from the Blackhat conference. Maria Varmazis talking with Black Hat Aerospace Village's Kaylin Trychon and Steve Luczynski. Ukraine claims to have stopped a Russian spyware campaign. And Patch Tuesday has come and gone, but the vulnerabilities remainunless, of course, youve applied the patches. For links to all of today's stories...
Challenges to intelligence-sharing. The complexity of supply-chain security. Ransomware developments. Notes on Russias hybrid war, including possible sensor data manipulation.
Reports on a 2020 Chinese penetration of Japan's defense networks. MOVEit-connected supply chain issues aren't over. Akamai looks at the current state of ransomware. Mallox ransomware continues its evolution. Machine identities and shadow access. Ukrainian hacktivist auxiliaries hit Russian websites. Joe Carrigan unpacks statistics recently released by CISA. Our guest is Jeffrey Wheatman from Black Kite discussing the market shift from SRS to cyber risk intelligence. And radiation sensor reports from Chernobyl may have been manipulated. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/150 Selected reading. China hacked Japans sensitive defense networks, officials...
Pyongyangs new friendship with Moscow apparently only goes so far. Reptile rootkit in the wild. Cloudzy updates. Cl0ps torrents. And notes on cyber phases of Russias hybrid war.
North Korean cyberespionage against a Russian aerospace firm. The Reptile rootkit is used against South Korean systems. An update on Cloudzy. Cl0p is using torrents to move data stolen in MOVEit exploitation. Andrea Little Limbago from Interos wonders about the dangers of jumping head first into new technologies? Rick Howard ponders quantum computing. And Meduza is back on Apple Podcasts. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/149 Selected reading. Exclusive: North Korean hackers breached top Russian missile maker (Reuters) North Korean hackers stole secrets of Russian hypersonic missile maker (Euractiv) Comrades in...
Manuel Hepfer: Discipline, self motivation, and steam. [Research] [Career Notes]
Manuel Hepfer a cybersecurity researcher from ISTARI sits down to share his story with us. Manuel shares as a kid he was very interested in STEM, and in school he remembered a programming class that he fell in love which made him want to pursue a career in cyber. Studying at the University of Oxford he began working towards acquiring a degree in Cybersecurity and Strategic Management. He found research to be a passion and wanted to share his passion, he decided he wanted to publish, so Manuel published an article in MIT Sloan management review that's titled "Make Cybersecurity...
Who is that stealing my credentials? [Research Saturday]
Aleksandar Milenkoski from SentinelOne joins to discuss their work on "Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence." Researchers have been tracking the North Korean APT group Kimsuky and their attempt at a social engineering campaign targeting experts in North Korean affairs. The research states "The campaign has the objective of stealing Google and subscription credentials of a reputable news and analysis service focusing on North Korea, as well as delivering reconnaissance malware." Kimsuky has been tracked engaging in extensive email correspondence using spoofed URLs and extensive email correspondence, along with Office...
2022s top exploited vulnerabilities are still a risk. Rilide in the wild. Abusing a legitimate tool. Malicious PyPi packages. A brief update on the cyber aspects of Russias hybrid war.
The Five Eyes warn against top exploited vulnerabilities. The Rilide info stealer in the wild. Malicious PyPI packages. Valerie Abend, Global Cyber Strategy Lead from Accenture, unpacks the Securities and Exchange Commissions recently announced cyber regulations. In our Solution spotlight: Our own Simone Patrella speaks with Microsofts Ann Johnson on how Microsoft is attracting and retaining top cyber talent. And cyber attacks continue to gutter on both sides of Russia's war against Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/148 Selected reading. CISA, NSA, FBI, and International Partners Release Joint CSA on...
Action in the cybercriminal underworld. Russias FSB and SVR are both active, and so are their hacktivist auxiliaries. NSA offers advice on configuring next-generation firewalls.
Open Bullet malware is seen in the wild. Threat actors exploit a Salesforce vulnerability for phishing. BlueCharlie (thats Russias FSB) shakes up its infrastructure. Midnight Blizzard (and thats Russias SVR) uses targeted social engineering. How NoName057(16) moved on to Spanish targets. Robert M. Lee from Dragos shares his reaction to the White Houses national cybersecurity strategy. Our guest Raj Ananthanpillai of Trua warns against oversharing with ChatGPT. And NSA releases guidance on hardening Cisco next-generation firewalls. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/147 Selected reading. No Honour Amongst Thieves: A New OpenBullet...
An illicit market in account restoration. Resilience and the cyber workforce: a snapshot. New post-exploitation technique in Amazon Web Services.
An illicit market in account restoration. Resilience and the cyber workforce. New post-exploitation techniques in Amazon Web Services. Incursions into Norwegian government networks went on for four months. Rob Boyce from Accenture Security describes a Perfect Storm in the Dark Web threat landscape. Carole Theriault shares mental health social media warnings for teens. And theRussian legislation seeks to reduce or eliminate online privacy. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/146 Selected reading. Amazon employees leak secret info that marketplace sellers can buy on Telegram (CNBC) Cyber Workforce Benchmark Report (Immersive Labs) Mitiga...
Cyberespionage tradecraft, including shopping in the C2C market. Seeking satcom resilience. Sanctions against disinformation. A quick look at current OT threats.
C2-as-a-service with APTs as the customers. Cyberespionage activity by Indian APTs. Gamers under attack. StarLink limits Ukrainian access to its systems. The EU levies new sanctions against digital information manipulation. Ukraine's Security Service takes down money-laundering exchanges. Ben Yelin unpacks fediverse security risks. Our guests are Mike Marty, CEO of The Retired Investigators Guild, & Tom Brennan, executive director of CREST, discussing their efforts on cybercrime investigation and cold case resolution. And Nozomi's OT IoT security report, sees a lot of opportunistic, low-grade whacking at industrial organizations. For links to all of today's stories check out our CyberWire daily news...
The US has a new cyber workforce and education strategy. US hunts disruptive Chinese malware staged in US networks. Malware warnings, and an update on Russias hybrid war.
The US issues a National Cyber Workforce and Education strategy. Hunting Chinese malware staged in US networks. CISA warns of Barracuda backdoor. WikiLoader malware is discovered. P2Pinfect is a malware botnet targeting publicly-accessible Redis servers. Johannes Ullrich from SANS describes attacks against YouTube content creators. Rick Howard previews his conversation with AWS Ciso CJ Moses. And Russias SVR continues cyberespionage against Ukrainian and European diplomatic services. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/144 Selected reading. FACT SHEET: Biden-Harris Administration Announces National Cyber Workforce and Education Strategy, Unleashing Americas Cyber Talent (The White...
Morgan Adamski: Seeing around corners. [Collaboration] [Career Notes]
Morgan Adamski from the National Security Agency (NSA) sits down to talk about her path to getting into cybersecurity. Remembering back to when she was a kid, she recalls using old technology to chat with friends online, that's where it all began for Morgan. She shares how in high school she fell in love with the concept of debating and being on a team. During her high school career, 9/11 occurred, and she became fascinated with who was behind the biggest attack America had seen in the 21st century, driving her to pursue a degree in National Security. Coming out...
Phishing for leeches. [Research Saturday]
Ashlee Benge from ReversingLabs discussing their research titled "Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks." Researchers recently discovered over a dozen malicious packages published to the npm open source repository. These packages are targeting Microsoft 365 users and appear to target application end users while also supporting email phishing campaigns. Research supports that the malicious campaign encompassed more than a dozen files designed to steal sensitive user credentials. The research states "This most recent campaign caught our attention because of a number of features and characteristics in related npm packages that correlate with malicious intent." The...
A new joint advisory from the US and Australia. BackConnect evolution. Cl0p counts coup. Ransomware trends. DDoS for influence. Its dot-mil, Nigel.
A joint warning on IDOR vulnerabilities. IcedIDs BackConnect protocol evolves over one year. Cl0p claims to have accessed data from another Big Four accounting firm. Ransomware victims increased significantly in 2023. Cyberattacks support influence operations. Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger joins us to discuss the Biden Administration's recent cyber initiatives. Eric Goldstein, Executive Assistant Director at CISA, looks at cybersecurity performance goals. And spelling counts. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/143 Selected reading. Preventing Web Application Access Control Abuse (Joint Cybersecurity Advisory: ACSC, NSA, CISA)...
Mirai hits the honeypots. Medical device telemetry attacked. More on infostealers in the C2C market. Third-party risk management practices. Cyber skills gaps in the UK. SiegedSec hits NATO sites
The Mirai botnet afflicts Tomcat. CardioComm services are downed by cyberattack. Uptycs calls infostealers organization killers" as related security incidents double in a year. Legacy third-party risk management practices meet with dissatisfaction. Cyber skill gaps reported in the UK's workforce. Our guest is George Prichici of OPSWAT with a look at a Microsoft Teams vulnerability. Our new Threat Vector segment features a conversation with David Moulton and Michael Sikorski on the potential threats from LLMs and AI.And SiegedSec hits NATO sites. On this first segment of Threat Vector, Michael "Siko" Sikorski, CTO & VP of Engineering for Unit 42, joins...
A malign AI tool: FraudGPT. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. And a kinetic strike against a cyber target.
FraudGPT is a chatbot with malign intent. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. Tim Starks from Washington Post's Cybersecurity 202 on the White Houses new National Cyber Director nominee. Maria Varmazis speaks with David Luber, Deputy Director of NSA's Cybersecurity Directorate, on space systems as critical infrastructure. And a kinetic strike against a cyber target: Ukrainian drones may have hit Fancy Bears Moscow digs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/141 Selected reading. FraudGPT: The Villain Avatar of...
Norway continues to investigate a cyberattack. The view from Russia. Trends in data breaches, ransom payments, and security self-perception. Apple patches iOS.
A zero-day attack of undetermined origin targets government offices in Norway. Russia accuses the US of cyber aggression. Data breaches exact a rising cost. 74% of survey respondents say their company would pay ransom to recover stolen or encrypted data. Executives and security teams differ in their perception of cyber threat readiness. Mr. Security Answer Person John Pescatore looks at risk metrics. Joe Carrigan on a new dark market AI tool called Worm GPT. And Apple issues urgent patches. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/140 Selected reading. Norway says Ivanti zero-day...
DPRKs RGB shows improved targeting and tool-sharing. Cl0p updates. Two new RATs. Weak radio encryption standard. Razzlekhan will cop a plea.
North Korea's increasingly supple cyber offensives. A look at Cl0p. The NetSupport RAT's fake update vectors. HotRat is a Trojan that accompanies illegally pirated software and games. Crackable radio encryption standard: a bug or a feature? Chris Novak from Verizon discusses ransomware through the lens of the DBIR. Carole Theriault describes a ransomware attack that hit close to home. And an alleged money-laundering crypto-rapper is back in the news. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/139 Selected reading. North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack | Mandiant (Mandiant)...
Don Welch: Being a good leader. [CIO] [Career Notes]
Don Welch, Chief Information Officer from New York University sits down to share his exciting start into his cyber career. Much like many other people who started in this industry, Don went into the military, which is where it all started for him. He was told he needed to take two specialties, and so along with mechanical engineering, he decided to go into computer science as well. After taking his two crafts, he decided to leave the Army and go into the civilian world where he took a couple jobs in cyber. He landed a few jobs at different prestigious...
Infostealer Malware 101: mitigating risks and strengthening defenses against this insidious threat. [CyberWire-X]
With the relentless advancements in technology and a workforce more digitally-enabled than ever before, businesses today face an unprecedented challenge of protecting their sensitive information from cybercriminals. Infostealer malware, often disguised as innocuous files or hidden within legitimate-looking emails, stealthily infiltrate employee and contractor devices managed and unmanaged exfiltrating all manner of data for the purposes of executing follow-on attacks including ransomware. The data at risk includes customer details, financial information, intellectual property, and R&D plans stolen from compromised applications that were accessed from infostealer-exfiltrated authentication data like credentials and active session cookies/tokens. This episode digs into the proliferation of...
Welcome to New York, it's been waitin' for you. [Research Saturday]
Joshua Miller from Proofpoint joins Dave to discuss findings on "Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware." In mid May, TA453, also known as Charming Kitten, APT42, Mint Sandstorm, and Yellow Garuda, was found sending a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. The research states that "the email solicited feedback on a project called Iran in the Global Security Context and requested permission to send a draft...
Cyberespionage and developments in the cyber underworld, including an offering in the C2C market. Russian hacktivist auxiliaries stay busy (and so do their masters in the organs).
The Lazarus Group targets developers. Threat actors target the banking sector with fake LinkedIn profiles and open source supply chain attacks. Vulnerabilities reported in OpenMeetings. HTML smuggling is sold in the C2C market. Johannes Ullrich from SANS describes attacks against niche web apps. Our guest is Damir Brecic of Inversion6 discussing the privacy and security concerns of Meta's new Threads app. And Romania's SVR reports a pattern of Russian cyberattacks. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/138 Selected reading. GitHub warns of Lazarus hackers targeting devs with malicious projects (BleepingComputer) Cyberattack on...
Malvertising meets SEO poisoning. Fast moving on MOVEit exploit remediation. Ransomware trends. Cyberespionage, sanctions, and influence ops. Ave atque vale Kevin Mitnick.
Sophos analyzes malvertising through purchased Google Ads. The MOVEit vulnerability is remediated faster than most. The DeliveryCheck backdoor is used against Ukrainian targets. SORM is under stress. Ukrainian police roll up another bot farm working in support of Russian influence operations. AJ Nash from ZeroFox provides insights on the White House cybersecurity labeling program. David Moulton from Palo Alto Networks Unit 42 introduces his new segment "Threat Vector." And we bid farewell to Kevin Mitnick. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/137 Selected reading. Bad ad fad leads to IcedID, Gozi infections...
Patches and exploits. Watching threats develop in the dark web. Spyware vendors added to the US Entity List. WhatsApp risk. And notes from the hybrid war.
Vulnerabilities are identified and patched in Citrix Netscaler products and Adobe Coldfusion. The banking sector should be monitoring the dark web for leaked credentials and insider threats. Spyware vendors are added to the US Entity List. WhatsApp accounts may be at risk. Verizons Chris Novak shares insights on Log4j from this years DBIR. Our guest is Candid West of Acronis discussing the findings of their Year-end Cyberthreats Report. Skirmishes in the cyber phases of Russia's war. And how do you demobilize cyber forces (especially the auxiliaries) once the war is over? For links to all of today's stories check out...
Some guidance from the US government (including device security labels). Supply chain security. Developments in the cyber underworld (including a gang with some perverse integrity).
The US Federal government issues voluntary security guidelines. Possible privilege escalation within Google Cloud. An APT compromises JumpCloud. FIN8 reworks its Sardonic backdoor and continues its shift to ransomware. Ben Yelin looks at privacy legislation coming out of Massachusetts. Our guest is Alastair Parr of Prevalent discussing GDPR and third party risk. And some noteworthy Russian cyber crimethey dont seem to be serving any political masters; they just want to get paid. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/135 Selected reading. Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect...
Developments in the C2C market. Cyberespionage against Westminster. Notes from Russias hybrid war. And dont take that typo to Timbuktu.
WormGPT is a new AI threat. TeamTNT seems to be back. Chinese intelligence services actively pursue British MPs. Gamaredon's quick info theft. Russias FSB bans Apple devices. The troll farmers of the Internet Research Agency may not yet be down for the count. Anonymous Sudan claims a "demonstration" attack against PayPal, with more to come. Carole Theriault looks at popular email lures. My conversation with N2K president Simone Petrella on the White Houses National Cybersecurity Strategy Implementation Plan. And, friends, dont take this typo to Timbuktu. For links to all of today's stories check out our CyberWire daily news briefing:...
Jennifer Addie: Finding creative solutions. [COO] [Career Notes]
Jennifer Addie, COO and CWO from VentureScope and MACH37 Cyber Accelerator sits down to share her incredible story, bringing creativity into the cyber community. Growing up Jennifer always loved the human side of things, and learning that she had a knack for computers helped her to realize what type of field she wanted to pursue as an adult. She started working jobs dealing in programming, database administration, product development, and it was there in the design of those products where she felt the deep need for security, emerging as critical in her consciousness. She shares how she likes to be...
SCARLETEEL zaps back again. [Research Saturday]
Michael Clark from Sysdig joins with Dave to discuss their research on SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. New research from Sysdig threat researchers found that the group continues to thrive with improved tactics. Most recently, they gained access to AWS Fargate, a more sophisticated environment to breach, thanks to their upgraded attack tools. The research states "In their most recent activities, we saw a similar strategy to what was reported in the previous blog: compromise AWS accounts through exploiting vulnerable compute services, gain persistence, and attempt to make money using cryptominers." Had Sysdig not thwarted SCARLETEEL's attack, they estimated...
Update on Chinese cyberespionage incident. ICS vulnerabilities. USB attacks. New KEVs. Updates from Russia's hybrid war, as hacktivists swap DDoS attacks and observers draw lessons learned.
Developments in the case of China's cyberespionage against government Exchange users. Industrial controller vulnerabilities pose a risk to critical infrastructure. USB attacks have risen three-fold in the first half of 2023. CISA adds two vulnerabilities to its Known Exploited Vulnerabilities Catalog. Ghostwriter's continued activity focuses on Poland and Ukraine. Hacktivist auxiliaries swap DDoS attacks. Awais Rashid from University of Bristol shares insights on threat modeling. Our guest is Chris Cochran from Huntress on the challenges small and medium sized businesses face with cyber security. And lessons learned from cyber warfare in Russia's war. For links to all of today's stories...
Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.
CISA and the FBI issue a joint Cybersecurity Advisory on exploitation of Microsoft Exchange Online. Implementing the US National Cybersecurity Strategy. FortiGuard discovers a new LokiBot campaign. Training code turns out to be malicious in a new proof-of-concept attack discovered on GitHub. Russia resumes its pursuit of a "sovereign Internet." The GRU's offensive cyber tactics. Chris Novak from Verizon discusses business email compromise and the 2023 DBIR. Our guest is Joy Beland of Summit 7 on the role of Managed Service Providers in the supply chain to the Defense Industrial Base. And a probable Ukrainian false-flag operation. For links to...
Cyberespionage and used car salesmen. Email extortion through embarrassment, not encryption. The personal is the professional. And a look back at Patch Tuesday.
A Chinese threat actor hits US organizations with a Microsoft cloud exploit. Open source tools allow threat actors to exploit a loophole in Microsoft's kernel driver authentication procedures. A RomCom update. Beamer phishbait, email extortion attacks and digital blackmail. A new report concludes companies allowing personal employee devices onto their network are opening themselves to attack. Tim Starks from the Washington Post looks at Microsofts recent woes. Our guest is Eyal Benishti from IRONSCALES with insights on business email compromise. And a July Patch Tuesday retrospective. For links to all of today's stories check out our CyberWire daily news briefing:...
Collective defense in cyberspace. Notes on gangs, privateers, and hacktivist auxiliaries. Amazon Prime Day is now a commercial holiday (like Black Friday): crooks have noticedstay safe.
NATO considers Article 5 in cyberspace, while Cyberattacks conducted in the Russian interest target the NATO summit. Anonymous Sudan remains a nuisance-level irritant. Cl0p's surprising use of MOVEit exploits. Asylum Ambuscade is a case study in privateering. There are reports of a breach at Razer. An indictment in a cyber incident at a California water treatment facility. Genesis Market's fire sale. Carole Theriault on the data Amazon customers provide with some suggestions on curbing it. Our guest is Dmitry Bestuzhev, senior director in Cyber Threat Intelligence for Blackberry. And Amazon Prime Day is upon usthe crooks have noticed. For links...
New phishing campaigns hit Microsoft 365 and Adobe users. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress patches MOVEit. Telegram's role in Russia's war.
New phishing campaigns afflict users of Microsoft 365 and Adobe. An analysis of Big Head ransomware. Multichain reports a crypto heist with over $100 million stolen. CISA makes an addition to the Known Exploited Vulnerability Catalog. Progress Software issues additional MOVEit patches. The FBIs Deputy Assistant Director for Cyber Cynthia Kaiser joins us with examples of the agencys technical disruption operations. Our guest is Scott Piper Principal Cloud Security Researcher at Wiz sharing findings of their State of the Cloud 2023 report. And Telegram's role in news about Russia's war. For links to all of today's stories check out our...
Eric Tillman: A creative way into cyber. [Intelligence] [Career Notes]
Eric Tillman, Chief Intelligence Officer at N2K Networks sits down and shares his incredibly creative journey. Eric loved being creative from a young age. When he started to think about a career he wanted to incorporate his love of creativity into his love for tech and turn it into an intelligence career. Eric started by joining the Navy, which set him on this path to work in cyber where he shared his talents with several big companies, including, Booz Allen Hamilton, Lockheed Martin, and Okta, eventually ending up at our very own N2K Networks. Eric shares the advice that there...
Moez Kamel and the cybersecurity ecosystem for New Space. [T-Minus Deep Space]
Moez Kamel, Threat Management Specialist at IBM Security, joins us on T-Minus Deep Space for a special edition all about the cybersecurity ecosystem in the New Space industry. You can follow Moez on LinkedIn and his work at IBMs Security Intelligence blog. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and youll never miss a beat. And be sure to follow T-Minus on Twitter and LinkedIn. Selected Reading Cybersecurity in the Next-Generation Space Age, Pt. 1: Introduction to New Space Cybersecurity in...
Creating PANDA-monium. [Research Saturday]
Thomas Etheridge from CrowdStrike sits down to discuss their work on "Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft" In May of 2023, industry and government sources detailed China-nexus activity where they found the threat actor dubbed Volt Typhoon targeted U.S. based critical infrastructure entities. CrowdStrike's Intelligence team tracked this actor as VANGUARD PANDA. With CISAsadvisoryon VANGUARD PANDA and its link to Chinese adversaries who are increasingly targeting US businesses and critical infrastructure, CrowdStrikes blog dives deeper into the risks of VANGUARD PANDA. The research says "One specific VANGUARD PANDA incident stands out to review...
Joint advisory warns of Truebot. Operation Brainleaches in the supply chain. API key reset at Jumpcloud. More MOVEit vulnerability exploitation.
US and Canadian agencies warn of Truebot. A look at "Operation Brainleaches." Jumpcloud resets API keys. An update on the MOVEit vulnerability exploitation. Andrea Little Limbago from Interos shares insights on rising geopolitical instability. Our guest is Mike Hamilton from Critical Insight discussing what you need to know about NIST 2.0. OSCE trains Ukrainian students in cybersecurity. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/128 Selected reading. CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants (Cybersecurity and Infrastructure Security Agency CISA) Increased Truebot Activity Infects U.S. and Canada...
The Port of Nagoya continues its recovery from ransomware. Charming Kitten ups its game. Spyware in the Play store. Risks to electrical infrastructure. And a quick update on hacktivist auxiliaries.
LockBit 3.0 claims responsibility for Nagoya ransomware attack. Charming Kitten sighting. Spyware infested apps found in Google Play. Threats and risks to electric vehicle charging stations. Solar panels and cyberattacks. Dave Bittner speaks with Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, to talk about CISAs effort for companies to build safety into tech products.Rick Howard sits down with Clarke Rodgers of AWS to discuss the mechanics of CISO roundtables. And Hacktivist auxiliaries remain active in Russia's hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/127 Selected reading. Pro-Russian hackers target...
Cyberespionage, extortion, and DDoS as instruments of state policy. Ransomware continues to trouble a wide range of targets across many sectors.
Chinese cyberespionage campaign against European governments. The Port of Nagoya closes over ransomware attack. BlackCat and SEO poisoning. LockBit seeks to extort a semiconductor manufacturer. Professionals in the cyber underworld. CISA issued a DDoS alert for US companies and government agencies. Microsoft debunks claims of data theft by Anonymous Sudan. Matt O'Neill from the US Secret Service speaks with Dave Bittner about sextortion. Rick Howard sits down with Michael Fuller of AWS to talk about the kill chain. And Avast releases a free decryptor for Akira. For links to all of today's stories check out our CyberWire daily news briefing:...
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's...
Interview Select: Will Markow, VP of Applied Research from Lightcast, is talking with Simone Petrella about how to use data to make strategic workforce decisions.
This interview from June 16th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Simone Petrella sits down with Will Markow, VP of Applied Research from Lightcast, to discuss how to use data to make strategic workforce decisions.
You can also view the video of the full interview here:Simone Petrella and Will Markow discuss workforce management.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]
Liji Samuel from NSA sits down to share her exciting career path through the years until she found a job working for as Chief of Standards and Certification at NSA's Cyber Collaboration Center. She starts by sharing that she had always wanted to work in the STEM field, explaining that growing up she was surrounded with older cousins who were choosing STEM careers and it became an interesting topic for her. She accounts working for a number of companies that helped her grow into the role she is in now. Cybersecurity became a big buzzword for her, causing her to...
The power behind artificial intelligence. [Research Saturday]
Daniel dos Santos, Forescout's Head of Security Research is sharing insights from a recent exercise his team conducted on AI-assisted attacks for OT and unmanaged devices. Using ChatGPT, Forescouts research team converted an existing OT exploit developed in Python to run on Windowsto demonstrate how easy it is to create an AI-assisted attack that converts the original exploit into alternative programming languages. The research states "our goal was to convert an existing OT exploit developed in Python to run on Windows to the Go language using ChatGPT." This would then allow it to run faster on Windows and run easily...
CISA would like agencies to look to their management interfaces. Hacktivist auxiliaries and a role for OSINT in Russias hybrid war against Ukraine.
US Federal Government working to secure management interfaces. NoName057(16)s DDoSia campaign grows, and targets Wagner, post-insurrection. Update: Unidentified hackers attack Russian satellite communications company, claiming to be Wagner. The role of OSINT in tracking Russia's war. Manoj Sharma of Symantec discusses trends he's hearing about generative AI. Becky Weiss from AWS talks with Rick Howard about the math behind their security. Cyber awareness over a holiday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/125 Selected reading. CISA Wants Exposed Government Devices Remediated In 14 Days (Dark Reading) 50 US Agencies Using Unsecured Devices,...
Something new, in ransomware. Notes on cyberespionage by the Lazarus Group and Charming Kitten. Security CI/CD operations. FINRA says hold the emojis. Dispatches from the hybrid wars cyber front.
8base ransomware is overlooked and spiking. GuLoader targets law firms. Akira ransomware for Linux systems targets VMs. Kaspersky tracks the Lazarus group: typos and mistakes indicating an active human operator. Charming Kitten goes spearphishing. Securing continuous integration/continuous delivery operations. No emojis for the SEC, please.Unconfirmed reports say the Wagner Group hacked a Russian satellite communications provider. Our guest is Hanan Hibshi from Carnegie Mellon's picoCTF team. Chris Novak from Verizon discusses their 2023 Data Breach Investigations Report (DBIR). And Anonymous Sudan wants you to know that theyre not just a bunch of deniable Russian crookswheres the love, man? For links...
Two threats in the wild, and a third in proof-of-concept. Swiss intelligence expects an uptick in Russian cyberespionage. Privateers and auxiliaries in a hybrid war.
JokerSpy afflicts Macs. ThirdEye (not so blind). Mockingjay process injection as proof-of-concept. Switzerland expects Russia to increase cyberespionage as agent networks are disrupted. The fracturing of Conti, and the rise of its successors. The Washington Posts Tim Starks explains the security of undersea cables. Our guest is Brian Johnson of Armorblox to discuss Social Security Administration impersonation scams.And the "UserSec Collective" says it's recruiting hacktivists for the Russian cause. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/123 Selected reading. JokerSpy macOS malware used to attack Japanese crypto exchange (AppleInsider) Prominent cryptocurrency exchange infected...
Anatsa Trojan's new capabilities. Third-party breach hits airlines. Gas station blues. Whats up with the Internet Research Agency? Infrastructure threats. And DDoS grows more sophisticated.
Anatsa Trojan reveals new capabilities. Airlines report employee data stolen in a third-party breach. Canadian energy company SUNCOR reports a cyberattack. What of the Internet Research Agency? Microsoft warns of a rising threat to infrastructure. Joe Carrigan describes an ill-advised phishing simulation. Mr. Security Answer Person John Pescatore takes on zero days. And DDoS grows more sophisticated. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/122 Selected reading. Anatsa banking Trojan hits UK, US and DACH with new campaign (TreatFabric) Anatsa Android trojan now steals banking info from users in US, UK (BleepingComputer) Thousands...
Updates on Russias hybrid war. Transparent Tribe is back, with cyberespionage. A Trojanized version of Super Mario is out, and law enforcement seizes BreachForums domain.
Russian ISPs blocked Google News as tension with the Wagner Group mounted Friday. Ukrainian hacktivist auxiliaries break into Russian radio broadcasts. New EU sanctions are directed against Russian IT firms. Transparent Tribe resurfaces against Indian military and academic targets. Unauthorized access is the leading cause of data breaches for the fifth year in a row. Trojanized Super Mario Brothers game spreads SupremeBot malware. Today, guests discuss the cybersecurity skills gap. Paul Rebasti of Lockheed Martin shares what they are doing to fill cybersecurity skills gap. Jenny Brinkley joins us from AWS Re:Inforce discusses opportunities from the cybersecurity skills gap. And...
Slavik Markovich: Time is of the essence. [CEO] [Career Notes]
Slavik Markovich, CEO of Descope joins Dave to discuss his career as a serial entrepreneur. Before Descope, he co-founded and was the CEO of Demisto, a leader in the SOAR industry,which was acquired by Palo Alto Networks in 2019 for $560M, where he then served as SVP of Products. Before co-founding Demisto, Slavik was VP & CTO of database technologies at McAfee. He joined McAfee via the acquisition of Sentrigo, a database security startup he co-founded and served as CTO for. He goes into depth of his career changes throughout the years and how that has helped lead him to...
Unleashing the crypto gold rush. [Research Saturday]
Ian Ahl from Permiso's P Labs joins Dave to discuss their research on "Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor." First observing the group in 2021, they discovered GUI-vil is a financially motivated threat group primarily focused on unauthorized cryptocurrency mining activities. The research states "the group has been observed exploiting Amazon Web Services (AWS) EC2 instances to facilitate their illicit crypto mining operations." This group is dangerous because unlike many groups focused on crypto mining, GUI-Vil apply a personal touch when establishing a foothold in an environment. The research can be found here: Unmasking GUI-Vil: Financially Motivated Cloud Threat...
Two sets of China-linked cyberespionage activities. Mirais new vectors. A Cozy Bear sighting. Anonymous Sudan gets less anonymous.
An update on Barracuda ESG exploitation. Camaro Dragons current cyberespionage tools spread through infected USB drives. The Mirai botnet is spreading through new vectors. Midnight Blizzard is out and about . Ukraine is experiencing a "wave" of cyberattacks during its counteroffensive. Karen Worstell from VMware shares her experience with technical debt. Rick Howard speaks with CJ Moses, CISO of Amazon Web Services. And Anonymous Sudan turns out to be no more anonymous or Sudanese than your Uncle Louie. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/120 Selected reading. Barracuda ESG exploitation (Proofpoint) Beyond...
Cyber spies and vulnerability goodbyes. RedLine Stealer and Vidar: the cryptkeepers. Social engineering TTPs.
North Korea's APT37 deploys FadeStealer to steal information from its targets. Apple patches vulnerabilities under active exploitation. Access to a US satellite is being hawked in a Russophone cybercrime forum. Russian hacktivist auxiliaries say theyve disrupted IFC.org. Unmasking pig-butchering scams. Social engineering as a method of account takeover. Fraudsters seen abusing generative AI. Sergey Medved from Quest Software describes the Great Cloud Repatriation. Mark Ryland of AWS speaks with Rick Howard about software defined perimeters. And embedded URLs in malware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/119 Selected reading. RedEyes Group Wiretapping...
A flea on the wall conducts cyberespionage. Cl0p update. Astrology finds its way into your computer systems. Fancy Bear sighted, again.
The Flea APT sets its sights on diplomatic targets. An update on the Cl0p gangs exploitation of a MOVEit vulnerability. Unpatched TP-Link Archer routers are meeting their match in the Condi botnet. The Muddled Libra threat group compromises companies in a variety of industries. A look into passwordless authentication. Derek Manky of Fortinet describes the Global Threat Landscape. Rick Howard speaks with Rod Wallace from AWS about data lakes. And Fancy Bear noses its way into Ukrainian servers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/118 Selected reading. Graphican: Flea Uses New Backdoor...
Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.
The BlackCat gang crosses Reddits path, threatening to leak stolen data. Mystic Stealer malware evades and creates a feedback loop in the C2C market. RDStealer is a new cyberespionage tool, seen in the wild. The United States offers a reward for information on the Cl0p ransomware gang. KillNet, REvil, and Anonymous Sudan form a "DARKNET Parliament" and sanction the European banking system. The British Government commits 25 million in cybersecurity aid to Ukraine. Ben Yelin explains cyber disclosure rules proposed by the SEC. Rick Howard speaks with Nancy Wang of AWS about the importance of backups and restores. And what...
Major General Lorna Mahlock, Deputy Director for Combat Support from the National Security Agency (NSA) sits down with Dave to discuss her long and impressive career leading up to he working for one of the most prestigious security agencies. Originally born inKingston, Jamaica, Lorna immigrated toBrooklyn,New Yorkand enlisted in theUnited States Marine Corps as a field radio operator. She shares how eye opening the military was for her, moving through ranks, and eventually landing into working at the Pentagon for the Chairman of the Joint Chiefs of staff. She moved around widening her array of paths, landing in her current...
Our guest, Johannes Ullrich from SANS Institute,joins Dave to discuss their research on "Machine Learning Risks: Attacks Against Apache NiFi." Using their honeypot network, researchers were able to collect some interesting data about a threat actor who is currently going after exposed Apache NiFi servers. Researchers stateOn May 19th, our distributed sensor network detected a notable spike in requests for/nifi.Investigating further, they instructed a subset of their sensors to forward requests to an actual Apache NiFi instance and within a couple of hours the honeypot was completely compromised. The research can be found here: Machine Learning Risks: Attacks Against Apache...
The Cl0p gang moves its way into US government systems. Itll take multiple showers to rinse out Shampoo malware. Hybrid war update. Arrests and indictments.
The US Government discloses exploitations of MOVEit vulnerabilities, and the Department of Energy is targeted by the Cl0p gang. CISA releases an updated advisory for Telerik vulnerabilities affecting Government servers. Shampoo malware emerges with multiple persistence mechanisms. How the IT Army of Ukraine can exemplify a cyber auxiliary. Russophone gamers are being targeted with ransomware. An alleged LockBit operator has been arrested. The FBIs Deputy Assistant Director for cyber Cynthia Kaiser joins us with cybercriminal trends and recent successes. Our guest is Will Markow from Lightcast, speaking with Simone Petrella about data-driven strategic workforce decisions. And a federal grand jury...
Chinese threat actors reel in Barracuda appliances. Diicot: the gang formerly known as Mexals, with Romanian ties. Recent Russian cyberespionage against Ukraine and its sympathizers.
A Chinese threat actor exploits a Barracuda vulnerability. The upgraded version of the Android GravityRAT can exfiltrate WhatsApp messages. Cybercriminals pose as security researchers to propagate malware. Updates on the Vidar threat operation. A new Romanian hacking group has emerged. Shuckworm collects intelligence, and may support targeting. The Washington Posts Tim Starks explains the section 702 debate. Our guest is Rotem Iram from At-Bay with insights on email security. And Russia's Cadet Blizzard. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/115 Selected reading. Android GravityRAT goes after WhatsApp backups (ESET) Quarterly Adversarial Threat...
CISA, FBI, the MS-ISAC, and international partners are releasing this Cybersecurity Advisory to detail LockBit ransomware incidents and provide recommended mitigations to enable network defenders to proactively improve their organizations defenses against this ransomware operation. AA23-165A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. See the Center for Internet Security (CIS) Critical Security Controls (CIS Controls) https://www.cisecurity.org/insights/white-papers/cis-community-defense-model-2-0 for information on strengthening an organizations cybersecurity posture through implementing a prescriptive, prioritized, and simplified set of best. See the CIS Community Defense Model 2.0 (CDM 2.0) for the effectiveness of...
A Joint Advisory on LockBit. AI chatbots: the grammarians of tomorrow. KillNet makes a deal with the Devil (Sec). The private-sectors piece in the hybrid war puzzle.
The Five Eyes, alongside a couple of allies, issue a LockBit advisory. AI aids in proofreading phishing attacks. Anonymous Sudan mounts nuisance-level DDoS attacks against US companies. France alleges a disinformation campaign conducted by Russian actors. KillNet says it's partnered with the less-well-known Devil Sec. The private cybersecurity industry's effect on the war in Ukraine. Carole Theriault ponders oversharing on social media. Our guest is Duncan Jones from Quantinuum on the threats of Harvest Now, Decrypt Later tactics. And a note on this months Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing:...
CISA's new Binding Operational Directive. CosmicEnergy tool doesnt pose a cosmic threat. Hackers homage to fromage in attacks against the Swiss government. Industry advice for the White House.
CISA issues a new Binding Operational Directive. An update on CosmicEnergy. Hackers homage to fromage in attacks against the Swiss government. Ukraine's Cyber Police shut down a pro-Russian bot farm. Clothing and footwear retailers see impersonation and online fraud. A 2021 ransomware attack contributed to a hospital closing. A proof-of-concept exploit of a patched MOVEit vulnerability. An industry letter calls for a new framework on the White House cybersecurity strategy. Joe Carrigan examines a ChatGPT fueledphishing scam. Our guest is Neha Rungta, Applied Science Director at AWS Identity discussing Amazon Verified Permissions. And trends in cyber risks for small and...
Unpatched instances and vulnerabilities rear their ugly heads. Russian telecom provider targeted in an act of cyber anarchy. Alleged crypto heist conspirators face charges.
Attacks against unpatched versions of Visual Studio and win32k continue. Progress Software patches two MOVEit vulnerabilities. The Cyber Anarchy Squad claims to have taken down a Russian telecommunications provider's infrastructure. RomCom resumes its activity in the Russian interest. Deepen Desai of Zscaler describes Nevada ransomware. Our guest is Clarke Rodgers from Amazon Web services with insights on what CISOs say to each other when no one else is listening?. And the Mt. Gox hacking indictment has been unsealed. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/112 Selected reading. Online muggers make serious moves...
Nadir Izrael: Play to your strengths. [CTO] [Career Notes]
Nadir Izrael, co-founder and CTO from Armis, sits down to share his story. Nadir started his love of cyber when he became a software developer at the age of 12. He always had a passion for making things work better and asking questions. Once he joined the 8200 unit in Israel, he was able to focus his interests on physics, which led him to making the discovery of wanting to start his own business. After he started building his company is when he learned to take smart and innovative risks at work and making it a way of life. Nadir...
A new botnet takes a frosty bite out of the gaming industry. [Research Saturday]
Our guest, Allen West from Akamai's SIRT team,joins Dave to discuss their research on "The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile." Akamai found this new botnet was targeting the gaming industry, modeled after Qbot, Mirai, and other malware strains.Thebotnet has expanded to encompass hundreds of compromised devices. The research states "through reverse engineering and patching the malware binary, our analysis determined the botnet's attack potential at approximately 629.28 Gbps with its UDP flood attacks." Akamai researchers do a deep dive into the motives behind the attacks, the effectiveness of the attack, and how the law has been...
Better Minecraft improves gameplay, while also lifting your data. Hallucinations, defamation, and legal malpractice, oh my! Asylum Ambuscade and other wartime notes.
Barracuda Networks urges replacement of their gear. Fractureiser infects Minecraft mods. ChatGPT sees a court date over hallucinations and defamation. Asylum Ambuscade engages in both crime and espionage. The US delivers Ukraine Starlink connectivity. DDoS attacks hit the Swiss parliament's website. My conversation with Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA. Our guest is Delilah Schwartz from Cybersixgill discussing how the Dark Web is evolving with new technologies like ChatGPT. And BEC crooks see their day in court. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/111 Selected reading. Barracuda Email Security...
FBI and CISA are releasing this joint CSA to disseminate known CL0P ransomware IOCs and TTPs identified through FBI investigations as recently as June 2023. AA23-158A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft | Mandiant MOVEit Transfer Critical Vulnerability (May 2023) - Progress Community MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response (huntress.com) No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness...
ChatGPT continues to become more human, this time through hallucinations. Following Cl0p. Instagram works against CSAM. And data protection advice from an expert in attacking it.
ChatGPT takes an unexpectedly human turn in having its own version of hallucinations. Updates on Cl0ps ransom note, background, and recent promises. Researchers look at Instagrams role in promoting CSAM. A look at KillNet's reboot. Andrea Little Limbago from Interos shares insight on cybers human element. Our guest is Aleksandr Yampolskiy from SecurityScorecard on how CISOs can effectively communicate cyber risk to their board. And a hacktivist auxiliarys stellar advice for protecting your data. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/110 Selected reading. Can you trust ChatGPTs package recommendations? (Vulcan) Ransomware group...
PowerDrops capabilities are up in the air. A Russian cyberespionage campaign channels their inner 007. A disconnect between law firms and cybersecurity protections.
A new PowerShell remote access tool targets a US defense contractor. Current Russian cyber operations against Ukraine are honing in on espionage. CISA and its partners have released a Joint Guide to Securing Remote Access Software. A bug has been reported in Visual Studios UI. Awais Rashid from University of Bristol discussing Privacy in health apps. Our guest is Jim Lippie of SaaS Alerts with insights on software as a service Application Security. And are there disconnects between cybersecurity and the legal profession? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/109 Selected reading....
Cl0p moves their way into the systems of major European companies. Notes from a highly active cyber underworld. And hybrid war updates.
The Cl0p gang claims responsibility for the MOVEit file transfer vulnerability. Verizons DBIR is out. Palo Alto Networks takes a snapshot of last years threat trends. A new criminal campaign targets Android users wishing to install modified apps. A smishing campaign is expanding into the Middle East. Cisco observes compromised vendor and contractor accounts as an access point for network penetration. Cyclops ransomware acts as a dual threat. Anonymous Sudan demands $1 million to stop attacks on Microsoft platforms. Ben Yelin explains a groundbreaking decision on border searches. Our guest is Matt Caulfield of Oort with insights on identity security....
Need a Lyft? Not if Anonymous Sudan has anything to say about it. Closing time, open all the doors and let KillNet into the world.
Anonymous Sudan responds to remarks from the US Secretary of State bytargeting Lyft and American hospitals. NSA releases an advisory on North Korean spearphishing campaigns. The US governments Moonlighter satellite will test cybersecurity in orbit. "Operation Triangulation" offers an occasion for Russia to move closer to IT independence. The SEC drops cases over improper access to Adjudication Memoranda. Executives and board members are easy targets for threat actors trolling for sensitive information. Rick Howard targets Zero Trust. The FBIs Deputy Assistant Director for Cyber Cynthia Kaiser shares trends from the IC3 Annual Report. And KillNet seems to say it's disbandingor...
Galit Lubetzky Sharon: Doing your chores brings the best out in you. [CTO] [Career Notes]
Galit Lubetzky Sharon, Co-Founder and CTO of Wing Security sits down to share her story and how years in the business lead her to be where she is now. Galit shares her insights from her experiences co-founding her company and bringing it out of stealth mode in early 2022, including why she saw the need for Wing Security and what lessons she learned in the process of founding and launching the company. She started her career as a Colonel in the 8200 Unit gives her a unique perspective on the cyber industry. Galit also shares what she does when things...
Lancefly screams bloody Merdoor.
Brigid O Gorman from Symantec joins Dave to discuss their research, Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors." Researchers discovered in 2020thatLancefly, an APT group, is using a custom-written backdoor in attacks targeting government, aviation, educations, and telecoms organizations in South and Southeast Asia. The research states "The backdoor is used very selectively, appearing on just a handful of networks and a small number of machines over the years, with its use appearing to be highly targeted." These targets,thoughobserved in some activity in 2020 and 2021, started in 2022 and have continued into 2023....
Hackers like to move it, move it. Skimmers observed targeting Americas and Europe. Hybrid war activity.
MOVEit Transfer software sees exploitation. A website skimmer has been employed against targets in the Americas and Europe. A look into XeGroup's recent criminal activity. Apple denies the FSBs allegations of collusion with NSA. Kaspersky investigates compromised devices. Johannes Ullrich from SANS describes phony YouTube "live streams". Our guest is Sherry Huang from William and Flora Hewlett Foundation to discuss their grants funding cyber policy studies. And the US Department of Defense provides Starlink services to Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/106 Selected reading. MOVEit Transfer Critical Vulnerability (May 2023)...
Firmware comes in through the back door. Leveraging Adobe for credential harvesting. C2C market notes. Hybrid war updates.
A backdoor-like issue has been found in Gigabyte firmware. A credential harvesting campaign impersonates Adobe. The Dark Pink gang is active in southeastern Asia. Mitiga discovers a significant forensic discrepancy in Google Drive. "Spyboy" is for sale in the C2C market. A look at Cuba ransomware. Ukrainian hacktivists target the Skolkovo Foundation. The FSB says NSA breached iPhones in Russia. Carole Theriault examines Utah's social media bills aimed at kids online. Our guest is Tucker Callaway of Mezmo to discuss the rise of telemetry pipelines. And spoofing positions and evading sanctions. For links to all of today's stories check out...
Two RAT infestations. Ghosts of sites past. Trends in identity security. Detecting deepfakes may prove more difficult than you think.
SeroXen is a new elusive evolution of the Quasar RAT that seems to live up to its hype, and DogeRAT is a cheap Trojan targeting Indian Android users. Salesforce ghost sites see abuse by malicious actors. A look into identity securitytrends. People may be overconfident in their ability to detect deepfakes. Deepen Desai from Zscaler describes a campaign targeting Facebook users. CW Walker from Spycloud outlines identity exposure in the Fortune 1000. And a blurring of the lines between criminal, hacktivist, and strategic motivations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/104 Selected...
Mirais new variant targets IoT devices. Volt Typhoon investigation continues. Hacktivism in Senegal. Lessons learned from Ukraine.
New Mirai malware uses low-complexity exploits to expand its botnet in IoT devices. The latest on Volt Typhoon. DDoS hits government sites in Senegal. The Pentagon's cyber strategy incorporates lessons from Russia's war, while the EU draws lessons from Ukraine's performance against Russia. Joe Carrigan explains Mandiant research on URL obfuscation. Mr. Security Answer Person John Pescatore plays security whack-a-mole. And NoName disrupts a British airport. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/103 Selected reading. Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices (Unit 42) US officials believe...
Stacy Dunn: My superpower and my kryptonite. [Engineer] [Career Notes]
Stacy Dunn, a Senior Solutions Engineer from theSANS Institutesits down and shares what it is like to work through her own adversity to get to be where she is today. Stacy shares some of her experiences as a woman with ADHD working in an IT career and explains her tips for other neurodiverse people in the field. After working in a wide array of positions in different fields, she wanted to go back to school to get her degree in management information systems and information assurance. Eventually she started working her way up the ladder, and became a very successful...
8 GoAnywhere MFT breaches and counting. [Research Saturday]
This week, our guests are Emily Austin and Himaja Motheram from Censys and their sharing their research - "Months after first GoAnywhere MFT zero-day attacks, Censys still sees about 180 public admin panels." In early February 2023,Censys researchers discovereda zero-day RCE vulnerability in Fortras GoAnywhere MFT (Managed File Transfer) software. After finding this the Clop ransomware gang claimed that they exploited this vulnerability to breach the data of130 organizations and Censys found other ransomware groups werejumping on the bandwagon. They said "A single vulnerable instance has the potential to serve as a gateway to a data breach that could potentially...
CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.
CosmicEnergy is OT and ICS malware from Russia, maybe for red teaming, maybe for attack. Updates on Volt Typhoon, Chinas battlespace preparation in Guam and elsewhere. In the criminal underworld, Legion malware has been upgraded for the cloud. Johannes Ullrich from SANS examines time gaps in logging. Our guest is Kevin Kirkwood from LogRhythm with a look at extortion attempts and ransomware. And Atlantic hurricane season officially opens next week: time to batten down those digital hatches. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/102 Selected reading. COSMICENERGY: New OT Malware Possibly Related...
Volt Typhoon goes undetected by living off the land. New gang, old ransomware. KillNet says no to slacker hackers.
China's Volt Typhoon snoops into US infrastructure, with special attention paid to Guam. Iranian cybercriminals are seen conducting ops against Israeli targets. A new ransomware gang uses recycled ransomware. A persistent Brazilian campaign targets Portuguese financial institutions. A new botnet targets the gaming industry. Phishing attempts impersonate OpenAI. Pro-Russian geolocation graffiti. Andrea Little Limbago from Interos addresses the policy implications ofChatGPT. Our guest is Jon Check from Raytheon Intelligence & Space, on cybersecurity and workforce strategy for the space community. And KillNet says no to slacker hackers. For links to all of today's stories check out our CyberWire daily news...
CISA Alert AA23-144A People's Republic of China state-sponsored cyber actor living off the land to evade detection. [CISA Cybersecurity Alerts]
Cybersecurity authorities are issuing this joint Cybersecurity Advisory to highlight a recent cluster of activity associated with a Peoples Republic of China state-sponsored cyber actor, also known as Volt Typhoon. AA23-144A Alert, Technical Details, and Mitigations Active Directory and domain controller hardening: Best Practices for Securing Active Directory | Microsoft Learn CISA regional cyber threats: China Cyber Threat Overview and Advisories Microsoft Threat Intelligence blog: Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. U.S. DIB sector organizations may consider signing up for the NSA...
Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.
Kimsuky's tailored reconnaissance tools. GoldenJackal is an APT quietly active since 2019.Criminals target Youtube viewers with free cracked software.Rheinmetalls data was posted to BlackBasta's extortion site. The "Cuba" gang claims credit for the attack on the Philadelphia Inquirer. CERT-UA identifies a probable Russian cyberespionage campaign. Ireland views cyber assistance to Ukraine as a contribution to collective security. Ann Johnson from Afternoon Cyber Tea speaks with Tyrance Billingsley about Black Tech. Our guest is Oz Alashe from CybSafe on raising VC money amidst a down economy. And KillNet's underperforming hacktivists. For links to all of today's stories check out our CyberWire...
BlackCat gang crosses your path and evades detection. Youre just too good to be true, cant money launder for you. Commercial spyware cases.
AhRat exfiltrates files and records audio on Android devices. The BlackCat ransomware group uses a signed kernel driver to evade detection. GUI-Vil in the cloud. Unwitting money mules. Ben Yelin unpacks the Supreme Courts section 230 rulings. Our guest is Mike DeNapoli from Cymulate with insights on cybersecurity effectiveness. And a trio of commercial spyware cases. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/99 Selected reading. Android app breaking bad: From legitimate screen recording to file exfiltration within a year (ESET) Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials (ESET)...
Record GDPR fine. Movements in the cyber underworld. FBI found to have overstepped surveillance authorities.
The EU fines Meta for transatlantic data transfers. FIN7 returns, bearing Cl0p ransomware. Python Package Index temporarily suspends new registrations due to a spike in malicious activity. Typosquatting and TurkoRAT. UNC3944 uses SIM swapping to gain access to Azure admin accounts. A Turla retrospective. Rick Howard tackles workforce development. Our guest is Andrew Peterson of Fastly to discuss the intricate challenges of secure software development. And the FBI was found overstepping its surveillance authorities. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/98 Selected reading. Meta Fined $1.3 Billion Over Data Transfers to U.S....
Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]
Dawn Cappelli, OT CERT Director at Dragos, sitsdown to share what she has learned after her 25+year career in the industry. She recalls wanting to have been a rockstar when she grew up, now she refers to herself as the fairy godmother of security. She shares some of the amazing things she got to work on throughout her career, including working with the Secret Service when the Olympics came to Salt Lake City, Utah in 2002. She shares how she was able to rise through the ranks to get to where she is now. Dawn talks about how she wasn't...
Dangerous vulnerabilities in H.264 decoders. [Research Saturday]
Willy R. Vasquez from The University of Texas at Austin discussing research on "The Most Dangerous Codec in the World - Finding and Exploiting Vulnerabilities in H.264 Decoders." Researchers are looking at the marvel that is modern video encoding standards such as H.264 for vulnerabilities and ultimately hidden security risks. The research states "We introduce and evaluate H26FORGE, domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files." Using H26FORCE, they were able to uncover insecurities in depth across the video decoder ecosystem, including kernel memory corruption bugs in iOS and video accelerator and application processor...
Section 230 survives court tests. Pre-infected devices. IRS cyber attachs. DraftKings hack indictment. Notes on the hybrid war.
Section 230 survives SCOTUS. Lemon Group's pre-infected devices. The IRS is sending cyber attachs to four countries in a new pilot program. A Wisconsin man is charged with stealing DraftKings credentials. Russian hacktivists conduct DDoS attacks against Polish news outlets. An update on RedStinger. Grayson Milbourne from OpenText Cybersecurity discusses IoT and the price we pay for convenience.Our guest is Matthew Keeley with info on an open source domain spoofing tool, Spoofy. And war principles and hacktivist auxiliaries. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/97 Selected reading. Honey, Im Hacked: Ethical Questions...
BEC attack exploits Dropbox services. Ransomware in the name of charity. API protection trends. Hybrid war hacktivism. Executive digital protection.
Business email compromise (BEC) exploits legitimate services. A hacktivist ransomware group demands charity donations for encrypted files. Trends and threats in API protection. The effects of hacktivism on Russia's war against Ukraine. Executive digital protection. Deepen Desai of Zscaler explains security risks in OneNote. Our guest is Ajay Bhatia of Veritas Technologies with advice for onboarding new employees. And news organizations as attractive targets. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/96 Selected reading. Leveraging Dropbox to Soar Into Inbox (Avanan) MalasLocker ransomware targets Zimbra servers, demands charity donation (Bleeping Computer) Shadow API...
FBI, CISA, and the Australian Cyber Security Centre are releasing this joint Cybersecurity Advisory to disseminate known BianLian ransomware and data extortion group IOCs and TTPs identified through FBI and ACSC investigations as of March 2023. AA23-136A Alert, Technical Details, and Mitigations AA23-136A.STIX_.xml Stopransomware.gov, a whole-of-government approach with one central location for U.S. ransomware resources and alerts. cyber.gov.au for the Australian Governments central location to report cyber incidents, including ransomware, and to see advice and alerts. The site also provides ransomware advisories for businesses and organizations to help mitigate cyber threats. CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware...
A joint warning on BianLian ransomware. Fleeceware offers AI as bait for the gullible. Cyberespionage updates. And Ukraine formally joins NATOs CCDCOE.
Cyber agencies warn of BianLian ransomware. Theres a new gang using leaked Baduk-based ransomware. Chinese government-linked threat actors target TP-link routers with custom malware. ChatGPT-themed fleeceware is showing up in online stores. Ukraine is now a member of NATO's Cyber Centre. Tim Starks from the Washington Post shares insights on section 702 renewal. Our guest is Ismael Valenzuela from BlackBerry sharing the findings from their Global Threat Intelligence Report. And the CIA's offer to Russian officials may have had some takers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/95 Selected reading. #StopRansomware: BianLian...
What is data centric security and why should anyone care? [CyberWire-X]
In todays world, conventional cyber thinking remains largely focused on perimeter-centric security controls designed to govern how identities and endpoints utilize networks to access applications and data that organizations possess internally. Against this backdrop, a group of innovators and security thought leaders are exploring a new frontier and asking the question: shouldnt there be a standard way to protect sensitive data regardless of where it resides or who its been shared with? Its called data-centric security and its fundamentally different from perimeter-centric security models.Practicing it at scale requires a standard way to extend the value of upstream data governance (discovery,...
DDoS trends. Asia sees a Lancefly infestation. Lessons from cyber actuaries. Infostealers in the C2C market. False flags.
DDoS "carpet bombing." Lancefly infests Asian targets. Cyber insurance trends. Infostealers in the C2C market. A Russian espionage service is masquerading as a criminal gang. KillNets running a psyop radio station of questionable quality. Joe Carrigan describes baiting fraudsters with fake crypto. Our guest is Gemma Moore of Cyberis talking about how red teaming can upskill detection and response teams. And geopolitical DDoS. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/94 Selected reading. 2023 DDoS Threat Intelligence Report (Corero) Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors (Symantec)...
Ransomware, doxxing, and data breaches, oh my! State fronts and cyber offensives.
Discord sees a third-party data breach. Black Basta conducts a ransomware attack against technology company ABB. Intrusion Truth returns to dox APT41. Anonymous Sudan looks like a Russian front operation. Attribution and motivation of "RedStinger" remain murky. CISA summarizes Russian cyber offensives. Remote code execution exploits Ruckus in the wild. Our guest is Dave Russell from Veeam with insights on data protection. Matt O'Neill from the US Secret Service on their efforts to thwart email compromise and romance scams. And espionage by way of YouTube comments. For links to all of today's stories check out our CyberWire daily news briefing:...
Steve Benton: Mixing like a DJ. [VP] [Career Notes]
Steve Benton, Vice President at Anomali Threat Research & GM Belfast, sits down to share his story as a cybersecurity expert with a surplus of strategic leadership experience across cyber and physical security rooted in substantial operational directorship and accountability. Steve shares his beginnings, where he wanted to grow up to be a rockstar, slowly moving into the world of tech with his first ever computer and falling in love with it. After graduating from Queens University with a degree in information technology, he joined British Telecommunications or BT, where he got to put his new found skills to use....
Running away from operation Tainted Love. [Research Saturday]
Aleksandar Milenkoski and Juan Andres Guerrero-Saade from SentinelOne's SentinelLabs join Dave to discuss their research "Operation Tainted Love | Chinese APTs Target Telcos in New Attacks." Researchers found initial phases of attacks against telecommunication providers in the Middle East in Q1 in 2023. The research states "We assess that this activity represents an evolution of tooling associated with Operation Soft Cell." While the exact grouping is unclear, researchers think it is highly likely that the threat actor is a Chinese cyberespionage group in the nexus of Gallium and APT41. The research can be found here: Operation Tainted Love | Chinese...
CISA Alert AA23-131A Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG.
FBI and CISA are releasing this joint Cybersecurity Advisory in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF, software applications that help organizations manage printing services, and enables an unauthenticated actor to execute malicious code remotely without credentials. AA23-131A Alert, Technical Details, and Mitigations PaperCut: URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) Huntress: Critical Vulnerabilities in PaperCut Print Management Software No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on...
Babuk resurfaces for criminal inspiration. Alert on PaperCut vulnerability exploitation. Too many bad bots. Phishing-as-a-service in the C2C market. KillNet's PMHC regrets.
Babuk source code provides criminal inspiration. CISA and FBI release a joint report on PaperCut. There are more bad bots out there than anyone would like. Phishing-as-a-service tools in the C2C market. CISAs Eric Goldstein advocates the adoption of strong controls, defensible networks and coordination of strategic cyber risks. Our cyberwire producer Liz Irvin speaks with Crystle-Day Villanueva, Learning and Development Specialist for Lumu Technologies. And KillNets short-lived venture, with a dash ofregret. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/92 Selected reading. Babuk code used by 9 ransomware gangs to encrypt VMWare...
Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the hybrid war.
A Ransomware report highlights targeting and classification. Phishing remains a major threat. Cisco addresses an expired certificate issue. LockBit and Medusa hit school districts with ransomware. US and Canadian cyber units wrap up a hunt-forward mission in Latvia. Ben Yelin on NYPD surveillance. Our CyberWire producer Liz Irvin interviews Damien Lewke, a graduate student at MIT. And an unknown threat actor is collecting against both Russia and Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/91 Selected reading. GRIT Ransomware Report: April 2023 (GuidePoint Security) DNSFilter State of Internet Security - Q1 2023...
The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russias Federal Security Service, or FSB, for long-term intelligence collection on sensitive targets. AA23-129A Alert, Technical Details, and Mitigations For more information on FSB and Russian state-sponsored cyber activity, please see the joint advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure and CISAs Russia Cyber Threat Overview and Advisories webpage. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP...
Five Eyes disrupt FSBs Snake malware. From DDoS to cryptojacking. Ransomware trends. Yesterdays Patch Tuesday is in the books.
The Five Eyes disrupt Russias FSB Snake cyberespionage infrastructure. Shifting gears: from DDoS to cryptojacking. Trends in ransomware. Our guest is Steve Benton from Anomali with insights on potential industry headwinds. Ann Johnson from Afternoon Cyber Tea speaks with Roland Cloutier about risk and resilience in the modern era. And yesterdays Patch Tuesday is now in the books, including a work-around for a patch from this past March. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/90 Selected reading. Patch Tuesday notes. (The CyberWire) U.S. Agencies and Allies Partner to Identify Russian Snake Malware...
State-sponsored and state-promoted cyber campaigns. A look at Royal ransomware. A new wave of BEC. Man-in-the-middle attacks rising.
An analysis of Royal ransomware. PaperCut vulnerability detection methods can be bypassed. Man-in-the-middle phishing attacks are on the rise. A new wave of BEC attacks from an unexpected source. Thomas Etheridge from CrowdStrike, has the latest threat landscape trends. Our guest is Dan Amiga of Island with insights on the enterprise browser category. And a look into recent Russian cyberattacks against Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/89 Selected reading. Threat Assessment: Royal Ransomware (Unit 42) PaperCut Exploitation - A Different Path to Code Execution (VulnCheck) New PaperCut RCE exploit created...
Developments in the ransomware underworld: ALPHV, Akira, Cactus, and Royal. Some organizations remain vulnerable to problems with unpatched Go-Anywhere instances.
ALPHV claims responsibility for a cyberattack on Constellation Software. A new Akira ransomware campaign spreads. CACTUS is a new ransomware leveraging VPNs to infiltrate its target. Many organizations are still vulnerable to the Go-Anywhere MFT vulnerability. Russian hacktivists interfere with the French Senate's website. Keith Mularski from EY, details their "State of the Hack" report. Emily Austin from Censys discusses the State of the Internet. And ransomware gangs target local governments in Texas and California. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/88 Selected reading. ALPHV gang claims ransomware attack on Constellation Software...
Shelley Ma: The mystery behind cybersecurity. [Response Lead] [Career Notes]
Shelley Ma, Incident Response Lead at Coalition sits down to share her story, starting all the way back when she was a kid and fell in love with playing the game "NeoPets" that ended up paving the way for her future in cybersecurity. After starting this journey, she shares how she became intrigued with crime and mystery shows, which ultimately spawned an interest in forensic science. She ended up signing up for an internship program that she was able to get into, which she says was a pivotal change for her that provided her the chance to begin her career....
Phishing campaign takes the energy out of Chinese nuclear industry. [Research Saturday]
Ryan Robinson from Intezer to discuss his team's work on "Phishing Campaign Targets Chinese Nuclear Energy Industry." The research team discovered activity targeting the nuclear energy industry in China. Researchers attributed the activity to Bitter APT, a South Asian APT that is known to target the energy, manufacturing and government sectors, mainly in Pakistan, China, Bangladesh, and Saudi Arabia. The article states "We identified seven emails pretending to be from the Embassy of Kyrgyzstan, being sent to recipients in the nuclear energy industry in China. In some emails, people and entities in academia are also targeted, also related to nuclear...
DPRK's Kimsuki spearphishes. A standards strategy for AI. Ransomware Task Force retrospective. KillNet's new menu. Ex Uber CSO sentenced for data breach cover-up.
Kimsuki has a new reconnaissance tool. The Biden administration shares plans for AI. Reports on the ransomware taskforce report. KillNet recommits to turning a profit. Deepen Desai from Zscaler has the latest stats on Phishing. Our guest is Karen Worstell from VMware with a conversation about inclusivity. And the former CSO at Uber is sentenced. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/87 Selected reading. Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign (SentinelOne) Ransomware Task Force Gaining Ground - May 2023 Progress Report (Ransomware Task Force) Influential task force takes stock of...
Cyberespionage, straight out of Beijing, Teheran, and Moscow. Developments in the criminal underworld. Indictment in a dark web carder case.
An APT41 subgroup uses new techniques to bypass security products. Iranian cyberespionage group MuddyWater is using Managed Service Provider tools. Wipers reappear in Ukrainian networks. Meta observes and disrupts the new NodeStealer malware campaign. The City of Dallas is moderately affected by a ransomware attack. My conversation with Karin Voodla, part of the US State Departments Cyber fellowship program. Lesley Carhart from Dragos shares Real World Stories of Incident Response and Threat Intelligence. And theres been an indictment and a takedown in a major dark web carder case. For links to all of today's stories check out our CyberWire daily...
Iran integrates influence and cyber operations. ChatGPT use and misuse. Trends in the cyber underworld. Hybrid warfare and cyber insurance war clauses.
Iran integrates influence and cyber operations. ChatGPT use and misuse. Phishing reports increased significantly so far in 2023, while HTML attacks double. An update on the Discord Papers. Cyberstrikes against civilian targets. My conversation with our own Simone Petrella on emerging cyber workforce strategies. Tim Starks from the Washington Post joins me with reflections on the RSA conference. And, turns out, a war clause cannot be invoked in denying damage claims in the NotPetya attacks (at least not in the Garden State). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/85 Selected reading. Rinse...
From cryptostealers to CCTV exploits, from Magecart enhancements to coronation phishbait, cybercriminals have been active. (But so have law enforcement agencies.)
LOBSHOT is a cryptowallet stealer abusing Google Ads. Coronation phishbait. A known CCTV vulnerability is currently being exploited. T-Mobile discloses another, smaller data breach. New Magecart exploits. Preliminary lessons from cyber operations during Russia's war. Rob Boyce from Accenture shares insights from RSA Conference. Our special guest is NSA Director of Cybersecurity Rob Joyce. And Europol announces a major dark web market takedown. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/84 Selected reading. New LOBSHOT malware gives hackers hidden VNC access to Windows devices (BleepingComputer) New 'Lobshot' hVNC Malware Used by Russian Cybercriminals...
FDA warns of biomed device vulnerability. Ransomware's effects continue at US Marshals Service fugitive tracking. US DoJ shifts to disruption of cybercrime. GRU phishing. KillNets ask-me-anything.
The FDA warns of a vulnerability affecting biomedical devices. Ransomware's effects continue to trouble the US Marshals Service. The US Justice Department shifts how it deals with large scale cybercrime. Fresh phish from the GRU. Caleb Barlow looks at unicorns and zombiecorns. Our guest Manoj Sharma from Symantec explains the differences between Zero Trust and SASE. And KillNet runs an ask-me-anything session. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/83 Selected reading. Illumina cyber vulnerability may present risks for patient results (U.S. Food and Drug Administration) CISA, FDA warn of new Illumina DNA...
Perry Carpenter: Turning composition into computing. [Strategy] [Career Notes]
Perry Carpenter, Chief Evangelist and Strategy OfficeratKnowBe4and host of the 8th Layer Insights podcast,sits down to share his story trying different paths, before ultimately switching over to the cyber industry. After trying to go down the pathsof music and law and findingneither werewhat he wanted to do, he decided to take an internship to get more into computer programming.Thatledhim to getting his firstjob. After his first job, he moved onto other big name companies like Walmart, Alltel, and Gartner,and landingfinally with KnowBe4. He compares his work to working with music,when heinitially wanted to beginmaking music early in his career. He...
HinataBot focuses on DDoS attack. [Research Saturday]
This week our guests are, Larry Cashdollar, Chad Seaman and Allen West from Akamai Technologies, and they are discussing their research on "Uncovering HinataBot: A Deep Dive into a Go-Based Threat." The team discovered a new Go-based, DDoS-focused botnet. They found it was named after the popular anime show "Naruto," they are calling it "HinataBot" In the research it says "HinataBot was seen being distributed during the first three months of 2023 and is actively being updated by the authors/operators." Akamai was able to get a deep look into the malware works by using a combination of reverse engineering the...
Whats now being traded in the C2C markets. CISA would like comments on its software self-attestation form. And in Russias hybrid war, are there cyber war crimes, or real hacktivists?
Cl0p and LockBit exploit PaperCut vulnerability in ransomware campaigns. Infostealer traded in the C2C market. All ads are trying to get your money, but some just take it. CISA requests comment on software self-attestation form. Our guest is Marcin Kleczynski, CEO of Malwarebytes, sharing thoughts on the current threat landscape, attacks on students and academic institutions. Betsy Carmelite from Booz Allen, discussing themes from the RSAC tied into critical infrastructure resilience. Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes. And are there any genuine disinterested hacktivists on Russia's side, or are they all fronts? For...
Waging lawfare against criminal infrastructure. Notes from the cyber underworld. Hybrid war, and cyber ops across the spectrum of conflict. And what do the bots want? (Hint: kicks.)
Google targets CryptBot malware infrastructure. FIN7 attacked Veeam servers to steal credentials. Ransomware-as-a-service offering threatens Linux systems. Evasive Panda targets NGOs in China. Anonymous Sudan is active against targets in Israel. Russian ransomware operations aim at disrupting supply chains into Ukraine. Our guest is Stuart McClure, CEO of Qwiet AI. Microsofts Ann Johnson stops by with her take on the RSA conference. And bots want new kicks. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/81 Selected reading. Continuing our work to hold cybercriminal ecosystems accountable (Google) Google Disrupts Massive CryptBot Malware Operation (Decipher)...
BellaCiao from Tehran; PingPull from Beijing: two cyberespionage tools. SLP exploitation. Ransomware as an international threat. The state of hacktivism. Digital evidence or war crimes.
BellaCiao is malware from Iran's IRGC, while PingPull is malware used by the Chinese government affiliated Tarus Group. Ransomware continues to be a pervasive international threat. An overview of hacktivism. Our guest is CyberMindz founder Peter Coroneos, discussing the importance of mental health in cybersecurity. Johannes Ullrich shares insights from his RSAC panel discussions. And Ukraine continues to collect evidence of Russian war crimes. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/80 Selected reading. Unpacking BellaCiao: A Closer Look at Irans Latest Malware (Bitdefender Blog) Chinese Alloy Taurus Updates PingPull Malware (Unit 42)...
BlackCat follows Cl0p to GoAnywhere. Mirai gets an upgrade. Deterring cyber war. Homeland Secritys cyber priorities. Action against DPRK cryptocrooks. What KillNets up to.
BlackCat (ALPHV) follows Cl0p, exploiting the GoAnywhere MFA vulnerability. The Mirai botnet exploits a vulnerability disclosed at Pwn2Own. An RSAC presentation describes US response to Russian prewar and wartime cyber operations. The US Department of Homeland Security outlines cyber priorities. Andrea Little Limbago from Interos shares insights from her RSAC 2023 panels. US indicts, sanctions DPRK operators in crypto-laundering campaign. Our guest is Marc van Zadelhoff, CEO of Devo, with insights from the conference. And the latest on KillNet. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/79 Selected reading. BlackCat Ransomware Group Exploits...
Supply-chain attack's effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.
3CX is not the only victim in the recent supply chain attack. The PaperCut critical vulnerability is under active exploitation. The Bumblebee malware loader is buzzing around in the wild. A new unique malware toolkit called Decoy Dog. Rick Howard, CSO from N2K Networks, shares RSA Conference predictions and talks about his new book, "Cybersecurity First Principles." Our guest Theresa Lanowitz from AT&T Cybersecurity shares insights on Securing the Edge. And the alleged Discord Papers leaker shared earlier and more widely than previously known. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/78 Selected...
Maria Varmazis: Combining cyber and space. [Space] [Career Notes]
Maria Varmazis, N2K's Space Correspondent and host of N2K's newest podcast T-Minus, sits down to share her journey on combining her two passions of space and cyber. Maria grew up wanting to be an astronomer, in school she focused on joining anything with technology and enjoyed the classes that made her think. After transferring to a new college, she went into journalism, absolutely falling in love with the new career path she had made for herself. She got herself a job at Sophos and that's where she learned about cybersecurity. Now she discusses cyber and space in her new podcast,...
Master Gunnery Sergeant Scott Stalker from US Space Command: goals and risks in the digital space operating environment.
T-Minus Deep Space Guest Scott Stalker, Command Senior Enlisted Leader at US Space Command, shares how the combatant command is adapting to new challenges in the digital era of space operations, new operational concepts, and building the force to deter aggression. You can follow US Space Command on LinkedIn and Twitter, and you can follow MGySgt Scott Stalker on LinkedIn. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence briefing, Signals and Space, and youll never miss a beat. Audience Survey We want to hear from you!...
Don't let the Elon Musk crypto giveaway scam swindle you. [Research Saturday]
Shiran Guez from Akamai sits down with Dave to discuss their research on "Chatbots, Celebrities, and Victim Retargeting and Why Crypto Giveaway Scams Are Still So Successful." Researchers at Akamai have been on the lookout for crypto giveaway scams. These scams have been impersonating celebrities and brands, most notably Elon Musk and his associated companies. The research states "the scams are delivered through various social media platforms as well as direct messaging apps such as WhatsApp or Telegram." These scams have helped add to theexisting damages that exceed $1 billioncaused by crypto fraud. The research can be found here: Chatbots,...
Daggerfly swarms African telco. EvilExtractor described. Patriotic hacktivism in East Asia. Updates on Russia's hybrid war suggest that cyber warfare has some distinctive challenges.
Daggerfly APT targets an African telecommunications provider. EvilExtractor is an alleged teaching tool apparently gone bad. A Chinese speaking threat group is active against Taiwan and South Korea. Europes air traffic control is under attack. Cecilia Marinier from RSAC and Barmak Meftah, a judge of ISB, discuss the RSA innovation sandbox. Awais Rashid from University of Bristol on the cybersecurity of smart farming. Forget about those evil maids. What about these evil sys admins? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/77 Selected reading. Daggerfly: APT Actor Targets Telecoms Company in Africa (Symantec)...
Two-step supply-chain attack. Plugging leaks, in both Mother Russia and the Land of the Free and the Home of the Brave. Belarus remains a player in the cyber war.
The 3CX compromise involved a two-stage supply-chain attack. Impersonating ChatGPT. Russia's security organs say they're cracking down on leaks. Updates on the Discord Papers case. Belarus arrests a pro-Russian hacktivist. Rob Boyce from Accenture Security on Dark Web cyber criminals targeting CRM systems. Our guest is Mike Loewy from the Tide Foundation, with an innovative approach to distributed key security. And, is Minsk going wobbly on Moscow? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/76 Selected reading. 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean...
CISA Alert AA23-108A APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.
The UK National Cyber Security Centre (NCSC), NSA, CISA, and FBI are releasing this joint advisory to provide TTPs associated with APT28s exploitation of Cisco routers in 2021. AA23-108A Alert, Technical Details, and Mitigations Malware Analysis Report Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Centers...
Play ransomware's new tools. A look at what the GRUs been up to. US Air Force opens investigation into alleged leaker's Air National Guard wing. KillNets new hacker course: Dark School.
Play ransomware's new tools. Fancy Bear is out and about. Updates on Sandworm. Ransomware in Russia's war against Ukraine. The US Air Force opens an investigation into the alleged leaker's Air National Guard wing. The Washington Posts Tim Starks joins us with insights on the Biden administration's attempts to better secure the water supply. Carole Theriault chats with Cisco Talos' Vanja Svacjer about the threat landscape, now and tomorrow. And KillNets in the education business with a new hacker course: Dark School. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/75 Selected reading. Play...
A Symposium, a wet dress, a new fund, and its only Monday. [T-Minus Space Daily]
Brace yourselves, its Space Symposium week! Wet dress rehearsal for Starship. UK launches the International Bilateral Fund. Orbit Fab gets a series A round. Boeing announces their anti-jam payload for WGS. The FAA wants to balance air travel and space travel. Our interview with Steve Luczynski, Board Chair of the Aerospace Village, on their mission, programs, and upcoming activities at the RSA Conference next week. All this and more. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence briefing, Signals and Space, and youll never miss a...
Iranian threat actor exploits N-day vulnerabilities. Subdomain hijacking vulnerabilities. The Discord Papers. An update on Russias NTC Vulkan. And weather reports, not a Periodic Table.
An Iranian threat actor exploits N-day vulnerabilities. CSC exposes subdomain hijacking vulnerabilities. More on the Discord Papers. An update on Russias NTC Vulkan. Joe Carrigan on the aftermath of a $98M online investment fraud. Our guest is Blake Sobczak from Synack , host of the podcast WE'RE IN! And threat actor nomenclature: a scorecard, and a Periodic Table no more. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/74 Selected reading. Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets (Microsoft Security) An Iranian hacking group went on the offensive against U.S....
Developments in the Discord Papers, including notes on influencers and why they seek influence. Tax season scams. KillNets selling, but is anyone buying?
The alleged Discord Papers leaker has been charged. We look at how the Papers spread online. A life lived online as a security risk. US tax season scams, at the 11th filing hour. Caleb Barlow from Cylete on the layoffs in security that many thought would never happen. Maria Varmazis and Brandon Karpf share the launch of the new space podcast, T-Minus. And KillNet says its open for business. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/73 Selected reading. Inside the furious week-long scramble to hunt down a massive Pentagon leak (CNN Politics)...
Jack Chapman: Shielding against the bad guys. [Threat Intelligence] [Career Notes]
Jack Chapman, VP of Threat Intelligence at Egress sits down to share his story on how he found his way into the cybersecurity field as well as his journey creating a cybersecurity company that was successfully acquired. Jack previously co-founded anti-phishing company Aquilai and served as its Chief Technology Officer, working closely with the UKs intelligence and cyber agency GCHQ to develop cutting-edge product capabilities. Aquilai was acquired by Egress in 2021. Now he is working with Egress as what he calls their "chief bad guy," helping to shield his team from threats. He says "I'm probably what you call...
New Dero cryptojacking operation concentrates on locating Kubernetes. [Research Saturday]
Scott Fanning, Senior Director of Product Management, Cloud Security at CrowdStrike, sits down to talk about the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. The research defines Dero as "a cryptocurrency that claims to offer improved privacy, anonymity and higher and faster monetary rewards compared to Monero, which is a commonly used cryptocurrency in cryptojacking operations." CrowdStrike was the first organization to discover Dero, and has been observing the cryptojacking operation since the beginning of February 2023. The operation focuses mainly on locating Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening on non-standard ports accessible from...
"Read the Manual" and the ransomware-as-a-service market. Bitter APT against energy companies. Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Aan arrest in the Discord Papers case.
"Read the Manual" and the ransomware-as-a-service market. Bitter APT may be targeting Asia-Pacific energy companies. A Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Deepen Desai of Zscaler describesjob scams following tech layoffs. Our guest is Kelly Shortridge from Fastly with insights on the risks from bots. And theres been an arrest in the Discord Papers case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/72 Selected reading. Read The Manual Locker: A Private RaaS Provider (Trellix) Phishing Campaign Targets Chinese Nuclear Energy Industry (Intezer) Espionage campaign linked to Russian intelligence services (Baza wiedzy)...
Transparent Tribe seems to want peoples lab notes, and other stories of cyberespionage. The FBI warns of juicejacking. And the Discord leaker seems to have been a 20-something influencer.
Transparent Tribe expands its activity against India's education sector. A Lazarus sub-group is after defense sector targets. The FBI's Denver office warns of potential juicejacking. Legion: a Python-based credential harvester. The source of leaked US intelligence may be closer to identification. Johannes Ullrich from SANS explains upwork scams. Our guest is Charlie "Tuna" Moore of Vanderbilt University on the cyber lessons from Russias war on Ukraine. Canada responds to claims of Russian cyberattacks. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/71 Selected reading. Transparent Tribe (APT36) | Pakistan-Aligned Threat Actor Expands Interest in...
Patch Tuesday notes. Cyber mercenaries described. Voice security and fraud. CISAs update to its Zero Trust Maturity Model. Updates on Russias hybrid war against Ukraine.
Patch Tuesday update. Another commercial surveillance company is outed. Voice security and the challenge of fraud. CISA updates its Zero Trust Maturity Model. Effects of the US intelligence leaks. Our guest Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, outlines CISA's role in the cybersecurity community. Andr Keartland of Netsuritmakes the case for DevSecOps. Russian cyber auxiliaries believed responsible for disrupting the Canadian PM's website. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/70 Selected reading. Patch Tuesday overview. (CyberWire) DEV-0196: QuaDreams KingsPawn malware used to target civil society in Europe, North America,...
IAM trends. RagnarLocker as a critical infrastructure threat. AI hype as phishbait. Updates on the hybrid war: leaks and hacks.
Key trends in Identity Access Management. RagnarLocker and critical infrastructure. Cyber criminals capitalize on the AI hype. Updates on the leaked US classified documents, and speculation of whether Russian hackers compromised a Canadian gas pipeline. Ben Yelin describes a multimillion dollar settlement over biometric data. Microsofts Ann Johnson from Afternoon Cyber Tea talking about cyber paradigm shifts with Samir Kapuria. And a welcome to GCHQ's new boss. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/69 Selected reading. 4 key trends from the Gartner IAM Summit 2023 (Venture Beat) Threat Actor Spotlight: Ragnarlocker Ransomware...
A look at Irans MERCURY APT. Updates on Russia's hybrid war, including some apparent leaks and some apparent doxing. And notes on cloud security trends.
An Iranian APT MERCURY exploits known vulnerabilities. The US investigates apparent leaks of classified information about Russia's war against Ukraine. KillNet claims it has paralyzed NATO websites. More apparent doxing of the GRU. Britta Glade and Monica Koshgarian of RSA Conference talking about content curation. Grayson Milbourne from OpenText Cybersecurity hopes to remove shame from cyber attacks. And, finally, some notes on cloud security trends. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/68 Selected reading. MERCURY and DEV-1084: Destructive attack on hybrid environment (Microsoft Threat Intelligence) Leaked US battlefield intelligence on Ukraine is...
Karen Worstell: Keep your feet planted. [Strategy] [Career Notes]
Karen Worstell, Senior Cybersecurity Strategist from VMware sits down to share her journey and discusses her experience as a woman in cyber. Starting her career off as a chemist, after graduating with abachelor's degree in chemistry and a bachelor's degree in molecular biology, she took some time off to be with her family, she came back to a science field that was far more advanced than before she had left. She decided to go in another direction which led her to cyber. She started teaching herself programming and found she was very good at it. Now that she works in...
A dark side to LLMs. [Research Saturday]
Sahar Abdelnabi from CISPA Helmholtz Center for Information Security sits down with Dave to discuss their work on "A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models." There is currently a large advance in the capabilities of Large Language Models or LLMs, as well as being integrated into many systems, including integrated development environments (IDEs) and search engines. The research states, "The functionalities of current LLMs can be modulated via natural language prompts, while their exact internal functionality remains implicit and unassessable." This could lead them to be susceptible to targeted adversarial prompting, as well as...
Stopping Cobalt Strike abuse. Leaks are mingled with disinformation. Google offers advice for board members. Securing cars and their garages. CISA releases ICS advisories.
Preventing abuse of the Cobalt Strike pentesting tool. US investigates a leak of sensitive documents related to the war in Ukraine. Hacktivist activity continues. Google's advice for boards. Electronic lockpicks for electronic locks. Nexx security devices may have security flaws. Tesla employees reportedly shared images and videos from Teslas in the wild. Matt O'Neill from US Secret Service discussing investment crypto scams. Our guest is James Campbell of Cado Security on the challenges of a cloud transition. And CISA releases seven ICS advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/67 Selected reading....
New phishing techniques. Arrests in the Genesis Market case. APT43s Archipelago. Disinformation at the UN, and drop-shipping for Mother Russia.
New phishing techniques. Arrests in the Genesis Market case. APT43s Archipelago. Russia's turn in the Security Council chair immediately becomes an occasion for disinformation. Our guest is Nick Tausek from Swimlane to discuss supply chain attack trends. Tim Starks from the Washington Post has the latest on the DOJs attempts to disrupt cyber crime.And, make robo-love, not robo-war: nuisance-level hacktivism in the interest of Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/66 Selected reading. New Phishing Campaign Exploits YouTube Attribution Links, Cloudflare Captcha (Vade Security) Criminal Marketplace Disrupted in International Cyber Operation...
Genesis Market taken down. Proxyjackers exploit Log4j. Fast-encrypting Rorschach ransomware. More Killnet DDoS. Patch Zimbra now. Soft power and Russias hybrid war.
Genesis Market gets taken down. Proxyjackers exploit Log4j vulnerabilities. Fast-encrypting Rorschach ransomware uses DLL sideloading. Killnet attempts DDoS attacks against the German ministry. Carole Theriault ponders AI assisted cheating. Johannes Ullrich tracks malware injected in a popular tax filing website. Soft power and Russias hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/65 Selected reading. 'Operation Cookie Monster': International police action seizes dark web market (Reuters) Stolen credential warehouse Genesis Market seized by FBI (Register) FBI Seizes Bot Shop Genesis Market Amid Arrests Targeting Operators, Suppliers (KrebsOnSecurity) Genesis Market, one of worlds...
Cyber appeasement? Western Digital discloses cyberattack. Rilide malware is in active use. Mantis has new mandibles. Challenges of threat hunting. Small, medium, and large criminal enterprises.
Did "appeasement" embolden Russia's cyber operators? Western Digital discloses a cyberattack. Rilide is a new strain of malware in active use. The Mantis cyberespionage group uses new, robust tools and tactics. The challenges of threat hunting. Joe Carrigan has thoughts on public school systems making cyber security part of the curriculum. Our guest May Mitchell of Open Systems addresses closing the talent gap. And when it comes to criminal enterprise, size matters. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/64 Selected reading. Russia's shadow war: Vulkan files leak show how Putin's regime weaponises...
"Cylance" ransomware (no relation to Cylance). Update on the 3CX incident. The FSB's arrest of Evan Gershkovich. Ukrainian hacktivist social engineering in the hybrid war.
"Cylance" the ransomware (with no relation to Cylance, the security company). An update on the 3CX incident. The FSB's arrest of a Wall Street Journal reporter. Simone Petrella from N2K Networks unpacks 2023 cybersecurity training trends. Deepen Desai from Zscaler has the latest on cloud security. And Hacktivists claim to have tricked wives of Russian combat pilots into revealing personal information. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/63 Selected reading. "Cylance" ransomware (no relation to Cylance). (CyberWire Pro) New Cylance Ransomware Targets Linux and Windows, Warn Researchers (HackRead) New Cylance Ransomware strain...
Alon Jackson: Sometimes you feel like an octopus. [CEO] [Career Notes]
Alon Jackson, chief executive and Co-founder of Astrix Security, sits down to share his story to rising success. Before being on the vendor side of things, Jackson served in various strategic roles in the Cyber Security Division of the Israeli Military Intel Unit 8200 for more than 8 years, including leading the Cloud Security division and serving as the Head of the Cyber Security R&D Department. His experience in the military inspired him to learn more about the industry and jump to the private sector. Fast forward years later, he co-founded his company to help address security gaps seen in...
Blackfly flies back again. [Research Saturday]
Dick O'Brien from SymantecsThreat Hunter team discussestheir research on "Blackfly - Espionage Group Targets Materials Technology." Researchers say the Blackfly espionage group (aka APT41), has been mounting attacks against Asian materials and composite organizations in attempts to steal intellectual property. This group has been known as one of the longest known Chinese advanced persistent threat (APT) groups since at least 2010. The research shares that "early attacks were distinguished by the use of the PlugX/Fast (Backdoor.Korplug), Winnti/Pasteboy (Backdoor.Winnti), and Shadowpad (Backdoor.Shadowpad) malware families." The research can be found here: Blackfly: Espionage Group Targets Materials Technology Learn more about your ad...
A glimpse into Mr. Putins cyber war room. 3CXDesktopAppsupply chain risk. XSS flaw in Azure SFX can lead to remote code execution. AlienFox targets misconfigured servers.
The Vulkan papers offer a glimpse into Mr. Putins cyber war room. The 3CXDesktopApp vulnerability and supply chain risk. A cross site scripting flaw in Azure Service Fabric Explorer can lead to remote code execution. Rob Boyce from Accenture Security on threats toEV charging stations. Our guest is Steve Benton from Anomali Threat Research, sharing a less is more approach to cybersecurity. And AlienFox targets misconfigured servers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/62 Selected reading. A Look Inside Putin's Secret Plans for Cyber-Warfare (Spiegel) Secret trove offers rare look into Russian...
A major supply chain attack is underway. Ms Connor, call your office. Combosquatting. False positives fixed. Tanks dont work, so Russia tries more cyber. And, sadly. some official hostage-taking.
The 3CXDesktopApp is under exploitation in a supply chain campaign. An open letter asks for a pause in advanced AI development. All your grammar and usage are belong us. Combosquatting might fool even the wary. Defender had flagged Zoom and other safe sites as dangerous. Recognizing the importance of OSINT. Matt O'Neill from US Secret Service discussing his agencys cybersecurity mission. Our guest is Ping Li from Signifydwith a look at online fraud. And the FSB arrests a US journalist. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/61 Selected reading. 3CX DesktopApp Security...
Traffers and the threat to credentials. WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Piracy is patriotic.
Traffers and the threat to credentials. A newly discovered WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Ann Johnson from Afternoon Cyber Tea chats with EY principal Adam Malone. Our guest is Toni Buhrke from Mimecast with a look at the State of Email Security. And is piracy patriotic? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/60 Selected reading. Traffers and the growing threat against credentials (Outpost24 blog) WiFi protocol flaw allows attackers to hijack network traffic (BleepingComputer) Cross-chain bridge attacks. (CyberWire) 2023 Annual State of Email Security Report...
Twitter looks for a leaker. Insider risks. The state of resilience. Russian auxiliaries briefly disrupt a French National Assembly website. Cyber trends in the hybrid war. DPRK hacking, as it is.
Twitter gets a subpoena for a source-code leakers information. The insider risk to data. Russian hacktivist auxiliaries target the French National Assembly. Recent trends in cyberattacks sustained by Ukraine. Ben Yelin unpacks the White House executive order on spyware. Mr. Security Answer Person John Pescatore ponders the permanence of ransomware. And Cyberespionage and cybercrime in the interest of Pyongyangs weapons programs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/59 Selected reading. GitHub Suspends Repository Containing Leaked Twitter Source Code (SecurityWeek) Twitter takes down source code leaked online, hunts for downloaders (BleepingComputer) Annual Data...
Evolution of criminal scams (especially BEC). Law enforcement honeypots. ChatGPT data leak. Hybrid war updates.
IcedID is evolving away from its banking malware roots. An Emotet phishing campaign spoofs IRS W9s. The FBI warns of BEC scams. A Fake booter service as a law enforcement honeypot. Phishing in China's nuclear energy sector. Reports of an OpenAI and a ChatGPT data leak. Does Iran receive Russian support in cyberattacks against Albania? My conversation with Linda Gray Martin and Britta Glade from RSAC with a preview of this year's conference. Our own Rick Howard takes a field trip to the National Cryptologic Museum. And De-anonymizing Telegram. For links to all of today's stories check out our CyberWire...
An introduction to the National Cryptologic Museum. [Special Edition]
Rick Howard, N2Ks CSO and The CyberWires Chief Analyst and Senior Fellow, sits down with Director of the National Cryptologic Museum, Dr. Vince Houghton. The National Cryptologic Museum is the NSA's affiliated museum sharing the nation's best cryptologic secrets with the public. In this special episode, Rick interviews Dr. Houghton from within the walls of the National Cryptologic Museum, discussing the new and improved museum along with the new exhibits they uncovered during the pandemic.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Tanya Janca: Find a community who supports you. [CEO] [Career Notes]
Tanya Janca, CEO and Founder of We Hack Purple, sits down to talk about her exciting path into the field of cybersecurity. Trying several different paths in high school, she soon found she was good at computer science. When it came to picking a college, she knew that was the field she wanted to get into. After college, she was able to use her skills to work at a couple of different organizations, eventually getting into the Canadian government. While there, she held the position of CISO for the Canadian election in 2015 when Justin Trudeau was elected, but she...
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's...
Popunders are not the good kind of ads. [Research Saturday]
On this episode, Jrme Segura, senior threat researcher at Malwarebytes, shares his team's work, "WordPress sites backdoored with ad fraud plugin." WordPress is an immensely popular content management system (CMS) powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to search engine optimization (SEO) techniques to maximize their revenues. The Malwarebytes team discovered a few dozen WordPress blogs using the same plugin that mimics human activity by automatically scrolling a page and following links within it, all the while a number of ads were being loaded and refreshed....
Tools, alerts, and advisories from CISA. Reply phishing scams. Cl0p goes everywhere with GoAnywhere. EW in the hybrid war, and shields stay up.
A CISA tool helps secure Microsoft clouds.JCDC and pre-ransomware notification. CISA releases six ICS advisories. Reply phishing. Cl0p goes everywhere exploiting GoAnywhere. Russian electronic warfare units show the ability to locate Starlink terminals. Betsy Carmelite from Booz Allen Hamilton on the DoD's zero trust journey. Analysis of the National Cybersecurity strategy from our special guests, Adam Isles, Principal at the Chertoff Group and Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology with the National Security Council. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/57 Selected reading....
Pyongyangs intelligence services have been busy in cyberspace. Hacktivists exaggerate the effects of their attacks on OT. Ghostwriter is back. A twice-told tale: ineffective cyberwar campaigns.
DPRK threat actor Kimsuky uses a Chrome extension to exfiltrate emails, while ScarCruft prospects South Korean organizations. Hacktivists' claims of attacks on OT networks may be overstated. Ghostwriter remains active in social engineering attempts to target Ukrainian refugees. Joe Carrigan has cyber crime by the numbers. Our guest is Christian Sorensen from SightGain with analysis of the cyber effects of Russias war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/56 Selected reading. North Korean hackers using Chrome extensions to steal Gmail emails (BleepingComputer) Joint Cyber Security Advisory (Korean) (BundesamtfuerVerfassungsschutz) North Korean APT group...
Detecting sandbox emulations. VEC supply chain attacks. Updates from the hybrid war. CISA and NSA offer IAM guidance. Other CISA advisories. Baphomet gets cold feet after all.
Malware could detect sandbox emulations. A VEC supply chain attack. A new APT is active in Russian-occupied sections of Ukraine.An alleged Russian patriot claims responsibility for the D.C. Health Link attack. CISA and NSA offer guidance on identity and access management (IAM). Tim Starks from the Washington Post has analysis on the BreachForums takedown. Our guest is Ryan Heidorn from C3 Integrated Solutions with a look at the CMMC compliance timeline. And Baphomet backs out. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/55 Selected reading. ZenGo uncovers security vulnerabilities in popular Web3 Transaction...
Threat group with novel malware operates in SE Asia. Data theft extortion rises. Key findings of Cisco's Cybersecurity Readiness Index. iPhones no longer welcome in Kremlin. Russian cyber auxiliaries & privateers devote increased attention to healthcare.
Threat group with novel malware operates in Southeast Asia. Data theft extortion on the rise. Key findings of Cisco's Cybersecurity Readiness Index. iPhones are no longer welcome in the Kremlin. Russian cyber auxiliaries and privateers devote increased attention to the healthcare sector. Chris Eng from Veracode shares findings of their Annual Report on the State of Application Security. Johannes Ullrich from SANS Institute discusses scams after the failure of Silicon Valley Bank. And BreachForums seems to be under new management. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/54 Selected reading. NAPLISTENER: more bad...
Cl0p ransomware at Hitachi Energy. Alleged TikTok surveillance of journalists. Hacktivist auxiliary hits Indian healthcare records. Cyberattack on Latitude: update. BreachForums arrest.
Cl0p ransomware hits Hitachi Energy. The US Department of Justice investigates ByteDance in alleged surveillance of journalists. A Hacktivist auxiliary hits Indian healthcare records. Pirated software is used to carry malware. The Effects of cyberattack on Latitude persist. Adam Meyers from CrowdStrike shares findings from the 2023 CrowdStrike Global Threat Report. Rick Howard has the latest preview of CSO Perspectives. And Pompompurin is arrested for an alleged role in BreachForums. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/53 Selected reading. Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer) Hitachi Energy Group...
Kathleen Smith: Translating the cyber world. [CMO] [Career Notes]
Kathleen Smith, CMO fromClearedJobs.Net, sits down to share her story as she remembers having big shoes to fill in her childhood. She strived for greatness at an early age, as her parents told her she would be going to college and would follow strong guidelines to become successful. Kathleen can remember being into the hard sciences when she was in school, which sparked an interest in becoming a biochemist and law student. Eventually she found her passion as a translator, saying that "doing the translator role, I wanted to get into international marketing and I was going on to get...
CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint advisory to share known LockBit 3.0 ransomware IOCs and TTPs identified through FBI investigations as recently as March 2023. AA23-075A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP...
Bar Block, Threat Intelligence Researcher at Deep Instinct, joins Dave to discuss their work on "ChatGPT and Malware - Making Your Malicious Wishes Come True." Deep Instinct goes into depth on just how dangerous ChatGPT can be in the wrong hands as well as how artificial intelligence is better at creating malware than providing ways to detect it. Researchers go on to explain how the AI app can be used in the wrong hands saying "Examples of malicious content created by the AI tool, such as phishing messages, information stealers, and encryption software, have all been shared online." The research...
Some movement in the cyber underworld. Vishing impersonates the US Social Security Administration. More SVB-themed phishing. And compromise without user interaction.
BianLian gangs pivot. HinataBot is a Go-based threat. The US Social Security Administration is impersonated in attempted vishing attacks. BlackSnake in the RaaS criminal market. More Silicon Valley Bank-themed phishing. Caleb Barlow from Cylete on security implications you need to consider now about Chat GPT. Our guest is Isaac Roth from LeakSignal with advice on securing the microservices application layer. And Russian operators exploit an Outlook vulnerability. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/52 Selected reading. BianLian Ransomware Gang Continues to Evolve ([redacted]) Uncovering HinataBot: A Deep Dive into a Go-Based Threat...
CISA warns of Telerik vulnerability exploitation. Cloud storage re-up attacks. Phishing tackle so convincing it will deceive the many. Cyber developments in Russia's hybrid war.
Telerik exploited, for carding (probably) and other purposes. Cloud storage re-up attacks. Cybercriminals use new measures to avoid detection of phishing campaigns. "Winter Vivern" seems aligned with Russian objectives. Microsoft warns of a possible surge in Russian cyber operations. Boss Sandworm. Johannes Ullrich from SANS talking about malware spread through Google Ads. Our guest is David Anteliz from Skybox Security with thoughts on federal government cybersecurity directives. And don't fear the Reaper. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/51 Selected reading. Threat Actors Exploited Progress Telerik Vulnerability in U.S. Government IIS Server...
CISA Alert AA23-074A Threat actors exploit progress telerik vulnerability in U.S. government IIS server. [CISA Cybersecurity Alerts]
CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint Cybersecurity Advisory to provide IT infrastructure defenders with TTPs, IOCs, and methods to detect and protect against recent exploitation against Microsoft Internet Information Services web servers. AA23-074A Alert, Technical Details, and Mitigations AA23-074A STIX XML MAR-10413062-1.v1 Telerik Vulnerability in U.S. Government IIS Server Telerik: Exploiting .NET JavaScriptSerializer Deserialization (CVE-2019-18935) ACSC Advisory 2020-004 Bishop Fox CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI Volexity Threat Research: XE Group GitHub: Proof-of-Concept Exploit for CVE-2019-18935 Microsoft: Configure Logging in IIS GitHub: CVE-2019-18935 No-cost cyber hygiene services: Cyber...
Patch Tuesday notes. SVB's and the cybersecurity sector. SVR's APT29 is phishing for access to information. Trends in the Russo-Ukraine cyberwar. LockBit counts coup (says LockBit).
Patch Tuesday notes. Silicon Valley Bank's collapse and its effects on the cybersecurity sector. SVR's APT29 used a Polish state visit to the US as phishbait. Regularizing hacktivist auxiliaries. Our guest is Crane Hassold from Abnormal Security with a look at threats to email. Grayson Milbourne from OpenText Cybersecurity addresses chaos within the supply chain. And LockBit claims to have compromised an aerospace supply chain. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/50 Selected reading. March 2023 Patch Tuesday: Updates and Analysis (CrowdStrike) Microsoft Releases March 2023 Security Updates (Cybersecurity and Infrastructure Security...
Silicon Valley Bank as phishbait. An attack superhighway. Unauthorized software in the workplace. YoroTrooper, a new cyberespionage threat actor. Hacktivists game, too. How crime pays.
Expect phishing, BEC scams, and other social engineering to use Silicon Valley Bank lures. An "attack superhighway." Unauthorized software in the workplace. A new cyberespionage group emerges. Squad up (but not IRL). Ben Yelin unpacks the FBI directors recent admission of purchasing location data. Ann Johnson from Afternoon Cyber Tea speaks with Jason Barnett from HCA Healthcare about cyber resilience. And, not that youd consider a life of crime, but what are the gangs paying cyber criminals, nowadays? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/49 Selected reading. SVB's collapse and the potential...
Coping with Silicon Valley Bank's collapse. BatLoader's abuse of Google Search Ads. More on Emotets re-emergence. Medusa rising. NetWire collared. More-or-less quiet on the cyber front.
Coping with Silicon Valley Bank's collapse. BatLoader's abusing Google Search Ads. More on Emotets re-emergence. Reflections on Medusa rising. An international law enforcement action against NetWire. Rob Shapland from Falanx Cyber on ethical hacking and red teaming. Bryan Ware from LookingGlass looks at exploited vulnerabilities in the US financial sector. And in Ukraine, its more-or-less quiet on the cyber front (but in Estonia and Georgia, not so much). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/48 Selected reading. One of Silicon Valley's top banks fails; assets are seized (AP NEWS) US, UK try...
Bat El Azerad: Find your niche to bring to the table. [CEO] [Career Notes]
Bat El Azerad, CEO and Co-founder of mobile phishing protection companynovoShield, shares her personal account of her experience as a female leader in the cybersecurity field as well as some insights into how far the industry has come and where it is headed in terms of the gender gap. Bat El speaks about how she grew into her role of becoming a CEO, by sharing where she started and how she got involved with novoShield. She share's that being a woman in this industry can be tough and so she shares some advice, saying "so you have to be very...
Files stolen from a sneaky SymStealer. [Research Saturday]
Ron Masas of Imperva discussestheir work, the"Google Chrome SymStealer Vulnerability.How to Protect Your Files from Being Stolen." By reviewing the ways the browser handles file systems, specifically searching for common vulnerabilities relating to how browsers process symlinks, the Imperva Red Team discovered that when files are dropped onto a file input, its handled differently. Dubbing it as CVE-2022-40764, researchers found a vulnerability that "allowed for the theft of sensitive files, such as crypto wallets and cloud provider credentials." In result, over 2.5 billion users of Google Chrome and Chromium-based browserswere affected. The research can be found here: Google Chrome SymStealer...
Cybercrime and cyberespionage: IceFire, DUCKTAIL, LIGHTSHOW, Remcsos, and a tarot card reader. US cyber budgets, strategy, and a DoD cyber workforce approach. Five new ICS advisories.
New IceFire version is out. A DUCKTAIL tale. Social engineering by Tehran. DPRK's LIGHTSHOW cyberespionage. The President's Budget and cybersecurity. The US Department of Defense issues its cyber workforce strategy. Remcos surfaces in attacks against Ukrainian government agencies. DDoS at a Ukrainian radio station. Dave Bittner sits down with Beth Robinson of Bishop Fox to share their 2023 Offensive Security Resolutions. Caleb Barlow from Cylete onthe security implications of gigapixel images. And CISA releases five ICS advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/47 Selected reading. IceFire Ransomware Returns | Now Targeting...
PlugX is now wormable. Compromised webcams found. Emotet is back. AI builds a keylogger. Cyber in the hybrid war. BEC comes to productivity suites.
A wormable version of the PlugX USB malware is found. Compromised webcams as a security threat. Emotet botnet out of hibernation. Proof-of-concept: AI used to generate polymorphic keylogger. Turning to alternatives as conventional tactics fail. Dave Bittner speaks with Eve Maler of ForgeRock to discuss how digital identity can help create a more secure connected car experience. Johannes Ullrich from SANS on configuring a proper time server infrastructure. And Phishing messages via legitimate Google notifications. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/46 Selected reading. A border-hopping PlugX USB worm takes its act...
Data breaches and IP. Current cyberespionage campaigns. A warning that the cyber phases of the hybrid war cant be expected to be over, yet. Exfiltration via machine learning inference.
CISA adds three known exploited vulnerabilities to its Catalog. A data breach at Acer exposes intellectual property. Sharp Panda deploys SoulSearcher malware in cyberespionage campaigns. US Cyber Commands head warns against underestimating Russia in cyberspace. Dave Bittner sits down with Simone Petrella of N2K Networks to discuss the recently-released Defense Cyber Workforce Framework. Betsy Carmelite from Booz Allen Hamilton speaks about CISA's year ahead. And are large language models what the lawyers call an attractive nuisance. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/45 Selected reading. CISA Adds Three Known Exploited Vulnerabilities to...
A new threat to routers. DoppelPaymer hoods collared. Ransomware hits a Barcelona hospital. Phishing in productivity suites. Espionage, hacktiism, and prank phone calls.
HiatusRAT exploits business-grade routers. International law enforcement action against the DoppelPaymer gang. Ransomware hits a major Barcelona hospital. Productivity suites are increasingly attractive as phishing grounds. Transparent Tribes romance scams. Cyberattacks briefly disrupt Russian websites and media outlets. Ashley Leonard, CEO of Syxsense, sits down with Dave to discuss their "Advancing Zero Trust Priorities'' report. Joe Carrigan on a warning from Microsoft about a surge in token theft. And trolling for disinfo raw material. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/44 Selected reading. Black Lotus Labs uncovers another new malware that targets...
That crane might know what youre shipping. Addressing the cybersecurity of water systems. Oaklands ransomware incident is now a breach. Hybrid war. Investment scams.
Cranes as a security threat. EPA memo addresses cybersecurity risks to water systems. Oakland's ransomware incident becomes a data breach. Carding rises in the Russian underworld. Sandworm's record in Russia's war. Rick Howard sits down with Andy Greenberg from Wired to discuss how Ukraine suffered more data-wiping malware last year than anywhere, ever. Dave Bittner speaks with Kathleen Smith of ClearedJobs.Net to talk about hiring veterans and setting them (and yourself) up for success. And AIs latest misuse: bogus investment schemes. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/43 Selected reading. WSJ News...
Gabriela Smith-Sherman: Thriving in the chaos. [Cyber governance] [Career Notes]
Gabriela Smith-Sherman, a former Federal agency CISO with over 15 years of experience in leading and implementing comprehensive enterprise cybersecurity programs and initiatives, sits down to share her journey. She is a U.S. combat disabled veteran who understands the importance of mission and is dedicated to delivering high-quality results and value to customers through innovative solutions. Gabriela shares about her time in the military and how her being apart of the service was one of the best decisions she made and dedicates all her hard work to her time in the military. She also shares how it was tough getting...
New exploits are tricking Chrome. [Research Saturday]
Dor Zvi, Co-Founder and CEO from Red Access to discuss their work on "New Chrome Exploit Lets Attackers Completely Disable Browser Extensions." A recently patched exploit is tricking Chrome browsers on all popular OSs to not only give attackers visibility of their targets browser extensions, but also the ability to disable all of those extensions. The research states the exploit consists of a bookmarklet exploit that allows threat actors to selectively force-disable Chrome extensions using a handy graphical user interface making Chrome mistakenly identify it as a legitimate request from the Chrome Web Store. The research can be found here:...
More on how the US will implement its new National Cybersecurity Strategy. Emissary Panda and Mustang Panda are back. Responding to phishing. Royal ransomware. Water utility security.
Implementing the US National Cybersecurity Strategy. The US National Cybersecurity Strategy was informed by lessons from Russia's war. Two threat actors from China up their game. Responding to a phishing campaign. #StopRansomware: Royal Ransomware. CISA releases five ICS advisories. Sameer Jaleel, Kent State University Associate CIO on closing functionality gaps and creating a safer digital environment for students.Johannes Ullrich from SANS on establishing an "End of Support" inventory.EPA issues a memo on water system cybersecurity. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/42 Selected reading. National Cybersecurity Strategy (The White House) US cyber...
CISA Alert AA23-061A #StopRansomware: Royal ransomware.
CISA and FBI are releasing this joint advisory to disseminate known Royal ransomware IOCs and TTPs identified through recent FBI threat response activities. AA23-061A Alert, Technical Details, and Mitigations AA23-061A STIX XML Royal Rumble: Analysis of Royal Ransomware (cybereason.com) DEV-0569 finds new ways to deliver Royal ransomware, various payloads - Microsoft Security Blog 2023-01: ACSC Ransomware Profile - Royal | Cyber.gov.au See Stopransomware.gov, a whole-of-government approach, for ransomware resources and alerts. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening...
CISA Alert AA23-059A CISA red team shares key findings to improve monitoring and hardening of networks. [CISA Cybersecurity Alerts]
The Cybersecurity and Infrastructure Security Agency is releasing this Cybersecurity Advisory detailing activity and key findings from a recent CISA red team assessmentin coordination with the assessed organizationto provide network defenders recommendations for improving their organization's cyber posture. AA23-059A Alert, Technical Details, and Mitigations No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Centers DIB Cybersecurity Service Offerings, including Protective Domain Name System...
CyberWire commentary: Ukraine one year on. [Special Edition]
CyberWire Daily podcast host Dave Bittner is joined by CyberWire editor John Petrik for an extended discussion about the Russian invasion of Ukraine and its effect on cybersecurity at the one year anniversary. John and his team have covered the Ukrainian conflict with daily news stories since the invasion began, and in fact, had quite a lot of coverage prior to the invasion. They take stock of where things stand, what has happened, and what we expected versus reality.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The US National Cybersecurity Strategy is out, and we have a preliminary look. CISA red-teams critical infrastructure. A new cryptojacker is out. Russia bans messaging apps. Hacktivist auxiliaries.
The White House releases its US National Cybersecurity Strategy. Red-teaming critical infrastructure. Redis cryptojacker discovered. Russia bans several messaging apps. Our guest is Kapil Raina from CrowdStrike with the latest on Threat Hunting. Dinah Davis from Arctic Wolf on the top healthcare industry cyber attacks. And hacktivist auxiliaries continue their nuisance-level activities. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/41 Selected reading. National Cybersecurity Strategy (The White House) FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy (The White House) Biden administration releases new cybersecurity strategy (AP NEWS) White House pushes for mandatory regulations,...
How an attack led to a breach that enabled further social engineering. Forensic visibility in the Google Cloud Platform. Hacktivist auxiliaries. Two 8Ks and a free decryptor.
The LastPass data breach built on an earlier attack. Forensic visibility and the Google Cloud Platform. An overview of hacktivist auxiliaries in Russia's war against Ukraine. Dish acknowledges sustaining a cyberattack. MKS Instruments discloses a ransomware incident. Carole Theriault has a lesson about ChatGPT and school systems. Ann Johnson from Afternoon Cyber Tea speaks with Stacy Hughes from Voya Financial about her journey to being CISO. And Bitdefender releases a decryptor for MortalKombat ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/40 Selected reading. LastPass sustains a second data breach. (CyberWire) Incident 2...
Data breach at the US Marshals Service. Blind Eagle phishes in the service of espionage. Dish investigates its outages. Qakbot delivered via OneNote files. Memory-safe coding.
The US Marshals Service sustains a data breach. Blind Eagle is a phish hawk. Dish continues to work toward recovery. OneNote attachments are used to distribute Qakbot. Ben Yelin has analysis on the Supreme Courts hearing on a section 230 case. Mr Security Answer Person John Pescatore has thoughts on Chat GPT. And CISA Director Easterly urges vendors to make software secure-by-design. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/39 Selected reading. U.S. Marshals Service investigating ransomware attack, data theft (BleepingComputer) US Marshals says prisoners personal information taken in data breach (TechCrunch) Blind...
Artificial intelligence behaving badly? Or just tastelessly? Third-party risks. Signs that the advantage may be tilting toward the defender.
Social engineering with generative AI.Mylobot and BHProxies. PureCrypter is deployed against government organizations and staged through Discord. Dish Network reports disruption. Third-party app and software as a service risk. Further assessments of the cyber phase of Russia's war so far, with warnings to stay alert. Are tough times coming in gangland? Comments on NIST's revisions to its Cybersecurity Framework are due this Friday. AJ Nash from ZeroFox on Mis/Dis/and Malinformation. Rick Howard digs into Zero Trust. And get thisAI is writing science fiction! For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/38 Selected reading....
Mike Fey: Highs are high and lows are low. [CEO] [Career Notes]
Mike Fey, CEO and co-founder of Island.io, joins to share his story, falling in love with technology and being fascinated by it at a young age. Mike quickly started working for companies where he grew in his role, becoming CTO of McAfee and then GM of the Enterprise business, stepping out to then become president and COO of Blue Coat, which was eventually acquired by Symantec, eventually wanting to get into his own business. He shares that being a small business owner is a lot of hard work and very tiring at times, he says "especially in a startup, the...
The next hot AI scam. [Research Saturday]
Andy Patel from WithSecure Labs joins with Dave to discuss their study that demonstrates how GPT-3 can be misused through malicious and creative prompt engineering. The research looks at how this technology, GPT-3 and GPT-3.5, can be used to trick users into scams. GPT-3 is a user-friendly tool that employs autoregressive language to generate versatile natural language text using a small amount of input that could inevitably interest cybercriminals. The research is looking for possible malpractice from this tool, such as phishing content, social opposition, social validation, style transfer, opinion transfer, prompt creation, and fake news. The research can be...
A look at the cyber aspects of Russias war, on the first anniversary of the invasion of Ukraine. And a few notes from elsewhere in cyberspace.
CISA advises increased vigilance on the first anniversary of Russia's war. CERT-UA reports current Russian cyberattacks were prepared in December 2021. How the war has changed the cyber underworld. Air raid alerts sound in nine Russian cities; Russia blames hacking. Our space correspondent Maria Varmazis speaks withZhanna Malekos Smith at the Center for Strategic & International Studies about a new security agreement between Japan and the US. Kathleen Smith of ClearedJobs.Net clears misperceptions about the cleared space. And Dole continues recovery from ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/37 Selected reading....
Hybrid war and cyber espionage. Ransomware in the produce aisle. Bypassing security filters in a BEC campaign. Identity-based attacks. Avoid pirated software. And what the bots have been scalping.
Cyberattacks in Russia's war so far, and their future prospects. The Lazarus Group may be employing a new backdoor. Clasiopa targets materials research organizations. Ransomware interferes with food production. Evernote is used in a BEC campaign to bypass security filters. Identity-based cyberattacks. Pirated versions of Final Cut Pro deliver cryptominers. Caleb Barlow has thoughts on Twitter, Mudge, and lessons learned. Marc Van Zadelhoff from Cyber CEOs Decoded podcast speaks with Amanda Renteria, CEO of Code for America, about attracting diverse talent. And what have the scalperbots been up to, lately. For links to all of today's stories check out our...
Vulnerabilities newly exploited in the wild. A new cyberespionage campaign. Trends in the C2C marketplace. Hacktivists, other auxiliaries, and the laws of armed conflict.
CISA adds three entries to its Known Exploited Vulnerabilities Catalog. "Hydrochasma" is a new cyberespionage threat actor. IBM claims the biggest effect of cyberattacks in 2022 was extortion. Social network hijacking in the C2C market. A credential theft campaign against data centers. LockBit claims an attack on a water utility in Portugal. Tim Starks from the Washington Post describes calls to focus on harmonizing cyber regulations. Our guest is Luke Vander Linden, host of the RH-ISAC Podcast. Disrupting Mr. Putin's speech, online, and what the hybrid war suggests about the future of cyber auxiliaries. For links to all of today's...
GoDaddy's compromise. Twitter disables SMS authentication for all but blue-checked users. Deutsche DDoS. Is Bing channeling Tay?
GoDaddy has discovered a compromise of its systems. Twitter disables SMS authentication for those not subscribed to Twitter Blue. Last weeks cyber incident impacting German airports was confirmed to be DDoS. The consequences of cyber irregular participation in cyber wars. Semiconductor tech giant Applied Materials sees significant financial losses from a cyberattack. Joe Carrigan on scammers dangling fake job offers to students. Our guests are Max Shuftan & Monisha Bush from the SANS Institute, on the reopening of their HBCU Cyber Academy application window. And is Bing channeling Tay? For links to all of today's stories check out our CyberWire...
Modernizing the U.S. Navy's cybersecurity posture. [Special Edition]
Dave Bittner had a conversation with Commander Brandon Campbell of US Navy Cyber Defense Operations Command and Captain Steve Correia, Commanding Officer of Naval Network Warfare Command. They discussed the Navys cybersecurity advances and how they have implemented them. Commander Brandon Campbell is the former Operations Director at Navy Cyber Defense Operations Command and Task Force 1020where theyprotect, detect, and respond to global cyber threats against Navy networks. Captain J. Steve Correia is the Commanding Officer of Naval Network Warfare Command and the Commander of Task Force 1010 under the U.S. Navys Fleet Cyber Command where they execute tactical-level command...
Rachel Tobac: Find a way to laugh. [CEO] [Career Notes]
Rachel Tobac, CEO from SocialProof Security sits down to share her amazing story on becoming what's known in the industry as an ethical hacker and CEO of a company. Rachel shares how she was always fascinated with spy movies and as she grew older that fascination turned into a real desire. Finding out she liked learning how the human brain works, she decided to start off in neuroscience. Wanting a change and with the help of her husband she was able to start getting more into hacking, finding she loved the fact that she was pretending to be someone to...
Implementing and achieving security resilience. [Research Saturday]
Wendy Nather from Cisco sits down with Dave to discuss their work on "Cracking the Code to Security Resilience: Lessons from the Latest Cisco Security Outcomes Report." The report describes what security resilience is, while also going over how companies can achieve this resilience. Wendy talks through some of the key findings based off of the report, and after surveying 4,751 active information security and privacy professionals from 26 countries, we find out some of the top priorities to achieving security resilience. From there the research goes on to explain from the findings which data-backed practices lead to the outcomes...
FBI Investigates a network incident. Developments in cybercrime. DDoS against German airports. US forms a Disruptive Technology Strike Force. CISA releases 15 ICS advisories.
The FBI is investigating incidents on its networks. Frebniis backdoors Microsoft servers. ProxyShell vulnerabilities are used to install a cryptominer. Havoc's post-exploitation framework. Atlassian discloses a data breach. German airports sustain a cyber incident. An Aspen Institute report concludes that cyber assistance benefits Ukraine. US announces "Disruptive Technology Strike Force." Robert M. Lee from Dragos on the value of capture the flag events. Our guests are Commander Brandon Campbell of US Navy Cyber Defense Operations Command and Captain Steve Correia, Commanding Officer of Naval Network Warfare Command. And CISA releases fifteen ICS advisories. For links to all of today's stories...
APT37 has some new tricks. Multilingual BEC attacks. A look at the cyber phases of Russias war, and how being a crime victim may now be another way of serving the state. Influencers behaving badly.
North Korea's APT37 is distributing M2RAT. Multilingual BEC attacks, and how they happen.Assessing the cyber phase of Russia's war as the first anniversary of the invasion approaches. Killnet's attempt to rally hacktivists and criminals to the cause of Russia. Dinah Davis from Arctic Wolf describes continuous network scanning. Our guest is Dr. Inka Karppinen of CybSafe with a look at cyber security through the lens of a behavioral psychologist. And Grand Theft Auto is now also a TikTok challenge. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/32 Selected reading. RedEyes hackers use new...
A look at the SideWinder APT. GoAnywhere vulnerability exploited in the wild. Ransomware rampant. Hacktivism in Russias hybrid war. Patch Tuesday notes.
SideWinder is an APT with possible origins in India. MortalKombat ransomware debuts. The GoAnywhere zero day was exploited in a data breach. Belarusian Cyber-Partisans release Russian data. Betsy Carmelite from Booz Allen Hamilton shares an overview of cyber deception. Our guest is Ashley Allocca from Flashpoint with a look at the Breaches and Malware Threat Landscape. And notes on Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/31 Selected reading. Molted skin: APT SideWinder 2021 campaign that targeted over 60 companies in the Asia-Pacific (Group-IB) New MortalKombat ransomware and Laplas Clipper malware...
Blender is back, but now DBA Sinbad (still working for the Lazarus Group). Cyberespionage notes. Hacktivism. ICS threats. Valentines Day scams.
"Blender" reappears as "Sinbad." A Tonto Team cyberespionage attempt against Group-IB is thwarted. DarkBit claims responsibility for a ransomware attack on Technion University. An overview of ICS and OT security. Ben Yelin looks at surveillance oversight at the state level. Ann Johnson from Afternoon Cyber Tea speaks with Marene Allison about the CISO transformation. And its Valentine's Day, that annual holiday of love, chocolate, flowers, and online scams. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/30 Selected reading. Has a Sanctioned Bitcoin Mixer Been Resurrected to Aid North Koreas Lazarus Group? (Elliptic Connect)...
Known Exploited Vulnerabilities. Fools gold. Hacktivists come in both dissident and loyal varieties. Naming and shaming the shameless.
CISA adds to its Known Exploited Vulnerabilities Catalog. Cl0p claims responsibility for GoAnywhere exploitation. Victims mine for gold; attackers use pig butchering tactics. Hacktivists disrupt Iranian television during Revolution Day observances. Killnet claims a DDoS attack against NATO earthquake relief efforts. CyberWire UK Correspondent Carole Theriault asks what can we learn from the recent Roomba privacy snafu? Rick Howard looks at first principles we considered along the way. And can you name and shame the shameless? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/29 Selected reading. CISA Adds Three Known Exploited Vulnerabilities to...
Jaden Dicks: It is never too early to start. [CyberVista intern] [Career Notes]
Jaden Dicks, a new intern at CyberVista, a company that merged with CyberWire to become N2K Networks, shares his story as a young man growing up trying to get into the cyber community. From a very young age, Jaden hoped to become part of the cybersecurity field, He recalls growing up constantly being surrounded by technology, and now with the help of Urban Alliance, Jaden was able to secure this internship with CyberVista. Urban Alliance is a nonprofit that connects young adults with paid work experiences, such as internships to help them bridge the gaps between education and the workforce....
Knocking down the legs of the industrial security triad. [Research Saturday]
Pascal Ackerman, OT Security Strategist from Guidepoint Security, joins Dave to discuss his work on discovering a vulnerability in the integrity of common HMI client-server protocol. This research is a Proof of Concept (PoC) attack on the integrity of data flowing across the industrial network with the intention of intercepting, viewing, and even manipulating values sent to (and from) the HMI, ultimately trying to trick the user into making a wrong decision, ultimately affecting the proper operation of the process. In this research, they are targeting Rockwell Automations FactoryTalk View SE products, trying to highlight the lack of integrity and...
US, RoK agencies outline DPRK ransomware. Reddit breached. ICS and IIoT issues. Its almost Valentines Day. Have you noticed? (The hoods have.)
US and Republic of Korea agencies outline the DPRK ransomware threat. Reddit is breached. CISA releases six ICS advisories. Flaws are found in IIoT devices. Dinah Davis from Arctic Wolf shares cybersecurity stats every IT professional should know. Our guest is Kayla Williams from Devo autonomous SOCs. And, its almost Valentines Day. Have you noticed? (The hoods have.) For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/28 Selected reading. #StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities (CISA) #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities (CISA) U.S.,...
CISA Alert AA23-040A #StopRansomware: ransomware attacks on critical infrastructure fund DPRK malicious cyber activities. [CISA Cybersecurity Alerts]
CISA, NSA, FBI, the US Department of Health and Human Services, the Republic of Korea National Intelligence Service, and the Republic of Korea Defense Security Agency are issuing this alert to highlight ongoing ransomware activity against Healthcare and Public Health Sector organizations and other critical infrastructure sector entities. AA23-040A Alert, Technical Details, and Mitigations CISAs North Korea Cyber Threat Overview and Advisories webpage. Stairwell provided a YARA rule to identify Maui ransomware, and a Proof of Concept public RSA key extractor at the following link: https://www.stairwell.com/news/threat-research-report-maui-ransomware/ See Stopransomware.gov, a whole-of-government approach, for ransomware resources and alerts. No-cost cyber hygiene services:...
Cyberespionage, from war floating to phishing. An update on ESXiArgs. Fresh sanctions against ransomware operators, and more takedowns may be in the offing.
War-floating. A phishing campaign pursues Ukrainian and Polish targets. Pakistan's navy is under cyberattack. A new criminal threat-actor uses screenshots for recon. ESXiArgs is widespread, but its effects are still being assessed. The UK and US issue joint sanctions against Russian ransomware operators. Robert M. Lee from Dragos addresses attacks to electrical substations. Our guest is Denny LeCompte from Portnox discussing IoT security segmentation strategies. And is LockBit next on law enforcements wanted list? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/27 Selected reading. Chinese Balloon Had Tools to Collect Communications Signals, U.S....
CISA and the FBI are releasing this alert in response to the ongoing ransomware campaign, known as ESXiArgs. Malicious actors are exploiting known vulnerabilities in VMware ESXi servers that are likely running unpatched and out-of-service or out-of-date versions of VMware ESXi software to gain access and deploy ransomware. AA23-039A Alert, Technical Details, and Mitigations CISA has released an ESXiArgs recovery script at github.com/cisagov/ESXiArgs-Recover VMware Security Response Center (vSRC) Response to 'ESXiArgs' Ransomware Attack Enes Sonmez and Ahmet Aykac, YoreGroup Tech Team: decrypt your crypted files in See Stopransomware.gov, a whole-of-government approach, for ransomware resources and alerts. No-cost cyber hygiene services:...
An ICS update from CISA. Ransomware notes: LockBit, Clop, and ESXiArgs. Vulnerability in Toyotas GSPIMS. Two new Russian cyberespionage efforts hit Ukraine. And a direction for US privacy policy.
CISA releases an ICS security advisory affecting a smart facility system. LockBit threatens to release Royal Mail data tomorrow. Cl0p ransomware expands to Linux-based systems. A vulnerability is identified in Toyota's GSPIMS. Theres an ESXiArgs update: new trackers and mitigation tools are available. Russia is running two new cyberespionage campaigns against Ukraine. Our guest is Roya Gordon from Nozomi Networks discusses the ICS Threat Landscape. And The Washington Posts Tim Starks provides analysis on last nights State of the Union. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/26 Selected reading. CISA Releases One...
Update: VMware ESXi exploitations. Super Bowl cyber risks. Scalping bots. The curious case of the Moscow billboards.
VMware ESXi exploitations. Super Bowl cyber risks. Scalping bots. The curious case of the Moscow billboards. Joe Carrigan tracks pig butchering apps in online app stores. Our guest is David Liebenberg from Cisco Talos, to discuss incident response trends. And, in sportsball, its gonna be the Chiefs by a couple of hat tricks, or something. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/25 Selected reading. Ransomware Hits Unpatched VMware Systems: 'Send Money Within 3 Days' (Virtualization Review) Massive ransomware attack targets VMware ESXi servers worldwide (CSO Online) CISA steps up to help VMware...
Unpatched VMware ESXi instances attacked. Okatpus is back. Update on LockBits ransomware attack on ION. Charlie Hebdo hack attributed to Iran.
New ransomware exploits a VMware ESXi vulnerability. Roasted 0ktapus squads up. LockBit says ION paid the ransom. Russian cyber auxiliaries continue attacks against healthcare organizations. Attribution on the Charlie Hebdo attack. Deepen Desai from Zscaler describes recent activity by Ducktail malware. Rick Howard looks at cyber threat intelligence. And the top US cyber diplomat says his Twitter account was hacked. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/24 Selected reading. Ransomware Gang in Trading Hack Says Ransom Was Paid (Bloomberg) Regulators weigh in on ION attack as LockBit takes credit (Register) Russian hackers...
Yasmin Abdi: Find your community. [Security Engineer] [Career Notes]
Yasmin Abdi, a Security Engineering Manager at Snapchatand the CEO and Founder of NoHack,sits down to share her story on how she got to be inheramazingcurrentroles.From a youngage,Yasmin was fascinated by the overlap of cybersecurity and crime and law.In her time in college,she was able to intern at big tech companieslikeSnapchat, Google, and Facebook. She decided to stick with Snapchat, which had the security aspect and security composure that she wanted.In her roleat Snapchat,she gets to work with her team to help take down allkinds of bad contentandkeepup the platformsintegrity, andfoundshe fell in love with the work along the way....
Shift Left: A case for threat-informed pentesting. [CyberWire-X]
Penetration testing is a vital part of a robust security program, but the traditional pentesting model is in a rut. Assessments happen infrequently, the scope is often very broad, and the report is usually overwhelming. What if you could increase the overall ROI of your pentesting program and avoid these limitations? Every penetration test should have specific goals. Coverage of the MITRE ATT&CK framework or the OWASP Top Ten is a great start, but a pentest could provide exponential value by applying a more strategic approach. In this episode of CyberWire-X, the CyberWires Rick Howard and Dave Bittner discuss what...
Can ransomware turn machines against us? [Research Saturday]
Tom Bonner and Eoin Wickens from HiddenLayer's SAI Team to discuss their research on weaponizing machine learning models with ransomware. Researchers at HiddenLayersSAI Teamhave developed a proof-of-concept attack for surreptitiously deploying malware, such as ransomware or Cobalt Strike Beacon, via machine learning models. The attack uses a technique currently undetected by many cybersecurity vendors and can serve as a launchpad for lateral movement, deployment of additional malware, or the theft of highly sensitive data. In this research the team raising awareness by demonstrate how easily an adversary can deploy malware through a pre-trained ML model. The research can be found...
Cyberespionage, and ransomware as misdirection. A new Python-based supply chain attack. Traffic on the Static Expressway. KillNet continues to plague hospitals. And Telegram may be compromised.
CISA has released six ICS Advisories. A look at a North Korean cyberespionage campaign. ChatGPT and its attack potential. A new Python-based supply chain attack. Theres traffic on the Static Expressway: ClickFunnels seen in use for redirection. KillNet continues its campaign against hospitals. Ransomware as misdirection for cyberespionage. Part two of my conversation with Kathleen Smith of ClearedJobs.Net discussing trends in the cleared space. Our guest is Eric Bassier of Quantum talking about the multi-layered approach to ransomware protection. And Russian surveillance extends to Telegram chats. For links to all of today's stories check out our CyberWire daily news briefing:...
Cisco fixes vulnerabilities in ICS appliances. NISTs anti-phishing guidelines. OneNote exploitation. HeadCrab malware. Recent actions by Russian threat actors. Trends in state-directed cyber ops.
Cisco patches a command injection vulnerability. NIST issues antiphishing guidance. HeadCrab malware's worldwide distribution campaign. The Gamaredon APT is more interested in collection than destruction. Kathleen Smith of ClearedJobs.Net looks at hiring trends in the cleared community. Bennett from Signifyd describes the fraud ring thats launched a war on commerce against U.S. merchants. And trends in cyberattacks by state-sponsored actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/22 Selected reading. Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover (Dark Reading) Phishing Resistance Protecting the Keys to Your Kingdom (NIST) OneNote...
How the C2C market sustains ransomware gangs. In Russias war, intelligence services deploy wipers, and hacktivist auxiliaries handle the DDoS. And a look into other corners of the cyber underworld.
Microsoft tallies more than a hundred ransomware gangs. Sandworm's NikoWiper hits Ukraine's energy sector. Mobilizing cybercriminals in a hybrid war. Firebrick Ostrich and business email compromise. Telegram is used for sharing stolen data and selling malware. Crypto scams find their way into app stores. Bryan Vorndran of the FBI Cyber Division outlines the services the FBI provides during an incident response. Ann Johnson from Afternoon Cyber Tea speaks with actor producer Tim Murck about the intersection of cyber awareness and storytelling. And we are shocked - shocked! - that there are fraudulent cyber professional credentials circulating online. For links to...
The cybercriminal labor market and the campaigns its supporting. Russias Killnet is running DDoS attacks against US hospitals, but Russia says, hey, its the real victim here.
Some perspective on the cybercriminal labor market. DocuSign is impersonated in a credential-harvesting campaign. Social engineering pursues financial advisors. Killnet is active against the US healthcare sector. Mr. Security Answer Person John Pescatore has thoughts on cryptocurrency. Ben Yelin and I debate the limits of section 230. And, hey, whos the real victim in cyberspace? A hint: probably not you, Mr. Putin. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/20 Selected reading. Perspectives on the cybercriminal labor market. (CyberWire). IT specialists search and recruitment on the dark web (Securelist) Cybercrime job ads on...
Criminal evolutions, disgruntled insiders, and gangsta wannabes. New wiper attacks hit Ukrainian targets, with less effect than the first rounds early last year. And support your local hacktivist?
Gootloader's evolution. Yandex source code leaked (and Yandex blames a rogue insider). New GRU wiper malware is active against Ukraine. Latvia reports cyberattacks by Gamaredon. Russia and the US trade accusations of malign cyber activity. A hacktivist auxiliary's social support system. Deepen Desai from Zscaler describes the Lilithbot malware. Rick Howard looks at chaotic simians. And wannabes can be a nuisance, too: LockBit impersonators are seen operating in northern Europe. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/19 Selected reading. Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations (Mandiant) Yandex denies...
Charlie Moore: Pilot to head honcho in cyber. [Cyber Command] [Career Notes[
Our guest, Charlie Moore, is a recently retired USAF Lieutenant General who sits down to share his story from flying high in the air to becoming a bigwig in the cyber community. He was most recently the Deputy Commander of the United States Cyber Command, and also spent part of his career as a human factors engineer working on human interfaces for fighter aircraft. When he first began his Air Force career, he was a member of the last class entering into the Academy that was not issued desktop computers. Charlie discusses how this changed as the year went on...
Interview with the AI, part one. [Special Editions]
Cybersecurity interview with ChatGPT. In part one of CyberWires Interview with the AI, Brandon Karpf interviews ChatGPT about topics related to cybersecurity. Rick Howard joins Brandon to analyze the conversation and discuss potential use cases for the cybersecurity community. ChatGPT is a chatbot launched by OpenAI and built on top of OpenAIs GPT-3 family of large language models. Cyber questions answered by ChatGPT in part one of the interview. What were the most significant cybersecurity incidents up through 2021? What leads you to characterize these specific events as significant? What were the specific technical vulnerabilities associated with these incidents? Who...
Roya Gordon from Nozomi Networks sits down with Dave to discuss their research on "Vulnerabilities in BMC Firmware Affect OT/IoT Device Security." Researchers at Nozomi Networks has revealed that there are thirteen vulnerabilities that affect BMCs of Lanner devices based on the American Megatrends (AMI) MegaRAC SP-X. The research states "By abusing these vulnerabilities, an unauthenticated attacker may achieve Remote Code Execution (RCE) with root privileges on the BMC, completely compromising it and gaining control of the managed host." As well as mentioning what patches could be in the future to help fix these vulnerabilities. The research can be found...
An update on the Hive ransomware takedown. More DDoS from Killnet. Advisories from CISA, and an addition to the Known Exploited Vulnerabilties Catalog.
An update on the takedown of the Hive ransomware gang, plus insights from CrowdStrikes Adam Meyers.If you say youre going to unleash the Leopards, expect a noisy call from Killnet. Our guest is ExtraHop CISO Jeff Costlow talking about nation-state attackers in light of ongoing Russian military operations. CISA has released eight ICS advisories, and the agency has also added an entry to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/18 Selected reading. Cybercriminals stung as HIVE infrastructure shut down (Europol) U.S. Department of Justice Disrupts Hive Ransomware...
Remote monitoring and management tools abused. Russian and Iranian cyberespionage reported. The world according to the CIO. And if volume is your secret, maybe look for a better secret.
Joint advisory warns of remote monitoring and management software abuse. Iranian threat actors reported active against a range of targets. UK's NCSC warns of increased risk of Russian and Iranian social engineering attacks. A look at trends, as seen by CIOs. Carole Theriault ponders health versus privacy with former BBC guru Rory Cellan Jones. Kyle McNulty, host of the Secure Ventures podcast shares lessons from the cybersecurity startup community. And the DRAGONBRIDGE spam network is disrupted. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/17 Selected reading. CISA, NSA, and MS-ISAC Release Advisory on...
CISA Alert AA23-025A Protecting against malicious use of remote monitoring and management software. [CISA Cybersecurity Alerts]
CISA, NSA, and the MS-ISAC are releasing this alert to warn network defenders about malicious use of legitimate remote monitoring and management software. AA23-025A Alert, Technical Details, and Mitigations For a downloadable copy of IOCs, see AA23-025.stix Silent Push uncovers a large trojan operation featuring Amazon, Microsoft, Geek Squad, McAfee, Norton, and Paypal domains No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration...
TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.
How do the North Koreans get away with it? They do run their cyber ops like a creepy start-up business. A spoofing vulnerability is discovered in Windows CryptoAPI. Python-based malware is distributed via phishing. MacOS may have a reputation for threat-resistance, but users shouldn't get cocky.DevSecOps survey results show tension between innovation and security. Russian hacktivist auxiliaries hit German targets. Tim Starks from the Washington Post Cyber 202 shares insights from his interview with Senator Warner. Our guest is Keith McCammon of Red Canary to discuss cyber accessibility. And Private sector support for Ukraine's cyber defense. For links to all...
Cyber Marketing Con 2022: From the horses mouth: CISO Q&A on solving the cyber marketers dilemma. [Special Editions]
At the 2022 Cyber Marketing Con, the CyberWire presented a CISO Q&A panel session on how to help cyber marketers reach CISOs and other security executives in the industry. The panel included Rick Howard, CSO of N2K Networks, Jaclyn Miller, Head of InfoSec and IT at DispatchHealth, Ted Wagner, CISO of SAP NS2, and was moderated by board director & and operating partner, Michelle Perry. Listen in as the panel discusses: What works and doesnt work in getting a security executives attention. Message trust, message fatigue, and what you can do about it. Trusted information sources and how security executives...
Disentangling cybercrime from cyberespionage. A threat to the IoT supply chain. What do you do with the hacktivists when they stop being hacktivists? A retired FBI Special Agent is indicted.
DragonSpark conducts "opportunistic" cyberattacks in East Asia. ProxyNotShell and OWASSRF exploit chains target Microsoft Exchange servers. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. CISA adds an entry to its Known Exploited Vulnerabilities Catalog. A Cisco study finds organizations see positive returns from investment in privacy. What's the hacktivist's postwar future? Joe Carrigan tracks a romance scam targeting seniors. Our guest is Pete Lund of OPSWAT to discuss the security of removable media devices. And a retired G-Man is indicted on multiple charges. For links to all of today's stories check out our CyberWire daily...
Contractor error behind FAA outage. OneNote malspam. Vastflux ad campaign disrupted. Ukraine moves closer to CCDCOE membership. Alerts for gamblers and gamers.
The FAA attributes its January NOTAM outage. Malicious OneNote attachments are appearing in phishing campaigns. The Vastflux ad campaign has been disrupted. Ukraine moves toward closer cybersecurity collaboration with NATO. Rick Howard considers the best of 2022. Deepen Desai from Zscaler looks at VPN Risk. And, finally, were betting you want alerts for sports book customers and online gamers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/14 Selected reading. FAA Says Contractor Unintentionally Caused Outage That Disrupted Flights (Wall Street Journal) Not a cyberattack, but an IT failure: the FAA's NOTAM outage. (CyberWire)...
Miriam Wugmeister: Technology's not as complicated as you think. [Data Security] [Career Notes]
Miriam Wugmeister, co-chair ofMorrison & FoerstersPrivacy and Data Security practice,sits down to share her in-depth experience and understanding of privacy and data security laws, obligations, and practices across a wide range of industries. She talks about how she grew up not knowing exactly what she wanted to get into as a profession,starting offas a chemical engineeringmajor in college before switching to philosophy. She then got asked to work on a project relating to a companysprivacyandfell in love with the subject matter,deciding thento pursue it as a career. Miriam mentions how technology is not as complicated as tech people might have...
The power of web data in cybersecurity. [CyberWire-X]
The public web data domain is a fancy way to say that there is a lot of information sitting on websites around the world that is freely available to anybody whohas the initiative to collect it and use it for some purpose. When you do that collection, intelligence groups typically refer to it as open source intelligence, or OSINT. Intelligence groups have been conducting OSINT operations for over a century if you consider books and newspapers to be one source of this kind of information. In the modern day, hackers conduct OSINT operations in order to recon their potential victims...
Billbug infests government agencies. [Research Saturday]
Brigid O. Gorman from Symantec's Threat Hunter Team joins Dave to discuss their report "Billbug - State-sponsored Actor Targets Cert Authority and Government Agencies in Multiple Asian Countries." The team has discovered that state-sponsored actors compromised a digital certificate authority in an Asian country during a campaign in which multiple government agencies were also targeted. The research states they believe Billbug, which is a long-established advanced persistent threat (APT) group has been active since about 2009. They say "In activity documented by Symantec in 2019, we detailed how the group was using a backdoor known as Hannotog (Backdoor.Hannotog) and another...
Ransomware in Costa Rica. Cyberespionage against unpatched FortiOS instances. Credential stuffing PayPal, breaching T-Mobile. Utility business systems hit. Hackathons and phishing in Russia.
Ransomware hits Costa Rican government systems, again. A Chinese threat actor deploys the BOLDMOVE backdoor against unpatched FortiOS. Credential stuffing afflicts PayPal users. T-Mobile discloses a data breach. A cyberattack hits a remote Canadian utility. The Wagner Group sponsors a hackathon. Malek Ben Salem from Accenture describes prompt injection for chatbots. Our guest is Paul Martini of iboss with insights on Zero Trust. And the FSBs Gamaredon APT runs ahands-on Telegraph phishing campaign against Ukrainian targets. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/13 Selected reading. Bolster Your Company Defenses With Zero Trust...
Criminal-on-criminal action in the dark web. The cyber phases of the hybrid war heat up. ICS vulnerabilities. Codespaces and malware servers. Blank-image attacks. Social engineering.
A hostile takeover of the Solaris contraband market. Ukraine warns that Russian cyberattacks continue. An overview of 2H 2022 ICS vulnerabilities. Codespaces accounts can act as malware servers. Blank-image attacks. Campaigns leveraging HR policy themes. Dinah Davis from Arctic Wolf has tips for pros for security at home. Our guest is Gerry Gebel from Strata Identity describes a new open source standard that aims to unify cloud identity platforms. And travel-themed phishing increases. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/12 Selected reading. Friday the 13th on the Dark Web: $150 Million Russian...
ICS securityvulnerabilities, mitigations, and threats. A Chinese APT prospects Iranian targets. The persistence of nuisance-level hacktivism. And war takes a toll on the criminal economy.
CISA adds to its Known Exploited Vulnerability Catalog. Attacks against industrial systems. DNV is recovering from ransomware.Chinese cyberespionage is reported against Iran. The persistence of nuisance-level hacktivism. Robert M. Lee from Dragos outlines pipeline security. Our guest is Yasmin Abdi from Snap on bringing her team up to speed with zero trust. And a side-effect of Russia's war: a drop in paycard fraud. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/11 Selected reading. Bolster Your Company Defenses With Zero Trust Edge (iBoss) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) GE Digital...
Phishing campaigns (one uses mobilization as phishbait). Credential-stuffing attack affects Norton LifeLock users. Trends in security. Azure SSRF issues fixed. Calls for a digital UN.
A Phishing campaign impersonates DHL. Conscription and mobilization provide criminals with phishbait for Russian victims. Norton LifeLock advises customers that their accounts may have been compromised. Trends in data protection. Veracode's report on the state of software application security. Ben Yelin looks at NSO groups attempt at state sovereignty. Ann Johnson from Afternoon Cyber Tea speaks with Microsofts Chris Young about the importance of the security ecosystem. And Ukraine calls for a "digital United Nations." For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/10 Selected reading. Cloud 9: Top Cloud Penetration Testing Tools (Bishop...
Gene Fay: Lead from the front. [CEO] [Career Notes]
Gene Fay, CEO of ThreatX sits down to share his experience rising through the ranks to get to where he is today. He shares how even at a young age he wanted to work in an office and become a businessman, though at the time he did not understand what that entailed. After college he acquired a job that was revolutionizing video editing for post-production studios as well as TV stations, where he started to really learn about technology. Gene talks about leading from the front and how a good leader will always do so, even if he has to...
DUCKTAIL waddles back again. [Research Saturday]
Mohammad Kazem Hassan Nejad from WithSecure joins Dave to discuss the teams research, DUCKTAIL returns - Underneath the ruffled feathers. DUCKTAIL is a financially motivated malware operation that targets individuals and businesses operating on the Facebook Ads and Business platform. The research states The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account. WithSecure has found that after a short hiatus, DUCKTAIL has returned with slight changes in their mode of operation. The research can be found here: DUCKTAIL returns: Underneath the ruffled feathers Learn more about...
Updates on the hybrid war, and on the incidents at the Royal Mail, the FAA, and the Guardian. Royal ransomware exploits Citrix vulnerability. CISAs annual report is out.
GitHub disables NoName accounts. Russia dismisses reports of cyberespionage attempts against US National Laboratories. The Royal Mail cyber incident is now identified as ransomware attack. An update on the NOTAM issues that interfered with civil aviation. A Citrix vulnerability is exploited by ransomware group. CISA publishes its annual report. Bryan Vorndran of the FBI Cyber Division calibrates expectations with regard to the IC3. Our guest is Kayne McGladrey with insights on 2023 from the IEEE. And Positive Hack Days and the growing isolation of Russia's cyber sector. For links to all of today's stories check out our CyberWire daily news...
Trojanized VPN installers circulate in Iran. A trip down the static expressway. Hacktivism-for-profit. IT incidents disrupt NOTAMs and Royal Mail. HR phishbait.
Iranian VPN users are afflicted by Trojanized installation apps. Phishing on the static expressway. NoName057(16) hacktivist auxiliaries target NATO. Yesterdays flight outage appears not to have been caused by a cyberattack. Royal Mail is disrupted by a "cyber incident." Carole Theriault thinks Meta needs to step up their game when blocking financial scams. Our guest is Mark Sasson from Pinpoint Search Group to discuss why cybersecurity may no longer be a candidate-driven market.And HR phishbait dangles raises, and some employees bite. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/8 Selected reading. EyeSpy -...
Notes on patches. Dark Pink industrial cyberespionage campaign in Asia. Kinsing cryptojacking. Hacktivist DDoS against Iran. Healthcare cyber risk management. Pokmon NFTs.
Patch Tuesday. CISA releases two ICS Advisories and makes some additions to its Known Exploited Vulnerabilities Catalog. Dark Pink APT is active against Asian targets. Kinsing cryptojacking targets Kubernetes instances. Ukrainian hacktivists conduct DDoS against Iranian sites. Risk exposure and a hospital's experience with ransomware. The Health3PT initiative seeks to manage 3rd-party risk. Tim Starks from the Washington Posts Cyber 202 on cyber rising to the level of war crime. Our guest is Connie Stack, CEO of Next DLP, on the path to leadership within cyber for women. And phishing with Pokmon NFTs. For links to all of today's stories...
Some trends in threats and defense. The possibility of cyber war crimes. RSAC innovation showcases are open for application. And common KEVs in the financial sector.
A look back at ransomware in 2022. Lessons from Russia's war: crooks, hacktivists, and auxiliaries. Cyberattacks as war crimes. The state of SSE adoption. RSA Conference 2023 opens applications for the Launch Pad and the Innovation Sandbox. Joe Carrigan looks at online scams targeting military members. Our guest is Richard Caralli from Axio on the State of Ransomware Preparedness. And the most common known exploited vulnerabilities affecting the financial sector. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/6 Selected reading. Ransomware trends: 2022. (CyberWire) State of Ransomware Preparedness Research Study: 2022 (Axio) Kyiv...
Social engineering shenanigans, by both crooks and spies. Suing social media over alleged mental health damages. And how to earn an F.
Telegram impersonation affects a cryptocurrency firm. Phishing with Facebook termination notices. Russian phishing continues to target Moldova. The IEEE on the impact of technology in 2023. Glass ceilings in tech leadership. Seattle Schools sue social media platforms. Malek Ben Salem from Accenture explains coding models. Our guest is Julie Smith, identity security leader and executive director at IDSA, with insights on identity and security strategies. And dealing with the implications of ChatGPT. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/5 Selected reading. Impact of Technology in 2023 and Beyond (IEEE) Telegram insider server...
Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]
Teresa Rothaar, a governance, risk, and compliance (GRC) analyst at Keeper Security sits down to share her story, from performer to cyber. She fell in love with writing as a young girl, she experimented with writing fanfiction which made her want to grow up to be in the arts. After attending college she found that she was good at math, lighting the way for her to start her cyber career. Teresa moved to being a writer at Keeper, finding she wanted to spread out and try more, so she ended up becoming an analyst while still doing writing on the...
Stealer malware from Russia. [Research Saturday]
Marisa Atkinson, ananalystfrom Flashpoint,joins Dave to discuss a new blog post from Flashpoints research team about RisePro Stealer, malware from Russia, and Pay-Per-Install Malware PrivateLoader. RisePro is written in C++andappears to possess similar functionality to the stealer malware Vidar. It's also a newly identified stealer, that began appearing as a stealer source for log credentials on the illicit log shop Russian Market on December 13, 2022. The research states, "Samples that Flashpoint analysts identified indicate that RisePro may have been dropped or downloaded by the pay-per-install malware downloader service PrivateLoader in the past year." Analysts identified several sets of logs...
CISA releases three ICS Advisories. Squealing cars. Rotate your secrets. Russian cyberespionage updates.
Security vulnerabilities in automobiles. CircleCI customers should "rotate their secrets." CISA Director Easterly notes Russian failures, but warns that shields should stay up. Attempted cyberespionage against US National Laboratories. Turla effectively recycles some commodity malware infrastructure. Robert M. Lee from Dragos shares his outlook on ICS for the new year. Our CyberWire Space correspondent Maria Varmazis interviews Diane Janosek from NSA about her research on space-cyber. And the Guardian continues to recover from last month's ransomware attack. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/4 Selected reading. Hitachi Energy UNEM (CISA) Hitachi Energy...
PurpleUrchins freejacking. Bluebottle versus the banks. A supply-chain attack on a machine-learning framework. The ransomware leaderboard. And cyber ops in a hybrid war.
The PurpleUrchin freejacking campaign. Bluebottle activity against banks in Francophone Africa. The PyTorch framework sustains a supply-chain attack. 2022's ransomware leaderboard. Cellphone traffic as a source of combat information.FBI Cyber Division AD Bryan Vorndran on the interaction and collaboration of federal agencies in the cyber realm. Our guest Jerry Caponera from ThreatConnect wonders if we need more "Carrots" Than "Sticks" In Cybersecurity Regulation. And two incommensurable views of information security. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/3 Selected reading. An analysis of the PurpleUrchin campaign. (CyberWire) PurpleUrchin Bypasses CAPTCHA and Steals Cloud...
Terms of service and GDPR. LastPass breach update. GhostWriter resurfaces in action against Poland and its neighbors. Cellphones, opsec, and rocket strikes.
Ad practices draw a large EU fine (and may set precedents for online advertising). Updates on the LastPass breach, and on Russian cyber activity against Poland. Malek Ben Salem from Accenture explains smart deepfakes. Our guest is Leslie Wiggins, Program Director for Data Security at IBM Security on the role of the security specialist. And cellphones, opsec, and the Makiivka strike. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/2 Selected reading. Metas Ad Practices Ruled Illegal Under E.U. Law (New York Times) Meta Fined More Than $400 Million in EU for Serving Ads...
DPRK cyber ops. Poland warns of Russian cyber activity. Twitters data incident. A crypto trading exchange is rifled. Ransomware shuts down the Port of Lisbon. Small business opportunities.
Recent DPRK cyber operations: spying and theft. Twitters data incident. 3Commas breached. Poland warns of increased Russian offensive cyber activity. Port of Lisbon hit by ransomware. DHS announces SBIR topics. New additions to the Known Exploited Vulnerabilities Catalog. Ben Yelin on the legal conundrum of AI generated code. Our guest is Tanya Janca from She Hacks Purple with insights on API security. And, news flash! LockBit says they have a conscience. (Yeah, right.) For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/1 Selected reading. Recent DPRK cyber operations: spying and theft. (CyberWire) Twitter targeted...
Software supply chain management: Lessons learned from SolarWinds. [CyberWire-X]
Between the emergence of sophisticated nation-state actors, the rise of ransomware-as-a-service, the increasing attack surface remote work presents, and much more, organizations today contend with more complex risk than ever. A Secure-by-Design approach can secure software environments, development processes and products. That approach includes increasing training for employees, adopting zero trust, leveraging Red Teams, and creating a unique triple-build software development process. SolarWinds calls its version of this process the "Next-Generation Build System," and offers it as a model for secure software development that will make supply chain attacks more difficult. On this episode of CyberWire-X, host Rick Howard, N2Ks...
Women in Cybersecurity panel: A discussion on hidden figures of cyber skills gap. [Special Edition]
On Thursday October 20, 2022, the CyberWire was pleased to host the annual Women in Cybersecurity Reception at the International Spy Museum in Washington, DC. This annual event brought together almost 300 people to highlight and celebrate the value and successes of women in the cybersecurity industry. The reception included an industry-led panel discussion called The Hidden Impact of Cybersecuritys Talent Gap on the Cyber-Enabled Community, discussing cyber-enabled professionals who arent usually included in conversations around the cybersecurity skills gap. The panel, moderated by Simone Petrella of CyberVista, included perspectives from experts including Davida Gray of MindPoint Group, Jennifer Walsmith...
Encore: LemonDucks evading detection.
Scott Fanning from CrowdStrike's research team, joins Dave to discuss their work on "LemonDuck Targets Docker for Cryptomining Operations." LemonDuck is a well-known cryptomining botnet, and the research suggests attackers are attracted to the monetary gain from the recent boom in cryptocurrency. LemonDuck was caught trying to disguise its attack against Docker by running an anonymous mining operation by the use of proxy pools. Scott shares how its unknown which organizations have been targeted and just how much cryptocurrency has been stolen. The research can be found here: LemonDuck Targets Docker for Cryptomining Operations Learn more about your ad choices....
Interview Select: Nick Schneider of Arctic Wolf discusses why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors.
SHOW NOTES
This interview from October 28th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Nick Schneider of Arctic Wolf to discuss why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Sisters, grifters, and shifters. [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
Interview Select: Diana Kelley, CSO & Co-founder of Cybrize to discuss the need for innovation and entrepreneurship in cybersecurity.
This interview from September 16th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Diana Kelley, CSO & Co-founder of Cybrize to discuss the need for innovation and entrepreneurship in cybersecurity.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Interview Select: MK Palmore from Google Cloud talks about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.
This interview from September 30th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with MK Palmore from Google Cloud to talk about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Research Briefing: Spearphishing against Japanese political entities. Trojanized Windows 10 installers target Ukraine. XLL files abused to deliver malware.
Spearphishing against Japanese political entities. Trojanized Windows 10 installers target Ukraine. XLL files abused to deliver malware.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire: The 12 Days of Malware.[Special Editions]
Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game!Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of...
Encore: Vulnerabilities in IoT devices.
Dr. May Wang, CTO of IoT Security at Palo Alto Networks, joins Dave Bittner to discuss their findings detailed in Unit 42's "Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization" research. Unit 42 recently set out to better understand how well hospitals and other healthcare providers are doing in securing smart infusion pumps, which are network-connected devices that deliver medications and fluids to patients. This topic is of critical concern because security lapses in these devices have the potential to put lives at risk or expose sensitive patient data. Unit 42's discovery of security gaps in three out...
PolyVice and Royal ransomware make nuisances of themselves. US warns that KillNet can be expected to go after the healthcare sector. CISAs plans for stakeholder engagement.
The Vice Society may be upping its marketing game. Royal ransomware may have a connection to Conti. Royal delivers ransom note by hacked printer. KillNet goes after healthcare. CISA's Stakeholder Engagement Strategic Plan. Adam Meyers from CrowdStrike looks at cyber espionage. Giulia Porter from RoboKiller does not want to talk to you about your cars extended warranty. And holiday wishes to all. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/245 Selected reading. Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development (SentinelOne) Vice Society ransomware gang switches to new custom...
Online fraud, some targeting shoppers and investors, others going after e-commerce retailers. Updates on the cyber phases of Russias hybrid war.
The FBI warns of malicious advertising. A new gang makes an unwelcome appearance in the holiday season. Ukraine will receive more Starlink terminals after all. Cyber phases of the hybrid war: a view from Kyivthe bears and their adjuncts are opportunistic agents of chaos. Caleb Barlow thinks boards of directors need to up their cyber security game. Our guest is AJ Nash from ZeroFox with a look at legislative restrictions on TikTok.And reports say that US National Cyber Director Chris Inglis is preparing to retire. We wish him the best of luck. For links to all of today's stories check...
Developing a banking Trojan into a newer, more effective form. Cyberattacks on media outlets. Abuse of AWS Elastic IP transfer. Notes on the hybrid war. And cybercrooks are inspired by Breaking Bad.
The Godfather banking Trojan has deep roots in older code. FuboTV was disrupted around its World Cup coverage. The Guardian has been hit with an apparent ransomware attack. A threat actor abuses AWS Elastic IP transfer. Moldova may be receiving more Russian attention in cyberspace. CISA releases six industrial control system advisories. Ben Yelin looks at legislation addressing health care security. Our guest is Hugh Njemanze of Anomali with advice on preparing for the holiday break. And criminals are impersonating other criminals' underworld souks. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/243 Selected...
Warnings on SentinelSneak. The rise of malicious XLLs. Updates from Russias hybrid war. An unusually loathsome campaign targets children.
SentinelSneak is out in the wild. XLLs for malware delivery. CERT-UA warns of attacks against the DELTA situational awareness system. FSB cyber operations against Ukraine. Trends in the cyber phases of Russia's hybrid war. Mr. Security Answer Person John Pescatore offers his sage wisdom. Microsofts Ann Johnson from Afternoon Cyber Tea speaks with Dr. Chenxi Wang from Rain Capital. And an unusually unpleasant sextortion campaign. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/242 Selected reading. SentinelSneak is not a legitimate SDK. (CyberWire) SentinelSneak: Malicious PyPI module poses as security software development kit (ReversingLabs)...
BEC gets into bulk food theft. BlackCat ransomware update. Epic Games settlement with FTC. InfraGard data taken down. More on the hybrid war. And Twitter asks for the voice of the people.
BEC takes aim at physical goods (including food). BlackCat ransomware activity increases. Epic Games settles an FTC regulatory case. The InfraGard database was pulled from a dark web auction site. CISA releases forty-one ICS advisories. Rick Howard interviews author Andy Greenberg. Rob Boyce from Accenture examines holiday cyber threats. The growing value of open source intelligence. Twitter says vox populi, vox dei. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/241 Selected reading. FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food (CISA) Colombian energy...
Don Pezet: Stepping stones are the start of your career. [CTO] [Career Notes]
Don Pezet, CTO of ACI Learning, sits down to share his over 25 years of experience in the industry. Don previously spent time as a field engineer in the financial and insurance industries supporting networks around the world. He co-founded ITProTV in 2012 to help create the IT training that he wished he had when he got started in his IT career. He also shares insights for anyone else wishing to pursue IT, no matter their age or past experience. Don explains how important stepping stones are as you get into this field, stating "know that that first job you...
Strategies to get the most out of your toolsets. [CyberWire-X]
With a recession looming, many business leaders are looking for ways to cut spending wherever possible. And while tool bloat affects many security teams, it can be a challenging problem to tackle for a couple of reasons. First, theres the fear that security will be lost if a tool is removed. Second, theres the daunting task of unraveling complex systems. And finally, theres the perennial talent shortage. Like all challenges in security, theyre made even worse by the fact that theres not enough people able to tackle them. During this CyberWire-X episode, host Rick Howard, the CyberWires CISO, Chief Analyst...
Hijacking holiday spirit with phishing scams. [Research Saturday]
Or Katz from Akamai sits down with Dave to discuss research on highly sophisticated phishing scams and how they are abusing holiday sentiment. This particular threat, most recently has focused on Halloween deals, enticing victims with the chance to win a free prize, including from Dicks Sporting Goods or Tumi Backpacks. It then requests credit card details to cover the cost of shipment. From mid-September to the end of October 2022, Akamai's research were able uncover and track this threat. This kit mimics well known retail stores in hopes to hijack credit card information, feeding off of people's holiday spirit....
Malicious apps do more than extort predatory loans. A Facebook account recovery scam. Notes from the hybrid war. Goodbye SHA-1, hello Leviathans.
A predatory loan app is discovered embedded in mobile apps. Facebook phishing. GPS disruptions are reported in Russian cities. NSA warns against dismissing Russian offensive cyber capabilities. Farewell, SHA-1. Kevin Magee from Microsoft looks at cyber signals. Our guest is Jason Witty of USAA to discuss the growing risk from quantum computing. And welcome to the world, Leviathans. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/240 Selected reading. Zimperium teams discover new malware in Flutter developed apps (SecurityBrief Asia) Meta-Phish: Facebook Infrastructure Used in Phishing Attack Chain (Trustwave) GPS Signals Are Being Disrupted...
Updates on the cyber phases of a hybrid war. Alleged booters busted. Progress report from the US anti-ransomware task force. Suspicion in AIIMS hack turns toward China.
Trojanized Windows 10 installers are deployed against Ukraine. Alleged booters have been collared, and their sites disabled. A progress report on US anti-ransomware efforts. Suspicion in a cyberattack against India turns toward China. Bryan Vorndran from the FBIs Cyber Division talks about deep fakes. Our guest is Lisa Plaggemier from the National Cybersecurity Alliance (NCA) on the launch of their Historically Black Colleges and Universities Career Program. And hybrid war and fissures in the underworld. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/239 Selected reading. Trojanized Windows 10 Operating System Installers Targeted Ukrainian...
InfraGard data for sale. Cyberespionage warnings. Data sharing practices. Malicious drivers with legitimate signatures. Patch Tuesday. Task Force KleptoCapture indicts five Russian nationals.
The FBIs InfraGard user data shows up for sale. An update on Iranian cyber operations. NSA warns of Chinese cyber threats. Challenges in sharing data for threat detection and prevention. Legitimately signed drivers are used in targeted attacks. Patch Tuesday addressed a lot of actively exploited issues. Tim Starks from the Washington Post Cybersecurity 202 shares his reporting on ICS vulnerabilities. Our guest is Mike Fey from Island with an introduction to the enterprise browser space. And the US indicts five Russian nationals on sanctions-evasion charges. For links to all of today's stories check out our CyberWire daily news briefing:...
Ubers breach. Phishing in Ukraines in-boxes. Whats Russia been up to anyway? (Not the same thing, probably, NATO would be up to.) And the ransomware leader board.
Uber sustains a third-party breach. A phishing campaign hits Ukrainian in-boxes. The enduring riddle of why Russian offensive cyber operations have failed in Ukraine. Joe Carrigan on credit card skimming. Carole Theriault describes a UK food store chain that uses facial recognition technology to track those with criminal or antisocial behavior. And 2023s ransomware-as-a-service leader board. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/237 Selected reading. Uber suffers new data breach after attack on vendor, info leaked online (BleepingComputer) Uber has been hacked yet again with code and employee data released online (SiliconANGLE)...
Ransomware updates: TrueBot, Cl0p, and Royal. Iranian cyberattacks. An update on the cyberattack against the Met. Notes on the hybrid war, with a focus on allies and outside actors.
TrueBot found in Cl0p ransomware attacks. Royal ransomware targets the healthcare sector. Recent Iranian cyber activity. A night at the opera: an update on the cyberattack against the Metropolitan Opera. New Cloud Atlas activity reported. Europe looks to the cybersecurity of its power grid. Rob Boyce from Accenture describes Dark web actors diversifying their toolsets. Rick Howard explains fractional CISOs. And international support for Ukrainian cyber defense continues, more extensively and increasingly overt. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/236 Selected reading. Breaking the silence - Recent Truebot activity (Cisco Talos Blog)...
Commercial threat intelligence proves invaluable for the public sector. [CyberWire-X]
Historically, the U.S. government has relied almost solely on its own intelligence analysis to inform strategic decisions. This has been especially true surrounding geopolitical events and nation-level cybersecurity situations. However, the explosion of assets being connected to the internet, along with the fact that most critical infrastructure is owned by private sector organizations, means that commercially developed cyber threat intelligence is being generated at a faster pace than ever before. In the Russia/Ukraine conflict, we saw how commercially generated satellite intelligence played a critical role in alerting the public and ensuring our allies were ready for an invasion. At LookingGlass,...
Jameeka Aaron: Sometimes you just have to follow two paths. [CISO] [Career Notes]
Jameeka Aaron, Chief Information Security Officer at Auth0,a product unit ofOkta,sits down to share her story following two different paths that led her towhere she is today. Jameeka has 20 years of IT and cybersecurity experience and has mitigated security risks at Nike, the U.S. Navy, and now Auth0. She joined the Navy not knowing what she wanted to do after high school and ended up becoming a Radioman, which isnow titled IT. She shares her experiences of challenges she faced being the youngest, and the only woman, and the only woman of color in her group. She followed two...
Cybersecurity during the World Cup. [Research Saturday]
AJ Nash from ZeroFox sits down with Dave to discuss Cybersecurity threats including social engineering attacks planned surrounding the Qatar 2022 World Cup. The research shares some of the key threats we might see while the World Cup is happening this year. Researchers say "During the World Cup, there will likely be threat actors aiming to acquire personal information or monetary value through phishing and scams." In the research we can find how the venue host is preparing for these claims of attacks. The research can be found here: Qatar 2022 World Cup Event Assessment Learn more about your ad...
Cobalt Mirage deploys Drokbk malware. Zombinder in the C2C market. Impersonation scams. CISA releases three new ICS advisories. And criminals prey on other criminals.
Cobalt Mirage deploys Drokbk malware. Zombinder in the C2C market. Impersonation scams: that's not Ukraines Ministry of Digital Transformation. On the cyber front, nothing new. CISA releases three new ICS advisories. Caleb Barlow on attack surface management. Mike Hamilton from Critical Insight explains how state and local governments apply for the $1 billion allocated by the feds for cybersecurity funding. And criminals prey on other criminals. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/235 Selected reading. Drokbk Malware Uses GitHub as Dead Drop Resolver (Secureworks) Zombinder: new obfuscation service used by Ermac, now...
The IT Army of Ukraine claims VTB DDoS. DPRK exploits Internet Explorer vulnerability. New variant of Babuk ransomware reported. Blind spots in air-gapped networks. And, dog and cat hacking.
The IT Army of Ukraine claims responsibility for DDoS against a Russian bank. North Korea exploits an Internet Explorer vulnerability. A new variant of Babuk ransomware has been reported. Blind spots in air-gapped networks. Rob Boyce from Accenture has insights on the most recent ransomware trends. Our guest is Nathan Howe from Zscaler with the latest on Zero Trust. And the hacking of cats and dogs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/234 Selected reading. IT Army of Ukraine Hit Russian Banking Giant with Crippling DDoS Attack (HackRead) Internet Explorer 0-day exploited...
Ransomware, third-party risk, cyberespionage, social engineering, and a software supply-chain threat..
Rackspace reacts to ransomware. Third-party incidents in New Zealand and the Netherlands. Russian intelligence goes phishing. Mustang Panda uses Russia's war as phishbait. A Malicious package is found in PyPi. Kevin Magee from Microsoft Canada shares thoughts on cybersecurity startups in an economic downturn. Our guest is IDology's Christina Luttrell to discuss how consumers feel about digital identity, fraud, security and data privacy. And a French-speaking investment scam. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/233 Selected reading. Rackspace Technology Hosted Exchange Environment Update (Rackspace Technology) Multiple government departments in New Zealand affected...
CISA Alert AA22-335A #StopRansomware: Cuba Ransomware [CISA Cybersecurity Alerts]
The FBI and CISA are releasing this alert to disseminate known Cuba Ransomware Group indicators of compromise and TTPs identified through FBI investigations. FBI and CISA would like to thank BlackBerry, ESET, The National Cyber-Forensics and Training Alliance (NCFTA), and Palo Alto Networks for their contributions to this CSA. AA22-335A Alert, Technical Details, and Mitigations For a downloadable copy of IOCs, see AA22-335A.stix Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene...
Cyberespionage, privateering, hacktivism and influence operations, in Ukraine, Russia, the Middle East, and elsewhere. Criminals need quality control, too. A new entry in CISAs KEV Catalog.
A Chinese cyberespionage campaign is believed to be active in the Middle East. Poor quality control turns ransomware into a wiper, and a typo crashes a cryptojacker. A large DDoS attack is reported to have hit a Russian state-owned bank. Privateers compromise Western infrastructure to stage cyberattacks. Cyber operations against national morale. A look at the Vice Society. Ben Yelin on the growing concerns over TicTok. Ann Johnson from Afternoon Cyber Tea speaks with Charles Blauner about the evolution of the CISO role. And CISA has added an entry to its Known Exploited Vulnerabilities Catalog. For links to all of...
Swapping cyberattacks in a hybrid war. Privateers or just a side-hustle? US CSRB will investigate Lapsu$ Group. Notes on the cyber underworld.
Wiper malware hits Russian targets. Microsoft sees an intensification of Russian cyber operations against Ukraine. State policy, privateering, or an APT side-hustle? The US Cyber Safety Review Board will investigate the Lapsu$ Group. Rackspace works to remediate a security incident. The Schoolyard Bully Trojan harvests credentials. Grayson Milbourne of OpenText Security Solutions on attacks on common open source dev libraries. Rick Howard looks at CISO career paths. And trends in ransomware: cybercrime succeeds when the gang runs like a business. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/231 Selected reading. CryWiper: fake ransomware...
Rohit Dhamankar: Never close doors prematurely. [Vice President] [Career Notes]
Rohit Dhamankar from Fortras Alert Logic sits down with Dave Bittner to share his experiences as he navigates the industry. Rohit has over 15 years of security industry experience across product strategy, threat research, product management and development, and customer solutions. Before Alert Logic he served in Product roles for Live Oak Venture Capital at Infocyte and Razberi Technologies. He has previously worked in senior roles in several start-up companies in security analytics, intrusion detection/prevention, end-point protection, and security risk and compliance, including VP, Click Labs Solutions at Click Security, acquired by AlertLogic, and he was a Co-Founder of Jumpshot,...
Old malware returns in a new way. [Research Saturday]
Jeremy Kennelly and Sulian Lebegue from Mandiant sit down with Dave to discuss their research "From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind? One of the oldest and most successful banking fraud malwares, URSNIF, which caused an estimated tens of millions of dollars in losses, has been discovered by researchers to have been re-tooled into a generic backdoor, dubbed LDR4. This new varient was first observed in June 2022. Mandiant researchers believe that the same threat actors who operated the RM3 variant of URSNIF are likely behind LDR4. They say "given the success and sophistication RM3 previously had, LDR4...
Cuba ransomware pulls in $60 million. CISA releases three ICS advisories. Google announces new support for Ukraine. DDoSing the Vatican. Google supports Ukrainian startups in wartime.
Cuba ransomware pulls in $60 million. CISA releases three ICS advisories. DDoSing the Vatican. Andrea Little Limbago from Interos on the implications of Albania cutting off diplomatic ties with Iran. Our space correspondent Maria Varmazis speaks with Brandon Bailey about Space Attack Research and Tactic Analysis matrix. And how Google supports Ukrainian startups in wartime. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/230 Selected reading. Alert (AA22-335A) #StopRansomware: Cuba Ransomware (CISA) Novel News on Cuba Ransomware: Greetings From Tropical Scorpius (Palo Alto Networks Unit 42) New ways we're supporting Ukraine (Google) 25 new...
Cyberespionage, cybercrime, and patriotic hacktivism. The Heliconia framework described. Cyber risk for the telecom and healthcare sectors. Notes on the hybrid war. Predictions for 2023.
A new backdoor, courtesy of the DPRK. The Medibank breach is all over but the shouting (or, all over but the suing and the arresting). Risks and opportunities in telecoms shift to cloud. Cyber risk in healthcare. An assessment of Russian cyber warfare. Robert M. Lee from Dragos assesses the growing value of the ICS security market. Our guest is Cecilia Seiden of TransUnion to discuss their 2022 Consumer Holiday Shopping Report. And its December, which meanspredictions. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/229 Selected reading. Whos swimming in South Korean waters?...
LockBit 3.0 and Punisher ransomware described. Leave that USB right in the parking lot where you found it. Killnets woofing. Lilac Wolverines big new BEC. And World Cup scams.
Has LockBit 3.0 been reverse engineered? A COVID lure contains a Punisher hook. A Chinese cyberespionage campaign uses compromised USB drives. Lilac Wolverine exploits personal connections for BEC. Killnet claims to have counted coup against the White House. Tim Starks from the Washington Post has the FCCs Huawei restrictions and ponders what congress might get done before the year end. Our guest is Tom Eston from Bishop Fox with a look Inside the Minds & Methods of Modern Adversaries. And, of course, scams, hacks, and other badness surrounding the World Cup. For links to all of today's stories check out...
DDoS as a holiday-season threat to e-commerce. TikTok challenge spreads malware. Meta's GDPR fine. US Cyber Command describes support for Ukraine's cyber defense.
DDoS as a holiday-season threat to e-commerce. A TikTok challenge spreads malware. Meta's GDPR fine. Mr. Security Answer Person John Pescatore has thoughts on phishing resistant MFA. Joe Carrigan describes Intels latest efforts to thwart deepfakes. And US Cyber Command describes support for Ukraine's cyber defense. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/227 Selected reading. Holiday DDoS Cyberattacks Can Hurt E-Commerce, Lack Legal Remedy (Bloomberg Law) TikTok Invisible Body challenge exploited to push malware (BleepingComputer) $275M Fine for Meta After Facebook Data Scrape (Dark Reading) Before the Invasion: Hunt Forward Operations in...
Keeping pentesting tools out of criminal hands. Updates from an intensified cyber phase in Russias hybrid war. Fars reports sustaining a cyber attack. The most common password remains password.
Nighthawks at the diner (but maybe not on the crooks menu). Internet service in Ukraine and Moldova is interrupted by strikes against Ukraine's power grid. Sandworm renews ransomware activity against Ukrainian targets. Russian cyber-reconnaissance seen at a Netherlands LNG terminal. European Parliament votes to declare Russia a terrorist state (and Russia responds with cyberattacks and terroristic threats). Carole Theriault reports on where these kids today are getting their news. Malek Ben Salem from Accenture on digital identity in Web 3.0. And, hey, the new list of most commonly used passwords looks...depressingly familiar. For links to all of today's stories check...
Laura Whitt-Winyard: Securing the world. [CISO] [Career Notes]
Laura Whitt-Winyard, CISO from Malwarebytes, sits down to share her story, beginning with a desire to be a pediatric oncologist that she later discovered was not the path for her. Laura was bouncing around from job to job until she bought her first computer, and a light bulb went off in her head. She set out to make it her goal to learn about this new, interesting field and grow within it. Now as a successful CISO, she wants to make the world more secure and goes from company to company to complete her goal. She considers herself a servant...
Encore: The secrets behind Docker.
Alon Zahavi from CyberArk, joins Dave Bittner on this episode to discuss CyberArk's work in conjunction with Patch Tuesday. CyberArk published about how Docker inadvertently created a new vulnerability and what happens when it's exploited. CyberArk's research concluded that an attacker may execute files with capabilities or setuid files in order to escalate its privileges up to root level. CyberArk found the new vuln in some of Microsofts Docker images, caused by misuse of Linux capabilities, a powerful additional layer of security that gives admins the ability to assign capabilities and privileges to processes and files in the Linux system...
Interview Select: Perry Carpenter on his new book "The Security Culture Playbook." [CW Pro]
This interview is from June 3rd, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down Perry Carpenter, host of 8th Layer Insights to discuss his new book "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer."
Learn more about your ad choices. Visit megaphone.fm/adchoices
Research Briefing: Emotet's return. LodaRAT improvements. Callback phishing leads to data theft extortion. [CW Pro]
Emotet's return. LodaRAT improvements. Callback phishing leads to data theft extortion.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Watch out for abuse of pentesting tools. Cyber attack on Guadeloupe. Ducktails evolution. Cybersecurity for ports. ICS security advisories. And stay safe shopping during the holidays.
Another pentesting tool may soon be abused by threat actors. Cyberattack disrupts Guadeloupe. Ducktail evolves and expands. Warning of the potential disruption cyberattacks might work against European ports. CISA releases eight industrial control system advisories. Patrick Tiquet, VP of Security and Architecture at Keeper Security, talks about the FedRAMP authorization process. Bryan Vorndran of the FBI Cyber Division with reflections on ransomware. And stay safe on Black Friday (and Cyber Monday, and Panic Saturday, andyou get the picture. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/225 Selected reading. Nighthawk: An Up-and-Coming Pentest Tool...
Recent criminal activityits as opportunistic as ever. Cyber risk to the pharma sector. Updates on the hybrid war. Returning Cobalt Strike to the legitimate red teams.
Daixin Team claims ransomware attack against AirAsia. DraftKings users suffer credential harvesting and paycard theft. Assessing cyber risk in the US pharmaceutical industry. Killnet claims successes few others can discern. In Ukraine, kinetic attacks on IT infrastructure eclipse cyberattacks. Carole Theriault on digital echo chambers and what's in it for us. Nancy Wang from Forta's Alert Logic discusses how she is helping more young women get into the STEM field and leadership positions. Google seeks to render Cobalt Strike less useful to threat actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/224 Selected...
Callback phishing offers to solve your problem (it wont). Mustang Pandas recent activities. DEV0569s malvertising campaign. 10 indicted in BEC case. Developing a cyber auxiliary force.
Luna Moth's callback phishing offers an unpleasant and less familiar form of social engineering. New activity by China's Mustang Panda is reported. DEV0569 is using malvertising to distribute Royal ransomware. US indicts 10 in a business email compromise case. Developing a cyber auxiliary. Dave Bittner sits down with AJ Nash from ZeroFox to discuss holiday scams. Our own Rick Howard speaks with us about cloud security. And beware of Black Friday scams. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/223 Selected reading. Threat Assessment: Luna Moth Callback Phishing Campaign (Unit 42) DEV-0569 finds...
Omer Singer: The offense and the defense of cybersecurity. [Strategy] [Career Notes]
Omer Singer, Lead Cybersecurity Strategist from Snowflake,sits down to share his experience getting into the cybersecurity field. Growing up, he knew he wanted to work with computers, buthe just didn't know what he wanted to do within the field. His college gave him great hands-on experience to then transition into the workforce. He's playedboth on the offenseand defenseof cybersecurity, andhe saysthat experience showed him and he "kind of saw firsthand, uh, what a well funded and motivated, uh, team of cybersecurity experts can do and it's pretty scary." In addition, Omer is a big advocate for encouraging other security professionals...
Another infection with new malware. [Research Saturday]
Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot. The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection. The research can be found here: KmsdBot: The Attack and Mine Malware Learn more about your ad choices. Visit...
Government security advisories, and the difficulty of recovering from ransomware attacks. Authority for offensive cyber under deliberation. Google wins Glupteba suit.
CISA and its partners issue a Joint Advisory on the Hive ransomware-as-a-service operation. Ransomware continues to trouble governments, internationally and at all levels. The US Defense Department may see enhanced authority to conduct offensive cyber operations. Russian attacks on Ukrainian infrastructure remain kinetic, as missiles show up, but cyberattacks dont. Kevin Magee from Microsoft about leveraging cybersecurity apprentices. Our guest is Paul Giorgi from XM Cyber describing creative attack path in enterprise networks.And, hey, glupost [GLUE-post]dont mess with Googles lawyers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/222 Selected reading. CISA Alert AA22-321A...
The FBI, CISA, and the Department of Health and Human Services are releasing this alert to disseminate known Hive Ransomware Group indicators of compromise and TTPs identified through FBI investigations. AA22-321A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Centers DIB Cybersecurity Service Offerings, including Protective Domain Name...
Privileged insiders and the abuse of Oops. Nemesis Kitten exploits Log4Shell. TrojanOrders in the holiday season. Emotets back. RapperBot notes. And an arrest in the Zeus cybercrime case.
Meta employees, contractors compromised customer accounts. Nemesis Kitten found in US Government network. Unpatched Magento instances hit with "TrojanOrders." Emotet has returned after three quiet months. DDoS attacks in game servers by RapperBot. Carole Theriault looks at long term lessons learned from the 2019 Capital One breach. FBI Cyber Division AD Bryan Vorndran updates us on cyber threats. And an alleged "Zeus" cybercrime boss has been arrested in Switzerland. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/221 Selected reading. Meta Employees, Security Guards Fired for Hijacking User Accounts (Wall Street Journal) CISA Alert...
Getting tangled up in the blockchain. RDS vulnerabilities. The language of fraud. An offer of help to the G19.Draft Episode for Nov 16, 2022
Blockchains and cryptocurrency exchanges, and the risks they present. Vulnerabilities in Amazon RDS may expose PII. A study of the language of fraud. Tim Starks from Washington Post's Cybersecurity 202 on a lagging DHS cyber doomsday report. Our guest is Ashif Samnani of Cenovus Energy with insights from the world of OT cyber. And President Zelenskyy offers the benefit of Ukraine's experience with cyber warfare to the "G19. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/220 Selected reading. Cryptocurrency sector vulnerabilities. (CyberWire) Oops, I Leaked It Again How Mitiga Found PII in Exposed...
From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch organization where CISA observed suspected advanced persistent threat activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller, compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence. AA22-320A Alert, Technical Details, and Mitigations Malware Analysis Report MAR 10387061-1.v1 For more information on Iranian government-sponsored Iranian malicious cyber activity, see CISAs Iran Cyber Threat...
An update on three threat actors: Fangxiao, Killnet, and Billbug, one of them in it for money, another for the glory, and a third for the intell. Twitter and SMS 2FA. Zendesk patches. CISA adds a KEV.
Fangxiao works ad scams enroute to other compromises. Killnet claims to have defaced a US FBI site. CISA registers another Known Exploited Vulnerability. Difficulties with Twitter's SMS 2FA system. Zendesk vulnerability discovered. Joe Carrigan explains registration bombing for email addresses. Our guest is Miles Hutchinson from Jumio with insights on defense against sophisticated ransomware attackers. And Billbug romps through Asian government agencies. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/219 Selected reading. Fangxiao: a Chinese threat actor (Cyjax) Fangxiao: A Phishing Threat Actor (Tripwire) Russian hackers claim cyber attack on FBI website (Newsweek)...
Software supply chains, C2C markets, criminals, and cyber auxiliaries in a hybrid war. CISA releases its Stakeholder Specific Vulnerability Categorization (SSVC).
Software supply chain risk. Cyber risk across sectors. CISA releases Stakeholder Specific Vulnerability Categorization (SSVC). Sandworm is back in Russia's hybrid war. Another wiper campaign from a Russian cyber auxiliary. Malek Ben Salem from Accenture shares thoughts on future-proofing cloud security. Rick Howard previews the latest CSO Perspectives show. And the Australian Federal Police say they know who hacked Medibank. (and the AFP says they have a good track record getting international criminals). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/218 Selected reading. Exclusive: Russian software disguised as American finds its way into...
Lauren Campanara: Learn to forgive yourself. [SOC Analyst] [Career Notes]
Lauren Campanara, a SOC Analyst from ThreatX shares her story as she made the decision to break into cybersecurity after spending twelve years in the cosmetology field. She worked her way through college in a job she did not enjoy and felt trapped in while competing her online degree. She found ThreatX and fell in love with the work she is doing now. Lauren hopes to inspire others, especially women, to consider a challenging and rewarding career in cybersecurity. She shares what it's like to be in a field she was not happy in and how she was the only...
An in-depth look on the Crytox ransomware family. [Research Saturday]
Deepen Desai from Zscaler sits down with Dave to talk about the Crytox ransomware family. First observed in 2020, Crytox is a ransomware family consisting of several stages of encrypted code that has fallen under the radar compared to other ransomware families. While other groups normally use double extortion attacks where data is both encrypted and held forransom, Crytox does not perform this way. The research says "The modus operandi of the group is to encrypt files on connected drives along with network drives, drop theuTox messenger applicationand then display a ransom note to the victim." It also shares how...
US midterms conclude without cyber interference. NATO on cyber defense. New APT41 activity identified. Russias FSB and SVR continue cyberespionage. Trends in phishing and API risks.
Theres no sign that cyberattacks affected US vote counts. NATO meets to discuss the Atlantic Alliances Cyber Defense Pledge. A new APT41 subgroup has been identified. FSB phishing impersonates Ukraine's SSCIP. A look at Cozy Bear's use of credential roaming. Caleb Barlow shares tips on removing implicit bias from your hiring process. Our guests are Valerie Abend and Lisa O'Connor from Accenture with a look at the difference in how women and men pursue the top cyber leadership roles. And an update on Phishing trends and API threats. For links to all of today's stories check out our CyberWire daily...
A look back at midterm cybersecurity. Communications security lessons learned in Ukraine. Known Exploited Vulnerabilities and Patch Tuesday. Off-boarding deserves some attention.
US midterm elections proceed without cyber disruption. Communications security lessons learned. CISA publishes new entries to its Known Exploited Vulnerabilities Catalog. Patch Tuesday notes. Carole Theriault examines cross border money laundering. The FBIs Bryan Vorndran offers guidance on how companies should think about their exposure in china.And a recent study finds reasons to be concerned about off-boarding. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/216 Selected reading. Taking a look at election security on US midterm Election Day. (CyberWire) Communications Security: Lessons Learned From Ukraine (BlackBerry) CISA Adds Seven Known Exploited Vulnerabilities to...
Cybersecurity on US Election Day. OPERA1ER threat activity. Insider threats. Hacktivist auxiliaries: influence operators in the hybrid war. And Mr. Hushpuppi is back in the news.
Cybersecurity on US Election Day. Details on the OPERA1ER threat activity. Seasonal and secular trends in Insider threats. Hacktivist auxiliaries: influence operators in the hybrid war. Ben Yelin reviews election security and misinformation. Ann Johnson from Afternoon Cyber Tea speaks with Dr. Ryan Louie about the growing issue of mental illness among cybersecurity professionals. And, hey everybody, Mr. Hushpuppi is back in the news (and back in the slammer, the hoosgow, the big houseyou get the picturea sabbatical at Club Fed.) Disclaimer: The content and views expressed do not constitute medical advice and are not a substitute for professional medical...
Election security on the eve of the US midterms. US FBI rates the hacktivist threat. Microsoft says China uses disclosure laws to develop zero-days. Remember SIlk Road? The Feds do.
Election security on the eve of the US midterms. US FBI rates hacktivist contributions to Russia's war as unimportant. Microsoft accuses China of using vulnerability disclosure to develop zero-days. Andrea Little Limbago from Interos addresses accountability for breaches. Our guest is Michelle Amante from the Partnership for Public Service on their Cybersecurity Talent Initiative. And, finally, remember SIlk Road? The Feds do. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/214 Selected reading. Hacktivists Use of DDoS Activity Causes Minor Impacts (FBI) The government says it wont flag election disinformation on Twitter and other...
Gary Brickhouse: Riding the wave of growth. [CISO] [Career Notes]
Gary Brickhouse, CISO from GuidePoint Security, sits down to share his story, looking back over the last 25 years of his career working for Fortune 100 companies, including Disney. He shares that every role he has had, hes had to grow into and how each one was a pivotal point in his technical career. Gary ended up transitioning to a different organization and says how it was really compliance that was the transitional sort of moment for him as he grew into different roles. He says, What I found was sort of just, riding the wave of growth and opportunity...
Roya Gordon from Nozomi Networks sits down with Dave to discuss their work "UWB Real Time Locating Systems: How Secure Radio Communications May Fail in Practice." Ultra-wideband (UWB) is a rapidly-growing radio technology that, according to the UWB Alliance, is forecasted to drive sales volumes exceeding one billion devices annually by 2025. In an effort to strengthen the security of devices utilizing UWB, Nozomi Networks Labs conducted a security assessment of two popular UWB RTLS solutions available on the market. Their research reveals 0-day vulnerabilities and other weaknesses that, if exploited, could allow an attacker to gain full access to...
Flight-planning and rail services disrupted in separate incidents. BEC gang impersonates law firms. Effects of the hybrid war on action in cyberspace. And a farewell to Vitali Kremez, gone far too soon.
Flight-planning services are affected by cyberattack, as are Danish rail service. A BEC gang impersonates international law firms. Effects of the hybrid war on action in cyberspace. Deepen Desai from Zscaler examines the evolution of the X-FILES Stealer. CyberWire Space Correspondent Maria Varmazis has an analysis of the Starlink situation in Ukraine. And a sad, final farewell to Vitali Kremez, gone far too soon. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/213 Selected reading. Boeing subsidiary Jeppesen's services impacted by cyber incident (Reuters) BREAKING: Boeing's Jeppesen Subsidiary Hit With Potential Ransomware Attack (Live...
Static expressway tactics in credential harvesting. Emotet is back. Black Basta linked to Fin7. RomCom hits Ukrainian targets and warms up against the Anglo-Saxons. Cyber cooperation?
Leveraging Microsoft Dynamics 365 Customer Voice for credential harvesting. Emotet is back. Black Basta ransomware linked to Fin7. A Russophone gang increases activity against Ukrainian targets. Betsy Carmelite from Booz Allen Hamilton on adversary-informed defense. Our guest is Tom Gorup of Alert Logic with a view on cybersecurity from a combat veteran. And Russia regrets that old US lack of cooperation in cyberspacethings would be so much better if the Anglo-Saxons didnt think cyberspace was the property of the East India Company. Or something like that. For links to all of today's stories check out our CyberWire daily news briefing:...
OpenSSL indeed patched. CISA is confident of election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. BEC and gift cards. And thats one sweet ride.
OpenSSL patches two vulnerabilities. CISA and election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. Business email compromise and gift cards. Tim Starks from the Washington Posts Cybersecurity 202 has the latest on election security. A visit to the CyberWires Women in Cyber Security event. And consequences for Raccoon Stealer from the war in Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/211 Selected reading. OpenSSL patched today. (CyberWire) OpenSSL Releases Security Update (CISA) OpenSSL releases fixes for two high severity vulnerabilities (The Record by Recorded Future) OpenSSL...
OpenSSL patched today. The risk of misconfiguration. Cyberespionage (and the risk of mixing the personal with the official). Assistance for Ukraine's cyber defense., And a quick look at DNS threats.
OpenSSL is patched today. The misconfiguration risk to US government networks' security and compliance. Hacking Ms Truss's phone. Assistance for Ukraine's cyber defense. Joe Carrigan looks at the latest round of apps pulled from the Google Play Store. Our guest is Matias Madou of Secure Code Warrior on why cultivating a positive culture among security and developer teams continues to fall short. And a quick look at DNS threats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/210 Selected reading. Effectively Preparing for the OpenSSL 3.x Vulnerability (Akamai) O How The OpenSSL 3 Vulnerability...
Copper smelter hit with malware. Notes from the hybrid war. Disinformation, not direct manipulation of results, the principal threat to US elections. Ransomware in Australias ForceNet. Threat trends.
Leading European metals producer is hit with malware. Cooperative defense in cyberspace. A Ukrainian ally describes its exposure to Russian cyberattacks. Former UK Prime Minister Truss's phone may have been compromised. CISA sees a complex threat environment, but no specific threat to US elections. The Australian Defence network sustains ransomware attack. The three finalists in the DataTribe Challenge share insights on the competition.Rick Howard previews the new season of CSO Perspectives. And a look at threat trends. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/209 Selected reading. Aurubis says it was hit in...
Jenny Brinkley: A cybersecurity rollercoaster. [Security] [Career Notes]
Jenny Brinkley, DirectorofAWS Security at Amazon Web Services (AWS),sits down to share her empowering story working through the ranks, and even co-founding her own company. While she did not have a typical upbringing in the industry,she credits her parents for ending up where she is now, as they told her that she could do anything and she decided as she was growing up that she could. She had the opportunity to co-found a small startup before selling it to AWS. She says that working in her position is like a rollercoaster,as no one thing is like the other, saying her...
Bugs and working from home. [Research Saturday]
Fede Kirschbaum from Faraday Security sits down with Dave to discuss their research on "A vulnerability in Realtek's SDK for eCos OS: pwning thousands of routers." The team at Faraday found a vulnerability that made it to DEFCON 30, labeling it high severity. With more and more people working from home for their companies, the research team went looking for where there may be vulnerabilities as employees are working from home. The research states that the team was "seeking and reporting security vulnerabilities in IoTdevices, which led to the finding of an exploitable bug in a consumer-grade router popular in...
Another DDoS attack against NATO governments. The US 2022 National Defense Strategy is out. Notes on ICS security.
Cyberattacks against Polands and Slovakias parliaments. The US 2022 National Defense Strategy is out. Insights from SecurityWeeks ICS Cyber Security Conference. The importance of zero-trust in industrial environments. Malek Ben Salem from Accenture on machine language security and safety. Our guest is Nick Schneider of Arctic Wolf to discuss why he believes 2023 will see a resurgence of ransomware. And CISA issues four more ICS Advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/208 Selected reading. Computer networks of parliaments in Poland and Slovakia paralyzed by cyberattacks (Euro Weekly News) Slovak, Polish Parliaments...
The Malware Mash! [Bonus]
Enjoy this CyberWire classic.
They did the Mash...they did the Malware Mash...
Learn more about your ad choices. Visit megaphone.fm/adchoices
CISA releases voluntary CPGs. Trojans and scanners. Cyber venture investing, and some insights into corporate culture. "Opportunistic" cyberops in a hybrid war.
CISA releases cross-sector cybersecurity performance goals. Trojans are spreading through scanners. Cyber seed rounds are an exception to a general downtrend in venture investment. Whistleblowing and corporate culture. Storing enterprise secrets. Robert M.Lee from Dragos explains the TSA Pipeline Security Directive. Our guests are Jenny Brinkley from Amazon AWS and Lisa Plaggemier from the National Cybersecurity Alliance with a collaborative educational project. Cyberattacks seen as opportunistic and disconnected from strategy. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/207 Selected reading. Cross-Sector Cybersecurity Performance Goals (CISA) CISA unveils voluntary cybersecurity performance goals (Federal News...
Amid widespread unrest, Sudan shutters its Internet. A new PRC influence campaign targets US elections. Software supply chain security. And cybercrime in wartime.
Sudan closes its Internet as the country sees protests on the first anniversary of a coup. A Chinese influence campaign targets US elections. A software supply chain security study, and a look at vulnerability scanning tools. Documenting cyber war crimes in Ukraine. CISA issues eight ICS Advisories. Andrea Little Limbago from Interos on the effects of water scarcity on data centers. And if youll indulge us, weve got some pretty exciting CyberWire news. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/206 Selected reading. Internet is shut down in Sudan on anniversary of military...
US Department of Justice unseals three indictments in PRC spying cases. CERT-UA warns of Cuba ransomware phishing. Varonis discovers Windows vulnerabilities. CISA expands KEV Catalog.
US Department of Justice unseals three indictments in PRC spying cases. CERT-UA warns of Cuba ransomware group phishing campaign. Varonis discovers two Windows vulnerabilities. Mr Security Answer Person John Pescatore on security through obscurity. Ben Yelin on the DOJs spying cases against China. CISA expands its Known Exploited Vulnerabilities Catalog with six new entries. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/205 Selected reading. Two Arrested and 13 Charged in Three Separate Cases for Alleged Participation in Malign Schemes in the United States on Behalf of the Government of the Peoples Republic of...
US unseals cases against PRC intelligence officers. Daixin ransomware is an active threat. FBI warns of Iranian threat group. Irans nuclear agency discloses hack. Hybrid war and threats to infrastructure.
Breaking: US unseals three cases against Chinese intelligence officers. CISA says Daixin Team ransomware is an active threat. The FBI warns of Iranian threat group's activity. Meanwhile the Iranian nuclear agency says its email was hacked. Norway is concerned about threats to oil and gas infrastructure. A drop in ransomware correlates with Russia's hybrid war. Ann Johnson from Afternoon Cyber Tea speaks with AJ Yawn from ByteChek about breaking into the cybersecurity industry. Josh Ray from Accenture describes threats to the satellite industry. And cyber offense may be proving harder than thought. For links to all of today's stories check...
CISA Alert AA22-294A #StopRansomware: Daixin Team. [CISA Cybersecurity Alerts]
FBI, CISA, and Department of Health and Human Services are releasing this joint advisory to provide information on the Daixin Team, a cybercrime group that is actively targeting U.S. businesses, predominantly in the Healthcare and Public Health Sector. AA22-294A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. Ongoing Threat Alerts and Sector alerts are produced by the Health Sector Cybersecurity Coordination Center (HC3) and can be found at hhs.gov/HC3 For additional best...
Megan Doherty: Conquer barriers in the workforce. [Technical Specialist] [Career Notes]
Megan Doherty, a Technical Specialist from Microsoft Canada sits down to share her story of overcoming barriers in the workforce to get to where she is today in her career. Megan started out being a mechanical engineer before making the switch to do something with more creativity and problem solving. She shares about her passion of working with a group Microsoft created called "DigiGirlz." As well as just being able to work with her team who she says helps her face the world of adversity in her career. Megan said "There's so many barriers, just even mentally that we put...
New tools target governments in Middle East? [Research Saturday]
Dick O'Brien from Symantec's Threat Hunter team sits down with Dave to discuss their work on "Witchetty - Group Uses Updated Toolset in Attacks on Governments in Middle East." Their research has found that the group known as Witchetty aka LookingFrog, has been progressively updating its toolset, including the new tool, backdoor Trojan (Backdoor.Stegmap) to launchmalware attacks on targets in the Middle East and Africa. The research states "The attackers exploited the ProxyShell and ProxyLogon vulnerabilities to install web shells on public-facing servers before stealing credentials, moving laterally across networks, and installing malware on other computers. The researchers describe more...
Blackbyte's new exfiltration tool. Hijacking student accounts for BEC. Zhora calls Russia's cyber campaigns a failure. OldGremlin ransomware is an outlier.
Blackbyte's new exfiltration tool. Hijacking student accounts for BEC. Zhora calls Russia's cyber campaigns a failure. Caleb Barlow explores new thinking for incident response. Our guest is Jon Hencinski of Expel, tracking the latest threat trends. OldGremlin ransomware is an outlier. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/203 Selected reading. Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool (Symantec) Hijacking Student Accounts to Launch BEC-Style Attacks (Avanan) This sneaky kind of cybercrime rules them all (Washington Post) Russia Failing to Reach Cyber War Goals, Ukrainian Official Says (Meritalk) EU supports cybersecurity in...
Notes and lessons on the hybrid war. Update on Zimbra exploitation. Microsoft fixes misconfigured storage. The state of the cyber workforce. Trends in phishing and ransomware.
DDoS as misdirection. NSA shares lessons learned from cyber operations observed in Russia's war against Ukraine. Advice from CISA on Zimbra.. A misconfigured Microsoft storage endpoint has been secured. Notes from a study on the Cybersecurity Workforce . The cost to businesses of phishing. Betsy Carmelite from Booz Allen Hamilton on managing mental health in the cyber workforce. Our guest is Ismael Valenzuela of Blackberry with insights on "The Cyber Insurance Gap". And updates to the ransomware leaderboard. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/202 Selected reading. Bulgarian cyberattack: Sabotage as a...
Dispatches from the hybrid war, as auxiliaries on both sides skirmish in cyberspace. An Azure vulnerability patched. Trends in ransomware. And Social Security phishbait.
Killnet explains its actions against Bulgaria's government. The National Republican Army claims successful attacks on Russian companies. The Director of Germany's BSI is out. A vulnerability in Azure, disclosed and patched. Trends in ransomware. Carole Theriault has a fresh look at the ransomware question - to pay or not to pay? Tim Eades from Cyber Mentor Fund considers cyber insurance for the small and medium sized businesses. Social Security phishing. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/201 Selected reading. Cyberattack disrupts Bulgarian government websites over betrayal to Russia (The Record by Recorded...
Mobilizing DDoS-as-a-service. Interpol takes down Black Axe gang members. Trends in phishing. Spyder Loader active in Hong Kong. Europol announces arrests in keyless car hacking case.
Mobilizing DDoS-as-a-service. Interpol takes down the Black Axe gang members. A look at phishing trends. Spyder Loader is active in Hong Kong. Joe Carrigan looks at Googles launch of passwordless authentication. Our guest is Dr. Eman El-Sheikh from University of West Florida's Center for Cybersecurity on NSA-funded National Cybersecurity Workforce Development Programs. And Europol announces arrests in a case of keyless car hacking. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/200 Selected reading. Project DDOSIA Russia's answer to disBalancer (Radwaare) Russian DDOSIA Project Pays Volunteers to Participate in DDOS Attacks on Western Companies...
Tata Power sustains cyberattack. Influence operations and battlespace prep. Ransom Cartel looks a lot like REvil. Notes from Russias hybrid war.
Theres been a Cyberattack against Tata Power. The FBI warns US state political parties of Chinese scanning. Russian influence ops play defense; Chinas are on the offense. Ransom Cartel and a possible connection to REvil. "Prestige" ransomware is sighted in attacks on Polish and Ukrainian targets. Distributed denial-of-service attacks interfere with Bulgarian websites. Grayson Milbourne of OpenText Security Solutions on SBOMS. Our own Rick Howard checks in with Bryan Willett of Lexmark on implementation of Zero Trust. And Mr. Musk tweets his intention to continue to subsidize Starlink for Ukraine (probably). For links to all of today's stories check out...
Cyber confidence: Knowing what you have and where it is. [CyberWire-X]
Between multi-cloud deployments, more employees working remotely, and increasing use of SaaS applications, the number of entry points for attackers to infiltrate your systems has exploded. But gaining visibility into all these possible attack vectors is time-consuming and often incomplete or just a snapshot in time. If the first rule of cyber is to know what you have, how can cyber professionals get a comprehensive, current picture of their assets? How can they feel confident that they understand which assets may be more vulnerable and prioritize defenses accordingly? In the first half of this episode of Cyberwire-X, the CyberWire's CSO,...
Amanda Adams: Pivoting into the tech world. [VP] [Career Notes]
Amanda Adams, VP of Americas Alliances at CrowdStrike sits down to share her story as she pivoted into the tech field. She started her career by wanted to be involved with sports, after getting her masters degree Amanda was faced with a difficult choice between working for The Golden State Warriors and Cisco. She ultimately chose Cisco as her path to move forward and has been working in technology ever since. Now she works for a team where she gets to prove her social skills and is focused on partnerships. She say's that working in technology doesn't just have to...
Brigid O Gorman from Symantec's Threat Hunter team joins Dave to discuss their research on "Noberus Ransomware - Darkside and BlackMatter Successor Continues to Evolve its Tactics." The research states that Noberus ransomware (aka BlackCat, ALPHV) is more dangerous than ever because attackers have been using new tactics, tools, and procedures in recent months. In the research, Symantec says, "Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software." They go...
Phishing for poll watchers. Impersonating Intrusion Truth. Data breach at the LDS Church. SpaceX asks for help paying for Ukraines Starlink. Killnets potential. The gamers attack surface.
County election workers find themselves targets of phishing. Impersonating Intrusion Truth. The LDS Church discloses data compromise. SpaceX asks for Starlink funding. Does Killnet have potential to do more damage than it so far has? Deepen Desai from Zscaler on Joker, Facestealer and Coper banking malwares on the Google Play store. Our guest is Maxime Lamothe-Brassard of LimaCharlie to discuss how the cybersecurity is following in the footsteps of software engineering. And the Gamers attack surface? Its big, big, really big, Noobs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/198 Selected reading. 2022...
What the cybercriminals are up to: improving their tools and carrying out the same old dreary social engineering. Budworm APT sightings. And the state of Russias hybrid war.
Emotet ups its game. COVID-19 small business grants as phishbait. Google Translate is spoofed for credential harvesting. Research on the Budworm espionage group. Kevin Magee from Microsoft shares why cybersecurity professionals should join company boards. Our guest is Chris Niggel from Okta with a look at identity shortfalls. And Internet outages during missile strikes, and the prospects of Russias hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/197 Selected reading. Emototes evolution. (ESET) Fresh Phish: Small Business COVID-19 Grants Designed for Disaster (INKY) Spoofing Google Translate to Steal Credentials (Avanan) Budworm: Espionage...
Caffeine in the C2C market. Refund-fraud-as-a-service. Costs of a nuisance. Staying alert during a hybrid war. Renewed Polonium activity. The Uber case's impact on security professionals.
Refund fraud as a service. Costs of a nuisance. Remaining on alert during a hybrid war. Renewed activity by Polonium. Andrea Little Limbago from Interos discussing quantum computing policy. CyberWire Space Correspondent Maria Varmazis speaks with Dr. Gregory Falco on lessons learned from Russias attack on Viasat. Reflections on the Uber case's impact on security professionals. And when it comes to phishing-as-a-service, well take decaf. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/196 Selected reading. The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform (Mandiant) Caffeine phishing. (CyberWire) Refund Fraud...
An update on the hybrid war, where Russia turns to missile strikes, physical sabotage, and nuisance-level DDoS. Surveys look at the state of the SOC and the mind of the CISO.
Russia's Killnet suspected in DDoS attack on major US airports. Starlink service interruptions reported. Bundesbahn communications network sabotaged in northern Germany. Germany's cybersecurity chief faces scrutiny over alleged ties to Russia. Ben Yelin on the FCC's crackdown on robocalls. Ann Johnson from Afternoon Cyber Tea talking with Sounil Yu from JupiterOne about the importance and evolution of cyber resilience. Overworked CISOs may be a security risk, but in an encouraging counterpoint, another study shows a record of CISO success during the pandemic. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/195 Selected reading. US...
CyberWires space correspondent, Maria Varmazis, interviews Anthony Colangelo. [Interview Selects]
This interview from September 23rd, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, CyberWires space correspondent, Maria Varmazis, interviews host of spaceflight podcast Main Engine Cutoff, Anthony Colangelo about the upcoming Apple iPhone 14 Emergency SOS via Satellite feature & what it means for satellite communications in the consumer sector.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Moving Faster - Securely. Why Your Org Should Add Security to your DevOps Program [Security Sandbox]
In todays episode, our sandbox heads to the deployment pipeline for a conversation on the who/what/when/and why of a DevSecOps program and how it adds value to your business. And your main questions- how you can encourage buy-in and adoption. Joining me today are Marcin Swiety, Relativitys Senior Director of Global Security and IT, and Raphael Theberge -Director of Security Integrations. So, grab your DORA metrics, your source controls, and staging environments, and lets dive in.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Payal Chakravarty: Overcoming bias in the workplace. [Security and Risk] [Career Notes]
Payal Chakravarty, Head of Product for Security and Risk from Coalition, sits down to share her story of working at several different organizations, including interning for IBM and Microsoft. After obtaining her master's degree, she worked with IBM a bit more closely and fell in love with one of the projects she was working on. Payal had a very interesting career path going from physical to virtual, virtual to cloud now, cloud to containers. She says that there is still some bias she has dealt with as a woman in her field, she says, "I think the way you handle...
Pentest reporting and the remediation cycle: Why arent we making progress? [CyberWire-X]
The age-old battle between offensive and defensive security practitioners is most often played out in the penetration testing cycle. Pentesters ask, Is it our fault if they dont fix things? While defenders drown in a sea of unprioritized findings and legacy issues wondering where to even start. But the real battle shouldnt be between the teams; it should be against the real adversaries. So why do pentesters routinely come back and find the same things they reported a year ago? Do the defenders just not care or does the onus fall on the report? Everyone really wants the same thing:...
Google Drive used for malware? [Research Saturday]
Jen Miller-Osborn from Palo Alto Networks' Unit 42 joins Dave to discuss their recent work on "Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive." The research shares the insight into an active campaign from Russias Foreign Intelligence Service, that is leveraging the use of trusted, legitimate cloud services including Google Drive as a staging platform to deliver malware. The research states that when these tactics are used, it is extremely difficult for organizations to detect the malicious activity in connection with the campaign. These tactics are used to collect victim information, evade detection, and deliver Cobalt Strike....
A US EO addresses EU data privacy concerns. Chinas favorite CVEs. Election security and credit risk. COVID phishbait. Notes from the hybrid war, including some really motivated draft evaders.
A US Executive Order outlines US-EU data-sharing privacy safeguards. CISA, NSA, and the FBI list the top vulnerabilities currently being exploited by China. A look at election security and credit risk to US states. COVID-19-themed social engineering continues. Robert M. Lee from Dragos on securing the food and beverage industry. Carole Theriault interviews Joel Hollenbeck from Check Point Software on threat actors phishing school board meetings. Notes from the hybrid war: Killnet and US state government sites, the prospects of deterrence in cyberspace, and, finally, maybe the most motivated draft evaders in military history. For links to all of today's...
CISA Alert AA22-279A Top CVEs actively exploited by Peoples Republic of China state-sponsored cyber actors.
This joint Cybersecurity Advisory provides the top CVEs used by the Peoples Republic of China state-sponsored cyber actors. PRC cyber actors continue to exploit these known vulnerabilities and use publicly available tools to target networks of interest. PRC state-sponsored cyber actors have actively targeted U.S. and allied networks as well as software and hardware companies to steal intellectual property and develop access into sensitive networks. AA22-279A Alert, Technical Details, and Mitigations For more information on PRC state-sponsored malicious cyber activity, see CISAs China Cyber Threat Overview and Advisories webpage, FBIs Industry Alerts, and NSAs Cybersecurity Advisories & Guidance. Peoples Republic...
Updated mitigations for ProxyNotShell. Lloyds investigates cyber incident. Killnet hits US state government sites. Election security. Credential theft. Verdict in Uber breach case.
Microsoft updates mitigations for ProxyNotShell. Lloyd's of London investigates a suspected cyberattack. Killnet hits networks of US state governments. The FBI and CISA weigh in on election security. Credential theft in the name of Zoom. Tim Eades from Cyber Mentor Fund on the move to early-stage investing in times of war and recession. Our guest is Nick Lumsden of Tenacity Cloud on cloud infrastructure sprawl. The former security chiefat Uber was found guilty in a case involving data breach cover-up. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/193 Selected reading. Customer Guidance for...
Sniffing at the DIB. Sideloading cryptojacking campaign. Nord Stream and threats to critical infrastructure. US Cyber Command describes hunting forward in Ukraine. Fraud meets romance.
Datas stolen from a US "Defense Industrial Base organization." Major sideloading cryptojacking campaign is in progress. Nord Stream and threats to critical infrastructure. US Cyber Command describes "hunt forward" missions in Ukraine. Andrew Hammond from SpyCast speaks with hacker Eric Escobar about the overlap of traditional intelligence and cybersecurity. Our guest is AJ Nash from ZeroFox with an update on the current threat landscape. Fraud meets romance. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/192 Selected reading. Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization (CISA) CISA:...
CISA Alert AA22-277A Impacket and exfiltration tool used to steal sensitive information from defense industrial base organization.
From November 2021 through January 2022, the CISA responded to APT activity against a Defense Industrial Base organizations enterprise network. During incident response activities, CISA discovered that multiple APT groups compromised the organizations network, and some APT actors had long-term access to the environment. APT actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victims sensitive data. AA22-277A Alert, Technical Details, and Mitigations CISA Cyber Hygiene Services Malware Analysis Report (MAR)-10365227-1.stix MAR-10365227-2.stix MAR-10365227-3.stix CISA offers several no-cost scanning...
CISA issues Binding Operational Directive 23-01. LAUSD says ransomware operators missed most sensitive PII. Trends in API protection SaaS security. Making a pest of oneself in a hybrid war.
CISA issues a Binding Operational Directive. An LA school district says ransomware operators missed most sensitive PII. An API protection report describes malicious transactions. Analysis of cyber risk in relation to SaaS applications.Joe Carrigan describes underground groups using stolen identities and deepfakes. Our guest is Eve Maler from ForgeRock on consumer identity breaches. And someone is making a nuisance of themself in Russia. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/191 Selected reading. Binding Operational Directive 23-01 (CISA) CISA Directs Federal Agencies to Improve Cybersecurity Asset Visibility and Vulnerability Detection (Cybersecurity and Infrastructure...
Microsoft Exchange zero-days exploited. Supply chain attack reported. New Lazarus activity. Mexican government falls victim to hacktivism. Hacking partial mobilization. Former insider threat.
Two Microsoft Exchange zero-days exploited in the wild. A supply chain attack, possibly from Chinese intelligence services. Theres new Lazarus activity: bring-your-own-vulnerable-driver. The Mexican government falls victim to apparent hacktivism. Flying under partial mobilizations radar. Betsy Carmelite from Booz Allen Hamilton talks about addressing the cyber workforce skills gap. Our guest Rachel Tobac from SocialProof Security brings a musical approach to security awareness training. Hows your off-boarding program working out? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/190 Selected reading. Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server (CISA) Customer Guidance...
The OSINT revolution: How cyber and physical security teams are leveraging open source intelligence. [CyberWire-X]
On this episode of CyberWire-X, we dive into the essential role of open-source intelligence in identifying cyber and physical threats and reducing risk across your organization. The CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table members Dr. Georgianna Shea, CCTI and TCIL Chief Technologist at the Foundation for Defense of Democracies, and Bob Turner, Field CISO Education at Fortinet. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor risk intelligence firm Flashpoint's Chief Intelligence Officer Tom Hofmann. They explore the foundational importance...
Kayla Williams: Not everything related to cybersecurity is a fire drill. [CISO] [Career Notes]
Kayla Williams, CISO of Devo,sits down to share her story,from graduating with a finance degree to rising to where she is now. She quickly learned that finance was not for her andchanged paths,working towards gaining an information security certificate. From there she was able to excel and was offered the opportunity to move to England which changed her life. Working in her new role,she really enjoys thriving with her team. She says "We really try to be the department of no problem versus the department of no." She mentions how her and her team work on a day to day...
Targeting your browser bookmarks? [Research Saturday]
David Prefer from SANS sits down with Dave to discuss how a new covert channel exfiltratesdata via a browser's built-in bookmark sync. David goes on to describe how this research will "describe how the ability to synchronize bookmarks across devices introduces a novel vector for data exfiltration and other misuses." In the research,he shares how he tested his said hypothesis and goes on to describehowthe interesting find was tested on multiple browsers including Chrome, Edge, Brave and Opera. In his research,he found that bookmarks are able to keep data and synchronize it, making it easier to infiltrate and extract data...
Espionage, both online and in-person. Sabotage, both kinetic and (maybe eventually) cyber. Waterin holes, deepfakes, and the pushing of naughty words.
North Korean operators "weaponize" open-source software. The SolarMarker info-stealer returns. A quick review of Fast Company's WordPress hijacking incident. Deepfakes, and their evolution into an underworld and influence ops tool. Kinetic sabotage in the Baltic raises concerns about threats to infrastructure in cyberspace. Chris Novak from Verizon with a mid-year check in. Our guest is MK Palmore of Google Cloud on why collective cybersecurity ultimately depends on having a diverse, skilled workforce. And the US arrests three in two alleged spying cases. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/189 Selected reading. ZINC...
Hackers support Iranian dissidents. Notes on C2C markets. Cyberespionage campaigns. Intercepted mobile calls from Russian troops expose morale problems.
Gray-hat support for Iranian dissidents. Selling access wholesale in the C2C market. Novel malwares discovered targeting VMware hypervisors. The Witchetty espionage group uses an updated toolkit. Deepen Desai from Zscaler has aTechnical Analysis of Industrial Spy Ransomware. Ann Johnson of Afternoon Cyber Tea speaks with Michal Braverman-Blumenstyk, CTO for Microsoft Security, about Israel's cyber innovation. And Russian troops phone call revelations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/188 Selected reading. Hacker Groups take to Telegram, Signal and Darkweb to assist Protestors in Iran (Check Point Software) Hackers Use Telegram and Signal to...
DDoS remains commonplace in Russia's hybrid war. Leaked LockBit 3.0 builder used by new gang. Meta takes down Russian disinfo networks. Lazarus Group goes spearphishing. Cloudy complexity.
DDoS remains the most characteristic mode of cyber ops in Russia's hybrid war against Ukraine. A leaked LockBit 3.0 builder is being used in ransomware attacks. Meta takes down Russian disinformation networks. Lazarus Group is spearphishing with bogus job offers. Joe Carrigan looks at SNAP benefit scams. Our guest is Crane Hassold of Abnormal Security with the latest in advanced email attack trends. And the cloudis complicated. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/187 Selected reading. Adversaries Continue Cyberattack Onslaught with Greater Precision and Innovative Attack Methods According to 1H2022 NETSCOUT DDoS...
Ukraine's Defense Intelligence warns of coming Russian cyberattacks against infrastructure. Next moves for Lapsus$? Cashout scams and neglected wallets. Developments in the Optus breach.
Ukraine's Defense Intelligence warns of coming Russian cyberattacks against infrastructure. Next moves for Lapsus$? We know its a bear market, but take a look at your wallet, crypto speculators, at least now and then. Mr Security Answer Person john Pescatore on next year's most over-hyped term. Ben Yelin explains a thirty five million dollar data privacy settlement.And, finally, developments in the Optus breach. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/186 Selected reading. Invaders Preparing Mass Cyberattacks on Facilities of Critical Infrastructure of Ukraine and Its Allies (Defence Intelligence of the Ministry of...
Unrest in Iran finds expression in cyberspace. Cyber conflict and diplomacy. Cybercrime in the hybrid war. And there seems to have been an arrest in the Uber and Rockstar breaches.
Unrest in Iran finds expression in cyberspace. Albania explains its reasons for severing relations with Iran. Cybercrime in the hybrid war. Rick Howard on risk forecasting with data scientists. Dave Bittner sits down with Dr. Bilyana Lilly to discuss her new book: "Russian Information Warfare: Assault on Democracies in the Cyber Wild West."And there seems to have been an arrest in the Uber and Rockstar breaches. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/185 Selected reading. Irans War Within (Foreign Affairs) Irans Hijab Protests Have Lit a Fire the Regime Cant Put Out...
Adam Marr: Learning to be a leader. [CISO] [Career Notes]
Adam Marr, CISO from Arctic Wolf sits down to share his story of rising through the ranks. After 9/11 he decided he wanted to make a difference in the world and so he chose to go into the FBI, there he learned the skills that got him to where he is today. In his time at the FBI, he was able to do what he loved which was working with computers while gaining more knowledge on cybersecurity and became computer forensic certified. Ultimately he needed a change in the end and decided to leave the FBI, He was able to...
Keeping an eye on RDS vulnerabilities. [Research Saturday]
Gafnit Amiga, Director of Security Research from Lightspin joins Dave to discuss her team's research "AWS RDS Vulnerability Leads to AWS Internal Service Credentials." The research describes how the vulnerability was caught and right after it was reported the AWS Security team applied an initial patch limited only to the recent Amazon Relational Database Service (RDS) and Aurora PostgreSQL engines, excluding older versions. They followed by personally reaching out to the customers affected by the vulnerability and helped them through the update process. The research states "Lightspin's Research Team obtained credentials to an internal AWS service by exploiting a local...
Privateers seem to be evolving into front groups for the Russian organs. Unidentified threat actors engaging in cyberespionage. Catphishing from a South Carolina prison.
The GRU's closely coordinating with cyber criminals. An unidentified threat actor deploys malicious NPM packets. Gootloader uses blogging and SEO poisoning to attract victims. Metador is a so-far unattributed threat actor. Johannes Ullrich from SANS on Resilient DNS Infrastructure. Maria Varmazis interviews Anthony Colangelo, host of spaceflight podcast Main Engine Cutoff, about the iPhone 14 Emergency SOS via Satellite feature. And having too much time on your hands while doing time is not a good thing. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/184 Selected reading. GRU: Rise of the (Telegram) MinIOns (Mandiant)...
GRU operators masquerade as Ukrainian telecommunications providers. 2K Games Support compromised to spread malware. Developments in the cyber underworld.
GRU operators masquerade as Ukrainian telecommunications providers. Another video game maker is compromised to spread malware. Noberus may be a successor to Darkside and BlackMatter ransomware. Robert M.Lee from Dragos explains Crown Jewel analysis. Our guest is Nathan Hunstad from Code42 with thoughts on insider risk events. Threat actors have their insider threats, too. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/183 Selected reading. Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine (Recorded Future) Russian Cyberspies Targeting Ukraine Pose as Telecoms Providers (SecurityWeek) Shadowy Russian Cell Phone Companies Are Cropping Up in Ukraine (WIRED)...
CISA Alert AA22-265A Control system defense: know the opponent. [CISA Cybersecurity Alerts]
This alert builds on previous NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure. The alert documentation linked in the show notes describes TTPs that malicious actors use to compromise OT/ICS assets. It also recommends mitigations that owners and operators can use to defend their systems from each of the listed TTPs. NSA and CISA encourage OT and ICS owners and operators to apply the recommendations in this documentation. AA22-265A Alert, Technical Details, and Mitigations NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure For NSA client requirements or general cybersecurity inquiries,...
CISA Alert AA22-264A Iranian state actors conduct cyber operations against the government of Albania. [CISA Cybersecurity Alerts]
In July 2022, Iranian state cyber actorsidentifying as HomeLand Justicelaunched a destructive cyber attack against the Government of Albania which rendered websites and services unavailable. An FBI investigation indicates Iranian state cyber actors acquired initial access to the victims network approximately 14 months before launching the destructive cyber attack, which included a ransomware-style file encryptor and disk wiping malware. AA22-264A Alert, Technical Details, and Mitigations CISAs free Cyber Hygiene Services (CyHy) CISAs zerotrust principles and architecture. Iran Cyber Threat Overview and Advisories. All organizations should report incidents and anomalous activity to CISAs 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870...
A call-up of Russian reserves, and more notes on the IT Army's claimed hack of the Wagner Group. Netflix phishbait. The Rockstar Games and LastPass incidents. CISA releases eight ICS Advisories.
Its partial mobilization in Russia, and airline flights departing Russia are said to be sold out. Further notes on the IT Army's claimed hack of the Wagner Group. Leveraging Netflix for credential harvesting. Rockstar Games suffers a leak of new Grand Theft Auto footage. Ben Yelin has the latest on regulations targeting crypto. Our guest is Amy Williams from BlueVoyant discussing the value of feminine energy in the male dominated field of cybersecurity. CISA releases eight ICS Advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/182 Selected reading. Russia moves toward annexing Ukraine...
An overview of Russian cyber operations. The IT Army of Ukraine says its doxed the Wagner Group. Lapsus$ blamed for Uber hack. A look at the risk of stolen single sign-on credentials.
An overview of Russian cyber operations. The IT Army of Ukraine claims to have doxed the Wagner Group. Who dunnit? Lapsus$ dunnit. Emily Mossburg from Deloitte and Shelley Zalis of the Female Quotient on why gender equality is essential to the success of the cyber industry. Weve got a special preview of the International Spy Museum's SpyCast's latest episode with host Andrew Hammond interviewing Robert Gates on the 75th anniversary of the CIA. And a look at the risk of stolen single sign-on credentials. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/181 Selected...
An update on the Uber breach. Emotet and other malware delivery systems. Belarusian Cyber Partisans work against the regime in Minsk. And risky piracy sites.
An update on the Uber breach. Emotet and other malware delivery systems. Belarusian Cyber Partisans work against the regime in Minsk. Grayson Milbourne of OpenText Security Solutions on the arms race for vulnerabilities. Rick Howard continues his exploration of cyber risk. And risky piracy sitesthats on the Internet, kids, not the high seas. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/180 Selected reading. Developments in the case of the Uber breach. (CyberWire) Preliminary lessons from the Uber breach. (CyberWire) Uber says no evidence user accounts were compromised in hack (The Verge) Uber Claims...
Jaya Baloo: Don't be afraid to bounce ideas off your teammates. [CISO] [Career Notes]
Jaya Baloo, a Chief Information Security Officer from Avast sits down to share her story, sharing how she got into the technology field at a younger age with being introduced to computers and games on her PS 24. She started off going to college for political science and after not knowing what to do after that, she got her first start in cybersecurity. After falling in love with cybersecurity she kept moving up the ranks in different organizations before finding herself at Avast. She shares that at Avast she leans on her team quite a bit and you should never...
An increase in bypassing bot management? [Research Saturday]
Sam Crowther, CEO of Kasada join's Dave to discuss their work on "The New Way Fraudsters Bypass Bot Management." Kasada researchers recently discovereda new type of bot called Solver Services, which is used and created by bad actors to bypass the majority of bot management systems. The research states "Now its easier than ever for mainstream bot operators to scrape content, take over accounts, hoard inventory, and commit other forms of automated fraud against organizations using legacy bot management solutions." Attackers are able to by these Solver bots, APIs, and services for less than $500 per month to make a...
Uber sustains a major data breach. Notes on the underworld. A large DDoS attack is stopped in Eastern Europe. An FBI alert and a brace of CISA advisories. Congress deliberates cyber policy.
Uber suffers a data breach. Social media executives testify before Congress. A Large DDoS attack is thwarted in Eastern Europe. The FBI warns of increased cyberattacks against healthcare payment processors. Policy makers consider new OT security incentives. Malek Ben Salem from Accenture on future-proof cloud security. Our guest Diana Kelley from Cybrize discusses the need for innovation and entrepreneurship in cybersecurity. And if youve been hoping for a LockerGoga decryptor,youre in luck. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/179 Selected reading. Uber hacked, internal systems breached and vulnerability reports stolen (BleepingComputer) Uber...
CISA Alert AA22-257A Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. [CISA Cybersecurity Alerts]
This joint Cybersecurity Advisory highlights continued malicious cyber activity by advanced persistent threat actors affiliated with the Iranian Governments Islamic Revolutionary Guard Corps. The IRGC-affiliated actors are actively targeting a broad range of entities, including entities across multiple U.S. critical infrastructure sectors as well as Australian, Canadian, and United Kingdom organizations. AA22-257A Alert, Technical Details, and Mitigations AA22-257A.stix CISAs Iran Cyber Threat Overview and Advisories FBIs Iran Threat webpage. Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities Technical Approaches to Uncovering and Remediating Malicious Activity All organizations should report incidents and anomalous...
Notes from the hybrid war: nuisance-level DDoS, cyberespionage, and the possibility of financially motivated hacking. US policy on the software supply chain, and notes from the underworld.
Nuisance-level DDoS and cyberespionage continue to mark Russia's cyber campaign in the hybrid war. Theres a US Presidential memorandum on software supply chain security. Webworm repurposes older RATs. Trends in cyber insurance claims. OriginLogger may be the new Agent Tesla. The SparklingGoblin APT described. Mathieu Gorge of VigiTrust describes cyber vulnerabilities in the hospitality industry. Dinah Davis from Arctic Wolf explains a PayPal phishing attack. And Royal funeral phishbait. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/178 Selected reading. Pro-Russia hackers claim to have temporarily brought down Japanese govt websites (Asia News Network)...
Patch Tuesday notes. Mr. Mudge goes to Washington. Joint warning of IRGC cyber activity. No major developments in the cyber phases of Russias hybrid war (but Ukraine is sounding confident).
Patch Tuesday notes. The US Senate Judiciary Committee hears from the Twitter whistleblower. Joint warning of IRGC cyber activity. Rob Boyce from Accenture on cybercriminals weaponizing leaked ransomware data. Chris Novak from Verizon describes his participation in the CISA Advisory Board. And Ukraine reiterates confidence in its resiliency. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/177 Selected reading. Adobe Patches 63 Security Flaws in Patch Tuesday Bundle (SecurityWeek) Microsoft Releases September 2022 Security Updates (CISA) Microsoft's September Patch Tuesday fixes five critical bugs (Computing) Microsoft Raises Alert for Under-Attack Windows Flaw (SecurityWeek) SAP...
A conversation with members of Baltimore FBI: Special Agent in Charge, Tom Sobocinski, and Supervisory Special Agent for Cyber, Tom Breeden. [Special Editions]
In this extended interview, CyberWire Daily Podcast host Dave Bittner sits down with members of the FBI's Baltimore field office: Special Agent in Charge, Tom Sobocinski, and Supervisory Special Agent for Cyber, Tom Breeden. As part of the FBI's cybersecurity awareness campaign, they discuss what the FBI can do to enhance and amplify cyber efforts in ways unlike any other public or private organization. This interview from August 30, 2022 originally aired as a shortened version on the CyberWire Daily Podcast.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Apple patches. Reviewing the cyber phase of a hybrid war. ShadowPads return. Phishing from the Static Expressway. Medical device threats. Security trends. Charming Kittens social engineering.
Apple patches its software. Reviewing the cyber phase of a hybrid war. The return of the (ShadowPad) alumni. Phishing from the Static Expressway. The state of cloud security. Overconfidence comes at a cost. Ann Johnson of Afternoon Cyber Tea speaks with Dr. Josephine Wolff from the Fletcher School about cyber insurance past. My conversation with FBI special agents Tom Sobocinski and Tom Breeden. And Charming Kitten and group-think in social engineering. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/176 Selected reading. Apple security updates (Apple Support) Ukraine Cyber War Update September 2022 (CyberCube)...
Albania reports more Iranian cyberattacks. RaidForums has a new successor. A look at threat actor reconnaissance in the contemporary Internet.
Albania reports additional cyberattacks from Iran over the weekend. RaidForums has a new successor. A look at threat actor reconnaissance in the contemporary Internet. Kinetic strikes hit Ukraines infrastructure. Rick Howard calculates risk with classic mathematical theorems. Tim Eades from Cyber Mentor Fund on the dynamic nature of the attack surface. And a look into the cyber phase of the hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/175 Selected reading. Albania blames Iran for second cyberattack since July (CNN) Treasury Sanctions Iranian Ministry of Intelligence and Minister for Malign Cyber Activities...
Mark Logan: March towards your goals. [CEO] [Career Notes]
Mark Logan, CEO of One Identity, sits down to share his story, explaining how he fit into different roles growing up in different companies. Mark has nearly two decades of C-Suite experience at an array of different organizations, finally landing on his current position as the CEO at One Identity. Sharing his different roles, he also gives a quote from Steve Jobs, saying "it's not what I say yes to, it's what I say no to." He believes that's a key area for his workers because when he is able to make up his mind, his team and his customers...
Evilnum APT returns with new targets. [Research Saturday]
Deepen Desai from Zscaler ThreatLabz joins Dave to discuss their work on "Return of the Evilnum APT with updated TTPs and new targets." Zscalers ThreatLabz team recently caught a newEvilnum APTattack campaign that uses the document template on MS Office Word to inject malicious payload to the victim's machine. There are three new instances used of the campaign, including updated tactics, techniques, and procedures. Researchers have been closely monitoring Evilnum APTs activity. They ssay ThreatLabz identified several domains associated with the Evilnum APT group. Which has led them to discover that the "group has been successful at flying under the...
Threats to US elections. Lazarus Group targeting energy companies. Gaming-related threats.
Nation-states are expected to target the US midterm elections. North Koreas Lazarus Group is targeting energy companies. The Ukraines Ministry of Digital Transformation on cyber lessons learned from Russias hybrid war against Ukraine. CISA flags twelve known exploited vulnerabilities for attention and remediation. Vulnerable anti-cheat engines used for malicious purposes. Steve Carter from Nucleus Security has thoughts on AI in cybersecurity. Roland Cloutier, former CSO of TikTok, discusses working around the changing career field, needs, and how enterprise executives are developing and finding talent. And a look at top gaming-related malware lures. For links to all of today's stories check...
Bronze President shows both enduring interests and adaptability. Iranian threat actor activity reported. Cybersecurity and small-to-medium businesses.
Bronze President shows both enduring interests and adaptability. Iranian threat actor activity is reported. Cybersecurity and small-to-medium businesses. An initial access broker repurposes Conti's old playbook for use against Ukraine. Johannes Ullrich from SANS on Scanning for VoIP Servers. Our guest is Ian Smith from Chronosphere on observability. And Kyivstar as a case study in telco resiliency. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/173 Selected reading. BRONZE PRESIDENT Targets Government Officials (Secureworks) APT42: Crooked Charms, Cons, and Compromises (Mandiant) Profiling DEV-0270: PHOSPHORUS ransomware operations (Microsoft) Albania cuts diplomatic ties with Iran over...
Albania attributes major cyberattack to Iran. TikTok denies breach. New Linux malware.
The Albanian government attributes a disruptive cyber attack to Iran. TikTok says its found no evidence of a data breach. Researchers have discovered a new strain of Linux malware. US agencies warn of ransomware targeting the education sector. Finland prepares to increase its cybersecurity capacity. Deepen Desai from Zscaler on the latest updates to Raccoon Stealer. Our guest is Lance Spitzner from the SANS Institute with results of their recent Security Awareness Report. And a fond farewell to the father of Lets Encrypt. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/172 Selected reading....
CISA, the FBI, and the Multi-State Information Sharing and Analysis Center, or MS ISAC, are releasing this advisory to disseminate indicators of compromise and TTPs associated with Vice Society actors and their ransomware campaigns. The FBI, CISA, and the MS-ISAC have recently observed Vice Society actors disproportionately targeting the education sector with ransomware attacks. AA22-249A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware...
Notes on the C2C market. A new cyberespionage threat actor has surfaced. Sharkbot made a brief return to Google Play. Privateering and catphishing in the hybrid war.
A Phishing-as-a-service offering on the dark web bypasses MFA. The Worok cyberespionage group is active in Central Asia and the Middle East. Prynt Stealer and the evolution of commodity malware. Sharkbot malware reemerged in Google Play. BlackCat/ALPHV claims credit for attack on the Italian energy sector. Joe Carrigan shares stats on social engineering. Our guest is Angela Redmond from BARR Advisory with six cybersecurity KPIs. And the Los Angeles Unified School District was hit with ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/171 Selected reading. EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In...
Anjali Hansen: Cross team collaboration works best. [Privacy Counsel] [Career Notes]
Anjali Hansen, a senior privacy counselor from Noname Security shares her story as she climbed through the ranks to get to where she is toady. When Anjali started she wanted to do international law. She started working for theInternational Trade Commission after law school which is where she was able to gain most of her experience and gain real world abilities. Working with online fraud and abuse, she shares, concerned her because it felt like governments could not protect organizations from threats occurring, which is how she got interested in cyber crime. From there, she moved to Noname Security and...
LockBit's contradiction on encryption speed. [Research Saturday]
Ryan Kovar from Splunk sits down with Dave to discuss their findings in "Truth in Malvertising?" that contradict the LockBit group's encryption speed claims. Splunk's SURGe team recently released a whitepaper, blog, and video that outlined the encryption speeds of 10 different ransomware families. During their research they cam across Lockbit doing the same thing. After completing the research, the researchers came back to test the veracity of LockBits findings. The research showed three interesting finds.The first find showed thatLockBits fastest and slowest samples were closely aligned between the tests, but the other results were very different.They also found that...
Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coupagainst Moscows taxis.
REvil (or an impostor, or successor) may be back. A Paris-area medical center continues to work to recover from cyber extortion. An assessment of Russian failure (or disinclination) to mount effective cyber campaigns. Cyber criminals find wartime to be a tough time. Josh Ray from Accenture looks at cyber threats to the rail industry. Our guest is Dan Murphy of Invicti making the case that not all vulnerabilities are created equal. And Yandex Taxis app was hacked in a nuisance attack. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/170 Selected reading. REvil says...
News on three ransomware operations: BianLian, Cuba, and Ragnar Locker. How the gangs are recruiting. Mobile app supply chain blues. Happy Insider Threat Month.
The BianLian ransomware gang is better at coding than at the business of crime. The Attack on Montenegro seems to be ransomware. A look at Ragnar Locker's current interests. Recruiting for gangland gets allusive, but those who know, well, they know. Our guest is Dan Lanir of OPSWAT with insights on recent federal legislation supporting cyber jobs. Ben Yelin lexamines a lawsuit filed by the FTC against an online data broker. And its Insider Threat Month, so keep an eye on yourself. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/169 Selected reading. BianLian...
Securing multi-cloud identity with orchestration. [CyberWire-X]
While multi-cloud brings significant benefits, it also poses serious security risks. And identity is the reason. Each cloud platform, such as Azure, Google, and AWS, uses proprietary identity systems, and the lack of interoperability makes it unruly to manage. These disparate systems cant talk to each other resulting in a fragmented environment full of identity silos the perfect way for an attacker to get in and cause destruction. In this episode of CyberWire-X,the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Rick Doten, the CISO for Healthcare Enterprises and...
Malicious Chrome extensions. BEC in Kentucky. Dispatches from a hybrid war, including state-directed, partisan, and criminal action. ICS advisories. Cosplaying hardware.
Chrome extensions steal browser data. A business email compromise attack is under investigation in Kentucky. Belarusian Cyber Partisans claim to have a complete Belarusian passport database. Organizing a cyber militia. CISA releases twelve ICS security advisories. Our guest is Asaf Kochan of Sentra on overemphasizing the big one. Carole Theriault cautions against getting ahead of yourself in the cryptocurrency supply chain. Cosplaying" hardware. And Canada welcomes a new SIGINT boss. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/168 Selected reading. Chrome extensions with 1.4 million installs steal browsing data (BleepingComputer) Malicious Cookie Stuffing...
Cyberespionage around the South China Sea. Oktapus and the Twilio compromise. Notes from Russias hybrid war. And the LockBit gang looks beyond double extortion.
Cyberespionage around the South China Sea. Oktapus and the Twilio compromise. Montenegro works to recover from a Russian cyber offensive. A big Russian streaming platform sustains a data leak. Ann Johnson of the Afternoon Cyber Tea podcast speaks with Dave DeWalt of NightDragon and Jay Leek of both Syn Ventures and Clear Sky Security about cyber capital investment. Mr. Security Answer Person John Pescatore examines the allure of the healthcare industry for ransomware operators. And the LockBit gang looks beyond double extortion. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/167 Selected reading. Rising...
How a hybrid war spreads its cyber effects. Russian and Chinese cyber ops in Latin America. Greenwashing influence. Iranian threat actor exploits Log4j vulnerabilities against Israeli targets.
Russian cyber operations in Southeastern Europe. The challenge of containing the cyber phases of a hybrid war. Russian and Chinese cyber activity in Latin America. Greenwashing influence operations. Rick Howard looks at risk probabilities. Dinah Davis from Arctic Wolf looks at ransomware payment myths. And an Iranian threat actor exploits Log4j vulnerabilities against Israeli targets. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/166 Selected reading. Russia blamed for wave of hacker attacks in Southeast Europe (BNE) Montenegro declares it is in 'hybrid war' with Russia after massive cyber attack (Metro) Montenegro reports massive...
David Nosibor: Taking calculated risks. [Product Lead] [Career Notes]
David Nosibor, Product Lead for SafeCyber at UL Solutions, started his career in a unique way by not letting himself be pigeonholed. Within his company, David was able to grow to the position he is in now and says that his position feels like a lot of roles tied into one. He says that on any given day he is tackling all sorts of elements, such as marketing, operations, working with the engineering team, figuring out ways to acquire customers, retain them, and also working on sales and business development capabilities. He also says that constantly learning and getting new...
How a wide scale Facebook campaign stole 1 million credentials. [Research Saturday]
Nick Ascoli from ForeTrace in a partnership with PIXM sits down with Dave to provide insight on their team's work on"Phishing tactics: how a threat actor stole 1 million credentials in 4 months." During routine analysis, researchers discovered the connection between the pages using PIXMs deep html analysis feature, which enabled them to view and analyze the underlying code on the pages after they were flagged as phishing. This led to the ensuing investigation, which was led by PIXMs threat research team with assistance from Nick Ascoli. The research states "we uncovered a campaign whose scale has potentially impacted hundreds...
A Black Basta update. Okta talks Scatter Swine. Nobelium's MagicWeb. Wartime stress in the cyber underworld. LastPass security incident. CISA adds to its Known Exploited Vulnerabilities Catalog.
Palo Alto describes the Black Basta ransomware-as-a-service operation. Okta on Scatter Swine, the threat actor that compromised Twilio. Microsoft describes Nobelium's new approach to establishing persistence. Russia's war against Ukraine has induced stresses in the cyber underworld. LastPass discloses a security incident. Josh Ray from Accenture on cyber crime and the cost-of-living crisis. Our own Dave Bittner sits down with Chris Handman from TerraTrue to discuss how he works to transform legal teams into advocates and collaborators that can ensure privacy is baked in every step of the way. And CISA adds ten entries to its Known Exploited Vulnerabilities Catalog....
Notes from six months of hybrid war. Oktapus criminal campaign. Exotic Lily and Bumblebee Loader. Insights derived from DNS traffic. US DHS shutters its Disinformation Governance Board.
Ukrainian and Russian cyber operations at six months. Oktapus criminal campaign compromises 9931 accounts in more than 130 organizations. Exotic Lily and Bumblebee Loader. Insights derived from DNS traffic. Chris Novak from Verizon on DHS Cyber Safety Review Board's report on the Log4j investigation that Verizon conducted. Dave Bittner sits down with our guest Dr. Scott Crowder, CTO and VP, Quantum Computing, Technical Strategy and Transformation for IBM Systems to discuss the increasingly urgent need for industries to prepare for security threats that quantum could unleash. And the US Department of Homeland Security shutters its Disinformation Governance Board. For links...
Ransomware attack hits a French hospital. Lessons for the fifth domain from six months of hybrid war. Deepfake scams have arrived. Threat actors prepare to exploit Hikvision camera vulnerability.
A medical center near Paris comes under ransomware attack, and refuses to pay up. Lessons for the fifth domain from six months of hybrid war. Deepfake scams appear to have arrived. Deepen Desai from Zscaler with introduction to our audience. Dave Bittner sits down with Gil Hoffer, CTO and Co-founder of Salto to discuss Who Hacked Slack?. And Threat actors prepare to exploit Hikvision camera vulnerability. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/163 Selected reading. Cyber attackers disrupt services at French hospital, demand $10 million ransom (France 24) French hospital hit by...
Iranian APT data extraction tool described. LockBit gang comes under DDoS. Twitter whistleblower security claims made public. Greek natural gas supplier under cyberattack. Updates on a hybrid war.
Iranian APT data extraction tool described. LockBit gang comes under DDoS. Twitter whistleblower security claims made public. Poland and Ukraine conclude cybersecurity agreement. Greek national natural gas supplier under criminal cyberattack. Update to the Joint Alert on Zimbra exploitation. Addition to CISA's Known Exploited Vulnerabilities Catalog. Johannes Ullrich from SANS on Control Plane vs. Data Plane vulnerabilities. Our guest is David Nosibor, Platform Solutions Lead for UL to discuss SafeCyber Phase II. And, finally, targeting and trolling, with an excursus on Speedos. Really. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/162 Selected reading....
Bogus DDoS protection pages distribute malware. Estonia deals with DDoS attacks. Roskomnadzor's Internet panopticon.And data-tampering attacks are regarded as a growing risk.
Bogus DDoS protection pages distribute malware. Estonia deals with DDoS attacks. Roskomnadzor's Internet panopticon. Rick Howard on the RSA Security Breach of 2011 and the Equifax breach of 2017. Caleb Barlow on what does a recession mean for cyber security venture capital and what is the impact of this on the industry? And data-tampering attacks are regarded as a growing risk. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/161 Selected reading. WordPress sites hacked with fake Cloudflare DDoS alerts pushing malware (BleepingComputer) Fake DDoS Pages On WordPress Sites Lead to Drive-By-Downloads (Sucuri Blog)...
Roya Gordon: Becoming a trailblazer. [Research] [Career Notes]
Roya Gordon, a Security Research Evangelist at ICS cybersecurity firm Nozomi Networks, started her career as an intelligence specialist in the U.S. Navy. After her time serving, Roya spent time as a Control Systems Cybersecurity Analyst at the Idaho National Laboratory and then took the role of Cyber Threat Intelligence Manager at Accenture. She shares her story after the NSA accepted her and then quickly diverted, creating a new path for Roya to follow. She shares the jobs she went after along the way, leading up to Nozomi Networks and how she wishes to be a trailblazer for young black...
Clipminer: Making millions off of malware. [Research Saturday]
Dick O'Brien from Symantec, a part of Broadcom Software, joins Dave to discuss how the cyber-criminal operation, Clipminer Botnet, makes operators behind it at least $1.7 million. Symantec's research says "The malware being used, tracked as Trojan.Clipminer, has a number of similarities to another crypto-mining Trojan called KryptoCibule, suggesting it may be a copycat or evolution of that threat." Symantec determined that the malware has the ability to mine for cryptocurrency using compromised computers resources. They also share a way to protect against the cyber-criminal operation, as well as sharing some indicators you could be compromised. The research can be...
Notes on the hybrid war. Criminal gang hits travel and hospitality sectors. Additions to CISA's Known Exploited Vulnerabilities Catalog. CISA issues five ICS security advisories.
Killnet claims a DDoS campaign against Estonia. The head of GCHQ calls Russian cyber operations a failure. US Cyber Command concludes its "hunt forward" mission in cooperation with Croatia. A criminal gang targets the travel and hospitality sectors. Thomas Pace of NetRise shares insights on firmware vulnerabilities. Daniel Floyd from BlackCloak on Quantifying the Business Need for Digital Executive Protection. CISA issues five ICS security advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/160 Selected reading. Estonia says it repelled major cyber attack after removing Soviet monuments (Reuters) Theres a chance regular people...
BlackBytes back, as BlackByte 2.0. Iranian cyber ops against Israel. Wipers and cyberespionage as tools in Russias hybrid war. Cyber war clauses coming to cyber insurance policies.
BlackByte is back. Iran suspected of cyber operations against four Israeli sectors. A look at wipers as a tool in hybrid war. A Russian cyber ops scorecard. Josh Ray from Accenture on how dark web actors are focusing on VPNs. Our guest is Corey Nachreiner from WatchGuard with findings of their latest Internet Security Report. Cyber war clauses coming to cyber insurance policies. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/159 Selected reading. BlackByte ransomware gang is back with new extortion tactics (BleepingComputer) Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy...
Cyber incidents and lessons from Russia's hybrid war. Zimbra vulnerabilities exploited. New Lazarus Group activity reported. ICS security advisories .Insider trading charges from 2017 Equifax breach.
A DDoS attack against a Ukrainian nuclear power provider. The US Army draws some lessons from the cyber phases of Russia's hybrid war. Vulnerabilities in Zimbra are undergoing widespread exploitation.Reports of new Lazarus Group activity. CISA releases eight ICS security advisories. Carole Theriault looks at scammers and cryptocurrencies. Our guest is Jennifer Reed from Aviatrix on the changing landscape of cloud security. And the SEC charges three with insider trading during the 2017 Equifax breach. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/158 Selected reading. Ukrainian Nuclear Operator Accuses Russians Hackers Of Attacking...
CISA and the Multi-State Information Sharing & Analysis Center, or MS-ISAC are publishing this joint Cybersecurity Advisory in response to active exploitation of multiple Common Vulnerabilities and Exposures against Zimbra Collaboration Suite, an enterprise cloud-hosted collaboration software and email platform. AA22-228A Alert, Technical Details, and Mitigations Volexitys Mass Exploitation of (Un)authenticated Zimbra RCE: CVE-2022-27925 Hackers are actively exploiting password-stealing flaw in Zimbra CISA adds Zimbra email vulnerability to its exploited vulnerabilities catal CVE-2022-27925 detail Mass exploitation of (un)authenticated Zimbra RCE: CVE-2022-27925 CVE-2022-37042 detail Authentication bypass in MailboxImportServlet vulnerability CVE-2022-30333 detail UnRAR vulnerability exploited in the wild, likely against Zimbra servers...
Russian cyberespionage and influence op disrupted. RedAlpha versus Chinese minorities and (of course) Taiwan. Evil PLC proof-of-concept. Cl0p takes a poke at a water utility.
Microsoft identifies and disrupts Russian cyberespionage activity. An update on RedAlpha. An evil PLC proof-of-concept shows how programmable logic controllers could be "weaponized." Ben Yelin has an update on right to repair. Our guest is Arthur Lozinski of Oomnitza with a look at attack surface management maturity.And the Cl0p gang hits an English water utility (but tries to extort the wrong onestuff happens, yknow?). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/157 Selected reading. Disrupting SEABORGIUMs ongoing phishing operations (Microsoft Security Microsoft disrupts Russian-linked hackers targeting NATO countries (Breaking Defense) Microsoft Announces Disruption...
Shuckworm and Killnet continue to hack in the interest of Russia. Iron Tiger's supply chain campaign. TikTok and national security. And an arrest in the case of the Tornado Cash crypto mixer.
Shuckworm maintains its focus on Ukrainian targets. Killnet's DDoS and dubious proof-of-work. Iron Tiger's supply chain campaign. TikTok and national security. Dinah Davis from Arctic Wolf shares insights on Dark Utilities. Rick Howard digs into identity management. And an arrest in the case of the Tornado Cash crypto mixer. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/156 Selected reading. Shuckworm: Russia-Linked Group Maintains Ukraine Focus (Symantec) Killnet Releases 'Proof' of its Attack Against Lockheed Martin (SecurityWeek) Killnet greift lettisches Parlament an (Tagesspiegel) Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux...
Red teamer's perspective on demotivating attackers. [CyberWire-X]
Cybercriminals are motivated by one simple incentive - money. Their favorite tools are bots to leverage sophistication, scalability, and ease of use. The effect is the creation of the underground bot ecosystem. This community allows threat actors to work together and continually improve their tactics. Theysell bypasses for rule-based anti-bot solutions to other less technical fraudsters. In this episode of CyberWire-X,the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Etay Maor. Cato Networks Senior Director Security Strategy. They discuss this reality that has put defenders at a serious disadvantage...
Christian Lees: it's not always textbook. [CTO] [Career Notes]
Christian Lees, CTO at Resecurity, shares his story and insight on coming into the cybersecurity world. He considers himself a late bloomer because he did not go to college until he was 23. He wasnt sure of what he wanted to do, and a family friend gave him a computer and the rest was history, he says. He fell in love with computers and started working at different companies trying to get ahead. He says it's not always textbook, and sometimes you just need to cut your teeth on something to get where you're going. Throughout his journey, he was...
Fake job ads and how to spot them. [Research Saturday]
Ashley Taylor fromSANS.edu, joins Dave to discuss fake job ads and methods to proactively detect these scams. The research shares how job seekers are under attack, with scammers posing as fake job recruiters to steal information from people who are interested in the job posting. The brands being impersonated as are at risk of losing credibility to their brand identity. The research shares exactly how these doppelgngers are posing a threat to job seekers and the best practices to detect these scams. It also shares how one company that works in medical device manufacturing industry has been a target for...
The optempo of a hybrid war's cyber phase. Hacktivists as cyber partisans. Zeppelin ransomware alert. DoNot Team update. Rewards for Justice offers $10 million for info on Russian bad actors.
The optempo of the war's cyber phase, and Ukraines response. Organizing and equipping hacktivists. Joint warning on Zeppelin ransomware. Update on the DoNot Team, APT-C-35. Rewards for Justice offers $10 million for information on Conti operators. Rob Boyce from Accenture shares insights from BlackHat. Caleb Barlow ponders closing the skills gap while shifting to remote work. And, hey, Mr. Target: pick one, OK? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/155 Selected reading. Black Hat 2022 Cyberdefense in a global threats era (WeLiveSecurity) How one Ukrainian ethical hacker is training 'cyber warriors' in...
Zeppelin ransomware functions as a ransomware-as-a-service (RaaS), and since 2019, actors have used this malware to target a wide range of businesses and critical infrastructure organizations. Actors use remote desktop protocol (RDP), SonicWall firewall vulnerabilities, and phishing campaigns to gain initial access to victim networks and then deploy Zeppelin ransomware to encrypt victims files. AA22-223A Alert, Technical Details, and Mitigations Zeppelin malware YARA signature What is Zeppelin Ransomware? Steps to Prepare, Respond, and Prevent Infection Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness...
Dispatches from a hybrid war. CISA releases its election cybersecurity toolkit. Post-incident disruption at NHS is expected to last at least three weeks. Cisco discloses a security incident.
KillMilk says his crew downed Lockheed Martin's website. Industroyer2, and what became of it. CISA releases its election cybersecurity toolkit. Post-incident disruption at Britains NHS. Carl Wright of AttackIQ shares strategies for CISOs to successfully prepare for the next attack. Dr. Christopher Pierson from Blackcloak joins us from Black Hat. And Cisco seems to have thwarted a security incident. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/154 Selected reading. Russian hacking group claims attack on Lockheed Martin (SiliconANGLE HIMARS-Maker Lockheed Martin "confident" against Russian hackers (Newsweek) Industroyer2: How Ukraine avoided another blackout attack...
Patches, and some incentive to apply them. Hacktivism, privateering, and patriotic banditry in Russias hybrid war.
Patch notes, and the risks associated with failure to patch. Finland's parliament comes under cyberattack. Killnet says there will be blood, but they may just be grandstanding for the home crowd. Cyberattacks against a UK firm that's criticized Russia's war. Were joined by FBI Cyber Division AD Bryan Vorndran and Adam Hickey, deputy assistant attorney general for the National Security Division with an introduction to Watchguard. Our guest is Matthew Warner from Blumira with tips on avoiding burnout.And not all criminal organizations are working for Russia. For links to all of today's stories check out our CyberWire daily news briefing:...
Cyberespionage against belligerents' industry. Tornado Cash sanctions. Data breaches at Twilio and Klayvio. Intercept tools and policies in Canada.
Tracking apparent Chinese industrial cyberespionage. Tornado Cash sanctions. Twilio discloses a breach. Social engineering exposes data at Klaviyo. Microsofts Ann Johnson previews the latest season of Afternoon Cyber Tea. Joe Carrigan tracks the growth in cryptojacking. And what might the Mounties be monitoring? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/152 Selected reading. Cyberspying Aimed at Industrial Enterprises in Russia and Ukraine Linked to China (SecurityWeek) China-linked spies used six backdoors to steal defense info (Register) U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash (U.S. Department of the Treasury) Twilio hacked by...
Cybersecurity is a team sport. [CyberWire-X]
In order to run a successful SOC, security leaders rely on tools with different strengths to create layers of defense. This has led to a highly siloed industry with over 2,000 vendors, each with their own specific function and who very seldom work together. To gain an advantage on attackers, we need to start seeing cybersecurity as a team sportunited for a shared mission. In this episode of CyberWire-X,the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by two Hash Table members, Ted Wagner, CISO at SAP National Security Services, and Jenn Reed,...
Wipers, tak; grid takedown, nyet. Twitter 0-day exploited before patching. NHS 111 recovering from cyberattack. Notes on the C2C underworld.
Shifting cyber threats during Russia's war against Ukraine. A Twitter exploit may have compromised more than 5 million accounts. A Cyberattack disrupts NHS 111. Developments in the C2C market. An alleged Russian cryptocurrency exchange operator is extradited to the US. Rick Howard looks at FinTech. Andrea Little Limbago from Interos on Industrial policy and the tech divide. And a Crypto mixing service has been sanctioned by the US Treasury Department. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/151 Selected reading. ESET Threat Report T1 2022 (WeLiveSecurity) Twitter confirms zero-day used to expose data...
Anna Belak: Acquiring skills to make you into a unicorn. [Thought Leadership] [Career Notes]
Anna Belak, Director of Thought Leadership at Sysdig, shares her story from physics to cyber. Anna explains how she went into college with the thinking of getting a physics degree and then for her PhD decided to switch to material science and engineering. Both were not something she enjoyed and ultimately decided to go into cyber. She shares some advice on how you should never limit yourself to your degree, as well as always learning new skills and honing in on skills you already have. She say's by doing these things it will make you into a unicorn, meaning if...
Iran-linked Lyceum Group adds a new weapon to its arsenal. [Research Saturday]
Deepen Desai from Zscaler's ThreatLabz joins Dave to discuss how APTs, like Lyceum Group, create tactics and malware to carry out attacks against their targets. The Lyceum group has been active since 2017 and is a state-sponsored Iranian APT group. This group targets Middle Eastern organizations most notably in the energy and telecommunication sectors, and they rely heavily on .NET based malwares. Zscaler said in their research they "recently observed a new campaign where the Lyceum Group was utilizing a newly developed and customized .NET based malware targeting the Middle East by copying the underlying code from an open source...
CyberFront Z's failed influence operation. Iranian operators target Albanian government networks. CISA issues two ICS security advisories. CISA and ACSC issue a joint advisory on top malware strains.
CyberFront Z's failed influence operation. Iranian operators target Albanian government networks. CISA issues two ICS security advisories. Andy Robbins of SpecterOps to discuss Attack Paths in Azure. Denis O'Shea of Mobile Mentor talking on the intersection of endpoint security and employee experience. CISA and ACSC issue a joint advisory on top malware strains. for links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/150 Selected reading. Quarterly Adversarial Threat Report (Meta) Meta took down Russian troll farm that supported countrys invasion of Ukraine (The Hill) Russia's Infamous Troll Farm Is Back -- and Sh*tting the Bed...
Ukraine claims to have taken down a massive Russian bot farm. Were Russian cyber operations premature? Report: Emergency Alert System vulnerable to hijacking. And more crypto looting.
Ukraine claims to have taken down a massive Russian bot farm. Russian cyber operations may have been premature. A report says Emergency Alert Systems might be vulnerable to hijacking. The Mirai botnet may have a descendant. Adam Flatley from Redacted with a look back at NotPetya. Ryan Windham from Imperva takes on Bad Bots. Attacks on a cryptocurrency exchange attempt to bypass 2FA. Solana cryptocurrency wallets looted. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/149 Selected reading. Ukraine takes down 1,000,000 bots used for disinformation (BleepingComputer) Did Russia mess up its cyberwar with...
CISA Alert AA22-216A 2021 top malware strains. [CISA Cybersecurity Alerts]
This joint Cybersecurity Advisory was coauthored by CISA and the Australian Cyber Security Centre, or ACSC. This advisory provides details on the top malware strains observed in 2021. AA22-216A Alert, Technical Details, and Mitigations For alerts on malicious and criminal cyber activity, see the FBI Internet Crime Complaint Center webpage. For more information and resources on protecting against and responding to ransomware, refer to StopRansomware.gov, a centralized, U.S. Government webpage providing ransomware resources and alerts. The ACSC recommends organizations implement eight essential mitigation strategies from the ACSCs Strategies to Mitigate Cyber Security Incidents as a cybersecurity baseline. These strategies, known...
Tories delay leadership vote over security concerns. Cyber phases of Russias hybrid war. CHinese patriotic hacktivism vs. Taiwan. Malware designed to abuse trust. Putting a price on your privacy.
Tories delay a leadership vote over security concerns. A summary of the cyber phases of the hybrid war. Cyberattacks affect three official sites in Taiwan. Malware designed to abuse trust. Gunter Ollmann of Devo to discuss how Cybercriminals are Winning the AI Race. Renuka Nadkarni of Aryaka explains enterprises can recession proof security architecture. Plus, putting a price on your privacy. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/148 Selected reading. Tory leadership vote delayed after GCHQ hacking alert (The Telegraph) Nozomi Networks Labs Report: Wipers and IoT Botnets Dominate the Threat Landscape...
Nomad cryptocurrency bridge looted. BlackCat ransomware hits Europenan energy company. DSIRF disputes Microsoft's report on cyber mercenaries. Are there spies under Mr. Putins long table?
Nomad cryptocurrency bridge is looted. The BlackCat ransomware gang hits a Luxembourgeois energy company. DSIRF disputes Microsoft's characterization of the Austrian firm as cyber mercenaries. Ben Yelin looks at privacy concerns in the education software market. Our guest is PJ Kirner from Illumio to discuss Zero Trust Segmentation. And, finally, are there spies under Mr. Putins very very long table? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/147 Selected reading. Crypto Firm Nomad Loses Nearly $200 Million in Bridge Hack (Bloomberg) Crypto Bridge Nomad Drained of Nearly $200M in Exploit (CoinDesk) Nomad token...
KillNet threatens hack-and-leak op against HIMARS maker. Online investment scams hit Europe. Microsoft associates Raspberry Robin with EvilCorp.
KillNet threatens hack-and-leak op against HIMARS maker. Online investment scams hit Europe. Microsoft associates Raspberry Robin with EvilCorp. Rick Howard previews season ten of the CSO Perspectives podcast. Our guest is Nate Kharrl of SpecTrust on deploying fraud detection at the gateway. And a heartfelt farewell to a woman whos inspiration lives on. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/146 Selected reading. Cyberactivist Group Killnet Declares War on Lockheed Martin (Sputnik) Russian Hackers Target U.S. HIMARS Maker in 'New Type of Attack': Report (Newsweek) Founder of pro-Russian hacktivist Killnet quitting group (SC...
Larry Cashdollar: Always learning new technology. [Intelligence response engineer] [Career Notes]
Larry Cashdollar, Principal Security Intelligence Response Engineer at Akamai Technologies, sits down with Dave Bittner to discuss his life leading up to working at Akamai. He shares his story from his beginnings to now, describing what college life was like as a young computer enthusiast. He says "If you look at my 1986 yearbook, I think it was my sixth grade class, it says computer scientist for my career path. So I had a love of computers when I was really young. I guess I knew what field I wanted to get into right off the bat." He describes different...
What malicious campaign is lurking under the surface? [Research Saturday]
Israel Barak, CISO from Cybereason, sits down with Dave to discuss their research, "Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation." Cybereason researchers recently found an attack lurking beneath the surface which was assessed to be the work of Chinese APT Winnti. Cybereason briefed the FBI and the DOJ on the investigation into the malicious campaign. The research states, "For years, the campaign had operated undetected, siphoning intellectual property and sensitive data." The team quickly made two reports on the campaign, one sharing an examination on the tactics and techniques. The second gives a detailed analysis of the...
Hacktivism in a hybrid war. Pyongyang's [un]H0lyGh0st. Notes on the C2C market. Rewards for Justice seeks some righteous snitches.
Anonymous's hacktivism in a hybrid war. Pyongyang's [un]H0lyGh0st. Phishing in the IPFS. Update on the initial access criminal-to-criminal market and its effect on MSPs. Cyber gangs move away from malicious macros. Thomas Etheridge from CrowdStrike on managed detection and response. Rick Howard sits down with Art Poghosyan from Britive to discuss DevSecOps and Identity Management. And Rewards for Justice seeks some righteous snitches. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/145 Selected reading. Putin 'embarrassed' as hackers launch cyber war on Russian President over Ukraine invasion (Express.co.uk) Is Anonymous Rewriting the Rules of...
SSSCIP and CISA sign memorandum of cooperation. Tailored security services, or just hired guns? Bringing PSOAs to heel. More credential-harvesting.
SSSCIP and CISA sign a memorandum of cooperation. Are private-sector offensive actors tailored security services, or are they just hired guns? Bringing cyber mercenaries to heel. Malek Ben Salem from Accenture on why crisis management is at the heart of ransomware resilience. Our guest is Derek Manky from Fortinet on the World Economic Forum Partnership Against Cybercrime. And more credential-harvesting scams are out in the wild. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/144 Selected reading. United States and Ukraine Expand Cooperation on Cybersecurity (CISA) US, Ukraine sign pact to expand cooperation in...
The cost of a data breach as an economic drag. Personal apps as a potential business risk. Why so little ransomware in Ukraine? Employee engagement study reaches predictably glum conclusions.
IBM reports on the cost of a data breach. Personal apps as a potential business risk. Over on the dark side, theres help wanted in the C2C labor market. An employee engagement study reaches predictably glum conclusions. Betsy Carmelite from Booz Allen Hamilton on reducing software supply chain risks with SBOMs. Our guest is Elaine Lee from Mimecast discussing the pros and cons of AI in cybersecurity. And Why so much attempted DDoS, but not so much ransomware? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/143 Selected reading. IBM Report: Consumers Pay the...
LockBit gets an upgrade. CosmicStrand UEFI firmware rootkit. Treating thieves like white hats? Most-impersonated brands. AV-Test's Twitter account is hijacked. The cyber phase of a hybrid war.
LockBit gets an upgrade. CosmicStrand firmware rootkit is out in a new and improved version. Are thieves being treated like white hats? AV-Test's Twitter account is hijacked. Joe Carrigan considers the mental health effects of the online scam economy. Mr. Security Answer Person John Pescatore ponders the cybersecurity talent gap. And ongoing speculation on the cyber phase of the hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/142 Selected reading. LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities (Trend Micro) CosmicStrand: the discovery of a sophisticated UEFI firmware...
The minor mystery of GPS-jamming. Twitter investigates apparent data breach. Ransomware C2 staging discovered. A C2C offering restricted to potential privateers.
The minor mystery of GPS-jamming. Twitter investigates an apparent data breach. Ransomware command and control staging is discovered. Andrea Little Limbago from Interos looks at the intersection of social sciences and cyber. Our guest is Nelly Porter from Google Cloud on the emerging idea of confidential computing. A C2C offering restricted to potential privateers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/141 Selected reading. Why Isnt Russia jamming GPS harder in Ukraine? (C4ISRNet) Twitter data breach exposes contact details for 5.4M accounts; on sale for $30k (9to5Mac) Twitter investigating authenticity of 5.4 million...
The great overcorrection: shifting left probably left you vulnerable. Heres how you can make it right. [CyberWire-X]
Shifting left has been a buzzword in the application security space for several years now, and with good reason making security an integral part of development is the only practical approach for modern agile workflows. But in their drive to build security testing into development as early as possible, many organizations are neglecting application security in later phases and losing sight of the big picture. In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, talks with two Hash Table members, Centenes VP and CISO for Healthcare Enterprises, Rick Doten, and Akamais Advisory CISO, Steve...
Mary Writz: Take a negative and make it into a positive. [VP Product Strategy] [Career Notes]
Mary Writz, Vice President of Product Strategy at ForgeRock, shares how each career path she has taken has led her to where she is now. Mary describes how she has been a woman working in a male dominated field for most of her career and how she had to take charge, and she had to get the men to take charge with her. She says "I was often leading people, mostly men older than me, potentially smarter than me, more well paid than me. So I had to learn how to think about galvanizing this group to charge forward with...
Has GOLD SOUTHFIELD resumed operations? [Research Saturday]
Rob Pantazopoulos from Secureworks, joins Dave to discuss their work on "REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence." Secureworks researchers published a new analysis on what can be considered the first set of ransomware samples associated with the reemergence. These updated samples indicate that GOLD SOUTHFIELD has resumed operations. The research states "The identification of multiple samples containing different modifications and the lack of an official new version indicate that REvil is under active development." Researchers identified two samples, one in October of 2021, and the other in March of 2022. The March sample has modifications that lead researchers...
Espionage and counterespionage during the hybrid war. Assessing Russian cyberops. Conti's fate. Investigating cut Internet cables in France. Trends in pig-butchering.
Traditional espionage and counterespionage during the hybrid war. Assessing Russian cyberattacks. Conti's fate and effects. Investigating cut Internet cables in France. My conversation with AD Bryan Vorndran of the FBI Cyber Division on reverse webshell operation and Hafnium. Our guest is Tom Kellermann of VMware to discuss the findings of their Modern Bank Heists report. And, finally the dark online world of pig-butchering. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/140 Selected reading. UK Spy Chief Sees Russias Military Running Out of Steam Soon (Bloomberg) Exhausted Russian army gives Ukraine chance to strike...
Notes on the underworld: emerging, enduring, and vanishing gangs, and their C2C markets. More spearphishing of Ukrainian targets. US CYBERCOM releases IOCs obtained from Ukrainian networks.
A criminal talent broker emerges. Developing threats to financial institutions. Phishing through PayPal. Lessons to be learned from LAPSUS$, post-flameout. More spearphishing of Ukrainian targets. US Cyber Command releases IOCs obtained from Ukrainian networks. Johannes Ullrich from SANS on the value ofkeeping technology simple. Our guests are Carla Plummer and Akilah Tunsill from the organization Black Girls in Cyber. And not really honor, but honors self-interested first cousin. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/139 Selected reading. Atlas Intelligence Group (A.I.G) The Wrath of a Titan (Cyberint) 'AIG' Threat Group Launches With...
Cyber phases of Russias hybrid war seem mostly espionage. Belgium accuses China of spying. LockBit ransomware spreads. And Micodus GPS tracker vulnerabilities are real and unpatched.
Whats Russia up to in cyberspace, nowadays? Belgium accuses China of cyberespionage. LockBit ransomware spreading through compromised servers. Malek Ben Salem from Accenture explains the Privacy Enhancing Technologies of Federated Learning with Differential Privacy guarantees. Rick Howard speaks with Rob Gurzeev from Cycognito on Data Exploitation. And Micodus GPS tracker vulnerabilities should motivate the user to turn the thing off. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/138 Selected reading. Continued cyber activity in Eastern Europe observed by TAG (Google) Declaration by the High Representative on behalf of the European Union on malicious...
Espionage and cyberespionage. Albania's national IT networks work toward recovery. Malicious apps ejected from Google Play. White House summit addresses the cyber workforce. Notes on cybercrime.
A Cozy Bear sighting. Shaking up Ukraine's intelligence services. Albania's national IT networks continue to work toward recovery. US Justice Department seizes $500k from DPRK threat actors. The FBI warns of apps designed to defraud cryptocurrency speculators. A White House meeting today addresses the cyber workforce. Ben Yelin looks at our right to record police. Our guest is Tim Knudsen, Director of Product Management for Zero Trust at Google Cloud, speaking with Rick Howard. And another trend wed like to be included out of. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/137 Selected...
Ukraines security chief and head prosecutor are out. Cyberattacks hit Albania. APTs prospect journalists. The GRU trolls researchers. CISA to open an attach office in London.
Ukraine shakes up its security and prosecutorial services. Cyberattacks hit Albania. Advanced persistent threat actors prospect journalists. The GRU is said to be trolling researchers who look into Sandworm. Thomas Etheridge from CrowdStrike on identity management. Our guest is Robin Bell from Egress discussing their Human Activated Risk Report. And CISA opens a liaison office in London. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/136 Selected reading. Ukraine's Zelenskyy fires top security chief and prosecutor (AP NEWS) Zelenskiy Ousts Ukraines Security Chief and Top Prosecutor (Bloomberg) Volodymyr Zelensky sacks top aides over 'Russian...
Cybercriminals shift tactics from disruption to data leaks. [CyberWire-X]
On this episode of CyberWire-X, we examine double extortion ransomware. The large-scale cyber events of yesterday Stuxnet, the Ukraine Power Grid Attack were primarily focused on disruption. Cybercriminals soon shifted to ransomware with disruption still the key focus and then took things to the next level with Double Extortion Ransomware. When ransomware first started to take off as the attack method of choice around 2015, the hacker playbook was focused on encrypting data, requesting payment and then handing over the encryption keys. Their methods escalated with Double Extortion, stealing data as well as encrypting it - and threatening to leak...
Mike Arrowsmith: Facing adversity in the workplace. [CTrO] [Career Notes]
Mike Arrowsmith, Chief Trust Officer at NinjaOne, leads the organizations IT, security, and support infrastructure to ensure they meet customers security and data privacy demands as it scales. Mike discusses how his career path has led him to the position he currently holds and how exciting the world of cybersecurity can be. He mentioned how he mentored students in college thinking of going into the field,and he used a metaphor to help describe the industry, saying "We are working against adversaries that are always typically one step ahead. Figuratively, if you could imagine, you're trying to chase a ball, but...
A record breaking DDoS attack. [Research Saturday]
Chad Seaman, Team Lead at Akamai SIRT joins Dave to discuss their research about a record-breaking DDoS Attack. The research says "A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks." Starting in mid-February 2022, security researchers, network operators, and security vendors noticed a spike in DDoS attacks.Researchers started to investigate the spike and determined that the devices that were being abused to launch these attacks are MiCollab and MiVoice Business Express collaboration systems. The research goes into how you can...
A conversation with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly. [Special Edition]
In this extended interview, CyberWire Daily Podcast host Dave Bittner sits down with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly to discuss her time at CISA and the work of her team. This interview from July 15, 2022 originally aired as a shortened version on the CyberWire Daily Podcast.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Criminal gangs at war. A "cyber world war?" A new DPRK ransomware operation. Media organizations targeted by state actors. NSA guidance on characterizing threats and risks to microelectronics.
Gangland goes to war. Is there a "cyber world war" in progress? Ukraine thinks so.A new North Korean ransomware operation is described, but its not yet clear if its a state operation or some moonlighting by Pyongyangs operators. Media organizations remain attractivetargets for state actors. NSA releases guidance on characterizing threats and risks to microelectronics. Betsy Carmelite from Booz Allen talks about why now is the time to plan for post-quantum cryptography. Our guest is Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly discussing her time at CISA and the work of her team. For links to all of...
Ukraine evaluates Russias cyber ops. Smartphones go to war. Lilith ransomware. ChromeLoader evolves. Rolling-PWN looks real after all. Schulte guilty in Vault 7 case.
An overview of the cyber phase of Russia's hybrid war. Smartphones as sources of targeting information. Lilith enters the ransomware game. ChromeLoader makes a fresh appearance. Honda acknowledges that Rolling-PWN is real (but says it's not as serious as some think). Part two of Carole Theriaults conversation with Jen Caltrider from Mozilla's Privacy Not Included initiative. Our guest is Josh Yavor of Tessian to discuss Accidental Data Loss Over Email. Aguilty verdict in the Vault 7 case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/134 Selected reading. Ukraine's Cyber Agency Reports Q2 Cyber-Attack...
AiTM sets up BEC. Silent validation bots. Smishing attempt at the European Central Bank. Shields up in Berlin. Hacktivism in a hybrid war. Patch notes.
Adversary-in-the-middle sites support business email compromise. Silent validation carding bot discovered. Attempted social engineering at the European Central Bank. Germany puts its shields up. Carole Theriault speaks with Jen Caltrider about Mozilla's *Privacy Not Included initiative. Our guest is Lucia Milica on ProofpointsVoice of the CISO report. And Hacktivism in a hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/133 Selected reading. From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud (Microsoft Security Blog) PerimeterX Discovers New Silent Validation Carding Bot (PerimeterX) Hackers posing...
High-end and low-end extortion. Push to startwait, not you Social media and open-source intelligence. Russian cyberattacks spread internationally. Preparing for cyber combat.
High-end and low-end extortion. Vehicles from Honda may soon be rolling off the lot.Social media and open-source intelligence. Russian cyberattacks spread internationally. Joe Carrigan surveys items for sale in dark web markets. Our guest is Jonathan Wilson of AU10TIX to discuss consumer sentiment around data privacy. Preparing for cyber combat. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/132 Selected reading. BlackCat (Aka ALPHV) Ransomware Is Increasing Stakes Up To $2,5M In Demands (Resecurity) Ransomware gang now lets you search their stolen data (BleepingComputer) Luna Moth: The Actors Behind the Recent False Subscription Scams...
DDoS attacks strike countries friendly to Ukraine. Predatory Sparrow's assault on Iran's steel industry. Callback phishing impersonates security companies. Anubis is back. BlackCat ups the ante.
More deniable DDoS attacks strike countries friendly to Ukraine. Predatory Sparrow's assault on Iran's steel industry. A callback phishing campaign impersonates security companies. The Anubis Network is back. Thomas Etheridge from CrowdStrike on the importance of outside threat hunting. Rick Howard weighs in on sentient AI. And a ransomware gang ups the ante. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/131 Selected reading. Pro-Russian cybercriminals briefly DDoS Congress.gov (CyberScoop) Lithuania's state-owned energy group hit by 'biggest cyber attack in a decade' (lrt.lt) Ignitis Group hit by DDoS attack as Killnet continues Lithuania campaign...
Simone Petrella: Fake it, until you make it. [CEO] [Career Notes]
Simone Petrella, CEO of cybersecurity training workforce firm CyberVista, spent her career in the Department of Defense as a threat intelligence analyst before founding CyberVista. She says that running a company has a new set of challenges each day thrown at you. She explains that the way she finds the most success is by letting her team contribute to each matter, and having a say in the decisions made as they pertain to each department. Simone says "I would say is I am a firm firm believer in the idea of empowering people to really own and kind of run...
Information operations during a war. [Research Saturday]
Alden Wahlstrom, senior analyst on Mandiant's Information Operations Team, shares a comprehensive overview and analysis of the various information operations activities theyve seen while responding to the Russian invasion. While the full extent of the Russia-Ukraine war has yet to come to light, more than two months after the start of the invasion, Mandiant has identified activity that they believed to be information operations campaigns conducted by actors possibly in support of the political interests of nation-states such as Russia, Belarus, China, and Iran. The research shares a chart with all of the known information operations events that have taken...
An update on cyber operations in Russias hybrid war. NPM compromise updates. CISA releases ICS security advisories. Free ransomware decryptors released. Disneyland's Instagram account hijacked.
An update on cyber operations in the hybrid war. NPM compromise updates. Free decryptors for AstraLocker and Yashma ransomware. Johannes Ullrich from SANS on attacks against Perimeter Security Devices. Our guest is Sonali Shah from Invicti Security with a look at DevSecOps anxiety. And whos the villain who hijacked the Instagram account of Disneyland? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/130 Selected reading. Russia-Ukraine war: List of key events, day 135 (Al Jazeera) Russia-Ukraine war: Putin warns Moscow has 'barely started' its campaign (The Telegraph) Russian Cybercrime Trickbot Group is systematically attacking...
Chinese industrial espionage warning. Trickbot's privateering. Russian influence ops target NATO resolve. Cozy Bear sighting. Chinese APTs target Russia. NFT scams are pestering Ukraine.
The FBI and MI-5 warn of Chinese industrial espionage. Revelations of Trickbot's privateering role. Russian influence operations target France, Germany, Poland, and Turkey. Chinese APTs target Russian organizations in a cyberespionage effort. Robert M. Lee from Dragos on CISA expanding the Joint Cyber Defense Collaborative. Ben Yelin speaks with Matt Kent from Public Citizen about the American Innovation and Online Choice Act. And who would guess it, but NFT scams are pestering Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/129 Selected reading. Heads of FBI, MI5 Issue Joint Warning on Chinese Spying...
CISA Alert AA22-187A North Korean state-sponsored cyber actors use Maui ransomware to target the healthcare and public health sector. [CISA Cybersecurity Alerts]
The FBI, CISA, and the Department of the Treasury are releasing this joint Cybersecurity Advisory to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health Sector organizations. AA22-187A Alert, Technical Details, and Mitigations Stairwell Threat Report: Maui Ransomware North Korea Cyber Threat Overview and Advisories Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments National Conference of State Legislatures: Security Breach Notification Laws Health Breach Notification Rule Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches StopRansomware.gov CISA-Multi-State Information Sharing and Analysis...
Quantum computing and security standards. Cyber war, and the persistence of cybercrime. DPRK ransomware versus healthcare. Cyber incidents and credit, in Shanghai and elsewhere.
Quantum computing and security standards. Notes on the cyber phases of a hybrid war, and how depressingly conventional cybercrime persists in wartime. Pyongyang operators are using Maui ransomware against healthcare targets. Malek Ben Salem from Accenture looks at the security risks of GPS. Our guest is Brian Kenyon of Island to discuss enterprise browser security. Shanghai's big data exposure. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/128 Selected reading. NIST Announces First Four Quantum-Resistant Cryptographic Algorithms (NIST) Winners of NIST's post-quantum cryptography competition announced (Computing) NIST unveils four algorithms that will underpin new...
Cyberattack hits Ukrainian energy provider. NCSC updates its guidance on preparing for a long-term Russian cyber campaign. Hacktivists, scammers, misconfigurations, and rogue insiders.
Cyberattack hits a Ukrainian energy provider. NCSC updates its guidance on preparing for a long-term Russian cyber campaign. Royal Army accounts are hijacked. A hacktivist group claims to have hit Iranian sites. A very very large database of PII is for sale on the dark web. Chase Snyder from ExtraHop has a look back at WannaCry, 5 years on. Ben Yelin examines the constitutionality of keyword search warrants. And a rogue employee makes off with bug reports. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/127 Selected reading. Russian hackers allegedly target Ukraine's biggest...
Patrick Morley: Former Carbon Black CEO [Cyber CEOs Decoded]
In this episode, Marc and Patrick Morley, former CEO of Carbon Black, get nostalgic as they discuss Patrick's journey of coming up through the start up scene in the 90sfrom working with VCs to taking companies publicand compare it to running cyber companies today. Along with the early career experience that helped form Patrick's leadership philosophy, he shares his experience of becoming CEO of Bit9, seeing the company through a breach, acquiring Carbon Black, bring the company public and later getting acquired by VMWarethis episode is filled to the brim. You'll also learn about: How build a criteria for joining...
Could REvil have a copycat? [Research Saturday]
Larry Cashdollar from Akamai, joins Dave to discuss their research on a DDoS campaign claiming to be REvil. The research shares that Akamai's team was notified last week of an attack on one of their hospitality customers that they called "Layer 7" by a group claiming to be associated with REvil. In the research, they dive into the attack, as well as comparing it to other similar attacks that have been made by the group. The research states "The attacks so far target a site by sending a wave of HTTP/2 GET requests with some cache-busting techniques to overwhelm the...
Notes on cyber conflict. Lazarus Group blamed for the Harmony cryptocurrency heist. MedusaLocker warning. Observation of the C2C market. The Crypto Queen cracks the FBIs Ten Most Wanted.
An update on the DDoS attack against Norway. NATO's resolutions on cyber security. North Korea seems to be behind the Harmony cryptocurrency heist. MedusaLocker warninga. Microsoft sees improvements in a gang's technique. Google blocks underworld domains. The Israeli-Iranian conflict in cyberspace. Chris Novak from Verizon with his take on this years DBIR. Our guest is Jason Clark of Netskope on the dynamic challenges of a remote workforce.And Now among the FBIs Ten Most Wanted: one Crypto Queen. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/126 Selected reading. Pro-Russian hackers launched a massive DDoS...
CISA, the FBI, the Department of the Treasury, and the Financial Crimes Enforcement Network are releasing this alert to provide information on MedusaLocker ransomware. Observed as recently as May 2022, MedusaLocker actors predominantly rely on vulnerabilities in Remote Desktop Protocol to access victims networks. AA22-181A Alert, Technical Details, and Mitigations Stop Ransomware CISA Ransomware Guide CISA No-cost Ransomware Services All organizations should report incidents and anomalous activity to CISAs 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBIs 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about...
Killnet hits Norwegian websites. Hacktivists tied to Russia's government. Looking ahead to new cyber phases of Russia's hybrid war. C2C market differentiation. Gennady Bukin, call your shoe store.
Killnet hits Norwegian websites. Hacktivists are tied to Russia's government. Amunet as a case study in C2C market differentiation. C2C commodification extends to script kiddies. Andrea Little Limbago from Interos examines borderless data. Rick Howard speaks with Cody Chamberlain from NetSPI on Breach Communication. Roscosmos publishes locations of Western defense facilitiesand subsequently says it sustained a DDoS attack. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/125 Selected reading. Pro-Russian hacker group says it attacked Norway (The Independent Barents Observer) Cyberattack hits Norway, pro-Russian hacker group fingered (AP NEWS) Norway blames "pro-Russian group" for...
Article 5? Its complicated. Influence ops for economic advantage. SOHO routers under attack. YTStealer described. RansomHouse hits AMD. A NetWalker affiliate cops a plea.
NATO's response to Killnet's cyberattacks on Lithuania. Influence operations in the interest of national market share. SOHO routers are under attack. YTStealer is out and active in the wild. RansomHouse hits AMD. CISA releases six ICS security advisories. The most dangerous software weaknesses. Betsy Carmelite from Booz Allen Hamilton takes a look back at Bidens executive order on cyber. Our guest is Philippe Humeau of CrowdSec on taking a collaborative approach to security. And a guilty plea in the case of the NetWalker affiliate. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/124 Selected...
DDoS threat to Lithuania continues. Hacktivists hit Iranian steel mill. Bumblebee loader takes C2C markteshare. CISA adds Known Exploited Vulnerabilities. Music piracy. Where do spies go?
Distributed denial-of-service attacks against Lithuania. Dark Crystal RAT described. Iranian steel mill suspends production due to cyberattack. Bumblebee rising. CISA adds to its Known Exploited Vulnerabilities Catalog. Music pirate sites brought down by US and Brazilian authorities. Joe Carrigan looks at Apples private access tokens. Mister Security Answer Person John Pescatore drops some sboms. And where do Russian intelligence officers go after theyve been PNGed? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/123 Selected reading. Lithuania targeted by massive Russian cyberattack over transit blockade (Newsweek) Russia's Killnet hacker group says it attacked Lithuania...
Notes from the cyber phases of the hybrid war against Ukraine. Conti retires its brand, and LockBit 2.0 is now tops in ransomware. Extortion skips the encryption. Cyber exercise in the financial sector.
Lithuania sustains a major DDoS attack. Lessons from NotPetya. Conti's brand appears to have gone into hiding. Online extortion now tends to skip the ransomware proper. Josh Ray from Accenture on how social engineering is evolving for underground threat actors. Rick Howard looks at Chaos Engineering. US financial institutions conduct a coordinated cybersecurity exercise. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/122 Selected reading. Russia's Killnet hacker group says it attacked Lithuania (Reuters) The hacker group KillNet has published an ultimatum to the Lithuanian authorities (TDPel Media) 5 years after NotPetya: Lessons learned...
Richard Melick: Finding the right pattern to solve the problem. [Threat reporting] [Career Notes]
Richard Melick, Director of Threat Reporting for Zimperium, talks about his journey, from working in the military to moving up to the big screens. He shares that he's been in the business of solving unique cybersecurity problems for so long that he has found his own path that works very well for him. He says, "if I go to a unique problem and try to solve it, I find that I'm solving it the same way that I would've solved it five years ago, because I found my pattern." Richard reflects on his time working in the industry, from moving...
Lazarus Targets Chemical Sector With 'Dream Job.' [Research Saturday]
Alan Neville, a Threat Intelligence Analyst from Symantec Broadcom, joins Dave to discuss their research "Lazarus Targets Chemical Sector." Symantec has observed the North Korea-linked threat group known as Lazarus conducting an espionage campaign targeting organizations operating within the chemical sector. The campaign appears to be a continuation of the group's activity called Operation Dream Job, which Symantec first came across in August of 2020. The research states "evidence includes file hashes, file names, and tools that were observed in previous Dream Job campaigns." The research can be found here: Lazarus Targets Chemical Sector Learn more about your ad choices....
Lithuania warns of DDoS. Some limited Russian success in cyber phases of its hybrid war. Spyware infestations in Italy and Kazakstan. Tabletop exercises. Ransomware as misdirection
Lithuania's NKSC warns of increased DDoS threat. Limited Russian success in the cyber phases of its hybrid war. Another warning of spyware in use against targets in Italy and Kazakhstan. Hey, critical infrastructure operators: CISAs got tabletop exercises for you. Kevin Magee from Microsoft has advice for recent grads. A look back the year since Colonial Pipeline with Padraic O'Reilly of CyberSaint. And sometimes ransomware is just a spys way of saying, nothing up my sleeve For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/121 Selected reading. Lithuania warns of rise in DDoS attacks...
CISA Alert AA22-174A Malicious cyber actors continue to exploit Log4Shell in VMware Horizon systems. [CISA Cybersecurity Alerts]
CISA and the US Coast Guard Cyber Command are releasing this joint Cybersecurity Advisory to warn network defenders that cyber threat actors, including state-sponsored APT actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon and Unified Access Gateway servers to obtain initial access to organizations that did not apply available patches or workarounds. AA22-174A Alert, Technical Details, and Mitigations Malware Analysis Report 10382254-1 stix Malware Analysis Report 10382580-1 stix CISAs Apache Log4j Vulnerability Guidance webpage Joint CSA Mitigating Log4Shell and Other Log4j-Related Vulnerabilities CISAs database of known vulnerable services on the CISA GitHub page See National Security Agency (NSA)...
Reviewing Russian cyber campaigns in the war against Ukraine. Ukraine's IT Army is a complex phenomenon. Take ICEFALL seriously. CISA has updated its cloud security guidance.
Reviewing Russian cyber campaigns in the war against Ukraine, and the complexity of Ukraine's IT Army. ICEFALL advice and reactions. Carole Theriault looks at Hollywoods relationship with VPNs. Podcast partner Robert M. Lee from Dragos provides a rundown on Pipedream. And CISA updates its Cloud Security Technical Reference Architecture. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/120 Selected reading. [Blog] Defending Ukraine: Early Lessons from the Cyber War (Microsoft On the Issues) [Report] Defending Ukraine: Early Lessons from the Cyber War (Microsoft) Russian cyber spies attack Ukraine's allies, Microsoft says (Reuters) Research questions...
A Fancy Bear sighting. Why Russian cyberattacks against Ukraine have fallen short of expectations. ToddyCat APT discovered. ICEFALL ICS issues described. Europol collars 9. Say it aint so, Dmitry.
Fancy Bear sighted in Ukrainian in-boxes. Why Russian cyberattacks against Ukraine have fallen short of expectations. ToddyCat APT is active in European and Asian networks. ICEFALL ICS vulnerabilities described. CISA issues ICS vulnerability advisories. Europol makes nine collars. Andrea Little Limbago from Interos on The global state of data protection and sharing. Rick Howard speaks with Michelangelo Sidagni from NopSec on the Future of Vulnerability Management. We are shocked, shocked, to hear of corruption in the FSB For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/119 Selected reading. Ukrainian cybersecurity officials disclose two new...
Cyberattack suspected in Israeli false alarms. Risk surface assessments. Fitness app geolocation as a security risk. Cyber phases of Russia hybrid war. A conviction in the Capital One hacking case.
A Cyberattack is suspected of causing false alarms in Israel. Risk surface assessments. Renewed warning of the potential security risks of fitness apps.Cyber options may grow more attractive to Russia as kinetic operations stall. DDoS in St. Petersburg. Ben Yeling details a Senate bill restricting the sale of location data. Our guest is Jon Check from Raytheon's Intelligence and Space Division discussing the National Collegiate Cyber Defense Competition. A conviction in the Capital One hacking case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/118 Selected reading. Suspected cyberattack triggers sirens in Jerusalem, Eilat...
Interview select: David Ring at RSAC discussing FBI cyber strategy/role in the cyber ecosystem and private sector engagement.
As we break to observe the Juneteenth holiday, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. In this extended interview, Dave Bittner speaks with FBI Cyber Section Chief David Ring at RSAC discussing FBI cyber strategy/role in the cyber ecosystem and private sector engagement. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more. Learn...
Lauren Van Wazer: You have to be your own North Star. [CISSP] [Career Notes]
Lauren Van Wazer, Vice President, Global Public Policy and Regulatory Affairs for Akamai Technologies, shares her story as she followed her own North Star and landed where she is today. She describes her career path, highlighting how she went from working at AT&T to being able to work in the White House. She shares how she is a coach and a leader to the team she works with now, saying "my view is I've got their back, if they make a mistake, it's my mistake, and if they do well, they've done well." Lauren hopes she's made an impact in...
Dissecting the Spring4Shell vulnerability. [Research Saturday]
Edward Wu, senior principal data scientist at ExtraHop, joins Dave to discuss the company's research, "A Technical Analysis of How Spring4Shell Works." ExtraHop first noticed chatter from social media in March of 2022 on a new remote code execution (RCE) vulnerability and immediately started tracking the issue. In the research, it describes how the exploit works and breaks down how the ExtraHop team came to identify the Spring4Shell vulnerability. The research describes the severity of the vulnerability, saying, "The impact of an RCE in this framework could have a serious impact similar to Log4Shell." The research can be found here:...
Malibot info stealer is no coin miner. "Hermit" spyware. Fabricated evidence in Indian computers. FBI takes down botnet. Assange extradition update. Putting the Service into service learning.
Malibot is an info stealer masquerading as a coin miner. "Hermit" spyware is being used by nation-state security services. Fabricated evidence is planted in Indian computers. The US takes down a criminal botnet. The British Home Secretary signs the Assange extradition order. We wind up our series of RSA Conference interviews with David London from the Chertoff group and Hugh Njemanze from Anomali. And putting the Service into service learning. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/117 Selected reading. 'MaliBot' Android Malware Steals Financial, Personal Information (SecurityWeek) F5 Labs Investigates MaliBot (F5...
Interpol scores against BEC, online fraud, and money laundering. Developments in C2C markets. Versioning vulnerability. Cyber war and cyber escalation.
Interpol coordinates international enforcement action against scammers. A new version of IceXLoader is observed. Exploiting versioning limits to render files inaccessible. Reflections on the first large-scale hybrid war. Kelly Shortridge from Fastly on why behavioral science and economics matters for InfoSec. Patrick Orzechowski from DeepWatch on Russian IoCs and critical infrastructure. And the possibility of cyber escalation in Russias hybrid war against Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/116 Selected reading. Hundreds arrested and millions seized in global INTERPOL operation against social engineering scams (Interpol) New IceXLoader 3.0 Developers Warm Up...
Hertzbleed, a troublesome feature of processors. Cyberespionage and hybrid war. Patch Tuesday notes. Software bills of materials. Wannabe cybercrooks and criminal publicity stunts.
The Hertzbleed side-channel issue affects Intel and AMD processors. An Iranian spearphishing campaign prospected former Israeli officials. Patch Tuesday notes. A look at software bills of materials. Russia routes occupied Ukraine's Internet traffic through Russia. Intercepts in the hybrid war: the odd and the ugly. Deepen Desai from ZScaler joins us with the latest numbers on ransomware. Rob Boyce from Accenture Security looks at cyber invisibility. And, finally, criminal wannabes and criminal publicity stunts. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/115 Selected reading. A new vulnerability in Intel and AMD CPUs lets...
Dealing with Follina. SeaFlower steals cryptocurrencies. Cyber phases of a hybrid war, with some skeptical notes on Anonymous. And the wars effect on the underworld.
Dealing with the GRU's exploitation of the Follina vulnerabilities. SeaFlower uses stolen seed phrases to rifle cryptocurrency wallets. Ukraine moves sensitive data abroad. Anonymous claims to have hacked Russia's drone suppliers and to have hit sensitive targets in Belarus. Rick Howard reports on an NSA briefing at the RSA Conference. Our guest is Ricardo Amper from Incode with a look at biometrics in sports stadiums. And the effects of war on the cyber underworld. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/114 Selected reading. Follina flaw being exploited by Russian hackers, info stealers...
A new RAT from Beijing. Muslim hacktivism in India. Ukraine reports a GRU spam campaign against media outlets. A Moscow court fines Wikimedia. And that UK cyber disaster was just a promo.
A Chinese APT deploys a new cyberespionage tool. Hacktivism roils India after a politician's remarks about the Prophet. Ukraine reports a "massive" spam campaign against the country's media organizations. A Russian court fines Wikimedia for "disinformation." From the NSAs Cybersecurity Collaboration Center our guests are Morgan Adamski and Josh Zaritsky. Rick Howard sets the cyber sand table on Colonial Pipeline. And the Martians havent landed, and the Right Honorable Mr. Johnson is still PM. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/113 Selected reading. CERT-UA warns of cyberattack on Ukrainian media (Interfax-Ukraine) Russian...
Deepen Desai: A doctor in computer viruses. [CISO] [Career Notes]
Deepen Desai, Global Chief Information Security Officer at Zscaler, shares his story as a doctor that treats computer viruses. He describes how he got into the security field and his work with Zscaler. He says what it's like learning and growing in this field and shares great advice for people who are up and coming in the field. Deepen describes working with an incredible team and how much joy it brings him to see his team learning and growing beyond their roles working with him. He says he want's to be remembered as a mentor among his colleagues. He says...
New developments in the WSL attack. [Research Saturday]
Danny Adamitis from Lumen's Black Lotus Labs, joins Dave to discuss new developments in the WSL attack surface. Since September 2021, Black Lotus Labs have been monitoring malware repositories as a part of their proactive threat hunting process. Danny shares how researchers discovered a series of suspicious ELF files compiled for Debian Linux . The research states how the team identified a series of samples that target the WSL environment, were uploaded every two to three weeks and that they started as early as May 3, 2021 and go until August 22, 20221. The research can be found here: Windows...
The cautionary example of a hybrid war. SentinelOne finds a Chinese APT operating quietly since 2012. A hardware vulnerability in Apple M1 chips. And go, Tigers.
Looking at Russia's hybrid war as a cautionary example. Russia warns, again, that it will meet cyberattacks with appropriate retaliation. (China says "us too.") NSA and FBI warn of nation-state cyber threats. SentinelOne finds a Chinese APT that's been operating, quietly, for a decade. "Unpatchable" vulnerability in Apple chips reported. Weve got more interviews from RSA Conference, including the FBIs Cyber Section Chief David Ring, ExtraHops CEO, Patrick Dennis. And the overhead projector said, Go Tigers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/112 Selected reading. Top Senate Democrats sound the alarm about...
Updates on the hybrid war: hacktivism and hunting forward. Election security. Trends in phishing. The return of Emotet.
Another hacked broadcast in a hybrid war. Hunting forward as an exercise in threat intelligence collection and sharing. Cyber threats to the US midterm elections. Phishing for cryptocurrency. FakeCrack delivers a malicious payload to the unwary. Vacations are back. So is travel-themed phishbait. Ann Johnson from Microsoft shares insights on the trends shes tracking here at RSA. Johannes Ullrich brings highlights from his RSA conference panel discussion. And Emotet returns, in the company of some old familiar criminal collaborators. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/111 Selected reading. Hacked Russian radio station...
Cyber war: a continuing threat, a blurry line between combatants and noncombatants. Chinese cyberespionage and its plumbing. CISA adds Known Exploited Vulnerabilities. News from Jersey.
US officials continue to rate the threat of Russian cyberattack as high. Civilians in cyber war. Broadcast interference and propaganda. A Joint CISA/FBI warning of Chinese cyberespionage. What gets a vulnerability into the Known Exploited Vulnerabilities Catalog? Andrea Little Limbago from Interos and Mike Sentonas from Crowdstrike join us with previews of their RSA conference presentations. And, finally, some Jersey-based cyber campaigns (thats the Bailiwick, not the Garden State). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/110 Selected reading. Russian Cyber Threat Remains High, U.S. Officials Say (Wall Street Journal) Shields Up: The...
CISA Alert AA22-158A Peoples Republic of China state-sponsored cyber actors exploit network providers and devices. [CISA Cybersecurity Alerts]
This joint Cybersecurity Advisory describes the ways in which Peoples Republic of China state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised global infrastructure. These actors use the network to exploit a wide variety of targets worldwide, including public and private sector organizations. AA22-158A Alert, Technical Details, and Mitigations Refer to China Cyber Threat and Advisories, Internet Crime Complaint Center, and NSA Cybersecurity Guidance for previous reporting on Peoples Republic of China state-sponsored malicious cyber activity. US government and critical infrastructure organizations should consider signing up for CISAs cyber hygiene services,...
Updates on the cyber phases of Russia's hybrid war, including the role of DDoS and cyber offensive operations. Ransomware, bad and sometimes bogus
DDoS as a weapon in a hybrid war. Resilience in the defense of critical infrastructure. Offensive cyber operations against Russia. LockBit claims to have hit Mandiant, but their claim looks baseless. Rick Howard joins us with thoughts on trends hes tracking at the RSA conference. Our guest is Dr. Diane Janosek from NSA with insights on personal resilience. Effects of ransomware on businesses. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/109 Selected reading. Ukraine at D+102: Ukraine's SSSCIP on cyber war. (The CyberWire) Major DDoS attacks increasing after invasion of Ukraine (SearchSecurity) The...
Ukraine offers an update on the cyber phases of Russia's hybrid war. Atlassian patches Confluence. CISA advisory on voting system. "State-aligned" campaign tried to exploit Follina. "Cyber Spetsnaz."
Ukraine offers an update on the cyber phases of Russia's hybrid war. Atlassian patches a Confluence critical vulnerability. CISA releases ICS advisory on voting systems. A "State-aligned" phishing campaign tried to exploit Follina. Is Electronic warfare a blunt instrument in the ether? Verizons Chris Novak stops by with thoughts on making the most of your trip to the RSA conference. Our guest is Tom Garrison from Intel with a look at hardware security. And a Russia-aligned group says theyre not just hacktivists; theyre "Cyber Spetsnaz." For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/108...
Laura Hoffner: Setting your sights high. [Intelligence] [Career Notes]
Executive Vice President at Concentric, Laura Hoffner shares her story about working as a Naval Intelligence Officer and supporting special operations around the globe for 12 years, to now, where she transitioned to the Naval Reserves and joined the Concentric team. Laura knew since she was in the seventh grade she wanted to work with SEALs and work in intelligence. She set her goals high and achieved them shortly after graduating college. She credits being a Naval Intelligence Officer to helping her get to where she is today and says how much she is enjoying working with Concentric, saying she's...
Defining the intruders dilemma. [CyberWire-X]
For this Cyberwire-X episode, we are talking about the failure of perimeter defense as an architecture where, since the 1990s when it was invented, the plan was to keep everything out. That model never really worked that well since we had to poke holes in the perimeter to allow employees, contractors, and partners to do legitimate business with us. Those same holes could be exploited by the bad guys, too. The question is, what are we doing instead? What is the security architecture, the strategy, and the tactics that we are all using today that is more secure than perimeter...
LemonDucks evading detection. [Research Saturday]
Scott Fanning from CrowdStrike's research team, joins Dave to discuss their work on "LemonDuck Targets Docker for Cryptomining Operations." LemonDuck is a well-knowncryptomining botnet, and research suggests attackers are attracted to the monetary gain from the recent boom in cryptocurrency.
LemonDuck was caught trying to disguise it's attack against Docker by running an anonymous mining operation by the use of proxy pools. Scott shares how its unknown which organizations have been targeted and just how much cryptocurrency has been stolen.
The research can be found here:
LemonDuck Targets Docker for Cryptomining Operations
Learn more about your ad choices. Visit megaphone.fm/adchoices
Managing messaging in a hybrid war.Anti-Tehran hacktivism and Tehran-sponsored cyber ops. Rebranding as sanctions evasion. A threat to firmware. CISA warns of Confluence exploits.
Moscow wants attention to be paid to its messengers. Western support for Ukraine in cyberspace. US remains on alert for Russian cyberattacks. Iran: anti-government hacktivism and Tehran-sponsored cyber ops. Rebranding as sanctions evasion. A gangland threat to firmware. Johannes Ullrich from SANS on security of browsers caching passwords. Dave Bittner sits down with Perry Carpenter to discuss his new book, "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer,''co-author was Kai Roer.. And CISA adds an Atlassian issue to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out...
Cyber operations in the hybrid war. Karakurt extortion group warning. Clipminer is out in the wild. GootLoader expands its payloads and targeting. Leak brokers and booters shut down.
Russian government agencies are buying VPNs. CISA and its partners warn about the Karakurt extortion group. Clipminer is out in the wild. GootLoader expands its payloads and targeting. Carole Theriault has the latest on fraudsters imitating law enforcement. Kevin Magee from Microsoft on security incentives by way of insurance. And leak brokers and booters shut down. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/106 Selected reading. White House: cyber activity not against Russia policy (Reuters) Some see cyberwar in Ukraine. Others see just thwarted attacks. (Washington Post) ESET Threat Report details targeted attacks...
CISA Alert AA22-152A Karakurt data extortion group. [CISA Cybersecurity Alerts]
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory to provide information about the Karakurt data extortion group, also known as the Karakurt Team and Karakurt Lair. Karakurt actors have employed a variety of TTPs, creating significant challenges for defense and mitigation. Karakurt victims have not reported encryption of compromised machines or files; rather, Karakurt actors claim to steal data and threaten to auction it or release it to the public unless they receive payment. AA22-152A Alert,...
Costa Rica hit with another round of ransomware. Cyber phases of Russias hybrid war against Ukraine. CISOs and 3rd-party risk. Elasticsearch databases as extortion targets. And Razzlekhan!
Costa Rica's healthcare system comes under renewed ransomware attack. Cyber phases of the hybrid war. Charity fraud exploits sympathy for Ukraine. US FBI attributes last year's attack on Boston Children's Hospital to Iran. CISOs surveyed on their challenges (and they're particularly worried about exposure to 3rd-party risk). Robert M. Lee joins us for the launch of the new Control Loop podcast. Josh Ray from Accenture looks at ransomware trends. Razzlekhan and Dutch: a cryptocurrency love song. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/105 Selected reading. Latest cyberattack in Costa Rica targets hospital...
Potential cyber threats to agriculture. Cyber phases of Russias hybrid war. REvil prosecution at a stand (and its the Americans fault, say Russian sources). Microsoft mitigates Follima.
Sanctions, blockades, and their effects on the world economy. Western nations remain on alert for Russian cyber attacks. REvil prosecution has reached a dead end. Microsoft issues mitigations for a recent zero-day. John Pescatores Mr. Security Answer Person is back, looking at authentication. Joe Carrigan looks at new browser vulnerabilities. Notes from the underworld. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/104 Selected reading. In big bid to punish Moscow, EU bans most Russia oil imports (AP NEWS) EU, resolving a deadlock, in deal to cut most Russia oil imports (Reuters The E.U.s...
Michael Scott: A team of humble intellects. [Information security] [Career Notes]
Chief Information Security Officer at Immuta, Michael Scott shares his story from working at a forgotten internet service provider to leading the security fight for major food chain restaurants. Michael explains how the different roles at various companies he has worked with paved his way to where he is now at Immuta. He works with a group of colleagues and he leads in a different style, describing that "It really is just a collection of a lot of, we call humble intellects" working with him. Michael attributes adversity to being a cornerstone of existence in the security community, and explains...
Compromised military tech? [Research Saturday]
Dick O'Brien from Symantec's threat hunter team, joins Dave to discuss their work on "Stonefly: North Korea-linked spying operation continues to hit high-value targets." Stonefly specializes in mounting highly selective targeted attacks against targets that could yield intelligence to assist strategically important sectors. Symantec found that The attackers breached an engineering firm in February 2022, most likely by exploiting theLog4j vulnerability, Their research describes who these high value targets are and ways to prevent this malware from breaching any more companies as well as indications that you could be compromised. The research can be found here: Stonefly: North Korea-linked Spying...
Cyber ops and a side benefit of sanctions. BlackCat wants $5 million from Carinthia. Fraudster pressures Verizon. Spain responds to surveillance scandal. CISA has 5G implementation guidelines.
Pro-Russian DDoS attacks. Sanctions and their effect on ransomware. BlackCat wants $5 million from Carinthia. A fraudster pressures Verizon. Spain will tighten judicial review of intelligence services. Johannes Ullrich looks at VSTO Office Files. Our guests are Cecilia Marinier and Niloo Howe with a preview of the RSAC Innovation Sandbox. CISA releases ICS advisories and with its partners issue guidelines for evaluating 5G implementation. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/103 Selected reading. Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy (Imperva) Cyberattacks against UK CNI increase amidst Russia-Ukraine...
"Pantsdown" firmware vulnerability. ChromeLoader warning. Conti update. Ransomware at SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands. Kyiv honors Google. Reformed ID thief.
"Pantsdown" in QCT Baseboard Management Controllers. A warning on ChromeLoader. Conti updates. Ransomwares effect on SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands, again. Kyiv honors Google. Josh Ray from Accenture reminds us its military appreciation month. Our guest is Melissa Bischoping of Tanium with lessons learned from the American Dental Association ransomware attack. And a poacher turned gamekeeper? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/102 Selected reading. Critical 'Pantsdown' BMC Vulnerability Affects QCT Servers Used in Data Centers (The Hacker News) ChromeLoader: a pushy malvertiser (Red Canary) Conti leaks data stolen during...
More cyberespionage in Russia. Advice on conducting propaganda. Iranian group conducts DDoS against Port of London Authority. News from the underworld. CISA alerts. Operation Delilah.
More cyberespionage targets Russian networks. Lincoln Project veterans visit Ukraine with advice on conducting an influence campaign against President Putin. A politically motivated DDoS attack hits the Port of London Authority website. Is REvil back and looking into new criminal techniques, or is a recent DDoS campaign the work of impostors? RansomHouse may be operated by frustrated bounty hunters. Kevin Magee from Microsoft sets his security sights toward space. Our guest is Mathieu Gorge of VigiTrust to discuss the threat of printer hacks. Operation Delilah trims SilverTerriers locks. For links to all of today's stories check out our CyberWire daily...
Verizon's 2022 DBIR shows a sharp rise in ransomware. Origins of Chaos ransomware. GuLoaders phishbait. Malicious proofs-of-concept. Hyperlocal disinformation and hybrid warfare. Robin Hood?
Verizon's 2022 Data Breach Investigation Report shows a sharp rise in ransomware. Origins of the Chaos ransomware operation. The GuLoader campaign uses bogus purchase orders. Security researchers are targeted in a malware campaign. Hyperlocal disinformation. Turla reconnaissance has been detected in Austrian and Estonian networks. Ben Yelin describes a content moderation fight that may be headed to the supreme court. Our guest is Richard Melick from Zimperium to discuss threats to mobile security. Robin Hood (or not). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/100 Selected reading. 2022 Data Breach Investigations Report (Verizon...
A new loader variant for wiper campaigns. Sanctions, hacktivism, and disinformation. Contis toxic branding. Happy birthday, US Cyber Command.
Theres a new loader identified in wiper campaigns. President Putin complains of sanctions and cyberattacks, and vows to increase Russia's cybersecurity. Coordinated inauthenticity at scale. Killnet crows large over Italian operations. Conti's dissolution doesn't mean its operators' disappearance. Rick Howard looks at software defined perimeters. Dinah Davis from Arctic Wolf on how ransomware groups are upping their game to nation state levels. And happy birthday, US Cyber Command...but we're not necessarily wishing you a moonshot for your birthday present. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/99 Selected reading. Sandworm uses a new...
Charity Wright: Pursue what you love [Threat intelligence] [Career Notes]
Threat intelligence analyst at Recorded Future, Charity Wright, shares her story from the army to her career today. Transitioning from the army to cybersecurity was an exciting change for her. During college she was recruited by the U.S army where she started her journey and learned new skills paving her pathway to threat intelligence where she is now. She shares that she works with a great team of junior analysts who are constantly checking each others biases which helps keep Charity grounded in her work. Charity spends her days keeping an eye on threats around the world where she says...
AutoWarp bug leads to Automation headaches. [Research Saturday]
Yanir Tsarimi from Orca Security, joins Dave to discuss how researchers have discovered a critical Azure Automation service vulnerability calledAutoWarp. The security flaw was discovered this past March causing Yanir to leap into action announcing the issue to Microsoft who helped to swiftly resolve the cross-account vulnerability. The research shows how this serious flaw would allow attackers unauthorized access to other customer accounts and potentially full control over resources and data belonging to those accounts, as well as put multiple Fortune 500 companies and billions of dollars at risk. The research shares the crucial time line that the vulnerability was...
Is Conti rebranding? Commercial spyware scrutinized. Notes from the cyber phases of a hybrid war. Notes on the underworld. Software supply chain attack. Canada will exclude Huawei from 5G.
Was Contis digital insurrection in Costa Rica misdirection? Google assesses a commercial spyware threat with high confidence. Continuing expectations of escalation in cyberspace. The limitations of an alliance of convenience. Fronton botnet shows versatility. Russian hacktivists hit Italian targets, again. Lazarus Group undertakes new SolarWinds exploitation. Crypters in the C2C market. CrateDepression supply chain attack. Johannes Ullrich describes an advance fee scam hitting crypto markets. Our guest is Marty Roesch, CEO of Netography and inventor of Snort. Canada to exclude Huawei from 5G networks on security grounds. For links to all of today's stories check out our CyberWire daily news...
CISA Alert AA22-138B Threat actors chaining unpatched VMware vulnerabilities for full system control. [CISA Cybersecurity Alerts]
CISA is releasing this cybersecurity advisory to warn organizations that malicious cyber actors are exploiting CVE-2022-22954 and CVE-2022-22960. These vulnerabilities affect versions of VMware products. Successful exploitation permits malicious actors to trigger a server-side template injection that may result in remote code execution or escalation of privileges to root level access. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly released VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973 in the same impacted VMware products. AA22-138B Alert, Technical Details, and Mitigations AA22-138B.stix Emergency Directive 22-03 Mitigate VMware Vulnerabilities VMware Security Advisory VMSA-2022-0011 VMware Security Advisory...
Information operations and the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities actively exploited. TDI clarifies data incident. Robo-calling the Kremlin.
Russian information operations surrounding the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities undergoing active exploitation. Texas Department of Insurance clarifies facts surrounding its data incident. Robert M. Lee from Dragos is heading to Davos to talk ICS. Rick Howard speaks with author Chase Cunningham on his book "Cyber Warfare Truth, Tactics and Strategies. Robo-calling the Kremlin. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/97 Selected reading. Information Operations Surrounding the Russian Invasion of Ukraine (Mandiant) CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities (CISA) Emergency Directive 22-03 (CISA)...
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP. AA22-138A Alert, Technical Details, and Mitigations F5 Security Advisory K23605346and indicators of compromise F5 guidance K11438344for remediating a compromise Emerging Threats suricata signatures Palo Alto Networks Unit 42 Threat Brief: CVE-2022-1388. This brief includes indicators of compromise. Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Advisory: Critical F5 BIG-IP Vulnerability. This blog includes indicators of compromise. Note: due to...
Privateering goes fully political. Compromised robots? Contis campaign against Costa Rica. Cyberconflict along the Nile. A reset in the cyber insurance market.
Chaos ransomware group declares for Russia. Hacktivists claim to have compromised Russian-manufactured ground surveillance robots. Conti's ongoing campaign against Costa Rica. The claimed "international" cyberattack against Nile dam was stopped. Rick Howard speaks with author Caroline Wong on her bookSecurity Metrics, a Beginner's Guide. Our guests are Kathleen Smith and Rachel Bozeman, hosts of the new podcast, Security Cleared Jobs. And the cyber insurance market experiences a reset. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/96 Selected reading. Chaos Ransomware Variant Sides with Russia (Fortinet Blog) Did hackers commandeer surveillance robots at a...
CISA Alert AA22-137A Weak security controls and practices routinely exploited for initial access. [CISA Cybersecurity Alerts]
This joint cybersecurity advisory was coauthored by the cybersecurity authorities of the US, Canada, New Zealand, the Netherlands, and the UK. Cyber actors routinely exploit poor security configurations, weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victims system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices, and includes best practices to mitigate these risks. AA22-137A Alert, Technical Details, and Mitigations White House Executive Order on Improving the Nations Cybersecurity NCSC-NL Factsheet: Prepare for Zero Trust NCSC-NL Guide to Cyber Security Measures N-able Blog: Intrusion Detection...
Russian cyber threats and NATOs Article 5. Conti says its going to bring Cost Rica to its knees. BLE proof-of-concept hack. CISA warns of initial access methods. Thanos proprietor indicted.
An assessment of the Russian cyber threat. NATO's Article 5 in cyberspace. Conti's ransomware attack against Costa Rica spreads, in scope and effect. Bluetooth vulnerabilities demonstrated in proof-of-concept. CISA and its international partners urge following best practices to prevent threat actors from gaining initial access. Joe Carrigan looks at updates to the FIDO alliance. Rick Howard and Ben Rothke discuss author Andrew Stewart's book "A Vulnerable System: The History of Information Security in the Computer Age". And,the doctor was in, but wow, was he also way out of line. For links to all of today's stories check out our CyberWire...
Users advised to patch actively exploited Zyxel vulnerability. Hacktivism and influence ops in Russias hybrid war. Ransomware notes. Indiscriminate hacktivism? Alt-coin sanctions case will proceed.
Users are advised to patch Zyxel firewalls. Battlefield failure and popular morale in Russias hybrid war. Nuisance-level hacktivism in the hybrid war. Sweden and Finland move closer to NATO membership; concern over possible Russian cyberattacks rises. Intelligence, disinformation, or wishful thinking? Conti calls for rebellion in Costa Rica. PayOrGrief is just rebranded DoppelPaymer. Anonymous action in Sri Lanka seems indiscriminate and counterproductive. Dinah Davis from Arctic Wolf examines cyber security for startups. Rick Howard looks at two factor authentication. And a judge says cryptocurrency cant be used to evade sanctions. For links to all of today's stories check out our...
Eric Escobar: Collaboration is key. [Pen tester] [Career Notes]
Principal consultant and pen tester at Secureworks, Eric Escobar, shares his career path translating his childhood favorite Legos to civil engineering and pivoting to cybersecurity.Eric was always headed toward engineering and got both his bachelor and master degrees in civil engineering. Upon breaking into a network with a friend, he was bitten by the cybersecurity bug. Making the switch to the red team and basically becoming a bankrobber for hire, Eric tests the security of many companies' networks. He feels that curiosity is an essential trait for cybersecurity and collaboration is key as no one person knows everything. He advises...
The current state of zero trust. [CyberWire-X]
According to the zero trust philosophy, we all assume that our networks are already compromised and try to design them to limit the damage if it turns out to be so. In this episode of CyberWire-X, weve invited subject matter experts, Amanda Fennell, the Chief Information Officer and Chief Security Officer of Relativity, and Galeal Zino, CEO of episode Sponsor NetFoundry, to the Cyberwire Hash Table to discuss all the ways to think about the solution in the modern era: Software Defined Perimeter (SDP), Secure Access Service Edge (SASE), identity and authorization, and private WAN, all through a First Principle...
Vulnerabilities in IoT devices. [Research Saturday]
Dr. May Wang, Chief Technology Officer at Palo Alto Networks, joins Dave Bittner to discuss their findings detailed in Unit 42's "Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization" research. Unit 42 recently set out to better understand how well hospitals and other healthcare providers are doing in securing smart infusion pumps, which are network-connected devices that deliver medications and fluids to patients. This topic is of critical concern because security lapses in these devices have the potential to put lives at risk or expose sensitive patient data. Unit 42's discovery of security gaps in three out of...
War crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). A backdoor for Roblox. Darkweb C2C trader sentenced. eBay newsletter conspirator pleads guilty. CIA gets a CISO.
Ukraine holds its first war crimes trial. Are there war crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). Roblox seems to have been used to introduce a backdoor. CISA issues ICS advisories. Darkweb C2C trader sentenced. The last conspirator in the strange case of the eBay newsletter takes a guilty plea. Carole Theriault looks at Googles new approach to cookies in Europe. Our guest is Mary Writz of ForgeRock on the growing importance of mobile device authentication security. And CIA gets a CISO. For links to all of today's stories check out our CyberWire daily news briefing: httpshttps://thecyberwire.com/newsletters/daily-briefing/11/93...
Killnet hits Italian targets. Access restored to RuTube. Hacktivism in the hybrid war. Emotet surges. NPM dependency confusion attacks were pentesting. Cybercrime and punishment.
Killnet hits Italian targets. Access to RuTube is restored. Hacktivism in the hybrid war. Emotet surges. Clearing up the confusion of NPM dependency confusion attacks. Tim Eades from Cyber Mentor Fund on finding the right investors. Our guest is Michael DeBolt of Intel 471 on the growing interest in Biometrics in the criminal underground. And cybercrime and punishment, Florida-man edition. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/92 Selected reading. Ukraine maps reveal how much territory Russia has lost in just a few days (Newsweek) Pro-Russian hackers target Italy institutional websites -ANSA news...
CISA Alert AA22-131A Protecting against cyber threats to managed service providers and their customers. [CISA Cybersecurity Alerts]
The cybersecurity authorities of the UK, Australia, Canada, New Zealand, and the US have observed a recent increase in malicious cyber activity against managed service providers (MSPs). Allied cybersecurity authorities expect state-sponsored cyber actors to increase their targeting of MSPs in an attempt to exploit provider-customer trust relationships. This advisory includes security guidance tailored for both MSPs and their customers. AA22-131A Alert, Technical Details, and Mitigations Technical Approaches to Uncovering and Remediating Malicious Activity Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses APTs Targeting IT Service Provider Customers ACSC's Managed Service Providers: How to manage risk to...
Consensus on the Viasat hack: Russia did it. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies exploited, but to what end? Advisories from CISA and its partners.
Theres international consensus on the cyberattack against Viasat. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies are exploited, but to what end? Caleb Barlow examines Russias future on the internet. Our guest is Deepen Desai from Zscaler with the latest phishing research. And new advisories from CISA and its partners. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/91 Selected reading. Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques (Proofpoint) NPM dependency confusion hacks target German firms (ReversingLabs) npm Supply Chain Attack Targeting Germany-Based Companies (JFrog) Adminer in Industrial Products...
Notes on cyber phases of Russias hybrid war, including an assessment of Victory Day as an influence op. A look at C2C markets. And Spains spyware scandal claims an intelligence chief.
A quick introductory note on Russias hybrid war against Ukraine. Russian television schedules hacked to display anti-war message. Phishing campaign distributes Jester Stealer in Ukraine. European Council formally attributes cyberattack on Viasat to Russia. Costa Rica declares a state of emergency as Conti ransomware cripples government sites. DCRat and the C2C markets. The gang behind REvil does indeed seem to be back. More Joker-infested apps found in Google Play. Guest Nick Adams from Differential Ventures discusses what will drive continued growth of cybersecurity beyond attack surfaces and governance from a VC's perspective. Partner Ben Yelin from UMD CHHS on digital...
Mixer gets sanctioned. Reward offered for Conti hoods. Ag company hit with ransomware. Hacktivism and cyberattacks in Russias hybrid war. That apology? The Kremlin takes it back.
The US Treasury Department sanctions a cryptocurrency mixer. Rewards for Justice is interested in Conti. US tractor manufacturer AGCO was hit by a ransomware attack. Russian hacktivism hits German targets and threatens the UK. A Russian diplomatic account was apparently hijacked. Tracking Cobalt Strike servers used against Ukraine. Dinah Davis from Arctic Wolf defends against DDOS attacks. Rick Howard looks at Single Sign On. And no apology for you, Mr. Bennett. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/89 Selected reading. U.S. Treasury Issues First-Ever Sanctions on a Virtual Currency Mixer, Targets DPRK...
Amanda Fennell: There's a cyber warrior in all of us [Information] [Career Notes]
Chief security officer and chief information officer at Relativity, Amanda Fennel shares her story from archeology to cybersecurity. She shares the path that lead her towards becoming an archeologist and how it turned out not being exactly what she expected. She then shares how she got into the cyber business and how her past has impacted what she's doing now. She describes how she would like to be remembered in the cyber world, she says "I do hope that I left things better than I found them, not just the security of a product or a company, but I believe...
Attacking where vulnerable. [Research Saturday]
Tushar Richabadas from Barracuda joins Dave Bittner to discuss their findings detailed in their "Threat Spotlight: Attacks on Log4Shell vulnerabilities." Their research shows the percentage of attackers targeting the vulnerabilities, and shows where the dips and spikes are over the course of the past couple of months. The research has also gathered where the attackers main IP addresses are located, with 83% of them located in the United States. They breakdown what this malware can do and how to protect yourself against it. They say "Due to the growing number of vulnerabilities found in web applications, it is getting progressively...
Victory Day approaches so shields up. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Happy Mothers Day (and stay safe online).
An update on the war in Ukraine as Victory Day approaches. President Lukashenka on the war next door. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Another ICS security alert from CISA. Dinah Davis from Arctic Wolf on reflection amplification techniques. Carole Theriault examines zero trust architecture access policies. Happy Mothers Day (and stay safe online). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/88 Selected reading. Mariupol steel mill battle rages as Ukraine repels attacks (Military Times) Why the battle for Mariupol is important for...
Dateline Moscow, Kyiv, and Minsk: Hacktivisim and privateering. Log4j vulnerabilities more widespread than initially thought. US Cyber Command deploys "hunt forward" team to Lithuania.
Hacktivisim and privateering in Moscow, Kyiv, and Minsk. Log4j vulnerabilities are more widespread than initially thought. US Cyber Command deployed a "hunt forward" team to Lithuania. CISA adds five vulnerabilities to its Known Exploited Vulnerabilities Catalog. Jen Miller-Osborn from Palo Alto Networks discusses the findings from the Center for Digital Government's survey on Getting Ahead of Ransomware. Grayson Milbourne of Webroot/OpenText discusses OpenText's 2022 BrightCloud Threat Report. And Anonymous leaks emails allegedly belonging to the Nauru Police Force. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/87 Selected reading. Russian ally Belarus launches military...
More malware deployed in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRKs hackers. Quiet persistence in corporate networks.
An upswing in malware deployed against targets in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRKs hackers. Quiet persistence in corporate networks. CISA issues an ICS advisory. Caleb Barlow on backup communications for your business during this period of "shields up." Duncan Jones from Cambridge Quantum sits down with Dave to discuss the NIST algorithm finalist Rainbow vulnerability. And, hey, officer, honest, it was just a Squirtle. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/86 Selected reading. Update on cyber activity in Eastern Europe (Google) Multiple government...
Hybrid war and disinfo from the swamp. Stormous hacks on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Notes on ransomware operations.
Russia reroutes Internet traffic in occupied regions of Ukraine through Russian services. The Stormous gang, hacking on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Our guest Chetan Mathur of Next Pathway finds similarities between the cloud industry and the 1849 California Gold Rush. Eldan Ben-Haim of Apiiro on why cybersecurity is largely a culture issue. Notes on ransomware operations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/85 Selected reading. Microsoft sees Russian cyberattacks on Ukraine 'getting more and more disruptive' (Inside Defense) Sergey Lavrov claims Hitler had 'Jewish blood'...
The future of security validation what next? [CyberWire-X]
Security executives need visibility into their real cyber risk in real time. But with the flood of vulnerability alerts, how can organizations pinpoint impactful security gaps? To meet this challenge, security teams are shifting to an exploit-centric approach to security validation to expose potential threats from ransomware, leaked credentials, phishing, & more. On this episode, of CyberWire-X, we explore how automation can help teams make this shift to prioritize remediation based on bottom line business impact. Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, discusses the topic with Rick Doten, CISO, Carolina Complete Health and CyberWire Hash Table...
Cyber sabotage and cyberespionage. Updates on Russias hybrid war against Ukraine. REvil seems to have returned.
Cable sabotage in France remains under investigation. Spearphishing by Cozy Bear. Widespread and damaging Russian cyberattacks have yet to appear, but criminals find a new field of activity. Hacktivism and privateering. The legal and prudential limits to hacktivism. Applying lessons learned from an earlier cyberwar. Romanian authorities say last weeks DDoS incident was retaliation for Bucharests support of Kyiv. Rick Howard is dropping some SBOMS. Carole Theriault reports on virtual kidnappings. REvil seems to be back after all. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/84 Selected reading. How the French fiber optic...
Jon DiMaggio: Two roads diverged. [Strategy] [Career Notes]
Chief security strategist from Analyst1, Jon DiMaggio shares his story on how he grew to become apart of the cybersecurity world. He describes different jobs that paved the way to the knowledge he has one the industry right now, and he even shares about an experience that led him to path that split and which decision he would make, would be crucial in his career. He explains which way he ended up going and how a critical part of his career helped to determine that path. He say's "there's two paths when you have that happen, you can either let...
DevSecOps and securing the container. [CyberWire-X]
The move to cloud has great potential to improve security, but the required process and cultural changes can be daunting. There are a vast number of critical vulnerabilities that make it to production and demand more effective mitigations. Although shifting security left should help, organizations are not able to achieve this quickly enough, and shifting left does not account for runtime threats. Organizations must strive to improve the prioritization of vulnerabilities to ensure the most dangerous flaws are fixed early. But even then, some risk will be accepted, and a threat detection and response program is required for full security...
Attackers coming in from the Backdoor? [Research Saturday]
Vikram Thakur of Symantec Threat Hunter team joins Dave Bittner to discuss their work on Daxin, a new and the most advanced piece of malware researchers have seen from China-linked actors. Symantec said " There is strong evidence to suggest the malware, Backdoor.Daxin, which allows the attacker to perform various communications and data-gathering operations on the infected computer, has been used as recently as November 2021 by attackers linked to China." They go on to explain how Daxin is used to target organizations and governments of strategic interest to China and how those agencies can protect themselves. Symantec also discusses...
Cyber phases of a hybrid war. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous claims. A Declaration for the Future of the Internet.
Russian and Ukrainian operators exchange cyberattacks. Wiper malware: contained, but a potentially resurgent threat. #OpRussia update. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous breach claims. CISA issues two new ICS advisories. Caleb Barlow on cleaning up the digital exhaust of your home. Our guests are Freddy Dezeure and George Webster on reporting cyber risk to boards. A Declaration for the Future of the Internet. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/83 Selected reading. Russian missiles bombard Kyiv during UN chiefs visit (The Telegraph) Zelenskiy urges strong...
Russia and Ukraine trade cyberattacks. Chinese intelligence services look at Russian targets. Five Eyes advise on routinely exploited vulnerabilities. Physical sabotage as cyberattack. Name that mascot.
Microsoft summarizes the scale of Russian cyberattacks against Ukraine. Russian cyber capabilities should be neither overestimated nor underestimated. Russia has also come under cyberattack during its hybrid war. Chinese intelligence services are paying close attention to Russian targets. The Five Eyes advise us on routinely exploited vulnerabilities. Physical sabotage as cyberattack. Linda Gray-Martin and Britta Glade from RSA discuss whats new at RSAC and cybersecurity trends. Marc van Zadelhoff of Devo talks about their new podcast Cyber CEOs Decoded coming to the CyberWire network. And, hey kids, name that mascot. For links to all of today's stories check out our...
Russian privateering continues. Stonefly is straight out of Pyongyang, and the Lazarus Group has never really left. Foggy Bottom seeks (Russian) snitches.
Heard on the Baltimore waterfront. Privateering against Western brands. An update on sanctions and counter sanctions. Stonefly, straight outta Pyongyang. Lazarus is also back (and not in the good way). Richard Hummel from NETSCOUT discusses their bi-annual Threat Intel Report. Jon DiMaggio from Analyst1 joins us to discuss his new book, The Art of Cyberwarfare - An Investigators Guide to Espionage, Ransomware, and Organized Cybercrime.And the US Department of State has added six Russian GRU officers to its Rewards for Justice program. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/81 Selected reading. Britain...
Diplomacy and hybrid war. Heightened cyber tension as Quds Day approaches. Conti in Costa Rica. North Korean cyber operators target journalists. C2C notes.. A guilty plea in a cyberstalking case.
Heightened cyber tension as Quds Day approaches. Costa Rican electrical utility suffers from Conti ransomware. Emotets operators seem to be exploring new possibilities. North Korean cyber operators target journalists who cover the DPRK. A guilty plea in a strange case of corporate-connected cyberstalking. Bel Yelin ponders the potential Twitter takeover. Mr. Security Answer Person John Pescatore addresses questions about vendors. And cybercrime, run like a business. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/80 Selected reading. Russias invasion of Ukraine: List of key events from day 62 (Al Jazeera) Ukraine takes war behind...
Swapping small attacks in cyberspace. What Lapsus$ internal chatter reveals. Costa Rica wont pay Contis ransom. No farms, no future. Locked Shields wraps up.
Anonymous counts coup with their #OpRussia campaign. Alternative energy suppliers in Europe sustain cyberattacks. What Lapsus$ internal chatter reveals. Costa Rica wont pay Contis ransom. Rick Howard hits the history books. Our guest is Paul Giorgi of XM Cyber with a look at multi-cloud hopping. Locked Shields wraps up. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/79 Selected reading. Ukraine's Postal Service DDOS'd After Printing Moskova Stamps (Gizmodo) Since declaring cyber war on Russia Anonymous leaked 5.8 TB of Russian data (Security Affairs) European Wind-Energy Sector Hit in Wave of Hacks (Wall Street...
Danielle Jablanski: Finding the path to success [Strategy] [Career Notes]
Operational technology cybersecurity strategist from Nozomi Networks, Danielle Jablanski shares her story of building a target map to end up where she is today. She shares how she started in college and how different paths in life got her to be on the target of success where she is today. She says " you build out that kind of target of where you want to be, and understand that getting to that point might mean doing things you don't enjoy for a number of years, but figuring that out is another way to get to that target without having like...
BABYSHARK is swimming again! [Research Saturday]
John Hammond from Huntress joins Dave Bittner on this episode to discuss malware known as BABYSHARK and how it is swimming out for blood once again. Huntress's research says "This activity aligns with known tradecraft attributed to North Korean threat actors targeting national security think tanks." Huntress also adds that the activity was spotted on February 16th and immediately their ThreatOps team began following the trail of breadcrumbs. They said "This led them to uncover the malware that was set to target specifically this organizationand certain influential individuals within it." The research can be found here: Targeted APT Activity: BABYSHARK...
The cyber phases of Russia's war against Ukraine. Sanctions and the criminal underworld. Contis fortunes. More_eggs resurfaces. BlackCat ransomware warning.
A look at Russian malware used against Ukrainian targets. Actual and potential targets harden themselves against Russia cyberattacks. Sanctions and the criminal underworld. Contis fortunes. A credential stealer resurfaces in corporate networks. BlackCat ransomware warning. Tomer Bar from SafeBreach discusses MuddyWaters. Dr. Christopher Emdin previews his new book STEM, STEAM, Make, Dream. CISA releases three more ICS security advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/78 Selected reading. Russia outlines when Ukraine war will end (Newsweek) Russia racing against clock to win Ukraine war before May 9 'Victory Day' (Newsweek) A deeper...
Renewed Five Eyes warning about potential Russian cyberattacks. FBI warns of the threat of ransomware attacks against the agriculture sector. REvil may be back in business.
A renewed Five Eyes warning about potential Russian cyberattacks. The FBI warns of the threat of ransomware attacks against the agriculture sector. REvil may be back in business. Carole Theriault shares insights on bug bounty programs. Our own Rick Howard checks in with Zack Barack from Coralogix on where things stand with XDR. And beware of threats of Facebook account suspension. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/77 Selected reading. Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure US and allies warn of Russian hacking threat to critical infrastructure REvil's TOR...
Updates on Russias hybrid war. Pegasus spyware in the service of espionage. CISA issues alerts and vulnerability warnings. C2C markets. Extradition for Assange? A guilty plea in a US cyberstalking case.
A Shuckworm update. Pegasus spyware found in UK government officials phones. CISA issues six ICS security alerts and adds three entries to its Known Exploited Vulnerabilities Catalog. Gangs succeed when criminals run them like a business. Julian Assange moves closer to extradition to the US. Tim Eades from Cyber Mentor Fund on cyber valuations. Our guest is Wes Mullins from deepwatch discussing adversary simulations. And a guilty plea in a high-profile cyberstalking case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/76 Selected reading. Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine UK Government...
In a hybrid war, its about the timing. Not quite all quiet on the cyber front. Pyongyand is phishing for wallets (and and other blockchained valuables). Emotet really likes those malicious macros.
In a hybrid war, sometimes its about the timing. Not quite all quiet on the cyber front. Pyongyang is phishing for crypto wallets (and your NFTs, and other blockchained valuables). Emotet really likes those malicious macros. Joe Carrigan looks at prompt bombing. Bec McKeown from Immersive Labs explains human cyber capabilities. And its our anniversary this week: celebrate with us. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/75 Selected reading. Ukraine Update: Zelenskiy Says Battle for Donbas Has Begun (Bloomberg) Ukraine at D+50: Russian reconstitution continues as shields stay up for ICS attacks....
Nuisance-level cyber ops in a hybrid war. CatalanGate. Industrial Spy caters to victims competitors? Conti chatter. $5 million reward for info on DPRK ops. Exercise Locked Shields.
Nuisance-level cyberattacks continue on both sides of Russias hybrid war against Ukraine. Face-saving disinformation. CatalanGate. Industrial Spy says it caters to its victims competitors. More on whats been learned from Contis leaked chatter. Rewards for Justice offers $5 million for tips on DPRK cyber ops. Awais Rashid on supply chain risk management. Our guest is Jack Chapman from Egress to discuss a 232% increase in LInkedIn phishing attacks. And Exercise Locked Shields begins tomorrow. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/74 Selected reading. Occupants send computer viruses allegedly on behalf of SBU...
Satya Gupta: Rising to your contribution. [CTO] [Career Notes]
Co-founder and CTO of Virsec, Satya Gupta shares his story of how he has over 25 years of expertise in embedded systems, network security and systems architecture. He also talks about how a colleague of his told him something that resinated with him, he said " thatwas really a remarkable statement that I heard from that person. You rise to the point where you can actually contribute." He also discusses how he got into the startup atmosphere and how different scenarios in his life helped to lead him to the successful man he has become in the cyber community. We...
CyberWire Live: Hack the Port 2022 Fireside chat. [Special Edition]
At the Hack the Port 2022 event, the CyberWire held a CyberWire Live event. CyberWire Daily Podcast host Dave Bittner was joined by Roya Gordon, OT/IoT Security Research Evangelist at Nozomi Networks, and Christian Lees, CTO at Resecurity. During this fireside chat format session, Dave and our guests discussed ICS, OT cybersecurity, the role of security research and demos, supply chain compromise, and IT/OT security trends among other things. Thanks to the team at MISI/DreamPort for this opportunity.
Learn more about your ad choices. Visit megaphone.fm/adchoices
A fight to defend Taiwan financial institutions. [Research Saturday]
Alan Neville from Symantec/Broadcom joins Dave Bittner on this episode to discuss Antlion, a Chinese state-backed hacker group, are using custom backdoors to target financial institutions in Taiwan. Symantec's blog shares the research behind the attacks and how the backdoor allowed the attackers to run WMI commands remotely. Symantec's research showed that "The goal of this campaign appears to have been espionage, as we saw the attackers exfiltrating data and staging data for exfiltration from infected networks." They have since found that this attack has been going on over the course of the past 18 months, in which 250 days...
Further developments in Russias hybrid war. Conti claims responsibility for the Nordex hack. Lazarus Group heist. Indictments in influence ops case.
Further developments in the Incontroller/Pipedream industrial control system threat. Conti claims responsibility for the Nordex hack. The half-a-billion stolen from Ronin went to the Lazarus Group. And indictments in an influence ops case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/73 Selected reading. Ukraine war: Russia threatens to step up attacks on Kyiv (BBC News) Live Updates: Russia Sets Stage for Battle to Control Ukraines East (New York Times) Russian Troops Risk Repeating Blunders If They Try for May 9 Win (Bloomberg) Why Putin may be aiming to declare victory over Ukraine on...
A nation-state threat actor targets industrial systems. Its hard to recover from a threat to industrial systems. Lazarus Group resumes Operation Dream Job. OldGremlin is back. Conti runs like a business.
A nation-state threat actor (probably Russian) targets industrial systems. A quick look at the GRU's earlier attempt against Ukraine's power grid. The difficulty of recovering from a credible threat to industrial systems. Lazarus Group resumes Operation Dream Job. OldGremlin speaks Russian, and it holds Russian companies for ransom. Carole Theriault looks at research on lie detection. Josh Ray from Accenture drops some SBOMs. And another look at the privateers in the Conti gang. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/72 Selected reading. Ukraine Update: U.S., EU to Send More Arms; Warship Damaged...
Powergrid attacks, DDoS, and doxing in a hybrid war. Notes on botnets, and a threat actor changes its phish hooks. Patch Tuesday. Sentence passed in a sanctions evasion case.
Indestroyer2 and Ukraine's power grid. More on last week's distributed denial-of-service attack against Finland. Anonymous claims to have doxed Russia's Ministry of Culture. Hafnium gets evasive. Enemybot is under development but worth keeping an eye on. Changing the phish hook. Patch Tuesday notes. Tim Eades from Cyber Mentor Fund on digital & security transformations. Our guest is Aaron Shilts from NetSPI onproactive public-private sector security collaboration. Sanctions evasion is serious business. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/71 Selected reading. Why Russias Cyber Warriors Haven't Crippled Ukraine (The National Interest) In Ukraine,...
Cyber takes point in a hybrid war. Medical robot vulnerabilities remediated. A Cyber Civil Defense for the US? Europol leads the takedown of RaidForums.
GRU deploys Industroyer2 against the Ukrainian energy sector. NB65 counts coup against Roscosmos. Anonymous doxes three more Russian companies. President Putin purges the FSBs Fifth Service. CISA warns of an exploited firewall vulnerability. Medical robots vulnerabilities are remediated. A Cyber Civil Defense effort in the US. Ben Yelin on newly passed cyber legislation. Our guest is Chase Snyder from ExtraHop to discuss their recent Cyber Confidence Index. And good riddance to RaidForums. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/70 Selected reading. Russias Reset (New York Times) Russia will not pause military operation...
Cyber skirmishing as Russia redeploys in Ukraine. Spyware in senior EC officials device. Sharkbot-infested apps ejected from Google Play. Advice from CISA.
US National Security Advisor says atrocities were part of Russia's plan. Russian commanders seek to keep troops away from dangerous sections of the Internet. Cyberattacks in Finland may be a shot across Helsinki's bow. CERT-UA warns of a phishing campaign. Hacktivists hit Russian organizations. Mixed reviews for US preemptive measures against GRU botnets. Sharkbot-infested apps ejected from Google Play. Johannes Ullrich from SANS on malicious ISO files embedded in HTML. Our guest is Neal Dennis from Cyware on threat intel sharing with members of Auto-ISAC. What you should do when your Shields are Up. For links to all of today's...
Chenxi Wang: Overcoming the obstacle of fear. [Venture Capital] [Career Notes]
Founder and general partner of Rain Capital, Chenxi shares her story and how she conquered and got over the obstacle of fear to reach her goals in life. "I realized a lot of times my obstacle is my own fear rather than a real obstacle" Wang states, she also shares her story of breaking glass ceilings as a female founder and working in the field of cybersecurity. She hopes to be remembered for being a kind person and developing her own venture fund, as she shares her story to the top, she states what she does and how she got...
The secrets behind Docker. [Research Saturday]
Alon Zahavi from CyberArk, joins Dave Bittner on this episode to discuss CyberArk's work in conjunction with Patch Tuesday. CyberArk published about how Docker inadvertently created a new vulnerability and what happens when it's exploited. CyberArk's research concluded that an attacker may execute files with capabilities or setuid files in order to escalate its privileges up to root level. CyberArk found the new vuln in some of Microsofts Docker images, caused by misuse of Linux capabilities, a powerful additional layer of security that gives admins the ability to assign capabilities and privileges to processes and files in the Linux system...
Disinformation in Russias war of aggression. Correlating overhead imagery and radio intercepts. Taking down state-sponsored cyber ops. Threats to power grids.
Russian disinformation in its war against Ukraine. Overhead imagery and electronic intercepts suggest that Russian atrocities are matters of policy and strategy. Microsoft disrupts GRU cyber operations. Facebook takes down Iranian coordinated inauthenticity. Indias Power Ministry says it stopped a Chinese cyberattack. Dave Dufour from Webroot on evolving attack mechanisms. Our guest is Dan Petro of Bishop Fox with a warning for document redaction. Grid security and the value of exercises. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/68 Selected reading. Putins probably given up on Kyiv as Ukraine war enters new phase...
Blocking and tackling in the cyber phases of Russias hybrid war against Ukraine. Info-harvesting SDK. Recon into a power grid. Hydra Market indictment. Catphishing. Advance fee scams with a new twist.
An update on US cyber defensive operations and the war in Ukraine. You cant tell your oligarchs without a scorecard. Google ejects data-harvesting apps from Play. China preps the cyber battlespace against Indias power grid. More moves against Hydra Market. Bearded Barbies catphishing. Betsy Carmelite from BAH on a blueprint for achieving a secure and resilient dot gov. Our guest is Padraic O'Reilly from CyberSaint with a fresh look at ransomware. And your majesty, meet this here dissident, who also needs to move money for the best of reasons. For links to all of today's stories check out our CyberWire...
Fire and cyber in Ukraine. Stone Panda (Cicada, APT10) expands its interests. Bogus e-commerce sites harvest banking credentials. Advice and guidance from CISA
Theres a maneuver lull in Russias hybrid war against Ukraine, but fire and cyber ops continue. The US provides cyber assistance to Ukraine. The Cicada call of Stone Panda. Phony e-commerce sites seek to harvest banking credentials. CISA offers some advice and some guidance. Hydra Market sanctioned. Awais Rashid from Bristol University on anonymous communication systems. Our guest is Armaan Mahbod of DTEX Systems with a look at supermalicious insiders. And the most popular password is... For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/66 Selected reading. Russian military weeks from being ready for...
Disinformation at the UN. Phishing against Ukraine. Hydra Market taken down. Is someone carrying on for Lapsus$? Compromise at Mailchimp. FIN7 branches out into ransomware.
Disinformation at the UN. Russian cyber operations against Ukraine. Bravo, BKA: German police take down a major contraband market. Under arrest but still in business? At least someones carrying on for Lapsus$. Compromise at Mailchimp. Joe Carrigan describes Javascript vulnerabilities. Carole Theriault with an eye on romance scams through the lens of Netflix's "The Tinder Swindler". And a well-known gang branches out. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/65 Selected reading. Live Updates: U.N. Security Council to Meet as Evidence of War Crimes Mounts (New York Times) Elephant Framework Delivered in Phishing...
Doxing, trolling, and censorship in a hybrid war. Borat RAT. States Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Wild youth. Hey spooks: brown bag it like the GRU.
Doxing, trolling, and censorship in a hybrid war. Western organizations remain on alert for a Russian cyber campaign. Known Russian threat actors continue operations against Ukraine proper. Borat RAT described. Welcome the US State Departments Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Your wild ways will break your mothers heart. Rick Howard weighs in on Shields Up. Josh Ray from Accenture on ideological differences on underground forums. And fast food as an OPSEC issue (and an OSINT source). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/64 Selected reading. Ukraine...
Michael DeBolt: From acting to cyber. [Intelligence] [Career Notes]
Chief intelligence officer at Intel 471, Michael shares his story where he started as an actor and quickly changed over to intelligence and what the transition was like for him. Michael grew up wanting to be an actor and even was able to land some acting jobs, after going into the Marine Corps he decided to leave acting behind and start a new path in his journey. He says looking for a purpose really helped to shape him, saying "looking back on it, I feel like my life purpose has really been all about kind of this relentless pursuit of...
Living security: the current state of XDR. [CyberWire-X]
In this CyberWire-X episode, host Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, explores the state of XDR. Joining Rick on this episode are Ted Wagner, SAP National Security Services CISO and CyberWire Hash Table member, and from episode sponsor Trellix are Bryan Palma, the Trellix Chief Executive Officer, and John Fokker, the Trellix Head of Cyber Investigations. Listen as Rick and guests discuss XDR, SASE, SIEM, and SOAR.
Learn more about your ad choices. Visit megaphone.fm/adchoices
A popular malware scheme and pay-per-install services. [Research Saturday]
Guest Michael DeBolt from Intel 471 joins Dave Bittner on this episode to discuss one of the most popular commodity malware loaders on the underground PrivateLoader. The blog provides an analysis of campaigns since May 2021, full details on a Pay-per-install (PPI) malware service, the methods operators employ to obtain installs, and insights on the malware families the service delivers. On Intel 471's blog, it shows the breakdown of how the PrivateLoader download is delivered and how it works. The blog states "Visitors are lured into clicking a Download Crack or Download Now button to obtain an allegedly cracked version...
Epistemic closure in a hybrid war. Wiper used against VIasat modems. US Treasury sanctions more Russian actors. Remediating Spring4shell. Notes from law enforcement. And were not joking.
Attempting to evolve rules of cyber conduct during a hot hybrid war. Waiting for major Russian cyber operations. Viasat terminals were hit by wiper malware. Patches and detection scripts for Spring4shell. Warning of ransomware threat to local governments. Emergency data requests under Senatorial scrutiny. NSA employee charged with mishandling classified material. Andrea Little Limbago from Interos on Bots, Warriors and Trolls. Rick Howard speaks with Maretta Morovitz on cyber deception. And no April Foolin here For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/63 Selected reading. Russias War Lacks a Battlefield Commander, U.S. Officials...
Moscow poorly served by its intelligence services, say London and Washington. Cyber phases of the hybrid war. A new zero-day, and some resurgent criminal activity.
Russian cyber operators collect against domestic targets. More details on the Viasat hack. Ukrainian hacktivists say they can interfere with Russian geolocation. Spring4shell is another remote-code-execution problem. The Remcos Trojan is seeing a resurgence. Malicious links distributed via Calendly. Johannes Ullrich from SANS on attack surface detection. Our guest is Fleming Shi from Barracuda on cybersecurity champions. Phishing with emergency data requests. Lapsus$ may be back from vacation. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/62 Selected reading. Vladimir Putin is being lied to by his advisers, says GCHQ (The Telegraph) U.S. intelligence...
Taking down bot farms. Cyber aggression. Kinetic influence ops, Spamming yourself? CS control system advisories. Sanctions are also biting Russian cyber gangs.
Taking down bot farms. Russia says the US is the aggressor in cyberspace. Influence operations, arriving at Mach 10. The call is coming from inside the house! Cyber incidents affect aviation services. CISA posts ICS control system advisories. I welcome Tim Eades from the Cyber Mentor Fund. Our guest is Alex Holland from HP Wolf Security describing a new wave of attacks. And Sanctions are also biting Russian cyber gangs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/61 Selected reading. Ukraine dismantles 5 disinformation bot farms, seizes 10,000 SIM cards (BleepingComputer) Russia accuses...
Cyber phases of a hybrid war continue at a nuisance level. IcedIDs distribution vectors. Automating software supply-chain attacks. CISA offers power supply risk mitigation guidance.
A cyberattack takes down a major Ukrainian Internet provider. GhostWriter is said to deploy Cobalt Strike against the Ukrainian government. Anonymous makes some large claims. This just in: spies drive drunk: Ukrainian intelligence doxes FSB officers. Conventional criminals continue to exploit sympathy for Ukraine in social engineering scams. Red-Lili automates software supply-chain attacks. Ben Yelin considers Russian cyber capabilities. Mr. Security Answer Person John Pescatore addresses security automation. And CISA offers mitigation guidance on risks to uninterruptible power supplies. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/60 Selected reading. Russia says it will...
Notes on the cyber aspects of the ongoing hybrid war. DDoS in the Marshall Islands. Lapsus$ Group post mortems. US FCC sanctions Kaspersky. CISA adds Known Exploited Vulnerabilities to its Catalog.
Preparing for the spread of cyberattacks. A look at Cyber operations in the hybrid war. C3 and electronic warfare. The Republic of the Marshall Islands suffers rolling DDoS attacks. Okta gives a detailed account of its experience with the Lapsus$ Group. Lapsus$ under the law enforcement microscope. The FCC sanctions Kaspersky. Malek Ben Salem from Accenture on getting full potential from deception systems. Our guest is Greg Scasny of Blueshift Cybersecurity with remote workforce security concerns. And CISA adds to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/59...
The breakdown of Shuckworm's continued cyber attacks against Ukraine. [Research Saturday]
Guest Dick O'Brien from Symantec joins Dave Bittner on this episode to discuss how "Shuckworm Continues Cyber-Espionage Attacks Against Ukraine." The Russia-linked Shuckworm group (aka Gamaredon, Armageddon) has been active since 2013 and is known to use phishing emails to distribute either freely available remote access tools. In July 2021, Symantec observed Shuckworm activity on an organization in Ukraine and this continued until August 2021. According to aNovember 2021 reportfrom the Security Service of Ukraine (SSU), since 2014 the Shuckworm group has been responsible for over 5,000 attacks against more than 1,500 Ukrainian government systems. Dick walks us through Symantec's...
Fears of Russian escalation, with both chemical and cyber weapons, rise. DPRK APTs exploit Chrome vulnerabilities. Mustang Panda is back. Arrests made in the Lapsus$ case.
Fears of Russian escalation as Ukraines counteroffensive sees successes. Warnings of possible Russian cyberattacks gain context from attribution of the Viasat incident and two US unsealed indictments. CISA continues to recommend best practices. North Korean APTs exploit Chrome vulnerabilities. Mustang Panda is back. David Dufour from Webroot on ransomware gangs and cartels. Our guest is Liliana Monge of Sabio Coding Bootcamp on creating opportunities for those looking to pursue a career in tech. And boy, boy, your wild ways will break your mothers heart. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/58 Selected...
Updates on Russias hybrid war against Ukraine. The leader of the Lapsus$ Gang may be a 16-year-old living with his Mom. Wanted cybercriminals. Hacktivisms sometimes wayward aim.
Concerns persist that President Putin will take his revenge in cyberspace for sanctions. Wiper attacks reported continuing in Ukraine. Russia also sustains cyberattacks. Lapsus$--living at home, with Mom. A carder kingpin finds his way onto the FBIs Most Wanted List. Andrea Little Limbago from Interos on collective resilience. Our guest is Amit Shaked from Laminar Security on shadow data. Anonymous says it hit Nestl, but Nestl says it never happened. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/57 Selected reading. As Ukraine invasion stalls, Putin looks to cyber for revenge attack on US...
Insider Risk Excellence Awards. [CyberWire-X]
In this CyberWire-X episode, host Dave Bittner chats with the judges of the Insider Risk Excellence Awards. The inaugural awards program, announced during last September's Insider Risk Summit, recognizes the best of the best in Insider Risk Management. They honor the work of individuals and organizations as they address Insider Risk in the most collaborative work environment weve ever seen. Judges Joe Payne, President and CEO, Code42 and Chairman, Insider Risk Summit and Wendy Overton, Director of Cyber Strategy and Insider Risk Leader, Optiv, talk about the growing Insider Risk problem, reveal the winners of each award category and pull...
British-American warnings of a Russian cyber threat, and Russias response. More on the Lapsus$ gang incidents at Microsoft and Okta. And Secureworks looks at Conti and sees a criminal ecosystem.
The US and the UK warn of impending Russian cyberattacks, and Russia responds with warnings against banditry, crime, and bad manners. CISA issues two new ICS advisories. Microsoft confirms a Lapsus$ gang incident, and so does Okta, but Oktas case is more complicated. Josh Ray from Accenture on the cyber workforce. Our guest is Tom Gaffney from F-Secure with some ways to reduce digital anxietySecureworks takes a look at the criminal ecosystem around Conti. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/56 Selected reading. Ukraine war has put our relationship with US at...
White House adds its voice to CISAs Shields Up, warning of the possibility of Russian cyberattacks. New malware strains described, new criminal attack techniques observed.
White House warns of large-scale Russian cyberattacks. Browser-in-the-Browser attacks. New Conti affiliate described. Android malware Facestealer described. Android malware Facestealer described. Microsoft and Okta investigate possible Lapsus$ attacks. Arid Gopher is out in the wild. Our guest is Swathi West of Barr Advisory on opportunities for the underrepresented in cybersecurity. Joe Carrigan wonders if we cant just get rid of passwords once and for all. And advancing censorship by finding extremism and Russophobia in Metas platforms. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/55 Selected reading. Russia's hybrid war with Ukraine: strategy, norms,...
Hacktivism, protestware, and information operations in a hybrid war. Brazi-based cyber gangs active in extortion. Steganography opens a backdoor. A free decryptor for Diavol ransomware.
The widely expected, intense Russian cyber campaign has yet to appear. "Protestware" as a dangerous turn in hacktivism. Information operations and the persistence of independent channels of news. Social media as an opsec problem.Lapsus$ may have hit Microsoft. A second Brazilian gang tries its hand at extortion. A snakey backdoor afflicts French organizations. AD Bryan Vorndran of the FBI Cyber Division on what the agency brings to the table in the cyberspace. Rick Howard considers infrastructure as code. Emsisoft offers a free decryptor for Diavol ransomware. For links to all of today's stories check out our CyberWire daily news briefing:...
Derek Manky: Putting the rubber to the road. [Threat Intelligence] [Career Notes]
Chief Security Strategist and VP of Global Threat Intelligence at FortiGuard Labs, Derek Manky, shares his story from programmer to cybersecurity and how it all came together.Derek started his career teaching programming because he had such a passion for it. When he joined Fortinet, Derek said putting where it "really started putting the rubber to the road and connecting my previous experience with programming and debugging and knowledge of operating systems and all that with real-world applications." Derek advises that it doesn't need to be complicated getting into the cybersecurity field and that there are many avenues to enter the...
Implications of data leaks of sensitive OT information. [Research Saturday]
Guest Nathan Brubaker from Mandiant joins Dave Bittner on this episode to discuss Mandiant Threat Intelligence's research: "1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information." Data leaks have always been a concern for organizations. The exposure of sensitive information can result in damage to reputation, legal penalties, loss of intellectual property, and even impact the privacy of employees and customers. However, there is little research about the challenges posed to industrial organizations when threat actors disclose sensitive details about their OT security, production, operations, or technology. In 2021, Mandiant Threat Intelligence continued observing ransomware operators attempting to...
Hacktivism and other cyberattacks continue against Russian targets, but some hacktivism may go too far. C2C market notes. Advice from CISA and NIST. Prank calls as statecraft.
Hacktivism and other cyberattacks continue against Russian targets, but some hacktivism that affects software supply chains may go too far. An initial access broker in the criminal-to-criminal market. BlackMatter may be working with BlackCat. CISA offers a warning and advice to SATCOM operators. NIST offers some guidance on industrial control system security. Johannes Ullrich reminds us to patch our backup tools. Our guest is Armando Saey from MISI with insights on maritime port security. And Rear Admiral Mehoff, call your office. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/53 Selected reading. Popular NPM...
Debunking deepfakes. Hacktivism and information warfare. The prospect of splinternets. Germany warns of security product risks. Disruption of Ukrainian ISPs. New wrinkles in phishing.
Not-so-deepfakes debunked. Hacktivism and information warfare in Russias war against Ukraine. The prospect of an age of splinternets. Germany warns of risks from Kaspersky security products. Disruption of Ukrainian ISPs. David Dufour from Webroot on cyberattacks hitting the automotive sector. Carole Theriault ponders parental disclosure of tracking their kids. Three new wrinkles to social engineering. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/52 Selected reading. Russia and Ukraine draw up 15-point peace plan (The Telegraph) Deepfake video of Zelenskyy could be 'tip of the iceberg' in info war, experts warn (NPR.org) The Russia-Ukraine...
Ukrainian President Zelenskyy addresses the US Congress, as Russias hybrid war continues. LokiLocker ransomware flies a false flag. CISA warns of Russian cyber threat. Advance fee arrest.
Ukrainian President Zelenskyy addresses the US Congress, as intelligence services, contractors, and hacktivists wage their part of a hybrid war. BlackBerry describes LokiLocker, a new strain of ransomware thats not Iranian, but would have you think it is. CISA and the FBI warn of a Russian cyber campaign. Nigeria arrests an alleged advance-fee scam artist (hes been wanted for some time.)
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/51
Learn more about your ad choices. Visit megaphone.fm/adchoices
Disinformation and cyberattacks in Russias hybrid war against Ukraine. DDoS attack hits Israeli telcos. Captured tools are old news. Recent trends in cybercrime.
Biowar disinformation. A new wiper is discovered in Ukrainian systems. Cyber criminals look for letters of marque from both sides (and some of them are looking like hacktivists). Ukrainian cybersecurity firms and intelligence services mobilize against Russia. Ben Yelin evaluates cyber engagements in the crisis. A protester crashes a Russian news broadcast. DDoS attack takes down Israeli sites. China claims to have captured NSA hacking tools. Our guest is Ben Brook CEO of Transcend with a look at data privacy. Recent trends in cybercrime. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/50 Selected...
Russias hybrid war against Ukraine becomes more firepower intensive, but hackers make their mark. Cybercrime does business as usual.
The situation in Russias war against Ukraine, and Mr. Putins frustration with his intelligence services. Provocations, state-hacking, and influence operations in a hybrid war. Lapsus$ hits Ubisoft with ransomware. LockBit hits Bridgestone America. The Escobar banking Trojan is out in the wild. Kaspersky source apparently not compromised after all. Dan Prince wonders if we are properly preparing for the roles of tomorrow? Rick Howard is pulling on the kill chain. And the wayward aim of public opinion. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/49 Selected reading. After more than two weeks of...
Kristin Strand: Be firm in your goals. [Consultant] [Career Notes]
Cybersecurity Associate Consultant at BARR Advisory, Kristin Strand, shares her journey from the military to teaching and now to cybersecurity.Kristin shares how she'd wanted to be a teacher since she was young. She joined the Army to help pay for college and throughout her career has taken advantage of programs to help her move on to her next challenge. From teaching, Kristin decided to transition to IT and came to cybersecurity through a Department of Labor program. She's also currently training to be a drill sergeant. Kristin advises you stand firm to your goals and know what you want. It...
The story of REvil: From origin to beyond. [Research Saturday]
Guest Jon DiMaggio, Chief Security Strategist at Analyst1, joins Dave Bittner to discuss his team's research "A History of REvil" that chronicles the rise and fall of REvil. The REvil gang is an organized criminal enterprise based primarily out of Russia that runs a Ransomware as a Service (RaaS) operation. The core members of the gang reside and operate out of Russia. REvil leverages hackers for hire, known as affiliates, to conduct the breach, steal victim data, delete backups, and infect victim systems with ransomware for a share of the profits. Affiliates primarily stem across eastern Europe, though a small...
An update on the hybrid war in Ukraine. Conti and its users are still up and active. CISA releases twenty-four ICS security advisories. An extradition in the NetWalker case.
An update on the hybrid war in Ukraine. Allegations of war crimes and Russian disinformation. Chemical, biological, and radiological weapons disinformation. Preparing for cyberattacks. Cyber operations against Russia. GPS interference reported along Finlands border. Conti and its users are still up and active. CISA releases twenty-four ICS security advisories. Malek Ben Salem from Accenture on deception systems. Our guest is Joe Payne from Code42 on data exposure. An extradition in the NetWalker case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/48 Selected reading. Russia 'did not attack Ukraine' says Lavrov after meeting Kuleba...
Cyber phases of a hybrid war. Google stops a Judgment Panda campaign and Symantec tracks Daxin. CISA updates its Conti alert. An alleged REvil member is arraigned in Texas.
Prebunking a provocation. A spot report on the cyber phases of a hybrid war. Google stops a Judgment Panda campaign against US Government Gmail users. Symantec continues to track the origins and uses of the Daxin backdoor. CISA updates its Conti alert. Josh Ray from Accenture has tips on Log4J. Our guest is Chetan Conikee of ShiftLeft with strategies for reducing attackability. And law northeast of the Pecos, as an alleged member of REVil is arraigned in Texas. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/47 Selected reading. Vladimir Putin plotting chemical weapons...
Waiting for the Bears to come out. APT41 hits US state governments. A surge in mobile malware, and a look at yesterdays Patch Tuesday.
Zelenskyy addresses the House of Commons. Cyber operations in Russia's war against Ukraine. Chinese cyber espionage campaign hits six US state governments (but it might be an APT side-hustle). A surge in mobile malware. Joe Carrigan looks at derestricting your software. Our guest Bob Dudley discusses cyberattacks against the European energy sector. And a quick look back at Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/46 Selected reading. Volodymyr Zelensky speech: Ukrainian President vows to fight Russians in 'forests, fields and on shores' as he channels Winston Churchill (The Telegraph) Putins...
Updates on Russias hybrid war, including cyber ops and influence operations. Mustang Panda focuses on Europe in its cyberespionage. Ransomware hits oil and gas sector. UPS vulnerabilities.
Updates from the UKs Ministry of Defense on Russias War in Ukraine. Influence operations: the advantage still seems to go to Ukraine, as Russian efforts look inward. Assessing the effects of hacktivism and cyber operations in the hybrid war. Privateering: Conti, Ragnar Locker, and (probably) others. Mustang Panda rears up in European diplomatic networks. Ransomware hits a Romanian fuel distributor. Andrea Little Limbago from Interos on data traps. Carole Theriault tracks the fight against deepfakes. Vulnerabilities found in UPS devices. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/45 Learn more about your ad...
Cyber dimensions of Russias hybrid war against Ukraine. Hacktivists and cybercriminals choose sides. Lapsu$ releases NVIDIA and Samsung data (and says a victim hacked back).
Russian influence operations fail as few support Russia's war of aggression. Ukraine will become a "contributing participant" in NATO's CCDCOE. Ukrainian cyberattacks, and the marshaling of hacktivists. Russian cyberattacks: surprisingly restrained and unsurprisingly supported by criminal organizations like Conti. The FBIs Bryan Vorndran joins us with insights on the work his team did on Sodinokibi. Rick Howard looks at vulnerability management. Lapsu$ gang releases data taken from NVIDIA and Samsung in separate extortion incidents. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/44 Selected reading. What Happened on Day 11 of Russias Invasion of...
Chetan Conikee: Create narratives of your journey. [CTO] [Career Notes]
Founder and CTO of ShiftLeft, Chetan Conikee shares his story from computer science to founding his own company.When choosing a career, Chetan notes that "the liking and doing has to matter and be in conjunction with each other." Explaining the parallels in his home country of India and where he studied his for his masters in the US, Chetan stresses the need to find someone who inspires you to follow and learn from. On being an entrepreneur, he says, "The entrepreneurial mindset is a sum total of many sufferings that lead to success." Chethan advises you take time out to...
HEAT: Examining the next-class of browser-based attacks. [CyberWire-X]
Modern enterprises have evolved drastically over the last two years as a result of the global pandemic. Due in part to organizations pivoting quickly to new business models by migrating apps and services to the cloud to enable hybrid and remote workforces, the new office has quickly become the web browser. Today, business users are spending an average of 75% of their workday in a browser thats where productivity takes place! But the digital enhancements of the last two years have ushered in widespread transformation that expanded attack surfaces and created new opportunities for cyber miscreants, giving rise to Highly...
An abuse of trust: Potential security issues with open redirects. [Research Saturday]
Guest Mike Benjamin, VP of Security Research at Fastly, joins Dave Bittner to talk about the Fastly Security Research Team's work on "Open redirects: real-world abuse and recommendations." Open URL redirection is a class of web application security problems that makes it easier for attackers to direct users to malicious resources. This vulnerability class, also known as open redirects, arises when an application allows attackers to pass information to the app that results in users being sent to another location. That location can be an attacker-controlled website or server used to distribute malware, trick a user into trusting a link,...
Swapping propaganda shots. ICANN will not block the Internet in Russia. Hacktivists achieve a nuisance-level of success. NVIDIA gets a most curious demand. And theres no US draft.
Propaganda engagements in Russias hybrid war against Ukraine. ICANN will not block the Internet in Russia. Hacktivists, real and pretended, achieve a nuisance-level of success in Russias war. Scams and misinformation circulate in Telegram. NVIDIA gets a most curious demand from a cyber gang. CISAs ICS advisories. Johannes Ullrich looks at phishing pages on innocent websites. Our guest is Chase Snyder from ExtraHop to discuss implications of the cyber talent shortage. And, hey, newsflash, no matter what the texts on your phone might say, theres no military draft in the US. For links to all of today's stories check out...
Russia and Belarus exchange cyber operations with Ukraine. The US announces Task Force KleptoCapture. Vulnerable infusion pumps. TCP middlebox reflection. Notes on sanctions.
The UN condemns Russias war in Ukraine. Ukraines cyber volunteers appear to be operating under the direction of Kyivs Ministry of Defense, and may be targeting Russian infrastructure. Belarusian cyber operators are phishing with stolen Ukrainian credentials in a cyberespionage campaign. Task Force KleptoCapture. Infusion pumps found vulnerable to cyberattack. TeaBot is found in the Play Store. TCP middlebox reflection. Dan Prince from Lancaster University on trustworthy autonomous systems. Our guest is John Shegerian from ERI on the security angle of e-recycling. And no more Harleys for Mr. Putin. For links to all of today's stories check out our CyberWire...
Slow-motion brutality against Ukraine as sanctions begin to bite Russia. Big Tech takes sides. Ransomware continues to bother major corporations.
Russias invasion in Ukraine is still slow, but its grown more brutal. Sanctions are beginning to hit Russia hard. The cyber phase of this hybrid war seems more informational than destructive, which is surprising. Big Tech has taken Ukraines side, and some Russian companies face a tough balancing act. Our guest is Lavi Lazarovitz from CyberArk with predictions on supply chain security. Malek Ben Salem from Accenture on deploying effective deception systems. And ransomware continues to pester major corporations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/41 Selected reading. Ukraine at D+6: Shocking...
Updates on Russias invasion of Ukraine, and the cyber phases of a hybrid war. Hacktivists and privateers. New Chinese malware described. Registration-bombing.
Stalled columns, rocket fire, and negotiation over Ukraine. Two new pieces of malware found in use against Ukrainian targets. Ben Yelin joins us with analysis. Dealing with WhisperGate and HermeticWiper. The muted cyber phases of a hybrid war. Leaked files reveal Conti as a privateer. Sanctions move from deterrence to economic "war of attrition." Daxin: a backdoor that hides in normal network traffic. Registration-bombing lets fraud hide in the weeds. Our guest is Tresa Stephens from Allianz on the elevated concern for cyber risk among business leaders. And Razzlekhan talking a deal? Resources Ukraine Fighting Overshadows Chance of Russia Talks...
An update on Russias hybrid war against Ukraine. Offensive cyber operations under hacktivist guise. Russian privateers return (also as hacktivists). Some non-war-related hacking.
Ukrainian resistance may have stalled the Russian advance at key points. Cyber operations against Ukraine (and Russia). Diplomacy, now short of surrender? A SWIFT kick. Return of the privateers, now in the guise of patriotic hacktivists. Not all hacking is war-related. Josh Ray from Accenture on KillACK Backdoor Malware Continues to Evolve. Rick Howard revisits the cyber sand table. Criminals exploit Ukraine's suffering in social engineering campaigns.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/39
Learn more about your ad choices. Visit megaphone.fm/adchoices
Sloane Menkes: What is the 2%? [Consultant] [Career Notes]
Principal in PricewaterhouseCoopers Cyber Risk and Regulatory Practice, Sloane Menkes, shares her story of how non-linear math helped to shape her life and career.Sloane credits a high school classmate for inspiring her mantra "What is the 2%?" that she employs when she feels like things are shutting down. She talks about her experiences in calculus class at the US AIr Force Academy that helped to enlighten her and inform the intuitive problem solving skill or way of thinking that she'd been employing in her life. She joined Office of Special Investigations and working with Howard Schmidt is where Sloane first...
Noberus ransomware: Coded in Rust and tailored to victim. [Research Saturday]
Guest Dick O'Brien, Principal Editor at Symantec, joins Dave to discuss their team's research, "Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware." Noberus is new ransomware used in mid-November attack, ConnectWise was likely infection vector. Symantec, a division of Broadcom Software, tracks this ransomware as Ransom.Noberus and our researchers first spotted it on a victim organization on November 18, 2021, with three variants of Noberus deployed by the attackers over the course of that attack. This would appear to show that this ransomware was active earlier than was previously reported, with MalwareHunterTeam having told BleepingComputer they first saw this...
Hybrid aggression and hybrid resistance. Sanctions, defense, and (maybe) retaliation. MuddyWater is newly active. Trickbot seems to have retired. Notes on misinformation and the fog of war.
Russias full-scale invasion meets regular and irregular Ukrainian resistance. Public uses of intelligence products. Hybrid aggression and hybrid defense in cyberspace, as the civilized world imposed sanctions on Russia. Irans MuddyWater threat actor is back, with renewed cyberespionage. Good-bye to Trickbot. Carole Theriault wraps up her look at mobile device security. Rick Howard checks in with Matthew Sharp ( Logicworks) & "Rock" Lambros (RockCyber)on "The CISO Evolution". And some notes on the fog of war.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/38
Learn more about your ad choices. Visit megaphone.fm/adchoices
Russias full-scale invasion of Ukraine began this morning at 5:00 AM, Kyiv local time. Cyberattacks are serving as combat support and strategic disruption.
Russia opens a general war against Ukraine, with rocket fires, heavy forces, and a not-so-veiled threat to NATO. Cyber operations are serving as combat support and strategic disruption. While the war in Ukraine dominates the news, elsewhere in the world cybercrime and cyberespionage continue at their customary levels. Carole Theriault looks to the security of your mobile devices. And our guest is Dr. Chenxi Wang of Rain Capital with insights on the new NIST software supply chain security standards. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/37 Learn more about your ad choices....
Putin goes medieval (we paraphrase the UK defense secretary). Cyberattack disrupts a logistics giant. Two reports look at the state of industrial cybersecurity.
With diplomacy at a stand and Russian troops now openly in Ukraine, Western governments impose sanctions on Russia. A fresh round of distributed denial-of-service attacks against Ukraine. Cobalt Strike continues to be misused by criminals. A cyberattack has severely disrupted a major logistics firm. My conversation with Assistant Director Bryan Vorndran of the FBI Cyber Division. Our guest Ed Amoroso from TAG Cyber explains Research as a Service. And two looks at the recent and prospective state of industrial cybersecurity. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/36 Learn more about your ad...
Escalation in Russias hybrid aggression. APT10s espionage against Taiwans financial sector. Developments in the C2C market. Jamming your teens Internet access.
Russia escalates its hybrid war against Ukraine, with cyber implications for the rest of the world. Xenomorph banking Trojan hits European Android users. APT10s months-long espionage campaign against Taiwans banks. Hive ransomwares flawed encryption is good news. Trickbots place in the C2C market. Joe Carrigan shares the latest evolution of business email compromise. John Pescatores Mr. Security Answer Person returns. And theres a right way and a wrong way to keep your teen offline.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/35
Learn more about your ad choices. Visit megaphone.fm/adchoices
Interview select: Kenneth Geers of NATO's CCD COE on "Cyber War in Perspective: Russian Aggression Against Ukraine."
As we break to observe Washington's birthday, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. In this extended interview, Dave Bittner speaks with Kenneth Geers from NATO's CCD COE on "Cyber War in Perspective: Russian Aggression Against Ukraine." Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more. Learn more about your ad choices. Visit...
Afternoon Cyber Tea with Ann Johnson is a CyberWire Network podcast created by Microsoft Security. It's a bi-weekly show that comes out every other Tuesday. We thought you would enjoy this episode in particular and hope you consider subscribing in your favorite podcast app. Diana Kelly, the co-founder, and CTO of SecurityCurve, a cybersecurity consulting firm, joins Ann Johnson on this episode of Afternoon Cyber Tea. Diana is a globally known security expert who donates much of her time volunteering in the cybersecurity community while also serving on the Association for Computing Machinery Ethics and Plagiarism Committee. Diana talks with...
Joe Carrigan: Build your network. [Security engineer] [Career Notes]
Senior security engineer with the Johns Hopkins University Information Security Institute and the Institute for Assured Autonomy, Joe Carrigan, shares what he calls his life mistake and what spurred him to finally choose a career in technology.Throughout his life, Joe had interest in technology, he even worked at the computer lab in college, but never set his sights on that for a career. A conversation with a stranger guided him in that direction and he's been there ever since. As co-host of the CyberWire's Hacking Humans, Joe sees some heartbreaking results of scams and feels education of the public will...
What Log4Shell has taught us. [CyberWire-X]
If 2021 taught us anything, its that our supply chainespecially our technical supply chainhangs in the balance of a very fragile system. The year came to a close with the announcement of the Log4j zero day. Talk about saving the best for last. On this episode of CyberWire-X, the CyberWire's Rick Howard speaks with Tom Quinn CISO at T. Rowe Price, about the topic. Show Sponsor ExtraHops Head of Product, Ted Driggs, joins the CyberWire's Dave Bittner to examine what Log4Shell tells us about the state of cyber defense going into 2022, and what enterprises can do to prepare. Through...
Instagram hijacks all start with a phish. [Research Saturday]
Guest Marcelle Lee, Senior Security Researcher and Emerging Threats Lead, from SecureWorks joins Dave to share her team's work on "Ransoms Demanded for Hijacked Instagram Accounts." An extensive phishing campaign has targeted corporate Instagram accounts since approximately August 2021. The threat actors demand ransoms from the victims to restore access. Organizations typically focus on traditional enterprise cybersecurity threats. However, some threats are more subtle, targeting organizations on unexpected platforms. In October 2021, Secureworks Counter Threat Unit (CTU) researchers identified a phishing campaign that hijacks corporate Instagram accounts, as well as accounts of individual influencers who have a large number of...
False flags, disinformation, and cyber operations in a hybrid conflict. Log4j vulnerabilities exploited. Wiper used against Iranian television. Krakens evolution. CISAs guide to free security tools.
False flags and disinformation in Ukraine, as Western governments warn of the risk of both Russian escalation and the prospects of cyberattacks spreading beyond Ukraines borders. Log4j Day-1 vulnerabilities exploited in the wild. Threat actors deployed a wiper in the course of hijacking Iranian television. The Kraken botnet is evolving, picking up an information-stealing capability. Our guest is Brittany Allen of Sift to discuss the DOJ seizing 3.6B worth of stolen crypto. Chris Novak from Verizon addresses Geopolitics and threat intelligence. And CISA launches a Catalog of Free Cybersecurity Services and Tools. For links to all of today's stories check...
Someones engaged in provocation in the Donbas. Ukraine sees a Russian influence operation in recent DDoS attacks. Ice phishing as a threat made for a decentralized web.
Provocation may have begun in Ukraine, and no one but Russia can see any signs of a Russian withdrawal of troops to garrison. Recent DDoS attacks in Ukraine are seen as an influence operation. The compromise of International Red Cross data has been tentatively attributed to an unnamed state actor. Johannes Ullirch from SANs shares a fancy phish. Our guests are Mike Theis and Stacy Hadeka from Hogan Lovells to discuss the cyber aspects of the False Claims Act. And Microsoft describes ice phishing: social engineering for a decentralized web3. For links to all of today's stories check out our...
A warning of cyberespionage targeting US cleared defense contractors. Update on the hybrid war against Ukraine. Chinas favorite RAT. QR codes. Addiction to alt-coin speculation.
US agencies warn of Russian cyberespionage against cleared defense contractors. Updates on the Russian pressure against Ukraine. ShadowPad as Chinas RAT of choice. BlackCat claims to have leaked data stolen in a double-extortion ransomware attack. Follow the bouncing QR code. Dinah Davis from Arctic Wolf on Canadas government ransomware playbook. Rick Howard chats with Bill Mann from Styra on DevSecOps. And if youre addicted to cryptocurrency speculation, the first step in recovery is admitting youve got a problem. (The second step is to step away from the phone.) For links to all of today's stories check out our CyberWire daily...
Cyberattacks reported in Ukraine as Russia signals a willingness to negotiate with NATO. TA2541 targets aviation and allied sectors. BlackCats tough to shake. Romance scams. Beamers.
Reports of cyberattacks against Ukrainian targets as the parties to the crisis resume negotiations. The US has been forthcoming with intelligence on Russias ambitions in the region; those revelations form part of an influence strategy. An apparent criminal group is targeting aviation and related sectors. BlackCat ransomware victims are having difficulty recovering. Why conditions favor romance scams. Ben Yelin looks at pending cyber breach notification laws. Our guest Padraic O'Reilly from CyberSaint on the effectiveness of Biden's plan to protect the water sector. And beamers defraud Roblox players. For links to all of today's stories check out our CyberWire daily...
Hybrid war warnings over Russian designs on Ukraine. Senators ask about CIA bulk surveillance. No charges against reporter who inspected a website. Hacktivists or vigilantes?
The US and the UK warn of the possibility of false-flag provocations as Russia keeps the pressure on Ukraine. NATO members and others issue warnings of the threat of Russian cyber operations spilling over the Ukrainian border. Two US Senators want an accounting from the CIA over an alleged bulk collection operation. No charges filed in the case of a reporter who viewed a website source. Hacktivism and vigilantism. 49ers hacked. Daniel Prince from Lancaster University on improving security in agile health IoT development. Rick Howard targets supply chain issues with the hash table. And have a careful Valentines Day....
Roselle Safran: So much opportunity. [Entrepreneur][Career Notes]
CEO and Founder of KeyCaliber, Roselle Safran, takes us on her circuitous career journey from startup to White House and back to startup again.With a degree in civil engineering, Roselle veered off into a more technical role at a startup and she says "caught the startup bug." After convincing a hiring manager that she could learn on the job, she transitioned to computer forensics and started on the path of cybersecurity. Roselle worked in government for the Department of Homeland Security and then to the Executive Office of the President leading all of the security operations. She jumped back into...
SysJoker backdoor masquerades as benign updates. [Research Saturday]
Guests Avigayil Mechtinger and Ryan Robinson from Intezer discuss SysJoker malware, a backdoor that targets Windows, Linux and MacOS, Malware targeting multiple operating systems has become no exception in the malware threat landscape.Vermilion Strike, which was documented just last September, is among the latest examples until now. In December 2021, the team at Intezer discovered a new multi-platform backdoor that targets Windows, Mac, and Linux. The Linux and Mac versions are fully undetected in VirusTotal. Intezer named this backdoorSysJoker. SysJoker was first discovered during an active attack on a Linux-based web server of a leading educational institution. After further investigation,...
Update on Russias hybrid threat to Ukraine. Vodafone Portugal continues its recovery. The FritzFrog peer-to-peer botnet is back. And theres a new wrinkle in the old familiar Nigerian prince scam.
Update on Russias hybrid threat to Ukraine, with observations on possible international spillover. Vodafone Portugal continues its recovery. The FritzFrog peer-to-peer botnet is back, and has resumed operations against government, healthcare, and education targets. Caleb Barlow warns of attacks coming from inside your network. Our guest is Tom Boltman of Kovrr on the shift in the cyber insurance market due to ransomware. And theres a new wrinkle in the old familiar Nigerian prince scamdid you know the UN was compensating victims by sending them ATM cards? Neither did the UN. For links to all of today's stories check out our...
Liquidating Lviv botfarms. Notes on hybrid war. Digital frameups in India? The Lazarus Groups new yet familiar phishbait. Warnings about ransomware.
Ukraine takes down two botfarms pushing panic. Thoughts on hybrid warfare. Russia and China explain how we ought to see the political and online worlds. Digital frameups are reported in India. Lazarus phishes with bogus job offers. Espionage services looking for journalists sources. David Dufour from Webroot ponders the Metaverse. Our guest is Amanda Fennell, host of the Security Sandbox podcast. And public and private-sector warnings about ransomware.
Learn more about your ad choices. Visit megaphone.fm/adchoices
A Foreign Office hack is disclosed (but thats it). Preparing for a cyber escalation in the hybrid war Russias waging against Ukraine. Multi-cloud threats. Patch Tuesday notes. Razzlekhan raps.
Britains Foreign Office sustained a cyberattack last month (the details are secret). Poland stands up a Cyber Defense Force as Europe and North America raise their level of cyber readiness. Negotiations over the Russian pressure on Ukraine are likely to be protracted. Threats to multi-cloud environments. Patch Tuesday notes. Dinah Davis from Arctic Wolf on keeping kids safe online. Carole Theriault examines Mozillas Privacy Not Included campaign. And Razzlekhan rocks the mic with her mad skillz, or used to, anyway. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/27 Learn more about your ad...
Crowdfunding hacktivists and other irregulars. The Molerats have some new tools. Right-to-left override. Arrests in a cryptocurrency money-laundering case.
Diplomacy continues over the Russian threat to Ukraine. In the meantime, hacktivists and others are said to be receiving crowdfunding through alt-coin remittances. The Molerats are back, and they have some new tools. Right-to-left override is being seen again in the wild. Vodafone Portugal is taken offline by a cyberattack. Joe Carrigan on Metas ten billion dollar privacy hit. Our guest is Greg Otto from Intel 471 to discuss shifts in ransomware strains. And two arrests are made in a money-laundering case connected with the Bitfinex hack. For links to all of today's stories check out our CyberWire daily news...
Russias hybrid war against Ukraine is currently heavier on the cyber than it is on the kinetic. BlackCats connection with DarkSide. An alert on LockBit. And six Indian call centers indicted.
The FSB is active against Ukrainian targets as NATO continues to work out the cybersecurity assistance it will provide Kyiv. BlackCat is found to be connected to the DarkSide gang, either as a superseding affiliate or as a simple rebranding of the same old crew. The FBI issues an alert about LockBit. Kevin Magee from Microsoft on their final report on Nobellium and the Solar Winds attack. Rick Howard steers the hash table toward supply chains. And the US has indicted six call centers in India on charges related to some familiar scams. For links to all of today's stories...
The persistent and patient nature of advanced threat actors. [Research Saturday]
Guest Danny Adamitis from Black Lotus Labs joins Dave to discuss their team's new research "New Konni Campaign Kicks the New Year Off by Targeting Russian Ministry of Foreign Affairs." Black Lotus Labs, the threat research team of Lumen Technologies, uncovered a series of targeted actions against the Russian Federations Ministry of Foreign Affairs (MID). Based upon the totality of information available and the close correlation with prior reporting, we assess with moderate confidence these actions leveraged the Konni malware, which has previously been associated with the Democratic Peoples Republic of Korea, and were undertaken to establish access to the...
Update on Russian cyber ops and disinformation around Ukraine. Ransomware disrupts European ports. Chinese intelligence services exploit a Zimbra zero-day.
Primitive Bear is snuffling around Ukraine, and Russia may be preparing deepfake video to lend legitimacy to its claims with respect to its neighbor. European ports and other logistical installations are under attack by ransomware, apparently uncoordinated criminal activity. Daniel Prince from Lancaster University on safeguarding IoT in Healthcare. Our guest is Chris Wysopal of Veracode with research on increases in automation and componentization in software development. And a Chinese APT is said to be exploiting a Zimbra webmail cross-site-scripting zero-day, so users beware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/24 Learn...
Ukraine goes to a higher state of cyber alert. Chinese cyberespionage hits financial services in Taiwan. Arid Viper is back, and so is Adalat Ali. BlackCat disrupts fuel distro in Germany. Hacking the DPRK.
Ukraine and NATO increase their cyber readiness. Chinese cyberespionage has been looking closely at financial services in Taiwan. Hacktivists hit Iranian state television. Arid Viper is phishing for targets in the Palestinian Territories, and apparently doesnt care who knows it. BlackCat ransomware implicated in attacks on German fuel distribution firms. Verizons Chris Novak shares his thoughts on the cyber talent pool. Our guest is Torin Sandall from Styra on Open Policy Agent. And, Bro, treat yourself to a pair of Vans. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/23 Learn more about your...
Both sides in the conflict over Ukraine are talking with their allies and preparing for conflict in cyberspace. A cyberattack disrupts gasoline distribution in Germany. Notes on APTs and privateers.
Tensions between Russia and Ukraine, and between Russia and NATO, remain high as diplomacy is at a temporary impasse: both sides have stated their incompatible positions and are consulting with their allies. NATO prepares to render cyber assistance to Ukraine. An unspecified cyberattack affects gasoline distribution in Germany. The White Tur threat group borrows heavily from several APTs, but itself remains mysterious. Charming Kitten gets some new claws. Caleb Barlow on Harvards analysis of Equifax. Our guest is Gunter Ollmann from Devo discussing their third annual SOC Performance Report. And the Trickbot gang seems to be privateering in that old...
Updates on the crisis over Ukraine, as Russian cyber operations continue. Ransomware threatens OT. Ramnit remains a leading banking Trojan. Bots infesting some NFT markets. Agencies advise opsec.
No progress so far in talks over the Ukraine crisis, as Moscows diplomacy and influence operations merge in a narrative of a Russia beset by armed Nazis, goaded on by a greedy America that doesnt want Russia competing in world markets. Ransomware and cyberthreats to OT systems. Ramnit is still up and at em in the banking Trojan world. Bots are following big brands in NFT markets, with predictable effects. Ben Yelin has an update on NSO Groupss marketing attempts to the FBI. An introduction to Dr. Andrew Hammond and the SpyCast podcast. And sending that sample in for your...
The UN Security Council will take up Russias hybrid war against Ukraine as Western powers prepare sanctions. Other ransomware and social engineering campaigns.
The US takes Russia to the UN Security Council over its threat to Ukraine, and, while Russian forces remain in assembly areas, a campaign of cyberattack and influence operations continues. Western powers, notably the UK and the US, are preparing sanctions against Russia. Elsewhere, ongoing ransomware and social engineering. Dinah Davis from Arctic Wolf onLinux malware via IoT devices. Rick Howard shares his favorite sources for keeping up to date. And theres a pair of decisions in a long-running case involving HP Enterprises purchase of Autonomy. For links to all of today's stories check out our CyberWire daily news briefing:...
Helen Patton: A platform to talk about security. [CISO] [Career Notes]
Advisory CISO at Cisco, Helen Patton, shares that a combination of dumb luck, hard work and serendipity that got her to where she is today.Growing up in the country in Australia, Helen notes that computers were not really a thing. She happened into technology after moving to the US, as she was the only person in her office under 40. Of course she would be comfortable with computers and able to handle a database conversion, right? That launched her into a career that spanned supporting small nonprofits, working at one of the biggest banks on Wall Street while leading a...
Zero Trust for cloud assets: Identity authentication and authorization. [CyberWire-X]
Applying Zero Trust principles to access rights can be tricky given the volume and dynamic nature of services in the cloud. Serverless computer services, like AWS Lambda, multiply the volume of identities to manage. These cloud services often have excessive permissions to access sensitive data and can become a potential entry point for an attacker to exploit. The CyberWire's Rick Howard speaks with Scott Farber, Principal Cyber Architect & Zero Trust Technical Lead at MITRE about the topic. Show Sponsor Sysdig's Vice President of Security Product Management, Maor Goldberg, brings experience with data center and cloud to a discussion with...
Use of legitimate tools possibly linked to Seedworm. [Research Saturday]
Guest Sylvester Segura from the Symantec Threat Hunter Team joins Dave to discuss their team's work on "Espionage Campaign Targets Telecoms Organizations across Middle East and Asia." Attackers most likely linked to Iran have attacked a string of telecoms operators in the Middle East and Asia over the past six months, in addition to a number of IT services organizations and a utility company. Organizations in Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and Laos were targeted in the campaign, which appears to have made no use of custom malware and instead relied on a mixture...
Diplomacy and cyber warnings in the Ukraine crisis. REvil may not actually be out of business. A warning about Iranian state-directed hacking. And Data Privacy Day is observed.
Diplomatic channels remain open even as NATO and the US reject Russian demands over Ukraine. More warnings over Russian cyber operations in the hybrid conflict (Voodoo Bear is mentioned in dispatches). Social media as a source of tactical intelligence. The FBI tells industry to be alert for Iranian hacking. Ransomware continues to circulate. Josh Ray from Accenture digs into the Bassterlord Networking Manual. Carole Theriault examines a university data backup snafu. And a happy Data Privacy Day to all. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/19 Learn more about your ad choices....
Updates on the hybrid war in Ukraine. Industrial espionage in Germany, conventional espionage in Western Asia. C2C markets, social engineering, and scamware.
Cyber risk continues over Ukraine as the US and NATO reject Russian demands. Emissary Pandas industrial espionage against German industry. Fancy Bear is spotted in Western Asia. The C2C markets initial access broker Prophet Spider is selling access to unpatched VMware Horizon instances. Social engineering adapts to its marks. Thomas Etheridge from CrowdStrike on the power of Identity/Zero Trust in stopping ransomware attacks. Our guest is Gary Guseinov of Real Defense to discuss M&A activity. And Dark Herring scamware is ejected from app stores, but not before hitting over a hundred million victims. For links to all of today's stories...
Tensions between Russia and Ukraine remain high as NATO offers Ukraine cyber, diplomatic, and other support. DDoS in the DPRK. DazzleSpy in the watering hole. TrickBot ups its game.
Tensions between Russia and Ukraine remain high as NATO offers Ukraine cyber, diplomatic, and other support. North Korea gets DDoSed. DazzleSpy hits Hong Kong dissidents drawn to a watering hole. TrickBot ups its game. A quick look at ransomware trends. Microsofts Kevin Magee unpacks a recent World Economic Forum report. Our own Rick Howard speaks with Chriss Knisley from MITRE ATT&CK Defender on certifications. And Dame Fortune teaches Michiganders to throw caution to the winds.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/17
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hacktivism as irregular operations-short-of-war. A banking Trojan aims at fraudulent wire transfers. DTPackers two-step delivery. REvil re-forms? Ransomware and insider threats. DDoS in Andorra.
Tensions remain high as Russia assembles troops near Ukraine and NATO moves to higher states of readiness. The Belarusian Cyber Partisans claim responsibility for a ransomware attack against Belarusian railroads. The BRATA banking Trojan spreads, as does DTPacker malware. REvil alumni may be getting the band back together. Ransomware operators working harder to recruit insiders at their targets. Joe Carrigan has the story of a romance scammer in custody. Mr. Security Answer Person John Pescatore has thoughts on BYOD. And theres a major DDoS campaign shutting down the Internet in Andorra. For links to all of today's stories check out...
Updates on the continuing hybrid war in Ukraine. Julian Assange will get another chance to avoid extradition. And Russian privateers find that theyre expendable.
Updates on the continuing hybrid war in Ukraine. The UK charges Russia with trying to install a puppet in Kyiv. Nominal hacktivists claim an attack against Belarusian railroads. Compromise of Greek parliamentary email accounts reported. Netherlands authorities warn against relaxing your guard against Log4j exploitation. Julian Assange will get another chance to avoid extradition. Rick Howards been pondering his reading list. Dinah Davis from Arctic Wolf on securing your smart speakers. And Russian privateers find that theyre expendable. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/15 Learn more about your ad choices. Visit...
Andrew Maloney: Never-ending thirst for knowledge. [COO] [Career Notes]
COO and Co-Founder of Query. AI, Andrew Maloney, shares how the building blocks he learned in the military helped him get where he is today.Coming from a blue collar family with a minimal knowledge of computers, Andrew went into computer operations in the Air Force. While deployed to Oman just after the start of the Iraq War, Andrew said he got his break into security. That's where he learned the components that fit together in order to effectively secure an environment. Andrew's words of wisdom: You've got to keep pushing and you've got to believe in yourself and never sell...
A collaboration stumbles upon threat actor Lyceum. [Research Saturday]
Guest Rob Boyce, Accenture's Global Lead for Cyber Incident Response and Transformation Services, joins Dave to discuss joint research done by Accentures Cyber Threat Intelligence (ACTI) group and Prevailions Adversarial Counterintelligence Team (PACT). The teams dug into recently publicized campaigns of the cyber espionage threat group Lyceum (aka HEXANE, Spirlin) to further analyze the operational infrastructure and victimology of this actor. The teams findings corroborate and reinforce previous ClearSky and Kaspersky research indicating a primary focus on computer network intrusion events aimed at telecommunications providers in the Middle East. Additionally, the research expands on this victim set by identifying additional...
Ukrainian crisis continues, with attendant risk of hybrid warfare. MoonBounce malware in the wild. Pirate radio hacks a number station.
US and Russian talks over Ukraine conclude with an agreement to further exchanges next week. Western governments continue to recommend vigilance against the threat of Russian cyberattacks against critical infrastructure. The US Treasury Department sanctions four Ukrainian nationals for their work on behalf of Russias FSB and its influence operations. A firmware bootkit is discovered in the wild. Security turnover at Twitter. Caleb Barlow looks at wifi hygiene. Our guest is Allan Liska on his latest ransomware book. And a number station gets hacked, in style. For links to all of today's stories check out our CyberWire daily news briefing:...
Looking toward tomorrows Russo-American talks about the Ukraine crisis. A memorandum gives NSA oversight authority for NSS. A look at the C2C markets.
As Russian forces remain in assembly areas near the Ukrainian border, the US and Russia prepare for tomorrows high-level talks in Geneva. NATO members look to their cyber defenses. US President Biden issues a Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems. Notes on C2C markets. Mirai is exploiting Log4j flaws. Verizons Chris Novak shares insights on Log4j challenges. Our guest is Ryan Kovar from Splunk with a look at the year ahead. And Olympic athletes heading to China? Better grab that burner phone. For links to all of today's stories check out...
Updates on what Ukraine is now calling BleedingBear. CISA advises organizations to prepare for Russian cyberattacks. Other cyberespionage campaigns, and a new ransomware strain.
Ukraine confirms that it was hit by wiper malware last week, as tension between Moscow and Kyiv remains high. It remains high as well between Russia and NATO, as Russia continues marshaling conventional forces around Ukraine. CISA advises organizations to prepare to withstand Russian cyberattacks. Other cyberespionage campaigns are reported, as is a new strain of ransomware. Microsofts Kevin Magee provides friendly counsel for CISOs and boards. Our guest is Clar Rosso from ISC2 on the communication gap between cybersecurity teams and executive leaders when it comes to ransomware. And the natural disaster in Tonga may offer lessons in resilience...
A new member of the Winnti Cluster is described. Cobalt Strike used against unpatched VMware Horizon servers. Ukraine blames Russia for what seems to be a destructive supply chain attack.
A new Chinese cyberespionage group is described. Cobalt Strike implants are observed hitting unpatched VMware Horizon servers. Ukraine attributes last weeks cyberattacks to Russia (with some possibility of Belarusian involvement as well). Microsoft doesnt offer attribution, but it suggests that the incidents were more destructive than ransomware or simple defacements. The US warns of possible provocations. Ben Yelin looks at a bipartisan TLDR bill. Our guest is Lisa Plaggemier from the National Cybersecurity Alliance on the ongoing threat of phishing. And the REvil arrests in Russia may have been for leverage. For links to all of today's stories check out...
Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes]
Social engineer and CEO of Hekate, Marina Ciavatta, shares her story of how people think her job is a la Mission Impossible coming from the ceiling with a rope and stealing stuff in the dead of the night. Marina does physical pentesting. Starting with an unused degree in journalism, Marina turned her talent for writing into a job as a content producer for a technology company and this appealed to her self-proclaimed nerdism. She fell in love with hacking and got into pentesting thanks to a friend. Marina recommends those interested in physical pentesting "try to find other social engineers...
Keeping APIs on the radar: Evaluating the banking industry. [Research Saturday]
This episode features guest Alissa Knight, former hacker and partner at Knight Ink, along with Karl Mattson, CISO from Noname Security, discussing findings on severe API vulnerabilities in U.S. banking applications research that was conducted by Alissa and funded by Noname Security. The research, Scorched Earth: Hacking Bank APIs, unveils a number of vulnerabilities in the banking, cryptocurrency exchange, and FinTech industries. In her Money 20/20 keynote presentation entitled Scorched Earth: Hacking Bank APIs. In her presentation, Alissa revealed that she was able to gain access to 55 different banks and change PIN codes and move money in and out...
Influence operations in the grey zone. FSB raids REvil. Open Source Software Security Summit looks to public-private cooperation. Privateering and state-sponsored cybercrime.
A large-scale cyberattack against Ukrainian websites looks like an influence operation, and Russian intelligence services are the prime suspects. The FSB raids REvil. The White House Open Source Software Security Summit looks toward software bills of materials. MuddyWater exploits Log4shell. The DPRK is working to steal cryptocurrency. Caleb Barlow shares the consequences of the 3G network shutdown. Our guest is John Lehmann from Intellectual Point with programs that help military veterans transition to the cybersecurity industry. Honor among thieves, and spies. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/10 Learn more about your...
A public-private conference takes up open source software security at the White House. MuddyWater attributed to Iran. Espionage and ransomware arrests.
A White House government-industry summit today addresses open-source software security. The US officially makes its second attribution of the week to a nation-state: it calls out Iran as the operator of the MuddyWater threat group. Israel arrests five on charges related to spying for Iran (theyre thought to have been recruited through catphishing). Citizen Lab finds Pegasus in Salvadoran phones. Ukraine arrests a ransomware gang. Thomas Etheridge from CrowdStrike on the importance of threat hunting for zero days. Our guest is Dr. David Bader of New Jersey Institute of Technology discussing the challenges of securing massive-scale analytics. And ransomware hits...
The US and EU seek to shore up cybersecurity as Russo-Ukraininan tensions run high. NIST updates secure system standards. Ransomware exploits Log4shell. Dog bites man: fraud in social media.
The US issues an alert over the prospect of Russian cyberattacks, and the EU begins a series of stress tests, both in apparent response to concerns over the prospect of a Russian attack on Ukraine. NIST updates its guidance on Engineering Trustworthy Secure Systems. NIght Sky ransomware exploits Log4shell. Phishing afflicts a hotel chain. Carole Theriault examines international efforts to stop digital fraud. Ben Yelin fon Seattle Police Faking Radio Chatter. And were shocked, shocked, to learn of fraud and piracy on a social media platform. For links to all of today's stories check out our CyberWire daily news briefing:...
Software supply chains and the free-rider problem. An APT is bitten by its own RAT. Europol told to clean up its data. A leak investigation in Denmark. QR-code phishbait.
Log4shell as an instance of a more general software supply chain issue. An APT apparently mistakenly infects itself with its own RAT. A new backdoor, SysJoker, is in use in the wild. A warning on commercial surveillance software. A leak investigation continues in Denmark. Joe Carrigan explains bogus QR codes. Our guest is Casey Allen of Concentric on cyber vulnerabilities in automobiles. And, Europol is told it has a year to clear its databases of information on people not involved in crime. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/7 Learn more about...
CISA provides an account of progress toward Log4shell remediation. Other issues are reported in open-source libraries. Undersea cable security. FIN7s BadUSB campaign. Security and Yealink.
CISA describes progress toward remediating Log4shell. Other open-source libraries are found to have similar issues, in one case problems deliberately introduced by the developer. Concerns are expressed over undersea cable security. FIN7s BadUSB campaign. Security questions about another Chinese-made phone. Our guest is Bob Maley from Black Kite on their report - The Government Called, Are You Ready to Answer? Chris Novak from Verizon on PCI 4.0. And Russo-American talks open in Geneva.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/6
Learn more about your ad choices. Visit megaphone.fm/adchoices
Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes]
Senior Vice President and Executive in Residence with Rapid7 and Chairman for Cyversity, Julian Waits, grew up in the era of the Justice League and Superman and it shaped his career.Julian always wanted to do something where he could find a way to help society to basically help others. Starting out as a Baptist minister with aspirations of being a professional musician, Julian found it more practical to take some technology classes and practice his saxophone when he had time. His first tech job was at Texaco where he worked on early networks and moved into systems engineering at Compaq....
The rise of Karakurt Hacking Team.
Guest Rob Boyce, Accenture's Global Lead for Cyber Incident Response and Transformation Services, joins Dave to discuss their research "Karakurt rises from its lair." Accenture Security has identified a new threat group, the self-proclaimed Karakurt Hacking Team, that has impacted over 40 victims across multiple geographies. The threat group is financially motivated, opportunistic in nature, and so far, appears to target smaller companies or corporate subsidiaries versus the alternative big game hunting approach. Based on intrusion analysis to date, the threat group focuses solely on data exfiltration and subsequent extortion, rather than the more destructive ransomware deployment. In addition, Accenture...
Kazakhstan shuts down its Internet as civil unrest continues (and one consequence is a disruption of alt-coin mining in that country). More on Log4j. Ransomware hits school website provider.
Kazakhstan shuts down its Internet as civil unrest continues (and one consequence is a disruption of alt-coin mining in that country). The UKs NHS warns of unknown threat actors exploiting Log4j bugs in unpatched VMware Horizon servers. In the US, CISA continues to assist Federal agencies with Log4j remediation, and observers call for more Government support of open-source software security. A major provider of school websites is hit with ransomware. Our guest is John Belizaire of Soluna Computing with a new approach to data center efficiency. Thomas Etheridge from CrowdStrike on supply chain risks. And the US extends the deadline...
Log4j and industrial control systems. Regulators consider the software supply chain. Malsmoke hits an old vulnerability. Social engineering via Google Docs. Call spoofing and robocalls.
ICS vendors address Log4j vulnerabilities. Regulators and legislators think about addressing issues in the software supply chain. Ransomware gangs were quick to exploit Log4shell. An old, and patched, Windows vulnerability is being exploited by the Malsmoke gang. Social engineering of Google Docs users is up. Mr. Klyshin pleads not guilty. Robert M. Lee from Dragos makes the case for salary transparency. Our guest is George Gerchow from Sumo Logic with new approaches for the modern threat landscape. And call spoofing is making robocalls moderately more plausible. For links to all of today's stories check out our CyberWire daily news briefing:...
CISA reports progress on Log4j. The FTC warns US businesses about taking Log4j risk mitigation seriously. Gangland updates, and some notes on hybrid war.
CISA says US Federal agencies are now largely in compliance with Log4j risk mitigation guidance. The FTC issues advice and a warning on Log4j to US businesses. A skimmer is installed through cloud-delivered video. The Vice Societys ransomware is meddling with supermarket operations in the UK. The Atlantic Council offers advice on strategy for the grey zone. Hacktivists are expected to punish greenwashing in 2022. Caleb Barlow on recent FBI PIN about how ransomware operators are looking for material non-public information to improve their chances of being paid. Our guest is Helen Patton from Cisco on her book, Navigating the...
Log4j issues persist. Konni RAT found in New Years greetings. Hacktivism or state-directed cyber action? Moscow worries about Mr. Klyushins knowledge. The Show-Me-Too-Much State.
Its going to take time, vigilance, and attention to detail to manage the Log4j risks. A North Korean APT is trying to install the Konni RAT into Russian diplomats devices. More hacktivist-looking incidents follow the anniversary of Iranian General Soleimanis death. Other, self-inflicted, software supply chain incidents. The Kremlin is said to be worried about what Mr. Klyushin might tell the Americans whove got him in jail. Ben Yelin on the tension between ephemeral messaging apps and the publics right to know. Mr Security Answer Person John Pescatore joins our show. And the Show-Me state needs to rethink all that...
Log4j updates, including an Aquatic Panda sighting. Cyberattacks hit news services in Norway, Israel, and Portugal. Addressing Y2K22.
Aquatic Panda has been found working Log4shell exploits against an academic institution. Apache fixes new Log4j issues reported last week, and Microsoft also updates Windows Defender to address Log4j risks. Cyberattacks, criminal or hacktivist in motivation, hit news outlets around the new year. Microsoft works on fixing a Y2K22 bug in on-premise Exchange Server. Andrea Little Limbago from Interos on technology spheres of influence. Our guest is Mark Dehus from Lumens Black Lotus Labs with DDoS insights. And CISA issues some ICS security advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/11/1 Learn...
Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]
Head of Cyber Governance with Red Sift, Dr. Rois Ni Thuama shares the circuitous route of her career into cyber governance.She notes the route "looks really clean, but actually it was a bit more Jeremy Bearimy." While at Trinity College, Rois was moved to be part of history unfolding in South Africa and pause her studies. While there, she began making music videos and wildlife documentaries. Upon her return to London, Rois started working in corporate governance and risk at a music technology startup. This ignited her enthusiasm for startups. She now works in a company with several coworkers from...
Cybersecurity predictions for 2022. [CyberWire-X]
Industry experts discuss their cybersecurity predictions for 2022, what trends and attacks will be most prevalentin the year ahead, and how organizations should be preparing for the new year.
In this show, we cover what they think the industry might see in 2022 (and some we probably won't see).The CyberWire's Rick Howard speaks with Hash Table member Kevin Magee, Chief Security Officer at Microsoft Canada, and show sponsor Keeper Security's CTO & Co-Founder Craig Lurey joins The CyberWire's Dave Bittner on this CyberWire-X and shares his insights on the topic.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Encore: When big ransomware goes away, where should affiliates go? [Research Saturday]
Our guest Doel Santos, Threat Research Analyst at Palo Alto Networks, joins Dave Bittner to talk about Unit 42's work on "Ransomware Groups to Watch: Emerging Threats." As part of Unit 42s commitment to stop ransomware attacks, they monitor the activity of existing groups, search for dark web leak sites and fresh onion sites, identify up-and-coming players and study tactics, techniques and procedures. During their operations, Unit 42 observed four emerging ransomware groups that are currently affecting organizations and show signs of having the potential to become more prevalent in the future. Doel discusses these (AvosLocker, Hive Ransomware, HelloKitty, and...
CyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd.
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Jaclyn Miller from NTT, Ltd. on diversity, inclusion and remote access security. Like what you hear? Consider subscribing to CyberWire Pro for...
CyberWire Pro Interview Selects: Sir David Omand.
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Sir David Omand, former GCHQ Director, on his book,How Spies Think: Ten Lessons in Intelligence.. Like what you hear? Consider subscribing to...
CyberWire Pro Interview Selects: Zan Vautrinot on boards.
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Rick Howard speaks with Zan Vautrinot about boards. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more. Learn more about your ad...
CyberWire Pro Interview Selects: Bill Wright of Splunk.
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Bill Wright of Splunk on the ongoing geopolitical ransomware trend. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn...
Encore: Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]
Historian and Curator at the International Spy Museum. Dr. Andrew Hammond, shares how he came to share the history of espionage and intelligence as a career.Starting out in the Royal Air Force when 9/11 happened, Andrew found himself trying to understand what was going on in the world. Studying history and international relations gave him some perspective and led him on his career path which included an introduction to museum industry at the 9/11 Museum. After a stint in academia in the UK, Andrew found his way back to the US and eventually ended up at the International Spy Museum...
The CyberWire: The 12 Days of Malware.
Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game!Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of...
CyberWire Pro Research Briefing from 12/21/2021.
Enjoy a peek into CyberWire Pro's Research Briefing as the team is off taking our long winter's nap. This is the spoken edition of our weekly Research Briefing, focused on threats, vulnerabilities, and consequences, as theyre played out in cyberspace. This week's headlines: US Commission on International Religious Freedom reportedly hacked. Sophistication of NSO exploit on par with nation-state tooling. Conti ransomware actors exploit Log4Shell. Like what you hear? Consider subscribing to CyberWire Pro for $99/year.Learn more.
Learn more about your ad choices. Visit megaphone.fm/adchoices
CyberWire Pro Interview Selects: Hatem Naguib of Barracuda Networks.
During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Hatem Naguib, new CEO of Barracuda Networks, to discuss his views on how cybersecurity trends have drastically changed over the past year,...
Log4j updates, including one deadline. Other, non-Log4j, challenges. RSAC postpones itself until June. A German court awards pain-and-suffering damages in a breach case.
An update of where things stand with respect to the Log4j vulnerabilities, and a reminder that there are other matters to attend to as well. RSAC postpones its annual security shindig to June, hoping to avoid the COVID. A German court awards pain-and-suffering damages for a data breach. Carole Theriault looks at hiring challenges in cyber. Robert M. Lee from Dragos with insights from his own entrepreneurial journey. And a new start-up seeks to take lemons and make them into lemonade. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/245 Learn more about your...
The Five Eyes have some joint advice on detecting, defending against, and responding to Log4j exploitation. Notes on ransomware, espionage, and cyber conflict.
More criminals exploit vulnerabilities in Log4j. The Five Eyes issue a joint advisory on Log4j-related vulnerabilities, as other government organizations look into defending themselves against Log4shell. Ransomware updates. Russo-Ukrainian tensions rise, as does the likelihood of Russian cyberattacks against its neighbor. Uganda and NSO Groups troubles. CISA issues six ICS advisories. Malek Ben Salem explains synthetic voices. Our guest is Dr. David Lanc from Ionburst on embracing Data Out protection. And some advice on how to be the family help desk and CISO during the holiday season. For links to all of today's stories check out our CyberWire daily news...
Belgiums MoD suffers Log4shell attack. A man-in-the-middle concept. APT activity. Five Russians face US charges (ones in custody). Fortunes of coin-mining. Holiday greetings from CISA and the FBI.
Belgiums Ministry of Defense comes under attack via Log4j vulnerabilities. A cellular handover, man-in-the-middle exploit is described by researchers. The FBI says an APT group is exploiting unpatched Zoho ManageEngine Desktop Central servers. The US charges five Russian nationals with a range of cybercrimes. Coin-miners in China feel some heat. Ben Yelin describes a Meta lawsuit targeting anonymous phishers. Our guest Todd Carroll of CybelAngel explains the shifting tactics of troll farms.And, Grinchbots aside, CISA and the FBI offer holiday greetings and advice. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/243 Learn more...
Log4j: new exploitation, new mitigations, new risk assessments. Service interruptions, Space Forces capture-the-flag, and official interventions.
Updates on Log4j vulnerabilities: new exploitation, new mitigations, new risk assessments, some good advice from the NCSC, and from Betsy Carmelite and Mike Saxton, analysts at Booz Allen Hamilton. Kronos interruptions continue into the holiday season. NCA shares compromised passwords with Have I Been Pwned. A power grid security exercise in Ukraine, AWS outage last week put down to congestion. Hack-A-Sat promises more transparency. Tis the season for charity scams, as Carole Theriault reports. And the SEC wants financial services companies to use proper channels, not, say, WhatsApp and personal email. For links to all of today's stories check out...
Ed Amoroso: Security shouldn't be the main dish. [Computer Science] [Career Notes]
Chief Executive Officer and Founder of TAG Cyber, Ed Amoroso, shares how he learned on the job and grew his career.In his words, Ed "went from my dad having an ARPANET connection and I'm learning Pascal, to Bell Labs, to CISO, to business, to quitting, to starting something new. And now I'm riding a new exponential up and it's a hell of a ride." Hear from Ed how he sees security as a side dish that you'll progress into naturally once you've paid your dues and mastered a skill like networking, software or databases. We thank Ed for sharing his...
Discovering ChaosDB, a critical vulnerability in the CosmosDB. [Research Saturday]
Guests Sagi Tzadik and Nir Ohfeld of cloud security company Wiz join Dave to discuss their research "ChaosDB: How we hacked thousands of Azure customers databases." Nearly everything we do online these days runs through applications and databases in the cloud. While leaky storage buckets get a lot of attention, database exposure is the bigger risk for most companies because each one can contain millions or even billions of sensitive records. Every CISOs nightmare is someone getting their access keys and exfiltrating gigabytes of data in one fell swoop. Database exposures have become alarmingly common in recent years as more...
Log4j updates, with a side of Fancy Bear. Roots of Huaweis career as a security risk. Tropic Trooper is back. Meta boots cyber mercenaries. Other cyberespionage incidents.
It seems that Fancy Bear may be interested in Log4shell after all. CISA issues Emergency Directive 22-02, which addressed Log4j. Huaweis reputation as a security risk may be traceable to a 2012 incident in an Australian telcos networks. Tropic Trooper is back, and interested in transportation. Meta kicks out seven cyber mercenary surveillance outfits. PseudoManusrypt looks curiously indiscriminate. Johannes Ullrich from SANS Technology Institute on making the great Chinese firewall work for you. Our guest is Terry Halvorsen from IBM on next-gen cybersecurity efforts to fix the cybersecurity inequity. And the US Commission on International Religious Freedom is reportedly hacked....
Log4Shell exploited by criminals and intelligence services. Private sector offensive cyber capabilities. Noberus ransomware used in double-extortion attacks. Squid Game phishbait.
Log4Shell is exploited by criminals and intelligence services. Private sector offensive cyber capabilities are on par with nation-states. Noberus ransomware is used in double-extortion attacks. Malek Ben Salem from Accenture looks at cyber twins. Our guest is Tom Kellermann from VMware with reaction to CISAs Binding Operational Directive. And Squid Game phishbait.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/240
Learn more about your ad choices. Visit megaphone.fm/adchoices
Log4j and Log4shell updates. Cyberespionage and C2C market developments. Patch Tuesday notes. And how do you pronounce that, anyway?.
A second vulnerability is found and fixed in Log4j as both criminals and nation-state intelligence services increase their exploitation of Log4shell. Iranian intelligence services have been actively conducting cyberespionage against a range of targets in the Middle East and Asia. Andrea Little Limbago from Interos checks in on supply chain issues. Our guest is Suzy Greenberg from Intel with a look ahead toward the coming year. A quick look back at Patch Tuesday, and, finally, some musing on literacy, orality, and the way you pronounce stuff people tweet about... For links to all of today's stories check out our CyberWire...
Log4Shell updates. Payroll provider disrupted by ransomware. Companies supporting surveillance distance themselves from the business. Cybercrime and IRL punishment.
An update on the Log4shell, and how its being exploited in the wild. A ransomware attack disrupts a cloud-based business service provider. NSO Group is said to be considering selling off its Pegasus unit. A marketing presentation suggests Huawei has been deeply implicated in providing tools for Chinese repression. Nigerias cyber gangs are actng like Murder, Inc. An arrest in Romania, sentences in Germany. Joe Carrigan looks at the language of cyber security. Our guest Brad Hawkins of SaferNet wonders if digital privacy even exists anymore.And news from Mars. For links to all of today's stories check out our CyberWire...
Updates on Log4shell, now being exploited in the wild. India PMs Twitter account is hijacked. Extortion at Brazils Ministry of Health and Volvo. Phishing sites lifespan. Sentence passed.
The Log4shell vulnerability is trouble, and its remediation isnt going to be quick or easy. In India, Prime Minister Modis Twitter account was hijacked. Official Brazilian COVID vaccination data bases are stolen and rendered unavailable. Extortionists claim to have taken sensitive, proprietary R&D information from Volvo. Phishing sites appear and vanish in a matter of hours. Rick the Toolman Howard expands his cast of characters. Robert M. Lee from Dragos shines a light on solar storms and risk management. And sentence is passed in a case related to the Kelihos botnet. For links to all of today's stories check out...
Hannah Kenney: Focused on people. [Risk] [Career Notes]
Manager in BARR Advisory's Cyber Risk Advisory Practice, Hannah Kenney, shares her journey from never considering technology as a career to having it click in an informations systems class in college.After noticing she was the only one in the room who enjoyed the lecture, Hannah knew she wanted to go down the technology route. In talking about her work, Hannah describes it as creative problem solving. She hopes "people see me as someone who viewed cybersecurity and risk as something that is focused on people first and foremost." We thank Hannah for sharing her story with us. Learn more about...
FIN7 repositioning focus into ransomware. [Research Saturday]
Guest Ilya Volovik, Team Lead of Cyber Intelligence at Gemini Advisory, discusses his team's work on "FIN7 Recruits Talent For Push Into Ransomware." The cybercriminal group FIN7 gained notoriety in the mid-2010s for large-scale malware campaigns targeting the point-of-sale (POS) systems.In 2018, Gemini Advisory reported FIN7s compromise of Saks Fifth Avenue and Lord & Taylor stores and the subsequent sale of over 5 million payment cards on the dark web. According to the US Department of Justice, the broader FIN7 carding campaigns have resulted in the theft of over 20 million payment card records and cost victims over $1 billion,...
Cyberespionage in Southeast Asia. Two young extortion gangs make their bones. Bot-herders like MikroTik devices. Log4Shell zero-day exploited in the wild. Update on the Assange case.
Cyberespionage in support of Belt and Road, and of Beijings claims in the South China Sea. Karakurt ransomware skips the encryption and goes right to the doxing. Black Cat ransomware is rising. Vulnerable MikroTik devices are bot-herders favorites. The Log4Shell zero-day is being exploited in the wild, and will be a tough one to remediate. Julian Assange moves closer to extradition. Johannes Ullrich on changing user behavior. Our guest is Oliver Rochford of Securonix on the affordability of good security.And shoulder-surfing as a threat to Snapchat users. For links to all of today's stories check out our CyberWire daily news...
Ransomware gangs, paycard skimmers, and Grinchbots. Russia blocks Tor, and the US Senate holds hearings on social media and its arguably malign influence on youth.
Conti continues, undeterred. Magecart skimmers are infesting WooCommerce instances. Users are finding url redirection attacks difficult to detect. A quick look at the workings of the Hive ransomware gang. Russia blocks Tor. The US Senate holds hearings on social media and adolescent mental health. Dinah Davis from Arctic Wolf on assessing your security posture. Our guest Neal Dennis of Cyware discusses Automation And Unification. And Grinchbots are still prowling for presents.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/235
Learn more about your ad choices. Visit megaphone.fm/adchoices
AWS resolves service issues. A summit stand-off. Dark web chatter, and arbitrage courts in the C2C world. Looking for stolen or lost alt-coin.
Amazon resolves its Tuesday outage as observers wonder about cloud risks. A stand-off at the Russo-American summit, but chatter in the dark web suggests that the Russophone underworld is feeling uneasy. A look at the arbitrage process that governs the criminal-to-criminal market. Carole Theriault reads the fine print. Andrea Little Limbago looks at global regulatory regimes. A DeFi platform asks for its stolen money back, and a guy looks for his private key in a physical garbage dump. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/234 Learn more about your ad choices. Visit...
The Russo-US summit is expected to take up tension over Ukraine and tensions in cyberspace. Microsoft disrupts APT15. Google disrupts Glupteba. Satoshi Nakamoto is...out there still?
Notes on todays Russo-America summit. Microsoft seizes websites used by the Chinese threat actor Nickel. Google takes technical and legal action against a Russian botnet. Ben Yelin unpacks Australias aim to uncover online trolls. Our guest is Ed Amorosa from TAG Cyber. And the real Satoshi Nakamoto has yet to stand up--just ask a Florida jury.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/233
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hot wallets hacked. Pegasus found in US State Department personnels phones. Cozy Bear update. Cybersecurity on the Russo-US summit agenda. US Cyber Command says its imposing costs.
Cryptocurrency exchange loses almost $200 million as two hot wallets are compromised. Phones belonging to US State Department personnel concerned with Uganda are found to have been infected with NSO Groups Pegasus surveillance technology. Mandiant reports recent activity by the threat group thought responsible for the SolarWinds compromise. Cybersecurity will be on the agenda at tomorrows Russo-US summit. Caleb Barlow outlines threats to the Winter Olympics. Rick the-toolman Howard looks at the marketing hype-cycle.And US Cyber Command says its been imposing costs. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/232 Learn more about...
Rediscover trust in cybersecurity: A women in cybersecurity podcast. [Special edition]
It's important for employees to be brought into the fold as security's allies, rather than as its adversaries. For cybersecurity teams that operate with an adversarial mindset appropriate for external threats, it can be challenging to approach internal threats differently. You can't treat employees the same way you treat nation-state hackers. But employees play a pivotal role in preventing data leaks, making it important to create a company-wide culture of transparency. Transparency feeds trust, which builds a strong foundation for Security Awareness Training to be truly effective. The CyberWire's Jennifer Eiben hosts this women in cybersecurity podcast. Kathleen Smith of...
Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]
Distinguished Security Strategist at Splunk, Ryan Kovar, shares his journey that started in the US Navy and how it contributed to his leadership in life after the military.Cutting his teeth as sysadmin on the USS Kitty Hawk, Ryan worked as a contractor following the Navy. At Splunk, he leads the SURGe research team to solve what he calls the "blue collar for the blue team problems". He works hard on incorporating diversity of thought. Ryan notes, "I've been doing cybersecurity or IT now for over 20 years and of that 20 years of knowledge, only about five years of that...
Getting in and getting out with SnapMC. [Research Saturday]
Guest Christo Butcher of NCC Group's Research and Intelligence Fusion Team discusses their research into a cybercriminal group they dubbed SnapMC. Forget ransomware, too expensive and too much hassle. Randomly enter through a known vulnerability, take a look around, lock away data and leave again. And all that within half an hour: hit & run. An email is then sent to the affected organization: pay or else the stolen data will be published and/or sold. This is the opportunistic approach of a new group of blackmailers who don't even bother to encrypt data. NCC Group has given them the name...
Espionage phishbait in South and Southwest Asia. A utility recovers from a cyber incident. GAO tells the US Congress cyber strategy is wanting. Investigations, Moscow and Missouri style.
SideCopy, a Pakistani APT, is phishing for information in both India and Afghanistan. A Colorado electrical utility continues to recover from a cyber incident it sustained early last month. The GAO tells the US Congress that the nation still lacks a comprehensive cybersecurity strategy. The Missouri Highway Patrol continues, for some reason, to investigate a responsible disclosure as a criminal hack. Dinah Davis from Arctic Wolf on hackers targeting Minecraft. Our guest is Blake Darch from Area 1 Security with research on phishing. And it appears Moscow thinks a Group-IB leader outed Fancy Bear to the US. For links to...
More APT activity. Brigading, Mass Reporting, and Coordinated Inauthentic Behavior. CISA names the CSAC members. Cybercriminals sentenced. A whistleblower with an ulterior motive?
An APT is exploiting Internet-facing instances of ServiceDesk Plus. Meta releases its end-of-year Adversarial Threat Report, and adds Brigading and Mass Reporting to Coordinated Inauthentic Behavior as activities that will get accounts shut down. CISA names the first members of its Cybersecurity Advisory Committee. Sentencing, American and Russian style. Malek Ben Salem has a look at cyber resilience. Our guest is PJ Kirner from Illumio with a look ahead to 2022. And an alleged false whistleblower is under indictment, and under arrest. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/230 Learn more about...
Trends among the APTs. Imaginary times and imaginary places. Flubot in Finland. Emotet false alarms in Office. Smishing for Iranian Android users. CISAs ICS advisories. Moscow on cybercrime.
RTF template injection is newly favored by APTs. Malware hides in February 31st. Milords and miladies, the Principality of Sealand hath been hacked. Finland's National Cyber Security Center warns of a large-scale Flubot campaign in progress. False alarms are flagging Emotet where it isnt found. Iranians victimized by a smishing campaign. CISA issues industrial control system advisories. Kevin Magee from Microsoft is really trying to rid the world of passwords. Our guest is Mike Hendrickson of Skillsoft to discuss turning the tide in this fight against cybercrime. And Mr. Putin says Russias in favor of international cooperation against cybercrime. For...
Cybercrime and the criminal-to-criminal markets that support it during the holiday shopping season. Shaming as a pressure tactic. Living large, even when living on the lam.
Today, its all crime all the time. Cybercrime, the C2C underground market, and the expansive holiday shopping season. Rebranding in gangland. How crooks exclude targets on the basis of language or geolocation. Shaming as a criminal pressure tactic. Bad apps in the Play Store. Andrea Little Limbago looks at internet blackouts. Carole Theriault wonders what the Metaverse really means. And living large while living on the lam.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/228
Learn more about your ad choices. Visit megaphone.fm/adchoices
Reply-chain attacks. Intelligence services go phishing. Civilian targets hit in Israeli-Iranian cyber conflict. The Entity List expands. Russo-Ukrainian tensions rise.
A reply-chain incident is reported at a major international furniture and housewares retailer. North Korean operators are phishing for South Korean marks using bogus Samsung recruiting emails as phishbait. Fancy Bear has been seen pawing at Gmail. A regional escalation to civilian targets in the cyber conflict between Iran and Israel. More organizations are added to the US Entity List. Johannes Ullrich looks at decrypting Cobalt Strike. Our own Rick Howard wonders if executive really need to know how to drive that tank. And tension between Russia and Ukraine continues to rise. For links to all of today's stories check...
Anisha Patel: Right along with them. [Program management] [Career Notes]
Associate Director at Raytheon Intelligence and Space in the Cyber Protection Services Division Anisha Patel always loved math and it defined her career journey. As a first-generation American from an Asian household, Anisha said she was destined for a STEM-focused career and chose electrical engineering. She began her career and remains at Raytheon (formerly E-Systems) working in several areas of the business thanks to her skills and informal mentors. Starting a rotational assignment in program management (7 years ago), Anisha said she "went to the dark side and then the hole closed and there I ended up." Anisha talks about...
CyberWire Pro Research Briefing from 11/23/2021
Enjoy a peek into CyberWire Pro's Research Briefing as the team is off recovering from our Thanksgiving feasts. This is the spoken edition of our weekly Research Briefing, focused on threats, vulnerabilities, and consequences, as theyre played out in cyberspace. This week's headlines: Iranian threat actors target the IT supply chain. North Korean cyberespionage. More information on Emotet's return. Like what you hear? Consider subscribing to CyberWire Pro for $99/year.Learn more.
Learn more about your ad choices. Visit megaphone.fm/adchoices
CyberWire Pro Interview Selects: Carolyn Crandall of Attivo Networks.
Our team decided to extend our Thanksgiving holiday and thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview October 27th, 2021 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Carolyn Crandall of Attivo Networks on what organizations should be focused on to protect AD. Like...
Misdirection and layering with a con in the middle. [Hacking Humans Goes to the Movies]
Thanks for joining us for our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Rick's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your popcorn and join us...
Phishing in the Iranian diaspora. Not your grandma and grandpas crytper. Malware-as-a-service. Proofs-of-concept (one is a zero-day). Apple sues NSO Group.
An apparent cyberespionage campaign targets the Iranian diaspora. Babadeda is an emerging crypter seeing use against alt-coin and NFt speculators. RATDispenser is out in the wild, a malware-as-a-service operation. Proofs-of-concept published for Microsoft exploits. Apple sues NSO Group. Group-IBs founder asks President Putin for clemency. Caleb Barlow on the difference between working for a company that is funded by VCs, PEs, angels or is public. Our guest today is Karl Sigler from Trustwave on the results of the 2021 Trustwave SpiderLabs Telemetry Report. And theres a guilty plea in the Wolf of Sophia case. For links to all of today's...
Tardigrade malware infests the US biomanufacturing sector. GoDaddy suffers a significant data breach. Facebook Papers to be reviewed and released. NSO Groups troubles.
Tardigrade malware infests the US biomanufacturing sector. GoDaddy suffers a significant data breach. A Gizmodo-led consortium will review and release the Facebook Papers. Ben Yelin on our privacy rights during emergency situations. Our guest is Ric Longenecker of Open Systems to discuss how ransomware attacks represent the number one threat for universities. And NSO Group may not recover from current controversy over its Pegasus intercept tool.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/225
Learn more about your ad choices. Visit megaphone.fm/adchoices
Stealing from the best? An enigma in the criminal-to-criminal market. CISAs holiday caution. Someones impersonating the SEC. Three weekend cyberattacks.
The Lazarus Group seems interested in learning from, by which they mean stealing from, some of the worlds leading state-sponsored cyber operators. Void Balaur remains an enigma, but its not the only player in the C2C market. CISA and the FBI warn all, but especially critical infrastructure operators, to remain alert during the holidays. Some scammers are impersonating the US SEC. Dinah Davis from Arctic Wolf on what security gifts to get your family this year. Our guest today is Carole Theriault on online gaming during the pandemic. And cyberattacks are reported on an airline, a utility, and a manufacturer...
MK Palmore: Lead from where you stand. [CISO] [Career Notes]
Director of Google Cloud's Office of the CISO, MK Palmore, dedicated much of his life to public service and now brings his experience working for the greater good to the private sector. A graduate of the US Naval Academy, including the Naval Academy Prep School that he calls the most impactful educational experience of his life, MK commissioned into the US Marine Corps following his service academy time. He joined the FBI and that is where he came into the cybersecurity realm. MK is passionate about getting more diversity, equity and inclusion into industry. We thank MK for sharing his...
How ransomware impacts organizations. [CyberWire-X]
As ransomware attacks rapidly rise in frequency, eye-popping ransom demands grab headlines, and consumers experience product shortages and difficulty accessing services as the organizations they do business with are knocked offline.However, little is reported about the impact of a ransomware attack inside an organization. However,little is reportedabout the impactof a ransomware attackinside an organization. In this show, we cover what steps organizations are taking now to prepare for a ransomware attack and what happens to an organization on that especially bad day when ransomware comes calling.The CyberWire's Rick Howard speaks with Hash Table member Don Welch, Vice president for Information...
Using bidirectionality override characters to obscure code. [Research Saturday]
Guests Nicholas Boucher and Ross Anderson from the University of Cambridge join Dave Bittner to discuss their research, "Trojan Source: Invisible Vulnerabilities." The researchers present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye. This attack exploits subtleties in text-encoding standards such as Unicode to produce source code whose tokens are logically encoded in a different order from the one in which they are displayed, leading to vulnerabilities that cannot be perceived directly by human code reviewers. Trojan Source attacks, as they call them,...
Software supply chain threats. Recent Iranian cyber operations. Banking disclosure rules. ICS updates. UK, US announce closer cooperation in cyberops. A real, literal, evil maid?
Software supply chain incidents: FatPipe, PyPi, and IT services generally. A look at recent Iranian operations. The US Federal Reserve publishes its disclosure rules for banks sustaining cyber incidents. CISA issues a set of ICS advisories. Two of the Five Eyes announce plans for continued, even closer cooperation in cyberspace. Johannes Ullrich on attackers abusing "PAM" (Plug Authentication Modules). Our guest is Hatem Naguib, CEO at Barracuda Networks. And a real evil maid seems to have been out and about in Tel Aviv. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/223 Learn more...
Developments in cyber gangland, and the increasingly complicated entanglement of crooks and spies. Selling confiscated alt-coin to compensate fraud victims.
Red Curl is a Russophone gang with an unusual target list. North Koreas TA406 is having a busy year, hacking for intelligence and for profit. Wicked Pandas getting good at code-signing, and software supply chain attacks are in Beijings long-term plans. A spearphishing campaign abuses legitimate collaboration tools. Kevin Magee from Microsoft has an insiders look at Windows 11 security. Our guest is Kevin Bocek of Venafi to discuss Security Software Build Environments. And selling confiscated cryptocurrency to compensate victims of scams. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/222 Learn more about...
CISA and its partners warn of Iranian cyber ops. Cyberespionage in the Middle East with Candiru tools. Belarus connected to Ghostwriter. Facebook boots SideCopy. RAMP recruits members.
CISA, the FBI, the ACSC, and the NCSC issue a joint advisory warning of an Iranian cyber campaign exploiting known vulnerabilities in Fortinet and Microsoft Exchange. A Belarusian connection to Ghostwriter. Candiru tools reported in watering holes. SideCopys interest in Afghanistan. RAMP shows an interest in attracting Chinese operators. Josh Ray from Accenture Security digs into the CONTI playbook leak. Our guest is Matt Keeley from Bishop Fox on fuzzing. And Pompompurin wants to sell you leaked Robinhood data. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/221 Learn more about your ad choices....
Threats and vulnerabilities, old and new, include Emotet and Mirai. CISA advises of DDS vulnerabilities. Arrest in a revenge porn case.
Older threats, including Emotet and Mirai, are out and about, and an old vulnerability, Rowhammer, gets a fresh proof-of-concept. A new banking Trojan threatens Europe. Intel works on vulnerabilities. CISA advises awareness of recently reported DDS vulnerabilities. Joe Carrigan explains how spearphishers are using customer complaints as bait. Rick Howard epaks with Carlos Vega from Devo on Supply Chain issues. And an arrest is made in a Maryland revenge porn case.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/220
Learn more about your ad choices. Visit megaphone.fm/adchoices
Official online channels hijacked in separate US, Philippine incidents. Update on MosesStaff, a ransomware group interested in politics, not profit. Costco breach. Ryuk money-laundering case.
Exploitation of a configuration error in the FBIs Law Enforcement Enterprise Portal enables hackers to send bogus warning emails. Philippine Office of Civil Defense Twitter account briefly hijacked. Update on Iranian politically motivated threat group MosesStaff. Discount retailer Costco discloses a point-of-sale skimmer incident. Dinah Davis from Arctic Wolf track zero days. Rick the Toolman Howard drops by the studio. And the US seeks extradition of a Russian alt-coin baron on charges of laundering Ryuks money.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/219
Learn more about your ad choices. Visit megaphone.fm/adchoices
The real costs of ransomware in 2021, 2022, and beyond. [CyberWire-X]
Ransomware: the problem that everyone is talking about, yet somehow continues to get worse with each passing year. In 2021, the cost of ransomware to global businesses is estimated to reach a whopping $20B. The problem has reached such a critical mass that it can no longer be cast away as some unknowable IT problemeveryone from cyber insurance providers to the federal government have taken note. The CyberWire's Rick Howard speaks with Hash Table member Kevin Ford of Environmental Systems Research Institute (ESRI), and ExtraHop's VP, GM of International and Global Security Programs, Mike Campfield, joins The CyberWire's Dave Bittner...
Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]
Ground Labs' Head of Engineering, Swati Shekhar, shares her circuitous route from and back to engineering. Always being interested in leveraging the tools available to solve problems, Swati talks about how she found her place in engineering. She mentions how she had her first real experience with a computer when she was 17 in her first year at college. Aside from being one of 30 young women in a sea of 500 young men there, Swati described it as a "good culture shock becauseanything that takes you out of your comfort zone actually makes you learn and grow." She notes...
A glimpse into TeamTNT. [Research Saturday]
Senior Intelligence Researcher at Anomali, Tara Gould, joins Dave to discuss their team's work on "Inside TeamTNTs Impressive Arsenal: A Look Into A TeamTNT Server." Anomali Threat Research discovered an open server to a directory listing that they attribute with high confidence to the German-speaking threat group, TeamTNT.The server contains source code, scripts, binaries, and cryptominers targeting Cloud environments.Other server contents include Amazon Web Services (AWS) Credentials stolen from TeamTNT stealers are also hosted on the server. This inside view of TeamTNT infrastructure and tools in use can help security operations teams to improve detection capabilities for related attacks, whether...
Tension in Eastern Europe. A Hong Kong watering hole. US, EU join the Paris Call. Cybermercenaries. CISAs plans for countering disinformation, and for forming a white-hat hacker advisory group.
Notes on rising international tension in Eastern Europe. A watering-hole campaign in Hong Kong. The US and the EU have joined the Paris Call. NSO Groups prospective CEO resigns his position before formally assuming it. Void Balaur, a cybermercenary group, is active in the Russophone cyber underground. Johannes Ullrich on leaked vaccination cards and Covid tests. Our guest is Carolyn Crandall of Attivo Networks on what organizations should be focused on to protect Active Directory. CISA intends to increase its capacity to work against misinformation and disinformation. CISA also intends to recruit white hat hackers to an advisory board. For...
Let's go to the movies. [Hacking Humans Goes to the Movies]
Welcome to a fun new project by the team who brings you Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series. They view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this first episode, Dave, Joe and Rick are watching Dave's and Joe's picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your popcorn and join us for a trip to...
Cyberespionage from Tehran. Clopp ransomware operators exploit vulnerable SolarWinds instances. Mercenaries and lawful intercept vendors. Patch Tuesday.
Tehrans Lyceum group expands its activities against ISPs and telcos in Israel, Morocco, Tunisia, and Saudi Arabia. Clopp is going after unpatched instances of SolarWinds. Cyber mercenaries are quietly competing with lawful intercept vendors. NSO Group receives a setback from the US 9th Circuit. Mexico makes an arrest in its Pegasus investigation. Carole Theriault shares her thoughts on the supply chain. Josh Ray from Accenture Security on Moving Left of the Ransomware Boom. And notes on Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/217 Learn more about your ad choices. Visit...
Ransomware hits an electronics retailer and a new-school financial services company. Updates on international action against REvil.
Hive ransomware hits electronics retailer Media Markt. Robinhood Markets sustains a data breach it traces to social engineering. Ben Yelin looks at the law behind U.S. police demanding your phone passcode. Dave checks in with Rick Howard for his thoughts on the Trojan Source vulnerability. And more notes on the international action against REvil, including the US application of sanctions (with Baltic cooperation) to three companies involved in supporting the gangs financial infrastructure.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/216
Learn more about your ad choices. Visit megaphone.fm/adchoices
REvil operators arrested and indicted. China says a foreign intelligence service accessed passenger travel records. Suspected Emissary Panda campaign.
REvil operators arrested and indicted. China says a foreign intelligence service accessed passenger travel records. Suspected Emissary Panda campaign. Conti (sort of) apologizes. Caleb Barlow thinks its time to re-think your security documentation. Our guest is Jessica Hetrick of Optiv Security oncyber fraud running rampant. And the FBI warns of ransomware attacks targeting casinos.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/215
Learn more about your ad choices. Visit megaphone.fm/adchoices
Jamil Jaffer: You should run towards risk. [Strategy] [Career Notes]
Senior Vice President for Strategy, Partnerships, and Corporate Development at IronNet Cybersecurity, Jamil Jaffer, shares how his interest in technology brought him full circle.Always a tech guy, Jamil paid he way through college doing computer support. Jamil went to law school and worked in various jobs in Washington DC including a stint in the newly-created National Security division of the Justice Department just after 9/11. When talking about adversity, Jamil notes, "Adversity has happened in life, but you gotta run at those things. To me, you know, I like risk. I think risk is something that a lot of people...
An incident response reveals itself as GhostShell tool, ShellClient. [Research Saturday]
Guest Mor Levi, Vice President of Cyber Practices from Cybereason, joins Dave Bittner to discuss her team's work on "Operation GhostShell - Novel RAT Targets Global Aerospace and Telecoms Firms." In July 2021, the Cybereason Nocturnus and Incident Response Teams responded toOperation GhostShell, a highly-targeted cyber espionage campaign targeting the Aerospace and Telecommunications industries mainly in the Middle East, with additional victims in the U.S., Russia and Europe. The Operation GhostShell campaign aims to steal sensitive information about critical assets, organizations infrastructure and technology. During the investigation, the Nocturnus Team uncovered a previously undocumented and stealthy RAT (Remote Access Trojan)...
$10 million reward for DarkSide info. BlackMatter members expected to resurface. Ukraine outlines Russias FSB cyber ops. Persistent engagement as deterrence. Arrest in Crossfire Hurricane inquiry.
The US offers a reward of up to ten million dollars for information leading to the identification or location of the leaders of the DarkSide ransomware gang. Researchers expect BlackMatters nominally retired operators to resurface in other criminal organizations. Ukraine outlines Russian FSB cyber operations during the hybrid war thats been waged since 2014. Deterrence in cyberspace. Carole Theriault takes on high value targets. Our guest is Bill Mann of Styra on rising compliance regulations and security drift. An arrest is made in Special Counsel Durhams investigation. For links to all of today's stories check out our CyberWire daily news...
Britains Labour Party sustains a data incident. CERT-FR describes a new affiliate gang, Lockean. US, Russian intelligence chiefs discuss cybersecurity. Gas is flowing in Iran again. Start-ups honored.
Britains Labour Party is affected by a ransomware incident a third-party provider sustained. ANSSI identifies a new ransomware affiliate gang, Lockean. Notes on how and why BlackMatter and REvil went on the lam. Russo-American talks discussed cybercrime and cybersecurity. Irans gas stations are fully back in business, following the cyber sabotage they sustained. Kevin Magee from Microsoft has highlights from their 2021 Digital Defence Report. Our guest is Ofer Ben Noon of Talon Cyber Security addressing browser vulnerabilities.And DataTribe has announced the winners of its fourth annual Cybersecurity Start-up Challenge. For links to all of today's stories check out our...
Ransomware gangs talk about retiring, and about deception. High-level Russo-American talks. US sanctions four spyware vendors. CISA tells US agencies to patch known, exploited vulnerbalities.
The BlackMatter ransomware gang says that its retiring under pressure from the authorities. The spokesman for the Groove group says his gang doesnt exist--he was just playing the media. Quiet, high-level talks held between senior US and Russian officials. The US Commerce Department sanctions four spyware vendors. Carole Theriault wonders if you can train yourself free of social engineering. Josh Ray from Accenture Security with insights from their Cyber Investigations and Forensic Response team.CISA tells Federal agencies to get patching. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/212 Learn more about your ad...
Trojan Source--a threat to the software supply chain. Ransomware goes to influence operations school. Triple extortion? Criminal target selection.
Researchers describe Trojan Source, a hard-to-detect threat to the software supply chain. A ransomware gang takes a page from the information operators book. From double extortion to triple extortion, as other ransomware gangs add distributed denial-of-service to encryption and doxing. Criminals are now hacking on material, non-public information, the FBI warns. Joe Carrigan looks at multifactor adoption at Twitter. Our guest is Steve Ragan from Akamai on API security. And criminals hit healthcare providers in Newfoundland.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/211
Learn more about your ad choices. Visit megaphone.fm/adchoices
Iranian officials blame the US and Israel for gas station cyber sabotage. A new direction for NSO? Cyber extortion, Minecraft phishing, and sugar daddies looking for sugar babies (sez they).
Iran hasnt finished investigating its gas station cyber sabotage, but Tehran is pretty sure the Great and Lesser Satans are behind it. NSO Group says its going in a new, nicer direction. The Conti gang hits a luxury jewelry dealer, and another, unknown group hits an upscale art dealership. The Chaos gang is after Minecraft players (players who cheat). Caleb Barlow on pre-breach pre-approvals. Rick Howard introduces sand tables in cyber space. And sugar daddies come to the world of advance fee scams. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/210 Learn more...
Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes]
Jadee Hanson, CIO and CISO at Code 42, started her technology journey thanks to the help of a teacher in high school.She began college studying computer science and ended with a degree in computer information systems as it had more of the business side. Working in the private sector for companies such as Deloitte, Target and Code 42, Jadee gained experience and specialized in insider risk. She notes"utopia for me and my team is to get to a spot where the team is just firing on all cylinders and being really proactive about what's coming and what's changing." Jadee mentions...
Malware sometimes changes its behavior. [Research Saturday]
Dr. Tudor Dumitras from University of Maryland andjoins Dave Bittner to share a research study conducted in collaboration with industry partners from Facebook, NortonLifeLock Research Group and EURECOM. The project is called: "When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real World." In the study, the team analyzed how malware samples change their behavior when executed on different hosts or at different times. Such split personalities may confound the current techniques for malware analysis and detection. Malware execution traces are typically collected by executing the samples in a controlled environment (a sandbox), and the...
Iranian-Israeli cyber tensions rise. Decaf ransomware described. Philippine government phshbait. Unemployment due to cyberattack. Europols latest collars. Facebook rebrands as Meta.
Tensions between Iran and Israel rise as sources in Tehran blame Israel for hacking gas stations, and as apparent Iranian hacktivists dox Israeli defense personnel. A new ransomware strain is discovered. A criminal group is spoofing emails from Philippine agencies. Europol and partners sweep up a cyber gang. Betsy Carmelite from BAH on convergence of 5G and healthcare. Our guest is Justin Wray from CoreBTS with a look at the security issues facing online gaming and casinos. And the company formerly known as Facebook rebrands as Meta. For links to all of today's stories check out our CyberWire daily news...
The Malware Mash!
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hacktivists or intelligence services in Iran? BOLO NIkolay K. Renouncing Conti, and all its empty promises. SEO poisoning. US cyber strategic intent.
Iran continues its recovery from a cyberattack that disrupted subsidized fuel distribution. Wanted in Stuttgart (but living it up in Russia): ransomware kingpin Nikolay K. The Conti ransomware gang gets poor customer service notices. Food distribution is on the cybercriminals target lists. SolarMarkers use of SEO poisoning. The US publishes a statement of strategic intent for its cybersecurity czars office. David Dufour from Webroot wonders if theres any hope at slowing down malware. Our own Brandon Karpf describes the DoDs Skillbridge program. And decryptors are made available for three ransomware strains. For links to all of today's stories check out...
Coups and comms blackouts. Fuel sale sabotage in Iran. Wslink described. Operation Dark HunTor takes down a contraband market. FTC looks into Facebook. LockBit speaks.
Sudan is under a blackout as a military junta consolidates control over the government. Iran says a cyberattack--unattributed so far--was responsible for disrupting fuel distribution in that country. A novel loader is discovered. Operation Dark HunTor takes down a darkweb contraband market. The US FTC is looking into Facebooks privacy settlement. The LockBit gang talks, and its insufferable. Andrea Little Limbago from Interos on government internet interventions. Carole Theriault weighs in on Facebook glasses. And Halloween is another day closer. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/207 Learn more about your ad...
Ransomware and privateering, counteroffense and deterrence. The US State Department will reestablish its cyber office. And looking forward to Halloween.
Notes on ransomware and privateering: Contis barking at its victims, someones exploiting billing software, and BlackMatter repeated some coding errors its DarkSide predecessor committed. GCHQ suggests that the UK will undertake a more assertive imposition of costs on cyber gangs. The US State Department will reestablish its cyber bureau. Software supply chain cyberespionage, and what can be done about it. Ben Yelin on school laptop privacy concerns. Our guest is David White of Axio to discuss Ransomware Preparedness. And some more scare-notes for Halloween. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/206 Learn...
SolarMarket malware carried in some WordPress sites. Russian privateers dont much like REvils takedown. The SVR in the supply chain. Malicious Squid Games app. Scary social media.
SolarMarket infestations are up, and circulating through WordPress sites. More indications that REvil was taken down by a US-led but thoroughly international public-private partnership, and the other Russian privateers have their noses seriously out of joint. Russias SVR is getting busy in software supply chains. Criminals take advantage of the popularity of Squid Games. Dinah Davis from Arctic Wolf on how even hackers have internal politics. Rick Howard checks in with the Hash Table on compliance. And Halloween is coming: do you know what your apps are up to? For links to all of today's stories check out our CyberWire...
Mark Nunnikhoven: Providing clarity about security. [Cloud strategy] [Career Notes]
Distinguished Cloud Strategist at Lacework, Mark Nunnikhoven, has gone from taking technology to its limits for his own understanding to providing clarity about security for others.Mark fell in love with his Commodore 128 and once he realized he could bend the machine to his will, it set him on the path to technology. While he had some bumps in the road, dropping out of high school and not following the traditional path in college, Mark did complete his masters in information security. His professional life took him from Canadian public service to the private sector where Mark noted the culture...
When big ransomware goes away, where should affiliates go? [Research Saturday]
Our guest Doel Santos, Threat Research Analyst at Palo Alto Networks, joins Dave Bittner to talk about Unit 42's work on "Ransomware Groups to Watch: Emerging Threats." As part of Unit 42s commitment to stop ransomware attacks, they monitor the activity of existing groups, search for dark web leak sites and fresh onion sites, identify up-and-coming players and study tactics, techniques and procedures. During their operations, Unit 42 observed four emerging ransomware groups that are currently affecting organizations and show signs of having the potential to become more prevalent in the future. Doel discusses these (AvosLocker, Hive Ransomware, HelloKitty, and...
Counting coup against REvil (and other gangs are taking note). Export controls and dual use. A timing bug will surface this weekend.
REvils troubles appear to be the work of an international law enforcement operation. Other gangs have noticed, and theyre looking a little spooked, even as they evolve their tactics in a maturing criminal-to-criminal market. Questions are raised about the efficacy of surveillance tool export controls. Caleb Barlow has cyber security considerations for CEOs and boards. Our guest is Mickey Boodeai of Transmit Security on the movement to do away with passwords. And if you liked Y2K, youre going to love ten-twenty-four. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/203 Learn more about your...
Evil Corp identified as the threat actor behind ransomware attacks on Sinclair and Olympus. Privateering. Fin7s front company. Sentencing in a bulletproof hosting case.
Evil Corp is identified as the operator behind the ransomware that hit the Sinclair Broadcast Group and Olympus. The US Defense Department complains of Russian toleration for ransomware gangs. The Fin7 gang has set up a front company to recruit talent. Betsy Carmelite from Booz Allen Hamilton on building mission-driven 5G security with zero trust. Our guest is Robert Carolina on ethics. And sentences are handed down in a bulletproof hosting case.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/203
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyberespionage campaign looks a lot like SIGINT collection. Magnitude gets more capable. VPN exploits solicited. Ransomware trends. Seven years for UPMC hacker. Plenty of Candy Corn coming.
The LightBasin activity cluster has been active indeed against telecom infrastructure in what looks like an espionage campaign. The Magnitude exploit kit adds capabilities for hitting Chromium browsers. An exploit broker is interested in cloud-based VPNs. Victims continue to pay in ransomware attacks. A hacker gets seven years for conspiracy to defraud and identity theft. David Dufour from Webroot looks at the coming threat landscape. Our guest is Paul Shread from eSecurity Planet on backup tools for ransomware. And a Candy Corn shortage is averted. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/202...
TA505s recent activity. Advice on defending organizations from BlackMatter. CISA RFI seeks EDR information. REvils halting attempts to return. Sinclairs incident response.
A look at TA505, familiar yet adaptable. A US joint cybersecurity advisory outlines the BlackMatter threat to critical infrastructure. CISA asks industry for technical information on endpoint detection and response capabilities. Is REvil trying to run on reputation? The Sinclair Broadcasting ransomware incident seems to provide a case study in rapid disclosure. Carole Theriault considers the fight for online anonymity. Joe Carrigan shares steps to protect the C-Suite. And theres a decryptor out for BlackByte.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/201
Learn more about your ad choices. Visit megaphone.fm/adchoices
A US broadcaster sustains a ransomware attack. North Korean catphis expelled from Twitter. REvils Tor sites are hijacked. Hacking back. Prosecution and responsible disclosure?
The Sinclair Broadcast Group discloses that it sustained a ransomware attack over the weekend. Twitter kicks out two North Korean catphish deployed in a cyberespionage campaign. REvil goes offline, again, perhaps this time for good. Hacking back, at least insofar as you let the hoods know you can see them. Rick Howard previews the newest season of CSO Perspectives. Johannes Ullrich from SANS on Expired Domain Dumpster Diving. And an update on the Missouri disclosure and proposed hacking prosecution. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/200 Learn more about your ad choices....
Ell Marquez: It's okay to be new. [Linux] [Career Notes]
Linux and Security Advocate at Intezer Ell Marquez shares her journey from the family ranch to security.Needing a life change due to a bunch of circumstances that had occurred that left her almost homeless, Ell found out about a six week Linux boot camp that took her down the path toward technology. She fell in love security at at BSides Conference and hasn't looked back. Ell says she recently started a campaign called "it's okay to be new" noting that no matter how long you've been in the industry, you need to be new because technology changes so quickly. She...
Groove Gang making a name for themselves. [Research Saturday]
Guest Michael DeBolt, Chief Intelligence Officer from Intel471, joins Dave Bittner to discuss their work on "How Groove Gang is shaking up the Ransomware-as-a-Service market to empower affiliates." McAfee Enterprise ATR believes, with high confidence, that the Groove gang is associated with the Babuk gang, either as a former affiliate or subgroup. These cybercriminals are happy to put aside previous Ransomware-as-a-Service hierarchies to focus on the ill-gotten gains to be made from controlling victims networks, rather than the previous approach which prioritized control of the ransomware itself. The research can be found here: How Groove Gang is shaking up the...
CISA and its partners warn of threats to water and wastewater treatment facilities. The curious case of Missouri teachers Social Security Numbers.
A CISA-issued Joint Advisory warns of threats and vulnerabilities at water and wastewater treatment facilities. CISA issues twenty-two other industrial control system advisories. Andrea Little Limbago from Interos on trends in the human element of security. Our guest is Gidi Cohen from Skybox with Vulnerability and Threat Trends. And the Governor of Missouri intends to prosecute the Saint Louis Post-Dispatch to the fullest extent of whatever the law turns out to be.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/199
Learn more about your ad choices. Visit megaphone.fm/adchoices
Notes from the underground: data breach extortion and a criminal market shuts down. International cooperation against ransomware. Cyber risk and higher education.
Data breach extortion seems to be an emerging criminal trend. Notes on a darknet markets retirement. Verizon advises Visible users to look to their credentials. Windows users attention is drawn to seven potentially serious vulnerabilities (all patchable). The Necro botnet is installing Monero cryptojackers. Organizing an international response to ransomware. Carole Theriault shares thoughts on social engineering. Dinah Davis from Arctic Wolf on the supply chain attack framework. And a quick look at the state of cyber risk in higher education. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/198 Learn more about your...
Cyber Espionage, again. Patched SolarWinds yet? Patch Tuesday. The international conference on ransomware has begun. Booter customers get a warning. A disgruntled insider alters aircraft records.
A Chinese-speaking APT is distributing the MysterySnail RAT in what appears to be a cyberespionage campaign. Some users still havent patched vulnerable SolarWinds instances. Notes on yesterdays Patch Tuesday. The US-convened international ransomware conference kicked off today, and Russia wasnt invited. Former users of a criminal booter service get a stern warning letter from the Dutch police. Caleb Barlow reacts to a recent ransomware tragedy. Our guest is Rob Gurzeev of CyCognito on the security issues with subsidiaries. And a Florida woman is charged with altering aircraft records. For links to all of today's stories check out our CyberWire daily...
Espionage by password spraying, and espionage via peanut butter sandwich. Ransomware and DDoS warnings. Two journalists get the Nobel Peace Prize
Teheran is running password spraying attacks (especially on Thursdays and Sundays). More on the renewed popularity of DDoS attacks. NCSC warns British businesses against ransomware. Two journalists win the Nobel Peace Prize. Joe Carrigan shares his thoughts on GriftHorse. Our guest is Bindu Sundaresan from AT&T Cybersecurity football season and cyber risks. And watch out for small data cards in your peanut butter sandwiches, kids.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/196
Learn more about your ad choices. Visit megaphone.fm/adchoices
Extra: Let's talk about Facebook's research. [Caveat]
Our guest is author and journalist Steven Levy. Hes editor-at-large at Wired and his most recent book is "Facebook: The Inside Story. Steven offers his insights on Facebooks internal research teams, Ben shares a newly-decided court case on whether Big Tech companies can be sued under the Anti-Terrorism statute, and Dave's got the story of some warrantless surveillance being declared unconstitutional in Colorado. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Links to stories:...
Brandon Karpf: A sailor of the 21st century. [Transitioning service member] [Career Notes]
Lieutenant in the US Navy and Skillbridge Fellow at the CyberWire, Brandon Karpf, knew he wanted to join the military at a young age. He achieved that through the US Naval Academy where he was a member of the men's heavyweight rowing team. Commissioning into the cryptologic field as a naval cryptologic warfare officer, Brandon was sent to MIT for a graduate degree where he experienced the exact opposite end of the spectrum from USNA's structured life. Brandon's work with both NSA and US Cyber Command helped him gain experience and cyber operations skills. As he is transitions from active...
Taking a closer look at UNC1151. [Research Saturday]
Matt Stafford, Senior Threat Intelligence Researcher, from Prevailion joins Dave to talk about their work on "Diving Deep into UNC1151s Infrastructure: Ghostwriter and beyond." Prevailions Adversarial Counterintelligence Team (PACT) used advanced infrastructure hunting techniques and Prevailions visibility into threat actor infrastructure creation to uncover previously unknown domains associated with UNC1151 and the Ghostwriter influence campaign.UNC1151 is likely a state-backed threat actor waging an ongoing and far-reaching influence campaign that has targeted numerous countries across Europe.Their operations typically display messaging in general alignment with the security interests of the Russian Federation; their hallmarks include anti-NATO messaging, intimate knowledge of regional culture...
Fancy Bears snuffling at Gmail credentials. FIN12s threat to healthcare, and BlackMatters threat to agriculture. REvil tries to reestablish itself in the underworld. Twitch update. Sachkov is charged.
Google warns fourteen-thousand Gmail users that Fancy Bear has probably been after their passwords. FIN12, a fast-running ransomware group, is after hospitals and healthcare providers money. BlackMatter remains active against the agriculture sector. REvil is back and talking on the RAMP forum, but so far its getting a chilly reception. Twitch traces its vulnerability to a server misconfiguration. David Dufour from webroot wonders about cracking down on crypto. Our guest is Jeff Dileo of NCC on mastering container security. And Group-IBs CEO is charged with treason. For links to all of today's stories check out our CyberWire daily news briefing:...
Espionage, mostly cyber but also physical. DDoS in the Philippines. TSA regulations for rail and airline cybersecurity are coming. US DoJ promises civil action for cyber failures. Twitch update. And NFTs.
Cyberespionage seems undeterred by stern warnings. DDoS hits the Philippine Senate. The US Department of Homeland Security intends to issue cybersecurity regulations for passenger rail and airlines. The US Department of Justice intends to use the False Claims Act to bring civil actions against government contractors who fail to follow recognized cybersecurity standards. An update on the Twitch breach. Josh Ray from Accenture looks at whats going on with Fancy Lazarus. Our guest is Sam Ingalls from eSecurity Planet on the state of Blockchain applications in cybersecurity. And what would it take to get you kids into a nice non-fungible...
Twitch is breached. MalKamak: a newly described Iranian threat actor. Chinese cyberespionage against India. SafeMoon phishbait. The ransomware threat. What counts as compromise.
Twitch is breached. A newly discovered Iranian threat group is described. A Chinese cyberespionage campaign in India proceeds by phishing. SafeMoon alt-coin is trendy phishbait in criminal circles. As the US prepares to convene an anti-ransomware conference, Russian gangs show no signs of slacking off. Betsy Carmelite from BAH on AI/ ML in cyber defensive operations. Our guest is Adam Flatley of Redacted with recommendations from the Ransomware Task Force. And observations on what counts as compromising material. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/193 Learn more about your ad choices. Visit...
Facebooks back up, and the outage was due to an error, not an attack. A look at AvosLocker and Atom Silo ransomware. The case of the Kyiv ransomware gangsters. Thoughts on the Pandora Papers.
Facebook restores service after dealing with an accidental BGP configuration issue. Theres now a data auction site for AvosLocker ransomware. Atom Silo ransomware is quiet, patient, and stealthy. The state of investigation into those two guys collared on a ransomware beef in Kyiv last week. Ben Yelin is skeptical of data privacy poll results. Our guest is Microsofts Ann Johnson, host of the newest show to join the CyberWire network, Afternoon Cyber Tea. And what would they have thought of the Pandora Papers in Deadwood, back in the day? For links to all of today's stories check out our CyberWire...
Privacy and the Pandora Papers. Flubots scare tactics. Exploiting an account recovery system. Conti warns victims not to talk to the press. An international meeting on cybercrime? A ransomware bust.
The Pandora Papers leak erstwhile private financial transactions by the rich and well-connected (and its 150 mainstream news organizations who cooperated in bringing them to light). Flubot is using itself to scare victims into installing Flubot. Coinbase thieves exploited account recovery systems to obtain 2FA credentials. The US plans to convene an international conference on fighting cybercrime. Conti warns its victims not to talk to reporters. Andrea Little Limbago from Interos on modeling cyber risk. Carole Theriault has thoughts on facial recognition software. And a ransomware bust in Ukraine leads us to ask, why Capri Sun. (Think about it, kids.)...
Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]
Product Manager in Anti-Fraud Solutions at SpyCloud, Pattie Dillon shares her journey from raising her family to specializing in the anti-fraud space.Upon reentering the workforce, Pattie worked on identity verification and developed a system with privacy concerns in mind. She moved to work in gift cards and was exposed to money laundering. Traveling along the fraud spectrum, Pattie learned about underground data and feels that this data can be leveraged to actually prevent and fight online fraud. Pattie believes if you don't try, you'll never know. We know we appreciate Pattie sharing her story with us. Learn more about your...
Cloud configuration security: Breaking the endless cycle. [CyberWire-X]
Moving to the cloud creates a tremendous opportunity to get security right and reduce the risk of data breach. But most cloud security initiatives get underway after services are deployed in the cloud. Its frustrating when major breaches resulting from basic mistakes, like S3 buckets left unsecured or secrets exposed. Continually checking for risky configurations and unusual behavior in cloud logs is a requirement, but there is an opportunity to be proactive. What if you could configure your security and access controls as you set up cloud infrastructure? The CyberWire's Rick Howard speaks with Hash Table members Kevin Ford of...
IoT security and the need for randomness. [Research Saturday]
Dan Petro, Lead Researcher, and Allan Cecil, Security Consultant, from Bishop Fox join Dave to share their research "You're Doing IoT RNG," that they presented at DefCon 29. Theres a crack in the foundation of Internet of Things (IoT) security, one that affects 35 billion devices worldwide. Basically, every IoT device with a hardware random number generator (RNG) contains a serious vulnerability whereby it fails to properly generate random numbers, which undermines security for any upstream use. In order to perform most security-relevant operations, computers need to generate secrets via an RNG. These secrets then form the basis of cryptography,...
Phishing for those who fear Pegasus. ChamelGang APT active against multiple countries. Problems with a ransomware decryptor. Controversial proofs-of-concept. And a death blamed on ransomware.
A malware campaign offers bogus protection against Pegasus surveillance. A new APT, ChamelGang, is found active against targets in at least ten countries. A ransomware gang cant get its decryptor right. A proof-of-concept shows that charges can be made from a non-contact Visa card in an iPhone wallet. David Dufour from Webroot warns of potential perils in cyber insurance. Our guest is Shamla Naidoo from Netskope with advice for cyber innovators .And ransomware may be responsible for a childs death in an Alabama hospital. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/190 Learn...
GriftHorses premium service scams. Facebook open sources a static analysis tool. Update on the Group-IB affair. What the Familiar Four are up to. Counting ransomware strains.
GriftHorse will subscribe afflicted Android users to premium services they never knew theyd signed up for (and wouldnt want if they did). Facebook releases a static analysis tool it uses internally to check apps for security issues. Speculation about what put Group-IBs CEO in hot water with the Kremlin. A look from NSA about where the major nation-state cyberthreats currently stand. Malek Ben Salem from Accenture has thoughts on quantum security. Our guest is author and Wired editor at large Steven Levy joins us with insights on Facebooks internal research teams. And a short census of ransomware strains. For links...
DDoS is on an upward trend, and its being used for extortion. A payroll provider recovers from an unspecified cyberattack. Russia charges Group-IB CEO with treason. NSA, CISA, advise on using VPNs.
Distributed denial-of-service attacks have been making a comeback, and many of them represent criminal extortion attempts. A major British payroll provider is recovering from a cyberattack, but its not providing much information on the nature of that attack. Russian authorities arrest the founder of Group-IB on treason charges. Johannes Ullrich from SANS on Out of Band Phishing Using SMS messages. Our UK correspondent Carole Theriault wonders how online trolling is still a thing. And NSA and CISA release guidelines on secure use of virtual private networks. For links to all of today's stories check out our CyberWire daily news briefing:...
Homecomings, happy and not so happy. A backdoor for espionage, a Trojan for cybercrime. DDoS techniques, those iPhone zero-days, and indictments. And one guilty plea.
The triumphant homecoming of Huaweis CFO. Microsoft describes the FoggyWeb backdoor, a significant cyberespionage tool. Kaspersky looks at the BloodyStealer Trojan and finds it especially risky to gamers. A novel approach to distributed denial-of-service. Apple looks into those iPhone zero-days.Joe Carrigan looks at the latest offerings in passwordless authentication. Our guest is Mathieu Gorge of VigiTrust on how law enforcement and executives can work together to fight cyber threats. And a look at doings in cybercrime: the US arrests more than thirty members of the Black Axe gang, a Russian convict is deported back to face Russian justice, and a...
The EU ask Russia to knock it off, and specifically to stop with the GhostWriter. Zoombombing in Cambodia. Conti is back; Colossus is a new entrant in the ransomware field. Meng returns to China.
The EU publicly blames Russia for GhostWriter, and counsels Moscow to amend its ways. Finlands security services warn of foreign cyberespionage and influence threats. Zoombombing at the highest levels in Cambodia. A ransomware operation, Colossus, is described. Conti is back, as predicted, and has hit a major European call center. Dinah Davis from Arctic Wolf on cybersecurity learning standards. Our guest is Otavio Freire from SafeGuard Cyber with insights on how to defend against nation-state actors and zero-day exploits. And Huaweis CFO is back in China. For links to all of today's stories check out our CyberWire daily news briefing:...
Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes]
Host of the CyberWire Podcast, Dave Bittner, wanted to work with the Muppets, so naturally he landed in cybersecurity. Dave and his Cookie Monster puppet spent much of his childhood putting on shows for his parents friends. During one of those performances, he was discovered and got his start at the local PBS station. A radio, television and film major in college, Dave owned his own company and as the most tech-savvy member of the group, handled that side of things. Dave notes his cybersecurity challenges back then consisted of maybe a corrupt floppy disk. It wasn't until he joined...
Why its time for cybersecurity to go mainstream. [CyberWire-X]
The commonly held, idealized picture of technology is that tech makes our lives easier, safer, and better in just about every respect. But an unintended consequence of that picture is an unjustified assumption that companies will sell more products if they serve the public interest, and that may not be so. On the consumer side, personal technology investments are often a race to the price bottom, with little attention paid to the security of the products we buy. Vendors may enjoy less scrutiny and accountability, but that's not necessarily in the consumers' interest. Good things almost always come when technology...
Vulnerabilities in the public cloud. [Research Saturday]
Guest Ariel Zelivansky, Senior Manager of Security Research at Palo Alto Networks, joins Dave to discuss Unit 42's work on the first cross-account container takeover in the public cloud. The Unit 42 Threat Intelligence team has identified the first known vulnerability that could enable one user of a public cloud service to break out of their environment and execute code on environments belonging to other users in the same public cloud service. This unprecedented cross-account takeover affected Microsoft's Azure Container-as-a-Service (CaaS) platform. Researchers named the finding Azurescape because the attack started from a container escape a technique that enables privilege...
Cyberattacks against a Russian rocket shop and the Port of Houston. As ransomware gangs increase activity, the US considers defenses. Pegasus found in French Ministers phones. Meng heads home?
Someone is phishing for Russian rocketeers. The Port of Houston discloses a cyberattack, which the Port says it deflected before it had operational consequences. Ransomware gangs are up and active, and the US is considering mandatory reporting by victims as a defensive policy. Pegasus spyware is said to have been found in the phones of five French government ministers. Johannes Ullrich from the SANS Technology Institute on Attackers Hunting for Environment Variables. Our guest is Graeme Bunton of DNS Abuse Institute. And Huaweis Meng Wanzhou may soon be headed home from Vancouver. For links to all of today's stories check...
Ransomware hits another US farm co-op, as Russan gangs seem to continue attacks without interference from Moscow. A new APT is described. REvil was cheating? CISA warns about Conti.
Ransomware hits a second US Midwestern farm co-op. The US House hears from the FBI that Russia seems not to have modified its toleration of privateering gangs (at least yet). A new APT, FamousSparrow, is described. REvil seems to have been--surprise!--cheating its criminal affiliates. Josh Ray from Accenture with an update on the Hades Threat Group. Our guest is Tim Eades of vArmour on the urgent need to update cyber strategies in healthcare. CISA issues a new warning, this one on the Conti ransomware operation. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/184...
Ransomware is rising, and governments try to evolve an effective response. A look at the cyber underworld. Snooping smartphones. An advance fee scam is criminal business as usual.
BlackMatter continues to make a nuisance of itself on a large scale. The US is woofing about taking action against ransomware, and Treasury has sanctioned a rogue cryptocurrency exchange, but some advocate stronger measures. Where did all those Ukrainian cybercriminal chat platforms go? A warning of the censor mode in some Chinese manufactured smartphones. Caleb Barlow shares thoughts on CMMC certification. Our guest is Kevin Jones of Virsec with reactions to the White House Cybersecurity Summit. And, hey, no, really, Apple is not celebrating the iPhone 13 by giving away a stash of Bitcoin. For links to all of today's...
BlackMatter hits an Iowa agricultural cooperative. US Treasury Department moves against ransomwares support system. FBI gave Kaseya the REvil decryptor. Camorra cybercriminals arrested.
Ransomware hits an Iowa agricultural cooperative, which doesnt meet, the criminals say, the standard for critical infrastructure. US Treasury Department announces steps against ransomwares economic support system. Did Kaseya get its REvil decryptor from the FBI? Ben Yelin describes a major federal court victory for security researchers. Our guest is Dave Stapleton from CyberGRX on the rise of extortionware. And Europol, along with Spanish and Italian police, take down a Camorra cybercrime ring.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/182
Learn more about your ad choices. Visit megaphone.fm/adchoices
Electioneering, domestic, but with international implications. The Mirai botnet is exploiting OMIGOD. Container shipper sustains data breach. Odd ads. Phishing with Mr. Musks name.
Cyber electioneering, in Hungary and Russia, the latter with some international implications. The Mirai botnet is exploiting the OMIGOD vulnerability. A shipping company deals with data extortion. Government websites have been serving up some oddly adult-themed ads. Malek Ben Salem from Accenture has thoughts on quantum security in the automotive industry. Our guest is Padraic O'Reilly of CyberSaint to discuss concerns about the Defense Industrial Base. And no, theres no such thing as the Elon Musk Mutual Aid Society. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/181 Learn more about your ad choices....
Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]
Executive Security Advisor at IBM Security Limor Kessem says she started her cybersecurity career by pure chance. Limor made a change from her childhood dream of being a doctor and came into cybersecurity with her passion, investment, discipline, and perseverance. Limor talks about how we must tighten our core security and at the same time we allow innovation to help us move forward with the times.She's been fortunate to have been able to stand up for others and has had others support her. She said that is very motivating and has allowed her to really explore every possible thing in...
An IoT educational exercise reveals a far-reaching vulnerability. [Research Saturday]
Guest Jake Valletta, Director of Professional Services at Mandiant, joins Dave to talk about the critical vulnerability Mandiant disclosed that affects millions of IoT devices. Mandiant disclosed a critical risk vulnerability in coordination with theCybersecurity and Infrastructure Security Agency(CISA) that affects millions of IoT devices that use theThroughTek Kalaynetwork. This vulnerability, discovered by researchers on Mandiants Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could...
Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-minings costs, and a crackdown in China. If you really loved me, youd speculate in Dogecoin....or something.
Patch your Zoho software now--vulnerable instances are being actively exploited. Maximum engagement isnt necessarily good engagement: the hidden hand of the trolls replaces the invisible hand of the marketplace of ideas. Politics aint beanbag, Russian edition. An indictment emerges from the US investigation into possible misconduct during the 2016 elections. The costs of coin-mining. Josh Ray from Accenture on protecting critical infrastructure. Our guest is Tony Pepper from Egress with a look at Insider Data Breaches. And dont mix investment advice with matters of the heart. For links to all of today's stories check out our CyberWire daily news briefing:...
Election-season cyber incidents in Germany. South Africa works to recover from a ransomware attack on government networks. Cryptojacking botnet moves to Windows targets. Ransomware notes.
Denial-of-service at a German election agency, as Federal prosecutors investigate GhostWriter. More nation-states get into election meddling. South Africa works to recover from a ransomware attack against government networks. A cryptojacking botnet moves from Linux to Windows. A ransomware gang threatens to burn your data if you bring in third-party help. Ransomware cyberinsurance claims rise. Rick Howard checks in with Tom Ayres from Lead Up Strategies on Cyber Piracy. Caleb Barlow shares insights on CMMC. And its a really good week to patch. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/179 Learn more...
No crackdown on ransomware from Moscow (at least so far). Cyber Partisans in Belarus. A long-running Chinese cyber campaign. Phishing and other cybercrime. Mercenaries.
That Russian crackdown on ransomware gangs people thought they were seeing? Hasnt happened, at least according to the FBI. The Cyber Partisans take a virtual whack at President Lukashenkas government in Belarus. Operation Harvest is complicated and long-running. Phishing with a promise of infrastructure funding. The criminal market for bogus vaccine cards. Johannes Ullrich from SANS on dealing with image uploads - vulnerabilities in conversion libraries. Our UK correspondent Carole Theriault on Deepfakes - what you need to know now. And a deferred prosecution agreement in a cyber mercenary case. For links to all of today's stories check out our...
NSO Groups Pegasus was installed in a zero-click exploit: iOS users should patch. Vermillion Strike hits Linux systems. Enforcing the law against cybercrime.
Citizen Lab finds, and Apple patches, a zero-day used for zero-click installation of Pegasus spyware. A Cobalt Strike beacon has been turned to cyberespionage use against Linux targets. The Russian government could, it seems, take action against cybercrime, but its will-to-enforcement seems to be inconsistent. Ben Yelin from UMD CHHS with more on Apple's CSAM controversy, our guest is Mel Shakir from Dreamit Ventures on selling to CISOs, and their customer sprints. REvil makes nice with grumpy affiliates. And criminals commitment to the common good seems weak. Thats not a surprise, is it? For links to all of today's stories...
The continuing problem of Meris and its bot-driven DDoS. Mustang Panda visits Indonesia. DPRKs social media battlespace prep. Al Qaeda marks 9/11s anniversary. And REvil seems to be back.
The Meris botnet continues to disrupt New Zealand banks, and has turned up elsewhere, too. Mustang Panda compromised Indonesian government networks. North Korean operators are using social media to soften up their prospective targets. Al Qaeda sympathizers marked the twentieth anniversary of 9/11 by calling for--what else?--more 9/11s. Malek Ben Salem from Accenture on deep unlearning, our own Rick Howard is in, talking about the latest episode of CSO Perspectives on adversary playbooks, and REvil seems to be back in business after taking what some of its hoods call a break. For links to all of today's stories check out...
Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes]
Chief Scientist at LivePerson Joe Bradley takes us down his circuitous career journey that led him back to math.Joe had many ambitions from opera singer to middle school teacher, spent some time at two national labs and went back to his first love of math and physics. He notes that many of the most mathematically intuitive people that he's met are people that also have a creative outlet and a lot of times it's music.Adding a business aspect to his technical work, Joe came to his current position. He recommends going deep into your preferred subject and hopes that it...
A Google Chrome update that just didn't feel right. [Research Saturday]
Guest Jon Hencinski from Expel joins Dave Bittner to discuss his team's recent work on "Expel SOC Stops Ransomware Attack Aimed at WordPress CMS via Drive-By Download Disguised as Google Chrome Update." In July, 2021, Expel's SOC stopped a ransomware attack at a large software and staffing company. The attackers compromised the companys WordPress CMS and used the SocGholish framework to trigger a drive-by download of a Remote Access Tool (RAT) disguised as a Google Chrome update. In total, four hosts downloaded a malicious Zipped JScript file that was configured to deploy a RAT, but we were able to stop...
Investigations--the SEC looks into Solarigate, German prosecutors inquire into GhostWriter. The Meris botnet is responsible for recent DDoS attacks. Implausible deniability. The SINET 16 are announced.
The SECs inquiry into the SolarWinds incident may expose other, unrelated data breaches. Researchers identify an IoT botnet, Meris, as responsible for DDoS attacks against a number of banks. German prosecutors have opened an investigation into the GhostWriter campaign. Researchers look at the cozy, implausibly deniable relationship between Russias security services and cyber gangs. A money-launderer gets eleven years. David Dufour from Webroot has straight talk about paying the ransom. Our guest is Jeff Williams from Contrast Security with a look at AppSec Observability. Congratulations to the SINET 16 winners. And we remember 9/11: has it already been twenty years?...
Credential theft at the UN? Intelligence services and privateers. DDoS hits a big multinational. A look at AlphaBay 2.0. Notes on the C2C marketplace.
A cyberattack is reported at the UN, with agency data apparently lost to parties and parts unknown. The Bears are quieter, but the privateers are up and at em. DDoS hits Yandex. Cyberespionage using the SideWalk backdoor. TeamTNT is getting tougher to detect. A SWOT analysis of the newly reconstituted AlphaBay contraband market. The Groove Gang is a new age criminal affiliate program. Caleb Barlow describes attackers leveraging US and European infrastructure to hide in plain sight. Our guest is Brad Thies of BARR Advisory on what the next 5 years may have in store for cloud security. And irritate...
BladeHawk Android cyberespionage campaign in progress. Labor Day was quiet, but the gangs are now back at it. REvils remnant stirs. Bulletproof hosting. Phishing keywords.
BladeHawk cyberespionage campaign in progress. Microsoft warns of targeted attacks in progress. Hey--the hoods took a breather over Labor Day, but the straw hats are off now, and theyre back at work. Someone is rummaging in REvils unquiet grave. Bulletproof hosting services and the criminal marketplace. Mike Benjamin from Black Lotus Labs on ReverseRAT 2.0. Rick Howard checks in with Philip Reiner from the Ransomware Taskforce. And does a New Urgent Message Require Action? Maybe not.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/173
Learn more about your ad choices. Visit megaphone.fm/adchoices
A threat from Ragnar Locker. GhostWriter in the Bundestag. BKA bought Pegasus. Taliban sifts data for potential opponents. France-Visas hacked. Modified apps. Privacy notes. A TrickBot arrest.
No spectacular flurry of Labor Day ransomware, but Ragnar Locker threatens its victims. Berlin complains to Moscow about GhostWriter. Another Pegasus customer is disclosed. The Taliban is searching for data on potential domestic opponents. France-Visas hacked. Modified apps in circulation. Joe Carrigan unpacks a Covid based phishing scam. Carole Theriault weighs in on the ransomware pay-or-do-not-pay discussion.ProtonMail answers a warrant, Apple delays CSAM screening, and an alleged TrickBot coder is arrested.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/172
Learn more about your ad choices. Visit megaphone.fm/adchoices
CEO and co-founder of Sternum, Natali Tshuva shares how she took her interest in science and technology and made a career and company out of it.Beginning her computer science undergraduate degree at age 14 through a special program in Israel, Natali says it opened up a new world for her. Her required service in the IDF found Natali as a member of Unit 8200, the Israeli intelligence. In the Israeli corporate space following the IDF, Natali discovered how cybersecurity could actually create impact in the real world environment and found a way to combine her cybersecurity expertise with the passion...
Like a computer network but for physical objects. [Research Saturday]
Guest Ben Seri, Armis' VP of Research, joins Dave to talk about a set of remote code execution (RCE) vulnerabilities in the pneumatic tube system of Swisslog. Nine vulnerabilities in critical infrastructure used by 80% of major hospitals in North America. Swisslogs Translogic Pneumatic Tube System (PTS), a solution that plays a crucial role in patient care, found vulnerable to devastating attack. Dubbed PwnedPiper, the vulnerabilities allow for complete take over of the Translogic Nexus Control Panel, which powers all current models of Translogic PTS stations. Older IP-connected Translogic stations are also impacted, but are no longer supported by Swisslog....
Watch out for cybercrime over holidays (like Labor Day). Ransomware warning for the food and agriculture sector. Gift card and loyalty program fraud. NIST draft IoT guidelines out for comment.
Uncle Sam recommends cyber vigilance during your kinetic relaxation this Labor Day weekend. The ransomware threat to food and agriculture. Low and slow fraud from compromised email in-boxes. Israel promises an investigation of cyber export controls. Josh Ray from Accenture Security on giving back to the community and the Jenkins Attack Framework for red teaming. Our guest is Andy Ellis on the transparency in cybersecurity initiative. And NIST has draft consumer IoT guidelines out for comment.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/171
Learn more about your ad choices. Visit megaphone.fm/adchoices
LockBit updates. The BrakTooth bugs infesting Bluetooth. Malicious cable proof-of-concept. EU fines WhatsApp over GDPR issues. Insider threats. Action against an alleged stalkerware vendor.
The LockBit gang jumps the gun, and crows a bit higher than the facts seem to warrant. Ghostwriter seems to ride a much bigger infrastructure than previously believed. BrakTooth bugs afflict billions of Bluetooth devices. OMG cables include a keylogger that phones home. The EU fines WhatsApp over GDPR violations. Insider threats can be difficult to recognize. David Dufour from Webroot thinks its great that you havent been breached...yet. Our guest is Mark Nunnikhoven from Lacework with results from their Cloud Threat Report. And an alleged stalkerware vendor is sanctioned by the US Federal Trade Commission. For links to all...
A look at cyber gangland. Sino-Australian tension in cyberspace. Vulnerabilities reported (and disputed) in a home security system. Labor Day warnings.
Ransomware continues to hold pride-of-place in cybercrime. A look inside the mind of cyber gangland, or at least that portion of their mind theyre willing to expose. Business email compromise operators look for communication skills, and the underworld seems to think university students make good money mules. Reports of vulnerabilities in a home security system. When Canberra angered Beijing. Caleb Barlow has thoughts on the FBI response to MS Exchange vulnerabilities. Our guests are Peter Singer and Lisa Guernsey on New America's Teaching Cyber Citizenship initiative. And CISA and the FBI advise being alert over Labor Day. For links to...
Dangers of data collected in Afghanistan. Another cryptocurrency theft. Hardware backdoors? LockBit dumps airlines data. CISA opens registration for the Presidents Cup. Too much gaming, kids.
Possible consequences of the Talibans seizure of Afghanistans APPS data. Another DeFi platform sustains a cryptocurrency theft. How would one handle a hardware backdoor? LockBit begins dumping data stolen from Bangkok Airways. Registration for CISAs Presidents Cup is now open. Joe Carrigan describes the superiority of AI generated phishing emails. Rick Howard speaks with Art Poghosyan from Britive on Software Defined Perimeters. And China moves to keep minors from wasting too much time in online gaming.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/168
Learn more about your ad choices. Visit megaphone.fm/adchoices
Data breaches and ransomware. Another gang says its retiring. New warrants against cybercrime in Australia. Roles and missions in the US. Hoosier data?
Data breach and ransomware affect an airlines customers. The Phorpiex botnet operators say theyre going out of business, and everything must go. New warrants for the Australian Federal Police in cybercrime cases. US Federal cybersecurity roles and responsibilities. Rick Howard takes on adversary playbooks. Josh Ray from Accenture Security on The Biden Administration's cybersecurity executive order, what it means for product security. And Indiana warns of a COVID-19 contact tracking database exposure.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/167
Learn more about your ad choices. Visit megaphone.fm/adchoices
Rich Hale: Understanding the data. [CTO] [Career Notes]
Chief Technology Officer of ActiveNav Rich Hale takes us through his career aspirations of board game designer (one he has yet to realize), through his experience with the Royal Air Force to the commercial sector where his firm works to secure dark data.During his time in the Air Force, Rich was fortunate to serve on a wide range of different platforms from training aircraft to bombers, and all the way into procurement and policy. Transitioning to the commercial sector, Rich notes he was well prepared for some aspects, but lacking in some he's made up on his own. Rich likes...
Joker malware family: not a joke for Google Play. [Research Saturday]
Guest Deepen Desai, Zscaler's Chief Information Security Officer and VP Security Research & Operations, joins Dave to discuss their ThreatLabz team's research "Joker Joking in Google Play: Joker malware targets Google Play store with new tactics." Joker is one of the most prominent malware families targeting Android devices. Despite public awareness of this particular malware, it keeps finding its way into Googles official application market by employing changes in its code, execution methods, or payload-retrieving techniques. This spyware is designed to steal SMS messages, contact lists, and device information, and to sign the victim up for premium wireless application protocol...
The T-Mobile hacker speaks (we think). SparklingGoblin enters the cyberespionage ring. Is someone stealing data to train AI? Cellebrites availability. Ragnarok ransomware says its going out of business.
A young man claiming responsibility for the T-Mobile breach talks to the Wall Street Journal. A new cyberespionage group, SparklingGoblin, seems particularly interested in educational institutions, especially in Southeast and East Asia. Are governments training AI with stolen data? Mitigations for Microsoft issues. Cellebrite tools may still be available to Chinese police. Kevin Magee from Microsoft wonders if leaders have over pivoted toward technical skill. Our guest is Bill Wright of Splunk on the ongoing geopolitical ransomware trend. And another ransomware gang says its going out of business...well wait and see. For links to all of today's stories check out...
A quick look back at yesterdays White House industry meeting. Revolution, coup, or a bit of both? Storytelling for security. Lessons from Olympic scams. Notes from the underworld.
Outcomes from the White House industry cybersecurity summit: standards, training, zero-trust, and multifactor authentication. The Cyber Partisans aim at the overthrow of Lukashenkas rule in Minsk. A role for storytelling in security. Scams, sports, and streaming. Speculation about the ShinyHunters next moves. Verizons Chris Novak on Reducing false positives in threat intelligence. Bentsi Ben Atar from Sepio Systems on the risks of hardware-based attacks, internal abusers, corporate espionage, and Wi-Fi. And cybercriminals like their VPNs, too.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/165
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hacktivism in Belarus. The Talibans data grab. Four rising ransomware operations. The White House cybersecurity summit with industry leaders is in progress.
Politically motivated hacktivism in Belarus. The Talibans data grab in Afghanistan. Four rising ransomware operations. Mike Benjamin from Black Lotus Labs on UDP reflectors. Our guest is Chris Grove of Nozomi Networks with insights on OT/IoT Security. And the White House says concrete announcements are expected after todays meetings on cybersecurity with industry leaders, so well be staying tuned.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/164
Learn more about your ad choices. Visit megaphone.fm/adchoices
Apple CSAM: well-intentioned, slippery slope. [Caveat]
Guest David Derigiotis, Corporate Senior Vice President at Burns & Wilcox, joins Dave and Ben for an in-depth discussion this episode. Departing from our usual format, we take a closer look at the implications of Apples recent announcements that they will be enabling scanning for Child Sexual Abuse Materials, CSAM, on iOS devices. We devote the entire episode to this topic and hope you will join us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Apparent hacktivism exposes Iranian prison CCTV feeds. Misconfigured Power Apps expose data. FBI warns of the OnePercent Group. Mr. White Hat gives back. Dog bites man
More hacktivism appears to have hit Iran. Misconfigured Power Apps portals expose data on millions. The FBI warns of the activities of a ransomware affiliate gang. Mr. White Hat really does seem to have given back all that stolen alt-coin. Ben Yelin checks in on Apples CSAM plans. Our guest is Charles DeBeck from IBM Security on the true cost Cost of a Data Breach. And, finally, dog bites man: criminals cheat other criminals.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/163
Learn more about your ad choices. Visit megaphone.fm/adchoices
Notes on the fall of Afghanistan, with its cyber and kinetic implications. US State Department hack reported. ShinyHunters resurface. Further incentive to patch Microsoft Exchange Server.
The Taliban consolidates control over Afghanistan, and its doing so online as well as on the ground. Reports say the US State Department has come under cyberattack; State says that any such incident was without significant effect. The ShinyHunters say theyve obtained a great deal of PII from AT&T, but AT&T says that, whatever the crooks have, it didnt come from AT&T. Rick Howard on orchestration. Carole Theriault on women in cybersecurity - are thing getting any better? And exploitation gives organizations even more incentive to patch Microsoft Exchange server instances. For links to all of today's stories check out...
From board advisor to board member: evolution of the modern CISO. [CyberWire-X]
The recent frequency of ransomware attacks and heightened visibility of supply chain risks has garnered the attention of executive teams and boards of directors for companies of all sizes, across all industries. For CISOs, these recent events have significantly amplified the importance of establishing and maintaining effective relationships and lines of communication with boards of directors. CISOs are now spending more time than ever engaging, reporting, and answering to boards regarding questions around where their organization is on the cyber risk spectrum. For CISOs, this heightened risk environment presents both a challenge and an opportunity. In this episode of CyberWire-X,...
Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]
Vice President for Cyber and Information Solutions within Mission Systems at Northrop Grumman, Jennifer Walsmith takes us on her pioneering career journey.Following in her father's footsteps at the National Security Agency, Jennifer began her career out of high school in computer systems analysis. Jennifer notes she saw the value of a college degree and at her parents' urging attended night school. She completed her bachelors in computer science at University of Maryland, Baltimore County with the support of the NSA. Jennifer talks about the support of her team at NSA where she was one of the first women to have...
Exploring vulnerabilities of off-the-shelf software. [Research Saturday]
Guest Tomislav Periin, Reversing Labs' Chief Software Architect and Co-Founder, joins Dave to discuss his team's research that addresses the importance of validating third-party software components as a way to manage the risks that they can introduce. Developing software solutions is a complex task requiring a lot of time and resources. In order to accelerate time to market and reduce the cost, software developers create smaller pieces of functional code which can be reused across many projects. The concept of code reuse is one of the cornerstones of modern software engineering and it is universally accepted that everybody should strive...
Warm wallet pilferage. Advice on reducing the ransomware risk. Regulatory action in the T-Mobile breach. Chinas privacy law. FTC refiles monopoly complaint against Facebook. Better MICE traps?
Pilferage reported from Liquid Globals alt-coin warm wallets. CISA offers advice on reducing the risk of ransomware. The FCC is looking into the T-Mobile breach, and Moodys raises questions about the telcos risk management. China passes its own version of GDPR. The FTC refiles its monopoly complaint against Facebook. Caleb Barlow on 3rd Party Breach Notifications and finding out if your information is being traded on the dark web. Rick Howard speaks with hash table member Zan Vautrinot about serving on boards. And the FBI warns that insiders can be recruited for industrial espionage. For links to all of today's...
T-Mobile outlines what its offering customers hit by its data breach. Taliban on good T&C behavior? Apples CSAM. OS bug may affect medical devices. A report on 2020s US Census Bureau hack.
T-Mobile describes what it intends to do for those who may have been affected by its big data breach. The Taliban is taking care not to get banned from social media. Apple defends its CSAM measures against a technical objection, but advocacy groups see a slippery policy slope. The US FDA warns of vulnerabilities in an OS used by medical devices. A report on a 2020 incident at the US Census Bureau. David Dufour shares a few surprises from Webroots 2021 Threat Report. Our guest is Brandon Hoffman from Intel 471 on cybercriminals creating turbulence for the transportation industry. And...
Taliban seizes HIIDE devices. T-Mobile customer data compromised. Ransomware attack against Brazils Treasury. Social engineering espionage. Ransomware vs. sewers. IoT bug disclosed.
The Taliban now has, among other things, a lot of biometric devices. T-Mobile concludes that some customer data were compromised in last weeks incident. InkySquids in the watering hole. Brazils Treasury sustained, and says it contained, a ransomware attack. Siamese Kittens social engineering on behalf of Tehran. Sewage systems hacked in rural Maine. Josh Ray from Accenture Security on what nation state adversaries may have learned from observing the events surrounding Colonial pipeline. Our guest Manish Gupta from ShiftLeft looks at issues with the Software Bill of Materials. And an IoT vulnerability is disclosed, and mitigations are recommended. For links...
Consequence of the Taliban victory for influence operations and information security. Privateering gangs described. Data exposures, data compromises.
Al Qaeda online sources cheer the Talibans ascendancy. The new rulers of Afghanistan are likely to have acquired a good deal of sensitive data along with political rule and a quantity of US-supplied military equipment. Terrorist watchlist data were found in an exposed server (now taken offline). Connections between gangland and Russian intelligence. T-Mobile was hacked, but its unclear what if any data were compromised. Joe Carrigan on FlyTrap Android Malware Compromising Thousands of Facebook Accounts. Our guest is Liam OMurchu from Symantec on what keeps him up at night. And some personal information was exposed in the Colonial Pipeline...
Possible consequences of Afghanistans fall to the Taliban. Non-state actors political motives. Poly Network rewards Mr. White Hat. C2C offering will check your alt-coin. Breach at T-Mobile?
The Taliban has effectively taken control of Afghanistan, and the fall of Kabul is likely to have a quick, near-term effect on all forms of security. The Indra Groups actions against Iranian interests suggest the potential of non-state, politically motivated actors. Crooks returned almost all the money rifled from DeFi provider Poly Network. A new C2C service tells hoods if their alt-coin is clean. DeepBlueMagic is a new strain of ransomware. Chris Novak of Verizon on advancing incident response. Rick Howard is taking on Orchestration in this weeks CSO Perspectives. And T-Mobile investigates claims of a data breach. For links...
Rick Howard: Give people resources. [CSO] [Career Notes]
Chief Security Officer, Chief Analyst, and Senior Fellow at the CyberWire, Rick Howard, shares his travels through the cybersecurity job space. The son of a gold miner who began his career out of West Point in the US Army, Rick worked his way up to being the Commander of the Army's Computer Emergency Response Team. Rick moved to the commercial sector working for Bruce Schneier running Counterpane's global SOC. Rick's first CSO job was for Palo Alto Networks where he was afforded the opportunity to create the Cybersecurity Canon Hall of Fame and the Cyber Threat Alliance. Upon considering retirement,...
You can add new features, just secure the old stuff first. [Research Saturday]
Guests Will Schroeder and Lee Christensen from SpecterOps join Dave to share the research they recently presented at Black Hat USA on the security of Microsoft's Active Directory Certificate Services. Their abstract: Microsofts Active Directory Public Key Infrastructure (PKI) implementation, known as Active Directory Certificate Services (AD CS), has largely flown under the radar of both the offensive and defensive communities. AD CS is widely deployed, and provides attackers opportunities for credential theft, machine persistence, domain escalation, and subtle domain persistence. We present relevant background on certificates in Active Directory, detail the abuse of AD CS through certificate theft and...
Cyberespionage follows South Asian conflict. LockBits $50 million demand. Insider risk. Trend Micro warns unpatched Apex is under attack. PrintNightmare persists. Google and Apple on privacy.
ReverseRat is back and better, and its sniffing at Afghanistan. LockBit wants $50 million from Accenture. When employees leave, do they take your data with them? (Survey, or rather, telemetry, says yes.) Unpatched Apex One instances are under active attack. PrintNightmare continues to resist patching. Google bans SafeGraph. Apple explains whats up with iCloud privacy. Caleb Barlow wonders if ransomware payments financing criminal infrastructure in Russia. Our guest is Oliver Rochford from Securonix on the notion of cyberwar. And the SynAck ransomware gang rebrands. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/156 Learn...
More stolen alt-coin is returned. Accenture reports minimal effects in the alleged LockBit attack. Home routers attacked. Source code for sale? PrintNightmare exploited in the wild. Extradition cases.
More stolen coin is returned in the case of the Poly Network cross-chain hack. Accenture says the incident it sustained had no significant effect, and the LockBit ransomware gang who claimed responsibility release some relatively anodyne files. Home routers are under attack. Crooks are offering what they claim to be Bkav source code for sale on Raidforums. Magniber weaponizes a PrintNightmare flaw. Dinah Davis from Arctic Wolf shares stats on the state of women in cyber. Our guest is Peter Voss of Aigo.ai on whats missing in artificial intelligence. Two extradition cases proceed. And the Solarium Commission reports. For links...
A $600 million alt-coin heist. LockBit claims it hit Accenture. A false-flag cyberespionage campaign. A REvil key is posted. AlphaBay is back. Facebook takes down vaccine disinfo campaign.
Cross-chain attack steals millions in cryptocurrency. LockBit claims to have hit Accenture, but Accenture says with negligible consequences. Emissary Panda flies a false Iranian flag. Ekranoplan posts a key for the REvil strain used against Kaseya. AlphaBay has risen from the grave, sort of. Johannes Ullrich has thoughts on resetting 2FA. Our guest is Idan Plotnik from Apiiro on their win of the 2021 RSAC Innovation Sandbox Contest. And you cant fool us, you bought-and-paid-for influencers you: no vaccine is going to turn us into monkeys. For links to all of today's stories check out our CyberWire daily news briefing:...
A threat to release stolen proprietary data. The C2C market: division of labor and loss-leading marketing ploys. Misconfigured Salesforce Communities. Sanctions-induced headwinds for Huawei.
RansomEXX threatens to release stolen proprietary data. Some looks at the C2C market, the criminal division of labor, and a splashy carder marketing ploy. Misconfigured Salesforce Communities expose organizational data. Our guest is Ron Brash from Verve International on a CISA advisory regarding GE ICS equipment. Ben Yelin on the proposed U.S. Bureau of Cyber Statistics. Huawei faces sanctions-induced headwinds. Mexicos investigation of Pegasus abuse continues, but so far without arrests or resignations.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/153
Learn more about your ad choices. Visit megaphone.fm/adchoices
Home router vulnerabilities exploited in the wild. ACSC warns of a LockBit spike in LockBit. Flytrap Android Trojan is out. SCADA recon. Child protection. Wiretaps and social media.
Home router vulnerabilities exploited in the wild. ACSC warns of a spike in LockBit ransomware attacks. The Flytrap Android Trojan is still concealed in malicious apps. An unidentified threat actor has been prospecting SCADA systems in Southeast Asia. Rick Howard checks in with the Hash Table about Backups. Mike Benjamin from Lotus Labs on watering hole attacks. Apples new child protection measures attract skepticism from privacy hawks. Wiretaps extended to social media. And using three random words for your password. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/152 Learn more about your ad...
Alyssa Miller: We have to elevate others. [BISO] [Career Notes]
Business Information Security Officer at S&P Global Ratings, Alyssa Miller, joins us to talk about her journey to become a champion to create a welcoming nature and acceptance of diversity in the cybersecurity community.Starting her first full-time tech position while still in college, Alyssa noted the culture shock being in both worlds. Entering as a programmer and then moving to pen testing where she got her start in security, Alyssa grew into a leader who is committed to elevating those around her. Some stumbling blocks along the way gave her pause and helped point her in her current role where...
SideCopy malware campaigns expand and evolve. [Research Saturday]
Guest Asheer Malhotra, Threat Researcher of Cisco Talos Intelligence Group, joins Dave to discuss his team's research "InSideCopy: How this APT continues to evolve its arsenal." Cisco Talos has observed an expansion in the activity of SideCopy malware campaigns, targeting entities in India. In the past, the attackers have used malicious LNK files and documents to distribute their staple C#-based RAT. We are calling this malware "CetaRAT." SideCopy also relies heavily on the use of Allakore RAT, a publicly available Delphi-based RAT. Recent activity from the group, however, signals a boost in their development operations. Talos has discovered multiple new...
FTC warns of smishing targeting the unemployed. Initial access: buying it one way or another. Is the criminal gig economy vulnerable? Ransomware continues to hit healthcare.
Smishing campaigns are seeking to exploit the unemployed. Initial access brokers seem not to have missed a beat, although some gangs are seeking to bypass them by trolling for rogue insiders. Are criminal enterprises vulnerable on the gig economy front? Criminal affiliates are disgruntled--good. Clearly, healthcare isnt off the target list. Thomas Etheridge from CrowdStrike on eCrime Extortion. Chris Jacobs from ThreatQuotient joins us with a look back at BlackHat. Anup Gosh from Fidelis Cybersecurity, with insights on active defense. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/151 Learn more about your ad...
CISAs new Joint Cyber Defense Collaborative. C2C market update: Prometheus TDS and Prophet Spider. And naivet about a gangs reform, or optimism over signs the gang is worried?
CISA announces a new public-private cybersecurity initiative. Prometheus TDS and Prophet Spider take their places in the C2C market. The money points to BlackMatter being a rebranded DarkSide. Andrea Little Limbago from Interos on Divergent trends of federal data privacy laws and government surveillance. Tonia Dudley from CoFense checks in from the BlackHat show floor. Our guest is Simon Maple from Snyk with a look at Cloud Native Application Security. And where some see naivet, others see cautious optimism about putting fear in the hearts of ransomware gangs. For links to all of today's stories check out our CyberWire daily...
Espionage phishing in unfamiliar places. OT vulnerabilities. LemonDucks rising fortunes. Data exposure. Kubernetes advice from NSA and CISA. Meng Wanzhous extradition.
APT31 casts its net into some waters that arent yet phished out. Vulnerabilities in the NicheStack TCP/IP stack are reported. LemonDuck may be outgrowing its beginnings as a cryptojacking botnet. A large marketing database is found exposed. NSA and CISA offer advice on securing Kubernetes clusters. Adam Darrah from ZeroFox checks in from the floor at BlackHat. Our guests are Nic Fillingham and Natalia Godyla from Microsofts Security Unlocked podcast. David Dufour from Webroot on the hidden costs of ransomware. And Huaweis CFO returns to court as her extradition hearings enter their endgame. For links to all of today's stories...
Apparent ransomware disrupts Italian vaccine scheduling system. Cyberespionage compromised Southeast Asian telcos. RAT and phishing in the wild. Cybercriminals explain themselves.
An apparent ransomware attack hits Italys online vaccine-scheduling service. A Chinese cyberespionage campaign hits Southeast Asian telcos enroute to high-value targets. Some strategic context for Beijings espionage. FatalRAT is spreading by Telegram. Crafty phishing spoofs SharePoint. Joe Carrigan has thoughts on HP's latest Threat Insights Report. Our guest is Marc Gaffan of Hysolate who reveals the Enterprise Security Paradox. Plus, Conversations with BlackMatter, and a look at the inside of ransomware negotiations.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/148
Learn more about your ad choices. Visit megaphone.fm/adchoices
SVR was reading the US Attorneys emails. Deliveries still lag as South African ports reopen. EA hackers dump game source code. Another look at criminal markets. And Mr. Hushpuppi cops a plea.
SVR may have compromised twenty-seven US Attorneys offices. Ransomware disruptions of a physical supply chain continue as South African ports reopen. EA hackers give up, and dump the source code they stole. Double extortion may not be paying off. A look at initial access brokers. Operation Top Dog yields indictments in an international fraud case. Rick Howard tackles enterprise backup strategies. Kevin Magee from Microsoft with lessons learned hiring multiple team members during COVID. And a decryptor for Prometheus ransomware is released. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/147 Learn more about...
Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]
Historian and Curator at the International Spy Museum. Dr. Andrew Hammond, shares how he came to share the history of espionage and intelligence as a career.Starting out in the Royal Air Force when 9/11 happened, Andrew found himself trying to understand what was going on in the world. Studying history and international relations gave him some perspective and led him on his career path which included an introduction to museum industry at the 9/11 Museum. After a stint in academia in the UK, Andrew found his way back to the US and eventually ended up at the International Spy Museum...
Behavioral transparency the patterns within. [CyberWire-X]
President Biden's Cyber Executive Order includes provision for a software bill of materials in government contracts. It's a critical and necessary first measure for protecting the software supply chain. To defend against cyber attacks like the ones that affected SolarWinds and Colonial Pipeline, organizations also need transparency about the way the software in their supply chain behaveshow, and with whom, that software engages in and outside of their networks. In this episode of CyberWire-X, we explore how behavior transparency can give organizations an advantage by distinguishing between expected noise and indications of compromise..Guest and CyberWire Podcast Partner Caleb Barlow shares...
China's influence grows through Digital Silk Road Initiative. [Research Saturday]
Guest Charity Wright, Cyber Threat Intelligence Expert in Recorded Future's Insikt Group, joins Dave to discuss her research "Chinas Digital Colonialism: Espionage and Repression Along the Digital Silk Road". Through the Digital Silk Road Initiative (DSR), announced in 2015, the Peoples Republic of China (PRC) is building an expansive global data infrastructure and exporting surveillance technologies to dictators and illiberal regimes throughout the developing world, in some cases trading technology for access to sensitive user data and facial recognition intelligence. Domestically, China uses this type of technology to assert authority over its citizens, censor the media, quell protests, and systematically...
Multiple Cozy Bear sightings (at least the bear tracks). Spyware in a Chinese employee benefits app. Phishing campaigns. DoppelPaymer rebrands. And ignore that bot--it hasnt been watching you surf.
Cozy Bears active command-and-control servers are found, and people conclude that Moscows not too worried about American retaliation after all. Spyware found in an app for companies doing business in China. What to make (and not make) of the Iranian documents Sky News received. Phishing with Crimean bait. HTML smuggling may be enjoying a moderate surge. DoppelPaymer rebrands. Andrea Little Limbago from Interos on growing the next-gen of cyber. Our guest is Jamil Jaffer from IronNet Cybersecurity protecting the BlackHat Network Operations Center. And good news--that blackmailing bot really doesnt know what you did this summer. For links to all...
Public Wi-Fi advice from NSA. South African ports recover from ransomware. Iranian rail incident was a wiper attack. Developments in the criminal-to-criminal market. Intercept vendors under scrutiny.
Advice on WiFi security from NSA. South African ports are recovering from their ransomware attack. The attack on Iranian railroads was a wiper, of unknown origin and uncertain purpose. Developments in the criminal-to-criminal market. Israel undertakes an investigation of NSO Group. Josh Ray from Accenture Security on the road back to the office. Our guest is Duncan Godfrey from Auth0 with insights on managing digital identities. And a bad password is revealed on an open mic during an Olympic broadcast. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/145 Learn more about your ad...
US ICS Cybersecurity Initiative formalized. Developments in the ransomware world. Addressing known vulnerabilities. Caucasus coinmining crackdown. A long-running IRGC catphishing campaign.
US formally establishes its Industrial Control System Cybersecurity Initiative. Shooting wars in cyberspace. Developments in the ransomware criminal souks. This weeks iOS update may have closed the vulnerability exploited by NSO Groups Pegasus intercept tool. The US, UK, and Australia issue a joint advisory on the most exploited vulnerabilities. Abkhazias crackdown on coinminers. Joe Carrigan looks at the Mespinoza ransomware gang. And meet Marcy Flores, the Robin Sage of Liverpool aerobics.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/144
Learn more about your ad choices. Visit megaphone.fm/adchoices
South African ports invoke force majeure over cyberattack. Documents indicate Iranian interest in control systems attacks. Dark web wanted ads. Cyber diplomacy. Lousy cafeteria food?
Transnet declares force majeure over cyberattack on South African port management. The IRGC apparently is Googling a bunch of stuff about gas stations and merchant ships. Kaseyas denial of paying ransom has legs. Criminal coders like obscure languages. The AvosLocker gang is looking for pentesters, access brokers, and affiliates. The US and China hold frank and open conversations about, among other things, cyber tensions. Ben Yelin explains the tech implications of President Biden's recent executive order. Our guest is Eve Maler from ForgeRock on their 3rd annual Breach Report. And, hey NSA, what did you have for lunch today? For...
The source of Kaseyas REvil key remains unknown. Cyber incident disrupts port operations at Cape Town and Durban. Updates on the Pegasus Project. And a guilty plea in a swatting case.
Kaseya isnt saying where it got its REvil decryptor. Transportation services disrupted at two major South African ports by an unspecified cyber incident. Another company is mentioned as an alleged source of abused intercept tools as the controversy over NSO Groups Pegasus software continues. Johannes Ullrich from SANS on supply chains, development tools and insecure libraries. Our own Rick Howard looks at enterprise encryption. And a guilty plea gets a swatter five years: he got off easy.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/142
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ingrid Toppelberg: Knowing how to take risks will pay off. [Cybersecurity education] [Career Notes]
Chief Product Officer at Cybint Solutions, Ingrid Toppelberg, shares her journey from consulting to bootcamp coach and cybersecurity education. As a young girl, Ingrid wanted to do everything from being a teacher to the head of the World Bank. After consulting for several years, Ingrid found cybersecurity. What she found fascinating about the cyber world is how important it is for absolutely everyone at all levels to know about cybersecurity.Ingrid also develops and conducts bootcamps to reskill displaced people into cybersecurity. Ingrid says to those interested in cyber, "just do it. We need different kinds of minds in cyber keeping...
Is enhanced hardware security the answer to ransomware? [CyberWire-X]
Withthe recent onslaught of ransomware attacks across healthcare institutions, critical infrastructure, and the public sector,it'sclear that ransomware isnt going anywhere. But given how common ransomware attackshave become, howis it that we've been unableto put a stop to them? Companies often overlook the role that hardware security plays inmeeting this challenge,and that oversighthas become a bad actor'sdream. Michael Nordquistspeaksaboutthe recentsurgein ransomware attacks, and how strong hardware security, combined with software securityand personnel security awareness, can be the answer to the industrys prayers. In this episode of CyberWire-X, guest Steve Winterfeld from Akamai shares his insights with the CyberWire's Rick Howard, and...
Free malware with cracked software. [Research Saturday]
Guest Christopher Budd, Senior Global Threat Communications Manager at Avast, joins Dave to talk about some research his team did when they looked into a Reddit report saying their Avast folder was empty and other reports like it. The team found a new malware theyre calling Crackonosh in part because of some possible indications that the malware author may be Czech. Crackonosh is distributed along with illegal, cracked copies of popular software and searches for and disables many popular antivirus programs as part of its anti-detection and anti-forensics tactics. The research can be found here: Crackonosh: A New Malware Distributed...
Cyber threats to, and around, the Olympic Games. Kaseya got a decryptor, from somewhere. NSO says its not responsible for Pegasus misuse. US cyber policy toward China. Fraud Family busted.
The Olympics are underway, and the authorities are on the alert for cyberattacks. Kaseya has a decryptor for the REvil ransomware, but it hasnt said how it got the key. NSO Group says its not responsible for customer misuse of its Pegasus intercept tool. US policy toward Chinese cyber activities shows continuity, with some diplomatic intensification, but hawks would like to see more action. Our guest Jack Williams from Hexagon joins Dave to discuss the promises and challenges of smart cities. Podcast partner Chris Novak of Verizon talks about advancing incident response. And Dutch police make arrests in their investigation...
Extortion is the motive in the Saudi Aramco incident. Updates on the Pegasus Project. Chinese cyberespionage and Beijings tu quoque. FIN7 resurfaces, and a post-mortem on Egregor.
Its extortion after all at Saudi Aramco. Controversy and investigation over alleged misuse of NSO Groups Pegasus intercept tool continues. Warning of Chinese espionage from ANSSI, and Chinas denunciation of all this kind of baseless slander. Phishing in Milanote. FIN7 resurfaces after the conviction of some key members. Dinah Davis from Arctic Wolf on the importance of identity management. Our guest Jenn Donahue shares key strategies for mentoring and supporting female engineers, scientists, and leaders of the future. And IBM sifts through the ashes of a ransomware gang for a look at the business of crime. For links to all...
Historical threats to industrial control systems inform current security practices. Ransomware privateering and side-hustling. Updates on the Pegasus Project.
CISA warns of threats to industrial control systems, profusely illustrated with examples from recent history. Ransomware can be operated either in the course of privateering or as an APT side hustle. Security firms outline new and evolving threats and vulnerabilities. Reaction continues to the Pegasus Projects reports on intercept tools. Joe Carrigan unpacks recent Facebook revelations and allegations. Our guest is Dave Humphrey from Bain Capital on his tech investment bets and predictions. And do you know what military grade means? Neither do we, but we think we have an idea. For links to all of today's stories check out...
APT side hustles and evidence of espionage. NSO replies to the Pegasus Project, and AWS removes NSO from its CloudFront CDM. Other data breaches and ransomware incidents.
The US says China contracted with criminals to carry out cyberespionage campaigns. Norway says China was behind an attack on its parliamentary email system. China denounces accusations of cyberespionage as slander, and says its the real victim, because the CIA is the one stealing IP from China. AWS expels NSO Group from its CloudFront CDM. NSO denies it permits its intercept tools to be abused. Saudi Aramco sustains a data breach. Ben Yelin describes calls for bans on government use of facial recognition software. Our guest is Tom Kellermann from VMware on the potential cybersecurity threats facing the Olympic Games....
Microsoft Exchange Server hacks officially attributed to China. Indictment in industrial espionage case. Entities List expands. Abuse of NSO Groups Pegasus tool reported.
Allied governments formally attribute exploitation of Microsoft Exchange Server to Chinas Ministry of State Security. A US Federal indictment names four MSS officers in conjunction with another, long-running cyberespionage campaign. The US Department of Commerce adds six Russian organizations to the Entities List. The Pegasus Project outlines alleged abuse of NSO Groups intercept tool. Thomas Etheridge from CrowdStrike on the importance of real-time response, continuous monitoring and remediation. Our guest is Neha Joshi from Accenture on solving the cybersecurity staffing gap and how to stand up a successful, diverse security team. And theres hacktivism in Southeast Asia. For links to...
Peter Baumann: Adding value to data. [CEO] [Career Notes]
CEO of ActiveNav, Peter Baumann, takes us on his career journey from minor home electrical experiments to the business of data discovery.He began his career as an electrical engineer, but felt an entrepreneurial spirit was part of his makeup. Following his return to college to study business and finance, Peter talks about being set on the path to shine the light on the data to provide discovery capability. To those interested in the field, he suggests having a broad familiarity of different approaches. We thank Peter for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Guest Nathan Howe, Vice President of Emerging Technology at Zscaler, joins Dave to discuss his team's work, "2021 Exposed Report Reveals Corporate and Cloud Infrastructures More at Risk Than Ever From Expanded Attack Surfaces." The modern workforce has resulted in an increase of users, devices, and applications existing outside of controlled networks, including corporate networks, the business emphasis on the network has decreased and the reliance on the internet as the connective tissue for businesses has increased. Zscaler analyzes the attack surface of 1,500 organizations and identifies trends affecting businesses of all sizes and industries, across all geographies. Key findings...
DDoS at Russias MoD. Facebook disrupts Iranian catphishing operation. An intercept tool vendors activities are exposed. No signs of the US softening on Huawei bans.
Russias Ministry of Defense says its website sustained a distributed denial-of-service attack this morning. Facebook disrupts a complex Iranian catphishing operation aimed at military personnel and employees of defense and aerospace companies. Microsoft and Citizen Lab describe the recent operations of an Israeli intercept tool vendor. The US shows no signs of relenting on Huawei. Johannes Ullrich from the SANS technology institute has been Hunting Phishing Sites with Shodan. Our guest is Rick Van Galen from 1Password with insights from their Hiding in Plain Sight report. And theres nothing new on the REvil front--the gang is as much in the...
Luminous Moth or Mustang Panda, its the same bad actor (probably). Updates on other cyberespionage and ransomware campaigns. Rewards for tips on cyberattacks.
A Chinese APT is active against targets in Myanmar and, especially, the Philippines. Cyberespionage campaigns suggest that theres a thriving market for zero-days. MI5 warns against spying, disinformation, and radicalization. REvil continues to lie low (and the Kremlin hasnt seen anything). CISA offers ransomware mitigation advice. Bogus Coinbase sites steal credentials. Ransomware attacks on old SonicWall products expected. Daniel Prince from Lancaster University looks at Getting into the industry, and whether a degree is worth it. Our guest is Kurtis Minder from GroupSense, tracking 3 divergent ransomware trends. And Rewards for Justice offers a million dollars for tips on cyberattacks....
Patch notes. Whats happening with REvil remains unclear, but it would be rash to count the gang out.
SolarWinds patches a zero-day exploited by a Chinese threat group. Patch Tuesday notes. Whats up with REvil: takedown, retirement, rebranding, or glitch? (Dont bet against rebranding.) Joe Carrigan from JHU ISI on cell phone carriers sneaking us ads via SMS. Our guest is Nicko van Someren of Absolute Software with a look at endpoint risk. And bots like futbol.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/134
Learn more about your ad choices. Visit megaphone.fm/adchoices
SolarWinds patches a zero-day. Trickbot is back. Bogus Twitter accounts, now suspended, were verified by the social medium. DarkSide hits Guess. Updates on REvil and Kaseya.
SolarWinds addresses a zero-day that was exploited in the wild. A watering hole campaign lures users of online gaming sites. Inauthentic accounts (now suspended) get a blue check mark. Trickbot is back, with new capabilities. The DarkSide hits fashion retailer Guess. Malek Ben Salem from Accenture on Remediation of Vulnerabilities using AI. Our guest is Jeff Williams from Contrast Security with a look at Application Security in Financial Services. And some updates on Kaseya, its customers, and the current state of REvil. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/133 Learn more about...
Kaseya and REvil--the state of recovery. President Biden calls President Putin to ask for action on ransomware. Cyber incident in Iran. Ukraine says its naval website was hacked. Tracking ransom.
Kaseya has patched the VSA on-premises and SaaS versions affected by REvil ransomware. The US tries some straight talk about privateering with Russia, but with what effect remains to be seen. Russias autarkic Internet poses some challenges for international security. Iranian rail and government sites were hit with a cyber incident over the weekend. Ukraine says Russian threat actors defaced its Naval website. Carole Theriault looks at ethics in phishing simulations. Josh Ray from Accenture tracks real world incident response trends.And tracking just how much the ransomware gangs are taking in. For links to all of today's stories check out...
Taree Reardon: A voice for women in cyber. [Threat Analyst] [Career Notes]
Senior Threat Analyst and Shift Lead for VMware Taree Reardon shares her journey to becoming leader for women in the cybersecurity field.A big gamer who has always been interested in hacking and forensics, Taree found her passion while learning about cybersecurity. She's dedicated to diversity and inclusion and found her footing on a team made up of 50% women. Taree spends her days tracking and blocking attacks and as a champion for women. Trusting yourself is top on her list of advice. We thank Taree for sharing her story.
Learn more about your ad choices. Visit megaphone.fm/adchoices
APTs transitioning to the cloud. [CyberWire-X]
Cloud attacks have become so widespread that the Department of Homeland Security (DHS) has warned against an increase of nation states, criminal groups and hacktivists targeting cloud-based enterprise resources. APTs such as Pacha Group, Rocke Group and TeamTNT have been rapidly modifying their existing tools to target Linux servers in the cloud. Modifying their existing code to create new malware variants which are easily bypassing traditional security solutions. The solution? In order to detect and respond to these attacks security teams need visibility into what code is running on their systems. In this episode of CyberWire-X, guest Jonas Walker from...
Dealing illicit goods on encrypted chat apps. [Research Saturday]
Guest Daniel Kats, Senior Principal Research Engineer at NortonLifeLock, joins Dave to discuss his team's work, "Encrypted Chat Apps Doubling as Illegal Marketplaces." Encrypted chat apps are gaining popularity worldwide due to their central premise of not sending user data to tech giants. Some popular examples include WhatsApp, Telegram and Signal. These apps have also been adopted by businesses to securely communicate directly to their users. Additionally, these apps have been instrumental to subverting authoritarian regimes. However, NortonLifeLock found that encrypted chat apps are also being used by criminals to sell illegal goods. Because content moderation is, by design, nearly...
Kaseya continues to work through its REvil days, as does the US Administration. In other news, theres cyberespionage in Asia, the PrintNightmare fix, and Black Widow as phishbait.
Kaseya continues to work through remediation of the VSA vulnerability exploited by REvil, with completion expected Sunday afternoon. And while REvil has made a nuisance of itself, this time they may not have seen a big payday, or at least not yet. The US is still considering its retaliatory and other options in the big ransomware case. Chinas MSS is active against targets in Asia. Andrea Little Limbago from Interos looks at Government access to data analysis. Our guest is Leon Gilbert from Unisys with data from their Digital Workplace Insights report. And scammers are baiting their hooks with Black...
Cyber conflict sputters in Ukraine? Kaseya delays VSA patch, offers assistance to REvils victims. US mulls retaliation for privateering. PrintNightmare patch. Another extradition run at Julian Assange.
Ukrainian government websites may have come under an unspecified cyberattack early this week. Kaseya delays its VSA patch until Sunday, and offers assistance to victims of VSA exploitation by REvil. The US continues to mull its response to Russia over REvil and Cozy Bear. A small electric utilitys business systems go offline after a ransomware attack. Microsoft continues to grapple with PrintNightmare. Caleb Barlow from CynergisTek on the changing Cyber Insurance landscape. Our guest is Kwame Yamgnane from Qwasar on how he seeks to inspire minority kids to code. And the US will try again to get Julian Assange extradited....
Kaseya works on patching VSA as Washington mulls retaliation and Moscow says it has nothing to do with it. Microsoft patches PrintNightmare. The Lazarus Group is back.
Kaseya continues to work on patching its VSA products. The US mulls retaliation for the Kaseya ransomware campaign, as well as for Cozy Bears attempt on the Republican National Committee and Fancy Bears brute-forcing efforts. (Russia denies any wrongdoing.) Current events phishbait. Microsoft patches PrintNightmare. Joe Carrigan looks at recent updates to Googles Scorecards tool. Our guest Umesh Sachdev of Uniphore describes his entrepreneurial journey. And the Lazarus Group is back, phishing for defense workers.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/129
Learn more about your ad choices. Visit megaphone.fm/adchoices
The Kaseya ransomware incident. Ransomware threats to industrial firms. Malicious Android apps stole Facebook credentials. The Tokyo Olympics and cyber risk.
Updates on the Kaseya ransomware incident, as REvil strikes again. Concerns about other ransomware attacks against industrial targets rise. Google expels credential-stealing apps from the Play Store. Online gamers draw various threat actors. Carole Theriault examines the elements that could put you in the crosshairs for ransomware. Ben Yelin has an update on the Facebook antitrust case. And the Tokyo Olympic Games will be on alert for cyberattacks.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/128
Learn more about your ad choices. Visit megaphone.fm/adchoices
Senior technical project manager Dwayne Price takes us on his career journey from databases to project management.Always fascinated with technology and one who appreciates the aspects of the business side of a computer implementations, Dwayne attended UMBC for both his undergraduate and graduate degrees in information systems management. A strong Unix administration background prepared him to understand the relationship between Unix administration and database security. He recommends those interested in cybersecurity check out the NICE Framework as it speaks to all the various different types of roles in cybersecurity, Dwayne prides himself on his communication skills and openness. We thank...
Malware in pirated Windows installation files. [Research Saturday]
Guest Tom Roter from Minera Labs joins Dave to discuss his team research: "Rigging a Windows Installation." It is common knowledge that pirated software might contain malware, yet millions still put themselves and their devices at risk and download from dubious sources. It is even more surprising to see the popularity of torrented operating system installations, which are ranked at the top of most torrent tracker ranking lists. Today we will prove conventional wisdom right and show off a devious, yet clever attack chain employed by an infected Windows 10 image, frequently shared and downloaded by tens of thousands of...
Mitigating PrintNightmare. New ransomware strains in circulation. Router firmware patched. Russia denies brute-forcing anyone. What the reinsurance rates tell us.
Mitigations for the PrintNightmare vulnerability are suggested. Wizard Spider has a new strain of ransomware in its toolkit. A new RagnarLocker strain is in circulation. NETGEAR patches router firmware. Russia reacts to US and US reports of a GRU brute-forcing campaign: Moscow says it didnt do it. Kevin Magee from Microsoft shares some of the tools he uses to keep himself and his team up to date. Our guest is Andrew Patel from F-Secure on how to prepare security teams for AI-powered malware. And a quick look at the true costs of cybercrime. For links to all of today's stories...
Large-scale GRU brute-forcing campaign in progress. IndigoZebra in Afghanistan. A ransomware gang scorecard. A cyber most-wanted list. Are the phone lines open?
US and British authorities warn of a large-scale GRU campaign aimed at brute-forcing its way into European and American organizations. Reports of a major cyberattack on German critical infrastructure appear very much exaggerated. IndigoZebra uses Dropbox in ministry-to-ministry deception aimed at the Afghan government. Currently active ransomware groups are profiled, and REvil is now going after Linux systems in addition to Windows machines. A cyber most-wanted, and priorities in a US Treasury campaign against money laundering. Malek Ben Salem looks at supply chain security. Our guest is Brandon Hoffman of Intel471 with insights on Chinas data underground. And, hey, its...
A look at some threats to ICS endpoints. EternalBlue remains a problem. US preparing attribution of the Microsoft Exchange Server hack. DoubleVPN seized. An arrest in the Gozi case.
A report on threats to industrial control systems is out, and it focuses on ransomware, coinjacking, and legacy malware. EternalBlue remains a problem. The US is preparing a formal attribution in the case of the Microsoft Exchange Server campaign. An international police operation has taken down DoubleVPN, and the authorities seem pretty pleased with their work. Joe Carrigan examines vulnerabilities in systems from Dell. Our guest is Vikram Thakur from Symantec on Multi-Factor Authentication evasion. And the guy who allegedly provided the Gozi banking malware with its bulletproof hosting has been collared in Bogota. For links to all of today's...
A look at the cybercriminal underground, its commodity tools, its rising gangs, how it recruits talent and affiliates, and even how it raises investments.
Legitimate tools are abused as commodity initial access payloads. Hades ransomware is circulating in some new sectors. Criminal markets are sharing more features with legitimate markets, including advertising, recruiting, and even funding rounds. Cybercrime uses cryptocurrency, but the key to success may be location more than technology. Ben Yelin describes insurance companies collaborating on cyber breach data collection. Our guest is Michael Osborn from Moody's on a recent rash of cyber attacks hitting higher education. And Denmarks central bank is reported to have been a victim of the SolarWinds compromise. For links to all of today's stories check out our...
Nobelium is back. A signed driver is gamer-focused malware. Idle hands. Third-party cloud risk. Bad practices. A net assessment of national cyber power.
The SVRs Nobelium appears to be back, this time with a less-than-fully successful cyberespionage campaign. The Netfilter driver is assessed as malware. Idle hands seem to make for more attacks against online gaming. Mercedes-Benz USA reports a data exposure incident. CISA starts to keep track of bad practices. The International Institute for Strategic Studies publishes a net assessment of national cyber power. Carole Theriault looks at the security implications of frictionless online commerce. Our guest is Clar Rosso from (ISC)2 with insights on Building Resilient Cybersecurity Teams. And Loki is a trickster, and his name is a lousy password. For...
Introducing Security Unlocked: CISO Series with Bret ArsenaultLeading an Inclusive Workforce: Emma Smith, Vodafone
Theres truth in the sentiment,teamwork makes the dream work.When team members dont feel includedorheard in their environment, theyre not going to do their best work,so itsup to managers, supervisors, and evenglobal security directorsto foster a workplace and culture that doesntallowanyonetobe silenced. On this episode,MicrosoftsCISO,Bret Arsenault,sits with his friend and peer, Emma Smith,Director ofGlobalCybersecurity for Vodafone. Throughout the conversation, theydiscussreturning to in-person work after over a year of being remote and some of the inherent difficulties that come withthe change,especially as they relate to inclusivity. In This Episode You Will Learn: How focusing on digital society, inclusion for all, and the...
Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]
Senior Program Manager for Governance, Risk and Compliance at Illumio, Maria Thompson-Saeb shares experiences that led to her career in cybersecurity. Interested in computers and not a fan of math, Maria opted for information systems management rather than computer science. She started her career as a government contractor. Once in the private sector, Maria moved into the Unix and Linux environments where she says "something that would totally change everything." She gained an interest in security and took it upon herself to train up and move into that realm. Maria notes it was not without roadblocks, but that being flexible...
Guest Yonatan Striem-Amit joins Dave to talk about Cybereason's research "Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities." The Cybereason Nocturnus Team responded to several incident response (IR) cases involving infections of the Prometei Botnet against companies in North America, observing that the attackers exploited recently published Microsoft Exchange vulnerabilities (CVE-2021-27065 and CVE-2021-26858) in order to penetrate the network and install malware. Yonatan shares his team's findings of the investigation of the attacks, including the initial foothold sequence of the attackers, the functionality of the different components of the malware, the threat actors origin and the bots infrastructure. The research can be...
REvil is back. Misconfiguration with major effect. Mining Monero. Judgments against market-rigging hackers. A FIN7 operator is sentenced.
REvil hits a Brazilian medical diagnostics company and a British fashion retailer. A misconfigured cloud database exposes millions of WordPress user records. A new cryptojacker is deploying XMrig to mine Monero. A judgment is issued against a hacker and one of the traders he worked with to trade securities on non-public information. Johannes Ullrich from SANS on server site request forgery and errors in validating IP addresses. Our guest is Tom Patterson from Unisys reacts to the DOJ launching a ransomware taskforce. A FIN7 operator is sentenced to seven years. For links to all of today's stories check out our...
Notes on current cyber criminal campaigns. Will Exercise Cyber Flag show the way toward an expedition to the virtual shores of a metaphorical Tripoli?
The ChaChi Trojan is out, about, and interested in educational institutions. Bogus free subscription cancellations figure in a social engineering campaign designed to get the victims to download BazarLoader. Ursnif is automating fraudulent bank transfers with Cerberus Android malware. The US Senate invites the Department of Defense to think of ransomware as analogous to piracy, and Defense says its thinking along those lines. And rest in peace, John McAfee.
For links to all of today's stories check out our CyberWire daily news briefing:
https://www.thecyberwire.com/newsletters/daily-briefing/10/121
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyberespionage, in Central Europe and South Asia. Iranian state media sites seized. Sale of inspection and tracing tools leads to an indictment in France. Cooperation, foreign and domestic.
ReverseRat looks like a state-run espionage tool active in South and Central Asia. The US Justice Department seizes thirty-three sites run by media aligned with the Iranian government. Poland offers more clarity on a cyberespionage campaign it attributes to Russia. An intercept and inspection companys executives are indicted for complicity with torture. NSA opens a Cybersecurity Collaboration Center for industry. Joe Carrigan examines Apples push to replace passwords. Our guest is Shehzad Merchant of Gigamon with a breakdown on security guidelines for hybrid cloud programs. And the FSB says it hopes for reciprocity. For links to all of today's stories...
Malicious Google ads lead to spoofed Signal and Telegram pages, and then on to malware. LVs REvil roots. Vulnerable defense contractors. And bogus AIS position reports in the Black Sea.
Malicious Google ads for Signal and Telegram are being used to lure the unwary into downloading an info-stealer. LV ransomware looks like repurposed REvil. A study of the US Defense Industrial Base finds that many smaller firms, particularly ones that specialize in research and development, are vulnerable to ransomware attacks. Rick Howard ponders how we categorize state sponsored cybercrime. Our guest is Sudheer Koneru from Zenoti on how data privacy impacts salons and spas. And its high noon in the Black Sea. Do you know where your warships are? For links to all of today's stories check out our CyberWire...
South Koreas nuclear research institute discloses cyberespionage incident. Norway attributes 2018 incident to China. Poland blames Russia for email hacking as NATO clarifies alliance cyber policy.
The South Korean nuclear research organization sustained an apparent cyberespionage incident. Norways investigation of its 2018 breach of government networks concludes that Chinas APT31 was behind it. Poland accuses Russia in a long-running email hacking case. Our guest is Mark Testoni from SAP NS2 on where the Justice Department should focus during its upcoming cyber review. Chris Novak of Verizon on financial vs. espionage breaches. NATO seeks to clarify its policies in cyberspace, including a recommitment to Article 5 and a revision of the Tallinn Manual. For links to all of today's stories check out our CyberWire daily news brief:...
Avi Shua: Try to do things by yourself. [CEO] [Career Notes]
CEO and co-founder of Orca Security Avi Shua shares his thoughts on ways to succeed in cybersecurity.Avi's excitement about cybersecurity began when he was 13 as he tried to think of ways to get around the school's network security. He joined the Israeli Army's Intelligence Unit 8200 and experienced some unique cybersecurity training programs that he would eventually come to teach. Learning to solve problems on your own is a skill Avi acquired and took into his professional career. In his current position, Avi works to advance Orca's mission. He loves that his company works to reduce friction and enables...
Primitive Bear spearphishes for Ukrainian entities. [Research Saturday]
Guests Gage Mele and Yury Polozov join Dave to talk about Anomali's research "Primitive Bear (Gamaredon) Targets Ukraine with Timely Themes." Anomali Threat Research identified malicious samples that align with the Russia-sponsored cyberespionage group Primitive Bears (Gamaredon, Winterflounder) tactics, techniques, and procedures (TTPs). Primitive Bear, known primarily to focus on Ukraine, has been very active in 2021. However, the themes of the samples Anomali found, as well as those shared by the security community, could also be used to target multiple former Union of Soviet Socialist Republic (USSR) countries. Anomali Threat Research found malicious .docx files being distributed by Primitive...
Notes from the underworld: phishing with hardware, DarkSide impersonation, and cyber vigilantes. Data incidents, and a conviction for a crypter.
Phishing, with a bogus hardware wallet as bait. Empty threats from a DarkSide impersonator. Cyber vigilantes may be distributing anti-piracy malware. Data security incidents at a cruise line and a US grocery chain. Malek Ben Salem from Accenture looks at optimizing security scanning.Our guest is Edward Roberts of Imperva on their 2021 Bad Bots Report. And a conviction for a crypter, with sentencing to follow.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/117
Learn more about your ad choices. Visit megaphone.fm/adchoices
The Russo-US summit ended in frank exchanges and the prospect of further discussions on cybersecurity. Ferocious Kitten tracked. Initial access brokers. Molerats return. Ransomware arrests.
The US-Russian summit took up cyber conflict, cyber privateering, and cyber deterrence, ending with the prospect of further discussions. Ferocious Kittens domestic surveillance. Ransomware gangs are using a lot of initial access brokers. The Molerats are back. Troubleshooting a wave of intermittent Internet interruptions. NSA offers advice on securing business communication tools. Ukrainian police arrest six alleged Clop gangsters. Andrea Little Limbago from Interos on bringing the private sector back into the defense equation. Our guest is Charles Herring of WitFoo, with the case for cybersecurity as an extension of law enforcement. Nine alleged ransomware hoods collared in Seoul. For...
Airline resolves IT issue. Paradise ransomware source code leaked. Unauthorized access to cameras possible. TSA pipeline cyber guidance under preparation. Russo-US summit. Anonymous extradition.
Southwest flights are back in the air after an IT issue disrupted them yesterday. Paradise ransomware source code has been leaked online. Some networked camera feeds may be accessible to unauthorized viewers. TSA is preparing a second, more prescriptive pipeline cybersecurity directive. The Russo-US summit is underway. Our guest is Jay Paz from Cobalt on bad actors targeting hackers. Joe Carrigan looks at malware hosted on Steam. And the face of Anonymous has been extradited from Mexico to the US. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/115 Learn more about your ad...
Disruption of a major BEC campaign. Scope of cyberespionage expands in Pulse Secure exploitation. What the Hades? Russo-US summitry. A more secure workforce. Reality Winner is out, sort of.
Microsoft disrupts a major BEC campaign. The scope of cyberespionage undertaken via exploitation of vulnerable Pulse Secure instances seems wider than previously believed. Secureworks offers an account of Hades ransomware, and differs with others on attribution. Final notes during the run-up to tomorrows US-Russia summit, where cyber will figure prominently. Helping employees stay secure. Carole Theriault wonders if the internet of things is becoming the internet of everything. Ben Yelin weighs in on the Supreme Courts ruling affecting the Computer Fraud and Abuse Act. And Reality Winner has been released to a halfway house. For links to all of today's...
Third-party data breach at Volkswagen. An anti-monopoly agenda with Big Tech in its crosshairs. Recovery ransom. How EA was hacked. Avaddon gives up its keys. Gamekeeper turned poacher?
Volkswagen warns North American customers of a third-party data breach. An anti-monopoly agenda advances in the US House Judiciary Committee. Speculation about how the FBI recovered ransom from DarkSide. How EA was hacked. Is Avaddon going out of business? Craig Williams from Cisco Talos explains why theyre calling some cyber criminals privateers. Rick Howard shares thoughts on professional development. And a strange case of a gamekeeper turned poacher (allegedly).
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/113
Learn more about your ad choices. Visit megaphone.fm/adchoices
Margaret Cunningham: A people scientist with a technology focus. [Behavioral science} [Career Notes]
Principal Research Scientist for Human Behavior at Forcepoint, Margaret Cunningham shares her story of how she landed in cybersecurity. With a background in psychology and counseling and not feeling that one-on-one counseling was her thing, Margaret had a transformational moment in her PhD program in applied experimental technology when she realized she could "provide helping services and good work services at a broader scale." Margaret found her professional footing at DHS's Human Systems Integration Branch of Science and Technology Department as the person who figured out how to measure how new technologies impacted human performance.Margaret points out that making connections...
Taking a look behind the Science of Security. [Research Saturday]
Guest Adam Tagert is a Science of Security (SoS) Researcher in the National Security Agency Research Directorate. The National Security Agency (NSA) sponsors theScience of Security (SoS)Initiative for the promotion of a foundational cybersecurity science that is needed to mature the cybersecurity discipline and to underpin advances in cyberdefense.Adam works in all aspects of SoS particularly in the promotion of collaboration and use of foundational cybersecurity research. He promotes rigorous research methods by leading the Annual Best Scientific Cybersecurity Paper Competition. Adam joins Dave Bittner to discuss the NSA's SoS Initiative and their Science of Security and Privacy 2021 Annual...
Diplomatic Backdoor targets charities, embassies, and telcos in Europe, Africa, and Southwest Asia. Fancy Lazarus and DDoS extortion. Slilpp credential market takedown. A data gap? Cyber regulation.
Diplomatic Backdoor afflicts Africa, Europe, and Southwest Asia. Electronic Arts source code stolen. Fancy Lazarus is back: despite the name, its an extortion gang, not an espionage service. An international law enforcement action takes down a credential market. Making good data available for AI research. Theres a growing appetite for cyber regulation in Washington. Thomas Etheridge from CrowdStrike looks at protecting cloud data, and Matt Chiodi of Palo Alto Networks' Unit 42 has highlights from their Cloud Threat report. And hold that side order of fries - a McBreach is disclosed. For links to all of today's stories check out...
Deciding to pay ransom - the cases of JBS and Colonial Pipeline. Gangland branding. Constituent management system hit. Notes on the FBIs partial recovery of DarkSides ransom take.
JBS discloses that it paid REvil roughly eleven-million dollars in ransom. REvil not only had a good haul, but the gang made a few points about its brand, too. Colonial Pipeline explains, and defends, its decision to pay ransom. The US Congress has a third-party problem that constituents may or may not notice. Dan Prince from Lancaster University on the science of cybersecurity. Our guest is Kris McConkey from PwC on their Cyber Threats 2020 - Report on the Global Threat Landscape. The FBIs recovery of some of the ransom Colonial Pipeline paid to the DarkSide was good, but it...
Chinese cyberespionage in Russia? US Executive Order rescinds TikTok, WeChat bans. Operation Trojan Shield. Privateering. NATOs Article 5 in cyberspace. Patch Tuesday notes.
SentinelOne attributes the cyberespionage campaign against Russias FSB to Chinese services. President Biden replaces his predecessors bans on TikTok and WeChat with a process of engagement, security reviews, and data protection. More on the FBI-led Operation Trojan Shield. Privateering, again. NATOs Article 5 in cyberspace. Joe Carrigan weighs in on recent high profile cyber incidents. Our guest is Shashi Kiran from Aryaka on their 2021 State of the WAN report. And notes on Patch Tuesday.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/110
Learn more about your ad choices. Visit megaphone.fm/adchoices
FBI claws back a lot of the ransom DarkSide collected. An international dragnet uses an encrypted chat app to pull in more than 800 suspects. Navistar discloses a cyber incident.
The FBI seized a large portion of the funds DarkSide obtained from its extortion of Colonial Pipeline. An international sweep stings more than eight-hundred suspected criminals who were caught while using an encrypted chat app law enforcement was listening in on. CISA advises users to update their VMware instances. A new phishing campaign distributes Agent Tesla. Ben Yelin examines renewed controversy surrounding Clearview AI. Our guest is Aimee George Leery from Booz Allen on the challenging intersection of secure spaces and work from home. And a major truck maker discloses a cyber incident. For links to all of today's stories...
Dark Sides way into Colonial Pipeline networks may have been an old VPN. Summit agenda. DDoS hits German banks. Anonymous angry with Elon Musk? Alleged Trickbot coder arraigned.
Dark Side seems to have attacked Colonial Pipeline through an old VPN account. Washington and Moscow prepare for this months summit, with cyber on the agenda. DDoS affects German banks. Anonymous may be back, and out to bring to book those who would troll Bitcoiners. Rick Howard looks at process management in security. David Dufour from Webroot on lessons learned from Exchange Server vulnerabilities. And one of Trickbots alleged authors has been arrested and arraigned on multiple charges in a US Federal court. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/108 Learn more...
Dave Farrow: The guy that enabled the business. [Security leadership] [Career Notes]
VP of Information Security at Barracuda Dave Farrow shares how a teenage surfer fell in love with software development and made his way in the cybersecurity field. Dave chose to study electrical engineering in college because he wanted to learn something that didn't make sense to him. He says he's done things in his career that he said he'd never do: for example, he went into and fell in love with software development. Taking on leadership of a bug bounty program at Barracuda blossomed into the creation of an internal security team. Dave wants to be the guy who enables...
Bad building blocks: a new and unusual phishing campaign. [Research Saturday]
Guest Karl Sigler of Trustwave's SpiderLabs joins Dave Bittner to talk about their research: "Hidden Phishing at Free JavaScript Site". The research describes an interesting phishing campaign SpiderLabs encountered recently. In this campaign, the email subject pertains to a price revision, followed by some numbers. There is no email body, but there is an attachment about an investment. The attachments convoluted filename contains characters the file-naming convention doesnt allow, notably the vertical stroke, |. Even though "xlsx" is in the filename, double-clicking the attachment will prompt the user to open it with the default web browser. Thus, the file indeed...
Advice on ransomware from the US National Security Council. JBS announces its recovery from the REvil attack. Cyber diplomacy (and maybe retaliation). Ransomware-themed phishbait.
JBS recovers from its REvil ransomware attack, and this and other apparent instances of privateering will figure among the agenda at the upcoming US-Russia summit. (The US is said to be mulling retaliation.) The White House issues general advice on preparing for ransomware attacks. The Tokyo Olympic committee suffers a data breach. Ransomware may have interrupted some media livestreaming yesterday. Attribution in the MTA attack. Dinah Davis from arctic wolf helps prevent your SOC from becoming ineffective. Carole Theriault warns of data privacy leaks in online home tours. And ransomware-themed phishbait. For links to all of today's stories check out...
FBI fingers REvil as the gang behind the JBS ransomware. Privateering may come up at the US-Russian summit. Ransomware at regional transportation operations. Cyberespionage in Southeast Asia.
Evil, your name is REvil, except when its Sodinokibi. Thats what the Bureau says about the JBS ransomware attack, anyway. The US is expected to make strong objections to Russian cyber privateering at the upcoming summit. Other ransomware incidents are disclosed by regional transportation operators. A possible Mustang Panda sighting. Andrea Little Limbago from Interos on cyber related executive orders. Our guest is Terry Halvorsen from IBM on the need for investment, research and collaboration in preventing quantum cyberattacks. And mommas, dont let your babies grow up to be DDoS jockeys. For links to all of today's stories check out...
The big ransomware incident in the food-processing sector. US authorities seize domains used in Nobeliums USAID impersonation campaign. Siemens addresses PLC vulnerabilities.
Food processing is also vulnerable to ransomware: the case of multi-national meat-provider JBS. The US and Russia are in communication about the possibility that the criminals responsible for the JBS incident might be harbored in Russia. Domains used in the USAID impersonation campaign have been seized by the US Justice Department. Our guest is Melissa Gaddis from TransUnion with results from their Global Consumer Pulse study. Joe Carrigan looks at criminals abusing online search ads. Siemens addresses a critical issue in its PLCs. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/105 Learn more...
Saboteurs trying to look like crooks? CISA on the USAID phishing incident. US receives criticism for alleged surveillance of allies. Epsilon Red is out. No weed, just alt-coin.
Irans wiper attacks may have been posing as criminal gang capers. CISA issues an alert on the USAID Constant Contact credential compromise. European governments express concern over reports of US surveillance (enabled, allegedly, by Danish organizations). Epsilon Red ransomware is out and active. Ben Yelin looks at Florida Governor DeSantis bill aimed at Social Media companies. Our guest is Giovanni Vigna from VMware with highlights from their 2020 Threat Landscape Report. And police come looking for cannabis farming and find coin-mining rigs instead. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/104 Learn more...
Zero trust: a change in mindset. [Special Editions]
Guest Lenny Zeltser, CISO of Axonius, sits down with the CyberWire's CSO and Chief Analyst Rick Howard to discuss one of Rick's favorite topics, zero trust. Lenny shares his views on this cybersecurity first principle, taking into account changes in mindsets during the COVID-19 pandemic that have necessitated many to move toward zero trust.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Baan Alsinawi: Trust ourselves and be courageous. [Compliance] [Career Notes]
Managing Director at Cerberus Sentinel, Chief Compliance Officer and the President of TalaTek, Baan Alsinawi shares her cybersecurity journey from a teenager who wanted to understand computers and held several positions in IT from help desk to systems engineering and cybersecurity. Founding her own business focusing on compliance, Baan says she spends maybe only 20% of her day on technical tasks and that there is always so more to do. Finding the right people for her team is a marker of success for Baan. She talks of the importance of sharing the sense of community of women in technology and...
Big data, big payoff for China's cybercrime underground. [Research Saturday]
Guest Brandon Hoffman of Intel 471 joins Dave Bittner to share his team's research "How Chinas cybercrime underground is making money off big data". Through Intel 471s observation and analysis of open source information and behavior on multiple closed forums, they found actors adopting the use of legitimate big data technology for cybercrime and monetizing the data they obtain on the Chinese-language underground. The behavior Intel 471 analyzed points to a cycle that involves several different layers of cybercriminals, the use of insider information, and unwitting victims in order to earn ill-gotten gains. The schemes themselves proliferate partly due to...
A phishing campaign poses as USAID. APTs exploit unpatched Pulse Secure and Fortinet instances. Healthcare organizations continue recovery from ransomware. A look at Criminal2Criminal markets.
A phishing campaign this week appears to be the work of Russias SVR. Chinese government threat actors continue to exploit unpatched Pulse Secure instances. FBI renews warnings about unpatched Fortinet appliances. Healthcare organizations still work to recover from ransomware. Rick Howard speaks with author Andy Greenberg on his book Sandworm. Ben Yelin weighs in on questions Senator Wyden has for the Pentagon. And a look at the criminal ransomware market, including the consultants who serve the extortionists.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/103
Learn more about your ad choices. Visit megaphone.fm/adchoices
Impersonation campaign targets Chinas Uyghur minority. US DHS issues pipeline cybersecurity requirements. Recovering from ransomware. Notes on privateering.
Chinese-speaking operators are reported to be phishing to compromise devices belonging to Uyghurs. The US Department of Homeland Security issues pipeline cybersecurity regulations. Security companies take various approaches to offering decryptors against ransomware. Huawei would like to chat with President Biden. Rick Howard speaks with authors Peter Singer and Emerson Brooking on their book "LikeWar - The Weaponization of Social Media". Our guest is Darren Shou of NortonLifeLock on the findings of the 6th annual Norton Cyber Safety Insights Report. And a few notes on privateers, then and now, whether on High Barbaree or the dark net. For links to...
Cybersespionage reported in Belgium. Low-sophistication attacks on OT networks. Healthcare ransomware attacks. Privateering defined. Advice for boards. And news of crime.
Hafnium visits Belgium. Low-sophistication attacks on operational technology. Updates on healthcare sector ransomware attacks in New Zealand and Ireland. Wipers masquerading as ransomware. Privateers are defined as a new category of threat actor. TSAs new standards for pipeline security. The World Economic Forum has advice for Boards in the oil and gas sector. Rick Howard interviews Liza Mundy on her book "Code Girls - The Untold Story of the American Women Code Breakers Who Helped Win World War II". Joe Carrigan describes fraudulent search engine ad buys. And as one criminal is sentenced, eight more are arrested. For links to...
CryptoCore traced to Pyongyang. Ransomware and risk management. Gangs regroup. A would-be hacker-by-bribery is sentenced in Nevada.
The CryptoCore campaign that looted cryptocurrency exchanges is said to have been the work of North Koreas Lazarus Group. Insurers are taking a hard look at ransomware and the cyber insurance policies that might cover it. Managing ransomware risk, and a role for standards bodies. Can there be such a thing as responsible disclosure of decryptors and other remediation tools? Ransomware gangs regroup. Perry Carpenter previews the new 8th Layer Insights podcast. Rick Howard speaks with authors Doug Barth and Evan Gilman. And its time served plus deportation in the case of an unsuccessful hacker. For links to all of...
Ransomware warnings in Ireland, New Zealand, Germany, and the US. Belgiums new cybersecurity strategy. A tipline to dime out cryptominers. Air India passenger data breach.
Ransomware warnings in the US, Ireland, New Zealand, and Germany--healthcare organizations are said to be at particular risk. Belgium adopts a new cybersecurity strategy. China isnt happy with freelance cryptominers. Air India sustains a third-party breach of passenger personal data. An FBI analyst is indicted for mishandling classified material. Rick Howard previews this weeks CSO Perspective podcast and kicks off cybersecurity canon week with author Perry Carpenter. And happy birthday, US Cyber Command.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/99
Learn more about your ad choices. Visit megaphone.fm/adchoices
Michael Bishop Jr.: Good, bad or indifferent. [Security] [Career Notes]
Senior Security Officer at Centers for Medicare and Medicaid Services Michael Bishop Jr. shares his journey from Army infantryman deployed to Iraq to working in cybersecurity. After 12 years in the U.S. Army, Mike found himself in a rough spot. Looking for work and having some personal challenges, Mike's mentor, an Army officer he met while enlisted, recognized Mike's struggles and helped to nudge him toward cybersecurity. Mike credits his mentor with helping him transition to where he is today. Undergoing training for cybersecurity, he was tested in many areas and found the route he wanted to go. We thank...
Leveraging COVID-19 themes for malicious purposes. [Research Saturday]
Guest Joe Slowik joins us from DomainTools to discuss his team's research "COVID-19 Phishing With a Side of Cobalt Strike." Multiple adversaries, from criminal groups to state-directed entities, engaged in malicious cyber activity using COVID-19 pandemic themes since March 2020. Adversaries continue to leverage the pandemic, arguably the most significant issue globally as of this writing, in various ways. Yet the most persistent avenue remains using COVID-19 themes for building malicious document files. Examples include lures associated with Cloud Atlas-linked activity and broader targeting of health authorities. Given the continued significance of the pandemic and persistent use of pandemic themes...
DarkSide still more-or-less dark. Updates on Colonial Pipeline and HSE ransomware attacks. CNA said to have paid $40 million in ransom. Cyber privateers and cyber mercenaries.
The US remains officially mum on whether it took down DarkSide, but it still looks as if the ransomware gang absconded on its own. Colonial Pipeline now faces legal fallout from its ransomware incident. Speculation about how states might handle cyber privateering. Contis attack on HSE is described as catastrophic. Russia says it was hit by foreign cyber mercenaries last year. Craig Williams from Cisco Talos explains Discord abuses. Our guest is Jon Ford from Mandiant on their M-Trends 2021 report. And CNA pays cyber extortionists $40 million. For links to all of today's stories check out our CyberWire daily...
DarkSide: absconding, rebranding, or retiring to a life of penitence? (Probably the first two.) Israeli airstrikes said to target Hamas cyber ops centers. Apps behaving badly. Notes on phishbait.
Did DarkSide really see the light and shut down, with a sincere promise of reform and restitution, or is the gang just rebranding? Researchers look at DarkSide ransomware and find complexity and sophistication. Israel says airstrikes in Gaza were intended to take out Hamas cyber ops facilities. Poor practices seem to have exposed data of millions of Android app users. Phishing from call centers and cloud services. David Dufour from Webroot looks at hacker psychology. Our guest is Rob Price from Snow Software on Shadow IT. And who dunnit to SolarWinds? Not the intern. For links to all of today's...
Updates on the Colonial Pipeline incident, and other ransomware incidents. A watering hole for water utilities. Credential harvesting, cryptojacking, and banking Trojans.
Colonial Pipeline corrected yesterdays IT glitch, and its CEO explains the decision to pay the ransom. A rundown of recent ransomware activity. A watering hole for water utilities? Credential harvesting and cryptojacking in the cloud. A banking Trojan spreads from Brazil to Europe. Joe Carrigan looks at keyboard biometrics. Our guest Dotan Nahum from Spectral on shifting left in security development. And the metaphysics of attribution.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/96
Learn more about your ad choices. Visit megaphone.fm/adchoices
WastedLocker being distributed in RIG campaign. Investigation of the DarkSide attack on Colonial Pipeline. More ransomware gangs go offline. Double encryption. Third-party stalkerware risk.
A new RIG campaign is distributing WastedLocker. The US Congress considers two bills informed by the Colonial Pipeline incident, and Congressional committees are looking at the companys response to the attack. More ransomware gangs go offline, but Conti is still trying to collect from the Irish government. Double encryption appears to be an emerging trend in ransomware. Ben Yelin looks at insurance companies clamping down on ransomware payments. Our guest is Nick Gregory of Capsule8 with thoughts onthe Linux security landscape. And theres another problem with stalkerware: third-party risk. For links to all of today's stories check out our CyberWire...
Japan calls out China for cyberespionage. Colonial Pipeline restores service. Wither the DarkSide? Conti hits Irish health organizations, and Avaddon strikes AXA.
Japan calls out China for cyberespionage. Colonial Pipeline restores service, as organizations look to their own vulnerability to ransomware. The DarkSide gang may have said its going out of business, but its at least as likely, probably likelier, that theyre either rebranding or absconding. Two other gangs are in business: Conti is hitting Irish health organizations, and Avaddon says it compromised insurer AXA. (AXE-uh) Rick Howard looks at new responsibilities for CISOs. Our guest is Samantha Madrid of Juniper Networks on establishing automation and security integrations seamlessly. And a spy gets fifteen years in a US prison. For links to...
Zeroing in on zero trust. [CyberWire-X]
The Zero Trust security model asserts that organizations should not trust anything within its perimeters and instead must inspect every traffic and verify anything connecting to its systems before granting access. While Zero Trust is generating a lot of buzz in the cyber world, its often hard to determine the implications of this security model. In this episode of CyberWire-X, guests will discuss the origins of the model, cut through the hype, and discuss what you really need to know to design, implement, and monitor an effective Zero Trust approach. John Kindervag of ON2IT Cybersecurity, also known as the "Creator...
Dominique West: Security found me. [Strategy] [Career Notes]
Technical account manager Dominique West takes us on her career journey from engineering to cybersecurity.Even though her undergraduate degree was in information systems, Dominique did not learn about cybersecurity until she personally experienced credit card fraud. She had a range of positions from working the help desk in an art museum to vulnerability management and cloud security. Dominique mentions remembering feeling isolated as the only black person and one of few women in many situations. These experiences spurred her into action to create Security in Color to help others navigate their way into cybersecurity and share resources are available to...
Jack Voltaic: Army Cyber Institute's critical infrastructure resiliency project, not a person. [Research Saturday]
Guest LTC Erica Mitchell from Army Cyber Institute joins us to talk about their infrastructure resiliency research project called Jack Voltaic. The Army Cyber Institutes (ACIs) Jack Voltaic (JV) project enables the institute to study incident response gaps alongside assembled partners to identify interdependencies among critical infrastructure and provide recommendations. JV provides an innovative, bottomup approach to critical infrastructure resilience in two unique ways. Whereas most federal efforts to improve resiliency focus on regional or multistate emergency response, JV focuses on cities and municipalities where critical infrastructure and populations are most heavily populated. Furthermore, JV deviates from other cybersecurity and...
Ransomware hoods and their enablers may be feeling some heat. Supply chain compromise and third-party risk. Colonial Pipeline resumes deliveries (but paid ransom to no avail).
DarkSide says its feeling the heat and is going out of business, but some of its affiliates are still out and active, for now at least. A popular hackers forum says it will no longer accept ransomware ads. The Bash Loader supply chain compromise afflicts another known victim. Colonial Pipeline resumes delivery of fuel. Irresponsible disclosure of vulnerabilities hands attackers a big advantage. Carole Theriault looks at NFTs. Joe Carrigan wonders about the return on your ransomware payment investment. And theres a lot of Amazon-themed vishing going on out there. For links to all of today's stories check out our...
The US Executive Order on cybersecurity is out. Colonial Pipeline, its security and response under scrutiny, resumes deliveries. Verizons DBIR is out.
The US Executive Order on Improving the Nations Cybersecurity is out. Colonial Pipeline partially resumed delivery of fuel yesterday evening, as its preparation for and response to the cyberattack it sustained receive scrutiny. The DarkSides extortion of the US pipeline company seems likely to prompt regulatory revision. DarkSide operators say theyve gotten busy against other targets. Our own Rick Howard speaks with Aaron Sant-Miller, Chief Scientist at BAH, on developments in artificial intelligence. And Verizons Database Investigations Report is out. I check in with Verizons Chris Novak for highlights from the DBIR. For links to all of today's stories check...
The security industry looks at DarkSide ransomware. CISA offers advice on defense and recovery. A new banking Trojan is out. Deprecated protocols remain in use. A quick look at Patch Tuesday.
FireEye provides an overview of the DarkSide ransomware-as-a-service operation. Forcepoint suggests a connection between DarkSide and other ransomware gangs, notably REvil. Colonial Pipeline continues its recovery efforts from the cyber attack it sustained. As ransomware grows more common, CISA offers advice on how to prepare defenses. A new Android banking Trojan is in circulation. Cecelia Marinier from RSA on the RSAC Innovation Sandbox. Bret Arsenault from Microsoft previews his new Microsoft CISO podcast. And yesterday, of course, was Patch Tuesday. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/91 Learn more about your ad...
Ransomware: DarkSide, Avaddon, and Baduk. 5G threat vectors. Crytpojacking unpatched Exchange Servers. Bogus Chrome app. An espionage trial approaches sentencing.
Updates on the DarkSide ransomware attack on Colonial Pipeline. Other ransomware strains, including Avaddon and Babuk are out, and dangerous. Guidelines on 5G threat vectors. Lemon Duck cryptojackers are looking for vulnerable Exchange Server instances. A bogus, malicious Chrome app is circulating by smishing. Ben Yelin examines an online facial recognition platform. Our guest is Mathieu Gorge of VigiTrust on the privacy risks of video and audio recordings. And an update on an espionage trial.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/90
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ransomware disrupts pipeline operations in the Eastern US. Other ransomware attacks reported by US municipal and Tribal governments. UK-US advisory on SVR TTPs. SolarWinds update.
Colonial Pipeline shuts down some systems after a ransomware attack, disrupting refined petroleum product delivery in the Eastern US. Well check in with Sergio Caltagirone from Dragos for his analysis. Other ransomware attacks hit city and Tribal governments. Joint UK-US alert on SVR tactics issued, and the SVR may have changed its methods accordingly. SolarWinds revised downward its estimate of the number of customers affected by its compromise. Rick Howard previews his CSO Perspectives podcasts on risk metrics. Four guilty pleas in bulletproof hosting RICO case. For links to all of today's stories check out our CyberWire daily news brief:...
Street cred: increasing trust in passwordless authentication. [CyberWire-X]
Good security gets out of the way of users while getting in the way of adversaries. Passwords fail on both accounts. Users feel the pain of adhering to complex password policies. Adversaries simply copy, break, or brute-force their way in. Why, then, have we spent decades with passwords as the primary factor for authentication?From the very first theft of cleartext passwords to the very latest bypass of a second-factor, time and again improvements in defenses are met with improved attacks. The industry needs to trust passwordless authentication.What holds us back from getting rid of passwords? Trust. In this episode of...
Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture] [Career Notes]
VP of Global Solutions Architecture at eSentire Tia Hopkins shares her career journey and talks about its beginnings in engineering and pivots into cybersecurity leadership. Tia shares how she liked to take things apart when she was young, including the brand new computer her mother bought her and how she was fascinated by all the pieces of it spread all across her bedroom floor.As she started studying engineering, Tia learned she was more of a technologist than an engineer. Tia got her start in technology without completing her formal education by what she says is "grit and right place, right...
SUPERNOVA activity and its possible connection to SPIRAL threat group. [Research Saturday]
Guest Mike McLellan from Secureworks joins us to share his team's insights about SUPERNOVA and threat group attribution. Similarities between the SUPERNOVA activity and a previous compromise of the network suggest that SPIRAL was responsible for both intrusions and reveal information about the threat group. In late 2020, Secureworks Counter Threat Unit (CTU) researchers observed a threat actor exploiting an internet-facing SolarWinds server to deploy the SUPERNOVA web shell. Additional analysis revealed similarities to intrusion activity identified on the same network earlier in 2020, suggesting the two intrusions are linked. CTU researchers attribute the intrusions to the SPIRAL threat group....
CISA on FiveHands. Connections among cybergangs, Russian intelligence services? Software supply chain security. Scripps Health incident update. Home routers. Ryuk hits research institute.
CISA outlines the FiveHands ransomware campaign. Circumstantial evidence suggests that some cybergangs are either controlled by or are doing contract work for Russian intelligence services. US Federal agencies turn their attention to software supply chain security. Scripps Health continues its recovery from cyberattack. Insecure home routers in the UK. Daniel Prince from Lancaster University has thoughts on cybersecurity education. Our guest Rupesh Chokshi from AT&T has suggestions for organizations who want to get SASE, but dont know where to begin. And Ryuk ransomware throws a wrench in research at a European biomedical institute. For links to all of today's stories...
Some possible insight into what a Chinese cyberespionage unit is up to. Hackathons, from Beijing to Washington. Panda Stealer is after crypto wallets. And Peloton deals with a leaky API.
Some possible insight into what a Chinese cyberespionage unit is up to. Hackathons, from Beijing to Washington (the one sponsored by Beijing developed an iPhone zero-day used against Chinas Uyghurs). Panda Stealer is after crypto wallets. Microsoft's Kevin Magee reflects on lessons learned in the last year. Our own Rick Howard speaks with Todd Neilson from World Wide Technology on Zero Trust. And Peloton deals with a leaky API.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/87
Learn more about your ad choices. Visit megaphone.fm/adchoices
DDoS interrupts Belgiums parliament. New malware in the wild. Spies and crooks work around MFA, OAuth. COVID-19 scam site takedown. Online election fraud (in a homecoming queen election).
Belgium sustains a DDoS attack that knocks parliamentary sessions offline. New malware strains identified in phishing campaign. Threat actors look for ways of working around multi-factor authentication and open authentication. COVID-19 scams continue online, and attract law enforcement attention. Joe Carrigan describes a compromised password manager. Our guests are Linda Gray Martin & Britta Glade from RSA with a preview of this years RSAC conference. And how secure was your high schools election for homecoming court.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/86
Learn more about your ad choices. Visit megaphone.fm/adchoices
VPN vulnerability exploited for cyberespionage closed. IT security incident at medical system. Android banking Trojans and cryptocurrency. Cyber threats to the Tokyo Olympics.
Pulse Secure patches its VPN, and CISA for one thinks you ought to apply those fixes. Apple has also patched two zero-days in its Webkit engine. Scripps Health recovers from whats said to be a ransomware attack. Researchers describe Genesis, a criminal market for digital fingerprints. Ben Yelin described a grand jury subpoena for Signal user data. Our guest is Ryan Weeks from Datto on the need for cyber resilience in the MSP community. And Japan works on cybersecurity for this summers upcoming Olympic Games. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/85...
Data exposure reported in the Philippines. FISA targets down during the pandemic. Babuk changes its focus. New variant of the Buer loader in the wild. US Justice Department reviews its cyber strategy.
Possible data exposure at the Philippines Office of the Solicitor General. In the US, FISA surveillance targets dropped during 2020s pandemic. The Babuk gang says its giving up encryption to concentrate on doxing. A new version of the Buer loader is out in the wild. Rick Howard looks at security in the energy sector. Betsy Carmelite from Booz Allen Hamilton on telemedicine security concerns. The US Justice Department undertakes a review of its cybersecurity policies and strategy.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/84
Learn more about your ad choices. Visit megaphone.fm/adchoices
Jim Zufoletti: Building your experience portfolio. [Entrepreneur] [Career Notes]
CEO and co-founder of SafeGuard Cyber Jim Zufoletti shares his journey starting out as an intrepreneur and transformation into a serial entrepreneur in cybersecurity.Jim shares how he got his feet wet working for others as an intrepreneur and catching the entrepreneurial bug in the mid-90s. He has co-founded a number of companies starting with FreeMarkets, a B2B ecommerce company. After that went public and Jim moved on, he went to business school at the University of Virginia and crossed paths with his future co-founder of SafeGuard Cyber. At UVA, Jim was inspired by a professor who exposed him to the...
A snapshot of the ransomware threat landscape. [Research Saturday}
Guest Jen Miller-Osborn from Palo Alto Networks' Unit 42 joins Dave to discuss their 2021 Unit 42 Ransomware Threat Report, which highlights a surge in ransomware demands based on a global analysis of the threat landscape in 2020. To evaluate the current state of the ransomware threat landscape, the Unit 42 threat intelligence team and the Crypsis incident response team collaborated to analyze the ransomware threat landscape in 2020, with global data from Unit 42 as well as US, Canada, and Europe data from Crypsis. The report details the top ransomware variants, average ransomware payments, ransomware predictions, and actionable next...
Investigating VPN exploits, and the crooks and spies who use them. BadAlloc afflicts OT. Notes on cyberespionage. The criminal market for deepfakes.
The US Government expands its investigation into Pulse Secure VPN compromises. Microsoft discloses its discovery of BadAlloc IoT and OT vulnerabilities. Someones distributing Purple Lambert spyware. Chinese intelligence services seem to be backdooring the Russian defense sector. Financially motivated criminals are exploiting SonicWall VPN vulnerabilities. A look at the emerging criminal market for deepfakes. Josh Ray from Accenture Security on Why Cybersecurity Community Service Matters. Our guest Manish Gupta of ShiftLeft looks at cyber attacks on the CI/CD pipeline. And the World Health Organization attracted impersonators early this month. Again. For links to all of today's stories check out our...
Buggy APIs may expose credit scores. Dealing with ransomware. Iran-Israeli tensions are up. Russia says it will always see the Americans coming. Surge cyber capacity. NSAs advice on OT security.
An API bug may have exposed credit ratings. A study offers advice for the new anti-ransomware task forces emerging in the US and elsewhere. Israelis warned to keep their cyber-guard up on Quds Day next week. Russia says it would spot any US cyberattack before it hit. The US Congress considers establishing surge cyber response capacity. Dinah Davis from Arctic Wolf has tips on preventing RDP attacks. Rick Howard speaks with Rehan Jalil from Securiti on GDPR. NSA offers advice for security OT networks. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/82 Learn...
More intelligence on Ghostwriter, and a convergence of hacking and influence operations. Naikon APT has a new backdoor. FluBot returns. MAPP reconsidered. Defense counsel on Cellebrite.
Ghostwriter is back, and has moved its chaos troops against fresh targets in Poland and Germany. The Naikon APT has a new secondary backdoor. FluBot, temporarily inhibited by police raids, is back, and expanding its infection of Android devices across Europe. Microsoft is rethinking how much, and with whom, it wants to share vulnerability information. Joe Carrigan examines a phone scam targeting Amazon Prime customers. Our guest is Tzury Bar Yochay of Reblaze on open-source software and scalability. And Signals discovery of Cellebrite issues is finding its way into court. For links to all of today's stories check out our...
The FBI and CISA take a look at the SVR, and offer advice for potential targets. Openness and information warfare. OPSEC and privacy. Babuk hits DC police. Social engineering notes.
FBI, CISA, detail SVR cyber activities. Nine US Combatant Commands see declassification as an important tool in information warfare. A convergence of OPSEC and privacy? Apple fixes a significant Gatekeeper bypass flaw. Babuk ransomware hits DC police. A new twist in credential harvesting. Ben Yelin considers the FTCs stance on racially biased algorithms. Our guest Tony Howlett from SecureLink tracks the evolution of threat hunting. And that was no hack; it was just a careless tweet.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/80
Learn more about your ad choices. Visit megaphone.fm/adchoices
Prankers on Zoom, with convincing video. Emotet takedown. US response to SolarWinds reviewed. Cancer therapy disrupted by attack on cloud provider. Oscar phishing.
Zoom prankers deceive European members of parliament with a deepfake video call. A password manager is compromised. Europol took a good whack at Emotet yesterday, removing the botnets malware from infected machines. US response to the Holiday Bear campaign receives cautious good reviews. A cyberattack interferes with cancer treatments. Caleb Barlow from CynergisTek on emergency notification systems. Rick Howard previews the latest CSO Perspectives podcast focused on the healthcare vertical. And movie-themed phishbait chummed the waters around yesterdays Oscars. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/79 Learn more about your ad choices....
Senior security researcher from Secureworks Marcelle Lee shares her career journey into cybersecurity and how she helps solve hard problems in her daily work. Marcelle came into cybersecurity not through any traditional path. She describes her route from a different field and starting in cyber at her local community college through a grant program. Marcelle took full advantage of the opportunities she had and grew her career from there. She recommends finding your specialty, but continue to build other skills. As a woman in the field, she is a strong proponent of diversity and encouraging others to find what excites...
Channeling the data avalanche. [CyberWire-X]
Proliferation of data continues to outstrip our ability to manage and secure data. The gap is growing and alarming,especially given the explosion of non-traditional smart devices generating, storing, and sharing information. As edge computing grows, more devices are generating and transmitting data than there are human beings walking the planet. High-speed generation of data is here to stay. Are we equipped as people, as organizations, and as a global community to handle all this information? Current evidence suggests not. The International Data Corporation (IDC) predicted in its study, Data Age 2025, that enterprises will need to rely on machine learning,...
Bulletproof hosting (BPH) and how it powers cybercrime. [Research Saturday]
Guest Jason Passwaters of Intel 471 joins us to discuss his team's research into bulletproof hosting (BPH). The research team at Intel 471 defined what a typical BPH service offers and how these services can be stopped in order to limit the damage they have on enterprises, businesses and digital society itself. They examined some popular malware families that actors host or leverage via BPH services. While much more goes into a cybercriminals full operation, it would be vastly more difficult to pull off without the ability to host malware and be free from impunity. Finally, they listed of some...
Three ransomware gangs up their game. The US Postal Inspection Services Internet Covert Operations Program. GCHQ warns of dependence on Chinese tech. Undersea cable security.
Ransomware operators begin timing their releases for more reputational damage. Another gang is equipping its ransomware with scripts to disable defenses, and yet another is now into stock shorting. The US Postal Inspection Service is apparently monitoring social media. GCHQs head warns of the dangers of becoming dependent on Chinas technology. Johannes Ullrich from SANS on Commodity Malware Targeting Enterprises. Our guest is Etay Maor from Cato with some of the clever ways criminals avoid detection. And its not just sharks interested in undersea cables. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/78...
Agencies continue to respond to the Pulse Secure VPN vulnerabilities. Updates on the SolarWinds compromise show that it remains a threat, and that it was designed to escape detection and, especially, attribution. A cryptojacking botnet is exploiting vulnerable Microsoft Exchange Server instances. Facebook takes down two Palestinian groups distributing spyware. Ransomware draws more attention. Craig Williams from Cisco Talos looks at cheating the cheater. Our guest is Bruno Kurtic from Sumo Logic on their Continuous Intelligence Report. And a Cellebrite vulnerability is exposed. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/77 Learn more...
SonicWall, Pulse Secure products under exploitation (mitigations are available). Power grid security. Cyber conflict in the Near Abroad. ISIS worries about Bitcoin. Bad passwords.
SonicWall zero-days are under active exploitation; mitigations are available. Pulse Secure VPN is also undergoing exploitation, probably by China, and mitigations are available here, too. The US begins work on shoring up power grid cybersecurity. Cyber ops rise with Russo-Ukrainian tension. The help desk at ISIS tells jihadists to stay away from Bitcoin. Joe Carrigan looks at cryptocurrency anonymity. Our guest is Bert Kashyap from SecureW2 on what needs to be done before devices used for learning from home return to schools. And is your password inspired by cinema? For links to all of today's stories check out our CyberWire...
Codecov supply chain attack update. Babuks victim service. Catphishing in LinkedIn. Sanctioned company responds. SolarWinds, Exchange compromise TFs stand down. 5 Eyes notes. IoT risk.
Update on the Codecov supply chain attack. The Babuk gang says theyve debugged their decryptor. MI5 warns of industrial scale catphishing in LinkedIn. Positive Technologies responds to US sanctions. The US stands down the two Unified Coordination Groups it established to deal with the SolarWinds and Exchange Server compromises. Are all Five Eyes seeing eye-to-eye on China? Ben Yelin explains the legal side of the FBI removing webshells following the Microsoft Exchange Server hack. Our guest is May Habib from Writer on how the AI is helping the security industry with outdated and problematicterminology. And, psst: your kitchen appliances are...
Codecov may have sustained a supply chain attack. Natanz sabotage update. Big data gangs. Protecting ransomware gangs. Counterretaliation in the SolarWinds affair.
Another supply chain incident surfaces. The Natanz sabotage seems to have landed a punch, but not a knock-out blow against Irans nuclear program (and it appears to have been a bomb). Chinas big data gangs and their place in the criminal economy. Tolerating (and protecting?) ransomware gangs in Russia? Betsy Carmelite looks at the intersection of 5G and zero trust. Rick Howard is focusing on finance and fraud in the latest season of CSO Perspectives. Russias counterretaliation for US sanctions in the SolarWinds affair. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/74 Learn...
Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]
CEO and Founder of Votiro Aviv Grafi shares his story from serving as a member of the IDF's intelligence forces to leading his own venture. Aviv says his service in the IDF shaped a lot of his thinking and problem solving. Following his military service, Aviv worked to gain more real world and business experience. Starting his own business as a pentester was where the seeds for what would become Votiro would form. Aviv talks about the roller coaster that you experience when starting your own venture and offers some advice. And, we thank Aviv for sharing his story with...
Social engineering: MINEBRIDGE RAT embedded to look like job rsums. [Research Saturday]
Guest Deepen Desai joins Dave to talk about Zsaler's research "Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures." In Jan 2021, Zscaler ThreatLabZ discovered new instances of the MINEBRIDGE remote-access Trojan (RAT) embedded in macro-based Word document files crafted to look like valid job resumes (CVs). Such lures are often used as social engineering schemes by threat actors. MINEBRIDGE buries itself into the vulnerable remote desktop software TeamViewer, enabling the threat actor to take a wide array of remote follow-on actions such as spying on users or deploying additional malware.The use of social engineering tactics targeting...
International reactions to US sanctions against Russia (positively reviewed in Europe and the UK, but panned by Russia). Continuing threats to the cold chain. Natanz back in business? Data breach notes.
The European Union expresses solidarity with the US over the SolarWinds incident. The UK joins the US in attributing the incident to Russia. Russia objects to US sanctions and hints strongly that it intends to retaliate. IBM discloses new cyber threats to the COVID-19 vaccine cold chain. Iran says Natanz is back in business. Kevin Magee from Microsoft looks at the security of startups. Our guest is Brad Ree of ioXt Alliance with results from their Mobile IoT Benchmark report. And data breaches hit people who park and people who read. For links to all of today's stories check out...
Imposing costs and sending signals (and prominently naming Cozy Bear). More speculation about the Natanz explosion. And a shift in the criminal-to-criminal economy.
The US announces a broad range of retaliatory actions designed to impose costs on Russia for its recent actions in cyberspace, prominently including both the SolarWinds supply chain compromise and attempts to influence elections. More reports on the Natanz incident suggest that a buried bomb was remotely detonated. David Dufour from Webroot has a wakeup call on digital privacy. Our guest is Ganesh Pai from Uptycs on Mitre ATT&CK Evaluations. And IcedID is taking Emotets place in the criminal ecosystem. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/72 Learn more about your ad...
The IAEA investigates the Natanz incident (amid conflicting reports on the nature of the sabotage). Mopping up the SolarWinds Exchange Server hacks.
Updates on Natanz, where the nature of the sabotage remains unclear--it happened, but there are conflicting explanations of how. Electrical utilities on alert for cyberattack, especially after the SolarWinds incident. The US Government takes extraordinary steps to fix the Microsoft Exchange Server compromise. Joe Carrigan analyses effective phishing campaigns. Our guest is the FBIs Herb Stapleton on their recent IC3 report. And the US Intelligence Communitys Annual Threat Assessment points, in order of diminishing rsk, to China, Russia, Iran, and North Korea. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/71 Learn more about...
Natanz pre-emptive sabotage updates. NAME:WRECK DNS vulnerabilities. Tax phishing. ATM cards and advance-fee scams. Ransomware-induced cheese shortage.
Updates on the sabotage at Natanz--whether it was cyber or kinetic, Iran has vowed to take its revenge against Israel. NAME:WRECK vulnerabilities affect DNS implementations. Tax season scammers are phishing for credentials. If you liked the investment opportunities those Nigerian princes used to offer, youre going to love their loaded ATM cards. Ben Yelin looks at data protection and interoperability. Our guest is Jules Martin from Mimecast on the importance of security integration. And in the Netherlands ransomware is inducing a shortage of cheese. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/70 Learn...
Apparent cyber sabotage at Natanz. Arrest made in alleged plot to blow up AWS facility. Scraped data for sale in criminal fora. US senior cyber appointments expected soon.
Iran says Israel was responsible for sabotaging the Natanz nuclear facility yesterday, and Tehran promises revenge. Online plotting results in the arrest of a Texas man alleged to have planned an attack on an Amazon Web Services center. Scraped, not hacked, data from LinkedIn and Clubhouse are being hawked online. Andrea Little Limbago from Interos addresses asymmetric power within cyberspace and how that plays out in warfare. Our guest is Giovanni Vigna from VMware on the takedown of the Emotet infrastructure. And the US moves to fill senior cybersecurity positions. For links to all of today's stories check out our...
Debra Danielson: Be fearless. [CTO] [Career Notes]
Chief Technology Officer and Senior Vice President, Engineering for Digital Guardian Debra Danielson shares her career journey. From aspirations of becoming an astronaut studying mechanical and aerospace engineering, Finding her first job at a local software company that turned into a long term commitment after it was acquired by another firm. Debra mentions that when she was heads-down programming, there were many women in the field and when she emerged from the cube to take on management and leadership positions, the ratio of women had dropped dramatically. She noted at this time that it took a lot of energy to...
Strategic titles point to something more than a commodity campaign. [Research Saturday]
Guests Gage Mele, Winston Marydasan, and Yury Polozov from Anomali join Dave to discuss their research into Static Kitten targeting government agencies in the UAE and Kuwait. Anomali Threat Research uncovered malicious activity very likely attributed to the Iran-nexus cyberespionage group, Static Kitten (Seedworm, MERCURY, Temp.Zagros, POWERSTATS, NTSTATS, MuddyWater), which is known to target numerous sectors primarily located in the Middle EastThis new campaign, which uses tactics, techniques, and procedures (TTPs) consistent with previous Static Kitten activity, uses ScreenConnect launch parameters designed to target any MOFA withmfa[.]govas part of the custom field. Anomali's team found samples specifically masquerading as the...
A new Lazarus backdoor. Malvertising for a bogus Clubhouse app. Cryptojacking the academy. When is a cartel not a cartel? Strategic competition between the US and China. Choking Twitter.
Lazarus Group has a new backdoor. Bogus Clubhouse app advertised on Facebook. Cryptojacking goes to school. A ransomware cartel is forming, but so far apparently without much profit-sharing. The US Senate is preparing to make strategic competition with China the law of the land. Dinah Davis from Arctic Wolf looks at phony COVID sites. Our guest is Jaclyn Miller from NTT on the importance of mentoring the next generation. And Russia remains displeased with a lot of Twitters content. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/68 Learn more about your ad choices....
Cring ransomware hits manufacturing plants. Distance learning difficulties. Hafniums patient approach to vulnerable Exchange Servers. The Entity List grows. 5G security standards.
Cring ransomware afflicts vulnerable Fortigate VPN servers. Distance learning in France stumbles due to sudden high demand, and possibly also because of cyberattacks. Hafniums attack on Microsoft Exchange Servers may have been long in preparation, and may have used data obtained in earlier breaches. Commerce Department adds seven Chinese organizations to its Entity List. 5G security standards in the US are said likely to emphasize zero trust. Atlantic Media discloses a breach of employee data. Caleb Barlow from CynergisTek with a clever way of thinking about ransomware preparedness. Our guest is Amit Kanfer from build.security on authorization, a problem he...
A Chinese cyberespionage campaign is active against Vietnamese targets. The European Commission acknowledges cyberattacks are under investigation. Data scraping. Bogus apps. Molerats are dudes.
Goblin Pandas upped its game in recent attacks on Vietnamese government targets. The EU is investigating cyberattacks against a number of its organizations. Scraped LinkedIn data is being sold in a hackers forum. Facebook talks about the causes of its recent data incident. New Android malware poses as a Netflix app. Joe Carrigan shares comments from the new head of the NCSC. Our guest is Fang Yu from Datavisor with highlights from their Digital Fraud Trends Report. And the Molerats are using voice-changers to phish for IDF personnel. For links to all of today's stories check out our CyberWire daily...
Watering holes, from Kiev to Canada. File transfer blues. Whats up in the criminal-to-criminal market. And an update on the old Facebook breach.
A watering hole campaign compromised several Ukrainian sites (and one Canadian one). File transfer blues. A couple of looks into the criminal-to-criminal marketplace: establishing a brand and selling malicious document building tools. Ben Yelin has details on a privacy suit against Intel. Our guest is Steve Ginty from RiskIQ on the threat actors behind LogoKit. And notes on the big and apparently old Facebook breach, including why people care about it.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/65
Learn more about your ad choices. Visit megaphone.fm/adchoices
An old Facebook database handed over to skids (and its a big database). APTs look for vulnerable FortiOS instances. Cryptojacking in GitHub infrastructure. Risk and water utilities.
An old leaked database has been delivered into the hands of skids. (The news isnt that the data are out there; its that the skids now have it. For free.) CISA and the FBI warn that APTs are scanning for vulnerable Fortinet instances.Cryptojackers pan for alt-coin in GitHubs infrastructure. Holiday Bear may have looked for network defenders. Threats to water utilities. Johannes Ullrich explains why dynamic data exchange is back. Our guest is Mark Lance from GuidePoint Security tracking parallels between the SolarWinds attack and the RSA hack a decade ago. And a cyberattack snarls vehicle emission testing. For links...
Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]
Co-founder and Chief Strategy Officer for Corelight Greg Bell describes the twists and turns of his career bringing him back to his childhood joy of computers.Working in a myriad of fields from human rights to Hollywood to writing a history of conspiracy belief before pivoting back to technology. Focusing on the relationships within the open source community, Greg works to change and improve the world through his mission-based organization. For those looking to begin their career in cyber, Greg offers that great mentorship and working for great organizations where you can soak in the culture are really important. And, we...
Ezuri: Regenerating a different kind of target. [Research Saturday]
Guests Fernando Martinez and Tom Hegel from AT&T Alien Labs join Dave to discuss their team's research "Malware using new Ezuri memory loader." Multiple threat actors have recently started using a Go language (Golang) tool to act as a packer and avoid Antivirus detection. Additionally, the Ezuri memory loader tool acts as a malware loader and executes its payload in memory, without writing the file to disk. While this technique is known and commonly used by Windows malware, it is less popular in Linux environments. The research can be found here: Malware using new Ezuri memory loader Learn more about...
Goblin Panda sighting? The attempt on Ubiquiti. More universities feel the effects of the Accellion compromise. National Supply Chain Integrity Awareness Month. Down-market phishing.
Goblin Panda might be out and about. Ubiquiti confirms that an extortion attempt was made, but says the attempted attack on data and source code was unsuccessful. The Accellion compromise claims more university victims. Its National Supply Chain Integrity Awareness Month in the US. BOLO Mr. Korhsunov. Andrea Little Limbago from Interos on supply chain resilience in a time of tectonic geopolitical shifts. Our guest is Paul Nicholson from A10 Networks on their State of DDoS Weapons report. And some down-market phishing attempts. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/63 Learn more...
Holiday Bears tricks. Phishing for security experts. Industrial cyberespionage. Human error and failure to patch. EO on breach disclosure discussed. Malware found in game cheat codes.
US Cyber Command and CISA plan to publish an analysis of the malware Holiday Bear used against SolarWinds. The DPRK is again phishing for security researchers. Exchange Server exploitation continues. Stone Panda goes after industrial data in Japan. Human error remains the principal source of cyber risk. A US Executive Order on cyber hygiene and breach disclosure nears the Presidents desk. David Dufour from Webroot on the 3 types of hackers and where youve seen them recently. Rick Howard checks in with our guest Sharon Rosenman from Cyberbit on SOC Evolution. And gamers? Dont cheat. For links to all of...
Cyberespionage and influence operations. Reading the US State Departments mail. Risk management and strategic complacency. Volumetric attacks. Keeping suspect hardware out.
Charming Kitten is back, and interested in medical researchers credentials. Russian services appear to have been reading some US State Department emails (its thought their access was confined to unclassified systems).Risk management practices and questions about the risks of growing too blas about management. Recognizing the approach of an intelligence officer. Volumetric attacks are up. Joe Carrigan examines a sophisticated Microsoft spoof. Our guest is Donna Grindle from Kardon on updates to the HITECH ACT. More concerns, in India and the US, about Chinese telecom hardware. For links to all of today's stories check out our CyberWire daily news brief:...
US considers how to settle accounts with Holiday Bear. International norms in cyberspace. Ransomware continues to surge against vulnerable Exchange Servers, and other criminal trends.
The US Administration continues to prepare its response to Holiday Bears romp through the SolarWinds supply chain. Congress is asking for details on what was compromised in the incident, and why the Department of Homeland Security failed to detect the intrusion. The UN offers some recommendations on norms of conduct in cyberspace. Ben Yelin on a New Jersey Supreme Court ruling that phone passcodes are not protected by 5th amendment. Our guest is Frank Kettenstock from FoxIT on the security of PDF files. Developments in ransomware, including Exchange Server exploitation, credible extortion, and attempts to enlist customers against victims. For...
Cyberespionage in Germany. Australian network knocked off the air by a cyberattack. PHP shuts backdoor. Apple fixes a browser bug. FatFace pays up. Criminal charges: espionage and fraud.
German politicians emails are under attack, and the GRU is the prime suspect. Australias Nine Network was knocked off the air by a cyberattack, and a nation-state operation is suspected. PHP takes steps to protect itself from an attempt to insert a backdoor in its source code. Apple fixes browser engine bugs. FatFace pays the ransom. Project Zero caught a Western counterterror operation. Betsy Carmelite from Booz Allen Hamilton on Zero Trust. Our guest is Tal Zamir of Hysolate on CISA's new ransomware guidelines. And a guilty plea for one, and almost five-hundred indictments for others. For links to all...
Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]
Vice President of Raytheon's Cyber Offense, Defense Experts Teresa Shea speaks of her journey from math to adapting new technologies on the cutting edge, With a love of math, Teresa was offered a scholarship by the Society of Women Engineering and decided to pursue a degree in electrical engineering. Unsurprisingly, there were few other women in her program, Teresa interned with and then proceeded to work for the National Security Agency becoming their SIGINT director. Following her government career, Teresa worked to help bring new technologies to government through her work at Raytheon. We thank Teresa for sharing her story...
How are we doing in the industrial sector? [Research Saturday]
Guest Sergio Caltagirone from Dragos joins us to take us through their 2020 ICS Cybersecurity Year in Review report. Dragos's annual ICS Year in Review provides an overview and analysis of ICS vulnerabilities, global threat activity targeting industrial environments, and industry trends and observations gathered from customer engagements worldwide. The goal of the report is to give asset owners and operators proactive, actionable information and defensive recommendations in order to prepare for and combat the worlds most significant industrial cybersecurity adversaries. The report can be found here: 2020 ICS CYBERSECURITY YEAR IN REVIEW Learn more about your ad choices. Visit...
Carding Mafia hacked by other criminals. Gangland extortion. Section 230 reform. Director NSA talks about cyber defense, especially foreign attacks staged domestically. Propaganda. Hacktivism.
Criminal-on-criminal cyber crime. Ransomware hits European and North American businesses. Big Tech goes (virtually) to Capitol Hill to talk disinformation and Section 230. The head or NSA and US Cyber Command discusses election security and cyber defense with the Senate Armed Services Committee. Russia complains of a US assault on Russias civilizational pillars. Accentures Josh Ray shares his thoughts on securing the supply chain. Our guest is Sergio Caltagirone from Dragos on their 2020 ICS/OT Cybersecurity Year in Review. And there appears to be a minor resurgence of hacktivism. For links to all of today's stories check out our CyberWire...
Mamba ransomwares evolution. Facebook acts against Evil Eye. Huawei is invited into OIC-CERT. Slack Connect gets poor security and privacy reviews. An excursus on fleeceware.
The FBI warns organizations that Mamba ransomware is out and about in a newly evolved form. Facebook takes down a Chinese cyberespionage operation targeting Uyghurs. Huawei joins the Organization of Islamic Cooperation. Slack thinks it might have made a security and privacy misstep. Caleb Barlow from CynergisTek on Healthcare Interoperability. Our guest is Roei Amit from Deep Instinct on their 2020 Cyber Threat Landscape Report. And a look at fleeceware.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/57
Learn more about your ad choices. Visit megaphone.fm/adchoices
Trends in phishbait. Ransomware exploits vulnerable Exchange Servers. Purple Fox develops worm capabilities. Attacks on industrial production. Third-party risk. Whats on your mind, crooks?
COVID-themed phishbait has shifted to vaccines. Notes on the ransomware exploiting vulnerable Exchange Servers. Purple Fox gets wormy. Sierra Wireless halts operations to remediate a ransomware incident. Notes on ICS vulnerabilities. More victims of third-party risk. Joe Carrigan looks at SMS security issues. Our guest is Ron Brash from Verve Industrial with takeaways from their 2020 ICS Vulnerabilities report. And what are the cybercriminals thinking?
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/56
Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus Recorded Future Podcast: Correlating the COVID-19 Opportunist Money Trail
The CyberWire partners with Recorded Future's threat intelligence podcast and our Dave Bittner is the host. It's a weekly show that comes out each Monday afternoon. We thought you might want to check it out and are adding it to our feed today. We hope you like it and consider subscribing in your favorite podcast app. The COVID-19 global pandemic has, predictably, attracted bad actors intent on using fear and uncertainty as a framework for a variety of actions, from run-of-the-mill money scams to targeting phishing, business email compromise, and even espionage. Recorded Futures Insikt Group has been following these...
Updates on the state of Microsoft Exchange Server vulnerability, patching, and exploitation. Third-party breaches affect Shell and AFCEA. TikToks privacy. A manga site goes down.
Exchange Server patching is going well, they say, but they also say that patching isnt enough. Crooks are continuing to look for unpatched instances, and even in the patched systems, youve got to check to make sure the bad actors have been found and ejected. AFCEA and Shell both disclose being affected by third-party breaches. Citizen Lab sees no particular problem with TikTok. Ben Yelin ponders possible US response to the Microsoft Exchange Server attacks. Our guest is Alex Gizis from Connectify using VPNs to thwart government internet restrictions in Myanmar. And a major manga fan site is down. For...
Transportation as an espionage target. Expensive, elaborate cyber campaigns by unidentified threat actors. Infraud operators sentenced in Nevada.
Indian authorities warn the countrys transportation sector that it may be a target for cyberespionage. Googles Project Zero describes an elaborate and expensive campaign that exploited zero-day vulnerabilities. The SilverFish threat group is elaborate, well-resourced, and well-organized. Threat actors are quietly altering mailbox permissions. REvil is back. Some say yes to Moscow; others say nyet. Dinah Davis from Arctic Wolf on Security Metrics. Our guest is Graeme Bunton from the DNS Abuse Institute. And two Infraud operators are sentenced. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/54 Learn more about your ad choices....
Kevin Magee: Focus on the archer. (CSO) [Career Notes]
Chief Security Officer of Microsoft Canada Kevin Magee shares his background as a historian and how it applies to his work in cybersecurity.Likening himself to a dashing Indiana Jones, Kevin talks about how he sees history unfolding and the most interesting things right now are happening in security. Spending time tinkering with things in the university's computer room under the stairs gave way to Kevin's love affair with technology. As Chief Security Officer, Kevin says he uses an analogy: "I think we focus on the arrows, not the the archer" meaning there's too much focus on the attacks rather than...
BendyBear: difficult to detect and downloader of malicious payloads. [Research Saturday]
Guest Jen Miller-Osborn from Palo Alto Networks' Unit 42 joins us to discuss their research into BendyBear. Highly malleable, highly sophisticated and over 10,000 bytes of machine code. The code behavior and features strongly correlate with that of the WaterBear malware family, which has been active since as early as 2009. The malware is associated with the cyber espionage group BlackTech, which many in the broader threat research community have assessed to have ties to the Chinese government, and is believed to be responsible for recent attacks against several East Asian government organizations. Due to the similarities with WaterBear, and...
Cyberespionage against Finland. Moscows displeasure. ICS security. Two indictments and why the PLA should stick to Buicks.
Helsinki blames Beijings APT31 for cyberespionage against Finlands parliament. Russia withdraws its ambassador to the US, calling him home for consultation, post the US ICs report on election influence ops. Risk management for industrial control systems, and especially for an often overlooked part of the power grid. Johannes Ullrich from SANS on Evading Anti-Malware Sandboxes with New CPU Architectures. Our guest is Tony Cole from Attivo on dealing with adversaries already inside your network. A guilty plea in an odd extortion attempt, why Chinas wary of Teslas, and the indictment of a hacktivist. For links to all of today's stories...
Radiation disinformation. CISA warns that Trickbot is surging. FBI releases Internet Crime Report, Crytpers get commodified. And notes from the underworld.
Disinformation about a radiation leak that wasnt. Another warning about Trickbot. The FBI says cybercrime cost victims more than $4.2 billion last year. Investigation and remediation of the SolarWinds and Exchange Server compromises continue. Crypters become a commodity for malware developers. Robert M. Lee from Dragos on lessons from the recent Texas power outages. Our guest is Bob Shaker from Norton Lifelock looking at baddies targeting online gamers. And some people are looking for jobs in all the wrong places. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/52 Learn more about your ad...
US report on 2020 foreign election meddling is out, and Russian and Iran are prominently mentioned in dispatches. Recovering from the Hafnium and Holiday Bear campaigns.
The US Intelligence Community has released its report on 2020 foreign election meddling. It found no successful hacking, but a lot of clever influence operations. Ukraine says it stopped a significant Russian cyberespionage campaign. Recovery from the SolarWinds and Exchange Server compromises continues. Joe Carrigan shares thoughts on the Verkada hack. Our guest is Oscar Pedroso from Thimble on getting kids hooked on technology. And no, that celebrity tweeter isnt really going to send you $2000 for every $1000 you give back to the community. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/51...
Cyberespionage prospects telecom companies: Operation Dinxn. Working against exploitation of Exchange Server. And rerouting SMS messages (it cost only $16).
McAfee describes Operation Dinxn, a probable Chinese collection effort directed against telecoms and 5G technology. Organizations around the world continue to work to thwart exploitation of Exchange Server vulnerabilities. Whats a webshell, and what can it do? Ben Yelin looks at cell phone data gathered from the US Capitol riot. Our guest is Ross Rustici from ZeroFOX on the evolution of ransomware. And how much does it cost to redirect all your SMS messages to some goon? Said goon needs only sixteen bucks. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/50 Learn more...
Looking for leaks in the Microsoft Exchange Server exploitation. International cyber conflict. Sky Global executives indicted in the US. Scammer demands 1000 pounds to go on do-not-call list.
Microsoft is looking for a possible leak behind the spread of Exchange Server exploits, and hackers piggyback on webshells placed by other threat actors. The US Government continues to mull how to respond to Holiday Bear and Hafnium. Britains PM calls for greater offensive cyber capabilities. India looks for ways of countering China in cyberspace. Sky Global executives indicted for alleged racketeering. Accentures Josh Ray takes on defending against nation states. Rick Howard aims the hash table at third party cloud security. And what does it cost to be on a do-not-call list? Nothing. Really. For links to all of...
SolarWinds, SUNBURST, and supply chain security. [CyberWire-X]
The SolarWinds Orion SUNBURST exploit forced organizations to determine whether and to what extent theyd been compromised. Its not enough to eject the intruders and their malware from the networks. Affected organizations also need to know what systems and data had been breached, and for how long. The adversary behind SUNBURST is advanced, quietly breaching the perimeter and moving freely to access, steal, or destroy business-critical data, and to disrupt operations. Joining us to share their expertise on the subject are Ryan Olson of Palo Alto Networks' Unit 42, Bill Yurek of Inspired Hacking Solutions, and we close out the...
Dinah Davis: Building your network. [R&D] [Career Notes]
Coming from her love of math, VP of R&D at Arctic Wolf Networks Dinah Davisshares how she arrived in the cybersecurity industry after finding her niche. Dinah recalls how at a time of indecision, a computer course at university and a job with the Canadian government helped to solidify her career direction. Dinah mentions how "security and cryptography specifically was this perfect mix of real world problem solving and mathematics and computer science all combined into one ball of happiness." Networking played a key role in Dinah's journey. She recommends that those interested in joining the field to go for...
Keeping data confidential with fully homomorphic encryption. [Research Saturday]
Guest Dr. Rosario Cammarota from Intel Labs joins us to discuss confidential computing. Confidential computing provides a secure platform for multiple parties to combine, analyze and learn from sensitive data without exposing their data or machine learning algorithms to the other party. This technique goes by several names multiparty computing, federated learning and privacy-preserving analytics, among them. Confidential computing can enable this type of collaboration while preserving privacy and regulatory compliance.
The research and supporting documents can be found here:
Intel Labs Day 2020: Confidential Computing
Confidential Computing Presentation Slides
Demo video
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ransomware enters vulnerable Exchange Servers through the backdoor. REvil is out and active. SolarWinds and control systems. Molson Coors responds to a cyber incident.
Microsoft warns that ransomware operators are exploiting vulnerable Exchange Servers. Threat actors continue to look for unpatched instances of Exchange Server. Johannes Ullrich joins us with his thoughts on the incident. REvil ransomware hits a range of fresh targets. Concerns are raised about the effects of the SolarWinds compromise on embedded devices. Our guest is Sally Carson from Cisco making the case that good design can save cybersecurity. And an unspecified cyber incident shuts down Coors Molson.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/48
Learn more about your ad choices. Visit megaphone.fm/adchoices
More Exchange Server exploitation, and security advice. Updates on the SolarWinds compromise, criminal TTPs, and the Verkada hack. And news not you, but your friends might be able to use.
Norways parliament is hit with Exchange Server exploitation. CISA and the FBI issue more advice on how to clean up an Exchange Server compromise. CISA hints at more detailed attribution of the SolarWinds compromise soon, and US Cyber Command says military networks were successfully defended. Microsofts Kevin Magee of exporting cyber talent. Our guest is Hanan Hibshi from Carnegie Mellon University on their picoCTF online hacking competition. Notes on some evolving criminal techniques, an update on the security camera hacktivist incident, and some news you wont need, but your friends might. For links to all of today's stories check out...
Patching, with special attention to Hafnium and the rest. Responding to the SolarWinds incident. Hactivists dont like cameras. Dragnet in the Low Countries.
Patch Tuesday was a big one this month. Microsoft Exchange Server remains under active attack in the wild, with new threat actors hopping on the opportunity. Russia denies it had anything to do with the SolarWinds incident and says the kinds of US response that the word on the street tells them are under consideration would be nothing more than international crime. Hacktivists strike a blow against cameras and stuff. Joe Carrigan has thoughts on Googles plans for third party cookies. Our guest is Kelvin Coleman from the National Cyber Security Alliance (NCSA) on how educators can better protect students...
Dealing with Hafniums work against Microsoft Exchange Server and Holiday Bears visit to the SolarWinds supply chain. A plea for OSINT, and some wins for the cyber cops.
CISA urges everyone to take the Microsoft Exchange Server vulnerabilities seriously. The SolarWinds compromise is also going to prove difficult to mop up. The US is said to be preparing a response to Holiday Bears SolarWinds compromise (some of that response will be visible, but some will not). A plea for more OSINT. Ben Yelin from UMD CHHS ponders face scanning algorithms in the job application process. Our guest is Sam Crowther from Kasada, asking why are we still talking about bots? And dragnets haul in some cybercrooks. For links to all of today's stories check out our CyberWire daily...
Exploitation of Exchange Server spreads rapidly across the globe. The US mulls its response to Russia over the SolarWinds compromise (and to China over Exchange Server hacks).
Threat actors rush to exploit Exchange Server vulnerabilities before victims get around to patching--its like a worldwide fire sale. Rick Howard digs into third party platforms and cloud security. Robert M. Lee from Dragos shares insights on the recent Florida water plant event. The US mulls some form of retaliation against Russia for the SolarWinds supply chain campaign, and it will also need to consider how to respond to Chinas operations against Exchange Server. (And another Chinese threat actor may have been exploiting SolarWinds late last year.) For links to all of today's stories check out our CyberWire daily news...
Stephen Hamilton: Getting the mission to the next level. [Military] [Career Notes]
Army Cyber Institute Technical Director and Chief of Staff Colonel Stephen Hamilton takes us on his computer science journey. Fascinated with computers since the second grade, Stephen chose West Point after high school to study computer science. Following graduation he moved into the signal branch as it most closely matched his interest in ham radio as no branch related directly to computing. He was pulled from the motor pool to help with another area's computing needs and then worked his way to teaching computer science at. West Point and US Cyber Command. Stephen recommends coding it first to help realize...
Diving deep into North Korea's APT37 tool kit. [Research Saturday]
Guest Hossein Jazi of Malwarebytes joins us to take a deep dive into North Korea's APT37 (aka ScarCruft, Reaper and Group123) toolkit. On December 7 2020 the Malwarebytes Labs threat team identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea. The meeting date mentioned in the document was 23 Jan 2020, which aligns with the document compilation time of 27 Jan 2020, indicating that this attack took place almost a year ago. The file contains an embedded macro that uses a VBA self decoding...
SUNSHUTTLE backdoor described. What the Exchange Server campaign was after. Misconfigured clouds. Airline IT service provided attacked. Criminal-on-criminal crime.
A new second-stage backdoor has been found in a SolarWinds compromise victim. Those exploiting the now-patched Exchange Server zero days seem to have done so to establish a foothold in the targeted systems. India continues to investigate a Chinese cyber threat to its infrastructure. Misconfigured clouds leak mobile app data. A major airline IT provider sustains a cyber attack. Dinah David helps us prevent account takeover attacks. Our guest is Troy Hunt from NordVPN. And criminals hack other criminals. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/43 Learn more about your ad choices....
Happy Slam the Scam Day. Indian authorities continue to investigate grid incidents. CISA tells US Federal agencies to clean up Exchange bugs by noon tomorrow. Supply chain compromise.
Indian authorities say Octobers Mumbai blackout was human error, not cybersabotage. CISA directs US civilian agencies to clean up Microsoft Exchange on-premise vulnerabilities. More effects of the Accellion FTA supply chain compromise. Some trends in social engineering. Andrea Little Limbago brings us up to date on the RSA supply chain sandbox. Our guest is Brittany Allen from Sift on a new Telegram fraud ring. And happy National Slam the Scam Day.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/42
Learn more about your ad choices. Visit megaphone.fm/adchoices
RedEcho under investigation (amid reassurances). Stopping Operation Exchange Marauder. Containing Ursnif. Cyber proliferation. And another round in the Crypto Wars.
India continues to investigate the possibility of RedEcho cybersabotage of its power distribution system, but says any hack was stopped and contained. Microsoft issues an out-of-band patch against a Chinese-run Operation Exchange Marauder. The financial sector works to contain an Ursnif outbreak. CISA issues ICS security advisories. Myanmar and the difficulty of stopping cyber proliferation. Joe Carrigan looks at CNAME cloaking. Our guest is author Neil Daswani from Stanford Universitys Advanced Security Certification Program, on his upcoming book Big Breaches - Cybersecurity Lessons for Everyone. And another round in the Crypto Wars seems ready to start. For links to all...
India investigates the possibility of cybersabotage. Walls are opaque to defenders, too. Recommendations for cyber nonproliferation. SolarWinds updates (with an SEC appearance).
Indian authorities continue to investigate the possibility that Mumbais power grid was hacked last October. Apples walled gardens security can inhibit detection of threats that manage to get inside. An Atlantic Council report recommends international action against access-as-a-service brokers to stall proliferation of cyber offensive tools. Ben Yelin has the story of legislators asking the military why theyre so interested in apps serving Muslims. Our guest is John Grange from OppsCompass with insights on the top cloud security mistakes organizations make. Updates on the SolarWinds incident (including an SEC probe into who knew what when). For links to all of...
RedEchosactivity in Indias power grid is described. US report on Khashoggi murder declassified SolarWinds compromise inquiry updates. Ill-intentioned SEO. Presidents Cup winner announced.
Chinese cyber engagement with Indian critical infrastructure is reported: the objective isnt benign from Indias point of view, but exactly what the objective is, specifically, remains a matter of speculation. The US Governemnt declassifies its report on the murder of Saudi journalist Jamal Khashoggi. The SolarWinds supply chain compromise remains under investigation, with an intern making a special appearance. Maligh search engine optimizations. Rick Howard shares hash table opinions on Google Cloud. Josh Ray from Accenture on Cybercrime and the Cloud. And congratulations to the winners of CISAs Presidents Cup. For links to all of today's stories check out our...
Aarti Borkar: Make your own choices. [Product} [Career Notes]
Head of Product for IBM Security Aarti Borkar shares her journey which included going after her lifelong love of math rather than following in her parents' footsteps in the medical field. In following her passions, Aarti found herself studying computer engineering and computer science, and upon taking a pause from her studies, she found a niche working at IBM in a mix of databases and networking. In her current position, Aarti describes her favorite discussion topics very often involve being around the use of AI for converting security into predictive domains.Aarti reminds us that you should pause and see if...
Shining a light on China's cyber underground. [Research Saturday]
Guest Maurits Lucas from Intel471 joins us to discuss his team's research into cybercrime in China. Data from Intel 471 show that the Chinese cybercrime underground proliferates through use of common methods or platforms, but behaves differently in large part due to the caution that actors take with regard to their identity. While the average citizen must follow the heavy handed nature of the governments surveillance of cyberspace, Chinese threat actors take special precautions to protect their forums, TTPs and themselves. This leads to the Chinese cybercrime underground being disorderly when compared to others, particularly Russia, which tend to be...
Oxford lab studying the COVID-19 virus is hacked. Zoom impersonation campaign. Senators wouldve liked to have heard from Amazon about Solorigate. NSA likes zero trust. NIST IoT guidelines.
Oxford biology lab hacked. A Zoom impersonation phishing campaign afflicts targets in the EU. Senators disappointed in Amazons decision not to appear at this weeks SolarWinds hearing. NSA advocates adopting zero trust principles. CISA issues alerts on industrial control systems. The US Department of Homeland Security describes increases to its cybersecurity grant programs. Dinah Davis examines how healthcare is being targeted by ransomware. Our guest is Michael Hamilton from CI Security on the Public Infrastructure Security Cyber Education System. And NISTs draft IoT security standards are still open for comment. For links to all of today's stories check out our...
PLA spyware keeps Tibetans under surveillance. Cyber conflict between Ukraine and Russia, some conventionally criminal, other state-directed. US Executive Order addresses supply chain resilience.
FriarFox is a bad browser extension, and its interested in Tibet. Ukraine accuses Russia of a software supply chain compromise (maybe Moscow hired Gamaredon to do the work). Egregor hoods who escaped recent Franco-Ukrainian sweeps are thought responsible for DDoS against Kiev security agencies over the weekend. A look at Babuk, a new ransomware-as-a-service entry. VMware servers are patched. Verizons Chris Novak looks at the 2021 threat landscape. Our guest is Andrew Hammond from the International Spy Museum. And a US Executive Order on supply chain security. For links to all of today's stories check out our CyberWire daily news...
Accellion FTA compromise spreads. Ocean Lotus is back. LazyScripter seems to represent a new threat group. Notes from the SolarWinds hearings. New ICS threat actors.
As more organizations are affected by the Accellion FTA compromise, authorities issue some recommendations for risk mitigation. Ocean Lotus is back, and active against Vietnamese domestic targets. LazyScripter is phishing with COVID and air travel lures. SolarWinds hearings include threat information, exculpation, and calls for more liability protection. Turkey Dog is after bank accounts. Joe Carrigan ponders the ease with which new security flaws are discovered. Rick Howard speaks with our guest Michael Dick from C2A Security on Automotive Security. And some new ICS threat groups are identified. For links to all of today's stories check out our CyberWire daily...
DDoS in hybrid war. Accellion compromise attributed. Initial access brokers. Agile C2 for botnets. US Senates SolarWinds hearing. US DHS cyber strategy. Shiny new phishbait.
Ukrainian security services complain of DDoS from Russia. The Accellion compromise is attributed to an extortion gang. Digital Shadow tracks the rise of initial access brokers, new middlemen in the criminal-to-criminal market. A botmaster uses an agile C2 infrastructure to avoid takedowns. IT executives to appear at US Senate hearings on Solorigate. US DHS talks up its cyber strategies. Ben Yelin comments on the latest court ruling on device searches at the border. Rick Howard speaks with Ariel Assaraf from Coralogix on SOAR and SIEM. And dont be deceived by bogus FedEx and DHL phishbait. For links to all of...
Facebook takes down Myanmar military page. Chinese cyberespionage and cloned Equation Group tools. Supply chain compromises. Threat trends.
Facebook takes down Myanmar juntas main page. APT31 clones Equation Group tools. Silver Sparrows up to...something or other. Bogus Flash Player update serves fake news and malware. Effects of supply chain compromises spread. Clubhouses privacy issues. VC firm breached. CrowdStrike releases its annual threat report. We welcome Josh Ray from Accenture security to our show. Rick Howard examines Googles cloud services. And a Maryland school concludes its annual cyber challenge.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/34
Learn more about your ad choices. Visit megaphone.fm/adchoices
Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]
High Performance Computing Systems Administrator at Brigham Young University Billy Wilson tells his cybersecurity career story translating language skills to technical skills.According to Billy's employer, moving to a technical position at his alma mater occurred because Billy showed this potential and a thirst for learning.He is currently pursuing his master's degree from SANS Technology Institute for Information Security Engineering while working to secure BYU's data for their computationally-intensive research. Billy notes that not everyone has one overarching passion which gives him variety in his work. And, we thank Billy for sharing his story with us. Learn more about your ad...
Attackers (ab)using Google Chrome. [Research Saturday]
Guest Bojan Zdrnja of Infigo IS and a certified instructor at SANS Institute shares an incident he discovered where attackers were using a pretty novel way of exfiltrating data and using that channel for C&C communication. The code that was acquired was only partially recovered, but enough to indicate powerful features that the attackers were (ab)using in Google Chrome. The basis for this attack were malicious extensions that the attacker dropped on the compromised system.
The research can be found here:
Abusing Google Chrome extension syncing for data exfiltration and C&C
Learn more about your ad choices. Visit megaphone.fm/adchoices
Mopping up Solorigate. Tehrans Lightning and Thunder in Amsterdam. The view from Talinn. Malware designed for Apples new chips. Lessons from the ice, and how hackers broke bad.
Microsoft wraps up its internal investigation of Solorigate, which the US Government continues to grapple with, and which has had some effect in Norway. An apparent Iranian APT has been hosting its command-and-control in two Netherlands data centers. Estonias annual intelligence report describes Russian and Chinese ambitions in cyberspace. Threat actors are hard at work against Apples new processors. Kevin Magee on the Canadian National Cyber Threat Assessment for 2020. Our guest is Mark Testoni from SAP National Security Services on the Biden administrations first 100 days. Plus, lessons from the ice, and how hackers became cybercriminals. For links to...
The WatchDog Monero cryptojacking operation. A criminal syndicate with a flag. US Senator asks FBI, EPA for a report on water system cybersecurity. Cybercrooks placed on notice.
Watch out for the WatchDog Monero cryptojacking operation. The US Justice Department describes North Korea as a criminal syndicate with a flag. CISA outlines the DPRK malware that figures in the AppleJeus toolkit. The Chair of the US Senate Intelligence Committee asks the FBI and EPA for a report on the Oldsmar water system cybersabotage incident. Egregor takes a hit from French and Ukrainian police. Dinah Davis has advice on getting buy-in from the board. Our guest is Bentsi Ben Atar from Sepio Systems on hardware attacks. And the Netherlands Police advise cybercriminals to just move on. For links to...
US warns of DPRK threat to cryptocurrency holders, and indicts four on conspiracy charges. Centreon says Sandworm affected unsupported open-source tools. Big Hack skepticism. Patch notes.
High Bitcoin valuation draws the attention of cybercriminals, and a number of those criminals work for Mr. Kim, of Pyongyang. Alleged criminals, we should say. Centreon offers an update of its investigation of the Sandworm incident ANSSI uncovered. Reports of the Big Hack are received with caution. Patches applied, pulled, and replaced. Joe Carrigan describes a legal dustup between Proofpoint and Facebook over lookalike domains. Our guest is Sinan Eren from Barracuda Networks on their state of cloud networking report. And Floridas water system cybersabotage provides a good reminder to stay away from unsupported software. For links to all of...
Frances ANSII warns of a longrunning Sandworm campaign. DPRK tried to steal COVID-19 vaccine data. Supermicro is exasperated. Static Kitten phishes in the UAE
France finds Sandworms trail in a software supply chain. Microsoft is impressed by the amount of effort Russian intelligence services put into the SolarWinds campaign. Pyongyang is reported to have attempted to steal COVID-19 vaccine information. Supermicro reiterates objections to Bloomberg's report on alleged hardware supply chain compromises. Static Kitten is phishing in the UAE. Updates on the Florida water utility cybersabotage. Ben Yelin examines to what degree the FBI can access Signal app messages. Rick Howard gathers the hash table to discuss AWS. And a new executive director arrives at our state cybersecurity association. For links to all of...
Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC. [update]
In this special edition, our extended conversation with Hank Thomas and Mike Doniger from their new company SCVX. Both experienced investors, their plan is to bring a new funding mechanism known as a SPAC to cyber security which, they say, is new to the space.
February 2021 Update: we revisit the topic with guest Hank Thomas to hear the latest on SPACs.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]
Co-founder and socio-technical lead at Cygenta, Dr. Jessica Barker, shares her story from childhood career aspirations of becoming a farmer to her accidental pivot to working in cybersecurity. With a PhD in civic design, Jessica looked at the creation of social and civic places until she was approached by a cybersecurity consultancy interested in the human side of cybersecurity. She jumped in and the rest is history. Having experienced some negativity as a woman in cybersecurity, Jessica is a strong proponent of diversity in the field. She suggests that newcomers to the industry follow what interests them and jump in....
Using the human body as a wire-like communication channel. [Research Saturday]
Guest Dr. Shreyas Sen, a Perdue University associate professor of electrical and computer engineering, joins us to discuss the following scenario:. Instead of inserting a card or scanning a smartphone to make a payment, what if you could simply touch the machine with your finger? A prototype developed by Purdue University engineers would essentially let your body act as the link between your card or smartphone and the reader or scanner, making it possible for you to transmit information just by touching a surface. The research can be found here: Tech makes it possible to digitally communicate through human touch...
Alleged hardware backdoors, again. Selling game source code. ICS security, especially with respect to water utility cybersabotage. Dont be the hackers valentine.
Bloomberg revives its reporting on hardware backdoors on chipsets. Has someone bought the source code for the Witcher and Cyberpunk? CISA issues ICS alerts. The FBI and CISA offer advice about water system cybersabotage as state and local utilities seek to learn from the Oldsmar attack. Verizons Chris Novak ponders if you should get your Cybersecurity DIY, managed, or co-managed? Our guest is David Barzilai from Karamba Security on the growing importance of IoT security. And, looking for love on Valentines Day? Look carefully...and dont give that intriguing online stranger money, We know, we know, they seem nice, but still......
Spyware in the Subcontinent. Notes on cyber fraud, cyber theft, and ransomware. The US gets a chief to lead response to Solorigate. Updates on the Florida water system cybersabotage.
Spyware in the Subcontinent. Some crooks auction stolen game source code while others bilk food delivery services. Emotet survived its takedown. Ransomware developments. The US now has a point person for Solorigate investigation and response. Andrea Little Limbago from Interos on her participation in the National Security Institute at George Mason University. Our guest is Chris Cochran from Hacker Valley Studio with a preview of their Black Excellence in Cyber podcast.And theres no attribution yet in the Oldsmar, Florida, water system cybersabotage, but its increasingly clear that the utility wasnt a hard target. For links to all of today's stories...
Paying for the bomb the 21st century way. Domestic Kittens international romp. Malware versus gamers. Patch Tuesday notes. An update on the Oldsmar water system cyber sabotage.
Whats North Korea doing with all that money the Lazarus Group steals? Buying atom bombs, apparently. Irans Domestic Kitten is scratching at some international surveillance targets. Not everyone who says theyre a Bear really is one. Parking malware in Discord. Notes on Patch Tuesday. Joe Carrigan details a gift card scam that hit a little close to home. Our guest is Saket Modi, CEO of Safe Security with thoughts on quantifying risk. And the latest on the water system cyber sabotage down in Florida. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/27 Learn...
Almost too much lye in the water, down Florida-way. BlackTechs new malware strain. Huawei says its OK if the White House calls.
Florida water treatment plant sustains cyberattack: the hack was successful, the sabotage wasnt. A new malware strain is associated with Chinese intelligence services. Ben Yelin tracks a surveillance plane whos funding has fallen. Our guest is Col. Stephen Hamilton from Army Cyber Institute at West Point.And Huaweis CEO says, sure, hed take a call from President Biden.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/26
Learn more about your ad choices. Visit megaphone.fm/adchoices
A junta shuts down a nations data networks. Lessons from multi-domain ops against ISIS? SilentFade returns. Irans surveillance actors. Data breaches large and small. Company towns returning?
Myanmar blocks data networks. Notes on offensive cyber operations, from present and former Five Eyes officials. SilentFade seems to be back, with more ad fraud. Iranian cyber operators up their surveillance game. Brazils big data breach remains under investigation. Company towns may make a return in Nevada. Rick Howard casts his gaze on the AWS cloud. We welcome Dinah Davis from Arctic Wolf as our newest industry partner. And why in the world are hackers interested in other peoples colonoscopies? For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/25 Learn more about your ad...
Jason Clark: Challenge the way things are done. [Strategy] [Career Notes]
Chief strategy officer and chief security officer for Netskope, Jason Clark, shares his journey as he challenges the status quo and works to expand diversity in cybersecurity. Jason started his career by breaking the mold and heading to the Air Force rather than his family legacy of Army service. Following his military service, he became a CISO for the New York Times at age 26 and kept building from there. Jason advises, "You should always be seeking out jobs you're actually not qualified for. I think that's how you grow. If you know you could do the job, and you've...
In the clear: what it's like working as a woman in the cleared community. [Special Edition]
This special edition podcast highlights three women, Priyanka, Ashley and Lauren, who chose to focus their careers in cybersecurity for the mission-based organization Northrop Grumman. Kathleen Smith from ClearedJobs.Net joins us as our panel moderator. The CyberWire's Jennifer Eiben hosts the event. We are excited to share this look into the world of women in cybersecurity.
Learn more about your ad choices. Visit megaphone.fm/adchoices
"Follow the money" the cybersecurity way. [Research Saturday]
Guest Joe Slowik joins us from Domain Tools to share their research "Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity" where they examined technical artifacts emerging around the 2020 conflict between Armenia and Azerbaijan in the Caucasus region. Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a follow the money approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes....
Lazarus Group seems to have deployed an IE zero day. Electrobras discloses ransomware attack. TrickBot returns. Breaches at security companies. Russo-American get-to-know-you talks.
Lazarus Group seems to have had an IE zero day. Brazilian power utility discloses a ransomware attack on business systems. TrickBots back. Automated attacks are going after web applications. Two security firms report breaches. Patching notes. A look at life in the cleared community. Caleb Barlow from CynergisTek with handling disinformation in our runbooks. And Washington and Moscow hold the usual frank discussions--the Americans, at least, talked about cybersecurity.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/24
Learn more about your ad choices. Visit megaphone.fm/adchoices
Kubernetes clusters attacked. Home insecurity devices. Update on the supply chain incidents. Incomplete patches. Marque and reprisal? Ransomware notes. Class clowns and zoom-bombing.
Hildegard malware is targeting Kubernetes clusters. Remote access flaws found in consumer security devices. A brief update on the spreading software supply chain incidents. Project Zero sees incomplete patches at the root of most successful zero-day attacks. Recruiting a privateers crew. The current mood among ransomware victims. Well search for the truth about 5G with Rob Lee and Rick Howard. And whos behind zoom-bombing remote learning? A hint: the kids arent alright.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/23
Learn more about your ad choices. Visit megaphone.fm/adchoices
China gets in on the SolarWinds act. More SolarWinds vulnerabilities disclosed and patched. Abuse of lawful intercept tech in South Sudan. BEC phishes for gift cards. Parasitic card skimmer found.
It appears Chinese intelligence services have been exploiting a vulnerability in SolarWinds to steal data from a US Government payroll system. The presumed Russian intrusion into SolarWinds may have been going on for nine months or more. Three new SolarWinds vulnerabilities are disclosed and patched. Amnesty accuses South Sudan of abusing intercept tools. BEC compromise is involved in gift card scams. Joe Carrigan has thoughts on opt-in privacy policies. Our guest is Dale Ludwig from CHERRY on USB attacks and hardware security. And carders steal from other carders. For links to all of today's stories check out our CyberWire daily...
Coups dtat and Internet disruption. Cyberespionage in the supply chain, again. SonicWall zero day exploited in the wild. Tracking criminal infrastructure-as-a-service. Data breach in Washington State.
Myanmars junta jams the Internet. Operation NightScout looks like a highly targeted cyberespionage campaign delivered through a compromised supply chain. SonicWall zero day is being actively exploited in the wild. StrangeU and RandomU are filling a niche in the criminal-to-criminal market. Ben Yelin ponders whether the Solarwinds attack can be considered an act of war. Our guest Jamie Brown from Tenable on the National Cyber Director position and what it means for the Biden administration. Another data breach is associated with Accellion FTA. And its Groundhog Day, campers. For links to all of today's stories check out our CyberWire daily...
Solorigate: targeting, collateral damage, or staging? The Cyberspace Solarium has some advice for US President Biden. URKI breach. British Mensa thinks over a data exposure.
Untangling Solorigate, and distinguishing primary targets from collateral damage (or maybe side benefits, or maybe battlespace preparation). Congress asks NSA for background on an earlier supply chain incident. The Cyberspace Solarium Commission offers the new US Administration some transition advice. Rick Howard hears from the hash table on Microsoft Azure. Andrea Little Limbago from Interos on the intersection of COVID and cyber vulnerabilities. And the week gets off to a rough start for smart Britons.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/20
Learn more about your ad choices. Visit megaphone.fm/adchoices
Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]
Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader.Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurityspace. Kyla recommends putting yourself out there: taking courses, getting more knowledge, getting internships, meeting people and going to conferences. Kyla thinks her generation has an inquisitive mind and feels that is where advocacy and education come in with cybersecurity. She shares for any young person "thinking...
Security platforms vs best of breed point products: What should you deploy? [CyberWire-X]
For 20 years, the cybersecurity practitioners goto move when confronted with a new risk or compliance requirement has been to install a technical tool somewhere in the security stack to cover it. Over time, the number of tools that the infosec team has to manage has slowly grown. With the advent of bring-your-own device to the workplace, CIOs choosing SaaS applications to do work that has been traditionally handled in the data center, and organizations rushing to deploy their services into hybrid cloud environments, the number of individual data islands where company material information is routinely stored and must be...
The Kimsuky group from North Korea expands spyware, malware and infrastructure. [Research Saturday]
Guest Yonatan Striem-Amit joins us from Cybereason to share their Nocturnus Team research into Kimsuky. The Cybereason Nocturnus Team has been tracking various North Korean threat actors, among them the cyber espionage group known as Kimsuky, (aka: Velvet Chollima, Black Banshee and Thallium), which has been active since at least 2012 and is believed to be operating on behalf of the North Korean regime. The group has a rich and notorious history of offensive cyber operations around the world, including operations targeting South Korean think tanks, but over the past few years they have expanded their targeting to countries including...
Lebanon Cedars wide-ranging cyberespionage campaign. Lazarus Group said to be behind the social engineering of vulnerability researchers. Solorigate spreads. Social media and the short squeeze.
Lebanon Cedar is quietly back, and running a cyberespionage campaign through vulnerable servers. Social engineering of vulnerability researchers is now attributed to the Lazarus Group. That SolarWinds incident is a lot bigger than SolarWinds. Notes on social media and the short squeeze. Verizons Chris Novak looks at the changing landscape of ransomware payments. Our guest Professor Brian Gant from Maryville University examines cybersecurity threats of the new U.S. administration. And the GAO thinks the US State Department should use data and evidence. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/19 Learn more about...
Advice on Supernova and encouragement to patch Sudo. NetWalker taken down. Influencers tighten a big short squeeze. And charges are brought in a 2016 case of alleged US voter suppression.
Updates from CISA on Supernova. US Cyber Command recommends patching Sudo quickly. US and Bulgarian authorities take down the NetWalker ransomware-as-a-service operation. Influencers drive a big short-squeeze in the stock market. Thomas Etheridge from CrowdStrike on Recovering from a ransomware event. Our guest Zack Schuler from Ninjio examines the security challenges of Work From Anywhere. And another influencer is charged with conspiracy to deprive people of their right to vote.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/18
Learn more about your ad choices. Visit megaphone.fm/adchoices
Emotet takedown. Solorigate updates (and President Biden tells President Putin hed like him to knock it off). Vulnerabilities and threats discovered and described.
Europol leads an international, public-private, takedown of Emotet. Four security companies describe their brushes with the compromised SolarWinds Orion supply chain. Solorigate is one of the issues US President Biden raised in his first phone call with Russian President Putin. New vulnerabilities and threats described. Our guest Michael Hamilton of CI Security questions how realistic CISA's latest guidance on agency forensics may be. Joe Carrigan looks at bad guys taking advantage of Google Forms. And the Internet is back in business on the US East Coast. For links to all of today's stories check out our CyberWire daily news brief:...
Pyongyangs social engineering campaign to compromise vulnerability researchers. Anonymous is back? Workforce development. Cyber Force? Why not?
Google reports North Korean social engineering of vulnerability researchers. Anonymous resurfaces, maybe, and tells Malaysias government its not happy with them. Notes on false credentialism and workforce development from the National Governors Association cyber summit. Kevin Magee from Microsoft Canada on the launch of the Rogers Cybersecurity Catalyst at Ryerson University to support Canadian Cybersecurity Startups. Our guest is James Stanger from CompTIA on their ultimate DDoS guide. And does America need a Cyber Force? Some think so. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/16 Learn more about your ad choices. Visit...
The FSB warns Russian businesses to up their security game--the Americans are coming. SonicWalls investigation of a possible cyberattack. DIA and commercial data brokers. OPC issues. Robota.
Russias FSB warns businesses to be on the lookout for American cyberattacks after the White House says its reserving its right to respond to the Solorigate cyberespionage campaign. SonicWall investigates an apparent compromise of its systems. Senator asks the US DNI for an explanation of DIA purchases of geolocation data from commercial vendors. OPC issues described. Andrea Little Limbago from Interos on the tech "naughty list" of restricted or sanctioned companies. Rick Howard previews his first principles analysis of Microsoft Azure. And a happy birthday to the word robot, now one-hundred years young. For links to all of today's stories...
Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]
Program Director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security Ben Yelin shares his journey from political junkie to Fourth Amendment specialist. Several significant life defining political developments like the disputed 2000 election, 9/11, and the Iraqi war occurred during his formative years that shaped Ben's interest in public policy and his desire to pursue a degree in law. An opportunity to be a teaching assistant turned out to be one of those sliding door scenarios that led Ben to where he is now, a lawyer in the academic and consulting...
Trickbot may be down, but can we count it out? [Research Saturday]
Guest Mark Arena from Intel471 joins us to discuss his team's research into Trickbot and its evolution from a banking trojan to a long-standing, most likely well-resourced operation that was taken down last year. Mark shares some insight into Trickbot's order of operations and what went on behind the scenes that his team working with Brian Krebs were able to discover. Since the separate and independent actions taken against Trickbot, Intel471 has observed successful disruption of its command and control infrastructure. However, the actors linked to Trickbot have not ceased their criminal activities. These actors have continued engaging in ransomware...
Implications of Solorigates circumspection. RBNZ cleans data sources. Gamarue in student laptops. Dodgy apps. Ransom DDoS surges. Securing the Presidents Peloton.
Twice, its maybe an indicator. Once, its nuthin at all...to the machines. The Reserve Bank of New Zealand works to clean up its data sources. Wormy student laptops. Daily Food Diary is a glutton for your data. Ransom DDoS. Caleb Barlow examines how we handle disinformation in our runbooks and response plans. Our guest Ron Gula from Gula Tech Adventures shares his thoughts on proper public cyber response to the SolarWinds attack. And should we worry about that White House Peloton? For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/14 Learn more about your...
Solorigates stealthy, careful operators. LuckyBoy malvertising. BEC as reconnaissance? Remote work and leaky sites. And good riddance to the Jokers Stash.
Microsoft researchers detail the lengths to which the Solorigate threat actor went to stay undetected and establish persistence. LuckyBoy malvertising is described. Business email compromise as a reconnaissance technique? More reminders about the risks that accompany remote work. Ben Yelin looks at cyber policy issues facing the Biden administration. Rick Howard speaks with Frank Duff from Mitre on their ATT&CK Evaluation Program. And good riddance to the Jokers Stash (we hope).
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/13
Learn more about your ad choices. Visit megaphone.fm/adchoices
More on that Solorigate threat actor, especially its non-SolarWinds activity. Chimeras new target list. Executive Order on reducing IaaS exploitation. The case of the stolen laptop.
Another security company discloses a brush with the threat actor behind Solorigate. Advice on hardening Microsoft 365 against that same threat actor. Chimera turns out to be interested in airlines as well as semiconductor manufacturing intellectual property. Former President Trumps last Executive Order addresses foreign exploitation of Infrastructure-as-a-Service products. Joe Carrigan looks at a hardware key vulnerability. Our guest is Chris Eng from Veracode with insights from their State of Software Security report. And investigation of thatlaptop stolen from the Capitol continues. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/12 Learn more about...
EMA emails altered before release in apparent disinformation effort. Vishing rising. Another backdoor found in SolarWinds supply chain campaign. An arrest and a stolen laptop.
The European Medicines Agency says stolen emails about vaccine development were altered before being dumped online. Another backdoor is found associated with the SolarWinds supply chain campaign. DNS cache poisoning vulnerabilities are described. FBI renews warnings about vishing. Irans Enemies of the People disinformation campaign. Vishing is up. Rick Howard previews his hashtable discussion on Solarigate. Verizons Chris Novak looks at cyber espionage. And the FBI makes an arrest in connection with a laptop taken during the Capitol Hill riot. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/11 Learn more about your ad...
Encore: You will pay for that one way or another. [Caveat]
Dave's got the story of a landlord who may run afoul of the Computer Fraud and Abuse Act, Ben wonders if the big tech CEOs could be held liable for contact tracking apps, and later in the show my conversation with Joseph Cox. He is a Senior Staff Writer at Motherboard and will be discussing his recent article How Big Companies Spy on Your Emails. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Links...
Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]
Microsoft's Corporate Vice President of Cybersecurity Business Development Ann Johnson brings us on her career journey from aspiring lawyer to cybersecurityexecutive. After pivoting from studying law, Ann started working with computers and found she had a deep technical aptitude for technology and started earning certifications landing in cybersecurity because she found an interest in PKI. At Microsoft, Ann says she solves some of the hardest problems every day. She recommends getting a mentor and finding your area of expertise. She leaves us with three dimensions she hopes to be her legacy: 1. diversity in more than just gender, 2. bringing...
Manufacturing sector is increasingly a target for adversaries. [Research Saturday]
Guest Selena Larson, senior cyber threat analyst at Dragos, Inc., joins us to discuss their research into recent observations of ICS-targeting threats to manufacturing organizations. Cyber risk to the manufacturing sector is increasing, led by disruptive cyberattacks impacting industrial processes, intrusions enabling information gathering and process information theft, and new activity from Industrial Control Systems (ICS)-targeting adversaries. Dragos currently publicly tracks five ICS-focused activity groups targeting manufacturing: CHRYSENE, PARISITE, MAGNALLIUM, WASSONITE, and XENOTIME in addition to various ransomware activities capable of disrupting operations. Manufacturing relies on ICS to scale, function, and ensure consistent quality control and product safety. It provides...
Charming Kittens smishing and phishing. Solorigate updates. Supply chain attacks and the convergence of espionage and crime. Greed-bait. Ring patches bug. Best practices from NSA, CISA.
Well-constructed phishing and smishing are reported out of Tehran. Estimates of SolarWinds compromise insurance payouts. Notes from industry on the convergence of criminal and espionage TTPs. Social engineering hooks baited with greed. Ring patches a bug that could have exposed users geolocation (and their reports of crime). Advice on cyber best practices from CISA and NSA. Robert M. Lee has thoughts for the incoming Biden administration. Our guest is Sir David Omand, former Director of GCHQ, on his book, How Spies Think: Ten Lessons in Intelligence. And an ethics officer is accused of cyberstalking. For links to all of today's...
SideWinder and South Asian cyberespionage. Project Zero and motivation to patch. CISAs advice for cloud security. Classiscam in the criminal-to-criminal market. SolarLeaks misdirection?
There are other things going on besides Solorigate and deplatforming. Theres news about the SideWinder threat actor and its interest in South Asian cyberespionage targets. Googles Project Zero describes a complex and expensive criminal effort. CISA discusses threats to cloud users, and offers some security recommendations. A scam-as-a-service affiliate network spreads from Russia to Europe and North America. Awais Rashid looks at shadow security. Our own Rick Howard speaks with Christopher Ahlberg from Recorded Future on Cyber Threat Intelligence. And SolarLeaks looks more like misdirection, Guccifer 2.0-style. For links to all of today's stories check out our CyberWire daily news...
Looking for that threat actor likely based in Russia. SolarLeaks and a probably bogus offer of stolen files. Notes on Patch Tuesday.
Speculation grows that the Solarigate threat actors were also behind the Mimecast compromise. SolarLeaks says it has the goods taken from FireEye and SolarWinds, but caveat emptor. Notes on Patch Tuesday. Joe Carrigan has thoughts on a WhatsApp ultimatum. Our guest is Andrew Cheung of 01 Communique with an update on quantum computing. And farewell to an infosec good guy.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/8
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyberespionage campaign hits Colombia. New malware found in the SolarWinds incident. Mimecast certificates compromised. Ubiquiti tells users to reset passwords. Two wins for the good guys.
A cyberespionage campaign, so far not attributed to any threat actor, continues to prospect government and industry targets in Colombia. A new bit of malware is found in the SolarWinds backdoor compromise. Mimecast certificates are compromised in another apparent software supply chain incident. Ubiquiti tells users to reset their passwords. A brief Capitol Hill riot update. Bidefender releases a free DarkSide ransomware decryptor. Ben Yelin revisits racial bias in facial recognition software. Our guest is Jessi Marcoff from Privitar on trend toward Chief People Officers. And Europol announces the takedown of the DarkMarket. For links to all of today's stories...
More (ambiguous) evidence for attribution of Solorigate. CISA expands incident response advice. Inspiration, investigation, and deplatforming: notes from the Capitol Hill riot.
Similarities are found between Sunburst backdoor code and malware used by Turla. CISA expands advice on dealing with Solorigate. Courts revert to paper...and USB drives. More members of the US Congress report devices stolen during last weeks riot. Online inspiration for violence seems distributed, not centralized. Caleb Barlow examines protocols for handling inbound intel. Rick Howard looks at Solorigate through the lens of first principles. And platforms as publishers?
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/10/6
Learn more about your ad choices. Visit megaphone.fm/adchoices
Tom Gorup: Fail fast and fail forward. [Operations] [Career Notes]
Vice President of Security and Support Operations of Alert Logic Tom Gorup shares how his career path led him from tactics learned in Army infantry using machine guns and claymores to cybersecurity replacing the artillery with antivirus and firewalls. Tom built a security automation solution called the Grunt (in recollection of his role in the Army) that automated firewall blocks. He credits his experience in battle-planning for his expertise in applying strategic thinking to work in cybersecurity, noting that communication is key in both scenarios. Tom advises that those looking into a new career shouldn't shy away from failure as...
Emotet reemerges and becomes one of most prolific threat groups out there. [Research Saturday]
Deep Instinct's Shimon Oren joins us to talk about his team's research on "Why Emotet's latest wave is harder to catch than ever before - Part 2." Emotet appears to have reemerged more evasive than before, this time with a payload delivered from a loader that security tools arent equipped to handle. Emotet, the largest malware botnet today, started in 2014 and continues to be one of the most challenging threats in todays landscape. This botnet causes huge damage by spreading ransomware and info stealers to its infected systems. Recently, a rise in the number of Emotet infections was observed...
The Solorigate cyberespionage campaign and sensitive corporate data. The cybersecurity implications of physical access during the Capitol Hill riot. Ransomwares successful business model.
Solorigate and its effect on sensitive corporate information. The DC riots show the cybersecurity consequences of brute physical access to systems. A North Korean APT resurfaces with the RokRat Trojan. Ransomware remains very lucrative, and why? Because people continue to pay up. Thomas Etheridge from CrowdStrike on The Role of Outside Counsel in the IR Process.Our guest is Larry Lunetta from Aruba HPE on how enterprises can bolster security in the era of hybrid work environments. And a criminal hacker gets twelve years in US Federal prison. For links to all of today's stories check out our CyberWire daily news...
CISA updates its alerts and directives concerning Solorigate as the investigation expands. Rioting, social media, and cybersecurity.
CISA updates its guidance on Solorigate, and issues an alert that the threat actor may have used attack vectors other than the much-discussed SolarWinds backdoor. Some reports suggest that a widely used development tool produced by a Czech firm may have been compromised. The cyberespionage campaign is now known to have extended to the Department of Justice and the US Federal Courts. Robert M. Lee shares lessons learned from a recent power grid incident in Mumbai. Our guest is Yassir Abousselham from Splunk on how attackers find new ways to exploit emerging technologies. Cyber implications of the Capitol Hill riot....
Who worked through SolarWinds? An APT likely Russian in origin, says the US. Rattling backdoors, rifling cryptowallets, and asking victims if theyre ensured. No bail for Mr. Assange.
The US Cyber Unified Coordination Group says the Solorigate APT is likely Russian in origin. Threat actors are scanning for systems potentially vulnerable to exploitation through a Zyxel backdoor. ElectroRAT targets crypto wallets. Babuk Locker is called the first new ransomware strain of 2021. The New York Stock Exchange re-reconsiders delisting three Chinese telcos. Joe Carrigan from Johns Hopkins joins us with the latest clever exploits from Ben Gurion University. Our guest is Jens Bothe from OTRS Group the importance of the US establishing standardized data privacy regulations. And Julain Assange is denied bail. For links to all of today's...
Its not Kates and Vals over Ford Island, but its not just a tourist under diplomatic cover taking pictures of Battleship Row, either. Another APT side hustle? To delist or not to delist.
More assessments of the Solorigate affair, with an excursus on Pearl Harbor. Shareholders open a class action suit against SolarWinds, but no signs of an enforcement action for speculated insider trading. Emissary Panda seems to be working an APT side hustle. Kevin Magee has insights from the Microsoft Digital Defense Report. Our guest is Jason Passwaters from Intel 471 with a look at the growing range of ransomware as a service offerings. And to-ing and fro-ing on Chinese telecoms at the New York Stock Exchange. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/2...
Threat actors were able to see Microsoft source code repositories. Zyxel closes a backdoor. Kawasaki discloses data exposure. Slacks troubles. Julian Assange escapes extradition to the US.
Updates on the spreading consequences of Solorigate, including Microsofts disclosure that threat actors gained access to source code repositories. A hard-coded backdoor is found in Zyxel firewalls and VPNs. Kawasaki Heavy Industries says parties unknown accessed sensitive corporate information. Slack has been having troubles today. Andrea Little Limbago from Interos on democracies aligning against global techno-dictators. Our guest is Drew Daniels from Druva with a look at the true value of data. And a British court declines to extradite WikiLeaks Julian Assange to the United States. For links to all of today's stories check out our CyberWire daily news brief:...
Ellen Sundra: Actions speak louder than words. [Engineering] [Career Notes]
Vice President of Global Systems Engineering Ellen Sundra shares her career path from life as a college grad who found her niche by creating a training program to a leader in cybersecurity. She realized that training and educating people was her passion. Ellen sees her value in providing soft skills as a natural balance to her technical team at Forescout Technologies. Being a woman in a male-dominated world proved to be a challenge and gaining her confidence to share her unique point of view helped her excel in it. Ellen recommends keeping your eyes open for how your skill set...
Encore: Unpacking the Malvertising Ecosystem. [Research Saturday]
Researchers at Cisco's Talos Unit recently published research exploring the tactics, technics and procedures of the global malvertising ecosystem. Craig Williams is head of Talos Outreach at Cisco, and he guides us through the life cycle of malicious online ads, along with tips for protecting yourself and your organization.
The research can be found here:
https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Andy Greenberg on the Sandworm Indictments. [Interview Selects]
This interview from November 6th, 2020 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Rick Howard speaks with Andy Greenberg on the Sandworm Indictments.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] (Career Notes]
Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security. As a child who wrote a book about a green goldfish who dealt with bullying, Selena always liked investigating and researching things. Specializing in cybersecurity journalism led to the realization of how closely aligned or similar skills are required from an investigative journalist and a cyber threat intelligence analyst. Our thanks to Selena for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Encore: Seedworm digs Middle East intelligence. [Research Saturday]
Researchers at Symantec have been tracking Seedworm, a cyber espionage group targeting the Middle East as well as Europe and North America. The threat group targets government agencies, oil & gas facilities, NGOs, telecoms and IT firms.
Al Cooley is director of product management at Symantec, and he joins us to share their findings.
The original research can be found here:
https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group
Learn more about your ad choices. Visit megaphone.fm/adchoices
Encore: Separating fools from money. [Hacking Humans]
Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Encore: Technology that allows cops to track your phone. [Caveat]
Dave has an update on Baltimores spyplane, Ben describes concerns over violations by the FBI, CIA, NSA of FISA court rules, and later in the show our conversation with Kim Zetter on her recent article in The Intercept, titled How Cops Can Secretly Track Your Phone. Its all about stingrays and dirtboxes, so stick around for that. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Links to stories: Elizabeth Goitein on Twitter In appeals...
Cozy Bear: quiet and patient. Counting the costs of cyberespionage. Iranian influence campaign sought to inspire post-US-election violence.
Cozy Bear lived up to its reputation for quiet patience. Counting the cost of the SVR cyberespionage campaign. What do intelligence services do with all the data they collect? An Iranian influence campaign sought to foment US post-election violence. Joe Carrigan looks at social engineering aimed at domain registrars. Our guest is John Worrall from ZeroNorth on the importance of security champions. And a last look ahead at 2021.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Bear tracks all over the US Governments networks. Pandas and Kittens and Bears, oh my... Emotets back. Spyware litigation. A few predictions.
The US continues to count the cost of the SVRs successful cyberespionage campaign. Attribution, and why its the TTPs and not the org chart that matters. Emotet makes an unhappy holiday return. It seems unlikely that NSA and US Cyber Command will be separated in the immediate future. Big Tech objects, in court, to NSO Group and its Pegasus spyware (or lawful intercept product, depending on whether youre in the plaintiffs or the respondents corner). Ben Yelin looks at hyper realistic masks designed to thwart facial recognition software. Our guest Neal Dennis from Cyware wonders if there really isn't a...
Sunburst looks worse: bad Bears in US networks, and thats not just right at all. Evil mobile emulator farm. Report: Pegasus used against journalists.
Cozy Bears big sweep through US networks gets bigger, longer, more carefully prepared, and worse in every way. IBM uncovers a big, conventionally criminal evil mobile emulator farm, and thats no good, either. Citizen Lab finds more to complain about with respect to alleged abuse of NSO Groups Pegasus tools. Awais Rashid from Bristol University on taking a risk-based approach to security. Rick Howard speaks with Cyral CEO Manav Mital on infrastructure as code. And tech executives are worried about Pandas and Bears and Kittens, oh my. For links to all of today's stories check out our CyberWire daily news...
Robert Lee: Keeping the lights on. [ICS] [Word Notes]
CEO and co-founder of Dragos Robert Lee talks about how he came to cybersecurity through industrial control systems.Growing up with parents in the Air Force, Robert's father tried to steer him away from military service. Still Rob chose to attend the Air Force Academy where he had greater exposure to computers through ICS. Robert finds his interest lies in things that impact the physical world around us. In his work, Dragos focuses on identifying what people are doing bad and helping people understand how to defend against that. Rob describes the possibility of making a jump to control system security...
Advertising Software Development Kit (SDK): serving up more than just in-app ads and logging sensitive data. [Research Saturday]
On August 24, 2020, Snyk announced the discovery of suspicious behaviors in the iOS version of a popular advertising SDK known as Mintegral. At that time, they had confirmed with partners in the advertising attribution space that at minimum, Mintegral appeared to be using this functionality to gather large amounts of data and commit ad attribution fraud. Their research showed that Mintegral was using code obfuscation and method swizzling to modify the functionality of base iOS SDK methods without the application owners knowledge. Further, their research proved that Mintegral was logging all HTTP requests including its headers which could even...
Cozy Bear has been very successful at being very bad. Advice on dealing with the supply chain compromise. Jokers Stash has its problems. And a few thoughts on the near future.
Cozy Bears software supply chain compromise and its massive cyberespionage effort against the US Government and the associated private sector, is still being untangled. But its very extensive, very bad, and very tough to remediate. Both CISA and NSA have advice about the incident, and we check in with Robert M. Lee from Dragos for his thoughts. John Pescatore from SANS advocates renewing our focus on information security. Iran may be running a ransomware campaign for influence purposes. The Jokers Stash criminal souk appears to have taken a hit. And dont let your guard down during the holidays. For links...
The SVRs exploitation of the SolarWinds software supply chain proves a very damaging cyberespionage campaign. HPE zero-day. Report on Chinas influence ops delayed.
The SolarWinds supply chain compromise may not have been an act of war, but it was certainly a very damaging espionage effort. The FBI, CISA, and ODNI are leading a whole-of-government response to the incident. Three companies have collaborated on a killswitch for the Sunburst backdoors initial command and control. HPE discloses a zero day in its SIM software. ODNI will delay its report on Chinese election influence ops. Thomas Etheridge from CrowdStrike on their Services Front Lines report. Our guest is Derek Manky from Fortinet with 2021 threat insights. And, of course, some predictions. For links to all of...
SolarWinds breach updates. Microsoft sinkholes Sunburst's C&C domain. Facebook takes down inauthentic networks.
SolarWinds breach reportedly affected parts of the Pentagon. Microsoft and partners seize and sinkhole command-and-control domain used by Sunburst malware. The threat actor behind the breach used a novel technique to bypass multi factor authentication at a think tank. Facebook takes down competing inauthentic networks focused on Africa. Joe Carrigan has insights on Amnesia 33. Our guest, Greg Edwards from CryptoStopper, shares his experience getting back online after a Derecho. And the execution of the FCCs rip-and-replace plan will likely fall to the next US administration. For links to all of today's stories check out our CyberWire daily news brief:...
SolarWinds compromise scope grows clearer. DPRKs Earth Kitsune. Googles authentication issue. A look at the near future of cybersecurity.
SolarWinds 8-K suggests the possible scope of the Sunburst incident. CISA leads the US Federal post-attack mopping up as more agencies are known to have been affected. How FireEye found the SolarWinds backdoor. GCHQ is looking for possible signs of Sunburst in the UK. Operation Earth Kitsune is attributed to North Korea. Google explains yesterdays outage. Ben Yelin looks at retail privacy issues. Our guest is Jasson Casey from Beyond Identity on going passwordless. And if you have trouble getting things done while working from home, maybe blame it on the dogs. For links to all of today's stories check...
A few predictions, but todays news is dominated by Cozy Bears supply chain attack on Solar Winds Orion Platform.
FireEye traces its breach to a compromised SolarWinds update to its Orion Platform. CISA issues an Emergency Directive to get control of an attack that is known to have affected at least two Federal Departments. Rick Howard shares lessons from season three of CSO Perspectives. Betsy Carmelite from Booz Allen continues her analysis of their 2021 Cyber Threat Trends Report. And while reports attribute the supply chain attack to Russias SVR, Moscow says Cozy Bear didnt do nuthin. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/239 Learn more about your ad choices. Visit...
Can public/private partnerships prevent a Cyber Pearl Harbor? [CyberWire-X]
For many years, public and private sector cybersecurity experts have warned of a large-scale, massively impactful cyber attack on criticalinfrastructure (CI). Whether you call it a cyber doomsday, a cyber extinction, or as formerDefense Secretary Leon Panetta termed it, a Cyber Pearl Harbor, the message is clear: it's not a matter of if, it's a matter of when, and it's not just critical infrastructure that's vulnerable. More recently, experts have started to raise the alarm around not just CI, but other systems as well, notablyposition, navigation and timing (PNT) services. PNT includes things like GPS devices -- extensions of IT...
Andrea Little Limbago: Look at the intersection of the of humans and technology. [Social Science] [Career Notes]
Computational Social Scientist Andrea Little Limbago shares her journey as a social scientist in cybersecurity. Andrea laments that she wishes she'd known there is no straight line between what you think you want to do and then where you end up going. Beginning her career in international relations and courted by the Department of Defense's Joint Warfare Analysis Center while teaching at New York University, Andrea began her work in cybersecurity. Her team was one of the first to start thinking about the intersection of cybersecurity and geopolitics and quantitative modeling. Andrea reminds us there are many paths and skills...
Following DOJ indictment, a look back on NotPetya and Olympic Destroyer research. [Research Saturday]
From US Department of Justice: "On Oct. 15, 2020, a federal grand jury in Pittsburgh returned an indictment charging six computer hackers, all of whom were residents and nationals of the Russian Federation (Russia) and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces. These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to hold Russia accountable for its use...
OceanLotus tracked. Threats to K-12 distance education. Adrozek is credential-harvesting adware. MountLocker gains criminal affiliates. FCC acts against Chinese companies. CISA internships.
Tracking OceanLotus. US advisory warns of cyberthreats active against schools trying to deliver distance learning. Adrozek joins credential harvesting and adware. MountLockers criminal affiliate program. The FCC takes action against Chinese companies deemed security risks. Predictions, and holiday advice. Johannes Ullrich from the SANS technology institute wonders whats in your clipboard? Our guest is Nina Jankowicz from Wilson Center on her new book - How to Lose the Information War - Russia, Fake News, and the Future of Conflict. And internship opportunities at CISA. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/238 Learn...
Facebook faces anti-trust suit. COVID-19 vaccine cyberespionage. Emissary Panda spotting. SQL databases for sale. Notes on the FireEye breach, the end of Flash, and the Mirai botnet.
Facebook faces a US antitrust suit. Cyberespionage hits the European Medicines Agency, apparently looking for COVID-19 vaccine information. Emissary Panda is out and about. A simple ransomware campaign goes for success through volume. Stolen SQL databases are offered for sale back to their owners. React to the FireEye breach, but dont over-react. We welcome Kevin McGee from Microsoft Canada to the show.Our guest is Liviu Arsene from Bitdefender with insights Business Threat Landscape report for 2020. Flash nears its end-of-life. Predictions for 2020, and another guilty plea in the Mirai case. For links to all of today's stories check out...
Bear prints in Oslo and Silicon Valley. Deepfakes may be finally coming... maybe... CISA issues ICS alerts, some having to do with AMNESIA:30. A quick trip through Patch Tuesday.
Norway calls out the GRU for espionage against the Storting. The SVR (probably) hacks FireEye. Huawei tested recognition software designed to spot Uighurs. 2021 predictions from Avast hold that next year might be the year deepfakes come into their own. CISA issues a long list of industrial control system alerts. Joe Carrigan looks at the iOS zero-click radio proximity vulnerability. Our guest is Matt Drake, director of cyber intelligence at SAIC on what the recents elections can tell us about threat intelligence. And yesterday was Patch Tuesday--do you know where your vulnerabilities are? For links to all of today's stories...
IoT supply chain vulnerabilities described. Spyware in the hands of drug cartels. National security and telecom equipment. US NDAA includes many cyber provisions. Fraud as a side hustle.
AMNESIA:33 vulnerabilities infest the IoT supply chain. Lawful intercept spyware allegedly finds its way from Mexican police into the hands of drug cartels. Finlands parliament approves exclusion of telecom equipment on security grounds. The US National Defense Authorization Acts cyber provisions. Online fraud seems to have become a side hustle. Ben Yelin responds to Supreme Court arguments in a Computer Fraud and Abuse Act case. Our guest is Darren Mar-Elia from Semperis on group policy security. And Moscow police are looking for the crooks who hacked secure delivery lockers. For links to all of today's stories check out our CyberWire...
NSA warns that Russia is actively exploiting patched VMware vulnerabilities. CISA alert also a warning to Iran. DeathStalker update. Market pressures in the Darknet. Greetings from Pyongyang.
NSA warns that Russian state-sponsored actors are actively exploiting patched VMware vulnerabilities in the wild. A CISA alert puts Iran on notice. DeathStalker hired guns are now active in North America. Darknet contraband markets are experiencing the sort of pressure and consolidation legitimate markets undergo. Rick Howard checks in with the hash table on CSO and CISO roles. My continued conversation with Betsy Carmelite from Booz Allen on their 2021 Cyber Threat Trends Report. And a weird shift in North Korean propaganda...is Pyongyang having a Hallmark moment? For links to all of today's stories check out our CyberWire daily news...
Ron Brash: Problem fixer in critical infrastructure. [OT] [Career Notes]
Director of Cyber Security Insights at Verve Industrial aka self-proclaimed industrial cybersecurity geek Ron Brash shares his journey through theindustrial cybersecurity space. From taking his parents 286s and 386s to task to working for the "OG of industrial cybersecurity," Ron has pushed limits. Starting off in technical testing, racing through university at 2x speed, and taking a detour through neuroscience with machine learning, Ron decided to return to critical infrastructure working with devices that keep the lights on and the water flowing. Ron hopes his work makes an impact and his life is memorable for those he cares about.We thank...
SSL-based threats remain prevalent and are becoming increasingly sophisticated. [Research Saturday]
While SSL/TLS encryption is the industry standard for protecting data in transit from prying eyes, encryption has, itself, become a threat. It is often leveraged by attackers to sneak malware past security tools that do not fully inspect encrypted traffic. As the percentage of traffic that is encrypted continues to grow, so do the opportunities for attackers to deliver threats through encrypted channels. To better understand the use of encryption and the volume of encrypted traffic that is inspected, Zscaler's research team, ThreatLabZ, analyzed encrypted traffic across the Zscaler cloud for the first nine months of 2020, assessing its use...
2021 may look a lot like 2020 in cyberspace, only moreso. Cold chain cyberespionage. Cybercriminals are also interested in COVID-19 vaccines. And beware of online dog fraud.
Predictions for 2021 focus on ransomware: itll be better, more aggressive, bigger, and a greater problem in every way. Cyberespionage and the cold chain. Cybercriminal interest in COVID-19 vaccines extends to both theft and fraud. Johannes Ullrich on the .well-known Directory. Our guest is Michael Magrath from OneSpan on what the financial sector needs to consider now that were post-election season. And whats one effect of the pandemic? Dog fraud. Ask the Better Business Bureau.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/233
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyberespionage and influence operations against prospective members of the incoming US Administration. Cold chain attacks. TrickBoot. Vasya, what do you do for a living?
Chinese intelligence services are prospecting think tanks and prospective members of the next US Administration. Spearphishing the vaccine cold chain. Expect vaccine-themed phishing. After a temporary, pre-US election suppression, TrickBots back. Holiday shopping season is bot-season. Consumers are thought likely to get upset about smart device privacy in 2021. Awais Rashid from Bristol University on privacy at scale. Our guest is JP Perez-Etchegoyen from Onapsis on the risk associated with interconnected cloud and SaaS apps. And suppose youre a cybercriminal...we know, but suppose. What do you tell your sweetie you do for a living? For links to all of today's...
The Shadow Academy schools anglophone universities. Turlas Crutch. Cryptojacking as misdirection. Cyberespionage against think tanks. DPRK tries to steal COVID-19 treatment data.
The Shadow Academy prospects universities in a domain shadowing campaign. Notes on Turlas Crutch, an information-stealing backdoor. Bismuth was using crytpojacking as misdirection. CISA and the FBI warn think tanks that cyberspies are after them. North Korean cyberespionage is interested in COVID-19 treatments. Our guest is Carey OConnor Kolaja from AU10TIX on combating fraud in the financial services and payment industry. David Dufour from Webroot has 2021 predictions.And a member of the Apophis Group gets eight years in prison. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/231 Learn more about your ad choices....
Cryptojacking cyberspies sighted. Crooks mix banking Trojans and ransomware. Conti ransomware hits industrial IoT company. SCOTUS reviews CFAA. And predictions.
Cryptojacking from Hanoi. Dormant networks rise again, for no easily discernible reason (but it doesnt look good). A gang is hitting German victims with the Gootkit banking Trojan, and sometimes mixing it up with a REvil ransomware payload. Conti ransomware hits IoT chipmaker. SCOTUS reviews the Computer Fraud and Abuse Act. A few predictions for 2021. Ben Yelin on Congress passing an IoT security bill. Our guest is Stephen Harvey from BitSight, whos tracking the correlation between companies with strong cybersecurity and financial success. And it may be back to school tomorrow in Baltimore County. For links to all of...
Phishing for COVID-19 vaccine data. Bandook is back, and mercenaries have it. Schools out for ransomware. Skepticism about foreign election manipulation. The forever sales.
North Korean operators phish a major pharma company. The Bandook backdoor is back, and probably being distributed by mercenaries. A school district cancels classes after a ransomware attack. Man U continues to work on recovering its systems. Former CISA Director says there are no signs of foreign manipulation of US elections. Rick Howard wonders what exactly all those CISOs do. Betsy Carmelite from Booz Allen with insights from their 2021 Cyber Threat Trends Report. And Cyber shopping and the forever sales. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/229 Learn more about your...
Camille Stewart: Technology becomes more of an equalizer. [Legal] [Career Notes]
Cybersecurity attorney Camille Stewart shares how her childhood affinity for making contracts pointed to her eventual career as an attorney. Having a computer scientist father contributed to Camille's technical acumen and desire to include technology in her life's work. Camille has worked various facets of cybersecurity law from the private sector, federal government, on the Hill and in the Executive Branch, and now as part of Big Tech as Head of Security Policy and Election Integrity for Google Play and Android where she creates policy geared towards making sure users are safe on their platform and equipped to make informed...
Encore: Using global events as lures for malicious activity.
The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased accordingly. Together, these changes have had an impact on the threat landscape. We still see large amounts of active exploitation, but enterprises are getting better at defending against them. This has left adversaries with a couple of options, develop or buy a working exploit that will defeat today's protections, which can be costly, or pivot...
Influence the gullible, and maybe others will follow. Event site sustains a data breach. Contact tracing and privacy protection. Ransomware, again. Social media used to intimidate witnesses.
Observers see a shift in Russias influence tactics, but prank calls are (probably) not among those tactics. An event site suffers a data breach, and warns customers to be alert for spoofing. COVID-19 contact tracing continues to arouse privacy concerns. Joe Carrigan has tips for safe online shoppingduring the holidays. Our guest is Dmitry Volkov from Group-IB with insights from their latest Hi-Tech Crime Trends report. Ransomware hits another US school district, and social media are being used to intimidate cooperating witnesses. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/228 Learn more about...
Mustang Panda needs to repent. Not the FBI. Dodgy consumer routers and smart doorbells. Prospective Presidential appointees and cyber. Crime and investigation.
Mustang Panda goes to church, but not in a good way. Hoods are trying to spoof the FBI with Bureau-themed domains. Dodgy routers and suspect smart doorbells. A quick look at the incoming US Administration, from a cybersecurity point of view. Someones allegedly swapping iPads for concealed carry permits--say it aint so, Santa Clara County. DHS investigates Windows help desk scammers. Ben Yelin on a Massachusetts ballot initiative involving connected cars. Our guest is Larry Roshfeld from AffirmLogic on the pros and cons of a Treasury Dept advisory that could put companies who facilitate ransomware payments in legal jeopardy. For...
Ups and downs in the cyber underworld. Enduring effects of COVID-19 in cyberspace. Safer online shopping. Take me home, United Road, to the place I belong, to Old Trafford, to see United
Qbot is dropping Egregor ransomware, and RagnarLocker continues its recent rampage. Cryptocurrency platforms troubled by social engineering at a third party. TrickBot reaches version 100. Stuffed credentials exposed in the cloud. COVID-19 practices may endure beyond the pandemic. Advice for safer online shopping over the course of the week. Malek Ben Salem from Accenture Labs has methods for preserving privacy when using machine learning. Rick Howard digs deeper into SOAR. And someones hacking a Premier League side.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/226
Learn more about your ad choices. Visit megaphone.fm/adchoices
James Hadley: Spend time on what interests you. [CEO] [Career Notes]
Founder and CEO of Immersive Labs James Hadley takes us through his career path from university to cybersecurity startup.James tells us about his first computer and how he liked to push it to its limits and then some. He joined GCHQ after college and consulted across government departments. Teaching in GCHQ's cyber summer school was where James felt a shift in his career. As a company founder, he shares that he is very driven, very fast and also very caring. James offers advice to those looking to get into the industry recommending they chase what interests them rather than certifications....
Misconfigured identity and access management (IAM) is much more widespread. [Research Saturday]
Identity and access are intrinsically connected when providing security to cloud platforms. But security is only effective when environments are properly configured and maintained. In the 2H 2020 edition of the biannual Unit 42 Cloud Threat Report, researchers conducted Red Team exercises, scanned public cloud data and pulled proprietary Palo Alto Networks data to explore the threat landscape of identity and access management (IAM) and identify where organizations can improve their IAM configurations. During a Red Team exercise, Unit 42 researchers were able to discover and leverage IAM misconfigurations to obtain admin access to a customers entire Amazon Web Services...
Prime Minister Johnson tells Parliament about the National Cyber Force. Vietnam squeezes Facebook. Chinese cyberespionage. SEO poisoning. Printing ransom notes. CISA leadership.
Her Majestys Government discloses the existence of a National Cyber Force. Hanoi tells Facebook to crack down on posts critical of Vietnams government. Chinese cyberespionage campaign targets Japanese companies. Egregor ransomware prints its extortion notes in hard copy. SEO poisoning with bad reviews. Mike Benjamin from Lumen on credential stuffing and password spraying. Our guest is Mark Forman from SAIC with a look at government agencies' COVID-19 response. And CISA may have a permanent director inbound.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/225
Learn more about your ad choices. Visit megaphone.fm/adchoices
Haunted virtual meetings. AWS APIs share vulnerabilities. US Intelligence Community conducts a post mortem on 2020 foreign election interference. Meet the future (a lot like the present, only moreso).
Ghosts in the virtual machines. Cloudbursts in the forecast. The US Intelligence Community is preparing a report on foreign election interference. CISA has a new interim director. A view of the threat landscape from Canada. Caleb Barlow from Cynergistek on reclassifying the internet as critical infrastructure. Our guests are Shai Cohen and Brooke Snelling from TransUnion on building trust in a digital consumer landscape. And a look into the near future.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/224
Learn more about your ad choices. Visit megaphone.fm/adchoices
Dream a FunnyDream of me. US CISA Director dismissed. Facebook, Twitter CEOs virtually visit the US Senate. Huawei CFO extradition update. Bad passwords.
FunnyDream? No, its real: a cyberespionage crew operating against Southeast Asian governments. President Trump fires US CISA Director Krebs. Twitter and Facebook CEOs testify before the Senate as legislators consider Section 230. The extradition hearing for Huaweis CFO continues in Vancouver. Joe Carrigan looks at fleeceware on the Google Play store. Rick Howard speaks with Tenables Steve Vintz on communication between C-Suites and security teams. And the most common passwords in 2020 are now out, and password only comes in at Number 4. Were not sure that really represents progress, because wait til you hear Number 1. For links to...
Hidden Cobras new tricks. Notes from the criminal underground. Draft EU data transfer regulations. And the coming ape-man disinformation.
Hidden Cobra inserts Lazarus malware into security management chains. Malsmoke malvertizing doesnt need exploit kits, anymore. Ransomware operators shift toward social engineering as the ransomware-as-a-service criminal market flourishes. Draft EU data transfer regulations implement the Schrems II decision. Robert M. Lee from Dragos shares a little love for the lesser-known areas of ICS security. Our guest is Greg Smith from CAMI with insights on promoting cyber capabilities at the state level. And the next thing in disinformation? No surprises here: its COVID-19 vaccines. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/222 Learn more...
Cyberespionage and international norms of conduct in cyberspace. DarkSide establishes storage options for its affiliates. TroubleGrabber in Discord. Unapplied patches.
Nation-states continue to probe COVID-19 vaccine researchers. The Global Commission on the Stability of Cyberspace proposes international norms for promoting stability in cyberspace. DarkSide ransomware-as-a-service operators sweeten their offer with storage options. TroubleGrabber is stealing credentials via Discord. SAD DNS code pulled from GitHub. Betsy Carmelite from Booz Allen with a forward-looking view of 5G. Rick Howard takes a look at SOAR. Many patches remain unapplied, and CMMS wants US Defense contractors to move toward positive security.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/221
Learn more about your ad choices. Visit megaphone.fm/adchoices
Malek Ben Salem: Taking those challenges. [R&D] [Career Notes]
Americas Security R&D Lead for Accenture Malek Ben Salem shares how she pivoted from her love of math and background in electrical engineering to a career in cybersecurity R&D. Malek talks about her interest in astrophysics as a young girl, and how her affinity for math and taking on challenges lead her to a degree in electrical engineering. She grew her career using math for data mining and forecasting eventually pursuing a masters and PhD in computer science where she shifted her focus to cybersecurity. Malek now develops and applies new AI techniques to solve security problems at Accenture. We...
That first CVE was a fun find, for sure. [Research Saturday]
In the late 90s, hackers who discovered vulnerabilities would sometimes send an email to Bugtraq with details. Bugtraq was a notification system used by people with an interest in network security. It was also a place that might have been monitored by employees of software companies looking for reports of vulnerabilities pertaining to their software. The problem was -there wasn't an easy way to track specific vulnerabilities in specific products. It was May 1999. Larry Cashdollar was working as a system administrator for Bath Iron Works under contract by Computer Sciences Corporation. Specifically, he was a UNIX Systems Administrator, level...
CISA offers its assessment (high) of US election security. An alleged GRU front media group is fingered. Notes on cybercrime, and one cheap proof-of-concept.
CISA says US elections were secure, that recounts are to be expected in tight races. (But election-themed malspam continues, of course.) A news platform is flagged as a GRU front. A new ransomware strain takes payment through an Iranian Bitcoin exchange. The Jupyter information-stealer is out and active. David Dufour on detecting deepfakes and misinformation. Dr. Jessica Barker on her new book Confident Cyber Security - How to Get Started in Cyber Security and Futureproof Your Career. And PlunderVolt is a $30 proof-of-concept. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/220 Learn more...
An overview of threat actors, two proofs of concept, and an IoT botnet bothers the cloud. Patch Tuesday notes. And control yourself, sir.
BlackBerry tracks a mercenary group providing cyberespionage services. A rundown from Dragos on threat actors engaging with industrial targets. An Iot botnet is active in the cloud. A research team offers a new proof-of-concept for DNS cache poisoning, and another group of researchers demonstrates a novel power side-channel attack. Patch Tuesday notes. Joe Carrigan wonders if youre likely to get your moneys worth when paying baddies.Our guest is Michael Daniel from the CTA on the merging fields of cybersecurity and information operations. And a pro-tip: you do know that they can usually see you on Zoom, right? For links to...
remote access Trojan or RAT (noun) [Word Notes]
As we are not publishing in observance of Veterans Day, we thought you might like to check out a couple of episodes of our weekly Word Notes short form podcast that comes out on Tuesdays. Check it out and subscribe today! From the intrusion kill chain model,a programthat provides command and control servicesfor an attack campaign. While the first everdeployed RAT is unknown,one early exampleis Back Orificemade famousby the notorious hacktivist group calledThe Cult of the Dead Cow,or cDc,Back Orifice was writtenby the hacker,Sir DysticAKA Josh Bookbinderand released to the publicat DEFCON in 1998. Learn more about your ad choices....
shadow IT (noun) [Word Notes]
As we are not publishing in observance of Veterans Day, we thought you might like to check out a couple of episodes of our weekly Word Notes short form podcast that comes out on Tuesdays. Check it out and subscribe today! Technology, software and hardware deployed without explicit organizational approval. In the early days of the computer era from the 1980s through the 2000s security and information system practitioners considered shadow ITas completely negative.Those unauthorized systemswere nothing morethan a hindrancethat created more technical debtin organizationsthat were already swimming in it with the knownand authorized systems. Learn more about your ad...
A look at whats up in some of the criminal markets. The continued resilience of TrickBot. What you can buy for $155,000.
Criminals get the news like everyone else, and online crime continues to follow current events. Its up, its down, its up again--forget it: its TrickBot. A cyber incident affects computer maker Compal. Zoom settles an FTC complaint. Price check in the criminal markets. Ben Yelin on a Canadian shopping mall's collection of over 5 million shopper's images. Our guest is Ben Brook from Transcend with best practices in privacy and data protections.And spare a thought for a veteran tomorrow. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/218 Learn more about your ad choices....
Supply chain security. New cyberespionage from OceanLotus. Data breaches expose customer information. And GCHQ has had quite enough of this vaccine nonsense, thank you very much.
Alerts and guidelines on securing the software supply chain (and the hardware supply chain, too). OceanLotus is back with its watering holes. Two significant breaches are disclosed. Malek Ben Salem from Accenture Labs explains privacy attacks on machine learning. Rick Howard brings the Hash Table in on containers. And, hey, we hear theres weird stuff out there about vaccines, but GCHQ is on the case.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/217
Learn more about your ad choices. Visit megaphone.fm/adchoices
Richard Clarke: From presidential inspiration to cybersecurity policy pioneer. [Policy] [Career Notes]
CEO and consultant Richard Clarke took his inspiration from President John F Kennedy and turned it into the first cybersecurity position in federal government.Determined to help change the mindset of war, Richard went to work for the Department of Defense at the Pentagon following college during the Vietnam War. From Assistant Secretary of the State Department, he moved to the White House to work for President George W. Bush's administration where he kept an eye on Al-Qaeda and was tasked to take on cybersecurity. Lacking any books or courses to give him a basic understanding of cybersecurity, Richard made it...
PoetRAT: a complete lack of operational security. [Research Saturday]
Cisco Talos discovered PoetRAT earlier this year. Since then, they observed multiple new campaigns indicating a change in the actor's capabilities and showing their maturity toward better operational security. They assess with medium confidence this actor continues to use spear-phishing attacks to lure a user to download a malicious document from temporary hosting providers. They currently believe the malware comes from malicious URLs included in the email, resulting in the user clicking and downloading a malicious document. These Word documents continue to contain malicious macros, which in turn download additional payloads once the attacker sets their sites on a particular...
IRGC domains taken down. A look at 2021s threatscape. Russia says its didnt do anything (others see Bears.) Forfeiture of Silk Roads hitherto unaccounted for billion-plus dollars.
The US Justice Department takes down twenty-seven domains being used by Irans Islamic Revolutionary Guard Corps. Booz Allen offers its take on the 2021 threatscape. Russia declares itself innocent of bad behavior in cyberspace, but many remain skeptical. Johannes Ullrich from SANS looks at Supply Chain Risks and Managed Service Providers. Our own Rick Howard speaks with Wireds Andy Greenberg about the recent Sandworm indictments. Silk Roads mission billion dollars appear to have been found, and the US Government is working on a forfeiture action. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/216...
CISAs happy but still wary. Election-themed criminal malspam. New ransomware goes after VMs. Why it makes no sense to trust extortionists.
CISA declares a modest but satisfying victory for election security, but cautions that its not over yet. Criminal gangs are using election-themed phishbait in malspam campaigns. A new strain of ransomware attacks virtual machines. Robert M. Lee from Dragos on the impact climate change could have on ICS security. Our guest is Kelly White of RiskRecon on healthcare organizations managing risk across extensive third party relationships. And if you wondered if the criminals who offered to securely destroy the data they stole if the victims paid the ransom, well, signs point to no. For links to all of today's stories...
US elections: CISA calls security success, but reminds all that its not over yet. Notes from the cyber underground. Two more indictments in cyberstalking case.
Election security, hunting forward, rumor control, and the value of preparation. Maze may be gone (so its proprietors say) but its affiliate market has moved on to Egregor ransomware-as-a-service. An illicit forum has leaked large repositories of personal information online. Joe Carrigan shares thoughts on hospital systems getting hit by ransomware. Our guest is Alan Radford from One Identity who wonders whether robots should have identities. And two more ex-eBayers are indicted in the Massachusetts cyberstalking case.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/214
Learn more about your ad choices. Visit megaphone.fm/adchoices
Election security updates from CISA. Maze says its out of business (and never really existed). Edward Snowden wants dual Russian-US citizenship. A botmaster goes up river.
Notes on Election Day security, from CISA. The Maze gang finally releases its press release announcing that its going out of business. Mr. Snowden applies for dual Russian-American citizenship. Ben Yelin shares his thoughts on Mark Zuckerbergs recent Senate testimony. Our guest is Karlo Zanki from Reversing Labs on Hidden Cobra. And a botmaster gets eight years after copping a US Federal guilty plea to conspiracy.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/213
Learn more about your ad choices. Visit megaphone.fm/adchoices
Another look at North Korean cyberespionage. Phishing with Google Docs. How Iran obtained US voter information. Election security enters its endgame.
Another look at Pyongyangs Kimsuky campaign. Phishing with bogus Google Docs. How Tehran got its hands on voter information. Rick Howard looks at containers and serverless functions. Malek Ben Salem shares the results of Accentures 2020 Cyber Threatscape report. And looking ahead to the election influence endgame.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/212
Learn more about your ad choices. Visit megaphone.fm/adchoices
David Sanger on the HBO documentary based off his book, "The Perfect Weapon". [Special Edition]
On this Special Edition, our extended conversation with author and New York Timesnational security correspondent David E. Sanger. The Perfect Weaponexplores the rise of cyber conflict as the primary way nations now compete with and sabotage one another.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Carole Theriault: Constantly learning new things. [Media] [Career Notes]
Communications consultant and podcaster Carole Theriault always loved radio and through her career dabbled in many areas .She landed in a communications and podcasting role where she helps technical firms create audio and digital content. In fact, Carole is the CyberWire's UK Correspondent. She says cybersecurity is good place to go because of the many different avenues available and "you don't even have to be a tech head" (though Carole has quite a technical pedigree). Our thanks to Carole for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Leveraging for a bigger objective. [Research Saturday]
The U.S. government has charged seven men in relation to hundreds of cyber attacks against organizations in the U.S. and multiple other countries in Asia and Europe. Two of the men, who were based in Malaysia, were arrested and their extradition to the U.S. has been requested. The other five are based in China and remain at large. The attacks were attributed to a China-linked organization dubbed APT41 and involved a combination of intellectual property theft and financially motivated cyber crime. While some of our peers monitor APT41 as a single operation, Symantec regards it as two distinct actors: Grayfly...
Ransomware epidemic during the pandemic. Cyber insurance and state actors. Cyberstalking. Dont exaggerate election meddling. Reflections on National Cybersecurity Awareness Month.
Ransomware becomes endemic in the healthcare sector. Cyber metaphors--we read a good one this morning. Does your cyber insurance indemnify you against state-sponsored attacks? More guilty pleas in the ex-eBayers cyberstalking case. US Cyber Command and others advise everyone not to see foreign election meddling where it isnt. David Defour looks at the spookiest malware of 2020. Our guest is Travis Leblanc from Cooley on the European court Invalidating the EU-US Privacy Shield. And what do we make of National Cybersecurity Awareness Month as it recedes into our collective rearview mirror? For links to all of today's stories check out...
The Malware Mash!
Learn more about your ad choices. Visit megaphone.fm/adchoices
Familiar threat actors are back in the news. Big Techs testimony on Capitol Hill had less to do with Section 230 than many had foreseen.
Some familiar threat actors--both nation-states and criminal gangs--return to the news: Venomous Bear, Charming Kitten, Wizard Spider, and Maze. Mike Benjamin from Lumen looks at the Mozi malware family. Our guest is Neal Dennis from Cyware on why it's time for organizations to step up their data sharing. And Big Techs day on Capitol Hill involved more discussion of censorship and bias than it did Section 230 of the Communications Decency Act.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/210
Learn more about your ad choices. Visit megaphone.fm/adchoices
Warnings about the DPRKs Kimsuky Group. Election security in the US during the endgame. Section 220 and Big Tech. Another guilty plea in the eBay-related cyberstalking case.
US authorities warn that North Koreas Kimsuky APT is out and about and bent on espionage, with a little cryptojacking on the side. As the US elections enter their endgame, observers point out that the appearance of hacking can be just as effective for foreign influence operations as the reality. CISA continues to tweet rumor control and election reassurance. Joe Carirgan share developments in end-to-end encryption. Our guest is Bilyana Lilly from RAND on Russias strategic messaging on social media (and the disinformation that may be a part of it). Big Tech returns to Capitol Hill. And another guilty plea...
Election phishing, without hook, but with line and sinker? Data breaches, and the importance of prompt disclosure. Misplaced hacktivist sympathy.
EI-ISAC reports a curious election-related phishing campaign, widespread, but indifferently coordinated and without an obvious motive. Nitro discloses a low impact security incident. A breach at a law firm affects current and former Googlers. Finnish psychological clinic Vastaamo dismisses its CEO for not disclosing a breach promptly. Ben Yelin looks at a controversial White House to divvy up 5G spectrum. Carole Theriault shares results from Panaseers 2020 GRC Peer Report.And a terrorist murder finds support online.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/208
Learn more about your ad choices. Visit megaphone.fm/adchoices
Russian research institute sanctioned for its role in Triton/Trisis. Coordinated inauthenticity in Myanmar. Clean Network program update. Major data breach in Finland.
The US Treasury Department sanctions a Russian research institute for its role in the Triton/Trisis ICS malware attacks. Coordinated inauthenticity with a commercial as well as a political purpose. The Clean Network project gains ground in Central and Eastern Europe. Rob Lee from Dragos on insights on the recent DOJ indictments of Russians allegedly responsible for the Sandworm campaign. Rick Howard explores SD-WANs. Data breaches afflict a large Finnish psychiatric institute.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/207
Learn more about your ad choices. Visit megaphone.fm/adchoices
Sal Aurigemma: How things work. [Education] [Career Notes]
Associate Professor of Computer Information Systems at the University of Tulsa Sal Aurigemma shares how his interest in how things worked shaped his career path in nuclear power and computers, Being introduced to computers in high school and learning about the Chernobyl event led Sal to study nuclear engineering followed by time in the Navy as a submarine officer. On the submarine, Sal had to understand how systems worked from soup to nuts and that let him back to IT. As a computer engineer, Sal spent a lot of time on network troubleshooting and was eventually introduced to cybersecurity. Following...
Just saying there are attacks is not enough. [Research Saturday]
Ben-Gurion University researchers have developed a new artificial intelligence technique that will protect medical devices from malicious operating instructions in a cyberattack as well as other human and system errors. Complex medical devices such as CT (computed tomography), MRI (magnetic resonance imaging) and ultrasound machines are controlled by instructions sent from a host PC. Abnormal or anomalous instructions introduce many potentially harmful threats to patients, such as radiation overexposure, manipulation of device components or functional manipulation of medical images. Threats can occur due to cyberattacks, human errors such as a technician's configuration mistake or host PC software bugs. As part...
Energetic Bears battlespace preparation. Selling voter and consumer personal data. GRU, Qods Force sanctioned. How they knew that Iran dunnit.
Energetic Bear is back, and maybe getting ready to go berserk in a network near you, Mr. and Mrs. United States. Someones selling publicly available voter and consumer information on the dark web. Sanctions against the GRU for the Bundestag hack. The US sanctions Qods Force and associated organizations for disinformation efforts. Johannes Ullrich has tips for preventing burnout. Our Rick Howard speaks with author David Sanger about his new HBO documentary The Perfect Weapon. How Iran was caught in the emailed voter threat campaign. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/205...
Recent email threats to US voters appear to be an Iranian operation. Notes on cyberespionage and influence operations. Hold the blatant Russophobia, TASS?
Emailed election threats to US voters are identified as an Iranian influence operation, disruptive, and so more in the Russian style. Both Iran and Russia appear to be preparing direct marketing influence campaigns. Cyber criminals are also exploiting US election news as phishbait. Seedworm is said to be retooling. Caleb Barlow from Cynergistek on contact tracing and privacy as students head back to school. Our guest is Jadee Hanson from Code 42 on juggling priorities and protecting her organization as external and internal threats constantly take aim. And TASS deplores the blatant Russophobia of recent Five Eyes official remarks. For...
TrickBots return is interrupted. Election rumor control. Supply chain security. Securing the Olympics. NSS Labs closes down.
TrickBot came back, but so did its nemesis from Redmond--Microsoft and its partners have taken down most of the new infrastructure the gang reestablished. CISA publishes election rumor control. The Cyberspace Solarium Commission has a white paper on supply chain security. Japan says it will take steps to secure next summers Olympics. Joe Carrigan takes issue with Twitter and Facebook limiting the spread of published news stories. Our guest is Carolyn Crandall from Attivo with a look at the market for cyber deception tools. And a familiar name exits the industry. For links to all of today's stories check out...
International cyberespionage: China and Russia versus the Five Eyes and others. Google faces an anti-trust suit. Abandonware.
Americas NSA reviews twenty-five vulnerabilities under active exploitation by Chinese intelligence services. The UKs NCSC accuses the GRU of more international cyberattacks. The US Justice Department brings its long-expected anti-trust suit against Google. Ben Yelin examines overly invasive company Zoom policies. Our guest is Jessica Gulick from Katczy with a visit to the Cyber Carnival Games. And a warning on abandonware.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/203
Learn more about your ad choices. Visit megaphone.fm/adchoices
Influence operations and cyber probes of presidential campaigns. TrickBots recovery. Remote learning woes. Port facilities in Iran reported to have been targeted in cyberattacks.
Updates on influence ops and campaign hacking show that the opposition has its troubles, too. TrickBot operators seem to have returned to business. Schools remote learning programs are providing attractive targets for cybercriminals. Iranian news outlets say ports were the targets of last weeks cyberattacks. David Dufour explains how phishing campaigns capitalized on a global crisis. And Charlie Tibor says, hello world (we paraphrase).
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/202
Learn more about your ad choices. Visit megaphone.fm/adchoices
Rosa Smothers: Secure the planet. [Career Notes]
Senior VP of Cyber Operations at KnowBe4, Rosa Smothers, talks about her career as an early cybersecurity professional in what she describes as the Wild, Wild West to her path through government intelligence work.Rosa shares how she always knew she wanted to be involved with computers and how being a big Star Trek nerd and fan particularly of Spock and Uhura helped shape her direction. Following 9/11, Rosa wanted to work for the government and pursue the bad guys and she did just that completing her bachelor's degree and starting in the Defense Intelligence Agency as a cyber threat analyst...
Intentionally not drawing attention. [Research Saturday]
Bitdefender researchers recently uncovered a sophisticated APT-style attack targeting an international architectural and video production company. The attack shows signs of industrial espionage, similar to another of Bitdefenders recent investigations of the StrongPity APT group. The real-estate industry is highly competitive, and information exfiltrated by APT mercenary group can give negotiation advantages to other players in high-profile real-estate contracts. While APT groups traditionally could only be afforded by governments or were financially motivated purely out of self-interest, they recently appear to have become a commodity. Joining us in this week's Research Saturday to discuss the research is Global Cybersecurity ResearcherLiviu...
Misdirection and redirection. Content moderation, influence operations, and Section 230. Money-laundering gang taken down. And no wolves in Nova Scotia.
Phishing through redirector domains. Content moderation, influence operations, and Section 230. A Twitter outage is due to an error, not an attack. QQAAZZ money-laundering gang members indicted. Johannes Ullrich tracks Mirai Bots going after Amanda backups. Our guest is Richard Hummel from Netscout with research on cybersecurity trends and forecasts. And some ruminations about range safety for cyber exercises.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/201
Learn more about your ad choices. Visit megaphone.fm/adchoices
Disinformation, foreign and domestic. Content moderation, always harder than it seems. US Cyber Commands defend forward doctrine.
Tehran says this weeks cyberattacks are under investigation. Silent Librarian returns to campus for academic year 2020-2021. Crooks are posing as nation-state hackers. Domestic disinformation reported in Guinea and Ghana. Disinformation, content moderation, and the difficulties presented by both. US Cyber Commands forward engagement campaign. Mike Benjamin from Lumen on how bad actors reuse infrastructure. Our guest is Ralph Sita from Cybrary with a look at their "Skills Gap" research report. And an extended meditation on the Scunthorpe Problem. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/200 Learn more about your ad choices....
Cyber conflict and cyberespionage. Social engineering as a turnstile business. Inside a social engineering campaign. A warning about fraudulent unemployment claims.
Reports of cyberattacks against Iranian government and, possibly, economic targets, are circulating, but details are sparse. Norway accuses Russia of hacking parliamentary emails. A cybercriminal gangs secret is volume. A social engineering campaign singles out victims with US IP addresses. Joe Carrigan on a million dollar REvil recruitment offer. Our guest is Paul Nicholson from A10 Networks with a look atthe "State of DDoS Weapons". And the US Treasury Department warns banks to be on the lookout for signs of unemployment fraud. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/199 Learn more about...
Suppressing Trickbot: cyber warfare and cyber lawfare. Chaining vulnerabilities. An intergovernmental call for backdoors in the aid of law enforcement.
Trickbot gets hit by both US Cyber Command and an industry team led by Microsoft. CISA and the FBI warn that an unnamed threat actor is chaining vulnerabilities, including Zerologon, to gain access to infrastructure and government targets. Ben Yelin shares his thoughts on the US Houses report on monopoly status for some of tech's biggest players. Our guest is David Higgins from CyberArk on how work from home has put a light on privilege access security. And the Five Eyes plus two call for legal access to encrypted communications. For links to all of today's stories check out our...
Rigging the game. [Caveat]
Ben describes a decades-long global espionage campaign alleged to have been carried out by the CIA and NSA, Dave shares a story about the feds using cell phone location data for immigration enforcement, and later in the show our conversation with Drew Harwell from the Washington Post on his article on how Colleges are turning students phones into surveillance machines. Links to stories: The intelligence coup of the century RIGGING THE GAME Spy sting Federal Agencies Use Cellphone Location Data for Immigration Enforcement Got a question you'd like us to answer on our show? You can send your audio file...
Geoff White: Suddenly all of the pieces start to line up. [Career Notes]
Investigative journalist and author Geoff Whitetalks about tracing a line through the dots of his career covering technology. Geoff shares that he has always been "quite geeky," but came to covering technology after several roles in the journalism industry. Newspapers, magazines and television were all media Geoff worked in before covering technology. Geoff got into journalism not due to the glamour sometimes associated with it, but because he wanted to fight for the public to cover stories that helped those who didn't have massive amounts of money, power or a huge lobbying campaign in political circles. When writing his book,...
It's still possible to find ways to break out. [Research Saturday]
Containers offer speed, performance, and portability, but do they actually contain? While they try their best, the shared kernel is a disturbing attack surface: a mere kernel vulnerability may allow containerized processes to escape and compromise the host. This issue prompted a new wave of sandboxing tools that use either unikernels, lightweight VMs or userspace-kernels to separate the host OS from the container's OS. One of these solutions is Kata Containers, a container runtime that spawns each container inside a lightweight VM, and can function as the underlying runtime in Docker and Kubernetes. Kata's virtualized containers provide two layers of...
A Parliamentary report alleges active Huawei cooperation with Chinese intelligence. Coordinated inauthenticity, mostly focused on domestic opinion. Guilty pleas from former eBayers.
A Parliamentary committee issues a scathing report on Huaweis connection to the Chinese government and the Communist Party of China. Facebook takes down coordinated inauthenticity with a domestic focus in four countries. Twitter goes after influence operators in four other countries. Betsy Carmelite addresses threats to telehealth platforms. Our guests are the FBIs Herb Stapleton and the US Secret Services Greg McAleer new multi-agency mission center to tackle the highest priority cyber criminal threats facing the US. And two of the former eBayers charged in a cyber-stalking case have taken their expected guilty pleas. For links to all of today's...
Bahamuts hackers-for-hire. SlothfulMedia looks made-in-China. Domains run by IRGC seized. Phishbait uses current events as chum. Who dunnit? Not us, or rather, prove it, says Moscow.
Add the Bahamut cyber mercenaries to the shadow armies for hire in cyberspace. Reports associate the SlothfulMedia RAT with Chinese intelligence services, and claim that its being used against India and China. The US takes down domains the Islamic Revolutionary Guard Corps uses to push disinformation. Trends in phishbait. Caleb Barlow rethinks a TED talk he gave a while back, given what weve learned from COVID-19. Our guest is Dr. Greg Rattray from Next Peak on 'Advanced Persistent Threats' a term, by the way, that he coined. And Moscow says, hey, we dont meddle in anyones elections. For links to...
Cyber conflict in the Caucasus. Zerologon exploited in the wild. Emotet rising. The Four Horsemen of Silicon Valley. Alt-coin regulation. DDoS in Honolulu.
Cyber ops accompany fighting in the Caucasus. Iranian threat group exploits Zerologon in the wild. The Kraken gets unleashed in Southeast Asia, of all places. Emotet is back, and its after state and local governments. The US House identifies the Four Horsemen of Silicon Valley. Monero gains criminal market share. The US Comptroller of the Currency moves for clarity in alt-coin regulation. Joe Carrigan takes a look at ransomware trends. Our guest is Mathew Newfield from Unisys with remote school safety tips for students and parents. And a cyberattack from Waikiki. For links to all of today's stories check out...
New, Mirai-based threat in the wild. PLA told to steer clear of US election stories. Big data in small spreadsheets. John McAfee arrested. A hackable marital (or something) aid.
Spyware version of Mirai detected in the wild. The Peoples Liberation Army is told, by its government, to lighten up on US election stories. Centripetal wins a major patent lawsuit. Excel is not a big data tool. John McAfee is arrested on US tax charges. Our guest is Roger Barranco from Akamai on tracking increased DDoS attacks. Ben Yelin on a case involving warrants for Wifi location data. And an aid to chastity is found to be hackable, but at least it errs on the side of continence. For links to all of today's stories check out our CyberWire daily...
Maritime shipping hacks remind observers of NotPetya. Spyware through the firmware. New ransomware strain. Huawei in Europe. Go ahead, Lefty, give em your fingerprints.
Attacks on maritime shipping organizations raise concerns about global supply chains. Someones pushing spyware through the firmware. Someone else is messing with the heads of Trickbots masters. A new ransomware strain, Egregor, shows again that a ransomware attack amounts to a data breach. Huawei may be losing ground in Europe. Mike Benjamin from Lumen on DDoS ransoms. Scott Algeier from IT-ISAC looks back on 20 years of information sharing. And criminals give their fingerprints to police, virtually.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/193
Learn more about your ad choices. Visit megaphone.fm/adchoices
Diane M. Janosek: It's only together that we are going to rise. [Career Notes]
Commandant for the National Security Agency's National Cryptologic School Diane M. Janosek shares the story of her career going global Diane explains how she's always been drawn to doing things that could help and raise the nation. From a position as a law clerk during law school, to the role of a judicial clerk, and joining the White House Counsel's office, Diane was exposed to many things and felt she experienced the full circle. Moving on to the Pentagon and finally, the NSA, Diane transitioned into her current role where she orchestrates the educational environment for military and civilian cyber...
Threat actors and cybercriminals that dont have the ability to develop their own ransomware for malicious campaigns can turn to the Smaug Ransomware as a Service (RaaS) offering, which is available via a Dark Web Onion site. At least two threat actors are operating the site, providing ransomware that can be used to target Windows, macOS, and Linux machines. The site is built with ease of use in mind. To launch an attack, threat actors simply need to sign up, create a campaign, and then start distributing the malware. The site also handles decryption key purchasing and tracking for victims....
CISA and Cyber Command describe a new RAT. Emotet spams Team Blue. Spyware campaigns described. Maritime sector hacks. And another reason not to pay the ransom.
SlothfulMedia is the new RAT in town. Emotet spam counts on political commitments. ESET describes two distinct spyware campaigns in the Middle East and Eastern Europe. Hackers are paying more attention than usual to the maritime sector. Awais Rashid from the University of Bristol on privacy concerns of contact tracing apps. Our guest is Krystle Portocarrero from Juniper Networks on the continued rise of encryption and the technical and privacy challenges that come with it.And the US Treasury Department cautions all that paying up in a ransomware attack might land you in sanctions hot water. For links to all of...
Ransomware incidents: worse than feared. And some of them pose a threat to patient safety. A Fancy Bear sighting? Glitch suspends trading in Tokyo.
Two ransomware incidents now seem worse than originally believed. Hacking hospitals raises concerns for patient safety. It appears Fancy Bear was the group that hacked the US Federal agency CISA warned about recently. Chris Novak from Verizon considers whether investigations should be performed under attorney client privilege and if that privilege will hold. Alex Mosher from MobileIron explains how yours truly got phished. With Cookies. And interruptions to trading on Japans exchanges seem to be due to technical problems, and not to cyberattack. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/191 Learn more...
Opportunistic paydays and soft targets. Crooks use captchas and padlocks, too. Protecting against Zerologon. A microelectronics strategy.
Ransomware gangs continue to look for an opportunistic payday. Another exposed database is found, and secured. Captchas and padlock icons have their place, but theyre not a guarantee of security. Microsoft explains how to reduce exposure to Zerologon. The US looks to reduce dependence on foreign microelectronics. Joe Carrigan has thoughts on Facebook running SuperPAC ads. Our guest is Sanjay Gupta from Mitek on how online marketplaces can balance security with biometrics. And theres just one shopping day before National Cybersecurity Month. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/190 Learn more about...
Ransomware versus shipping, hospitals, and schools. Cyberattacks growing sophistication. An interim rule enables implementation of the US Defense Departments CMMC program.
Three (count em) three big ransomware attacks are in progress. One of them has moved into its doxing phase. Microsoft resolves authentication problems that briefly disrupted services yesterday. Tracking trends in cyberattacks--the sophistication seems to lie in the execution. The US Defense Department now has an interim rule implementing its CMMC program. Ben Yelin describes the extensive use of facial recognition software by the LAPD. Our guest is Christy Wyatt from Absolute on their Endpoint Resilience report. And why do hackers hack? To a large extent it seems they do so...because they can. For links to all of today's stories...
Will no one rid me of this turbulent newsletter? US court delays TikTok ban. Microsoft takes down cyberespionage operation. Huaweis CFO gets another day in court. REvil recruits.
The TikTok ban has been delayed; the November goal for the companys change in ownership still stands, at least for now. Microsoft takes down infrastructure used by a Chinese cyberespionage group. Huaweis CFO returns to court in Vancouver. The UK shows some of its cyber offensive hand. DDoS in Hungary; malware in Texas. The strange and sad case of eBay and a newsletter. Rick Howard shares lessons learned from his CSO Perspectives podcast. Our guest is Thomas Etheridge from CrowdStrike on mitigating the risk of public cloud key compromises. And REvil wants to recruit more criminal affiliates. For links to...
Richard Torres: Getting that level of experience is going to be crucial. [Career Notes]
Director of security operations at Syntax Richard Torres talks about his path leading him working in juvenile justice to becoming a private investigator to physical security at a nuclear power plant to cybersecurity presently.Always a fan of police shows, Richard became a member of the Air Force Junior ROTC in high school and began his path there. Richard shares the challenges of working in several facets of the security industry including his transition from SWAT team member to cybersecurity. He notes the role that diplomacy plays when you're trying to get honesty and be steered in the right direction. Our...
What came first, the Golden Chickens or more_eggs? [Research Saturday]
Throughout March and April, QuoIntelligence (QuoINT) observed four attacks (i.e. sightings) utilizing various tools from the Golden Chickens (GC) Malware-as-a-Service (MaaS) portfolio they recently declassified their findings, after first notifying their clients. Further, during their analysis of the sightings, QuoIntelligence confirmed the GC MaaS Operator, Badbullzvenom, released improved variants with code updates to three tools in the service portfolio. Joining us in this week's Research Saturday to discuss the research is QuoIntelligence's Vice President of Threat Intelligence, Chaz Hobson. The research can be found here: Latest Golden Chickens MaaS Tools Updates and Observed Attacks Learn more about your ad choices....
Lots of coordinated inauthenticity, but a small return in influence. Confidence building in cyberspace? CISA reports finding that a Federal agency was hacked. Cyberattacks on hospitals are up.
Facebook takes down three Russian networks for coordinated inauthenticity: a lot of activity but not much evident ROI. Russia calls for confidence-building measures in cyberspace. CISA detects a successful incursion into an unnamed Federal agency. Governments warn of heightened rates of cyberattacks against medical organizations. Mike Benjamin from Lumen joins us with details on Alina malware. Our guest is James Dawson with insights on how to best calibrate your security budget. And theres a not-guilty plea in the case of the attempted bribery of a Tesla insider. For links to all of today's stories check out our CyberWire daily news...
Not the Gremlin from the Kremlin. Zerologn exploited in the wild. Cyberespionage phishing in NATOs pond. US Treasury announces sanctions. Four guilty pleas coming in eBay cyberstalking case.
Zerologon is being actively exploited in the wild. The OldGremlin ransomware gang picks on Russian targets. Thought Fancy Bear was done with NATO? (Think again.) The US Treasury Department sanctions more organizations and individuals for malign influence operations. Betsy Carmelite from BAH on vaccine laboratory cybersecurity. Our guest is Shena Tharnish from Comcast Business with insights for small businesses concerned with COVID-19 related phishing. And four of the defendants indicted in the eBay cyberstalking case have chosen their pleas. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/186 Learn more about your ad choices....
Naval Gazing around the South China Sea, and other disinformation. LokiBot is back in a big way. Darknet merchants busted. Cyber rioting along the Blue Nile.
Facebook takes down coordinated inauthenticity. A ransomware-involved death is attributed to DoppelPaymer. CISA and the FBI warn of coming election disinformation. LokiBot is back in a big way. Operation DisrupTor collars a hundred-seventy Darknet contraband merchants. Joe Carrigan comments on the botched ransomware attack in Germany that led to a woman's death. Our guest is Matt Davey from 1Password on why single sign on isnt a silver bullet for enterprise security. And patriotic hacktivism flares along the Blue Nile. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/185 Learn more about your ad choices....
Bing backend exposed, for a bit. CIA thinks Russian influence ops are top-directed. TikTok Global spin-off may not be enough. Destination automation. Hacks that werent, and one big guilty plea.
In an unusual lapse, Microsoft briefly left a Bing backend server exposed online--now fixed. Sources say the CIA has concluded that Russian President Putin is personally involved in setting the direction of operations designed to influence the US elections, The deal to spin out TikTok Global to avoid a US ban may not be enough, Europe looks for more control over tech companies. Activisions hack seems to be a mere rumor. Ben Yelin on section 230 of the communications decency act. Our guest is Ramon Pinero from Blackberry on the challenges of coordinating public services during the pandemic. And a...
Patch by midnight, and reply by endorsement. Cerberus is howling; Rampant Kitten is yowling. TikTok and WeChat both get reprieves. German police want ransomware operators for homicide.
CISA tells the Feds to patch Zerologon by midnight tonight. Cerberus surges after its source code is released. Rampant Kitten, an Iranian surveillance operation, is described. The US bans on WeChat and TikTok were both postponed. Justin Harvey from Accenture marks three years since wannacry with a look at ransomware. Our own Rick Howard on red and blue team operations. And police in Germany are looking for ransomware attackers on a homicide charge.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/183
Learn more about your ad choices. Visit megaphone.fm/adchoices
The cybersecurity paradox. [CyberWire-X]
The cybersecurity space is nothing if not crowded. Yet despite all the fantastic offers and promises being made by vendors, the sober reality persists that spending has not equated to improved security. Did you know that 80% of IT security budgets are focused on detection and containment controls, even though 70% of security experts believe that a greater focus on prevention would strengthen their security posture? Joining the conversation are Bob Olsen from Ankura giving his insight on the many options out there when buying cyber security systems and platforms. Later, we will be joined by Steve Salinas, Head of...
Monica Ruiz: Moving ahead when not many look like you. [Career Notes]
Cyber Initiative and Special Projects Fellow at the Hewlett Foundation Monica Ruiz shares her career development from aspirations of being a weather woman to her current role as a grantmaker and connector in cybersecurity.Monica discusses how her international study experience changed her outlook and brought her to the field of security. She shares the difficulties she faced as a woman of color when when not that many people look like you, and how she used that as her reason to move forward and better the cybersecurity field through her work. Our thanks to Monica for sharing her story with us....
Election 2020: What to expect when we are electing. [Research Saturday]
After the 2016 General Election, the talk was all around foreign meddling. Rumors swirled that some votes may have been changed or influenced by state-sponsored actors. Sanctions and accusations followed. Four years later, is the U.S. any more prepared to protect the results of its largest elections? More than you may realize. Talos researchers take a deep dive into election security after spending the past four years talking to local, state and national officials, performing their own independent research and even watching one state plan an election in real-time. Joining us in this week's Research Saturday to discuss the report...
Sunday looks like sanction day for WeChat and TikTok. Grayfly and Blackfly (and APT41). Maze hides payloads in VMs. Ransomware is implicated in a death. Google Play housecleaning. Fox, chickencoop.
The US Commerce Department announces a clampdown on TikTok and WeChat, to begin Sunday. An overview of the Grayfly and Blackfly units of APT41. Maze begins delivering payloads inside a VM. A ransomware attack on a Dsseldorf hospital is implicated in the death of a patient. Google wants less stalkerware and misrepresentation in the Play store. Caleb Barlow from Cynergistek on the Military's CMMC program. Our guest Galina Antova from Claroty highlights importance of secure remote access in industrial systems during times of crisis. And an alleged fox was allegedly guarding the henhouse. For links to all of today's stories...
Criminal markets and the criminals who shop there. Elections may be safe and secure, but influence operations seem here to stay. TikToks state of play. Indictments and extraditions.
Cerberus is available for free, the Empire Markets old and betrayed customers are probably looking for another marketplace where English is spoken, and it seems the Russian mob is selling access to North Koreas Lazarus Group. NSA thinks US elections will be safe and secure, but that influence operations are probably here to stay. Betsy Carmelite from BAH on medical device security, our guest is Jonathan Langer from Medigate on lessons to help clinical and IT leaders at institutions heavily affected by COVID-19. Two Iranians are indicted for espionage and theft, and more evidence allegedly surfaces of Huaweis role in...
VPNs in Tehrans crosshairs. US indictments of foreign cyber threat actors. Strife exacerbated by social media. ByteDances plan for TikTok.
CISA and the FBI warn of extensive Iranian cyberattacks that exploit flaws in widely used VPNs. The US indicts two men for website defacements undertaken for the benefit of Iran, and in retribution for the US drone strike that killed Quds Force commander Soleimani. The US has also indicted seven in a cybercrime and cyberespionage wave conducted in conjunction with Wicked Panda. Ethiopian strife made worse by social media.Joe Carrigan describes scammers using fake alerts on web sites. Our guest is Kevin Ford, CISO of the state of North Dakota on their move to offer free anti-malware to all state...
Zerologon: hey, patch already. CISA describes Chinas cyberespionage techniques (and, hey, patch already). A data breach at the US Department of Veterans Affairs.
Details of the Zerologon vulnerability are published, and it seems a serious one indeed. CISA describes Chinese cyberespionage practices--theyre not exotic, but theyre effective. Whats the difference between highly targeted market research and intelligence collection against individuals? Better commercials? Ben Yelin explains a 9th circuit court opinion with 4th amendment implications. Our guest is Exabeams Richard Cassidy on why when it comes to insider risk, context is everything. And theres been a data breach at the VA.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/179
Learn more about your ad choices. Visit megaphone.fm/adchoices
Turning good words into bad. Crooks push those exploits through aging software while they still can. A big OSINT DB out of Shenzehn. TikToks fate grows narrower but murkier. Wildfire misinformation.
Social engineers use text from legitimate recent warnings. Cybercrooks go for whatever they can get from software about to reach the end of its life. A big database filled with individual information is leaked from a Chinese government contractor. In the race to do whatever it is US companies hope to do with TikTok, Microsoft is apparently out, but Oracle is apparently in. Rick Howard looks at red versus blue. Our gust is Colby Prior, Infrastructure Engineer for AusCERT, on running honeypots. And the FBI wants you to know, contrary what you may have seen online, that Oregon wildfires are...
Ode to Wealthy Elite. [Shadowspeak]
A reading of Ode to Wealthy Elite, written circa August 16, 2016. From The collected works of the Shadow Brokers, volume I, read by D.W. Bittner, compiled and edited by the CyberWire. The Shadow Brokers represent themselves as hackers who sell stolen exploits, hacking tools, and other scandalous material online to the detriment of Wealthy Elite, whose hidden hands the ShadowBrokers wish to convince you secretly move the world's events. Their online auctions have been notorious fizzles, finding few takers, but they continue to reappear with their offers from time to time. The smart money bets that the Brokers are...
Brandon Robinson: Built from the ground up. [Career Notes]
Cybersecurity Sales Engineer Brandon Robinson shares how he built his career in technology and the barriers he experienced along the way. He talks about how his job involves him interacting with customers at the highest levels making sure their solution is meeting needs. In addition, Brandon describes how as a black man and a trailblazer, he's been met with resistance. His positive spin on moving ahead involves relying on himself. Brandon's advice: find your passion, don't be intimidated and you will be met with success. Our thanks to Brandon for sharing his story with us. Learn more about your ad...
Leveraging legitimate tools. [Research Saturday]
Researchers at Symantec spotted a Sodinokibi targeted ransomware campaign in which the attackers are also scanning the networks of some victims for credit card or point of sale (PoS) software. It is not clear if the attackers are targeting this software for encryption or because they want to scrape this information as a way to make even more money from this attack. Joining us in this week's Research Saturday to discuss the report is Jon DiMaggio of Symantec. The research can be found here: Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike Learn more about your ad...
Elemental election meddling spooks US campaigns. CISAs email advice. Remote workers behaving badly. Momentum Cybers state of the Sector. The SINET 16. And remember 9/11.
Kittens and Pandas and Bears, oh my. Ransomware gets its skates on, but it still has loose idiomatic control. CISA has some advice on email. While at home on pandemic lockdown, a lot of people (not you) are spending too much time on unedifying sites. Momentum Cyber looks at the state of the cybersecurity sector in 2020. The SINET 16 have been announced. Chris Novak from Verizon on understanding the complexities of PFI breach investigations. Our guest is Steve Vintz from Tenable on why CFOs should lean into cybersecurity issues. And, finally, take a moment today to remember 9/11. For...
Ransomware hits Equinix. Tools for vandalism for sale. Stealing VoIP call data records. ByteDance negotiates for TikTok. EU clamps down on Facebook data handling. A high-profile Twitter hijacking.
Ransomware hits a major data center provider, but appears to have left service unaffected. Theres a thriving criminal market for website defacement tools: vandals can be consumers, too. CDRThief does what its name implies. ByteDance tried negotiating TikToks American future. Irelands Data Protection Commission starts enforcing Schrems II against Facebook. Awais Rashid outlines software development security pitfalls. Our guest is John Morello from Palo Alto with insights from their new State of Cloud Native Security report. And Chinas ambassador to the UK has his Twitter account hacked. For links to all of today's stories check out our CyberWire daily news...
Ransomware slows down many students return to school, even virtually. Hacking gamers. Patch Tuesday. Notes on election security from CISA.
Back to school time for everyone...or it would be, if it werent for all that ransomware. The sad criminal underworld stealing from online gamers. Notes on Patch Tuesday. Joe Carrigan considers digital comfort zones. Our guest is Sandra Wheatley from Fortinet with key findings from their new report on the cybersecurity skills shortage. And some thoughts on election security and disinformation from the US Cybersecurity and Infrastructure Security Agency.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/175
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ransomware or wiper? Emotets resurgence. Updates on Services NSW breach. COVID-19 cyberespionage. BTS replaces Guy Fawkes?
Thanos is back, but as ransomware or a wiper? Cyber agencies in France, Japan, and New Zealand warn of a spike in Emotet infections. Australian authorities say 186,00 were affected by the breach at Services NSW. Georgia decries cyberespionage at its Lugar Lab. COVID-19 cyberespionage efforts have been intense, as have counterintelligence efforts designed to defend labs and supply chains. Rick Howard looks at identity management. Ben Yelin covers tightened surveillance of political advisors. And Anonymous may have a successor: K-pop stans. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/174 Learn more about...
Exploring the cultural values of personal privacy. [Caveat]
Dave shares a story about our own state of Maryland trying to crack down on ransomware, Ben shares a New York Times story about facial recognition software, and later in the show our conversation with Stuart Thompson from the New York Times on the article, Twelve Million Phones, One Dataset, Zero Privacy. Links to stories: How ransomware bill would tighten focus on the threat in Maryland The Secretive Company That Might End Privacy As We Know It Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com or simply leave us...
Elizabeth Wharton: Strong shoulders for someone else to stand on. [Career Notes]
Technology attorney and startup chief of staff Elizabeth Wharton shares her experiences and how she came to work with companies in technology. Elizabeth talks about how she always liked solving problems and Nancy Drew mysteries, but not litigation. These morphed finding into her home in the policy legal world and some time later, technology law. Elizabeth describes how she loves planning and strategy in her work and encourages others to ask questions and absorb all of the information. Our thanks to Elizabeth for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Going after the most valuable data. [Research Saturday]
A look at the realities of ransomware from Sophos, including an industry-first detailed look at new detection evasion techniques in WastedLocker ransomware attacks that leverage the Windows Cache Manager and memory-mapped I/O to encrypt files. A complementary article examines the evasion-centric arms race of ransomware, providing a months-long review of how cybercriminals have been escalating and markedly changing evasion techniques, tactics and procedures (TTPs) since Snatch ransomware in December 2019. The research also breaks down the five early warning signs organizations are about to be attacked by ransomware and why ransomware attacks continue to occur. Joining us on this week's...
Ransom DDoS is now a widespread problem. Phishing campaign stages malicious payloads in legitimate file-sharing services. Back to school? Back with a new cyber risk.
Ransom DDoS: its been around for awhile, but now its become a much bigger thing. Phishing campaigns are putting malicious payloads into legitimate file-sharing services. Malek Ben Salem from Accenture on proactive "alpha innovator" organizations. Our guest is Joseph Marks from The Washington Post on his recent coverage of election security. And its time to go back to school, at least virtually, with all the attendant cyber risk.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/173
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyberattacks in Norway under investigation. Developments in the criminal marketplace. Scammers do TikTok. Disrupting school, from Florida to Northumberland.
Updates on cyberattacks against Norways parliament and the Hedmark region. A popular TikTok page is infested with scammers. Magecarts Inter scanner gains criminal market share. Thomas Etheridge from CrowdStrike on the many potential benefits of outsourced threat hunting. Our guest is Lauren Bean Buitta from Girl Security on closing the gender gap in national security. Heading back to school in Miami? Not so fast, kids. And in Northumberland? Same goes there. (Thats Northumberland, England, by the way, not Northumberland, Pennsylvania.) For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/172 Learn more about your ad...
Facebooks latest takedowns reach Pakistan, Russia, and the US. Election meddling. Chinese espionage looks inward, again. New alt-coin stealer. NZX DDoS update. That Twitter hack.
Facebooks August takedowns included coordinated inauthenticity from Pakistan, Russia (thats St. Petersburg, with a waystation in DC), and a US strategic communication firm. CISA and the FBI say nope, the Russians werent in voter databases. A Chinese APT turns its attention from Europe back to Tibet. A new cryptocurrency stealer is active in Central Europe. New Zealand DDoS attacks may be an extortion attempt. Joe Carrigan has the story of a reporter's stolen Facebook account. Our guest is Ophir Harpaz from Guardicore Labs with their Botnet Encyclopedia. And there may be another teenage mastermind behind last months Twitter hack. For...
The difference between a breach and, well, a public record. Pioneer Kittens lucrative bycatch. Malware gets past Gatekeeper. A gamers bandit economy. And happy birthday, Cyber Branch.
An election hack that wasnt. More DDoS in New Zealands stock exchange. A look at how Iranian cyber contractors make money as a byproduct of cyberespionage. Malware sneeks past Apples notarization process. The bandit economy thats grown up around Fortnite. Ben Yelinlooks at how the upcoming US elections could direct the nations cybersecurity strategies. Our guest is Julian Waits from Devo with highlights from their 2nd annual SOC performance report. And the US Armys youngest branch celebrates a birthday. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/170 Learn more about your ad choices....
DDoS continues to trouble New Zealands stock exchange. A glitch, not an attack. New Chinese export controls. Oversharing agencies? Whos the bank robber? A botnet serving ad fraud.
New Zealands stock exchange continues to fight through offshore DDoS attacks. Sundays Internet outage was a glitch, not an attack. China enacts new technology export controls that may impede the sale of TikTok. Danish authorities investigate allegations ofdata sharing with NSA. North Korea says it doesnt rob banks, but Americans do. Caleb Barlow looks at security validation and how it can help manage vendors and SOCs. Rick Howard has the CSO Perspective on Identity Management. And a look at Terracotta, a botnet serving up ad fraud. For links to all of today's stories check out our CyberWire daily news brief:...
Jack Rhysider: Get your experience points in everything. [Career Notes]
Host of Darknet Diaries podcast Jack Rhysider shares his experiences from studying computer engineering at university to his strategy of using gamification on his career that led to him landing in the security space. Jack talks about how his wide experiences came together in security and what prompted him to learn podcasting. Jack endeavors to share the whole story through his podcasts while making them entertaining, enlightening and inspirational. Our thanks to Jack for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
They fooled a lot of people. [Research Saturday]
Docker containers have been gaining popularity over the past few years as an effective way of packaging software applications. Docker Hub provides a strong community-based model for users and companies to share their software applications. This is also attracting the attention of malicious actors intending to make money by cryptojacking within Docker containers and using Docker Hub to distribute these images. Palo Alto Networks' Unit 42 researchers identified a malicious Docker Hub account, azurenql, active since October 2019 that was hosting six malicious images intended to mine the cryptocurrency, Monero.The images hosted on this account have been collectively pulled more...
Stock exchange DDoS continues. Another criminal market exits. Pyongyang cybercrooks face criminal forfeiture. Instagram hijacking. Old malware returns. Treasons motives. An attempt to hack Tesla.
Denial-of-service attacks continue to cripple New Zealands NZX stock exchange. The Empire criminal market has exited, and done so with its users funds. US authorities have filed for civil forfeiture of Hidden Cobras stolen crytpo assets. An Instagram hijacking campaign is under way. Qbot and Emotet are back, and together again. The former Green Beret who allegedly spied for the GRU offers an insight into his (alleged) motives. We welcome our newest partner to the show, Betsy Carmelite from BAH. Our guest is Mark Calandra from CSC on their 2020 domain security report that revealed shortfalls among the Forbes Global...
Cybercrime pays, criminal tools are commodities, and some cyber gangs get sophisticated. The skid market for booters. Pyongyang unleashes the BeagleBoyz.
Several Magecart campaigns turn out to be the work of one gang. The unfortunate persistence of DDoS-for-hire services. Ransomwares growing sophistication as a class of criminal enterprise. Andrea Little Limbago from Interos on supply chain attacks & risks. Our guest is Mark Testoni from SAP's NS2 on how Covid-19 reshaped classified work. And hey kids: the BeagleBoyz are on a crime spree.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/167
Learn more about your ad choices. Visit megaphone.fm/adchoices
New Zealand stock exchange sustains DDoS attacks. Flash alert on GoldenSpy. Cyber mercenaries and industrial espionage. Lse-majest online. Offering $1 million to a potential co-conspirator?
New Zealands stock exchange has sustained two distributed denial-of-service attacks this week. CISA and FBI issue an alert about GoldenSpy. Two cyber mercenary groups are engaged in industrial espionage for hire. Thailand decides to crack down on sites that host content the government deems illegal. Joe Carrigan looks at new types of crimes made possible by AI. Our guest is Shane Harris from The Washington Post on an Elite CIA unit which failed to secure its own systems. And a Russian national faces US charges of conspiracy to damage a computer. For links to all of today's stories check out...
The pandemic and trends in cybersecurity. The secret to the handsets low, low price? Fleeceware and adware. TikToks lawsuit. Influence ops. Bogus Bitcoin exchange.
Security trends during the pandemic include shifts in underworld markets and some enduring changes in the way organizations approach cybersecurity. Discount phones come preloaded with adware and fleeceware. TikTok files its lawsuit. Ben Yelin on the Massachusetts Attorney General creating a data privacy office. Our guest is Nitzan Miron from Barracuda Networks on how brick & mortar shops have accelerated their shift online. And spoofing a Bitcoin exchange to spread malware.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/165
Learn more about your ad choices. Visit megaphone.fm/adchoices
Crooks and spies, together again? Hiding ad-fraud malware in an SDK. A turn to the DarkSide.
Iranian wannabes successfully use Dharma ransomware against soft targets. SourMint hid an ad-fraud and info-stealing package in an SDK. A former US Army officer and sometime Government contractor is charged with working for the GRU. DarkSide ransomware rises as affiliates go into business on their own. Awais Rashid from the University of Bristol on aligning cyber security metrics with business goals. Rick Howard talks data loss prevention with members of the Hash Table. And copycat DDoS extortionists pretend to be, who else? Fancy Bear. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/164 Learn...
Kiersten Todt: Problem solving and building solutions. [Career Notes]
Managing director of the Cyber Readiness Institute Kiersten Todt shares how she came to be in the cybersecurity industry helping to provide free tools and resources for small businesses through a nonprofit.She describes how her work on the Hill prior to and just after 9/11 changed. Kiersten talks about the diversity of skills that benefit work in cybersecurity and offers her advice on going after what you want to do. Our thanks to Kiersten for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Using global events as lures. [Research Saturday]
The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased accordingly. Together, these changes have had an impact on the threat landscape. We still see large amounts of active exploitation, but enterprises are getting better at defending against them. This has left adversaries with a couple of options, develop or buy a working exploit that will defeat today's protections, which can be costly, or pivot...
Transparent Tribe upgrades Crimson RAT. More countries interested in influencing US elections. University pays ransom.
Transparent Tribe upgrades Crimson RAT. Cuba, North Korea, and Saudi Arabia are also interested in influencing the upcoming US election. The University of Utah restored from backups after a ransomware attack, but paid the ransom to prevent the crooks from publishing stolen data. Ubers former CSO has been charged with allegedly covering up a hack the company sustained in 2016. Justin Harvey from Accenture on how the pandemic has affected Incident Response. Gerald Beuchelt from LogMeIn on how secure remote access may or may not be. And a popular fertility app was found to be sharing data with advertisers without...
Gamaredon Group is phishing ahead of Ukraines independence day. North Korea blamed for BLINDINGCAN RAT. Google patches Gmail flaw.
Ukraine warns that Russias Gamaredon Group is running a phishing campaign ahead of Ukraines independence day. CISA and the FBI publish details on a North Korean remote access Trojan. Google patches a serious Gmail flaw. Marriott faces another lawsuit over its 2018 data breach. The WannaRen ransomware operators have released a decryption key. Rob Lee from Dragos with lessons learned from recent virtual conferences. Our guest is Rachel Tobac from SocialProof with her insights on social engineering and the Twitter hack. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/162 Learn more about your...
Phone spearphishing is catching on after the Twitter hack. Taiwan blames China for hacking government agencies. FritzFrog botnet is cryptomining, for now.
Phone spearphishing is catching on after the Twitter hack. Taiwan blames China for hacking government agencies. FritzFrog botnet is cryptomining, for now. Whoevers behind GoldenSpy is trying to cover their tracks. WastedLocker ransomware is successful without stealing data. The US Senate Select Committee on Intelligence releases its final report on Russian interference with the 2016 election. Joe Carrigan looks at shady SIM cards. Our guest is Nathan Jones from WhiteCanyon Software on secure data destruction. And an AI company exposes millions of medical records. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/161 Learn...
Suspected patriotic hacktivists are defacing websites. A cryptomining worm is stealing AWS credentials. Cruise company Carnival suffered a ransomware attack that involved data theft. US measures against Huawei are expected to make things much more difficult for the Chinese company. Ben Yelin on new tools tracking cyber data on US borders. Our guest is Jesse Rothstein from ExtraHop on what happens to enterprise security when the network goes dark. And a look at the organizational structure of North Koreas hacking units. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/160 Learn more about your...
North Korea harasses defectors. Researchers exploited Emotet bug for six months. RedCurl APT conducts corporate espionage.
North Korea harasses defectors. Researchers have been exploiting a bug in Emotet to inoculate systems against the malware for the past six months. CISA warns of KONNI spearphishing. RedCurl APT conducts corporate espionage. The US announces more restrictions on Huaweis access to US-made chips. Chris Novak from Verizon on the evolving role of cyber insurance.Rick Howard on data loss prevention. And Australian schools are without email after an unpleasant experience with Reply-All.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/159
Learn more about your ad choices. Visit megaphone.fm/adchoices
Trying for a win, win, win game. [Career Notes]
Founder and CEO Stu Sjouwerman takes us on a journey of how his career developed from starting a software service company to currently focusing on the infosec side of the business where his team essentially helps to create human firewalls. Stu talks about learning all aspects of the business while creating startups and suggests you learn to speak the language of the area you are looking to get into. He even touches on predicting the future and taking over the world.Our thanks to Stu for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The ABCs of cybersecurity for the education sector. [CyberWire-X]
Teachers, students, admin, parents: The education sector has possibly the most diverse user base, each requiring its own user privileges, access requirements, and behavioral trends. Yet besides this, there are a number of unique challenges to securing an educational environment, including ensuring broad attack surface protection, minimal false positives, and maintaining a cost-effective security posture. Join us in as we chat with Kevin Ford, Chief Information Security Officer for the state of North Dakota, about these challenges for securing statewide educational institutions and their networks. Later, we will be joined by Steve Salinas, Head of Product Marketing at Deep Instinct...
Waiting for their victims. [Research Saturday]
Bitdefender researchers have recently found the APT group StrongPity has been targeting victims in Turkey and Syria. Using watering hole tactics to selectively infect victims and deploying a three-tier C&C infrastructure to thwart forensic investigations, the APT group leveraged Trojanized popular tools, such as archivers, file recovery applications, remote connections applications, utilities, and even security software, to cover a wide range of options that targeted victims might be seeking. Joining us on this week's Research Saturday to discuss the research is Bitdefender's Liviu Arsene. You can find the research here: StrongPity APT Revealing Trojanized Tools, Working Hours and Infrastructure Learn...
Bad Woodcutter is still bad, but not invincible. CactusPete is in Eastern European networks. Exploiting COVID-19. Celebrity endorsements (not).
An update on Fancy Bear and its Drovorub rootkit. Karma Panda, a.k.a. CactusPete, is scouting Eastern European financial and military targets with the latest version of a venerable backdoor. How criminals and terrorists exploit COVID-19, and how law enforcement tracks them down. Caleb Barlow from Cynergistek covers security assessments and HIPAA data. Our guest is Ryan Olson from Palo Alto Networks on the 10th Anniversary of Stuxnet. And those celebrity endorsed investment scams arent actually endorsed by celebrities, and theyre not actually good investments. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/158 Learn...
This Woodcutters no Railsplitter. Operation Dream Job. COVID-19 phishing.
NSA and FBI release a detailed report on a GRU toolset. North Koreas Operation Dream Job phishes in Israeli waters. CISA warns of COVID-19 loan relief scams. Malek Ben Salem from Accenture with highlights from their 2020 Security Vision report. Our guest is Mike Hamilton from CI Security, who clears the air on election security and the shift to absentee status. And crooks are using infection and job loss as retail phishbait.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/157
Learn more about your ad choices. Visit megaphone.fm/adchoices
Domestic cyber squabbling in Belarus and Iran. Pakistan accuses India of a cyber offensive. More on Papuas data center. More privacy questions for TikTok. Parental control or stalkers tool?
Regional rivals tussle in cyberspace, and governments have it out with dissidents and the opposition. Market penetration as an instrument of state power. TikTok gets more unwelcome scrutiny over its privacy practices. Joe Carrigan on a credential harvesting phishing scheme using Zoom as bait. Our guest is Avi Shua from Orca Security on accidental vulnerabilities. And suppressing creepware is apparently harder than it looks.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/156
Learn more about your ad choices. Visit megaphone.fm/adchoices
Internet blackout in Belarus. Papua New Guineas insecure National Data Centre. Chrome and CSP rule bypass. Zoom gets sued in DC. Patch Tuesday. Go Spartans.
Belarus shuts down its Internet after its incumbent presidents surprising, perhaps implausible, no...really implausible landslide reelection. Papua New Guinea undergoes buyers remorse over that Huawei-built National Data Centre it sprung for a couple of years ago. Versions of Chrome found susceptible to CSP rule bypass. Zoom is taken to court over encryption. Patch Tuesday notes. Ben Yelin looks at mobile surveillance in a Baltimore criminal case. Carole Theriault returns to speak with our guest, Alex Guirakhoo from Digital Shadows with a look at dark web travel agencies. And card-skimmers hit a universitys online store. For links to all of today's...
NMAP (noun) [Word Notes]
A network mapping tool that pings IP addresses looking for a response and can discover host names, open communications ports, operating system names and versions. Written and maintained by Gordon Lyon, a.k.a. Fyodor, it is a free and open source software application used by both system admins and hackers alike and has been a staple in the security community for well over two decades.
Learn more about your ad choices. Visit megaphone.fm/adchoices
What are the adversaries goals in election interference? A case study in the ransomware-as-a-service market. Untangling TikTok, as the clock ticks toward September 15th.
The US Office of the Director of National Intelligence has released an appreciation of the goals of election interference among three principal US adversaries, Russia, China and Iran. Anomali offers a look at the ransomware-as-a-service market with its research on Smaug. The CyberWires Rick Howard continues his exploration of incident response. Andrea Little Limbago from Interos on cyber regionalism. And the tangles that need to be untangled in the TikTok affair, with a deadline looming less than a month from now. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/154 Learn more about your...
The Green Goldfish and cyber threat intelligence. [Career Notes]
Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security. As a child who wrote a book about a green goldfish who dealt with bullying, Selena always liked investigating and researching things. Specializing in cybersecurity journalism led to the realization of how closely aligned or similar skills are required from an investigative journalist and a cyber threat intelligence analyst. Our thanks to Selena for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Like anything these days, you have to disinfect it first. [Research Saturday]
Cyberbunker refers to a criminal group that operated a bulletproof hosting facility out of an actual military bunker. Bullet Proof hosting usually refers to hosting locations in countries with little or corrupt law enforcement, making shutting down criminal activity difficult. Cyberbunker, which is also known as ZYZtm and Calibour, was a bit different in that it actually operated out of a bulletproof bunker. In September of last year, German police raided this actual Cyberbunker and arrested several suspects. While most of the group's assets were seized during the initial raid, the IP address space remained and was later sold to...
US Executive Orders against TikTok, WeChat. Chimera takes chip IP. Intel data leaked. Texting Rewards for Justice. Coordinated inauthenticity. Magecarts homoglyph attacks.
President Trump issues Executive Orders restricting TikTok and WeChat in the US. A Chinese APT has been active in industrial espionage against Taiwans semiconductor industry. Intel sustains a leak of sensitive company intellectual property. Rewards for Justice communicated to Russian and Iranian individuals by text message. Coordinated inauthenticity from Romanian actors, probably criminals. Magecart moves to homoglyph attacks. Craig Williams from Cisco Talos on ransomware campaigns making use of Maze and Snake malware. Our guest is Monica Ruiz from the Hewlett Foundation Cyber Initiative on the potential for a volunteer cyber workforce. And, sorry Fort Meade--there are limits to telework....
US Clean Network program outlines measures against Chinese operations. $10 million reward offered for info on election interference. Australias cyber strategy is out. Grand larceny and petty lulz.
The US announces five new lines of effort for the Clean Network program, and none of them are exactly mash notes for Beijing. The US is also offering rewards of up to ten million dollars for information about foreign computer crimes aimed at interfering with US elections. Australias new cybersecurity strategy is out. Maze may have hit Canon. Rob Lee from Dragos addresses speculation of an ICS supply chain back door. Our guest is Theresa Lanowitz from AT&T Cybersecurity on 5G security threats to businesses. And a bail hearing is disrupted by Zoom-bombing. For links to all of today's stories...
Privacy, Fort Meade style. Interpol looks at cybercrime. Oilrig gets DNSExfiltrator. Please move on from Windows 7. Updates on the Twitter hack.
NSA, yes, NSA, has some privacy advice. Interpol offers its take on where cybercrime is going during the time of the pandemic. Irans Oilrig is getting clever with its data exfiltration. The FBI would like to know when youre finally going to move on from Windows 7--like, cmon people. Joe Carrigan looks at pesky ads from the Google Play store. Our guest is Bobby McLernon from Axonius on how federal cybersecurity is particularly vulnerable during the shutdown. And a not-guilty plea from one of the three alleged Twitter hackers, along with some notes on how whoever dunnit dunnit. For links...
US attributes Taidoor RAT to Chinas government. Pegasus spyware in Togo. The TikTok affair. More fallout from the Blackbaud ransomware incident.
The US attributes the Taidoor remote access Trojan to the Chinese government. Sources tell Reuters that documents used in an attempt to influence the last British general election were taken from the compromised email account of the trade minister. Pegasus spyware is found deployed against churchmen and political opposition figures in Togo. China denounces the American smash-and-grab of TikTok. Ben Yelin looks at international law and attribution. Our guest is Ameesh Divatia from Baffle on misconfigured databases being attacked within just hours after coming online. And the Blackbaud ransomware attack continues to affect new victims. For links to all of...
Microsoft considers acquiring TikTok. The US considers other Chinese companies as potential security threats. Charges in the Twiter hack. DDoS turns out to be a glitch. Garmin hack update.
Microsoft is in talks to acquire TikTok as the US hints that it may be considering action against other Chinese software companies. Three young men have been charged in the Twitter hack. An apparent distributed denial-of-service attack turns out to have been a glitch. We welcome Verizons Chris Novak to the show. Rick Howard talks incident response. And updates on the Garmin hack suggest shifts in the ransomware threat.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/149
Learn more about your ad choices. Visit megaphone.fm/adchoices
Rely on your strengths in the areas of the unknown. [Career Notes]
Director of Security Engineering at Marqeta and Host of Hacker Valley Studio podcastChris Cochran describes his transitions throughout the cybersecurity industry, from an intelligence job with the Marine Corps, to starting the intelligence apparatus for the House of Representatives, then on to leading Netflix's threat intelligence capability. Chris points out that when pivoting to different roles and responsibilities, you must rely on your own strengths to move forward and bring value to your work Our thanks to Chris for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Detecting Twitter bots in real time. [Research Saturday]
NortonLifeLock Research Group (NRG) released a prototype browser extension called BotSight that leverages machine learning to detect Twitter bots in real-time. The tool is intended to help users understand the prevalence of bots and disinformation campaigns within their Twitter feeds, particularly with the increase in disinformation of COVID-19.
Joining us on this week's Research Saturday to discuss this tool is Daniel Kats from NortonLifeLock Research Group.
You can find the research here:
Introducing BotSight
Learn more about your ad choices. Visit megaphone.fm/adchoices
Social engineering at Twitter. Phishing kits and hackers for hire. Cyberespionage. The EU sanctions actors for Cloudhopper, WannaCry, and NotPetya. And security advice from NSA and NIST.
An update on social engineering at Twitter. A quick look at the phishing kit criminal market. The European Union sanctions individuals and organizations in Russia, China, and North Korea for involvement in notorious hacking campaigns. North Koreas North Star campaign is back and dangling bogus job offers in front of its marks. Deceptikons snoop into European law firms. Zully Ramzan from RSA on Digital Contact Tracing. Our guest is Tom Kellermann from Vmware Carbon Black on top financial CISOs analyzing the 2020 attack landscape. And both NSA and NIST have some advice on shoring up your security. For links to...
A quick look at Big Techs antitrust testimony. BootHole may be tough to patch. Fake COVID contact tracers. Netwalker warning. And Chinese espionage against the Vatican and the United Kingdom.
Yesterdays antitrust hearings in the US House of Representatives focus on Big Techs big data as something open to use in restraint of trade. And there are questions about community standards as well. The BootHole vulnerability may not represent an emergency, but it will be tough to fix. Android malware masquerades as COVID-19 contact-tracers. The FBI warns against Netwalker ransomware. China says it didnt hack the Vatican. Justin Harvey from Accenture demystifies red teaming. Our guest is Christopher Ahlberg from Recorded Future on trends in threat intelligence. And somebodys spoofing a British MP: hes looking at you, Peoples Liberation Army....
Alleged Russian disinformation campaigns. Beijings cyberespionage hits the Vatican. Costly PII losses. VPNs and OT security. Big Techs day with Congress. Online bar exams. Snooping for the Saudis.
Alleged Russian influence operations described by US intelligence services. Ghostwriter targets the Baltic region with anti-NATO false narratives. Chinese intelligence is said to have compromised Vatican networks. Loss of customer PII seems the costliest kind of data breach. VPN bugs represent a risk to OT networks. Big Tech comes to Capitol Hill, virtually. Michigans online bar exam knocked offline, briefly, by a cyber attack. Joe Carrigan on password stealers targeting gaming. Our guests are Troy Smith and Mike Koontz from Raytheon on defending communications operations across cloud platforms. And a superseding indictment for two ex-Twitterati charged with snooping for Saudi...
Data breaches and responsibility. Where do you get a decryptor for WastedLocker? Third-party risk. Misconfigured databases. Follow-up on the Twitter hack.
Cloudflare says that reported Ukrainian breaches arent its issue. Trend Micro describes a new and unusually capable strain of malware. Garmin is reported to have obtained a decryptor for WastedLocker ransomware. Third-party risk continues in the news, as do misconfigured databases that expose personal information. Huaweis CFO alleges misconduct by Canadian police and intelligence agencies. Ben Yelin examines the EFF's online Atlas of Surveillance. Dave DeWalt with SafeGuard Cyber on the evolving threat landscape as folks return to the workplace. And the Twitter incident seems to have been a problem waiting to appear. For links to all of today's stories...
Vigilante action against Emotet. Third-party risks and data breaches. Cerberus is for sale. And WastedLocker ransomware and the fortunes of crime.
A vigilante appears to be interfering with Emotets payloads. A fintech breach is blamed on a third-party service provider. A list of Cloudflare users is dumped online. Theres a going-out-of-business sale over at the Cerberus cybergang. Malek ben Salem from Accenture Labs on DeepFake detection. Our own Rick Howard gathers the Hash Table to sort some SOCs. And Garmin, restoring its services after last weeks attack, may have been the victim of Evil Corps WastedLocker ransomware.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/144
Learn more about your ad choices. Visit megaphone.fm/adchoices
No matter the statistic, even if against the odds, focus on what you want. [Career Notes]
Privacy and data security lawyer, Dominique Shelton Leipzig shares that she has always wanted to be a lawyer, ever since she was a little girl. She talks about what her role is with clients in protecting and managing their data, sometimes adhering to up to 134 different data protection laws for global companies. Learn that not a lot has changed for an African-American woman partner at an Amlaw 100 firm as far as diversity during Dominique's career, and how Dominique suggests young lawyers should address those odds. Our thanks to Dominque for sharing her story with us. Learn more about...
It was only a matter of time. [Research Saturday]
On April 29, 2020, the Salt management framework, authored by the IT automation company SaltStack, received a patch concerning two CVEs; CVE-2020-11651, an authentication bypass vulnerability, and CVE-2020-11652, a directory-traversal vulnerability. On April 30, 2020, researchers at F-Secure disclosed their vulnerability findings to the public, with an urgent warning for Salt users - patch now. Before the weekend was out, criminals were deploying malware and targeting vulnerable Salt installations, successfully affecting operations at Ghost, DigiCert, and LineageOS. The malware is a cryptominer, but there is an additional component, a Remote Access Tool written in Go called nspps. Researchers at Akamai...
A warning for US critical infrastructure operators. Blackbaud extortion and data breach update. Whos got the keys to Twitter? Sino-American cyber tensions.
CISA and NSA warn of a foreign threat to US critical infrastructure. A look at what the Bears have been up to lately. The Blackbaud extortion incident shows its ripple effects. An awful lot of Twitter employees had access to powerful admin tools. China orders a US consulate closed in a tit-for-tat response to the closure of Chinas consulate in Houston. Andrea Little Limbago on cyber in a re-globalized world system. Our guest is Dominique Shelton Leipzig from Perkins Coie LLP on the CA Consumer Privacy Act. And DJI drones may be a bit nosey. For links to all of...
Twitter: hackers got a few accounts DMs. French policy toward Huawei hardens. Crooks against British sport. You and your boss should talk more.
Twitter updates the news of last weeks incident: the attackers seem to have accessed some direct messages. Frances partial permission for Huawei to operate in that country now looks like a ban with a 2028 deadline. A quiet cryptominer. The cyber threat to British sport. Awais Rashid from the University of Bristol on cyber security and remote working. John Ford from IronNet Cybersecurity with updated 2020 predictions and cyber priorities. And bosses and employees see things differently, cyberwise. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/142 Learn more about your ad choices. Visit...
Meowing exposed databases. US indicts two Chinese nationals for hacking, and orders China to close its Houston consulate.
Meowing is now a thing: the automated discovery and wiping of exposed and unprotected databases. The US indicts two Chinese nationals on eleven counts of hacking and reports evidence that Chinese intelligence services are now using cybercriminals as contractors. Mike Schaub from CloudCheckr on why COVID-19 has ignited modernization projects for government agencies. Joe Carrigan on counterfeit Cisco routers. The US State Department tells China to close its consulate in Houston.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/141
Learn more about your ad choices. Visit megaphone.fm/adchoices
Parliament gets its report on Russian hacking. A look at the cyber criminal economy. Russia says it has no hackers.
The Intelligence and Security Committee of Parliament has rendered its report on the Russian cyber threat. Trend Micro reports on the workings of the cyber criminal underground economy. Ben Yelin on U.S. Customs and Border Protection collecting license plate data. Our guest is Kevin O'Brien from GreatHorn on the role of business policies in security to keep users safe during high-risk events. And it turns out that Russia has no hackers whatsoever: Moscows Finance Minister says so, so you can take that to the bank. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/140...
Following the spoor of the Twitter hackers, a couple of whom seem to be talking to the press. Marketing databases and intelligence collection. TikTok ban? Hacking biomedical research.
Notes on last weeks Twitter hack, and on the allure of original gangster and other celebrity usernames. Using marketing databases for intelligence collection. The US Government mulls a ban on TikTok. Johannes Ullrich from SANS on Google Cloud storage becoming a more popular phishing platform. Our own Rick Howard on security operations centers, and a preview of the latest episode of his CSO Perspectives podcast. And more reaction to alleged Russian and Chinese attempts to hack COVID-19 biomedical research. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/139 Learn more about your ad choices....
Have to be able to communicate to everybody. [Career Notes]
Computer security writer, podcaster and public speaker Graham Cluley describes learning to program on his own from magazines, creating text adventure games for donations, and his journey from programming to presenting and writing with a bit of tap dancing on the side. Along the way, Graham collaborated with others and learned to communicate so that all could understand, not just techies. Our thanks to Graham for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Every time we get smarter, the bad guy changes something. [Research Saturday]
Researchers at Symantec spotted a Sodinokibi targeted ransomware campaign in which the attackers are also scanning the networks of some victims for credit card or point of sale (PoS) software. It is not clear if the attackers are targeting this software for encryption or because they want to scrape this information as a way to make even more money from this attack. Joining us in this week's Research Saturday to discuss the report is Jon DiMaggio of Symantec. The research can be found here: Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike Learn more about your ad...
High-grade grifter. Twitters disinformation potential. Hacking vaccine research and doxing trade talks. What Irans hackers are up to. And CISA says, for heavens sake, patch already.
The Twitter hack is looking more like high-grade, low-end crime. It also worries people over the disinformation potential it suggests. People care, they really do, that someone hacked COVID-19 biomedical research (well explain). Australia joins the UK, Canada, and the US in blaming Russia for Cozy Bears capers. Russia says it didnt do nothin. Rob Lee from Dragos with thoughts on the Ripple 20 vulnerabilities on industrial control systems. Our guest is Sal Aurigemma from University of Tulsa on fake ANTIFA twitter accounts. And CISAs serious about getting the Feds to apply Tuesdays Windows patch. For links to all of...
Twitter takes down verified accounts after major hack (most service now restored). Russian influence operations. Cozy Bears biomedical intelligence collection. Spearphishing in Hong Kong.
Twitter sustained a major incident in which celebrity accounts were hijacked yesterday. It seems to have been a social engineering caper, but its motivation, nominally financial, remains unclear. British authorities call out Russia for an influence campaign mounted during last years elections. Cozy Bear is back, and sniffing for COVID-19 biomedical intelligence. Craig Williams from Cisco Talos on Dynamic Data Resolver, a plugin that makes reverse-engineering malware easier. Our guest is Ashlee Benge, formerly from ZeroFox, on emerging and persistent digital attack tactics facing the financial services industry. And Chinese intelligence services are spearphishing Hong Kong Catholics. For links to...
A 2018 Presidential finding authorized the CIA to conduct a broad range of offensive cyber ops. Data breaches and ransomware incidents. Sloppy VPNs. SEC warns, and China woofs.
A 2018 Presidential finding authorized extensive CIA cyber operations against Russia, China, Iran, and North Korea. Wattpad may have been breached. The SEC asks its registrants to take steps to protect themselves against ransomware. Free VPNs databases found exposed. Joe Carrigan on privacy vs. security on Android devices. Our guest is Chris Deluzio from Pitt Cyber on election security. And Beijing woofs in the direction of London over the UKs Huawei ban.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/136
Learn more about your ad choices. Visit megaphone.fm/adchoices
Huawei to be closed out of UKs 5G infrastructure. Spyware, ransomware, and botnets. The odd case of Data Viper. SAP has a major patch out.
The British Government decides to ban Huawei. More on the malware associated with Golden Tax software package. The Molerats appear to be behind some spyware misrepresenting itself as a secure chat app. The Porphiex botnet is back distributing a new ransomware strain. The odd case of the Data Viper breach. Ben Yelin tracks a ruling from the DC circuit court on the release of electronic surveillance records. Our guest is Ann Johnson from Microsoft discussing her keynote at RSA APJ, The Rise of Digital Empathy. And SAP has a patch out--if youre a user, CISA advises you to take this...
Presidential authorization for US Cyber Command action. DPRK hacking and internal regime dynamics. TrickBots developers. Cybercriminals in the dock.
President Trump says he authorized US Cyber Commands retaliation against Russias Internet Research Agency for midterm election meddling. North Korean financially motivated hacking as a sign of internal power dynamics. TrickBot accidentally deploys a new module. TikTok, privacy, and security. LinkedIn hacker convicted. Justin Harvey from Accenture on what should and shouldnt go in emails. Our guest is Matt Davey from 1password on the under-celebrated role of IT in the work from home transition. And advice to alleged criminals on the lam: give em a low silhouette. For links to all of today's stories check out our CyberWire daily news...
Turn challenges into opportunities. [Career Notes]
Cybersecurity and disinformation researcher Bilyana Lilly shares her career path from studying where she was always a foreigner to an expert on the Russian perspective. While studying international law in Kosovo, Bilyana realized there are no winners in war. Through her work, she hopes to bring a greater understanding of Russia's strategic thinking. Our thanks to Bilyana for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Are you running what you think you're running? [Research Saturday]
Built into virtually every hardware device, firmware is lower-level software that is programmed to ensure that hardware functions properly. As software security has been significantly hardened over the past two decades, hackers have responded by moving down the stack to focus on firmware entry points. Firmware offers a target that basic security controls cant access or scan as easily as software, while allowing them to persist and continue leveraging many of their tried and true attack techniques. Joining us on this week's Research Saturday is Maggie Jauregui, security researcher at Dell, to discuss this issue. The research can be found...
The importance of staying up-to-date. Conti ransomware gains as Ryuk fades. Germany warns of Chinese companies data collection. Huaweis fortunes in Canada and UK. Hushpuppi update.
Unpatched and beyond-end-of-life systems are (again) at risk. Conti ransomware appears to be steadily displacing its ancestor Ryuk in criminal markets. Are privacy laws as consumer friendly as theyre often taken to be? There may be some grounds for doubt. German security services warn of the espionage potential of Chinese companies data collection. Huawei skepticism grows in Germany, Canada, and the UK. Zully Ramzan from RSA on zero trust. Our guest is Conan Ward from QOMPLX on the unfortunate reality of cyber insurance in light of the 3rd anniversary of NotPetya. And Ray Hushpuppi says the Feds didnt extradite him;...
Coordinated inauthenticity with a domestic bent. Preinstalled malware in discount phones. Evilnum and the Joker continue to evolve. Incidents at FreddieMac and RMC.
Facebook takes down more coordinated inauthenticity. Preinstalled malware is found in discount phones available under the FCCs Lifeline program. The Evilnum APT continues its attacks against fintech platforms and services. Joker Android malware adapts and overcomes its way back into the Play store. FreddieMac discloses a third-party databreach. Johannes Ullrich from SANS on defending against Evil Maids with glitter. Our guest is Rohit Ghai from RSA with a preview of his keynote, Reality Check: Cybersecuritys Story. And the Royal Military College of Canadas hack attack remains under investigation. For links to all of today's stories check out our CyberWire daily...
Traditional sabotage at Natanz. CISAs ICS strategy. DDoSecrets server seized by German police at the request of the US. COVID-19-themed phishing infrastructure taken down. Cyberespionage.
The Natanz blast looks like traditional sabotage. CISA releases its strategy for securing industrial control systems. Authorities in Germany seize DDoSecrets server pursuant to a US request. Microsoft takes down COVID-19-themed BEC and phishing infrastructure. FBI Director denounces Chinas cyberespionage. Joe Carrigan helps review personal privacy measures for ios and Android. Rick Howard speaks with Steve Moore from Exabeam with insights from a year spent interviewing CISOs. And some DDoS and ransomware attempts.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/131
Learn more about your ad choices. Visit megaphone.fm/adchoices
Sabotage, not cyber? Cosmic Lynx pounces on some big companies with BEC. Purple Fox upgrade. Coordinated inauthenticity in the journalistic supply chain.
Explosions at Iranian nuclear sites remain unexplained, but look increasingly like conventional sabotage as opposed to cyberattacks. The Cosmic Lynx gang sets a high bar for business email compromise. The Purple Fox exploit kit gets an upgrade. Ben Yelin describes a 5th amendment compelled decryption case that may be headed to the Supreme Court. Our guest is Hugh Thompson, Chairman of the RSA Conference Program, on the human element of cyber security and lessons learned shifting a conference online. And a network of coordinated inauthenticity and fictitious personae is found pushing an Emirati official line. For links to all of...
Damage at Natanz, maybe cyber-induced but maybe not. Official Huawei skepticism spreads. Big European dragnet. Hushpuppi in custody.
An Iranian nuclear installation may have been hacked. Or maybe not, but in any case it was damaged. Huawei gets more skeptical looks. European police round up hundreds of online contraband dealers. Thomas Etheridge from CrowdStrike on the increased need for speed, scale, and remote investigative and recovery services. Our guest is Tobias Whitney from Fortress Information Security on the Asset to Vendor Network (A2V). And an accused Nigerian money-launderer (and an admitted influencer) is now in US custody, facing Federal charges. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/129 Learn more about...
Solving hard problems and pursuing your passions. [Career Notes]
CEO, Matt Devost, describes many firsts in his career including hacking into systems on an aircraft carrier at sea. He shares how he enjoys solving hard problems and the red teamer perspective, and how he was able to translate those into a career. For those interested in cybersecurity, Matt advises opportunities for self-directed learning including heading down to your basement and building your own lab. Our thanks to Matt for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Evil Corp versus newspapers. Trolling for unprotected MongoDB. Taurus in the criminal souks. Law and security. Loot boxes as gambling items.
Evil Corp seems to have been shuffling through some newspaper sites. Dont take the gangs communiqus at face value, but some appear to be trolling for unprotected MongoDB databases. A look at Taurus, an information-stealer being sold in criminal-to-criminal markets. Chinese law and online security. The EARN-IT Act is being debated. Justin Harvey on Smishing. Our guest is Jeff Styles from FireMon on COVID-19 increasing misconfiguration risks. And theres trouble in Tilted Towers.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/128
Learn more about your ad choices. Visit megaphone.fm/adchoices
EvilQuest ransomware identified. Out-of-band patches. The scope of Chinese surveillance of Uighurs. Hong Kong and the National Security Law. FCC finds against Huawei, ZTE.
EvilQuest ransomware found in pirated versions of Little Snitch app. Out-of-band patches from Microsoft and Oracle. Extensive Chinese surveillance of Uighurs described. Hong Kong and the world react to Chinas new National Security Law. The US FCC finds both Huawei and ZTE are threats to national security. Joe Carrigan on password stealers that target gaming. Our guest is Kiersten Todt from the Cyber Readiness Institute on how COVID-19 has changed small business security and what to expect going forward. And Britain rethinks its position on Huawei and 5G infrastructure. For links to all of today's stories check out our CyberWire...
Critical bug disclosed in Palo Alto products (a fix is available). StronPity (a.k.a. Promethium) is back. A big Bitcoin scam. Lots of PII newly offered in the dark web. Australia and India look to their defenses.
NSA and CISA agree: take Palo Altos advisory about its PAN-OS operating system seriously. StrongPity is back and active against targets in Turkey and Syria. A big Bitcoin scam is using spoofed news outlets and bogus celebrity endorsements to lure victims. A large trove of PII has appeared in the dark web. Ben Yelin from UMD CHHS on whether or not the EARN IT Act violates the constitution, our guest is Brad Stone with Booz Allen Hamilton on how technology is changing the battlefield and why cyber is becoming so important in the DoD space. Finally, both Australia and India...
Ransomware pays, in California. Kashmir utility recovers from cyberattack. Update on hacktivism vs. Ethiopia. Another misconfigured AWS account. Guilt and sentencing in high-profile cybercrime.
The University of California San Francisco pays Netwalker extortionists nearly a million and a half to recover its data. A Kashmir utility restores business systems after last weeks cyberattack. The website defacements in Ethiopia continue to look more like hacktivism than state-sponsored activity. Our own Rick Howard talks about wrapping up his first season of CSO Perspectives. Our guest is Sanjay Gupta from Mitek discussing how online marketplaces can balance security with biometrics. Data are exposed at an e-learning platform. Three prominent cyber-hoods go down in US Federal courts. And Lion says the beer is flowing, post ransomware. For links...
Get your foot in the door and prove your worth. [Career Notes]
Vice President of Marketing, Kathleen Booth, shares her career path from political science and international development to marketing for a cybersecurity company. Early dreams of acting morphed into goals of making the world a better place. Chief marketer and podcaster Kathleen is doing just that. She shares how proving your worth can lead to success. Listen for Kathleen's advice on getting your foot in the door. Our thanks to Kathleen for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Enter the RAT. [Research Saturday]
A new report examines how five related APT groups operating in the interest of the Chinese government have systematically targeted Linux servers, Windows systems and Android mobile devices while remaining undetected for nearly a decade. The report comes on the heels of the U.S. Department of Justice announcing several high-profile indictments from over 1,000 open FBI investigations into economic espionage as part of the DOJsChina Initiative. Joining us in this week's Research Saturday to discuss the report is Eric Cornelius of Blackberry. The research can be found here: Decade of the RATs: Novel APT Attacks Targeting Linux, Windows and Android...
Patch Exchange already, will ya? GoldenSpy lurks in tax software Chinese banks prefer their foreign clients to use. Magecart gets cleverer. Another unsecured AWS S3 bucket, and this ones not funny.
Microsoft urges Exchange server patching. Sure it does your taxes, but its got another agenda, too: the GoldenSpy backdoor may be in your tax software if you do business in China. Magecart ups its game. DDoSecrets says theyre not going to roll over for Twitters Nixonian schtick. Camille Stewart from Google and Lauren Zabierek from Harvards Belfer Center on the #Sharethemicincyber event and why systemic racism is a threat to cybersecurity. Rick Howard wraps up cybersecurity canon week with guests Richard Clarke and Robert Knake, authors of The Fifth Domain. And theres another unsecured Amazon S3 bucket, and this exposure...
Big big DDoS. Evolving malware families. (More) privacy by default. A superseding indictment in the US case against Julian Assange. The EU reviews two years of GDPR.
Akamais report on the record-setting DDoS attack it stopped this week. Glupteba GLOOP-tib-yeh and Lucifer malware strains described. Apple and Google move their defaults in the direction of greater privacy. The US designates Huawei and Hikvision as controlled by Chinas military. A superseding indictment in Julian Assanges case. The EU looks at GDPR and likes what it sees. REvil gets ready to sell stolen data. David Dufour from Webroot with tips on navigating new workplace realities. Our guest is David Sanger, author of The Perfect Weapon - War, Sabotage, and Fear in the Cyber Age. And the Navy recruiting campaign...
BlueLeaks updates and fallout. Hidden Cobra hunt. Hacking leads to trade wars. What the crooks are watching, from their home and yours.
Twitter permanently suspends DDoSecrets for violating its policy with respect to hacked material. DDoSecrets explains its thinking with respect to BlueLeaks. A quick look at a Hidden Cobra hunt. Sino-Australian dispute over hacking may be moving into a trade war phase. Lessons on election management. What do cybercriminals watch when they binge-watch? Joe Carrigan explains the Ripple 20 vulnerabilities. Cybersecurity Canon week continues with Joseph Menn, author of Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. And some notes on the most malware-infested movie and television fan communities. For links to all of...
Hacking attends international conflicts and disputes in India, Australia, and Ethiopia. US designates four Chinese media outlets foreign missions. Sodinokibi evolves; Evil Corps rises from its virtual grave.
International conflicts and disputes are attended by hacking in South Asia, Australia, and Africa. The US designates four Chinese media outlets as foreign missions, that is, propaganda outfits. Sodinokibi ransomware sniffs at paycard and point-of-sale systems. Ben Yelin on TSAs facial recognition program. Cybersecurity Canon Week continues with our guest is Bill Bonney, Co-Author of CISO Desk Reference Guide. And Evil Corp is back, apparently because you just cant keep a bad man down.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/121
Learn more about your ad choices. Visit megaphone.fm/adchoices
BlueLeaks hacktivists dump police files online. NSO Group back in the news. COVID-19 apps and databases versus privacy. Cyber conflict: China versus India and Australia. An alt-coin barons story.
BlueLeaks dumps stolen police files online. A report of spyware delivered via network injection. COVID-19 apps and databases are reported to have indifferent privacy safeguards, and theres been one big recent leak. India and Australia both on alert for Chinese cyberattacks. Our own Rick Howard on intelligence operations. Its cybersecurity Canon Week, our guest is Todd Fitzgerald, author of CISO Compass. And New Zealand piles on in the case of a Russian alt-coin baron.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/120
Learn more about your ad choices. Visit megaphone.fm/adchoices
Superhero origin stories and lessons that last. [Career Notes]
Dean of Research, Johannes Ullrich, relays his experiences from studying the hard sciences to his career shift to cybersecurity. Basic principles, superhero origin stories, physics labs and radiation all figure in. And theres a lot in common with network security best practices. Have a listen to what Johannes has learned and what he hopes to impart on his students. Our thanks to Johannes for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Click here to update your webhook. [Research Saturday]
Slack is a cloud-based messaging platform that is commonly used in workplace communications. Slack Incoming Webhooks allow you to post messages from your applications to Slack. Generally, Slack webhooks are considered a low risk integration. A deeper dive into webhooks shows that this is not entirely accurate.
Joining us in this week's Research Saturday is Ashley Graves from AT&T Cybersecurity's Alien Labs to discuss her research.
The research can be found here:
Slack phishing attacks using webhooks
Learn more about your ad choices. Visit megaphone.fm/adchoices
Australia warns of a large-scale espionage campaign. China indicts two long-detained Canadians. And the Lazarus Group may be about to undertake a widespread COVID-19-themed fraud effort.
A look at the state-based cyber actor the Australian government is concerned about. Some signs of Chinese retaliation for Five Eyes skepticism of Huawei. Johannes Ullrich explains malware triggering multiple signatures in anti-malware products. Our guest is Geoff White, author of Crime Dot Com, on how he tracked down the creator of the Love Bug. And an alert about the possibility of some COVID-19-themed fraud from the Lazarus Group.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/119
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyber support for a kinetic conflict. Cyberespionage. Spyware in Chrome extensions. Criminal phishing bypasses defenses. Proposed revisions to Section 230. Zoom and encryption.
Sino-Indian conflict extends to cyberspace. InvisiMole connected to Gamaredon. Spyware found in Chrome extensions. Phishing around technical defenses (and some criminal use of captchas). The US Justice Department releases its study of Section 230 of the Communications Decency Act. Zully Ramzan from RSA on privacy and security in a post-COVID world. Our guest is Michael Powell from NCTA on the importance of the UK cybersecurity sector. And Zoom decides to make end-to-end encryption generally available.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/118
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ripple20 flaws in the IoT supply chain. Operation In(ter)ception looks for intelligence, and cash, too. Sino-Indian tensions. A look at Secondary Infektion. How not to influence reviewers.
Ripple20 vulnerabilities are reported in the IoT software supply chain. North Korean operators go for intelligence, but also for cash, and theyre phishing in LinkedIns pond. Sino-Indian tensions find expression in cyberspace. A long look at the Russian influence operation, Secondary Infektion. Joe Carrigan from JHU ISI on why older adults share more misinformation online. Our guest Will LaSala from OneSpan tracks the increase in online banking fraud during COVID-19. And the strange case of the bloggers who angered eBay may have more indictments on the way. For links to all of today's stories check out our CyberWire daily news...
Cyberespionage and counterespionage. The DDoS that never was. A very strange case of cyberstalking. And leaky niche dating sites.
What does Beijing want to know about US Presidential campaigns? Position papers, mostly. A redacted version of the CIAs inquiry into the WikiLeaks Vault 7 material is out. That DDoS attack you read about on Twitter? Never happened. Former eBay employees face Federal charges of conspiracy to commit cyberstalking and witness tampering. Ben Yelin explains a judge refusing to sign off on a potential Facebook facial recognition settlement. Our guest is Randy Vanderhoof from the Secure Technology Alliance on mobile drivers licenses. And where would you store niche dating app material? In a misconfigured AWS S3 bucket. Where else? For...
ActionSpy Android spyware deployed against Uyghurs in Tibet. Anonymous claims an action against Atlanta PD. Security vendor or malware purveyor? Spelling counts.
A new Android spyware tool is deployed against Chinas Uyghur minority. Anonymous claims it disrupted the Atlanta Police Departments website yesterday to protest a police shooting. An apparently legitimate security firm has apparently been selling malware to criminals. Breachstortion joins sextortion as a criminal tactic. Craig Williams from Cisco Talos on Astaroth, an information-stealer that has been targeting Brazil, Our own Rick Howard on risk assessments. And why spelling always counts.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/115
Learn more about your ad choices. Visit megaphone.fm/adchoices
The mark of making a difference. [Career Notes]
Financial firm CISO,Tom Quinn, takes us from his first experience with modern computers in the military to his current role as a Chief Information Security Officer. It's important to understand how the technology works, but it's also important to understand how people work. And, to make a difference. Our thanks to Tom for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The value of the why and the who. [Research Saturday]
Proactive, efficient threat mitigation and risk management require understanding adversaries fundamental thought processes, not just their tools and methods. Cyber threat intelligence analysts combed through 15 years (2004 to 2019) of public sources that have documented the activities of one prolific threat actor, Russias military intelligence agency, the GRU. Analysis shows that the timing, targets, and impacts of this activity mirrored Russian strategic concerns about specific events and developments. Joining us in this week's Research Saturday are Brad Stone & Nate Beach-Westmoreland from Booz Allen Hamilton to discuss their report and some of the 33 case studies presented in it....
Chinese, Russian, and Turkish domestic influence campaigns. Zooms China troubles. Honda, Enil recover from Ekans. Ransomware attacks against a city and an M&A consultancy.
Twitters transparency efforts see through accounts being run by Chinese, Russian, and Turkish actors. Zoom is working to both comply with Chinese law and contain the reputational damage involved in doing so. Industrial firms recover from Ekans infestations. Caleb Barlow from CynergisTek on how hospital CISOs are dealing with the COVID-19 situation. Our guest is Ronald Eddings from Palo Alto Networks and the Hacker Valley Studio Podcast on strategies for finding and managing security architects. And its not Posh Spice whos got the attention of Maze; its just her M&A advisors. For links to all of today's stories check out...
Gamaredon ups its crazy game. Doxing during unrest. Bogus contact-tracing apps spread spyware. Thanos in the ransomware market. Crypto Wars notes. Another 419 scam.
The Gamaredon Group is back, and whats their secret? Like Crazy Eddies, its volume! Doxing during times of unrest. Phoney contact-tracing apps are snooping on personal information in at least ten countries. Thanos is a criminal favorite in the ransomware-as-a-service market. Another skirmish in the Crypto Wars is brewing up on Capitol Hill. David Dufour from Webroot on how organizations can successfully navigate their new workplace realities. Our guest is Chester Wisniewski from Sophos on fleeceware apps found in the Apple app store. And no, really, Elon Musk is not on YouTube offering you Bitcoin. For links to all of...
A big Patch Tuesday. Honda ransomware update. Facebook helped the FBI with a zero-day. Cloud service outages. Breach settlements. BellTroX explains itself, sort of.
Notes on Patch Tuesday--it was a fairly big one this time. Honda continues its investigation of the incident it sustained over the weekend, and outsiders see it as a ransomware attack. Facebook is said to have developed a Tails zero-day to help the FBI with a notorious case. Crooks are turning to search engine optimization. IBM and Google cloud services recovered quickly from outages. Youre unlikely to get rich from a breach settlement. Joe Carrigan describes free online courseware aimed at Community College students. Our guest is Dennis Toomey from BAE on how financial institutions need to enact stronger cyber...
Tracking down hackers-for-hire. SNAKE ransomware bites Honda. Anti-DDoS for criminal markets. And a menu for cyber contraband.
Commercialized hacking-for-hire is traced to an Indian firm, but its probably not an isolated problem. Ransomware shuts down Honda production lines in three continents. Criminals develop and distribute an anti-DDoS tool to help keep the dark web souks responsive and available. Ben Yelin revisits Twitters flagging or removing the U.S. Presidents tweets. Our guest is Jeremy Oddo from The Third Floor to discuss cybersecurity in Hollywood during COVID-19. And researchers compile a menu of cyber contraband.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/111
Learn more about your ad choices. Visit megaphone.fm/adchoices
Regional rivals jostle in cyberspace. Election interference and vulnerable online voting. Phishing for a competitive advantage. Reducing dependence on foreign companies for infrastructure.
South and Southwest Asian regional rivalries play out in cyberspace. Election interference could move from disruptive influence operations to actual vote manipulation. Someone is spearphishing leaders in Germanys PPE task force. Nations move to restrict dependence on foreign companies in their infrastructure. Justin Harvey from Accenture on the train of thought behind breach disclosure. Our own Rick Howard on DevSecOps. And Washington State recovers some, but not all, of the unemployment funds lost to fraud.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/110
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ask more people to dance. [Career Notes]
Cyber analyst, Tracy Maleeff, shares her unexpected journey from the library to cybersecurity and offers advice for those both seeking to make a change and those doing the hiring. It's not just about the invitation, it's more than that.Our thanks to Tracy for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Due diligence cannot be done as a one-off. [Research Saturday]
Earlier this year, a Virgin Media database containing the personal details of 900,000 people was discovered to be unsecured and accessible online for 10 months. The breach was discovered by researchers at the security firm TurgenSec. This breach had major implications under GDPR.
Joining us in this week's Research Saturday are George Punter and Peter Hansen from TurgenSec to talk about the discovery of the breach.
The research can be found here:
Virgin Media Disclosure Statement & Resources
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hurricane Panda and Charming Kitten paw at, respectively, the campaigns of Mr. Biden and Mr. Trump. Lies bodyguard of truth. Information warfare in the Gulf.
Its mostly cyberespionage today, with an admixture of influence operations. Google has warned both major US Presidential campaigns that Chinese and Iranian intelligence services are after their staffers email accounts, so far apparently without much success. Russia, China, and Iran devote some purposive media attention to US civil unrest. Johannes Ullrich from SANS on malicious PowerPoint add-ins. Our guest is Bil Harmer from SecureAuth on credential carelessness. And Qatars rivals in the Gulf continue their information campaign against Doha: this time its bogus news of a coup. For links to all of today's stories check out our CyberWire daily news...
Nuisance-level hacktivism. Ongoing cyberespionage and cybercriminal campaigns. EU unhappy with Russias hacking the Bundestag. CISA has a new cybersecurity resource.
Nuisance-level hacktivism continues to surround US protests. The Higaisa APT is active in Southeast Asia. Goblin Panda is back, with USB-borne malware. A new strain of ransomware is described: Tycoon. The EU considers whether to sanction Russia over the GRUs hack of Germanys Bundestag. CISA launches a new public resource for cybersecurity. Zulfikar Ramzan from RSA on cybersecurity and digital risk in the context of pandemics. Our guest is Grant Goodes from GuardSquare on security of mobile app voting. And a Texas man pleads guilty to conspiracy to commit money-laundering in the course of a BEC scam. For links to...
Slacktivism and vandalism in a time of unrest. Ransomware operators continue to evolve. Email voting. Looking up how-to-guides to cybercrime during social isolation.
Protest groups sustain DDoS attacks, too. Old school denial-of-service afflicts police radio networks in Chicago: theyre being jammed with talk, music, and other noise. Influencers and wannabes continue to use unrest as an occasion for on-line branding. The Sodinokibi gang is selling data stolen in ransomware attacks, and Maze seems to be establishing a criminal cartel. Is email to voting what shadow IT is to the enterprise? Ben Yelin describes a federal case involving police screenshots of a suspects phone as evidence. Our guest is Steve Durbin from the Information Security Forum on the Threat Horizon 2022 report. And cybercrime...
Current forms of hacktivism, misinformation, and disinformation. More recommendations from the Cyberspace Solarium. Fraud accompanies Test and Trace.
Unrest accompanied by misinformation, disinformation, and Anonymous theater. Booter hacktivism. Extremist inauthenticity. The Cyberspace Solarium Commission releases its white paper on the pandemics lessons for cybersecurity. Joe Carrigan unpacks Casio executing a DMCA takedown on a hardware hack. Our guest is Herb Stapleton from the FBI on the 20 year anniversary of the IC3. And the UKs Test and Trace system is expected to be accompanied by a wave of fraud. Actually, that fraud has already begun.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/106
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyberattacks and hacktivism around Minnesotas unrest. Amtrak breach. Port scanning. Some lessons from the pandemic.
Hacking, and more claims of hacking, surround the unrest in Minnesota. Data breach at Amtrak Guest Rewards. More companies found port scanning. Four cybersecurity lessons from the pandemic. David Dufour from Webroot with an overview of online scams his team is tracking during COVID-19, Our own Rick Howard compares resiliency with business continuity. And a new 5G device is not only holographic, but quantum oscillatin too.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/105
Learn more about your ad choices. Visit megaphone.fm/adchoices
Extending security tools to the at home workforce during the pandemic. [Research Saturday]
In this episode of CyberWire-X, Rick Howard, the CyberWires Chief Analyst, interviews security thought leaders on the strategy and tactics to extend the security controls weve typically used to protect our handful of remote employees in the past to today, during the pandemic, that requires us to deploy flexible but equivalent controls at scale to everybody in the organization. Joining us is Bob Turner, CISO of the University of Wisconsin at Madison. Later in the program, we will hear from Mounir Hahad, the head of Threat Labs, and Mike Spanbauer, a security evangelist, at Juniper Networks, the sponsor of the...
Twofold snooping venture. [Research Saturday]
Working with many different honeypot implementations, a security researcher did an experiment expanding on that setting up a simple docker image with SSH, running a guessable root password. The catch? What happened in the next 24 hours was unexpected.
Joining us in this week's Research Saturday to talk about his experiment is Larry Cashdollar of Akamai.
The research can be found here:
A Brief History of a Rootable Docker Image
Learn more about your ad choices. Visit megaphone.fm/adchoices
Sandworm is out and about, so patch already. Steganography used in attacks on industrial targets. An Executive Order on Preventing Online Censorship. Breaches, ransomware, and lessons.
NSA warns that the GRUs Sandworm outfit has been actively exploiting a known vulnerability in Exim. Someone is attacking industrial targets in Japan and Europe using steganography and other evasive tactics. NTT Communications is breached, and Michigan State University sustains a ransomware attack. Ben Yelin unpacks the Presidents executive order aimed at social media companies. Our guest is Vik Arora of the Hospital for Special Surgery on protecting health care organizations during COVID-19.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/104
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hackers for hire. A bulk power distribution risk? An Executive Order on social media is under consideration. COVID-19 and cybersecurity.
Hackers-for-hire find criminal work during the pandemic. The US Department of Energy is said to have taken possession of a Chinese-manufactured transformer. US President Trump may be considering an Executive Order about the legal status of social media. Contact-tracing apps in France and the UK are scrutinized for privacy. Ben Yelin from with the latest iPhone cracking case between the FBI and Apple. Our guest is retired CIA master of disguise Jonna Mendez on her book The Moscow Rules. Canadas Centre for Cyber Security assesses current risks, and Huaweis CFO loses a round in a Vancouver court. For links to...
Berserk Bear is back, and still loves that critical infrastructure honey. COVID-19 apps: good, bad, and bogus. Android issues discovered. A FIN7 arrest. Mr. Faradays underwear.
Berserk Bear is back, and snuffling around Germanys infrastructure. Two new Android issues surface. India opens up the source code for its COVID-19 contact-tracing app as such technological adjuncts to public health continue to arouse privacy concerns. [F]Unicorn poses as Italys Immuni app. An alleged FIN7 gangster is arrested. Australias Data61 urges companies not to scrimp on R&D. Joe Carrigan on Android mobile malware getting new features. Our guest is Frederick Flee Lee from Gusto on CCPA. And does your underwear come with a Faraday cage? We thought it might. For links to all of today's stories check out our...
The evolution of malware, both criminal and state-run.
Turla tunes its tools. The commodity Trojan AnarchyGrabber is now stealing passwords. A new iOS jailbreak has been released. The UK reconsiders its decision to allow Huawei into its 5G networks. A tech group lobbies the US House against warrantless inspection of searches. Remote works regulatory risk. COVID-19 conspiracy theories. Hackers say theyre vigilantes. Our own Rick Howard on intrusion kill chains, his latest episode of CSO Perspectives. Our guest is Nico Fischbach from Forcepoint on deepfakes expanding outside of disinformation campaigns to the enterprise. And too many remote workers appear to have too much time on their hands. For...
Naming and shaming is the worst thing we can do. [Research Saturday]
In December 2019, the GOLD VILLAGE threat group that operates the Maze ransomware created a public website to name and shame victims. The threat actors used the website to dump data they exfiltrated from victims' networks before they deployed the ransomware. Secureworks Counter Threat Unit (CTU) researchers have observed several ransomware operators following suit.
Joining us in this week's Research Saturday is Alex Tilley of SecureWorks' Counter Threat Unit.
Learn more about your ad choices. Visit megaphone.fm/adchoices
An election database leaks. Phishing from Firebase. Shiny Hunters sell Mathway user records. COVID-19-themed scams. On that return to the office thing...
Indonesias election database has leaked, and PII is for sale in the dark web. Phishing campaigns abuse Firebase. The Shiny Hunters are selling Mathway user records. US agencies warn of COVID-19-themed criminal campaigns. Contact tracing technology hits a rough patch. Johannes Ullrich from SANS on phishing PDFs with incremental updates. Our guest is author Peter Singer on his new book, Burn-In. And what are you going to do when you return to the workplace? If, that is, youve left the workplace at all, and if youre in fact ever going to return? For links to all of today's stories check...
Cyberwar, cybercrime, and hacktivism: updates on all three. Contact tracing and its discontents. Cybersecurity economic trends during the pandemic.
Website defacements in Israel may be hacktivist work. Iranian cyberespionage against Saudi Arabia and Kuwait. The latest evolution of ZeuS. The Winnti Group is still hacking, and it still likes stealing in-game commodities. Contact tracing during the pandemic proves harder than many thought it would be. Economic trends for the security sector as it prepares to emerge from the general state of emergency. Caleb Barlow wonders if GDPR may have unintended consequences for stopping COVID-19 scammers. Gabriel Bassett from Verizon on the 2020 DBIR. And if youre looking for qualified workers, follow the layoff news. For links to all of...
Cyber espionage: many operations and many targets. Misinformation and online fraud during the pandemic. Beer and conviviality versus operational security.
Cyber spies steal prototype missile data. Others hack into South Asian telecoms, and still others go after easyJet passengers travel data. Cyberattacks, misinformation, and cyber fraud continue to follow the COVID-19 pandemic. Joe Carrigan weighs in on the Thunderspy vulnerability. Our guest is James Dawson with insights on DMARK threats and why its worse during COVID-19. And think twice before you post, no matter how good or bad you think the beer is.
For links to all of today's stories check out our CyberWire daily news brief:
https://www.thecyberwire.com/newsletters/daily-briefing/9/98
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyber conflict in the Middle East. EasyJet breached. More errors than exploits. The Dark Web during the pandemic. 5G misinformation. REvil updates.
Foreign intelligence services attribute a recent cyberattack on an Iranian port to Israeli operators. EasyJet discloses a breach of passenger information. Verizons annual Data Breach Report is out, and it finds more errors than it does exploits. A look at the Dark Web during the pandemic. US authorities warn local law enforcement to watch for misinformation-driven telecom vandalism. Ben Yelin explains why the ACLU is suing Baltimore over a surveillance plane. Our guest is Robb Reck from Ping Identity on a recent CISO Advisory Council meeting regarding the sudden shift to working from home. And REvil is still offering celebrity...
Supercomputers as cryptomining rigs. UK grid operator recovers from hack. EU Parliament data exposure. REvil ransomware gang promises dirty laundry. US-China conflict. Catphishing.
European supercomputers were hacked by cryptominers. UK electrical power distributor recovers from its cyberattack. A database containing personal data related to the EU Parliament is found exposed. REvil says its got the celebrity goods, but has yet to show its hand. The US and China move into a new round of trade and security conflict. Justin Harvey shares insights on how companies are adjusting to the new remote working environment and the impacts to their security posture. Our guest is Ehsan Foroughi from SecurityCompass on compliance issues. And catphishing with some pretty implausible impersonations of US Army generals. For links...
Gangnam Industrial Style APT campaign targets South Korea. [Research Saturday]
Section 52, CyberXs threat intelligence team, has uncovered an ongoing industrial cyberespionage campaign targeting hundreds of manufacturing and other industrial firms primarily located in South Korea. CyberX has identified more than 200 compromised systems from this campaign, including one belonging to a multi-billion dollar Korean conglomerate that manufactures critical infrastructure equipment such as heavy equipment for power transmission and distribution facilities, renewable energy, chemical plants, welding, and construction. Joining us in this week's Research Saturday is Phil Neray, one of the authors of this report. The research can be found here: Gangnam Industrial Style: APT Campaign Targets Korean Industrial Companies...
Malware versus air-gapped systems. Ransomware against utilities and hospitals. Lessons for cybersecurity from the pandemic response. Outlaw blues.
More malware designed for air-gapped systems. A British utility sustains a ransomware attack. The US Cyberspace Solarium Commission sees lessons in the pandemic for cybersecurity. Contact-tracing technologies take a step back,maybe a step or two forward. Rob Lee from Dragos comparing the state of ICS security around the world, our guest is Ian Pitt from LogMeIn on lessons learned working remotely during COVID-19. Criminals increase ransomware attacks on hospitals, and swap templates to impersonate government relief agencies.
For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/newsletters/daily-briefing/9/95
Learn more about your ad choices. Visit megaphone.fm/adchoices
ARCHER incident. Contact tracing smishing. Malware vs. air gaps. A surcharge for deletion. Anti-creepware. 5G coronavirus delusions.
ARCHER goes offline after a security incident. Scammers smish victims with bogus contact-tracing messages. Ramsay malware goes after air-gapped systems. Ako ransomware now places a surcharge on deletion of stolen data. Google boots creepware apps with the help of the CreepRank algorithm. Johannes Ullrich explains that when it comes to malicious binaries bypassing anti-malware filters, size matters. Our guest is Pat Craven, Director of the Center for Cyber Safety and Education on the security social media apps. And kooky 5G conspiracists go after cell towers in the US. For links to all of today's stories check out our CyberWire daily...
More data theft by ransomware. Patch Tuesday notes. Espionage and possible data corruption against COVID-19 researchers. Be a role model for your AI.
Ransomware continues to steal personal information. Notes on Patch Tuesday--and please, by all means patch. The FBI says its investigating cyberespionage directed against COVID-19 researchers (and US officials see direct data corruption in espionage). And the AI doesnt really know what to make of us any more. Joe Carrigan from JHU ISI on Twitters response to 5G related Coronavirus conspiracy theories, our guest is Chris Cochran from Netflix on the importance of personal health and safety.
For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/newsletters/daily-briefing/9/93
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyberwar looms in the Middle East? Hidden Cobras fangs described. Evasive Astaroth. Ransomware in Texas courts. COVID-19 espionage. Content moderation.
Unattributed cyberattacks in an Iranian port prompt speculation that a broader cyberwar in the Middle East may be in the offing. CISA releases malware analysis reports on North Koreas Hidden Cobra. Astaroth malware grows more evasive (and it was already pretty good at hiding). Texas courts sustain a ransomware attack. COVID-19 espionage warnings are on the way. Twitters misinformation warning system. Ben Yelin describes a Fourth Amendment case on automated license plate reader (ALPR) databases. Our guest is Brian Dye from Corelight on dealing with encrypted traffic without compromising privacy. And taking down Plandemics trailer. For links to all of...
Cyberattacks with kinetic consequences. Thunderspy and evil maids. Developing background to the US bulk power security executive order. Conspiracy theories and the culture of social media.
A cyberattack with kinetic effect. Shiny Hunters post more stolen wares online. Thunderspy and evil maids. Some developing background to the US bulk power state-of-emergency Executive Order. Contact tracing apps: reliability, privacy, security, familiarity, and rates of adoption all raise questions. The economic consequences of the pandemic emergency. Caleb Barlow from CynergisTek on Alan Brunacinis concept of an Incident Action Plan, our guest is James Yeager from CrowdStrike on their Global Threat Report. And the reappearance of the yellow press in social media. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_11.html Learn more...
The U.S. campaign trail is actually quite secure. [Research Saturday]
Multiple media reports have indicated that the United States (U.S.) 2020 general election could be targeted by foreign and domestic actors after the successful cyber and misinformation attacks during the 2016 general election. The responsibility of secure and ethical online campaigning has become a central issue in the 2020 election. In some cases, it has become part of candidate platforms. Joining us in this week's Research Saturday is Paul Gagliardi from Security Scorecard, discussing their recent report detailing the cybersecurity of the 2020 Presidential race. The research can be found here: 2020 Democratic Presidential Candidates Get Smart to Cybersecurity Report...
PLA cyber espionage, and training WeChat censorship algorithms against the Chinese diaspora. Snake is back, and so is Charming Kitten. Election security. Recruiting money mules.
Naikon has returned from four years in the shadows to snoop around the shores of the South China Sea. Tencent trains censorship algorithms on WeChat. Snake ransomware is back, making its way through the healthcare sector. Seeing Charming Kitten's pawprints in World Health Organization networks. Voting security during (or even after) a pandemic. Malek Ben Salem from Accenture on their Technology Vision report, our guest is Thomas Rid from Johns Hopkins University on his book, Active Measures. And unemployed workers are offered gigs as money mules. For links to all of today's stories check out our CyberWire daily news brief:...
Mining Monero. A RAT in a 2FA app. The decline of the Cereal botnet. Markets during the pandemic. Ransomware in Taiwan. Twitter appeals to reason.
A new Monero miner is out and about. Hidden Cobra is pushing a RAT through a Trojanized two-factor authentication app. The rise and fall of a botnet. Markets, criminal and legitimate, react to the pandemic. Ransomware hits Taiwan. Remcos is resurgent. Michael Sechrist from BAH on where things are headed with ransomware, our guest is Rachael Stockton from LastPass on their Psychology of Passwords report. And, despite what you saw on Twitter when you were doing your own research, 5G does not cause COVID-19, and telecom repair crews are not agents of the Illuminati. For links to all of today's...
Taking down coordinated inauthenticity. Contact tracing and other COVID-19 notes. BlackInfinity taken down.
Facebook reports on the coordinated inauthenticity it took down in April. Investigations into COVID-19s origins continue, as does medical espionage. Contact tracings challenges. Joe Carrigan from JHU ISI on recent flaws in antivirus products, our guests are Laura Deimling and Courtney Wandeloski from Down To Staff on interviewing tips for employees and hiring managers. And European police take down the BlackInfinity credential traffickers.
For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_06.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Bear hunt in the Bundestag. Kaiji botnet described. Cryptojacking. Joint US-UK warning against attacks on COVID-19 response. Contact tracing. Puppy scams.
A pretty Fancy Bear hunt in Germany. A new IoT botnet surfaces. Cryptojackers exploit a Salt bug. Bribing an insider as a way to get personal data. The UKs NCSC and the US CISA issue a joint warning about campaigns directed against institutions working on a response to COVID-19. Britains contact tracing app starts its trial on the Isle of Wight. Ben Yelin from UMD CHHS on AI inventions and their pending patents, our guest is Matt Glenn from Illumio on why companies should break up with their firewalls. And dont get puppy scammed--youre looking for wags in all the...
A state of emergency over bulk power in the States. Beijings disinformation about COVID-19, and its motivation for a coverup. Hacking biomedical research. Curious Xiaomi phones.
A US Executive Order on Securing the United States Bulk-Power System declares a state of emergency in electricity generation and distribution. Chinas disinformation about COVID-19 may have begun in the earliest stages of the pandemic. Someones hacking for information on British biomedical research. Xiaomi seems very interested in users of its phones. Andrea Little Limbago on global privacy trends, our guest is Mathew Newfield from Unisys with insights on cybersecurity breaches. And the Love Bugs creator is found. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_04.html Learn more about your ad choices. Visit...
Fingerprint authentication is not completely secure. [Research Saturday]
Passwords are the traditional authentication methods for computers and networks. But passwords can be stolen. Biometric authentication seems the perfect solution for that problem. Our guest today is Craig Williams, director of Talos outreach at Cisco. He'll be discussing and providing insights into their report which shows that fingerprints are good enough to protect the average person's privacy if they lose their phone. However, a person that is likely to be targeted by a well-funded and motivated actor should not use fingerprint authentication. The research can be found here: Fingerprint cloning: Myth or reality? Learn more about your ad choices....
China hacks at Vietnam over a territorial dispute. Kims still in charge, but could Hidden Cobra get loose if his grip slackens? COVID-19 and cybersecurity.
Tensions between China and its neighbors. ICS incursions are troubling. The US intelligence community comments on COVID 19 disinformation. The FBI tracks increased cybercrime activity during the pandemic. Johannes Ullrich explains Excel 4 Macro vulnerabilities. Our guest is Tina C. Williams-Koroma, from TCecure on the importance of strong, effective leadership in cybersecurity. And smile for the web-cam. Your boss may be watching.
For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_01.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
The persistence of ransomware. Exposure notifications and contact tracing. Doxing and conspiracy theories. More notes on the underworld.
Ransomware not only encrypts and steals data, but establishes persistence as well. Apple and Google roll out their exposure notification API. GCHQ will help secure Britains centralized contact tracing system. A conspiracy-minded motive for doxing. Criminal markets and criminal enterprises continue to mimic legitimate ones. And a new wrinkle in mobile ransomware. Rob Lee from Dragos with insights on a recent ransomware incident shutting down a gas pipeline, guest is Drex DeFord from Drexio on Cybersecurity in Healthcare amid COVID-19. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_30.html Learn more about your ad...
Content farmers and disinformation tactics. PhantomLance: quiet, selective, and apparently effective. Lawful intercept and contact-tracing apps. A look at the black market.
Researchers see a coming shift in tactics used by Chinese content farmers. Amplifying disinformation through influencers and other agents of influence. PhantomLance is a quiet and selective Vietnamese cyber espionage campaign. Lawful intercept and contact tracing apps. And the black market for malware is surprisingly open, cheap, and attentive to its customers. Joe Carrigan from JHU ISI on cheating in online games, guest is Tonya Ugoretz from the FBI on engagement with public and private sector during COVID-19. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_29.html Learn more about your ad choices. Visit...
Shade shuts down. CLOP hits pharma. Medical research firm breached. The pain caused by disinformation. Mr. Kim goes downy ocean?
Shade ransomware operators close down, or so they say. A US pharmaceutical company is the victim of CLOP ransomware, and a Chinese medical research firm is breached by cyber criminals. Centralized versus decentralized approaches to contact tracing. A GDPR assistance site proves leaky. Disinformation breeds misinformation which breeds folly that brings misery. And Mr. Kim seems to be chillin downy ocean. Ben Yelin from UMD CHHS on responses to the EARN IT Act, guest is Katie Arrington, CISO for Assistant Secretary for Defense Acquisition on the Cybersecurity Maturity Model (CMMC) certification. For links to all of today's stories check out...
Wheres Kim Jong-un? Disinformation campaigns against European targets. Cyberattack against wastewater treatment plants. Hupigon RAT is back.
Reports to the contrary, as far as anyone really knows, North Koreas Kim is still large and in charge. Poland reports Russian disinformation effort. The EU issues a controversial report on COVID-19 disinformation amid accusations that Europe is knuckling under to Chinese pressure. A cyberattack on wastewater treatment systems in Israel is reported. And the old Hupigon RAT is back, and looking for love. Caleb Barlow from CynergisTek on his responsibilities during an incident from the SOC operator to the CEO, guest is Dave Weinstein from Claroty on threats and existing security violations facing the U.S. critical infrastructure. For links...
Contact tracing as COVID-19 aid. [Research Saturday]
Successful containment of the Coronavirus pandemic rests on the ability to quickly and reliably identify those who have been in close proximity to a contagious individual.
Mayank Varia from Boston University describes how his team suggests an approach based on using short-range communication
mechanisms, like Bluetooth, that are available in all modern cell phones.
The research can be found here:
Anonymous Collocation Discovery:
Harnessing Privacy to Tame the Coronavirus
Learn more about your ad choices. Visit megaphone.fm/adchoices
iOS zero-days, reconsidered. Hacking during a pandemic. An old campaign connected with the ShadowBrokers comes to light. Advice on web shells. Astroturfing and influence.
An update on those iOS zero-days: they may not be as serious as assumed. Calls to take biomedical facilities off the hacking target list. Nazar and the ShadowBrokers. NSA and ASD issue joint advice on web shell malware. A report on astroturfing and influence operations. Jokers Stash lays out more stolen cards. And Nintendo reports a problem with a legacy system. Michael Sechrist from BAH on the increase in IT/OT convergence, guest is Terence Jackson from Thycotic on HIPAA, telemedicine and the new normal of data regulation. For links to all of today's stories check out our CyberWire daily news...
APT32 activity reported. Florentine Bankers patient BEC. iOS zero-days exploited in the wild. Sinkholing a cryptomining botnet. Intelligence services and gangs follow the news.
Someone, probably Vietnam, is trying to develop intelligence on Chinas experience with the coronavirus. Florentine Banker is an example of well-organized crime. iOS zero-days have been exploited in the wild; a fix is promised. A cryptomining botnet is sinkholed. And intelligence services and criminals are tuning their phishbait to current events, as they always do. Malek Ben Salem from Accenture on encrypted DNS, guest is Russ Mohr with MobileIron on why the applications that excite us about 5G are the same applications that warrant the most concern. For links to all of today's stories check out our CyberWire daily news...
COVID-19 relief. Data exposure at the SBA. Ransomware gangland. The CTL-Leagues volunteer defenders. Active measures, disinformation, and cyber deterrence.
The US Senate authorizes more COVID-19 small business relief. A data exposure at the US Small Business Administration. The CTL-League looks like a model for cyber volunteer organizations. The US Senate reports its evaluation of the Intelligence Communitys look at Russian active measures in 2016. Calls for deterrence amid a converged campaign of disinformation. Joe Carrigan from JHU ISI on Microsoft zero-days, guest is Chris Chiles from OST on what companies need to consider before implementing 5G.
For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_22.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
DPRK leadership crisis? Probably not. Economic espionage in the oil patch. COVID-19 relief fraud. US Supreme Court will take up CFAA. Virtual proctoring.
Fears about North Korean instability can wait until its determined that theres actually instability. An economic espionage campaign targeted the oil and gas sector. Much phishing surrounds government COVID-19 economic relief programs around the world. The US Supreme Court will hear a case involving the Computer Fraud and Abuse Act. And if youre studying from home, dont cheat. And teacher, maybe dont spy. Ben Yelin from UMD CHHS on training facial recognition software to recognize medical masks, guest is Gonda Lamberink from UL on making product security transparent and accessible to consumers. For links to all of today's stories check...
Update on threats to Czech infrastructure. Relief funds looted. PoetRAT vs. ICS. CISA updates essential workforce guidelines. Data breaches. Zoom-bombing.
A wave of attacks against hospitals and infrastructure in the Czech Republic seems to have been largely unsuccessful, but more may be on their way. German relief funds earmarked for small business are looted by cybercrooks. PoetRAT is active against ICS targets in Azerbaijan. CISA updates its Guidance on the Essential Critical Infrastructure Workforce. Breaches at Cognizant, Aptoide, and Webkinz World. And more Zoom-bombing. David Dufour from Webroot on AI and machine learning, guest is Kelly White of Mastercards RiskRecon on how one of their healthcare customers is tracking COVID-19 infections. For links to all of today's stories check out...
Complementary colors: teaming tactics in cybersecurity. [Research Saturday]
We often hear cybersecurity professionals talking about red teams, blue teams, and purple teams. In this episode of CyberWire-X, we investigate what those terms mean, how security teaming approaches have changed over time, and the value of teaming for organizations large and small. Join us for a lively conversation with our experts Austin Scott from Dragos, and Caleb Barlow, from Cynergistek in part one. In part 2, well also hear from Dan DeCloss from Plextrac, the sponsor of todays episode.
Learn more about your ad choices. Visit megaphone.fm/adchoices
How low can they go? A spike in Coronavirus phishing. [Research Saturday]
As much of the world grapples with the new coronavirus, COVID-19, and how to handle it, attackers are taking advantage of the widespread discussion of COVID-19 in emails and across the web. Joining us today is Fleming Shi, CTO of Barracuda discussing their report on these types of attacks, which are up 667-percent since the end of February. The research can be found here: Threat Spotlight: Coronavirus-Related Phishing To learn more about our Academic and Military discounts, visit The CyberWire and click on the Contact Us button in the Academic or Government & Military box. Learn more about your ad...
Warnings on healthcare attacks and espionage campaigns. Post-patching issues in VPNs. COVID-19 phishing. Contact tracing, for lungs and minds. Telework notes.
Czech intelligence warns of an impending cyber campaign against hospitals. The US Defense Department alerts contractors that Electric Panda is back, and after their data. Pulse Secure VPNs post- patching issues. Google blocks COVID-19 phishing emails. Apple and Google work on tracing physical contact, but Facebook is tracing contact with misinformation. Zoom offers some fixes, gets banned in India, and receives a mashnote from Larry Ellison. And notes on HIPAA and CMMC. Johannes Ullrich from SANS on exposed RDP servers while we work from home, guest is Tia Hopkins from eSentire on STEM/cybersecurity education. For links to all of today's...
US warns of DPRK cyber activity. Replacing Huawei. COVID-19-themed cybercrime and state-directed activity. Telework notes.
The US Government issues a major advisory warning of North Korean offensives in cyberspace, most of them financially motivated. Ericsson will provide BT the equipment to replace Huawei gear in its networks. Notes on COVID-19-themed cybercrime. Some temporary telework may become permanent. Disinformation from Tehran; domestic phishbait from Damascus. And to Zoom or not to Zoom? Rob Lee from Dragos with a summary of his RSA keynote, guest is Gregg Smith from Attila on cybersecurity concerns for employees working from home during the COVID-19 pandemic. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_16.html...
Energetic Bear lands at SFO. Windpower utility hit with RagnarLocker ransomware. COVID-19-themed threats. Telework advice. Zooming.
Energetic Bears pawprints seen at SFO. A leading windpower company is hit with ransomware. Advice for more secure telework. Why healthcare is an attractive target for cyberattack during a pandemic. ICANN pleads for action against scam domains. And the fortunes of Zoom. Joe Carrigan from JHU ISI on undocumented backdoors in Android apps, guest is Emily Mossburg from Deloitte on the geographical and cultural elements of privacy.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_15.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
The online stresses of the COVID-19 pandemic. APT41s backdoor campaign. Contact-tracking and privacy. Virtual court is now in online session. Zooms fortunes. And tax-season online fraud.
Demand for online services during the pandemic stresses government providers. APT41s backdoor campaign aimed at information theft. Contact-tracking apps and privacy. Some courts move to hear cases online. Zooms continuing mixed success. And did you file your tax return? The crooks might have done so for you. Ben Yelin from UMD CHHS on Microsofts reaction to Washington States new facial recognition law, guest is Francis Dinha from OpenVPN on remote working during the COVID-19 pandemic.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_14.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ill-received pranks. SFO breach. Silicon Valley cooperates on contact tracking. COVID-19 disinformation and scams. Notes on ransomware and booter services.
Vandals prank victims with security researchers names. San Francisco International discloses compromised networks. Google and Apple cooperate on contact tracking tech. Chinese disinformation campaigns rely on ad purchases and social media amplification. Phishing attempts and other scams. Notes on ransomware. And police in the Netherlands take down some DDoS-for-hire services. Andrea Little Limbago on government created internet blackouts, guest is Herb Stapleton from the FBI on COVID-19 scams.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_13.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Profiling an audacious Nigerian cybercriminal. [Research Saturday]
By day, he is Dton, an upstanding Nigerian citizen. He believes in professionalism, hard work and excellence. Hes a leader, a content creator, an entrepreneur and an innovator; an accomplished business administrator; a renaissance man who is adored by his colleagues. But by night, he is Bill Henry, Cybercriminal Entrepreneur. We sat down with a researcher at CheckPoint for the inside scoop into this fascinating, brazen individual.
The research can be found here:
The Inside Scoop on a Six-Figure Nigerian Fraud Campaign
Learn more about your ad choices. Visit megaphone.fm/adchoices
That odd and bogus 5G meme. Malvertising. Data breach hits Pakistani mobile users. xHelper update. Data privacy and data utility. COVID-19 and cybersecurity.
The curious history of the delusion that COVID-19 has something to do with 5G. Malvertising spoofs a security companys website. Data breach hits Pakistani mobile users. xHelper is still in circulation. Data privacy versus data utility. COVID-19-driven patterns of cybercrime. And more on Zoom and the challenges of working remotely. Mike Benjamin from CenturyLink on ddosing, botnets and IoT news, guest is Nathalie Marcotte from Schneider Electric on the role cybersecurity plays in convergence of IT/OT.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_10.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Operation Pinball. Implausibly spoofed, not really official, COVID-19 emails. CISA updates US Federal telework guidance. ICO defers some big GDPR fines. Zoom agonistes. Fleeceware in Apples store.
Operation Pinball roils up Eastern Europe and the Near Abroad. Crooks who cant write idiomatic American English are spoofing emails from the White House in a COVID-19-themed phishing campaign. CISA updates telework guidelines for Federal agencies. Some GDPR fines are deferred until after the pandemic. Zoom continues to reel from its success. And fleeceware is found in the iTunes store. Caleb Barlow from CynergisTek on OODA loops, guest is Or Katz from Akamai on how current industry (and employee) phishing defenses are being bypassed by attackers. For links to all of today's stories check our our CyberWire daily news brief:...
Joint UK-US warning on COVID-19-themed cyber threats. Disinformation in the subcontinent. Public and private apps with privacy issues. A new IoT botnet. APT notes. Frontiers in biometrics.
NCSC and CISA issue a joint warning on cyber threats during the COVID-19 pandemic. Indias government seeks to limit disinformation in social media. Zoom works on privacy issues, and government contact-tracking apps face their own problems. A new DDoS botnet, dark_nexus, is out. BGP hijack questions persist. Is a front company facilitating Chinese government RATs? Spies and spyware. And a biometric advance leads from the rear. Joe Carrigan from JHU ISI on how COVID-19 is reinforcing TLS 1.0, guest is Pedram Amini from InQuest on winning the Cyber Tank contest. For links to all of today's stories check our our...
Trends in COVID-19-themed cybercrime. Social media seek to inhibit the misinformation pandemic. Corp[dot] off the market. BEC in cloud services. Investment notes. Big big fraud.
Criminals increase their targeting of hospitals and pharmaceutical companies. Ordinary scams proliferate worldwide, using COVID-19 as their bait. Social media seek to inhibit the flow of coronavirus misinformation. The commodification of zero-day exploits. Corp[dot]com is no longer available. FBI warns of business email compromise via cloud services. A quick look at investment, and, finally, something other than the Brooklyn Bridge is for sale. Ben Yelin from UMD CHHS on a class action lawsuit against Zoom, guest is Matt Davey from 1Password on shadow IT trends, security risks, and best practices for oversight. For links to all of today's stories check...
COVID-19 updates: crime, propaganda, and craziness. (Also telework.) BGP hijacking. DarkHotel sighting. Apps behaving badly. And a risk of sim-swapping.
The COVID-19 pandemic continues to drive a spike in cybercrime. Its also been the occasion for various state-operated disinformation campaigns, and for some surprisingly widespread popular delusions. Zooms acknowledgement that some traffic was mistakenly routed through China draws more scrutiny to the teleconferencing service. A possible BGP hijack is reported. DarkHotel is said to be back. Bad stuff in Google Play. And a sim-swapping risk. Malek Ben Salem from Accenture on CISO health concerns, guest is Dr. Celeste Paul from NSA on cognitive capacity and burnout. For links to all of today's stories check our our CyberWire daily news brief:...
A rough year ahead for ransomware attacks - and how to stop them. [Research Saturday]
2020 is shaping up to be a rough year. Ransomware attacks will continue to grow as cybercriminals get more sophisticated in their methods and expand their reach. Allan Liska, Senior Analyst at Recorded Future, shares their findings and predictions in a new report.
The research can be found here:
5 Ransomware Trends to Watch in 2020
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cybersecurity notes during the pandemic emergency. Twitter bots. Ransomware attack on a biotech firm. WHO updates. And how are the cyber gangs doing these days?
Geolocation in support of social distancing. Fixing vulnerabilities in a popular teleconferencing service. Twitter bots running an influence campaign against the Turkish government are taken down. A biotech firm reports a ransomware attack. More on attempts to compromise the World Health Organization. And a look at how cyber criminals are faring during the emergency. Michael Sechrist from BAH on cybercrime changes in the age of Coronavirus, guest is Admiral James Stavridis (Ret.) from Preveil on global cyber security threats and realities. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_03.html Learn more about your...
WHO email accounts prospected. Mandrake versus Android users. Vollgar versus MS-SQL servers. Ransomware and hospitals. Notes on the effects of COVID-19, and a disinformation campaign.
Attempts on World Health Organization email accounts possibly linked to Iran. Mandrake Android malware is active against carefully selected targets. Vollgar attacks Windows systems running MS-SQL Server. Hospitals remain attractive targets for ransomware gangs. Italys social security operations shut down by hacking. Coronavirus disinformation. The pandemics effects on business. And a look at the fortunes of Zoom. Andrea Little Limbago from Virtru on the global battle for information control, guest is Perry Carpenter from KnowBe4 on security awareness. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_02.html Learn more about your ad choices. Visit...
More data breaches. DPRK spearphishing. DoJ IG sees problems in FISA warrant processes. Houseparty updates. Huawei sanctions. And notes about the pandemic.
Marriott discloses a major data breach. Another insecurely configured Elasticsearch database is found, this one belonging to a secure cloud backup provider. More spearphishing from Pyongyang. The US Justice Department IG sees systemic problems in the FISA warrant process. Updates on the Houseparty affair. Huawei suggests that Beijing will retaliate against more sanctions from Washington. And more COVID-19 notes concerning the cyber sector. Joe Carrigan from JHU ISI on Safari blocking third-party cookies, guest is Monzy Merza of Splunk on becoming an InfoSec leader. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_01.html Learn...
Supply chain attack warning. CFAA clarified. COVID-19 and its economic squalls.
FBI warns of another supply chain attack, this one distributing the Kwampirs RAT. More exposed databases found. The US Computer Fraud and Abuse Act gets some clarification from a Federal Court. Security and networking companies are weathering the COVID-19 economic storm, but not without squalls, some legal, some cyber, and others just reputational. Ben Yelin from UMD CHHS on ending targeted advertising, guest is Brendan OConnor from AppOmni on the state of cloud security.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_31.html
Support our show
Learn more about your ad choices. Visit megaphone.fm/adchoices
Updates on the cyber ramifications of the coronavirus pandemic. Saudi surveillance program. Ransomware developments. Lost USB attacks are in progress.
Updates on the coronavirus and its effect on the cyber sector. Criminals spoof infection warnings from hospitals. The country of Georgias voter data has been exposed online. The Kingdom of Saudi Arabia seems to have conducted extensive surveillance of its subjects as they travel in the US. The Zeus Sphinx Trojan is back. Dharma ransomwares source code is for sale in the black market. And beware teddy bears bearing USB drives. David Dufour from Webroot on differences between privacy and security, guest is Daniel dos Santos from Forescout on Ransomware, IoT, and the impact on critical infrastructure. For links to...
Hidden dangers inside Windows and LINUX computers. [Research Saturday]
Eclypsium has issued a study that suggests the prevalence of unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacturers. Here to discuss their findings is Rick Altherr, a Principle Engineer at Eclypsium.
The research can be found here:
Perilous Peripherals: The Hidden Dangers Inside Windows and LINUX Computers.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Some notes on cyber gangland. South Koren APT using zero days against North Koreans? USB attacks. Telework challenges. CMMC remains on schedule.
Ransomware gangs dont seem to be trimming their activities for the greater good. TA505 and Silence identified as the groups behind recent attacks on European companies. An APT possibly connected to South Korea is linked to attacks on North Korean professionals. A criminal campaign of USB attacks is reported. Problems with VPNs and teleconferencing. The Pentagons CMMC will move forward on schedule. Rob Lee from Dragos on ICS resiliency in the face of Coronavirus, guest is James Dawson from Danske Bank on the unique challenges of IT Risk & Controls in global banking. For links to all of today's stories...
Advice on secure telework. Magecart infestations. DNS hijacking with a COVID-19 twist and an info-stealer hook. Patch notes. The US 5G security strategy.
NIST offers advice on telework, as does Microsoft. Things to do for your professional growth while youre in your bunker. Magecart hits Tupperware, and they wont be the last as e-commerce targeting spikes. DNS hijacking contributes to an info-stealing campaign. Apple and Adobe both patch. The US publishes its 5G security strategy. And some thoughts on the value of work, as brought into relief by a pandemic. Thomas Etheridge from Crowdstrike on their 2020 Cyber Front Lines Report, guest is Michelle Koblas from AppDynamics on third-party risk management. For links to all of today's stories check our our CyberWire daily...
APT41 is back from its Lunar New Year break. Commodity attack tools for states and gangs. Russia takes down a domestic carding crew. Restricting misinformation.
APT41 is back, and throwing its weight around in about twenty verticals. States and gangs swap commodity malware. The FSB--yes, that FSB--takes down a major Russian carding gang. Coronavirus-themed attacks are likely to outlast the pandemic. Facebook Messenger considers limiting mass message forwarding as a way of slowing the spread of COVID-19 misinformation. Joe Carrigan from JHU ISI on stimulus check scams, guest is Rachael Stockton from LogMeIn (LastPass) on the future of business network access security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_25.html Support our show Learn more about your ad...
Active ICS threats. TrickBot and TrickMo. RCE vulnerability in Windows. Google ejects click-fraud malware infested apps from Play. Attackers hit WHO, hospitals, and biomedical research.
WildPressure APT targets industrial systems in the Middle East. ICS attack tools show increasing commodification. TrickMo works against secure banking. Microsoft warns of RCE vulnerability in the way Windows renders fonts. Click fraud malware found in childrens apps sold in Google Play. DarkHotel attacks the World Health Organization. Ransomware hits Parisian hospitals and a British biomedical research firm. More COVID-19 phishbait. Ben Yelin from UMD CHHS on Coronavirus detecting cameras, guest is Allan Liska from Recorded Future on security in the time of Coronavirus. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_24.html Support...
Coronavirus fraud booms; prosecutors are taking note. Stolen data on the dark net. Software updates affected by pandemic. A new Mirai variant is out. A DDoS that wasnt.
US prosecutors begin to follow through on their announced determination to pay close attention to coronavirus fraud. Data stolen from Chinese social network Weibo is now for sale on the black market--at a discount. The pandemic affects scheduled software updates and sunsets at Google and Microsoft. A new Mirai variant is out in the wild. And a DDoS attack in Australia turns out to be just a lot of Australians in need of government services. Mike Benjamin from CenturyLink on threat actors using 3rd party file hosting, guest is Andrew Peterson from Signal Sciences on top application security attacks. For...
The security implications of cloud infrastructure in IoT. [Research Saturday]
Cloud computing is now at the center of nearly every business strategy. But, as with the rapid adoption of any new technology, growing pains persist. The key findings in these reports shed light on security missteps that are actually in practice by organizations across the globe.
Joining us in this special Research Saturday are Palo Alto Network's Matthew Chiodi and Ryan Olson. They discuss their findings in two different threat reports.
The research can be found here:
Cloud Threat Report
IoT Threat Report
Learn more about your ad choices. Visit megaphone.fm/adchoices
CISA on running critical sectors during an emergency. Disinformation, phishbait, and rumor. Whats Fancy Bear up to these days? Distinguishing altruism from self-interest.
CISA describes what counts as critical infrastructure during a pandemic, and offers some advice on how to organize work during the emergency. Iran runs a disinformation campaign--apparently mostly for the benefit of a domestic audience--alleging that COVID-19 is a US biowar operation. Intelligence services, criminals, vandals, and gossips all flack coronavirus hooey in cyberspace. Fancy Bear is back. And what would provoke good behavior among thieves? (A hint: not altruism.) Malek Ben Salem from Accenture on mobile tracking and privacy, guest is Thomas Quinn from T Rowe Price on the job of protecting a financial institution. For links to all...
EU suspects Russia of disinformation. TrickBots latest module is a brute. Parallax RAT and the MaaS black market. Pandemic hacking trends. What to do with time on your hands.
The EU suggests that Russias mounting an ongoing disinformation campaign concerning COVID-19. Russia says they didnt do nuthin. TrickBot is back with a new module, still under development, and it seems most interested in Hong Kong and the US. The Parallax RAT is the latest offering in the malware-as-a-service market. Food delivery services are now targets of opportunity for cybercriminals. Zoom-bombing is now a thing. And some advice from an astronaut. Andrea Little Limbago from Virtru with insights into her career path, guest is Tom Creedon from LookingGlass Cyber on the Asia-Pacific Cyber Conflict. For links to all of today's...
Coronavirus phishing. Money mule recruiting. Remote work and behavioral baselining. HHS incident seems to have been...an incident. Advice from NIST, and from Dame Vera Lynne.
More coronavirus phishing expeditions. Dont let idleness or desperation lead you into a money-mule scam. How do behavioral expectations change during periods of remote work? The Health and Human Services incident appears to be just that. NIST has some advice for video-conferencing and virtual meetings. And an exhortation to return to the Blitz spirit. Joe Carrigan from JHU ISI on limitations of two-factor authenticator mobile apps, guest is Johnnie Konstantas from Oracle on cloud misconfigurations and shared responsibility in the public cloud. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_18.html Support our show...
Cyberattack on US HHS probably a minor probe. Disinformation about COVID-19 continues to serve as both phishbait and disruption. US prosecutors move to stop prosecution Concord Management.
The cyberattack on the US Department of Health and Human Services seems now to have been a minor incident. Disinformation about COVID-19 and measures to contain the pandemic continues to serve as both phishbait and disruption. And US prosecutors move to stop prosecution of a Russian influence shop fingered by the Mueller investigation. Ben Yelin from UMD CHHS on HHS issuing health data rules, guest is Kevin Mitnick from KnowBe4 on the state of cybersecurity from the RSAC 2020 floor. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_17.html Support our show Learn more...
COVID-19s effects on cyberspace: disinformation, espionage, data theft, fraud, and extortion. Also far greater remote working.
COVID-19s effects on cyberspace: disinformation, espionage, data theft, fraud, and extortion. Also far greater remote working. David Dufour from Webroot on their 2020 Threat Report, guest is Simone Petrella from CyberVista on cybersecurity skills.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_16.html
Support our show
Learn more about your ad choices. Visit megaphone.fm/adchoices
TLS is here to stay. [Research Saturday]
As websites and apps more widely adopt TLS (Transport Layer Security) and communicate over HTTPS connections, unencrypted traffic may draw even more attention, since its easier for analysts and security tools to identify malicious communication patterns in those plain HTTP sessions. Malware authors know this, and theyve made it a priority to adopt TLS and thereby obfuscate the contents of malicious communication. Joining us on this week's Research Saturday is Chester Wisniewski from SophosLabs discussing their research on the subject. The research can be found here: Nearly a quarter of malware now communicates using TLS Learn more about your ad...
COVID-19 as both incentive for remote work and phishbait. Offshored trolling. A list of digital predators. US Senate doesnt extend domestic surveillance authority.
COVID-19 significantly increased remote working, and the pandemic is now a favorite lure in the phishing tackle of both intelligence services and criminal gangs. Russian trolling has been off-shored, setting up shop in Ghana and Nigeria for running influence operations against the US. Microsoft issues an out-of-band patch. Reporters Without Borders publishes its list of digital predators. And the Senate doesnt renew US domestic surveillance authorities. Thomas Etheridge from Crowdstrike on the impact of ransomware, guest is Josiah Dykstra from NSA on Cloud Vulnerabilities from an NSA viewpoint. For links to all of today's stories check our our CyberWire daily...
The return of Turla. Data exposure incidents disclosed. Beijing accuses Taipei of waging cyberwarfare against the PRC. Coronavirus disinformation.
Turlas back, this time with watering holes in compromised Armenian websites. Data exposures are reported in the Netherlands and the United States. China accuses Taiwan of waging cyberwarfare in an attempt to disrupt Beijings management of the coronavirus epidemic. The US and the EU separately undertake efforts to suppress COVID-19 disinformation. And the ins-and-outs of teleworking. Mike Benjamin from CenturyLink with Emotet updates, guest is Tom Pendergast from MediaPRO on their State of Privacy and Security Awareness Report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_12.html Support our show Learn more about your...
The Cyberspace Solarium reports. Coronavirus scams and coronavirus realities. Notes on Marchs Patch Tuesday.
The Cyberspace Solarium has released its report, as promised, and they wish to make your flesh creep. Coronavirus scams and phishbait amount to what some are calling an infodemic. Some notes on Patch Tuesday, and, finally, some words on the actual coronavirus epidemic. Joe Carrigan from JHU ISI on FBI recovering stolen funds, guest is Josh Mayfield from RiskIQ on his 2020 predictions.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_11.html
Support our show
Learn more about your ad choices. Visit megaphone.fm/adchoices
Caution in the Play store. EU power consortiums business systems hacked. Cablegate--a look back. Schulte trial ends in minor convictions, but a hung jury on major counts. The cyber underworld.
Google removes from the Play store an app nominally designed to track COVID-19 infections. An EU power distribution consortium says its business systems were hacked. An assessment of Cablegate has been declassified. Ex-CIA employee Schultes trial for disclosing classified information ends in a hung jury. The alleged proprietor of a criminal market is arrested. Crooks hack rival crooks. More US primaries are held today. And a case of identity theft in North Carolina. Ben Yelin from UMD CHHS with updates on ClearView AI, guest is Kathleen Kuczma from Recorded Future on 2019 Top Vulnerabilities List. For links to all of...
Coronavirus misinformation, phishbait, and disinformation. Ransomwares growing reach. How criminals desire for glory works against their desire to escape apprehension.
Coronavirus misinformation, coronavirus online scams, and coronavirus disinformation. Ransomware hits a steel plant, local government, and a defense contractor. And how criminals desire for glory betrays them in social media. Zulfikar Ramzan from RSA Security with three product updates, guest is Robert Waitman from Cisco on their Annual Data Privacy Benchmark study.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_09.html
Support our show
Learn more about your ad choices. Visit megaphone.fm/adchoices
Why do some developers and development teams write more secure code than others? Software is written by people, either alone or in teams. Ultimately secure code development depends on the actions and decisions taken by the people who develop the code. Understanding the human factors that influence the introduction of software vulnerabilities, and acting on that knowledge, is a definitive way to shift security to the left. On this Research Saturday, our conversation with Anita DAmico from CodeDX on which developers and teams are more likely to write vulnerable software. The research can be found here: Which Developers and Teams...
Misconfigured databases, again. Vulnerable subdomains. Dark web search engines. Troll farming. An update on the crypto wars.
Virgin Media discloses a data exposure incident, another misconfigured database. Microsoft subdomains are reported vulnerable to takeover. A dark web search engine is gaining popularity, and black market share. Researchers find that Russian disinformation trolls have upped their game. The crypto wars have flared up as the US Senate considers the EARN IT act. Tech companies sign on to voluntary child protection principles. And Huawei talks about backdoors. Thomas Etheridge from Crowdstrike on empowering business leaders to manage cyber risk, guest is Sherri Davidoff on her book, Data Breaches: Crisis and Opportunity. For links to all of today's stories check...
Credential stuffing attacks and data breaches. Coronavirus-themed phishbait is an international problem. Super Tuesday security post mortems. Huawei agonistes.
Credential stuffing affects J. Crew and Tesco customers. T-Mobile discloses a data breach. Emcor works to recover from a ransomware infestation. Coronavirus-themed emails remain common phishbait--its an international problem. US authorities are pleased with how election security on Super Tuesday went, but some local governments are recovering from self-inflicted tech wounds. And theres more on official US suspicion of Huawei. Mike Benjamin from CenturyLink on Nanocore, guest is Bil Harmer from SecureAuth on nation-state attacks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_05.html Support our show Learn more about your ad choices. Visit...
Election security--a look back at Super Tuesday. Cyberspace Solarium preview. Rapid Alert System engaged in EU. Cyber capability building in Ukraine. Cloud backups as attack surface.
A quick security retrospective on Super Tuesday, a day on which no dogs barked (or bears growled, or kittens yowled, or pandas did whatever it is that pandas do). The Cyberspace Solarium previewed the good-government framework it intends to recommend in next Wednesdays final report. The EU uses its Rapid Alert System against coronavirus disinformation. US aid will go to Ukraine for cybersecurity capability building. And backups are an attack surface, too. Joe Carrigan from JHU ISI on FBI convictions of Romanian criminals, guest is Chris Kubic from Fidelis Cybersecurity with lessons learned from securing the countrys biggest and deepest...
Vault 7, again, as Beijing names and shames. Schulte case goes to jury. Maersk to cut incident response jobs. The Cyberspace Solariums election security preview. Advice for intel collection.
Chinese security firm calls out the US CIA for Vault 7 campaigns against civil aviation. Meanwhile, the jurys out in the Joshua Shulte Vault 7 case. Incident responders in the UK may be reentering the labor market. US agencies issue a joint warning to adversaries (and joint encouragement to citizens) about election interference. The Cyberspace Solarium talks about elections. And the Justice Department offers advice on cyber threat intelligence collection. Ben Yelin from UMD CHHS on telecommunications companies in hot water with the FCC, guest is Stuart Reed from Nominet with new CISO stress research. For links to all of...
Super Tuesday eve primary jitters. DoppelPaymer hits an aerospace supplier. WordPress plugins exploited in the wild. Vote for the catphish.
Its Super Tuesday eve, and people worry about influence operations, both foreign and domestic. DoppelPaymer hits a precision manufacturer, and moves surprisingly quickly to expose stolen files. Vulnerable WordPress plugins are being exploited in the wild. And a catphish is running for Congress in Rhode Island--hes even got the blue checkmark. Johannes Ullrich from the SANS Technology Center on the development of authentication issues in iOS, guest is Elvis Chan from the FBI on election security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_02.html Support our show Learn more about your ad choices....
Application tracking in Wacom tablets. [Research Saturday]
Today's Research Saturday features our conversation with Robert Heaton, a software engineer with Stripe who penned a blog post about his disappointing discovery involving his Wacom tablet tracking his applications. The post struck a nerve and has since been widely distributed.
The research can be found here:
Wacom drawing tablets track the name of every application that you open
Learn more about your ad choices. Visit megaphone.fm/adchoices
South Carolina primary affords the next test of US election security. Cerberus evolves. Bot-driven fraud. FCC to fine wireless carriers for location data handling. FISA changes.
South Carolina prepares for tomorrows primary, confident that it will be able to conduct the vote securely and without disruption. An evolved version of the Cerberus Trojan has been spotted. Bots are making fraudulent appeals for brushfire aid to the Australian Red Cross. The FCC is preparing to fine four major wireless carriers for mishandling user geolocation data. Proposed changes to FISA surveillance in the US. And farewell to RSAC 2020. Partner is Mike Benjamin from CenturyLink with observations from RSA, guests are magicians Penn and Teller with insights on deception and social engineering. For links to all of today's...
RSAC 2020. Naming and shaming. Kitty espionage update. Wi-Fi crypto flaw. Impersonating the DNC. Ransomware gets more aggressive. When is removing a GPS tracker theft?
Naming and shaming seems to work, at least against Chinas Ministry of State Security. Iranian cyberespionage continues its regional focus. Wi-Fi chip flaws could expose encrypted traffic to snoopers. Someone, maybe from abroad, is pretending to be the US Democratic National Committee. Tips on backing up files. Ransomware gangs up their game. And that unmarked small box on your car? Go ahead: you can take it off. David Dufour from Webroot with trends and predictions from the floor at RSA, guest is Liesyl Franz from the Dept. of State on nation state cyber activities and deterrence in cyberspace. For links...
Chrome zero-day patched. Ransomware against infrastructure. Notes from RSAC 2020. Julian Assanges extradition hearing.
Google patches a Chrome zero-day. Ransomware attacks against infrastructure. DoppelPaymer prepares to dox its victims. How CISA and NSA cooperate. Dallas County, Iowa, finally drops charges against pentesters. Mr. Assanges evolving defense against extradition to the US. Notes on RSAC 2020. And if you were a superhero, which superhero would you be? Justin Harvey from Accenture on his RSA observations, guest is Keith Mularski from EY on ransomware.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_26.html
Support our show
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cloud Snooper is out and about. US states contracts with Chinese vendors. Voatz receives more scrutiny. Facebooks troll hunt--no joy this time. Notes from RSAC 2020.
Cloud Snooper is infesting cloud infrastructure servers. A China-skeptical advocacy group draws attention to US states contracts with Chinese vendors that arent named Huawei. Senator Wyden would like the security company that audited the Voatz to explain the clean bill of health it gave the voting app. Facebooks campaign troll hunt comes up empty, so far, this time. And what were seeing and hearing at RSAC 2020. Our Chief Analyst Rick Howard on SASE and what hes looking for at RSA, guest is Dr. Chenxi Wang from Rain Capital previewing her panel at RSA and discussing innovations in the industry....
Reactions to allegations in Georgias October cyber incidents. Commodification of spamming kit. Satellite vulnerabilities. Election security. FISA reauthorization? Mr. Assanges extradition. RSAC 2020.
The EU condemns Russian cyberattacks on Georgia, and Russia says Russia didnt do it--its all propaganda. Skids can buy spamming tools for less than twenty bucks. Satellite constellations offer an expanding attack surface. Amid continuing worries about US election security, the question of Russian trolling or home-grown American vitriol arises in Nevada (but the smart moneys on the U S of A). FISA reauthorization is coming up. And hello from RSAC 2020. Joe Carrigan from JHU ISI on SIM swappers targeting carrier employees, guest is Erez Yalon from Checkmarx on the recently published OWASP API Security Top Ten list. For...
New vulnerabilities in PC sound cards. [Research Saturday]
SafeBreach Labs discovered a new vulnerability in the Realtek HD Audio Driver Package, which is deployed on PCs containing Realtek sound cards.
On this week's Research Saturday, our conversation with Itzik Kotler, who is Co-Founder and CTO at SafeBreach.
The research can be found here:
Realtek HD Audio Driver Package - DLL Preloading and Potential Abuses
Learn more about your ad choices. Visit megaphone.fm/adchoices
DISA data breach. More complaint against alleged GUR operations in Georgia. Trolls move from creation to curation. The UK deals with high-risk 5G vendors.
The US Defense Information Agency discloses a data breach affecting personal information of up to two-hundred thousand individuals. More international reprobation for the alleged GRU hack of Georgian websites. Trolls move from creation to curation. Stalkerware data exposure. And a look at how the UK might actually implement its compromise position on high-risk 5G vendors. Joining us in studio, a surprise new addition to the CyberWire team, guest is Aisling MacRunnels from Synack on women in cyber. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_21.html Support our show Learn more about your ad...
UK, US blame Russia for 2019 Georgia hacks. Senator Sanders thinks Russian bots could impersonate supporters. Mr. Assanges extradition. MGM Resorts breach. Ms Winner wants a pardon.
British and American authorities blame Russias GRU for last Octobers defacement campaign against Georgian websites. Senator Sanders thinks maybe some of his apparent supporters are Russian bots--the ones who are tweeting bad stuff in social media. Julian Assange says he was offered a pardon to say the Russians didnt meddle with the DNC. Stolen data from MGM Resorts turns up in a hacker forum. NSA leaker Reality Winner would like a pardon. Justin Harvey from Accenture on staying prepared against potential Iranian cyberattacks, guest is Jamie Tomasello from Cisco Duo on cognitive capacity and burnout. For links to all of...
Ransomware hits US natural gas pipeline facility. DRBControls espionage campaign. Firmware signing. No bill of attainder against Huawei. A mistrial in the Vault 7 case?
CISA reports a ransomware infestation in a US natural gas compression facility--it arrived by spearphishing and there are, CISA thinks, larger lessons to be learned. A new threat actor, possibly linked to Chinas government, is running an espionage campaign against gambling and betting operations in Southeast Asia. More notes on firmware signatures. Huawei loses one in US Federal Court, and the defense asks for a mistrial in the Vault 7 case. Caleb Barlow from CynergisTek on Wigle and the impact your SSID name can have on your privacy, guest is Anita DAmico from CodeDX on which developers and teams are...
Fox Kitten campaign linked to Iran. LokiBots new clothes. Unsigned firmware. Iowa Democratic caucus post-mortem. SoftBank and the GRU. Hacker madness.
Fox Kitten appears to combine three APTs linked to Iran. LokiBot is masquerading as an installer for Epic Games. Unsigned firmware found in multiple devices. Extortionists threaten to flood AdSense banners with bot traffic. China says the Empire of Hackers is in Washington, not Beijing. Iowa Democratic caucus IT post-mortems continue. Japan connects SoftBank breach to GRU. And more on that hacker-madness poster from the West Midlands. Ben Yelin from UMD CHHS on wireless carriers selling location data. Guest is Kaitlin Bulavinetz from Washington Cyber Roundtable on facilitating conversations among the industry. For links to all of today's stories check...
If you can't detect it, you can't steal it. [Research Saturday]
BGN Technologies, the technology transfer company of Ben-Gurion University (BGU) of the Negev, Israel, is introducing the first all-optical stealth encryption technology that will be significantly more secure and private for highly-sensitive cloud computing and data center network transmission. Joining us in this special Research Saturday is BGN's Dan Sadot who helped pioneer this technology.
The Research can be found here:
Ben-Gurion University Researchers Introduce the FirstAll-Optical, Stealth Data Encryption Technology
Learn more about your ad choices. Visit megaphone.fm/adchoices
Huawei gets a RICO prosecution. Details on DPRK Hidden Cobra Trojans. Google takes down Chrome malvertising network. Run DNC. Hacker madness. Happy St. Valentines Day.
The US indicts Huawei for racketeering. The FBI and CISA release details on malware used by North Koreas Hidden Cobra. Iran attributes last weeks DDoS attack to the US. Google takes down a big malvertising and click-fraud network that exploited Chrome extensions. Reports surface of DNC involvement in IowaReporterApp. Not all official advice is necessarily good advice. And if things dont work out with your object of affection, dont spy on their social media accounts, OK? Craig Williams from Cisco Talos with updates on JhoneRAT. Guest is Shuvo Chatterjee from Google on their Advanced Protection Program (APP). For links to...
Internecine phishing in the Palestinian Territories. What could Iran do in cyberspace? US Census 2020 and cybersecurity. Mobile voting. How to make bigger money in sextortion.
Researchers report phishing campaigns underway in the Palestinian Territories. They appear to be a Hamas-linked effort targeting the rival Fatah organization. FireEye offers a summary of current Iranian cyber capabilities. The GAO warns that the Census Bureau still has some cyber security work to do before this years count. Researchers call mobile voting into question. And some observations about why some extortion brings in a bigger haul than its rivals. Johannes Ullrich from SANS Technology Center on IoT threats. Guest is Darren Van Booven from Trustwave on how to know if the CCPA applies to your organization. For links to...
Facebook takes down coordinated inauthenticity. US says its got the goods on Huawei. EU will leave facial recognition policy up to member states. Patch Tuesday. Counting on the caucus.
Facebook takes down coordinated inauthenticity from Myanmar, Vietnam, Iran, and Russia. The US says its got the goods on Huaweis backdoors. Notes on Patch Tuesday. The EU backs away from a five-year moratorium on facial recognition software. Switzerland takes a look at Crypto AG. And the Nevada Democratic caucus a week from Saturday will use iPads, Google Forms, and some tools to process the results. Thats tools, Jack, not apps. Ben Yelin from UMD CHHS on the Senate GOP blocking election security bills. Guest is Christopher Hadnagy from Social-Engineer, LLC on social engineering trends they are tracking. For links to...
Pyongyangs guide to hacking on behalf of rogue regimes. RATs in the supply chain? Data exposures and data breaches. Securing elections (and caucuses, too).
Pyongyang establishes a template for pariah states trying to profit in cyberspace. The FBI warns that theres a RAT in the ICS software supply chain. The US has a new counterintelligence strategy, and cyber figures in it prominently. Likuds exposure of Israeli voter data may benefit opposition intelligence services. Notes on the Equifax breach indictments. As New Hampshire votes in its primaries, CISA warns everyone not to get impatient. And Iowa? Still counting. Robert M. Lee from Dragos on their recent report, Industrial Cyber Attacks: A Humanitarian Crisis in the Making. Guest is Andrew Wajs from Scenera on the NICE...
US indicts PLA officers in Equifax hack. Pyongyang shows pariah states how its done. DDoS in Iran. Updates on Democratic Party caucus IT issues. Likud has a buggy app, too.
US indicts four members of Chinas Peoples Liberation Army in connection with the 2017 Equifax breach. North Korea establishes an Internet template for pariah regimes sanctions evasion. Iran sustained a major DDoS attack Saturday. US Democratic Party seeks to avoid a repetition of the Iowa caucus in other states as the Sanders campaign asks for a partial recanvas. Israels Likud Party involved in a voter database exposure incident via its own app. Joe Carrigan from JHU ISI with a look back at the Clipper chip. Guest is Shannon Brewster from AT&T Cybersecurity with thoughts on election security. For links to...
The Chameleon attacks Online Social Networks. [Research Saturday]
The Chameleon attack technique is a new type of OSN-based trickery where malicious posts and profiles change the way they are displayed to OSN users to conceal themselves before the attack or avoid detection. Joining us to discuss their findings in a new report entitled "The Chameleon Attack: Manipulating Content Display in Online Social Media" is Ben-Gurion University's Rami Puzis.
The research can be found here:
The Chameleon Attack: Manipulating Content Display in Online Social Media
Demonstration video of a Chameleon Attack
Learn more about your ad choices. Visit megaphone.fm/adchoices
Chinese cyber espionage in Malaysia and Japan. Android Bluetooth bug. Google expels suspect apps from the Play store. More Iowa caucus finger-pointing. US preps indictments of Chinese nationals.
Chinese espionage groups target Malaysian officials, and two more Japanese defense contractors say they were breached, also by China. Google patches Android problems, including an unusual Bluetooth bug. Google also expels apps that wanted unreasonable permissions from the Play store. Some in Iowa say the DNC pushed an eleventh-hour security patch to IowaReporterApp. The US may indict more Chinese nationals for hacking. More Senate reporting on 2016 Russian influence. Caleb Barlow from Synergistek with more insights on hospitals and ransomware, this time from the patients perspective. Guest is Matt Cauthorn from ExtraHop comparing cloud platforms similarities and differences. For links...
Iowa caucus problems induced by buggy counting and reporting app. Bitbucket repositories used to spread malware. Gamaredon active again against Ukraine. Charming Kittens phishing.
Iowa Democrats continue to count their caucus results, and blame for the mess is falling squarely on Shadow, Inc.s IowaReporterApp. Bitbucket repositories are found spreading malware. The attack on Toll Group turns out to be Mailto ransomware. The Gamaredon Group is active, against, against Ukrainian targets. Charming Kittens been phishing. And theres a new legal theory out and about: the pain-in-the-ass defense. (We know some colleagues whod plead to that.) Justin Harvey from Accenture on DNS over HTTPS (DoH). Guest is Peter Smith from Edgewise Networks on defending against Python attacks. For links to all of today's stories check our...
Update on the Iowa Democrats bad app. DDoS warning for state election sites. DDoS trends. New ransomware tracked. Tehran spoofing emails? Nintendo hacker pleads guilty.
Iowas Democrats are still counting their caucus results, but on the other hand they werent hacked. A poorly built and badly tested app is still being blamed, and that judgment seems likely to hold up. The FBI warns of a DDoS attempt against a state voter registration site. Trends in DDoS. Some new strains of ransomware are out in the wild. Spoofed emails may be an Iranian espionage effort. And the confessed Ninendo hacker cops a plea. Craig Williams from Cisco Talos with updates on Emotet. Guest is Kurtis Minder from GroupSense on the Pros and Cons of notifying breached...
Buggy app delays count in Iowa Democratic caucus. US county election sites ill-prepared against influence ops. Twitter fixes API exploited by fake accounts. NIST on ransomware.
Iowa Democrats work to sort out app-induced confusion over Mondays Presidential caucus. A McAfee study finds widespread susceptibility to influence operations in US county websites. Twitter fixes an API vulnerability and suspends a large network of fake accounts. NISTs proposed ransomware defense standards are out for your review--comments are open until February 26th. Ben Yelin from UMD CHHS on rules regarding destruction of electronic evidence. Guest is Alex Burkardt from VERA on how to protect critical financial data beyond the corporate perimeter. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_04.html Support our show...
More on EKANS, the ransomware with an ICS kicker. Shipping company customer-facing IT disrupted in cyber incident. Coronavirus as phishbait. Election security, new DoD rules, and insider threats.
Dragos publicly releases its full report on EKANS ransomware, the first known ransomware with a real if primitive capability against industrial control systems. An Australian logistics company struggles with an unspecified malware infestation. Coronovirus fake news used as phishbait. Election security may get an early test in Iowa. The US Department of Defense issues new cybersecurity rules for contractors. And two cases of insider threats (alleged insider threats). Joe Carrigan from JHU ISI with reactions to ransomware legislation proposed in Maryland. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_03.html Support our show Learn...
Eric Haseltine on his book, "The Spy in Moscow Station." [Special Editions]
On this Special Edition, our extended conversation with Eric Haseltine on his book "The Spy in Moscow Station." The book... "tells of a time whenmuch like todayRussian spycraft had proven itself far beyond the best technology the U.S. had to offer. The perils of American arrogance mixed with bureaucratic infighting left the country unspeakably vulnerable to ultra-sophisticated Russian electronic surveillance and espionage."
Learn more about your ad choices. Visit megaphone.fm/adchoices
Tracking one of China's hidden hacking groups. [Research Saturday]
Operation Wocao (, W cao, is a Chinese curse word) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group.
We are joined by Fox-IT's Maarten van Dantzig who shares his insights into their new report entitled "Operation Wocao: Shining a light on one of Chinas hidden hacking groups".
The Research can be found here:
Operation Wocao: Shining a light on one of Chinas hidden hacking groups
Learn more about your ad choices. Visit megaphone.fm/adchoices
The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is back. T
The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is back. The Sodinokibi ransomware gang is running an essay contest. And the 2015 Ashley Madison breach keeps on giving, in the form of blackmail. Emily Wilson from Terbium Labs on the sale of points and status benefits on the dark web. Guest is Michael Sutton from Stonemill Ventures with insights from the cyber VC world. For...
Hacking the UN. Avast closes Jumpshot over privacy uproar. Facebook settles a biometric lawsuit. Data exposures, a LiveRamp compromise, and more newly aggressive ransomware.
UN agencies in Geneva and Vienna were successfully hacked last summer in an apparent espionage campaign. Avast shuts down its Jumpshot data analysis subsidiary and resolves to stick to its security last. Facebook reaches a preliminary, $550 million settlement in a privacy class-action lawsuit. SpiceJet and Sprint suffer data exposures. LiveRamp was compromised for ad fraud. And Russia blocks ProtonMail and StartMail. Caleb Barlow from Cynergistek on the business impact of ransomware on a hospital. Guest is Matthew Doan, cyberecurity policy fellow at New America, discussing his recent recent Harvard Business Review article Companies Need to Rethink What Cybersecurity Leadership...
Ransomware in industrial control systems. Phone hacks, proved and unproved. Britains compromise decision on Huawei. Wawa cards in the Jokers Stash. CardPlanet boss pleads guilty.
Snake ransomware appears to have hit industrial control systems, and may be connected to Iran. The verdict on the Saudi hack of Mr. Bezos phone seems to stand at not proven, but the Kingdom does seem to have used Pegasus intercept tools against journalists and critics of the regime. Neither the US nor China are happy with Britains decision on Huawei. Cards from the Wawa breach are on sale in the Jokers Stash. And CardPlanets boss will do some Federal time. Ben Yelin from UMD CHHS on AOCs comments during House hearings on facial recognition technology. Guest is Dan Conrad...
Huawei will play in UK infrastructure, at least a little. Citizen Lab on KINGDOM, a Pegasus operator. Avast and sale of user data. Happy Data Privacy Day.
Britain decides to let Huawei into its 5G infrastructure, just a little bit, anyway. Citizen Lab reports on its investigation of Saudi use of Pegasus spyware against journalists. Avast is again collecting user data and sharing anonymized data with a subsidiary for sale to business customers. Some Data Privacy Day thoughts on agreeing to terms and conditions, with reflections on the first systematic look at End User License Agreements, found in the final chapter of Platos Republic. Joe Carrigan from JHU ISI on evolving ransomware business models. Guest is Dr. Christopher Pierson from BLACKCLOAK with insights on the alleged Bezos...
A cyber espionage campaign is to use DNS hijacking. More observations on laffaire Bezos. Operation Night Fury versus e-commerce hackers. Farewell to Clayton Christensen.
Someone has been running a DNS hijacking campaign against governments in southeast Europe and southwest Asia, and Reuters thinks that someone looks like Turkey. Experts would like to see a more thorough forensic analysis of Mr. Bezos iPhone: that hack may look like a Saudi job, but the evidence remains circumstantial. Interpols Operation Night Fury dismantles a gang that had been preying on e-commerce. And ave atque vale, Clayton Christensen, theorist of disruptive innovation. Robert M. Lee from Dragos with 2020 predictions (reluctantly). For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_27.html Support our...
Know Thine Enemy - Identifying North American Cyber Threats. [Research Saturday]
The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases.
Selena Larson from Dragos joins us to discuss their new report North American Electric Cyber Threat Perspective.
The report can be found here:
North American Electric Cyber Threat Perspective
Learn more about your ad choices. Visit megaphone.fm/adchoices
PupyRAT is back. So is the Konni Group. Twitter storm over claims that MBS hacked Jeff Bezos. Anti-disinformaiton laws considered. Canada is ready to impose costs on cyber attackers.
PupyRAT was found in a European energy organization: it may be associated with Iranian threat actors. Another threat actor, the Konni Group, was active against a US government agency last year. Saudi Arabia maintains it had nothing to do with hacking Jeff Bezoss phone. The EU and Ukraine separately consider anti-disinformation regulations. Canada may be ready to impose costs in cyberspace. And Huaweis a threat, but whatre you gonna do? Justin Harvey from Accenture with an outlook on 2020. Guests are Hank Thomas and Mike Doniger from SCVX, describing their plan to bring a funding mechanism know as a SPAC...
Phishing with a RAT in the Gulf. More on how Jeff Bezos was hacked. Microsoft discloses data exposure. Ransomware continues to dump data. Windows 7, already back from the great beyond.
Theres more phishing around the Arabian Gulf, but it doesnt look local. Reactions to Brazils indictment of Glenn Greenwald. The forensic report on Jeff Bezoss smartphone has emerged, and the UN wants some investigating. Microsoft discloses an exposed database, now secured. Ransomware gets even leakier--if it hits you, assume a data breach. And Windows 7 is going to enjoy an afterlife in software Valhalla--you know, around Berlin. Tom Etheridge from CrowdStrike with thoughts on incident response plans. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_23.html Support our show Learn more about your ad...
The UN takes up a case of spyware; its linked to an extrajudicial killing. Glenn Greenwald indicted on hacking charges in Brazil. NetWire and StarsLord are back.
UN rapporteurs say that the Saudi Crown Prince was probably involved in the installation of spyware on Amazon founder Jeff Bezoss personal phone. Brazilian prosecutors have indicted Glenn Greenwald, co-founder of the Intercept, on hacking charges. IBM describes a renewed NetWire campaign, and Microsoft says StarsLord is back, too. And in cyberspace, theres nothing new on the US-Iranian front. Ben Yelin from UMD CHHS on surveillance cameras hidden in gravestones. Guest is Sean Frazier from Cisco Duo on their most recent State of the Auth report. For links to all of today's stories check our our CyberWire daily news brief:...
RATs, backdoors, and a remote code execution zero-day. Hoods breach Mitsubishi Electric. Telnet credentials dumped.
A new RAT goes after Arabic-speaking targets. Updates on US-Iranian tension in cyberspace. An Internet Explorer bug is being exploited in the wild; a patch will arrive in February. A pseudo-vigilante seems to be preparing Citrix devices for future exploitation. Mitsubishi Electric discloses a breach. A booter service dumps half a million Telnet credentials online. And tomorrow is the last day to file a claim under the Equifax breach settlement. Joe Carrigan from JHU ISI with the story of a random encounter that set him on his professional path. Carole Theriault speaks with Jon Fielding from Apricorn on whether or...
Some of our favorite and most trusted IoT devices help make us feel secure in our homes. From garage door openers to the locks on our front doors, we trust these devices to recognize and alert us when people are entering our home. It should come as no surprise that these too are subject to attack. Steve Povolny is head of advanced research at McAfee; we discuss a pair of research projects they recently published involving popular IoT devices. The research can be found here: McAfee Advanced Threat Research demo McLear NFC Ring McAfee Advanced Threat Research Demo Chamberlain MyQ...
Hacks, and rumors of hacks. Burisma incident under investigation. SharePoint exploitation. How to spark a run on a bank. WeLinkInfo taken down. Phishbait update.
Hacks and rumors of hacks surrounding US-Iranian tension. Ukrainian authorities are looking into the Burisma hack, and theyd like FBI assistance. The FBI quietly warns that two US cities were hacked by a foreign service. The New York Fed has thoughts on how a cyberattack could cascade into a run on banks. Arrests and a site takedown in the WeLeakInfo case. And a quick look at the chum being dangled in front of prospective phishing victims these days. Emily Wilson from Terbium Labs on synthetic identity detection. Guest is Eric Haseltine, author of The Spy in Moscow Station. For links...
Curveball proofs-of-concept. CISA warns chemical industry. Military families harassed online. Phishing the UN. Fleeceware in the Play Store. Moscow says there was no Burisma hack.
Proof-of-concept exploits for the CryptoAPI vulnerability Microsoft patched this week have been released. CISA warns the chemical industry to look to its security during this period of what the agency calls heightened geopolitical tension. Families of deployed US soldiers receive threats via social media. Someones been phishing in Turtle Bay. More fleeceware turns up in the Play Store. And Moscow heaps scorn on anyone who thinks they hacked Burisma. Craig Williams from Cisco Talos on how adversaries take advantage of politics. Guest is Ron Hayman from AVANT on how companies might leverage Trusted Advisors to proactively prepare their security response....
Disclosure, patching, and warning. Norway takes on out-of-control data sharing by dating apps. Ransomware all-in on doxing. What to do about Huawei.
NSA gives Microsoft a heads-up about a Windows vulnerability, and CISA is right behind them with instructions for Federal civilian agencies and advice for everyone else. Norways Consumer Council finds that dating apps are out of control with the way they share data. Ransomware goes all-in for doxing. The US pushes the UK on Huawei as Washington prepares further restrictions on the Chinese companies. And think twice before you book that alt-coin conference in Pyongyang. Johannes Ullrich from SANS Technology on malicious AutoCAD files. Guest is Chris Duvall from Chertoff Group with an overview of the current state of ransomware....
Microsoft patches a vulnerability NSA disclosed. Fronting for APT40 in Hainan. Fancy Bear pawed at Burisma. The NSA Pensacola shooting and the debate over encryption.
NSA discloses a vulnerability to Microsoft so it can be patched quickly. Intrusion Truth describes thirteen front companies for Chinas APT40--theyre interested in offensive cyber capabilities. Area 1 reports that Russias GRU conducted a focused phishing campaign against Urkraines Burisma Group, the energy company that figured prominently in the Houses resolution to impeach US President Trump. And the US Justice Department moves for access to encrypted communications. Joe Carrigan from JHU ISI on the security issues of Android bloatware. Guest is Haiyan Song from Splunk with 2020 predictions. For links to all of today's stories check our our CyberWire daily...
Cyber tensions and cyberwar. Chinas influence ops against Taiwan apparently backfire. Maze gang goes for doxing. SIM swapping. FBI promises FISA Court it will do better.
The FBI reiterates prudent, consensus warnings about a heightened probability of cyberattacks from Iran, but so far nothing beyond credential-spraying battlespace preparation has come to notice. The US Congress mulls the definition of act of war in cyberspace. Taiwans president is re-elected amid signs that Chinese influence operations backfired on Beijing. The Maze gang doxes a victim. SIM swapping enters a new phase. And the FBI promises the FISA Court it will do better. Ben Yelin from UMD CHHS on a Washington Post story about college campuses gathering location data on their students. For links to all of today's stories...
Profiling the Linken Sphere anti-detection browser. [Research Saturday]
Multiple e-commerce and financial organizations around the world are targeted by cybercriminals attempting to bypass or disable their security mechanisms, in some cases by using tools that imitate the activities of legitimate users. Linken Sphere, an anti-detection browser, is one of the most popular tools of this kind at the moment.
Staffan Truv is the CTO and Co-Founder of Recorded Future, he joins us to discuss their new report on the browser.
The research can be found here:
Profiling the Linken Sphere Anti-Detection Browser
Learn more about your ad choices. Visit megaphone.fm/adchoices
Updates on US-Iranian tensions, and especially on hacktivism and possible power grid battlespace preparation. Researchers complain of preinstalled malware said to be in discount Android phones.
Amid indications that both Iran and the US would prefer to back away from open war, concerns about Iranian power grid battlespace preparation remain high. Recent website defacements, however, increasingly look more like the work of young hacktivists than a campaign run by Tehran. Phones delivered under the FCCs Lifeliine Assistance program may come with malware preinstalled. And well take Cybersecurity for six hundred, Alex. Tom Etheridge from Crowdstrike on having a board of directors playbook. Guest is Curtis Simpson from Armis on CISO burnout. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_10.html...
Cyber alert remains high as the US-Iranian confrontation cools. Information ops, wipers, and energy sector targeting.
As kinetic combat abates in Iraq, warnings of cyber threats increase. US intelligence agencies warn of heightened likelihood of Iranian cyber operations. These may be more serious than the low-grade website defacements and Twitter impersonations so far observed. One operation, Dustman has hit Bahrain, and it looks like an Iranian wiper. And some notes on the Lazarus Group, and a quick look at information ops across the Taiwan Strait. Emily Wilson from Terbium Labs with details from their recent report, How Fraud Stole Christmas. Guest is Karl Sigler from Trustwave in the risks of using Windows 7. For links to...
No major Iranian cyberattacks against the US so far, as both sides appear interested in cooling off. The Cyber Solarium offers a preview of its coming report on US cyber strategy.
Iran took some missile shots at two US air bases in Iraq last night, and President Trump barked back in a late morning press conference, but actually both sides seem inclined to move toward de-escalation. No major Iranian cyberattacks have developed, despite some low-grade skid vandalism of indifferently defended sites, but CISAs warnings seem generally to be taken seriously. And the Cyber Solarium gave a preview of its recommendations for a US national cyber strategy. Caleb Barlow from CynergisTek with insights on potential cyber attacks from Iran. For links to all of today's stories check our our CyberWire daily news...
No more Iranian cyberattacks since the minor weekend vandalism, but the US Government advises all to look to their defenses. Fancy Bear is the usual suspect in Austria. A guilty plea by an insider threat.
The kittens havent scratched much so far, but the US Government and others are warning organizations to be alert to the likelihood of Iranian cyberattacks in retaliation for the combat death, by US missile, of Quds Force commander Soleimani. Fancy Bear is the usual suspect in the case of the Austrian Foreign Ministry hack. Patch your Pulse Secure VPN servers if youve got em. ToTok is back in the Play Store. And theres an executive who turned out to be an insider threat. Robert M. Lee from Dragos with a look back at 2019 ICS security issues. Guest is Tom...
Sequelae of the US Reaper strike against the Quds Force commander. Warnings of Iranian retaliation, with an emphasis on cyberspace. Espionage in Austria, and a second look at an LSE outage.
Iran vows retribution for the US drone strike that killed the commander of the Quds Force. The US prepares for Iranian action, and the Department of Homeland Security warns that cyberattacks are particularly likely. Some low-grade Iranian cyber operations may have already taken place. Austrias Foreign Ministry sustains an apparent state-directed cyber espionage attack, and in the UK authorities are taking a second look at the August outages at the London Stock Exchange. Joe Carrigan from JHU ISI, describing a clever defense against laptop theft. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_06.html...
Escalation in the Gulf as a US air strike kills Irans Quds commander. Travelex and RavnAir continue their recovery from cyberattacks. Taiwans memes against misinformation.
The US and Iran trade fire in Iraq, and a leading Iranian general is killed in a US airstrike. A corresponding escalation of cyber operations can be expected. Currency exchange Travelex continues to operate manually as it works to recover from what it calls a software virus. Theres speculation that the RavnAir incident may have been a ransomware attack. And Taiwan adopts an active policy against Chinese attempts to influence its elections. Johannes Ullrich from the SANS Technology Center on vulnerabilities in Citrix NetScaler installations. Guest is Derek Manky from Fortinet on what to expect in AI for 2020. For...
A Jira vulnerability thats leaking data in the public cloud. [Research Saturday]
Unit 42 (the Palo Alto Networks threat intelligence team) released new research on a Jira vulnerability thats leaking data of technology, industrial and media organizations in the public cloud. The vulnerability (a Server Side Request Forgery -- SSRF) is the same type that led to the Capital One data breach in July 2019.
Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks, and she joins us to share their findings.
The research can be found here:
https://unit42.paloaltonetworks.com/server-side-request-forgery-exposes-data-of-technology-industrial-and-media-organizations/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Taking down Thallium. Cloud Hopper: bigger (and worse) than thought. US tightens screws on the supply chain. The bite of winter and the scent of plums.
Microsoft takes down bogus domains operated by North Koreas Thallium Advanced Persistent Threat. The Cloud Hoppercyber espionage campaign turns out to have been far more extensive than hitherto believed. The US wants Huawei (and ZTE) out of contractor supply chains this year. India will test equipment before allowing it into its 5G networks. And the California Consumer Privacy Act is now in effect. Joe Carrigan from JHU ISI with the story of a financial advisor who payed the price for falling for a phishing scheme. Guest is Dave Burg from EY on the global perspective of cyber security risk. For...
Ron Gula and Mike Janke - VC pitfalls and how to avoid them. [Special Editions]
In this CyberWire special edition, advice from a pair of seasoned cyber security investors. Ron Gula caught our eye with an article he recently penned titled "Cyber entrepreneur pitfalls you can avoid." In it, he gathers a group of tech investors to get their takes on the dos and don'ts of pitching to venture capitalists. Ron runs Gula Tech Adventures along with his wife Cindi, where they aim to support the next generation of cyber technology strategy and policy. DataTribe's Mike Janke joins the conversation with his experiences guiding hopeful young entrepreneurs through the pitch process. Learn more about your...
Inside Magecart and Genesis. [Research Saturday]
Dan Woods is VP of the intelligence center and Shape Security. He shares insights on two noteworthy attacks tools, Genesis and Magecart. Before joining Shape Security Dan served as assistant chief agent of special investigations at the Arizona attorney general's office, where he investigated complex fraud. Prior to that, he spent 20 years with federal law enforcement agencies and intelligence organizations, including the CIA and FBI, where he specialized in information operations and cybercrime.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Pegasus and Pakistan. Whats in Legion Loader. Threats to financial markets. Seasonal scams. What would Clippy do?
Pegasus may have appeared in Pakistan. Legion Loader packs in six bits of malware in one Hornets Nest campaign. Someone may have hacked Bank of England press releases to give them a few seconds advantage in high-speed trading. Frakfurt, in the German Land of Hessen, is clearing its networks of an Emotet infection. Some seasonal, topical scams are circulating. And what would Clippy do? Craig Williams from Cisco Talos with a look back at 2019's most serious vulnerabilities. Guest is Bob Ackerman from Allegis Capital with insights on the cyber security VC environment. For links to all of today's stories...
TV program swap-out. Cyber espionage out of Beijing. US Congress in a mood to sanction. Emotet phishing spoofs Germanys BSI. A Dark Overlord pleads not guilty.
Spanish TV is temporarily replaced by Russian programming. APT20, Violin Panda, is back, and playing a familiar tune. Rancor against Cambodia. The US Congress gets frosty with China and Russia. How Zeppelin ransomware spreads. Due diligence in M&A. Germanys BSI warns of an Emotet campaign. A suspect in the Dark Overlord case is arraigned in St. Louis. The FBI collars a guy who ratted himself out over social media. David Dufour from Webroot with a review of their 2019 mid-year threat report. Guest is James Ritchey from GitLab with lessons learned on the one-year anniversary of their bug bounty program....
Steal first, encrypt later. Cobots at risk? Gangnam Industrial Style looks for industrial info. Rancor update. FISC takes FBI to the woodshed. Vlad the Updater.
More ransomware steals first, encrypts later. Are cobots vulnerable to novel forms of ransomware? Gangnam Industrial Style--the espionage campaign, not the K-pop dance number. Rancor is a persistent, well-resourced, and creative APT, but without much success to its credit. The Foreign Intelligence Surveillance Court takes the FBI to the woodshed. And, hey, maybe hes really Vlad the Updater? Tom Etheridge from CrowdStrike on incident response speed and the 1-10-60 concept. Guest is Eli Sugarman from the Hewlett Foundation with the results of their CyberVisuals contest. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_18.html...
Ransomware updates. Lazarus Groups new Trojan. IoT insecurity. Exploiting older versions of WhatsApp. Mr. Assanges extradition. Door kick in IP beef. Someone naughtys still running XP.
Updates on the ransomware attacks in Florida and Louisiana. North Koreas Lazarus Group adopts a new Trojan as it shows signs of pivoting into the Linux ecosystem. Insufficient entropy in IoT key generation. Older versions of WhatsApp are vulnerable to exploitation. The state of Julian Assanges extradition to the US. Hey--this is Moscow! Whered you think you were, Iowa? And guess whos still running Windows XP? Ben Yelin from UMD CHHS on Google location data being used to find a bank robber. Guest is Michael Chertoff from the Chertoff group on the 5G transition. For links to all of today's...
Iran says it stopped a cyber espionage campaign by Chinas APT27. India closes the Internet in two states. Ransomware in Louisiana and New Jersey. National Security Letters.
Iran says its foiled a cyber espionage campaign mounted by APT27, a Chinese threat group. The Indian government responds to protests over a citizenship law in two states by sending in troops and cutting off the Internet in those states. The City of New Orleans sustains what appears to be a ransomware attack. So does a New Jersey healthcare network. And three Senators would like credit bureaus to tell them what the FBI is asking for. Joe Carrigan from JHU ISI on Twitters proposal to shift to open standards. For links to all of today's stories check our our CyberWire...
Capturing the flag at NXTWORK 2019 [Special Editions]
Capture the Flag competitions are an increasingly popular and valuable way for both cyber security students and seasoned professionals to test their skills, stay sharp and maybe even put a bit swagger on display. We set out to capture the excitement of a capture the flag event. As luck would have it, our sponsors at Juniper Networks were hosting a capture the flag hackathon at their annual NXTWork conference in Las Vegas, and they invited our CyberWire team to join them to experience it for ourselves.
Learn more about your ad choices. Visit megaphone.fm/adchoices
WAV files carry malicious data payloads. [Research Saturday]
Researchers at BlackBerry Cylance have been tracking ordinary WAV audio files being used to carry hidden malicious data used by threat actors.
Eric Milam is VP of threat research and intelligence at BlackBerry Cylance, and he joins us to share their findings.
The research can be found here:
https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Phishing for credentials. Compromised Telegram accounts. Lateral movement. Crypto Wars updates. Data retention compliance. Iago did it for the lulz.
Parties unknown are phishing for government credentials in at least eight countries. Some other parties unknown are compromising Telegram accounts in Russia. Lateral movement is in the news, but not the good, Lamar Jackson kind. A familiar order of battle in the Crypto Wars emerges, again. NSAs IG reports on SIGINT data retention. And a peek into what we suppose we must call the minds of some of the people hacking Ring systems. Daniel Prince from Lancaster University on Cyber security testbeds for IoT research. Guest is David Belson with Internet Society on Russian Sovereign Internet Law. For links to...
False flags and attack kit hijacking. Maze ransomware in Pensacola. Chinas own OS. Crypto Wars update. TrickBot phishing. And Krampus spoils Christmas.
Flying false flags, and borrowing someone elses attack tools as the mast you use to run them up. The Pensacola cyber attack has been identified as involving Maze ransomware. China moves toward building its own autarkic operating system. US Senate Judiciary Committee hearings take an anti-encryption turn. TrickBot is phishing with payroll phishbait. And Krampus malware is punishing iPhone users as they shop during the holidays. Tom Etheridge VP of services from CrowdStrike, introducing himself. Guest is Dean Sysman from Axonius on S3 security flaws. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_12.html...
Hacking in Iran? The Lazarus Group hires Trickbot. Election influence ops. Cryptowars updata. Ransomware in municipal and tribal governments. Patch Tuesday notes. Do it for State.
Iran says its stopped a cyber attack, and that an insider was responsible for a major paycard exposure. Trickbot is now working for the Lazarus Group. Influence operations both foreign and domestic concern British voters on the eve of the general election. The cryptowars are heating up again as the US Senate opens hearings on encryption. Pensacolas cyberattack was ransomware, and so too apparently was the one that hit the Cherokee Nation. And do it for state. Emily Wilson from Terbium Labs with warnings about connected gifts for children. Guest is Kevin Lancaster from ID Agent on monitoring people affected...
Pensacola under cyberattack. Notes on ransomware. The US Justice Department IG report on Crossfire Hurricane. Who let the bots out?
The city of Pensacola is hit hard by an unspecified cyberattack. Ryuk ransomware decryptors may cause data loss. A new variant of Snatch ransomware evades anti-virus protection. The US Justice Departments Inspector General has reported on the FBIs Crossfire Hurricane investigation. Another unsecured database exposes PII. Keep an eye out for Patch Tuesday updates. And its prediction season, so CyberScoop lets the bots out. Ben Yelin from UMD CHHS on legislating the right to sue online platforms. Guest is Chris Wysopal from Veracode with findings on security debt from their State of Software Security report. For links to all of...
Ocean Lotus versus car manufacturers. Ransomware versus dental practices. $5 million reward offered in Dridex case. Information operations and the UKs general election.
Ocean Lotus puts down more roots in automobile manufacturing. Ransomware hits dentists IT providers as well as a Rhode Island town. The US is offering a reward of $5 million for information leading to the arrest or--and we stress or--conviction of Dridex proprietor Maksim Yakubets. Russian influence operations seem to be aiming at stirring things up over this weeks British election. And an awful lot of Windows 7 machines still seem to be out there. Joe Carrigan from JHU ISI on McAfee predictions of two-stage ransomware extortion. For links to all of today's stories check our our CyberWire daily news...
Targeting routers to hit gaming servers. [Research Saturday]
Researchers at Palo Alto Networks' Unit 42 recently published research outlining attacks on home and small-business routers, taking advantage of known vulnerabilities to make the routers parts of botnets, ultimately used to attack gaming servers.
Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks. She joins us to share their findings.
The research can be found here:
https://unit42.paloaltonetworks.com/home-small-office-wireless-routers-exploited-to-attack-gaming-servers/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Facebook sues over ad fraud. Tampering with VPN connections. Russian disinformation in Lithuania.
Facebook sues a company for ad fraud. Unix-based VPN traffic is vulnerable to tampering. Russian disinformation in Lithuania. Apple explains why new iPhones say theyre using Location Services, even when Location Services are switched off. Researchers set a new record for cracking an encryption key. And ransomware hits a New Jersey theater. David Dufour from Webroot with a look back at 2019's nastiest cyber threats. Guest is Robert Waitman from Cisco with results from their recent Consumer Privacy Survey. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_06.html Support our show Learn more about...
Data center ransomware. Third-party breach hits telco customers. Buran and Buer on the black market. The Great Canon opens fire. Russia trolls Lithuania. Big bad BEC.
Data center operator CyrusOne sustains a ransomware attack. Another third-party breach involves a database inadvertently left exposed on an unprotected server. Buran ransomware finds its place in the black market, as does the new loader Buer. Chinas Great Cannon is back and firing DDoS all over Hong Kong. Russian trolls are newly active in Lithuania. And a business email compromise scam fleeces a Chinese venture capital firm of $1 million--enough for a nice seed round. Robert M. Lee from Dragos on the evolution of safety and security in ICS. Guest is Sean OBrien from @RISK Technologies on how states and...
Lazarus Group interested in thorium reactors? Disinformation by phishing. ZeroCleare wiper in the wild. NATO addresses cyber conflict. NotPetya litigation. Black market takedown.
North Koreas Lazarus Group may have been looking for Indian reactor design information. A possible case of Russian influence operations, served up by phishing, is under investigation in the UK. The ZeroCleare wiper malware is out and active in the wild. NATOs summit addresses cyber conflict, and a big NotPetya victim challenges insurers contentions that the malware was an act of war. And an international police action takes down a black market spyware souk. Michael Sechrist from Booz Allen Hamilton on security concerns with messaging apps like Slack. Guest is Roger Hale from YL Ventures on the changing role of...
Secondary Infektion may be back, and interested in UK elections. Quantum Dragon. FaceApp risks. PyXie RAT in the wild. An Ethereum developer is charged with helping North Korea evade sanctions.
Someone believes, or would like others to believe, that Britains National Health Service is for sale to the US. Theres no word on whether the US has offered the Brooklyn Bridge in exchange. The Quantum Dragon study summarizes Chinese efforts to obtain quantum research results from Western institutions. The FBI says FaceApp is a security threat. PyXie, a Python RAT, has been quietly active in the wild since 2018. An Ethereum developer is accused with aiding Pyongyang. Ben Yelin from UMD CHHS on a bipartisan bill requiring a warrant for facial recognition use. Guest is Earl Matthews from Verodin on...
France might go on the offensive against ransomware attackers. The UKs NCSC has been helping an unnamed nuclear power company recover from a cyberattack. A failed cyberattack targeted the Ohio Secretary of States website on Election Day. MixCloud confirms data breach. The Imminent Monitor RAT is shut down by law enforcement. And a cryptocurrency exchange loses nearly fifty-million dollars. Joe Carrigan from JHU ISI on victim blaming.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_02.html
Support our show
Learn more about your ad choices. Visit megaphone.fm/adchoices
Peter W. Singer author of LikeWar [Special Editions]
In this CyberWire special edition, an extended version of our conversation from earlier this year with Peter W. Singer. We spoke not long after the publication of his book, Like War - the Weaponization of Social Media.
Learn more about your ad choices. Visit megaphone.fm/adchoices
John Maeda author of How to Speak Machine [Special Editions]
In this CyberWire special edition, a conversation with John Maeda. Hes a Graphic designer, visual artist, and computer scientist, and former President of the Rhode Island School of Design and founder of the SIMPLICITY Consortium at the MIT Media Lab. His newly released book is How to Speak Machine - Computational Thinking for the Rest of Us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Phishing, cryptojacking, and commodity malware. New supply chain security measures. And have you heard about this Black Friday thing?
A Fullz House for Thanksgiving. Google finds that nation-state phishing continues at its customary high levels. DeathRansom, the low-end ransomware that didnt actually encrypt files, has now begun to do so. The Stantinko botnet adds cryptomining functionality. Microsoft reflects on Dexphot, and the sophistication it brings to ordinary malware. Supply chain security rules are coming to the US. A lawsuit in Tel Aviv. And some final notes on Black Friday. Daniel Prince from Lancaster University on business innovation and cyber security. Guest is Francesca Spidalieri from Salve Regina University on the importance of collaboration from all sectors. For links to...
Potentially malicious SDKs draw cease-and-desist letters. Nursing homes get ransom demands. A look back at the Sony Pictures hack. CISA offers advice on safe online shopping.
Twitter and Facebook warn of potentially malicious software development kits being used by app developers to, potentially, harvest and monetize users data. Nursing homes affected by a third-party ransomware incident receive extortion demands that amount to some $14 million. THe Hollywood Reporter retails skeptical musings about the Sony Pictures hack on the fifth anniversary of the North Korean attack. And CISA offers advice for safe holiday shopping. Justin Harvey from Accenture with thoughts on smart cities. Guest is Sam Bakken from OneSpan on mobile app developers protecting against jailbreaking. For links to all of today's stories check our our CyberWire...
Arrest by algorithm. Dangers of data enrichment. Golden Falcon in Kazakhstan. FCC vs. Huawei and ZTE. Internet sovereignty. Chuckling Squad popped for Twitter caper. Other crime and punishment.
A defection and a leak expose Chinese espionage and social control operations. Data aggregation and enrichment seem to underlie a big inadvertent data exposure. Something seems to be up in Kazakhstans networks. The US FCC takes a swing at Huawei and ZTE. Russia moves closer to its desired Internet sovereignty. A Chuckling Squad member is in custody. A spy goes to prison, cyber hoods do time, and the rats are up to no good in Estonia. Thats the rodents, not the Trojans. Caleb Barlow from Cynergistek with insights gained from a scammers call. For links to all of today's stories...
Mustang Panda leverages Windows shortcut files. [Research Saturday]
Researchers at Anomali have been tracking China-based threat group, Mustang Panda, believing them to be responsible for attacks making clever use of Windows shortcut files.
Parthiban is a researcher at Anomali, and he joins us to share their findings.
The research is here:
https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations
Learn more about your ad choices. Visit megaphone.fm/adchoices
Sandworm in Google Play. Internet sovereignty. Bogus accounts on LInkedIn. Pupil becomes teacher. Six-year sentence for DDoS. Big bug bounty at Google. Ransomware updates. Pegasus inquest.
Google researchers provide a Sandworm update. Internet sovereignty considered: an aid to law enforcement or a means of social control. LinkedIn reports on the 21-million bogus accounts it closed over the past year. Teacher becomes pupil as marketing learns from informaiton operators. Ohio man gets six years in Akron DDoS case. Ransomware case updates. A Parliamentary inquiry in India will look into the deployment of Pegasus against WhatsApp users. Craig Williams from Cisco Talos on the Panda cryptominer. Guest is Keenan Skelly from Circadence on getting the younger generation excited about cyber. For links to all of today's stories check...
Refined Kitten paws at ICS. Debunking BlueKeep rumors. FBI warns Detroit of cyber threats. The UNs long deliberation over cybercrime. Cryptowars. 5G security and a 5G czar. Ransomware updates.
Refined Kitten seems to be up to something, perhaps in the control system world. Microsoft debunks claims about Teams, BlueKeep, and Doppelpaymer ransomware. The FBI warns the auto industry that its attracting attackers attention. A new attack technique, RIPlace, is described. Phineas Fishers bouty, considered. The UN, the AG, and the course of the cryptowars. Does America need a 5G czar? And ransomware from Baton Rouge to Rouen. Michael Sechrist from BAH on third party malware risks. Guest is Bill Connor from SonicWall with results from their Q3 Threat Data Report. For links to all of today's stories check our...
Louisiana works to recover from Mondays ransomware attack. Gekko Group sustains a massive data exposure. US student charged with coding for ISIS.
Louisiana works to recover from Mondays ransomware attack. The HydSeven criminal group is delivering Trojans via spearphishing. A hotel reservation company sustained a massive data exposure. Indias government says its legally permitted to surveil citizens devices when its deemed necessary. Google, Facebook, Apple, and Amazon answer questions for Congresss antitrust inquiry. A Chicago student is charged with coding for ISIS. And the National Security Agency offers advice for implementing TLSI. David Dufour from Webroot with findings from their midyear threat report . Guest is Bill Harrod from MobileIron on biometric data in the federal space. Learn more about your ad...
Ransomware recovery in Louisiana. DPRK phishing for aerospace jobseekers? Cybercrime campaigns. Notes on current legal matters.
Louisiana recovers from a ransomware attack against state servers. North Korea appears to still be interested in Indian industry--this time its people looking for jobs at Hindustan Aeronautics. Compromised CMS distributing info-stealing Trojans. HydSeven mounts a cross-platform spearphishing campaign. Macys and Magecart. Thoughts on supply chain security and cyber deterrence. And some legal updates, including some alleged academic money laundering. Ben Yelin from UMD CHHS on your rights to images you post of yourself online. Guest is Tom Miller from ClearForce on continuous discovery of insider threats. For links to all of today's stories check our our CyberWire daily news...
Disney+ credentials hacked. Kudankulam reassurance. Chinese, Iranian documents leak. Iran and Venezuela restrict Internet access. Russia proposes Internet control treaty. Hacktivist notes.
Disney+ credentials already on sale in the black market souks. India reassures nuclear power partners that the Kudankulam incident didnt compromise safety. Documents pertaining to Chinese and Iranian security operations leak. Internet restrictions go into force in Iran and Venezuela. Russia offers an Internet control treaty at the UN. The Lizard Squad might be back, and Phineas Fisher has also resurfaced. And happy birthday, CISA. Joe Carrigan from JHU ISI on the NICE conference.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_18.html
Support our show
Learn more about your ad choices. Visit megaphone.fm/adchoices
Sodinokibi aka REvil connections to GandCrab. [Research Saturday]
Researchers at McAfee's Advanced Threat Research Team have been analyzingSodinokibi ransomware as a service, also known as REvil. John Fokker is head of cyber investigations for McAfee Advanced Threat Research, and he joins us to share their findings.
The research is here:
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Pemex ransomware update. Spearphishing with spoofed government phishbait. Trojan two-fer. AntiFrigus ransomware avoids C-drive files. BLE bug. DataTribes annual Challenge.
Pemex has recovered from the ransomware attack it sustained...or has it? TA2101 is spoofing German, Italian, and US government agencies in its phishing emails. A dropper in the wild is delivering a Trojan two-fer. AntiFrigus ransomware is avoiding C-drives for some reason. Ohio State researchers find a Bluetooth vulnerability. And the results of the annual DataTribe Challenge are in--we heard the three finalists pitch yesterday, and the judges have a winner. Robert M. Lee from Dragos on purple-teaming ICS networks. Guest is David Spark from the CISO/Security Vendor Relationship Podcast on marketing to CISOs. For links to all of today's...
PureLocker ransomware. APT33 update. Hong Kong and information war, in the courts and on PornHub. Facebook content takedowns. Alleged criminals prepare to face the court.
PureLocker is a new ransomware strain available in the black market. APT33 is showing a surge of activity. Lawfare and information operations in and around Hong Kong. Facebook takes down content for violating its Community Standards. And two alleged cyber criminals are facing charges: one is allegedly the former proprietor of Cardplanet, the other was selling a remote administrative tool the RCMP says was really a different kind of RAT. Justin Harvey from Accenture on the increasing use of biometrics in security. Guest is Jennifer Ayers from Crowdstrike with the insights from their Overwatch threat hunting report. For links to...
NAM hacked during US-China trade tensions. DDoS against British political parties. Pemex recovers from ransomware. Project Nightingale gets US Federal scrutiny. Patch notes.
National Association of Manufacturers hacked during Sino-American trade negotiations (and tensions). Ineffectual DDoS attacks hit both of the UKs largest political parties. Pemex says its completed recovery from ransomware. The US Department of Health and Human Services will investigate Googles Project Nightingale for possible HIPAA issues. And did BlueKeep warnings scare people into patching? Apparently not. Ben Yelin from UMD CHHS on California going after Facebook on alleged user privacy violations. Guest is Edward Roberts from Imperva on Ecommerce and bots.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Labour Party reports a cyberattack. What the Lazarus Group is up to. Platinum adds a quiet backdoor. Buran competes on price. PCI DSS compliance falling. Ahoy, Yantar.
The UKs Labour Party says it was hacked, but unsuccessfully. The Lazarus Group seems to be back out and about, and apparently interested in India. The Platinum threat actor continues to prospect Southeast Asian targets with stealthy malware, and a new backdoor. Buran tries to take black market share in the ransomware-as-a-service souk. Paycard standard compliance is down. And is that a spy ship we see, or are you just looking at the seabed, all for science? Joe Carrigan from JHU ISI with browser vulnerabilities in Chrome and Firefox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Andy Greenberg from WIRED on his book "Sandworm." [Special Editions]
In this CyberWire special edition, a conversation with Andy Greenberg, senior writer at WIRED and author of the new book "Sandworm -A New Era of CyberWar and the Hunt for the Kremlins Most Dangerous Hackers." Its a thrilling investigation of the Olympic Destroyer malware, and an accounting of the new era in which we find ourselves, where nation states can target their adversaries critical infrastructure, and the often unintended consequences that follow.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Monitoring the growing sophistication of PKPLUG. [Research Saturday]
Researchers from Palo Alto Networks' Unit 42 have been tracking a Chinese cyber espionage group they've named PKPLUG. The group mainly targets victims in the Southeast Asia region. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings.
The original research is here:
https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Warnings about Emotet and BlueKeep. Crooks test their stolen cards before the holiday shopping season. Amazon fixes Ring. Chinese security gear allegedly sold as made-in-USA.
Warnings and advice about Emotet and BlueKeep, both being actively used or exploited in the wild. Two new carding bots are in circulation against e-commerce sites. Expect more of this as criminals test stolen credentials in advance of the holiday shopping season. Amazon fixes a security flaw in its Ring doorbell. A Long Island company is charged with selling bad Chinese security systems as good made-in-USA articles. Michael Sechrist from BAH on preventing supply chain attacks. Guest is Andy Greenberg, senior writer at Wired an author of the book Sandworm A new era of cyberwar and the hunt for the...
US off-off-year elections go off OK, but dont get cocky, kids. US charges three in Saudi spy case. Adware dropping apps removed from Google Play. Patch Confluence.
The US off-off-year elections seem to have gone off largely free of interference, but officials caution that major foreign influence campaigns can be expected in 2020. Three former Twitter employees are charged with spying for Saudi Arabia. The website defacement campaign in Georgia remains unattributed. Google boots seven adware droppers from the Play Store. Phishers are using web analytics for better hauls. And nation-states are targeting unpatched Confluence. Johannes Ullrich from the SANS Technology Institute on encrypted SNI in TLS 1.3 and how that can be used for domain fronting. Guest is Kevin OBrien from GreatHorn on managing email threats....
App developers had access to more Facebook Group data than intended. Election security and disinformation. DarkUniverse described. Millions lost to business email compromise.
Facebook closes a hole in Group data access. US authorities seek to reassure Congress and the public concerning the security of election infrastructure. Disinformation remains a challenge, however, as the US prepares for the 2020 elections. Criminals catch Potomac fever as they use politicians names and likenesses as an aid to distributing malware. Kaspersky outlines the now-shuttered DarkUniverse campaign. And Nikkei America loses millions to a BEC scam. Justin Harvey from Accenture on automated incident response. Carole Theriault speaks with Kristen Poulos from Tripwire on protecting the IoT. For links to all of today's stories check our our CyberWire daily...
Ransomware in Spain. Pegasus in India. TikTok on the Huawei highway? Booz Allen predicts! And good dogs sniff out bad data.
Ransomware hits Spanish companies. Pegasus continues to excite controversy in India. TikTok applies for Big Techs good-citizen club, but has apparently so far been blackballed. Booz Allen offers nine predictions for 2020: balkanization, supply chain threats, automotive data theft, war-droning, satellite hacks, tougher attribution, election interference, missiles against malware, and Olympic interference. And good dogs go after bad guys data storage devices. Ben Yelin from UMD CHHS on AT&Ts claims that they cannot be sued for selling location data to bounty hunters. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_05.html Support our show...
BlueKeep is exploited for cryptojacking. Ransomware hits Canadian provincial government. Pegasus lands in India. Magecart, GandCrab updates. US Cyber Command deploys to Montenegro.
BlueKeep is being exploited in the wild, not too seriously, yet, but you should still patch. Nunavuts government is recovering from a ransomware attack is sustained Saturday morning. The NSO Group controversy spreads into an Indian politcal dust-up. Different Magecart groups are found to be be independently hitting the same victims. GandCrab provided a new template for the cyber underworld. And US Cyber Command deploys to Montenegro. Joe Carrigan with thoughts on the Coalfire pentesters criminal case. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_04.html Support our show Learn more about your ad...
Insider Threats [Special Editions]
Whats an insider threat? Loosely, its a threat that operates from within your organization. In this CyberWire special edition, our UK correspondent Carole Theriault speaks with experts wholl talk us through the different ways insider threats manifest themselves.
A quick note - when Carole interviewed Dr. Richard Ford he was with Forcepoint. Hes since moved on to Cyren.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Usable security is a delicate balance. [Research Saturday]
Until recently, usability was often an afterthought when developing security tools. These days there's growing realization that usability is a fundamental part of security. Lorrie Cranor isdirector of the CyLab Usable Privacy and Security lab (CUPS) at Carnegie Mellon University. She shares the work she's been doing with her colleagues and students to improve security through usability.
The research can be found here:
https://www.cylab.cmu.edu/news/2019/07/29-usability-history.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyber espionage. Russia tries Web autarky. The US will investigate TikTok. A bad keyboard app is out of Google Play but still in circulation. Crime comes to e-sports. Happy hundredth, GCHQ.
FireEye warns of Messagetap malware and its spying on SMS. NSO Groups Pegasus troubles seem to be expanding. Russia prepares to disconnect its Internet. The US opens a national security investigation into TikTok. An Android keyboard app is making bogus purchases and doing other adware stuff. E-sports draw criminal attention. And happy birthday, GCHQ. Robert M. Lee from Dragos on why its important for him to set aside time for teaching. Guest is Phil Quade from Fortinet on his recently published book, The Digital Big Bang, which makes an analogy between the Big Bang that created our Universe, and the...
Malware in nuclear plant business system, but not in control systems. Facebook versus inauthenticity and spyware. Twitter refuses political ads. NIST wants comments. Cyber risk a factor in credit ratings.
The Kudankulam Nuclear Power Plant confirms it had malware in a business system, but that control systems were unaffected. Franchising coordinated inauthenticity. Facebook deletes NSO Group employees. Twitter says it will no longer accept political ads. NIST wants your comments. And Moodys appears ready to consider cyber risk in its credit ratings. Ben Yelin from UMD CHHS on Europeans' right to repair. Guest is part two of my interview with Tanya Janca from Security Sidekick on web application inventory and vulnerability discovery. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_31.html Support our show...
WhatsApp sues NSO Group over Pegasus distribution. Georgia continues its recovery, as does Johannesburg. Facebook stops more inauthentic action. A Bed, Bath, and Beyond breach.
WhatsApp sues NSO Group for spreading Pegasus intercept software through WhatsApps service. Georgia continues its recovery from the large website defacement campaign it suffered at the beginning of the week. Facebook ejects more inauthenticity. Johannesburg hangs tough on cyber extortion. Money laundering finds its way into online games. Norsk Hydros insurance claim. An update on pentesting in Iowa. And Bed, Bath, and Beyond sustains a data breach. Awais Rashid from Bristol University on securing large scale infrastructure. Guest is Tanya Janca from Security Sidekick on finding mentors and starting her own company.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Fancy Bear paws at anti-doping agencies. Johannesburg says no to the Shadow Kill Hackers. Adwind jRATs new misdirection. US FCC versus Huawei, ZTE. Georgia hacked.
Fancy Bear is pawing at anti-doping agencies, again, suggesting more to come for the 2020 Tokyo Olympics. Johannesburg has declined to pay the Shadow Kill Hackers the money they demanded. Adwind jRAT has gotten a bit harder to detect. The US FCC is considering a measure that would prevent certain funds from being used to purchase Huawei or ZTE gear. Pwn2Own goes ICS. Georgia is hit by unknown hackers, and Magecart appears in an American Cancer Society website. Daniel Prince from Lancaster University on risk management and uncertainty. Guest is Robb Reck from Ping Identity with their research, 5 Steps...
Actionable intelligence, and the difficulty of cutting through noise. Extortion hits Johannesburg. Criminal-to-criminal markets. Whos more vulnerable to phishing, the old or the young?
Actionable intelligence, culling signal from noise, and the online resilience of threat groups. Ransomware hits a legal case management system. The city of Johannesburg continues its recovery from an online extortion attempt. The Raccoon information stealer looks like a disruptive product in the criminal-to-criminal market: not the best, but good enough, and cheaper than the high-end alternatives. And whos more vulnerable to scams: seniors or young adults? Its complicated. Joe Carrigan from JHU ISI on Metasploit as a tool for good or bad. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_28.html Support our...
Masad Steals via Social Media. [Research Saturday]
Researchers at Juniper Networks have been tracking a trojan they call Masad Stealer, which uses the Telegram instant messaging platform for part it its command and control infrastructure. (Telegram wasn't hacked; it's the innocent conduit.) Mounir Hahad is head of Juniper Threat Labs at Juniper Networks and he joins us to share their findings
The original research is here:
https://forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559
Learn more about your ad choices. Visit megaphone.fm/adchoices
Spearphishing the UN and NGOs. Clickware kicked out of app stores. ICS security notes. Close-reading the Turla false-flag reports. A good use for the dark web. Senators call for investigations.
A spearphishing campaign is found targeting humanitarian, aid, and policy organizaitons. Google and Apple remove clickfraud-infested apps from their stores. A last look back at SecurityWeeks 2019 ICS Cyber Security Conference, which wrapped up in Atlanta yesterday afternoon. Close- reading GCHQ and NSA advisories. The BBC takes to the dark web, in a good way. And Senators call for investigations of Amazon and TikTok. David Dufour from Webroot with research on phishing. Guest is Jeremy N. Smith, author and host of The Hacker Next Door podcast. For links to all of today's stories check our our CyberWire daily news brief:...
Clouds are back after being out. Bitpaymer hits German manufacturer. Cross-plaform mobile malware. SecurityWeeks 2019 ICS Cyber Security Conference.
AWS and Google Cloud are back up after early week unrelated outages. A German automation tool manufacturer discloses a ransomware infestation. Mobile malware in the spies toolkit. The FBIs Protected Voices share election secuirty informaiton. Notes from SecurityWeeks 2019 ICS Cyber Security Conference. NCSCs annual report. And people have things to say about backdoors, bribes, and those aliens at Area 51. (Chemtrails, too.) Craig Williams from Cisco Talos with an update on Emotet. Guest is Dave Weinstein from Claroty discussing threats to critical infrastructure. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_24.html Support...
Criminal connections. The risky business of acquisition. Joker is back, and its not funny. Most dangerous celebrities. Notes from SecurityWeeks ICS Cyber Security Conference.
Magecart Group 5 is linked to the Carbanak gang. Another recently acquired reservation systems brings a headache to hospitality. Another app is found to carry the Joker malware. Some more notes from SecurityWeeks ICS Cyber Security Conference in Atlanta, where the emphasis remains on attention to detail and taking care of first things first. And a list of the most dangerous celebrities offers a peek into the bad actors tackle box. Ben Yelin from UMD CHHS on a federal injunction against a company scraping user profiles from LinkedIn. Guest is Mandy Rogers from Northrop Grumman, on her own professional journey...
More coordinated inauthenticity taken down. The Westphalian system and cyber conflict. VPNs and an AV company sustain incidents. Assange and extradition.
Facebook takes down more coordinated inauthenticity from Iran and Russia, and announces a new transparency policy about news sources. The former NSA Director schools an ICS security audience on the Westphalian system. Three VPNs and one antivirus provider sustain breaches that may be contained, but that may also derive from exploitation of phantom accounts. Microsoft gets more EU scrutiny. And Mr. Assange gets another day in court. Johannes Ullrich from the SANS Technology Institute on phishing targeting the financial industry. Guest is Ori Eisen from Trusona on moving beyond phone numbers, usernames and passwords online. For links to all of...
Not every incident is necessarily an attack. Not everything that purrs is a kitten (sometimes its a bear that would like you to think its a kitten). ICS security notes.
Some notes on not jumping to conclusions that incidents are cyber attacks. A false flag operation shows the difficulty of attribution: not everything that purrs is a kitten, because sometimes its a bear. Notes from the ISC Security Conference in Atlanta, including some reflections on the criminal markets business cycle, the dangers of social engineering, and the importance of attending to the fundamentals. And the Vatican fixes a bug. Joe Carrigan from JHU ISI on the ease with which ones identity can be determined using previously anonymized data sets. For links to all of today's stories check our our CyberWire...
Hoping for SOHO security. [Research Saturday]
Researchers at Independent Security Evaluators (ISE) recently published a report titledSOHOpelessly Broken 2.0, Security Vulnerabilities in Network Accessible Services. This publication continues and expands previous work they did examiningsmall office/home office (SOHO) routers, network-attached storage devices (NAS), and IP cameras.
Shaun Mirani is a security analyst at ISE, and he joins us to share their findings.
The original research is here:
https://www.ise.io/whitepaper/sohopelessly-broken-2/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Clickfraud and third-parties (both SDKs and stores). Trojanized TOR browser steals from Russian users. WiFi bugs. Sketchy jailbreak. Big Tech on free speech. Cooperation against terrorism.
Clickfraud arrives via a third-party SDK, and the app developers who used it say they didnt know nuthin. Maybe they didnt. A Trojanized TOR browser warns its bros that, whoa, youre out of date and the police might see you, but its really just stealing the bros alt-coin. WiFi bugs are fixed in Kindle and Alexa. Dont try to jailbreak your iPhone from a sketchy Checkrain site. Two Big Tech companies take different directions on free speech. And Russia gets an assist from Uncle Sam. Craig Williams from Cisco Talos on a Tortoiseshell creating a fake veterans job site. Guest...
Cozy Bear never really left. Iran denies it suffered a US cyberattack. Malicious WAV files. Darknet dragnet hauls in child exploitation ring. Graboid infests Docker hosts.
Cozy Bear isnt back--Cozy Bear never really left at all. Iran says the Americans are dreaming: there was no cyberattack in retaliation for Irans implausibly deniable missile strikes on Saudi oil fields last month. Malicious audio files are dropping cryptominers and reverse shells into victim systems. An international dragnet collars hundreds in a darknet child exploitation sweep. And Graboid is out there, worming its cryptojacker into susceptible Docker hosts. Robert M. Lee from Dragos on their contribution to the Splunk Boss of the SOC (BOTS) capture-the-flag (CTF) competition. Guest is Chris Hickman from Keyfactor on Public Key Infrastructure. For links...
Cyber retaliation for a kinetic attack, again. Industrial espionage from China. Botnet does sextortion. Typosquatting the other candidate. A poor approach to reputation management.
The US may have retaliated in cyberspace for Irans strikes against Saudi oil fields. Chinas new C919 airliner seems to have benefited greatly from industrial espionage. An old botnet learns new tricks. Typosquatting as an election influence trick. A look at price lists in the Criminal-to-Criminal marketplace. Recovering from ransomware. And when it comes to reputation management, theres not so much a right to be forgotten as there is a right to fuggeddaboutit, if your get what we mean. Justin Harvey from Accenture on ESports gaining popularity in cyber security. Guest is Aashka, a high school junior who helped plan...
Ransomware hits US, French companies. ISPs as combat support arms. Lawful intercept gone rogue? Lazarus Group is back and in GitHub. Chinas security laws and security risks.
Ransomware hits companies in France and the US. A Finnish energy company sustains a suspicious IT incident. Turkey jams social media as it rolls tanks against the Kurds. Pegasus spyware said to be in use against Moroccan activists. Silent Librarian is still making noise. The Lazarus Group is back with a malign crypto-trading app. China tightens its cyber laws, and the EU privately warns itself that, yes, companies like Huawei are a security risk. Joe Carrigan from JHU ISI, responding to a listener question about training new employees. Carole Theriault interviews Dirk Schrader from Greenbone Networks on the security of...
Decrypting ransomware for good. [Research Saturday]
Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of ransomware they may have been infected with, and what decryptors may be available. He's written many decryptors himself, most recently for the Syrk strain of ransomware.
Links to the research and Michael's work:
https://blog.emsisoft.com/en/33885/emsisoft-releases-a-free-decryptor-for-the-syrk-ransomware/
https://id-ransomware.malwarehunterteam.com/
https://www.youtube.com/user/Demonslay335
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ransomware and a zero-day. A newly discovered espionage platform. FIN7s new tricks. Beijing speaks and Apple listens. A visit to NSAs Cybersecurity Directorate.
BitPaymer ransomware is exploiting an Apple zero-day. Attor isnt your ordinary malign faerie: its also an espionage platform thats been carefully deployed against Russian and Eastern European targets. FIN7 upgrades its toolkit. Apple does what the Chinese government asks it to do, blocking a mapping and a news app from users in China. And a look inside the black box, as we visit NSAs Cybersecurity Directorate. Awais Rashid from Bristol University on the need for real-world experimentation. Guest is Kumar Saurabh from LogicHub on the importance of making breach forensics public. For links to all of today's stories check our...
Alleged DIA leaker. Europol cybergang study. Protecting the DIB. Chinese information operations.
A US Defense Intelligence Agency analyst has been charged with leaking national defense information. Europol releases its 2019 Internet Organized Crime Threat Assessment. NSA Director Nakasone says the Agencys Cybersecurity Directorate will first focus on protecting the Defense Industrial Base from intellectual property theft. CISA wants subpoena power over ISPs. And US companies are criticised for caving to Beijing's demands. Robert M. Lee from Dragos on regulations vs incentives when securing the electrical grid. Guest is Robb Reck from Ping Identity with results from their CISO Advisory Councils new research on Securing Customer Identity. For links to all of today's...
Twitter and two-factor authentication. Privacy concerns. The US Senate Intelligence Committee reports on Russian troll farms. Turla is back with some new tricks.
Twitter says its sorry is anything might have inadvertently happened with users email addresses and phone numbers, and that its taking steps to stop whatever might have happened from happening again. If anything actually happened. Other concerns about privacy surface elsewhere. The US Senate Intelligence Committee issues its report on influence operations in the 2016 elections. Kaspersky ties a sophisticated malware campaign to Turla. Ben Yelin from UMD CHHS on a DARPA-inspired program exploring the possibility of using predictive technology to identify dangerous individuals. Guest is Neill Sciarrone from Trinity Cyber, discussing her career and the importance of attracting women...
Riding herd on Mustang Panda. Drupalgeddon2 is out in the wild. VPN warnings and mitigations. Patch notes. An offer to share intelligence about Huawei. Presidential sites get low privacy grades.
An update on Mustang Panda, and its pursuit of the goals outlined in the Thirteenth Five Year Plan. Unpatched Drupal instances are being hit as targets of opportunity. NSA adds its warnings to those of CISA and NCSC concering widely used VPNs: if you use them, patch them. (And change your credentials). Five Senators tell Microsoft, nicely, that Redmond is naive about Huawei. Patch Tuesday is here. And US Presidential campaign websites get privacy grades. Johannes Ullrich from the SANS Technology Institute on server side request forging. Guest is Jadee Hanson from Code42 with the results of their 2019 Global...
Iran hacks for influence. Brazilian PII up for auction. Prince Harry vs. Fleet Street. Electrical infrastructure cyber risk. Paying ransom. HildaCrypt developers say theyre going straight.
Iranian threat group Phosphorus (or Charming Kitten) has been found active against US elections and other targets. A big database of PII on Brazilians is up for auction in the dark web souks. Prince Harry takes a legal whack at Fleet Street. An Atlantic Council session takes a look at electrical infrastructure cyber risk. An Alabama medical system pays the ransom to get its files back. And HildaCrypts developers say it was all in fun, and release their own keys. Joe Carrigan from JHU ISI on the wider availability of malicious lightning charging cables. For links to all of today's...
The fuzzy boundaries of APT41. [Research Saturday]
Researchers at FireEye recently released a report detailing the activities of APT41, a Chinese cyber threat group notable for the range of tools they use, their origins in the world of video gaming, and their willingness to shift from seemingly state-sponsored activity to hacking for personal gain.
Nalani Fraser and Fred Plan contributed to the report, and they join us to share their findings.
The original research is here:
https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Android vulnerability exploited in the wild. Careless spycraft. The Eye on the Nile. A new Chinese threat actor. A spoiling attack in the CryptoWars. Take election interference, please.
Project Zero warns that a use-after-free vulnerability in widely used Android devices is being exploited in the wild. Uzbekistans National Security Service continues to get stick in the court of public opinion for sloppy opsec. Check Point reports on what appears to be an Egyptian domestic surveillance operation. Palo Alto reports on a newly discovered Chinese state threat actor. A new volley in the Cryptowars. And Vlad gets out the rubber chicken. Guest is Paige Schaffer, CEO of Generali Global Assistances Identity and Digital Protection Services Global Unit, on the University of Texas ITAP report. For links to all of...
A new threat group, Avivore, is called out in the Airbus hack. Ransomware and VPN exploit warnings. EU tells Facebook to take down some content, everywhere. Spearphishing ANU. SandCats bad opsec.
Whos been hacking aerospace firms? Context Security suggests its a new Chinese threat actor, Avivore. The FBI issues a ransomware alert. The NCSC warns of active exploitation of vulnerable VPNs. The EU issues a sweeping takedown order to Facebook. US Senators ask Facebook about deep fakes. Spearphishing at the Australian National University. FireEye may be for sale. And the SandCat threat group shows poor opsec. Craig Williams from Cisco Talos on maliciously crafted ODT files. Guest is Yoav Leitersdof of YL Ventures with insights on the VC market in Israel. For links to all of today's stories check our our...
RATs, ransomware, payloads, and unsecured data: a look at the cybercriminal underground.
Sobinokibi ransomware looks more like the child of GandCrab, and McAfee has some thoughts on how ransomware-as-a-service operates. FakeUpdates are back, and theyre installing ransomware, too. The Adwind RAT is back and infesting a new set of targets: its moved on from hospitality and retail and into the oil industry. Maliciously crafted ODT files are appearing in the wild. And a big database about Russian taxpayers has appeared in an unsecured Elasticsearch cluster. Ben Yelin from UMD CHHS on a California town implementing a robot police patrol unit. Guest is Daniel Garrie from Law & Forensics on eDiscovery. For links...
Piling on sanctions. The disinformation-as-a-service black market. Technological sovereignty through R&D investment? Ransomware continues to rise. NSAs new Cybersecurity Directorate.
The oligarch behind the St. Petersburg troll farm is sanctioned, again. Recorded Future looks at disinformation and finds theres a functioning private sector market for it. The European Union seems likely to pursue technological sovereignty, at least to the tune of some R&D investment. Ransomware attacks against US state and local governments have been trending up, and that trend is likely to continue. And NSA has its new Cybersecurity Directorate. Joe Carrigan from JHU ISI on Microsoft no longer trusting built-in encryption on hard drives. Carole Theriault speaks with Simon Rodway from Entersekt about Facebooks Libra and how it may...
Industrial firms disclose cyber incidents. US DHS to check airliner cybersecurity. RCMP security case update. Bulletproof host taken down. Gnosticplayers. Royal phish.
Rheinmetall and DCC have disclosed sustaining cyber attacks. The US Government is looking at airliner cyber vulnerabilities. SimJacker is real, but recent phones seem unaffected. RCMP data misappropriation case update. German police raid a bulletproof host. Gnosticplayers may be back. And someone is sending phishing snail mail that claims the British Crown needs your help to ease the economic fallout of Brexit--a Bitcoin wallet is helpfully made available. Malek Ben Salem from Accenture labs with an overview of five threat factors influencing the cyber security landscape. For links to all of today's stories check our our CyberWire daily news brief:...
Focusing on Autumn Aperture. [Research Saturday]
Researchers at Prevalion have been tracking a malware campaign making use of antiquated file formats and social engineering to target specific groups.
Danny AdamitisandElizabeth Wharton are coauthors of the report, and they join us to share their findings.
The research can be found here:
https://blog.prevailion.com/2019/09/autumn-aperture-report.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Supply chain hacks versus Airbus. Phishing around Google Cloud. Masad Clipper and Stealer on the criminal-to-criminal market. Quick zero-day exploitation. DoorDash hack. Inside JTF Ares.
The Airbus supply chain is reported to be under attack, possibly by Chinese industrial espionage operators. Phishing campaigns impersonate Google Cloud services. A new commodity information stealer is on offer in the black market. The vBulletin zero-day was weaponized surprisingly quickly. DoorDash discloses a hack that exposed almost five million persons data. And a look at JTF Ares operations against ISIS shows commendable attention to increasing the enemys friction. David Dufour from Webroot on the need for a variety of areas of expertise in security. Guest is Caleb Barlow CEO and President of Cynergistek, discussing the security implications of being...
Lazarus Group in India. Suspected Chinese APT uses fake Narrator. Fleeceware. DNI testimony. TalkTalk hacker charged in US. Yahoo breach compensation. Chameleon spam campaign.
North Koreas Lazarus Group is active against targets in India. A suspected Chinese advanced persistent threat group is exploiting a Windows accessibility feature. Sophos warns of fleeceware. US DNI testifies efore the House Intelligence Committee. The TalkTalk hacker and an alleged accomplice are indicted on US charges. Whats involved in receiving compensation in the Yahoo breach settlement. And notes on the Chameleon spam campaign. Jonathan Katz from George Mason University with an overview of salting and hashing. Guest is Greg Martin from JASK on DOJs efforts to improve outreach with hackers. For links to all of today's stories check our...
Notes on Tortoiseshell. Fancy Bear snuffles around embassies and foreign ministries. Poison Carp targets Tibetan groups. GandCrab unretires. And Chameleons curious spam.
Tortoiseshell is trolling for military veterans. Theres been a fresh Fancy Bear sighting. The transcript of a conversation between the US and Ukrainian presidents has been released. Citizen Lab warns that Poison Carp is actively working against Tibetan groups. A zero-day afflicting vBulletin forum software is out. GandCrab comes out of retirement. And theres an odd spam campaign in circulation that looks like phishing but seems not to be. Ben Yelin from UMD CHHS on the White House blocking Congress from auditing its offensive hacking strategy. Guest is Tim Keeler from Remediant looking at lateral movement in the context of...
Utility phishing. Google wins on the right to be forgotten. Transatlantic data transfer. Responsible state behavior in cyberspace. Huawei and 5G. Permanent Record, temporarily phishbait.
APT10 has been phishing in US utilities. Google wins a big round over the EUs right to be forgotten. European courts are also considering binding contractual clauses and Privacy Shield, which together have facilitated transatlantic data transfer. Twenty-seven nations agree on responsible state behavior in cyberspace. A hawkish take on Huaweis 5G ambitions. And Edward Snowdens book is being used as phishbait (not, we hasten to say, by Mr. Snowden). Johannes Ullrich from the SANS Technology Institute on the security issues with local host web servers. Guest is Fleming Shi from Barracuda with research on city/state ransomware attacks. For links...
YouTube account hijacking. Facebook finds more apps misusing data. Cyber deterrence in the Gulf region. Huaweis CFO continues to fight extradition from Canada to the US. Pentesting blues.
YouTube creators in the car community get their accounts hijacked over the weekend. Facebook finds tens of thousands of apps behaving badly with respect to priority--the social networks announcement has been cooly received in the US Senate. The Gulf region continues to be a field of cyber as well as kinetic competition. Huaweis CFO is back in court today. And Iowa tries to sort out what it actually hired pentesters to do (and to whom they were supposed to do it.) Joe Carrigan from JHU ISI on smart TV privacy concerns. For links to all of today's stories check our...
Leaky guest networks and covert channels. [Research Saturday]
Many users of inexpensive internet routers use guest network functionality to help secure their home networks. Researchers at Ben Gurion University have discovered methods for defeating these security measures. Dr. Yossi Oren joins us to share their findings.
The original research is here:
https://www.usenix.org/system/files/woot19-paper_ovadia.pdf
Learn more about your ad choices. Visit megaphone.fm/adchoices
Coordinated inauthenticity in five countries draws action from Twitter. Cryptomining continues. Huawei fights its ban in US Federal court. Notes from CISAs Cybersecurity Summit.
Twitter details actions against coordinated inauthenticity in Egypt, the United Arab Emirates, Ecuador, Spain, and China. Tension with Iran remain high, but cyber action hasnt sharply spiked. The Smominru botnet installs malware, including miners, and kicks other malicious code out of infected machines. Panda cryptojackers are careless but effective. Huawei says its the victim of a bill of attainder. And notes from CISAs National Cybersecurity Summit. Malek Ben Salem from Accenture labs on the security aspects of facial recognition systems. Guest is Henry Harrison CTO of Garrison on Hardsec, a new approach to security that came out of the UK....
Notes from the CISA Summit. New DDoS vector reported. Medical images exposed online. Huawei and US sanctions. Engaging ISIS in cyberspace.
A quick look at CISAs National Cybersecurity Summit. A big new distributed denial-of-service vector is reported. Medical servers leave patient information exposed to the public Internet. Huawei is suspended from the FIRST group as it argues its case in a US Federal court. And one of the challenges of engaging ISIS online is that it relies so heavily on commercial infrastructure--its got to be targeted carefully. Ben Yelin from UMD CHHS on a case of compelled encryption which may be heading to the supreme court. Guest is David Talaga from Talend on how privacy fines have informed customers approach to...
Tortoiseshell threat-actor active in the Middle East. Simjacker less dangerous than thought? Decentralizing cyber attack. The Ortis affair. Mr. Snowdens book deal.
A newly discovered threat actor, Tortoiseshell, has been active against targets in the Middle East. The Simjacker vulnerability may not be as widely exploitable as early reports led many to believe. The US Army seems committed to decentralizing cyber operations along long-familiar artillery lines. Joint Task Force Ares continues to keep an eye on ISIS. Canada seeks to reassure allies over the Orts affair. And the Justice Department wants any royalties Mr. Snowdens book might earn. Daniel Prince from Lancaster University on cyber security as a force multiplier. Guest is Brian Roddy from Cisco on securing the multi-cloud. For links...
More updates on the Royal Canadian Mounted Police counterintelligence case. Australian elections and Chinas interests. ISIS howls to the lone wolves. Ed Snowden would prefer Paris to Moscow.
More notes on the RCMP espionage scandal. The CSEs preliminary assessment sounds serious indeed, and Canadian intelligence services are trying to identify and contain the damage Cameron Ortis is alleged to have done. And the other Four Eyes are doing so as well. Australia considered that a hacking incident early this spring may have been a Chinese effort to compromise election systems. ISIS is back online. And Mr. Snowden wouldnt mind asylum in France. David Dufour from Webroot with thoughts on backups. Carole Theriault interviews ethical hacker Zoe Rose, who shares insights on entering the industry. For links to all...
Espionage and counter-espionage in at least three of the FIve Eyes. New sanctions against North Korea. Password managers and flashlights.
Spy versus spy, in America, Canada, and Australia, with special guest stars from the Russian and Chinese services. The US Treasury Department issues more sanctions against North Koreas Reconnaissance General Bureau, better known as the Lazarus Group or Hidden Cobra. Russian election influence goes local (and domestic). Password manager security problems. And why does your flashlight want to know so much about you? Justin Harvey from Accenture with insights on HTTPS and phishing.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Bluetooth blues: KNOB attack explained. [Research Saturday]
A team of researchers have published a report titled, "KNOB Attack.
Key Negotiation of Bluetooth Attack: Breaking Bluetooth Security." The report outlines vulnerabilities in the Bluetooth standard, along with mitigations to prevent them.
Daniele Antonioli is from Singapore University of Technology and Design, and is one of the researchers studying KNOB. He joins us to share their findings.
The research can be found here:
https://knobattack.com
Learn more about your ad choices. Visit megaphone.fm/adchoices
CRASHOVERRIDE tried to be worse than it was. InnfiRAT scouts for wallets. Simjacker exploited in the Middle East. SINET 16 are out. Pentesting scope. Back up your files, Mayor.
The Ukrainian electrical grid hack seems, on further review, to have been designed to do far more damage than it actually accomplished. InnfiRAT is scouting for access to cryptocurrency wallets. A sophisticated threat actor is using Simjacker for surveillance on phones in the Middle East. The SINET 16 have been announced. A penetration test goes bad due to a misunderstanding of scope, and Baltimore decides, hey, it might be a good idea to back up files. Johannes Ullrich from the SANS Technology Institute on web spam systems. Guest is Rosa Smothers from KnowBe4 discussing her career journey and the importance...
The StingRays that were n DC. Old-school file formats and attack code. Ransomware becomes spyware. Joker apps ejected from the Play store. Multifaceted deterrence. Advice on BEC.
DC StingRays alleged to be Israeli devices. North Korea is slipping malware past defenses by putting it into old, obscure file formats. Ryuk ransomware gets some spyware functionality. Google has purged Joker-infested apps from the Play store. The US Defense Department explains its multifaceted approach to cyber deterrence. The FBI warns that business email compromise is on the upswing, and offers some advice on staying safe. Awais Rashid from Bristol University with warnings on accepting default settings on mobile devices. Guest is Bill Conner from SonicWall on side channel attacks. For links to all of today's stories check our our...
Cobalt Dickens, coming to a university library near you. UNICEF data exposure. Election security notes. Operation reWired arrests 281 alleged BEC scammers.
Cobalt Dickens is back, and phishing in universities ponds. UNICEF scores a security own-goal. Patch Tuesday notes. A look at US election security offers bad news, but with some hope for improvement. The US extends its state of national emergency with respect to foreign meddling in elections. And an international police sweep draws in 281 alleged BEC scammers. Ben Yelin from UMD CHHS on the privacy implications of geofencing. Guest is Drew Kilbourne from Synopsys with result of their report, The State of Software Security in the Financial Services Industry. For links to all of today's stories check our our...
US National Security Advisor to be replaced. Stealth Falcons new backdoor. DDoS, social engineering investigations proceed. Exfiltrating an agent. Patch Tuesday notes.
John Bolton is out as US National Security Advisor. A new backdoor is attributed to Stealth Falcon. Wikipedias DDoS attack remains under investigation. So does a business email compromise at Toyota Boshoku and a raid on the Oklahoma Law Enforcement Retirement Services. Vulnerable web radios get patches. The US is said to have exfiltrated a HUMINT asset from Russia in 2017. Microsoft patches 79 vulnerabilities, 17 of them rated critical. Michael Sechrist from Booz Allen Hamilton on the spillover of geopolitical issues into cyber security. Guest is Ashish Gupta from Bugcrowd on the economics of hacking and the adoption of...
BEC attack pulls millions from car parts company. Wikipedia DDoS. NERC and FERC on grid hacking. Trolling Pyongyang. Mike Hammer goes to the DMV.
A big BEC extracts more than $37 million from a major automotive parts supplier. Wikipedia suffers a DDoS attack in Europe and the Middle East. NERC and FERC get to work. Thrip may really be Billbug, and thats attribution, not etymology. Was US Cyber Command trolling North Korea on the DPRKs national day? And what does the Department of Motor Vehicles do with all the data they collect on drivers? In some US states, it seems, they sell it to private eyes. Joe Carrigan from JHU ISI on a GMail update for iOS which enables the blocking of tracking pixels....
VOIP phone system harbors decade-old vulnerability. [Research Saturday]
Researchers at McAfee's Advanced Threat Research Team recently published the results of their investigation into a popular VOIP system, where they discovered a well-know, decade-old vulnerability in open source software used on the platform.
Steve Povolny serves as the Head of Advanced Threat Research at McAfee, and he joins us to share their findings.
The original research can be found here:
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/
Learn more about your ad choices. Visit megaphone.fm/adchoices
China hacks to track. Turning the enemys weapons against them? Notes from the Billington CyberSecurity Summit. Anti-trust investigations for Facebook and, probably, Google.
Chinese intelligence and security services have been busy in cyberspace. A third-party customer leaks data it received from Monster.com. Theres a Joker in the Play Store. Some notes from the Billington CyberSecurity Summit: a military look at cyber ops, what CISAs up to, and some advice from the NCSC. Anti-trust investigations are on the way for Facebook, and it seems likely that Google will be next. Malek Ben Salem from Accenture Labs on leveraging the blockchain for AI. Guest is Doug Grindstaff from the CMMI institute, who makes the case that CISOs need to think more like VCs. For links...
Scraped data found gurgling around in an unsecured third-party database. Ransomware and election security. Spy in your pocket? (Probably not.) Guilty plea in the Satori case.
A database scraped from Facebook in the bad old days before last years reforms holds informaiton about 419 million users. The ransomware threat to election security. Notes from the Billington CyberSecurity Summit. Is your phone reporting back to Mountain View or Cupertino? Probably not, at least not in the way the Twitterverse would have you believe. And the Feds get a guilty plea in the case of the Satori botnet. Awais Rashid from Bristol University on the notion of bystander privacy. Carole Theriault speaks with Dov Goldman, Director of Risk and Compliance at Panorays on the most noteworthy third-party breaches...
Ransomware, Bitcoin, underwriters, and the bandit economy. OTA provisioning could lead to subtle phishing. Alleged spammers indicted. ZAO flashes and flickers out, for now.
A look at the ongoing ransomware epidemic, with some speculation about its connection to the criminal economy. Over-the-air provisioning might open Android users to sophisticated phishing approaches. Alleged spammers are indicted in California. And, ZAO, we hardly knew ye. Jonathan Katz from UMD on the evolution of Rowhammer attacks. Tamika Smith speaks with Troy Gill from AppRiver about cities being hit with ransomware.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_04.html
Support our show
Learn more about your ad choices. Visit megaphone.fm/adchoices
Stuxnets story. Watering hole was designed to attract Chinas Muslim minority. USBAnywhere affects some Supermicro servers. Twitters CEO has his Twitter stream hijacked.
A report on Stuxnet suggests there were at least five and probably six countries whose intelligence services cooperated in the disabling cyberattack against Irans nuclear enrichment program. The watering hole Project Zero reported last week seems to have affected Android and Windows as well as iOS devices, and appears directed against Chinas Uyghur minority. USBAnywhere vulnerability affects servers. And no, those tweets last Friday werent from Mr. Dorsey. Joe Carrigan from JHU ISI with thoughts on security onboarding as the fall semester begins. Guest is Rinki Sethi from Rubrick on the cybersecurity skills gap and the importance of diversity. For...
Emotet's updated business model. [Research Saturday]
The Emotet malware came on the scene in 2014 as a banking trojan and has since evolved in sophistication and shifted its business model. Researchers at Bromium have taken a detailed look at Emotet, and malware analyst Alex Holland joins us to share their findings.
The research can be found here:
https://www.google.com/url?q=https://www.bromium.com/resource/emotet-a-technical-analysis-of-the-destructive-polymorphic-malware
Learn more about your ad choices. Visit megaphone.fm/adchoices
Watering hole for iPhones. Dental record service hit with ransomware. Huawei reportedly under investigation for IP theft. erratic faces cryptojacking charges. Farewell to a Bletchley Wren.
Googles Project Zero releases information on a long-running watering-hole campaign against iPhone users. A dental record backup service is hit by ransomware, and the decryptor the extortionists gave them may not work. Huawei may be in fresh legal hot water over alleged IP theft. Cryptojacking charges are added to those the accused Capital One hacker faces. And we say farewell to a Bletchley Park veteran. Emily Wilson from Terbium Labs on back-to-school season in the fraud markets. Guest is the one-and-only Jack Bittner, with his insights on how middle-schoolers are handling security. For links to all of today's stories check...
Cyberattacks and intelligence trade-offs. TrickBots new interests. Fancy Bear versus machine learning. Facebook looks for more ad transparency. Retadup take-down.
Senior US officials say the June 20th attacks on Iranian networks helped stop Tehrans attacks on tankers in the Arabian Gulf. TrickBot seems to be going after mobile users PINs. Fancy Bear has taken note of machine learning and modified her behavior accordingly. Facebook revises its rules to achieve greater transparency in political and issue advertising. A multinational takedown cleans up the Retadup worm infestation. Ben Yelin from UMD CHHS on the proliferation of privately owned license plate readers. Guest is Martin Zizi from Aerendir on biometric security technologies. For links to all of today's stories check our our CyberWire...
LYCEUM active against Middle Eastern energy-sector targets. LinkedIn used to recruit spies. Autonomous car expert indicted. Imperva exposure. VPN software patches. AI writes.
LYCEUM is active against the oil and gas sector in the Middle East. Leaving government service? That nice offer from the head-hunters you got on LinkedIn may be the beginning of an approach by Chinese Intelligence. Autonomous car expert indicted for alleged theft of trade secrets. Imperva discloses a possible breach. Exploitation attempts against VPNs reported. And why did the chicken cross the road? The AIs not sure, but it thinks the chicken used LIDAR. Joe Carrigan from JHU ISI on the federal office of the CIOs Cyber Reskilling Academy graduating their first class. Guest is Peter Smith from Edgewise...
Hostinger resets passwords after an intrusion. Social media fraud. Notes on RATs and ransomware. Free decryptor for Syrk. Hedge funds go bananas.
Hostinger resets passwords after a breach. Arkose finds that more than half the social media logins they investigated during the recent quarter were fraudulent. US State governors seem likely to call on the National Guard to help with cyber incidents. A new phishing campaign is distributing the Quasar RAT. A new ransomware strain, Nemty, is out in the wild. Fortnite account encrypted? Emsisoft can help. And who knew that hedge funds liked bananas. David Dufour from Webroot on company cyber security assessments. Carole Theriault speaks with Omar Yaacoubi from Barac on the growth in encrypted hacks, and how they use...
BioWatch info potentially exposed. Scammers indicted. Ukrainian cryptojacking exposed sensitive data. Social engineering notes. Boo birds and lawsuits. Data use and privacy. Low-earth orbit hack.
BioWatch info exposed. Patched vulnerabilities are weaponized in the wild. Romance and other scam indictments name eighty defendants. Cryptomining and data exposure. Social engineering with a sheen of multi-factor authentication. Suing the boo birds and the people who let them in. The road to unhappiness is paved with mutually exclusive good intentions. And alleged identity theft from low-earth orbit. Craig Williams from Cisco Talos discussing Heavens Gate RAT. Guest is Mike Weber from Coalfire on their recently published Penetration Risk Report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_26.html Support our show Learn...
Gift card bots evolve and adapt. [Research Saturday]
Researchers at Distil Networks have been tracking online bots targeting ecommerce gift card systems of major online retailers. The threat actors show remarkable resourcefulness and adaptability. Jonathan Butler is technical account team manager at Distil Networks, part of Imperva, and he joins to share their findings.
The research can be found here:
https://resources.distilnetworks.com/all-blog-posts/giftghostbot-attacks-ecommerce-gift-card-systems
Learn more about your ad choices. Visit megaphone.fm/adchoices
Google takes down YouTube influence operation. Cryptomining in a nuclear plant. Spyware in the Google Play Store.
Google takes down YouTube accounts spreading disinformation about Hong Kong protests. Cryptomining gear seized at a Ukrainian nuclear plant. CISA outlines its strategic vision. Telcos and law enforcement team up to stop robocalls. Spyware makes it into the Google Play Store twice. And a man gets life in prison for installing hidden cameras. Awais Rashid from University of Bristol on cybersecurity risk decisions. Guest is Cathy Hall from Sila on Privileged Access Management.
Learn more about your ad choices. Visit megaphone.fm/adchoices
North Korean and Chinese cyber espionage. Updates on Texas ransomware. Steam zero-day released.
A North Korean cyber espionage campaign targets universities, think tanks, and foreign ministries. Chinese cyber spies goes after the healthcare sector. A bug hunter discloses a zero-day for Steam. Updates on the Texas ransomware attacks. Adult sites leak user information. And Veracruz fans hack their club presidents Twitter account to express their displeasure. Guest is Stewart Kantor, CFO and co-founder of Ondas Networks, on securing licensed spectrum. Emily Wilson from Terbium Labs on Phishing Kits.
Learn more about your ad choices. Visit megaphone.fm/adchoices
China criticizes Twitter and Facebook. Silence expands internationally. A popular Ruby library was backdoored.
China says Twitter and Facebook are restricting its freedom of speech. The Silence criminal gang has expanded internationally. Google, Mozilla, and Apple are blocking the Kazakh governments root certificate. A popular Ruby library was backdoored after a developers account was hacked. And scammers buy ads to place their phone numbers at the top of search results. Daniel Prince from Lancaster University on cyber risk in a global economy and guest is Rick Howard Palo Alto Networks on a study revealing Americans are confused about cybersecurity.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Chinese information operations on Twitter and Facebook. iOS jailbreak released. Adult websites leak information.
Twitter and Facebook shut down Chinese information operations. A jailbreak for the latest version of iOS is out. Facebook may have known about the view as bug. Vulnerabilities in Googles Nest cams are patched. Instagram gets a data abuse bounty program. The FCC released a report on the CenturyLink outage. And adult websites leak information. Michael Sechrist from Booz Allen Hamilton on exploits. Guest is John Bennett from LogMeIn on addressing the growing cyber threats to the SMB market.
Learn more about your ad choices. Visit megaphone.fm/adchoices
ISIS claims Kabul massacre. Huawei gets a temporary break. Texas governments hit by ransomware. Hy-Vee warns of point-of-sale attack.
ISIS claims responsibility for Kabul massacre. Huawei gets another temporary reprieve. Local governments in Texas sustain ransomware attacks. Georgia hopes to combat cyberattacks with training. Google cuts a data sharing service. Bulletproof VPN services purchase residential IPs. Smartphones could be used to carry out acoustic side channel attacks. And Hy-Vee warns of a point-of-sale breach. Joe Carrigan from JHU ISI discusses corporate password policies. Guest is Ben Waugh from RedOx talks about bug bounties in healthcare.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Detecting dating profile fraud. [Research Saturday]
Researchers from Kings College London, University of Bristol, Boston University, and University of Melbourne recently collaborated to publish a report titled, "Automatically Dismantling Online Dating Fraud." The research outlines techniques to analyze and identify fraudulent online dating profiles with a high degree of accuracy.
Professor Awais Rashid is one of the report's authors, and he joins us to share their findings.
The original research can be found here:
https://arxiv.org/pdf/1905.12593.pdf
Learn more about your ad choices. Visit megaphone.fm/adchoices
ECB sustains an intrusion into a third-party-hosted service. Norman quietly mines Monero. MetaMorph appears in a stealthy phishing campaign. Information operations.
The European Central Bank shutters a service due to a hostile intrusion. Norman quietly mines Monero. MetaMorph passes through email security filters. Some Capital One insiders thought they saw trouble brewing. Instagram crowd-sources epistemology. Deep fakes are well and good, but the will to believe probably gets along just fine with shallow fakes. US Cyber Command posts North Koreas Electric Fish malware to VirusTotal. Johannes Ullrich from the SANS Technology Institute on IP fragmentation in operating systems. Guest is John Smith from ExtraHop on the aftermath of an insurance claim.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Huawei accused of abetting domestic surveillance in Africa. Cyber gangs adapt and evolve. Prosecutors indicate theyll add charges to erratic. Bluetana detects card skimmers.
Huawei accused of aiding government surveillance programs in Zambia and Uganda. Cyber gangs are adapting to law enforcement, and theyve turned to big game hunting. Theyre also adapting legitimate tools to criminal purposes. US Federal prosecutors indicate they intend to add charges to those Paige Thompson already faces for alleged data theft from Capital One. And theres a new tool out there for detecting gas pump paycard skimmers. Malek Ben Salem from Accenture Labs on transparency and community standards online. Guest is Taylor Armerding from Synopsis on the projected employment shortfall in cyber security. Learn more about your ad choices....
Hacking the Czech Foreign Ministry. Microsoft patches new wormable bugs. More controversial human review of AI. Insecure links, exposed databases, and a California vanity plate.
The Czech Senate wants action on what it describes as a foreign states cyberattack on the countrys Foreign Ministry. Microsoft warns against the wormable DjaBlue set of vulnerabilities. More humans found training AI. Insecure airline check-in links. Exposed databases involve BioStar 2 and Choice Hotels--the latter was held at a third-party vendor. And the LAPD doesnt find a vanity license plate with the letters N-U-L-L particularly funny. David Dufour from Webroot with thoughts on cyber security insurance policies. Guest is Elisa Costante from ForeScout on building automation vulnerabilities.
Learn more about your ad choices. Visit megaphone.fm/adchoices
UN Security Council looks at North Korean cybercrime. Notes on PsiXBot and BITTER APT. The state of spearphishing. Election security. A final look back at Black Hat and Def Con.
More on the UN Security Councils report on North Korean state-sponsored cyber crime. PsiXBot evolves. BITTER APT probes Chinese government networks in an apparent espionage campaign. A study looks at the state of spearphishing. Its not just the three-letter agencies out securing US voting systems; its the four-letter agencies who are taking point. And a last look back at Black Hat and Def Con. Jonathan Katz from UMD on Apples clever new cryptographic protocol. Guest is Mike Overly from Foley and Lardner LLP on the Houses hold on the State Departments proposal for a Bureau of Cyberspace Securities and Emerging...
A look back at Black Hat and Def Con. Sometimes failures that look like accidents are accidents. Russia wants better content suppression from Google. Notes on intelligence services.
A look back at Black Hat and Def Con, with notes on technology and public policy. Participants urge people to contribute their expertise to policymakers. Power failures in the UK at the end of last week are largely resolved, and authorities say theyve ruled out cyberattack as a possible cause. Russia puts Google on notice that it had better moderate YouTube content to put an end to what Moscow considers incitement to unrest. And China says reports of criminal activity are bunkum. Joe Carrigan from JHU ISI with thoughts on corporate password policies. Guest is Ralph Russo from Tulane University...
Unpacking the Malvertising Ecosystem. [Research Saturday]
Researchers at Cisco's Talos Unit recently published research exploring the tactics, technics and procedures of the global malvertising ecosystem. Craig Williams is head of Talos Outreach at Cisco, and he guides us through the life cycle of malicious online ads, along with tips for protecting yourself and your organization.
The research can be found here:
https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Voting machine security. Airliner firmware. Attribution and deterrence in cyberwar. Monitoring social media. Broadcom buys Symantecs enterprise security business. Policing, privacy, and an IoT OS.
Are voting machines too connected for comfort? Airliner firmware security is in dispute. Attribution, deterrence, and the problem of an adversary who doesnt have much to lose. Monitoring social media for signs of violent extremism. Broadcom will buy Symantecs enterprise business for $10.7 billion. Amazons Ring and the police. A CISA update on VxWorks vulnerabilities. And human second-guessing of AI presents some surprising privacy issues. Justin Harvey from Accenture with his insights from the Black Hat show floor. Guest is Tim Tully from Splunk on the AI race between the US and China. Learn more about your ad choices. Visit...
Hacking in the Gulf region. Vulnerability research into airliner avionics. Phishing and ransomware move to the cloud. EU data responsibilities. US bans five Chinese companies.
Tensions in the Gulf are accompanied by an increase in cyber optempo. A warning about vulnerable airliner avionics. Phishing is moving to the cloud, and so is ransomware. Androids August patches address important Wi-Fi issues. An EU court decision clarifies data responsibilities. The US bans contractors from dealing with five Chinese companies. Bogus Equifax settlement sites are established for fraud. Our guests are both offering insights and observations from this years Black Hat conference. Matt Aldridge is from Webroot and Bob Huber is CSO at Tenable.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Another speculative execution flaw. LokiBot evolves. APT41 moonlights. Scammers exploit tragedies. Black Hat notes.
A new speculative execution processor flaw is addressed with software mitigations. LokiBot gets more persistent, and it adopts steganography for better obfuscation. The cyber-spies of APT41 seem to be doing some moonlighting. An accused criminal who bribed telco workers to unlock phones is in custody. Scammers are exploiting the tragedies in El Paso and Dayton. And a call at Black Hat for the security sector to bring in some safety engineers. Ben Yelin from UMD CHHS on Virginia updating legislation to address Deep Fakes. Guest is James Plouffe from MobileIron on the challenges of authentication and the legacy of passwords....
Fancy Bear is snuffling around corporate IoT devices. Machete takes its cuts at Venezuelan military targets. What Mr. Kim is buying. MegaCortex goes for automation. Vigilantes, misconfigurations, etc.
Fancy Bear is back, and maybe in your office printer. El Machete, a cyber espionage group active at least since 2014, is currently working against the Venezuelan military. A UN report allegedly offers a look at what Mr. Kim is doing with the money his hackers raked in. MegaCortex ransomware shows growing automation. Another unsecured AWS S3 bucket is found. A bank stores some PINs in a log file. Vigilante smishing. And when popping off becomes arguably criminal. Craig Williams from Cisco Talos with updates on Sea Turtle. Guest is Chris Roberts from Attivo Networks with a preview of his...
Ransomware attacks in Mexico and Germany. Wipers in criminal service. Supervising Siri and Alexa. Mass shooters find inspiration and online expression.
A Mexican publisher is hit with an extortion demand. Ransomware increasingly carries a destructive, wiper component: Germany is dealing with a virulent strain right now. Apple and Amazon, after the bad optics of reports that theyre farming out Siri and Alexa recordings to human contractors for quality control, are both modifying their approaches to training the assistants. And investigators sort through mass shooters digital trails. Joe Carrigan from JHU ISI on the VXWorks operating system vulnerabilities. Guest is Eli Sugarman from the Hewlett Foundation on their efforts to reimagine cybersecurity visuals.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Researchers at Reversing Labs have been tracking malware hidden in software package manager repositories, and it's use as a supply chain attack vector. Robert Perica is a principal engineer at Reversing Labs, and he joins us to share their findings.
The research can be found here:
https://blog.reversinglabs.com/blog/suppy-chain-malware-detecting-malware-in-package-manager-repositories
Learn more about your ad choices. Visit megaphone.fm/adchoices
Spearphishing utility companies. Bellingcat as gadfly, and target. Facebook takes down more coordinated inauthenticity. Card skimming. Tech regulation. Random acts of cruelty.
LookBack malware used in spearphishing campaigns against US utilities. Phishing Bellingcat. Facebook takes down two campaigns of coordinated inauthenticity that had been active in the Middle East and North Africa. The growing problem of online card skimming. The FTCs investigation of Facebook centers on acquisitions. The Fed visits Amazon. And followers of a YouTube streamer treat the homeless as punchlines in a big practical joke. Prof. Awais Rashid from University of Bristol on the ability to smell security issues in software. Guest is Matt Howard from Sonotype on their State of the Software Supply Chain report. Learn more about your...
Capital One investigation update. Dont give up on the cloud. Exposed databases and backdoors. Cybercrime as high-stakes poker. Phishing the financials. Bots on holiday.
Investigators pursue the possibility that the alleged Capital One hacker might have hit other companies data. An exposed ElastiSearch database, now secured, was found at Honda Motors. Data from beauty retailer Sephora are found on the dark web. Defenders are urged to think of themselves as in a poker game with the opposition. Phishing remains the biggest threat to financial services. And what vacation spots attract the eyes of bots? Emily Wilson from Terbium Labs with more details from their recent fraud and international crime report. Guest is Giovanni Vigna from Lastline with thoughts on the upcoming Black Hat conference....
Capital One breach update. CISA warns of avionics CAN bus vulnerabilities. More attacks on local Louisiana governments. Change at the SEC. Cyber summer school for NATO, EU diplomats.
Capital One takes a market hit from its data loss. Observers see the incident as a reminder that cloud users need to pay attention to their configurations. CISA warns of vulnerabilities in small, general aviation aircraft. Another parish in Louisiana is hit with a cyberattack. The SECs top cyber enforcer is moving on from the Commission. And diplomats go to cyber summer school in Estonia. Its not a coding bootcamp, but it should give them the lay of the cyber land. Jonathan Katz from UMD on speculation of what a quantum internet might involve. Guest is Jessica Gulick from Katzcy...
Capital One sustains a major data breach. Phishing in LinkedIn. VxWorks patches and mitigations. Brute-forcing NAS credentials. LAPD doxed?
Capital One sustains a major data breach affecting 106 million customers, and a suspect is in custody, thanks largely to her incautious online boasting. Iranian social engineers are phishing in LinkedIn, baiting the hook with a bogus job offer. WindRiver fixes VxWorks bugs. Network Attached Storage is being brute-forced. A hacker claims to have doxed members of the Los Angeles Police Department. Ben Yelin from UMD CHHS on cities piloting aerial surveillance programs. Tamika Smith interviews Noam Cohen from the New Yorker on Californias new law regulating bots. For links to all of today's stories check our our CyberWire daily...
Bears sniff at Bellingcat. Magecart in spoofed domains. MyDoom is still active. Shipboard malware was Emotet. Hutchins sentenced. Digital assistants have big ears. Taxes owed on alt-coin gains.
Bellingcat gets a look-in from the Bears. Magecart card-skimming code found in bogus domains. The MyDoom worm remains active in the wild, fifteen years after it first surfaced. Election security threats. The US Coast Guard says the malware that hit a container ship off New York earlier this year was Emotet. Marcus Hutchins gets time served. Fresh concerns about digital assistants and privacy. And yes, you do owe taxes on those alt-coins. Joe Carrigan from JHU ISI on the availability of the BlueKeep vulnerability. Guest is Tom Hegel from AT&T Cybersecurity with thoughts on integrating threat intelligence. For links to...
Cult of the Dead Cow author Joseph Menn extended interview. [Special Editions]
Our guest today is Joseph Menn. Hes a longtime investigative reporter on technology issues, currently working for Reuters in San Francisco. Hes the author of several books, the latest of which is titled Cult of the Dead Cow - How the original hacking supergroup might just save the world.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Day to day app fraud in the Google Play store. [Research Saturday]
Researchers at bot mitigation firm White Ops have been tracking fraudulent apps in the Google Play store. These apps often imitate legitimate apps, even going so far as to lift code directly from them, but instead of providing true functionality they harvest user data and send it back to command and control servers.
Marcelle Lee is a principal threat intel researcher at White Ops, and she shares their findings.
The original research can be found here
https://www.whiteops.com/blog/another-day-another-fraudulent-app
Learn more about your ad choices. Visit megaphone.fm/adchoices
Winnti and other Chinese espionage activity. Volume I of the US Senate report on election meddling is out. Ransomware from Sabine, Louisiana, to Johannesburg, South Africa.
Winnti and other Chinese threats have been active against German and French targets. The US Senate Intelligence Committee has issued the first volume of its report on Russian operations against US elections--this one deals with infrastructure. Louisiana declares a state of cyber emergency over ransomware. Johannesburgs power utility is also hit with ransomware. And you could get up to $175 from the Equifax breach settlement. Daniel Prince from Lancaster University on experimental protocols for ICS security systems. Guest is Joseph Menn, author of The Cult of the Dead Cow. For links to all of today's stories check our our CyberWire...
News about Russian and Chinese government threat actors. Powerful crimeware active in Brazil. BlueKeep really needs to be patched. Messenger Kids issues. Dispatches from the cryptowars.
Did you know that Fancy Bear has taken to wearing a Monokle? A new Chinese cyber espionage campaign is identified. Intrusion Truth tracks APT17 to Jinan, and Chinas Ministry of State Security. Guildma malware is active in Brazil, and may be spreading. BlueKeep is out in the wild, and now available to pentesters. Facebooks Messenger Kids app has been behaving badly. And an update on the cryptowars, with some dispatches from the American front. Michael Sechrist from Booz Allen Hamilton on municipalities paying ransomware. Guest is Eric Murphy from SpyCloud on threat intelligence at scale. For links to all of...
Lancaster University breached. Kazakhstan is testing out HTTPS interception. The UK postpones its decision on Huaweis 5G gear. The FTC is requiring Facebook to set up a privacy committee.
In todays podcast, we hear that Lancaster University has suffered a data breach. A reportedly critical vulnerability in VLC Media Player may have already been fixed last year. Kazakhstan is testing out HTTPS interception. The UK postpones its decision on Huaweis 5G gear. The FTC is requiring Facebook to set up a privacy committee. Attorney General Barr wants a way for law enforcement to access encrypted data. And the National Security Agency is launching a Cybersecurity Directorate. David Dufour from Webroot on security awareness training. Guest is Emily Wilson from Terbium Labs about the Federal Trade Commissions investigation into complaints...
Venezuela blames power failure on exotic sabotage, again. Huawei may have built North Koreas 3G wireless networks. Were record privacy fines high enough? Logic bombing the customer.
Venezuelas government says the countrys massive blackout is the work of sabotage by foreign actors (read, the Yanquis) who took down the grid with an electromagnetic attack. Documents leaked from Huawei indicate that the electronics giant did essential work for North Koreas infrastructure. Both Facebook and Equifax say major fines over privacy issues, but theres growing sentiment that the fines were on the low side. And, coders, make loyalty programs, not logic bombs. Malek Ben Salem from Accenture Labs on defending against disinformation. Guest is Robb Reck from Ping Identity on insider threat programs. For links to all of today's...
FSB contractor hacked. Pegasus now able to rummage clouds? Iranian cyber ops spike. Fraudulent student profiles. Judgement in Equifax FTC case. NSA hoarder gets nine years.
A contractor for Russias FSB security agency was apparently breached. NSO Group says its Pegasus software can now obtain access to private messages held in major cloud services. Iranian cyber operations are said to be spiking, and Tehran is paying particular attention to LinkedIn. Colleges and universities are experiencing ERP issues, and a minor wave of bogus student applications. Equifax receives its judgment. And theres a sentence in the case of the NSA hoarder. Joe Carrigan from JHU ISI on Android apps circumventing privacy permission settings. Guest is David Brumley from ForAllSecure on autonomous security and DevSecOps. For links to...
The Fifth Domain coauthor Richard A. Clarke. [Special Editions]
Our guest today is Richard A. Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States. Under President George W. Bush he was appointed Special Advisor to the President on cybersecurity. Hes currently Chairman of Good Harbor Consulting. Hes the author or coauthor of several books, the latest of which is titled The Fifth Domain - Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats. This is an extended version of an interview originally aired on the July 19, 2019 edition of the CyberWire daily podcast. Learn more about your ad choices....
Nansh0u not your normal cryptominer. [Research Saturday]
Researchers at Guardicore Labs have been tracking an unusual cryptominer that seems to be based in China and is targetingWindows MS-SQL and phpMyAdmin servers. Some elements of the exploit make use of sophisticated components previously associated with nation-state actors.
Ophir Harpaz and Daniel Goldberg are members of the Guardicore Labs team, and they join us to explain their findings.
The research can be found here -
https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Following K3chang. Bulgarias tax agency breach. An alternative currency gets some incipient regulatory scrutiny. Why towns are hit with ransomware. A hair-care hack.
K3chang is out, about, and more evasive than ever. Data breached at Bulgarias National Revenue Agency has turned up online in at least one hacker forum. Facebooks planned Libra cryptocurrency received close scrutiny and a tepid reception on Capitol Hill this week. Emsisoft offers some common-sense reflections on why local governments are attractive ransomware targets. Please patch BlueKeep. And a hair care product is vulnerable to hacking. Johannes Ullrich from the SANS Technology Institute with tips on ensuring your vulnerability scans are secure. Guest is Richard Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States,...
TrickBots new tricks. Poisoning the ad supply chain. Clouds get schooled. Novel phishing tackle, but stale bait. Cyberwar powers. Election interference. FaceApp fears. Bad macro suspect arrested.
TrickBot gets some new tricks, and theyre being called Trickbooster. Poisoning the advertising supply chain. Hessian schools will shy away from American cloud services. A novel phishing campaign is technically savvy but gives itself away with broken English phishbait. Congress would like to see Presidential cyberwar instructions. Microsoft warns of foreign attacks on elections. FaceApp looks suspicious. And a suspect is collared in a malicious macro case. Jonathan Katz from UMD on random number issues in YubiKeys. Carole Theriault speaks with Michael Madon from MimeCast on email imposter scams. For links to all of today's stories check our our CyberWire...
Telco data breach. Firmware supply chain problems. Hacking BLE. Census security. Continuity of operations. Decryptor for GandCrab, NSPM 13. Bulgarias tax hack.
Sprint warns of data breach. Eclypsium announces discovery of server firmware supply chain problems. Bluetooth Low Energy may be less secure than thought. Congress hears about US census cybersecurity. Ransomware and continuity of operations. The FBI offers help decrypting GandCrab-affected files. Venafi on why financial services are especially affected by certificate issues. Congress asks to see NSPM 13. And an arrest is made in Bulgarias tax agency hack. Ben Yelin from UMD CHHS on the DOJ being required to make public attempts to break encryption in Facebook Messenger. Tamika Smith speaks with Alex Guirakhoo from Digital Shadows about scammers registering...
GandCrab hoods may be back with new ransomware. Video-on issues. Broadcom-Symantec talks are off, for now. Treason or just business? Robo-calls. A decryptor for Ims0rry ransomware.
The retirement of GandCrabs hoods may have been exaggerated. Video conferencing tools RingCentral and Zhumu may have picked up Zooms issues in the tech they licensed. Broadcoms projected acquisition of Symantec is on hold, at least for now. One Silicon Valley executive calls another company treasonous. The US FCC wants to reign in robo-calls. And theres a free decryptor out for Ims0rry ransomware. Emily Wilson from Terbium Labs on recent Terbium research on transnational crime. Guest is Wim Coekaerts from Oracle on security in the age of AI. For links to all of today's stories check our our CyberWire daily...
Voting machine woes. Router exploits trouble Brazil, Bitpoint alt-coin exchange investigates theft. Facebook fined $5 billion. Power failures probably unrelated to cyberattacks. Amazon Prime phishing.
Upgraded voting machines may not be as secure, or as upgraded, as election officials seem to think. Criminals continue to exploit routers in Brazil. A Japanese cryptocurrency exchange shuts down while it investigates a multimillion dollar theft. The Federal Trade Commission fines Facebook $5 billion over privacy issues. Weekend power outages seem not to have been the result of cyberattacks. Another city sustains a ransomware attack. Shop carefully on Amazon Prime Day. Joe Carrigan from JHU ISI on Apple pushing an update to mitigate Zoom conferencing app vulnerabilities. Guest is Patrick Cox from TrustID on government agencies using inadequate ID...
Opportunistic botnets round up vulnerable routers. [Research Saturday]
Researchers at Netscout's ASERT Team have been tracking the growth of botnets originating in Egypt and targeting routers in South Africa. The payload is a variant of the Hakai DDoS bot.
Richard Hummel is threat intelligence manager at Netscout, and he joins us to share their findings.
The original research is here:
https://www.netscout.com/blog/asert/realtek-sdk-exploits-rise-egypt
Learn more about your ad choices. Visit megaphone.fm/adchoices
Buhtrap gets into the spying game. US cyber operations against Iran considered: there are both strategic and Constitutional issues. Election security. Water bills. And again with the WannaCry.
Buhtrap moves from financial crime to cyber espionage. There may have been as many as three distinct US cyber operations against Iran late last month. The US legislative and executive branches continue to try to sort out Constitutional issues surrounding cyber conflict. The US Intelligence Community tell Congress that there are active threats to upcoming elections. One citys cyber woes will be expressed in water bills. And WannaCry may ride again, if you dont patch. Mike Benjamin from CenturyLink on DNS scanning theyre tracking. Guest is Martha Saunders, President of the University of West Florida, on how her institution is...
Magecart is getting interested in exposed databases. Agent Smith may be in your Android app store. Tracking FinSpy. A contractor gets spearphished.
GDPR fines and their implications. A reminder about Magecart, and some notes on its recent interest in scanning for unprotected AWS S-3 buckets. Agent Smith (of Guangzhou, not the Matrix) is infesting Android stores with evil twins of legitimate apps. FinSpy is out and about in the wild again. Daniel Drunz is the catphish face of a gang that stung a US Government contractor for millions in goods. Justin Harvey from Accenture on the recent GDPR fines. Carole Theriault speaks with Michael Covington from Wandera on the risks facing financial services firms.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Zoom addresses concerns about call joining and cameras. ICS vulnerabilities addressed. Patch Tuesday notes. Tracing a disinformation campaign.
Zoom agrees to change what it still sort of regards as a feature and not a bug. Industrial control system vulnerabilities are reported and patched. Microsoft issues seventy-seven fixes on Patch Tuesday. Adobe has a relatively light month for patches. Marriott is hit with a large fine from the UKs Information Commissioners Office. An investigative report traces disinformation about a 2016 Washington murder to Russias SVR foreign intelligence service. Craig Williams from Cisco Talos with info on the Spelevo exploit kit. Tamika Smith speaks with Myke Lyons, CISO for Collibra, on new industry regulations based on GDPR. For links to...
Security issues with Zoom for Macs. Astaroth fileless malware reported in Brazil. GoBotKR distributed by torrent. ICO hits British Airways with a record fine. State attacks and state defenses.
Zoom user security appears to have been sacrificed on the altar of user experience. The fileless Astaroth Trojan is again in circulation, mostly, for now, in Brazil. Torrents are distributing the GoBot2 backdoor. The UKs Information Commissioners Office clobbers British Airways with a record fine under GDPR, probably to encourage all the rest of us. Croatian government offices are spearphished. Iran says its now got an attack-proof comms system. And NSAs IG reports. Joe Carrigan from JHU ISI on security issues with D-Link routers. Guest is Martin Mckeay from Akamai on their most recent State of the Internet report. For...
Another ransomware victim pays extortionists. Business email compromise. Government impostor scams. ShadowBrokers still airborne. Exploit supply chain. Silence suspected in bank heists.
Another ransomware victim pays up. Privilege escalation comes to ransomware. Vendor impersonation scams hit cities, and government impersonation scams hit citizens: be wary of both. Former NSA contractor Hal Martin will be sentenced later this month, with suspected connections with the ShadowBrokers still unresolved. An exploit supply chain is described. The Silence gang is suspected in Bangladeshi bank heists. And a bad message can brick a phone. Ben Yelin from UMD CHHS on privacy concerns with a shared bar patron database. Guest is Derek E. Weeks from Sonotype on supply chain security. For links to all of today's stories check...
Warnings of Outlook exploitation, with a possible Iranian connection. GPS jamming in the Eastern Med. Satellite vulnerabilities. 505 errors. TA505s new tactics. Content moderation updates.
US Cyber Command warns that an Outlook vulnerability is being actively exploited in the wild. Other sources see a connection with Iran. GPS signals are being jammed near Tel Aviv, and Russian electronic activity in Syria is suspected as the cause. A look at the consequences of satellite cyber vulnerabilities. The TA505 gang changes some of its tactics. Yesterdays brief Internet outages are traced to a Cloudflare glitch. Facebook and YouTube continue to grapple with content moderation. Mike Benjamin from CenturyLink on Emotets C2 behavior. Guest is Avital Grushcovski from Source Defense on the risk posed by third party web...
US-Iranian tension expressed in cyberspace. OceanLotus and Ratsnif. Ransomware in Georgia, again. Going low-tech to protect the grid. Magecart update. Cryptowars and agency equities.
Tensions between the US and Iran are likely to find further expression in cyberspace. OceanLotuss Ratsnif kit isnt up to the threat actors normally high standards of coding, but its plenty good enough. Cyberattacks in the states of Florida and Georgia. Utilities are urged to go lower tech where possible. Magecart skimmer Inter is being hawked on the dark web. And no, they havent videoed you using EternalBlue: just dump that email. Johannes Ullrich from the SANS Technology Institute and the ISC Stormcast podcast on Weblogic exploits. Guest is Nick Jovanovic from Thales on cloud security in the federal space....
Huawei spits the hook? CISA warns about the risk of Iranian cyberattack. Power grid security. Cryptocurrency and fraud. Content moderation. Senators like Hack the Pentagon.
Huawei gets to buy some products from US companies, again. CISA reiterates warnings about the risk of cyberattack from Iran. Considerations about power grid security. Cryptocurrencies draw criminals, and some of the scammers are looking ahead. Australia and New Zealand will conduct a simulation to study ways of removing abhorrent content from the Web. The Senate likes Hack the Pentagon. And tech enthusiasm or voyeurism? You decide. Justin Harvey from Accenture on ways attackers are bypassing 2-factor authentication on mobile devices. Guest is Gretel Egan from Proofpoint on the shift toward human-centric security. For links to all of today's stories...
Giving everyone a stake in the success of Open Source implementation. [Research Saturday]
Synopsys recently published the 2019 edition of their Open Source Security and Risk Analysis (OSSRA) Report, providingan in-depth look at the state of open source security, compliance, and code quality risk in commercial software.
Tim Mackey is principal security strategist within the Synopsys Cyber Research Center, and he joins us to share their findings.
The research can be found here:
https://www.synopsys.com/software-integrity/resources/analyst-reports/2019-open-source-security-risk-analysis.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Regin in Yandex? Golang is out and busy. So is the ShadowGate crew. The ICO wants an explanation from the Metropolitan Police. Trackers in news sites. Phishing those who seek Verification.
Yandex says it was hacked with Regin spyware. The Golang cryptominer is spreading, again. And the ShadowGate ransomware crew is newly active with a dangerous drive-by. Three data exposures are reported. Londons Metropolitan Police are in trouble with the Information Commissioners Office. A look as tracker behavior. The Verified Badge as a phishing lure. And congratulations to a Loeb Award winner. Micahel Sechrist from BAH on Deep Fakes and data integrity. Deloittes new head of cyber Deborah Golden shares her leadership philosophy. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_28.html Support our show...
Washington and Tehran confront one another in cyberspace. Dominion National investigates data incident. Facebook on info ops (and identity). Labor market notes. Skids on skids.
The US cyberattack against Iranian targets remains only indistinctly visible in the information fog of cyberwar. Irans APT33 seems to have altered its tactics after its operations against Saudi targets were described by Symantec at the end of March. An insurer and provider of vision and dental benefits investigates a data incident. Skids-on-skids, kids. Facebook talks information operations, and teases plans concerning identity. Notes on the labor market. Johannes Ullrich from the SANS Technology Institute and the ISC Stormcast podcast on malware C&C channels making use of TLS. Tamika Smith speaks with Harrison Van Riper from Digital Shadows about their...
Militia said to be target of US cyberattack. Myanmar shuts down networks. Spam campaign. Supply chain issues for Huawei gear. Election security. Recovering from ransomware by paying up?
Sources name a Shiite militia aligned with Iran as one target of last weeks US cyberattacks. Myanmar shuts down mobile networks in its Rakhine province, where the Buddhist insurgents of the Arakan Army have been using Facebook for coordination and inspiration. A major spam campaign is distributing LokiBot and NanoCore. Finite State finds bugs in Huawei gear. Election security notes. And paying the ransom to ransomware extortionists. David Dufour from Webroot on the different trends they are tracking in Europe vs. the US. Guest is David Politis from BetterCloud with a warning about information sprawl. For links to all of...
Operation Soft Cell targets mobile networks. DC and Tehran trade barbs. Critical infrastructure concerns. Marylands Cyber Defense Initiative.
Operation Soft Cell was low, slow, patient, and focused, and apparently run from China. Washington and Tehran are woofing at each other, with more exchanges in cyberspace expected. Cyber due diligence is taken increasingly seriously during mergers and acquisitions. Short-sighted design choices affect app security. The US security clearance process gets an overhaul. Shimmers replace skimmers. And yesterdays US Internet outage explained. Sergio Caltagirone from Dragos on the growing tensions between the US, Russia and Iran and how providers of critical infrastructure can prepare. Tamika Smith interviews Danielle Gaines, a reporter for Maryland Matters, on MD Gov. Hogans response to...
Notes on a reported US cyberattack against Iran. A look at Secondary Infektion. And some cases of cyber stalking.
The US is said to have conducted cyberattacks against Iranian targets related to recent Iranian moves in the Gulf. They cyber operations are also said to have been a covert alternative to conventional military strikes. The Atlantic Council describes Secondary Infektion, a Russian disinformation campaign that begins obscurely, then depends upon amplification. And a case of cyber stalking in Minnesota goes to court. Joe Carrigan from JHU ISI on the escalating calls to patch the BlueKeep vulnerability. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_24.html Support our show Learn more about your ad...
Middleboxes may be meddling with TLS connections. [Research Saturday]
Researchers at Cloudflare have been examining HTTPS interception, a technique that weakens security, and have developed tools to help detect it.
Nick Sullivan is head of cryptography at Cloudflare, and he joins to us share their findings.
The research can be found here:
https://blog.cloudflare.com/monsters-in-the-middleboxes/
Learn more about your ad choices. Visit megaphone.fm/adchoices
US-Iranian tensions find expression in cyberspace as Refined Kitten returns. Facebook tries friction against abuse. Cryptominers in the wild. Lead generation for cyber criminals.
Tensions between the US and Iran over tanker attacks, nuclear ambitions, and the downing of a Global Hawk drone seem to be finding expression in cyberspace: Refined Kitten sees to be pawing for some American phish. Facebook tries friction as an alternative to content moderation in damping its abuse in fomenting South Asian violence. Cryptomining campaigns are showing some renewed vigor. And a look at lead generation for Nigerian prince scams. Mike Benjamin from CenturyLink on RDP scanning and the GoldBrute campaign. Guest is Michael Coates, former CISO for Twitter and former head of security for Mozilla, from Altitude Networks...
Turla hijacks OilRig infrastructure. Bouncing Golf is no game. CISA panel recommends supply chain security reforms. AMCA driven toward bankruptcy by data breach. Florida town pays ransom.
Call it Waterbug or call it Turla, the Russian cyber operation has been hijacking Irans OilRIg cyber espionage infrastructure. Other cyber campaigns also afflict Middle Eastern targets. A US panel convened by CISA has some recommendations for supply chain security. An ad agency inadvertently exposes sensitive personal data. A bankruptcy filing in the AMCA breach. And Riviera Beach, Florida, decides to pay $600,000 in ransom to decrypt its files. Johannes Ullrich from SANS and the ISC Stormcast podcast on DNS security issues. Carole Theriault returns with an interview with ethical hacker Zoe Rose, who shares her advice for woman working...
BlueKeep, again. Facebooks cryptocurrency play. Updates on alleged or suspected electrical grid hacks. Catphishing and spying. Compromised social media accounts.
More advice to patch BlueKeep, already. Facebook announces its planned launch of a cryptocurrency, Libra, to the accompaniment of considerable acclaim and at least as much skepticism. Updates on alleged power grid cyber operations. Catphishing and the adaptation of traditional espionage craft in the digital age. And cheap sunglasses turn up as phishbait in compromised social media accounts. Justin Harvey from Accenture with thoughts on tabletop exercises. Guest is Tom Hickman from Edgewise Networks on access control and zero trust. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_19.html Support our show Learn more...
Power grids, accidents, the challenge of forensics, and the nature of deterrence. BlueKeep considerations. Third- and fourth-party risks.
Investigation into Argentinas power failure continues, with preliminary indications suggesting operational and design errors were responsible for the outage. Russia reacts to reports that the US staged malware in its power grid. Iran says it stopped US cyberespionage. ISIS worries about its vulnerability to BlueKeep. A breach at EatStreet illustrates some of the features of third-party risk. Ben Yelin from UMD CHHS on a Virginia license plate reader ban. Guest is Jack Danahy from Alert Logic on the troubling issue of adversary dwell time and the IT vigilance gap. For links to all of today's stories check our our CyberWire...
Cyber deterrence? What grid failure looks like (and it neednt come from a cyberattack). EU complains of Russian info ops. Twitter takes down inauthentic accounts.
The New York Times reports that the US has staged malware in Russias power grid, presumably as deterrence against Russian cyberattacks against the US. South America has largely recovered from a large-scale power outage that seems, so far, to have been accidental. An EU report claims that Russian information operations against the EU are increasing. Twitter takes down more inauthentic sites. The Target outage over the weekend seems to have been caused by glitches, not hacking. Joe Carrigan from JHU ISI on the GDPR fine of a Spanish soccer league for a spying app. Tamika Smith speaks with Britt Paris...
Apps on third-party Android store carry unwelcome code. [Research Saturday]
Researchers at Zscaler have been tracking look-alike apps in third-party Android app stores that carry malicious code. Deepen Desai is VP of security research and operations and Zscaler, and he joins us to share their findings.
The original research can be found here:
https://www.zscaler.com/blogs/research/third-party-android-store-sms-trojan
Learn more about your ad choices. Visit megaphone.fm/adchoices
Xenotime is now interested in the power grid. Vulnerable Exim servers under attack. Mr. Assange goes to court. Credential-stuffing attacks on gamers. And that Ms Katie Jones? Not a real person.
Xenotime is detected snooping around the North American power grid. Hacking groups exploit the Return of the Wizard vulnerability in Exim servers. Hearings on the extradition of WikiLeaks Julian Assange have begun. Online gamers are being chased with credential stuffing attacks: theyre after your skins, your accounts, your credit cards. And some LinkedIn catphish seem to be going to AI charm school. Justin Harvey from Accenture with advice for job-hunting grads. Guest is Dr. Matthew Dunlop, Vice President and Chief Information Security Officer for Under Armour, on the challenges of protecting one of the worlds most well-known brands. For links...
Telegram recovers from DDoS. Fishwrap campaign breaks old news. Ransomware hits ACSO plants. Congress considers hacking back, again. That ol devil limbic system.
Telegram recovers from a distributed denial-of-service attack. No attribution yet, but all the circumstantial evidence points to the Chinese security services. Operation Fishwrap, conducted by parties unknown, is an influence campaign that substitutes olds for news. Aircraft component manufacturer ASCOs production is hit by ransomware. Hacking back is back, in Congress. Why dont people patch? And a tip on fact-checking. Ben Yelin from UMD CHHS on NYPD cellphone surveillance. Guest is Dave Aitel from Cyxtera on offense oriented security and the INFILTRATE conference. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_13.html Support our...
Shifting techniques in cybercrime. Miscreants take note: the aperture will henceforth be wider for US Cyber Command and offensive ops. What Radiohead did.
TA505 and Fin8 are both up to their old ways, with some new tricks in their criminal bag. A reminder about social engineering and Google Calendar. A new assertiveness is promised in US cyber operations, as the Administration widens the aperture. Updates on the security concerns that surround Huawei and ZTE. And Radiohead takes a different approach to online extortion--just render what theyre holding for ransom valueless. Craig Williams from Cisco Talos on the Jasper Loader. Guest is Lisa Sotto from Hunton Andrews Kurth LLP on the reportSeeking Solutions: Aligning Data breach Notification rules across borders. For links to all...
Russias sovereign Internet. Huawei updates. CBP discloses exposure of images collected at a border crossing. Gmail features used for social engineering. M&A notes. Top bugs found by bounty hunters.
Russia says shrapnel from Americas war on that nice company Huawei is destroying the world. Russia also tells Tinder to fork over user pictures and messages. A Recorded Future study outlines the case for regarding Huawei as a security risk. US Customs and Border Protection discloses a breach of images collected at a border-crossing point. Crooks are taking advantage of Gmail features. Notes on recent mergers. And the top ten bugs bug hunters are finding. Johannes Ullrich from SANS and the ISC Stormcast podcast on the GoldBrute botnet. Guest is Tim Woods from FireMon reflecting on the past year under...
An espionage campaign succeeds without zero-days. Spam serves up old Office exploit. Disinformation makes it into YouTube. The Huawei Affair. Raytheon to be acquired.
MuddyWater shows renewed activity--no zero-days and no exotic malware, just clever approaches and determined social engineering. Spam is serving up payloads that exploit an old Microsoft Office vulnerability. Russian-sponsored disinformation has been romping freely through YouTube. Some back-and-forth over Huawei: Washington isnt relenting, but some relief for US companies may be forthcoming. And Beijing rumbles about retaliation. United Technologies has agreed to acquire Raytheon. Joe Carrigan from JHU ISI on Apples newly announced secure sign-in service and its focus on privacy. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_10.html Support our show Learn...
Xwo scans for default credentials and exposed web services. [Research Saturday]
Researchers at AT&T Alien Labs have been tracking a new malware family they've named "Xwo" that's scanning systems for default credentials and vulnerable web services.
Tom Hegel is security researcher with AT&T Alien Labs, and he share their findings.
The original research is here:
https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner
Learn more about your ad choices. Visit megaphone.fm/adchoices
Recruiting spies at university? GoldBrute botnet and RDP vulnerabilities. MuddyWater update. RIG delivers Buran. Achilles claims to sell access. NRCs IG reports on cyber. Antitrust for Big Tech.
The Australian National University hack and data loss look to many observers like the work of Chinese intelligence services. The GoldBrute botnet is scanning vulnerable RDP servers. MuddyWater is back, undeterred by leaks and learning from the best. The RIG exploit kit is delivering Buran ransomware. Achilles says hes got the goods. The Nuclear Regulatory Commission IG looks at cyber inspections. And Big Tech prepares for big antitrust. Robert M. Lee from Dragos on natural gas infrastructure security. Guest is Frank Downs from ISACA on the challenges educators face preparing the cyber security workforce. Learn more about your ad choices....
BlueKeep proofs-of-concept. BeiTaAd plug-in is a serious Android pest. Cyber espionage against the EUs Moscow embassy. Influence operations. A motive for GPS spoofing?
BlueKeep proof-of-concept exploits have been developed, and people are urged to patch. An annoying, disruptive advertising plug-in comes bundled with a couple of hundred Android apps in the Play Store. The EUs Moscow embassy seems to have been the focus of Russian cyber espionage since 2017. Influence operations feature a small core of sites surrounded by many amplifying accounts. A possible motive for GPS spoofing. Johannes Ullrich from SANS and the ISC Stormcast podcast on Google throwing their weight behind MTA-STS, a protocol to make e-mail more secure. Guest is Josh Stella from Fugue on security and compliance in cloud...
AMCA breach extends to LabCorp. Still no EternalBlue in Baltimore ransomware attack. Frankenstein malware. Real hacking isnt like the movies. Huaweis no-spy deal. US Data Strategy. Patch BlueKeep.
Another medical testing firm is hit by the third-party breach at AMCA. More officials say theres no EternalBlue involved in Baltimores ransomware attack. (And that attack may have involved some doxing, too--investigation is underway.) Real hacking isnt like the movies. Its alive: Frankenstein malware, that is. Huawei offers a no-spy agreement. The draft US Data Strategy is out. Really, you should patch for BlueKeep. A universitys donor list exposed online. Ben Yelin from UMD CHHS on secret tracking pixels in emails to the Navy Times in a controversial legal case. Tamika Smith speaks with Ariana Mirian from UC San Diego...
Iranian brute-forcing tool leaked. Third-party data breach touches medical testing company. Ransomware news and updates. An antitrust look at Silicon Valley?
Jason, an Iranian brute-forcing tool, has been leaked. A third-party breach affects customer and patient data held by Quest Diagnostics. Eurofins Scientific is recovering from a ransomware attack. A look at Baltimore Citys ransomware infestation shows no signs of EternalBlue, security firm Armor says. Instead, it looks like vanilla ransomware. And the prospect of antitrust investigations drives down Big Tech stock prices, tipping the Nasdaq into a correction. Emily Wilson from Terbium Labs on dark web fraud guide pricing. Guest is Jordan Blake from BehavioSec on digital transformations. For links to all of today's stories check our our CyberWire daily...
Recovery from network congestion. GandCrab to close. BlackSquid drops XMRig. BlueKeep patching lags. Crypto for criminals trial. Antitrust investigation of Google. Persistence of Chaos sold.
Googles cloud services recover from network congestion. GandCrabs proprietors say theyre retiring rich at the end of the month. BlackSquid delivers the XMRig Monero miner. Updates on the Baltimore ransomware incident. Too many machines not yet patched against BlueKeep. CEO sentenced for providing criminals crypto. The US Justice Department is said to be preparing an antitrust investigation of Google. And The Persistence of Chaos has been sold for $1.3 million. Joe Carrigan from JHU ISI on Google restricting ad-blocking in upcoming versions of Chrome. Tamika Smith speaks with Washington Post writer Geoffrey Fowler on his recent article Its the middle...
Adrian Bednarek is a senior research analyst at Independent Security Evaluators. He and his colleagues looked at weak private cryptocurrency keys on the Ethereum blockchain in an attempt to discover how and why they are being generated as well as how bad actors are taking advantage of them.
The original research is here:
https://www.securityevaluators.com/casestudies/ethercombing/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Malicious misdirection. Found on the subway. A summary of file exposure. Turlas back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.
Malicious misdirection served up from unpatched WordPress sites. A big, big set of dating site records has been found exposed online--its in China, but the records seem to belong to anglophones. Many other files are exposed elsewhere, too, so its not a single problem. Turlas back, and still after diplomats. The International Red Cross proposes rules for cyber conflict. And Baltimore City calculates the cost of not patching. Its a lot higher than the cost of patching. Craig Williams from Cisco Talos with his take on a critical Microsoft vulnerability, CVE-2019-0708. Guest is Matt Aldridge from Webroot on the San...
Malicious misdirection. Found on the subway. A summary of file exposure. Turlas back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.
Malicious misdirection served up from unpatched WordPress sites. A big, big set of dating site records has been found exposed online--its in China, but the records seem to belong to anglophones. Many other files are exposed elsewhere, too, so its not a single problem. Turlas back, and still after diplomats. The International Red Cross proposes rules for cyber conflict. And Baltimore City calculates the cost of not patching. Its a lot higher than the cost of patching. Craig Williams from Cisco Talos with his take on a critical Microsoft vulnerability, CVE-2019-0708. Guest is Matt Aldridge from Webroot on the San...
Special Counsel Mueller speaks about his investigation of Russian influence in the 2016 US presidential campaign. Iranian coordinated inauthenticity. BlueKeep, Pegasus updates.
Special Counsel Mueller makes his first public statement about the results of his investigation into influence operations surrounding the 2016 US Presidential campaign. He says his first statement will also be his last. FireEye identifies Iranian coordinated inauthenticity in US 2018 midterm elections, and Twitter and Facebook take down the offending accounts. Notes on the BlueKeep exploit. More Pegasus infestations. Reality Winner revisited. Updates on Baltimore ransomware. Ben Yelin from UMD CHHS reacts to allegations that NSA may have some culpability in the Baltimore ransomware incident. Guests are Julie Bernard from Deloitte and John Carlson from the FS-ISAC on the...
Sensitive mortgage documents left exposed online. Someones scanning for BlueKeep RDP issues. Huawei updates. The case of Baltimore Citys ransomware.
First American Financial suffers a data exposure, with hundreds of millions of mortgage-related documents left open to the Internet. Someone is scanning Tor for signs of BlueKeep RDP vulnerabilities. China complains about US complaints against Huawei as some major German firms rethink their dealings with Shenzhen. And no, NSA did not hold Baltimore for ransom, but Baltimore wants Washington to pick up its remediation and recovery tab. Malek Ben Salem from Accenture Labs on NIST transitioning some crypto algorithms. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_28.html Support our show Learn more about...
A fresh look at GOSSIPGIRL and the Supra Threat Actors. [Research Saturday]
Chronicle researchers Juan Andres Guerrero Saade and Silas Cutler recently published research tracking the development of the Stuxnet family of malware, which ultimately led them to the GOSSIPGIRL Supra Group of threat actors.
Juan Andres Guerrero Saade joins us to share their findings.
The research can be found here:
https://medium.com/chronicle-blog/who-is-gossipgirl-3b4170f846c0
Learn more about your ad choices. Visit megaphone.fm/adchoices
Stone Panda update. A new strain of Mirai. Bogus cryptocurrency apps are trending in Google Play. Mr. Assange is charged under the Espionage Act. Info ops. Law firms as phishbait.
Stone Panda is distributing the Quasar RAT. A new strain of Mirai is out. Bitcoin prices are up, and so is the incidence of malicious cryptocurrency apps in Google Play. The US charges Wikileaks Julain Assagne with seventeen new counts under the Espionage Act. UK political parties are said to have poor security. Huaweis charm offensive. Russia points with sad alarm to NATO cyber deterrence policy. Bogus law firm emails prove effective phishbait. Joe Carrigan from JHU ISI on recent research from Google on the effectiveness of basic security hygiene. Guest is Nate Lesser from Cypient Black on entangled enterprise...
NATO and UK to Russia: hands off elections and infrastructure. More trouble for Huawei, and maybe for others. Notes from the Cyber Investing Summit. Equifax downgraded over 2017 breach. Is it art?
The UK and NATO send Moscow a pointed message about the consequences of meddling with either infrastructure or elections. More companies, including ARM, decide they wont be working with Huawei. Other Chinese companies seem headed for US blacklisting. Moodys cuts Equifaxs rating over its 2017 breach. Notes from last weeks Cyber Investing Summit. And we may not know much about art, but we know what we like. Justin Harvey from Accenture on the ongoing threat of USB devices. Tamika Smith speaks with Sydney Freedberg Jr. from Breaking Defense about his article, Can NSA Stop China Copying Its Cyber Weapons? For...
Fancy Bear fingered, again. Warnings for travelers. Political parties get a cybersecurity grade. Updates on US restrictions on Chinese companies.
Fancy Bears latest campaign is using malware reported to Virus Total by US Cyber Command. IBMs X-Force looks at cybersecurity for travelers, and shares a bunch of horror stories. Security Scorecard looks at the online security of political parties in the US and Europe: some are better than others, but all could use some help. Updates on Huawei and other Chinese companies facing US sanctions. And if youre listening to this in the US, you may believe you know more than you in fact do. Johannes Ullrich from SANS and the ISC Stormcast podcast on website vulnerabilities due to third...
BlackWater snoops through the Middle East. TeamViewer hacked. Android app behaving badly. A misconfigured database with scraped Instagram data. Ransomware notes. Huawei updates.
BlackWater is snooping around the Middle East. Its evasive, and it looks a lot like the more familiar MuddyWater threat actor. TeamViewer turns out to have been hacked, and the perpetrators look like the proprietors of the Winnti backdoor. An Android app is behaving badly. Another unsecured database is found hanging out on the Internet. Theres a free decryptor out for a strain of ransomware, but also it wont help Baltimore. And the markets look at the Huawei ban. Craig Williams from Cisco Talos discussing honeypots on Elasticsearch. Guest is Dave Venable from Masergy on cyber vulnerabilities at the infrastructure...
Huawei agonistes. Hacktivism is way down. New EU sanctions regime. Facebook goes after more coordinated inauthenticity. Salesforce still fixing its fix. OGuser hacked.
Huawei is on the US Entity List, and US exporters have been quick to notice and cut the Shenzhen company off. Security concerns are now expected to shift to the undersea cable market. Hacktivism seems to have gone into eclipse. The EU enacts a sanctions regime to deter election hacking. Facebook shutters inauthentic accounts targeting African politics. Salesforce is restoring service after an unhappy upgrade. OGuser forum hacked. And dont worry about a hacker draft. Jonathan Katz from UMD on encryption for better security at border crossings. Tamika Smith reports on the Baltimore City government ransomware situation. For links to...
Elfin APT group targets Middle East energy sector. [Research Saturday]
Researchers at Symantec have been tracking an espionage group known as Elfin (aka APT 33) that has targeted dozens of organizations over the past three years, primarily focusing on Saudi Arabia and the United States.
Alan Neville is a principal threat intelligence analyst at Symantec, and he joins us to share their findings.
The research can be found here:
https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage
Learn more about your ad choices. Visit megaphone.fm/adchoices
Slack closes a vulnerability. Email tracking in a court martial. Restrictions on doing business with Huawei come into place. A case of responsible disclosure.
A Slack vulnerability is disclosed and fixed. And this is not as seen on TV: a real NCIS investigation is likely to occupy real JAGs for some time to come, with implications for military and civilian cyber law. The US is moving rapidly on Huawei and its associated companies: its now much harder for US companies to do business with them, and theres likely to be fallout in other countries as well. An exposed database affords an instructive case of responsible disclosure. Joe Carrigan from JHU ISI on USB device encryption and best practices. Guest is Mike Kijewski from MedCrypt...
US Executive Order aimed at China, and Huawei. Hunting backdoors in Dutch networks. Spyware proliferation. Cipher stunting. Titan key spoofing. Meaconing warning. Exposed PII in Russia.
President Trump declares a state of emergency over the threat from foreign adversaries and the companies they control. (And yes, Huawei, hes looking at you.) Dutch intelligence is said to be investigating the possibility of backdoors in telecommunications networks. Concerns about spyware proliferation rise. Cipher stunting is observed in the wild. Titan security keys are spoofable. Meaconing airliners. And misconfigurations expose PII in Russia. Emily Wilson from Terbium Labs on the surprisingly open nature of online sales of elicit goods and services. Guest is Kris Beevers from NS1 on DNS security and management technology. For links to all of today's...
Sharing espionage tools and infrastructure. Speculative execution flaws found in Intel chips. A big Patch Tuesday. CrowdStrikes IPO. WhatsApp exploitation. Cyber Solarium. Ransomware in Baltimore.
Chinese domestic and foreign intelligence services are cooperating more closely in cyberspace. Another set of speculative execution issues is found in Intel chips. This months Patch Tuesday was a big one. CrowdStrike files for its long-anticipated IPO. WhatsApp, spyware, and zero-days. Apple may be required to open its devices to apps from third-party stores. The Cyber Solarium is ready to get started, and Russia offers a helpful hand. Baltimore continues to suffer from ransomware. Malek Ben Salem from Accenture Labs with an overview of the Accenture Technology Vision report. Guest is Tom Pedersen from OneLogin on password use trends. For...
Russian operators breached two Florida counties voting systems, but without altering vote counts. Symantec, McAfee and Trend Micro are thought to be the security vendors hit by Fxmsp cybercrminals. WhatApp patches a flaw exploited to install spyware. The Equifax breach seems to have cost the company $1.4 billion. Companies are increasingly aware of datas potential toxicity. Cisco patches two flaws. And Endless Mayfly peddled fake news on behalf of Iran. Daniel Prince from Lancaster University on asymmetric information and attacker/defender dynamics. Tamika Smith debuts on our show with her story on Hackground, a STEM and robotics club. For links to...
Security companies allegedly hacked by Fxmsp remain unidentified. SharePoint bug exploited in the wild. G7 preps major cyber exercise. Anthem hack motive? Amnesty takes NSO Group to court.
Fxmsp criminals are now said to have code from a fourth security company, but none of the claimed victims have been publicly identified. A SharePoint vulnerability is being exploited against unpatched servers in the wild. The G7 are preparing a major exercise to evaluate the financial systems ability to withstand a major cyberattack. No one is saying what the Anthem hackers were after. Amnesty takes NSO Group to court. And the Pentagon takes a security look at VCs. Jonathan Katz from UMD on differential privacy, a technique for providing privacy for individuals taking part in studies. For links to all...
Researchers at Blackberry Cylance have been tracking payload obfuscation techniques employed by OceanLotus (APT32), specifically steganography used to hide code within seemingly benign image files.
Tom Bonner is director of threat research at Blackberry Cylance, and he joins us to share their findings.
The original research can be found here:
https://www.cylance.com/en-us/lp/threat-research-and-intelligence/oceanlotus-steganography-malware-analysis-white-paper-2019.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Breaches at AV companies? Pyongyangs ElectricFish. Symantecs CEO steps down. Calls to break up Facebook and regulate the pieces. US Federal indictments for leaks and breaches. Verizon DBIR reviewed.
Fxmsp may have breached three anti-virus companies. US-CERT and CISA warn against a new North Korean malware tool being used by Hidden Cobra: theyre calling it ElectricFish. A changing of the guard at Symantec. Former Facebook insiders call for breaking up the company and for more regulation. Facebook disagrees about the breakup, but says it likes the idea of regulation. Two indictments are unsealed--one for leaking classified information, the other for the Anthem breach. Johannes Ullrich shares some vulnerabilities involving tools from Google. Verizon DBIR coauthor Alex Pinto shares this years key findings. Learn more about your ad choices. Visit...
Someone is after Tehrans hackers. GitLab misconfiguration. AIs attack potential. Amazon pursues hackers who defrauded sellers. DeepDotWeb indictments. Evil Clippy. Lunch hacks in San Mateo.
The Green Leakers release more information about Iranian cyber operators, including details about MuddyWater and the Rana Institute. A misconfigured GitLab instance exposes data used by Samsung engineers. Thoughts on how AI can shift the advantage to the attacker. Amazon is after hackers who defrauded sellers. DeepDotWeb proprietors are indicted. Evil Cippy does VBA stomping. And a food fight in San Mateos corner of cyberspace. Justin Harvey from Accenture reviews cyber insurance. UVAs Mariah Carey shares her experience as captain of the championship winning NCCDC team.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Turlas new backdoor. Verizons 2019 Data Breach Investigations Report. Bad actors seek to influence the EU. US CYBERCOM preps for 2020. Baltimores ransomware. Monolingual content moderation.
Turla is back, and with a clever backdoor called LightNeuron. Verizons Data Breach Investigations Report shows that the C-suite remains a big target of social engineers, that crooks are following companies into the cloud, that ransomware remains popular, and that people seem warier of phishing. Bad actors peddle influence in the EU. Binance gets looted, Baltimore gets hacked. Meny Har from Siemplify explains SOCs, SIEMs and SOARs. Ben Yelin from UMD CHHS considers emojis in the courtroom.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Reverse engineering Equation Group attack tools (and putting them to bad use). Hacking, jamming, and airstrikes. Taking down coordinated inauthenticity. How big is the dark web?
Buckeye seems to have reengineered some of Uncle Sams cyber tools, and they did it without, apparently, help from the ShadowBrokers. More on airstrikes as retaliation for hacking, with a brief excursus on electronic warfare. Notes on malicious commitment as one of the hazards of open source software development. How big is the dark web? Big enough, but maybe not as big as everyone thinks. And beware of bogus Avengers Endgame sites. David Dufour from Webroot with thoughts on HTTPS security concerns. Guest is Michael Figueroa from the Advance Cyber Security Center on their recent report identifying a need for...
Supply chain hacking campaign looks like espionage. Airstrikes versus hackers. FTC versus Facebook. Notes from the Global Cyber Innovation Summit. Whats up with MegaCortex.
Tracking a group thats after the software supply chain. Israel adds airstrikes to the array of responses its prepared to make to hackers. The US Federal Trade Commission still doesnt know how you solve a problem like Mark. Some more notes from last weeks Global Cyber Innovation Summit. Sophos has more details on MegaCortex, a new strain of ransomware. And criminal organizations organize and operate a lot like legitimate businesses. Joe Carrigan from JHU ISI with information on a remote code execution vulnerability affecting Dell systems. Guest is Blake Sobczak from E & E News on the recent electrical grid...
Sea Turtle state-sponsored DNS hijacking. [Research Saturday]
Researchers at Cisco Talos have been tracking what they believe is a state-sponsored attack on DNS systems, targeting the Middle East and North Africa. This attack has the potential to erode trust and stability of the DNS system, so critical to the global economy.
Craig Williams is director of Talos Outreach at Cisco, and he joins us to share their findings.
The original research can be found here:
https://blog.talosintelligence.com/2019/04/seaturtle.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Utility hack update. Surveillance tool proliferation. Exploit black market. Novel ransomware, old distro channel. Notes from the Global Cyber Innovation Summit.
That cyber incident that affected electrical utilities in the western United States seems to have been a denial-of-service attack. Concerns arise over potential proliferation of Chinese security service tools. Exploit blackmarketeer Volodya and some customers. The Retefe banking Trojan is back. Some new ransomware thinks its the moving finger that writes, and, having written, moves on. And some cause for measured optimism at the Global Cyber Innovation Summit. Emily Wilson from Terbium Labs on the Dynamic Connections conference, hosted by General Dynamics. Guest is Joseph Carson from Thycotic on lessons hes learned (the hard way) on communications with the board....
Wipro update. Office 365 attacks. The "Smart Content Store" is bad mojo. Russian Internet sovereignty. Global Cyber Innovation Summit notes.
The group behind the Wipro attack has been active since 2015. Office 365 are still being targeted by account takeover attacks. A third-party Android app store is serving malware. The UK Defense Secretary has been sacked over leaked information. The US warned Russia to cease its support of Venezuelas Chavista regime. Russias Internet sovereignty bill is signed into law. And notes on the Global Cyber Innovation Summit. Jonathan Katz from UMD on law enforcement requests for ghost encryption. Guest is Cody Cornell from Swimlane on collaborative SOCs.
Learn more about your ad choices. Visit megaphone.fm/adchoices
US Energy Department alludes to March cyber incident. BND 19-02 is out. Facebook likes privacy. Assange gets a short nickel.
In todays podcast, we hear that a US Energy Department report alludes to a March cyber incident. Citycomp refused to yield to blackmail, so now its client data is being leaked. The US Department of Homeland Security has issued Binding Operational Directive 19-02. A UK judge sentenced Julian Assange to fifty weeks jail for bail jumping. Facebook the privacy-focused initiatives it plans to implement. And notes on the Global Cyber Innovation Summit. Robert M. Lee from Dragos on the pros and cons of conferences like RSA. Guest is Bert Grantges from Vera on cyber security as a business enabler. For...
Telnet may not be the backdoor youre looking for. Large PII database left exposed by parties unknown. DHS has a Critical Functions List. ISIS inspiration is back.
A backdoor turns out to be a familiar kind of Telnet implementation (and it was fixed seven years ago in any case). A large database of US household personally identifiable information was found exposed online, but who owned it remains unclear. The US Department of Homeland Security releases a Critical Functions List. ISISs sometime Caliph is back online. And piracy streaming is loaded with malware. Who knew? Craig Williams from Cisco Talos on their research into malware markets on Facebook. Guest is Dean Pipes from TetraVX on the root cause of shadow IT. For links to all of today's stories...
IoT devices exposed in peer-to-peer software vulnerability. Car hacking claims. More warnings of possible violence in Sri Lanka. Curating app stores for security. eScooters voices hacked.
Vulnerable peer-to-peer software exposes consumer and small-business IoT devices to compromise. A hacker says hes hacked automotive GPS trackers, all for the good, of course, and could even turn off a cars engine. Not, you know, that he would. Sri Lanka warns of the possibility of more violence, and journalists wonder if prior restraint of certain speech might be worth considering. Curating app stores for security. And potty-mouthed eScooters on Brisbane streets. Joe Carrigan from JHU ISI on Facebooks continuing privacy violations, potential FTC fines and PR woes. For links to all of today's stories check our our CyberWire daily...
Deep Learning threatens 3D medical imaging integrity. [Research Saturday]
Researchers at Ben Gurion University in Israel have developed techniques to infiltrate medical imaging system networks and alter 3D medical scans within, fooling both human and automated examiners with a high rate of success.
Yisroel Mirsky is a cybersecurity researcher and project manager at Ben Gurion University, and he joins us to share what his team discovered.
The original research can be found here:
https://arxiv.org/pdf/1901.03597.pdf
A video demonstrating the exploit is here:
https://youtu.be/_mkRAArj-x0
Learn more about your ad choices. Visit megaphone.fm/adchoices
Sri Lanka bombing investigation updates. Cryptojacking targets enterprises in East Asia. Oracle web server zero-day. The criminal-to-criminal credential-stuffing market. Who talked about Huawei in UK?
Investigation of the Easter massacres in Sri Lanka continues. For all the concern about online inspiration, some of the coordination seems to have been face-to-face. Symantec describes a cryptojacking campaign, Beapy, that propagates using EternalBlue. An Oracle web server zero-day is reported. Recorded Future describes the commodified black market for credential-stuffing. And theres a cabinet dust-up in the UK over a leak about the governments plans for Huawei. Johannes Ullrich from SANS and the ISC Stormcast podcast on the increase in DHCP client vulnerabilities hes been tracking. Guest is Anura Fernando from UL on the technological and regulatory challenges of...
Pledging allegiance to ISIS, and then going forth to kill. Adware in Google Play. Context-aware phishbait. Facebook and the FTC. Server crash or exit scam?
Sri Lankas investigation of the Easter massacres continues, with some ISIS video surfacing. Apps with aggressive adware found in Google Play. Context-aware phishbait may be bringing the Qbot banking Trojan to an email thread near you. Facebook seems to think the FTC is about to hit it hard, and sets aside a rainy day fund. And the Wall Street Market, a contraband souk on the dark web, may be engaged in an exit scam. Ben Yelin from UMD CHHS on the NSA recommending dropping the phone surveillance program. Guest is Jason Mical from Devo on the increasing importance of threat...
Sri Lanka bombing investigation update. Christchurch call. ShadowHammer moves upstream. Carbanak in VirusTotal after all. Spoofing banks. Bots vs. Mueller Report. ASDs best practices.
Sri Lanka investigates a homegrown jihadist group with possible international connections for the Easter massacres. New Zealand is preparing the Christchurch Call to exclude violent terrorist content from the Internet. ShadowHammer moves its supply chain attacks upstream. Carbanak source code seems to have been in VirusTotal for two years. Someones spoofing financial institutions. Bots surged upon the release of the Mueller report. ASD offers a counsel of perfection. Prof. Awais Rashid from University of Bristol on evidence based risk assessment. Guest is Michael P. Morris from Topcoder on the challenges of creating secure apps in the gig economy. For links...
ISIS claims responsibility for Sri Lanka massacre. Spearphishing embassies in Europe. How the Blockchain Bandit probably did it. Mexican embassy doxed.
ISIS claims responsibility for the Sri Lankan bombings. The government maintains its declared state of emergency, and has arrested at least forty in the course of its investigation. Check Point describes a spearphishing campaign against embassies in Europe. Its thought to be the work of the Russian mob. Weak keys let the Blockchain Bandit rifle alt-coin wallets. And a disgruntled bug hunter doxes one of Mexicos embassies. Justin Harvey from Accenture on preserving digital evidence in the aftermath of a cyber attack. Guest is Maryam Rahmani on the upcoming NYIT Girls in Engineering and Technology Day. For links to all...
Sri Lankas social media clamp-down, and investigation of Easter massacres. CIA said to have details on Huaweis relationship with Chinas security services. Marcus Hutchins pleads guilty.
Sri Lanka clamps down on social media in the wake of Easter massacres. Authorities suspect an Islamist group, but no terrorist organization has so far claimed responsibility. CIA intelligence is said to have the goods on Chinese security services hold over Huawei. Marcus Hutchins, also known as MalwareTech, and famous as the sometime hero of the WannaCry kill-switch, has taken a guilty plea to charges connected with the distribution of Kronos banking malware. Joe Carrigan from JHU ISI on password research from WP Engine. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_22.html Support...
Undetectable vote manipulation in SwissPost e-voting system. [Research Saturday]
Researchers have discovered a number of vulnerabilities in the SwissPost e-vote system which could allow undetectable manipulation of votes.
Dr Vanessa Teague is Associate Professor and Chair, Cybersecurity and Democracy Network at the Melbourne School of Engineering,University of Melbourne, Australia. She joins us to explain her team's findings.
The original research is here:
https://people.eng.unimelb.edu.au/vjteague/SwissVote
Learn more about your ad choices. Visit megaphone.fm/adchoices
Observations on the Mueller Report. Doxing Iranian intelligence. Insecure messaging. Old Excel macros. Wipro hack and gift cards.
Some observations on the Mueller Report, in particular its insight into what two specific GRU units were up to. (And some naming of DCLeaks and Guccifer 2.0 as GRU fronts.) Someone is doxing Irans OilRig cyberespionage group. A French government messaging app appears less secure than intended. Old Excel macros can still be exploited. And what were the Wipro hackers after? Gift cards, apparently. Malek Ben Salem from Accenture Labs on the Cisco Talos report on malware markets in Facebook groups. Guest is Barbara Lawler from Looker Data Sciences on GDPR, CCPA and the coming wave of privacy legislation. For...
Mueller Report is out. Sea Turtle DNS-manipulation campaign. Over-privileged and under-honest apps kicked out of Google Play. Facebook has another privacy incident. Fraud and destruction.
The US Justice Department releases the redacted Mueller Report: investigators found no evidence sufficient to establish conspiracy or coordination between any US persons and the Russians over the 2016 campaign, but the Bears were busy. The Sea Turtle campaign sets a worrisome example of DNS manipulation. Sneaky apps booted from Google Play. Facebook apologizes again. Notre Dame fire fraud. Replication in cyber research. And an act of gratuitous computer destruction. Robert M. Lee from Dragos with a look back at the evolution of ICS technology. Guest is Nathan Katzenstein. Hes got 20 years in IT, and offers his perspective on...
Spearphishing from Luhansk. Pro-Assange hacktivism. Another undercover private eye? Pirated Game of Thrones episodes carry malware.
Spearphishing campaign against Ukraine traced to the so-called Luhansk Peoples Republic. Anonymice threaten to rain chaos on Yorkshire if Julian Assange isnt freed--actually, more chaos since the initial chaos was perhaps too easily overlooked. An implausible venture capitalist is asking people if theyre being paid to bad-mouth a security firm. Pirated Game of Thrones episodes carry malware. David Dufour from Webroot with survey results on AI and ML. Guest is Derek Vadala from Moodys Investor Service on Moodys framework for assessing cyber risk. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_17.html Support our...
Fraud will follow fire, alas. Wipro compromise. DDoS in Ecuador. Brazils hacker underground. Selling a keylogger. Facebook and data. EU copyright law. Huaweis prospects. Fact-checkin, fer real.
Condolences to the city of Paris and the people of France. And, alas, expect fraud to follow fire. A compromise may have turned a companys networks against its customers. Denial-of-service in Ecuador. A look at Brazils cyber criminals. Selling a keylogger, complete with terms of service. Facebooks attitude toward data. The EU finalizes its controversial copyright law. Huaweis prospects. And what did the algorithm know, and when did the algorithm know it? Emily Wilson from Terbium Labs with their Fraud Guides 101 report. Guest is Ed Bellis from Kenna Security on their latest research report focused on vulnerability remediation. For...
ISIS inspiration in exile. Facebooks Sunday outage. A Microsoft IE bug, and a web-mail breach. Issues with VPNs. Last minute tax scams. Oculus Easter eggs.
An ISIS hard drive suggests the Caliphates plans for inspiration as it enters exile. Facebooks Sunday outage remains unexplained. Microsoft deals with a breach in its consumer web mail products. A researcher drops an Internet Explorer zero-day that may affect you even if you dont use IE. CISA warns of bugs in widely used VPNs. Last minute Tax Day online scams. Security pros advocate poor restroom hygiene. Easter eggs in Oculus. Joe Carrigan from JHU ISI on research from Tenable on Verizon FIOS router vulnerabilities. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_15.html...
The ghost and the mole; Eric O'Neill's Gray Day. [Special Editions]
Eric ONeill is a former FBI counterintelligence and counterterrorism operative, and founder of the Georgetown Group, a security and investigative firm, as well as national security strategist for Carbon Black. In his book Gray Day, My Undercover Mission to Expose Americas First Cyber Spy, Eric ONeil shares the fascinating and sometimes harrowing tale of his experience being assigned to help expose Robert Hanssen, the FBIs most notorious mole. In 2001 Hanssen pleaded guilty to multiple charges of espionage for sharing classified information with the Soviet Union and Russia over the course of over two decades. Learn more about your ad...
Establishing software root of trust unconditionally. [Research Saturday]
Researchers at Carnegie Mellon University's CyLab Security and Privacy Institute claim to have made an important breakthrough in establishing root of trust (RoT) to detect malware in computing devices. Virgil Gligor is one of the authors of the research, and he joins us to share their findings.
Link to original research -
https://www.ndss-symposium.org/ndss-paper/establishing-software-root-of-trust-unconditionally/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Mr. Assanges courthouse future(s). Dragonblood Wi-Fi vulnerabilities. Tax fraud and identity theft dark web souks.
Julian Assange remains in British custody. Hearings on the US extradition warrant are expected to begin next month. The US indictment revives discussion of the Computer Fraud and Abuse Act under which Mr. Assange was charged. Some notes on why Ecuador decided to revoke the WikiLeaks leaders asylum. Notes on Dragonblood. And were at the end of tax season, but the dark web souks are still hawking 1040s and W-2s. Ben Yelin from UMD CHHS on pending state legislation restricting law enforcement use of DNA data. Guest is Eric ONeill, former FBI operative and author of Gray Day, My Undercover...
Julian Assange is out of the embassy and in custody. Pyongyangs HOPLIGHT. Operations SneakyPastes. Incident response planning blues. High school jam.
Julian Assange is out of the Ecuadoran embassy and in British custody. Hes been found guilty of bail jumping, and will face extradition to the US on charges related to conspiracy to release classified material. Hidden Cobra is back with a new Trojan: HOPLIGHT. Kaspersky describes Operation SneakyPastes. IBM Security finds organizations dont exercise incident response plans. Two New Jersey high school boys are in trouble for jamming Secaucus Highs wi-fi. Jonathan Katz from UMD with his response to a skeptical critique of quantum computing. Guest is Maurice Singleton from Vidsys on the convergence of IoT security devices and IT...
The Triton actor seems to be back. Project TajMahal is after diplomatic secrets. Californias motor-voter program and a DMV hack.
FireEye says that the Triton actor is back. Theres some ICS malware staged in an unnamed critical infrastructure facility, and it looks as if the people who went after a petrochemical plant in 2017 are back for battlespace preparation. Kaspersky describes Project TajMahal, a cyberespionage effort against a Central Asian embassy. And Californias motor-voter program hits a hacker-induced bump in the road. Johannes Ullrich from SANS and the ISC Stormcast podcast on protecting yourself from hidden cameras when vacationing. Guest is Dr. Ratinder Ahuja from ShieldX on Elastic Microsegmentation. For links to all of today's stories check our our CyberWire...
GossipGirl, the supra threat actor. LockerGogas destructive functionality. More hacking allegations out of Caracas. Revolutionary Guard now a designated terrorist group. Creepy crime.
In todays podcast, we hear about GossipGirl, potentially a supra threat actor Chronicle sees linking Stuxnet, Flame, and Duqu. LockerGogas destructive functionality may be a feature, not a bug. Venezuela now says its power grid is being hacked by Chile and Colombia. The US designates Irans Revolutionary Guard a terrorist organization. Whats up with New Zealand and hidden, networked cameras? And second thoughts about what counts as a preliminary forensic investigation. Joe Carrigan from JHU ISI on minding permissions on mobile devices. Guest is Mike OMalley from Radware on the true costs of cyber attacks. For links to all of...
US DHS Secretary Nielsen resigns. Credential stuffing campaigns. Cryptojacking disrupts a business. A duty of care, online. Tax season scams.
In todays podcast, we hear about leadership changes at the US Department of Homeland Security. A look at credential stuffing. Cryptojacking disrupts production at an optical equipment manufacturer. The British Government moves toward establishing a duty of care that would impose new legal responsibilities on search engines, social media, and others. Tax season scams grow more plausible, and some of them are aimed at rounding up money mules. Rick Howard from Palo Alto networks reflects on the accomplishments of the Cyber Threat Alliance. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_08.html Support our...
Lessons learned from Ukraine elections. [Research Saturday]
Joep Gommers from EclecticIQ joins us to share their research tracking the information operations and and security methods they've been tracking that Russians have been using in advance of the recently held elections in Ukraine.
The research can be found here:
https://www.eclecticiq.com/resources/fusion-center-report-situational-awareness-ukraine-elections
Learn more about your ad choices. Visit megaphone.fm/adchoices
Crooks use Facebook, too. Congress asks FEMA for an explanation. Card skimmers in Mexico.
In todays podcast we hear about an Amazon-style fulfillment model for the criminal-to-criminal market. Criminals have Facebook groups, too, and lots of friends (friends here being a term of art). Xiaomi patches man-in-the-middle problems in its phones. Defense firms organize a supply chain security task force. Congress would like FEMA to explain its privacy incident. Alleged card skimmers arrested on other charges in Mexico. And Mr. Assange remains in Ecuadors London embassy, at least for now. Ben Yelin from UMD CHHS on predictive policing software. Guest is Rob Strayer, Ambassador and Deputy Assistant US Secretary of State on security challenges...
Keeping Winnti out of the goods while keeping an eye on them. GlitchPOS malware. What do apps want? Third-party Facebook data exposure. Digital hygiene. A scareware scam.
In todays podcast we hear that Bayer, maker of pharmaceuticals and agricultural products, blocked an espionage attempt by Chinas Winnti Group, and has been quietly monitoring the threat actor since last year. GlitchPOS and its evolution. Do those apps really need all that access? Two breaches of Facebook data by third parties. Some good digital hygiene notes: change default passwords and backup your data in a secure and recoverable way. And no, theres no CIA officer warning youll be arrested if you dont pony up 1.4 Bitcoin. Craig Williams from Cisco Talos with research on GlitchPOS malware. Guest is Leo...
For OceanLotus, a picture is worth a thousand words (or at least a few lines of loader code). Georgia Tech breached. Mounties raid offices associated with Orcus RAT.
In todays podcast, we hear that OceanLotus, a.k.a. Cobalt Kitty, a.k.a. APT32, is out and about and using a steganographic vector to deliver its loader. Georgia Tech suffers a major data breach, with access to student, staff, and faculty records by parties unknown. Research universities remain attractive targets. Reflections on dual-use technologies. The Royal Canadian Mounted Police have raided offices connected with the production of the Orcus RAT, which is either a legitimate tool or a commodity Trojan, depending on whom you believe. David Dufour from Webroot with results from their most recent threat report. Guest is Roy Zur from...
Ransomware deletes dupes. Exodus scandal grows in Italy. Election reports from Ukraine and Israel.
In todays podcast, we hear that a ransomware strain deletes duplicates. But you know that just keeping a duplicate on the same drive wasnt a secure backup, right? Right? Exodus spyware, now ejected from Google Play, is becoming a significant scandal in Italy. Influence operations meet campaigning in India and Israel--fair or unfair seems to be in the eye of the campaigner. In Ukraine, theyre just so much disinformation. OpIsrael hacktivists are expected back this weekend. More on below-the-belt selfies. Prof. Awais Rashid from University of Bristol on training people to work with cyber security complexity at scale. Guest is...
Patch Magento soon. Toyota hacked again. Exodus spyware hits app stores. Moscow seeks to corral VPN providers. Facebook wants regulation. Swatting sentence. Phishing tackle in Nigeria.
In todays podcast, we hear that Magento users are being urged to patch as risk of exploitation rises. Toyota experiences another cyber attack, and some observers blame, on grounds of motive, opportunity, and track record, OceanLotus. Exodus spyware in the Google Play store looks like a case of lawful intercept tools getting loose. Moscow seeks to control and limit VPN providers. Mr. Zuckerberg wants regulation. Mr. Barriss gets twenty years for swatting. And, hey, theres phishing tackle on the Nigerian National Assemblys site. Joe Carrigan from JHU ISI on a spying a leaving unsecured data online. For links to all...
Alarming vulnerabilities in automotive security systems. [Research Saturday]
Researchers at Pen Test Partners recently examined a variety of third-party automotive security systems and found serious security issues, potentially giving bad actors the ability to locate, disable or meddle with multiple vehicle systems.
Ken Munro is a security researcher with Pen Test Partners, and he joins us to share their findings.
The original research can be found here:
https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Russian information operations, and lessons on election security from the Near Abroad. Magneto proof-of-concept exploit. Huawei, security, and bugs. Training AI. Labor market news.
In todays podcast, we hear that Ukraine is preparing for this weekends elections while facing intense Russian information operations. Estonias experience with such interference may hold lessons. A Magneto vulnerability, just patched, could compromise paycards on e-commerce sites. Huawei reports record profits, and comes in for sharp British criticism over slipshod engineering. Prisoners in Finland will be helping train AI. And security companies hungry for talent should take note of tech layoffs in the larger IT sector. Ben Yelin from UMD CHHS with news that law enforcement agencies are encrypting their radio communications. Guest is Lorrie Cranor, director of CyLab...
Gustuff is out and after Android devices. Microsoft takes down Phosphorus. Elfin is working for Tehran. Russian cyber troops come to help Venezuelas Chavistas. Guilty plea expected in Martin case.
In todays podcast we hear that a young banking Trojan gains criminal marketshare in the Android ecosystem. Microsoft lawyers up and seizes sites Irans Charming Kitten used to stage its attacks. Another Iranian APT, Elfin, is described. A battalions worth of Russian special operators and cyber troops are on the ground in Venezuela. Washington wants them out; Moscow says theyre in for the duration. And accused NSA leaker Hal Martin is expected to take a guilty plea this week. Daniel Prince from Lancaster University on cyber risk management. Guest is Satish Thiagarajan from Tata Consultancy Services on customizing machine learning...
State cyber-espionage. Influence operations and coordinated inauthenticity. Add Lucky Elephant to the menagerie. ASUS supply chain updates. Notes on Norsk Hydros recovery. Reactions to the Mueller Report.
In todays podcast, we hear that the Spanish Defense Ministry has been reported to have suffered cyberespionage. The Lazarus Groups life of crime. Facebook takes down coordinated inauthenticity. Add Lucky Elephant to the bad actor menagerie: its harvesting credentials in South Asia. Notes on the ASUS supply chain backdoor. Updates on Norsk Hydros recovery from its LockerGoga infestation. Russia says, hey, the Mueller Report totally exonerated us, too. Emily Wilson from Terbium Labs on data collection and protecting PII. Guest is Matthew Montgomery from Verizon on their Mobile Security Index report. For links to all of today's stories check our...
More on ASUS supply chain backdoor. FEMA data mishandling. LockerGoga ransomware. Mueller report responses.
In todays podcast we hear about supply chain attacks and Operation ShadowHammers ASUS backdoor. LockerGoga ransomware may be slow and sloppy, but its masters are determined and willing to play for high stakes. What will happen with FEMA over its data mishandling incident? Responses to the Mueller Reports conclusions. Venezuela says it was hacked again--the rhetorical technique is implausible insistence. And what do PewDiePie fans call themselves? The Nine Year Olds, the Bro Army. Fans of Mr. Pies girlfriend are the Marzipans. Joe Carrigan from JHU ISI with thoughts on recent revelations that Facebook was making unencrypted passwords accessible to...
Mueller finds no evidence of Russia collusion. ISIS no longer holds any ground. LockerGoga hits chemical plants. FEMA fumbles PII. Cyber 9/12. PewDiePie versus T-Series.
In todays podcast, we hear that the US Attorney General has reported to Congress the results of Special Counsel Muellers investigation. The basic finding is that theres no evidence of collusion with Russian influence operations. ISIS no longer holds any ground. Expect it back in cyberspace. LockerGoga ransomware hits two chemical plants. FEMA mishandles more than two-million disaster victims PII. Notes on Cyber 9/12. And theres a squabble for YouTube subscribers. Robert M. Lee from Dragos on their recent purchase of Next Defense and the subsequent open-sourcing of their tools. Guest is Rohit Sethi from Security Compass on the PCI...
Investigators from McAfee's advanced threat research unit, working with partners at Coveware, have reevaluated hasty attributions of Ryuk ransomware to North Korea and have explored the inner workings of the threat.
John Fokker ishead of cyber investigations in McAfee's Advanced Threat research unit. He join us to share their findings.
The original research can be found here:
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/ryuk-exploring-the-human-connection/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Finlands data protection authority investigates suspicious smartphone activity. GitHub repos are leaking keys. Cardiac devices can be hacked.
In todays podcast, we hear that Finlands data protection authority is investigating reports that Nokia 7 Plus smartphones are sending data to a Chinese telecom server. Thousands of API tokens and cryptographic keys are exposed in public GitHub repositories. The US government warns that certain cardiac devices can be hacked from close range. A North Carolina county government is dealing with its third ransomware attack. And Magecart groups go after bedding companies. Malek Ben Salem from Accenture Labs with thoughts on securing the digital economy. Guest is Adam Isles from the Chertoff Group on supply chain risks. For links to...
Russian APTs target EU governments. FIN7 is back. Google and Facebook scammed.
Fancy Bear and Sandworm are launching cyberespionage campaigns against European governments before the EU parliamentary elections. The FIN7 cybercrime group is still active, and its using new malware. A scammer stole more than $100 million from Google and Facebook. Facebook stored hundreds of millions of passwords in plaintext for years. And chatbots can learn to impersonate you based on your texts. Ben Yelin from UMD CHHS on rumors of NSA shutting down the Section 215 program. Guest is Jadee Hanson from Code 42 on insider threats. For links to all of today's stories check our our CyberWire daily news brief:...
Norsk Hydro recovers from LockerGoga infection. Cyber conflict, cyber deterrence, and an economic case for security. EU out of compliance with GDPR? Big Tech in court. Thoughts on courtship.
In todays podcast, we hear that Norsk Hydros recovery continues, with high marks for transparency. Some notes on the challenges of deterrence in cyberspace from yesterdays CYBERSEC DC conference, along with context for US skepticism about Huawei hardware. Cookiebot says the EU is out of compliance with GDPR, its sites infested with data-scraping adtech. Google and Facebook get, if not a haircut, at least a trim, in EU and US courts. And some animadversions concerning digital courtship displays. Dr. Charles Clancy from VA Techs Hume Center on updates to the GPS system. Guest is Landon Lewis from Pondurance on balancing...
LockerGoga hits Norse Hydro. Mirai botnet malware gets an update. The DHS is concerned about cybersecurity.
In todays podcast, we hear that an aluminum manufacturing giant in Norway has suffered a major ransomware attack. A new version of the Mirai botnet malware is targeting enterprise systems. The US Homeland Security Secretary says the private sector and the government in the United States need to work together against cyber threats. Europol has a new cyber incident response strategy. And cybersecurity executives say some vendors marketing tactics are having a detrimental effect on the security industry. Johannes Ullrich from SANS and the ISC Stormcast Podcast on hardware security issues at the perimeter. Guest is Nathan Burke from Axonius,...
Online content and terrorism. Huaweis shifting strategy. Venezuelas grid failure is explicable by corruption and incompetence--no hacking or sabotage required. Gnostiplayers are back. AI and evil.
In todays podcast we hear about content moderation in the aftermath of the New Zealand mosque shootings. A shift in Huaweis strategy in the face of Five Eye--and especially US--sanctions: the US doesnt like us because were a threat to their ability to conduct untrammeled surveillance. Corruption, neglect, and replacement of experts by politically reliable operators seem to have caused Venezuelas blackouts. Gnosticplayers are back, with more commodity data. And AI has no monopoly on evil--natural intelligence has that market cornered. Joe Carrigan from JHU ISI on the recently announced DARPA funded effort to develop and open-source voting system. For...
ThinkPHP exploit from Asia-Pacific region goes global. [Research Saturday]
Akamai's Larry Cashdollar joins us to describe an exploit he recently came across while researching MageCart incidents. It's a remote command execution vulnerability affecting ThinkPHP, a popular web framework.
The original research can be found here:
https://blogs.akamai.com/sitr/2019/01/thinkphp-exploit-actively-exploited-in-the-wild.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Terror, announced and celebrated online. JavaScript sniffer afflicts e-commerce sites. Cryptojacking in the cloud. Perspectives on regulation, thoughts on a pervasive IoT. Chinas IP protection law.
In todays podcast, we hear that a terror attack against two New Zealand mosques is announced on Twitter and live-streamed on Facebook. A new, unobtrusive JavaScript sniffer infests some e-commerce sites in the UK and the US. Cryptojacking finds its way into the cloud. A look at the consequences of regulation, both good and bad. How CISOs will have to grapple with the increasingly pervasive Internet-of-things. And Chinas National Peoples Congress makes a gesture toward respecting IP, but the world remains skeptical. Craig Williams from Cisco Talos with an update of crypto miners. Guest is Nirmal John, author of the...
Indonesian election security. Watering hole in Pakistani passport site. RAT hunting. Intelligence brute-forcing. Just-patched zero-day exploited. PoS DGA attack. Operation Sheep. BND advises nein to Huawei.
In todays podcast, we hear that Indonesia says its got its voting security under control, and a lot of the problems sound like good old familiar fraud and dirty campaigning. Trustwave warns of a watering hole on a Pakistani government site. Recorded Future goes RAT hunting. Proofpoint offers a look at intelligent brute-forcing. Kaspersky reports on two espionage APTs exploiting a just-patched Microsoft zero-day. Flashpoint describes an unusual point-of-sale attack, and Check Point find Trojanized Android apps. Germanys BND warns against Huawei. Robert M. Lee from Dragos with thoughts on the Venezuelan power outages. Guest is Jeremy Tillman from Ghostery...
Election security and influence operations. Hacking the Fleet. Undersea cable competition. 5G worries. Calls to rein in Big Tech. UN report outlines North Korean cyber crime (theres a lot of it).
In todays podcast, we hear that election interference concerns persist around the world. Governments seek to address them with a mix of threat intelligence and attention to security basics. A US Navy report says the Fleets supply chain is well on the way to being pwned by Chinese intelligence. Undersea cables are a center of Sino-US competition. The European Parliament warns about the Chinese threat to 5G infrastructure. More calls to rein in Big Tech. And the UN looks at North Korea and sees massive cyber crime. Emily Wilson from Terbium Labs with a look back at the Equifax breach....
Venezuela power blackout updates. Social media and social control. Trojanized games. Free decryptor out for ransomware strain. Ads on Facebook. A look at 30 years of the web.
In todays podcast, we hear an update on Venezuela and its power outages. Amplification of social media posts as a form of mass persuasion. A look at how control of the Internet has replaced control of the radio station as a move in civil war and coup or counter-coup planning. Asian game makers get backdoored out of China. Decryptors are out forBigBobRossransomware. Senator Warren versus Facebook, and Facebook versus itself. And Sir Tim Berners-Lee on the Webs 30thbirthday.Joe Carrigan from JHU ISI with an early look at NSAsGhidrareverse engineering tool. Guest is Dr. Phyllis Schneck from Promontory Financial Group (an...
Allegations and information operations. Iridium group may have compromised Citrix. Sino-American trade and security conflicts continue. Fashions in trolling.
Venezuela sustains power outages, and the regime blames hackers and wreckers. The opposition says its all due to the regimes corruption, incompetence, and neglect. Citrix loses business documents in what might have been an Iranian espionage operation. Huaweis suit against the US gets some official cheering from Beijing. The US warns against Chinese information operations. And Russian troll farmers turn to amplification.Daniel Prince from Lancaster University on the importance of Cyber Design.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_11.html
Support our show
Learn more about your ad choices. Visit megaphone.fm/adchoices
Job-seeker exposes banking network to Lazurus Group. [Research Saturday]
Vitali Kremez is a Director of Research at Flashpoint. His team discovered that the recently disclosed intrusion suffered in December 2018 by Chilean interbank network Redbanc involved PowerRatankba, a malware toolkit with ties to North Korea-linked group Lazarus. The intrusion represents the latest known example of Lazarus-affiliated tools being deployed within financially motivated activity targeted toward financial institutions in Latin America.
The original research can be found here:
https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Chinese influence campaigns. Egyptian spear phishing. Hundreds of million email records exposed.
In todays podcast, we hear that Chinese information operations on US social media are widespread. The Egyptian government launches spear phishing attacks against activists. Hundreds of millions of email records were found online. Chelsea Manning is back in jail. The US is retaliating for Chinese cyberespionage. And Facebook wants to change its image. Ben Yelin from UMD CHHS on a PA supreme court ruling on protection of employees personal information. Guest is Scott Shackelford from Indiana University on the Paris call for trust and security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_08.html...
The scope of Iran-linked APT33 cyberattacks has been revealed. GandCrab criminals are using more sophisticated tactics. A new type of malware was using Slack to communicate. Chrome gets an important update. Huawei sues the US, and Germany sets tougher security rules for telecom companies. And people who invest in cryptocurrency often don't know what they're getting into. David Dufour from Webroot with his thoughts on RSA Conference. Guest is Asaf Cidon from Barracuda Networks on account takeover vulnerabilities. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_07.html Support our show Learn more about your...
5G worries. Whitefly vs. SingHealth. Speculative execution bug.
In todays podcast, we hear that Australia's former prime minister warns Britain about Chinese tech companies. Symantec says Whitefly was behind SingHealth's massive data breach. Iranian hackers show code overlap. Intel CPUs are vulnerable to another speculative execution flaw. The NSA hasn't been using its domestic phone surveillance program lately. Sharing code presents dangers. And Google will ban political ads in Canada. Justin Harvey from Accenture with results from their Costs of Crime report, as well as observations from RSAC. Guest is Gerald Beuchelt from LogMeIn with info from their latest password survey. For links to all of today's stories...
India hacks back. Rob Joyce discusses cyber conflict. Chinese hackers look for maritime technologies. Google reveals a macOS vulnerability.
In todays podcast, we hear that India went on the offensive when its government websites were attacked by hackers from Pakistan. Rob Joyce, Senior Advisor for Cybersecurity Strategy to the Director of the US National Security Agency, discusses trends in cyber conflict. A Chinese cyberespionage group hacks for maritime technologies. Facebook lets people look you up by your two-factor authentication phone number. And Google researchers disclose a vulnerability in macOS. CyberWire Editor John Petrik with results from the RSA Conference Innovation Sandbox. Guest Balaji Parimi from CloudKnox weighs the pros and cons of various authorization schemes. For links to all...
Operation Sharpshooter. Canada begins extradition process. Huawei will sue the US. Facebooks global lobbying practices revealed. Visitor management systems are vulnerable.
In todays podcast, we hear that Operation Sharpshooter is linked to North Korea. Canada begins the extradition process for Meng Wanzhou. Huawei is planning to sue the US for banning its equipment from government use. Facebook may have used questionable tactics to lobby against stricter data protection laws. Thailand passes a controversial cybersecurity law. And IBM interns discover a host of vulnerabilities in visitor management systems. Joe Carrigan from JHU ISI with details on a Ring Doorbell vulnerability. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_04.html Support our show Learn more about your...
Researchers at Zscaler have been tracking a variety fake versions of the popular Fortnite game on the Google Play store, along with associated scams. Deepen Desai is head of security research at Zscaler, and he joins us to share their findings.
The original research can be found here:
https://www.zscaler.com/blogs/research/fake-fortnite-apps-scamming-and-spying-android-gamers
Learn more about your ad choices. Visit megaphone.fm/adchoices
Qbot spreads. Bug hunting makes a millionaire. US Cyber Command shows what persistent engagement looks like. Huawei agonistes. Theres no Momo, really.
Qbotinfections are spreading. The bounty-hunting gig economy apparently has its first millionaire. Observers are liking what they see in US Cyber Commands persistent engagement. Canada mulls the extradition of Huaweis CFO to the US. The US continues to callHuawei a security risk, and Huawei has some things to say back. The Momo Challenge is a viral online craze, but not the way you may have heard.AwaisRashid from Bristol University with thoughts on edge computing. Guest is Dr. Dena HaritosTsamitisfrom Carnegie Mellon University on improving the culture ofinfosec, as well as her thoughts on the upcoming RSA conference. For links to...
Third-parties can misconfigure, too. Coinhive goes out of business. Intel decides 5G project with Chinese partner is too hard. Bronze Union. Clearing Facebook data. Proper disposal of lawful intercept tools.
In todays podcast we hear that a misconfigured Amazon Web Services database has exposed a risk screening database--and it seems the exposure itself was an instance of third-party risk. Farewell to Coinhive, long a favorite of cryptominers everywhere. Intel pulls back from a 5G project with a Chinese partner. A quick look at Bronze Union, and what the threat actors up to. Facebook will soon help you clear your data. And if you have a lawful intercept tool you no longer need, please dont sell it on eBay. Malek Ben Salem from Accenture Labs on the commoditization of malware. Guest...
Router vulnerabilities. Hacking around the Hanoi summit. DDoSing an election. Brushing back a troll farm. Crytpojacking an embassy.
In todays podcast, we hear that Nokia routers have been found vulnerable to man-in-the-middle and denial-of-service attacks. As one would expect,the USand North Korean summit in Hanoi this week summons up some hacking. Ukraine accuses Russia of DDoS attacks in the service of election disruption. US Cyber Command played some chin music for St. Petersburg during US midterm elections. And if youre going to hack into an embassy, wouldnt you want to do more than install acryptojacker?David Dufour from Webroot with insights on their pending purchase by Carbonite. Guest is Randy Vanderhoof from the Secure Technology Alliance on managing identity...
In todays podcast, we hear updates on suspicions of Chinese operators. Some trend reports from IBM and NETSCOUT. Bare-metal cloud services getreflashed. USB-C ports may be more vulnerable than thought to direct memory access attacks. Credential-stuffing attacks hit users of online tax-preparation services. And that missile attack on Tampa was not a drillin fact, it never happened at alland congratulations to the citizens of Florida for recognizing a hack and a hoax when they see one.Justin Harvey from Accenture on the types of vulnerabilities adversaries target. Guest is Guarav Tuli from F-Prime Capital on the current venture capital environment for...
Another warning of DNS hijacking. B0r0nt0k ransomware is out and about, and in too many servers. Whitelisting a controversial CA. Blockchain security. Bots get on the consular calendar.
In todays podcast, we hear that ICANN has warned of a DNS hijackingwave, andis urging widespread DNSSEC adoption. Security firms see Iran as a particularly active DNS hijacker. A B0r0nt0k ransomware outbreak infests Linux servers, but Windows users might be at risk as well. A request for whitelisting in the Firefox certificate store arouses controversy. Technology Review raises questions about blockchain security. Bots keep people from getting consular appointments, and people dont like it. And tellingminotaursfrom unicorns.Rick Howard from Palo Alto Networks with tips on moving data to the cloud. For links to all of today's stories check our our...
Rosneft suspicions shift from espionage to business email compromise. [Research Saturday]
Researchers at security firm Cylance have been tracking a threat group targeting the Rosneft Russian oil company. As Cylance uncovered details, suspicions shifted from state-sponsored espionage to business email compromise.
Kevin Livelli is director of threat intelligence at Cylance, and he joins us to share what they found.
The original research can be found here:
https://threatvector.cylance.com/en_us/home/poking-the-bear-three-year-campaign-targets-russian-critical-infrastructure.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Influence operations in Ukraines elections. Australian hacks look more like Chinas work. Huawei and the 5G future. Objectionable content in comments. DrainerNot. No more soldier-selfies in Russia.
In todays podcast, we hear that Kiev says its found complex, large-scale Russian influence operations in Ukraines presidential election. Australian investigators are said to be closer to concluding that recent hacking attempts were the work of Chinese intelligence services. Theres also plenty of ordinary crime to go around. Huawei continues its charm and affordability offensive. User comments drive advertisers away from YouTube.DrainerBotsucks power from phones. And Russiaoutlawssoldier-selfies.Ben Yelin from UMD CHHS about a lawsuit involving a man refusing to unlock his phone at the U.S. border. Guest is Linda Burger from NSA with information on their Technology Transfer Program. For...
Hybrid war and tactical influence operations. Separ lives off the land. NoRelationship attacks get past email filters. Responsible disclosure. Man-in-the-room bug. Ship hacking. Password managers.
In todays podcast we hear about a test of influencing soldiers through their social media: Instagram works best, Twitter not so much. Separ credential-stealing malware successfully lives off the land.NoRelationshipattacks get past some email filters. Spamming users to get your point across may not be the best form of disclosure. University researchers find a man-in-the-room bug. Other researchers think they could capsize a ship. Britains NCSC continues its dance with Huawei. Password managers remain a good idea.Emily Wilson from Terbium Labs discussing law enforcement on the dark web. UK correspondent Carole Theriault returns with the story of surveillance and facial...
Fancy Bear phishes in think tanks. Lazarus Group takes a swipe at Russian organizations. New decryptor for GandCrab. Citizen Lab and Novalpina discuss NSO Group. Ryuks lousy help desk.
In todays podcast, we hear that Microsoft has disclosed a Fancy Bear sighting, snuffling aroundAtlanticistthink tanks in Europe. Ukraine says, in effect, see, we told you so. Speaking of bears, it seems that North Koreas Hidden Cobra may be striking at the biggest bear of them all, going after Russian targets. Theres newdecryptoravailable forGandCrabransomware. Citizen Lab and NSO Groups new partial owner exchange notes. A look at a ransomware help desk.Mike Benjamin from CenturyLink with an update on theNecursbotnet. Guest is Tommy McDowell from the R-CISC (the retail ISAC) on the importance of sharing threat data. Learn more about your...
International cyber conflict: India and Pakistan; Australia and China. Rietspoof malware. Microsoft ejects cyptojackers from its store. NCSC may go easy on Huawei. Parliament criticizes Facebook.
In todays podcast, we hear of a small flare in cyber conflict between India and Pakistan. Australian political parties as well as Parliament subjected to attempted cyberattacks. A new strain of malware is being distributed through messaging apps. Microsoft pulls cryptojacking Windows 10 apps from its store. Britains NCSC is rumored to have concluded that it can mitigate Huawei risks. Facebook gets a harsh report from Westminster. And a hacker claims a higher motive for his breach (but still wants Bitcoin).Joe Carrigan from JHU ISI on Apple requiring two-factor authentication for developers. Guest is Igal Gofman from XM Cyber on...
Seedworm digs Middle East intelligence. [Research Saturday]
Researchers at Symantec have been tracking Seedworm, a cyber espionage group targeting the Middle East as well as Europe and North America. The threat group targets government agencies, oil & gas facilities, NGOs, telecoms and IT firms.
Al Cooley is director of product management at Symantec, and he joins us to share their findings.
The original research can be found here:
https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group
Learn more about your ad choices. Visit megaphone.fm/adchoices
GandCrab notes. Make tests, not bans, says GSMA. Content moderation. Takedown of inauthentic accounts. Influence operations. Happy birthday, GCHQ.
In todays podcast, we hear thatGandCrabhas been scuttling through unpatched holes. Independent testing as an alternative to banning specific vendors as security risks. Big Tech gets some Congressional scrutiny over content moderation. Facebook takes down inauthentic accounts working to influence the Moldovan elections. The Federal Trade Commission is rumored to be queuing up a record privacy fine. Defending forward from disillusioned Bears. And happy birthday, GCHQ.Craig Williams from CiscoTaloson router vulnerabilities. Guest is Amanda Berlin, founder of Mental Health Hackers on her efforts to address mental health issues ininfosec. For links to all of today's stories check our our CyberWire...
Former Air Force counterintelligence specialist indicted on charges of spying for Iran. Wheres the stolen Equifax data? Two alleged Apophis Squad clowns indicted.
In todays podcast we hear that US prosecutors have unsealed the indictment of a former US Air Force counterintelligence specialist on charges she conspired to commit espionage on behalf of Iran. The US Treasury Department announces further sanctions on Iranian individuals and one organization named in that indictment. Two alleged members of Apophis Squad are indicted. Whatever became of the all the data stolen from Equifax? That informations apparently not for sale on the dark web.Malek Ben Salem from Accenture Labs on reducing the attack surface of containers. Guest is Kevin McNamee from Nokia with results from their recent threat...
China says it had nothing to do with the Parliament hack in Australia. Notes on Patch Tuesday. Shlayer and GreyEnergy malware analyzed. Tomorrow is Valentines Dayact accordingly.
In todays podcast, we hear that China has denied involvement in the Australian Parliament hack. Patch Tuesday notes. A new strain ofShlayermalware is out. A look atGreyEnergy. Reactions to the destructiveVFEmailattack. And thoughts on St. Valentines Day, with advice, admonition, and an excursus on credential-stuffing and holiday doughnuts.Dr. Charles Clancy from VA Techs Hume Center on the Pentagons use of AI for RF spectrum management. Guest is MattCauthornfromExtraHopon malicious Chrome extensions.
For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_13.html
Support our show
Learn more about your ad choices. Visit megaphone.fm/adchoices
VFEmail attacked, infrastructure wiped. EU considers a response to APT10. US Executive Order on AI is out. GPS jamming threat. Stryker hack. Shadow IT in the Corps.
In todays podcast, we hear thatVFEmailhas sustained a devastating, data-destroying attack. The EU considers whether it should, can, or will make a coordinated response to Chinas APT10. A US Executive Order outlines a strategy to maintain superiority in artificial intelligence. Norway warns, again, of the risk of GPS jamming. US Army Stryker vehicles were hacked during testing last year. And some Marines are getting ahead of themselves, downloading close air support control apps to personal tablets.Johannes Ullrich from SANS and the ISCStormcastpodcast on using hardware flaws for network access. Guest is Shane Harris from the Washington Post with an update...
Cryptojackers gone wild. Attempted hack of Australias Parliament investigated. Huawei security concerns continue. Russia tests Internet autarky. Prosecutors investigate alleged blackmail.
In todays podcast, we hear that clipper malware has been ejected from Google Play. A differentcryptojackeris kicking its competitors out of infected machines. Australian authorities continue to investigate the attempted hack of Parliament, with Chinese intelligence services as the prime suspects. How do you solve a problem like Huawei? Russia prepares to test its ability to disconnect from the Internet in the event of war. Prosecutors investigate alleged blackmail by below-the-belt selfie.Ben Yelin from UMD CHHS on politicians blocking citizens on social media. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_11.html Support our...
Trends and tips for cloud security. [Research Saturday]
The team at Palo Alto Networks' Unit 42 recently published research tracking trends in how organizations are addressing cloud security, along with tips for improvement.
Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings.
The original research can be found here:
https://unit42.paloaltonetworks.com/unit-42-cloud-security-trends-tips/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Australias Federal Parliament has a cyber incident. DHS warns of third-party spying. Legit privacy app tampered with. Credit Union phishing. Bezos vs. Pecker. FaceTime bounty. Seal scat.
In todays podcast, we hear that Australia is investigating an attempted hack of its Federal Parliament. The US Department of Homeland Security warns that spies are working through third parties to get to their targets. Spyware is bundled in alegitimate privacy app. Credit unionsgetspearphished. Mr. Bezos says, No thanks, Mr. Pecker. Apple will pay a FaceTime bug bounty. Microsoft says dont use IE as a browser. And what they found in that seal scat.Justin Harvey from Accenture on credential stuffing. Guest is Sandi Roddy from Johns Hopkins APL on secure key management. For links to all of today's stories check...
Social engineering and the power of brands. Insecure check-ins? APT10 is quiet but not gone. MacOS Keychain bug. Assessment of Chinese device manufacturers continues.
In todays podcast, we hear about social engineering, with a few new twists. Some airlines may be exposing passenger data with insecure check-in links. APT10 may be lying low, for now, but the US Department of Homeland Security expects the cyber spies to be back. A researcher finds a macOS Keychainbug, butwould rather not tell Apple about it. Governments in Europe and North America continue to assess risks associated with Huawei and ZTE. And aTrojan hidesin The Sims 4.AwaisRashid from Bristol University with thoughts on the challenges of securing smart phones. Carole Theriault explores recent concerns over popular video app...
APT10 stays busy. More skepticism about Huawei (and ZTE, for that matter). No foreign material effect on US midterms. Reverse RDP risk. IIoT bug found. RSA Innovation Sandbox finalists.
In todays podcast, we hear that Chinese threat group APT10 seems to have been busy lately, and up to its familiar industrial espionage. More governments express skepticism about Chinese manufacturers. The US report on election security is out: influence ops were found to have had no material effect on the midterms. Lithuania worries about Russian election meddling. A reverse RDP attack risk is reported. An industrial IoT remote code flaw. And congratulations to the finalists in RSAs Innovation Sandbox.Emily Wilson from Terbium Labs on biometrics for sale on the dark web. Guest is Katie Nickels from MITRE on the ATT&CK...
ExileRAT versus Tibet. SpeakUp backdoors Linux. Facebook bans Myanmar militias. Norway sees a threat in Huawei. Westminster gets hacked? Bangladesh Bank sues over SWIFT caper.
In todays podcast, we hear thatExileRATis targeting Tibets government-in-exile. TheSpeakUpbackdoor afflicts many varieties of Linux systems. Facebook bans ethnic militias in Myanmar from its platform. Norways PST intelligence service says that Huawei constitutes a security risk, and China says thats nonsense. Someone seems to be hacking contact lists belonging to UK Members of Parliament. Bangladesh Bank is suing to recover the $81 million missing from its 2016 SWIFT heist.Joe Carrigan from JHU ISI on Facebooks password flexibility on mobile devices. Guest is Josef Williamson fromEclecticIQon cyber espionage and nation state threats. For links to all of today's stories check our...
Tracking the impresario behind Collection#1. OceanLotus and a new downloader. CookieMiner malware afflicts Macs. Huawei prospects. Influence ops. Extortion by bluff.
In todays podcast, we hear that Collection#1 looks like the work of an aggregator who goes by the name of C0rpz. OceanLotus is working with a new downloader.CookieMinermalware is poking around in Macs. Huawei continues to receive harsh security scrutiny internationally even as it seeks to position itself as a 5G leader. Russian influencers begin to attend to Venezuela. And if someone says theyve got video of you looking at things you shouldnt, they probably dont.Rick Howard from Palo Alto Networks on Australias controversial encryption legislation. For links to all of today's stories check our our CyberWire daily news brief:...
Online underground markets in the Middle East. [Research Saturday]
Researchers at Trend Micro recently published their look inside online underground marketplaces in the Middle East and North Africa, where criminals are buying and selling malware, laundering money and event booking their next discount vacation.
Jon Clay is director of global threat communications at Trend Micro, and he joins us with their findings.
The original research can be found here:
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cash-and-communication-new-trends-in-the-middle-east-and-north-africa-underground
Learn more about your ad choices. Visit megaphone.fm/adchoices
No more Apple time-out for Facebook and Google. Inauthentic sites taken down. Fancy Bear paws at Washington, again. Malware-serving ads. Amplification DDoS. Data exposures in India.
In todays podcast, we hear that Apple has let Facebook and Google out of time-out. Russia decides it would like access to Apple data because, you know, its Russian law. Social networks take down large numbers of inauthentic accounts. Fancy Bear is snuffling around Washington again, already, with some spoofed think-tank sites. Shape shifting campaign afflicts ads. China seesCoAPPDDoS attacks. An Aadhaar breach hits an Indian state as the SBI bank recovers from a data exposure incident.Johannes Ullrich from SANS and the ISCStormcastPodcast on the effectiveness of blocklists. Guest is DanielFaggellafromEmerjArtificial Intelligence Research on the future of AI and security....
Commodity credential stuffing gets four new collections. Google was also doing a pay-to-pwn, like Facebook. Russian trolling. FaceTime bug investigation. Joanap botnet. Other online scams.
In todays podcast, we hear that Collections #2 through #5 have joined Collection #1 in hacker fora. Google is found to be collecting data from devices in much the same way its advertising peer Facebook was. Russian trolls seek to discredit the Special Counsels investigation of influence ops. New York State opens an investigation into Apples response to theFaceTImebug. The US Department of Justice aims to disrupt a North Korean botnet. And a rundown of some current online scams.Mike Benjamin from Century Link with information onTheMoonbotnet and how it targets websites. Guest isLewieDunsworth, CISO & Executive Vice President of Technical...
US IC on cyber threats. Iran goes after PII. UAE surveillance described. Scanning for unpatched routers. Huaweis possible fates. Scam exploits child. FaceTime disclosure. Facebook Research.
In todaysCyberWire, we hear that US Intelligence Community leaders testify that the major cyber threat comes from Russia, China, North Korea, and Iran. Irans APT39 takes an interest in PII. A UAE surveillance program is revealed. Hackers scanning for unpatched Cisco routers. What Huawei faces, in addition to fines. The FaceTime bug and responsible disclosure. Facebook was paying people topwntheir phones. Scam artists exploit a small disabled girl. And the Government shutdowns mixed effect on cybersecurity.Craig Williams from CiscoTalosonPylocky, a ransomwarestraintheyve been tracking. Guest is Mark Orlando from Raytheon on safeguarding online information. For links to all of today's stories...
Case studies in risk and regulation. [CyberWire-X]
In the final episode of our four-part series, calledGround Truth or Consequences: the challenges and opportunities of regulation in cyberspace, we examinesome of the game changing high profile breaches like Yahoo, Equifax and OPM, along with their impacts and lessons learned.
Our guest is Dr. Christopher Pierson, CEO and founder of BlackCloak.
Later in the program we'll hear fromJason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.
Learn more about your ad choices. Visit megaphone.fm/adchoices
FaceTimes odd bug, and how to squash it. FormBook malware surges through a new hosting service. Some international law enforcement wins. International conflict in cyberspace.
In todays podcast, we hear that a FaceTime bug lets you listen to someones phone before theyve even picked up. FormBook malwares surge is abetted by a new hosting service. Compromised server market xDedic has been taken down. Europol is looking for Webstressor users. Huawei faces new US criminal charges. Kims ambitious economic plan may augur ambitious North Korean hacking. EU foretells a surge in Iranian cyberattacks. Waiting for information operations around the Venezuelan crisis.Joe Carrigan from JHU ISI on legacy Twitter location data privacy issues. Guest is Jamil Jaffer from IronNet Cybersecurity with highlights from his recent Capital Hill...
Someone takes an unhealthy interest in Citizen Lab. Ukraines accuses Russia of election phishing. Russian bigshots doxed. Tension over Venezuela. Swatting indictments. National Privacy Day.
In todays podcast, we hear about some Spy vs. Spy at Citizen Lab, but who the spies were working for isnt clear. Ukraines cyber police accuse Russia of phishing for election influence. As Fortunas wheel turns, Russian bigwigs get doxed by transparency hacktivists. Great power tension over Venezuela bears watching in cyberspace. Alleged swatters indicted and arrested. Happy National Privacy Day.Emily Wilson from Terbium Labs on fullz records of children being sold on the dark web. Guest is SeanLyngaasfromCyberScoopwith his insights on the DNS hijacking threat. For links to all of today's stories check our our CyberWire daily news brief:...
Amplification bots and how to detect them. [Research Saturday]
Researchers from Duo Security have been analyzing the behavior of Twitter bots in a series of posts on their web site. Their most recent dive into the subject explores amplification bots, which boost the impact of tweets through likes and retweets.
Jordan Wright is a principal R&D engineer at Duo Security, and he joins us to share their findings.
Link to the original research -
https://duo.com/labs/research/anatomy-of-twitter-bots-amplification-bots
Learn more about your ad choices. Visit megaphone.fm/adchoices
Glitches, not attacks or takedowns. Tracing Gray Energy and Zebrocy back to their servers. US Army tactical cyber operations. Venezuela crisis. Bellingcat and OSINT. Roger Stone arrested.
In todays podcast, we hear that two potential cyberattacks now look like glitches. Gray Energy andZebrocylook as if theyre close enough to be, if not the same threat actor, at least first cousins. The US Army pushes significant cyber capability to a tactical level. Venezuelas crisis may provide the next occasion for Russian information operations. HowBellingcatexposes info operations. Special Counsel Mueller secures the indictment and arrest of Roger Stone. And leave the Nest alone.Dr. Charles Clancy from the Hume Center at VA Tech on confusing marketing claims from AT&Twith regard to5G cellular technology. Guest is P. W. Singer, author of...
The US House of Representatives wants to know more about DNS-hijacking. Huawei skepticism. Anonymous dunnit, say the Russians. Financial data exposed. Family spooked by hackers.
In todays podcast, we hear that the US House would like some more information from DHS about what prompted its emergency directive about DNS hijacking. More skepticism about Huawei from various governments. A British think tank has been hackedobservers think Russias GRU is good for it, but Russia says no, hey, it was Anonymous, and they did a good job. Exposed database leaves financial information out for the taking. Creeps take over a familys Nest. Ben Yelin from UMD CHHS with a 4th amendment personal privacy case out of Alaska. Guest is Kathleen Smith from CybersecJobs.com and ClearedJobs.net on the...
Emergency Directive 19-01 versus DNS hijacking. 2019 US National Intelligence Strategy on cyber. France says cyber war is upon us. Courts in UK have email trouble. Hacks and lulz.
In todays podcast, we hear that Emergency Directive 19-01 has told US Federal civilian agencies to take steps to stop an ongoing DNS-hijacking campaign. The US National Intelligence Strategy is out, and it prominently features cyber as a topical mission objective. France says that war has begun in cyberspace, and that the enemy should be engarde. British barristers scramble to restore secure email. A metals firm sustains an attack on business systems. And some clown cuts Australian telecoms cables.Justin Harvey from Accenture on blocking incoming threats. Guest is Tom Huckle from Crucial on closing the skills gap. For links to...
Ex-employee backdoor. Stealthy DDoS. Anubis dropper looks for motion. Influence operations. Privacy actions. The curious case of the espionage arrest in Russia.
In todays podcast, we hear that the WordPress Multilingual Plugin was compromised by a disgruntled ex-employee. Stealthy DDoS might escape notice. Anubis droppers wait for the phone to move before executing. EU works against influence in its May elections. France fines Google for lack of transparency under GDPR. Facebook may face FTC action. And more emerges on the curious case of the American/Canadian/Irish/British citizen arrested in Moscow for spying.Johannes Ullrich from SANS and the ISCStormcastpodcast on gift card scams. Carole Theriault speaks with guestMariaVarmazisaboutFortnitevulnerabilities. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_22.html Support...
Luring IoT botnets to the honeypot. [Research Saturday]
Researchers from Netscout's ASERT team have been making use of honeypots to gather information on rapidly evolving IoT botnets that take advantage of default usernames and passwords to gain access and take control of unprotected devices.
Matt Bing is a security research analyst with Netscout, and he guides us through their findings.
The original research can be found here:
https://asert.arbornetworks.com/dipping-into-the-honeypot/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Collection #1 and the threat of credential stuffing. Cryptojacker disables some cloud security tools. Dont chat with strange bots. Facbebook shutters more Russian coordinated inauthenticity.
In todays podcast we hear that Collection #1 is big but not the end-of-the-world. Still, be on the lookout for credential stuffing attacks. Rockecryptojackercan disable some cloud security services. Beware of Telegram bots. Facebook shuts down a few hundred inauthentic Russian pages, and Sputnik shows up as either a free-speech paladin or another troll farmtake your pick. Epic Games closes a vulnerability that exposed data ofFortniteplayers.Malek Ben Salem from Accenture Labs on power grid vulnerabilities to botnets. Guest is former U.S. Secretary of Homeland Security Michael Chertoff discussing his book Exploding Data. For links to all of today's stories check...
Cyber espionage vs. the RoK MoD. Fancy Bears old Lojax tricks. US rumored to be prepping another case against Huawei. Database exposure in Oklahoma. Yes Men prank Post.
In todays podcast, we hear that South Koreas Defense Ministry has disclosed a cyber espionage incident. Fancy Bear sticks to its old tricks withLojax. The US Justice Department is rumored not to be done with Huaweithis time an IP theft beef is believed to be coming. A big database exposure case in Oklahoma. And an update on yesterday's bogus Washington Post edition: it was a prank by the Yes Men.Mike Benjamin from Century Link with an update on theMylobotbotnet. Guest is Angie White fromIovationon PSD2, the payment services directiveupdate. For links to all of today's stories check our our CyberWire...
SEC, DoJ, issue civil and criminal complaints against EDGAR hackers. Lazarus Group in Chile? Irans Ashiyane Forum. Cryptomix ransomware. Money laundering through Fortnite. Fake WaPo edition.
In todays podcast, we hear that the SEC and the Department of Justice are going after EDGAR hackers for securities fraud. Flashpoint sees the Lazarus Group in an attack on ChilesRedbanc. Recorded Future shares notes on IransAshiyaneForum.Crytpomixransomware is being distributed by fraudulent charitable appeals. Organized gangs are usingFortnitein-game currency for money laundering. A slickly done bogus edition of the Washington Post was being handed out in DC this morning.Ben Yelin from UMD CHHS on a recent ruling regarding 5th amendment protections for biometrics. Guest is Kevin OBrien fromGreatHornon techniques to improve email security. For links to all of today's stories...
Web hosts fix account takeover issues. Passenger Name Record exposure proof-of-concept. Swatting isnt funny. Chinese manufacturers and suspicions of espinonage.
In todays podcast, we hear that a bug hunter has found and responsibly disclosed issues in web hosts. Compromising Passenger Name Records in airline reservations. Business email compromise seems on the rise, and its also growing a bit more interactive. A Facebook executive is swatted, and absolutely nobody should dismiss this sort of thing as a joke. China would like everyone to stop saying bad stuff about Huawei, but the Polish government seems unconvinced that theres nothing to see here.Rick Howard from Palo Alto Networks, revisiting the notion of a cyber moon shot. Carole Theriault reports on a hack of...
Polish espionage case. Ryuk tactics, and some thoughts on its attribution. Access-control system zero-days. Lawsuit may bring clarity to cyber insurance war exclusion clauses.
In todays podcast, we hear that Huawei has fired the sales manager arrested for espionage in Poland, and says that if he was spying, he was freelancing.Ryukransomware now looks more like a criminal than a state-sponsored operation. And its big-game hunting has pulled in almost four million dollars since August. Access control system zero-days found. And a lawsuit is likely to set some precedents concerning what counts as cyberwar.Joe Carrigan from JHU ISI on updated NIST password guidelines. Guest is Vijaya Kaza from Lookout on the shifting role of privacy ininfosec. For links to all of today's stories check our...
Researchers at RiskIQ have been tracking a series of web-based credit card skimmers known as Magecart. We take a closer look at attacks on Ticketmaster, British Airways, NewEgg and Shopper Approved payment card pages.
Yonathan Klijnsma is lead of threat research at RiskIQ, and he guides us through what they've learned.
Links to RiskIQ research:
https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/
https://www.riskiq.com/blog/labs/magecart-british-airways-breach/
https://www.riskiq.com/blog/labs/magecart-newegg/
https://www.riskiq.com/blog/labs/magecart-shopper-approved/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Iran linked to DNS hijacking campaign. Smart doorbells not smart enough about security. Fuze cards are convenient for crooks, too. Huawei espionage arrest in Poland. Russian sympathy for NSA.
In todays podcast, we hear that FireEye has called out Iran with moderate confidence for a long-running DNS-hijacking campaign. Smart doorbells may not be smart enough for their users comfort, if reports of video sharing are to be credited. Crooks are findingFuzecards as handy as good-guy consumers do. Poland makes two arrests in an espionage case linked to Huawei. And the Russian media are happy to offer sympathy to NSA for some alleged security lapses at Fort Meade.Craig Williams from CiscoTaloswith details on Persian Stalker targeting secure messaging apps. Guest is Rajiv Dholakia fromNokNokLabs on the security pros and cons...
TA505s new tools. ISIS turns to emerging chat apps. Reddit asks for password resets. The EUs right to be forgotten gets some court-imposed limits. The tweets Kaspersky flagged to NSA.
In todays podcast, we hear that Proofpoint researchers are tracking the latest developments from the unusually diligent cyber criminalsfoTA505. ISIS turns to newer, less closely monitored and moderated apps as its pushed out of larger social networks. Reddit asks users to reset their passwords, and to make them good ones. Google seems to have made strides against expansive interpretation of the EUs right to be forgotten. And the curious tweets of @HAL999999999.Jonathan Katz from UMD on updatedWiFisecurity. Guest is AmeeshDivatiafrom Baffle on the growing frustration with how companies handle our private information. For links to all of today's stories check...
ICEPick-3PC in the wild. Influence ops warning in Israel. Hackerangriff and a lone hacktivist. OXO and Magecart. The Dark Overlord wants you. Oversharing. Internet autarky. Kaspersky helped NSA?
In todays podcast, we hear that ICEPick-3PC is out in the wild and scooping up Android IP addresses. Shin Bet warns of influence operations threatening Israels April electionmuch predictable yelling and finger-pointing ensues. German authorities are pretty convincedHackerangriffis the work of a lone, disgruntled student. OXO may have suffered aMagecartinfestation. Dark Overlords labor market play. Facebook sharing. Internet autarky. And did Kaspersky finger an NSA contractor to NSA for mishandling secrets?Dr. Charles Clancy from VA Tech on security gaps in the 5G specification. Guest is Denis Cosgrove from Booz Allen Hamilton on the growing connectivity and autonomy in motor vehicles....
German police have a suspect in #hackerangriff. Cyber espionage awareness campaign. Cyber cold war in the offing? US political operators learn from Russian trolls. WikiLeaks on the record.
In todays podcast, an arrest has been made in #hackerangriff: a student in the German state of Hessen. The US begins a campaign to heighten businesses awareness of cyber espionage. Observers see a coming cyber cold war, with China on one side anda large number ofother countries on the other. Facebook is following a widening investigation into the use of inauthentic accounts, ads, and sites in recent US elections. WikiLeaks lawyers tell news media to stop defaming the organization and its founder.Emily Wilson from Terbium Labs on the nine lives of a credit card. Guest is Robb Reck from Ping...
German doxing incident remains under investigation. Marriott breach update. Dark Overlord watch. Can cryptocurrency become less burdensome in terms of energy consumption?
In todays podcast, we hear that investigation into the doxing campaign German political leaders suffered continues, and the Interior Minister promises a transparent inquiry. Attribution remains unsettled, but a lot of people are looking toward Russia. Marriott thinks fewer guests were affected by its Starwood breach than initially feared. Online gamers affected by breaches. The Dark Overlord continues to make a pest of itself. And can alt-coin production become less of an energy hog?AwaisRashid from Bristol University on securing large-scale infrastructure. Guests are Karen Waltermire and Harry Perper from NIST, discussing the NIST National Cybersecurity Center of Excellence (NCCoE). For...
NOKKI, Reaper and DOGCALL target Russians and Cambodians. [Research Saturday]
Researchers from Unit 42 at Palo Alto Networks have discovered an interesting relationship between the NOKKI and DOGCALL malware families, as well as a new RAT being used to deploy the malware.
Jen Miller-Osborn is Deputy Director of Threat Intelligence with Unit 42, and she joins us to share their findings.
The original research can be found here:
https://unit42.paloaltonetworks.com/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Doxing in Germany. How Lojax works. Spyware found in apps downloaded from Google Play. ISIS hijacks dormant Twitter accounts. Update on Moscow spy case. Chromecast hacking endgame.
In todays podcast, we hear that German politicians, celebrities, and journalists have been doxed by parties unknown. ESET describes the workings of Lojax malware. Google ejects spyware-infested apps from the Play Store. ISIS returns online to inspire, via some hijacked dormant Twitter accounts. Updates on the arrest of a dual US-UK citizen on spying charges in Moscow. And some PewDiePiefollowerssort of say theyre sorry for hacking Chromecasts. Sort of.Justin Harvey from Accenture with his outlook toward 2019. Guest is Ken Modeste from UL (Underwriters Laboratories) on their evolution as a safety certification organization. For links to all of today's stories...
2019s first noteworthy breach. Update on the Tribune Publishing hack. reCAPTCHA defeated in proof-of-concept. Dark Overlord should avail itself of the right to remain silent.
In todays podcast, we hear that prize for first big breach of 2019 goes to Australia, but the year is young.Ryukartisanal malware implicated in newspaper print-plant hacks.reCAPTCHAgetscaptchud, again. The Dark Overlord teases some pretty dull stuff, a step ahead of the law andPastebincontent moderators. PewDiePie followers continue to pester Internet users. And theres a new play about Reality Winner, the alleged NSA leaker.Johannes Ullrich from SANS and the ISCStormcastpodcast on cold boot attacks on laptops. Guest is Sarah Squire from Ping Identity with results from a survey on consumer response to breaches. For links to all of today's stories check...
Stop the pressesthe presses were stopped by ransomware. Video security system found vulnerable to oversharing. Changes in US DoD leadership. An arrest in Moscow, a court ruling in Baltimore.
In todays podcast, we hear that US newspapers sustained a major cyberattackpossibly ransomwareover the weekend that disrupted printing. The attack is said to have originated overseas, but attribution so far is preliminary, murky, and circumstantial. Home security video system is found to have hard-coded credentials. Changes in US Defense leadership. An American is arrested inMosowon espionage charges. And alleged NSA leaker Hal Martin wins one and loses two in court.Ben Yelin from UMD CHHS on whether remotely wiping a mobile device could be considered destruction of evidence. Guest is Steve Durbin from the ISF on using a human-centered approach to...
Apple Device Enrollment Program vulnerabilities explored. [Research Saturday]
Researchers at Duo Security have been looking into Apple's Device Enrollment Program (DEM) and have discovered vulnerabilities that could expose users of the service to potential issues from social engineering and rogue devices.
James Barclay is Senior R&D Engineer at Duo Security, and he joins us to share what they've found.
The original research can be found here:
https://duo.com/blog/weak-apple-dep-authentication-leaves-enterprises-vulnerable-to-social-engineering-attacks-and-rogue-devices
Learn more about your ad choices. Visit megaphone.fm/adchoices
Operation Cloudhopper and industrial espionage. Anonymous social network Blind server left exposed. Reputation jacking. Alexa shares too much, by accident. Hitman scam is back.
In todays podcast, we hear that the Five Eyes have had quite enough of Stone PandasCloudhopping, thank you very much, and they want Beijing to put a stop to it. Beijing says its all slander, and that the Yankees are probably just as bad. Blind turns out not to be as blind as its users thought. Reputation jacking comes to business email compromise. Alexa complies withGDPR, butgoes a little overboard. And no, a hitman has not been hired to get you, no matter what that email says.Joe Carrigan from JHU ISI on hackers bypassingGMailtwo-factor authentication. Guest is Brian McCullough, host...
Risk and regulation in the financial sector. [CyberWire-X]
In the third episode of our four-part series, calledGround Truth or Consequences: the challenges and opportunities of regulation in cyberspace, we take atrisk and regulation in the financial sector, specifically how it intersects with cyber security. How do organizations operate in a heavily regulated global financial environment, while protecting their employees, their customers, and the integrity of a system largely built on trust? Joining us are Valerie Abend from Accenture and Josh Magri from the Bank Policy Institute. Later in the program we'll hear fromJason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show. Learn...
US indicts two Stone Panda operators amid ongoing international concern over Chinese IP theft. Suspicious customer support traffic on Twitter. Emergency IE patch. Influence experiment.
In todays podcast, we hear that the US has indicted two hackers working for Chinas Ministry of State Security. US and allies are said to be planning a joint response to Chinas industrial espionage. Twitter sees suspicious customer support traffic. Microsoft issues an emergency patch for Internet Explorer. Facebook continues to struggle with transparency. New Knowledge CEO acknowledges a questionable experiment in social media manipulation. And, flash: Russian embassy hack was brutal.Rick Howard from Palo Alto Networks with some holiday reading suggestions. Guest is Sarah Tennant from the Michigan Economic Development Corporation describing new cyber security initiatives at Michigan universities....
Suspicion of Chinese hardware manufacturers continues. EU diplomatic cables leaked. Hiding out by dumbing down. Facebook data-sharing. NASA PII exposed. Parrot uses Alexa to advantage.
In todays podcast we hear of more international skittishness about Chinese hardware manufacturers. Information operations in Taiwans elections. EU diplomatic cables hacked,rehacked, and published. Dumbing down cyber craft as a form of misdirection. More Facebook data-sharing practices come under scrutiny. NASA PII exposed; investigation continues. And did you hear the one about the parrot, Alexa, Amazon orders, and sappy dance tunes?Jonathan Katz from UMD describing security improvements in the Signal messaging app. Guest Michael Doran from Optiv with tips on protecting your organization from ransomware. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_19.html...
Shamoon 3 and Charming Kitten. Czech CERT issues warning concerning Huawei, ZTE. Influence ops and a Facebook boycott. PewDiePies followers versus the Wall Street Journal.
In todays podcast, we hear thatShamoon3 and the renewed activity of Charming Kitty strike observers as the long-expected Iranian cyber retaliation forreimpositionof sanctions. The Czech CERT says Huawei and ZTE both represent a threat. Huawei insists it didnt donuthin. Facebook faces a boycott in the wake of Senate commissioned reports on Russian trolling. And PewDiePies followers deface a Wall Street Journal page.Craig Williams from CiscoTaloswith a look back at 2018. CaroleThieriaultspeaks with Rapid7's Tod Beardsley about their Industry Cyber Exposure report.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Huawei and the Five Eyes. Report on Russian trolling finds fluency in American. Boomstortion scammers turn to new threats. PewDiePie followers hack printers, again.
In todays podcast, we hear that the Five Eyes agreed to contain Huaweis potential for espionage. Huawei and ZTE both continue their charm offensive to convince international customers its safe to use their gear. Senate commissioned report on Russian influence operations finds the St. Petersburg troll farmers fluent in American trolling.Boomstortionscammers now threaten acid attacks. PewDiePie followersagainhack printers, but this time they say its for the public good.Justin Harvey from Accenture on M&A targets and resilience. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_17.html Support our show Learn more about your ad choices....
The Sony hack and the perils of attribution. [Research Saturday]
Researchers at Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that occurred while the facts were still unfolding with what we know, today. There are interesting lessons to be learned, especially when it comes to attribution.
Brian Martin is V.P. of vulnerability intelligence at Risk Based Security, and he shares their findings.
The research can be found here:
https://www.riskbasedsecurity.com/2018/09/you-didnt-think-the-sony-saga-was-over-did-you/
Learn more about your ad choices. Visit megaphone.fm/adchoices
False flags and real flags. ISIS claims the Strasbourg killer as one of its soldiers. A bogus bomb threat circulates by email.
In todays podcast, we hear about false flag cyberattacks that mimic state actors, especially Chinese state actors. Chinese intelligence services are prospecting US Navy contractors. Russias Fancy Bear continues its worldwide phishing campaign. ISIS claims the career criminal responsible for the Strasbourg Christmas market killings as one of its soldiers. And a bogus bomb threat is being circulated by emailcall the technique boomstortion.Malek Ben Salem from Accenture Labs on smart speaker vulnerabilities. Guest is Laura Noren from Obsidian Security on data science ethics. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_14.html Support our...
Shamoon variant implicated in Saipem hack. Charming Kitten reappears. Sino-American tension over trade and industrial espionage.
In todays podcast we hear that the Saipem hack looks like a newShamoonvariant. Charming Kitten started prowling through relevant places after the Iran sanctions became more serious. US authorities denounce Chinese espionage, especially industrial espionage, but there areas yetno new indictments or sanctions. Concerns mount over Chinese influence operations. Another Canadian may be in Chinese custodypossibly in retaliation for the detention of Huaweis CFO.Ben Yelin from UMD CHHS on how password policies align with the 5th amendment. Guest is Liz Rice from Aqua Security on the notion of security teams shifting left. For links to all of today's stories check...
Operation Sharpshooter. Meng makes bail. Sino-American cyber tensions. Leadership crises in the UK and France. Congress doesnt lay a glove on Google. 2018s bad password practices.
In todays podcast, we hear some of McAfees description of Operation Sharpshooter, an ambitious cyber reconnaissance campaign. Huaweis CFO Meng makes bail in Vancouver, and China reacts sharply to the arrest. The US is said to be preparing sanctions and indictments in response to various Chinese hacking activities. A no-confidence vote is called in the UK. In France, President Macron makes concessions to the Yellow Vests. Google skates through its interrogation by Congress. And bad passwords get rated.Johannes Ullrich from SANs and the ISCStormcastPodcast with holiday tips on securing new devices. Guest is AliGolshanfromStackRoxon the shift toward DevOps. For links...
Audit finds no Chinese spy chips on motherboards. Huawei CFO hearings continue in Vancouver. Oilfield services firms servers attacked. Spyware and adware. Congressional hearings, reports.
Audit finds no Chinese spy chips on Supermicro motherboards. Huawei CFO Mengs hearing continues. Oil services firms servers attacked.Seedwormshows some new tricks. Secure instant messaging apps may be less secure than hoped. A new adware strain reported. Mr. Pichai goes to Washington, and UnclePennybagsputs in an appearance. The US House Oversight and Government Reform Committee reports on the Equifax breach.Prof.AwaisRashid from Bristol University on risk management in a data-intensive world. Guest is Barry Hensley fromSecureworkson supply chain risks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_11.html Support our show Learn more about your...
A bail hearing in Vancouver. The prospect of indictments in IP theft cases. Kubernetes vulnerabilities. Russia and Ukraine swap hacks? An advance fee scam asks for help getting out of jail.
In todays podcast, we hear that Huaweis CFO awaits her immediate fate in a Vancouver detention facility, where she faces possible extradition to the US on a sanctions-violation beef. Huawei itself receives hostile scrutiny from the Five Eyes, the EU, and Japan. US indictments are expected soon in other IP theft cases involving China. Upgrade Kubernetes. Russia and Ukraine swap cyberattacks in their ongoing hybrid war. An advance fee scam promises not only money, but maybe love, too.Emily Wilson from Terbium labs, on why she feels the Lesbians Who Tech conference gets diversity right. For links to all of today's...
Operation Red Signature targets South Korean supply chain. [Research Saturday]
Researchers at Trend Micro uncovered a supply chain attack targeting organizations in South Korea. With the goal of information theft, attackers compromised the update server of a third party support provider, resulting in the installation of a RAT, or remote access trojan.
Rik Ferguson is Vice President of Security Research at Trend Micro, and he guides us through their discoveries.
The research can be found here:
https://blog.trendmicro.com/trendlabs-security-intelligence/supply-chain-attack-operation-red-signature-targets-south-korean-organizations/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Huawei legal and security updates. A shift to personalized spam in attacks on retailers. Hollywood hacks in Eastern European banks.
In todays podcast we hear that Huaweis CFO remains in Canadian custody, perhaps facing extradition to the US. All Five Eyes have now expressed strong reservations about Huawei on security grounds. Theyve been joined in this by Japan and the European Union. Proofpoint sees a shift in cybercrime toward more carefully targeted and thoughtful social engineering. Kaspersky describes DarkVishnaya, a criminal campaign using surreptitiously planted hardware to loot Eastern European banks.Justin Harvey from Accenture discussing what should be in your incident response go bag. Guest is New York Times national security correspondent David E. Sanger, discussing his latest book The...
Huawei CFO arrested in Canada, faces extradition to US. Anonymous claims that Chinese intelligence hacked Marriott. Russian hospital phished. SamSam indictments, warnings. Facebook agonistes.
In todays podcast, we hear that Huaweis CFO was arrested in Vancouver on a US sanctions beef. Anonymous sources tell Reuters Chinese intelligence was behind the Marriott hack. A Flash zero-day is used in an attack against a Russian hospital.SamSamwarnings and new US indictments. In the UK, Parliament releases internal Facebook emails that suggest discreditable data-use practices. Facebook says the emails are being taken out of context. And DDoS downs Illinois homework.Dr. Charles Clancy from VA Techs Hume Center on the ban of specific 5G hardware around the world. Guest is Tom Bonner from Cylance on theSpyRATsof Ocean Lotus. For...
DDoS and BEC risks rising. Ukraine says it stopped Russian cyber campaign. EU looks to stopping disinformation. NRCC email compromise. Facebook emails released by Parliament.
In todays podcast, we hear thatCoAp-based DDoS attacks are on the rise. A Nigerian gang has done some industrial-scale work on business email compromise. Ukraine says it stopped a major Russiancyber attack. The EU looks toward its May elections and determines to do something about disinformation. The US National Republican Congressional Committee sustains an email compromise.Attribtutionof a phishing expedition to Cozy Bear grows dubious. And Westminster doxes Facebook.Joe Carrigan from JHU ISI explaining the National Centers for Academic Excellence. Carole Theriault interviews SANS JamesLyneexplains the Cyber Discovery program which aims bolster the security workforce. For links to all of today's...
Fancy Bear in Czech government systems. Watering hole attacks. Quora breached. Marriott breach follow-up. Kubernetes privilege escalation flaw. Scams kicked out of Apples App Store.
In todays podcast we hear how Fancy Bears and free-rangecatphishhave been disporting themselves in the Czech Republic. China reported to have used watering hole attacks to gain entry into Australian institutions. Quora suffers a data breach. Marriotts breach response earns mediocre marks. A Kubernetes privilege escalation flaw is found and patched. Twoscammyapps are ejected from Apples App Store. An object lesson in the difficulty of controlling fake newsor at least fake op-eds.Jonathan Katz from UMD on SSD drive encryption security woes. Guest is BrianEgenriederfromSyncDogon the challenges of commingling work and personal mobile devices. For links to all of today's stories...
US Defense Department and UKs MI6 arent buying Russian honey over cyber operations. Iranian influence operations. Marriott breach fallout. Court upholds Kaspersky ban. Ransom and sanctions.
In todays podcast, we hear that senior US and UK officials have harsh words for Russian actions in cyberspace even as President Putin undertakes a charm offensive at the G20 meetings. (In fairness to the US and UK officials, its a pretty dour charm offensive.) Iran ups its influence operations game. Legal investigations and legislative responses to the Marriott breach begin. A US Court upholds the Governments ban on Kaspersky products. And paying ransom to cyber extortionists could violate US sanctions.Daniel Prince from Lancaster University discussing growth, innovation and productivity within cyber security. For links to all of today's stories...
Settling in with GDPR. [CyberWire-X]
In the second episode of our new, four-part series, calledGround Truth or Consequences: the challenges and opportunities of regulation in cyberspace, we take a look at the impact GDPR has had since it's implementation in May 2018.
Joining us are Emily Mossburg from Deloitte, Caleb Barlow from IBM and Steve Durbin from ISF.
Later in the program we'll hear fromJason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Getting an education on Cobalt Dickens. [Research Saturday]
Researchers from Secureworks' Counter Threat Unit have been tracking a threat group spoofing login pages for universities. Evidence suggests the Iranian group Cobalt Dickens is likely responsible.
Allison Wikoff is a senior researcher at Secureworks, and she joins us to share what they've found.
The original research is here:
https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities
Learn more about your ad choices. Visit megaphone.fm/adchoices
Marriott suffers data breach. Dunkin Donuts credential stuffing attack. Urban Massage database exposed, unsecured. Fancy Bear paws at German government targets. SamSam cost.
In todays podcast we hear about Marriotts big breach. And Dunkin Donuts big breach. And, and, Urban Massages embarrassing exposure. Lessons are drawn about third-party risk, password reuse, and the importance of being less creepy to the people you do business with. Fancy Bear shows up to paw at the phish swimming in Germanys government. And how much did SamSam really cost people? FBI?DoJ? Is it millions or billions? In either case youre talking about real money.Robert M. Lee from Dragos discussing the notion of IoT hot water heaters taking down the power grid. Guest is Michelle Guel from Cisco,...
Reconnaissance and degradation. Hybrid war in Eastern Europe and Southwest Asia. Eternal Silence infects unpatched systems. Dell customers reset passwords. SamSam indictments.
In todays podcast, we hear warnings of Russian recon degradation of the North American power grid. Information operations in Russias hybrid war against Ukraine. Factions in Yemens civil war contest cyberspace (and fiber optic cables). Eternal Silence exploits systems not patched againstEternalBlueandEternalRed. Dell tells its customers to reset their passwords. And the US indicts two Iranians for deploying theSamSamransomware.Emily Wilson from Terbium labs with unintended consequences of GDPR. Guest is FrancisDinha, founder and CEO of OpenVPN, discussing the VPN landscape. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_29.html Support our show Learn more...
DNSpionage. Cobalt Dickens unwelcome return. iOS spyware may be more widespread than believed. Governments move toward content moderation. Small towns, big problems.
In todays podcast, we hear thatDNSpionageespionage tools are hitting Middle Eastern targets. Irans Cobalt Dickens returns to pester universities. Lawful intercept vendors receive more scrutiny, and that scrutiny suggests iOS might not have escaped their attention as much as many had assumed. Facebook gets grilled in London. Nine Western countries issue a joint communique resolving to control false and misleading content on the Internet. And lessons from small towns.Ben Yelin from UMD CHHS reviewing government requests of Googles Nest to turn over user information. UK correspondent Carole Theriault speaks with GrahamCluleyabout police monitoring criminals using theIronchatsecure messaging service. For links...
Rotexy Trojan gets worse. Bad apps in Google Play. Backdoor for crypto-wallets. Facebook goes before Parliament. Pegasus spyware versus journalists. Russian hybrid war. Too-smart devices.
In todays podcast we hear that theRotexyTrojan has evolved into phishing and ransomware. Bad apps found in Google Play. An open source library used in cryptocurrency wallets had a wide-open backdoor. Facebook goes before Parliament, which seems in a pretty feisty mood. Pegasus spyware found to have been deployed against journalists in Mexico and elsewhere. Russia escalates its hybrid war against Ukraine. Do people care if their smart speakers eavesdrop? How about their smart lightbulbs?Johannes Ullrich from SANs and the ISCStormcastpodcast on DNS over HTTPS and network visibility. Guest is ShaunBierweilerfrom Hortonworks on the use of open source software in...
A quick look at the state of spam. Phishing for power grids. Industrial espionage. Free and command economy versions of social control. Lessons from JTF Ares.
In todays podcast we hear thatEmotetramped up for Black Fridaybeware of the spam. Social engineering and the power grid. Industrial espionage resurfaces as an issue in Sino-American relations. Huawei remains unforgiven in Washington. Chinas emerging social credit system. Bottom-up social control in the US: first they came for the dogwalkers. Making a Dutch book on social media. Russia tightens Internet laws. The US Army learns some lessons, in a good way, from Joint Task Force Ares.Joe Carrigan from JHU ISI, wondering if we have a cyber skills gap or a shortage of courage. For links to all of today's stories...
Perils of paycards, as Cyber Weekend approacheth. Tessa88 is identified. Many more people than before have now heard of High Tail Hall.
In todays podcast, we hear that Amazon has offered customers a modified, limited hangout onsome kind of dataexposure. The online retailer says everythings OK, but it hasnt said much else. Facebook is back onlineyesterdays outage attributed to a server misconfiguration. Shoppers and retailers prepare for Cyber Weekend. Tessa88, the dark web data hawker, may have been identified. Cyber espionage continues. And theres been another breach in what weve curiously agreed to call an adult site.David Dufour from Webroot on the pros and cons of open source code. Guest is Andrew Kling from Schneider Electric with an update on Triton malware....
Nation-state cyber campaigns: North Korean, Iranian, Russian, and unknown. Social media outages.
In todays podcast, we hear about nations behaving badly (but from the point-of-view of cyberespionage theyre doing, unfortunately, well). The Lazarus Group is back robbing banks in Asia and Latin America. Russias Hades Group, known for Olympic Destroyer, is back, too.Gamaredonand Cozy Bear have returned, respectively pestering Ukraine and the US. IransOilRigis upping its game with just-in-time maliciousphishbait. And its not you: Facebook has been down.Malek Ben Salem from Accenture Labs on skills squatting with Amazons Alexa. Guest is RonnieTokazowskifrom Flashpoint on his work with the business email compromise working group.
Learn more about your ad choices. Visit megaphone.fm/adchoices
CISA is now officially an agency. Cozy Bear is back. Gmail spoofing issue opens social engineering possibilities. Speculation about cyber 9/11s.
In todays podcast, we hear that CISA is now an agency within DHS. Cozy Bear is back, andspearphishingin American civilian waters. Ukrainian authorities say theyve detected and blocked a malware campaign that appears targeted against former Soviet Republics. A reported Gmail issue may make for more plausible social engineering. The Outlaw criminal group expands intocryptojacking. Infrastructure, financial, and data corruption attacks discussed as possible cyber 9/11s.Rick Howard from Palo Alto Networks with a book recommendation from the Cybersecurity Canon project. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_19.html Support our show Learn more...
Doubling down on Cobalt Group activity. [Research Saturday]
TheNETSCOUT Arbor ASERT team has been tracking Cobalt Group campaigns targeting financial institutions. Richard Hummel is manager of threat intelligence with ASERT, and he joins us to share his team's findings.
The research can be found here:
https://asert.arbornetworks.com/double-the-infection-double-the-fun/
Learn more about your ad choices. Visit megaphone.fm/adchoices
GPS jamming. Bank phishing. Exposed server. Censorship, East, West, and South. Is there a sealed indictment of Julian Assange?
In todays podcast, we ask a question: when does a military exercise become hybrid warfare? Answer: when it affects civilian safety. Like with GPS jamming. Russian banks are sustaining a major, and well-crafted, phishing campaign. An unprotected server exposes SMS messages. China tightens laws enabling censorship and social control. It also helps Venezuela to do likewise. And did the US indict Julian Assange, or is it just a cut-and-paste error?Craig Williams from CiscoTaloswith info on the sextortion scams theyve been tracking. Guest is Christopher Porter from FireEye on threats in the aviation sector. For links to all of today's stories...
RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it cant be sued.
In todays podcast, we hear that tRAT indicates a criminal shift to a longer game. Chinese industrial espionage copies Russian services tricks. Dharma ransomware evolves. Bitcoins price may be tanking, but Bitcoin-based advance-fee scams are still all over Twitter, with bogus big brands blue checks all over them. Nigeria plans to go after cyber gangs. Fancy Bear says it cant be sued, even if it did anything. And why a password manager is better than an infernal machine.Jonathan Katz from UMD describing a side channel attack on mobile device encryption. Guest is Mike McKee fromObserveITon nation state attacks. For links...
When BGP hijacking isnt hijacking at all. The White Companys Operation Shaheen. SWAuTistic pleads guilty. NPPD will become CISA.
In todays podcast, we hear that Mondays BGP hijacking wasnt hijacking at all, but rather a fumbled upgrade in an ISP. The White Companys OperationShaheenis a nation-state espionage campaign directed against Pakistans military. Sleazy gamer and hackerSWAuTisticpleadsguilty to Wichita swatting charges, and to bomb threats just about everywhere else. And the NPPD will soon become CISA, and the lead US civilian cybersecurity agency.Emily Wilson from Terbium Labs on their recent Truth About Dark Web Pricing white paper. Guest is Gregory Garrett from BDO on their telecommunications risk report. For links to all of today's stories check our our CyberWire daily...
GPS jamming. Jihadist account hijacking. ISIS on Wickr? Magecart exposed. Cathay Pacific breach. Paris Call for Trust and Security in Cyberspace.
In todays podcast, we hear that Finland isinvestigating GPSsignal jamming during NATO exercises. Russias the usual suspect, as usual Russia feels picked on and ill-used. Jihadists seem to be feeling the effects of social mediascreening, andmay turn to account hijacking. Indian intelligence services look at ISIS use ofWickr. A look atMagecart. Cathay Pacifics breach now believed to be worse than originally thought. The Paris Call for Trust and Security in Cyberspace expresses eight aspirations.Joe Carrigan from JHU ISI with a report on the NICE conference, and a presentation on including psychologists in cyber security decision making. Guest is RichBolstridgefrom Akamai...
Regulation in the U.S. [CyberWire-X}
In this premier episode of our new, four-part series, calledGround Truth or Consequences: the challenges and opportunities of regulation in cyberspace, we take a closer look at cyber security regulation in the U.S.
Joining us areDr. Christopher Pierson from BlackCloak and Randy Sabett from Cooley LLC.
Later in the program we'll hear fromJason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Establishing international norms in cyberspace. [Research Saturday]
Joseph Nye is former dean of the Harvard Kennedy School of Government. He served as Chair of the National Intelligence Council, and as Assistant Secretary of Defense for International Security Affairs under President Clinton. He serves as a Commissioner for the Global Commission on Internet Governance, and is the author of over a dozen books, including, Soft Power: The means to success in work politics, and The future of power.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Critical infrastructure resiliency. Lazarus Groups FASTcash robberies. Chinas ongoing industrial espionage. Trolls aside, Russian observers think the US elections were A-OK.
In todays podcast we hear that Britains NCSC has warned, again, that the UK is likely to face a Category One cyberattack within the next few years. In the US, Government-industry-academic partnerships work toward making critical infrastructure more resilient to cyberattack. Pyongyangs Lazarus Group continues to rob ATMs using malware. US officials complain that China is in violation of 2015s agreement to avoid industrial espionage. Any Russian observers give the US a passing grade for fair midterm elections.AwaisRashid from Bristol University with thoughts on placing trust in blockchain systems. Guest is BruceSchneier, discussing his latest book, Click here to kill...
Post hack ergo propter hack: DHS calls Russian claims noisy garbage. Responsible and irresponsible disclosure. FCC wants an end to robocalls. USPS Informed Delivery abused. Post Canadawhoa.
In todays podcast, we hear that, while election hacking seems not have happened in the US this week, that hasnt stopped the IRA and its mouthpieces in Sputnik, RT, and elsewhere from loudly claiming it has. Election influence operations continue long after the election. VirtualBox zero-day disclosed to everyone. USCYBERCOM posts Lojack to VirusTotal. FCC vs. robocalls. US Postal Services Informed Delivery exploited. Canada Post slips to reveal cannabis customers.Dr. Charles Clancy from the Hume Center at VA Tech on in-car cell phone jammers. Guest is Ian Paterson fromPlurilockSecurity Solutions on behavioral biometrics. For links to all of today's stories...
A quick look back at the US midterms, and the cyber Pearl Harbor that wasnt. Update Apache Struts. Smishing with the Play Store. Another advance fee scam.
In todays podcast we take a quick look back at the US midterm elections, and at what did and didnt happen. Is Iran looking at waging cyber-enabled economic warfare? If you use Apache Struts, update now to avoid remote code execution. A spyware-delivering app is used tosmishSpanish-speaking users of the Play Store. And, once again, people really seem to think that Elon Musk will return them their Bitcoin donations tenfold. (Enough people to make crime pay, anyway.)Justin Harvey from Accenture on notification laws and incident response. Guest is Christian Lees fromInfoArmorwith thoughts on what theyre seeing trafficked on the dark...
Iran complains, threatens, and spies. Election Day cybersecurity notes.
In today's podcast, we hear that Iran has accused Israel of a second Stuxnet, claiming the attack was thwarted, and threatening retaliation. Nor is Tehran neglecting domestic surveillance of its own: Persian Stalker is involved with somepretty suspiciousgreyware. It's Election Day in the US, and officials are cautiously optimistic work to secure the voting will be successful. Concerns about information operations persist, and people continue to work to distinguish them from good-old-fashioned American confident chatter.Ben Yelin from UMD CHHS on the FBI using Google location data to nab crooks. Guest is VictorDanevichfrom Infoblox on the challenges on managing higher ed...
US midterm election cybersecurity updates. PortSmash side-channel proof-of-concept. Botnets compete to cryptojack Android devices. And will the GRU get its "R" back?
In today's podcast, we note that US midterm elections end tomorrow evening, with officials on high alert for election hacking. Russia sends poll watcher to the US to make sure democratic norms are observed. Side-channel attack proof-of-concept announced for CPUs, but risk seems relatively low. Botnets are fighting over Android devices forcryptojackingpower. And Russia's GU, nGRU? It looks like it's going to get its "R" back.Rick Howard from Palo Alto Networks with thoughts on DevOps and the future of orchestration. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_05.html Support our show Learn more...
Election protection. [Research Saturday]
Symantec technical director Vikram Thakur returns to share his team's look at threat groups APT 28 and APT 29, the influence they had on the 2016 election, and how the cyber security industry has responded in preparation for the 2018 midterms.
The original research can be found here:
https://www.symantec.com/blogs/election-security/election-hacking-faq
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyber Sitzkrieg. Waiting for the Bears to show up (and ready to set the Dogs on them). Facebook private messages for sale.
In today's podcast, we hear that people are asking if that lull in Chinese cyber operations was just a strategic pause. Huawei's on a charm offensive. People are seeing plenty of Russian trolling, but election hacking proper continues to be quiet. Another strategic pause? US Cyber Command is said to be ready to respond to any election cyberattacks swiftly and in kind. And if you want to hear what people think about 80s techno-pop, a dark web souk will sell you the relevant Facebook messages for just one thin dime apiece.Malek Ben Salem from Accenture Labs on blockchain use in...
Wi-Fi access point zero-day reported. US Cyber Command on the offensive. Transparency is tougher than it looks. GandCrab not paying out as muchgood. PIPEDA takes effect. Soulmate spyware.
In today's podcast, we hear that Bleeding Bit flaws leave Wi-Fi access points open to war drivers and other malefactors within a hundred meters of your equipment. US Cyber Command continues its attempts to dissuade foreign influence operations against midterm elections. Social networks have difficulty identifying who's buying ads. Canada's data privacy law takes effect today.GandCrabcrooks take a million-dollar bath. And if you go to Soulmates in Google Play, you're looking for love in all the wrong places.Johannes Ullrich from the ISCStormcastpodcast on hiding malware in benign files. Guest is Tara Combs from Alfresco on coming US cyber regulations. For...
Influence operations, and advice on recognizing them. Ransomware updates. US indicts Chinese nationals for industrial espionage. An object lesson from the US Geological Survey.
In today's podcast, we hear about influence operations in social media (again): Americans remain more vulnerable (because they lack a cultural experience of state propaganda) than Eastern Europeans. Rules of thumb for recognizing the good, the bad, and the bogus online. Kraken Cryptor is ablack marketleading ransomware strain.SamSamremains active. US indicts Chinese industrial spies. And what not to look at on your Government laptop.David Dufour from Webroot with thoughts on processor vulnerabilities. Guest is MariaRerecichfrom Consumer Reports on their product testing processes, and how theyve evolved to keep up with the times. For links to all of today's stories check...
This cybersecurity stuff is tougher than it looks, US state election officials learn. Saudi surveillance. Espionage in Iran. New attack varieties. Chinese hardware concerns. US sanctions chipmaker.
In today's podcast, we hear that installing cybersecurity tools to protect elections is tougher than it looks. Information operations continue to pose the most prominent foreign threat to US midterm elections, although there are concerns about voting machine security.Cointrackerlooks like a trader's tool with a side order of malware. Video embedded in Microsoft Word documents can carry malicious payloads through detection systems. Hardware worries and sanctions. Competing visions of norms in cyberspace.Robert M. Lee from Dragos with thoughts on the real-world threat of electromagnetic pulses. Guest is RahulKashyappfrom Awake Security on the skills shortage and the importance of mentorship. For...
Facebook takes down Iranian-run accounts. Criminal investigations look online. IBM to buy Red Hat. Satori is still with us. British Airways and Magecart.
Facebook takes down accounts linked to Iran for coordinated inauthenticity. Iranian information operations appear to be learning from the Russian approach: be divisive, be negative, and be opportunistic. Investigations of pipe-bombs and the Pittsburgh synagogue shooting look at the suspects' digital record. IBM announces its acquisition of Red Hat. The Satori botnet continues to evolve. British Airways andMagecart. Supply chain seeding, probably not; dragonnades, yes.Emily Wilson from Terbium Labs on data from the most recent Facebook breach showing up on the dark web. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_29.html Support our...
Faxploitation. [Research Saturday]
Researchers at security firm Check Point Software Technologies explored the possibility of exploiting old, complex fax protocols to gain access to modern multifunction office printers, and then pivot to connected networks.
Yaniv Balmas is head of security research at Check Point, and he joins us to share what he and his colleagueEyal Itkin discovered.
The research can be found here:
https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Airline breach bigger than thought. Securing Mexican financial institutions. Demonbot vs. Hadoop. New decryptor out for GandCrab ransomware. Civilian Cybersecurity Corps?
In today's podcast, we hear thatBritish Airways' breachhasgottenbigger. Mexico's financial institutions say they've contained the anomalies in interbank transfer systems. "Demonbot" is infesting poorly secured Hadoop servers. Google receives criticism for slow action against ad fraud. Bitdefender and Romanian police produce adecryptorforGandCrabransomware. Discussion of a "Civilian Cybersecurity Corps:" are white hats the radio hams of the Twenty-first Century?Daniel Prince from Lancaster University joins us to talk about quantum hardware primitives. And Britney Hommertzheim, director of information security at AMC Theaters, sits down with Dave to talk about building partnerships within your organization to strengthen securitys role. For links to all...
Influence operations, da. Direct hacking? Maybe nyet. Chalubo botnet borrows old tricks. Financial sector alert in Mexico. Airline breach disclosed. Lawsuits over privacy. ICS Security notes.
In today's podcast, we hear that the US Department of Homeland Security sees lower-than-expected rates of Russian election system probing even as Russian information operations continue. Sophos warns of the emergence of the Linux-based "Chalubo" botnet. Mexico's Central Bank raises its alert level. Cathay Pacific discloses a breach of passenger information. Privacy-related fines and lawsuits. And notes from the 2018 ICS Cyber Security Conference.Justin Harvey from Accenture joins us to talk about insourcing vs. outsourcing threat intelligence, and Tony Pepper from Egress Software Technologies shares his perspective on protecting unstructured data. For links to all of the stories mentioned in...
Trolling the trolls. Triton/Trisis attributed to Russia. Asset management in ICS. Threat intelligence drives threat evolution. Shadow web-apps. Apple likes GDPR, hates the Data-Industrial Complex.
In today's podcast, we hear thatUS Cyber Commandhas been reachingout to tell the trolls Uncle Sam cares. Industrial control system security suffers from poor asset management practices. FireEye looks at the Triton malware and says the Russians did it, but of course things are complicated. Are hostile intelligence servicehackerssuperheroes, salaryman nebbishes, or something in between? How threat intelligence drives threat evolution. The risk of shadow web-apps. Apple speaks on privacy.Ben Yelin from the University of Maryland Center for Health and Homeland Security talks with us about the EFF coming out against license plate sharing between retailers and law enforcement. Our...
Influence operations in Brazil and the US. Vulnerabilities disclosed in commonly used software. Healthcare.gov breach. Industrial control system cybersecurity.
In today's podcast we wonder WhatsApp with Brazil's runoff election? Hacktivism hits Davos-in-the-Desert. Kraken Cryptor ransomware gets an upgrade. Remote code execution vulnerabilities disclosed in two classes of systems. Healthcare.gov breach under investigation. More calls for retraction of the spy chip story. Cozy Bear calls for proper Internet governance. US on effects of influence ops. Notes on industrial control system cybersecurity, with an emphasis on attending to the obvious. We talk toAwais Rashid from Bristol University to get his thoughts on supply chain security, and we also hear from IJay Palansky from Armstrong Teasdale on IoT legal liability concerns. For...
Making the business case for privacy. [Special Edition]
In this cyberwire special edition, my guest is Ciscos Chief Privacy Officer Michelle Dennedy. We discuss what exactly a chief privacy officer does at a global organization like Cisco, why she thinks were in the early stages of a privacy revolution, why we all tend to shake our heads cynically when I company claims, Your privacy is important to us and how, maybe, respecting the privacy of your users and customers could be a competitive advantage.
This conversation continues on Michelle Dennedy's podcast, Privacy Sigma Riders.
https://www.cisco.com/c/en/us/about/trust-center/privacy-podcast.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.
In today's podcast we hear that the US has indicted a Russian accountant for conspiring to influence US midterm elections. Different nations have different styles of information operations because they have different goals. Technology shifts, but underlying principles of propaganda remain. The EU barks cyber deterrence but doesn't bite, yet. North Korea's pettycyber crimewave. A scammer is after alt-coin enthusiasts. And there's neither confirmation nor retraction of Bloomberg's spy-chip story.Joe Carrigan fromthe Johns Hopkins Information Security Institute joins us to discussnetwork segmentation.
For links to all of today's stories, visithttps://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_22.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Stormy weather in the Office 365 cloud. [Research Saturday]
Security firm Lastline recently took a close look at threats to the Office 365 cloud environment, taking advantage of the insights they gain protecting their clients.
Andy Norton is director of threat intelligence at Lastline, and he joins us to describe their findings.
The research can be found here:
https://www.lastline.com/blog/malspam-malscape-snapshot-malicious-activity-in-the-office-365-cloud/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Chinese supply-chain hack story gets vanishingly thin. Twitter downs pro-Saudi bots. SEO poisoning. OceanLotus evolves. Ransomware notes.
In today's podcast, we hear thatno one butBloomberg seems to retain much faith in Bloomberg's story about Chinese supply-chain seeding attacks. Twitter blocks bots retailing coordinated Saudi talking points about the disappearance of journalist Jamal Khashoggi. Latvia says it blocked attempts to interfere with its October elections. SEO poisoning exploits interest in key words associated with US midterms.OceanLotusshows some new trick. A Connecticut town pays ransom. Ransomware hoods take pity on a grieving father.We speak with our Johannes Ullrich from the SANS Institute who discusses DNSSEC root key rollover and Mike Horning from VirginiaTech, shares the results of a study...
Looks like Comment Crew, but probably isn't. Facebook breached by spammers. Twitter's big troll trove. Router issues. Who dunnit to YouTube?
In today's podcast, we hear that a campaign reuses some of the old Comment Crew code, but McAfee researchers think it's not the same old Crew. Facebook thinksitsbig breach was the work of spammers, not spies. Twitter releases a trove of trolling and invites researchers totake a look. Researchers disclose flaws in D-Link and Linksys routers. Ghost Squad says that they downed YouTube the other day, but who knows? And if YouTube goes down, please don't call 911.Dr. Charles Clancy from VA Techs Hume Center on cognitive electronic warfare. Guest is Mike Janke fromDataTribeon Marylands aspirations to be the nations...
Meddling with the midterms. [Special Editions]
Kim Zetter is longtime cybersecurity and national security reporter for the New York Times, and author of the book Countdown to Zero Day. She joins us to discuss her recent feature for the New York Times Magazine,titled The Crisis of Election Security. In it she explores the structure and fragile integrity of the US election system, how we got to where we are today, and what can be done to reestablish confidence in the system.
Link to Kim Zetter's feature The Crisis of Election Security:
https://www.nytimes.com/2018/09/26/magazine/election-security-crisis-midterms.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Two ways of hacking the vote. BlackEnergy is active in Poland and Ukraine. ISIS and info ops. Hurricane-stressed utility further stressed by ransomware. Silicon Valley governance.
In today's podcast, we hear about election security, and two ways of hacking the vote. DHS points out that the states are getting better about sharing election security information. ISIS sets the template for terrorist information operations.BlackEnergyis back, in Poland and Ukraine, with new, "GreyEnergy" malware. Diplomatic targets prospected in Central Asia. North Carolina, recovering from hurricane damage, also faces some ransomware. Silicon Valley governance receives scrutiny.Craig Williams from CISCOTaloson dealing with FUD. New York Times writer KimZetteron election security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_17.html Support our show Learn more...
Facebook in Myanmar. Supply chain seeding attack update. Election hacking. NCSC reports. EU prepares sanctions (Russia feels ill-used).
In today's podcast we hear about social networking for genocide in Myanmar: Facebook takes down the Army's inauthentic and inflammatory pages. The supply chain seeding attack from China remains dubious. Probes of US election infrastructure, and black market offers of voter databases, are reported. GCHQ sees cybercrime as a chronic threat, but state-sponsored cyber operations as an acute problem. EU prepares sanctions against a big country to the east. And farewell to Paul Allen, departed this life yesterday at the age of 65.Mike Benjamin from CenturyLink with an update on the Satori botnet. Guest is LarrySjelin, Director of Game Development...
Facebook breach details. Privacy issues and an image problem for advocates. Supply-chain-attack skepticism. Info ops, bikers, and deniable paramilitaries.
In today's podcast, we heat that Facebook has found that fewer users than feared were affected by its breach, but that in this case "fewer" still means "a lot"nearly thirty-millionof them. Do privacy advocates have an image problem? Supply chain seeding attack story draws more skeptical comment. A pipeline accident turns out not to have been a cyberattack. Estonia joins the UK and the Netherlandsin an effort toclarify EU cyber sanctions. But Italy pumps the brakes. (Do Putin's Angels rejoice?)Rick Howard from Palo Alto Networks on exponential technologies, and how they could change the notion of scarcity. For links to...
Driving GPS manipulation. [Research Saturday]
Researchers at Virginia Tech investigate possible ways to manipulate GPS signals and send drivers to specific locations without their knowledge.
Gang Wang isAssistant Professor of Computer Science at Virginia Tech, and he joins us to share his team's findings.
The original research can be found here:
https://people.cs.vt.edu/gangwang/sec18-gps.pdf
Learn more about your ad choices. Visit megaphone.fm/adchoices
Busy Bears, again. Mixing IT and OT is a risky business. New Android Trojan. Supply chain seeding attack updates. Facebook purges more "inauthentic" accounts. Data privacy. Cyber sanctions.
In today's podcast we hear that Ukraine says it's under cyberattack, again. ESET connectsTelebotsandBlackEnergy. Port hacks suggest risks of mixing IT and OT.Talosfinds a new Android Trojan. Skepticism over Chinese supply chain seeding attack report continues. Facebook purges more "inauthentic" sitesthis time they're American. Data privacy regulation is trending, in both Sacramento and Washington. EU will consider cyber sanctions policy. NATO looks to cyber IOC. Alleged SIM-swappers arrested.Jonathan Katz from UMD on the use of a cryptographic ledger to provide accountability for law enforcement. Guest is April Wensel from Compassionate Coding on her work bringing emotional intelligence and ethics to...
Seeding-attack skepticism. MSS officer arrested, will face industrial espionage charges in the US. Russia says again that it didn't hack the OPCW.
In today's podcast, we hear that the report of Chinese supply chain seeding attacks comes in for more skepticism: NSA never heard of it, and Congress would like some answers. The US has an officer of China's MSS in front of a Cincinnati court on charges of industrial espionage: he was extradited this week from Belgium. Notes on officers and agents. Russia repeats denials of hacking theOrganisationfor the Prevention of Chemical Warfare.Ben Yelin from UMD CHHS with a court case on cell site location data. Guest is BrianVeccifrom Varonis with results from their data breach survey. For links to today's...
Updates on supply-chain seeding reports. DDoS in Ukraine. GAO reports on US weapon system cyber vulnerabilities. Bugs exploited by Mirai persist. Patch note and toe dialing.
In today's podcast we hear that there's no consensus, yet, on Bloomberg's report of Chinese seeding attacks on the IT hardware supply chain. Ukrainian fiscal authority sustains DDoS attack. GAO reports on cyber vulnerabilities in US Defense Department weapon systems.XiongmaiDVRs and cameras still exhibit bugs exploited by the Mirai botnet. Patch notes. And a lizard toe-dials from a veterinary cliniche wasn't a patient; just visiting.Robert M. Lee from Dragos with insights on the Bloomberg hardware supply chain story. Guest is Stephen Cobb from ESET with results from their recent AI and ML silver bullet survey. For links to today's stories...
Update on supply chain seeding reports. GRU comes in for more criticism. UK prepares cyber retaliatory capability. Power grid resilience. Panda Banker. Google's good and bad news.
In today's podcast we hear that Bloomberg's report of a Chinese seeding attack on the IT hardware supply chain comes in for skepticism, but Bloomberg stands byand adds toits reporting. Everyone is seeing Russia's GRU everywhere, and Russia feels aggrieved by the accusations. The UK prepares a retaliatory cyber capability. The US looks to grid security. Cylance describes Panda Banker. Google had a good day in UK courts Monday, but a bad day elsewhere.Justin Harvey from Accenture with thoughts in OSINT reconnaissance. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_09.html Support our show...
Researchers at Palo Alto Networks' Unit 42 have been tracking the rise of cryptocurrency mining operations run by criminal groups around the world. Ryan Olson is V.P. of threat intelligence at Palo Alto Networks, and he joins us to share what they've learned.
The original research can be found here:
https://researchcenter.paloaltonetworks.com/2018/06/unit42-rise-cryptocurrency-miners/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Reports of Chinese seeding attacks on the supply chain. Five Eyes and other allies push back at Russia's GRU. NPPD to become Cybersecurity and Infrastructure Security Agency
In today's podcast, we hear more on the possibility that China'sPeoplesLiberation Army engaged in seeding the supply chain with malicious chips. Companies deny it, but Bloomberg stands by its story. All Five Eyes denounce Russia's GRU for hacking. Russia responds unconvincingly. And the NPPD will become a new agency within the US Department of Homeland Security, and the lead civilian agency responsible for cybersecurity and critical infrastructure protection.Malek Ben Salem from Accenture Labs on pervasive cyber resilience. Guest is Adam Anderson, scholar in residence at Clemson Universitys Center for Corporate Learning and founder of Element Security Group, on behavioral science...
Bloomberg reports a seeding attack on the supply chain by Chinese intelligence services. GRU is named, shamed, indicted, and expelled.
In today's podcast, we hear that Bloomberg reports that a Chinese hardware hack has infested sensitive US supply chains. Dutch authorities expel GRU officers for attempting to hack the international body investigating the nerve agent attacks in Salisbury. Australia, the UK, and Canada all finger the GRU as responsible for high-profile cyberattacks. The US indicts seven GRU officers for a range of hacking-related crimes.Craig Williams from CiscoTaloswith tips on getting the most out of security conferences. Guest is Oussama El-Hilalifrom Arcserve with thoughts on business continuity and disaster recovery.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Facebook breach updates. Bogus Zoho Office Suite. Brazil's big botnet. Vulnerable router firmware. Patch news. A DGSI officer arrested for dark web collusion with the mob. Bad Fortnite cheats.
In today's podcast, we hear that Facebook continues to investigate its breach, and says it's not found any evidence of apps compromised through Facebook Login. Irish authorities open a GDPR investigation of Facebook. Bogus offers of Zoho Office Suite are malicious. Abig botnet hits Brazil's banking customers. Home routers found vulnerable. Google and Adobe patch. A DGSI officer is arrested in France for dark web trafficking. FEMA tests its emergency text system.Fortnitecheats are bad news.David Dufour from Webroot on security issues in video games as they become social networks. Guest is MichaelFeiertagfromtCellwith results from their Q2 incident report. For links...
RDP exploitation. More on the Facebook breach. Google and content moderation. Reaper Group stayed busy even after US-DPRK summit. Spyware in Canada. Hacking an airport.
In today's podcast we hear that the US FBI and DHS warn that RDP exploitation is up. Facebook's breach exhibits the tension between swift disclosure and sound incident response. A look at slow-rolled disclosure. Google draws criticism for some content it hosts. North Korea's Reaper Group never missed a beat. Citizen Lab says Saudi Arabia is spying on at least one prominent dissident who's a permanent resident in Canada. Nepal's airport is hacked, apparently for thelulz.Joe Carrigan from JHU ISI on Android password managers being vulnerable to malicious apps. Guest is Robb Reck from Ping Identity on recently published white...
In today's podcast we hear an update on Facebook's data breach, including EU inquiries, Congressional attention, FTC scrutiny, and user unhappiness. The threat of Chinese election meddling seems to be a matter of concern in the US Intelligence Committee. And, despite promises, there was no livestreamed obliteration of much of anything yesterday.Rick Howard from Palo Alto Networks on rebooting the kill chain.
For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_10_01.html
Support our show
Learn more about your ad choices. Visit megaphone.fm/adchoices
Sophisticated FIN7 criminal group hits payment card data. [Research Saturday]
Researchers at security firm FireEye have been tracking malicious actors they call FIN7, a group which targets payment card data in the hospitality industry and elsewhere. They make use of targeted phishing campaigns, telephone vishing and even a convincing front company to do their deeds.
Nick Carr and Barry Vengerick are coauthors of the research, along with their colleagues Kimberly Goody and Steve Miller.
The research is titled On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation. It can be found here:
https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Facebook discloses a major breach. Botnet brute forcing ransomware. Retail domain typosquatting. ATM wiretapping. Ransomware in San Diego. SEC hits cyber deficiencies. Assange retires?
In today's podcast, we hear that Facebook has disclosed a cyberattack that affected fifty million users. A botnet is brute-forcing credentials. Cybercriminals show signs of ramping up spoofed retail domains in preparation for holiday shopping. The US Secret Service warns of ATM wiretapping. The Port of San Diego struggles with ransomware. The US SEC fines a company for cyber deficiencies. Mr. Assange goes offline. And some guy says he'll live-stream his annihilation of a prominent Facebook page.Jonathan Katz from University of MD on Bluetooth pairing protocol vulnerabilities. Guest is Andrea LittleLimbagofrom Endgame on the internetseffecton global conflict. For links to...
Fancy Bear, again and again. QRecorder is a banking Trojan. Authentication issues with Apple's Device Enrollment Program. Notes on regulation. Farewell to a code-breaker.
In today's podcast, we find out that Fancy Bear has its very own rootkit.VPNFilterturns out to do a lot more than previously suspected. One of the Salisbury assassins is identified as a GRU colonel. A voice recorder app is kicked out of Google Play for being a banking Trojan. Apple's Device Enrollment Program may have authentication issues. Big Tech might learn to like being regulated. And farewell to one of Bletchley Park's Jenny Wrens.Mike Benjamin from CenturyLink with thoughts on the Foreshadow vulnerability. Guest is Daniel Riedel from New Context Services, discussing synthetic identities. For links to all of today's...
Cryptojacking and ransomware news. The black market in zero-days looks like a bear market. Google budges (a little) on Chrome login. Senate hearings on privacy. Political campaign cybersecurity.
In today's podcast, we hear thatcryptojackingapps have reappeared in Google Play. A brewer's experience with ransomware shows that victims needn't be helpless in the face of extortion. A look at the black market finds that zero-day vendors have grown a lot scarcer on the ground. Google respondsa littleto concerns about privacy in Chrome login. The US Senate is holding hearings on privacy. Big Tech will be there. And are political campaigns slipping into learned helplessness about cybersecurity?Dr. Charles Clancy from VA Techs Hume Center on university spin-offs and partnerships. Guest is Dinah Davis from Code Like a Girl on how...
Follow-up to terror attack in Iran. UN data exposure. Kodi and cryptojacking. SHEIN retail breach. Atlanta's ransomware remediation. Payroll phishing. Quantum strategy.
In today's podcast, we hear that Iran has accused Saudi Arabia, UAE, and the US of running Saturday's terror attack "from the shadows." Data exposure at the UN.Kodiplatform exploited forcryptojacking. SHEIN retail breach affects more than six million. Atlanta says its ransomware incident is now "over." FBI warns of payroll phishing. A US strategy for quantum technology is offered. A look at sports and cybersecurity. Has the Riemann hypothesis been proved?Johannes Ullrich from the SANS ISCStormcastpodcast with warnings of post-hurricane scams. Our UK correspondent Carole Theriault explores overly complex online terms andconditions, andspeaks with a company thats chosen a different...
Terror attack in Iran prompts info skirmishing, and perhaps worse to come. JET bug disclosed. ANSSI open-sources OS. Anglo-American response to Russian cyber ops. Russian elections. Scam notes.
In today'sCyberWire, we hear about a terror attack in Iran that has heightened tensions among adversaries: expect a heightened cyberoptempo. A JET vulnerability in Microsoft products is publicly disclosed as Microsoft misses the Zero Day Initiative's 120-day deadline. France will open-source its secure operating system. UK, US attitudes continue to stiffen towards Russia in cyberspace. Russian elections are surprising, by Russian standards. Notes on some current scams.Ben Yelin from UMD CHHS on a ruling on warrantless GPS tracking at the U.S. border. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_24.html Support our show...
Researchers at security firm Cybereason recently set up online honeypots to attract adversaries interested in industrial control system environments. It didn't take long for sophisticated attackers to sniff out the virtual honey and start snuffling around.
Ross Rustici is senior director of intelligence services at Cybereason, and he joins us to share what they learned.
The research is titled ICS Threat Broadens: Nation-state Hackers are no Longer the Only Game in Town. It can be found here:
https://www.cybereason.com/blog/industrial-control-system-specialized-hackers
Learn more about your ad choices. Visit megaphone.fm/adchoices
US National Cyber Strategy. New sanctions. GCHQ beefs up Russia unit. Cryptocurrency heist. Hacking Senatorial Gmail. Crime and punishment.
In today's podcast, we hear about the US national cyber security strategy, and developing international norms, calling out bad actors, establishing a credible deterrent, and imposing consequences are important parts of it. The State Department blacklists thirty-three Russian bad actors. GCHQ is standing up a 4000-person cyber operations group to counter Russian activity. A cryptocurrency heist in Tokyo.Hacking Senatorial Gmail.And some notes on crime and punishment.Emily Wilson from Terbium Labs on Dark Web exit scamming. Guest is TanyaJancafrom Microsoft on her OWASPDevSlopproject. Extended interview with Tanya Janca - https://www.patreon.com/posts/21559930 OWASP DevSlop show on Twitch - https://www.twitch.tv/videos/307974412 For links to all...
Magecart is back. Bad apps booted from Google Play. OilRig taken seriously. Election influence operations. Sending in the National Guard. ICO fines Equifax for last year's breach.
In today's podcast, we hear thatMagecarthas hit a Philippine media conglomerate. Bogus (and malicious) financial apps are ejected from Google Play. Gulf states are taking warnings about Iran'sOilRigseriously. A cloud hosting service serves up phish. Taiwan believes China is preparing to meddle in its elections. Facebook sets up an anti-disinformation war room. Nebraska sends in the National Guard. The UK ICO fines Equifax for last year's breach.Craig Williams from CiscoTaloson distinguishing between features and bugs with regards to security. Guest isRoelaSantos from Engility, describing theCyberWarriorscholarship for veterans. For links to all of today's stories check our our CyberWire daily news...
State Department cybersecurity issues. Iron Group's pseudoransomware. Bristol Airport's deliberate recovery. State of cryptojacking. Facebook offers campaigns help. US cyber strategy. Mirai masters.
In this podcast, we hear that the US State Department has acknowledged an email breach. The criminal gang Iron Group is hitting targets with data-stealing and data destroying pseudoransomware. Bristol Airport continues its slow recovery from whatever hit a at the end of last week. Acryptominingstudy is out. Facebook offers help to political campaigns. The new US cyber strategy is out. ICOs get regulation. Mirai masters get suspended sentences in recognition for the help they've rendered the Government.Daniel Prince from Lancaster University with thoughts on asset-based risk assessment. Guest is Ray Watson fromMasergyon soft targets. For links to all of...
Tracking Pegasus. OilRig spearphishing. IP theft from universities. Peekaboo bug in surveillance cameras. WannaMine won't be EternalBlue's last ride. Preventing data abuse.
In today's podcast, we hear about a Citizen Lab report on the global use of Pegasus lawful intercept tools. OilRig seems to be spearphishing in Bahrain. University IP theft by Iran seems widespread, but it also doesn't look very lucrative. Peekaboo vulnerability affects security cameras.WannaMineis the latest campaign to exploit the stubbornEternalBluevulnerability. Data firms work toward guidelines to prevent political data abuse.David Dufour from Webroot with a primer on quantum computing. Guest is Sam Bisbee from Threat Stack on public cloud breaches. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_18.html Learn more about...
Ransomware and cryptojacking are all the rage. Iran seeks IP, North Korea seeks a quick buck. More on EU content moderation. Alleged Russian hacking of WADA, Spiez Laboratory. Propaganda overreach?
In today's podcast, we hear about the ransomware that's clogged systems at a UK airport. New variants of ransomware are out and about in the wild. EternalBlue continues to be used to installcryptojackersin vulnerable systemsthe campaign is being calledWannaMine. EU considers short deadlines and sharp penalties for failure to remove "extremist content" from the Internet. Russia suspected in WADA and SpiezLab hacking. Did Moscow overreach with its latestNovichokdisinformation effort?Malek Ben Salem from Accenture on encryption techniques that make use of DNA. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_17.html Learn more about your...
A team of researchers from Northeastern University and UC Santa Barbara examined over 17,000 Android apps, and revealed a number of alarming privacy risks.
Elleen Pan and Christo Wilson were members of the research team, and they join us to share what they found.
The research is titled Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications. It can be found here:
https://recon.meddle.mobi/papers/panoptispy18pets.pdf
Learn more about your ad choices. Visit megaphone.fm/adchoices
Magecart continues its way. Evil cursor attacks. Seasonal trends in Trojans. More Novichok disinformation. Pyongyand denounces a "smear campaign." Wait and see on pipeline fires.
In today's podcast we hear thatMagecarthas achieved another library infestation asFeedifyis hit. An evil cursor attack is a variant of a familiar tech support scam. TheRamnitbanking Trojan seems to be spiking during the summer, and there are various theories as to why this might be so. MoreNovichokdisinformation is out. Safariurlspoofing seems more nuisance than serious menace. North Korea denounces the US for a "smear campaign" against the Lazarus Group, which doesnt exist, either.Joe Carrigan from JHU ISI shares his frustrations with his banks insufficient password practices. Guest is Ron Gula, former CEO and co-founder of Tenable Network Security, currently President...
Domestic Kitten spyware. Crypto wallet shenanigans. Firmware issues enable cold boot attacks. BlueBorne bugs are still out and about. Tech support scams. Election security.
In today's podcast we hear that an Iranian domestic spyware campaign has been reported: it's most interested in ethnic Kurds. A bogus cryptocurrency wallet site is taken down. F-Secure warns of a widespread firmware problem that could be exploited for cold boot attacks. TheBlueBorneBluetooth bugs are apparently still out there. Tech support scam ads are taken down. Policies for election security continue to evolve. And Facebook's founder offers some thoughts on how his platform can save democracy.Ben Yelin from UMD CHHS with analysis of a Florida court decision on the use of cell site simulators. Guest is Josh Mayfield from...
Executive Order mandates election interference sanctions. British Airways regulatory exposure. Patch Tuesday notes. EU passes copyright law. Russia says no to Novichok. WhatsApp scam.
In our podcast we hear that a US Executive Order issued today will impose sanctions on foreign actors following a determination that there's been an attempt at election meddling. The Executive Order covers both hacking and propaganda. British Airways may receive a heavy fine under GDPR for its recent breach. The EU passes controversial copyright legislation. Russia says the accusedNovichokhitmen didn't donothin'. And watch out for Olivia on WhatsAppshe's not what she at first seems to be.Jonathan Katz from the University of Maryland, with a cryptocurrency bug story from the MIT media lab. Guest is Robert Block fromSecureAuth+CoreSecurity, with best...
Trend Micro answers spying allegations. Magecart blamed for British Airways breach. Tor Browser exploit disclosed. Google vs. the right to be forgotten. Accused JPMorgan hacker extradited.
In today's podcast, we hear that Trend Micro has clarified what was up with allegations it was deploying spyware with its toolsno spyware, but they've changed their products to remove the appearance of impropriety. RiskIQ fingers the Magecart gang as the hoods behind the British Airways data breach. Exploit brokerZerodiumdiscloses a no-longer profitable Tor Browser vulnerability. Google will challenge the EU's right-to-be-forgotten in court this week. An extradition in the JPMorgan hack.Justin Harvey from Accenture with tips on building an effective incident response plan. Guest is ColinMcKintyfrom BAE systems, discussing the launch of The Intelligence Network, a collaborative task force...
Elections and information operations, but not necessarily the elections you expect. Apple purges dodgy security apps. Who are the Silence criminals? BA's breach. Cyber moonshots.
In today's podcast, we hear about foreign information operations surrounding elections in Israel and Sweden. Domestic information operations surround local elections in Russia. Apple purges questionable security apps from its store. Are the Silence cybercriminalssecurity industry veterans? British Airways continues to recover from its data breach. What a "cyber moonshot" might actually mean. AndProtonMailsays the coppers have collared an Apophis Squad member.Zulfikar Ramzan from RSA with a reality check on blockchainhype .Guest is Yehuda Lindell from Unbound Tech on the Foreshadow vulnerability. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_10.html Learn more about...
Leafminer espionage digs the Middle East. [Research Saturday]
Researchers at Symantec recently published their findings on an active attack group named Leafminer that's targeting government organizations and businesses in the Middle East region.
Vikram Thakur is a technical director at Symantec, and he joins us to share what they've found.
The research can be found here:
https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east
Learn more about your ad choices. Visit megaphone.fm/adchoices
Russia does the info ops dance. An indictment of a Lazarus Groupie. FOIA shares too much. British Airways breaches. Silence makes some noise. Notes from the Billington Cybersecurity Summit.
In today's podcast we hear that Russia says it had nothing to do with the Salisbury nerve agent attacks, but no one really seems to be buying the denial. The US indicts a North Korean hacker in matters pertaining to the Lazarus Group. FOIA.gov overshares. British Airways sustains a data breach. The "Silence" gang makes some noise in the underworld. Notes from yesterday'sBillingtonCybersecurity Summit. And Twitter bans a grandstanderfor life.Dr. Charles Clancy from VA Techs Hume Center describes the Virginia Commonwealth Cyber Initiative. Guest is Rich Baich, CISO at Wells Fargo with insights on protecting a major financial institution. Learn...
Cyberwar looms between Russia and the UK. Twitter and Facebook complete testimony, but inquiries continue. Unpatched MikroTik routers exploited. OilRig's new tricks.
In today's podcast, we hear that theNovichokattacks have brought Britain and Russia to the brink of cyberwar. The UK will take its case to the UN Security Council. Twitter and Facebook have completed their testimony on Capitol Hill, but investigation of tech's role in influence operations and public discourse continue. So do concerns about election security. UnpatchedMikroTikrouters are being exploited in the wild.OilRigshows some new tricks.Joe Carrigan from JHU ISI on biometric scanners tagging travelers at the border. Guest is Robert Anderson from the Chertoff Group with insights on the encryption debate. For links to all of today's stories check...
Sleeper malware. Hakai botnet spreads. SamSam is still with us. US DNI warns of election threats. Congressional panels interrogate Facebook and Twitter, but not Google.
In today's podcast, we hear that German security authorities warn about the possibility of sleeper sabotage malware. A botnet to rival Satori, this one called Hakai, continues to spread to new classes of router.SamSamransomware remains dishearteningly successful. The US Director of National Intelligence warns against foreign influence in elections. Facebook's former security chief says the midterms could be the World Cup of information Warfare. Silicon Valley comes to Capitol Hill, but without Google.Craig Williams fromTalosat Cisco with an update on theRemcosRAT. Guest is Robert Holmes from Proofpoint on the DHSs Binding Operational Directive (BOD) 18-01 mandate to secure their email...
Tracking Stone Panda to the Tianjin Bureau. Ad-fraud and Tokelau. RansomWarrior decrypted. US Congress to grill Facebook, Google, and Twitter. Celebrity scams.
In today's podcast, we hear that Intrusion Truth seems to have Stone Panda dead to rights. Chinese intelligence increases targeting of expatriate Uyghurs. Zscaler warns that an ad-fraud campaign is making use of the Tokelau top-level domain. Check Point has a decryptor for RansomWarrior. The US House and Senate will hear from Facebook, Twitter, and Google this week about influence operations, content moderation, and alleged monopolistic practices. And no, Pope Francis isn't giving away Bitcoin, nor did former President Obama encrypt your files.Emily Wilson from Terbium Labs with a look back at the effects of last years Alpha Bay takedown....
ATM hacks on the rise. [Research Saturday]
Threat researcher Marcelle Lee from LookingGlass Cyber Solutions joins us to share her research on the growing threat of ATM hacks in the U.S.
The research can be found here:
https://www.lookingglasscyber.com/blog/atm-hacking-you-dont-have-to-pay-to-play/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Recruiting spies via LinkedIn. WindShift in the Gulf. GlobeImposter ransomware. Blocking Telegram is harder than it looks. Policy notes from the Five Eyes.
In today's podcast we hear that the US Intelligence Community says that China is actively trying to recruit spies over LinkedIn. Britain and Germany had earlier issued similar warnings.WindShiftespionage group is active in the Gulf.GlobeImposterransomware continues its evolution and spread. The Five Eyes issue some communiques about cooperation in cyberspace. Russia would like to block Telegram if it could do so without too much collateral traffic damage. Supply chain questions about Google's Titan.Johannes Ullrich from SANS and the ICSStormcastpodcast, with iPhone unlocking techniques. Guest is Andy Greenberg from WIRED discussing his recent article onNotPetya. For links to all of today's...
Twitter bots in Swedish politics. A different approach to influence operations. Hotel guest PII for sale. Medical device vulnerabilities. Charges in the case of the Satori botnet.
In today's podcast, we hear that Twitter bots have shown up in Sweden's political discourse. Not so much Chinese hacking for influence: Beijingseems to preferfunding sympathetic cultural and research centers. 130 million hotel guests have their PII offered for sale on the dark web. Medical device vulnerabilities are disclosed, and hospitals are urged to patch. Nexus Zeta faces charges in a US Federal Court,apparently inconnection with the Satori botnet.Mike Benjamin from CenturyLink with an update on theNecursbotnet. Guest is Gilad Peleg fromSecBIon the challenges of secure BYOD policies. For links to all of today's stories check our our CyberWire daily...
Unpatched Apache Struts installations being exploited in the wild. Windows local privilege escalation flaw. Similarities among spyware. Stalkerware hack. Criminal threats to the grid. Breaches.
In today's podcast we hear that the Apache Struts vulnerability, patched last week, is being actively exploited bycryptojackers. Microsoft works on a fix for local privilege escalation flaw in Windows. Trend Micro sees similarities amongUrpage, Confucius, Patchwork, and Bahamut campaigns. Air Canada suffers a breach. Criminal threats to power grids. And searching for search engine optimization in all the wrong places.Jonathan Katz from UMD on flaws in Intel processors secure enclave. Guest is Fred Kneip fromCyberGRXon third party risk. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_29.html Learn more about your ad choices....
Social media struggle with their social role. Election hacking concerns remain high. Australia's new government shuffles cybersecurity responsibilities.
In today's podcast, we hear that Twitter has suspended more accounts for "divisive social commentary" and "coordinated manipulation." Facebook blocks accounts belonging to Myanmar leaders over Rohingya persecution. US Senators are unconvinced by claims that it's dangerous to research voting-machine vulnerabilities. The Housetakes a lookat the CVE database. Australia's new government reorganizes its cybersecurity portfolio.Justin Harvey from Accenture with details from their mid-year cyberthreatscapereport. Guest is Sean Tierney from Infoblox with their shadow IoT report.
For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_28.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Moscow HUMINT drought? Spying on the Patriarch. Ottoman hacktivism. Iranian information operations. ISIS in cyberspace. RtPOS malware discovered.
In today's podcast, we discuss reports that suggest US HUMINT collection in Russia has dried up. Russian intelligence services are showing an interest in disrupting a grant of autonomy to the Ukrainian Orthodox Church by the Ecumenical Patriarch. Turkish hacktivism shows up in the US, as journalists' social media accounts are hijacked. A look at Iranian information operations. ISIS limps back into cyberspace. A new point-of-sale malware family is discovered.David Dufour from Webroot on the role of engineers in securing an organization. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_27.html Learn more about...
Cyber espionage coming from Chinese University. [Research Saturday]
Threat intelligence firm Recorded Future recently published research describing espionage activities originating from servers at a major Chinese university, coinciding with international economic development efforts.
Winnona DeSombre and Sanil Chohan are authors of the report,Chinese Cyberespionage Originating from Tsinghua University Infrastructure, along with their colleague Justin Grosfelt.
The research can be found here:
https://www.recordedfuture.com/chinese-cyberespionage-operations/
Learn more about your ad choices. Visit megaphone.fm/adchoices
More action against Iranian influence operations. Tehran's cyberespionage against universities. Counter-value targeting in cyber deterrence. Sino-Australian trade war? Law and order.
In today's podcast, we hear that Google has put the cats out.Secureworksdescribes an Iranian cyberespionage campaign targeting universities. That DNC phishing campaign is confirmed to be a false alarm caused by a Michigan misstep, but almost fifteen million voter records appear to have been inadvertently exposed in Texas. The US tells Russia to knock off the influence operations, and some suggest a counter-value deterrent strategy to tame the Bears. China warns Australia its new government will face trade retaliation for banning ZTE and Huawei. Reality Winner gets five years, and two Minnesota lawyers go away, too.Ben YelinFromUMD CHHS on attempts...
If you're running a red team, let someone know it's a drill. Apache patches Struts. Another exposed AWS bucket. Remcos abused by hackers. DPRK goes after Macs. Dark Tequila runs in Mexico.
In today's podcast, we hear that a phishing attempt against the Democratic National Committee turned out to have been a poorly coordinated red-team exercise. Apache patches a remote code execution vulnerability in Struts. Another exposed AWS bucket.Remcosremote administration tool is being abused by black hats. Dark Tequila goes after customers of Mexican financial institutions. The Lazarus Group is back, and it's getting into Macs for the first time.Joe Carrigan from JHU ISI on Android vs. iOS data privacy. Guest is OrenFalkowitzfrom Area 1 Security on protection against phishing attempts. For links to all of today's stories check our our CyberWire...
Facebook takes down "inauthentic" Russian and Iranian fronts. Twitter blocks Iranian false-flags, and FireEye explains why they think it's Tehran. Triout Android spyware described. Hacking back?
In today's podcast we hear that Facebook has taken down more inauthentic pagessome are Russian, but others are Iranian. Twitter blocks Iranian accounts for being bogus. Russia denies, again, any involvement in information operations against the US. US Army Cyber Command's boss wonders if his job isn't more "information ops" than "cyber." Bitdefender describesTriout, an Android spyware framework. And some in industry caution the Senate not to expect them to get frisky hacking back.Craig Williams from CiscosTalosteam, discussing MDM (mobile device management) vulnerabilities. Guest is James Burns from CFC Underwriting on cyber security insurance. For links to all of today's...
Fancy Bear bogus sites taken down. Some in the US Congress think they want hack-back laws. Cyber and sanctions. Operation Red Signature. Doxing Chinese Intelligence. Buggy medical devices.
In today's podcast, we hear that Microsoft has sprung its bear trap, again, and caught Fancy Bear. This time the targets are more to the right than the left. The US Senate holds hearings on cybersecurityhacking back is expected to be on the table. The UK wants more sanctions on Russia. US Senators are looking into reducing sanctions' collateral economic damage. Operation Red Signature pokes at South Korean supply chains. Intrusion Truth doxes Chinese intelligence officers. Medical device bugs.Rick Howard from Palo Alto Networks with tips buying cybersecurity products. Guest is Travis Rosiek from BluVector onfilelessattacks. For links to all...
DarkHotel is back. So is Necurs, and it's distributing a modular malware dropper. Industrial espionage follows international trade. Election meddling. The use and abuse of data.
In today's podcast, we hear that an evolved DarkHotel campaign is under way. A new malware dropper is out and about thanks to the Necurs botnet.Researchers demonstrate proof-of-concept exploits. Cyber espionage follows trade. Notes on election meddling. Google and Facebook encounter some regulatory and legal headwinds over data collection. Connected cars know a lot about their drivers, and there's money in those data.Robert M. Lee from Dragos on the notion ofcyber attacksas a distraction.
For links to all today's stories, check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_20.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Stealthy ad fraud campaign evades detection. [Research Saturday]
Researchers at Bitdefender have been tracking a bit of complex rootkit malware called Zacinlo that they suspect has been operating virtually undetected for over six years. Bogdan Botezatu is a senior cyber security analyst with Bitdefender, and he describes what they've found.
Research link:
https://labs.bitdefender.com/2018/06/six-years-and-counting-inside-the-complex-zacinlo-ad-fraud-operation/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Election riskshacking and influence. Chinese industrial espionage spike. Misconfigured project management. Necurs appears briefly. Bogus Fortnite downloads. What they heard in the banya.
In today's podcast we run through a brief guide to election risks, and the difference between hacking and influence operations. An Alaskan trade mission prompts a wave of Chinese industrial espionage. Misconfigured project management pages may have exposed Canadian and British Government information.Necursflared up in a short-lived spam campaign against banks this week. Crooks use bogusFortnitedownload pages. Final briefs are submitted in Kaspersky's court challenge to its US ban.Emily Wilson from Terbium Labs on her experience getting certified as a fraud examiner. Guest is Marco Rubin from the Center for Innovative Technology, on the security of UAVs and drones. For...
Hacking Old Man River. Nation-state cyber conflict: objectives and norms of behavior. Australia's new cyber laws. ATM campaign. Lawsuits, and the Dread Pirate Robert asks for pardon.
In today's podcast we hear that cyber threats to river traffic have intermodal implications. Nation state hacking, Presidential Policy Directive 20, and international norms of cyber conflict. The tragic consequences of overconfidence concerning communications security. Australia's new cyber laws are more legal hammer than required backdoor. A campaign of ATM robbery nets millions worldwide. A cryptocurrency speculator sues the phone company, a spyware firm sues a former employee, and the Dread Pirate Roberts would like a pardon.Johannes Ullrich from SANS and the ICSStormcastPodcast, on lingering legacy passwords in Office documents. Guest is PhilNerayfrom CyberX on the National Risk Management Center...
Notes on patching. Foreshadow speculative execution vulnerability. Influence operations. The FBI's new cyber chief. Are stickers a temptation to thieves, hackers, and customs officers?
In today's podcast we hear some Patch Tuesday notesboth Microsoft and Adobe were busy yesterday. Foreshadow, a new speculative execution vulnerability, is reported. Malaysia gets attention from Chinese espionage services. Competition for jihadist mindshare. Influence operations as marketing. The US FBI gets a new cyber boss. The Kremlin thinks the BBC is biased in the crypto-wars. And laptop stickers: are they good, bad, or ugly?Zulfikar Ramzan from RSA on SOCs and IoT. Guest is Dimitris Maniatis from Upstream on Android ad fraud malware. For links to all of today's stories check out the CyberWire daily briefing: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_15.html Learn more about...
Cryptowars notes. DDoS in Finland. Bears aren't under the beds; they're in the routers. Smart city attack surfaces. Sanction notes. Training through puzzle-solving .
In today's podcast, we hear about thecryptowarsdown under. Major DDoS incident in Finland. Bears in the home routers, and concerns about IoT and power grid security prompt a US Senator to demand answers. Smart cities present big attack surfaces. Preliminary notes on patches. ZTE and Huawei devices formally disinvited from US Government networks. Cyber retaliation expected from Russia and Iran over sanctions. And locking people in a room to teach them good cyber hygiene.Justin Harvey from Accenture on threat hunting. Guest is Bob Stevens from Lookout discussing app-based malware on mobile devices. For links to all of today's stories check...
Spyware for states and spouses. Election hacking demos. New ransomware strains, and a clipper for Android. Airline Wi-Fi is not only irritating, but insecure as well.
In today's podcast, we hear about spyware in the guise of a missile attack warning app. New Dharma variant out.Android.Clipperredirects transactions to crooks'cryptowallets.DLinkexploits rob Brazilian banking customers. Utilities prepare for grid hacks, but researchers say an appliance botnet could cycle demand enough to induce blackouts. Vulnerabilities in airline Wi-Fi and SATCOM connectivity. Election hacking demos may or may not be realistic. Family spy ware proves vulnerable to data exfiltration.Ben Yelin from UMD CHHS on police using facial recognition software to nab a suspect.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Thrip espionage group lives off the land. [Research Saturday]
Researchers at Symantec have been tracking a wide-ranging espionage operation that's targeting satellite, telecom and defense companies.
Jon DiMaggio is a senior cyber intelligence analyst at Symantec, and he takes us through what they've discovered.
The research can be found here:
https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets
Learn more about your ad choices. Visit megaphone.fm/adchoices
DPRK RAT in the wild. Vulnerable WPA2 4-way handshake implementations. Black Hat notes. Sanctions and retaliation. RoK to reorganize Cyber Command. PGA and ransomware.
In today's podcast we hear that US-CERT is warning of a North Korean RAT. Researchers find vulnerable WPA2 handshake implementations. A sales call results in inadvertent data exposure. Notes on Black Hat: circumspection, hype, barkers, and artificial intelligence. Russia braces for US sanctions and promises retaliation. South Korea will reorganize its Cyber Command. The PGA is hit with ransomware.Guests are AndreiSoldatovand IrinaBorogan, authors of the book The Red Web.
Learn more about your ad choices. Visit megaphone.fm/adchoices
State-sponsored ransomware campaigns coming? DarkHydrus and Phishery. Hitting ATMs for alt-coin. US sanctions Russia. IBM looks at artificially intelligent malware. Black Hat notes.
In today's podcast we hear that Tehran seems ready to follow Pyongyang into state-sponsored theft to redress financial shortfalls: cryptocurrency ransomware looks like Iran's preferred approach.DarkHydrususes commodity toolPhisheryin Middle Eastern campaign. Jackpotting cryptocurrency ATMs. The US imposes sanctions on Russia. Reality Winner's sentencing date announced. IBM looks at artificially intelligent malware. The mob's role in the cyber black market. What's the bigger gaming threat, sideloading apps or theFortnitedance? We're asking for a friend.AwaisRashid from Bristol University on issues with software warranties. Guest is Cheryl Biswas from the Diana Initiative, a conference in Las Vegas celebrating diversity, women in security, and...
Payment processors probed with BGP exploits for redirection attacks. WhatsApp vulnerable to manipulation? Deterrence and retaliation. Anonymous vs. QAnon. Notes from Black Hat.
In today's podcast we hare that Oracle has warned of BGP exploits against payment processors. Check Point says it's found vulnerabilities in WhatsApp that could enable chat sessions to be intercepted and manipulated. Germany, Ukraine, and the US independently mull responses to hacking and influence operations. Anonymous announces it wants to take its shots atQAnon. Notes from Black Hat, including observations on grid hacks, AI, and the gray hat phenomenon.David Dufour from Webroot with a look at the year in review. Guest is Travis Moore fromTechCongressdescribing their fellowship programs. For links to all of today's stories check out our CyberWire...
TSMC recovers from WannaCry infection. OpenEMR fixes 30 bugs. UK will ask Russia to extradite two GRU operators for Novichok attacks. Twitterbots flourish.
In today's podcast we hear that chipmaker TSMC says the virus that shut it down in Taiwan was WannaCry. It appears to have been an incidental infection enabled by inattentive installation of software.OpenEMRfixes bugs that could have exposed millions of patient records. British authorities are said to be readying an extradition request for GRU operators they hold responsible for theNovichokattack in Salisburythe incident has prompted Russian hacking and disinformation.Mike Benjamin from CenturyLink on DDoS attack trends. Casey Ellis fromBugcrowdwith an overview of bug bounty programs.
Learn more about your ad choices. Visit megaphone.fm/adchoices
More data exposures, from banks and a major CRM provider. Ransomware strikes back. The irresistibility of data. An unhackable wallet gets hackedmaybe. Spreading goodwill through Akido?
Leaky API may have exposed Salesforce customers' data, TSMC reports a virus in its semiconductor plants. TCM Bank discloses apaycardapplication leak. Ransomware in Hong Kong. The US Census Bureau prepares to secure its 2020 "fully digital" census. The unbearable, irresistible urge to monetize data. Notes on automotive cybersecurity. Depending on whom you ask, theBitfiwallet was either hacked, or not. And a new goodwill ambassador seeks to repair US-Russian relations.Rick Howard from Palo Alto Networks exploring the notion ofsuperforecasting. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_06.html Learn more about your ad choices. Visit...
Cortana voice assistant lets you in. [Research Saturday]
Researchers at McAfee recently discovered code execution vulnerabilities in the default settings of the Cortana voice-activated digital assistant in Windows 10 systems.
Steve Povolny is head of advanced threat research at McAfee and he shares their findings.
The research can be found here:
https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140
Learn more about your ad choices. Visit megaphone.fm/adchoices
Russian threats and threats to Russia. Cryptojacking wave spreads out from Brazil. Recovering from malware in Alaska and Atlanta. Notes on automotive cybersecurity.
In today's podcast we hear that the US Intelligence Community warns of Russian threats, again. A criminal spearphishing campaign hits Russian industrial companies. A cryptojacking wave is installing CoinHive in MicroTik routers. Speakers at the Billington AutomotiveCyberSecuirtySummit stress collaboration, design for security, and the convergence of cyber and safety. Autonomy and connectivity makethese imperativefor the next generation of vehicles. Municipalities hit by malware feel the pain. Ben Yelin from UMD CHHS on a NYT story on records being seized from a reporter. Guest is David Spark, cohost of the CISO Security Vendor Relationship podcast. For links to all of today's...
RASPITE noses around the US power grid. Cisco will buy Duo Security. Sandworm afflicts lab investigating Novichok attack. Influence ops can be no-lose proposition.Crytpojacking and malspam.
In today's podcast, we hear that Cisco plans to buy Duo Security. Dragos warns of the RASPITE adversary actor. Russia's Sandworm group is phishing people connected with a Swiss chemical forensics lab. How influence operations can be a no-lose proposition. A cryptojacking campaign is discovered and stopped.Malspamis using gifs to carry a keylogger payload. And Facebook CSO Alex Stamos has fixed a date for his departure for Stanford.Robert M. Lee from Dragos with thoughts on categorizing threat actors. Guest is Wendi Whitmore from IBM with their 2018 Cost of a Data Breach study. For links to all of today's stories...
Reddit Hacked. Ukrainians nabbed. Facebook boots "inauthentic" accounts for malign influence. Pegasus spyware found in Amnesty phone. Yale's old breach. Google and censorship.
In today'spodcast we hear that aSwiss chemical agent forensic labhas seenSandworm phishing attempts. Facebook kicks thirty-one "inauthentic" accounts from its platform: they seem to have been engaged in influence operations, possibly Russian. Attribution remains difficult. NSO Group's Pegasus spyware found in Amnesty International phone.SamSamransomware exacts a high cost. Yale realizes it was breached about ten years ago. Google allegedly prepares a censor-engine for Chinese web searchers.Craig Williams from CiscosTalosunit, describing his team and the work they do. Guest is Thomas Hofmann from Flashpoint on ransomware and online extortion. For links to all of today's stories check out out Cyberwire daily...
Data-centric security. [Special Editions]
In this CyberWire special edition, we take a look at data-centric security, focusing on the security of the data itself, rather than the surrounding networks, application or servers. To help us on our journey of understanding weve lined up a number of industry experts. Ellison Anne Williams is CEO of Enveil, a company thats developed cutting edge encryption techniques. Adam Nichols is principle of software security at Grimm, a cybersecurity engineering and consulting firm. Mark Forrest is CEO of Cryptshare, maker of secure electronic communication technologies for the exchange of business sensitive information. And John Prisco is CEO at QuantumXchange,...
Infrastructure security, especially power, finance, and elections. Preparation pays off. Proofpoint warns of new AZORult malware. Check Point tracks Master134 malvertising. Crime news.
In today's podcast we hear more warnings about Russiancyber operators in the North American power grid. The US Department of Homeland Security announces formation of a National Risk Management Center.Cosco'spreparation may have rendered the shipper more resilient to the cyberattack it sustained. Congress worries over election hacking and deep fakes. Electronic warfare is back. An alt-coin platform is hacked, a carder goes to jail, an alleged sim-swapper is arrested, and coaches behave badly.Johannes Ullrich from SANS and the ISCStormcastpodcast on TLS 1.3 implementation. Guest is Mark Orlando from Raytheon on critical infrastructure security. For links to all of today's stories...
NetSpectre proof-of-concept. Election hacking, in the US and Australia. Cyber industrial espionage. Cyber threats to power grids. Hacking JPay.
In today's podcast, we hear about NetSpectre,a new speculative execution proof-of-concept. Australia's Electoral Commission says there were no signs of hacking recent by-elections. US states remain concerned about election hacking. Missouri Senator McCaskill confirms that Fancy Bear made an unsuccessful attempt to access her staff's network. Russian threats to power grids. Industrial espionage continues to go after corporate IP. And news you can use aboutJPay(we know: you're asking for a friend).Jonathan Katz from UMD on the timeline for practical quantum computers. For links to all of these stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_30.html Learn more about your...
Researchers at Defiant recently analyzed a malware family they named "BabaYaga," which has the curious behavior of clearing out other malware and keeping infected sites up to date.
Brad Hass is a senior security analyst at Defiant, and he guides us through their findings.
The research can be found here:
https://www.wordfence.com/blog/2018/06/babayaga-wordpress-malware/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Fancy Bear sniffs around Senatorial staffs. US NSC considers Russian election interference. Chinese and Iranian cyberespionage. Malware loaders. Smart home bugs. Stealing WiFi.
In today's podcast we learn thatFancy Bear is said to be snuffling around at least one US Senatorial office. The US National Security Council meets to consider Russian election interference. Notes on Chinese and Iranian cyberespionage. New malware loaders are offered on the black market. Smart home hubs are shown to be hackable. Tenable enjoys a good IPO. A burglar in Silicon Valley didn't say, your money or your life, but rather, dude I'mouttadatacan I have yourWiFipassword?Dr. Charles Clancy from VA Tech on the security aspects of digital vs analog RF spectrum. Guest is Lisa Beegle from Akamai with info...
LifeLock closes proof-of-concept hole. US-CERT warns of active campaigns against ERP applications. Ad blockers may function as spyware. Parasite HTTP RAT. Underminer EK. NSA's IG scowls.
In today's podcast we hear thatLifeLock gets locked downprobably no harm done, maybe. US-CERT warns of active campaigns against ERP applications. Ad blockers may be doubling as spyware. A new RAT gnaws away at corporate HR departments.Underminershows that exploit kits aren't obsolete after all. NSA gets a bad report from its IG. Congress worries over Russian infrastructure reconnaissance and influence operations. Iran'sOilRigandLeafminerremain active regional threats.Joe Carrigan from JHU ISI oninfosecpros reusing passwords. Guest is Jessica Ortega fromSiteLock, discussing how having social media icons on your website increases the odds of falling victim to attacks. For links to stories in today's...
Leafminer wants to learn from the best, and that's not good. Shipper hacked. Old malware resurfaces in improved form. Russian grid and election threats. What insurance covers.
In today's podcast, we hear thatLeafmineris infestingnetworks in the Middle East. Red Alert, Kronos, Mirai, andGafgytmake their reappearance in new forms. Shipping firm Cosco is dealing with a cyberattack. US officials raise warnings about Russian threats to the power grid and elections. Congress considers cyber retaliation. A dispute over cyber insurance coverage lands the insured and the insurer in court.AwaisRashid from Bristol University on IoT and OT convergence. Guest is Jason Morgan from Wiretap on their Human Behavior Risk Analysis Report. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_25.html Learn more about your...
Warnings of Russian cyber threat to power grids. Phishing rises. Patch gets patched. SingHealth breach. Satori botnet. Bluetooth MitM. Evil maids?
In today's podcast, we hear that warnings of Russian prep for an attack on power grids become more pointed. Phishing and impersonation attacks continue to rise. Microsoft patches a patch. TheSingHealthbreach remains under investigation. The Satori botnet may be taking another run at Android devices. Bluetooth vulnerabilities render paired devices susceptible to man-in-the-middle attacks. And evil maid attacks may be less difficult than you thought.Emily Wilson from Terbium Labs, sharing her experience attending a conference for professionals working to fight fraud. Guest is Brian Martin from Risk Based Security with their research on vulnerabilities they discovered with the Click2Gov service....
SingHealth breach hits Singapore. Manufacturers afflicted with third-party data exposure. Aspen Security Forum takes cyber threats seriously. Ecuador may withdraw asylum from Assange.
In today's podcast we hear thatSingapore'sSingHealthhas sustaineda major data breach: authorities speculate it may have been the work of a nation-state yet to be determined (or at least named). A third-party data exposure affects major manufacturers, including car makers. The Aspen Security Forum concludes with sobering warnings from senior US Government officials and the private sector of election interference and the prospects of a "cyber 9/11." Ecuador may be tiring of Mr. Assange.Rick Howard from Palo Alto Networksrevisiting the notion of a metaphorical cyber moon-shot. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_23.html...
Measuring the spearphishing threat. [Research Saturday]
Researchers Gang Wang and Hang Hu from Virginia Tech recently conducted an end-to-end measurement on 35 popular email providers and examining user reactions to spoofing through a real-world spoofing/phishing test. Gang Wang joins us to share the sobering results.
End-to-End Measurements of Email Spoofing Attacks
https://people.cs.vt.edu/gangwang/usenix-draft.pdf
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyberespionage and influence operations. Big botnet assembled in less than a day. Monetizing stolen paycards through online games. Amazon nudges developers. Report on Huawei. Phishing notes.
In today's podcast we hear that theUS Intelligence Community remains convinced the Bears are up to no good. Finland experienced elevated rates of cyberattack during the Helsinki summit, mostly Chinese espionage. The hacker "Anarchy" assembled an 18,000-member botnet in less than a day, using known vulnerabilities. Crooks monetize stolen credit cards through online games. Amazon works to induce better AWS configurations.Annual UK report on Huawei is out.Phishing campaign notes.ZulfikarRanzanfrom RSA on cyber risk quantification. Guest is Mark Peters II, author of the book Cashing in on Cyber Power. For links to all of today's stories, check out our CyberWire daily...
Fancy Bear's Roman Holiday. RAT phishing in Ukraine. AWS S3 bucket leaks robocaller data. Bug or abuse? NIST to withdraw outdated cybersecurity publications. Content moderation.
In today's podcast, we hear thatFancy Bearhas takena Roman Holiday, and the Italian Navymay be takingnote. A criminal espionage campaign is underway, with Ukraine's government as its target. An exposed AWS S3 bucket leaks voter information. A security firm and a vendor dispute whether an issue is a vulnerability or a case of user abuse. NIST announces its intention of withdrawing some obsolete cybersecurity publications. Congress presses tech companies about content moderation.Daniel Prince from Lancaster University on rewriting digital histories. Guest is MattCauthornfromExtraHopon a new worm spreading through Android devices. For links to all of today's stories, check out the...
Magnibur ransomware spreads. LabCorp discloses suspicious incident on its networks. Spectre, Meltdown notes. Oracle patches. Helsinki summit backing and filling and backing.
In today's podcast, we hear about the spread ofMagnibur ransomware. LabCorp discloses "suspicious activity" on its networks. The Pentagon will add cybersecurity checks to its test and evaluation process. Siemens updates customers on Spectre and Meltdown. Oracle's quarterly patch bulletin is out. Fallout, clarifications, and more fallout from the Helsinki summit. US agencies continue preparations to secure elections and infrastructure.Robert M. Lee from Dragos on the Electrum threat group. Guest is Jonathan Couch from Threat Quotient on Dark Web markets. For links to stories in today's CyberWire podcast, check out our daily news brief. https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_18.html Learn more about your ad...
Trump-Putin summit. East Asian cyberespionage campaigns. Vulnerable DVRs. Concern about census security.
In today's podcast we review fallout from the Trump-Putin summit. Cyberespionage campaigns resurface in East Asiaat least one of them originates in North Korea. Telefonica sustains a major data breach of Spanish customers' details. Passwords to DVRs are found cached in an IoT search engine. Those DVRs' firmware is also vulnerable to exploitation. The US Census Bureau is asked to provide an overview of measures being taken to secure the 2020 census.David Dufour from Webroot on ransomware in the UK. Guest is James Tabor from MEDIA Protocol on using blockchain technology with online advertising. For links to all of the...
DNI warns of cyber threats. Russo-US summit. Mueller investigation and indictments. Huawei agonists. Congress reconsiders ZTE reinstatement. Kaspersky receives no emergency ban relief.
DNI says "warning lights are blinking red" over cyber threats. Election interference remains a risk despite lower than expected levels of threat activity. Presidents Trump and Putin meet in Helsinki. Notes on the Mueller investigation and the GRU indictments. Huawei, under suspicion over African cyberespionage, is said to be excluded from participation in Australian 5G buildout. Congress may reimpose ban on ZTE. Kaspersky fails to win emergency injunction against US sanctions.Ben Yelin from UMD CHHS, weighing in on the indictments of the Russians. For links to all of the stories mentioned in this podcast, visit our daily news brief on...
A new approach to mission critical systems.
Andy Bochman is senior grid strategist for Idaho National Labs National and Homeland Security directorate.Today were discussing the research the INL has been doing, developing new approaches to protecting mission critical systems.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Fancy Bear indictments. VPNFilter found in Ukrainian water-treatment chlorine plant. Comment spam. Speculative execution side-channel attacks. MDM exploits in India.
In today's podcast, we hear thatSpecial Counsel Muellerhas securedan indictment of twelve Russian intelligence officers for hacking during the 2016 US presidential elections. Ukraine findsVPNFilterin a water treatment facility. Comment spam returns. Speculative execution issues. Mobile-device-management tool used against smartphone users in India. The US Army directly commissions two cyber operatorscongratulations, First Lieutenants.Ben Yelin from UMD CHHS on Californias consumer privacy ballot measure. Guest is Martin Hellman, professor emeritus at Stanford University and known for his work on DiffieHellman key exchange. His new book is A New Map for Relationships: Creating True Love at Home and Peace on the Planet....
Timehop refines its breach disclosure. Speculative execution side-channel attacks described. Tech manuals offered for sale on the dark web. Twitter versus bots.
In today's podcast, we hear thatTimehophas releasedmore information as its breach investigation proceeds. The case will be interesting as an indicator of what GDPR enforcement will look like. Two speculative execution side-channel attacks are described (in the lab, but not yet, it's believed, in the wild). The US Senate's flesh creeps over bug disclosure practices. Someone uses aNetgearexploit to get some US technical manuals. Twitter goes to work against bogus accounts.Mike Benjamin from CenturyLink oncryptojacking. Guest is YanivAvidanfromMinerEyeon cloud GDPR compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ticketmaster paycard breach is part of a very large skimmer campaign. Chinese cyberespionage and censorship. Smartphone privacy issues. Data misuse litigation. Affirming the consequent.
In today's podcast we hear reports that theTicketmaster breach is the tip of a big software supply chain iceberg. Chinese intelligence services closely interested in Cambodia's elections. iOS crashes appear related to code designed to block displays of Taiwan's flag to users in China. Congress wants some answers on smartphone privacy from both Apple and Alphabet. Facebook's wrist is slapped in the UK. Langley Credit Union identity theft case proves not necessarily related to the OPM breach.Johannes Ullrich from SANS and the ISC Podcast on securing DNS. Guest is Ken Spinner from Varonis, cautioning that we not allow the high-profile...
More Elon Musk impersonators in social media. Cryptocurrency raided. Spearphishing in Palestine. BlackTech espionage group. Apple upgrades. Polar Flow fitness app and oversharing.
In today's podcast, we hear that advance fee scams run by Elon Musk impersonatorsare usingthe recentlyrescued boys' soccer team asphishbait. Bancor wallet robbed ofcrytpocurrencies. Palestinian policespearphished.BlackTechespionage group using stolen certificates to sign malware. Apple's upgrades are outone privacy enhancement has a workaround. Microsoft is in the process of patching. And another fitness app, Polar Flow, overshares.Jonathan Katz from UMD on homomorphic encryption standards. Guests are Julie Bernard from Deloitte and John Carlson from the FS-ISAC with results from a recent FS-ISAC survey.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Malware infections down during World Cup matches. UK-Russia tensions. Australian National University hacked. Data breach notes. Calls for cooperation. Tell it to the Marines.
In today's podcast, we hear that if your nation's team was playing a World Cup match, you probably weren't visiting dodgy websites. Concerns mount in the UK that Russia may be readying a long-expected attack on British infrastructure and holding it until the Cup is decided. The Australian National University is hacked in an apparent espionage attempt. Data breaches atTimehop,DomainFactory, and Macy's. Russia calls for international cooperation. The Marines say it wasn't them on that dating app.Malek Ben Salem from Accenture Labs with tips on GDPR compliance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
No Distribute Scanners help sell malware. [Research Saturday]
Sellers of malware on Dark Web forums often use No Distribute malware scanning tools to help verify the effectiveness of their wares, while preventing legitimate virus scanning tools from adding the malware to their database.
Daniel Hatheway is a Senior Security Analyst at Recorded Future, and he takes us through their recently published research, Uncover Unseen Malware Samples with No Distribute Scanners.
Learn more about your ad choices. Visit megaphone.fm/adchoices
When catphishing, it pays to know what bait they'll take. Permission hogs are often misers. Cyber comes to the NTC. Natural intelligence screening for artificial intelligence. The Thermanator.
In today's podcast we hear aboutcatphishingin Berlin and Tel Aviv: whether you're offering payment for a white paper or up-to-datefutbolscores, it pays to know the right bait. Android apps may be permission hogs, but it's surprising how often the hogs hoard like misers, never really using them. The US Army pushes cyber into the brigades. How Facebook checks facts. TheThermanatorknows which keys you've typed from the heat your hot hand leaves behind.Emily Wilson from Terbium Labs on their recently released white paper on fraud as a supply chain. Guest is Brian Wells from Merlin International discussing how high-performing health care...
Catphish and Charming Kittens. Data-sharing receives more scrutiny. European copyright law won't be fast-tracked. ZTE gets some relief. Juggalos and Juggalettes defeat facial recognition tools.
In today's podcast we hear about somecatphishinginthe IDF's pond. Charming Kitten uses itself as bait. Facebook and Google face scrutiny over sharing users' information with third-parties. The Pirate Bay is back after its hiatus, and it's back tocryptojacking. The European Parliament voted today to reopen debate on its controversial copyright legislation. ZTE receives some perhaps temporary, perhaps more enduring, relief from US sanctions. And confusion to theMuggalos' facial recognition software.Justin Harvey from Accenture with thoughts on quantum computing. Guest is GadiNavehfrom Check Point Software with a look at open source security tools.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hybrid warfare. Inveterate DDoS against ProtonMail. Security concerns about Chinese companies. Retail breaches. Agencies scrutinize Facebook data abuse. Infrasound weapons?
In today's podcast we hear thatUkrainehas warnedof hybrid warfare during UNcounter-terrorismmeetings. ProtonMail DDoS continues. Security concerns surrounding ZTE, Huawei, and China Mobile. Retail data breaches. A quiz app's backup data are accessed by unauthorized parties. FBI, FTC, and SEC sift through Facebook's answers to questions for the record. A strange set of symptoms among diplomats in China arousessuspicion of infrasound weapons.Rick Howard from Palo Alto Networks on the Cyber Threat Alliance. Guest is VinceArnejafrom 5nine on secure cloud implementations.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Adidas data breach. Facebook on data abuse. Investigation of Exactis data exposure continues. Algonquin College hacked. Tenable's IPO. US-Russia summit will talk election influence ops.
In today's podcast we hear a bit about the data breachAdidas disclosedlate last week. Facebook answers Congressional questions for the record and adopts a data abuse bounty program. Investigation of theExactisdata exposure incident continues, but the class action lawsuits have already begun. Algonquin College discloses a hacking incident. Tenable with hold an IPO. US-Russian summit will take up election influence ops. FireEye says North Korea is hacking Latin American banks.Joe Carrigan from JHU ISI reviewing a recent Black Hat survey of cyber security industry professionals.
Learn more about your ad choices. Visit megaphone.fm/adchoices
VPNFilter malware could brick devices worldwide. [Research Saturday]
Researchers from Cisco Talos continue to track malware they've named VPNFilter, a multi-stage infection with multiple capabilities, targeting consumer-grade routers. Craig Williams is head of Cisco Talos Outreach, and he joins us with the details.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Data breaches and data exposure. Privacy legislation. Improperly collected phone call records destroyed.
In today's podcast we hear thatTicketmaster UK's hacking incident will provide an interesting GDPR test case. Data aggregatorExactisleft nearly two terabytes of personal and business information exposed on the publicly accessible Internet. NSA destroys telephone call data collected in ways it can't square with applicable law. California hastily passes a data protection law. Aveatquevale Harlon Ellison. And our condolences to the victims of the shooting at the Capital Gazette in Annapolis.Dr. Charles Clancy from VA Techs Hume Center, discussing his recent congressional testimony concerning supply chain security. Guest is Dr. Mansur Hasib, discussing his book Cybersecurity Leadership. Learn more about...
Ukraine accuses Russia of preparing a cyber campaign. China eyes Tibetan diaspora. A decryptor for Thanatos ransomware. Nudging away from privacy. Dark web undercover.
In today's podcast we hear thatUkrainehas warnedthat Russia is preparing a coordinated attack against Ukrainian financial and energy infrastructure. China appears to be stepping up surveillance of the Tibetan diaspora. Cisco'sTalosunit has a freedecryptorfor Thanatos ransomware. Facebook's self-audit of data usage proves both more difficult and more skeleton-rattling than hoped. Norwegian consumer watchdogs find that Facebook and Google nudge users away from privacy. An alt-coin sting against drug dealers.Mike Benjamin from CenturyLink onMalspam, and how it differs from run of the mill spam. Guest is Jaime Blasco from AlienVault on the security implications of using open source tools. Learn more...
DDoS attack on ProtonMail. Rancor cyberespionage campaign. PythonBot serves ads and a cryptominer. EU joint cyber response unit forming. Arrests in BEC campaign. Reality Winner's plea.
In today's podcast, we hear thatProtonMailwashitthis morningbyanApophis Squad DDoSattack. Rancor cyberespionage campaign observed in Southeast Asia.PythonBotserves up adware andcryptojacking.WannaCry-themed protection racket is all bark and no bite. EU organizing a joint cyber incident response force. FBI and international partners make arrests in an Africa-based business email compromise racket. Reality Winner's guilty plea.Emily Wilson from Terbium labs with a story of a six-year-old dealing with identity theft. Guest is Paul Aubin from Varonis on the protection of federal systems.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Romania, UK, warn of Russian cyber ops. International norms of cyber conflict. Bronze Butler's USB drives. Too-smart batteries not smart enough. Industry notes. Game cheater gets jail time.
In today's podcast, we hear warnings of Russian cyber operations from Romania and the UK. Recent attempts at developing international rules of conduct (and conflict) in cyberspace. Bronze Butler's naughty USB drivesnot as scary as they sound, but a useful reminder of some sound precautions. FireEye says it never hacked back. Smart batteries may be too smart for their users' good. A new venture fund lends credibility to cryptocurrency and blockchain startups.Overwatchhacker gets jail time in Inchon.Daniel Prince from Lancaster University on cascading failures in complex systems. Guest isVikramThakur from Symantec on theVPNfilterrouter infestation. Learn more about your ad choices....
Nation-state cyberespionage and cybercrime. Cryptocurrency fraud and theft give alt-coins a rocky ride. Sino-US trade conflict update. GDPR data extortion. Spammy protection racket.
In today's podcast, we hear that Taiwan continues to receivethe PLA's cyberattentions. A look at what the Lazarus Group is up to.Cryptocurrencyfraudsters arrested as alt-coin values have a rocky ride.Continuing US hot water forZTEandHuawei.GDPR-themed data extortion. Business email compromise is up. So are ransomware attacks against US city governments.And when is a ransomware attack not a ransomware attack? When it's just a protection racket.Johannes Ullrich from SANS and the ISC Internet Storm Center podcast on evasivecryptocoinminers.
Learn more about your ad choices. Visit megaphone.fm/adchoices
LG smartphone keyboard vulnerabilities. [Research Saturday]
Researchers at Check Point Research recently discovered vulnerabilities in some LG smartphone keyboards, vulnerabilities that could have been used to remotely execute code with elevated privileges, act as a keylogger and thereby compromise the users privacy and authentication details.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Phishing plays small ball with depressing success. Chinese cyberespionage up. US IC, JCS, worries about innovation. Guilty plea in US espionage case. Ex-Knesset member suspected of spying. Supreme Court decides location privacy case.
In today's podcast, we hear that phishing scams continue to nibble away at bank accounts and reputations:theState of Oregon is among those suffering. Avoid emails promising you leaked pictures of YouTube stars. Chinese espionage against US targets rises. US Intelligence officials worry that failure to play a long game puts the country at a disadvantage with respect to innovation. TheJoint Chiefs mull electronic warfare issues. Reality Winner makes a plea agreement in her espionage case. And from ecstasy tablets to Iranian spying is a short sad road.Ben Yelin from UMD CHHS weighs in on the US Supreme Court decision on...
Malicious apps, a clever botnet, and cryptojacking. Patch notes. EU copyright regulations. Congress still doesn't like the cut of ZTE's or Huawei's jib. Tesla sues a former employee.
In today's podcast we hear about amalicious appthatwill save your battery, but it will also install a backdoor, steal information, and click on a bunch of ads. A sophisticated and patient botnet, Mylobot, is observed in the wild, but it's not yet clear what it's up to.Cryptojackersexploit a known (and patched) Drupal vulnerability. Vectra finds tunnels. Google adds security metadata to Android apps. Cisco patches. The EU's proposed copyright regulations attract little love. Congress pursues ZTE and Huawei. And Tesla sues a former employee.Ryan LaSalle from Accenture, on the opening of their new Cyber Fusion Center. Guest is Ned Miller...
Satellite communications suffer from Thrip(s). Zacinlo rootkit poses as a VPN. Insecure Firebase apps. EU copyright legislation. Kardon Loader. Bithumb robbed. #Opicarus2018. Bitcoin Baron jailed.
In today's podcast, we hear that theChinese espionage groupThripis targetingsatellite communications operators and others in the US and Southeast Asia.Zacinlorootkit hides inside a bogus VPN. Developers are leaving Firebase apps insecure. The EU's controversial copyright regulation advances from committee.KardonLoader malware is in beta. South Korean cryptocurrency exchangeBithumbis looted of more than $30 million. Anonymous is back with Opicarus2018. And the Bitcoin Baron goes to jail.AwaisRashid from Bristol University on why real-world experimentation is vital to cyber security. Guest is Dr. Chris Pierson from Binary Sun Cyber Risk Advisors, weighing in on the claims of sabotage at Tesla. Learn more about...
Charges in Vault 7 case. Olympic Destroyer appears to be back. Liberty Life hack. Does Tesla have a rogue insider? US Senate hits at ZTE. Guilty plea in OPM hack-related fraud. Motive: blackmail.
In today's podcast we hear that the US has charged a former CIA engineer in the WikiLeaks Vault 7 case. Olympic Destroyer may beback, andpreparing to hit chemical weapons investigators and arms control specialists. Updates on the Liberty Life data extortion investigation. Elon Musk says Tesla Motors has an internal saboteur. The US Senate snatches the lifeline out of ZTE's hands. A guilty plea in OPM-breach-related fraud. A possible motive in the Jeopardy champ's email hacking.David Dufour from Webroot with insights on the impact theyre seeing from GDPR. Guest is LennyZeltserfrom Minerva Labs discussing his IT and security cheat sheets....
Date extortion attempt against Liberty Life. Rex Mundi, Black Hand arrests. Hidden Cobra's back. Clipboard hijacking hits cryptocurrency wallets. ZTE, Huawei security fears. Pulp fiction.
In today's podcast we hear thatLiberty Lifehassustainedan attempt at data extortion. In separate operations, international police agencies cooperate against Rex Mundi, Black Hand, and the remnants of Silk Road. Cyber espionage notes. North Korean hacking resumes. More clipboard hijacking afflicts cryptocurrency wallets. Security concerns tighten around ZTE and Huawei. And pulp fiction: from Russia with love, and from the Clinton Library.Malek Ben Salem from Accenture Labs on concerns over emerging technology capable of voice impersonation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyber bank heists. [Research Saturday]
Carbon Black's Chief Cybersecurity Officer Tom Kellerman shares the results of their recent report,Modern Bank Heists: Cyberattacks & Lateral Movement in the Financial Sector.
For the report, they interviewed CISOs at 40 major financial institutions, revealing attack and mitigation trends.
Learn more about your ad choices. Visit megaphone.fm/adchoices
MysteryBot developed from LokiBot. Satan rebranded as DBGer. Snooping on iOS got harder, but maybe not impossible. IG report on the FBI is out, not damning but not good, either.
In today's podcast we hear thatMysteryBot is under development and presumably being prepared for sale on the black market. Satan ransomware gets a makeover and a new name. Apple has taken measures to make iOS traffic less accessible to snooping, but lawful snoops may already have a way around that security.Kasperkywill no longer work with Europol. The US Justice Department IG reports on the FBI. And a former Jeopardy champion cops a hacking plea.Robert M. Lee from Dragos, on his efforts to educatethrough the use ofcomic strips. Guest is Scott Petry from Authentic8 discussing their FAKE booth at the RSA...
Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State speculative execution bug. Pyongyang is expected to come roaring back into cyberspace. Unlucky 13. Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State sp
In today's podcast, we hear thatLuckyMousehas creptinto an unnamedCentral Asian house. DixonsCarphone data exposure presents complex legal and regulatory issuesit's the first big incident since GDPR came into effect. "Lazy State" is another CPU speculative execution bug. The US Congress doesn't care for ZTE, Australia's government is wary of Huawei, and the EU doesn't like Kaspersky at all. If you didn't like the end of net neutrality, wait until you get a load of the proposed EU Copyright Regulation's Article 13. More hacking expected from Pyongyang.Dr. Charles Clancy from VA Tech, discussing research on antifragile communications. Guest is Stacey Smith...
Cable-tapping for a new century. Lazarus Group update. BabaYaga's cannibalistic malware. Patch Tuesday notes. Cryptojacking. World Cup surveillance. Beware of strangers bearing gifts with USB connections.
In today's podcast we hear that old news is new news when it comes to undersea cables. The Lazarus Group is still at it, against South Korean targets.BabaYagaeats other malware so it can stage WordPress spam. Patch Tuesday notes, including some products that Redmond will no longer support.Crytpojackersare still busy. One new strain of coin-mining malware uses the Eternal Romance exploit to spread. World Cup surveillance threatens visiting fans. And don't plug gifts from strangers into your USB port.Justin Harvey from Accenture with thoughts on supply chain security. Guests areSaherNaumaanand Kirsten Ward promoting RESET, BAE Systems Women in cyber event....
Don't get cozy with Cozy Bear. Code-signing issues stem from muddled documentation. Devices ship with inadvertent backdoor. Matryosha attack. Operation WireWire versus BEC scammers.
In today's podcast we hear that the US Treasury Departmenthasannouncedsanctions against Russian entities it says were too cyber-cozy with the FSB. Code-signing issue looks like what we have here is a failure to communicate. Android devices are being shipped with ADB enabled, andcryptojackersenter by the backdoor. A layered criminal attack posing as emails from SamsungspearphishesRussian victims. OperationWireWirereels in seventy-four business email compromise suspects.Ben Yelin from UMD CHHS on the framing of the encryption debate. Guest is Steve Schult from LogMeIn and LastPass on best practices password security.
Learn more about your ad choices. Visit megaphone.fm/adchoices
SWIFT fraud (behind a wiper). Coinrail ICO robbery. Chinese espionage. G7 agrees to a coordinated response to hostile cyber operations. Malwaretech faces new charges.
In today's podcast, we hear about more SWIFT fraud, with a wiper attack as misdirection. Cryptocurrency exchange looted of ICO tokens. Chinese espionage in Rhode Island, and a conviction in Virginia. Dropping Elephantspearphishesin think tanks. G7 agreement suggests a coordinated response to hostile cyber operations. Net neutrality expired this morning in the US. And Marcus Hutchins faces additional charges.Jonathan Katz from UMD discussing hashing.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Winnti Umbrella Chinese threat group. [Research Saturday]
Researchers from ProtectWise's 401TRG team recently published research linking a variety of new and previously reported Chinese cyber threat groups.
Tom Hegel is a Senior Threat Researcher with the 401TRG, and he joins us to share their findings.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Adobe patches a zero-day being exploited in the wild. Chinese cyber espionage, and the risks of data-sharing. Facebook default settings glitch. Industry notes.
In today's podcast, we hear thatAdobehas patcheda Flash vulnerability.InvisiMoleis a discrete, selective cyber espionage tool. A Facebook glitch inadvertently changed users' default privacy settings. Leidos exits the commercial cyber market. China is back at IP theft, and some conventional cyber espionage, too. Congress wants explanations of data-sharing with Huawei and ZTE, and it wants those companies investigated as security risks. Feds Facebook friend felons.Rick Howard from Palo AltoNetworkswith the winners from this years Cyber Security Canon gala. Guest is Cory Petty from BAH, host of theBitCoinpodcast, discussing blockchain.
Learn more about your ad choices. Visit megaphone.fm/adchoices
New criminal campaigns out and about. Fancy Bear changes style, but not management. VPNFilter hits more devices. CloudPets overshare, but maybe more benignly than Google and Facebook.
Iron Group said to use Hacking Team source code to build a backdoor. OperationProwlibothcryptojacksand sells traffic. Fancy Bear may be getting noisier.VPNFilterhas a more extensive set of victim devices than previously believed. ZTE pays a billion dollar fine.CloudPetsare oversharing via an unsecured server. The US Senate wants answers from both Facebook and Google about their user data sharing with Chinese companies.Daniel Prince from Lancaster University on the security of Industrial Control Systems. Guests are Kyle Lady andOlabodeAnise from Duo Security covering their annual report on authentication.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Espionage, influence, summits, and elections. What counts as a luxury? An iCloud warrant raises cryptowars speculation. Microsoft's GitHub acquisition. Facebook's coziness with Shanghai?
In today's podcast, we hear thatTempTickandTurlaare interested in the US-North Korean summit. That summit might not take up many cybersecurity issues. Where did North Korea get all that digital rope they want to hang the West with? It seems we competed to sell it to them, more-or-less unwittingly. Russian influence ops continue to give lies their bodyguard of truth. The FBI gets a warrant for a high-profile iCloud account. Microsoft outbid Google for GitHubwhat will Redmond do with all that code? Facebook may have a complicated relationship with Shanghai.Johannes Ullrich from the ICSStormcastpodcast on deserialization. Guest is AmeeshDivatiafrom Baffle on...
DPRK hackers quieter in the run-up to the Kim-Trump summit. Russian EW. Cryptocurrencies and crime. Law firm social engineering. Dodgy World Cup Wi-Fi. Bad AI, a time-traveler's poly.
In today's podcast, North Koreastill seems to be leaving AmericanIoTnetworks more-or-less alone, for now, however actively they're hacking elsewhere. Everythingold is new again, at least with Russian EW. Cryptocurrency crime is a worry everywhere. A look at law firm hacks shows the counselors could use the help of some street-savvy hoteldetectivesmore than a tech-savvy perimeter security solution, although that wouldn't be bad, either. Beware oflettingWorld CupWi-FIbe an own-goal. Apple's latest updates seem privacy friendly. Thoughts on AI, and the polygraphing of a time traveler that soundstotally legit.David Dufour from Webroot on new roles for security, and how that impacts hiring...
Microsoft buys GitHub for $7.5 billion. VPNFilter tries to reconstitute itself. Ransomware and DDoS notes. USA Really seems to be latest in Russian disinformation.
In today's podcast we hear thatMicrosoftis buyingGitHub for $7.5 billion.VPNFilterseeks to reestablish itself. Financial Trojans are up and ransomware is down, but don't count the ransomware out, not yet. A get-decrypted-for-free card to Russian ransomware victims. The children ofMiraitrouble an unhappy world. USA Really may be the latest incarnation of the Internet Research Agency, complete with rabid Florida squirrels, Wisconsin blood-suckers, and advice on Louisiana's secession.Malek Ben Salem from Accenture Labs on using keyboard biometrics to detect mental disorders.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Islamic State propaganda persistence. [Research Saturday]
Researchers from Flashpoint recently explored ISIS' ability to distribute propaganda across the internet, and their use of major internet service providers to help them achieve persistence.
Ken Wolf is a Senior Analyst at Flashpoint, and he describes what they learned.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Lazarus Group updates. Cybercrime's GDP. New Zealand a Chinese espionage target? ZTE and Huawei criticized. BND will continue to monitor Frankfurt hub. Google's knowledge panels.
In today's podcast we hear that theLazarus Group may be on (relative, selective) good behavior. A study suggests that if cybercrime were a country, it would have a GDP comparable to Russia's. The Canadian Security Intelligence Servicewarns, in the nicest way possible, that Chinese spies are out to get New Zealand. ZTE and Huawei come in for more criticism. The BND gets a court victory in Leipzig. Google's ground-truth algorithms are looking a little truthy.Joe Carrigan from JHU ISI withfollow-upon listener comments from last weeks iOS vs Android discussion. Guest is Todd Inskeep from BAH with highlights from a talk...
Kaspersky loses court challenge to US Government ban. Cryptomix ransomware. US Departments of Commerce, Homeland Security, and Energy plan resiliency. A packrat at CIA? Reboot your routers.
In today's podcast we hear thatKasperskyhas lostits court challenge to the US Government ban on itsproducts, butplanstoappeal.Cryptomixransomware is out in the wild. Vulnerabilities found in SingTel routers. Chrome 67 update includes patches. The US Departments of Commerce and Homeland Security address botnets (and ask for research). The US Department of Energy plans for resiliency. Twitter takes down tweens. A packrat at CIA? Reboot your routers.Robert M. Lee from Dragos, reviewing some recently published ICS security reports. Guest is Adam Vincent fromThreatConnecton the increasing importance of threat intelligence for many organizations.
Learn more about your ad choices. Visit megaphone.fm/adchoices
More North Korean malware identified. EOS scanned for misconfigurations by parties unknown. Canadian banks won't pay extortion. Stay away from Joker's Stash. Crime and punishment.
In today' s podcast, we hear that the US has attributedtwo more strains of malware to North Korea. And whether you call them Hidden Cobra or the Lazarus Group, it's the same reliable crew of Pyongyang hoods. More trouble for the ICO world as unknown but probably bad actors scan for misconfigurations in EOS blockchain nodes. Canadian banks decline to pay extortion. Joker's Stash counterfeits show there's even less honor among thieves than you may have thought.Baratovgets five years for the Yahoo! hack, and "Courvoisier" gets a solid ten-year sentence for multiple crimes.Justin Harvey from Accenture with thoughts on GDPR....
Rebooting routers against VPNFilter. Canadian banks compromised? Cobalt gang is back. 51% attacks on blockchains. "Courvoisier" sentenced. NATO looks at Russia's weaponized jokes.
In today's podcast we hear that the FBI recommends rebootingyour routersagainstVPNFilter. Data extortion hits Canadian banks. The Cobalt Gang is back. 51% attacks fiddle with cryptocurrencies.BackSwapbanking Trojan is tough to detect. Coca-Cola discloses data theft by a former employee. Courvoisierthe hacker, not the cognac, gets ten years. Facebook continues to work on its content moderation, and Papua New Guinea may block the platform for a month of study. NATO studies humor, very seriously.Ben Yelin from UMD CHHS on police attempts to use a deceased persons fingerprints to unlock a phone. Guest is Mike Benjamin from CenturyLink on their recent threat...
UPnProxy infiltrates home routers. [Research Saturday]
Researchers at Akamai recently published a white paper titledUPnProxy: Blackhat proxies via NAT Injections.
In it, they describe vulnerabilities with Universal Plug and Play capabilities in home routers, and how malicious actors could take advantage of them.
Chad Seaman is a senior CERT engineer at Akamai, and he's our guide.
Learn more about your ad choices. Visit megaphone.fm/adchoices
VPNFilter takedown. Low-cost Android phones with preloaded adware. Alexa's selective attention. BMW patches connected cars. Cryptocurrency crimes. New swatting charges. GDPR is here.
In today's podcast, we hear that the FBI's takedown ofVPNFiltermay have averted a major state-directed campaign. Some discount Android phones come with preloaded adware. Amazon's Echo echoed a little too much. BMW patches some potentially serious vulnerabilities in its connected cars. Cryptocurrency exchanges hit by a double-spending crook. The US Justice Department investigates crypto exchange price manipulation. New charges have been filed in the December Kansas swatting death. And GDPR is now with us. Let the lawsuits begin.Joe Carrigan from JHU ISI, comparing the security of iOS vs. Android. Guest is Mischel Kwon fromMKACyberon the evolving role of SOCs. Learn...
VPNFilter and battlespace preparation. XENOTIME may be back, and after industrial systems. GDPR updates. Following Presidential Tweets.
In today's podcast, we hear thatVPNFilter, described by Cisco'sTalosresearch unit, looks like battlespace preparation for Fancy Bear. The FBI may have succeeded in impeding its operation. Dragos describes XENOTIME, the threat actor behind the TRISIS industrial safety system attacks, and they say we can expect them back. GDPR is coming tomorrow, and a company has found a way of letting worried CISOs sleep at night. And your right to followtheRealDonaldTrumpon Twitter has now been secured by the US Federal Court for the Southern District of New York. Enjoy.Dr. Charles Clancy from the Hume Center at VA Tech, discussing how cell...
Variant 4 and other chipset vulnerabilities. Confucius and Patchwork. Turla goes two-stage. Misconfigured not-for-profit bucket. ZTE's fraying lifeline. Facebook and the EU. Brain Food.
In today's podcast we hear a bit more onVariant 4we may see more like it. Mitigations are under preparation. The Confucius threat group modifies its approach to targets. Turla adopts a two-stage infection technique. A misconfigured AWS S3 bucket exposes a California not-for-profit's clients. ZTE's lifeline may not be so strong after all: the US Administration wants significant concessions and the US Congress seems to want none of it at all. Facebook's EU testimony gets tepid reviews. And a botnet is pushing smart pills and diet supplementsnot that any of you will be tempted.Daniel Prince from Lancaster University on risk...
Speculative Store Bypass. GPON-based botnet. Customer data exposures. Roaming Mantis gets more capable. Nation-state threats.
In today' podcast we hear about theSpeculative Store Bypass vulnerabilitythat's beenfound in most current chipsets. GPON-based routers assembled into botnets. Comcast andTeenSafeclose vulnerabilities in transmission and storage of customer data. Roaming Mantis banking Trojan acquires new functionality. Is Moscow waiting for the World Cup to conclude before going on cyberattack? How about Iran and China? Will DPRK hacking be on the summit agenda? And GDPR is coming Friday, to some information near you.Emily Wilson from Terbium Labs on the notion of fear vs. empowerment applied to security. Guest is Sam Elliott from Bomgar with a review of their 2018 Privileged...
DPRK's Sun Team works from three apps in Google Play. PII for sale in Zheijiang. SPEI theft. Jihadist content in social media. SEA charges. DDoS-for-hire sentencing. ZipperDown bug.
In today's podcast, we hear that North Korea'sSun Teamis risingin Red Dawn. Much PII, mostly out of Japan, appears in the black-market stall of a poorly reviewed vendor. The Mexican bank raid seems, the Central Bank says, to have started with a small brokerage and spread from there. Facebook and Google+ continue to be infested with jihadist inspiration. More charges for alleged Syrian Electronic Army hoods. A man gets fifteen years for, among other things,DDoSingformer employers. And mobile app users? XYZ.Ben Yelin from UMD CHHS on controversy involving North Carolina police using overly broad warrants to gather location data from...
Threat actors hijack Lojack. [Research Saturday]
Researchers from Arbor Networks' ASERT Threat Intelligence Team recently published a report titled, "Lojack Becomes a Double Agent." It outlines how threat actors are altering legitimate recovery utility software and simulating its command and control servers to gain access to target machines.
Richard Hummel is manager of the ASERT Threat Research Team, and he joins us to describe their work.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Something Wicked this way comes. Automating wallet pilferage. Office 365 phsihing scams. DPRK hackers remain active. Recognizing alt-coin investment frauds.
In today's podcast, we hear that anew Mirai variant is out and about: they call it "Wicked." MEWkit automates coin theft. LocationSmart was buggy and leaky. The US Senate has confirmed Gina Haspel as Director ofCetnralIntelligence. Relaxed tensions along the 38thParallel aside, North Korea remains active against South Korea in cyberspace. There's a lot of fraud in cryptocurrency investing, and the SEC would like to help you recognize it.David Dufour from Webroot on threat trends. Guest is HeatherVescent, a futurist and author, describing how she applies her work to cyber security.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Competing for terrorist mindshare. ICS threat group update. AnonPlus vandalizes US state sites. GDPR's disclosure timeline. Congressional hearings. DarkOverlord collared.
In today's podcast, we hear thatAl Qaeda is back, howling online toward whatever lone wolves might be within earshot. The CHRYSENE ICS threat group may be looking beyond the Arabian Gulf.AnonPlusis after US state governmentsNew Mexico, Idaho, and Connecticut have received the hacktivists' puzzling vandalism. What the EU will expect of you within seventy-two hours of discovering a breach. The US Congress wants answers about, among other things, ZTE and Cambridge Analytica. And an allegedDarkOverlordis nabbed in Serbia.Dr. Charles Clancy from the VA Techs Hume Center, discussing the skills shortage for the 5G network buildout. Guest is Ryan Barnette from...
Spyware campaigns: phishing and watering holes. Signal patches (fast). DHS cyber strategy. Russian election hacking. Cyber Investing Summit. Do smart people pick better passwords?
In today's podcast we hear that aspyware campaign centered on Pakistanand thought to be the work of Pakistan's military,comes in two variants: one for Android, the other for iOS. Vietnam is said to be phishing in a compromisedPhomPenh Post website. Signal patches a cross-site-scripting issue very rapidly. The US Department of Homeland Security releases its cybersecurity strategy. The Cambridge Analytica whistleblower talks to the Senate Judiciary Committee. The Senate Intelligence Committee concludes that the Russians didn't like Hilary Clinton. Investigation of Vault 7 leaks continues. Notes from the Cyber Investing Summit. And if you're so smart, how come your password...
Email client vulnerabilities. Sanctions and trade policy. FinFisher in Turkey. myPersonality data scandal. Patch news. High school phishing.
In today's podcast, we hear about reports of email client vulnerabilities. Worries about Russian and Chinese software and hardware vendors. Security and trade policy notes.FinFisherfound used in Turkey. The data scandal that brought down Cambridge Analytica moves to the University of Cambridge, but there the issues seem to be security, anonymization, and possible oversharing. Adobe and Samsung issue patches. A California high school student is accused of phishing for grade books.Ben Yelin from UMD CHHS on the Microsoft overseas data storage case that went to the U.S. Supreme Court. Guest is John Grimm from ThaleseSecurityon their Global Encryption Trends study...
Unauthorized banking transfers in Mexico? A lifeline for ZTE. Iranian cyber op-tempo rises. Russian troll farm's ad buys. Reining in apps. Cell tracking. Anonymous is back.
In today's podcast we hear thatMexican banks may have sustained unauthorized funds transfers. Presidents Trump and Xi seem willing to toss a lifeline to drowning ZTE. Some researchers report an uptick in Iranian cyber operations. Russia's premier troll farm bought Facebook and Instagram ads targeting American teenaged girls. Apple, Facebook, and Twitter tighten their grip on apps connecting to their stores or services. Police cell-tracking receives scrutiny. And Anonymous is back.Justin Harvey from Accenture with his thoughts on whether the U.S. pulling out of the Iran nuclear deal will lead to morecyber attacksfrom Iran. Learn more about your ad choices....
Three pillars of Artificial Intelligence. [Research Saturday]
Bobby Filar is a Principal Data Scientist at Endgame, and coauthor of the research paper,The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation. Thereport surveys the landscape of potential security threats from malicious uses of AI, and proposes ways to better forecast, prevent, and mitigate these threats. Bobby Filar joins us to discuss the paper, and his views on the evolving role of AI in cybersecurity.
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation
Learn more about your ad choices. Visit megaphone.fm/adchoices
Vigilantes and hacktivists. Point-of-sale malware source code leaks. Malicious extensions and apps. US Federal indictments: spying and hacking. Robo-caller gets record fine.
In today's podcast, we hear that vigilanteshavevisitedZooPark, and the lights go outvoluntarilyon some Georgia hacktivists. Treasure Hunter source code posted to a criminal forum. Malicious Chrome extensions and malicious Android photo-editing apps.GrandCrabransomware served by compromised legitimate sites. Russian influence ops. Concerns about a resumption of Iranian hacking.Ex-CIA officercharged with espionage. Hobby hacker indicted on Federal charges. FCC hits arobo-caller with a record fine.Jonathan Katz from UMD on why cryptography is more challenging than many software engineers think. Guest is CyrusFarivar, author of the book Habeas Data, Privacy vs. the Rise of Surveillance Tech. Learn more about your ad choices. Visit...
Cyber conflict between Iran and the US widely expected. ALLENITE threat group is after US, UK power grids. Jack-in-the-Box vulnerability. Signal's memory. Is ZTE going down?
In today's podcast we hear thatUS withdrawal from the Iranian nuclear deal is widely taken as heralding a new round of cyber conflict. Cyberattacks on critical infrastructureare seen asan asymmetric way of war. The ALLANITE threat group is observed successfully reconnoitering US and UK electrical power grids. Jack-in-the-Box does nasty things with images. Signal's self-deleting messages don't, or at least they don't always. And US sanctions may be putting ZTE out of business.Robert M. Lee from Dragos on the sliding scale of cyber security. Guest is Jonathan Matkowsky fromRiskIQwith concerns over ICANNs pending interim policy changes on the WHOIS database...
Subborn IoT botnets. Razzle-dazzle HTML phishing lure. Fancy Bear's false flag. Busy Yahoo boys. Crooks turn from Tor to Telegram. Kaspersky and contractors. Patch notes. SB 315 vetoed.
In today's podcast we hear aboutHide-and-Seek,a hard to flush botnet. A phishing technique takes advantage of an email client's rendering of HTML. Facebook death threats in 2015 are said to have been the work of Fancy Bear, dressed up as the Cyber Caliphate. Nigeria's Yahoo boys are busier than ever. DHS wonders what it will take to get US Federal contractors to get rid of Kaspersky. Crooks turn from Tor to Telegram. Patch Tuesday notes. And Georgia's governor vetoes a controversial cybersecurity bill.Joe Carrigan from JHU ISI on a pilot program from Delaware on mobiledriverslicenses. Guest is Phillip Dunkelberger fromNokNokLabs...
Greek and Turkish hacktivists swap defacements. Process Doppelgnging in the wild. GDRP is coming (like winter, for you Game of Thrones fans.) Profiling infosec enthusiasts.
In today's podcast we hear that hacktivist lightningisflashing acrossthe Aegean, hittingGreek and Turkish TV stations.Process Doppelgngingis observed in ransomware circulating in the wild. Unstructured data could expose enterprises to GDPR regulatory risk. So might transitive data sharing. Big US companies are ready to follow GDPR standards in North America as well as Europe. Older Lantech industrial servers appear vulnerable to remote code execution. Vandals hit security cameras in Japan. And teachers, don't necessarily leave those kids alone, but maybe that cultist isactually aninfosecenthusiast.Emily Wilson from Terbium Labs on third party data showing up on the dark web. Guest is ChrisDollasefrom...
2018 RSAC Outlook. [Special Editions]
Just before the RSA conference this year, we spoke with a pair of industry experts for their take on the year so far, and what they expect to see in the coming months. In this CyberWire Special Edition, we hear from Craig Williams, Director of Talos Outreach at Cisco, and later in the show from Jon Rooney, Vice President of Product marketing at Splunk.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Winnti Umbrella covers multiple threat actors. DPRK off-shores cyber ops. ZooPark is in its fourth generation. GPON router bugs exploited in the wild. Russian Twitterbots. Block the EU?
In today's podcast we hear thatChinese intelligence serviceshave beenseen beneath the Winnti Umbrella. North Korea's off-shoring of cyber operations. ZooPark Android spyware is now in its fourth generation, and still active in the Middle East and North Africa. Vulnerabilities inDasanGPON routers are exploited in the wild. Russian Twitterbots are suspected of tweeting death threats in the UK.David Dufour from Webroot on anti-malware testingprocedures.Andhow do you solve a problem like GDPR?
Learn more about your ad choices. Visit megaphone.fm/adchoices
BlackTDS and ThreadKit offered in criminal markets. [Research Saturday]
Kevin Epstein is Vice President of Proofpoint's Threat Operations Center. Were discussing two bits of research with him today. The first is about BlackTDS, a traffic distribution tool for sale in dark web markets. A little later in the show, hell tell us about ThreadKit, a document exploit builder.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In the shredder or off the truck? Battlespace prep for a supply chain campaign? NG-Spectre found in Intel chips. No domain fronting for you. Kitty mines monero. NSA, US Cyber Command under new management.
In today's podcast we hear that they're hoping in Australia thatbackuptapes made it to the shredder, and didn't fall off the truck. Equifax's board of directors gets reelected. Are China's espionage services preparing the battlespace for a supply chain attack. NewSpectre-like vulnerabilities are found in Intel chips. Google and Amazon clamp down on domain fronting, and anti-censorship advocates are unhappy. Here Kittywe haveMonerofor you. And a change of command at NSA and US Cyber Command.Johannes Ullrich from SANS and the InternetStormcastpodcast, reviewing the history of hardware flaws. Guest is Philip Tully fromZeroFoxwith a recap of a talk he gave at...
Lojack for Laptops backdoor? World Cup cybersecurity. Schneider Electric patch. Reward points for sale. Medical device vulnerabilities. PPD-20 revision?
In today's podcast we look at some indications thatLoJack for Laptopsmight have been compromised toreport back to Moscow.World Cup cybersecurity. Schneider Electric patches developer's tools. Travel and hospitality rewards points are the menhaden of the black market. Medical device vulnerabilities. Taking the gloves off Cyber Command. It's National Password Day, and Microsoft (along with many others) would like to move beyond the password. And a requiem on Press Freedom Day for working journalists murdered by the Taliban.Ben Yelin from UMD CHHS discussing whos responsible when an AI kills someone. Guest is Edna Conway from Cisco on pervasive security architecture andthird...
New nation-state actors in cyberspace. SiliVaccine AV said to incorporate pirated code. Credential stuffing and password reuse. GravityRAT evades sandboxes. GDPR approaches.
In today's podcast we hear that more nation-stateshaveacquiredandare usingcyber capabilities. North Korea'sSiliVaccineanti-virus product appears to have pirated an old version of Trend Micro's scan engine. Despite warnings of credential stuffing, people still reuse passwords.GravityRATnow takes its victims' temperature. Many firms remain unprepared for GDPR. Questions arise about possible overpreparation by two of the biggest companies out there. And some dimwit has hacked a highway sign in Arizona.(Congratulations, knucklehead.)Justin Harvey from Accenture on the uptick in credential harvesting theyre seeing. Guest is PieroDePaolifrom Service Now with results from their recently published security report.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Payment system hack investigated. Patch weaponization. Medical zero-days for sale. Responsible disclosure. Bad bots attack. Car hacking. Trends in phishbait.
In today's podcast, we hear that a possible bank payment systemhack remains under investigationin Mexico. Medical zero-days for sale, and not on the black market. SamSam continues to spread. What to look for in bad bots. Patched vulnerabilities are being weaponized at higher rates. Proof-of-concept car hacking demonstration shows in-vehicle infotainment system vulnerabilities. And when you see thesephishbaitphrases in an email subject line, be sure to spit the hook.Emily Wilson from Terbium Labs on recent takedowns of content on Reddit. Guest is Patrick Peterson fromAgarion Brand Indicators for Message Identification (BIMI), a proposed standard to better secure email. Learn more...
Bank hack in Mexico. FacexWorm goes cryptomining. SamSam's volume discount. Influence ops. Researchers confirm that teams use teamwork.
In today's podcast, we hear about an attemptedbanking hack inMexcio. Hidden Cobra gets busy around diplomacy. TheFacexWormaddscryptominingfunctionality.SamSamransomware looks tocatpureentireenterprises. A Sunday Times investigation finds that Russian Twitterbots tried to swing British voters towardLabour. The US House Intelligence Committee has released its report on influence operations during the last US Presidential election. Researchers find that teams andcommittees are different things.Robert M. Lee from Dragos on regulations vs. incentives. Guest is Dan Lyon from Synopsys on IoT security.
Learn more about your ad choices. Visit megaphone.fm/adchoices
New MacOS backdoor linked to OceanLotus. [Research Saturday]
Researchers at Trend Micro recently discovered a backdoor targeting MacOS users that they believe is the work of the OceanLotus threat group, an organization previously thought to have launched targeted attacks against human rights organizations, media organizations, research institutes, and maritime construction firms.
Mark Nunnikhoven is VP of Cloud Research at Trend Micro, and he explains what they've learned.
https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/
Learn more about your ad choices. Visit megaphone.fm/adchoices
Crimeware kits, ransomware, and source code breaches. The Internet conduces to organic radicalization. Russia in Finland. Snooper's Charter notes. Crypt armistice or just key escrow?
In today's podcast we hear thatRubella hits the shelves of the criminal black marketit's the crimeware kit, not the German measles.Necursgets shifty by going retro. iPhone unlocking specialists endure an apparently minor breach. The sad story of structural extremism on the Internet. Finland says the Russians are coming there, too. Snooper's Charter setback. Proposed bill would make it easier for DHS to clean US Federal networks. Crypto Wars modus vivendi said to be just key escrow.Dr. Charles Clancy from VA Tech Hume Center on the 5G mobile network rollout. Guest isMerikeKaeo fromFarsightSecurity, discussing DNS data as an early warning system...
Some fix fast, others not at all. Ransomware campaign's demands are non-negotiable (for most victimsRussians get a hometown discount). Content filtering. Jamming in Syria.
In today's podcast we hear about another exposed data base, trouble with routers, issues with storage cameras, and problems with storage devices. Some have been promptly fixed, but others are offering users Hobson's choice: take it or leave it. An apparent ransomware campaign says payment demands are "non-negotiable," unless, of course, you happen to be Russian, in which case, let's talk. Citizen Lab complains about certain kinds of content filtering in South Asia. What's up with Compass Call in Syria?Jonathan Katz from UMD on mathematical backdoors. Guest is Paul Burbage from Flashpoint on the compromised Magento sites. Learn more about...
DPRK plays offense and defense. PyRoMine and EternalRomance. Russian disinformation on Syrian massacre. Alt-coin heist may be misdirection. Nakasone confirmed at NSA. Webstresser takedown.
In today's podcast, we hear thatNorth Koreahas gone bigwithGhostSecret. Meanwhile, Pyongyang's elite tries to cover its online tracks.PyRoMineusesEternalRomanceto disable security systemsenroutetocryptomining. Russiaenagagesin video disinformation about Syrian nerve agent attacks. A complicated alt-coin heist may be misdirection for something bigger. Huawei may be in trouble over Iran sanctions. Apple patches. Europol takes downWebstresser. General Nakasone confirmed as Director NSA and Commander USCyberCom.Daniel Prince from Lancaster University on security in the financial sector. Guest is Joe Cincotta from Thinking Studio on how smart design leads to better security.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ransomware in Ukraine's Energy Ministry. Energetic Bear infrastructure. Anonymous Twitter accounts equal bots? Orangeworm in x-ray, MRI machines. Sanction notes. Election security.
In today's podcast, we hear thatUkraine's Energy Ministryisunder ransomware attack. Kaspersky finds infrastructure belonging to Energetic Bear. Lots of anonymous Twitter accounts pop up in East Asia.Orangewormis after something in healthcare networks, but whether it's IP or PII is unclear. Disclosure and patch notes. Kaspersky may be the subject of US sanctions. A hacker in the Yahoo! breach case could get almost eight years. As US midterms approach, thoughts turn to election security.Joe Carrigan from JHU ISI on devices that unlock iPhones. Guest is Jerry Caponera from Nehemiah Security on quantifying cyber risk. Learn more about your ad choices. Visit...
ISIS coordinates online inspiration campaign with terror attacks. APT10 spearphishing. IE zero day. Twitter won't sell Kaspersky ads. UK sentence in Crackas with Attitude case.
ISIS returns to its grim inspiration. China's APT10collects against Japan. An Internet Explorer zero-day is reported undergoing exploitation in the wild. Twitter won't sell Kaspersky any moreads, butdoesn't have any specific explanation for why not. For its part Kaspersky says it's going to donate its Twitter advertising budget to the Electronic Frontier Foundation. Bad but expected news about router security. ZTE's regulatory troubles.CrackawithAttitudewill do time.Malek Ben Salem from Accenture Labs on the malicious use of AI.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Researchers with Arbor Networks ASERT team have been tracking a malware campaign targeting commercial manufacturing, and have uncovered various samples dating back to at least 2016.
Richard Hummel isThreat Intelligence Manager for Arbor Networks' ASERT Team, and he takes us through what they've discovered.
https://www.arbornetworks.com/blog/asert/innaput-actors-utilize-remote-access-trojan-since-2016-presumably-targeting-victim-files/
Learn more about your ad choices. Visit megaphone.fm/adchoices
RSA wraps up. Staging offensive cyber operations. (Information ops, too.) Business email compromise affects maritime shipping sectors. Sanctions bit Chinese device giants.
In today's podcast, we take look back at RSA as the big security conference wraps up. Tension between Russia and the West continues to manifest itself in apparent staging attacks and information operations. ISIS in its diaspora returns to recruiting and inspiration. A business email compromise campaign afflicts the maritime shipping sector. Atlanta still struggles to recover fromSamSamrasomware. Sanctions drive Huawei from the US market; ZTE may soon follow.David Dufour from Webroot, with thoughts on the conference. Guest isCyberWireeditorJohnPetrik, with thoughts on a cyber Geneva convention.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Dispatches from RSA 2018. Russia continues to test the Five Eyes' patience and resolve. Trustjacking, Stresspaint, and an exposed AWS bucket.
In today's podcast we have someRSA notes: an industry-led cyber Geneva Convention, threats and deterrence, and addressing a labor shortage. New Zealand joins Australia, the UK, and the US in warning that someone's exploiting vulnerable routers. Moscow demands to see the evidence that this someone is Russia.Trustjackingafflicts iOS users.StresspaintTrojan is out in the wild, posing as an innocent app. Another exposed AWS bucket is found.Rick Howard from Palo Alto on the notion of a "cyber moon shot." Guest is Malcolm Harkins from Cylance on why it's unacceptable to adopt the attitude that bad guys getting in is inevitable. Learn more...
More cyber battlespace preparation. Hacking as the continuation of war by other means. Ongoing social media privacy concerns. Tech glitch extends tax deadline. Notes from RSA.
Reconnaissance and staging in cyberspace, with Five Eye warnings to Russia. Privacy class action suit complains of Facebook facial recognition. Australia joins the ranks of ZTE sceptics. Cyberwarfare discussed at RSA: retaliation, deterrence, renunciation, and a private sector push for international norms. Attention tax procrastinators: the IRS says it was hit by a glitch, and not hacked.Zulfikar Ramzan from RSA with thoughts on the conference.Guest is Kevin McNamee from Nokia, discussing threat intelligence and mobile device ransomware.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Russia versus routers. Desert Scorpion swept out of Google Play. ZTE faces sanctions. RSA notes, and a Sandbox winner.
In today's podcast we hear thatWestern governments attribute a large-scale campaign against poorly secured connected devices to Russia. Battlespace preparation is suspected. No new US sanctions against Russia, yet, but the matter remains under consideration. ZTE falls under the same cloud as Huawei. Desert Scorpion spyware ejected from Google Play. And there's a winner in RSA's Innovation Sandbox:BigIDtook away the prize.Justin Harvey from Accenture, joined by the head of Accenture's Cyber Defense team, Ryan LaSalle, discussing their 2018 State of Cyber Resilience report.Guest is JasonBrvenikfrom NSS labs on their Advanced Endpoint Protection (AEP) Group Test. Learn more about your ad...
Info ops follow airstrikes, to be followed by sanctions. Expect cyberattacks and reprisals, with a chance of kompromat.
In today's podcast, we note thatRSAhas openedwith ten rising stars in its annual Innovation Sandbox. US, British, and French coordinated strikes against Syrian chemical warfare targets prompt Russian information ops and warnings from Britain that the UK will retaliate against any cyberattacks against infrastructure. Charges are filed against an allegedRevetonransomware money launderer.Emily Wilson from Terbium Labs with tips for conference-goers. Guest is Paul Martini fromiBosswith thoughts on growing cyber security companies in a crowded marketplace.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Energetic Dragonfly and DYMALLOY Bear 2.0. [Research Saturday]
Researchers at Cylance recently uncovered the malicious use of a core router in a campaign aimed at critical infrastructure around the world.
Kevin Levelli is Director of Threat Intelligence at Cylance, and he takes us through what they've discovered.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Operation Parliament seems to have got what it came for. EITest finally sinkholed. Facebook testimony on Capitol Hill. Estonia reports. Swatting case teaches nothing?
In today's podcast, we hear that, while the operators behindOperation Parliamentpretend tobe nothing but a bunch of skids, they're anything but.EITestgets taken down. Facebook this week faced questions about privacy and ideological bias. Most observers think these questions were largely ducked. Estonia's Annual Report on security is worth reading no matter where you live. And an accused swatter seems to have learned nothing from his experience.Dr. Charles Clancy from the Hume Center at VA Tech, discussing LTE network vulnerabilities. Guest is Dinah Davis from CodeLikeaGirl.ioand Arctic Wolf Networks, discussing diversity at tech conferences. Learn more about your ad choices. Visit...
Zuckerberg testimony. Supply chain cyber threat to satellites. DPRK destructive malware. "Early bird" code injection. GCHQ vs. ISIS. Germany blames compromise on Russia. Salisbury attack update.
In today's podcast we hear thatFacebook's CEO Mark Zuckerberg has finished testifying on Capitol Hill, denying that Facebook sells data or that it knew what those people at Cambridge were up to with the data they obtained. Supply chain cyber threats to satellites. North Korean destructive malware may be back. Early bird code injection. GCHQ takes on ISIS in cyberspace. Germany attributes 2017 network intrusions to Russia. International body confirms British official accounts of the Salisbury nerve agent attacks.Chris Poulin from BAH onself drivingcar tech that monitors the drivers gaze to make sure they are paying attention to the road....
Mark Zuckerberg testifies about Facebook, big data, and influence. Patch Tuesday notes. Deterrence or open conflict in cyberspace?
Today we're following all things Facebookit's four o'clock: do you know where your data are? We're betting no. Neither side of the aisle seems content with the answers Mr. Zuckerberg gave to the Senate panel. He's speaking before a House panel today. Patch Tuesday notes. Cyber tensions continue to rise as kinetic and chemical tensions rise between Russia and the West.Justin Harvey from Accenture, discussing cyber hygiene blind spots. Guest is Nahuel Sanchez fromOnapsison vulnerable password recovery systems.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Facebook comes to Washington. Research ethics? IoT threats. Switch bug exploited in the wild. Criminal misdirection. Russia and the West, again. And what do cybercriminals earn?
In today's podcast, we hear thatFacebook begins facing the Congressional music today. What are the rules for online research, professors? Experts say they're worried about weaponized IoT hacks. Hoods exploiting Cisco switch vulnerability in unpatched systems. Named threat groups and bugs as insider misdirection. As relations between Russia and the West worsen, some in Moscow call an end to Peter the Great's experiment. And how do cybercriminals make, and what do they spend it on?Daniel Prince from Lancaster University on clandestine data transmission and steganography. Guest is Gabriel Bassett from Verizon, reviewing his work on the Verizon DBIR report. Learn...
Hacktivists may be warning Russia and Iran against interfering in US elections. Britain on alert for Russian moves against infrastructure. Facebook preps for Congress. Ransomware updates.
In today's podcast we hear about the curious case of hacktivists who may beslugging forUncle Sam.Maybe. Britain's NCSC warns of battlespace preparation for a campaign against critical infrastructure. Facebook prepares for its appearance on Capitol Hill. Facebook also cancels a plan to share anonymized medical data for research purposes. Atlanta continues to recover fromSamSam. And some good news: Malwarebytes has solvedLockCryptransomware.Robert M. Lee from Dragos with his take on why indicting foreign hackers is a bad move.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Crypto crumple zones. [Research Saturday]
In their recently published paper, "Crypto Crumple Zones: Enabling Limited Access Without Mass Surveillance," coauthors Charles Wright and Mayank Varia make their case for an alternative approach to the encryption debate, one based on economics as a limiting factor on government overreach and surveillance.
Crypto Crumple Zones: Enabling Limited Access Without Mass Surveillance
Learn more about your ad choices. Visit megaphone.fm/adchoices
Multibreach via chat app. OceanLotus notes. Mirai vs. Banks. Energetic Bear vs. Switches. Russia warns Britain against provocation. DataTribe finalists.
In today's podcast we hear that abreach in several companies' consumer-facing systems is attributed to a third-party chat vendor. Crooks are tampering with chipped debit cards. Ocean Lotus is back, with a MacOS backdoor. A Mirai variant was used against banks earlier this year. Energetic Bear may be exploiting misconfigured switches. Microsoftlooks intoOffice 360 outages. Russia warns Britain against playing with fire. And threecyber startups areDataTribefinalists.Johannes Ullrich from SANS and the ISCStormcastpodcast, on API security. Guest is JimmyHeschl, head of digital security at Red Bull, discussing the challenges of securing a global brand. Learn more about your ad choices. Visit...
Facebook agonistes. Really agonizing. Ad-supported apps like them some data. Sino-US trade tensions and Chinese cyber espionage. Russian wet work and disinformation. Western reprisals.
In today's podcast we hear thatFacebook's troublesaregettingworse: more people's data were scraped, deleted videos were archived by Facebook, and so on.Appthorityfinds a more general problem with ad-supported apps: they're all hungry for data. Sino-American trade disputes are thought likely to find expression in cyber espionage. China's more interested in confidential financials than in IP. Russia and the West remain at loggerheads. One tip from Sweden on countering Moscow's info ops: don't get caught dancing in yellow rain boots.Joe Carrigan from JHU on power companies charging a premium rate for bitcoin miners. Guest is Larry Cochran fromClaimaticon how driverless cars and...
Facebook boots Russian trolls for being trolls. Zuckerberg will testify before Congress. Different continents, different privacy protections. YouTube shootings. Pipeline hacks. Panera Bread's incident response.
In today's podcast, we hear thatFacebookhas kickedsome Russian trolls out from under its bridge. Why? Because they're Russian trolls, that's why. Facebook CEO Zuckerberg will testify about data security before a House panel next Wednesday. Privacy for the Old World, but maybe not as much for the new. The YouTube shooting may have been motivated by anger over the platform's policies. European air traffic control problems were a glitch, not a hack. Pipeline operators recovering from IT hack. Homeland Security tells the US Senate hostile intelligence services have stingrays in Washington. Panera Bread's response to its potential data exposure.Rick Howard...
Magento brute-forcing. Android IM spyware. njRAT updated. Panera breach. Pipeline operator hacked. Cyber tensions. Cambridge Analytica named in class action suit.
In today's podcast, we hear that theMagento e-commerce platformhasbrute forced.A newAndroid Trojan steals messaging info.njRATgets an update, and some new and trendy criminal functionality. Notes on the Panera Bread data breach. A major US natural gas pipeline operator has its customer billing and scheduling system hacked, which reminds observers of threats to infrastructure. Russia thinks the US and UK are no longer as decent and trustworthy as they used to be during the Cold War. Another data scandal class action suit is filed, naming Cambridge Analytica.Jonathan Katz from UMD on isogeny-based cryptography. Guest is Mike McKee fromObserveIT, discussing data exfiltration....
Department stores suffer a paycard breach. Atlanta still working on SamSam recovery. Ransomware in India. SWIFT fraud attempt. Facebook's troubles. Kremlin doxed. Reality Winner case update.
In today's podcast we hear aboutSaks and hacks, Lord and Taylor andJokerStash: a department store data breach. Atlanta still can't get fully back on its feet afterSamSam. An Indian power utility's billing data are held for ransom. More SWIFT fraud reportedthis round seems to have been unsuccessful. Russia gets doxed. Facebook on who really cares for you. Threats to avionics and undersea cables. And Reality Winner's defense team wants to subpoena a lot of witnesses.Malek Ben Salemfrom Accenture Labs, looking at a long-term approach to implementation of cryptography.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Chasing FlawedAMMYY. [Research Saturday]
FlawedAMMYY is a newly discovered remote access trojan (RAT) thats been used in malicious email campaigns, as far back as 2016.
Ryan Kalember is Senior Vice President of Cyber Security Strategy at Proofpoint, and he takes us through their research.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Under Armour fitness app breached. Warning shot from WannaCry. Lazarus Group update. Aadhaar security questions. Ransomware and city governments. FBI agent charged in leak case.
In today's podcast, we hear thatUnderArmour'sMyFItnessPalapp has sustained a data breach. Boeing'sWannaCryincident is minor, but a timely warning that thisparticular threathasn't vanished. The Lazarus Group is showing fresh signs of activity against its usual targets. Questions about the security of India's Aadhaar circulate. Baltimore and Atlanta incidents show the ransomware threat to city governments. An FBI agent is charged with leaking secret documents. Updates on theNovichokaffair and the Facebook data scandal.AwaisRashid from Bristol University on blockchain trust issues. Guest is Laurin Buchanan from Secure Decisions, discussing NICE competitions. She is co-chair of the competitions subgroup. Learn more about your ad...
Russia retaliates against the US with tit-for-tat PNGs, consular closure. Assange has no more Internet (until he behaves). Fauxpersky and WannaCry seen in the wild. Facebook works on privacy.
In today's podcast, we hear thatRussiahasretaliatedagainst the USwith diplomatic expulsions and at least one consulate closure. Potential cyber operations remain a matter of concern. Julian Assange no longer has Internet access in his room at Ecuador's embassy.WannaCryhits a Boeing plant, but Boeing is resilient enough to work through the infection. A newkeyloggerpretends to be Kaspersky AV, but not very convincingly. Facebook works to upgrade user privacy, and Apple says it doesn't need to do the same.David Dufour from Webroot with tips for first-time conference goers. Guest isDeralHeiland from Rapid7 on smart sensors.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Tensions over Salisbury nerve agent attack remain high. BranchScope raises concerns about side-channel attacks. Facebook data scandal updates. Atlanta and Baltimore recover from hacks.
In today's podcast, we hear that tensions continue to rise between Russia and other, mostly Western, countries as the number of nations taking diplomatic measures to protest the Salisbury attack exceeds twenty-five. Western governments are on alert for Russian cyber operations as well as diplomatic reprisals. A new bug,BranchScope, is found affecting Intel processors. The Facebook data scandal continues. Atlanta and Baltimore recover from hacks of municipal systems.Dr. Charles Clancy from the Hume Center at VA Tech, discussing the security of analog devices in cyber physical systems. Guest is Liv Rowley from Flashpoint on Dark Web refund fraud.And don't be...
Blockchains that bind us. [Special Editions]
The past few month have been all abuzz with excitement about cryptocurrencies and the blockchain. The price of Bitcoin took a rocket ride toward the stars, and stories were coming fast and furious about how the blockchain was going to tranform and revolutionize just about everything. Jonathan Katz is a professor of computer science at the University of Maryland and director of the Maryland cybersecurity center. As well hear in this CyberWire special edition, hes been following blockchain technology and cryptocurrency from its humble beginnings, and hes our guide to understanding how it all works. Learn more about your ad...
Phishing from the library. Facebook and Cambridge Analytica updates. Bots as propaganda readers. SamSam still plagues Atlanta. Aadhaar leaky? Many nations expel Russian diplomats.
In today's podcast, we hear that theMabnaInstitute was pretty good at phishing. Facebook's Mark Zuckerberg sends regrets to Westminster. Facebook is under FTC investigation. CambridgeAnalyticais in hot water with the FEC. Kaspersky says outing Slingshot was just part of the job. The City of Atlanta is finding it surprisingly hard to recover fromSamSamransomware.Aadhaarmay be leaky, again. Bots as Lord Haw-Haws. More than twenty countries expel Russian diplomats. Russian cyber reprisal expected.Justin Harvey from Accenture on cryptocurrency mining. Guest is Steve Piper from CyberEdge with results from their 2018 Cyberthreat Defense Report.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Persona non grata, Ivan Ivanovich. Grid threat worries. Data scandal updates. Malware notes. Reaction to Iranian indictments. Alleged Carbanak kingpin collared.
In today's podcast we hear thatSixty Russian diplomats are now personanon gratain the US. It's the largest such retaliation so far for the Russian nerve agent attack in Salisbury, England. Fear of a Russian riposte against Western power grids remains high. CambridgeAnalyticawas raided over the weekend in the continuing Facebook data scandal. Facebook faces more difficulties over Android data collection. Notes on malware circulating in the wild. Iran objects to US indictments.Daniel Prince from Lancaster University discussing risk management.And the allegedCarbanak"mastermind" is arrested in Spain.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Code comments cause SAML conundrum. [Research Saturday]
Researchers at Duo Security recently unearthed a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password.
Kelby Ludwig is a Senior Application Security Engineer at Duo security, and he takes us through his discoveries.
Learn more about your ad choices. Visit megaphone.fm/adchoices
US indicts Iranian hackers. Guccifer 2.0 is a GRU Bear. Atlanta hit with ransomware. Equifax breach cost consumers plenty. Facebook's troubles persist, as do Cambridge Analytica's.
In today's podcast, we hear thatthe US has indicted Iranian hackers.Guccifer 2.0has beenfingered as a GRU team. Inquiries into their activities are folded into Special Counsel Mueller's investigation. Atlanta, Georgia, hit with ransomware. A study estimates the direct cost of the Equifax breach to consumers. App stores show a decline in malware infestations. Facebook leaders speak, finally, but do little to ease the company's pain. An FTC inquiry could be costly. The CambridgeAnalyticaaffair will have implications for regulations, marketing, and consumer trust.Ben Yelin from UMD CHHS on the Equifax probe being put on ice by the US Consumer Protection agencies....
Kaspersky burned a JSOC op? Facebook affair: apps, legal fallout, regulatory inspiration, apologies and resolution to sin no more. Tariffs against IP theft. Best Buy shows Huawei the highway.
In today's podcast, we learn thatKaspersky Lab appears to have burned a US operation. Facebook has some other governments to answer to, now. Facebook CEO Zuckerberg finally discusses the Cambridge Analytics affair in public. Lawsuits and calls for regulation are shouted up. Best Buy shows Huawei the highway. And we have a brief wrap-up of theBillingtonInternationalCyberSecuritySummit.Joe Carrigan from JHU ISI responding to a listener inquiry about job hunting. Guests are Chad Seaman: Senior Engineer, Security Intelligence Response Team and Lisa Beegle: Senior Manager, Security Intelligence, Akamai, describing the record-settingDDoDattack they recently experienced and helped mitigate. Learn more about your ad...
Preparing for grid attacks. Notes on breaches, crime, and punishment. And Facebook's no-good, bad, awful week.
In today's podcast we hear thatthe USDepartment of Energy says the power grid is preparing for Russian attacks. Teenager finds flawin hardware wallet. Travel service Orbit suffers a data breach. Laurie Love won'tbe extradited to the US. Notes from today'sBillingtonInternationalCyberSecuritySummit. And Facebook's truly awful week continues:theSilicon Age is looking right now a lot like the end stages of the Gilded Age.Jonathan Katz from UMD on the security of e-passports. Guest is J.R. Cunningham fromOptiv, with advice to not get carried away with GDPR.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Power grid threats coming through the router. Cambridge Analytica and Facebook face tough questions.
In today's podcast, we hear thatICS experts continue to warn of grid vulnerability tohacking. AMD chip flaws called real, but not very serious. Cambridge Analytica under investigation in the UK. Facebook tries without much success so far to disentangle itself from CambridgeAnalytica'suse of Facebook data. President Putin wins reelection amid accusations of voting fraud. Former French President Sarkozy is in police custody over Libyan campaign contributions. (The Libyans want their money back, too.)Chris Poulin from BAH on malware evolution. Guest is Patrick Craven from the Center for Cyber Safety and Education, a nonprofit that has scholarships available. Learn more about...
Power grid hacking fears running high. Social media problems. Election DDoS reported in Russia. FTC and SEC cyber enforcement actions. NSA hoarder case update.
In today's podcast, we hear that tensionsbetween Britain and Russia remain high, as the UK fears a cyberattack. US power utilities are also on alert to an ongoing Russian cyber campaign. Despite a claimed DDoS attack, President Putin is re-elected in Russia. Facebook under fire for CambridgeAnalyticadata incident. More political bots in Twitter. YouTube tries content moderation. FTC takes on an alt-coin Ponzi scheme. SEC has "dozens" of ICO investigations in progress. Notes on the Hal Martin alleged NSA-hoarder case.Malek Ben Salem from Accenture Labs with tips on cryptography deployment. Guest is Paul Brigner from the Security and Software Engineering...
There's been an epidemic of cryptojacking code injections recently, as bad actors attempt to cash in on the cryptocurrency craze through unauthorized cryptomining operations on unsuspecting users.
Marcelle Lee is a threat researcher at LookingGlass, and she takes us through her recently published research, Cryptojacking Coming to a Server Near You.
Learn more about your ad choices. Visit megaphone.fm/adchoices
NATO-Russian cyber tensions high. They're also high between Saudi Arabia and Iran. Updates on AMD vulnerability report. Another exposed AWS S3 bucket?
In today's podcast we hear thatNATOhas condemnedRussia forachemical attack in England. The US sanctions Russia forNotPetyaand election meddling, and warns of Russian preparations for an attack against US infrastructure. Chinese cyber operations support that country's claims to the South China Sea. Iran shows increased cyber espionage activity. Observers fear a return of Triton/TrisisICS malware. Another unsecured AWS bucket may have been found.Johannes Ullrich from SANS and the Internet Storm Center podcast, discussing credential stuffing. Guest is Rico Chandra fromArktisRadiation Detectors on securing radiation detectors.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Chip vulnerability disclosure controversial. Black market and point-of-sale malware. SEC charges ex-Equifax exec with breach-related insider trading. Tensions over Salisbury nerve agent attack.
In today's podcast, we hear thatAMD continues its investigation of the backdoors and other vulnerabilities CTS Labs publicly disclosed. That disclosure remains controversial. BlackTDS offers malware distribution as-a-service on the black market.PinkKiteis a small but persistent point-of-sale threat. The SEC charges a former Equifax exec with trading on non-public information of the credit bureau's data breach. Germany, France, and the United States join the United Kingdom in denouncing Russia for the Salisbury nerve agent attack.Rick Howard from Palo Alto Networks, with this years Cyber Cannon nominees. Guest is TedBarduschfromUsermindon data-rich marketing and GDPR. Learn more about your ad choices. Visit...
AMD investigates report of processor flaws. A look at OceanLotus. Patch Tuesday. Russo-British tensions high. MuddyWater threatens researchers.
In today's podcast, we hear thatAMDisinvestigatinga report of exploitable flaws in its processors. Vietnamese threat actorOceanLotusgets a look from researchers. Patch Tuesday notes. Britain expels Russian diplomats in retaliation for a nerve agent attack. Russia demands to know what these cyberattacks are that the UK is said to be threatening. A brief history of Russo-British Twenty-first Century espionage and cyber tensions. Iranian threat actorMuddyWatersthreatens researchers.Justin Harvey from Accenture on the importance of the first 48 hours following a breach. Guest is Patrick Sullivan from Akamai on VPNs and the notion of verify and never trust. Learn more about your ad...
May hands Putin an ultimatum (and cyber conflict is expected). HenBox spies on Uyghurs. Vixen Panda creeps in UK targets by backdoors. Changes at US State Department, CIA. SINET ITSEF notes.
In today's podcast we hear thatBritainhas givenRussia an ultimatum: explain by midnight how your nerve agent got to Salisbury or face the consequences. Russia calls it nonsense. Cyber conflict between the two countries is widely expected. Palo Alto's Unit 42 finds HenBox Android spyware. NCC Labs describes Chinese backdoors used against UK Government and industry targets. President Trump replaces Secretary of State Tillerson with DCI Pompeo. GinaHaspelis tapped as next DCI.AwaisRashid from University of Bristol on cyber physical systems. Guest is Tom Badders from Telos on obfuscation as applied to threat intelligence.And a wrap-up of SINET ITSEF. Learn more about...
Iran grows more capable and assertive in cyberspace. Bots have nothing on humans when it comes to peddling disinformation. Chinese influence ops. Fancy Bear, Slingshot updates.
In today's podcasts, we hear that security firmsare warningof Iran's growing cyber capabilities, and Tehran's disposition to use them. Gossips and activists far outdo bots in spreading disinformation.Memcachekill-switch should be approached with legal caution. Slingshot espionage tools active quietly in the Middle East and Africa for six years. Fancy Bear sniffs at Asia. Australiais concerned about Chinese espionage and influence operations.Jonathan Katz from UMD with his thoughts onSpectreand Meltdown. Guest is Christopher Pierson from Binary Sun Cyber Risk Advisors, with an update on SEC cyber security guidance.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Dark Caracal APT steals out of Lebanon. [Research Saturday]
Researcher from Lookout and the EFF have discovered an APT group operating out of Lebanon they've named Dark Caracal. The group is running a global espionage campaign, targeting journalists, military personnel, activists, lawyers, medical professionals and educational institutions.
Mike Murray is VP of Security Intelligence at Lookout, and he's our guide through their research.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyber reconnaissance. Vulnerability database misdirection. Cryptoming attempts. New Memcrash DDoS. Policy changes in the US coming as agencies report?
In today's podcast, we hear reports of cyber reconnaissance of Turkish financialinstitutions: Hidden Cobra is the suspect. The Chinese government appears to have finagled its national vulnerability database to afford misdirection to cyber operations.Cryptominingattempts hit Windows endpoints. Othercryptojackingcampaigns afflict vulnerable servers.MemcrashDDoS hits new targets. The US Administration hints at possible cyber policy changes.Emily Wilson from Terbium Labs, on the issue of trying to spend our way to security. Guest is PriscillaMoriuchifrom Recorded Future, with research documenting a backdating issue in the CNNVD, Chinas National Vulnerability Database.
Learn more about your ad choices. Visit megaphone.fm/adchoices
A Memcrash kill-switch. Shadow Brokers' leaked "Territorial Dispute" tools. Dutch DDoS, Indian hacks. FBI and backdoors. Notes from SINET ITSEF.
In today's podcast, we hear that akill-switch forMemcrashmay have been found (andMemcrashmay be dangerous for other purposes than denial-of-service). Researchers in Hungary take a look at the Shadow Brokers' dumps and speculate about the purpose of the "Territorial Dispute" module. The Dutch Tax Authority sustained another DDoS attack last night. India's CERT renders a troubling report to Parliament. The FBI still wants a non-backdoor backdoor.David Dufour from Webroot on vulnerabilities in cryptocurrency markets. Guest is Richard Henderson from Absolute Software on protecting against insider threats.And some notes from SINET ITSEF.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Patchable vulnerabilities in Apache Struts and Exim. CombJack malware. DPRK vs. UN Panel of Experts. Cyberwar and legal limits. Espionage Act prosecution. Infowars turn grimly kinetic.
In today's podcast, we hear that spies like Apache Struts exploits. Server vulnerabilities described. A newcryptojackersteals at least four varieties of cryptocurrency. North Korea may have hacked UN sanctions enforcers. Dutch Intelligence (and Microsoft) warn of cyberwar, but it's not a declared war, which makes response harder. Update to the pack rat defense, with considerations ofmensrea. ISIS terror inspiration. And a possible assassination attempt.Chris Poulin from BAH on next generation IoT devices, like security robots. Guest is Sylvain Gil fromExabeamon business by design, and the importance of the design process in security solutions. Learn more about your ad choices. Visit...
Cyber espionage in Central and Eastern Europe. Cyber deterrence. Notes from Matrosskaya Tishina. Exabeam describes what crooks can get from your browser.
In today's podcast we hear thatFancy Bear sightings continueFancy seems to have settled down in Montenegro, and Germany is seeing bears and snakes. Cyber deterrence is much desired but difficult to achieve. Notes from a Russian jail. Reddit purges influence ops trolls. What criminals can learn from your browser. CFIUS puts hold on Broadcom's bid for Qualcomm. The US FDA wants to block its people from looking at adult content at work.Daniel Prince, Senior Lecturer in Cyber Security at Lancaster University, introduceshimself as our newestacademic research partner.Guestis Jeremy Wittkop fromInteliSecurewith a call for participants in their Critical Data Protection BenchmarkSurvey....
Humanitarian organizations targeted. Memcrash extortion. Spring Break bug. Equifax breach update. Russian influence operations (and American "yelling and hollering").
In today's podcast, we hear about anew campaignthattargets humanitarian organizations with North Koreanphishbait.Memcrashis now being exploited by criminal extortionists. Equifax losses from last year's breach are said to mount. Germany says it detected the compromise of a secure government network before too much damage was done. They don't offer official attribution, but everyone else says it was the Russians. The Russians say they didn't do it. President Putin deplores "yelling and hollering" in the US Congress.Ben Yelin from UMD CHHS on section 702 reauthorization.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Lebal malware phishes for victims. [Research Saturday]
Researchers at Comodo Security Solutions have been tracking a recently discovered strain of malware named Lebal. The malware uses several clever techniques to attempt to hide itself, and once installed targets credentials and cryptocurrency wallets.
Fatih Orhan is VP of Threat Labs at Comodo, and he takes us through their research.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Memcrashing no longer just a theoretical possibility. Fancy Bear's pawprints in German networks and other peoples' embassies. Deterrence in cyberspace. High-profile fraud victims.
In today's podcast, we hear that aMemcrashamplification attack took GitHub offline, but only briefly, thanks to Akamai mitigation. Germany continues to fight off ongoing attacks on sensitive government networks. Germany hasn't said so, but everyone else sees Fancy Bearspawprintsover this one. Fancy Bear is also said to be snuffling around embassies and other diplomatic targets. Capitol Hill mulls cyber deterrence. Equifax breach looks worse.Robert M. Lee from Dragos on ICS in advanced manufacturing. Guest is Marcus Harris from Saul Ewing Arnstein & Lehr LLP, discussing the decision by companies like McAfee and Symantec to allow the Russians to look at...
Fancy Bear finds Berlin just right. RedDrop Android blackmail malware. Another AWS S3 exposure. FTC settles; SEC investigates. Blockchain radix malorum?
In today's podcast, we hear thatFancy Bearhas beenbusy in a sensitive German government network.RedDropAndroid malware is built for blackmail. Another exposed AWS S3 bucket is disclosed. Intel issues anotherSpectrefix. The FTC reaches a settlement withVenmoover privacy, security, and availability of funds. The SEC is investigating a number of initial coin offerings.Johannes Ullrich from SANS and the ICSStormcastpodcast, with information on theMemcacheDOS issue. Guest is Rami Sass fromWhiteSourceon open source software.And Mr. Gates is no fan of cryptocurrencies (and it seems cryptocurrency mavens are no fan of Mr. Gates).
Learn more about your ad choices. Visit megaphone.fm/adchoices
Memcrash and amplification attacks. SAML vulnerabilities. Thanatos ransomware. Petya returns (so does Marcher). Deterrence and election security.
In today's podcast, we hear thatMemcrashthreatens big DDoS events. Problems with single-sign-on solutions. Thanatos ransomware looks like its masters botched it, but that's not necessarily good news. The Marcher banking Trojan is back and bigger than ever. A new variant ofPetyaransomware may be in circulation. What's the point of a false flag if no one's fooled?Dale Drew from CenturyLink on collaboration trends. Guest is Eric Cole, author of Online Danger.And the US Senate asks, how do you solve a problem like Vladimir?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cryptojacking through an AWS S3 bucket. Threats, risk, and unintentional mistakes. Crime and punishment. Industry notes. Alien hackers?
In today's podcast, we hear thatCoinHivewasinstalled via a misconfigured AWS S3 bucket. Unintentional password collection. Threat and risk trends for 2018. Avalanche phisher king rearrested in Kiev. Huawei says it's being picked on. Apple makes nice with Beijing. Industry notescontrolling interests and an ICS security Series B round. Reality Winner wants her confession suppressed. Hal Martin's packrat defense may have received an unexpected boost.Johannes Ullrichfrom SANS and the InternetStormcastpodcast, on hacked third-party cables. Guest is Terry Dunlap fromRefirmLabs on firmware vulnerabilities.And could alien signals be alien hacks?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Olympic hackingfalse flags and attack infrastructure. Cryptojacking. Smartphone security bans. Heraldic animals of hacking.
In today's podcast, we hear that anonymous US Intelligence sources call the Olympic hacks a Russian false flag operation. More cyberattacks are expected from the infrastructure set up to hit the Games. Calls for international norms for cyber conflict rise.CrowdStrike'sGlobal Threat Report sees proliferation and commodification of attack tools. Ad network servescryptojacker. Malicious smartphones or just a tradewar?Joe Carrigan from JHU on securing AWS buckets. Guest is Randall Murch from VA Tech on cyber bio security.And a scorecard for hacking heraldry.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Phishing for holiday winnings. [Research Saturday]
Or Katz is principal lead security researcher for Akamai's Enterprise Security Business Unit, and the research hes sharing today is a widespread phishing campaign targeting users using an advertising tactic. The research is titled, Gone Phishing for the Holidays."
Learn more about your ad choices. Visit megaphone.fm/adchoices
In today's podcast we hear,OMG,thatMirai is out in a new and improved form. Researchers find buggy smart contracts on Ethereum. A Chase glitch briefly exposed banking customers' information to other banking customers. Hacktivists continue to hit spyware companies. Verizon's Mobile Index warns that mobile security is being traded for business efficiencies. Thales looks at data security and finds that data breaches seem to have risen with cloud migration. The FTC doesn't like credential stuffing.Emily Wilson from Terbium Labs with an update on Dark Web markets after last years Alpha Bay takedown. Guest is Andrea LittleLimbagofrom Endgame, discussing her blog post,...
Code signing certificates for sale. Impact of cybercrime on the world economy. Reaper out from under Lazarus's shadow. Catphishing. Cyber intelligence against terror. Ransomware and other hacks.
In today's podcast, we hear that counterfeit certificatesareon sale in criminal souks. Cybercrime is said to cost $600 billion globally every year. Russia objects to being called a bad actor in cyberspace. North Korea's Reaper threat actor steps out from the shadow of its big brother, the Lazarus Group.Catphishfrom Lebanon spread spyware through Facebook. Israel says it gave Australia a cyber assist against ISIS terror last summer. Ransomware notes.Prof.AwaisRashid from University of Bristol on what students should be learning about cyber security. Guest is MartijnGrootenfrom Virus Bulletin on security product testing and the changes theyve seen over time in the...
SWIFT phishbait. DPRK hacking gets better; GRU hacking looks east. Coldroot RAT. Cryptojacking. Election cybersecurity.
In today's podcast, we hear thatSWIFTphishbaitis hittinginboxes. North Korean hackers show fresh sophistication and new ambitions. Fancy Bear seems to be snuffling east. Monero miners in Word, and whycryptojackingfor Bitcoin is harder than it is for other currencies. TheColdrootRAT hides in plain sight. The US Departments of Justice and Homeland Security undertake new approaches to election security.Justin Harvey from Accenture on data-centric security. Guest is Scott Totzke from ISARA on the threat to encrypted data by quantum computing.And Facebook has a new verification mode: send in a postcard.
Learn more about your ad choices. Visit megaphone.fm/adchoices
SWIFT fraud in India. DPRK hacking updates. Notes on Russian influence ops, both indictments and continuing activity. Alleged Florida gunman may have been an Internet known wolf.
In today's podcast we hear thatSWIFT fraudhas hit anIndian lender. North Korean hacking continues, even during the DPRK's Winter Olympics charm offensive. US indicts Russian influence operatorsthe Internet Research Agency is the leading defendant. Russian trolling continues, exploiting the Florida school shooting. (And the alleged shooter apparently expressed his intentions online.)Rick Howard from Palo Alto Networks, on the importance of partnering with universities to improve the quantity and diversity of people coming through the STEM pipeline.All Five Eyes see Fancy Bear behind NotPetya.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The uncanny HEX men. [Research Saturday]
The research were discussing today is called, Beware the Hex Men, and it tracks multiple attack campaigns conducted by a Chinese threat actor. The GuardiCore Labs team identified three attack variants that they named Hex, Hanako and Taylor, targeting SQL servers.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The complexities of Olympic Destroyer. More blame for Russia in the matter of NotPetya. Congress mulls election security. New York cyber milestone. Ed Snowden as phishbait.
In today's podcast, we hear more aboutOlympic Destroyer: its relationship status with known threat actors is "complicated." The US joins the UK in blaming Russia forNotPetya, andseems to be considering sanctions. The US Congress considers electionsecurity, andconsiders a state-level option: let governors call in the National Guard. New York cyber law reaches its second milestone.Zulfikar Ramzan from RSA, discussing the hype around blockchain technology. Guest is JackRhysider, producer and host of the Darknet Diaries podcast.And no, Edward Snowden has not moved in down the block and bought a two-terabyte iCloud storage plan.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Olympic Destroyer took its time, compromised the IT supply chain. NotPetya attribution. Coin scams. Coin miners. Botnets old and new.
In today's podcast we hear thatOlympic Destroyer may have started with a supply-chain compromise back in December. The British Foreign Office blames Russia for NotPetya pseudoransomware, and the Russian Foreign Ministry says they didn't do anything. Trend Micro researchers find a new Monero cryptomining campaign underway. Coinherder phishes in alt-coin wallets. The Satori botnet has expanded its target list. A new IoT botnet, DoubleDoor, gets into routers with a one-twopunch.Ben Yelin from UMD CHHS, on New Jersey taking on the FCC and net neutrality. Guest is Scott Register from Ixia on security issues with the coming 5G cellular rollout.And theLoopXICO...
Olympic Destroyer updates. Cyber forecasts from the US Intelligence Community. Patch notes. Cryptojacking and coinming. Ad blockers (also an incentive to coin mining).
In today's podcast, we hear thatOlympic Destroyer exploitsEternalRomanceand morphs as it moves from machine to machine. Other Olympic hacks are out there, too. The US Intelligence Community tells Congress to expect a more assertive Iran, Russia, and North Korea in cyberspace. They also forecast more election influence operations. General Nakasone has been nominated to succeed Admiral Rogers at NSA and US Cyber Command.Yossi Oren from BGU on two-factor authentication for the disabled. Guest is John Kuhn from IBM X-Force Iris on the uptick in spam around the Valentines Dayholiday.Coinmining continues to make a nuisance of itself. Learn more about your...
In today's podcast, we hear thatPatch Tuesday will not include a Skype fixthat one will take some time and attention. Olympic Destroyer is the malware thought to be infesting the Winter Games. Attribution remains unclear, but a lot of suspicious eyes are looking at you, Mr. Putin. The Lazarus Group is stepping up its cryptocurrency stealing game. Questions swirl around the allegedBitGrailcryptocurrency exchange losses.David Dufour from Webroot on Mac vulnerabilities. Guest is Mark Loveless from Duo security, looking at IoT personal safety devices.And, heyValentine's Day is tomorrow.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Olympic hacking, cryptojacking and other illicit coin mining. Ransomware updates. The curious case of an alleged kompromat buy. Bots turn to ticket scalping.
In today's podcast we hear that thetheWinter Olympics report ongoing hacking.Cryptojackerhits government websites in the UK, Australia, and the US. Engineers use a research institute's supercomputer to mine Bitcoin inSarov, Russia. The Equifax breach may be bigger and worse than hitherto believed. The Sacramento Bee deletes encrypted database rather than pay ransom. IBM patchesSpectreand Meltdown.Emily Wilson from Terbium Labsoffersa dark web scorecard on the 2018Olympics and the 2018 elections, specifically addressing how matters stand in comparison with the last round of games andvoting.TheCIA says it was no way bilked by a proffered sale of kompromat. And bots scalp airline seats....
IcedID banking trojan. [Research Saturday]
IcedID is a banking trojan recently discovered and tracked by IBM's X-Force research team, targetingbanks, payment card providers, mobile services providers, payroll, webmail and e-commerce sites in the U.S.
Limor Kessem is an executive security advisor with IBM Security. She returns to Research Saturday to describe what she and her team found.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Trends in phishing. Olympic hacking. Cryptojacking spreads. Litecoin gains black market share. Influence operations. Can Strava be exploited by bicycle thieves?
In today's podcast we hear that phishinghas gottenmore personal with conversation hijacking and attempts on direct deposit instructions. The Olympics have opened: do you know where your hackers are? Apple finds leaked iOS source code on Github.Cryptominersfound in hospital systems. Litecoin picks up black market share. Notes on recent patches. Concerns about Russian influence operations continue as US midterm elections approach.Dale Drew from CenturyLink on victim notification. Guest is Deidre Diamond from #brainbabe. They are a nonprofit working to replace booth babes at trade shows with students.And are bicycle thieves going online?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Operation Shadow Web rolls up carding gang. Fancy Bear sightings. DPRK buying zero-days? Cryptojacking ICS. Huawei, ZTE get Congressional razzing. Jita scams.
In today's podcast we hear thatOperation Shadow Webhastkendown the Infraud criminal carding gang. Two more Fancy Bear sightingsone in voter databases, one in Defense contractor emails. North Korea may have purchased its Flash Player zero-day from a third-party.Cryptojackinghits a European water utility. US Senate considers banning Huawei and ZTE from Federal use.Johannes Ullrich on cryptocurrency theft, and advice for protecting your virtual currency. Guest is Christopher Doman from AlienVault on their discovery of aMonerocryptocurrency miner linked to North Korea.And no, Messrs. McAfee and Musk aren't Nigerian princes, and they're not giving away Bitcoin. Learn more about your ad choices. Visit...
Dutch DDoS arrest. Pyongyang is interested in cryptocurrency. So is the US SEC (in a different way). Uber explains its breach disclosure. New wrinkle in the "Microsoft" Help Desk scam.
In today's podcast we hear thatDutch policehave madean arrest in last week's financial sector DDoS case: it's a teenager. North Korean interest in stealing cryptocurrency remains high. Adobe patches the zero-day Pyongyang had exploited against Seoul. Hardware wallets found vulnerable to man-in-the-middle attacks.Crytpojackingtrends. US regulators take a hard look at alt-coins and how they're traded. Uber says it regrets not coming clean sooner about its breach.Justin Harvey from Accenture on ransomware, to pay or not to pay. Guest is YassirAbousselhamfromOktaon their 2018 Business at Work report.New trends in an old help desk scam. Learn more about your ad choices. Visit...
More Eternal exploits found more troublesome. Cryptominer updates. NIST SP 800-171. Paycard skimmers. Tsunami false alarm.
In today's podcast, we hear that theShadow Broker exploitshavenowbeenfoundto bemore exploitable. Cryptocurrency miners are recognized as a problem:MacUpdatesustained a brief infestation late last week, and a new Android mining campaign takes a page fromMirai'splaybook.Smominrubotnet rakes in $3.6 million. T-Mobile warns of SIM-hijacking. Comment period extended for NIST Special Publication 800-171. Newpaycardskimmer found in Pennsylvania stores.Emily Wilson from Terbium Labs on tax fraud issues. Guest is WoodySheafromCovataon S3 bucket leaks.And a tsunami false alarm on the US East Coast.
Learn more about your ad choices. Visit megaphone.fm/adchoices
DPRK exploiting Flash Player zero-day. ISIS wants hacking help. JenX DDoS, Scrareby ransomware updates. Crime and punishment.
In today's podcast, we hear thatFlash Playeris beingexploited by DPRK's TEMP.Reaper, also known as Group 123. ISIS may havea hacker help-wanted sign out. JenX botnet update.Scarebyransomware tells victims it will shred their files if they don't pay up. The Nunes Memo remains a politicalRohrschachTest. A Japanese teenager is arrested for writing cryptocurrency-stealing code. Lauri Love will not be extradited to the US. Peter Levashov is not so lucky.Joe Carrigan from JHU respondsto listener mail on passwords.And the FBI is not emailing you to say you may be entitled to compensation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Advanced adware with nation-state tactics. [Research Saturday]
Adware is generally considered unsophisticated, and because of its low perceived threat level it's often ignored. Researchers at the Booz Allen Dark Labs' Advanced Threat Hunt Team have recently published research describing a more advanced type of adware, using infection techniques usually attributed to nation-state actors.
Jay Novak is a threat hunter and tech lead at Booz Allen, and he takes us through their research.
Learn more about your ad choices. Visit megaphone.fm/adchoices
JenX botnet and DDoS-for-hire. RoK CERT warns of Flash Player zero-day. Cryptocurrency mining and scamming. ICS security trends. Twitter cleared in terror trial. The Nunes Memo is out.
In today's podcast, we hear that theJenXbotnet will conduct DDoS-for-hire, if you've got twenty bucks. South Korea's CERT warns of an Adobe Flash Player zero-day being exploited in the wild. Bitcoin's price drops below $9000, but miners and scammers are still after this and other cryptocurrencies.BeeToken'sICO is used to phish for Ethereum. ICS security reflections in the wake of the Triton/Trisisattack. The 9thCircuit rules that Twitter didn't provide material support to ISIS killers.Rob Lee from Dragos on the security of wind power systems. GuestisDanaSimberkofffromAvePoint, with a discussion on women working in privacy, and why its one area where we are...
ISIS war on families. Cryptomining botnets. The weaponization of Spectre and Meltdown. Phishig with bogus emails spoofing Google, Microsoft. Apps that know too much.
In today'spodcast, we hear thatISIS inspiration is increasingly directed at children.Cryptominingbotnets use sameEternalBlueexploit asWannaCry. Criminals experiment to weaponizeSpectreand Meltdown vulnerabilities. Phishing campaigns exploit well-known services including Google Docs and Outlook. Patch notes.Ben Yelin from UMD CHHS on the National Association of Insurance Commissioners adopting a model data cyber security law. Guest is Shashi Kiran from Quali on cyber ranges and cloud sandboxes.Geolocation andotherapp-collected info raise OPSEC concerns.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Phishing campaign targets Israeli scientists. Low-level contract phishing in China's hinterlands? Apps with privacy flaws. Cisco patches ASA products. Cryptocurrency speculation and fraud.
In today's podcast we hear about apossible Charming Kitten sighting. Phishing in Tibet shows just how successful cheap skid labor can be. Cisco patches a serious flaw in VPN products. Fitness app Strava says it will work to close privacy holes. Experts say you're just a tap away from giving yourself away, and it's not just Strava, not by a long shot. South Korea considers how cryptocurrency might be regulated. The US SEC shuts down an allegedly fraudulent ICO.Yossi Oren from BGU on insecure mobile device cases. Guest is JT Keating from Zimperium on the effects of Meltdown andSpectreon mobile...
Netherlands financial sector recovers from DDoS. Lizard Squad, Mirai, and coin mining. IOTA wallets emptied. Snooper's Charter loses in court. US House may release surveillance memos. Strava OPSEC.
In today's podcast we hear that theDutch financial sectoris well on its way to recoveringfromthe recentDDoS wave, which could be the work of anyone from teenaged skids to some nation's intelligence service. Lizard Squad may have a connection to Mirai. The reptiles are also getting into the coin mining business. Patient phishing relieves IOTA cryptocurrency users of the contents of their wallets. UK's Snooper's Charter smacked down by High Court. US House Intelligence Committee votes to release classified memo on surveillance.Jonathan Katz from UMD on the fuzzing of private healthcare information. Guest is Michael Simon fromCryptonitewith results from their 2018...
Coincheck cryptocurrency heist. ICO phishing. Jackpotting comes to America. Dridex and FriedEx. Transduction attack threat to IoT sensors. Jihadist steganography. Oversharing with Strava?
In today's podcast, we hear that hackershavelootedcryptocurrency exchange Coincheck to the tune of about $530 million.Experty'sICO speculators get phished by crooks. Jackpotting hits American ATMs. TheDridexbanking Trojan apparently has a ransomware sibling:FriedEx. Transduction attacks could hitIoTsensors.Steganographicapp "Muslim Crypt" is designed for jihadist communication. North Korea tells Britain to mind its own business aboutWannaCry.Zulfikar Ramzan from RSA with his perspective onSpectreand Meltdown.Stravafitness app reveals locations of user activity.
Learn more about your ad choices. Visit megaphone.fm/adchoices
This week were discussing the a campaign the McAfee Advanced Threat Research team recently discovered, one thats targeting organizations involved with the upcoming Pyeongchang Winter Olympics.
Raj Samani is chief scientist at McAfee, and he shares the campaign's clever details.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Lebal's layered approach to infection. Crytominers are becoming a big problem. Tracking influence ops. Dutch intelligence spotted Cozy Bear early. Exploiting password recovery.
In today's podcast, we hear howLebalmalware steps its way through layered defenses. Cryptocurrency mining campaigns go afterMonerowithXMRig,WannaMine, and other toolkits. It's not a victimless crime, eitherCPUs can be rendered effectively unusable. Influence operations are tracked in Twitter and Facebook. Dutch intelligence services penetrated Cozy Bear and shared warnings with allied services. Russia demanded, and got, source code access as a condition of doing business.Dale Drew from CenturyLink shares his outlook on 2018. Stacey Higginbotham, host of the Internet of Things Podcast, chats about IoT security.A creep exploits password recovery utilities.
Learn more about your ad choices. Visit megaphone.fm/adchoices
2018 forecast [Special Editions]
Its fair to say that 2017 was a busy year when it came to cyber security, and as we head into 2018 theres certainly no sign of things slowing down. Days into the new year the news of serious vulnerabilities like Meltdown and Spectre, the ongoing threat of ransomware, major data and privacy breaches, and political unrest around the world, well, hold onto your hats, it looks like we may be in for a bumpy ride. In this CyberWire special edition, weve gathered a group of seasoned cyber security experts to share their views on what we might expect over...
In today's podcast, we hear about how patriotic hacktivistsaretalkingturkey to high-profile Twitter accounts. The Hide 'N' Seek IoT botnet spreads swiftly through specially crafted peer-to-peer communications. Vulnerabilities found in the Electron developers framework. ICOs are heavily targeted by criminals. Bell Canada was breached, and the Mounties are on the case. Ontario transit operator Metrolinx is asked how it knows North Korea hacked it. British Prime Minister May takes a swing at secure messaging and tech companies generally. Fancy Bear doesn't like Olympic luge.David DuFour fromWebRootwith his outlook on ransomware for the coming year. Guest is Malcolm Harkins from Cylance with...
Satori variants. Hacking in Anatolia. Lazarus Group improves its tradecraft. Tindr vulnerabilties. UK's new office to combat disinformation. Pirated pdfs hold malware.
In today's podcast, we hear that new Satori variants are out. Turkish hacktivists use Twitter for social engineering. Parties unknown are conducting an espionage campaign against Turkish defense contractors. North Korea's Lazarus Group improves its cryptocurrency theft tradecraft. Dating app vulnerabilities are a cyber-stalker's dream date. Britain will combat disinformation with a national office of rumor control.Justin Harvey from Accenture addressing the cyber skills shortage. Guest is Jon Condra from Flashpoint, reviewing their Business Risk Intelligence Decision Report. Plus, say phooey to pirated copies ofFire and Fury.
Learn more about your ad choices. Visit megaphone.fm/adchoices
ISIS messaging. Intel will roll out new Spectre/Meltdown patches. Identities for sale on the dark web. IDN spoofing. SpriteCoin ransomware, with a malware chaser. Three Sonic games may be trouble.
In today's podcast we hear thatISISis howling"we are in your home" as they lose their own home. Intel says a new patch forSpectreand Meltdown is coming to fix instability problems. Babies' social security numbers and other data are for sale on the dark web. So are email credentials from top-500 British law firms. Look closely aturlsIDN spoofing is out and about. Satori expands the reach of its botnets. New ransomware strains surface.SpriteCoinis no coin at all.Joe Carrigan from JHU responding to listener mail about disabling links in email.Chris Webber fromSafeBreachon using simulations to test for Meltdown andSpectrevulnerabilities.And Sonic the Hedgehog...
Evrial and the Clipboard threat. SamSam ransomware recovery. Olympic hacking? Russian bots. Crime and punishment. Speculated origins of Bitcoin.
In today's podcast, we learn that theEvrialTrojan is interested in what's on your Windows Clipboard. The healthcare sector continues its struggle to recover fromSamSamransomware. People raise the possibility that Olympic timekeeping could be hacked. They're not saying it was, just that it might be. Russian troll farms are barking at the US House Intelligence Committee and the Czech Presidential run-off election. Some notes on crime and possible punishment.Malek Ben Salem from Accenture Labs on the challenges of deploying next-generation cryptography.And there are two new theories about Satoshi Nakamoto.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Researchers at ThreatConnect have discovered evidence that Fancy Bear, a cyber espionage group generally associated with Russia's military agency GRU, may be spoofing domains belonging to the World Anti-Doping Agency (WADA), the US Anti-Doping Agency (USADA), and the Olympic Council of Asia.
Kyle Ehmke is a threat intelligence researcher with ThreatConnect, and he takes us through their work.
Learn more about your ad choices. Visit megaphone.fm/adchoices
AllScripts works to remediate ransomware in medical apps. Group 123 hits ROK targets. Triton/Trisis zero-day. Dark Caracal espionage op. Section 702 renewed. GhostTeam ejected from Play Store.
In today's podcast we hear about ransomware afflicting a healthcare IT provider.Group 123 phishes in South Korean waters. Schneider Electric describes the zero-day Triton/Trisisexploited. The Dark Caracal spyware campaign is attributed to Lebanon's intelligence service. The US Congress will extend Section 702 surveillance authority for six years.GhostTeam-infected apps are booted from the Play Store.Jonathan Katz from the University of Maryland ponders "uncrackable" quantum encryption. GrahamCluleyfrom the Smashing Security podcast drops by for a chat about the state of the industry.Andis there ever a good reason to write down a password?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Big healthcare data breach. False civil defense alerts. Davos will take up cyber next week (among other topics). Exobot on the block. Satori in your wallet? Ponzi scheme or pump-and-dump?
In today's podcast we hear thatNorway's Southern and Eastern Regional Health Authorityhas suffereda breach. False civil defense alerts are mistakes, not hacks, but they're worth some attention. Davos will take up international conflict and cybersecurity next week. Banking TrojanExobotholds a going-out-of-business sale. Satori botnet rifles cryptocurrency wallets.Emily Wilson from Terbium Labs, looking at the upcoming Olympics and midterm elections. Guest is NadavAvital from Imperva on web application vulnerabilities.And wasBitconnect'scollapse a Ponzi scheme, a pump and dump, or something else?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Section 702 update. Kaspersky reports on Skygofreedangerous Android spyware. Recorded Future on DPRK spearphishing. Healthcare hacks. Bogus patches. VR game could expose users.
In today's podcast, we hear that theUS Senateis ready, after a successful cloture motion,to vote on Section 702 surveillance reauthorization. Bipartisan Congressional support for election security bill.Skygofreeis an unusually capable variety of Android spyware. More evidence ties North Korea's Lazarus Group to a Bitcoinspearphishingcampaign. German users lured by fakeSpectre/Meltdown patch sites. Healthcare organizations hit with a variety of attacks.Zulfikar Ramzan, CTO at RSA, introduceshimself as wewelcomehim to the show. Guest is Mark Orlando from Raytheon Cyber on the Korean Olympics phishing campaigns.Thinking of VR adult content? Think twice. No, better, think thrice.
Learn more about your ad choices. Visit megaphone.fm/adchoices
New Mirai variant forming. Meltdown and Spectre remediation updates. Notes on Russian hacking. Charges in swatting death.
In today's podcast, we hear that anew Mirai variant,Okiru, is forming botnets of ARC-based IoT devices. Meltdown andSpectreremediation continues. CIA is said to have confirmed thatNotPetyawas a GRUoperation. Suspicions rise that the Shadow Brokers used security tools to scan for classified documents. US and Canadian officials raise alarms about election influence operations. Wichita swatter charged with involuntary manslaughter. Malicious Chrome extensions spotted.Robert M. Lee from Dragos on the security of petroleum ICS. Guest is Lance Cottrell fromNtrepidon the importance of net neutrality forsecurity.AndUSB drives contain thedarndestthings.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Shake Your MoneyTaker. [Research Saturday]
A group of Russian-speaking hackers have stolen nearly $10 million from banks around the world.Group-IB, a company with expertise in computer forensics,information security and, specifically, Russianspeaking criminal groups, have named these thieves MoneyTaker. Nicholas Palmer is the director of international business development at Group-IB, and he's joined by their head of threat intelligence, Dmitry Volkob to explain the MoneyTaker group's schemes.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Spectre and Meltdown patches may be messy, but not as performance-killing as feared. AMT exploit. Mobile ICS apps. Monero mining. Badness in the Play Store. Huawei ban? Droning while drunk.
In today's podcast, we hear thatSpectreand Meltdownhave continued to receive patches, and they may not be as performance-killing as feared. F-Secure says if you leave your laptop alone it could bepwnedin 30 seconds. Mobile ICS apps seem to be getting less, not more, secure. Google boots more bad stuff from the Play Store.Monerominers afflict unpatched Oracle WebLogic servers (so patch). The US Congress considers a Huaweiban.Johannes Ullrich from SANS and the InternetStormcastpodcast on IoT gifts. Guest isPhilReitingerfrom the Global Cyber Alliance, an international, non-profit organization headquartered in New York City andLondon that is focused on eradicating systemic cybersecurity risks.And New...
Aadhaar updates. Fancy Bear doxes the Olympics. WhatsApp snooping vulnerability discussed. Spectre and Meltdown patching. US House reauthorizes Section 702. Bitcoin isn't Bitcoin Cash.
In today's podcast we hear that the Governmentof Indiais workingon Aadhaar security, suspending many officials' access. Fancy Bear doxes the IOC. WhatsApp snooping proof-of-concept revealed.Spectreand Meltdown patching continues. The US House voted to reauthorize Section 702 surveillance (the Senate is considering its own version). On the FBI's unwanted list: jerks and evil geniuses (and they're scowling in the direction of Cupertino).Rick Howard from Palo Alto Networks on AI and ML in cyber security. Guest is Shelley Westman from EY, with the results from their Global Information Security Survey.Conflating Bitcoin with Bitcoin cash could have been an e-commerce issue. Learn more...
Turla returns. Moscow interested in Mexican elections? FakeBank mobile Trojan hits Russian banks. Phishing the Olympics. Patch Tuesday. Bad flashlights, nice doggie.
In today's podcast, we hear thatTurla's back, with a depressingly nifty man-in-the-middle campaign. The US thinks it sees Russia trying to influence Mexico's national elections. Russian banks are hit with a new mobile Trojan. Iran continues its Internet crackdown, and conducts more domestic surveillance and hacking. Winter Olympics-themed cyberattacks rely on well-crafted social engineering. Patch Tuesday addressedSpectre, Meltdown, Flash, and an Office zero-day.Yossi Oren from BGU on vulnerabilities in mobile device replacement touchscreens.Stay away from flashlight apps. (And take a look at your dog-walker's app, too, while you're at it.)
Learn more about your ad choices. Visit megaphone.fm/adchoices
Spectre and Meltdown mitigations. Psiphon and Iran's unrest. Olympic phishing. Mobil pop-up redirection. Alt-coin speculation.
In today's podcast, we hear about howSpectreand Meltdown mitigationsareproceeding, with many successes (but some blue-screen-of-death failures, too).Psiphonlooks like the souped-up VPN of choice for Iranian dissidents, as that country's Internet crackdown continues. Pop-up ads infest mobile devices as an old tactic finds new scope for its misapplication. Olympic phishing targets South Korean companies. China moves to stop illicit cryptocurrency miners.Jonathan Katz from UMD on bitcoin mining power use. Guest is UdiYavofromEnsiloon ProcessDoppelganging.Is there an alt-coin bubble?Surelooks like it.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Korean-language phishing targets interest in the Winter Olympics. Unrest continues in Iran. Meltdown and Spectre updates. Aadhaar security. Admiral Rogers will retire this spring from NSA.
In today's podcast we hear that someone is phishing for hockey enthusiasts during the run-up to the Winter Olympics. Continued unrest in Iran, with more arrests. More on Meltdown andSpectre, as most experts agree you should apply the mitigations being offered. Intel receives much hostile scrutiny over the chip bugs, but other vendor's processes are affected, too. India says Aadhaar is secure, but many aren't so sure. Admiral Rogers will retire as NSA Director this spring.Ben Yelin from UMD CHHS on legislation to enable hacking back, ACDC, the Active Cyber Defense Certainty act.Marcus Hutchins' attorneys want his confession to involvement...
Robert M. Lee. is CEO of Dragos Security, a company that specializes in the protection of industrial control systems. Hes describing his team's research on TRISIS, tailored ICS malware infecting safety instrumented systems (SIS), so far found only in the middle east. It's only the fifth known incident of malware targeting ICS systems.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Meltdown and Spectre, risks and mitigations. Aadhaar compromised. Blockchain bubbles.
In today's podcast we hear howMeltdown andSpectrehaveput the fear of hardware flaws into enterprises everywhere. No family of systems can be safely assumed to be immune. Most are positively identified as vulnerable. Proofs-of-concept show that remote attacks exploiting chips' speculative execution features are feasible. India's Aadhaar national identification database is compromised.Justin Harvey from Accenture with his outlook on 2018. Guest is Dinah Davis from Code.likeagirl.io and Arctic Wolf Networks. Were discussing trade shows and conferences, and the importance of having diversepanels.Cryptocurrencyspeculative mania continues.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Meltdown and Spectre arose from engineering for speedmost chips are affected. Bogus security apps kicked out of Google Play. Iran's Internet crackdown. Indications of a guilty plea in NSA leak case.
In today's podcast we follow the story ofMeltdown andSpectre, whichpose kernel-level security issues: speed was inadvertently purchased at the price of insecurity.Spectreaffects most chips, not just those from Intel. Mitigations are on the way. Bogus security apps booted from Google Play. Be on the lookout for phony Android Uber apps. Iran's Internet crackdown continues.Michael Daly from Raytheon and David DuFour from Webroot share their views on Meltdown andSpectre.Andformer NSA contractor Hal Martin may plea to taking one classified document home with him.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Iranian dissent takes to Tor. Iran cracks down on Internet services (and Infy gets busy). Kernel memory issue in Intel processors. macOS bug published. "Trackmageddon." Curating YouTube. Condolences to a SWATTING victim's family.
In today's podcast we hear thatIran's crackdown on Internet channels of dissent continues. Intel processors are determined to have a deep security flaw: cloud users are likely to be affected. A macOS local privilege escalation vulnerability is published. The "Trackmageddon" location service vulnerability seems to originate in a buggy API. The suicide forest video appears to have passed through YouTube's human curators. The man arrested in the Wichita police shooting may have been a serial SWATTER.Joe Carrigan from JHU on holiday IoT devices. Guest is Thomas Jones from Bay Dynamics on updated NIST rules for DOD contractors. Learn more about...
ISIS claims responsibility for bombing in Russia. Iranian unrest involves Telegram, Instagram. Proposed FERC reporting standards. YouTube gone bad, and an arrest in a horrific swatting prank.
In today's podcast we hear that ISIS has claimed responsibility for the December 27thSt. Petersburg shopping center bombing. UK authorities seek to think ahead about cyber terror. US standards bodies propose more stringent mandatory reporting of cyber incidents at electrical utilities. Unrest in Iran prompts a government crackdown on the Internet.We meet our newest academic &research partner,Dr. Yossi Oren from Ben Gurion University.AYouTube celebrity learns something of the limits of the funny, and a Los Angeles man is arrested in a horrifying SWATTING attack that killed an utterly uninvolved bystander.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hunting the Sowbug. [Research Saturday]
Alan Neville is a senior threat intelligence analyst at Symantec located in Dublin. He is responsible for leading and documenting investigations into high priority attacks.
He recently published research on the Sowbug cyber espionage group targeting South American and Southeast Asian governments.
https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments
Learn more about your ad choices. Visit megaphone.fm/adchoices
The German Cybersecurity Market with Gerald Hahn
Gerald Hahn is CEO of Softshell ag, a German cybersecurity company. He shares his insights into the market for cybersecurity products in the German market, and how US companies can best prepare themselves to do business, there.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CISO's changing role with Andrew Wild
Andrew Wild is CISO at QTS Data Centers. He shares his insights into the changing role of the Chief Information Security Officer, as businesses shift their focus toward risk.
Learn more about your ad choices. Visit megaphone.fm/adchoices
"Hacked Again" author Scott Schober
Cybersecurity expert and author Scott Schober shares his personal story of being hacked, and how it set him on a mission to help prevent it from happening to others.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Active defense and hacking back" with Johnathan Braverman from Cymmetria
Jonathan is Cymmetria's General Counsel. A former trial attorney, Mr. Braverman is an expert in cyber-security law, policy and regulation. He has written policy papers on export controls over cyber technology, active defense and "hacking back."
Learn more about your ad choices. Visit megaphone.fm/adchoices
Keyboys back in town. [Research Saturday]
In this edition of the CyberWire Research Saturday, we'll take a look at a more recent intrusion PwC has uncovered, named KeyBoy and highly likely a China-based threat actor. It uses compromised Word documents to gain access.
Bart Parys is a lead researcher in PwC's cyber threat intelligence team, responsible for tracking cyber threat actors, their latest toolsets and methodologies.
https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html
Learn more about your ad choices. Visit megaphone.fm/adchoices
Updates on Triton ICS malware attack. DPRK and WannaCry. Cryptocurrency crime and an alt-coin market correction. Fancy Bear sightings.
In today's podcast we hear some updates on the Triton ICS malware campaign. North Korea amplifies its denials of responsibility forWannaCry. Cryptocurrency markets undergo a strong correction. "Blockchain" remains a word to conjure with. Citing a potential risk to national security, Lithuania's government bans Kaspersky software. ESET thinks Fancy Bear is growing more cunning and evasive.Chris Poulin from BAH on the transition toself drivingcars, and the problem with selling fear and uncertainty. Guest is KimDeCarlisfromGigamonon marketing cyber security.And how does Siri handle various linguistic challenges?
Learn more about your ad choices. Visit megaphone.fm/adchoices
More data found exposed in an AWS S3 bucket. EtherDelta's DNS impersonation issue. DPRK says it doesn't hack. FISA Section 702 nears sunset. Wassenaar updated. Kaspersky says its due process rights have been violated.
In today's podcast, we suggesta new year's resolution all organizations should make: resolve to configure your cloud services for privacy and security. Another cryptocurrency exchange gets hacked, this one by DNS hijacking. North Korea finally says it had nothing to do withWannaCry, but few are convinced. The Lazarus Group continues to be a prime suspect in cryptocurrency theft. Section 702 nears sunset. Wassenaar seems to have become friendlier to researchers.David DuFour from Webroot on quantum computing and AI. Guest is Joseph Carson fromThycoticon stolen passwords on the black market.And Kaspersky Lab wants redress in court. Learn more about your ad...
Pyongyang's snarling through cyberspace, and what others are doing about it. Coppersmith espionage campaign in the Middle East. GDPR approaches. Giving your kid a smartphone?
In today's podcast, we talk about what the Five Eyes see. Implications of North Korean responsibility forWannaCry. Defense and deterrence go with naming and shaming. The Lazarus Group looks to cryptocurrency theft to redress North Korean financial shortfalls. Copperfield cyber espionage campaign in the Middle East. GDPR approaches, and organizations look to get their data houses in order (and buy insurance).Justin Harvey from Accenture on choosing threat intelligence. Guest is Stan Engelbrecht from D3 Security on the vulnerabilities in public transportation.And what to do if your child gets a phone from Santa.
Learn more about your ad choices. Visit megaphone.fm/adchoices
North Korea officially blamed for WannaCry. US National Security Strategy and cyber. Hex Men are up to no good. Cryptocurrency crimes. Cyberespionage. Misconfigured printers. Bad passwords.
In today's podcast, we hear that the Five Eyes look atWannaCryand officially see Pyongyang. New US National Security Strategy emphasizes economic power and cybersecurity (and names the adversaries). Hex Men are no super heroes. More Bitcoin theft bankrupts an alt-currency exchange. AndroidMonerominer can basically melt your phone, it's working so hard. Users leave Lexmark printers open to the Internet.AnubisSpypeeks at Arabic-speaking Android users.Joe Carrigan from JHU on holiday IoT devices. Guest is Chris Webber fromSafeBreach, reviewing the third edition of their Hackers Playbook.And guess the two worst passwords of 2017.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Zealot and Monero mining. Bitfinex DDoS. Triton/Trisis shows risks of committing safety and control to the same systems. Bitcoin crime. M&A news. Hair of the dog.
In today's podcast, we hear how theZealotcampaignusesShadowBrokers' exploits to install aMonerominer on victim systems.Bitfinexsuffers another DDoS attack as Bitcoin valuations remain high. Triton attack on industrial safety systems shows the risk of mixing control with safety. Exposed database of California voters investigated. Thales will buy Gemalto.Johannes Ullrich from SANS and the Internet Storm Center podcast, on scammers profiteering from natural disasters.And suffering from social media hangover? Try a little hair of the dog that bit you (say social media vendors).
Learn more about your ad choices. Visit megaphone.fm/adchoices
The unique culture of the Middle Eastern and North African underground. [Research Saturday]
Online underground markets thrive across the globe, with the Middle East and North Africa being no exception. Researchers at Trend Micro recently too a look inside these digital souks, and while much of what they discovered matches similar online marketplaces, there are unique cultural elements that set these regional trading posts apart.
Jon Clay is a cyber security expert from Trend Micro, and he takes us through their research paper, "Digital Souks: A Glimpse into the Middle East and North African Underground."
Learn more about your ad choices. Visit megaphone.fm/adchoices
Internet shut down in Ethiopia. TRITON ICS malware updates. Security products patched. Cryptocurrency capers.
In today's podcast, we hear thatEthiopia's governmenthas shutdown the country's Internet during a period of unrest. TRITON ICS malware update. The FCC moves away from net neutrality. UK warnings about cable vulnerabilities. When a keylogger isnt a keylogger. Security companies patch some products. Pyongyang likes Bitcoin. More on theNiceHashBitcoin caper.Emily Wilson from Terbium Labs on breach fatigue.Colleen Huber from MediaPro on their 2017 State of Privacy and Security Awareness Report.And, stick 'emup: your Ether or your life.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hacktivism threatened over embassy move. Significant probe of an industrial plant. That was no BGP error. TV blues.
In today's podcast we hear thatAnonymoushas calledfor action against US and Israeli government sites. FireEye reports a significant attack against an industrial plant, possibly involving nation-state reconnaissance. A lot of Internet traffic was briefly rerouted through Russia yesterday, possibly deliberately, for unclear reasons. TV troubles.Dale Drew from CenturyLink on measuring against standards and certs.TorstenMayer from FICO on using AI to help protect nonprofits online.And if toys are getting too connected, consider a puppyvery interactive.
Learn more about your ad choices. Visit megaphone.fm/adchoices
A look back at Patch Tuesday. Classic games on Android serve malware. Cryptocurrency speculation. Info ops updates. Phony hitmen. Guilty pleas in Mirai case.
In today's podcast we hear a reminder about yesterday'sPatch Tuesday.Classic Android gamesare serving malware.Crytpocurrencyspeculative fevercontinues to rise. More unwelcome miners arepullingMoneroout of streaming video services. Ransomware extortionists are finding Bitcoin prices sometimes rise too fast for comfort. False hit-man spam. A Russian hacking defendant, in Russia, says Putin made him do it.Robert M. Lee from Dragos on the security of the watersupply. Guest is EvanDornbushfrom point3 security on the disconnect between employers and educational institutions.Guilty pleas in the Mirai case.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Catphishing for spies. Banking Trojans. Spider ransomware. CoinHive comes to Starbucks. SEC stops another ICO. BrickerBot retired?
In today's podcast, we hear thatBerlin says Beijing's beencatphishing, andthatBeijing says no way. Banking Trojans in Google Play look for Polish accounts. Spider malware spins out of the Balkans. Transferring risk doesn't mean you can ignore it. The SEC calls cease-and-desist on another ICO. That venti in Buenos Aires may have come with aCoinHiveminer.Rick Howard from Palo Alto Networks on DevOps vs. site reliability engineers.Marcelle Lee fromLookingGlasson the Bad Rabbit ransomware.The Doctor puts down his tools and closesBrickerBot.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Al Qaeda tries its hand at inspiration. MoneyTaker cyber bank robbers. Dark web database holds a billion credentials. Bitcoin speculation and Bitcoin fraud.
In today's podcast, we hear that al Qaedais workingon ISIS-style inspiration. TheMoneyTakergang has been raiding banks quietly for about a year and a half. HP fixes an inadvertent keylogger in its laptops. 4iQ finds a huge database of aggregated credentials from many breaches for sale on the dark web. Bitcoin and other cryptocurrencies attract scams and hackers. Why? That's where the money is.Ben Yelin from UMD CHHS on the proposed Cybersecurity Improvement Act of 2017 legislation.An ICO scam artist is in the SEC's crosshairs, but they'll have to wait until Qubec is through with him. Learn more about your ad...
Zberp is a stealthy banking trojan with an unconventional process injection technique. A hybrid of the ZeusVM and Carberp malware, Zberp uses a variety of techniques to prevent detection while it gathers information from infected systems.
Limor Kessem is an executive security advisor for IBM, and she's our guide.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Iranian reconnaissance of critical infrastructure? Leaky banking apps. Microsoft's emergency patch. Ghosts of the Caliphate threaten, but have yet to deliver. New horizons in biometrics.
In today's podcast we learn thatFireEyeis warningof patient reconnaissance on the part of the(probably)Iranian APT34. The Electronic Ghosts of the Caliphate have so far failed to say "boo," except maybe in South Jersey. Flaws discovered in mobile banking apps. Bike-sharing service leaked data. Bitcoin's bubble. Microsoft patches its Malware Protection Engine.Chris Poulin from BAH on closing the gap between IT and OT people in ICS.Adam Segal from the Council on Foreign Relations on the rollout of their cyber operations tracker.And biometrics have come to the beagles: your pet door can now recognize Rover or Boots, and let them on in....
Hamas calls for intifada; hacktivism expected. Ethiopian government surveillance ops. Crime and cryptocurrency. Keylogger in the wild. Fixes to MacOS, Android app development tools. Uber hack and bug bounties.
In today's podcast we consider warnings of a hacktivist intifada as the USprepares to recognizeJerusalem as Israel's capital. How Ethiopia's surveillance was discovered. Criminals flock to cryptocurrency sites with everything from DDoS to miners to theft. Keylogger found infesting WordPress sites. Android app development tools get quick fixes. Apple updates MacOS High Sierra again. What Uber may have thought it was doing when it paid off its hackers. Section 702 surveillance authority update.Jonathan Katz from UMD on NISTs call for algorithms for post-quantum computing.Drew Cohen fromMasterPeaceSolutions on drawing government talent to the privatesector.Ajeopardy champ faces hacking charges, and Kromtech warns...
Satori botnet is awake (and it's not engaged in enlightenment). State-sponsored spyware campaigns. ISIS threatens cyberattacks.
In today's podcast, we learn that theSatori botnet flashedinto existenceyesterdaywith 280,000 bots. Is there a router zero-day out there? Insecure cryptocurrency apps aren't deterring speculators. How much energy does Bitcoin use? About as much as Denmark. Ethiopia's governmentissaid tobe usingspyware against journalists. Iran's Charming Kitty espionage group is looking at media, academics, activists, and political advisors. ISIS threatens cyber havoc this Friday.Joe Carrigan from JHU on breach fatigue. Cat Coode from Binary Tattoo on social media safety.And the IOC takes a poke at Russia.Expect Fancy and Cozy Bear to poke right back.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Andromeda takedown (with an arrest in Belarus). Mirai is back; Reaper still threatens. PayPal phishing. Tech support scam evolves. Cryptowars notes. SEC goes after an ICO.
In today's podcast, we hear how an international police operationtookdown Andromeda, and possibly the criminal mastermind known as Ar3s. Mirai is back, and so are warnings about Reaper. There's aPayPal phishing expedition in progress (don't let yourself be a wild-caught sucker). A new variant of the familiar tech support scam features a bogus blue screen of death. Germany's Interior Minister considers backdooring the IoT. The US Securities and Exchange Commission is going after dodgy ICOs.Justin Harvey from Accenture on cyber ranges.Adam Meyers fromCrowdStrikeon supply chainattacks.Andwe're not going to talk about the Internet of Those Kinds of Things. (Don't act so...
Nghia Hoang Pho charged with mishandling classified NSA material. A review of other recent leaks. Kaspersky under fire in the UK. More Uber executives depart.
In today's podcast, we hear about an NSA employee who was charged Friday with "willful retention of national defense information." This appears to be the individual whose computer was equipped with Kaspersky security software, and scanned either by that security product or by a backdoor, depending on whom you believe. A look back at the other three alleged NSA leakers: Snowden, Martin, and Winner.Johannes Ullrich from SANS and the ISCStormcastpodcast,talking about the Kaspersky data exfiltrationaccusations.TheUK expresses official misgivings about Kaspersky products. More Uber executives depart the company.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Staying ahead of Fast Flux Networks. [Research Saturday]
Bad actors are using Fast Flux Networks with quickly-changing IP addresses and domain names to help hide their activities.
Or Katz, Principal Lead Security Researcher at Akamai, takes us through their recently-published white paper, "Digging Deeper An In-Depth Analysis of a Fast Flux Network."
Learn more about your ad choices. Visit megaphone.fm/adchoices
Flynn pleads guilty in Mueller probe. Misconfigured AWS S3 buckets, again. Election trolling and spy versus oligarch. Black Friday fraud down. Crime and punishment.
In today's podcast, we hear that former National Security Advisor Flynn pleads guilty to lying to the FBI. Another misconfigured AWS account is found. Cobalt is either careless or engaged in misdirection. Election trolling and mutual suspicion between Russia and the US. Kaspersky says his company didn't, doesn't, and won't spy for the Russian government as US agencies begin to purge their systems of his security software. Black Friday fraud seems to be down this year. South Korea's investigation of domestic election meddling by its cyber command sharpens.Malek Ben Salem from Accenture Labs with thoughts on GDPR.Gary Golomb from Awake...
Breaches, extortion, and insider threats. Credit bureaus and GDPR. HP addresses spyware allegations. When is a snack bag more than a snack bag?
In today's podcast we learn that British shipping giantClarksonswas breached butrefuses to pay hackers extortion. The US House may be reaching consensus on surveillance authorities. INSCOM mops up Red Disk leak. The US Defense Department may have more work to do countering insider threats. HP denies reports of spyware in its PCs. Apple fixes High Sierra. Credit services think through the implications of GDPR.Robert M. Lee from Dragos, reviewing ICS and natural gas.ShaunWalsh from Cylance onAI.Andsnack foods,mensrea, Faraday cages, and employment law.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Building your cyber security career. [Special Edition]
In this CyberWire special edition, we take a closer look at finding your career in cyber security. Just how important is that degree? Does it make sense to invest in certifications? What are employers really looking for when theyre searching for qualified cyber security talent? And why is it critical that you not just hunt down a sexy, high paying job, but build yourself a fulfilling career?
Sharing their insights and expertise are Kathleen Smith, CMO from Clearedjobs.net and cybersecjobs.com, and Robert M. Lee, CEO of Dragos.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Another misconfigured AWS S3 bucket, this one with US Army INSCOM files. Apple fixes a major issue in MacOS. Influence ops and autarky. Boyusec disbanded.
In today's podcast we hear that another misconfigured AWS S3 buckethas turned up. This oneholds sensitive US Army files. Apple fixes a big flaw in the latest MacOS High Sierra versionthe password is"root." Russia says American aggression in cyberspace is moving it to create its own DNS. Russia and Venezuelaexploitthe Catalan independence movement for disruptive information operations.Boyusec,mentioned in recentUSindictment,has been disbanded.Dale Drew from CenturyLink with lessons on consolidation.Jason McGee from IBM on software containers.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Who's the third man in the Shadow Brokers leaks? ISIS diaspora means more ISIS online. Monero miner identified. Tizi backdoored apps booted from Google Play. Scarab ransomware. M&A notes. Indictments in IP theft.
In today's podcast we hear rumors thatthe third-man in the Shadow Brokers leakmight soon become publicly known.ISIS enters its diaspora phase.Monerominer targets Macs. Google Play ejects apps with the Tizi [tizzy] backdoor. Scarab ransomware blasted out in spam campaign. Uber's value takes a hit, post-breach-disclosure. Barracuda Networks taken private. Trend Micro buysImmunio.Emily Wilson from Terbium Labs on the privacy of children online.Bryan Ware fromHaystaxon analyzing incoming datastreams.Andthe Pittsburgh FBI office takes another whack at Chinese industrial espionage.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Breach disclosure: fast and slow. Mirai's minor comeback. Anti-ISIS Hacktivsts strike Amaq. North Koreans studying blockchain. Alleged Game of Thrones hacker indicted.
In today's podcast, we hear that image-sharing serviceImgurdiscloseda data breach. It happenedsometimeago, but they were quick to get the word out once they were aware of it. Uber faces regulatory attention and possiblepost-hack headwinds for itsaniticipatedIPO. Mozilla's working on a Firefox add-on to warn you that a site you're visiting has been breached. There's a minor resurgence of Mirai, mostly from routers in Argentina. Anti-ISIS hacktivists school the Caliphate in information operations. What did the FBI know about Fancy Bear? North Koreans study blockchain.Ben Yelin from UMD CHHS on President Trumps recently signed Cyber Crime Fighting Act.And winter is coming...
Waiting for Terdot, a sneaky banking Trojan. [Research Saturday]
The Terdot Banker Trojan is a descendant of the Zeus family of malware, and has evolved to feature serious espionage capabilities. It can compromise transactions, steal accounts and credit card information, and can eavesdrop on and modify traffic on social media and email platforms. While not yet widely spread, it's a threat to consumers and businesses alike.
Bogdan Botezatu is a senior e-threat analyst at Bitdefender, and he takes us through their recently published whitepaper.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The Right to Be Forgotten with Yale Law School's Tiffany Li
Our guest today is Tiffany Li. Shes an attorney and Resident Fellow at Yale Law Schools Information Society Project. She's an expert on privacy, intellectual property, and law and policy, and her research includes legal issues involving online speech, access to information, and Internet freedom. Shes coauthor of the paper, Humans Forget, Machines Remember: Artificial Intelligence and the Right to Be Forgotten, which will be published soon in Computer Security & Law Review.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyberspace in Peace and War author Martin C. Libicki
Today's show features an extended interview with Martin C. Libicki.He holds the Maryellen and Richard Keyser chair of cybersecurity studies at the U.S. Naval Academy. His most recent book is Cyberspace in Peace and War. Topics include the differences between cyber war and cyber espionage, the possibilities of a cyber Pearl Harbor or Cyber 9/11, and the risk of nations overreacting to cyber attacks.
Learn more about your ad choices. Visit megaphone.fm/adchoices
PwC Principal Jocelyn Aqua on Earning Consumer Trust and Business
Our guest today is Jocelyn Aqua. Shes a principal at PwC, where her specialty is regulatory privacy and cybersecurity. Our conversation centers on a recently published report from PWC called Protect Me, what they describe as an in-depth look at what consumers want, what worries them, and what companies can do to earn their trust and their business.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Dark Net Pricing with Flashpoint's Liv Rowley. [Research Saturday]
Cybercriminals offer all sorts of illicit goods for sale onDeep and Dark Web markets. In this episode, Liv Rowley, cybercrime intelligence analyst at Flashpoint, takes us through her team's research into the pricing of certain illegal goods online, including "Fullz", exploit kits, DDoS for hire, RDP servers, card data, bank logs and passports. Supply meets demand in this shady underground ecosystem.
Learn more about your ad choices. Visit megaphone.fm/adchoices
AWS S3 misconfigurations. Kaspersky's report on the Equation Group affair. Cybercrime notes. DPRK cyber campaigns. The VEP reviews continue positive. Amazon Key has issues.
In today's podcast, we hear about more misconfigured S3 buckets(these in Australia). Kaspersky Lab protests its innocence as it releases a study of Equation Group leaks. Notes from the world of crime: dual-purpose Trojans, fake-news-as-a-service, and how the cops are keeping the robbers hopping. Some thoughts on Hidden Cobra, and what it means for ICS operators in particular. More positive notices for the VEP.Chris Poulin from BAH on AI ethical conundrums withself-drivingcars.Jeremy Wittkop fromInteliSecureon the trouble with Social Security Numbers.And Amazon Key may unlock more than one would like.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Revisions to the US VEP (and comparisons to China's). DPRK hacking. Laurel mole hunt. BlueBorne is back. Snakes in the Play Store. Can you sound like a child?
In today's podcast, we get an update on the US Vulnerabilities Equities Process, which now promises more transparency, accountability, and stakeholder representation in handling zero-days. A look at China's equivalentdoesn't. Worries about North Korean hacking. Mole hunting at Fort Meade.BlueBornebugs in home assistants. More malware in Google Play.David DuFour from Webroot on the importance of communication with the board of directors.RoyKatmorfromEnsiloon attacks using social engineering. And how to get around that pesky voice recognition software.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In today's podcast, we hear that theDHS and FBIhavewarnedthat two North Korean malware campaigns are active in the wild. IoT vulnerabilities are disclosed. :Smartphones ship with apparently inadvertent backdoors. Patch Tuesday was a big one, this month. Russian trolls took both sides in the Brexit vote. A pro-tip from the squints: a screenshot from a video game isn't, you know, actually gun-camera footage.Ben Yelin from UMD CHHS on the possible expiration of section 702 of the FISA act.OrionHindawi, CEO of Tanium, with insights gathered from their annual Convergeconference.AndNorth Korean shortwave gets hacked to play Eighties rock. Learn more about your...
Influence operations in Catalonia? IcedID banking Trojan. The Shadow Brokers: an intelligence service or a bunch of moles? Patch notes.
In today's podcast, we hear thatSpain sees foreign influence operations in Catalonia. IBM's X-Force warns of a new banking Trojan. There may be a mole hunt going on in NSAand somewhere the Shadow Brokers are smiling. Anti-virus companies fix theAVGatervulnerability. Firefox and Google both commit to security upgrades.Johannes Ullrich from SANS Technology Institute and the ISCStormcastpodcast on the challenges of random number generation.SteveMcGregoryfrom Ixia on the challenges of dealing with the virtually infinite computing power and bandwidth of cloud computing.Tenable urges people to avoid breaches through good hygiene, and Carbon Black wishes we'd stop calling attackers "hackers." Thanks for listening...
Vault 8 and false-flag allegations. Mole hunting. Equifax breach costs. ISIS returns to WordPress defacements. RoK domestic political influence scandal.
In today's podcast, we hear howVault 8hassucceededVault 7 among WikiLeaks dumps(but it's still all CIA all the time from Mr. Assange and company). GCHQ expresses concerns about Kaspersky anti-virus products. Media reports suggest that NSA is in the middle of a big mole hunt. Equifax begins to tally up the costs of its breach. The US Intelligence Community reiterates its conclusion that dog bites man, or rather, that Russia wants to work mischief with the United States. ISIS defaces school websites. Bin Ladenfils[feess] takes up his late father's mantle online. Some notes on South Korea's domestic influence investigations. A look...
Taiwan Bank Heist and Lazurus Group with BAE's Adrian Nish. [Research Saturday]
Dr. Adrian Nish is head of cyber threat intelligence at BAE Systems. His team has been tracking a new cyber-enabled bank heist in Asia. Some of the tools used are reminiscent of the Bangladesh Bank attack from February 2016.
The full report can be found here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Macro-less malware. Metacriminals and botnet herders. Hacking ships and airliners. Cryptocurrency glitch. Congratulations to the SINET 16.
In today's podcast, we hear that there's no honor among thieves, or botnet herders, either. Reaper still seems quiet. Macro-less malware is a problem, Microsoft warns. Researchers show you can hack an airliner's avionics. The maritime shipping sector worries thatMaerk'sexperience withNotPetyaisn't just a one-off. Etherthe cryptocurrencyis disappearing into theaether(at least this once).Justin Harvey from Accenture on the importance of not failing the basics. Guest is DavidBarzilaifromKarambaSecurity on the security of embedded systems in automated cars.And we congratulate this year's SINET 16.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Fancy Bear's new moves. OceanLotus and Sowbug cyber espionage groups active. Notes from CyCon, and a look at industry news.
In today's podcast we hear some industry news today, briefly, before we get to the cloak-and-keyboard stuff. Fancy Bear has some new dance steps.OceanLotusandSowbug, threat actors, not plants or insects, as you might be forgiven for thinking, snoop on ASEAN and Latin America, respectively. Notes on international law and the future of cyberwar fromCyCon.Joe Carrigan from JHU on the difficulties in reporting vulnerabilities.Robert Rodriguez from SINET on thetrends he sees fromthe companies winning the SINET 16.And Appleby insists the Paradise Papers were not an inside job.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Stolen Paradise Papers aren't making people or companies look good. Off-year election security. Trollhunting. Notes on the future of cyber conflict from CyCon 2017.
In today's podcast we hear more on the Paradise Papers, where the optics are looking more Inferno than Paradiso. Off-year elections in the US are on today amid general concerns about, well, somebody doing something to them.Trollhuntingsometimes brings down the wrong targets. Notes on the future of cyber conflict fromCyCon2017. The Internet's co-inventor says it's time to hold coders accountable for buggy software.Emily Wilson from Terbium Labs with thoughts from a conference in the Netherlands.Wesley Simpson from (ISC)2 making the case that security is a people problem.And Facebook will keep your naughty selfies off the Internet.Reallyjust upload them to the...
The Paradise Papers, tax avoidance, and quiet investments. Kaspersky affair updates. Retaliation against influence operations?
In today's podcast, we hear about the Paradise Papers,a trove of documentsobtained from a Bermuda law firmthatcontaindetails not only about wealthy tax avoiders, but about investments as well. Kaspersky says that its antivirus software did, after all, copy files that weren't viruses. (But they were still bad files.) US Senate Majority Leader McConnell says tech companies should help the US retaliate against nation-states' cyberattacks.Dale Drew from CenturyLink with a call for introspection when considering cyber defenses.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Exploring Phishing Kits with Duo Security's Jordan Wright. [Research Saturday]
In this episode of the CyberWires Research Saturday we are joined by Jordan Wright, Senior Research and Development Engineer at Duo Security. Hes the author of the research report, Phish in a Barrel, which describes his work gathering and examining thousands of phishing kits from around the web.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In today's podcast, we hear thatBadRabbitlooks like misdirection. Fancy Bear's wish list is out, and it's very long, and very global. US prosecutors may be preparing to indict half-a-dozen Russian officials in the DNC hack. Malaysia continues to recover from a major series of data breaches.GhostWriterposes a man-in-the-middle threat to AWS users who misconfigure their accounts. And it was Halloween, but theShadowBrokersweren't much in evidence. Perhaps they were unrecognizable in their Wonder Woman and Mighty Thor costumes?David DuFour from Webroot on recent ransomware trends. Guests are Sherrie Caltagirone, founder and executive director of the Global Emancipation Network (GEN), and Andrew...
The Manhattan terror suspect claims allegiance to ISIS, but ISIS hasn't claimed him. Crimeware notes. Patching news. Crypto wars update. What the Senate learned about info ops.
In today's podcast, we hear that, while theManhattan truck-rammingterrorist claims ISIS, ISIS hasn't claimed him. Notes on conventional cybercrime, with some resurgent banking Trojans and mobile malware. Apple patches iOS against KRACK vulnerabilities. WordPress issues another fix for SQL injection bugs. US Deputy Attorney General Rosenstein takes up the pro-access banner in the crypto wars, but few from the tech sector are rallying to him. Senate hearings on Russian influence operations continue.Chris Poulin from BAH on augmenting human capabilities.Robert Knapp fromCyberGhoston employers raising awareness of cyber security within their organizations.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ransomware old and ransomware new, but can you distinguish it from a wiper? Influence operations hearings on Capitol Hill.
In today's podcast, we hear about ONIansomwarein Japanthatmay prove to be a wiper. Ukraine blamesNotPetyaoperators Black Energy forBadRabbit. Pyongyang feels London is picking on it. Fishing Facebook in Nordic nations. Security firms sell certificate authority business. Twitter won't sell any more ads to RT or Sputnik.Johannes Ullrich from SANS Technology Institute and the ISCStormcastpodcast on honeypots.Russell Jones from Deloitte with the results from a recent medical securitypoll.Duringhearings on influence operations, Senators wonder why Facebook wasn't suspicious when people paid for their advertising in rubles.
Learn more about your ad choices. Visit megaphone.fm/adchoices
A BadRabbit and Reaper update. EU and cyberwar. DPRK denies WannaCry responsibility. China's cyber espionage shifts. Oracle emergency patch. Buganizer wide open. Influence ops. Heathrow security.
In today's podcast, we hear about the state ofBadRabbitand Reaper. The EU drafts a diplomatic framework for self-defense in cyberspace. Pyongyang denies UK attribution ofWannaCryto North Korea. Threat intelligence types suspect the Sino-US cyber modus vivendi might not be the unqualified success it's been taken to be. Oracle issues an emergencypatch. A researcher gets an unauthorized peek at Google'sBuganizer. Congress will hear testimony about influence operations in Twitter, Google, and Facebook.Rick Howard from Palo Alto Networks warns that board members might be targets.AndUSB sticks contain thedarndestthings.
Plus, the Malware Mash.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Reaper looks like a criminal booter on the Chinese black market. BadRabbit shows some moves. Catch-All malicious Chrome extension. Android currency miners in Google Play. Indictments in Russia probe.
In today's podcast, we hear that theReaper botnet is still quiet,andlooking like abooter-for-hire.BadRabbitshows some odd stealth, and some interesting strategic selectivity. A malicious Chrome extension steals everything you put on a website. Currency miners on phones seem to be the kind of crime that doesn't pay, but that's not stopping crooks from stuffing them into Google Play. First indictments in the US probe of Russian election influence operations are out.Emily Wilson from Terbium Labs on third party breaches, what she describes as Not your breach, still your problem.And a class action suit is filed over the Equifax breach. Thanks for...
Tracking a Trojan: KHRAT. [Research Saturday]
The moniker KHRAT came about because of the identification of a Remote Access Trojan (RAT) with command and control infrastructure found in Cambodia (KH). In the most recent episode of the CyberWire's Research Saturday, Ryan Olson, Director of Threat Intelligence at Palo Alto Networks, talks with us about the capabilities of KHRAT and shares details the feature set it provides to threat actors that use it.
https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/
Learn more about your ad choices. Visit megaphone.fm/adchoices
BadRabbit ransomware and Reaper botnet updates. SATCOM bugs. ICS cybersecurity notes. Moscow's free commercial speech piety. Anonymous is back.
In today's podcast, we hear thatBadRabbit, still quiet, looks like aTeleBotsproduct.Reaper is still locked and loaded, butis alsostill quiet. Maritime SATCOM system found to be buggy, and the worse news is that it's beyond its end-of-life. A look back at the annual ICS Cybersecurity Summit that wrapped yesterday in Atlanta. Moscowtells Twitterbuying ads is a free speech issue.Justin Harvey from Accenture on monitoring cloud infrastructure. Guest is MichaelSulmeyer, Director of the Cyber Security Project at the Harvard Kennedy Schools Belfer Center for Science and InternationalAffairs.Anonymousis back and poking at the Spanish government.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Dogs that haven't barked. Surveillance authority reauthorization advances in the US Senate. Notes on ICS cybersecurity.
In today's podcast, we hear that there's still no sign of the Reaper botnet doing anything. An update onBadRabbitwhich for some reason seems to have hopped quietly away from its infrastructure. Other forms of more conventional ransomware, however, remain in circulation, in the wild. It looks as if Kaspersky software might have stumbled across NSA files after all. The US Senate Intelligence Committee has voted to reauthorize Section 702 surveillance authorities through the end of 2025.Ben Yelin from UMD CHHS on states' funding challenges when trying to sure up the security of their voting systems.Bob Ackerman and DaveDeWaltfromAllegisCyber, on the...
BadRabbit hopping though Eastern and Central Europe, and Southwest Asia. DUHK risks. Kaspersky on how a laptop was backdoored. Notes from Atlanta's ICS Cybersecurity Conference.
In today's podcast, we hear aboutBadRabbit,a new strain ofransomwarethat's hopped out ofPetya'shutch. The Lazarus Group is said to have taken control of some servers in India. DUHK [duck] warnings. Are industrial control system operators paying sufficient attention to Level 1 and Level 0 threats? Next May will see not only GDPR, butalsoNIS.Joe Carrigan from JHUreviews a list of security tips suggested byIBM. Guest is Scott Kaine, CEO of Delta Risk on cloud migration securityissues.AndKaperskycontinues to protest its innocence of spying, and offers an explanation of what really happened with NSA leaks.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Reaper botnet update, Election hacking in Kenya, Czech Republic. M&A notes. APT28's phishing. Kaspersky's offer of code review. FBI shots in the crypto wars.
In today's podcast, we learn thatHurricane Reaper, the big IoT botnet, remains a digital tropical depression, but plenty of people are warning everyone to stock up on the cyber equivalents of flashlight batteries and bottled water. Czech parliament sites hacked in apparent election-related mischief. Kenya's contentious re-vote approaches. APT28 gets a Bronx cheer for lameCyConphishing, but don't get cocky, kid. KnowBe4 and Cisco announce acquisitions. Kaspersky seeks to undo reputational damage inflicted by US Government ban. The FBI re-engages in the crypto wars.David DuFour from Webroot on phishing trends.PhilNerayfrom CyberX reviewing their Global ICS &IIoTRisk Report.If you had a nose...
Reaper botnet looming, but not yet landed. CyCon phishing. How to troll for influence.
In today's podcast, we share some notes on active malware campaigns, and a warning to be on the lookout for the Reaper botnet, which hasn't yet realized its disruptive potential. Kaspersky opens its source code to independent review, to show it's got nothing to hide. Fancy Bear is phishing for you if you plan to attendCyCon. The difficulty of recognizing trolls, and the dangers of innocent posts getting badly lost in translation. A quick note about the ICS Security Conference.Dale Drew from Level 3 Communications on managing the security of the supply chain.And looking forlulzin all the wrong places. Learn...
WireX BotNet with Justin Paine from Cloudflare. [Research Saturday]
In August 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. (The botnet is named for an anagram for one of the delimiter strings in its command and control protocol.) The WireX botnet is primarily made up of Android devices running malicious applications and is designed to create DDoS traffic. The botnet is sometimes associated with ransom notes to targets.
Justin Paine is Head of Trust and Safety at Cloudflare, and he joins us to share the WireX story.
https://blog.cloudflare.com/the-wirex-botnet/
Learn more about your ad choices. Visit megaphone.fm/adchoices
IoT DDoS hurricane forming? Sofacy exploits patched Flash bug. NotPetya continues to impose costs. Snooping with mobile app ads.
In today's podcast we hear that an IoT botnet hurricane may be forming among IP cameras. (IP cameras are to DDoS what the West African coast is to Atlantic tropical depressions.)Sofacyrushes to exploit a patched Flash bug in a use-it-or-lose-it espionage race. Want to spy on someone? Go buy an ad. Cisco patches the wi-fi KRACK.NotPetya'sstill costing manufacturers and their insurers a lot of money.MalwareTech, a.k.a.Emily Wilson from Terbium Labs responding to post-Equifax breach credit agency claims that they can scan the Dark Web.Michael Sutton, CISO atZscaleron zero-day hoarding.Marcus Hutchins, gets to take off that GPS and stay out late,...
Leviathan group exploits patched .NET flaw. North Korean cyber ops. Russian suspicions. Cutlet Maker ATM malware, Sockbot Minecraft malware. Ransomware and backups.
In today's podcast, we hear about how acyber espionage campaign exploits a recently patched .NET vulnerability as Leviathan phishes with torpedo recovery programs. What does Pyongyang want in cyberspace? Apparently a lot of the same things it wants in physical space. Some observers think Putin thinks the Americans started that whole destabilization anddelegitimationinfluence ops struggle. He's probably wrong, but there you go. Cutlet Maker malware jackpots ATMs.BoundHookstealth tool demonstrated.Minecraft malware got into Google Play.Ben Yelin from UMD CHHS with a follow up on President Trumps executive orders. Guest is Dinah Davis from Code.Likeagirl.iowith an update on their activities.Ransomware's still a...
DPRK returns to bank robbery. Ransomware updates. Patches from Oracle, Lenovo, BlackBerry. Criminal coin miners.
In today's podcast we hear that the Lazarus Group is back at it with SWIFT.Maniberransomware hits South Korea. Researchers cast the first KRACK-related stone at IEEE. Oracle, BlackBerry, and Lenovo patch. A study finds criminals turning tocryptominers.AwaisRashid from Lancaster University on securing critical infrastructure.Aaron Higbee, CTO ofPhishMe,on the human factors inphishing.Andonecryptominerseems to be tugging on Superman's capeOPSEC isn't their strong suit, to say the least. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. We read Recorded Futures free intel daily, and we think you'll find it valuable,...
Panama Papers assassination? Black Oasis exploits Flash Player. DPRK hacked TV show. Patching KRACK and ROCA. WikiLeaks prepping something? DHS BOD 18-01. SCOTUS to rule on data warrants.
In today's podcast, we hear about the assassination of areporter who covered the Panama Papers.TheBlack Oasisthreat groupis found distributingFinFisherby exploitation of a bug in Flash Player. North Korean hacking is said to have been responsible for cancellation of a projected television show. Infineon patches a firmware flaw that could be exploited in a Coppersmith's attack. Vendors work to close the KRACK in their wi-fi products. WikiLeaks appears to be preparing for a large dump. The US Department of Homeland Security mandates improved email and website security across the Federal Government.David DuFour from Webroot discussing Bluetooth vulnerabilities.Neil Murray from Mimecast on...
KRACK attacks. Iran's growing capability in cyberspace. Swedish and Polish targets probed by state-directed cyber ops. QR code security issues. Russia to introduce official cryptocurrency.
In today's podcast, we hear about howKRACK attacks getpastsecure wi-fi protocols. Probes and distributed denial-of-service incidents in Poland and Sweden have the look of state operations. East Asian threat actors moving on from cyber espionage to supply chain attacks. Iran blamed for June's hack of UK Parliamentary email. QR codes may pose security issues. Do FSB social media trolls really train against US targets by watching House of Cards?Johannes Ullrich from SANS Technology Institute and the ISCStormcastpodcast on scammers taking advantage of disaster.And can theCryptoRublereally complete withVopperCoin? Investors want to know. Thanks for listening to the CyberWire. One of the...
Synthesized DNA Malware with Peter Ney. [Research Saturday]
Peter Ney is a PhD candidate in the Allen School of Computer Science and Engineering at the University of Washington where he is advised by Professor Tadayoshi Kohno. His current research is focused on understanding computer security risks in emerging technologies like DNA synthesis and sequencing and the new threats posed by maliciously crafted, synthetic DNA. He and his team found that security of DNA processing programs is poor and show with a proof-of-concept that it is possible to attack computer systems with adversarial synthetic DNA.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Germany's BSI sees no problem in Kasperky software. Equifax, TransUnion, suffer from third-party malvertizing code. ISIS expected to change its inspiration. Notes on the dark web.
In today's podcast, we hear thatGerman authorities say they see nothing bad up with Kaspersky software, but they're in the Western minority on this one. ISIS messaging looks as if it's shifting toward ahejiranarrative. Hyatt discloses a significant credit card breach. Equifax and its competitor TransUnion both remove third-partymalvertizingcode from their websites.Malek Ben Salem from Accenture Labs with a new vulnerability in software defined networks. Guest is Jeff Schilling, CSO of Armor Cloud Security with insights onRussian stateactors.Andthe dark web is in many ways a lot like the regular web, down to seasonal sales, customer reviews, and cat pictures. Learn...
Panama Papers pinch. North Korean spearphishing against ICS. CyberMaryland notes. Google Home Mini was tale-bearing (but now it's better).
In today's podcast, we hear thatGerman police raid a Panama Papers connected slush fund. North Koreaspearphishesin the North American power grid. Security tools can be dual-use, too. Notes onCyberMaryland, where we heard about business climates, the Baltimore-to-Birmingham cyber connection, the Red Queen's race, and the curmudgeonly demeanor too many security types cop.Rick Howard from Palo Alto Networks with an update on the Cyber Canon suggested reading list and a call to vote for the nominated books. Guest is John Morello fromTwistlockon securing container environments.And Google Home's Mini speakers were apparently listening and tattling as well as speaking. Thanks for listening...
Israel said to have tipped the US off concerning Kaspersky risks. Accenture databases exposed. Deloitte breach may be worse than initially thought.
In today'sCyberWire, we discuss why theUS Intelligence Communitygot prickly about Kaspersky: their Israeli colleagues tipped them off that something was fishy in the software's use.UpGuardsays Accenture left some AWS data buckets exposed. Accenture says they were associated with decommissioned systems, but exposed they seem to have been. Sources say Deloitte's breach is worse than hitherto disclosed, with more than three-hundred clients exposed.Joe Carrigan from JHU ISI with somefollow-upfrom a listener on password security when using password managers.BrianNeSmithfrom Arctic Wolf with results from an IoT ransomware survey. Thanks for listening to the CyberWire. One of the ways you can support what...
Cyberespionage in the Korean peninsula. Russian influence operators bought Facebook, Google ads. Forrester hacked. Kovter, OilRig get upgrades. US CYBERCOM CSM notes.
In today's podcast, we hear thatNorth Korea may have hacked into South Korean defense plans. Facebook and Google receive increasing scrutiny for Russian ad buys during 2016 US election season. A dissident Chinese billionaire, exiled to New York, says he's been under cyberattack from Shanghai.OilRigis back, with new and improved cyberespionage. Forrester market research reports accessed by hackers.Kovtermalware gets an upgrade.Chris Poulin from BAH on medical device safety.YassirAbousselhamfrom Okta on challenges establishing and managing identity.And we offer some observations from the Cyber Pavilion at the Association of the United States Army meetings. Thanks for listening to the CyberWire. One of...
GDPR: Privacy from Across the Pond [Special Edition]
Following major breach revelations from Equifax, Yahoo!, Deloitte and the US Securities and Exchange commission, there have been many calls in the US for increased legislation and regulation that would force better privacy and identity management practices. In this CyberWire special edition, well ask some cyber security experts about GDPR, what it means for privacy and data use, the right to be forgotten, the penalties for noncompliance, and what it means for organizations outside the EU. Joining us are Steve Durbin, Managing Director of the Information Security Forum,a not-for-profit organization providing its members with guidance on cyber, information security and...
Android Toast Overlay: Ryan Olson from Palo Alto Networks. [Research Saturday]
Android Toast Overlay enables attackers to trick Android users into enabling permissions on infected devices by making them think they are clicking on benign buttons superimposed over the user interface.
Ryan Olson is Director of Threat Intelligence at Palo Alto Networks' Unity 42, and he joins us to share their research.
Learn more about your ad choices. Visit megaphone.fm/adchoices
FSB got NSA with an assist (witting or unwitting) from Kaspersky? Germany calls off mass surveillance investigation. Reality Winner stays in jail.
In today's podcast, we hear more on what happened with NSA material at (allegedly) Russian hands. Kaspersky security software alleged to have been exploited for intelligence service reconnaissance of contractor machine. Germany cancels post-Snowden surveillance investigation. Reality Winner will not be released on bail.AwaisRashid from Lancaster University on securing the supplychain. Guest is Timothy H. Edgar, author of Beyond Snowden: Privacy, Mass Surveillance, and the Struggle to Reform the NSA.
Learn more about your ad choices. Visit megaphone.fm/adchoices
NSA breach announced today (occurred in 2015, discovered in 2016) may be final nail in Kaspersky Lab's coffin.
In today's podcast we hear that sensitive NSA files appear to have been obtained by Russian intelligence services, and there are claims Kaspersky software was the gateway to compromise.Las Vegas massacre investigation expands to consider possibility of accomplices. A new password stealer is out in the wild. NFL Players Association data exposed.Justin Harvey from Accenture on insider threats. Guest JoeColeman, cyberthreat intelligence analyst fromPepsiCo.TheFCC was mostly advised by bots on net neutrality (and bots who haven't benefited from DeepMind's ethics class).
Learn more about your ad choices. Visit megaphone.fm/adchoices
No insight yet into Las Vegas gunman's motive as ISIS inspiration generally discounted. Yahoo! breach affected 3, not 1, billion user accounts. Equifax updates.
In today's podcast, we hear thatISIS claims of responsibility for Las Vegas murders continue to lose plausibility, but the shooter's motives remain a mystery. Yahoo!'s epic breach just got even more epic. Equifax looks little better in the wake of its CEO's Congressional testimony. A major breach seems to be unfolding in India.Jonathan Katz from UMD on the importance of random numbers for cryptography. Guest is Dave Mahon from Century Link on the importance of diversity and opportunities for women in cyber security.And does Star Fleet still run Windows XP? Who's responsible for information security on that bridge anyway? Thanks...
Fake news and information operations with no obvious solution. Equifax update. US Cyber Command vs. DPRK
In today's podcast, we consider the bogus rumors and highly questionable claims of responsibility circulatingonline after the Las Vegas massacre. ISIS is especially keen to make inspirational capital out of senseless killing and suffering. Google and Facebook come under pressure to moderate the content they carry. The UK prepares to pass tougher restrictions on viewing radical content. The Equifax breach gets two-and-a-half-million people bigger.Ben Yelin from UMD CHHS on Yahoo! data breach victims right to sue.TonyGauda, CEO ofThinAiron dealing with insiderthreats.AndUS Cyber Command is said to have disrupted North Korean intelligence networks. Thanks for listening to the CyberWire. One of...
Bots, sockpuppets, and trolls. Facebook talks to Congress. Some suggest China hacked Equifax. DPRK gets more Internet. ISIS inspiration. Section 702 authority in doubt.
In today's podcast, it's bots,sockpuppets, and trolls, oh my.Mr. Zuckerberg goes to Washington. Equifax sources suggest Chinahacked it. Credit bureauphishbaitchums the Internet. Pyongyang gets a new Internet connection, and observers bet it's not for checking Mr. Kim's fantasy sports leagues (anyway he could get all that from Mr. Rodman). ISIS posts more inspiration, and warnings. NSA prepares to wind down Section 702 operations.Johannes Ullrich from SANS Technology Institute and the ISCStormcastpodcast on malware using malicious DLL files.US and Russia seem to agree on one thing at least: Bitcoin fraud is bad.
Learn more about your ad choices. Visit megaphone.fm/adchoices
APT 33: FireEye's John Hultquist on an Iranian Cyber Espionage Group. [Research Saturday]
APT 33 is an Iranian cyber espionage group that targets aerospace and energy sectors and has ties to destructive malware. John Hultquist is Director of Intelligence Analysis at FireEye, and he takes us through their research.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Whole Foods breached. Illusion gap and Windows Defender. Exposed AWS S3 buckets. Equifax incident response. Reality Winner proceedings.
In today's podcast, we hear thatWhole Foods has been breachedif you've been to the taproom, look to your credit cards. An illusion gap could help bypass Windows Defender, says Cyber Ark. Microsoft says don't sweat the small stuff. A Mac firmware issue may be giving users a false sense of security. Equifax is offering a lifetime of free credit freezing, but observers are dubious. A study suggests there are still a lot of improperly secured clouds out there. ISIS and the Taliban resume their inspiration operations online.David DuFour from Webroot on the difference between Artificial Intelligence and Machine Learning. Guest...
Deloitte and Equifax under the microscope. Congress grills the SEC. Credential theft trends.
Deloitte and Equifax continue to findthemselvesunder scrutiny, but we should all resist the urge to chase Ambulances. The SECcommissionergets a grilling form congress, and we can't help wonder if hisSpideysense wastingling. Chances are your credentials aren't as secure as you'd like them.Dale Drew from Level 3 Communications on attack patterns and lulls.Trip Nine from Comodo on credential thefttrends.AndPyongyang is perched on a pile of coal.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Comments on the Deloitte breach. SEC Commissioner talks to the Senate. Sonic breached. Vulnerable stock-trading apps. Russian influence operations shift their focus.
In today's podcast, we hear more about theDeloittebreach. Deloitte'sstilsaying little, butother people are talking.The SEC tells the Senate it's "deeply concerned" about its own breach. Popular iOS and Android stock-trading apps are found vulnerable. Sonic drive-ins have sustained what looks like a pretty big breach.Ben Yelin discussesa bipartisan bill to improve IoT security.Isaac Kohen fromTeramindon detecting employees involved in radical political activities on company time.Russian influence operations against the US are turning toward local government, religious groups, civic associations and others at the grassroots. Thanks for listening to the CyberWire. One of the ways you can support what we do...
Equifax C-suite retirements continue. Deloitte still has little to say about its breach. Mac OS zero-day goes unpatched. Russian influence operations.
In today's podcast we hear thatEquifax CEO Smithhas joined the company's CSO and CIO in retirement, apparent expiation for the credit bureau'sbreacn. Deloitte remains tight-lipped. Suggestions about how to handle identity and investigate breaches. Mac OS High Sierra suffers from a password exfiltration zero-day.Joe Carrigandiscusses Dave'sskepticism of password managers.Stephen Moore fromExabeamon post-breach cleanup.Two days after Germany's elections and the Russian dog hasn't barked (or the Bears growled) but there are plenty of 2016 paw prints over US opinion. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded...
Deloitte hacked. Verizon AWS S3 exposure. Phantom Squad's protection racket. Nuclear tension expected to spawn cyberattacks. Updates on CCleaner backdoor and FinFisher distro. Carlos Danger goes to jail.
In today's podcast, we review reports sayingthat Deloitte has been hacked. Details are sparse but the story is developing. A Verizon AWS S3 bucket is found exposed online.Lockyis being spammed out in quantity. Phantom Squad hoods run a DDoS protection racket. Kinetic tensions the US, Tehran, and North Korea raise expectations of cyber offensives. Chinese intelligence thought behindCCleanerbackdoor. Unnamed ISPs accused ofFinFisherspyware campaign complicity.Chris Poulin from BAH on vulnerabilities in connected cars.And Carlos Danger will go to the Big House. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our...
In 2016 Bitdefender uncovered a new advanced persistent threat dubbed Pacifier, targeting government institutions starting in 2014.Using malicious .doc documents and .zip files distributed via spear phishing e-mails, attackers would lure victims with invitations to socialfunctions or conferences into executing the attachments. Its capable of droppingmulti-stage backdoors.
Liviu Arsene is a senior e-threat analyst at BitDefender, and he's our guide to the complex components of Pacifier APT.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hacks shake confidence in financial system. FinFisher using MitM. CCleaner backdoor had specific targets in mind? US Forces Korea debunks bogus NEO warning. Locky masters like Game of Thrones. nRansomware asks for a different kind of payout.
In today's podcast, we hear that theEDGAR breachis beingseen as a blow to confidence in financial system. Credit bureaus continue to receive heightened scrutiny after the Equifax breach.FinFishercampaign suggests ISPs may have been compromised. The backdoor inCCleanerseems to have targeted specific companies. US Forces Korea personnel receive a bogus noncombatant evacuation order. Someone behindLockywatches a lot of Game of Thrones.Malek Ben Salem from Accenture Labs with a new attack vector that uses power management systems. Guest is Robert Sell sharing his experience participating in a DEFCON capture the flag.And Thomas the Tank Engine would never do what some skids show...
EDGAR hack enabled illicit stock trades? Equifax tweets phishing url to troubled inquirers. Kaspersky ban clarified.
In today's podcast, we hear that theSECwashacked, and someone might have made a lot of moneyfrom the incident. Equifax tweets send inquirers to a phishing site. Investigation into the Avast caper suggests a state intelligence service's hand. The Department of Homeland Security clarifies its ban on Kaspersky products.Emily Wilson from Terbium Labs, cautioning us to not be so distracted by big shiny objects like "taking down the power grid" that we forget the basics, like enabling two-factor authentication.Richard Henderson, global security strategist at Absolute, commenting on the Equifax breach and the challenges of keeping up withpatching.Andchatbots turn spiritual. Thanks for...
German election update: nichts neues. Equifax breach. Viacom dodges a bad bucket. Like Sandworm, but from Tehran. Less than fully successful criminals.
In today's podcast we learn that so farRussianinfluence seems not to be operating in Germany's election. Iran's APT33 turns from spying to sabotage. Equifax woes continue, but don't appear to include cover-up of an earlier breach. UpGuard helps Viacom dodge a cyber bullet. You may be party to a contract you didnt know about. Criminal boneheads again more common than criminal geniuses.Ben Yelin from UMD CHHS with a story of the FBI raiding the wrong home based onWiFirouter information. Guest is Eddie Habibi from PAS, debunking some ICSmyths.Anddon't be a gazelle. Thanks for listening to the CyberWire. One of the...
Russia Spy Files from WikiLeaks. Disinformation and influence operations. Equifax sustained a breach in March. Software supply chain issues.
In today's podcast, we hear thatWikiLeaks is shocked, shocked, to learn that there's gamblinguh, we mean, Russian surveillance going on. Advice from Ukraine about influence operations. The Equifax story may have gotten worsethere may have been an earlier breach in March. Software supply chain issues come up in an Avast backdoor.AwaisRashid from Lancaster University on security being the responsibility of everyone in an organization, not just the IT folks.Mike Kail fromCybricon theDevSecOpstrend.Industry notes, and the "Unlucky 13,' presented by Johns Hopkins. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting...
Russian dogs not yet barking in German elections. ISIS is doing a lot of howling at lone wolves. Equifax updates. CCleaner found unclean. OurMine hacks Vevo to avenge its honor.
In today's podcast, we note reports that, whileGermany will hold elections Sunday, Russian cyber operators seem quiet. Too quiet? Switzerland and Singapore both report sustaining state-sponsored cyber espionage attempts. ISIS howls for its lone wolves to hit soft targets. The Equifax breach news isn't getting any better. Cisco finds a backdoor in an Avast security product.Chris PoulinfromBooz AllenHamilton, ournewestindustry partner,introduceshimself. He leads the Internet of Things security strategy in Booz Allens Dark Labs, as well as dabbles in Machine Intelligence. He joins BAH from IBM, where he lead their X-Force research teams and built the first prototype Watson forcybersecurity.OurMinehackers hitVevoto...
Deepen Desai, senior director of security research and operations at Zscaler, describes research he and his team have been doing since discovered a clever bit of malware theyve named Cobian RAT. (RAT stands for Remote Access Trojan.) Its available for free, but contains a back door that allows the original author to access and control the RAT remotely.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Equifax agonistes. Kaspersky denies his company's a security risk. Political database for sale found exposed. Trolling the DCI.
In today's podcast, we hear about howEquifax continues to struggle in the quicksand of wayward patching and clumsy incident response. Congress, the FTC, the CFPB, andDoNotPayare all taking an interest. Another unsecured databasethis one for sale to political campaignsis found (Alaska voters are affected). Kaspersky says his company is a bystander that's been hit in the Russo-American political crossfire. The US Navy continues to investigate the USS McCain collision.Justin Harvey from Accenture on what its like to be on an incident response team.Luke Beeson from BT on the challenges such a large organization faces protecting themselves and theirclients.AndHarvard decides Manning...
Binding Operational Directive 17-01 hits Kaspersky. Point-of-sale malware found in some ElastiSearch servers. BlueBorne proves widespread. Equifax breach updates, industry notes, a look at the Billington Summit.
In today's podcast, we hear thatDHS tells the US Executive Branch to stop using Kaspersky security software. Kromtech findsElastiSearchservers hosting point-of-sale malware.BlueBornebugs buzz billions of boxes. Equifax says that its breach was accomplished via the Apache Struts flaw patched in April. Industry notes include both venture funding and acquisition news. We take a quick look back at theBillingtonCyberSecuritySummit.Johannes Ulrich with an update on the Mirai botnet.RenatoMarinho, Chief Research Officer atMorphusLabs, on a bad Chrome browser extension that can steal bankingcredentials.Androbo-lawyers come to small claims court. Thanks for listening to the CyberWire. One of the ways you can support what we...
North Korea turns to cryptocurrency theft. Equifax breach gets worse. Patch Tuesday. Duma says US election hacked
In today's podcast, we hear thatNorth Korea's stealing all the Bitcoins it can find. The Equifax breach continues to spread: countries other than the US are increasingly involved. Patch Tuesday notes. The US Director of National Intelligence addresses theBillingtonCyberSecuritySummit.Joe Carrigan from JHU on VPN companies collecting private user data.Dr. Richard Ford, Chief Scientist, Forcepoint, on the Equifax breach.And did a Russian lawmaker just cop to the influence ops President Putin has so piously denied? Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. We read Recorded Futures free...
Equifax breach news. Unsecured admin accounts. BlueBorne via Bluetooth. Hackable medical devices. Bots convince. A guilty plea draws a long sentence.
In today's podcast, we hear about howEquifaxhasattractedmore attention from plaintiffs, AGs, and Congress. Everyone else is on heightened alert for fraud and identity theft. MongoDB says users of its database process were not assigning passwords to administrative accounts. A Bluetooth-based attack vector, "BlueBorne," is described. Syringe pumps are found to be hackable. Bots serve more effective social media clickbait than human operators can.Robert M. Lee from Dragos on deterrence.MykeCole, cyber security analystand fantasy writerdiscussing the importance of empathy when considering youradversaries.AndRomanSeleznevgets 27 years after he cops a plea to hacking. Thanks for listening to the CyberWire. One of the ways...
Everything Equifax, with some notes on German election vulnerabilities and an update on the Crackas With Attitude.
Today's podcast features all thingsEquifax, as the credit bureau deals with its breach (and the lawyers and Wall Street wind up to deal with the credit bureau). The Chaos Computer Club says it's found major flaws in German election software. Moscow seems to have done a lot ofcatphishingin social media during the last US campaign season. Best Buy boots Kaspersky security products from its big box stores.Dale Drew from Level 3 Communications with some sobering statistics on attack trends.And aCrackawith Attitude gets five years in Club Fed. Thanks for listening to the CyberWire. One of the ways you can support...
Equifax decides to tell people it's been breached. Notes from the Intelligence and National Security Summit. WikiLeaks dumps missile guidance documents from Vault7. The ShadowBrokers are back, with a new offer.
In today's podcast we hear that credit bureauEquifaxhaddiscloseda massive data breach it discovered on July 29th. Does that mean they're about a month delinquent? WikiLeaks weekly Vault7 dump departs from past practice with respect to content. TheShadowBrokersare back, and offering a twice monthly twofer.Emily Wilson from Terbium Labs with her thoughts on the encryptiondebate.AlexanderKlimburg,author of The DarkeningWeb.AndIntelligence Community leaders agree on at least three things: they need a better security clearance process, they need Section 702, and nowadays all intelligence involves cyber intelligence. Thanks for listening to the CyberWire. One of the ways you can support what we do is...
DragonFly 2.0 in power grids. Cyberespionage in the South China Sea. Russian Facebook ads. "Fake News" survey.
DragonFly 2.0 is up to some very bad things in several nations' power grids. China ramps up cyberespionage against South China Sea rivals. Facebook finds that a Russian front company bought more than $100,000 in influence-ops ads on its service over the last two years.US info ops stumble over a dog.Jonathan Katz on encryption bit depth.Kyle Wilhoit from Domain Tools with the results of a Black Hatsurvey on "fake news."And a Japanese 13-year-old is in hot water for trying to sell malware. Thanks for listening to the CyberWire. One of the ways you can support what we do is by...
Apache Struts patched. Dragonfly is in the power grid. Ransomware notes. Taringa breached. Cryptocurrencies in China and Russia. Signal stealing that's not SIGINT.
In today's podcast we hear about acritical vulnerability in Apache Struts. It's beenpatchedenterprises are advised to apply it as soon as possible. Dragonfly poses a clear and present danger to European and US power grids. Ransomware continues rampant. Latin American social media platformTaringasuffers a breach. Notes from the Intelligence and National Security Summit. Cryptocurrencies in China and Russia.Ben Yelin from UMD CHHS on the resignation of manyof President Trumpscyber security advisors. Guest is TomBillingtonpromoting theupcomingBillingtonCybersecurityevent.Andsay itain'tso, Joeare the Red Sox stealing signals with an Apple Watch? Thanks for listening to the CyberWire. One of the ways you can support what...
Influence operations in Germany. More Turla. KHRAT looks like political spying. Exposed AWS S3 and MongoDB databases hit. Ransomware notes. Cyber gangland rumbles.
In today's podcast, we hear that election influence operations appear to have begunin Germany. Turla's spoor tracked to the Pacifier APT. Cambodia takes an authoritarian turn, possibly extending to domestic spying via RAT. Rival jihadists remain active online; US Cyber Command working to deny them cyberspace safe havens. More exposed AWS S3 databases. MongoDB databases hit with ransom wiper.PrincessLockerandLockyransomware continue to romp in the wild. Free RAT backdoors criminals.Johannes Ulrich from SANS Technology Institute and the ISCStormcastpodcast on DDoS extortionemails.Disgruntledcustomer doxesbooterservice. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting...
Kenyan election nullified over electronic irregularities. South China Sea cyber espionage. WikiLeaks' Vault7 dumps Angelfire. Accused leaker wants her statements excluded. DPRK raids ROK Bitcoin. WhopperCoin is here.
In today's podcast, we hear thatKenya's Supreme Courthas nullifiedthat country's presidential election results over electronic irregularities in the balloting. Chinese steps up cyber espionage against Vietnam during South China Sea disputes. Ransomware continued to surge this week. WikiLeaks dumps "Angelfire" documents from Vault7. Reality Winner says she wasn't properly Mirandized by the FBI. North Korea raids South Korean Bitcoin exchanges.Joe Carrigan from JHU on security issues with fitness apps.Charles Henderson from IBMs X-Force Red group on automotive security.And get ready forWhopperCoin. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting...
Turla's Gazer backdoor. OurMine vs. WikiLeaks; WikiLeaks vs. CIA. Reality Winner trial. House of Cards material leaks. Patching notes. Insecure APIs.
In today's podcast we hear thatTurla's using some sophisticated code against diplomatic and defense industry targets.OurMinehackers use DNS poisoning against WikiLeaks, but WikiLeaks opens up Vault7 anyway: this week it's "Angelfire." Accused US Intelligence CommunityleakerReality Winner wants her initial statements to investigators suppressed at trial. House of Cards leaks stories and other material related to the TV show. A quick patchingupdate. Insecure APIs take a toll on Instagram and the FCC.Emily Wilson from Terbium Labs with her thoughts on the closure of Alpha Bay.Mike Kearney from Deloitte on predictive reputation protection.And what's up with Rick and Morty? Thanks for listening...
Phishing and watering hole alerts. Is DPRK stealing Bitcoin? NHS Lanarkshire ransomware identified as Bit Paymer. Onliner spambot has hundreds of millions of email addresses. St. Jude pacemaker patch.
In today's podcast, we hear warnings against takingthe Hurricane Harveyphishbait. The IRS says that email telling you to download a questionnaire and return it to the FBI isn't from them. Why you really don't want that tutorial in tumbling Bitcoin. Sources accuse North Korea of stealing cryptocurrency.Trickbotis back, andit'sswiping Bitcoin. The ransomware strain in Scottish hospitals was Bit Paymer. More than 700 million email addresses found in theOnlinerspambot. UK retailer suffers breach. St. Jude pacemakers get a firmwarepatch.Robert M Lee from Dragos on cutting through the hype.Joseph Loomis, promoting the upcoming IR17event.Andsome industry notes. Thanks for listening to the CyberWire....
NIST Cybersecurity Framework [Special Editions]
Having a set of standards by which to measure your security organization, being able to compare your security posture to other organizations, and being able to justify your choices to investors and insurance firms are all worthwhile goals? Its beneficial to have widely agreed upon standards of care and measurement in cyber security, to help know where you stand, where theres room for improvement, and whats important to you. Thats where frameworks come in, and the NIST cybersecurity framework is one of the most popular in the cybersecurity industry. In this CyberWire special edition, well examine frameworks in general and...
Cyberespionage in South Asia. NHS hack confirmed as ransomare. Notes on Hancitor. WireX Android botnet taken down. Fat-fingering BGP. Topical phishbait.
In today's podcast, we hear reports of cyberespionage against both India and Pakistansome unknown third nation-state is said to be responsible. NHSLanarkshirehack confirmed as ransomware. Notes onHancitormalware, WireX Android DDoS botnet discovered and taken down by an industry consortium. BGP fumble hit Japan's Internet, not hackers. Hurricane Harvey and Game of Thronesphishbaitin circulation.Justin Harvey from Accenture on open source threat intelligence.AviReichentalfromXponentialWorkson security issues with implantable data devices.And no, not that GPS. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Check out & subscribe to Recorded Futures free...
Maritime cybersecurity concerns. ExpressLane dump stirs up international trouble. IoT botnet threat addressed. Defray ransomware. Cyberattack in Scotland. Tehran's info-ops rapper.
In today's podcast, we hear that theUSS McCain collision appears to unrelated to any cyberattack, but observers warn of ICS security issues as maritime cyber concerns rise. WikiLeaks'ExpressLaneVault7 dump raises concerns in India. Telnet credentials for Internet-of-things devices exposed; security experts work to close this DDoS risk. "Defray" ransomware being distributed with unusually precise and plausiblespearphishing. A ransomware attack disrupts some healthcare services in Scotland. Acquisition news in the cyber sector.Ben Yelin from UMD CHHS on web sites logging form submissions even before you hit the submitbutton.AndIranian information operations seem to be piping the devil's tune (more or less literally,...
Clouds, crooks, cheats, and cryptocurrencies. Vault7 leaks liaisonware. Rumors about FSB officers charged with treason. FBI arrests Chinese national in OPM hack. Extremism online flows more than it ebbs.
In today's podcast we hear about how the four C'shavecome together: clouds, crooks, cheats, andcrypotcurrencies.Lockycontinues to circulate in evolved forms. WikiLeaks dumps some curious allegedliaisonwaredocuments from Vault7. Russiansources report that FSB officers facing treason charges in Moscow may have given up some connected hackers to the Americans. The FBI makes an arrest in the OPM breach. The Daily Stormer is way offline, but ISIS and its parasitic slave-trading gangs are decidedly online.Dale Drew from Level 3 Communications with some threat intelligence on phishing and malware. Guest is Nicole Eagan, CEO ofDarktrace.And another consequence ofNotPetyaseems to be a pet food shortage....
Cyberattacks that may not have been. Ropemaker corrupts email after delivery. Concerns about companies working for intelligence services.
In today's podcast we consider the way in which two potential state cyberattacksare nowlookingmore like, respectively, an accident and a conventional crime. US Government officials double-down on warnings of Kaspersky connection to the Kremlin, and Australia's Government isn't buying Huawei's protests that it's not working for the PLA, either. Ropemaker attacks could inject malicious code into email after it's been delivered.Joe Carrigan from JHU on medical device security legislation.Christopher Pierson fromViewpostwith observations from DEFCON.Some teasers on the Chertoff Group's Security Series. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting...
Independence day cyberattack worries in Ukraine. US Navy eliminating possibility of cyberattack on USS McCain. More malicious apps in Google Play. US state cyber regs. ISIS still works to inspire online.
In today's podcast, we hear thatUkraineis worriedabout cyberattacks in conjunction with tomorrow'sindependence dayholiday. The US Navy investigates the possibility of cyberattack in this week's Malacca Straits collision, but that possibility may be fading.Zscalerfinds more malicious apps in Google Play.New York State's Department of Financial Services' cyber regulations begin to take effect Monday. Delaware is also stepping up data security regulations.Johannes Ulrich from the SANS Technology Institute and the ISCStormcastpodcast on hacks to Uber driveraccounts.TonyDahburafrom JHU promotestheir upcoming Cyber Security Conference for Executives.And ISIS continues its inspiration online as police in many countries scramble to follow the Caliphate's messaging. Thanks for...
Cyber concerns about naval and maritime shipping operations. AWS S3 data exposure. Game of Thrones hack. NHS breach? Killer robots. Scareware.
In today's podcast, we hear about maritime hacking worries, with potential risks to navigation, cargo handling, and manifest data.Another misconfigured AWS S3 bucket exposes business data. "Mr. Smith" says he's going to release the Game of Thrones season finale. The UK's NHS may have been breached. Google pulls 500 backdoored apps from the Play store. Fear of robots.Filelesscryptocurrency miner installed throughEternalBlue.Jonathan Katz from UMD on separating science from snake oil.Dan Larson fromCrowdStrikeon incident response for zero-days.Scareware scares web surfers. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors....
GCHQ and MalwareTech's arrest. Chinese oilfield sustains malware infestation. US Cyber Command now a UCC. Ukraine fears another cyber campaign. Turla returns. GPS spoofing. Extremism online. ICO hack.
In today's podcast, we hear thatGCHQ may have known about the FBI's intentions to arrest Marcus Hutchins even before Hutchins departed England for Black Hat. A Chinese oil production field is thought to have sustained some sort of cyber incident similar to those involvingNotPetya. US Cyber Command receives elevated statusit's now the tenth Unified Combatant Command. Ukrainian authorities warn that country's financial sector to expect a new wave of cyberattacks. Turla is back, inviting you to the G20 meetings. GPS spoofing fears rise. Dealing with extremism online.Palo Alto Networks' Rick Howard on the fading popularity of the Rig exploit kit.Andanother...
Ransomware updates. ShadowPad backdoor may have got into the supply chain from a Chinese APT group. Apple Secure Enclave decryption key released. Profexor and Fancy Bear. Misconfigured AWS S3 exposes voter data. Countering extremism online. FBI continues
In today's podcast, we hear that ransomware strains, old and new, arecirculating in the wild.ShadowPadbackdoors are tentatively attributed to Chinese espionage operations in the supply chain. A hacker releases the decryption key for Apple's Secure Enclave.Profexormay actually not know much about Fancy Bear's romp through the DNC. Another misconfiguredAWSbucket exposes data on voters in Chicago. The difficulties of countering extremism online.Malek Ben Salem from Accenture Labs on the cloud security maturity model.Joseph Carson fromThycoticon the evolution of phishing campaigns.The FBI has a roadshow warning companies of the risks of using Kaspersky security products. Learn more about your ad choices. Visit...
Email brute-forcing. Aadhaar woes. Leaked Equation Group exploits remain a problem. Hijacked Chrome extensions. Pulse wave DDoS. FBI interviews "Profexor." Extremism and vigilantism. OurMine hacks HBO Twitter, Facebook.
In today's podcast, we hear thatHolyroodis defendingitselfwith some successagainst email brute-forcing. India's national ID system compromised, again.ShadowBroker-leaked exploits continue to do damage. Hijacked Chrome extensions prove difficult to eradicate. New variants ofLockyandotherransomware are out. "Pulse wave" DDoS attacks are observed. Researchers find DDoS-as-a-service for sale in Chinese online souks. Governments express suspicion of foreign IT. Extremist site loses hosts, but its content will go on, even as opposing vigilantes mistakenly dox innocent targets.Emily Wilson from Terbium Labs with thoughts from Black Hat and shifting awareness of the dark web.Brad Stone from Booz Allen on a recently released report onNotPetya.AndOurMinehijacks HBO...
NIST SP 800-53 updated. Attack on Scotland Parliament's email system. Consequences of Equation Group leaks. "Mr. Smith" and HBO. Attacks of note: Trickbot, OLE exploits, NetSarang backdoor. Extremist inspiration. BEC.
In today's podcast, we hear abouta new draft of NIST SP 800-53. There's beenan attempt to brute-forceemail credentials inScotland's Parliament. Fancy Bear's romp through high-end hotel Wi-Fi suggests the Equation Group leaks will be with us for some time. "Mr. Smith" remains at large, and still wants to be paid.Trickbotuses unusually convincing counterfeit sites. PowerPoint malware vectors may be part of a criminal test.NetSarangurges swift patching of a backdoor in its software. Extremist inspiration persists.Ben Yelin from UMD CHHS on privacy concerns with robot vacuum cleaners.Guest is Jeff Pederson from Kroll Ontrack, a data recovery firm, with tips on datarecovery.Andsome...
Lazarus Group is back, phishing in English. Extremist content online. Google cleans up SonicSpy. Arrests for HBO hacking are unrelated to "Mr. Smith." Marcus Hutchins is out on. DJI drones get a security makeover. Help desk scams.
In today's podcast, we hear that theLazarus Group is back, and now they're phishing in English. The Daily Stormer gets the boot, but companies and governments continue to struggle with developing appropriate responses to extremist content. Google has swiftly cleaned upSonicSpy, but the malware is still circulating outside the Play store. Indian police make four arrests for HBO hacking, but none of them are related to "Mr. Smith." Marcus Hutchins is out on bail and preparing for an October trial. DJI drones get a peacemaking makeover.Justin Harvey from Accenture on prepping for destructive attacks.Jeff Schumann CEO of Wiretap on vulnerabilities...
Charlottesville hacking. Operation #LeakTheAnalyst. Dissatisfied customer calls ShadowBrokers a "ripoff." More HBO leaks. Google purging SonicSpy. Collusion attacks. Marcus Hutchins in court.
In today's podcast, we hear about online reactions and hacks in response to the Charlottesville rioting and homicide. Operation #LeakTheAnalystreleases another, smaller, set of documents. TheShadowBrokersget some poor customer reviews for their Exploit-of-the-Month Club. Reputation matters in the dark web souks.More HBO leaks(but no new messages).Google ejectsSonicSpy-infected apps from thePlaystore. Oxford researchers describe Android library collusion attacks.Robert M. Lee from Dragos on recent incursions into the Irish and UK power grids.And fellow security researchers can't believe Marcus Hutchins would wittingly do whatthe Feds accuse him of. Thanks for listening to the CyberWire. One of the ways you can support what...
HBO offered Mr. Smith a bug bounty, but no takers. Fancy Bear's in hotel Wi-Fi. DNC leak argument resumes. Locky and Mamba ransomware are back. ISIS on eBay. NotPetya arrest. WikiLeaks dumps more from Vault7.
In today's podcast, we hear thatMr. Smith turneddown HBO's offer of a $250,000 bug bounty. Fancy Bear usesEternalBluetools against hotel Wi-Fi networks. Argument over who leaked DNC emails last year flares again. New versions ofLockyand Mamba ransomware circulate in the wild. The US Department of Defense is ready to use rapid acquisition to buy cyber tools and services. The FBI says a Maryland man used eBay and PayPal to receive ISIS funds for possible terror activity. Ukraine makes an arrest in theNotPetyacase.David Dufour from Webroot on basic cyber hygiene.BarmakMeftah, President & CEO at AlienVault, with his thoughts on the state...
Kenyan elections, not hacked? Someone's poking into DPRK systems. DDoS in Ukraine. Pseudoransomware protection. Spyware in Play Store. HBO hack.
In today's podcast, we learn that EU election monitors say Kenyan presidential voting went off without hacking (the losing opposition disagrees). Germany looks toward securing September's vote. North Korea receives cyber attention from somewhere in the civilized world. Ukraine's postal service sustains a two-day DDoS attack.WannaCryandNotPetyapseudoransomwarefallout. Spyware-infected apps found in the Google Play Store.Jonathan Katz from UMD on a RSA 2048 encryption hack. Markus JakobssonfromAgarion a proposed cyber threat classification system."Mr. Smith" comes to Midtown, and he wants a raise from Richard.
Supported byE8 Security,Johns Hopkins University, andDomain Tools.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Patches, passwords, wipers, and pseudoransomware. New fronts in hybrid war? KONNI, OnionDog, and Israbye.
In today's podcast, we hear thatPatch TuesdaysawWindows and Adobe fixes. Venezuela's civil conflict gets a hacktivist dimension. Anti-Israeli wiper malware is circulating in the wild, unpolished by nasty. Kaspersky Lab expects to see morepseudoransomware, especially when disruption and not profit is the goal. The KONNI RAT, of unknown origin sniffs at sites associated with North Korea. The HBO hack remains under investigation. Putin turns his attentions to Georgia.Johannes Ulrich from the SANSTechnology Institute and the ISCStormcastpodcast on weak two-factor authentications systems.TimErlinfrom Tripwire on theirInfosecurityEurope 2017survey.Andfamiliar password advice gets jettisoned. Supported byE8 Security,Johns Hopkins University, andDomain Tools. Learn more about your...
Power grid risks. Update on the Mandiant employee hack. "Mr. Smith" holds HBO for ransom. Shipping industry looks for GPS backup. DHL sees a NotPetya windfall. Google patches ten Android remote-code execution vulnerabilities. NIST issues a Cybersecurity W
In today's podcast, we hear about a security incident atEirGrid, a misconfigured server in Texas, and a demonstration of photovoltaic system hacking prompt power grid security concerns. Update on theMandiantemployee hack. "Mr. Smith" holds HBO for ransom (but says, no, he's really a good guy). Shipping industry looks for GPS backup capability, and shippers not hit byNotPetyaenjoy an increase in business.Google patches ten Android remote-code execution vulnerabilities.Joe Carrigan from JHU on Facebook and Google eavesdropping conspiracy theories.Juan Perez-EtchegoyenfromOnapsison Oracle business appvulnerabilities .NIST issues a Cybersecurity Workforce Framework. Supported by E8 Security, Johns Hopkins University, and Domain Tools. Learn more about...
US Army bans DJI COTS drones. Amazon will scan AWS customers' S3 buckets for public accessibility. Recommendations for election security. Marcus Huchins pleads not guilty to Kronos-related charges.
In today's podcast, we hear that the US Army bans, immediately, all use of DJI commercial-off-the-shelf drones. We discuss two known unknowns and offer some background on Defense acquisition practices. Amazon will begin scanning AWS customers' buckets for publicly accessible data.Dale Drew from Level 3 Communications offers his view on hacking back.White hat hackers offer recommendations for election security. And MarcusHuchins, a.k.a.MalwareTech, pleads not guilty to Kronos-related charges and makes bail.
Supported by E8 Security, Johns Hopkins University, and Domain Tools.
Learn more about your ad choices. Visit megaphone.fm/adchoices
MalwareTech arrested over Kronos banking Trojan. "Bateleur" in the wild. Long DDoS hits Chinese telco. Russian influence operations no longer novel? FBI investigates HBO hack.
In today's podcast, we hear that security researcherMalwareTechhas beenarrested as the alleged author of the Kronos banking Trojan.Carbanakhoods release "Bateleur" into the wild, phishing in chain restaurant waters. A long DDoS attack in China seems aimed at extortion. German elections prepare for Russian influence operations, but the novelty may have worn off Moscow's line. US states and DHS work toward cooperative cybersecurity.Emily Wilson from Terbium Labs ondark webgunsales.William Saito on Japans cyber security preparations for the upcoming Olympics.The FBI is investigating the HBO hack.
Learn more about your ad choices. Visit megaphone.fm/adchoices
WikiLeaks dumps Dumbo dox. HBO's hack gets bigger. Group IB outs the United Islamic Cyber Force. Cerber goes after Bitcoin. Lawsuits over NotPetya; more companies warn. Election fraud in Venezuela.
In today's podcast, we hear thatWikiLeakshas dumped"Dumbo"projectdocuments. Separation of agencies as a way of rendering leaks less likely. HBO's hack is getting bigger, apparently. Group IB outs membersof the United Islamic Cyber Force to Interpol.Cerbergoes after Bitcoin.WannaCryransom payments are being moved, perhaps laundered. Lawsuits loom overNotPetyaas more companies warn the malware had a material effect. The FBI says you can't exercise your right to be forgotten by DDoS. Election fraud in Venezuela.MarkusRauscheckerfrom UMD CHHS on large companies likeFaceBookand Google being vulnerable to privacy and antitrust concerns.JimPflagingfrom the Chertoff Group, promoting their upcoming Security in the Boardroom event, speaking to the...
Following up on security scrambles in Sweden and Ukraine. #LeakTheAnalyst. Blu Product phones booted by Amazon. BitCoin's hard fork. The Internet of Things Cybersecurity Improvement Act of 2017.
In today's podcast we following upon some of the stories we've been tracking: the latest on Operation #LeakTheAnalyst, firmware spyware in down-market phones, Sweden's big breach, and Ukraine's new cyber friends.BrickerBotis back, offering Indian routers and modems unwelcome help. The US Senate considers IoT security legislation, and the US Justice Department issues a framework with guidelines for bug-hunting programs. Bitcoin's hard fork occurred yesterday.Robert M. Lee from Dragos, on ICS attack basics.David Murray fromCorvilon security in the financial markets.And why people care about the HBO hack.
Learn more about your ad choices. Visit megaphone.fm/adchoices
HBO hacked. Operation #LeakTheAnalyst targets individual security researchers. Election hacking notes. UK's Home Secretary opposes strong encryption. Russia bans VPNs. Bitcoin, crime, and punishment.
In today's podcast, we hear about theHBOhack, and the exposure of episodes and scriptsOperation #LeakTheAnalysttargets individual security researchers. Election hacking: machines, databases, and public opinion are all targets. The UK's Home Secretary wants Silicon Valley to rethink strong encryption. Russia, like China, is clamping down on virtual private networks. The BTC-e Bitcoin exchange is shut down amid allegations of money laundering.AwaisRashid from Lancaster University on developing a securityculture.Michael Janke from Data Tribe on his efforts to stand up the National Institute of Digital Security.And writethis500 times: "I will not mine Bitcoin on my school computer." Learn more about your ad...
Black Hat 2017 - Research and Investment [Special Edition]
Black Hat 2017 has wrapped up, and by all accounts it was another successful conference, with an active trade show floor, exciting keynotes and engaging, informative educational sessions on a variety of topics. There was business being done, with hopeful entrepreneurs and investors alike looking to identify the next big thing in cyber security.In this CyberWire special edition, weve rounded up a handful of presenters and one investor for a taste of Black Hat, to help give you a sense of the event. Patrick Wardle is Chief Security Researcher at Synack, and creator of objective-see, an online site where he...
Investigation into ShadowBrokers focuses on former insiders. Threat analyst doxed. Trickbot and NotPetya updates. Sweden's big breach. DPRK hacks online gaming for revenue.
In today'spodcastwe hear thatUS investigators are looking for a disgruntledformerinsider in theShadowBrokerscase. Operation #HackTheAnalystclaims to have doxed a threat intelligence analyst. Electrical utilities look to their defenses.Trickbotgets wormy.NotPetyacontinues to have material effect on its corporate victims' earnings. Sweden's government shaken by its data breach. ISIS loses brick-and-mortar presence; may be moving online. Ransomware's lethality to small businesses may be exaggerated. And how do you fund a nuclear program?Malek Ben Salem from Accenture Labs, on their work developing a global ID system for refugees.From Pyongyang, Texas Hold 'Emlooks like a good bet.
Learn more about your ad choices. Visit megaphone.fm/adchoices
WikiLeaks and the ShadowBrokers are both back. Catphishing the French elections. Pyongyang's Bitcoin miners. Malware notes, industry news, and a rundown of the Pwnie Awards.
In today's podcast, we learn thatWikiLeakshas dumped Vault7documents attributed to theCIA. Russiancatphishare said to have nibbled at French President Macron's campaign. North Korea mines Bitcoin. Malware warnings include a banking Trojan and two malicious Android apps.NotPetya'seffect on TNT is said to have hit small businesses hard.MedSechas no regrets, and says it would short St. Jude again. ThePwnieAwards have been given at Black Hat.Justin Harvey from Accenture on recent waves of auto-propagating malware.Edna Conway from Cisco on third partyrisks.AndtheShadowBrokersare back.
Learn more about your ad choices. Visit megaphone.fm/adchoices
"Mia Ash" is an Iranian catphish. WikiLeaks dumps UMBRAGE from Vault7. Germany braces for hacking by Russia, China, and Iran. Google kicks unwelcome intercept tool Lipizzan out of the PlayStore. WhatsApp scammers phish for banking credentials. Anti-drone
In today's podcast we hear there's a newcatphishout in the wild: meet Mia Ash. WikiLeaks throws shade by dumping UMBRAGE from Vault7. Germany braces for hacking by Russia, China, and Iranespecially by Russia. Google kicks unwelcome intercept tool Lipizzan out of thePlayStore. WhatsApp scammers phish for banking credentials. Business disruption kills small businesses in ransomware attacks, not the ransom itself. Facebook makes a plea for culture change.Ben Yelin from UMD CHHS on allegations the FBI was paying the Geek Squad to ferret out illegal content on computers brought in for service.Neill Feather fromSiteLockdispellsthe notion that small businesses can rely on...
Counterattackers' advantage? Juche no competition for cat videos, next-day delivery. CopyKitten crude but effective. FBI investigated Fruitfly Mac malware. Adobe will retire Flash in 2020. BSides notes.
In today's podcast we hear about aSymantec studythat shows APTs use some pretty buggy tools.Juche may not extend to the Internet, at least for Pyongyang's leaders. Iran'sCopyKittenis characterized as unsophisticated but nonetheless effective. Mac users awakened byFruitflythe FBI is investigating. Adobe tells us to begin saying our goodbyes to Flash.Jonathan Katz from UMD on recent experiments with quantum cryptography.Stewart Kantor from Full Spectrum on protecting utility companies by using private RF (radio frequency) networks.And some notes from Vegas, because what goes on in Vegas doesn't stay there.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Google Groups oversharing. E-discovery don'ts. Energetic Bear may be back. The CopyKittens seem to be Persian cats. Ethereum hacks (and white hats).
In today's podcast, we hear that hundreds of enterprises may be oversharing onGoogle Groups.Wells Fargo works to recover from botched e-discovery.Energetic Bear may be back, with some cunningphishbait. Pravda says Russians feel strange new respect in cyberspace. TheCopyKittensappear to be Persian cats. Another Ethereum ICO is pilfered, but, contrary to expectations, the White Hat Group looks like a genuine group of white hats.Emily Wilson from Terbium Labs wonder what qualifies at personal information on the Dark Web. FICO's Doug Clare outlines scoring your cybersecurity posture.Andsome notes from Vegas.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Buckets leak, but so do CDs. NotPetya and Sandworm. Fruitfly versus Macs. ISIS strained in cyberspace. A look at dark web souks. Hacked fish tank.
In today's podcast, we hear about the wisdom of attendingto yourAWSAccess Control Lists. Wells Fargo data leaked in the course of e-discovery.NotPetyafallout and investigation.The Islamic State's presence in cyberspace is getting a bit threadbare.Fruitflyhas been buzzing through Macs, quietly, for a decade.Palo Alto Networks' Rick Howard describesanew security framework.Other dark web souks are poised to take the place of Alpha Bay and Hansa Market. And Ocean's 11 meet the IoT.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hansa Market takedown. Recovery from EternalBlue exploits is a long slog. Banking malware rising. Power grid vulnerabilities. Devil's Ivy and the IoT. A look at criminal markets.
In today's podcast we hear about an international raidthat tookdown the illicit Hansa Marketwhich, it turns out, the Dutch National Police had covertly taken over for about a week. Recovery fromWannaCryandNotPetyacontinues its long slog. Banking malware is on the rise in the wild. Studies warn of power grid vulnerabilities. Devil's Ivy infests security cameras in the IoT. Digital Shadows offers a look at hackers' black markets and see similarities to the drug trade.Our newest partnerRobert M. Lee from Dragosintroduceshimself and the ICS work he does. Guests are Leslie P. Francis and John G. Francis, coauthors of the book, Privacy -...
Configuring AWS buckets. New threats and vulnerabilities. Apple and Oracle patch.
In today's podcast, we discuss areminder from Amazon Web Services is timely: check your cloud's configuration. Hacks now seem to affect revenue for years. A rundown of some new threats and vulnerabilities. Apple issues security patches for iOS, MacOS, and Safari. Oracle fixes more than 300 bugs.Dale Drew from Level 3 Communications on the responsibilities of ISPs.Chris Ensey from Dunbar Cyber Security, on the roles states play in creating an environment for innovation and success in cyber security.And forget Mayweather-Macgregorthe pay per view we'd sign up for is Putin-Wittes.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Dow Jones AWS S3 bucket exposed. FedEx 10-K and NotPetya. Game of Thrones torrent virus. Securing voting. Botnet defense research. M&A and VC notes. Initial coin offering hacked.
In today's podcast, we hear about how another tippy AWS S3 bucket spills its contents over the Web.TheFedEx 10-K report indicates it may never fully recover systems and data hit byNotPetya. Virus hides in Game of Thrones torrent. Harvard's Belfer Center wants to secure electronic voting. Departments of Commerce and Homeland Security consider moonshot research to take out botnets. M&A and venture funding notes.Justin Harvey from Accenture onfilelessmalware.Robert Hamilton from ImpervaIncapsulaon DDoS attacks on video game servers.And an initial coin offering gets hacked.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Qatar and the United Arab Emirates at loggerheads over hacking. Commonly used gSOAP IoT code vulnerable to exploitation. A data exposure risk in connected toys. And what could be in that EULA.
In today's podcast we hear more on how Qatar has accused the UAE of hacking, and vows legal retributionall on the strength of a Washington Post story. UAE says it didn't do it. Warnings about vulnerabilities in commonly used IoT code.MarkusRauscheckerfrom UMD CHHS on Facebook running afoul of European privacy laws.Tina Ladabouche, NSAGenCyberProgram Manager, on the NSAsGenCyberprogram, supporting summer camp programs.FBI warns of risks inherent in Internet-connected toys. And people really, really don't read those EULAs.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Qatar accuses UAE of disinformation, hacking campaign. Other international cyberconflict. Ransomware and clickfraud in one campaign. Banking credential-stealing malware vs. Macs.
In today's podcast we hear thatQatarhas accusedthe United Arab Emirates of a hacking and disinformation campaignthe UAE deny it. Russia's Foreign Ministry says it was hacked. Russia-experts in the US said to be receiving unwelcome attention from possible state intelligence services. Deterrence and confidence building measures remain works in progress in cyberspace. Ransomware and click-fraud combined in a single criminal campaign. Macs attacked by banking credential stealing malware.Johns Hopkins' Joe Carrigan reviews educational options for aspiring cyber security pros.Twitter bots driving traffic to dodgy adult sites. And Ashley Madison proposes a settlement for its 2015 breach. Learn more about your...
More from WikiLeaks' Vault7. Cyber ops and national policy. NotPetya's costs. Clouds of misconfiguration. Chasing innovation. AlphaBay takedown. Phishbait.
In today's podcast, we hear thatWikiLeaks dumps another alleged CIA cyber manual from Vault7. Cyberwar is the continuation of war (and therefore policy) by other means. Counting the cost ofNotPetya. AWS S3 misconfigurations could happen to the best of us (but need not). Chasing innovation in the UK and the US.AlphaBaytaken down in international police operation.Rick Howard from Palo Alto Networks on their new initiative with the Girl Scouts for cyber security merit badges.Raj Samani, chief scientist from McAfee, onNotPetya.Andwhat kind of bait is best for phishing?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Motives behind NotPetya, other operations. Verizon customer data exposed. Industry notes. Licensing hackers in Singapore.
In today's podcast, we hear about signs thatNotPetyawas covering up a broad espionage campaign. State-sponsored hacking seems, when not simple spying, to aim at eroding trust. Verizon suffers a major customer data breach said to derive from a vendor's misconfiguration of an Amazon S3 bucket. Industry notesventure funding and an acquisition.David Dufour from Webroot on homoglyph attacks.Thomas Jones from Bay Dynamics on federal agencies being required to submit a Framework Implementation Action Plan.Singapore will license white hats. And Russia wants you properly signed into adult sites. Or, at least, one of them, anyway. Learn more about your ad choices. Visit...
Patch Tuesday. Infrastructure hacking and hackers. Industry notes. Influence operations. Jamming a radio station.
In today's podcast we share somePatch Tuesday notes: Microsoft and Adobe both offer updates. Kremlinology goes cyber as infrastructure attacks remain under investigation. A cyber company emerges from stealth. The US General Services Administration removes Kaspersky Lab from Schedule 70. Election influence investigations turn to the question of Russian opposition research.Jonathan Katz from the University of Maryland explains a side-channel attack on 1024-bit encryption. Cisco's JennieKay wants to ease your trade show anxiety with a helpful webinar.And, Sheriff of Nottingham, call your office, because Robin Hood was no winker.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Russia's phishing for nuclear power plants. NATO offers aid to Ukraine. Election hacking updates. M&A and venture news. Crime, punishment, and cryptocurrency.
In today's podcast we hear about howRussiahas apparently beenphishing in the North American and European power grid. NATO has had about enough of that. There will be no US-Russian joint cybersecurity effort. TheAdwinRAT is back, and seeking to socially engineer its way into aerospace company networks. Election hacking investigation updates. Industry notes, including both venture and M&A news.Level 3 Communications' Dale Drew provides an update on botnets.Ntrepid'sLance Cottrell describes online ad tracking technology.And BYOD can pose a threat, especially when the device your rogue employees are bringing is an off-the-books server.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Infrastructure hacking. No Russo-American agreement in cyberspace. Android malware infestations. Misspelling as OPSEC
In today's podcast we discuss some answers to two Russian claims.No, Russia and America won't be linking up in a cyber alliance. And no, no one at the G20 meetings actually bought the line about election hacking retailed there by President Putin and Foreign Minister Lavrov.NotPetyarecovery continues. Android infestations in the wild. US power plants warned to be alert for cyberattack. Criminals compromise self-service food kiosks; others phish with official-looking Australian emails as bait.Ben Yelin from UMD CHHS reviews license plate reader laws.ISIS adopts misspelling as a form of OPSEC.
Learn more about your ad choices. Visit megaphone.fm/adchoices
NotPetya still looks like an act of state; intended result or not, companies warn of possible material effect from the attack. Another S3 database found exposed.
In today's podcast, we hear thatNotPetyastill looks like a Russian campaign to Ukrainian authorities, and experts remain skeptical that affected data can be recovered. Companies warn thatNotPetyamay have a material effect on earnings. WikiLeaks dumps Gyrfalcon andBothanSpydocuments from Vault7.Johannes Ulrich from SANS and the ISCStormcastPodcast on no SQL database security.Andy Greenberg, senior writer at WIRED, on his July 2017 issue cover story on Ukrainecyberwar.Andpro wrestling fans now have something in common with registered voters, data.gov.uk, and the National Geospatial Agency.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ukraine says it blocked a second wave of NotPetya attacks. Notes on hybrid warfare and the challenges of sharing data. Will the EU get a right to repair?
In today's podcast we hear about theUkrainian police raidonIntellect Service andtheirseizure ofM.E. Doc servers. Ukraine's Interior Ministry says this stopped a second wave ofNotPetya. Affected companies continue to recover from theNotPetyainfestation. US Cyber Command prepares to parry hybrid warfare. Spyware campaign hits Chinese-language news services. The EU considers adopting a "right to repair."Joe Carrigan from the Johns Hopkins University ponders always-on cameras.Dan Larson fromCrowdStrikeonfilelessattacks.Medical information-sharing runs into problems in the UK.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Recovering from NotPetya. State-actor seen behind wiper attack. Ukraine mulls criminal negligence charges. Documents behind US Congressional wariness of Kaspersky.
In today's podcast, we hear how affected enterprisesarerestoring services after last week'sNotPetyapandemic. Maersk's experience prompts some introspection in the logistics sector. Ukraine prepares to charge ME Doc's maker with criminal negligence for allowing the infection to take hold.NotPetyatied toBlackEnergyand thence to a "state actor" (NATO's not saying it's Russia, but Ukraine is).AwaisRashid from Lancaster University looks at theanatomy of recent attacks.Haiyan Song from Splunk on a recent IDC report,Investigation or Exasperation? The State of Security Operations.FSB certificates allegedly express links between FSB and Kaspersky.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Recovery and attribution: Petya/Nyetya/NotPetya. Cyber conflict and collective defense. Online inspiration and online censorship. The EU's regulatory big stick. Vishing Parliament.
In today's podcast, we hear that recovery fromPetya/Nyetya/NotPetyaproceedsand it's not ransomware. Ukraine says Russia's responsible. US warnings of cyberattacks on nuclear power plants may have been premature. NATO members consider when to invoke Article 5 in cyberspace. Islamist inspiration and other political discontents continue to prompt content screening in Europe. Europe is also in punitive mood with respect to regulation. Kaspersky says it will show the US its source code if that's the cost of doing business.MarkusRauscheckerfrom UMD CHHS describes a novel use of kidnapping insurance.And, hey, Lords and Commons: that's not really Windows support asking for your password. Learn...
What's up with Petya/Nyetya/NotPetya? It's a wiperthe extortion is just misdirection. WikiLeaks dumps "OutlawCountry" from Vault7. The ShadowBrokers raise prices. Russia says boo to cybercrime.
In today's podcast we hear thatPetya/Nyetya/NotPetyaisalmost certainlya wiper, and not ransomware after all. Ukraine blames Russia, but whoeverdid ithadEternalBluebefore theShadowBrokersleaked it. WikiLeaks Vault7 disgorgesOutlawCountry, a Linux attack tool. TheShadowBrokersraise their rates.Emily Wilson from Terbium Labs withresearchon fraud guides on the dark web.Guests are Drew Gidwani, Director of Analytics atThreatConnect, and AndyPendergast, VP of Product & Co-Founder atThreatConnect,speaking about the findings of a recent SANS Survey on Security Optimization.Russia calls for international cooperation to stamp out cybercrime.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ransomware, nyet; wiper, da. Shipping, manufacturing, and Big Law may share some common risks. WikiLeaks and the ShadowBrokers are back again.
In today's podcast we hear that the current Petya/Nyetya/NotPetyaoutbreak down deep doesn't look likeransomware, but a wiper, and a nasty oneat thatprobably a cyber warfare campaign.How are these three things alike: shipping, manufacturing, and Big Law? The ShadowBrokers are back, and WikiLeaks' Vault7 disgorges what looks like a creepy stalking tool. Other non-Petya ransomware attacks.Rick Howard from Palo Alto Networks explains the importance of capture-the-flag competitions.And officialdom seems to cling bitterly to Windows XP.
Learn more about your ad choices. Visit megaphone.fm/adchoices
IoT 2017 Securing the Things: A CyberWire Special Edition [Special Edition]
The IoT, or Internet of Things, broadly defined is the collection of physical objects with IP addresses, connected to the internet. From consumer devices like security cameras, DVRs, and smart thermostats to industrial control systems and autonomous cars, the IoT offers potential for both opportunity and vulnerability. In the first half of this CyberWire Special Edition, we speak with IoT experts Katie Curtin, director of IoT cyber security product management for AT&T, and Chris Poulin,Principal at Booz Allen Hamilton, where he leads internet of things security strategy for their strategic innovation group, as well as their industrial control group. They...
Petya/PetrWrap/Goldeneye updates.
Today we speak at length with Tanium's Chief Security Architect ontracking the Petya ransomware pandemic.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Petya goes WannaCry one better. Westminster email hack. ISIS in Maryland and Ohio websites.
In today's podcast we hear that another ransomware pandemic has broken outthis one looks more sophisticated and dangerous than WannaCry. Ukraine is again the center, but it's moving out fast. Notes on the Parliament email hack in the UK. Accenture's Justin Harvey explains destructive malware. IBM's David Jarvis advocates an adoption of a "new collar" recruiting strategy.And ISIS isn't doing much cyber damage, but its hacktivist sympathizers are really tugging on Superman's cape.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Brute-forcing Parliament. Election hacking retaliation? Cyberspies hunt IP in East Asia. Microsoft security issues. ISIS hacktivists deface Ohio websites.
In today's podcast, we hear that the UK's Parliament recovers from a brute-force attack. Reports on election hacking in the US suggest there was some American cyber retaliation last year against Russian influence operations. BlackTech goes after intellectual property in East Asia. Windows Defender gets a patch, but Windows 10 source code leaks. Fireball malware's extent is disputed. ISIS hacktivists deface websites associated with the government of the State of Ohio. Webroot's David Dufour offers thoughts on phishing.And how much can we count on common sense?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Vault7 leak: Brutal Kangaroo toolkit. Data breach and ransomware updates. Notes on code audit requirements.
In today's podcast we hear about how Brutal Kangaroo has hopped out of Vault 7don't let it poke your device with a thumb drive. Big data leaks wind up being traded on the black market. The dangers of careless configuration of an S3 bucket. Ransomware remains pricey. It can also serve as misdirection. Dale Drew from Level 3 Communications shares lessons from WannaCry. Darron Gibbard from Qaulysoffer his take on the EU's GDPR.Software companies receive and respond to code audit requirements as a condition of doing business in Russia.
Learn more about your ad choices. Visit megaphone.fm/adchoices
WannaCry's back and the industrial IoT's got it. Business email scams hit the unwary (and most of would count as unwary). Testimony on Russian election influence operations. Grid security.
In today's podcast we hear that WannaCry's still herejust ask Honda and the Australian state of Victoria. North America and Europe work to secure their grids against CrashOverride. The US Congress hears testimony about Russian election influence ops: they didn't change the vote, but did they ever shake people up. Business email compromise scams hook sophisticated victims. The Queen's Speech says that, whatever else Brexit may mean, it won't mean a GDPR exit. Johns Hopkins University's Joe Carrigan review the ease of listening in on RF traffic.Asaf Cidon from Barracuda Networks on the increased threat from ransomware.And what's all this...
Investigation, introspection, watchdogs, and leakers. The risk of collecting and storing data.
In today's podcast, we hear that nation-state influence operations against elections prompt investigation, introspection, and policy studies. We also hear about the implications of a major voter database exposure in the US, and about what might be done to mitigate such risks. Lancaster University's Awais Rashid shares research onsecurity stakeholder biases. Arlen Frew from Nominum on small business vulnerabilities.Leaks from intelligence services seem to be inflicting collateral damage on Internet users as they find their way into criminal hands.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Who's behind the Android malware infestations? Mirai and Erbus updates. Industry notes. Brussels takes the pro-crypto side in the crypto wars. CrashOverride as a weapon. IG report on NSA insider threat management.
In today's podcast, we hear that some believe they've seen the Professor Moriarity behind 2017's Android malware outbreak. Erebus is back, and this time it's in Linux. Mirai may be about to become more resistant to cleaning. Crytpo wars flare in the UK and EU as terror investigations proceed. A quick look at SINET's Innovation Summit. Raytheon's DHS cyber contract survives challenge. CrashOverride looks to a lot of experts like a proven cyber weapon. Ben Yelin from UMD CHHS discusses a "right to know" privacy law. Perspectives on attribution from John Brick of the DNG-ISAC.And did the dog eat the...
Bouncing bad adware apps from Google Play. More on WannaCry attribution. Voter data exposed on an Amazon S3 account. Assessment of Russian influence on UK elections: they didn't do it. (Didn't need to?) Hackers sentenced.
In today's podcast, we hear that Google is in an "uphill battle" against adware infestation of the PlayStore. GCHQ seems to agree with NSA, which seems to think WannaCry was a North Korean caper. Big data firm leaves voter data exposed on an Amazon S3 account. GCHQ says the Russians didn't disrupt the recent UK elections. Dr. Charles Clancy from VA Tech's Hume Center describes methods for preventing another Dyn-styleattack.Two hackers sentenced, one in Pennsylvania, the other in East Anglia, one for the vengeance and one for the lulz.
Learn more about your ad choices. Visit megaphone.fm/adchoices
More from Vault7. How and why the DPRK hacks. FIN10 hits North American businesses with extortion demands. UK unis sustain ransomware infestation. Free decryptors are out, and ISACs seem to be working.
In today's podcast, we hear that WikiLeaks has dumped more of Vault7. More attribution of WannaCry to North Korea, where Hidden Cobra and the Lazarus Group appear to be one and the same. FIN10 cybercriminals are asking US and Canadian businesses for a big payoff to head off a big doxing. Conventional ransomware hits British universities. Kasperky and Avast release free decryptors for Jaff and EncrypTile. Markus Rauschecker from UMD CHHS reviews China's newcyber laws. Jocelyn Aqua from PwC describes attitudes toward AI.The ISAC process seems to be working. And patch early, patch often. Learn more about your ad choices....
Hidden Cobra strikes from Pyongyang. Microsoft patches last of ShadowBrokers' leaked exploits. Sanctions coming over Russian election influence operations. Electrical and natural gas sectors brace for CrashOverride.
In today's podcast, we hear that the FBI and the Department of Homeland Security have warned that Hidden Cobra actively pursuing DDoS campaigns. Microsoft patches remaining ShadowBrokers' exploits, even in deprecated systems. The US Congress votes to sanction Russia for election influence operations. Those operations have a long, long history, going back to the 1930s at least. Electrical and natural gas sectors work to protect themselves against CrashOverride. Emily Wilson from Terbium Labs reminds us not to forget the basics. Michael Callahan from Firemonshares survey data suggesting that IT pros spend too much time fixing their coworkers personal devices.Mergers and...
A CrashOverride update from Robert M. Lee. Patch news. Terrorist funding goes cyber. Cozy and Fancy Bear were more active than earlier believed.
Robert M Lee from Dragos provides an overview of CrashOverride.A quick look at yesterday's Patch Tuesday. Some of the fixes even reached back into Windows XP's unquiet grave. Terrorist information operations are increasingly sustained by cryptocurrency funding. Accenture's Justin Harvey reviews automation and orchestration.Russian intelligence may have been more active probing US state election systems than previously thought. Fake-news-as-a-service is now a black-market offering.
Learn more about your ad choices. Visit megaphone.fm/adchoices
CrashOverride update. Influence ops harder to disrupt than infrastructure. Samba exploited for cryptocurrency mining. NSO Group for sale. Botnets and fake news. Airliner laptop bans.
In today's podcast, we hear that CrashOverride looks like a power grid threat, and industry and government are taking it seriously. Cyber operations against ISIS are proving better at collection than disruption. Criminals are exploiting vulnerable Samba instances to spread cryptocurrency mining software. NSO Group has put itself up for sale, valued at more than a billion dollars. Well-informed observers of a civil libertarian bent think botnets don't have First Amendment rights. Johannes Ulrich from from SANS and the ISC Stormcast Podcast on IPV6 security.Kirsten Bay from Cyber adAPT on Wannacry and the importance of a detection-led approach.And if you...
CrashOverride implicated in Ukraine grid hackpossibly as a proof-of-concept. Hack-induced Gulf diplomatic troubles continue. New malware strains, exploits appear.
In today's podcast, we hear that Dragos and ESET are bringing some clarityand some bad newsto investigation of December 2016's Ukrainian power-grid hack. Qatar and its neighbors try to sort out hack-induced diplomatic troubles. DoubleSwitch social media malware hijacks dissidents' accounts. CertLock impedes removal of unwanted programs by security software. MacSpy and MacRansom appear as malware-as-a-service offerings. AMT vulnerability exploited in the wild. David Dufour from Webroot explains why attribution is so difficult. Robert Rodriguez from SINET describes the upcoming Innovation Summit 2017.China arrests twenty-two for trading in stolen iOS user data.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Comey's testimony calls Russian election influence operations massive and ongoing. New Android malware. Malicious hyperlinks infect with a mouse-over. Data privacy issues.
In today's podcast we hear that whatever else former FBI Director Comey told the Senate, one thing is clear: he's convinced the Russian are fully committed to influence operations, and that they'll be back. More on disinformation and hacking in Qatar. Fresh malware surfaces in the Android ecosystemsome but not all has been booted from the PlayStore. Mousing over a malicious hyperlink can now be an infection vector. Cryptocurrencies, money transfer, and money laundering. Ben Yelin explains Florida money laundering legislation aimed at Bitcoin. Will Ackerly from Virtrudiscusses privacy and the right to be forgotten, online.GDPR and some thoughts on...
Qatarprovocation, and disinformation online. Influence operations move from doxing to disinformation. 2FA still a good idea. Former FBI Director Comey testifies. And assume the boss is watching.
In today's podcast, we hear that Qatar remains in bad odor with its neighbors over a recent online provocation. (Russia denies any involvement.) Anomali talks about influence operations, especially with respect to elections, where they may be moving from doxing to disinformation. Leaks about election hacking shouldn't turn you off to multifactor authenticationit's not the technology; it's us. Former FBI Director Comey testifies before the Senate Intelligence Committee. Level 3 Communications' Dale Drew review health care security stats.Drew Paik from Authentic8 shares vacation traveling tips.And a lesson from the NSA leak arrest: assume the boss is watching. Learn more about...
Farewell to Jean Sammet, co-developer of COBOL. Remembering Midway. NSA leak investigation. Signs of Russian disinformation in the Gulf. Data breaches, script kiddies, EternalBlue, and Turla.
In today's podcast, we say farewell to a legendary coder, and we also remember the Battle of Midway. Influence operations in the Gulf may have been Russian. Alleged leak of NSA report on election hacking proceeds. Two new data breaches are disclosed. A script kiddy is arrested in Japan for writing and distributing ransomware. EternalBlue remains a risk. Johns Hopkins' Joe Carrigan reviews research on cracking mobile device passwords using accelerometers. Eliana Schwartz describes the Cybertech Fairfax conference.Turla resurfaces, and they've new backdoors and everything.But what's their thing with Britney Spears?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Report leaked on Russian influence operations (alleged leaker in custody). ISIS continues inspiration; anarchist groups said to follow same playbook. The DarkOverlord is back.
In today's podcast we hear about a leaked report describing eleventh-hour Russian influence operations during last year's US elections. An alleged leaker is already charged and in custody. The UK's investigation into last weekend's terror attacks continues, online as well as in physical space. Apple hints it's helping out. The attackers seem to have been known to authorities. In its continuing campaign of online inspiration, ISIS claims responsibility for the destruction of a church in the Philippines and a lethal standoff in Australia. Violent anarchist groups seem to be following the ISIS playbook in cyberspace. Some thoughts on wolves. Rick...
ISIS claims responsibility for inspiring attacks in London. More are expected during Ramadan. Hacks roil Middle Eastern diplomatic waters. Ransomware updates. Indian investigates possible aircraft hacking.
In today's podcast, we hear that ISIS has claimed responsibility for Saturday's terror attacks in London. The UK reacts with strong words against terrorist safe spaces online. The Prime Minister wants restrictions on end-to-end encryption and a very hard line against extremist messaging. Hacking has diplomatic consequences for Bahrain, Qatar, and the United Arab Emirates. India investigates a possible cyberattack against a fighter aircraft. Dr. Charles Clancy from VA Tech's Hume Center on the FCC's approach to consumer privacy.Ransomware purveyors also selling stolen data. EternalBlue exploits remain active.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Patriotic and free-spirited hacking? WikiLeaks has a new Vault7 dump. Cyber conflict over the South China Sea. Fireball malware infests more than 250 million devices. Trident security. Kmart breach. Bikers turn hackers.
In today's podcast we hear, second-hand but ultimately from Vladimir Vladimirovich himself, that Russian hackers are free-spirited, patriotic artists, and maybe he'd be in a position to know. WikiLeaks dumps more Vault7 documents. White hats reconsider crowdsourcing membership in the exploit-of-the-month club. OceanLotus may be weaponizing a ShadowBrokers' leak. Fireball malware used for ad fraud. A think tank warns of Royal Navy submarine cyber vulnerabilities. Kmart discloses a point-of-sale breach. Jonathan Katz from UMD on undetectable backdoors. Leo Taddeo from Cyxtera Technologies on what the Comey firing means for encryption and cyber security.And a motorcycle gang is hacking cars. Why?...
It's the first of June, and the ShadowBrokers' exploit-of-the-month club is open for business (exploits to be delivered to subscribers in July).
In today's podcast we discuss the ShadowBrokers and their new exploit-of-the-month club, now open for subscription. We get some industry reaction, and it seems unlikely that the ShadowBrokers should be taken at face value.Plus, Webroot's David Dufour give us the dirt on worms.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Exploit-of-the-month club open for business. Disinformation technology. Lazarus Group tied to North Korean intelligence (again). Extortion is big, but carding is still with us. Spammy apps in Google Play.
In today's podcast, we hear that the ShadowBrokers open their exploit-of-the-month club at the low, low price of $22,000 in Zcash. Group-IB finds more evidence that the Lazarus Group is a North Korean intelligence unit. Extortion, both real and bluffing, grows in underworld popularity, but carders are with us still, alas. President Macron tells President Putin everyone's on to his use of Russia Today and Sputnik News for disinformation. Accenture's Justin Harvey explains red-teaming. Ely Kahn from Sqrrloutlines NIST's call for comments on their cybersecurity framework.And if you're a regular Joe or Jane looking for some Android action, take this...
Implications of Manchester bombing investigation on policy, Five Eyes relations. British Airways IT outage. Fancy Bear and Malta? ShadowBrokers prep exploit-of-the-month club. Google deals with Chrome, PlayStore issues. Mall boards and ricrolling.
In today's podcast, we hear that British Airways suffered a glitch, not a hack, but whichever it was, it amounted to an infrastructure takedown. Fancy Bears may be snuffling at the Government of Malta. The ShadowBrokers may be cashing out. Google kicks Judy adware out of the PlayStore. Researchers find another Android vulnerability, "Cloak-and-Dagger." Anonymous is working on the Houdini RAT. Mall hackers in Liverpool mind their manners. Johannes Ulrich from SANS and the ISC Stormcast podcast on DNS security.And security researchers get rickrolled.
Learn more about your ad choices. Visit megaphone.fm/adchoices
WannaCry aftershocks. Influence ops and data corruption. Samba patched. Biometrics and impersonation. GDPR approaches. US legislation update.
In today's podcast we hear that bogus WannaCry remediation apps are cumbering the PlayStoredon't be taken in. More on the complexities of WannaCry attribution. An EternalRocks worm may have been withdrawn by its authors. Citizen Lab finds evidence that influence operations against targets in almost forty countries are now corrupting data. Vietnam does some cyber snarling at the Philippines over the South China Sea. Samba gets a patch as observers fear emergence of a worm. Biometrics and impersonationexperts advise complexity. GDPR is just one year away, but preparation still lags. Dinah Davis from Arctic Wolf shares her story of founding...
Worm alert. Stumblebums or masterminds? Widia commodity ransomware in its early stages. Taking the fight to ISIS in cyberspace.
In today's podcast, we hear about a vulnerability in widely used networking software leaves it open to a worm infestation. Were the WannaCry hackers annoying stumblebums, or are there deeper games afoot? Help desk scammers say they'll rid you of ransomwarethey won't. Researchers watch "Widia," commodity ransomware that's still an early stage work-in-progress. The Manchester terrorist looks more like a known wolf than a lone wolf. Ben Yelin reviews the Supreme Court's consideration of a cell site privacy case.Yong-Gon Chon from Focal Point Data Risk discusses their Cyber Balance Sheet Report.And US Cyber Command would like ISIS to know that...
Manchester bombing investigators look at bomber's network. EnSilo patches ESTEEMAUDIT. Cron cyber gangsters arrested. What we hear at the Cyber Investing Summit.
In today's podcast we hear that the Manchester bombing investigation is looking closely at the bomber's networks, with international cooperation. NSA says it's waging cyber war against ISIS. EnSilo patches ESTEEMAUDIT, one of the vulnerabilities set up for exploitation by EternalBlue. Russian police arrest members of the Cron cyber gang. Ben Read fromFireEye describes recently discovered zero-days. Jonathan Katz outlines some Bitcoin vulnerabilities.And the Cyber Investing Summit opened with some demonstrations of the use and abuse of misdirection in hacking.
Learn more about your ad choices. Visit megaphone.fm/adchoices
ISIS claims Manchester concert bombing. The case for a North Korean Wannacry. US lawmakers consider cyber legislation.
In today's podcast, ISIS claims responsibility for the Manchester concert bombing. Security companies make their case for pinning Wannacry on North Korea. US legislators consider bills to upgrade equipment and permit limited hacking back. Emily Wilson from Terbium Labs considers coming European privacy regulations. Doug Depeppe from the Cyber Resiliency Project describes a community based approach to cyber resiliency.
Learn more about your ad choices. Visit megaphone.fm/adchoices
How were US agents in China compromised between 2010 and 2012? EternalBlue updates (including notes on WannaCry and EternalRock).
In today's podcast, the FBI and CIA are reported to be looking for the source of a compromise that shut down CIA agents in China between 2010 and 2012: hackers or moles, no one knows. Or was it just a tradecraft mismatch? WannaCry has been slowed, at least temporarily. Observers speculate the ransomware may have been a probe. Other uses of EternalBlue exploits look more focused and more disciplined, and arguably more serious. WikiLeaks dumps another leaked implant.Johns Hopkins' Joe Carrigan gives us the VPN basics.And the ShadowBrokers are expected to open their Leak-of-the-Month Club in June (subscription only). Learn...
WannaCry wraps up its first week. No patches for Marshmallow. Women in Cybersecurity survey results.
In today's podcast we learn that crooks are interested in home IoT. Twitter outages aren't just you. Android Marshmallow won't be getting a patch, just a replacement. WannaCry observers focus on North Korea as a possible source. Palo Alto Networks' Rick Howard has research on Shamoon.Joyce Brocaglia from Alta Associates and the Executive Women's Forum shares results from the 2017 Women in Cyber Security Survey.And no one, yet, knows who the ShadowBrokers are with any certainty. (Or it they do, they're not talking.)
Learn more about your ad choices. Visit megaphone.fm/adchoices
OilRig hires the Russian cyber-mob. WannaCry updates. Other EternalBlue exploits surface in the wild. Pending legislation in the US Congress. NIST issues guidelines for Executive Order compliance.
In today's podcast, we hear that Iran's OilRig cyberespionage campaign seems to employing Russian hoods, and BlackEnergy. WannaCry recovery continues, but there may be worse to come. Still talking funny, the ShadowBrokers say you'll be able to subscribe to an Equation Group leak service next month. The US Senate considers putting the Vulnerability Equities Process on a legal foundation. NIST issues draft guidance on cyber Executive Order implementation. Level 3 Communications' Dale Drew predicts there's more ransomware in our futures. Mandeep Khera from Arxan Technologies outines vulnerabilities in mobile apps.And political parties in Western Europe still stink at email security,...
Gothic Panda seems to have a government job. Not all extortion is ransomware (ask Disney). WannaCry update. The ShadowBrokers are back. So is WikiLeaks
In today's podcast, we hear that APT3, also known as Gothic Panda, has been fingered as an agent of China's Ministry of State Security. An unreleased Disney flick is held for ransom: Disney doesnt pay, movies goes up on Pirate Bay. WannaCry may be sloppy but it's still dangerous. OT has a harder time patching against WannaCry than IT does. Dr. Charles Clancy from VA Tech's Hume Center contracts the Shadowbrokers vs Vault 7. Area 1's Oren Falkowitz describes innovative ways to prevent phishing.The ShadowBrokers are back and still talking crocodile. And WikiLeaks releases more of Vault7. Learn more about...
WannaCry, worm wars, ransomware pandemics, and a place for kill switches. And what might a cyber Pearl Harbor look like?
In today's podcast we follow the developing story of the WannaCry pandemic as it continues to unfold, with speculation about attribution focusing on the Lazarus Group. Why malware would have a kill switch. Throwbacks to the worm wars. The risks of unpatched, superannuated, or pirated software. Litigation exposure in the WannaCry affair. David Dufour from Webroot on the basics of exploits and scripts. Paige Schaffer from Generali Global Assistance reviews the Identity Theft Assessment and Prediction Report published by the University of Texas at Austin Center for Identity.Cyber Pearl Harbors, againwhat might one actually look like? Learn more about your...
WannaCry ransomwarea pandemic. Baijiu spyware in East Asia. APT32 seems to be spying for Vietnam. Al Qaeda calls to lone wolves. Influence operations and tactical operations. The long arm of the law reaches out to tech-support scammers.
In today's podcast we hear how WannaCry ransomware became a pandemic over the weekend. Johannes Ulrich joins us to help sort it out.A temporary lull is feared likely to be more temporary than most would like. Baijiu espionage malware is spreading through GeoCities. Another APTAPT32is also devoted to espionage, apparently in alignment with the government of Vietnam. Bin Laden's son is working to inspire lone wolves. National authorities seek to draw influence operations lessons from the concluded French presidential campaign. Armies make tactical use of cyber operations. And there's a dragnet out for tech-support scammers. Learn more about your ad...
WannaCry ransomware spreads via ShadowBrokers' dumped exploit. Necurs delivers Jaff ransomware. Fancy Bear spoofs NATO emails. President Trump's Executive Order on cybersecurity.
In today's podcast, we hear about the long-expected US Executive Order, with commentary from Politico's Eric Geller. It was signed yesterday, and gives prominence to the NIST Framework, DHS,and OMB. Eternal Blue is used to spread WannaCry ransomware, and the UK's NHS is hard hit. Fancy Bear prances in NATO costume. US Intelligence Community leaders warn the Senate that the Russian cyber threat is large, growing, and not going away. The University of Maryland's Jonathan Katz explains some potential browser protocol vulnerabilities.And spamming celebrates its thirty-ninth birthdayno happy returns for you, spammers.
Learn more about your ad choices. Visit megaphone.fm/adchoices
French media recover from DDoS. XaverAd infests Android ecosystem. Zero-days patched, but exploited in the wild. Mother's day giftcard hacking. Telephonic harassment.
In today's podcast, we hear that French media sites are recovering from a massive, successful DDoS attack whose source is still under investigation. Android adware harvests and reports PII. Microsoft's quick patching of zero-days included three that are being exploited in the wild by state and criminal actors.Ben Yelin from UMD CHHS reviews the first 100 (cyber) days of President Trump. Ken Spinner from Varonis on their latest data risk report.Advice on Mother's Day gift cards, and some news about skids and harassing phone calls.
Learn more about your ad choices. Visit megaphone.fm/adchoices
NSA says it warned France of election influence ops. Deterrence and retaliatory capability. SLocky ransomware rising. Patch Tuesday. FBI Director Comey dismissed.
In today's podcast, we hear that NSA says it warned its French counterparts about Russian cyber ops targeting France's elections. Next up for Fancy Bear? Probably German elections, but in the meantime there's also some phishing with zero-days. The NSA Director also advocates calling out Russia for bad behavior in cyberspace, and says that US Cyber Command is ready and able to hold targets at risk, so deterrence and retaliation are available options. Microsoft, Adobe, and Cisco issued significant patches yesterday. Accenture Labs' Malek Ben Salem shares results from their security survey. Rohit Sethi from Security Compass outlines managing application...
Metadata signs point to St. Petersburg in l'affaire Macron. UK, Germany, US expect more Russian election influence ops. New IoT botnet appears. US FCC sustains DDoS. Microsoft fixes MsMpEngine. SS7 weakness and 2FA.
In today's podcast, we hear that haste may make for, not exactly waste, but at least brazen and ineffectual influence operations. Metadata evidence of Fancy Bears paws in En Marche! emails. Moscow snorts "false flags," but UK, German, and US officials say the Bears are there and up to no good. ISIS posts another bit of depravity as inspiration. North Korea is thought to be paying for its advanced weapons programs with cyber bank heists. Persirai joins Mirai in the IoT botnet world. The US FCC sustains a DDoS attack. Joe Carrigan from JHU explainsthe benefits of segmenting your home...
Election cyber-influence campaign in France. (Will UK and Germany follow?) AMT bug to be fixed. HandBrake compromised. Kazuar upgrade for Snake. Ransomware black market.
In today's podcast, we discuss Emmanuel Macron's victory in France's presidential election despite last-minute hacking and leaked emails. (Hacked emails seem not particularly scandalous as the story develops.) Germany and the UK brace for cyberespionage in their own upcoming elections. Intel AMT flaw more serious than expected, will get fixes this week. HandBrake download server proved RAT-infested. Kazuar looks like an Uroburos upgrade. Emily Wilson from Terbium Labs weighs in on Op Israel.Ransomware market features FrozrLock and Fatboy.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Influence operations and elections, and the difficulty of doing anything about them. Dynamite phishing investigation. Snake hisses at Macs. Fatboy at your (criminal) service.
In today's podcast we hear about elections and election influence operations in Europe, and the difficulty of taming Fancy Bear. Some weekend reading. The Google Docs worm and dynamite phishing incident takes an odd (but implausible) turn. Snake malware seems poised to strike at Mac users. We welcome Johannes Ulrich from SANS and the Internet Stormcenter Podcast. Allan Liska outlines his book on ransomware.And there's a new product in the crimeware-as-a-service souk: it's called "Fatboy," it speaks Russian, and yes, it's ransomware.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Phishing with a big worm (and other lures). Botnet mining cryptocurrency. Blackmoon upgraded. Aadhaar troubles in India. Passwords, security questions, and Grand Moff Tarkin's CISO.
In today's podcast, we hear about how OAuth abuse rushed a worm around Google Docs, and how the good guys swiftly contained the attack. Bondnet discovered mining cryptocurrency. The Blackmoon financial malware gets an upgrade. Carbanak is still out there, trickier than ever. No-phishing season at Gannett. India's national biometric ID system runs into security and legal trouble. Rick Howard from Palo Alto Networks previews the Cyber Canon awards ceremony. Andrew Chanin describes the upcoming Cyber Investing Summit.And reflections on passwords yesterday, today, and tomorrow, both here on earth and in a galaxy far, far away. Learn more about your...
Shamoon update. Sabre discloses possible breach to SEC. Mobile device and VPN threats and vulnerabilities. Information operations and cyberespionage.
In today's podcast we hear that Shamoon's Trojan servant seems to have got a new comms channel. Sabre discloses possible breach: hospitality and travel sectors affected. Some more things to worry about: ultrasonic beaconing, SIM card fraud, VPN privilege escalation, and another bad app in the PlayStore. (But you can fix all these.) Governments look to social media restrictions to control hate speech and fake news. (Social media providers look to human curation and the blockchain for help.) Level 3's Dale Drew describes the evolution they're seeing in botnets. Tripwire's Craig Young shares his research on hacking smart TVs.Cyberespionage and...
IBM, Apple, and Intel all fix vulnerabilities and block threats. Neustar's DDoS report. Updates on the DarkOverlord and (separately) LizardSquad. Info ops and what they're after.
In today's podcast we hear that Trojanized USB sticks are out in the wild. So are phishing emails complete with backdoors and spyware payloads. Intel reports (and mitigates) a major firmware vulnerability in Core processors. The DarkOverlord and third-party risk. ShadowWali backdoors afflict Japanese enterprises. The LizardSquad may be back, but you still shouldn't listen to them, still less pay them protection. Neustar looks at DDoS trends. Ben Yelin from the UMD Center for Health and Homeland Security explains tractor hacking. Nehemiah Security's Paul Farrell thinks we need to mind the security basics.And do info ops heighten the contradictions? Learn...
NSA changes collection policy in a privacy-friendly direction. Latest Vault7 leaks look anodyne. Election influence concerns in Europe and the US. Blocking social media. DarkOverlord returns with extortion caper.
In today's podcast, we hear how the NSA is revising its interpretation of Section 702 collection, to the general approval of privacy advocates. WikiLeaks drops another alleged tool from Vault7this one looks like garden-variety data-loss-prevention beaconing. The UK and France are on alert for influence operations, and the US Congress takes testimony on such marketing-in-battledress. South and Southwest Asian governments move to block or censor social media. Prof. Awais Rashid from Lancaster University describes some of the risks of the cloud.The DarkOverlord returns, extorting TV and movie content owners over shows stolen from a third-party post-production company. Learn more about...
OilRig fingered as Iranian state-sponsored group behind attempted hacks of Israeli targets. Shamoon still under the same management. Botnet wars in the IoT. Countermessaging, hopes of missile hacks, and more.
In today's podcast, we hear that researchers have named the hitherto unnamed country that attempted to hack Israeli targets. Other researchers conclude Shamoon is still under the same management. Roles and missions dispute among Israeli security organizations. Peter Galvin fromThales takes a look at data security in the US Federal sector. VA Tech's Dr. Charles Clancy explains the pros and cons of 5G mobile technology.Financial malware vector startles phishing victims into clicking. Vigilante botnets are not helping the IoT. Countermessaging is still not as easy as it looks. And there's a lot of thinly sourced hope about hacking North Korean...
Fancy Bear in France (and in Germany, too). Israel debates Cyber Authority's charter. Sudan says its using Electronic Jihad against ISIS. Verizon, Symantec threat reports out. Adware campaigns.
In today's podcast, we hear about the bear tracks analysts are seeing in Macron's campaign for France's presidency. (They're also appearing in German political parties' think tanks.) Cyber gangs continue to pore over ShadowBrokers' leaks. Verizon and Samsung threat reports see ransomware and nation-state espionage as the trending issues. Amid debate over cyber authorities, Israel says it detected and stopped a major attack. Palo Alto Networks' Rick Howard outlines a new white paper on credential theft. Ellison Anne Williams from Enveildescribes their innovation in encryption.Adware infests online markets through spam and Trojanized apps. Learn more about your ad choices. Visit...
Elections, influence operations, and hacking. How clever phishing succeeds. Chipotle's point-of-sale breach. Hacking in Fast and Furious 8.
In today's podcast, we follow the story of Fancy Bear (a.k.a. Pawn Storm, a.k.a. APT28) and France's elections. Why clever phishing continues to succeed, and what's up with 0Auth abuse. Information operations distinguished from simple "hacking." Another point-of-sale compromise suggests identity management issues. The University of Maryland's Jonathan Katz explains a JSON encryption vulnerability. Stan Black from Citrix explains the pros and cons of the IoT.And can hackers really blow up a submarine by driving their car fast and furiously? You be the judge.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Fancy Bear spotted in France, Denmark, and maybe Bulgaria. Tensions mount around North Korean weapon programs. Power grid fragility. Milkydoor in the PlayStore. AV misunderstanding. Kelihos indictment. Ashley Madison blackmail.
In today's podcast, we hear that Fancy Bear has as expected been spotted snuffling around the French Presidential election. Denmark and Bulgaria also report bearish activity. Sino-US pressure on North Korea may foreshadow an uptick in the cyber op-tempo. Power failures prompt worries about the grid's fragility. Milkydoor's Trojanized Android apps pose a BYOD threat to businesses. Webroot is fixing its AV misunderstanding with Windows. Alleged Kelihos botnet master indicted. Webroot's David Dufour discusses IoT supply chain challenges. Eric Burger describes the 2017 Borderless Cyber conference.And another Ashley Madison extortion caper surfaces.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Nation-state tensions in cyberspace over North Korean threats and presumably Russian cyberespionage. Locky returns. More pharma spam. Seleznev gets 27 years for carding.
In today's podcast we hear that cyberattack worries mount with international tensions over North Korea. France's first-round presidential elections conclude with two outsiders headed for the finals. WikiLeaks' and ShadowBrokers' leaks find their way into the criminal wild. US shows renewed interest in prosecuting WikiLeaks' Assange. Locky ransomware is back from the dead. SMSVova spyware kicked out of the PlayStore. More Canadian pharma spam. Emily Wilson from Terbium labs describes the unintended consequences of "spectacle" attacks.Seleznev gets 27 years for carding. And notes on some less-than-fully-successful criminals.
Learn more about your ad choices. Visit megaphone.fm/adchoices
States and gangs. Insider threats and mole hunts. The misguided vigilante behind BrikerBot. Hollywood hacks. Not a Nigerian prince this time, just the Director General of the National Intelligence Agency.
In today's podcast we hear that cyber gangs are busily at work reverse-engineering the last ShadowBrokers' document dump. But the Russian ones at least are probably getting some state help. Insider threats and mole hunts. BrickerBot's author plays a dangerous vigilante gameoperating technology may be particularly at risk. Hollywood's best depictions of hacking. Ben Yelin describes a weaponized animated GIF. Carson Sweet from CloudPassage on government requests that providers turn over emails and lagging legislation. And there are forty-three million dollars in a Nigerian apartment. No, reallyforty-three million in cash.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Trojanized apps in the PlayStore. How cybergangs talk, cooperate, and improve their game. More troubles reported for Tanium. A Chicago lawsuit brings privacy issues to the fore.
In today's podcast we hear about snakes in the PlayStore's walled garden (one of them with a helpful flashlight, and another one with a plumber's cap and a mustache, which must look pretty odd on a serpent). A look at how cyber gangs communicatethey do it a lot like the rest of us. Source code distribution and the jokers who make annoying use of it. More troubling reports about an IPO-ready unicorn. The Johns Hopkins Universitys Joe Carrigan explains limitations of fingerprint scanners. Amit Rahav from Secret Double Octopus describes innovations in authentication. Plus, what information do your products collect...
Vigilantes in the IoT. Bad actors find a friend in the ShadowBrokers. BankBot is back in the PlayStore. Pixel-tracking for target recon. A very big Oracle patch.
In today's podcast we hear about a new vigilante in the IoTHajimeand learn that the security industry doesn't think much of vigilantes. Observers pore over the most recent ShadowBrokers' files and don't like what they see, even though most of the more dangerous exploits have been patched. Still no word on how the ShadowBrokers got their wares, or where WikiLeaks got the contents of Vault 7. BankBot is back in the PlayStore with Trojanized video apps. Attackers are seen using pixel-tracking for target recon. AsTechs Greg Reber outlines cyber M&A due diligence. Lancaster Universitys Awais Rashid describes their effort to...
Karmen in the black market. Homograph vulnerabilities. Vault 7 and ShadowBrokers updates. Hacks and missiles. Competing for botnets.
In today's podcast, we hear about a newish ransomware strain, Karmen, hitting the low-end ransomware-as-a-service market. Homograph vulnerability proof-of-concept revealed. Jihadist infosec service advises good cyber hygiene for terrorists post-Vault 7. The ShadowBrokers try to drag a red herringactually a bad frogacross their tracks. Hopeful speculation continues that the US hacked North Korea's missile test last weekend. Hajime malware is competing with MIrai for bots, although to what end is unclear. Dr. Charles Clancy from VA Techs Hume Center contrasts Vault-7 vs. the Shadowbrokers. Bill Anderson from OptioLabs outlines battlefield mobile device security. And you're not going to get rich...
Missiles and malware? ShadowBrokers' leaks examined. Syrian info ops. ISIS recruits women for martyrdom. Ransomware, medical device vulnerability updates. Troubled unicorn?
In today's podcast, we hear about a big missile fizzle on Pyongyang's Day of the Sun yesterdaythere's hopeful but a priori speculation of a cyber op against North Korea's nuclear strike R&D program. Friday's ShadowBrokers' leaks suggest financial service, industrial IoT vulnerabilities. Syrian regime calls hoax on nerve gas attack claims (informed observers are unconvinced). How ISIS recruits women for martyrdom operations. Ransomware update. Medical device makers might learn from mobile device makers. Rick Howard from Palo Alto Networks ponders the first principle of automotive security. And clouds gather over a security unicorn. Learn more about your ad choices. Visit...
ShadowBrokers frustrated with the peoples. Callisto Group was active against UK Foreign Office. US DCI denounces WikiLeaks as a hostile intelligence service. Surveillance vendors said willing to deal with pariah regimes. Weaponized memes.
In today's podcast, we hear that the ShadowBrokers are fed up with all of you peoples. The Callisto Group spearphised the UK's Foreign Office last year. The US DCI calls out WikiLeaks as a hostile intelligence service. Lawful intercept shops alleged to be willing to deal with pariah regimes. University of Marylands Jonathan Katz discusses Googles unfulfilled promise of end-to-end encryption in gmail. Ajit Sancheti from Preempt Security explains the tension between security and human nature. NATO insiders would like to see the Atlantic Alliance weaponized memes.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ewind adware infesting Android third-party app stores. Influence operations. Russian state use of organized crime. Finspy a payload in Word zero-day exploits.
In today's podcast we hear about how Ewind adware infests cloned apps in the Android ecosystem. Influence operations rise to prominence amid increased Russian and Islamist activity against Western targets. Accused Russian traitor makes jailhouse denunciation of Russia's coziness with cyber organized crime. Finspy found distributed via Word zero-day. And suppose you're doing a nickel in Ossining or San Q (not that you would be). Webroots David Dufour warns of tax-season phishing. Fred Wilmot from PacketSled explains the convergence of OT, IT and IoT. And, how do you stay connected in the big house? Learn more about your ad choices....
Patch Tuesday notes. Cyber threats to healthcare, New Helsinki information operations center forming. Updates on WikiLeaks and the ShadowBrokers
In today's podcast, we discuss April's Patch Tuesday, with news and tasks for Windows, Adobe, and SAP admins. Cyber threats to healthcare include ransomware, breaches, and device hacking. NATO and non-NATO partners establish an information operations center in Helsinki to contest Russian influence in cyberspace. Analysts continue to pick over the latest from the ShadowBrokers. Emily Wilson from Terbium Labs describes the Dark Web ecosystem. And WikiLeaks Vault 7 seems to out cyber operators as fans of Star Trek, anime, and Ape Escape. No surprises there, eh?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Women in Cybersecurity 2017: A CyberWire Special Edition [Special Edition]
The 2017 Women in Cybersecurity conference was held in Tucson Arizona, and the CyberWire was on hand to cover the event. We spoke with a variety of cyber security professionals, at different stages of their careers. We covered some of their career journeys and professional insights on our daily podcast, and in this special edition learn why a women in cybersecurity conference is more important than ever, what they wish they knew when they were starting out, as well as some advice for the men in the industry.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Word zero-day spreading Dridex. Password reuse bites Amazon third-party sellers. Mirai now mines Bitcoin. WikiLeaks, the ShadowBrokers, and war in Syria. Cyber first use. Crypto wars in Europe. APT10 in India. Penn State prof takes Gdel Prize
In today's podcast, we hear about how a Word zero-day is spreading the Dridex banking Trojan. Amazon third-party sellers bitten by reused passwords. IBM catches Mirai mining Bitcoins. Symantec discerns Longhorn tools in WikiLeaks' Vault 7. Tensions over Syria's civil war seem to be behind the Shadow Brokers' return. ISIS is now attempting to recruit women to the Caliphate. Germany considers a cyber first-use doctrine. Crypto wars flare in Europe as French Presidential candidate Macron takes a strong anti-encryption line. The University of Maryland Center for Health and Homeland Securitys Ben Yelin weighs in on the FCCs rollback of ISP...
Information operations respond to kinetic strikes. Dallas emergency sirens hacked. Alleged spam king arrested. Okta files its IPO.
In today's podcast, we hear that US strikes against Syrian targets and harsh words for Assad are followed by apparent Russian information operations as bilateral tensions mount. Both WikiLeaks and the Shadow Brokers resurfaced late last week. A light Patch Tuesday is foreseen, but observers expect a fix for a Microsoft Office zero-day being actively exploited. Okta files its anticipated IPO. Dallas emergency sirens were hacked early Saturday. The Johns Hopkins Universitys Joe Carrigan discusses upcoming updates to the Waze GPS app. Kathleen Smith from cybersecjobs.com and clearedjobs.net joins us from the Women in Cybersecurity Conference. Spanish police collar the...
APT10's Operation TradeSecret. BrickerBot may be vigilante PDoS. Amnesia and Sathurbot exploit known vulnerabilities in, respectively, DVRs and WordPress. Ransomware, surveillance, and info ops updates.
In today's podcast, we hear about how Operation TradeSecret collected intelligence on US trade policy during the run-up to the Sino-American summit at Mar a Lago. BrickerBot is out, a PDoS campaign that looks like nasty vigilante work, so close your Telnet ports and change your IoT device default passwords. The Amnesia campaign is after unpatched DVRs. Sathurbot exploits unpatched WordPress instances and infects Torrent users. Lancaster Universitys Awais Rashid has concerns over IoT devices limited interfaces. Endgames Andrea Little Limbago shares her story from the Women in Cybersecurity Conference. Surveillance and influence operations allegations in the last US Presidential...
Operations TradeSecret and Cloudhopper attributed to APT10. Third party risks. Lazarus Group update. US investigation of Russian influence operations and US surveillance allegations proceeds.
In today's podcast we hear about Operation TradeSecret, which joins Operation Cloudhopper: both appear to be facets of a Chinese cyberespionage campaign. 20,000 loan applications are exposed by a third-party IT vendor. North Korea's Lazarus Group still has banks in its crosshairs. A study shows that mobile users are in a complicated relationship with their apps. US Congressional hearings into Russian influence operations and allegations of US surveillance continue. IBMs Wendi Whitmore joins us from the 2017 Women in Cybersecurity Conference. Palo Alto Networks Rick Howard describes the cloud paradigm shift. And tomorrow is OpIsrael; Israeli enterprises say they're prepared....
Operation Cloudhopper. Chrysaor spyware. Microsoft to upgrade Office security. Notes from SeaAirSpace. High school hacking.
In today's podcast, we hear about how Operation Cloudhopper gets to its espionage targets via their cloud and managed service providers. Details are out on the Android version of the Pegasus spyware. Microsoft will upgrade Office security. Notes on the annual SeaAirSpace expo, including an excursus on cyber Marines. Ciscos Chief Privacy Officer Michelle Dennedy joins us from the Women in Cybersecurity Conference. Dale Drew from Level 3 describes the security ecosystem disruption. And what is going on in Bedford County, Pennsylvania, a place where the laws of physics may not apply?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Pegasus version now affects Android. UK on alert for ISIS infrastructure cyberattack. DPRK tied, again, to Bangladesh Bank heist. Fancy Bear and Turla updates. Samsung Tizen 0-day. Tax season security.
In today's podcast, we hear that Pegasus is now in the Android ecosystem. British authorities warn of possible ISIS cyberattacks on infrastructure. Russia investigates the St. Petersburg metro bombing. New evidence connects North Korea with the Lazarus group. Fancy Bear continues to romp unabated, and Turla seems to have remained quietly active for about twenty years. Zero-days reported for Samsung's Tizen. Our coverage of the Women in Cybersecurity Conference continues, featuring a conversation with Endgame malware researcher Amanda Rousseau. Virgina Techs Hume Centers Dr. Charles Clancy describes telephony DDOS. Apple issues an emergency iOS patch. Industry notes, and tax season...
WikiLeaks dumps alleged CIA obfuscation code. Attribution skeptics speculate about Russian ops (or the lack thereof). ISIS information operations manual revealed. RATs in the wild.
In today's podcast, we hear that WikiLeaks has dumped what it claims are CIA source code files. The leak seems to aim at raising suspicion that attacks attributed to foreign governments are in fact false-flag operations. The International Association of Athletics Federations says it was hacked by Fancy Bear. Two new RATsremote access Trojansare discovered in the wild. ISIS takes some cyber hits, and an investigator outlines the group's information operations manual. At the annual Women in Cyber Security Conference we catch up with US Naval Academy MidshipmenSvetla Walsh and Deja Baker. David Dufour from Webroot reviews their latest threat...
Fancy Bear's phishing expeditions. Cryptowars and privacy regs in the EU. Is that really you, Dr. Niebuhr?
In today's podcast, we hear about how Fancy Bear left tracks in Bitly, and Fancy Bear did an awful lot of phishing going back to March 2015. Experts take a look at Russian espionage and influence operations, and they draw some disturbing conclusions. The EU seems ready to go anti-encryptionhow that will work with the EU's regulatory emphasis on privacy is anyone's guess. The University of Maryland's Jonathan Katz explains the recent Z-Coin crypto-currency bug. Bob Ackerman from Allegis Captical and DataTribeoffers insights on the investment environment for cyber.And no, that's not a famous theologian tweeting: it's the head G-Man....
Apple patched this weekhow are your systems? Lastpass working on a patch for an undescribed bug (said to be complex). What IT staff actually work on. And a long talk about emerging Administration cyber policy.
In today's podcast, we hear about Apple's patches issued this weekhow are your systems? Lastpass is working on a patch for an undescribed bug (said to be a complicated one). What IT staff actually work on. Politico's Eric Geller discussesemerging Trump Administration cyber policy.Emily Wilson from Terbium Labs outlines the data breach timeline.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hybrid warfare objectives and tactics. Physical threats, lost and found. Vulnerability and threat recap.
In today's podcast, we pass on what we've heard at ITSEF about Russian hybrid warfare: it aims, experts say, at redressing the loss of the Cold War. Microsoft Internet Information Services (IIS) 6.0 found vulnerable to a buffer overflow attack. Cerber ransomware evolves to evade detection. Bugs found in Siemens ICS products. VMWare patches vulnerabilities. Laptops with sensitive information lost in Hong Kong and New York. Joe Carrigan from the Johns Hopkins University Information Security Institute reviews a teddy bear who cant keep a secret. Peak10s David Kidd outlines compliance advantages of the cloud. Malicious USB sticks strewn around a...
Updates on Cozy Bear and Shamoon tradecraft. Crypto wars flare in the UK. FBI warns of attacks against FTP servers. Typosquatting, scareware, and other problems.
In today's podcast, we hear how Cozy Bear slips through with domain fronting. Shamoon's infection methods are revealed. The crypto wars flare over not-so-lone wolves, but there are some genuine lone wolves out there as well. Medical and dental practices warned against attacks on FTP servers. A networked sterilizer is, well, digitally unhygienic. Docs dot com search functionality temporarily disabled. Remember, if you want to reach the G-men, it's FBI dot GOV, not dot com. The UMD Center for Health and Homeland Security's Ben Yelin examines a case where a defendant's expertise is being held against him. Brian Brunetti from...
Lone wolves howl to each other over WhatsApp? Industry yawns at WikiLeaks zero-days. How online gamers cheat. America's JobLink breach update. Ukrainian artillery hack notes. April 7 deadlines.
In today's podcast, we hear that British police think ISIS not-so-lone wolves may have been howling over WhatsApp. WikiLeaks still disgruntled over its disclosure offer's cool reception. March-Madness is also phishing season. How and why online gamers cheat. GiftGhostBot drains gift-card balances. States mull next steps after the America's JobLink breach. CrowdStrike walks back some claims in its Ukrainian artillery hacking report, but insists the hack was real, and that signs point to Fancy Bear. Lancaster University's Awais Rashid warns of the use of open source intel in social engineering. Wall Street Journal tech reporter Sarah Needleman explains the esports...
WikiLeaks' Vault 7 "Dark Matter" docs. Information operations, Russian style and ISIS style. Job database exposed.
In today's podcast we hear assessments of WikiLeaks' latest Vault 7 filescompromised supply chain or damp squib? NATO worries about Russian information operations. ISIS continues to push jihadist inspiration online, claiming the London killer as one of the Caliphate's soldiers. Facile attribution can mislead, as seen in a surprising arrest. Comments on America's Joblink Alliance breach. Acalvio's Chris Roberts wonders if AI and Machine Learning are all they're cracked up to be. Palo Alto Networks' Rick Howard has an update on the Cyber Threat Alliance.And Estonian experience suggests to the world that President Putin is a proud spirit who cannot...
Newly disclosed threats and vulnerabilities, mostly criminal. Catphishing peer review. The US may indict North Korea for the Bangladesh Bank heist.
In today's podcast we offer a rundown of recently announced threats and vulnerabilities in stores and documents: Play Store, App Store, and MS Office. Some crooks move to the cloud. GoDaddy buys Sucuri. The US is rumored to be preparing a North Korean indictment for the Bangladesh Bank heist. Social media look for bad bots. Level 3's Dale Drew describes botnet evolution. LookingGlass' Eric Olson explains FaceBook Marketplace security.And some dodgy scientific journals seem to use catphish for peer review.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Laptop restrictions are for physical, not cyber reasons. Necurs is back, pumping and dumping. MajikPOS notes.
In today's podcast, we hear that laptop flight restrictions spread as security services continue to grapple with ISIS inspiration operations. The Necurs botnet returns, but now it's swapped pump-and-dump scams with penny stocks for its usual ransomware payloads. MajikPOS is active in the North American wild.Joe Carrigan from the Johns Hopkins University Information Security Institute reviews lessons learned from the Cloudbleed event. Philip Susmanndescribes Norwich University's DECIDE cyber simulation platform.And the Bangladesh Bank hack looks like it may have been a North Korean job.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Extortion claims. Election influence operations seem likely to continue. A Russian bank claims it's being framed by DNS spoofing. "Cyber Pearl Harbor" fears may be a distraction.
In today's podcast, we hear about the claim that "the Turkish Crime Family" is holding iPhones hostage. WikiLeaks grumbles that it has few takers for its Vault 7 bugs. Germany raises its state of cyber alert, pre-election. The US expects more Russian cyber and influence operations. A Russian bank says it was framed (and maybe it was). UMD's Jonathan Katz provides technical details on the recent SHA-1 collision. Mandiant's Ronald Bushargives us highlights from their M-Trends report.Fears of a "cyber Pearl Harbor" may distract from real ICS risks. And no, Martians haven't landed in New Jersey. Learn more about your...
Careless criminals, Cisco mitigations, and Vault 7 disclosure conditions. A look at the Atlantic Council's Cyber 9/12. Cabin fever and malware infections. Kirk ransomware.
In today's podcast we ask whether careless cyber criminals working for the FSB blew the gaffe on the Yahoo! hack. WikiLeaks offers to share Vault 7 vulnerabilities with vendors, but it wants something in return. A look at the Atlantic Council's recently concluded Cyber 9/12 competition. Does cabin fever increase the risk of being hacked? Enigma Software saw things during last week's unseasonable US weather that suggests it might. We welcome David Dufour from Webroot to the show as our newest industry partner.And Kirk ransomware is ready to beam into your enterprise.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyberspace and "Cold War Two." Who's leaking to WikiLeaks? Wishbone breachedwarn the kids. Crimeware-as-a-service. The Active Cyber Defense Certainty Act.
In today's podcast, we hear about observers who look around and think they may be seeing Cold War Two in cyberspace. (But this is no bipolar conflict.) Investigation into Vault 7 continues as people wonder where WikiLeaks gets its leaks. The quiz app Wishbone has been breachedtake it as a teachable moment with the children. Fileless malware gets quieter as researchers get close to the cyber gang. A cloud-based keylogger is getting ready to take black market share. Palo Alto Networks' Rick Howard describes a capture-the-flag collaboration. Futurist Brian David Johnson explains Threatcasting.The proposed Active Cyber Defense Certainty Act. And...
Lazarus Group is back. Dun & Bradstreet loses data; so does ABTA. Patriotic cyber rioting or state influence operations. US indicts four in the Yahoo! breach.
In today's podcast we hear about the return of the the Lazarus Group (or maybe it never really left). A Dun & Bradstreet database is compromisedmore than thirty-three million are said to be affected. British travel association ABTA suffers a breach. Notes on identity theft. Netherlands voter information sites hit with DDoSTurkish hacktivists (or government operators) suspected. The University of Maryland's Center for Health and Homeland Security's Markus Rauscheckerdescribes the increasingly important role of cyber lawyers in M&A activity. Digital Guardian's Tim Bandos has methods for protecting against state sponsored actors and hacktivists.The US indicts four in the Yahoo! breachtwo...
Influence ops, third-party apps with an appetite for permissions, and criminal competition. Google purges malicious apps from the Play Store. Advice for whistleblowers. Farewell to Becky Bace.
In today's podcast, we look as influence operations in the UK and in Europe: the former emanate from Russia, the latter from Turkey. Third-party social media apps increase your attack surface. Petya ransomware is stolen and improved by rival crooks. Google purges bad apps from the Play Store. Patch Tuesday notes. A convicted leaker offers some unexpected wisdom for prospective whistleblowers. Lawyers can't figure out the GDPR. US said ready to indict four for the Yahoo! breaches. Emily Wilson from Terbium Labs discusses the effects of high profile breaches on Dark Web markets. Justin Harvey from Accenture Security wonder if...
Canadian government sites recover from the Apache Struts vulnerability. FireEye's M-Trends report is out, calling out greater sophistication in financial cybercrime. USAF accidentally exposes SF86s. Vault 7 update.
In today's podcast, we hear about how the Apache Struts bug has bitten in Canada. FireEye sees financial cybercrime approaching state espionage exploits in sophistication. The US Air Force leaves sensitive personal information exposed in a backup database. Investigation into WikiLeaks' Vault 7 continues. Okta files for its IPO. Ben Yelin from the UMD Center for Health and Homeland Security reviews a mobile device privacy bill. Adam Thomas from Deloitte outlines their latest cyber insurance report. And today is Patch Tuesday.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Vault 7 updatesobservers speculate about an inside leaker. Pre-loaded Android malware raises supply chain concerns. Ransomware in Japan. Convincing Chrome-spoofing malware. GCHQ warns UK parties to expect Russian influence operations.
In today's podcast, we review some speculation about Vault 7 that holds the leaker was an insider. (But there's no specific insider named, yetthe investigation is still in its early stages.) Supply chain security issues are raised by both Vault 7 leaks and discovery of pre-loaded malware in some Android devices. Bitcoin won't get its own ETF, yet. Japanese companies willingness to "pay to make it go away" is seen playing into the hands of ransomware extortionists. Dr. Charles Clancy from Virginia Tech's Hume Center surveys the end-to-end encryption debate. Novetta's Dr. Corey Petty previews his upcoming Etherium smart contracts...
WikiLeaks, responsible disclosure, and insider threats. Playstation credentials rumored to have been compromised. Apache Struts bug being actively exploited. DPRK missile cyber security. A look at West African cybergangs.
In today's podcast, WikiLeaks offers to enter the responsible disclosure game, but be warned: there are legal problems should you accept classified information. Some AV companies tout their reviews in Vault 7. Speculation about how CIA hacking notes leaked turns to an insider threat. HackRead warns that Playstation credentials may have been compromised. The Apache Struts vulnerability is being exploited in the wild. Observers cast doubt on reports the US successfully hacked North Korean missile launches. Joe Carrigan from the Johns Hopkins University Information Security Institute weighs in on SHA-1. Comodo's Kenneth Geers share insights from their 2016 Global Report.Trend...
Vault 7 doesn't show much evidence of false flag operations. The most interesting question the WikiLeaks dump raises is, where did the material come from? RAND studies the zero-day market. The Near Abroad wishes for more US soft power.
In today's podcast, we follow the Vault 7 story and the false flags that really aren't there. A call for more stress-testing of software. RAND reports on the market for zero-days. The Near Abroad warns the US that it would like to see more American soft power deployed in their part of the world.Jonathan Katz from the University of Maryland praises Google's Project Wycheproof. VMWare's Tom Corn provides his take on the promise of secure cloud environments.
Learn more about your ad choices. Visit megaphone.fm/adchoices
WikiLeaks and Vault 7
In today's podcast we talk over the latest news, rumors, gossip, and common sense surrounding WikiLeaks and its Vault 7 dump of hacking tools and other spy stuff. And wait a minutedo angels really weep? After all, they're supposed to be pure intelligence. But you came here for the hacking, not the angelology, and there's a lot of stuff dancing around in Vault 7. Research Scientist Jim Walter from Cylance weighs in with his take. Some people even see dancing Bears, but we think they're seeing things. Dale Drew from Level 3 Communications tracks changes theyre seeing in DDoS attacks....
StoneDrill succeeds Shamoon. Trojanized Android Facebook Lite. Progressive groups threatened with doxing, blackmail. WikiLeaks' Vault 7. Hacking back? Wiretapping?
In today's podcast we hear about how StoneDrill maybe succeeding Shamoonit's more evasive and at least as destructive. Malwarebytes advises sticking to Google Play to avoid a new Trojan. Russian hackersapparently mobsters who've copped some of Cozy Bear's MOare blackmailing US progressive political groups. The University of Maryland Center for Health and Homeland Security's Ben Yelinexplains Amazon Alexa's role in a murder case. Neill Feather from SiteLock describes a Wordpress vulnerability. Congress considers a bill to allow companies to hack back. WikiLeaks' Vault Seven seems mostly unsurprising. Washington wiretapping allegations prompt recriminations.
Learn more about your ad choices. Visit megaphone.fm/adchoices
RSA 2017 Roundup Perspectives, Pitches and Predictions [Special Edition]
In this CyberWire 2017 RSA Conference special edition, we wrap up our show coverage with insights from experts, about the trends theyre seeing, the products theyre pitching, and where they think we, as an industry, need to go. Guests include: Mark Dufresne, Director, Threat Research and Adversary Prevention, Endgame https://www.linkedin.com/in/mark-dufresne-b3275610a/ James Lyne, Global Head of Security Research, Sophos https://www.linkedin.com/in/jameslyne/ Emily Mossburg, Principal, Cyber Risk Services Leadership Team, Deloitte & Touche https://www.linkedin.com/in/emilymossburg/ Mark Nunnikhoven, Vice President, Cloud Research, Trend Micro https://www.linkedin.com/in/marknca/ Levi Gundert, Vice President of Intelligence and Strategy, Recorded Future https://www.linkedin.com/in/levigundert/ Carl Leonard, Principal Security Analyst, Forcepoint https://www.linkedin.com/in/carl-leonard-5486405/ Evan Blair,...
Warnings of DNSMessenger. Cyber deterrence, and cyber offensive operations. Notes on DDoS. Election surveillance allegations.
In today's podcast, we hear about warnings from Cisco's Talos unit and others concerning DNSMessenger, a dangerous and evasive RAT. DDoS hits Luxembourg government sites and remains a threat to businesses. The US is said to be running a cyber campaign against North Korea's ballistic missile program. The US Defense Science Board releases its report on cyber-deterrence. Rick Howard from Palo Alto Networks explores the history of security orchestration.Mutual recriminations over allegations of election-season campaign surveillance swirl in the US.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Risk mitigation scores some wins this week. Amazon finds the typo that took out the Internet. Symantec gets into the VC game. Yahoo! agonistes. Wassenaar's prospects. PRC wants cyber peace. And farewell to Howard Schmidt.
In today's podcast, we review some encouraging news about Android apps, Cloudbleed, and Slack's swift bug patching. Amazon finds a typo at the root of Wednesday's internet outages. Symantec opens a venture arm. Yahoo! breach post mortems continue. Decryption tools for Dharma ransomware are out. Prospects look dim, again, for Wassenaar. China calls for the demilitarization of cyberspace. Terbium's Emily Wilson surveys the Dark Web scene during tax season. MasterCard's Melanie Gluck takes us behind the scenes of credit card security.And the security sector bids farewell to Howard Schmidtleader, advisor, and mentor.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Online banking funds transfer fraud.Telegram and phone scams. FCC regulatory update. Insider threats in the IC. And bad robots.
In today's podcast we hear about how a criminal gang is deploying sophisticated malware against remote banking system customers. Business email compromise continues to appear in the wildbe good to your proofreaders, CEOs. Telegram being used by phone scammers. FCC privacy and caller-ID blocking regulations debated. Vulnerable WordPress plug-in found. Markus Rauschecker from the University of Maryland Center for Health and Homeland Security reviews the privacy implications of Smart Cities. Tony Guada from ThinAir explains the weaponization of data. And lifesure was a lot easier before toys became part of the IoT.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Internet outages were errors, not attacks. Evolving Trojans and botnets. M&A news. Cyber casus belli. Terminators and teddy bears.
In today's podcast, we hear that yesterday's Internet outages were due to errors in Amazon's S3 servers. Dridex has evolved to become more evasive. The Necurs botnet acquires a DDoS capability. Web cache deception attack technique is described. Austrian authorities think they have a suspect in the attempted cyberattack on Vienna's airport. Palo Alto buys LightCyber. Companies continue to grapple with GDPR compliance. Uncertainty about US policy direction expected to drive an increase in foreign cyber espionage. The University of Maryland'sJonathan Katz reviews encryption types. Jon Gross from Cylance explains Snake Wine.Congress thinks about casus belli in cyberspace. And in...
Alleged BND surveillance of news organizations. Snake Wine in Japan, for disinformation? Singapore military phished. Google discloses more Microsoft unpatched bugs. Cloudbleed update. CloudPets may have privacy issues.
In today's podcast, we learn that the BND may have been listening to the BBC, but not in a good way. Cylance reports on Snake Wine, a curiously familiar vintage sniffed in Japanese networks. Singapore's military sustains a phishing campaign without sustaining apparent damage. Google discloses more unpatched Microsoft vulnerabilities, these in IE and Edge browsers. Criminals claim to have exploited Cloudbleed, but the jury's still out. Joe Carrigan from the Johns Hopkins University's Information Security Institute helps us understand Cloudbleed. Steven Grossman from Bay Dynamics reviews New York State's newly enacted cyber regulations.And watch your language around those networked...
If I Only Had a Brain... Artificial Intelligence Gets Real at RSA 2017 [Special Edition]
At the 2017 RSA conference, artificial intelligence and machine learning were on just about everyones list of hot topics. Countless companies are offering AI and ML solutions, with many of them claiming game changer status. In this CyberWire special edition, we gather a group of experts to help sort through the hype, try to agree on some definitions, demystify the technology, and make the business case for artificial intelligence.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cloudbleed and what it means to you. Ransomware updates. News from the Moscow treason trials. Coachella Festival breached.
In today's podcast, we hear how Cloudflare suffered from Cloudbleed. The bug's now swatted, but it will take a lot of people some time to clear up their passwords. Spora ransomware's customer service gives lousy service. TrumpLocker ransomware's just VenusLocker poaching some brand equity. Pen testers say they can break into most networks in under twelve hours. FBI asked again how it gained access to the San Bernardino jihadist's iPhone. Update on the Moscow treason trials. The University of Maryland Center for Health and Homeland Security's Ben Yelindescribes some unintended consequences from a Trump executive order.Headed to Coachella? Hang onto...
SHA-1 is broken. Grizzly Steppe and Carbanak. M&A notes. Linux patched. Arrest in Deutsche Telekom hack. The insecurities of connected cars.
SHA-1 is broken, for real. Grizzly Steppe threat actors seem to have a lot in common with the Carbanak gang. Bitcoin exchange hit by DDoS. Linux patches an old vulnerability. Reuters says Symantec was in talks to buy FireEye, but the companies backed away from a deal. An arrest in the Deutsche Telekom hack. Dr. Charles Clancy from Virginia Tech's Hume Center explores the designation of election systems as critical infrastructure. Jason Porter from AT&T decribes the newly formed IoT Cybersecurity Alliance.And what the vulnerability researchers found when they looked at connected cars. Learn more about your ad choices. Visit...
Patcher ransomware. Locky, Cryptowall, and Cerber are still active; so is old-fashioned blackmail. NSA keeps the VEP. Reactions to New York State's cyber regs for banks. Observations of BugDrop, and thoughts on cyber war and attribution.
In today's podcast, we hear about how Patcher ransomware is infesting Macs. Locky, Cryptowall, and Cerber are also still out and about in the wild. NSA seems likely to continue its Vulnerabilities Equities Process. Industry reactions to New York State's coming cybersecurity regulations for financial institutions. A look back at RSA discussions of cyber warfare. Further developments in the study of BugDrop malware. Terbium Labs' Emily Wilson examines the way novel exploits becomes part of the standard tool kit.And TruSTAR looks at Grizzly Steppe and has some thoughts on the difficulties of attribution. Learn more about your ad choices. Visit...
Influence operations. A new Mirai version is potentially more dangerous than the old one. Proofs of concept. New York's cyber security regulations for banks. What Verizon will get from Yahoo!
In today's podcast, we hear from Paris that Moscow's not welcome in upcoming French elections. A new version of Mirai is out, spreading through Windows systems. Researchers warn of FTP protocol injection vulnerabilities in Python and Java. A new JavaScript exploit may affect Internet Explorer. New York State's new financial sector cyber regulations take effect next Wednesday. The Johns Hopkins University's Joe Carrigan reviews privacy tools from the EFF. Mark Dufresne from Endgame explains Fileless Attacks.A quick glance back at RSA, and some analysts' thoughts on why Verizon still wants Yahoo!'s assets.
Learn more about your ad choices. Visit megaphone.fm/adchoices
A coming surge in North Korean hacking? Middle Eastern cyber espionage campaigns. Microsoft patch issues. Infowar updates. NIST's draft electrical utility cyber guidance. Problematic toys.
In today's podcast, we hear that analysts are predicting a surge in North Korean hacking after China embargoes coal. ViperRAT catphishes the IDF. Magic Hound and Shamoon both use malicious macros to infect victim systems. TASS says no one really knows who hacked OSCE. Sputnik teases with a WikiLeaks tease. RSA Security's Zulfikar Ramzan offers insights from the conference. UMD Center for Health and Homeland Security's Markus Rauscheckerexplains how Airbnb might be affecting some foundational elements of the internet.Google shames Microsoft over patching. NIST has cyber advice for power utilities. Some RSA notes, and My Friend Cayla gets the boot...
International norms of cyber conflict. Fancy Bear's tradecraft (with a side of ). RDPPatcher, Cerber, Ticketbleed, and Hermes. And the vibe around RSA 2017.
In today's podcast, we talk about hybrid warfare, with disinformation, cyber espionage, and spyware infestationswe also hear calls for norms of cyber conflict. BugDrop is active in Ukraine, and researchers see some cut-and-paste oddness slip from Fancy Bear's paws. A new X-Agent variant is out: this one infects Macs. Ransomware thumbs its nose at security products. A look at RSA trends as the conference closes. Aconveration with City of San Diego CISO and author Gary Hayslip. Rick Howard from Palo Alto Networks on a new addition to the Cyber Canon that's all about DevOps.And where do we get one of...
Ukraine accused Russia of renewed hacking by BlackEnergy actors. ASLR bypass proof-of-concept reported. Notes from RSA, and an update on Android gunnery malware.
In today's podcast, in addition to notes from RSA, we hear some fresh accusations of Russian government hacking from Ukraine. Threat actors adapt. ASLR bypass exploit demonstrated. Yahoo!'s acquisition by Verizon appears likely to be deeply discounted. From RSA, notes on coming industry consolidation. Dale Drew from Level 3 Communications offers a strategy for choosing security vendors. James Lyne from Sophos provides his take of the RSA conference from the show floor.An update on the Popr-D3 Android malware. How they name the bears.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Nation-states or criminal gangs? Update on Polish banking attacks. And an update on RSA.
In today's podcast we consider the difficulty of distinguishing nation-state hacks from criminal capers. It's not always clear, and sometimes it's a distinction without a difference. But in any case, many call for international norms of cyber conflict. Waterholes and catphish. Ben Yelin reviews President Obama's security legacy. Steve Grobman from Intel Security on the challenges of changing course.RSA is at its midpoint; we offer some of what we're hearing on the floor about false alarms, where to draw the perimeter, and concerns about the Internet-of-things.
Learn more about your ad choices. Visit megaphone.fm/adchoices
RSA Updates. Microsoft calls for Geneva Convention for cyber. Phishing.
Researchers look into a wave of attacks on financial institutions. Microsoft calls for Geneva Convention for cyberspace. We take a look at phishing. The RSA conference is underway, and weve got news from the innovation sandbox, and venture capitalists. Trevor Hawthorn from Wombat Security shares insights from their State of the Phish report. Emily Wilson from Terbium Labs outlines nationalism on the dark web.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyber attacks reported in the Middle East, from both states and non-state actors. Italy's Foreign Ministry hacked for months in 2016. Cyber and kinetic operations. RSA's Innovation Sandbox.
In today's podcast, Hamas appears to have improved its cyber attack capabilities. Egypt is believed to be ramping up Internet surveillance. ISIS sympathizers are being targeted with Android malware delivered over Telegram. The US increasingly integrates cyber into kinetic military operations. Russia is suspected of hacking the Italian Foreign Ministry. Malek Ben Salem from Accenture Technology Labs describes privacy techniques for data mining.And, of course, we begin our coverage of RSA in in San Francisco with a look at the annual Innovation Sandbox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Patching: the good, the bad, and the ugly. Script kiddies and disinhibition (with a caution about attribution). Industry notes, RSA, and Valentine's Day.
In today's podcast we hear about patching: the good, the bad, and the ugly. But mostly the good. Dridex is back. Brussels airport hacker turns out to be a literal script-kiddie, with the emphasis on the "kiddie." Moscow treason trials shut down Russian cooperation with Western law enforcement. Robert Lord from Protenus returns to share their Breach Barometer Report results. Ben Yelin from the University of Maryland Center for Health and Homeland Security revisits the Playpen case.Industry notes, a look ahead to RSA, and some Valentine's Day advice.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The Martin NSA-contractor case. Fileless malware hits banks worldwide. DDoS tools undergo refinement. Ransomware developments. Industry notes.
In today's podcast we review some updates on the Martin NSA-contractor case. Fileless malware hits banks worldwide. DDoS tools undergo refinement. Researchers take a look at ransomware developments. It's been an active week for the cyber sector in mergers, acquisitions, and venture funding. There's a new industry consortium for IoT security, and an autonomous vehicle consortium issues a manifesto for cooperation. Conga CISO Travis Howe shared his thoughts on privacy. The Johns Hopkins University's Joe Carriganprovides tips on third party DNS.And we suggest some good alternatives to doing random stuff.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Islamist hackers hit websites in Britain and Austria. Mac malware linked to Iran. Criminals follow the money into the cloud. M&A notes. Dendroid RAT author gets probation.
In today's podcast, we hear that ISIS-affiliated hackers deface UK National Health Service sites with propaganda. Turkish Islamists DDoS Austria's parliament. Poorly crafted, but troubling, Mac malware seems linked to Iran. Criminals follow the money into the cloud. Salient buys Triple I, Malwarebytes picks up Saferbytes, and Sophos buys Invincea. Pala Alto Networks' Rick Howard walks us through the adversary playbok.The author and purveyor of the Dendroid RAT gets probation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Brokerages in Taiwan face DDoS extortion. Polish banks hit in watering hole attack. Cyber vigilantes. Information operations. ShadowBrokers update?
In today's podcast, we hear about brokerages in Taiwan being extorted with threats of DDoS. Polish banks compromised in watering hole campaign. Criminals turn from JavaScript to less obviously suspicious kinds of files. Cyber vigilantes poke at unsecured printers and dark web hosting. China ratchets up its efforts to control its Internet. The US shares classified intelligence on Russian influence operations with European allies, and works on its own information operations capability. Dale Drew from Level 3 Communications takes note of the increase in ransomware. Rami Essaid from Distil Networks describes efforts to combat ticket scalping bots.And a former NSA...
Crime, not education. Slot machine scams. Ransomware updates. Fancy Bear in Norway? Russian treason charges. GCHQ say no to "witchcraft."
In today's podcast, we hear about how criminal markets offer ransomware-as-a-service under the guise of education. The UK's NHS and Licking County Ohio deal with separate ransomware attacks. The Slammer worm tried a comeback after fourteen yearsso patch those known vulnerabilities. Crooks scammed slot machines, possibly by defeating their pseudo-random number generation. Norway tracks Fancy Bear. Russia says FSB officers charged with treason gave info to the Americans, but not necessarily the CIA. Markus Rauscheckeroutlines proposed changes to the email privacy act.GCHQ says security companies are peddling "witchcraft."
Learn more about your ad choices. Visit megaphone.fm/adchoices
Jailbreaking or forensics? W-2s and business email compromise. Router vulnerabilities. Windows zero-day. Enterprise security priorities. Iranians cyber ops and Iranian dissent. US-Russian cyber tensions.
In today's podcast, we hear reports that Cellebrite forensic tools have been dumped online. The IRS warns that W-2 fraud is being combined with business email compromise. Cisco router vulnerabilities are under discussion. A Windows zero-day can produce the blue screen of death. Recent surveys prompt a review of enterprise security spending priorities: the perimeter is down, the endpoint is up, and network visibility is everywhere. Russia's treason trial proceeds. The US sends a good-cop/bad-cop message, or maybe just a mixed message, in cyber. Accenture Technology's Malek Ben Salem discusses embedded device security. Author Frederick Lane on his latest book,...
A black market for insider information. Cisco studies data breaches. The Internet as a threat actor's R&D infrastructure.
In today's podcast, we hear about how criminals are recruiting company insiders, and how the black market trades insider information for illicit speculation. Cisco studies the costs and causes of data breaches, and the security industry offers reactions. Jonathan Katz from the University of Maryland describes searchable encryption. Vadim Vladimirskiy from Nerdioexplains IT as a Service.The Internet seems to serve, again, as an R&D resource for threat actors. This time it's ISIS and commercial drones, but there's a lot out there for sale and trade.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Bear prints around the Czech Foreign Ministry. Tinker, tailor, soldier, hacker, Humpty Dumpty. Gamer forum breaches. Where in the world is Phineas Phisher?
Bear prints in the Czech foreign ministry. Tinker, tailor, soldier, hacker in Moscow, with a side of Humpty Dumpty. Gamer forum data breaches go undetected for seventeen months. Credential reuse (and the limitations of human memory) are seen as a big threat to security. An IBM study throws up its hands over the state of healthcare cyber security. Trustwave's Chris Schuelerreviews their latest report on resource limitations.Emily Wilson from Terbium Labs tracks the increased use of doxing.And Phineas Phisher, depending on whom you believe, is either under arrest or still at large.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Ransomware updates. Netgear vulnerabilities and patches. Breaking Android pattern lock. Delegated Recovery. Information operations.
In today's podcast, we review some ransomware developments: the good, the bad, and the ugly. Netgear routers and the mom-and-pop dilemma. Breaking Android pattern locks. Facebook has a novel approach to password recovery. Keysight will buy Ixia, and IBM's acquisition of Agile 3 Solutions gets positive analyst reviews. Australia's Data61 innovation shop wants to go all-in for cyber. ISIS makes hay of US immigration policy, but the group shows signs of cracks. Ben Yelinfrom the University of Maryland Center for Health and Homeland Securty revisits the CoinBase vs IRS case. Ian Cowger from RiskIQexplains malvertising.And remember Shaltai-Boltai. Learn more about...
2017 Cyber Security Forecast [Special Editions]
WWhat are you expecting in 2017 when it comes to cyber security? There are sure to be attacks like we saw last year, ransomware and botnets, IoT vulnerabilities we just didnt see coming. And what about all of those unfilled jobs? Can automation help fill the gap? Is the board room finally going to give cyber the attention it deserves? How will president Trump affect cyber policy?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Russian treason arrests may be tied to espionage. ANSSI director warns of cyber jihad. Symantec remediates Shamoon 2. U.S. Cellular was not breached.
In today's podcast we discuss some updates on the Russian treason arrests, with side suspicions being cast in the direction of underworld in-fighting. A principal victim of Shamoon 2 reports its recovery. IoT threats and the risk of always-on, always-listening devices. French security officials warn that cyber jihad could enlist cyber mercenaries. Cisco patches its telepresence software. Joe Carrigan from Johns Hopkins stops by to discuss always-listening IoT devices.And dont worry: no one really got locked into their room at that posh Alpine resort. (Worry about other stuff.)
Learn more about your ad choices. Visit megaphone.fm/adchoices
LeakedSource is down. DoubleFlag's called out for bogus stolen goods. Fancy Bear is in UK, German networks. Shamoon alert in Saudi Arabia. Scamming tech support scammers.
In today's podcast, we hear that LeakedSource is down, maybe for good. DoubleFlag seems to be selling bogus data on the black market. (And where, we ask, is the Ripper review? If you can't trust a criminal, who can you trust these days? Sad.) Fancy Bear is backactually, she never really leftnow snuffling at British and German networks. Saudi Arabia remains on Shamoon alert. The Dridex banking Trojan has reappeared, in an improved version. Dale Drew from Level 3 Communications shares findings on the Asia Pacific region. Vince Crisler from Dark Cubed puts Grizzly Steppe in perspective.And tech support scammers...
Dark Web trading post compromised. Ransomware updates. Reactions to Risk Based Security's 2016 breach report. International cyber conflict notes, and a treason case in Russia.
In today's podcast, Dark Web trading post AlphaBay looks buggy, and leaky. Some not-so-bad news on ransomware (and bravo to those Gateway City librarians). Risk Based Security's 2016 breach report says the USA is number one (but not in a good way). Sweden's armed forces recover from a cyberattack by unnamed parties. Saudi Arabia remains on high-alert for fresh infestations of Shamoon. Dan Larson from CrowdStrike weighs in on ransomware evolution. Markus Rauschecker from the University of Maryland Center for Health and Homeland Security highlights a Dept. of Commerce report on the IoT.And the Russian treason case may be closer...
Cleaning ransomware out of the Play Store (but snakes still get into the walled garden, so watch your apps). Vigilantes, vulnerabilities, and industry news.
In today's podcast we hear about Russia's arrest of a Kaspersky Lab threat researcher (charges are said to be unrelated to Kaspersky). Charger ransomware is detected and ejected from the Play Store. Mobile users are urged to watch their appstoo many snakes are still getting into the walled gardens. RATs evolve and return to the wild. Shamoon 2 expands its target set. A database vigilante may be out there. Awais Rashid joins us from Lancaster University to share thoughts on IoT devices in healthcare. Michael Lipinski from Securonixwonders if state actors have become a convenient excue.Cyber fraud rises in the...
Shamoon and Greenbug. HummingWhale purged from Play Store. Apple patches across its product line. Leadership changes at CIA, GCHQ. Lloyds Bank incident update. Honor among thieves? Nope.
In today's podcast, we discuss a report from Symantec that Shamoon may be connected to Greenbug. Google is purging HummingWhale malware from the Play Store. Apple issues a major set of patches across its product line. CIA has a new director; GCHQ's still looking for one. Yahoo!'s deal with Verizon will be delayed until April at least. Other industry M&A and venture funding news is more upbeat. Lloyds Bank is said to have been targeted with cyber extortion. Ben Gurion University's Yisroel Mirsky describes vulnerabilities with3D printers.And there's no honor among thievesif you don't believe us, ask the thieves. Learn...
Fake news tweets (from hijackers, not opinion-makers). Ransomware. New Android Trojans. Closing in on Mirai's master?
In today's podcast we discuss some fake tweets from hijacked news accounts around the time of the US Presidential transitionOurMine seems to have some at least tangential involvement. BankBot Android Trojan evolves, and Skyfin will quietly buy stuff you don't want from the Google Play Store. Sage 2.0 ransomware distributed by repurposed spam. Ill-named Dharma ransomware hits Indian pony site. Lloyds Bank disclosed DDoS attacks. Cryptographer Matthew Green describes Google new open source Key Transparency project. Jonathan Katz from the University of Maryland explains multivariate encryption.The SEC looks at Yahoo!'s breach disclosure record. And the FBI is taking an interest...
Carbanak gets trickier and more ambitious. Ransomware updates. It's beginning to look a lot like 1949 (at least from Moscow).
In today's podcast, we hear about how the Carbank cyber gang is getting trickier and more ambitious. In other cybercrime news, ransomware takes off after more databases. There's a new ransomware-as-a-service offering in the black market. Emily Wilson from Terbium Labs addresses perceptions of terrorists on the dark web. Simone Petrella from CyberVistaprovides her perspective on cyber security workforce issues.A new strain of Android ransomware hits Russian-speaking users. Locky's back, but in a feeble sort of way. Cybercriminals lock files at a cancer service not-for-profit. Russian policy wonks seem to suggest that we're not at the point in history where...
France braces for election hacking. Ukrainian utility says December blackouts were hacker-induced. Finding "Fruitfly." Tracking Mirai's master.
France prepares for election hacking. Ukrenergo [yook-REN-air-go] acknowledges its electrical service was hacked. Malwarebytes reports on Fruitfly, malware swarming about biomedical research facilities. Krebs believes he's found the author of Mirai. Anonymous says it's going to dox US President-elect Trump. Ben Yelinreviews your rights to privacy at the border. Nir Gillerfrom CyberXaddresses the false sense of security when it comes to ICS.And the RSA Conference announces the finalists in the Innovation Sandbox.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Carbanak gang is back. GhostAdmin works on data theft. Trolling security researchers. M&A notes. Pardons, commutations, and extraditions.
Carbanak is back, and in the cloud. GhostAdmin quietly assembles a few good bots. Malware writers troll security researchers on VirusTotal. Oracle issues a big patch; Apple is said to be preparing a smaller one. M&A activity is in the news. Australia investigates fallout from the Yahoo! breaches. Experts warn European election officials and politicians to be on the lookout for Bears. Rick Howard from Palo Alto Networks seeks a unified theory of security. David Bianco from Sqrrl offers advice on threat hunting.And US President Obama issues some pardons and commutationsGeneral Cartwright and Private Manning are on the list. Not...
Election influence and election security. Threats to power grids. Ransomware and phishing updates. Loyalty program risks.
In today's podcast we hear warnings that electrical utilities should regard hacks of Ukraine's power grid as a wake-up call (the squirrel threat notwithstanding). Various nations work to shore up their defenses against Russian government hacking and influence operations. Russia protests its innocence, but there are some reliable reports of Fancy Bear sightings in Norway. Cyber criminals are back, except for those behind Locky ransomware, who seem to still be on holiday break. New approaches to ransomware and phishing. Dale Drew from Level 3 Communications tell us about the BGP Flowspec.And a loyalty program at the Golden Arches may be...
Grid hacking in Ukraine. Cellebrite breached. WhatsApp encryption issue. EyePyramid notes. Sharing SIGINT. IG looks at FBI. Guccifer 2.0 and the ShadowBrokers take their bows.
In today's podcast we get updates on grid hacking in Ukraine and the case of the EyePyramid spyware in Italy. Smartphone forensics shop Cellebrite suffers a data breach. WhatsApp appears to have an encryption issue, but most observers think it's not really a backdoor. WordPress gets eight patches. ENISA issues recommended best practices for securing connected cars. A US Justice Department IG will look into the FBI's investigation of classified information handling in the Clinton State Department. President Obama expands NSA's authority to share raw SIGINT with other intelligence agencies. The Johns Hopkins University's Joe Carriganreminds us to protect our...
Grid hacks and influence operations. Propaganda sauce spread liberally over geese and ganders. Peace sign hacks? Hamas catphishes the IDF.
In today's podcast, we hear about the arrest of an Italian brother and sister for an EyePyramid spyware crime spree that may have been in progress since 2010. Ukraine confirms that Kiev's power grid was hacked last month, and the Ukrainian government tries to tide over some influence operations of its own. Policy wonks talk information operations and some realize that such ops aren't new. The peace sign hack joins the Gummibear hack as a challenge to biometric authentication. Yisroel Mirsky from Ben Gurion University explains new research usingdatabases of exploits and vulnerabilities.Quick industry notes. And Hamas goes catphishing. Learn...
Shamoon is back, now with credentials for virtual desktops. Ukraine believes it was hacked again. Ransomware updates. Elections, investigations, and influence operations. The Pokemon threat?
In today's podcast we learn that Shamoon is back, and still a nasty piece of work. Ukraine's grid was hacked again last month, probably by the same people who did it at the end of 2015. A new strain of ransomware offers a tiered extortion model (and unfortunately pretty solid encryption). France and Britain prepare for Russian election hacking. Awais Rashid from Lancaster University outlinesthe human factors in cyber security. Limor Kessem from IBM Security discussestheir recently released ransomware study.The debate over influence operations flares again in the US. And China still finds Pokemon threatening. Learn more about your ad...
Witch hunts and yard sales. See relationships, not dox. Rebrandings, mergers, acquisitions, and executive moves. Building anti-witch capabilities.
California says a nation-state was behind the Anthem hack. The ShadowBrokers hold a yard sale (we'd pass on the malware, but if they had a nice blender out we'd consider it). WikiLeaks says it's interested in relationships, not doxing. The US FDA confirms vulnerabilities in cardiac devices. Hello Kitty gets breached. Yahoo! will become Altaba, and get new leadership. Germany and the UK study ways of increasing cyber capability. The University of Maryland's Jonathan Katz reviews emerging encryption types. Uri Sternfeld from Cybereasonexplains their free ransomware prevention tool, RansomFree.Russia complains it's the subject of a witch hunt. Learn more about...
Election hacking, influence operations, and official reports. EU hacking concerns. Lawsuit over email's invention. Twitter frowns on unrequited love. Billy Bass, meet Alexa.
In today's podcast we hear about the report on Russian election hacking and influence operations the US Director of National Intelligence released Friday. Election hacking? Not really, but influence operations? You bet. Robert M. Lee from Dragos Security weighs in on the report.European authorities worry about Russia inserting itself into 2017 elections. Law, and order, torts and Twitter. Emily Wilson from Terbium Labs describes the role of law enforcement on the Dark Web.And a note on she-who-must-not-be-named (our listeners in San Diego will know exactly whom we meanheck, it's Alexa).
Learn more about your ad choices. Visit megaphone.fm/adchoices
Spearphishing in industrial espionage. Ransomware gets more widespread, ruthless, and perfidious. The US Intelligence Community assures the Senate that the Russians hacked the DNC.
In today's podcast, we hear about a worldwide spearphishing attack against industries in 50 countries. Ransomware is already proving as much of a problem as predicted: exposed data bases are hijacked in a turf-war among extortion gangs, and KillDisk has now appeared in ransomware kits. Investment analysts wonder if Verizon's bid for Yahoo!'s core assets will go through. Ben Yelin from the University of Maryland Center for Health and Homeland Security discusses the IRS demanding info on some bitcoin users. FireEye's Tony Cole reviews their latest report on what to expect in 2017.The US Intelligence Community tells the Senate that,...
Indiscriminate IOCs erode confidence in attributions. Official leaks erode trust in information sharing. Exploit updates.
In today's podcast we hear about how indiscriminate indicators of compromise spawn fake news about a Vermont grid hack. Meanwhile, the Mounties cautiously, tentatively, investigate some odd potential IOCs at an Ontario utility. A hacker claims he pwned the FBI, but it looks like a hoax. A quick rundown of exploits currently romping in the wildmany of them involve ransomware. Rick Howard from Palo Alto describesSecurity Orchestration. Marika Chauvin from Threat Connect shares research onHacktivists vs Faketivists.And yes, your thumbprint will authenticate you to your phone even if you've dozed off, Mom.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Hacktivists claim to perform a public service. Once and Recorded Future ransomware. Attribution controversies. Disturbing toys.
In today's podcast, we hear about how some hacktivists are again turning to defacement, which they claim to be doing as a public service to raise security awareness. Recorded Future takes a close look at ransomware's likely course in 2017. ISIS exposes itself online. Attribution controversies: the Vermont hack-that-wasn't, tactical hacks in eastern Ukraine, and the FBI-NCCIC Joint Analysis Report. Malek Ben Salem from Accenture Technology Labs describes how Deep Learning may be applied to cyber security.And would you hug Skynet, if it looked like Teddy Ruxpin?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Attribution issues: one story fizzles; another looks disappointingly circumstantial. Great powers jostle in cyberspace. Hacktivists resurface online. So, alas, do terrorists.
In today's podcast, we follow the way in which the Vermont utility hacking story fizzled. We also hear more serious grounds for concern about electrical grid security continuefrom Joe Weiss of Applied Control Solutions.Observers are disappointed by the Grizzly Steppe Joint Analysis Reportits evidence strikes many as mighty circumstantial. US-Russian cyber strategies and cyber diplomacy. Anonymous greets the Bilderbergers. ISIS claims responsibility for recent massacres as part of its online inspiration. Level 3 Communications' Dale Drew provides his take on the coming year.German police believe they've stopped a Saarland bomb plot.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Best of: Daniel Ennis
Our podcast team is taking a break this week for the holidays. Were revisiting some of our favorite interviews from 2016. Daniel Ennis is former director of the NSA Threat Operations Center, or NTOC, and is currently executive director of the University of MarylandGlobal Initiative on Cyber. We spoke with Daniel Ennis back in July.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Buying Cyber Security [Special Editions]
Every day there seems to be a new security product on the market, with many of them claiming they provide something that you simply cant live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Best of: Tom Coale
Our podcast team is taking a break this week for the holidays. Were revisiting some of our favorite interviews from 2016. Tom Coale is an attorney with the law firm Talkin and Oh, in Maryland, where one of his specialties is representing people who have been denied security clearances. Previously, Mr. Coale was Department Counsel for the Department of Defense, representing the government in security clearance due process hearings. We spoke to Tom Coale back in July.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Best of: Tom Wingfield
Our podcast team is taking a break this week for the holidays. Were revisiting some of our favorite interviews from 2016. Tom Wingfield is Professor of Cyberspace law at the National Defense University, and one of the authors of the Tallin manual, an academic study of how international law applies to cyber conflicts and cyber warfare. We interviewed Tom Wingfield back in October, on location at the 2016 ASUA meeting in Washington DC.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Best of: Abby Smith Rumsey
Our podcast team is taking a break this week for the holidays. Were revisiting some of our favorite interviews from 2016. Back in May, we spoke with author and historian Abby Smith Rumsey about her latest book, When We Are No More: How digital memory shapes our future. The book explores human memory from pre-history to the present, from pictures painted on cave walls to the present, with all the worlds knowledge available in an instant on our mobile devices.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Gunnery hacking. Influence operations and a proportionate response thereto? Yahoo breach post mortems. NIST issues Special Publication 800-184: "Guide for Cybersecurity Event Recovery."
In today's podcast we hear more about how Fancy Bear has gone to war. Russia denies meddling with US elections. US retaliation for influence operations is still under considerationsome speculate that when it comes, it may be loud. Siemens patches its widely used HVAC controller. Post mortems on the Yahoo! breach continue (and draw attention to cybersecurity EFTs). FBI Special Agent Keith Mularskidescribes the takedown of the Avalanche botnet.Awais Rashid from Lancaster University on data exfiltration by APTs.And NIST releases its guide to cyber incident response and recovery.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: ISIS offers Christmas inspiration (and it's got nothing to do with peace or good will). Fancy Bear makes a battlefield appearance. Blogging services under attack.
In today's podcast, we hear about ISIS attempts to inspire Christmas attacks. Ukraine is on the receiving end of Russian tactical cyber operations, and yes, it's Fancy Bear. Analysts mull the possibility of a Russo-American dtente emerging from cyber conflict. Mirai continues to rope maverick devices into its bot-herd.Virginia Tech's Hume Center's Dr. Charles Clancy explains mobile device encryption.Adnan Amjad from Deloitte describescreative ways of finding IT talent.And WordPress and Tumblr receive criminal attention.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Grid hacking in Ukraine? German terror investigations. Airliner vulnerability dispute. NIST wants post-quantum crypto standards. Project Wycheproof. Wassenaar update.
In today's podcast, we hear about Ukraine's investigation of Saturday's power outages around Kievspeculation says it was either a demonstration or misdirection. German police track terrorists' spoor online. Pakistani hackers hit Google's Bangladesh domain, possibly for the lulz. (Speaking of the lulz, OurMine is back and messing with Twitter accounts.) Panasonic and IOActive disagree over reports of airline vulnerabilities. Verizon mulls its Yahoo! acquisition plans, post-breach. NIST is looking for some post-quantum standards. Google's Project Wycheproof gets good early reviews. Joe Carrigan from the Johns Hopkins University Information Security Institute discusses the utility of burner email addresses. Sam McLane from...
Daily: Another Ukrainian power grid outage may have cyber causes. ShadowBrokers may have got Equation Group code from a rogue insider. WordPress brute-forcing. Evading volumetric detection. Methbot ad fraud. Wassenaar remains controversial.
In today's podcast, we discuss another possible cyber incident that hit Ukraine's power grid last Saturday. Flashpoint looks at the ShadowBrokers' alleged Equation Group code and sees a rogue insider behind the leak. WordPress sites are receiving a lot of brute-forcing attempts. New spam and other attack techniques are evading volumetric detection. Mirai is sniffing for new IoT bots, and Dave Larson from Corero Network Security tells us what to expect in 2017. Jonathan Katz from the University of Maryland outlines advances in fully homomorphic encryption. Russian crooks skim ad revenue with the Methbot scam. Wassenaar cyber arms control remains...
Daily: ShadowBrokers update. More consequences of the Yahoo! breach. Other sites suffer data compromises. US investigations of, plans for retaliation against, Russian influence operations proceed.
In today's podcast, we hear about how the ShadowBrokers are stocking their discount rack with Equation Group bargains. Yahoo's data breach attracts regulatory, investor, and due diligence scrutiny. Yahoo's stolen data is also being offered for sale on the dark web. Multiple other data breaches come to light, and skids hit online games with DDoS attacks. Ben-Gurion University's YisroelMirskydescribes vulnerabilitiesof the US 911 system.US investigation of Russian election influence operations continues, and the US says it's planning some sort of retaliation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: US Election Assistance Commission hacked. US, Russia, swap hard words over influence operations. Ransomware updates. More on the effects of the Yahoo! breach. Autonomous vehicles approaching.
In today's podcast we hear about "Rasputin," a cybercriminal selling US Election Assistance Commission credentials. US investigation of Russian influence operations continues, with promises of eventual retaliation (nose-thumbing from Moscow received in response). UK and EU officials worry about Russian meddling with 2017 elections. The Yahoo! breach sinks insome call it the "Exxon Valdez" of cyberspace. New ransomware strains and growing ransomware sector, but help in the form of an international public-private partnership. Markus Rauschecker from the University of Maryland Center for Health and Homeland Security discusses theNational Cyber Incident Response Plan (NCIRP). We talk privacy and encryption policy Jacob...
Daily: Yahoo's big breachindustry reactions. Spyware circulates in the wild. Investigation of election hacking continues. Hacktivism and "faketivism." The ShadowBrokers are back.
In today's podcast, we hear about Yahoo's disclosure of a record-setting breachover a billion customer accounts are affected. CyberWire editor John Petrik collects industry comments on the breach.Microsoft reports finding "FinFisher-like" spyware in the wild. US investigation of Russian election hacking continues. The case for and against Fancy Bear is being made by observers, but the Intelligence Community says it will keep its conclusions to itself until the investigation is complete. ThreatConnect describes "faketivism." And the ShadowBrokers are back, and their broken English hasnt gotten more convincing.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Nation-state hacking (and nation-state victims of hacking). Loyalty program breaches, and a new Android Trojan strain.
In today's podcast, we learn that Ukraine says its Defense Ministry was hacked, probably by Russia. US investigations of apparent Russian influence operations during elections continue. Venezuela talks up cyber threats as contributing to its financial crises. Dr. Web reports a new Loki Trojan variant in the wild. BugSec and Cynet disclose Facebook Messenger flaw (now patched).Level 3's Dale Drew provides insights on nation state hackers. Omri Iluz from PerimeterXwarns us about gift card fraud. Colonel's Club breached. And hacktivists go after Russian consular data.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: SWIFT issues new fraud warnings. US investigates Russian influence operations. Patch news. Wages of sin are in-game purchases?
In today's podcast, we learn that SWIFT has warned member banks of ongoing attempts at fraudulent funds transfer. US investigation of Russian influence operations continues, with bipartisan support. German fears of Russian election hacking persist. Apple iOS, McAfee VirusScan Enterprise, and AirDroid get patches. Tor releases a browser with upgraded anonymity. Kevin Bocek from Venafi reminds us of the looming SHA-1 sunsetting. Ben Yelin from the University of Maryland Center for Health and Homeland Security examines a case involving stingray devices and warrantless searches.And some guy steals a million so he can spend it on in-game purchases. Learn more about...
Daily: Stressor, booter shoppers arrested. Small DDoS against Russian banks. Botnets and home routers. Popcorn Time ransomware. US investigates Russian influence operations.
In today's podcast, we hear about how an international police action swept up youths shopping for DDoS tools. Russian banks sustain a mild, easily parried DDoS attack. Mirai gets trickier. US-CERT warns against vulnerabilities in home routers. Popcorn Time ransomware says it's doing good by doing bad, but few will be deceived. US opens an investigation after the Intelligence Community concludes that Russian services tried to throw the US election away from Clinton and toward Trump. Emily Wilson from Terbium labs describes the markets for drugs and pharmaceuticals on the dark web.And North Korea says they didn't do it, you...
Daily & Week in Review: Korean cyber alert amid a presidential impeachment. Germany calls out Fancy Bear for influence ops. Georgiathe Dixie one, not the one in the Caucasusdemands a cyber explanation. Holiday phishing, the enduring DDoS threat, and
In today's podcast, South Korea braces for the North to take cyber advantage of a constitutional crisis, but so far all's quiet. (Or most is quiet, anyway.) Germany takes official notice that Fancy Bear is working to disrupt next year's elections. The US state of Georgia thinks DHS may have tried to penetrate its election system post-election, and it wants to know what's up. ISIS is back online, and calling for attacks against Americans and Shiites. A phishing campaign trolls customer service reps with fileless malware. Experts expect more Mirai-driven DDoS. Rick Howard from Palo Alto Networks tells about the...
Daily: IP theft in Germany. "Sledgehammer" looks like DDoS by Turkish patriotic hacktivists. Floki Bot and Dridex in the wild. Competition for cyber talent in a tight labor market.
In today's podcast, we hear about an industrial espionage campaign against Germany's steel industry. Turkish hacktivists' Sledgehammer gamifies DDoS (and installs backdoors in its gamers). The Floki Bot Trojan is a cheap and evasive addition to the Zeus family. Dridex is back. GPS gets a cybersecurity upgrade. Too many people are still using Windows XP. Joe Carrigan from the Johns Hopkins University Information Security Institute reports back from the Grace Hopper conference. ZScaler's Deepen Desai describes the Stampado strain of ransomware.NSA is said to be struggling to compete with the private sector for cyber talent. Learn more about your ad...
Daily: Ransomware updates. IP camera vulnerabilities. Steganography makes a comeback. Controlling content, with or without Internet autarky. Zo replaces Tay?
In today's podcast, we hear that more network security cameras have been found vulnerable to bot-herding. Sony's are patched, so patch. Unpatched Flash bugs incorporated into exploit kits. New ransomware strains are out. Russia announces a new national Internet strategy as Canada and the EU grapple with the complexity and ambivalence of controlling extremist content. Steganography is back, alas, and in your banner ads. Dr. Charles Clancy from VA Techs Hume Center explains the challenges of developing security solutions that can function in both the federal and commercial realms. Ebba Blitz from Alertsec hasthe results of a survey on what...
Daily: State-directed cyberattacks in the 2017 forecast. Tenable's Cybersecurity Assurance Report Card. DDoS and ransomware notes. Content filtering in social media. Connected toys too curious.
In today's podcast, we hear that more state-directed hacking is in the forecast for 2017 (and Pyongyang seems to have a head start). A new DDoS botnet rivals Mirai. Ransomware notes. Android users are advised to stick with Google Play (and so avoid Gooligan). Content filtering in social media. Cris Thomas fromTenable talks about theircybersecurity report card. Awais Rashid from Lancaster University outlines critical national infrastructure.And more connected toys seems to be far too curious about those who play with them.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Presidential Commission on Cybersecurity offers its recommendations to the next President. Russia says its financial system is under cyber threat. Cybercrime notes, and a scorecard.
In today's podcast, we hear what the US Presidential Commission on Cybersecurity recommended in its long-anticipated report. Russia's FSB says today's the day foreign intelligence services are going to try to disrupt the Russian financial system. Ransomware author Pornpoker gets collared. Distributed guessing attacks might have been made against Tesco. Gooligan's business model is mostly advertising and garbage apps. Markus Rauschecker from University of MD's Center for Health and Homeland Security ponders IoT liability.Tenable's Global Cybersecurity Assurance Report Card tells the globe it's got room for improvement.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Europol and its partners say they've got the head of the Avalanche snake. DDoS and IoT botnet updates. Android vulnerability. New rules for warrants and insider threats.
In today's podcast, we hear about an international take down of the Avalanche cybercrime ring. (Bravo, FBIand others.) A vulnerability in AirDroid is reportedyou can find the app in the Google Play Store. Russia says there's a plot afoot to hack its banks and spread financial panic. US Senators tell the White House they want to know more about Russian attempts to influence US elections. This week has seen more Mirai DDoS, a resurgence of Shamoon, and another round of WikiLeaks doxing. There are also changes to NISPOM and Rule 41 in the US, and Ben Yelin from the University...
Daily: Shamoon and Fancy Bear are back. Mirai never left. San Francisco Muni saved by good backups. New Android Trojan found. Firefox patches threat to Tor anonymity. Surveillance policy, ISIS investigations in Germany.
In today's podcast, we learn that Shamoon is back, again probably from Iran, and again hitting Saudi targets. Mirai infestations are turning up in the UK; observers see a criminal race to round up the biggest bot herd. Fancy Bear is also back, and still pawing at WADA. Good backup practices enabled San Francisco's Muni light rail to recover from ransomware. Palo Alto warns of a new Android Trojan. Facebook says there's no way ransomware was hidden in Messenger images. Firefox patches the zero-day that threatens Tor anonymity. ProfessorJonathan Katz from the University of Maryland explains why ransomware crypto is...
Daily: Mirai remains a threat; experts expect more IoT-driven DDoS. ISIS, online radicalization, and terror attacks in the US. Snooper's Charter and its alternatives. Gooligan Android malware.
In today's podcast, we hear about Deutsche Telekom's recovery from DDoS, and why there's probably a lot more Mirai where that came from. Omri Iluz from PerimeterXgives us the background on botnets.Germany arrests an alleged mole in the BfV. ISIS claims the Ohio State attacker as its "soldier." The Snooper's Charter becomes law in the UK. San Francisco's Muni hangs tough on ransomware. A new Android malware strain is out in the wild. We welcome Awais Rashid from Lancaster University to the show.And Ross Ulbricht's defense team say they've found a third crooked cop in the Silk Road case. Learn...
Daily: ISIS online sympathizers (but not ISIS itself, which is lying a bit low) claim Ohio State attacker. German security agencies warn of possible Russian disruption of elections. Mirai strikes again. San Francisco's Muni shrugs off ransomware. A look a
In today's podcast, we hear about how ISIS sympathizers are celebrating the Ohio State slasher rampage in social media. Germany's BND warns of Russian plans to disrupt elections. Deutsche Telekom recovers from a Mirai-driven DDoS attack. San Francisco's light rail recovers from ransomware (and resumes collecting fares). Holiday retail cyber security trends. A look into the dark web. Continuing security troubles for former and prospective US Secretaries of State. Level 3's Dale Drew takes a look at critical infrastructure.The Carter Administration gets doxed, and xHamster is breached.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Securing a Deal - Cyber Security Venture Capitalists on what they look for. A CyberWire Special Edition. [Special Edition]
In this CyberWire Podcast Special Edition, we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists what they expect before they invest.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Military, law enforcement cooperation take a toll of ISIS operators. DDoS investigations. Mirai botnet can be rented on the black market. Beware ATM skimmers. Ransomware hits San Francisco light rail. Bogus news of cable show hacking.
In today's podcast, we hear about how military, law enforcement cooperation are taking a toll of ISIS cyber operators. President Obama says the US elections weren't affected by hackers. DDoS in Brussels and Ireland remain under investigation. A Mirai botnet is available for rent on the cyber black market. ATM skimmers threaten holiday usersand the new inset skimmers are tough to detect. Ransomware hits San Francisco light rail (so the Muni lets passengers ride free). Booz Allen's Brad Medairywalks us through the Ukraine grid hack.Emily Wilson from Terbium Labs describes how they celebrate the holidays in the Dark Web.And no,...
Daily: ISIS shows a slightly different face in cyberspace. BITAG issues advice to the IoT industry. Jackpotting and carding investigated.
In today's podcast, we hear about how ISIS is making its way, quietly, back into the cyber news (and how the Australian Signals Directorate is on the case). The Broadband Internet Technology Advisory Group wants the IoT industry to face some unpleasant facts, and the security industry calls for standards. Europol finishes its second sweep of money mules. ATM jackpotting spreads in Europe and Asia. India suffers a wave of carding. Joe Carrigan from the Johns Hopkins University Information Security Institute reports back from the NICE Conference. BBC Journalist and Author Gordon Corera is our guest, discussing his latest book,...
Daily: Banks are vulnerable to more than carding and transfer fraud. Ransomware updates. Lessons for users from the Three Mobile hack. Biometrics (with hedgehog). Election hacking retrospective.
In today's podcast we hear about the FBI's warning that cash-spewing ATMs could be coming to a strip mall near you, courtesy of the Russian mob. Bad news and good news about ransomware. Another Android backdoor is reported. Exploitable security cameras get a patch. The Conficker worm's still crazy after all these years. Lessons for users from the Three Mobile hack. Biometrics meets the Wind in the Willows? (Fujitsu Biometrics' Derek Northropeprovides a reality check.)Palo Alto'sRick Howard discusses the disconnect between the board room and the tech crew.China's new Internet law. And what have Fancy and Cozy Bear been up...
Daily: More of the customary cybercrime, but with additional warnings of new ransomware vectors. Dodgy apps and holiday shopping. Credential abuse. No pardon for Snowden, for now, anyway.
In today's podcast, we talk about thinking twice before opening pictures received via Facebook Messenger. A recruiting site exposes GitHub profiles. Investigation of credential abuse in the Three Mobile upgrade fraud continues. Fortinet warns German users against an Android banking Trojan. Much advice on how to stay safe online during holiday shopping is out. Symantec plans to buy LifeLock, and Optiv is filing an IPO. President Obama says, while in Berlin, that he won't pardon Snowden. Rumors of DNI and SecDef discontent with Director NSA circulate. Markus Rauschecker from the University of MD Center for Health and Homeland Security reviews...
Daily & Week in Review: US DNI Clapper says Russia "curtailed" election hacking after being named. Three Mobile breached. Android and iOS issues. Good news on ransomware. Start-up rundown. China calls its Internet controls "wisdom."
In today's podcast, we hear about US DNI Clapper's long-expected resignation and his contention that attributing election hacking to Russia seems to have induced Moscow to "curtail" such operations. The UK arrests suspects in an upgrade fraud scheme suffered by Three Mobile and its customers. Updates on Android spyware and banking Trojans. Siri might be helping bypass your iPhone's lockscreen. There's good and bad news about ransomware, but, happily, more good than bad. A quick review of the week's industry news, with an emphasis on cyber security start-ups. Dr. Charles Clancy from Virginia Tech's Hume Center outlines Virginia's new Cyber...
Daily: Social media aren't automatically on the right side of history, it seems. More on the Adups backdoor. Holiday shopping cyber-safety and security.
In today's podcast, we hear about German concerns over Russian meddling in elections. In the US, the NSA Director says a nation-state made a conscious attempt to influence American elections. Dictators can use social media, too, it seems. Huawei and ZTE reassure customers about the Adups backdoor. Holiday shopping security warnings are out, and they're not just about online purchases, eitherwatch out for that in-store Wi-Fi. The UK's Snooper's Charter passes the House of Lords. Ran Yahalom from Ben Gurion UniversitydescribesUSB hardware attacks. John LaCour, CEO of Phishlabs provides advice on avoiding(wait for it) phishing attacks.And a Russian court tells...
Daily: An insider threat deadline approaches. Lawful intercept tools from Italy. Carbanak moves to new targets. Security policy in Germany and the US. A guilty plea in the TalkTalk hack.
In today's podcast, we hear about some lawful intercept tools that have been found prospecting Android. Synack calls shenanigans on Shazam, but maybe no harm, no foul. Carbanak turns from banks to hospitality. Insider threats and how to mitigate themif you've got a facility clearance, you've got a deadline coming up, andSteven Grossman from Bay Dynamics explains what it means.Arlington Capital merges three of its companies into a new cyber shop, Polaris Alpha. Symantec is rumored to be sniffing at LifeLock. Cyber policy discussions in Germany and the US sound a lot alike. Jonathan Katz from the University of Maryland...
Daily: It walks, it talks, it reports to Shanghai. Locky takes a run at US Army Cyber Command. CrySis decrypted. SpamTorte 2.0 is out. Adults should be warned off by "adult."
In today's podcast we hear about a backdoor Kryptowire has found preinstalled in some Android phones.We speak with Ryan Johnson, the researcher who discovered the vulnerability. TheLocky ransomware takes a run at US Army Cyber Command. CrySis ransomware is decrypted. SpamTorte 2.0 is out, and it's thinking big. A Trojan may be implicated in the Tesco fraud campaign, and it may have more banks in its crosshairs. Emily Wilson from Terbium Labs shares the findings of their latest report on the Dark Web, and Ping Identity's Pamela Dingle explains the Digital Transformation Journey.And watch out for the AdultFriendFinder-themed spam that...
Daily: Russian banks suffer IoT botnet DDoS. Fancy Bear's still phishing. Lessons from Tesco fraud. Third-party risk hits Michael Page. Casino Rama data breach. Adult website loses data for 339 million accounts. FTC litigation. Moscow anti-trust case.
In today's podcast, we follow up on last week's DDoS against Russian banks. Fancy Bear's been poking at think tanks, and ESET has a rundown of Fancy's fancies over the last couple of years. DDoS can be low and slow as well as high and noisy. Banks consider cyber lessons learned from Tesco heists. International recruiter Michael Page blames a third-party for data loss. Canada's Casino Ramathat's the casino's namesustains a breach. A family of sites none of you would visit is also breachedwe tell you because you're probably asking on behalf of 339 million friends. LabMD wins a stay...
Daily: Yahoo! warns Verizon deal may be at risk. More OPM-themed ransomware phishing. Cyber policy advice for, and speculation about, the next US Administration.
In today's podcast, we look back at election hacking concerns in the US (most of which didn't happen) and we hear from some people who offer advice for the next administration's first 100 days. Fancy Bear is phishing with Adobe and Microsoft zero-days. Investigation of the Tesco fraud continues. It looks as if the Bangladesh Bank might recover some of its losses in the SWIFT heist. There's an OPM-themed phishing campaign afoot. Server database issues point up the importance of digital hygiene. More Yahoo troubles. Markus Rauschecker from the University of Maryland Center for Health and Homeland Security explains new...
US elections proceeded undisrupted by hacking. Patch Tuesday review. Banking Trojans, Android trigger-malware, and thermostats gone wild.
In today's podcast we look at Patch Tuesday: Microsoft closes thirteen vulnerabilities (five of them "critical"), Adobe fixes Flash Player, and Google addresses Android issues. "Trigger-based" mobile malware, and why it's hard to see. Why usability matters to security. Tesco continues to recover from ATM fraud. Canadian police surveillance is scrutinized. Thermostat trouble in Finland. The Johns Hopkins University's Joe Carrigan discusses privacy of medical records. Professor Gene Tsudik from University of California, Irvine, explains a potential vulnerability with typing while Skyping.And, oh, we also hear there was some election or something in the US. Learn more about your ad...
Daily: Election Day cyber updates. Mirai goes to pieces. Five Eyes and Europol take down dark web souks. Turkey and clamps down on their Internet.
In today's podcast we hear that US authorities are ready for election hacking, but assess the risk as low. (The information operations, however, seem to be another matter.) Flashpoint sees Mirai being fragmented in a black-market market correction. Users in Turkey flee censorship into Tor. Operation Hyperion shuts down a lot of dark web nastiness. Tesco fraud investigations continue. Palo Alto's Rick Howard describes a new white paper on the growing sophistication of Nigerian online scammers. CrowdStrike's Dan Larson explains the evolving motivations of threat actors.And an email spoofer tells the court there's no tort, because his email was so...
Daily: Election Eve cyber threat roundup. Retail bank Tesco stops online banking after wave of fraud.
In today's podcast, we offer an Election Day Eve round-up of current cyber tensions, especially between the US and Russia: influence operations for sure, disruption possibly, vote manipulation maybe (but probably not). Ukrainian hacktivists continue to dox a major Putin consigliere. UK retail bank Tesco shuts down online operations due to a wave of fraud. Ben Yelin from the University of Maryland Center of Health and Homeland Security provides a final assessment of the US presidential candidates.And Indian police say a rival service seems responsible for a July DDoS attack in Mumbai.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Mirai, "Botnet #14," hits Liberian networks. Anonymous doesn't much care for either jihad or the Man. A new security company forms with acquisition of Cryptzone, Catbird, Easy Solutions, and Brainspace. Election hacking updates.
In today's podcast, we hear about how Liberia has sustained a significant DDoS attack (Mirai is behind it). Linux/Moose is also on the IoT loose. Hospitals in the UK continue to recover from ransomware attacks. Anonymous doesn't like ISIS, but it also doesn't like the governments who are fighting the Caliphate. Exaspy malware targets business leaders' Android phones. A new joint venture is poised to become a mid-major in the cyber security sector. Accenture TechnologyLabs' Malek Ben Salem explains developments in redactable blockchain. AT&T CSO Bill O'Hernprovides his perspective on current and coming cyber security challenges.And an update on election...
Daily: Sources say FBI is confident foreign intelligence services penetrated former Secretary of State's private email server. WikiLeaks says it's not a Russian tool. Notes on industry; notes on cybercrime.
In today's podcast we hear about how fallout from the FBI investigation of former Congressman Wiener continues to drop onto the Clinton campaign. WikiLeaks' Assange says he'll continue to dox, but denies he's doing so with Russian help. Iot-driven DDoS fears continue. A new exploit kit is replacing earlier stars in the criminal firmament.Jonathan Katz from the University of Maryland describes an experiment Google ran, pitting several AIs against each other in an encryption challenge. Edward Fox from MetTelexplainsthe role telecommunications companies play in cyber security.NIST issues a cybersecurity workforce framework, NSA promotes its Day of Cyber, and the SINET...
Daily: To disclose or not to disclosein public. A look into the dark web. Chrome and Firefox disallow shaky certificates. Anonymous gets an incomplete. The Shadow Brokers are still after the Wealthy Elite.
In today's podcast, we hear about the Microsoft and Google disagreement over public vulnerability disclosure (with a side of Fancy Bear). We also get some industry reactions to the dispute. Terbium takes a good look at the dark web and finds it's not as uniformly sinister as many believe. Google and Mozilla move to reject dodgy certificates. NIST releases a job map. Anonymous gets a grade of incomplete in its trolling of ISIS. Identity Guard's Jerry Thompson describes new technology for protecting your identity online.Ran Yahalom from Ben-Gurion University explainshiding data in USB devices.And the Shadow Brokers' news seems a...
Daily: The Shadow Brokers say trick or treat to the Amerikanski. Are free elections like free beer? Google wants faster patching. The state of Mirai.
In today's podcast we hear that the Shadow Brokers are back, and again mangling English like a bad scriptwriter doing Ensign Chekhov fan-fiction. Russian leaders continue to scoff at American elections, and WikiLeaks continues to leak. Microsoft doesn't patch fast enough to suit Google. Researchers consider the scope, threat, and mitigation of the Mirai IoT botnet. We welcome Rick Howard from Palo Alto Networks to the show. Ferruh Matvituna explains how Content Security Policy can protect against cross site scripting.And Furby's back, but this time it's connected.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Halloween special: mummies, lycanthropes, vampires, villagers with pitchforks, and virtual stakes through virtual hearts.
In today's Halloween podcast, we consider post mortems on the October IoT distributed denial-of-service attacks, which suggest there are bigger problems than just factory settings. Recalls of potentially compromised devices continue, and some think about hacking back. (A hintthink twice.) HackForums pulls down its network stressor offerings. South Korea says the North is up to more cyber badness. US election hacking concerns continue. The FBI reopens its email inquiry. Level 3's Dale Drew discusses the growing scale of online attacks.And observers wonder, what do you have to do to lose a clearance?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Not all experts agree you should resign yourself to being hacked. The state of fraud, 2016. Ransomware and DDoS updates. The Kremlin gets doxed.
On today's podcast, we hear that ransomware is still with us. A new study of online fraud is out, and one lesson is, it's better to take some, any, precaution than to whistle and hope for the best. The Australian Red Cross suffers a data breach affecting more than a million blood donors' records. Windows seems to suffer from an exploitable vulnerabilityhow serious it may prove remains to be seen. Mirai botnets continue to sputter across the IoT. Signs point to a public-health approach to mitigating DDoS. Ben Yelin reports on a Maryland surveillance hearing. Duo Security's Dug Song thinks...
In this CyberWire Podcast Special Edition, we examine the current state of cyber security education, speak to experts in the field, and learn about what its going to take to prepare the next generation of cyber security professionals.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: DDoS concerns mountnot just Mirai botnets, but LDAP exploitation. Ukrainian hacktivists release emails they say belong to one of Putin's closest advisors. (Moscow says they're fake. Moscow's on its own.)
In today's podcast, we hear more about the IoT worries people are sharing about both industrial systems and consumer-grade products. Iot device recalls continue. Analysts expect there are more, and worse, DDoS attacks to come. Cyber espionage surfaces again in the Middle East. Yisroel Mirsky from Ben-Gurion University onmachine learning research.Thomas Pore from Plixer on the Mirai botnet source code.And what's sauce for the goose, is sauce for the gander. Or so we hear, at least with doxing.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Youth and cyber make a bad-news-good-news story (it's complicated). Mirai DDoS may be the work of skids. ISIS adjusts its messaging.
In today's podcast, we hear that Friday's Dyn DDoS may have been the work of skids and script kiddies, not high-end Russian spies. A recall of vulnerable IoT devices proceeds. Utilities see the DDoS attacks as a warning shotthey should maybe start by getting rid of all those pagers? ISIS tweaks its online messaging to point out that the Caliphate is enduring a divinely ordained period of trial. CloudFanta malware harvests credentials via a cloud storage app. Emily Wilson from Terbium Labs weighs in on credit card fraud in the dark web. Edward Hammersla from Forcepoint reviews their study of...
Daily: The Mirai botnet DDoS attack, its consequences and attribution, with commentary from various observers.
In today's podcast we hear about some who think that IoT botnets may be best considered an instance of a more general problem with poorly secured endpoints. Good digital hygiene can be good digital citizenship. IoT device recalls follow the DDoS against Dyn. Attribution of the attacks remains up in the airClapper looks at "multinational hackers, Jester looks at Russia (and Russia looks at Jester and sees Vice President Biden), and yes, John McAfee is looking at North Korea. Joe Carrigan from The Johns Hopkins University's Information Security Institute inventories IoT devices, and Malcolm Harkins from Cylance shares his thoughts...
Daily: Recovering from Friday's IoT-botnet driven Internet outages. Industry notes and news of cyber conflict in East Asia and the Middle East. And US-Russian tension in cyberspace remains high.
In today's podcast we hear about how, while the Internet has recovered from Friday's DDoS attacks on DNS provider Dyn, its users are suffering a significant hangover. No attribution, but the Jester thinks he's (she's? they're) on the case. Observers see significant potential for more damaging IoT-based attacks to come. Virginia Tech's Dr. Charles Clancy weighs in on quantum computers and encryption.And Hal Martin's lawyer adumbrates his client's defense in the case of the Top Secret Collector's Collection of Top Secret documents.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Bear again, and WikiLeaks (also again). Chinese hackers return, now after infrastructure companies. Debit card hacking epidemic in India.
In today's podcast we follow the developing story of intermittent DDoS attacks affecting Internet sites throughout the US East Coast. Hotspot vigilantes try to get Julian Assange reconnected inside Ecuador's London embassy. More election documents appear in WikiLeaks. Russia offers to monitor US elections. NSA's Director talks about labor force issues. The University of Maryland's Jonathan Katz explainsan update to a key encryption component of the internet. GuestKevin Green from DHS describes his work onsoftware assurance programs.And some advice from the Cyber Security Hall of Fame: You want security, convenience, and freedom? Pick two. Learn more about your ad choices....
Daily: CyberMaryland updates. Great power cyber conflict (and organized cyber crime on the side). Vote hacking, agents of influence, and information operations. IoT botnets continue to romp.
In today's podcast we hear about Czech authorities' arrest of a Russian man in connection with 2012's LinkedIn hack. US response to Russian election hacking is still under preparation. IoT botnets proliferate as Mirai source code spreads through the criminal underground. Some 200 strains of ransomware are reported in the wild. Financial regulators push greater security. Muddy Waters and St. Jude continue their dispute over medical device vulnerabilities. Ran Yahalom from Ben-Gurion University discusses a group of vulnerabilities known as Bad USB. Tom Sadowski from the University of Maryland system discusses CyberMaryland and the role of the University System. Learn...
Daily: Blockchains at a brewery. Ecuador says it cut Assange's Internet connection. US retaliation against Russian cyber ops may aim at embarrassment. Ransomware in London's City.
In today's podcast, we hear that Ecuador has told the world they cut Assange's Internet connection (but will continue his asylum), and that they did so on their own. Russia Today remains predictably unconvinced. WikiLeaks shows no signs of stopping election doxing. The US may be considering a campaign of counter-embarrassment as its response to Russian information operations. Fallout from the Yahoo! breach continues. London banks are hit with ransomware. More IoT botnets form from Mirai code. Terbium's Emily Wilson explains the weaponization of intel. Venafi's Kevin Bocekdescribes what their look at Yahoo!'s encryption revealed.And we take a quick look...
Daily: Assange still has asylum, but not so much connectivity. RT's banking woes. US-Russian cyber relations continue to worsen. General (ret.) Cartwright pleads guilty to lying about Stuxnet leaks. Email server controversy gutters on.
In today's podcast we hear the current skinny on hacking the US elections. WikiLeaks' Assange lives, but he seems to be offline, and RT gets dumped by its British bank. The US continues to make noises about retaliating against Russian hackers. Russia sheds crocodile tweets over American gasconade. A retired general pleads guilty to lying to the FBI. The Shadow Brokers say, really, they want someone to bid, or else. Markus Rauschecker from the University of MD Center for Health and Homeland Security explains a recent ruling involving kids' privacy online. Netskope's Ravi Balupari describes the latest behaviors of the...
Daily: Pakistan phishes Indian Army. US election hacks continue as the US investigates and mulls its response. New ransomware strains. More IoT botnet infestations. ISIS struggles to explain loss of Dabiq.
In today's podcast we hear about Pakistani phishing in the Indian Army's pond. ISIS loses prophetically important town of Dabiq, and must adjust its messaging accordingly. WikiLeaks continues to poke at the Clinton campaign. Fancy Bear is again in the spotlight as the US preps a response to Russian election hacking. IoT malwareMirai and LuaBotaffects networking gear. Dyre's masters are back and working on a new banking Trojan. Robert Lee from Dragos Security offers his opinion on recently nuclear power plant breach revelations. Malek Ben Salem from Accenture Technology Labs explains new research on semantic technology for security analytucs.And what,...
Daily & Week in Review: Political hacks: email, Twitter, and iCloud. Calls mount for tough US response to Russian cyber operations. Two Android vulnerabilities and one threat revealed. Verizon calls Yahoo! breach "material."
In today's podcast we follow the continuing story of election hacks, and the varying but convergent motives behind them. We get a side helping of good government advice from Mr. Putin. (Thanks, Vlad!) Al Qaeda tries to reach the Millennial jihadist market with ISIS-like information operations. The Internet-of-Things enhances its reputation as an Internet-of-Trouble. Cyber stocks see turbulence as downbeat guidance spooks speculators. Pork Explosion isn't a movie from the Seventiesit's an Android backdoor. The Johns Hopkins University's Joe Carrigan responds to a listener inquiry about Amazon's recent password resets. DDoS expert Dave Larson from CoreroNetwork Security shares his perspective...
Daily: Patriotic hacktivism in South Asia? US, Russia cyber stare-down continues. IoT devices exploited as proxies. Cyber sector sees market volatility. Cartels launder money through games.
In today's podcast, we hear about possible patriotic hacktivism in South Asia. IoT devices are being exploited as proxies, and exploit kits continue to serve up ransomware against poorly managed systems. Market volatility puts cyber stocks on a roller coaster. The US continues to work out its proportional response to Russian election hacking. Russia says it's willing to ride out all that domestic American messiness in the hope of better relations. We welcome our newest Academic and Research Partner,Ran Yahalom, Project Leader at the Malware Lab of the Cyber Security Research Center at Ben-Gurion University. LastPass' Amber Steel shares the...
Daily: Australia confirms foreign intelligence service hacked Bureau of Meteorology. TV5Monde and its false-flag hack. Trojan hitting SWIFT. Patch Tuesday notes. US-Russian cyber showdown.
In today's podcast we take a quick look back at Patch Tuesday. Amazon gets solid reviews for a password reset campaign. A new Trojan is caught manipulating SWIFT fund transfer logs. IoT botnets worry ecommerce sites, and the EU's proposed stickers seem unlikely to allay those concerns. Australia confirms a foreign intelligence service hacked its Bureau of Meteorology, but it won't say which foreign service that was. TV5Monde offers details on its experience with a false-flag hack. Jonathan Katz from the University of Maryland describes obfuscation techniques he saw at a recent crypto conference. Quortum's Joey Alonzo provides tips on...
Daily: US attributes DNC hacking to Russian government, promises to protect itself. Russia dismisses attribution as "rubbish." WikiLeaks posts Clinton campaign emails.
In today's podcast, we hear about Industrial control system worries in the electrical power sector. IoT botnets spook the EU, and research into Mirai reveals some interesting features of last month's DDoS attacks. The US Intelligence Community says officially that the Russians are trying to influence US elections. The Russians say it's rubbish, and the candidates swap accusations. WikiLeaks doxes the Clinton campaign. Level 3's Dale Drew discusses the security of election systems. Smrithi Konanur from HPE Data Security explains credit card security.The FBI wants another terrorist's iPhone unlocked. Verizon mulls the price at which it might now buy Yahoo!...
Daily & Week in Review: Skepticism concerning Guccifer 2.0's claimed hack of the Clinton Foundation. NSA contractor arrest. Mirai botnet exploits. Security fatigue.
In today's podcast we discuss the consensus that Guccifer 2.0 didn't actually hack the Clinton Foundation. We hear how information operations might work during an election. The arrested NSA contractor's alleged motives remain unclear. The Mirai botnet got its exploitable vulnerabilities by downstream propagation of default credentials. The US Surgeon General discloses a breach. Dr. Charles Clancy from Virginia Tech's Hume Center considers policy statements from US presidential candidates. Joyce Brocagliatells us about the Executive Women's Forum.And if you have a hard time listening to us, you may be suffering from "security fatigue." Don't believe ustake it from NIST. Learn...
Daily: NSA contract worker arrested with classified material. TalkTalk gets a record data breach fine. Yahoo! surveillance story's still murky. Thoughts from AUSA on cyber innovation and information warfare.
In today's podcast we learn about the FBIs' arrest of an NSA contract workerclassified material was found in his home and vehicle. TalkTalk gets a record fine400,000, which comes to a hundred thousand hackerweightfor its 2015 data breach. Yahoo! email surveillance allegations amount to a story that's still murky and anonymously sourced. The Johns Hopkins University's Joe Carrigan stops by to discuss local vs cloud storage. PederMuller from Novetta previews his upcoming presentation on Bitcoin and Blockchain.And the AUSA Meeting and Exposition closed yesterday with a look at 2030, warnings of Russian information operations, and considerations of how the US...
Daily: Guccifer 2.0 claims (to general skepticism) a Clinton Foundation hack. Information operations versus voting. Yahoo! and surveillance of customers. Insulin pump vulnerability reported.
In today's podcast, we learn that Guccifer 2.0 is back, but that few are buying what he, she, or they are selling. Experts continue to warn of Russian information operations directed against the perceived legitimacy of US elections. International norms of cyber conflict. IoT-based DDoS concerns rise with wide distribution of MIrai source code. Flashpoint finds Floki Bot for sale in the underground. Emily Wilson from Terbium Labs explains the difference between the deep and dark webs. Tallinn Manual coauthor Thomas Wingfield discusses developing norms in cyber conflict.More trouble for Yahoo!. M&A news. And a dating site is breached in...
Daily: AUSA update. Mirai botnet shows risks of default IoT passwords. US-Russian tensions rise over imposition of costs.
In today's podcast we hear about cyber conflict and its place in the international order, including especially its place in Russian-American relations. The implications of the Mirai botnet and the release of its source code. Kaspersky breaks the MarsJoke crypto ransomware. Russia indicates a crackdown on cybercrime (maybe). Ben Yelin from UMD CHHS explains changes the FBI wants to Rule 41. Igor Volovich from ROMAD Cyber Systems thinks is time to think beyond malware signature matching.Industry notes, and, from the black market, the Shadow Brokers still haven't found their ideal buyers.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Hackers said to "probe" US voting systems. IoT botnet source code released. "DressCode" malware afflicts Android devices. Industry notes. SEC urged to make an example of Yahoo!
In today's podcast, we hear about Homeland Security's warnings that state election systems are being probed by potential attackers. Newsweek speculates that a brief DDoS attack it sustained was election-related (they also suspect the Russiansno bear named yet). Mirai source code used in large KrebsOnSecurity DDoS published in a hacker forum. The University of Maryland's Jonathan Katz explains why asymmetric encryption is so attractiveforransomware.DressCode malware found in 3000 Trojanized apps. SEC may investigate Yahoo! breach.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Election hacking, journalist hacking, and the rise of TbpS DDoS. More reflections on the Yahoo! breach. Ransomware and other forms of extortion.
In today's podcast, we hear about how IoT botnets bring scunion across the Internet, and why security cameras are attractive to bot rustlers. InfoArmor's explanation of the Yahoo! breach gains traction among observers. Europol warns that ransomware is on the rise. Zerodium raises its iOS 10 remote jailbreak bounty to a cool million and a half. US states continue to grapple with election hacking. Markus Rauschecker outlines some new cyber regulations proposed in New York.Dr. Eli David from Deep Instinct explains deep learning.And the Tofsee botnet is chumming for the lonelyclick with caution. Learn more about your ad choices. Visit...
Daily: Yahoo! hackers seem to have been crooks (who sold to other crooks, and to government(s)). Toxic data and credential problems. Election hacking.
In today's podcast we hear predictions that terabit-per-second DDoS attacks may be on their way toward becoming the new normal. We consider the real threat that lies in the IoT. (A hint: security cameras are to the Internet what squirrels are to the power grid.) More concerns about election hacking surface in the US. Dr. Charles Clancy from Virgnia Tech's Hume Center explains software defined networking. Netsparker's Ferruh Mavitunashares advice on securing content delivery networks.InfoArmor looks into the Yahoo! breach and finds more crooks than spies. But the crooks may be fencing data to the spies. Learn more about your...
Daily: Alleged Russian hacking & info ops, under investigation by US. IoT botnets continue to exact a DDoS toll. Yahoo! security practices.
In today's podcast, we hear about alleged Russian hacking and information operations, and US investigations of the same. The Russian goal is thought to be the undermining of US elections' credibility. DDoS has come to the IoT. Yahoo! security receives some harsh scrutiny. TheDarkOverlord is back, and extorting investment bankers. Kathleen Smith from ClearedJobs.net returns for more conversation about retaining employees. Malek Ben Salem from Accenture Labs explains research in semantic technology for analytics.And how much does a bear weigh, anyway? (We're thinking it would be a European Brown Bear, right, Fancy?)
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Yahoo!'s Verizon deal still on. Mac trojan hits aerospace. Facebook poked by German privacy laws.
In today's podcast we follow developments in the Yahoo! breach. Fancy Bear is back, and distributing a Mac Trojan to aerospace companies. Investigation of the Shadow Brokers' leak suggests inadvertent exposure, not hackers or moles. A new variant of Virlock ransomware is out in the wild. The US Justice Department warns of IoT threats. A Hamburg magistrate finds Facebook in violation of German privacy law. And we hear from Johns Hopkins' Joe Carrigan on how to be your parents' CISO, and from ClearedJobs Kathleen Smith about the cyber labor market.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Yahoo! breach fallout, Krebs back online, election hack concerns.
In today's podcast, we follow the latest on the Yahoo! breach. British sources say GCHQ stopped a Russian attack on last year's UK general election. A White House staffer's email is hacked. KrebsOnSecurity is back, but many see a lesson in the dangers of IoT botnets and democratized censorship. Researchers describe iOS and Android vulnerabilities. The FBI releases more documents from its State Department email investigation. Yisroel Mirsky from Ben-Gurion Universitydiscussessecurity risks of Android touch loggers.Switzerland votes for more surveillance, and US states reassure voters that the election won't be hacked.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In today's podcast, Yahoo!'s really bad breach. We hear about Raum, a malicious tool the Black Team is offering in select criminal markets on a pay-per-install basis. In industry news, we learn that Vista Equity Partners is taking Infoblox private. Webroot is acquiring CyberFlow Analytics, Oracle has bought Palerra, and Elastic has acquired Prelert. White Ops closes a $20 million Series B round.Emily Wilson from Terbium Labs explains the importance of reputation on the Dark Web. RedOwl's Brian White outlines insider threats.A new third-party risk management coalition forms. NATO-themed phishbait hooked German politicians. Learn more about your ad choices. Visit...
Daily: Record breaking DDoS, record breaking account info theft.
In today's podcast, we hear more on the recent hacking of German political parties. Russia reorganizes its security servicesapparently the KGB is back in everything but name. KrebsOnSecurity sustains a record-breaking DDoS attack. Yahoo! discloses a record breaking data breach.Ben Yelin from the University of Maryland Center for Health and Homeland Security weighs in on a possible Snowden pardon. Steve Durbin tells us what organizations like theISF have to offer.Ransomware may be meeting data manipulation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Russian hackers hit German targets. New ransomware. DPRK domains revealed.
In today's podcast, we hear about Russian hackers turning their attention to German political targets as well as politicians in the US. The son-of-Shadow-Brokers vulnerability Cisco discovered is being exploited in the wild. New strains of ransomware are outMamba is as dangerous to networks as its namesake is to human tissue. The Air Force Association is taking up cyber in its annual meetings. The Internet-of-moving thingshandles disclosures. Matthew Green from Johns Hopkins University's Information Security Institute discuses the downsides of crypto backdoors. University of Maryland's Jonathan Katz talks about new security standards adopted by Google.And North Korea parts the curtain...
In today's podcast we hear about how the FBI is seeking to impose costs on Fancy Bear and Cozy Bear. Election hacking fears remain, despite DHS reassurances, and industry sources warn of privacy risks within campaign databases. Investigation continues into the ISIS-claimed weekend attacks. Cisco patches a firewall vulnerability related to a Shadow Brokers' exploit. Dr. Charles Clancy from Virginia Tech's Hume Center weighs in on the Muddy Waters Capital / St. Jude Medical legal battle. Casey Ellis from Bugcrowdexplains how they crowdsource application testing. M&A activity, and another warning to beware of chat bots. Learn more about your ad...
Daily: New York area bombings, ISIS defacements, Snowden pardon debate.
In today's podcast we offer updates on the weekend's attacks against US targets in Minnesota, New York, and New Jersey. So far the cyber dimension is limited to ISIS cheerleading and claiming credit online, but the investigations are still in their early stages. Fancy Bear doxes more athletes from the WADA networks. Fancy's also still interested in US elections, and experts point out that releasing genuine emails could be battlespace preparation for online disinformation operations. In industry news, Oracle buy Palerra, and major tech companies form a Vendor Security Alliance. Malek Ben Salem from Accenture Labs outlines some frameworks they've...
Daily & Week in Review: VIPs scrub email, cyber war vs cold war, industry news and more.
In today's podcast, we hear about VIPs everywhere rushing to delete their emails before Fancy Bear gets her paws into them. Opinion leaders rumble about the Cyber War having picked up where the Cold War left off. Election security concerns may prompt US Senate hearings. British companies take a look at operations in the Baltimore-Washington area. Other industry notes include VC rounds, M&A activity, a new automotive cyber security venture, and the announcement of 2016's SINET 16. Dale Drew from Level 3 Communications offers tips on protecting medical data. We speak withIBM's Shelley Westmanabout encouraging more women to join the...
Daily: Does Fancy Bear care if it's caught? Retaliation, vulnerabilities, litigation, and more.
In today's podcast we get an increasingly familiar update: Fancy Bear is dancing and prancing through poorly protected networks, and she doesn't seem to care who knows it. More politically motivated hacking out of Russia prompts US promises of investigation and costs to be imposed. Failures in digital hygiene continue to be exploited. SCADA hacks worry the electrical grid. Joe Carrigan from the Johns Hopkins University Information Security Institute offers tips for safe device sharing. SentinelOne'sTim Strazzeredescribes an Android vulnerability his research uncovered.And some good news: NIST has released a new cyber self-assessment tool, and they'd like you to give...
Daily: Pentesting meets the gig economy. Stingrays, machine learning, and more.
In today's podcast we discuss the posting of more documents swiped from the US Democratic Party, which most consider the work of Russia's Fancy Bear. US officials continue to worry about election hacking. "Periscope skimming" is a new ATM hack. The US government mulls the reorganization of its cyber agencies. Raj Gopalakrishna, Chief Software Architect at Acalvio, provides his insights on machine learning. Ben Yelin from UMD CHHS explains some newly released revelations about Stingray surveillance devices.The new Snowden biopic hits movie theaters.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Lessons from recent incidents. Russia says, it's not us, it's you, and more.
It's Patch Tuesday, and time to apply the latest fixes from Redmond. Symantec's August Security Report is out. Middlemen make it tough to track exploit sales. GovRAT continues to afflict networks in the wild. Lessons from private key exposure. Russia says the international order isn't the same thing as the American order. The US and the UK conclude a cyber cooperation agreement. More bogus apps for Pokemon-GO. We welcome Emily Wilson from Terbium Labs to the show, and Tony Dabhura from Johns Hopkins University's Information Security Institute tells about their upcoming conference for senior executives.And could people soon be asked...
Daily: Zero-days, industry notes, the Intelligence & National Security Summit, and more.
In today's podcast we wrap up our coverage of last week's Intelligence and National Security Summit, discussing some of the issues surrounding cyber conflict among nation-states and terrorist organizations. Unresolved issues of cyber deterrence and where it should fit into the spectrum of conflict. Goals of election hacking and other influence operations, from propaganda through lobbying through bribery. Ransomware trends and credential breaches. Yisroel Mirskyfrom Ben Gurion University discusses air gap security.And sometimes your enemies are an even better recommendation than your friends.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Malware mines Monero. That sad OPM breach, Crackas cracked, and more.
In today's podcast, we look at the ways in which election hacking have driven increased tension between Russia and the US. (And Wikileaks says it plans to release more election-related documents, before the US elections.) GovRAT 2.0 is out in the wild. Congress reports out its investigation of the OPM hack, and we get insider perspective from Cylance's Malcolm Harkins. Intel sells its security unit (which will go back to its old McAfee name). Markus Rauscheckerfrom UMD CHHS discusses a proposal to check social media accounts at the border.And the FBI arrests two it says are the Crackas-with-Attitude. Learn more...
Daily: US voting security, cyber M&A action, OPM breach post mortem, Pokmon, and more.
In today's podcast we explore ongoing concerns about Russian attempts to influence US elections. The US Congress has harsh words for OPM in their data breach report. Google has a plan for countering ISIS messaging online. Ransomware may prove self-limiting for criminals, and St. Jude Medical sues Muddy Waters Capital and MedSec. We hear about next-generation SOCs from Siemplify's Amos Stern, and University of Maryland's Jonathan Katz explains a vulnerability in homomorphic encryption.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Election hacking (again). Also key sharing risks, and more.
In today's podcast we hear about cyber risks and cyber talks at the G20 summit. China may be looking to the Russian model in the Near Abroad as it thinks about its next steps in the South China Sea. The current state of Russian-American relations in cyberspacethey're dominated by election hacking and information operations. The risks of shared cryptographic keys. An Android Trojan evolves. Industry notescontracts, patches, acquisitions, and lawsuits. John Leiseboer from Quintessence Labs outlines cryptographic and key management standards. Gabby Nizry from Ayehuexplainsthe benefits of automation.And EXTRABACON is still a problem. Learn more about your ad choices. Visit...
Daily: Slap leather, Vlad. If cyberspace is the "Wild West," here's the best showdown since Blazing Saddles, and more.
In today's podcast, we hear about some Pokmon-themed Linux rootkits. An evolved Linux Trojan is herding I0T botnets. Social media monitoring leads to convictions of jihadist plotters in Australia and the UK. Pegasus spyware and NSO Group's pricelist. Election hacking on four continents. Are the Shadow Brokers engaged in intelligence or influence operations? (In any case, no one's really bidding on the Equation Group code the Brokers say they're auctioning.) The FBI releases information on its investigation into former Secretary of State Clinton's email. Accenture Labs' Malek Ben Salem describes frameworks for Industrial IoT.And for a while it looked like...
Daily & Week in Review: Election hacking, OS X patched, cyber saber-rattling, finding security talent, and more.
In today's podcast, we discuss Apple's patches against the Trident zero-days, and review what the press is saying about the cyber arms market. Policy wonks and politicians speak in favor of cyber offense, and militaries speak up for nuance. Election hacks continue, this time in Hong Kong. How companies and governments adjust to a difficult cyber labor market, with insights from Level 3's Dale Drew. Gene Stevens from ProtectWiseexplains the contribution of interface design to security. Responsible disclosure, stock shorting, and the importance of cooperation between vendors and researchers. A quick look at the week in the security industry. More...
Daily: Russia's cyber long game, SWIFT fraud, hack physics (not metaphors), and more.
In today's podcast we hear about a successful business email compromise caper, and some more SWIFT fraud. Vanya the RIPPER is on the lam from Thai police. iMessaging issues surface. Cerber ransomware is being spread by Word documents. Adobe's hot fix swats a Cold Fusion bug. Rowhammer attacks are shown to be a real possibility. Election hacking and influence operations. Centrify'sCorey Williams weighs in on the Sage Software data breach, and Jonathan Katz from the University of Maryland explains an iMessage vulnerability.And a tip: if you look good for your mugshot, you won't be tempted to Facebook a more flattering...
Daily: The compleat hacker: wading pool, laptop, MiG 21; no hoodie, no problem, and more.
In today's podcast we follow the story of alleged Russian hacking of US think tanks and election databases (allegations Russia dismisses as American provocation). US Federal and state officials think about securing November's vote. Mississippi organizes a new public-private cyber security coalition. SWIFT discloses new money transfer fraud attempts. New ransomware strains are out in the wild, and a Trojan is impersonating Google Chrome. Dr. Jim Kent from Nuix shares his thoughts on insider threats, and we welcomeYisroel Mirsky from Ben-Gurion University, our newest Academic and Research Partner.And, producers, rethink your B-roll: we take a look at the best stock...
Fundraising and Cyber Startups [Special Editions]
Whether your bootstrapping your business on your own, borrowing from friends and family or going for your Series A venture capital round, raising moneyis something most business owners have to deal with, sooner or later. We spoke with experienced business leaders in cyber security to find out what they did to fund their companies, lessons they learned, and what advice theyd give.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Bug hunters turn shorts. Cyber frame-ups, election fraud, spearphishing, whalephishing, and more.
In today's podcast we follow concerns about US election hacking brought on by an FBI warning that someone (the Russians, IC and industry sources say) has hacked into Illinois and Arizona voter databases. Lawful intercept vendors receive more scrutiny in the wake of the Trident iPhone zero-day revelations. Analysts raise concerns about data manipulation in both elections and criminal investigations. St. Jude Medical disputes allegations that its pacemakers are hackable, and the security sector does some ethical introspection about disclosure. The IoT is beginning to exploited in DDoS campaigns. Malicious EMV cards are implicated in Thailand's ATM skimming crime wave....
Daily: Bug bounty? Nah, just short the stock. Pegasus, cyber arms control, and more.
In today's podcast, we update the story on SCADA malware in IranIran now thinks it didn't cause petrochemical industry fires. France, India, and Australia investigate theft of submarine design data. Citizen Labs' investigation of iOS spyware renews debate over cyber arms control. The Shadow Brokers haven't yet got their half-billion dollars, but their leaks chill US-Russian relations and prompt both election fears and concerns over zero-day disclosure. The US prepares to revise its anti-ISIS social media operations. Security firm MedSec discloses alleged St. Jude medical device vulnerabilities to a hedge fund, seeking to profit from short-selling.Markus Rauschecker from the University...
Daily & Week in Review: Sorry, kids, it's back-to-school. What you should know, fellow youths, and more.
In today's podcast, we hear about a spyware case connected to Pegasus, a tool that can jailbreak an iPhone (they say) with a single click. Apple issues an out-of-band patch for the three iOS zero-days Pegasus exploits. Shadow Brokers leaks remain under investigation. Phishlabs and TrapX release anti-ransomware tools. Ramnit and Dreambot are after bank accounts (and Dreambot spreads over Tor). NIST has a de-identification standard out for comment. AT&T's Bindu Sundaresan looks at academic networks as students head back to school. Johns Hopkins'Joe Carrigandiscusses option for safely backing up your photos.Industry news includes some interesting short-selling. And Russia isn't...
Daily: Info ops drive hacks. Cryptowar resurgence in Europe, and more.
In today's podcast, we look at ways in which terrorist incidents have motivated France and Germany to seek ways of compelling encrypted messaging apps to open traffic to inspection. In the UK such incidents have also prompted a harsh Parliamentary report on social media companies' efforts to combat radicalization. Shadow Brokers leaked exploits continue to appear in the wild. Investigation continues, but observers begin to see the incident as part of a general attack on US official credibility. Assange promises more leaks of Clinton material. Ransomware appears in India and Vietnam. A new Android banking Trojan uses Twitter for command-and-control....
Daily: "It walks, it talks, it reports back to Moscow. (Other news, too, gamers.)
In today's podcast we hear about Russian hackers going after New York Times reporters (the FBI is investigating). Exploits in the Shadow Brokers' teaser are "test-driven" in the wild. Some of them may affect Huawei products. The Goznym banking Trojan moves from Poland to Germany. British universities are targeted by ransomware. Researchers give victims of Wildfire ransomware some relief in the form of a decryptor. Gaming sites come under attack. We've all heard of the cloud, but Accenture's Malek Ben Salem tells about the coming fog.There's a new push to restrict encryption in the EU. And a fourth-grade steely-eyed missileman...
Daily: Shadow Brokers: zero-day hoarding (or not) and firewall exploitation.
In today's podcast we discuss the Shadow Brokers' leaks, reviewing ongoing speculation and speaking with some experts who offer insight into the matter: Jason Healey,the principal investigator in Columbia University's study of NSA zero-day disclosure policy, and RedSeal's CEO and CTO discuss firewall security and vulnerability. Juniper joins Cisco and Fortinet in confirming that Shadow Brokers' zero-days affect its products. IoT encryption R&D updates. Security start-ups attract more investment. And some thoughts on what not to say to your VC.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Hacking and hybrid warfare. Industry notes (including Wassenaar's next round).
In today's podcast we continue to follow the Shadow Brokers, and we take a quick look into the shadowy world of hybrid warfare. No fresh leaks in this incident, but someone seems to be using seized Silk Road Bitcoin wallets to bid on leaked files. Election hacking worries persist, and concerns about secret ballots appear. Some users want a general strike against Tor. Point-of-sale malware and what to do about it. Industry notes. Anew Wassenaar round will revisit cyber arms control next month.John Leiseboer from QuintessenseLabs addresses dataredundancy and replication, and Michael Marriott from Digital Shadows tells us about the...
Daily & Week in Review: Hulk smash. Pokemon smish. And more on the Shadow Brokers.
In today's podcast, we hear about emails flooding dot gov in-boxes. A re-tooled version of Locky ransomware is out in the wild. As we look back at the week, the big news surrounds the Shadow Brokers' data dump and implausible auctionthey seem to have some genuine NSA goods. The brokers themselves are thought to be either Russian spies or rogue insiders, or some mix of both. Worries about US election hacking rise. More companies are concerned about insider threats. The University of Maryland's Jonathan Katz explains how to reverse engineer encryption, and Chris Fogle from Delta Risk tells us how...
Daily: Who is Boson Spider? Legit zero-days among Shadow Brokers' leaks.
In today's podcast we hear more about the Shadow Brokers, who are confirmed to have dropped some genuine zero-days. Most observers now think there was a compromise at NSA; some suspect Russian intelligence services. North Korea is again scrutinized for SWIFT fraud. Operation Ghoul targets industrial intellectual property in thirty countries. We see continued industry churn (including some layoffs as well as M&A rumors). CrowdStrike's Adam Meyers tells us about the Boson Spider gang, and Ben Yelinfrom the University of Maryland Center for Health and Homeland Security weighs in on the Shadow Brokers. Learn more about your ad choices. Visit...
Daily: Shadow Brokers warn 'Wealthy Elite'--new cyber cold war? And cybercrooks are still out there.
In today's podcast we follow the continuing story of the Shadow Brokers and their claims of having got their hands on Equation Group attack code (as bizarre as their story is, a lot of informed observers think the code they've posted is the real deal). Many see the Shadow Brokers incident as an escalation of a cyber cold war between Russia and the United States. More banking Trojan activity in South America. DNSSEC is exploited in DDoS attacks, and Cerber is still number one in the ransomware-as-a-service market (where Shark is a dodgy upstart). Kensington's Rob Humphrey shares the results...
Daily: All your attack code are belong us. Guccifer 2.0 suddenly more fluent.
In today's podcast we learn about claims made by hackers calling themselves "the Shadow Brokers." They say they've pwned the Equation Group, and obtained NSA attack code which they're now selling for one million Bitcoin. Guccifer 2.0 gets a lot more polished and even leakier. A bogus QuadRooter patch is serving malware in Google's Play Store. Fidelis tells us about Vawtrak's evolution. Someone's watching the Veracrypt audit. Iran looks into possible cyber causes of oil-and-gas facility fires. Fake Pokmon installers have trainers choosing ransomware. No more Pokstops allowed in Germany's Flughafen. Vikram Sharma from Quintessence Labs outlines the challenges and...
Daily: Cryptocoin for DDoS? ISIS info ops more murderous as territory shrinks.
In today's podcast we learn that Russian hackers went after Republicans as well as Democrats. An anti-doping whistleblower's account is illegally compromised. ISIS turns to online inspiration to recover jihadist mindshare. The MICROS point-of-sale system hack appears to underlie widespread credit card compromises. Secure Boot's "golden key" exposure is seen as a warning against backdoors. Security industry M &A and IPO notes. Level 3 Communications' Dale Drew tells us about machine-to-machine learning, and how it may improve security.And for some reason researchers develop a proof-of-concept for a DDoS-based cryptocurrency.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: FBI has "high confidence" Russians hacked DNC. Olympic hacks, cyber vigilantes, criminal markets.
In today's podcast we learn that the US Intelligence Community discovered the DNC hack sometime last yearmuch earlier than its public disclosure this Spring. We hear about threats to critical infrastructure, and we follow developments in the cyber criminal marketsransomware's getting mighty picky, if you ask us. We hear about ISIS's appeal to disaffected petty criminals. The Olympics see both cybercrime and patriotic hacktivism. Quintessence Labs' John Leiseboerdiscusses redundancy and replication of data, and we interview Robert M. Lee from DragosSecurity about ICS SCADA security, and preparing for cyber security jobs.And, of course, we hear more about how Pokmon-GO is...
Daily: Info ops as battlespace prep. It's hard to count Australians.
In today's podcast, we hear about cyber and information operations in Eastern Europe that look disturbingly like battlespace preparation. The FBI finds that the scope of the Democratic Party hacks is much greater than initially believed. The Bureau seems ready to ask for more authority to unlock devices, but opponents point to Microsoft's inadvertent leak of Secure Boot keys as an object lesson in why that's a bad idea. USENIX proofs-of-concept include Linux and car-hacking exploits. Samsung Pay is criticized as vulnerable to token skimming. Senior Law Analyst Ben Yelinoutlines the FBI's request to expand the reach of National Security...
Daily: Australia's census clogged. Iran ups its offense? Ransomware and file deletion.
In todays podcast we follow developments in nation-state hacking, from Hainan to Tehran. Australias online census is taken offlinethe Bureau of Statistics cries DDoS, but observers arent so sure. A new strain of ransomware under development in the underworld skips encryption and goes straight for deletion. Issues with Oracles MICROS point-of-sale systems may be the root cause of recent store and hotel breaches. Google says, thanks Check Point, we appreciate it, but most of QuadRooter has already been mitigated (theyre working on the rest of it). Joe Carrigan from Johns Hopkins University warns us about side-loadingAndroid apps, and Leemon Baird...
Daily: A look back at Vegas. Rio's rogue Wi-Fi. Cyberwar & actual war.
In todays podcast we look at an APT group thats been active since 2011. We hear about the Quadrooter Android vulnerability. We take a look back at Black Hat, and look for some sensible perspective on cyber risk. We also read some discussion of the differences between espionage, crime, and warfare. The US Marshalls will auction SilkRoads forfeited Bitcoin later this month. Dr. Charles Clancy from Virginia Tech's Hume Center tell us what to expect from 5G cellular technology.And yes, theres more Pokmon-themed malware in the Play Store.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Black Hat, Part 2 - Trends and Insights from Industry Leaders [Special Edition]
The 2016 Black Hat conference is in the books, and we wrap up our coverage with more insights from industry leaderson what trends theyre seeing, and where they think the industry is headed.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: DARPA CTF: Mayhem (win), Xandra (place), Mechphish (show). Blame it on Rio.
In todays podcast we hear about Bifinexs recovery from its recent heist and the possibly temporary haircut its depositors got. We also follow the related Ethereum hard fork. News on Olympic hacks and risks of hackingfrom Booz Allen Hamilton's Brad Medairy and Grey Burkhart.Trustwave reports home smart thermostat bugs. Checkpoint discloses Qualcomm Android Quadrooter firmware vulnerabilities. More signs that Fancy Bear was prancing through the DNC. A look back at Black Hat, and notes on DARPAs AI capture-the-flag challenge.Jonathan Katz explains the Etherium fork.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Election hacking, layoff rumors, the unbearable lightness of Pokemon.
In todays podcast we look at Black Hat and draw some consensus advice for start-ups. Cyber espionage rises around the South China Sea. Apparent Russian hacking continues to worry election officials and voters in the US. The HEIST exploit is demonstrated. ISIS jockeys with al Qaeda, Boko Haram factions for jihad leadership. Brazil works on cybercrime as the Olympics open tonight. Apple announces a bug bounty. Cyber companies are said to be preparing layoffs.Accenture Technology Labs' Malek Ben Salem explains software based networking. Galina Datskovsky from Vaporstreamoutlines the security concerns with voice activated devices.And companies work to keep Pokemon out...
Black Hat - Cyber Security Trends and Investment [Special Edition]
The 2016 Black Hat conference is underway in Las Vegas this week, and in this special report from the show floor well hear from industry leaders about industry trends, and from venture capital funders about what they need to see before saying yes, and why its harder to get startup funding than it used to be.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Black Hat, of course. US election concerns, and more jihadist info ops.
In todays podcast, we get some updates from Black Hat. DNC hacks raise questions about US voting security, and Democratic Senators call for hearings on Donald Trumps request that Russia find the 30,000 emails deleted from Hillary Clintons State-Department-era homebrew server. China seems to be probing Philippine networks in conjunction with the dispute over territorial waters in the South China SeaMore signs that Telegram is leaky. Updates on ISIS and its competitors information operations. The Gozi banking Trojan is headed for US targets. Bitfinex is looted of tens of millions in Bitcoin. The Real Deal criminal markets boss is missing.Vikram...
Daily: Black Hat USA, Android upgrades, and mind control (maybe).
In todays podcast we follow the latest fallout from the DNC hacks (Russias still the prime suspect). Fears of election hacking rise in the US. Government electronic surveillance rises worldwide, driven in part by increasing fear of jihadist terrorism. ISIS unit Emni is said to have broad responsibility for recruiting and organizing terror cells. Android security upgradesfrom Johns Hopkins University expert Joe Carrigan. TripWire's Dwayne Melanconexplains spearphishing.A quick look over at Black Hat USA. And some observers think Pokemon-GO is a mind control tool. (We dont, except insofar as any popular mania amounts to mind-control.) Learn more about your ad...
Daily: US, Russia trading hacks in cyberspace? Brazilian cybercrime ramps up.
In todays podcast we give a short update on Black Hat before turning to developments in Syria and Iran. Tension between the US and Russia mounts over alleged Russian hacks of US political campaign networks and more recently alleged US spyware operations in Russian enterprises. ISIS wishes to disrupt the Olympics, and cybercriminals are seeking to profit from the Rio Games. Adware uses steganography, and INTERPOL takes down a Nigerian online scam.Ben Yelin explains a recent court ruling in Microsoft's favor that deals with offshore data privacy, and Sameer Dixit from Spirent outlines emerging threats patterns. Learn more about your...
Daily: Election, infrastructure hacks in US, Russia. Advice on Black Hat.
In todays podcast we hear about Russian reports of an APT active against military, scientific, defense, and government networks. US investigations into the hacks of the DNC, DCCC, and Clinton campaign continue, with suspicion still directed at Russia. ISIS calls online for an extension of jihad to Russia. The SpyNote Android Trojan is out in the criminal underground. Researchers report vulnerabilities associated with WhatsApp and SwiftKey. And we share some security advice from Level 3's Dale Drewfor those attending Black Hat.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: US sifts ISIS recruiting files. Black market economics. Should leakers curate?
In todays podcast we hear some preliminary news about ISIS information operations as expressed in captured files. Hacktivists experience remorse and debate doxing ethics. We review the speculation about the DNC hack and note that another Democratic Party campaign organization may also have been compromised. State-sponsored hacking is driving enterprises to seek help from security companies. The University of Maryland's Jonathan Katz tells us about post-quantum encryption, and Daniel Ennis, former NTOC Director at NSA and currently Executive Director of the University of Maryland Global initiative on Cyber, shares his thoughts on his time with the agency, andtheneed for cooperation...
Daily: ISIS doubles down on info ops. Window shopping in crimeware souks.
In todays podcast we hear about how ISIS continues to pursue its strategy of using information operations to inspire lone wolves, and what investigators in France, Germany, and the United States are seeing as they look at jihadist social media. We learn about advances in facial recognition software. WikiLeaks releases audio files culled from DNC email hacks. More releases are expected, and evidence continues to point (circumstantially but substantially) toward Russian services as the hackers. Trump suggests Russian intelligence would do everyone a favor if it releases the 30,000 deleted Clinton emails many think the Russians have. Gigamon's Shezad Merchant...
Daily: DNC hacks, encryption, IoT hacks, and Pokmon.
In todays podcast we discuss ISIS terror and online inspiration. We learn that experts are reaching consensus that Russia hacked the US Democratic National Committee, and we hear some steps that might be taken to protect email. We speak with the company that provided cyber security for the Republican National Convention. New vulnerabilities are discovered in wireless keyboards and smart lightbulbs. Ransomware persists, and the numner of DDoS attacks seems to be spiking, recently. The White House issues PPD-41, Cyber Incident Coordination. Level 3's Dale Drew speaks to the uptick in DDoS attacks, and Vince Crisler from Dark Cubed shares...
Daily: Russians interested in US elections? Russia says nyet, but DNC says da.
In todays podcast we catch up on the big story in cyberspacethe expanding scope of the Democratic National Committee email hack. Most observers continue to see a Russian hand behind it, but some point out that the evidence remains circumstantial. Experts see the hack as a cautionary tale in the importance of authentication and encryption. Stu Sjouwerman is the founder and CEO of KnowBe4, and he provides his take on the possible Russian hack.ISIS continues its attempts online to inspire lone-wolf jihadists. A young cyber start-up emerges from stealth, and we get an update on cybersecurity in the automobile industryfrom...
In todays podcast we take a look at the doxing of the DNC, a story which will have, as they say, legs, if only because essentially everyone now sees Russian intelligence behind the hack. ISIS and al Qaeda continue their competition to inspire lone-wolf jihad. Turkeys crackdown on would-be putschists continues. Anonymous goes after targets in Turkey. Cyber M&A notes. Dr. Charles Clancy from the Hume Center at Virginia Tech tells us about the challenges and opportunities coming with Smart Cities.And a look back at Fridays inaugural Billington Global Automotive Cybersecurity Summit.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Hacktivists hit Library of Congress, Stingrays and Security Clearances
In today's podcast, Hacktivists return to DDoSthe Library of Congress is hit. AKP emails continue to receive scrutiny. A look at the jihadists' toolbox. Some quick takes on automotive cyber security, as the industry moves toward fully autonomous cars. Wassenaar and the DCMA still aren't getting much industry love. And we talk to attorney Tom Coale about security clearances and Ben Yelin on the constitutionality of Stingrays.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: DDoSing ISIS. Political hacks. Inspiration is an info op.
In todays podcast, we hear about patched vulnerabilities in widely used productsthe consensus among experts is that you should patch without delay. A new ransomware variantHolyCrypt-is discovered in development. OurMine hacks the Playstation bosss Twitter account. Hackers get ready to go after US Presidential campaigns (and some have already started). ISIS information ops continue to concentrate on recruiting and inspiration. Pokemon-GO is too Darwinian for some.The University of Maryland's Jonathan Katz describes a TOR alternative.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Brazilian, Chinese groups pledge allegiance to ISIS. Turkey's coup aftermath online.
In todays podcast we review some of the cyber implications and sequelae of the apparent failed coup dtat in Turkey. Signs in the Shumukh al Islam leaks suggest ISIS is making inroads among Chinas Uighur minority. A Brazilian jihadist group pledges allegiance to ISIS online, adding to Brazils cybersecurity (and more importantly, physical security) concerns for the Rio Olympics. enSilo reports widespread code-hooking issues in security software. A look at ransomware, and an actual sockpuppet surfaces in Canada.Morphisec's Ronen Yehoshua describes a technique they call moving target defense, and Markus Rausheckershares his take on the sentencing of a swatter who...
Daily: Influence online, from jihad to kawaii. Cybercrime. Industry updates.
In todays podcast we hear about the doxing of a major ISIS forum, and we take a look at the state of play with respect to online information operations in the war with ISIS. We ask whether jihad and kawaii offer contrasting case studies of inspiration. In Turkey, did coup plotters (who might have known better) overlook the Internet? DDoS campaigns rise against governments, companies, and games. A researcher shows how 2FA and account recovery capabilities can be subverted for fraud. Malicious Excel macros are out in the wild. So are the Cknife web shell, as described to us by...
Quantifying Cyber Risk [Special Editions]
Cyber security comes down to risk management, and its hard to manage what cant be measured. How can cyber risk be credibly quantified and communicated? Well talk to companies developing technology solutions aimed at quantifying cyber risk and hear from insurance experts and other industry stakeholders grappling with this important new challenge facing businesses today.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Dark web observations on coups and lists. Pokmon Go and the madness of crowds.
In todays podcast, we hear about social medias role in the suppression of the coup d tat in Turkey. The United Cyber Caliphate and the competing Peace Brigades release overlapping and competing target lists. Ukrainian nationalist hacktivists hit Polands Ministry of Defense. Delilah is a backdoor Trojan built for blackmail, and Wildfire is a new strain of ransomware. Some databases for sale on the Dark Web look like junk. Deloitte's Emily Mossberg shares insights fromtheir latest report, and John Leiseboerfrom Quintessence Labs explains the securitybenefits of interoperability.Pokmon Go looks like the biggest mania since the 17th Centurys tulip craze. Learn...
Daily & Week in Review: Pokmon Go's astonishing success. (And attack surface?) Crime, folly, the punishment thereof.
In todays podcast we hear about ISIS and its response to pressure from its enemiesthe news is decidedly mixed, especially given the tragedy in France. Familiar banking Trojans, exploit kits, and ransomware pick up some new functionality. Someones jackpotting ATMs in Taiwan.SAP and Cisco patch. US court rulings have privacy and liability implications. Venture capital investments and M&A news. Ben Yelin tells us about a 4thAmendment case involving privacy on your home computer, and Eli Sugarman from the Hewlett Foundation's Cyber Initiative shares their grant making story.And Pokemon-Go continues its irresistible risedont slip into any augmented reality pitfalls. Learn more...
Daily: Slinging cyber lingo. Bad robots. Pokmon Go's long march.
In today's podcast we hear about some expansive court decisions that may make you uneasy. Chinese spies get into the FDIC, and the victim may have covered it up. Start-ups attract fresh investment. New exploit kits jockey for position. Securing your Bitcoin wallet. What to make of Pokemon's security issues. Dale Drew from Level 3 Communications gives us the low-down on some cyber security lingo, and Darin Stanchfield from KeepKeyexplains options for securing your Bitcoin.And, in California, an alleged violation of Asimov's First Law of Robotics.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Patch Tuesday notes. Pokmon Go (of course), ICS security, energy recon, fansmitters.
In today's podcast we go over some of the highlights of this week's patches, including fixes from Microsoft, Abode, Drupal, and Niantic. We discuss the security of the industrial Internet-of-things and critical infrastructure, especially the power grid. We hear about the current state of ransomware play, and note the return of xDedic, the hacker server hawker, to the dark web souk. Industry news includes coming cyber upgrades to SWIFT, VC updates, and notes on the markets.The University of Maryland's Jonathan Katz tells us about "fansmitters", and Booz Allen's Scott Stables shares threat data from their latest ICS report. Learn more...
Daily: Medical device, record hacks. (Un)welcome new ransomware: Alfa, Ranscam. ISIS online decline?
In today's podcast we hear some reports that ISIS may be losing some social media ground. NATO agrees to increase cyber cooperation. A newly described malware dropper is apparently tailored to work against specific European energy companies. 600,000 patient records are breached in the US. There's a decryptor out for Jigsaw ransomware, but not for the newly introduced "Alfa" or "Ranscam" (and Ranscam doesn't even bother to decrypt in the first place). Markus Rauschecker highlights some of the challenges with information sharing.Google and Niantic deal with Pokmon Go security issues. And don't enter some strangers' home, even if you see...
Daily: Pokmon Go is out, with troubles in its popular trail. Cybercrime & hacktivist miscellany.
In today's podcast we hear about possible hacks of NATO websites during last week's Alliance meetings. South Asia's scissors-and-paste cyber espionage campaign is surprisingly effective. ISIS and al Qaeda vie for jihadist mindshare, and Anonymous hits government sites in Zimbabwe and South Africa. A hacker/hacktivist dumps what he claims to be Kindle credentials, but analysts are dubious about their provenance. Eleanor Mac malware targets webcams. State Department emails remain under investigation. Chris Gerritz from Infocytetells us about threat hunting, and Charles Clancy from the Hume Center at Virginia Tech shares concerns about data privacy. Plus, Pokmon Go seems to be...
Daily & Week in Review: Classified info--goose sauce, gander sauce. Security industry buoyed by Avast, AVG.
In todays podcast, we talk through the ramifications of Android encryption issues. Experts consider the implications of D-Link vulnerabilities for IoT security. The Wendys paycard breach has gotten much bigger. Familiar exploits circulate in the wild, and Mac backdoors make a comeback. CryptXXX is joined by a new ransomware variant, Cryptobit, and DedCryptor continues to play the Grinch. Avasts purchase of AVG encourages the markets. The EU adopts new data regulations aimed at improving resilience. The FBI explains what it found in its investigation of Hillary Clintons emails, and defense attorneys find new lines of defense.Accenture's Malek Ben Salem shares...
Daily: Blockchains and their uses. Pirrit adware attribution. Avast buys AVG for $1.3B.
In today's podcast we hear about Cymmetria's discovery of a major threat actor in South Asia, Patchwork, which assembles attack code by cutting and pasting from the Internet. HummingBad adware infests Android, and Pirrit (affecting Macs) is attributed to a marketer. D-Link routers may be vulnerable to remote-code execution. Google patches more than 100 Android issues. Symantec works on AV product problems. Avast buys AVG. Blockchain's potential. Cyber workforce development. FBI offers explanations to the House. Cyber crooks go after freelancers.Jonathan Katz explains the many uses for blockchaincrypto technology, and Chris Key from Verodin has some advice for those entering...
Daily: Cybercrime campaigns. States hope ISIS overplayed its violent hand. No indictment of Clinton over email.
In today's podcast we hear about Yingmob's HummingBad Android malware, what it's up to and where it might be headed. We also learn about Eleanor, a Mac OS-X backdoor masquerading as a document conversion app, and we hear about the shifting form of the pseudo-DarkLeech ransomware campaign. The ThinkPwn zero-day may have a wider scope than originally thought. Observers wonder whether ISIS may be overplaying its bloody hand, and, of course, we find out what the FBI concluded in its investigation of former Secretary of State Clinton's emails.Joe Carrigan, from the Johns Hopkins University Information Security Institute, reminds us to...
In today's podcast we look at ISIS's shifting tactics in cyberspace, and the civilized world's response to them. OurMine continues to market its "services" by compromising celebrity accounts through recycled credentials. Two new ransomware varieties--"Satana" and "Zepto"--make their appearance, and researchers track (without attribution) the spoor of MNKit and SBDH malware. A researcher releases, without prior disclosure, a ThinkPad zero-day. The FBI investigation into State Department email issues warms up.Ben Yelin from the University of Maryland Center for Health and Homeland Security tells us about a Florida man in trouble for hacking an election site, and Michael Jacobs brings us...
Daily & Week in Review: Conficker worms into medical IoT. Talking key management, DevOps. NERC standards take effect.
In today's podcast we discuss Internet-of-things threats, not only botnets assembled from compromised security cameras, but also medical device hacking (with Conficker) as a way of stealing patient information. More insurance sector breaches appear to be in progress, too. The Sprashivai social network is compromised. The Infy espionage infrastructure is taken down (but may returnthey often do). NERC standards for power grid cyber security take effect today.John Leisebeorfrom Quintessence Labs explains key management within a security framework, and we learn about DevOps from Cybric's Mike Kail and eGlobalTech's Branko Primetica.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Hacktivism or denial-&-deception? (Smart money's on D&D.) LizardStressor herds CCTV bots.
In today's podcast we hear about DarkOverlord and the data he's selling online. Guccifer 2.0 returns to blogging, and says he's not working for the Russians, but CrowdStrike, ThreatConnect, and SecureWorks present evidence to suggest otherwise. Thompson-Reuters says it's contained the World-Check database leak. Oculus' Twitter account is briefly hijacked (now restored to company control). Point-of-sale breach disclosures are confirmed. Why hackers hack when they do. Some governments' efforts to control information online seem to be having greater than expected success.Level 3's Dale Drew explains the season nature of cyber attacks, and Cytegic's Dan Pastor offers his view on the...
Daily: Istanbul bombings prompt global intel collection re-look. Cyber threats to transportation.
In today's podcast, we note that in the wake of the ISIS bombings in Istanbul, security services around the world are looking for online intelligence that might help prevent future terror attacks. Another wave of SWIFT fraud appears to have hit--this time the victims are banks in Ukraine and Russia. Ransomware updates (including the unwelcome return of Locky), notes on smishing, and a review of some questionable PlayStore apps. Apple's iPhone turns 9 and The University of Maryland's Jonathan Katz explainsthat company's move toward "differential privacy." Jon Allen from Booze Allen Hamilton talks about the Automotive ISAC and previews theupcoming...
Daily: Not interested in Fancy Bear? Fancy Bear's interested in you. No dark-grey hats, please.
In today's podcast we get an update on the Russian threat group that hit the DNC. A hacker claims to have nine million health insurance records for sale on the dark web. Too many medical devices are vulnerable to Windows 7 and XP exploits. What scared the Nuclear exploit kit's operators. The IRS takes down its e-filing PIN system, and OPM acknowledges its breach affected tens of millions more than just those seeking clearances. We hear some merger and acquisition news, catch up on some workforce training initiatives, and hear about some black hats who'd like their celebrity victims to...
In today's podcast we offer a quick survey of the vast and spreading Ransomware landscape. (And talk about some other bits of cybercrime as well, but if Willie Sutton were alive today, and had an Internet connection, he'd be into ransomware.) Brexit's implications remain under study and speculation, but many see a shift in the tech startup scene in the general direction of Berlin. Most observers have now concluded that the DNC hack was a Russian job (and not the work of a lone hacktivist).Joe Carrigan from the Johns Hopkins University Information Security Institute reminds us why we shouldn't reuse...
Daily & Week in Review: Brexit beats Bremain. Cyber combat support. The usual ransomware.
In today's podcast we discuss the implications of Brexit, and we talk with someone whose researchers predicted it from social media analytics. GhostSquad strikes, apparently, for ISIS, and LizardSquad DDoSes Overwatch for the lulz. Some old threats come back (some never really left). US Cyber Command is operational against ISIS. The importance of low-power WAN for the IoT. State Department email investigation continues.Malek Ben Salem from Accenture Technology Labs tells us about Software Defined Security. Daniel Mayer from Expert System explains how they predicted the UK vote, and Matthew Knight from Bastille Networks shares his research into low-power wide area...
Daily: Insecurity cascades from credential breaches, homebrew servers? Cyber casus belli. Waiting for Brexit (or not).
In today's podcast we hear that Brexit's trending in Twitter as British voters go to the pollsthe results will have interesting implications for security and the security industry. Tech support scammers put down their phones and pick-up their pop-ups. Some mixed news on ransomware. Markus Rauschecker from the Center for Health and Homeland Security mulls laws of war for cyberspace. ZScaler's Deepen Desai reports on new MS Office macro malware.US voter information leaks onto the Internet. More skepticism about Guccifer 2.0. And did we just hear a non-denial denial about the DNC hack? Learn more about your ad choices. Visit...
Daily: Android malware circulating in the wild. Did bears find Clinton Foundation servers just right? Help me, ObiWan.
In today's podcast we talk about Android malware loose in the wild, crimeware-as-a-service (both ransomware and banking Trojans). We hear about the growing consensus that Russian intelligence services were responsible for the DNC hack, and we note the latest report: those services also seem to have pwned the Clinton Foundation. Critical infrastructure jitters persist. Analysts look at cyber insurance markets, bellwether security stocks, and a new VC investment. Dr.Charles Clancy from the Hume Center at Virginia Tech discusses the cyber challenges faces the transportation industry, and Ayse Kaya Firat from Cloudlockshares key points from their recent report on the dangers...
Daily: DNC hack looks like Russia's work, but Guccifer 2.0 still says no. (Nyet?)
In today's podcast we hear about trends in cyber espionage and ransomware. We also learn more about the DNC hack, which looks more like a Russian operation (and Guccifer 2.0 goes a little bit public and looks a lot less plausible as a lone hacktivist). XDedic looks bigger (but may be out of its stolen server-time business).GSA has a new cyber SIN, and the US Secret Service wants cyber triage tools. Israel relaxes its cyber export controls, and Wassenaar reconvenes to rework its cyber arms export control regime.Fidelis Vice President of Cybersecurity Services Mike Buratowskishares their research into the DNC...
Daily: Assange to DNC: buckle up. False flags and acts of war. Blockchain notes.
In today's podcast we review the bidding over responsibility for the DNC hackmost observers still think signs point toward Moscow. Wikileaks promises more DNC documents to come. Suspicions revive that the Cyber Caliphate may be a false-flag operation and other notes on the difficulty of attribution. Dridex may be present in some SWIFT-related bank fraud. Angler seems gone for good (but replaced by other exploit kits). UK MPs suggest holding CEO's responsible for breaches by hitting their pay. Tanium and FireEye and their rejected suitors. DoJ responds to the Silk Road appeal.Jonathan Katz from the University of Maryland explains the...
Daily & Week in Review: Car hacking. Flash Player Patched. DNC hack updates, fighting terror in cyberspace.
In today's podcast we continue to follow the developing story of the Democratic National Committee hack (Russia denies responsibility, but CrowdStrike stands by its attribution). DNC chair Wasserman Schultz says no financial information was lost, and on cue Guccifer 2.0 produces some. The FBI continues its probe of possible ISIS connections to the Orlando killings. Researchers describe an approach to developing intelligence from social media. FireEye is said to be uninterested in being acquired. Tanium's not interested, either. Some serious bugs are addressed this week. Dale Drew from Level 3 compares honey pots to live data andCraig Smith from Open...
Daily: xDedic, Guccifer 2.0...but what really knocks us out is those cheap sunglasses.
In today's podcast we look at developments in the Panama Papers case. A "lone hacker" going by "Guccifer 2.0" claims the DNC hack, but CrowdStrike stands by its attribution to Russian intelligence. Investigators look at Orlando shooter Mateen's online history. Anonymous hits ISIS in cyberspace, and so does US JTF-Ares. xDedic is the latest black market: it deals in server access. Telegram denies being vulnerable. Admins complain about one of Microsoft's June patches. Quintessence Lab's Vikram Sharma tells us about quantum key encryption.And we hear from Wandera's Michael Covingtonabout the true cost of buying cheap sunglasses online. Learn more about...
Daily: Run DNC has legs. NFL players get social media savvy. Online jihad. More big breaches.
In today's podcast, we follow up on Russian intelligence services' hacks of the US Democratic National Committee, and their connection with other cyber espionage campaigns. We hear about more Chinese government industrial spying. ISIS claims to the Orlando shooter as one of its own as the civilized world continues to grope toward an understanding of ISIS information operations. More breaches add more credentials (and server access) to the black market. We take a quick look at Patch Tuesday.Charles Clancy from the Hume Center at Virginia Tech gives us a lesson in information sharing, and Vinny D'Agostino from K2 Intelligence shares...
Daily: Run DNC. Online inspiration and the limits of investigation. North Korean cyber ops.
In today's podcast, we talk about the breaking news concerning Russia's hack of the DNC, with insights fromSTEALTHbitsTechnologies' Adam Laub.We discuss the state of the investigation into what, if any, role online inspiration played in the Orlando gunman's massacre. North Korea appears to have engaged in a long-running campaign of cyber espionage against the South. The Molerats' failure to clear document information may have unmasked them. The Vawtrak banking Trojan gets more evasive. Shadow apps place enterprises at risk, and application collusion disturbs mobile users. The Angler exploit kit has practically vanished, replaced for the most part by Neutrino. Symantec's...
Daily: Jihadists continue online inspiration. India worries about China's cyber activity. Symantec buys Blue Coat, Microsoft LinkedIn.
In today's podcast we recap what's known publicly about ISIS inspiration of the apparent jihadist massacre at an Orlando gay club, and consider speculation about ISIS's and its rivals' information operations as ISIS loses territory on the ground. Social media security concerns persist, ransomware's criminal market sees some ups and downs, and we learn about encryption keys from Quintessence Labs. M&A activity sees Symantec buy Blue Coat, and Microsoft pick up LinkedIn. India worries about China's cyber activities.John Leiseboer from Quintessense Labs outlines the importance of key management in cryptography.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Breach reactions. Attention grid substations: squirrels, and snakes, and monkeys, oh my...
In today's podcast we hear from the experts on how old data breaches can cross-contaminate users' other accounts. Point-of-sale problems seem ready to grow in the recent Wendy's incident. Ransomware's shifting landscape sees Locky's distribution botnet vanish (for unclear reasons), Crysis replace TeslaCrypt, and CryptXXX jump exploit kits. Some startups get some nice VC rounds. We hear about the law surrounding mobile location data, and we're reminded of cyber-physical threats to security systems and critical infrastucture.Markus Rauschecker from the University of Maryland Center for Health and Homeland Security reviews an important circuit court privacy decision, and researcher WesleyWinebergwarns us about...
In today's podcast we follow the latest news and trends with respect to ransomware, now the hottest commodity on the black market, and still able to fetch between $15,000 and $20,000 an extortion. Twitter credentials join VK's in the criminal souk; both sets may have been harvested via earlier breaches in other social media sites. NATO looks into cyber collaboration, workforce development, innovation (Estonia hints low budgets can drive creativity), and the risk of strategic surprise in hybrid warfare. Cylance becomes the industry's latest unicorn with a big Series D funding round.The Johns Hopkins University's Joe Carriganhelp us plan our...
Daily: US banks warned to get their security act together. Security trends.
In today's podcast we hear about trends in phishing, ransomware, and distributed denial-of-serviceand none of those trends are particularly good. We hear why some ransomware may keep coming back after it's been removed. US bank regulators warn financial institutions to mind their security manners in the wake of the SWIFT-related fraudulent transfers, and investigation into the Bangladesh Bank hack still point toward Pyongyang (with a slight nod in the direction of Shanghai. The FBI is actively stinging potential jihadists, and Singapore gets ready to wean its civil servants from the Internet at work.And we welcome our newest research partner, Dr....
Daily: Hybrid SUV proof-of-concept hack. Al Qaeda peeks over Twitter's parapet.
In today's podcast we discuss another in the long-running series of big social media breaches, this one in VK. Password re-users are advised to change not only their credentials, but their ways. Vulnerabilities are reported in Facebook features, and in Ubee VoIP routers.Dale Drew from Level 3 Communications explains that cyber attack traffic in Latin America is up. Raytheon's Dave Amslershares the findings of a new survey on how companies interact with MSSPs. Al Qaeda makes its way back to Twitter (from Syria). As the US seeks expanded warrantless electronic search authority in terrorism and espionage investigations, observers find themselves...
Daily: Sovereign mafia state? Spearphishing with Pay Commission bait. IoT risks.
In today's podcast we follow developments in the SWIFT-related Bangladesh Bank fraud casemore observers buy into the view that North Korea was involved. Many see anti-racketeering measures being adapted to cyberspace, with businesses improving their security by reducing their attackers' return-on-investment. Pakistani hackers spearphish Indian civil servants and install espionage backdoors. Anti-ISIS measures seem to have heightened ISIS's internal mistrust. Irongate and other IoT threats are discussed, as is a rise in hacker attention to Android. Malek Ben Salem speaks to the challenges of identity in the IoT. Zack Schuler from Ninjiomakes the case for entertaining training.And OurMine tweets dadada......
Daily & Week in Review: Money laundering, cyber fraud, lost laptops, & how cyber criminals get paid.
In today's podcast we review some notes on alleged North Korean involvement in fraudulent SWIFT transfers, and on new US sanctions. We take a look at various corners of the cyber criminal underground, including commodification of both malware and stolen data. Big claims for artificial intelligence are going to involve some big litigation, too. And we hear, again, about the vulnerability of data-at-rest and the importance of encrypting your devices.Ben Yelin from the University of Maryland Center for Health and Homeland security discusses the potential legal ramifications of a Facebook privacy suit, and Joseph Billingsley tells us about the Military...
Daily: A look at markets, legitimate and criminal. ICS proof-of-concept exploit.
In today's podcast we hear about online censorship in China, andan espionage campaign directed against Taiwan. RiskIQ finds that many large companies are riding for the same fall Mossac Fonseca took with the Panama Papers. We talk to Trustwave about that alleged Windows zero-day being sold by cyber criminals, and we hear about some smaller potatoes in the ransomware market. Industry news highlights US Federal contract wins and recent M&A activity.The University of Maryland's Jonathan Katz highlight some new research in random number generation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Stealth Falcon, OEM issues, black market trends.
In today's Podcast, we hear about Citizen Lab's discovery of an apparent cyber espionage campaign operating under journalistic cover (and targeting journalists). We discuss the state of the black market for both zero-days and stolen data, and get some recommendations for identity protection from the experts. Venafi talks about the implications of the coming SHA-1 expiration, Joe Carrigan fromJohns Hopkins tells us what's wrong with public photo-printing kiosks, and some University of Michigan researchers have a clever, insidious hardware backdoor proof-of-concept.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Social media breach woes, sector analysts & investor sentiment.
In today's podcast we hear about the ways in which some old breaches are resurfacing to trouble major social media platforms. Those old breaches are also looking far larger than initially suspected. We learn about "sandjacking" and "bug poaching" as new additions to the lexicon of cyber crime. Analysts continue to think threats will drive cyber industry growth, and venture capital interest seems high, but more selective. Dr.Vikram Sharma from Quintessence explains One Time Pads, and Threat Quotient's Ryan Trostshares the pros and cons of attribution.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Crypto wars update, story stocks, AI, encryption, and the usual crime.
In today's podcast, we discuss the SWIFT transfer issues now under investigation in a dozen more banks. SWIFT announces a five-point security strategy. Attacks on the private sector are seen as having national security implications. Other cyber threats to business--DDoS and ransomware--place availability of data and networks at risk. We take a look at investor interest in cyber stocks, and we talk with experts on artificial intelligence and encryption. And, as far as nation-state attacks are concerned, again, signs point to Pyongyang. (As they so often do.)Malek Ben Salem from Accenture Labs explains AI and Machine Learning, andBrent Waters, of...
Daily: Ransomware threats. Industry (mostly good) news. US State Department IG reports on email.
In today's podcast we hear about security in international banking, some developments in the world of malware, and how presidential impersonation and a big loss cost a CEO his job. Analysts like some of the bigger cyber players (and they're waiting for Palo Alto's results tonight). VCs back three security companies with new funding. The State Department IG's report on email retention and security is out. DARPA wants to secure legacy IT systems, and US SOCOM wants innovative cyber tools. Dale Drew from Level 3 Communications walks us through the negotiations of ransomware, and Danny Rogers from Terbium Labs explains...
In today's podcast, we hear about the current state of ransomware, why criminals like it, and what can be done about it. Keyloggers are being distributed by malicious USB charging devices. Blue Coat may be headed for an IPO. US cyber operations have been called "cyber bombs," but they may be a lot more like battlespace preparation (and so traditional EW and intelligence). Microsoft Azure Active Directory does something about bad passwords.And Markus Rauschecker from the University of Maryland Center for Health and Homeland Security explains why the FCC and FTC are holding back on IoT regulation. Learn more about...
Daily: Good guy update: SWIFT. Bad guy update: Turla, CryptXXX, DMA Locker, Flash 0-day... Bonus: Scunthorpe Problem.
In today's podcast, we hear about Turla's return, this time in an espionage campaign against Switzerland's RUAG. The Panama Papers and other hacks prompt reiteration of lots of good, if familiar advice, some of it directed at the US Congress and other small businesses. The TeslaCrypt proprietors seem less remorseful than resourceful, as they shift to CryptXXX. SWIFT plans to announce a security upgrade today. US Cyber Command announces the winners of its $460 million IDIQ. Guccifer prepares to cop a plea, and the Scunthorpe Problem surfaces in Oxfordshire. We also hear about cloud storage security from Quintessence Labs, and...
Daily: SWIFT seeks better security, what business wants from (US, UK) government, fast exploits.
In today's podcast, we hear about attempts by SWIFT to work toward upgraded security with clients. Japan sustains a coordinated looting of ATMs (to the tune of 1.44 billion). Operation Ke3chang returns to snoop on Indian diplomatic missions. ISIS returns to inspiration. Business gives advice to government in the UK and the US, and investors see recent cyber stock price corrections as, maybe, a buying opportunity.We learn about monitoring your wireless attack surface from Pwnie Express'Paul Paget. And Joe Carrigan from Johns Hopkins Information Security Institute shares how they keep Mom safe online, Baltimore style. Learn more about your ad...
Daily & Week in Review: TeslaCrypt says "sorry, here's the key." 50-cent-ers troll China.
In today's podcast, we follow moves to upgrade US Cyber Command to a Unified Combatant Command. We follow developments in Operation Groundbait, Phineas Phisher's latest, and the discovery of China's 50-cent-ers. Conficker is still out and active eight years after patching We take a look at industry news, and hear about how TeslaCrypt may be closing up shop. Our expert today is Accenture Labs' Malek Ben Salem who discusses semantic technology for cyber defense. We'll also hear from historian and author Abby Smith Rumsey who'll talk about her book, When We are No More: How Digital Memory Memory Will Shape...
Daily: Cyber-chumming the Donbas. Cisco surprises (in a good way).
In today's podcast, we learn that the LinkedIn breach is the same old one from 2012, only now two orders of magnitude larger than thought. ESET describes a cyber surveillance campaign, Operation Groundbait, in Ukraine's Donbas region. Phineas Phisher hacks on behalf of Kurdish anti-capitalists. The SEC warns of cyber risks to the financial sector. Cisco reports better than expected results (thanks in part to its security business).Ben Yelin from the University of Maryland Center for Health and Homeland Security wonders if a case involving locked hard drive may go to the Supreme Court. Learn more about your ad choices....
Daily: LinkedIn may have been breached. Malicious apps, a new Skimmer, and honor among thieves.
In today's podcast we discuss a breaking story about what's potentially a very large breach at LinkedIn. Banks' interactions with SWIFT (not SWIFT itself, necessarily) concern observers. Malware and scareware appear in the Play Store. China interrogates Apple, Cisco, and Microsoft about security. We hear about ways in which participants in black markets evolve to function more like legitimate enterprises. University of Maryland professor Jonathan Katz unlocks the secrets of cracking ransomware, and Zimperium's John Michelsensays it's time to be proactive with the defense of our mobile devices.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Current exploits and bugs, fraught China-US cyber relations, and industry notes.
Today we discuss some exploits running loose in the wild. GSA's 18F unit cleans up its Slack implementation and shares its lessons learned from a potential breach. Older Android devices are susceptible to an Accessibility exploit. A million-device clickfraud botnet drains advertising budgets. A new cyber espionage campaign prefers quality to quantity. SWIFT gets security advices. ISIS shifts recruiting focus to Central Asia. Cyber tensions rise between the US and China.Dale Drew from Level 3 shares the perspective of a backbone provider, andYong-Gon Chon wonder if company's don't overreact to breaches.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Social media collection suggests ISIS in trouble. Russian government cyber activities. US VA wants dark web help.
In today's podcast we discuss Germany's attribution of an ongoing cyber espionage campaign: it's Russia, says the BfV. Bank attacks continue, both related to, and unrelated to, the SWIFT funds transfer system (and some seem criminal, some hacktivist in motivation). Russia says it plans to close about 4000 sites for trafficking in extremist ideology and drugs. Markets look forward to the next cyber security bellwether stock to report.And John Leiseboer from Quintessence Labs explains random number generation.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Android issues, SWIFT hacks, the cyber security marketplace.
In today's podcast, we look back at the week just ending and see new attempts on banking systems. Some involve SWIFT; others involve Anonymous, and some have to do with the FDIC. And what about those fingerprints?Markus Rauscheckerfrom the Center for Health and Homeland Security examines the increased scrutiny the FTC and FCC are putting on mobile device providers. And we interview Dr. Emma Garrison-Alexander about her leadership positions with NSA, TSA and UMUC.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: US-CERT warns of SAP issues. Business disruption big criminal business. A talk with IBM about Watson.
In today's podcast we discuss a warning from US-CERT and Onapsis against some old but active SAP vulnerabilities. Pawn Storm is back, and active against German political targets. DDoS-for-hire is proving lucrative, as is ransomware. Joe Carrigan from Johns Hopkins University Information Security Institute explains what you should do when you get suspicious-looking email. IBM speaks with us about their cyber security plans for their Watson AI.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Reports of venture capital's death seem much exaggerated. Quantum technology, adapted to the meanest understanding.
We run through some of the high points of May's Patch Tuesday. We get updates on Viking Horde Android malware and Bucbi ransomware. Venture capital seeks out IoT security investments as Pwnie Express and Bayshore Networks attract funding. Quintessence Labs' Dr. Vikram Sharma explains emerging quantum technologies. And IBM will train Watson to deal with cyber security issues.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In today's podcast we hear about the Panama Papers database. We also discuss updates concerning the Bangladesh Bank heist investigation. New ad-fraud malware, Viking Horde, shows up in the Google Play Store. In ransomware news, CryptXXX is no longer so easily decrypted, Bucbi exploits RDP vulnerabilities, and Triumfant shares what they've learned about Locky. We also talk to Accenture's Malek Ben Salem about big data security frameworks.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Panama Papers updates, info ops, pro- & anti-ISIS, market jitters.
In today's podcast we follow the progress of anti-banking DDoS hacktivism Operation Icarus. The Panama Papers are released in the form of a searchable database. Some apparently big compromises look a bit recycled. Victims' willingness to pay keeps the ransomware black market primed. Investor disappointment depresses security company valuations. We talk with the University of Maryland's Ben Yelin about how law lags technological advance, and GCHQ says don't be too quick to change passwords.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Responsible disclosure & why the cool miscreants are on Twitter.
Today we hear about what's going on with proof-of-concept exploits. Ransomware continued its run this week, but DDoS shouldn't be forgotten, either--it's good for both business interruption and misdirection. Thoughts on those 270 million email credentials. A couple of big security companies post Q1 results, and Adrian Turner,CEO ofAustralia's Data 61, explains the future of that nation'sdomestic cyber sector. Dale Drew from Level 3 Communications shares the news of a new DDoS technique.The LAPD succeeds in cracking an iPhone 5s. And where in the world is Satoshi Nakamoto?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: World Password Day, OpIcarus
Today we consider various ways of hiding attack campaigns: noisily or quietly, what the approaches have in common is highly selective targeting. Anonymous proceeds with Operation Icarus (against "the global banking cartel"). We observe World Password Day with advice from AT&T's Johannes Jaskolski and Johns Hopkins' Joe Carrigan. Plus, we take a quick look at how one script kiddie values his stolen data.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In today's podcast we look at studies of how ISIS actually operates online. Apparently they do so much the way crooks doby abusing legitimate services. But when it comes to encryption, the jihadists seem to be rolling their own. Ransomware updates and warningsthe FBI reminds victims not to pay. The group that hit the Qatar National Bank may be preparing release of another bank's information. Infrastructure companies invest to shore up cyber defenses. We hear from the University of Maryland's Jonathan Katz on digital signatures, and we talk with the Denim Group's John Dickson about power grid security. Learn more...
Daily: Anonymous hits Bank of Greece. I am Satoshi!
In today's podcast
we look quickly at the current state of the cyber war between the
US and ISIS. Anonymous is out to punish banks with DDoS for "crimes
against humanity," and criminals continue to hone their ransomware
game. The US
security clearance system seems set to move toward FICO-like
scoring. Joe Carrigan from Johns Hopkins University explains why
medical records are so valuable on the cyber black market. Bob
Hansmann from Forcepoint returns for more findings from their 2016
threat report. And Satoshi Nakamoto seems as airborne as
ever.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: DPRK jamming prompts search for GPS alternative. Satoshi, is that you?
In today's podcastwe hear some encouraging examples of responsible disclosure.Ransomware is still out and about. IBM seems to see a futurein blockchain technology. Bob Hansmann from Forcepoint shares highlights from their threatreport. Ben Yelin tracks the Snowdenremedies.And CraigWright again claims he's Bitcoin'sSatoshi Nakamotothe BBC and the Economist seem readyto take him at his word.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Backdoors or legit apps? Serpents in walled gardens. Verizon's Data Breach Report.
Today we hear about potential
backdoors (or maybe PUPs). Cash-stealing malware reported in Google
Play. Third-party developers leave their credentials lying around
GitHub. Triumfant watches Locky morphfive times a day. Dale Drew
from Level 3 talks about point-of-sale risks. Verizon tells us all
about their Data Breach Report. The Panama Papers may soon be
released in full. Investors worry about the cyber sector, but some
see healthy adjustment. And US Cyber Command works to make the "L"
in ISIL stand for "loser."
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Malware found in nuclear plant. Threat actors tracked in Asia. And who's Aquaman?
In today's Podcast, we hear about ISIS attempts at inspiration
onlinetheir technical capabilities are low, but they continue to
hit information ops hard. A Bavarian nuclear plant finds a malware
infestationspooky, but apparently without effect. Observers expect
more hacks like the one on the Bangladesh Bank, and the Platinum
threat group looks state-sponsored. The security industry may be
showing signs of consolidation. . The University of Maryland's
Markus Rauschecker explains why law firms are attractive hacking
targets, and Todd O'Boyle from Percipient Networks urges us to
listen to our malware.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Paranoia -as-a-service? Cyber con jobs.
In today's Podcast, we hear reports of success in the cyber war against ISIS. Inquiry into the Bangladesh Bank hack continues; the threat actors behind it may have additional capers in the works. Android malware flourishes, and so does a vigorous underground extortion market. The FBI says it doesn't know what vulnerability was exploited to open the San Bernardino iPhone, and that it doesn't want a hacking arms race with criminals and terrorists. Ferruh Matvituna from Netsparker shares some wisdom on app security, and Jonathan Katz from the University of Maryland explains program obfuscation. Learn more about your ad choices....
Daily: Snowden advanced crypto by 7 years." Proofread your way to security.
In today's podcast we hear more about
possible other instances of fraudulent messaging in the
SWIFT financial transfer network. We
discuss an active Android ransomware campaign that appears to be
using old Hacking Team exploits. US DNI Clapper thinks the
acceleration of encryption, post-Snowden, really hasn't been a very
good thing, and calls for a balance between privacy and security.
The US continues to ramp up its cyber offensive against
ISIS.Joe Carrigan from the Johns Hopkins Information Security Institute
tells the tale of a scammer strung along.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: US cyberwar vs. ISIS. IPO fizzle? (Investors want profit.)
In today's Daily Podcast we discuss reports that the Bangladesh
Bank hackers succeeded in getting into, and manipulating, some
SWIFT client software. The outlines of the US cyber campaign
against ISIS grow clearer. Updates on how the US Department of
Justice is getting into iPhones. We take a look at the
disappointingto many analystsSecureWorks IPO and what it means
for VCs and cyber unicorns. Plus, CyberWire Editor John Petrik
reports on last week's SINET ITSEF conference.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Voter dbase compromises. How not to sell security.
In today's Daily Podcast we hear about Mexican and Philippine authorities investigations into voting database compromises. Ransomware continues to circulate, and we learn something about the increased sophistication of phishing. Point-of-sale crooks race against US EMV adoption. We take a look at the SecureWorks IPO and the long interest in some leading security stocks. Joseph Opacki from PhishLabs explains the growing sophistication of phishing schemes, and Benjamin Yelin from the University of Maryland Center for Health and Homeland Security tells us about mobile security and Stingrays.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Australia's new cyber strategy, Dorkbot's old; CryptXXX is new.
In today's Daily Podcast we hear about CryptXXXrecently discovered ransomwareand about old, familiar Dorkbot. The US Congress continues to mull legislation that would mandate decryption, and the banking and tech sectors dont care at all for what they see in those pending bills. Australia announces its cyber security strategy, and says that its national capabilities definitely include offensive ones. Jason Lewis from LookingGlass warns us about third party network access, and Dale Drew from Level 3 Communications emphasizes the importance of collaboration.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Industry news, and some plaintiffs may wish to reconsider.
In today's Daily Podcast we gain perspective on post-Brussels ISIS-inspired hacktivism. Developers should take care using Xcode command line development tools. The Thanatos Trojan is discovered in, and booted from, a hosting service. Analysts draws some familiar lessons from last years Hacking Team breach. And plaintiffs may think twice about suing Ashley Madison for alleged catphishes. Plus, Jonathan Katz from the Maryland Cybersecurity Center shares his team's research into searchable encryption.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: New ransomware, along with some golden oldies. Quantifying cyber risk.
In today's Daily Podcast we hear about the latest wave of ISIS-sympathizer cyber attackstheyre again low-level defacements of poorly defended targets. Chris Morgan from IKANOW provides tips on quantifying cyber risk. A new strain of ransomware is identified, but it seems connected to some long-familiar criminal actors. Microsoft and Apple both continue to resist US Government requests for data and assistance in criminal investigations. Markus Rauschecker reviews the Compliance with Court Orders Act of 2016.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In today's Daily Podcast we follow up with corrections to last weeks reports of Russian attacks on Swedens air traffic control system. The US and Russia hold talks on reducing tensions in cyberspace. The US cyber offensive against ISIS picks up its pace. Older JBoss servers are at risk of ransomware. Some M&A news in the cyber sector. And there are fresh accounts of how the Hacking Team was hacked last year. Plus, Joe Carrigan from the Johns Hopkins University Information Security Institute warns us not to trust that free airport WiFi.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Industry notes, including a look at labor markets. Cyber gangland and its neighborhoods.
In today's Daily Podcast we discuss the international response to ISIS, and the terror group's latest info ops. We cover the news from cyber gangland (and bid Paunch farewell as he enters a Russian prison) including malware developments and the latest criminal approaches to making their infrastructure resilient. We learn some things about competitions as a way of building the rising cyber labor force from Raytheon's Jack Harrington, and we hear about the challenges of cloud data security from University of Maryland's Jonathan Katz. It seems privacy is in tension not only with security, but with transparency as well. And...
Daily: Info ops for and against ISIS. Industry notes.
In today's Daily Podcast we discuss ISIS info ops and the cyber war the US is waging against the terrorist group. Ransomware phishing now show signs of knowing its targets' physical addresses. Patch Tuesday also saw updates from Cisco and Google. Cyber sector IPO rumors and declarations of intent. A Department of Justice lawyer, speaking for himself, thinks the debate over offshore accounts should inform thinking on the debate over privacy and security. Plus, Dale Drew from Level 3 Communications explains the importance of having a threat research lab.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Dogs still not barking in Panama. (But ransomware bites.)
In today's Daily Podcast we continue our follow-up on the Panama Papers' investigation. Ransomware, DDoS, and malvertising continue their win, place, and show finishes in the criminal sweeps. Patch Tuesday addresses Badlock and other vulnerabilities. Some M&A news in the cyber sector. And the FBI may not have used Cellebrite's services to unlock the San Bernardino jihadi's iPhone after all. Plus, Johns Hopkins' Information Security Institute's Joe Carrigan warns us about phony calls claiming to beMicrosoft tech support.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: State hacking, state messaging. Crimeware evolution.
In today's Daily Podcast we follow up on the Panama Papers' investigation, and, like everyone else, wait for the expected shoes to drop. BAE warns that Qbot has become more aware, more evasive, and harder to block. Cisco's Talos predicts the disturbing rise of "crytpoworms." The US Federal CIO warns of the risks inherent in legacy systems. Guy Guzner from FireGlass helps us sort out the Panama Papers speculation, and Markus Rauschecker wonders if the FBI will have better luck convincing Apple to unlock another iPhone. And we take a trip down memory lane with the unlamented legacy code represented...
Daily: Ukraine's PM resigns, in part over Panama Papers controversy. Patch news.
In today's Daily Podcast we follow up on the Panama Papers' fallout. Leaker "John Doe" remains unidentified, and the scandal is roiling politics in Ukraine. Some observers think the Russian Financial Monitoring Service is behind the leaks. Dridex evolves into new lines of cyber crime. Juniper patches a suspect random number generator. GCHQ is said to have helped publishers stop the new Harry Potter book from leaking. And CyberWire editor John Petrik reviews an interesting price list from Dell SecureWorks.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Anonymous vs. Israel. Panama Papers. The view from Japan.
In today's Daily Podcast we report on the results of yesterday's #OpIsraelbasically a fizzle, but a fizzle with the usual disturbing implications. Pirrit adware moves to OS X. Ransomware remains a low-risk, high-payoff cyber caper. We take a look at some industry news: good, bad, and middling. We talk to the University of Maryland's Jonathan Katz about fully homomorphic encryption, and we discuss Japan's cyber security landscape with William Saito, special advisor to the prime minister of Japan.
Learn more about your ad choices. Visit megaphone.fm/adchoices
In Their Own Words The 2016 Women in Cybersecurity Conference [Special Edition]
The people we spoke to at 2016's Women in Cybersecurity Conference had a remarkable diversity of career and academic backgrounds, as well as life experiences. Many themes emerged from our conversations, including the importance of mentorship, willingness to try new things and take risks, and the importance of flexibility and communications skills. They also dispelled some myths, including the notion that you need to have a technical background for a career in cyber security. We sat down with a range of women, from students to industry leaders, for candid conversations about their personal journeys, their experiences as women in a...
Daily: Panama Papers, privacy, & financial transparency. MedStar ransomware incident update. Current scams.
In today's Daily Podcast we catch up on the latest reports of the recent MedStar ransomware infestation. Mobile security company SkyCure share the results of their recent report on vulnerabilities in the medical field. DDoS also remains a problem. The FTC and IRS warn of socially engineered scams. The Panama Papers continue to name a lot of celebrities, but no new political leaders. Hacking Team loses its export license. We talk to the Johns Hopkins University's Joe Carrigan and get his expert reflections on last week's Women in CyberSecurity conference.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Panama Papers count coup. Trojanized Android apps found.
In today's Daily Podcast we find out more about how the Panama Papers leaked, and what their consequences are likely to be. A malicious SEO campaign hits vulnerable Joomla and WordPress installations. Ransomware gets personal. Dr. Web finds a Trojan in 104 Android apps. We discuss the Billington CyberSecurity International Summit. US policymakers mull the status of Cyber Command. We talk to the University of Maryland's Ben Yelin about ransomware and HIPPA.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Governments nervously investigate Panama Papers. Industry sees layoffs & an IPO.
In today's Daily Podcast we hear about the spreading Panama Papers tax evasion (or avoidance, or wealth hiding) scandal. US State Department databases may have unpatched vulnerabilities, and PII of Turkish citizens is posted online. We talk to SCADAFence about securing the manufacturing Internet-of-things, and Markus Rauschecker from the University of Maryland Center for Health and Homeland Security tells us about how legal standards are established in cases involving cyber security.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: MedStar recovers. More on ransomware, and one weird trick to hiding $2B.
In today's Daily Podcast we hear about MedStar's recovery from ransomware, and a joint US-Canadian warning about the general threat of ransomware. A new strain of ransomware offers victim-friendly QR codes for easy mobile payment of ransom. The "Panama Papers," leaked by a whistle-blower, seem to offer some pretty spectacular stories of international governmental corruption. We talk to Accenture's Malek Ben Salem about securing the Internet-of-things.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily & Week in Review: Ransomware, state actors, the current state of the crypto wars.
In this podcast, we look back at a week of ransomware. The FBI succeeds in unlocking the San Bernardino jihadist's iPhone without Apple's help (and Apple like the rest of us would like very much to know why). Policymakers consider their alternatives in cyber conflict, and they run from lawfare to warfare. Tay's briefly let out of her room, but quickly sent back (and that's no April Fooling).
Plus Backchannel's Steven Levy on repeating the cryptowars, and Ben Yelin on the challenges of establishing legal standing against the NSA.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: DDoS, business email threats remain. How to set up your new machine.
In today's Daily Podcast we hear about some of the other current threatswhile ransomware is very much in the news, we'd do well to remember the problems of denial-of-service and business email compromise. The US continues to work toward "operationalizing" deterrence in the cyber domain. We talk to the Johns Hopkins University's Joe Carrigan about how you can secure your new computer. And CNBC appears to have been too participatory in a story about password hacking.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Hospital hack, ransomware evolution, the FBI, and Scotland Yard.
In today's Daily Podcast we hear about the ongoing story of the MedStar Health hack, which anonymous sources say was ransomware. The incident remains under investigation. We hear about ransomware's evolution. Big Law finds itself in the crosshairs of a Russian (or Ukrainian?) cyber gang. The Justice Department hints at more litigation over decryption. We talk to the University of Maryland's Markus Rauschecker about the NIST Framework, and we finish our conversation with Zimperium about their successful experience integrating their mobile security solution with a big telecom's services.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Healthcare cyber risks. Jihadi's iPhone accessed. Working with MSSPs.
In today's Daily Podcast we hear about yesterday's apparent hack of MedStar Healthpossibly ransomware, but that's still unconfirmed. FireEye warns that legacy point-of-sale systems are under increasing attack. Kaspersky says Turla spyware is using satellite connections to work around C2 server takedowns. The FBI says its succeeded in cracking that jihadi's iPhone. We talk to Accenture's Malek Ben Salem on healthcare cyber security, and we hear from Zimperium about their successful experience integrating their mobile security solution with a big telecom's services.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Ransomware and hospitals. Why random numbers matter. Stolen certificates.
In today's Daily Podcast we talk about how "Google-dorking" may have helped the Rye dam hackers find a vulnerable system. If you're pushing propaganda, why the Dark Web probably isn't for you. Symantec finds stolen SHA-2 certs in malware. Trustwave finds XSS flaw; Zen Cart patches same. Carbon Black identifies PowerWare, a new ransomware variant. We talk to Bufferzone about hospitals and ransomware, and the University of Maryland's Jonathan Katz explains why random numbers matter.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: ISIS info ops target gangsta demo. Snakes in walled gardens. US indicts Iranians.
In today's Daily Podcast we talk about ISIS info operations and the difficulties of developing actionable intelligence about the group's cells. The US indicts seven Iranians for the Rye dam hack and DDoS against financial institutions. Walled garden app stores still have security issues. Verizon Enterprise Solutions and the E-Council suffer security issues, respectively a data breach and Angler redirection. More ransomware news, and developments in the Apple-FBI standoff. We talk with MorphoTrust about security in filing state tax returns.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Collection outstrips analysis & dissemination. When an air-gap...isn't.
In today's Daily Podcast we discuss why ISIS inspiration seems to obviate the need for command-and-control. The US indicts seven Iranians for the Rye dam hack and DDoS against financial institutions. Concerns about the security of water utilities grow. ESET finds some new malware delivered by USB drive. We talk with the University of Maryland's Ben Yelin about rights to privacy in cyberspace.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Inspiration in info ops. Processing unstructured data. Ethics & standards of care.
In today's Daily Podcast we discuss the developing investigation into ISIS inspiration and control of the Brussels attacks, and what's now know about November's Paris shootings. Ransomware may be developing the ability to spread through networks. The insurance and cyber security sectors are working toward a common understanding of risk, and we talk with Accenture's Malek Ben Salem about processing and protecting unstructured data.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: ISIS inspiration, radicalization. FBI says no help needed to crack iPhone.
In today's Daily Podcast we discuss what's known so far about ISIS inspiration or control of the Brussels attacks. Some precautions users can take against ransomware are recommended. The US Department of Justice has told the presiding Magistrate the FBI no longer needs Apple's help to open the San Bernardino iPhone, and we talk with the Johns Hopkins University's Joe Carrigan about the technical pros and cons of each side's case. Finally, we say farewell to Andy Grove, long of Intel, who died yesterday at the age of 79.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Elves vs. trolls in the Baltic. Updates on Bangladesh bank heist, DoJ vs. Apple.
Baltic elves versus Russian trolls. Pakistan considers its cyber strategy. Investigation continues into the Bangladesh Bank hack. More hackers are interested in going after OS kernels. Apple and the Department of Justice are poised for this week's hearings. And the University of Maryland's Markus Rauschecker tells us what it means to "hack the Pentagon."
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Buhtrap raked in the rubles. Dridex is back. So are Stagefright and Rowhammer.
More on Buhtrap and its sophisticated spearphishing of Russian banks. There are more reasons (as if they were needed) not to jailbreak your iPhones and iPads. Also, stay away from "adult" apps on your Android. And we hear from the University of Maryland's Ben Yelin, who brings us up to date on the lingering fallout of the Snowden leaks.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Spies & crooks, together again. Artful spearphishers will eventually learn to proofread.
Daily: Spies & crooks, together again. Artful spearphishers will eventually learn to proofread. Malek Ben Salem from Accenture Labs explains how decoy apps are helping secure mobile devices.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Crypto wars updates. Iran vs. US in cyberspace. Big Angler malvertising campaign.
Crypto wars updates. Iran vs. US in cyberspace. Big Angler malvertising campaign. CyberWire editor John Petrik joins us to discuss the expected indictment of Iranian hackers by the US government. Chris Webber from Centrify shares tips for multi-factor authentication.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Naming & shaming Iran's hackers? Palo Alto spots "Digital Quartermaster." Team Apple bigger than Team DoJ.
Daily: Naming & shaming Iran's hackers? Palo Alto spots "Digital Quartermaster." Team Apple bigger than Team DoJ. Plus, Jonathan Katz from the Maryland Cyber Security Center responds to Richard Clarke's NPR interview. Are claims of NSA's capabilities grounded in reality?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: ISIS security breaches threaten narrative. Cyber industry issues. Updates on the crypto wars.
Daily: ISIS security breaches threaten narrative. Cyber industry issues. Updates on the crypto wars. Plus, Joe Carrigan from Johns Hopkins University's Information Security Institute shares an overview of Phishing scams.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: US to indict Iranians for Rye hack? ISIS loses HR records. Apple vs. FBI gets nastier.
The US is said ready to indict Iranian operators for 2013's hack a Rye, NY dam. ISIS has an insider threat problemdisgruntled employees. Adobe and Oracle patch Flash and Java. The FCC and FTC stay busy with cyber regulation. The court fight between Apple and the US Department of Justice gets uglier. Markus Rauschecker from the University of Maryland Center for Health and Homeland Security shares his views on the role of the FTC in cyber enforcement, and Tim Matthews from Imperva gives us some warning about the IoT.
Learn more about your ad choices. Visit megaphone.fm/adchoices
RSA Special: Trade and Investment [Special Editions]
RSA in an international conference, with attendees and exhibitors from around the world. Andy Williams is the UK Cyber Envoy. His mission at RSA was to spread the word about his nations significant cyber capabilities, to help facilitate business relationships with companies in the US, and to promote the technologies that UK companies were showing at the conference. Telesoft Technologies is one of those companies, and Matthew George is their CTO. Hell tell us about their effort to bring the speed of FPGAs to the market. And finally, well hear from Ezequiel Gutesman, Director of Research at Onapsis Research Labs....
Daily: ISIS rival in Syria. OnionDog hits Korea. Ransomware and DDoS. Remorse in Manitoba.
Daily: ISIS rival in Syria. OnionDog hits Korea. Ransomeware and DDoS. Remorse in Manitoba.Dave Larson, COO at Corero, shares his thoughts on DDoS attacks, and Jonathan Katz from the University of Maryland addresses recent healthcare ransomware attacks.
Learn more about your ad choices. Visit megaphone.fm/adchoices
There was no shortage of new and innovative technology on display at the RSA conference. We sat down with industry innovators to get their perspectives. In this RSA special edition, well hear from Lance Cotrell, Chief Scientist at Ntrepid about their secure browser technology. Emily Mossberg is from Deloitte Advisory Cyber Risk Services, and shell give us her perspective on emerging trends in cyber risk management. Oliver Friedrichs is the CEO of Phantom, who were the winners of this years RSA Sandbox competition. He stresses the importance of automation. Richard Moulds from Whitewood Encryption Systems tells us about their true...
Daily: DPRK attempt on RoK rail ICS? Ransomware updates. US tax season cyber issues.
Daily: DPRK attempt on RoK rail ICS? Ransomware updates. US tax season cyber issues. Plus, Accenture's Malek Ben Salem on embedded device security.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Threat intelligence - it's more than just attribution. In fact, unless you carry a gunand wear a badge, it's probably not much about attribution at all. Instead, it's about reducing risk.
Special thanks to our guests who sat down for interviews at RSA:
Ryan Trost, Cofounder and CTO at ThreatQuotient
Eric Olson, VP of Intelligence Operations at LookingGlass
Rick Howard, Chief Security Officer at Palo Alto Networks
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: RSA retrospective. RoK accuses DPRK of hacking. KeRanger updates. Cyberwar investments.
Daily: RSA retrospective. RoK accuses DPRK of hacking. KeRanger updates. Cyberwar investments. Plus the University of Maryland's Center for Health and Homeland Security's Markus Rauschecker discusses how social media companies are joining the fight against ISIS.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Looking back at RSA. "Transparent Tribe" and "Pawn Storm" expand target sets. Mac ransomware found, blocked. Apple's amici.
Daily: Looking back at RSA. "Transparent Tribe" and "Pawn Storm" expand target sets. Mac ransomware found, blocked. Apple's amici. Plus, Jonathan Katz from the University of Maryland on SSL browser security and Jay Botelho from Savvius on their Vigil 2.0 packet capture tool.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: RSA wraps up. Naikon disappears, BlackEnergy is scrutinized, and mobile threats get sophisticated.
Daily: RSA wraps up. Naikon disappears, BlackEnergy is scrutinized, and mobile threats get sophisticated.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: RSA update - SecDef sounds libertarian? Ashley Madison extortion. DROWN update. More on Ukraine grid hack.
Daily: RSA update - SecDef sounds libertarian? Ashley Madison extortion. DROWN update. More on Ukraine grid hack.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: RSA updates. DROWN SSL vulnerability. Apple vs. DoJ.
Daily: RSA updates. DROWN SSL vulnerability. Apple vs. DoJ.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: RSA updates. US opens anti-ISIS cyber offensive. Industry consolidation?
Daily: RSA updates. US opens anti-ISIS cyber offensive. Industry consolidation?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Norway reports Chinese cyber espionage. Hospital ransomware. Carding black market. RSA update.
Daily: Norway reports Chinese cyber espionage. Hospital ransomware. Carding black market. RSA update.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: US Govt on Ukraine grid hack. ISIS threatens social media hacks. Ransomware rising. "Government OS."
Daily: US Govt on Ukraine grid hack. ISIS threatens social media hacks. Ransomware rising. "Government OS."
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Hacktivism vs. Italy & the UN. Ransomware update. Report on healthcare's cyber threat model. Apple takes the 5th?
Daily: Hacktivism vs. Italy & the UN. Ransomware update. Report on healthcare's cyber threat model. Apple takes the 5th?
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Operation Dust Storm vs Japan. Operation Blockbuster vs. The Lazarus Group. Venture capital gets tight.
Daily: Operation Dust Storm vs Japan. Operation Blockbuster vs. The Lazarus Group. Apple vs the FBI. Venture capital gets tight. Parents may want to monitor kids' smartphones.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Anonymous hits Belgium & Cincinnati. Twitter vs. jihad? MouseJack. Apple, FBI dispute updates.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: Russian cyber ops in Syria. Ransomware evolutions. Apple vs. the US Justice Department.
Russian cyber ops in Syria. Ransomware evolutions. Apple vs. the US Justice Department. Johns Hopkins' Joe Carrigan talks about SCADA security, Shodan and the Internet-of-things.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Daily: DDoS by pingback. Twitter flaw patched. Security system flaws. Apple vs. FBI, continued.
Daily: DDoS by pingback. Twitter flaw patched. Security system flaws. Apple vs. FBI, continued.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Dridex, Locky, PadCrypt, and extortion. Hollywood vs. ISIS? ISIS vs. ISIS? Apple vs. FBI.
Dridex, Locky, PadCrypt, and extortion. Hollywood vs. ISIS? ISIS vs. ISIS? Apple vs. FBI.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Dridex & Locky, macro-spread malware. Apple, FBI, spar in & out of court. Dark Reading watches 20 startups.
Dridex & Locky, macro-spread malware. Apple, FBI, spar in & out of court. Dark Reading watches 20 startups.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire - 2.16.2016 - Daily cyber security news brief.
Ukraine grid hack investigation. Malware descriptions: Fysbis, Corkow. Ransomware news. UK police vs. Crackas.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire Daily Podcast 2.12.16
In today's podcast, we hear about the possibility that Russian hackers prepared for attacks on Ukraine's power grid with earlier incursions into mining and railroad networks. We consider hacktivists' motives, and relay some news on the arrest of an alleged Cracka with Attitude. More countries look to develop an offensive cyber capability. And we hear from the University of Maryland's Jonathan Katz on provable security. http://thecyberwire.com
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire Daily Podcast 2.11.16
In today's podcast, we look at a variety of threats to taxpayers during the run-up to April 15. Ransomware continues its spread, now with UmbreCrypt, a CrypBoss variant. Cisco and SAP both issue significant patches. Anonymous refines its target list, and White Team vigilantes go after LizardSquad. VTech revises its terms and conditions (but this may not solve toy privacy issues). And we hear from the Johns Hopkins University's Joe Carrigan, who takes us through the privacy implications of some high-profile data breaches. http://thecyberwire.com
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire Daily Podcast 2.10.16
In today's podcast, we consider a possible shift in China's cyber espionage interests. Ransomware continues to spread indiscriminately. Analysts look at cyber company stock prices, and VCs continue to invest in the sector. The US President's budget is out, and analyzedthere's a lot of funding for cyber security. The White House issues a "National Cyber Security Action Plan." And we hear from the Johns Hopkins Universitys Joe Carrigan, who takes us through the privacy implications of some high-profile data breaches.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire Daily Podcast 2.9.16
In today's podcast, we continue to follow cyber crime's adoption of espionage tools. ISIS announces its priority targets. The UN and many member governments grapple with the challenge of developing counter-terror intelligence from online sources. Companies prepare for Privacy Shield. NSA supports undergraduate research at Marshall, East Tennessee State Universities. We also hear from the University of Maryland's Markus Rauschecker, who discusses the Department of Homeland Security's cyber mission. http://thecyberwire.com
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire Daily Podcast 2.8.16
In today's podcast, we discuss reports that hacktivists have released personal information gleaned from Justice Department and Department of Homeland Security databases. Anonymous engages a grab-bag of targets. Cyber stocks experience a sell-off.Governments continue their attempts to balance privacy and security. We also hear from the University of Maryland's Jonathan Katz, who explains key escrow. http://thecyberwire.com
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire Daily Podcast 2.5.16
In today's podcast, wehear some small signals that the ISIS narrative may be faltering. European governments struggle to accommodate privacy while addressing security. Malware gets more evasive, and ransomware retains its popularity among crooks. And finally, are some white hats approaching a line they shouldn't cross? We also hear from the University of Maryland's Markus Rauschecker, who discusses critical infrastructure's cyber risks and responses.http://thecyberwire.com
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire Daily Podcast 2.4.16
The Emissary Trojan evolves. An active campaign hits WordPress sites with the Nuclear exploit kit. A patch for Chromodo is coming. A former Norse insider disputes negative accounts of the company's business. Studies of trends in cyber conflict. Google moves against online radicalization. Card skimmers and malware-serving invoices.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 2.3.16
SCADA security developments. Security company's fixing product flaws. Retail breaches. Safe Harbor's now Privacy Shield.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 2.2.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 2.1.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.29.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.28.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.27.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.26.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.25.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.22.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.21.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.20.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.19.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.15.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.14.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.13.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.12.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.11.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.8.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.7.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.6.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.5.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 1.4.16
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 12.30.15
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 12.29.15
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 12.28.15
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 12.23.15
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 12.22.15
Learn more about your ad choices. Visit megaphone.fm/adchoices
The CyberWire 12.21.15
Learn more about your ad choices. Visit megaphone.fm/adchoices
Darknet Diaries
172: SuperBox
What if there was a device which gave you endless movies and TV shows without ads? Ok great sign me up! In this episode we interview D3ada55, who found such a device, but as she gazed into it, she discovered it gazing back at her.SponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust control at the kernel level that enables you to allow...
171: Melody Fraud
What if the music charts you see arent real? What if the numbers that define success can be manufactured? We talked to Andrew, a man who has spent his career on both sides of this battle. He once profited from the loopholes in streaming platforms, but now, his job is to close them. This episode will change the way you understand music streaming platforms from now on.SponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach...
170: Phrack
Phrack is legendary. It is the oldest, and arguably the most prestigious, underground hacking magazine in the world.It started in 1985 and is still running today. In this episode we interview the Phrack staff to hear some stories about what its like running a hacker magazine for 40 years.phrack.orgSponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust control at the kernel level that...
169: MoD
Legion of Doom, step aside. Theres a new elite hacker group in town, and theyre calling themselves Masters of Deception (MoD). With tactics that are grittier and more sophisticated than those of the LoD, MoD has targeted high-profile entities and left an indelible mark on the internet.This is part 2 of the LoD/MoD series. Part 1 is episode 168: LoD.SponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown...
168: LoD
The Legion of Doom (LoD) wasnt just a hacker group, it captured the essence of underground hacking in the 80s/90s. BBSes, phreaking, rival crews, and the crackdowns that changed everything. From those humble beginnings came a legacy that still echoes through modern security culture today.This is part 1 of the LoD/MoD saga. Part 2 is episode 169: MoD.SponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker...
167: Threatlocker
A manufacturer gets hit with ransomware. A hospital too. Learn how Threatlocker stops these types of attacks. This episode is brought to you by Threatlocker.SponsorsThis episode is sponsored by ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.
166: Maxie
Maxie Reynolds loves an adventure, especially the kind where shes breaking into buildings (legally). In this episode, she shares stories from her time as a professional penetration tester, including high-stakes physical intrusions, red team chaos, and the unique adrenaline of hacking the real world.Her book: The Art of Attack: Attacker Mindset for Security Professionals (https://amzn.to/4ojYSVZ)Her data center: www.subseacloud.com/
165: Tanya
Tanya Janca is a globally recognized AppSec (application security) expert and founder of We Hack Purple. In this episode, she shares wild stories from the front lines of cybersecurity. She shares stories of when she was a penetration tester to an incident responder.You can sign up for her newsletter at https://newsletter.shehackspurple.ca/SponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust control at the kernel...
164: Oak Cliff Swipers
He started small, swiping cards, buying gift cards, and cashing out. It spiraled into a fullblown criminal enterprise. Dozens of coconspirators, stacks of stolen plastic, and a lifestyle built on chaos.Meet Nathan Michael, leader of Oak Cliff Swipers.SponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else,...
163: Ola
In 2019, Ola Bini, a Swedish programmer and privacy advocate, was arrested in Ecuador for being a Russian hacker.Find Ola on X: https://x.com/olabini. Or visit his website https://olabini.se/blog/. Or check out his non-profit https://autonomia.digital/.SponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more...
162: Hieu
All Hieu Minh Ngo wanted was to make money online. But when he stumbled into the dark web, he found more than just opportunity, he found a global dark market. What started as a side hustle turned into an international crime spree.Find Hieu on X: https://x.com/HHieupc.SponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust control at the kernel level that enables you to...
161: mg
In this episode we talk with mg (https://x.com/MG), the brilliant (and notorious) hacker and hardware engineer behind the OMG Cable. A seemingly ordinary USB cable with extraordinary offensive capabilities.Learn more about mg at: o.mg.lolSponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more...
160: Greg
Greg Linares (AKA Laughing Mantis) joins us to tell us about how he became the youngest hacker to be arrested in Arizona.Follow Greg on Twitter: https://x.com/Laughing_Mantis.SponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This show is sponsored by Red Canary....
159: Vastaamo
Joe Tidy investigates what may be the cruelest and most disturbing cyber attack in history. A breach so invasive it blurred the line between digital crime and psychological torture. This story might make your skin crawl.Get more from Joe linktr.ee/joetidy.Get the book Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet (https://amzn.to/3He7GNs).SponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust control...
158: MalwareTech
MalwareTech was an anonymous security researcher, until he accidentally stopped WannaCry, one of the largest ransomware attacks in history. That single act of heroism shattered his anonymity and pulled him into a world he never expected.https://malwaretech.comSponsorsSupport for the show comes from Black Hills Information Security. Black Hills has a variety of penetration assessment and security auditing services they provide customers to help keep improve the security of a company. If you need a penetration test check out www.blackhillsinfosec.com/darknet.Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader in security operations solutions, delivering 24x7 monitoring, assessment, and...
157: Grifter
Grifter is a longtime hacker, DEF CON organizer, and respected voice in the infosec community. From his early days exploring networks to helping shape one of the largest hacker conferences in the world, Grifter has built a reputation for blending deep technical insight with a sharp sense of humor.Learn more about Grifter by visiting grifter.org.SponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust...
156: Kill List
The dark web is full of mystery. Some of its just made up though. Chris Monteiro wanted to see what was real and fake and discovered a hitman for hire site which took him on an unbelievable journey.Chris Monteiro Twitter: x.com/Deku_shrub, Website: https://pirate.london/Carl Miller Twitter: https://x.com/carljackmiller.Kill List podcast: https://wondery.com/shows/kill-list/SponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust control at the kernel level that...
155: Kingpin
In this episode, we delve into the multifaceted career of Joe Grand, also known as Kingpin. A renowned hardware hacker and computer engineer, Joe has been exploring and manipulating electronic systems since the 1980s. As a former member of the legendary hacker collective L0pht Heavy Industries, he has significantly contributed to the cybersecurity landscape. Joe is also the proprietor of Grand Idea Studio, a research and development firm, and has shared his expertise through various media, including his YouTube channel. Join us as we explore Joes unique perspective on hacking, engineering, and his extraordinary journey in the world of technology.https://joegrand.com/SponsorsSupport...
154: Hijacked Line
Conor Freeman (x.com/conorfrmn) stole money online. Lots of it. In this episode we talk with him, and hear how he did it, why he did, and what he spent it on.Conors website: https://conorfreeman.ieConors X: https://x.com/conorfrmnSponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn...
153: Bike Index
Have you ever got your bike stolen? In this episode we dive into the world of stolen bikes. Who does it and where do the bikes go? We talk with Bryan from Bike Index who investigates this.https://bikeindex.orgSponsorsSupport for this show comes from ThreatLocker. ThreatLocker is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker Allowlisting and Ringfencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including...
152: Stacc Attack
Jarett Dunn, AKA StaccOverflow, stole millions of dollars from a website called Pump Fun, and he wanted to do it in the most dramatic and theatrical way he could. His big heist is known as the Stacc Attack.https://x.com/STACCoverflowHe has a merch store now freestacc.io.SponsorsSupport for this show comes from Cobalt Strike. Cobalt Strike simulates real-world, advanced cyber attacks to enable red teams to proactively evaluate an organisations security readiness and defence response. Their Command and Control framework gives red teamers the ability to customise their engagements and incorporate their own tools and techniques, allowing you to stress-test specific parts of...
151: Chris Rock
Chris Rock is known for being a security researcher. But hes also a black hat incident responder. He tells us about a job he did in the middle east.https://x.com/chrisrockhackerSponsorsSupport for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your data is too open, if anyone is using it, and what you can lock...
150: mobman 2
In Episode 20 of Darknet Diaries, we heard from Greg aka mobman who said he created the sub7 malware. Something didnt sit right with a lot of people about that episode. Its time to revisit that episode and get to the bottom of things.SponsorsThis show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopifys single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet.Support...
149: Mini-Stories: Vol 3
In this episode we hear EvilMog (https://x.com/Evil_Mog) tell us a story about when he had to troubleshoot networks in Afghanistan. We also get Joe (http://x.com/gonzosec) to tell us a penetration test story.SponsorsSupport for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your data is too open, if anyone is using it, and what...
148: Dubsnatch
Ever wondered how far a fan would go to get a sneak peek of their favorite artists unreleased tracks? In this episode, we uncover the audacious story of some teens bent on getting their hands on the newest dubstep music before anyone else.SponsorsSupport for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your...
147: Tornado
In this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. Its a digital heist of epic proportions that changes everything.This story comes from part of Geoffs book Rinsed which goes into the world of money laundering. Get yours here https://amzn.to/3VJs7pb.
146: ANOM
In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.This story comes from part of Josephs book Dark Wire which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.
145: Shannen
Shannen Rossmiller wanted to fight terrorism. So she went online and did.Read more about her from her book The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI.Thanks to Spycast for allowing usage of the audio interview with Shannen.SponsorsSupport for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more....
144: Rachel
Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm.Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/.SponsorsSupport for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep...
143: Jim Hates Scams
Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers.Jims YouTube channel: https://www.youtube.com/c/JimBrowningSponsorsSupport for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you...
142: Axact
Axact sells fake diplomas and degrees. What could go wrong with this business plan?SponsorsSupport for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more.Support for this show comes from ThreatLocker. ThreatLocker is...
141: The Pig Butcher
The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world.SponsorsSupport for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire...
140: Revenge Bytes
Madison's nude photos were posted online. Her twin sister Christine came to help. This begins a bizarre and uneasy story.
139: D3f4ult
This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made.SponsorsSupport for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while...
138: The Mimics of Punjab
This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy.To learn more about protecting your digital privacy, watch Naomis YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginners Introduction to Privacy (https://amzn.to/3EjuSoY).SponsorsSupport for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily...
137: Predator
A new type of mercenary spyware came on the radar called Predator. Itll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world.In this episode we hear from Crofton Black at Lighthouse Reports who spent 6 months with a team of journalists researching this story which was published here: https://www.lighthousereports.com/investigation/flight-of-the-predator/.We also hear from Bill Marczak and John Scott-Railton from Citizen Lab.If you want to hear about other mercenary spyware, check out episodes 99 and 100, about NSO group and Pegasus....
136: Team Xecuter
Team Xecuter was a group involved with making and selling modchips for video game systems. They often made mods that allowed the video game system to rip games or play pirated games. It was a crowd favorite in the modding scene. Until it all fell apart. The story of what happened to Team Xecuter must be heard to believe.This episode features Gary Bowser. You can find more about Gary here:https://twitter.com/Bowser_GaryOPAhttps://garyopa.com/https://www.gofundme.com/f/garyopa-restarting-his-life?utm_location=darknetdiariesSponsorsSupport for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud...
135: The D.R. Incident
Omar Avilez worked in the CSIRT of the Dominican Republic when a major cyber security incident erupted. Omar walks us through what happened and the incident response procedures that he went through.Breakmaster Cylinders new album: https://breakmastercylinder.bandcamp.com/album/the-moon-all-that.SponsorsSupport for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your data is too open, if anyone is...
134: Deviant
Deviant Ollam is a physical penetration specialist. That means hes paid to break into buildings to see if the building is secure or not. He has done this for a long time and has a lot of tricks up his sleeve to get into buildings. In this episode we hear 3 stories of him breaking into buildings for a living.You can find more about Deviant on the following sites:https://twitter.com/deviantollamhttps://www.instagram.com/deviantollamhttps://youtube.com/deviantollamhttps://defcon.social/@deviantollamhttps://deviating.net/SponsorsSupport for this show comes fromThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthenyour infrastructure from the ground up with a zero trust posture. ThreatLockers Allowlisting gives you a more secure approach...
133: I'm the Real Connor
One day Connor Tumbleson got an email saying his identity has been stolen. And this was one of the strangest days hes ever had.SponsorsSupport for this show comes from Quorum Cyber. Their mantra is: We help good people win. If youre looking for a partner to help you reduce risk and defend against the threats that are targeting your business and especially if you are interested in Microsoft Security reach out to Qurotum Cyber at quorumcyber.com.Skiff is a collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private....
132: Sam the Vendor
Sam Bent, a.k.a. DoingFedTime, brings us a story of what it was like being a darknet market vendor.Learn more about Sam at https://www.doingfedtime.com/.SponsorsSupport for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer.Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools.
131: Welcome to Video
Andy Greenberg (https://twitter.com/a_greenberg) brings us a gut wrenching story of how criminal investigators used bitcoin tracing techniques to try to find out who was at the center of a child sexual abuse darkweb website.This story is part of Andys new book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. An affiliate link to the book on Amazon is here: https://amzn.to/3VkjSh7.SponsorsSupport for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal,...
130: Jason's Pen Test
Join us as we sit down with Jason Haddix (https://twitter.com/Jhaddix), a renowned penetration tester who has made a name for himself by uncovering vulnerabilities in some of the worlds biggest companies. In this episode, Jason shares his funny and enlightening stories about breaking into buildings and computers, and talks about the time he discovered a major security flaw in a popular mobile banking app.SponsorsSupport for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer.Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader in security operations solutions,...
129: Gollumfun (Part 2)
Brett Johnson, AKA Gollumfun (twitter.com/GOllumfun) was involved with the websites Counterfeit Library and Shadow Crew. He tells his story of what happened there and some of the crimes he committed.In part 2, his past catches up to him.Listen to more of Brett on his own show. https://www.thebrettjohnsonshow.com/.
128: Gollumfun (Part 1)
Brett Johnson, AKA Gollumfun (twitter.com/GOllumfun) was involved with the websites Counterfeit Library and Shadow Crew. He tells his story of what happened there and some of the crimes he committed.SponsorsSupport for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating...
127: Maddie
Maddie Stone is a security researcher for Googles Project Zero. In this episode we hear what its like battling zero day vulnerabilities.SponsorsSupport for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com.Support...
126: REvil
REvil is the name of a ransomware service as well as a group of criminals inflicting ransomware onto the world. Hear how this ransomware shook the world.A special thanks to our guest Will, a CTI researcher with Equinix.SponsorsSupport for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other...
125: Jeremiah
Jeremiah Roe is a seasoned penetration tester. In this episode he tells us about a time when he had to break into a building to prove it wasnt as secure as the company thought.You can catch more of Jeremiah on the Were In podcast.SponsorsSupport for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity...
124: Synthetic Remittance
What do you get when you combine social engineering, email, crime, finance, and the money stream flowing through big tech? Evaldas Rimaauskas comes to mind. He combined all these to make his big move. A whale of a move.SponsorsSupport for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer.Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and...
123: Newswires
Investing in the stock market can be very profitable. Especially if you can see into the future. This is a story of how a group of traders and hackers got together to figure out a way to see into the future and make a lot of money from that.SponsorsSupport for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools.Support for this show comes...
122: Lisa
In this episode we hear some insider threat stories from Lisa Forte.SponsorsSupport for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.Support for this show comes from Varonis. Do you...
121: Ed
In this episode we hear some penetration test stories from Ed Skoudis (twitter.com/edskoudis). We also catch up with Beau Woods (twitter.com/beauwoods) from I am The Cavalry (iamthecavalry.org).SponsorsSupport for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet...
120: Voulnet
This is the story about when Mohammed Aldoub, AKA Voulnet, (twitter.com/Voulnet) found a vulnerability on Virus Total and Tweeted about it.SponsorsSupport for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet.Support for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They...
119: Hot Wallets
In this episode we interview journalist Geoff White to discuss some of the recent crypto currency heists that have been happening. Geoff has been tracking a certain group of thieves for some time and shares his knowledge of what hes found.Much of what we talk about in this episode has been published in Geoffs new book The Lazarus Heist: From Hollywood to High Finance: Inside North Koreas Global Cyber War (https://amzn.to/3mKf1qB).SponsorsSupport for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data...
118: Hot Swaps
This is the story of Joseph Harris (https://twitter.com/akad0c). When he was a young teen he got involved with stealing video game accounts and selling them for money. This set him on a course where he flew higher and higher until he got burned.Joseph sometimes demonstrates vulnerabilities he finds on his YouTube channel https://www.youtube.com/channel/UCdcuF5Zx6BiYmwnS-CiRAng.Listen to episode 112 Dirty Coms to hear more about what goes on in the communities Joseph was involed with.SponsorsSupport for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset...
117: Daniel the Paladin
Daniel Kelley (https://twitter.com/danielmakelley) was equal parts mischievousness and clever when it came to computers. Until the day his mischief overtook his cleverness.SponsorsSupport for this show comes from Keeper Security. Keeper Securitys is an enterprise password management system. Keeper locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization. Get started by visiting keepersecurity.com/darknet.Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere....
116: Mad Dog
Jim Lawler, aka Mad Dog, was a CIA case officer for 25 years. In this episode we hear some of the stories he has and things he did while working in the CIA.Jim has two books out. Affiliate links below.Living Lies: A Novel of the Iranian Nuclear Weapons Program https://amzn.to/3s0PpcaIn the Twinkling of an Eye: A Novel of Biological Terror and Espionage https://amzn.to/3y7B4OLSponsorsSupport for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer.Support for this show comes from Juniper Networks. Juniper Networks is dedicated to simplifying network operations and driving superior...
115: Player Cheater Developer Spy
Some video game players buy cheats to win. Lets take a look at this game cheating industry to see who the players are.SponsorsSupport for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and...
114: HD
HD Moore (https://twitter.com/hdmoore) invented a hacking tool called Metasploit. He crammed it with tons of exploits and payloads that can be used to hack into computers. What could possibly go wrong? Learn more about what HD does today by visiting rumble.run/.SponsorsSupport for this show comes from Quorum Cyber. They exist to defend organisations against cyber security breaches and attacks. Thats it. No noise. No hard sell. If youre looking for a partner to help you reduce risk and defend against the threats that are targeting your business and specially if you are interested in Microsoft Security - reach out to...
113: Adam
Adam got a job doing IT work at a learning academy. He liked it and was happy there and feeling part of the team. But a strange series of events took him in another direction, that definitely didnt make him happy.SponsorsSupport for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk,...
112: Dirty Coms
This episode we talk with a guy named Drew who gives us a rare peek into what some of the young hackers are up to today. From listening to Drew, we can see that times are changing for the motive behind hacking. In the 90s and 00s it was done for fun and curiosity. In the 10s Anonymous showed us what Hacktivism is. And now, in the 20s, the young hackers seem to be profit driven.SponsorsSupport for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer.Support for this show comes from...
111: ZeuS
ZeuS is a banking trojan. Designed to steal money from online bank users accounts. This trojan became so big, that it resulted in one of the biggest FBI operations ever.SponsorsSupport for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive...
110: Spam Botnets
This episode tells the stories of some of the worlds biggest spamming botnets. Well talk about the botnets Rustock, Waledac, and Cutwail. Well discover who was behind them, what their objectives were, and what their fate was.SponsorsSupport for this show comes fromJuniper Networks(hyperlink:juniper.net/darknet). Juniper Networks is dedicated to simplifying network operations and driving superior experiences for end users. Visitjuniper.net/darknetto learn more about how Juniper Secure Edge can help you keep your remote workforce seamlessly secure wherever they are.Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber...
109: TeaMp0isoN
TeaMp0isoN was a hacking group that was founded by TriCk and MLT (twitter.com/0dayWizard). They were responsible for some high profile hacks. But in this story its not the rise thats most interesting. Its the fall.SponsorsSupport for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools.Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the...
108: Marq
This is the story of Marq (twitter.com/dev_null321). Which involves passwords, the dark web, and police.SponsorsSupport for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet.Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer.View all active sponsors.SourcesCourt records and news articles were used to fact check this episode. However Marq requested that links to his full name not be made available.https://techcrunch.com/2019/12/19/ring-doorbell-passwords-exposed/https://www.wired.com/2010/03/hacker-bricks-cars/
107: Alethe
Alethe is a social engineer. Professionally she tries to trick people to give her passwords and access that she shouldnt have. But her journey to this point is interesting and in this episode she tells us how she became a social engineer.Follow Alethe on Twitter: https://twitter.com/AletheDenisSponsorsSupport for this show comes from Skiff. Skiff is a collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private. Only you and your trusted collaborators can see what youve created. Try it out at https://www.skiff.org/darknet.Support for this show comes from Blinkist. They...
106: @Tennessee
How much online abuse are you willing to take before you decide to let your abuser have what they want? Unfortunately, this is a decision that many people have to ask themselves. If someone can threaten you physically, it bypasses whatever digital security you have in place.Thanks to https://twitter.com/jw for sharing this harrowing story with us.Affiliate links to books:The Smart Girls Guide to Privacy: https://www.amazon.com/gp/product/1593276486/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1593276486&linkCode=as2&tag=tunn01-20&linkId=0a8ee2ca846534f77626757288d77e00Extreme Privacy:https://www.amazon.com/gp/product/B0898YGR58/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=B0898YGR58&linkCode=as2&tag=tunn01-20&linkId=575c5ed0326484f0b612f000621b407fSponsorsSupport for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET.Support for this show comes from Ping Identity, champions of identity for the...
105: Secret Cells
Joseph Cox (https://twitter.com/josephfcox), Senior Staff Writer at Motherboard (https://www.vice.com/en/topic/motherboard), joins us to talk about the world of encrypted phones.BooksAffiliate links to books:The Smart Girls Guide to Privacy: https://www.amazon.com/gp/product/1593276486/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1593276486&linkCode=as2&tag=tunn01-20&linkId=0a8ee2ca846534f77626757288d77e00Extreme Privacy:https://www.amazon.com/gp/product/B0898YGR58/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=B0898YGR58&linkCode=as2&tag=tunn01-20&linkId=575c5ed0326484f0b612f000621b407fSponsorsSupport for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET.Support for this show comes from Ping Identity, champions of identity for the global enterprise. Give your users a loveable login solution. Visit www.pingidentity.com/.View all active sponsors.
104: Arya
Arya Ebrahami has had quite a personal relationship with darknet marketplaces. In this episode youll hear about his adventures on tor. Aryas current project is https://lofi-defi.com.SponsorsSupport for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer.Support for this show comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up.View all active sponsors.Sourceshttps://www.nbcwashington.com/news/local/27-arrested-in-prince-william-county-narcotics-investigation/58441/https://patch.com/virginia/manassas/undercover-narcotics-operation-nets-27-arrrests-xanax-distribution-ring
103: Cloud Hopper
Fabio Viggiani is an incident responder. In this episode he talks about the story when one of his clients were breached.SponsorsSupport for this show, and for stretched security teams, comes from SOC.OS. Too many security alerts means alert fatigue for under-resourced SecOps teams. Traditional tools arent solving the problem. SOC.OS is the lightweight, cost-effective, and low-maintenance solution for your team. Centralise, enrich, and correlate your security alerts into manageable, prioritised clusters. Get started with an extended 3-month free trial at https://socos.io/darknet.Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use...
102: Money Maker
Frank Bourassa had an idea. He was going to make money. Literally. Listen to the story of a master counterfeiter.
101: Lotera
In 2014 the Puerto Rico Lottery was mysteriously losing money. Listen to this never before told story about what happened and who did it.SponsorsSupport for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET.Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer.Sourceshttps://en.wikipedia.org/wiki/Puerto_Rico_Lotteryhttps://www.justice.gov/usao-pr/pr/10-individuals-indicted-drug-trafficking-and-money-launderinghttps://www.dea.gov/press-releases/2014/07/22/caribbean-corridor-strike-force-arrests-10-individuals-indicted-drughttps://casetext.com/case/united-states-v-delfin-robles-alvarez-7
100: NSO
The NSO Group creates a spyware called Pegasus which gives someone access to the data on a mobile phone. They sell this spyware to government agencies around the world. How is it used and what kind of company is the NSO Group?Thanks to John Scott-Railton and Citizen Lab for investigating this and sharing their research.SponsorsSupport for this show comes from Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNETSupport for this show comes from Ping Identity, champions of identity for the global enterprise. Give your users a loveable login solution. Visit www.pingidentity.com/.Support for this show comes from Blinkist. They...
99: The Spy
Igor works as a private investigator in NYC. Hes often sitting in cars keeping a distant eye on someone with binoculars. Or following someone through the busy streets of New York. In this episode we hear about a time when Igor was on a case but sensed that something wasnt right.SponsorsSupport for this show comes from Exabeam. Exabeam lets security teams see what traditional tools cant, with automated threat detection and triage, complete visibility across the entire IT environment and advanced behavioral analytics that distinguishes real threats from perceived ones, so security teams stay ahead and businesses keep moving without...
98: Zero Day Brokers
Zero day brokers are people who make or sell malware thats sold to people who will use that malware to exploit people. Its a strange and mysterious world that not many people know a lot about.Nicole Perlroth, who is a cybersecurity reporter for the NY Times, dove in head first which resulted in her writing a whole book on it.Affiliate link for book:This is How They Tell Me The World Ends (https://www.amazon.com/gp/product/1635576059/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1635576059&linkCode=as2&tag=tunn01-20&linkId=0aa8c966d98b49a7927bfc29aac76bbe)Audiobook deal:Try Audible Premium Plus and Get Up to Two Free Audiobooks (https://www.amazon.com/Audible-Free-Trial-Digital-Membership/dp/B00NB86OYE/?ref_=assoc_tag_ph_1485906643682&_encoding=UTF8&camp=1789&creative=9325&linkCode=pf4&tag=tunn01-20&linkId=31042b955d5e6d639488dc084711d033)SponsorsSupport for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet....
97: The Pizza Problem
What if someone wanted to own your Instagram account? Not just control it, but make it totally theirs. This episode tells the story of how someone tried to steal an Instagram account from someone.SponsorsSupport for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer.Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up.View all active sponsors.SourcesVid: The $5 Million Phone Hack True Life Crime
96: The Police Station Incident
Nicole Beckwithwears a lot of hats. Shes a programmer, incident responder, but also a cop and a task force officer with the Secret Service. In this episode she tells a story which involves all of these roles.https://twitter.com/NicoleBeckwithSponsorsSupport for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET.Support for this show comes fromExabeam. Exabeam lets security teams see what traditional tools cant, with automated threat detection and triage, complete visibility across the entire IT environment and advanced behavioral analytics that distinguishes real threats from perceived ones, so security teams stay...
95: Jon & Brian's Big Adventure
JonandBrianare penetration testers who both worked at a place calledRedTeam Security. Theyre paid to break into buildings and hack into networks to test the security of those buildings. In this episode they bring us a story of how they prepare and execute a mission like this. But even with all the preparation, something still goes terribly wrong.SponsorsSupport for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET.Support for this show comes fromPing Identity, champions of identity for the global enterprise. Give your users a loveable login solution. Visitwww.pingidentity.com/.View all...
94: Mariposa
Chris Davishas been stopping IT security threats for decades. Hes currently running the companyHyasthat he started. In this episode he tells a few tales of some threats that he helped stop.SponsorsSupport for this show comes fromExabeam. Exabeam lets security teams see what traditional tools cant, with automated threat detection and triage, complete visibility across the entire IT environment and advanced behavioral analytics that distinguishes real threats from perceived ones, so security teams stay ahead and businesses keep moving without fear of the unknown. Learn more by visitingexabeam.com/dd.Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so...
93: Kik
Kik is a wildly popular chat app. Their website says that 1 in 3 American teenagers use Kik. But something dark is brewing on Kik.
92: The Pirate Bay
The Pirate Bay is a website, a search engine, which has an index of torrent files. A lot of copyrighted material is listed on the site, but the site doesnt store any of the copyrighted material. It just points the user to where you can download it from. So for a while The Pirate Bay has been the largest places you can find pirated movies, music, games, and apps. But this site first came up 2003. And is still up and operation now, 18 years later! You would think someone would shut this place down by now. How does the...
91: webjedi
What happens when an unauthorized intruder gets into the network of a major bank? Amlie Koran akawebjediwas there for one of these intrusions and tells us the story of what happened.You can find more talks from Amlie at her websitewebjedi.net.SponsorsSupport for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25.This podcast is sponsored byNavisite. Accelerate IT transformation to respond to new demands, lower costs and prepare for whatever comes next. VisitNavisite.com/go.View all active sponsors.Sources
https://www.foxnews.com/story/0,2933,435681,00.html
https://w2.darkreading.com/risk-management/world-bank-(allegedly)-hacked/d/d-id/1072857
https://www.washingtonpost.com/nation/2020/05/18/missionary-pilot-death-coronavirus/
https://webjedi.net/
90: Jenny
MeetJenny Radcliffe, the People Hacker. Shes a social engineer and physical penetration tester. Which means she gets paid to break into buildings and test their security. In this episode she tells us a few stories of some penetration testing jobs shes done.SponsorsSupport for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up.This podcast is sponsored byNavisite. Accelerate IT transformation to respond to new demands, lower costs and prepare for whatever comes next....
89: Cybereason - Molerats in the Cloud
The threat research team at Cybereason uncovered an interesting piece of malware. Studied it and tracked it. Which lead them to believe they were dealing with a threat actor known as Molerats.SponsorsThis episode is sponsored byCybereason. Cybereason reverses the attackers advantage and puts the power back in your hands. Their future-ready attack platform gives defenders the wisdom to uncover, understand, and piece together multiple threats. And the precision focus to end cyberattacks instantly on computers, mobile devices, servers, and the cloud. They do all this through a variety of tools theyve developed such as antivirus software, endpoint monitoring, and mobile...
88: Victor
Victorlooks for vulnerabilities on the web and reports them responsibly. This is the story about discloser number 5780.Listen to episodes 86, and 87 before this one to be caught up on the story leading up to this.SponsorsThis podcast is sponsored byNavisite. Accelerate IT transformation to respond to new demands, lower costs and prepare for whatever comes next. VisitNavisite.com/go.This podcast is sponsored by theJSCM Group. They have a service called ClosedPort: Scan, and its is a monthly Penetration Test performed by Cyber Security Experts. Contact JSCM Group today atjscmgroup.com/darknet.Support for this show comes from IT Pro TV. Get 65 hours of...
87: Guild of the Grumpy Old Hackers
In 2016 the LinkedIn breach data became available to the public. What the Guild of the Grumpy Old Hackers did with it then is quite the story. Listen toVictor,Edwin, andMattijstell their story.SponsorsSupport for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up.Support for this show comes fromPrivacy.com. Privacy allows you to create anonymous debit cards instantly to use for online shopping. Visitprivacy.com/darknetto get a special offer.View all active sponsors.
86: The LinkedIn Incident
In 2012, LinkedIn was the target of a data breach. A hacker got in and stole millions of user details. Username and password hashes were then sold to people willing to buy. This episode goes over the story of what happened.For a good password manager, check out LastPass.SponsorsSupport for this episode comes fromQuadrant Information Security. If you need a team of around the clock analysts to monitor for threat in your network using a custom SIEM, check out what Quadrant can do for you by visitingwww.quadrantsec.com.Support for this show comes fromThinkst Canary. Their canaries attract malicious actors in your network...
85: Cam the Carder
This is the story ofCam Harrison, aka kilobit and his rise and fall as a prominent carder.SponsorsSupport for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25.Support for this episode comes fromOracle for Startups. Oracle for Startups delivers enterprise cloud at a startup price tag, with free cloud credits and 70% off industry-leading cloud services to help you reel in the big fishconfidently. To learn more, visitOracle.com/goto/darknet.View all active sponsors.Sources
https://www.justice.gov/opa/pr/member-organized-cybercrime-ring-responsible-50-million-online-identity-theft-sentenced-115
https://nakedsecurity.sophos.com/2014/11/14/carder-su-fraudster-jailed-for-9-years-and-ordered-to-pay-50-8m/
https://www.justice.gov/usao-nv/operation-open-market
84: Jet-setters
How bad is it if you post your boarding pass on Instagram? Our guest,Alexdecides to figure this out for themself and has quite a story about what happened. You can read more from Alex on their bloghttps://mango.pdf.zone.We also hear fromTProphetwhos here to give us some travel hacks to save tons on airfare when we start traveling again. You can learn more about TProphets travel hacks athttps://seat31b.comorhttps://award.cat.SponsorsSupport for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off...
83: NSA Cryptologists
In this episode we interview two NSA Cryptologists,Marcus J. CareyandJeff Man. We hear their story of how they got into the NSA and what they did while there.To hear more stories from Jeff tune intoPauls Security Weeklywhere Jeff is a regular co-host and shares a lot of stories and insights.Marcus has written several books on security. They areTribe of Hackers,Tribe of Hackers Blue Team,Tribe of Hackers Red Team,Tribe of Hackers Security Leaders,Think in Code, and a childrens book calledThree Little Hackers.Also check out theTribe of Hackers podcastto hear interviews with all these amazing people!SponsorsSupport for this show comes from IT...
82: Master of Pwn
TheZero Day Initiativeruns a hacker contest calledPwn2Own. The contest calls the best hackers in the world to demonstrate they can hack into software that should be secure. Like browsers, phones, and even cars. A lot of vulnerabilities are discovered from this event which means vendors must fix them. Whoever can demonstrate the most vulnerabilities will be crowned the Master of Pwn.Thanks toDustin ChildsandBrian Gorencfrom ZDI to hear all about Pwn2Own.Thanks toRadekandPedrofor sharing their experiences of becoming the Masters of Pwn.SponsorsSupport for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about...
81: The Vendor
This is the story of a darknet marketplace vendor well name V. V tells his story of how he first became a buyer, then transitioned into seller.This episode talks about drugs. Listener discretion is advised.If you want to contact V his email is at https://darknetdiaries.com/episode/81.SponsorsSupport for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25.Support for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer.
80: The Whistleblower
In this episode we hear a story from a social engineer whos job it is to get people to do things they dont want to do. Why? For profit.SponsorsSupport for this episode comes fromSentinelOnewhich can protect and assistwith ransomeware attacks. On top of that, SentinelOne offers threat hunting, visibility, and remote administration tools to manage and protect any IoT devices connected to your network. Go toSentinelOne.com/DarknetDiariesfor your free demo. Your cybersecurity future starts today with SentinelOne.Support for this show comes fromThinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to...
79: Dark Basin
What do you do when you find yourself the target of a massive hacking campaign, and you are getting thousands of phishing emails and someone following you in your car. You might turn to Citizen Lab who has the ability to research who is behind this and help bring the hackers to justice.Our guests this episodes are Adam Hulcoop and John Scott-Railton ofCitizen Lab. This episode also has an interview with Matthew Earl ofShadowfall.SponsorsSupport for this show comes fromLastPassby LogMeIn. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company,...
78: Nerdcore
Nerdcore music is music for nerds. In this episode we hear from some of the musicians who make Nerdcore music.This episode features guestsytcracker,Ohm-I, andDual Core.Content warning: This episode has explicit lyrics.MusicFor a playlist of music used in this episode visit darknetdiaries.com/episode/78.SponsorsSupport for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25.Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up.
77: Olympic Destroyer
In February 2018, during the Winter Olympics in Pyeongchang South Korea, a cyber attack struck, wiping out a lot of the Olympics digital infrastructure. Teams rushed to get things back up, but it was bad. Malware had repeatedly wiped the domain controllers rendering a lot of the network unusable. Who would do such a thing?We will talk withAndy Greenbergto discuss Olympic Destroyer, a chapter from his bookSandworm (affiliate link).SponsorsSupport for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer.Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can...
76: Knaves Out
This is the story about how someone hacked into JP Morgan Chase, one of the biggest financial institutions in the world. Its obvious why someone would want to break into a bank right? Well the people who hacked into this bank, did not do it for obvious reasons. The hackers are best described as knaves. Which are tricky, deceitful fellows.SponsorsSupport for this show comes fromLastPassby LogMeIn. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto...
75: Compromised Comms
From 2009 to 2013 the communication channels the CIA uses to contact assets in foreign countries was compromised. This had terrifying consequences.Guests this episodes areJenna McLaughlinandZach Dorfman.SponsorsThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25.This episode was sponsored byThinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out athttps://canary.tools.View all active sponsors.Sources https://finance.yahoo.com/news/cias-communications-suffered-catastrophic-compromise-started-iran-090018710.html Video: Fostering Bipartisanship in Intelligence...
74: Mikko
Poker is a competitive game. Unlike other casino games, poker is player vs player. Criminal hackers have understood this for a while and sometimes hack the other players to get an edge. And that small edge can result in millions of dollars in winnings.This episode contains a story fromMikko HypponenofF-Secure. We also interview Mikko to know more about him and the history of malware.SponsorsThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25.This episode was sponsored byThinkst Canary. Their canaries attract malicious actors in your network and then send...
73: WannaCry
It is recommend to listen to episodes53 Shadow Brokers,71 FDFF, and72 Bangladesh Bank Heistbefore listening to this one.In May 2017 the world fell victim to a major ransomware attack known as WannaCry. One of the victims was UKs national health service. Security researchers scrambled to try to figure out how to stop it and who was behind it.Thank you toJohn HultquistfromFireEyeand thank you toMatt Suichefounder ofComae.SponsorsSupport for this episode comes fromLastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are...
72: Bangladesh Bank Heist
A bank robbery with the objective to steal 1 billion dollars. This is the story of the largest bank robbery in history. And it was all done over a computer.Our guest this episode wasGeoff White. Learn more about him atgeoffwhite.tech.Check out Geoffs new bookCrime Dot Com. Affiliate link: https://www.amazon.com/gp/product/1789142857/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1789142857&linkCode=as2&tag=darknet04-20&linkId=bb5a6aa7ba980183e0ce7cee1939ea05SponsorsThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25.Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and...
71: Information Monopoly
In this episode, were going into the depths of North Korea to conduct one of the greatest hacks of all time. To find a way to inject information into a country run by totalitarian regime.A big thanks toYeonmi Parkfor sharing her story with us. Also thanks toAlex Gladsteinfor telling us the inside story.You can find more about Flash Drive For Freedom atflashdrivesforfreedom.org.Yeonmis book "In Order to Live": https://www.amazon.com/gp/product/014310974X/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=014310974X&linkCode=as2&tag=darknet04-20&linkId=88ebdc087c6ce041105c479b1bb6c3d2SponsorsThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25.Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books,...
70: Ghost Exodus
Ghost Exodus is a hacker. He conducted various illegal activities online. Some of which he documents on YouTube. Hes also a great musician. He got into some trouble from his hacking. This is his story.A big thanks toGhost Exodusfor sharing his story with us. Also thanks toWesley McGrewfor telling us the inside story.SponsorsThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25.Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7...
69: Human Hacker
We all know that computers and networks are vulnerable to hacking and malicious actors, but what about us, the humans who interface with these devices? Con games, scams, and strategic deception are far older than computers, and in the modern era, these techniques can make humans the weakest link in even the most secure system. This episode, security consultant and master social engineer, Christopher Hadnagy, joins us to share his stories and wisdom. He describes what it was like to be a social engineer before the world knew what social engineering was and tells some of his amazing stories from...
68: Triton
A mysterious mechanical failure one fateful night in a Saudi Arabian chemical plant leads a cast of operational technology researchers down a strange path towards an uncommon, but grave, threat. In this episode, we hear how these researchers discovered this threat and tried to identify who was responsible for the malware behind it. We also consider how this kind of attack may pose a threat to human life wherever there are manufacturing or public infrastructure facilities around the world.A big thanks toJulian Gutmanis,Naser Aldossary,Marina Krotofil, andRobert M. Leefor sharing their stories with us.SponsorsThis episode was sponsored by IT Pro TV....
67: The Big House
John Strandis a penetration tester. Hes paid to break into computer networks and buildings to test their security. In this episode we listen to stories he has from doing this type of work.Thanks toJohn Strandfor coming on the show and telling your story.SponsorsSupport for this episode comes fromLastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial.Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books,...
66: freakyclown
Freakyclown is a physical penetration tester. His job is to break into buildings to test the security of the building. In this episode we hear stories of some of these missions hes been on.Thanks toFreakyclownfor coming on the show and telling your story.SponsorsThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25.This episode was sponsored by Molekule, a new air purifier that completely destroys air pollutants to help you breath easier.https://molekule.com.
65: PSYOP
PSYOP, or Psychological Operations, is something the US military has been doing to foreign audiences for decades. But what exactly is it? And whats the difference between white, gray, and black PSYOP missions? We talk to PSYOP specialists to learn more.Thanks toJon Nicholsfor telling us about this fascinating world.SponsorsSupport for this episode comes fromLastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial.Support for this episode comes fromBlinkist. They...
64: The Athens Shadow Games
Vodafone Greece is the largest telecom provider in Greece. But in 2004 a scandal within the company would pin them to be top of the news cycle in Greece for weeks. Hackers got in the network. And what they were after took everyone by surprise.SponsorsSupport for this episode comes fromOkta. Learn more about how you can improve your security posture with the leader in identity-driven security atokta.com/darknet.This episode is supported byPlexTrac. PlexTrac is the purple teaming platform and is designed to streamline reporting, tracking and attestation so you can focus on getting the realcybersecurity work done. Whether you're creating pen...
63: w0rmer
The hacker named w0rmer was active within AnonOps. These are Anonymous Operations which often organize and wage attacks on websites or people often with the purpose of social justice. Eventually w0rmer joined in on some of these hacking escapades which resulted in an incredible story that he will one day tell his kids.Thanks to w0rmer for telling us your story.SponsorsThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25.Support for this episode comes from LastPass. LastPass is a great password manager but it can do so much more....
62: Cam
Cams story is both a cautionary tale and inspirational at the same time. Hes been both an attacker and defender. And not the legal kind of attacker. He has caused half a million dollars in damages with his attacks. Attacks that arose from a feeling of seeing injustices in the world. Listen to his story.SponsorsThis episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2020 to get a $20 credit on your next project.Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction...
61: Samy
Samy Kamkar is a hacker. And while hes done a lot of stuff, hes best known for creating the Samy Worm. Which spread its way through a popular social media site and had crazy results.Thanks to our guest Samy Kamkar for telling his story. Learn more about him by visiting https://samy.pl/.SponsorsThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25.Support for this episode comes from LastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use...
60: dawgyg
This is a story about the hacker named dawgyg and how he made over $100,000 in a single day, from hacking.Thanks to our guest dawgyg for telling his story.SponsorsThis episode is sponsored by SentinelOne - to learn more about their endpoint security solutions and get a 30-day free trial, visit sentinelone.com/darknetdiariesThis episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2020 to get a $20 credit on your next project.Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can...
59: The Courthouse
In this episode we hear from Gary and Justin. Two seasoned penetration testers who tell us a story about the time when they tried to break into a courthouse but it went all wrong.SponsorsThis episode was sponsored by Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNETThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25.Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day...
58: OxyMonster
OxyMonster sold drugs on the darknet at Dream Market. Something happened though, and it all came crashing down.SponsorsThis episode was sponsored by Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNETThis episode was sponsored by Molekule, a new air purifier that completely destroys air pollutants to help you breath easier. https://molekule.com to use check out code DARKNET10 to get a discount.See complete list of sources at https://darknetdiaries.com/episode/58.
57: MS08-067
Hear what goes on internally when Microsoft discovers a major vulnerability within Windows.GuestThanks to John Lambert for sharing this story with us.SponsorsSupport for this episode comes from ProCircular. Use the team at ProCircular to conduct security assessments, penetration testing, SIEM monitoring, help with patches, or do incident response. Visitwww.procircular.com/to learn more.This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25.Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start...
56: Jordan
This is the story of Jordan Harbinger. A bit of a misfit teenager, who was always on the edge of trouble. In this story we hear what happened that lead to a visit from the FBI.GuestThanks to Jordan Harbinger for sharing his story with us. You can find hist podcast by searching for The Jordan Harbinger Show wherever you listen to podcasts.SponsorsThis episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where...
55: NoirNet
A holiday special episode. A private pen tester takes on a job that involves him with another eccentric pen tester, a mischievious smile, and his quest to gain access to the network.GuestThanks to TinkerSec for telling us the story.Sourceshttps://twitter.com/TinkerSec/status/1206410740099366918AttributionDarknet Diaries is created by Jack Rhysider.Artwork this episode by habblesthecat.More information at DarknetDiaries.com.
54: NotPetya
The story of NotPetya, seems to be the first time, we see what a cyber war looks like. In the summer of 2017 Ukraine suffered a serious and catastrophic cyber attack on their whole country. Hear how it went down, what got hit, and who was responsible.GuestThanks to Andy Greenberg for his research and sharing this story. I urge you to get his book Sandworm because its a great story.SponsorsThis episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2019 to get a $20 credit on...
53: Shadow Brokers
The NSA has some pretty advanced, super secret, hacking tools. What if these secret hacking tools were to end up in the wrong persons hands? Well, that happened.GuestThanks to Jake Williams from Rendition Security for telling us the story.SponsorsThis episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools.Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you...
52: Magecart
Credit card skimming is growing in popularity. Gas pumps all over are seeing skimmers attached to them. Its growing in popularity because its really effective. Hackers have noticed how effective it is and have began skimming credit cards from websites.GuestThanks to Yonathan Klijnsma from RiskIQ.SponsorsThis episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2019 to get a $20 credit on your next project.Support for this episode comes from Honeybook. HoneyBook is an online business management tool that organizes your client communications, bookings, contracts, and invoices...
51: The Indo-Pak Conflict
Kashmir is a region right in between India, Pakistan, and China. For the last 70 years Pakistan and India have fought over this region of the world, both wanting to take control of it. Tensions sometimes heat up which can result in people being killed. When tensions get high in the real world, some people take to the internet and hack their rivals as a form of protest. In this episode well explore some of the hacking that goes on between India and Pakistan.SponsorsSupport for this episode comes from Check Point. Check Point makes firewalls and security appliances you can...
50: Operation Glowing Symphony
Operation Inherent Resolve was started in 2016 which aimed to combat ISIS. It was a combined joint task force lead by the US military. Operation Inherent Resolve sent troops, ships, and air strikes to Iraq and Syria to fire weapons upon ISIS military. Its widely known that US military engaged with ISIS in this way. But what you may not have heard, is the story of how the US military also combated ISIS over the Internet. This is the story of how the US hacked ISIS.SponsorsThis episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and...
49: Elliot
In this episode we meet Elliot Alderson (@fs0c131y) from Twitter. Who is this strange masked person? What adventures have they gotten themselves into? Many stories will be told. The mask will be lifted.SponsorsThis episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools.Go to https://nordvpn.com/darknet to get 70% off a 3 year plan and use code darknet for an extra month for free!
48: Operation Socialist
This is the story about when a nation state hacks into a company within another nation.SponsorsThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25 to get 25% off.This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code DARKNET to get 75% off when signing up for 3 years.
47: Project Raven
This is the story about an ex-NSA agent who went to work for a secret hacking group in the UAE.SponsorsThis episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools.Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and...
46: XBox Underground (Part 2)
This is the story about the XBox hacking scene and how a group of guys pushed their luck a little too far.This is part 2 of a 2 part series.SponsorsThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet.Learn more about stocks and investing from MyWallSt. Visit mywallst.com/darknet to learn more.
45: XBox Underground (Part 1)
This is the story about the XBox hacking scene and how a group of guys pushed the hacking a little too far.This is part 1 of a 2 part series.SponsorsThis episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code "DARKNET".This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn't be. Check them out at https://canary.tools.This episode was sponsored by IT Pro TV. Get 65 hours of...
44: Zain
Ransomware is ugly. It infects your machine and locks all the the data and to unlock you have to pay a fee. In this episode we dive into some of the people behind it.SponsorsThis episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo.This episode was sponsored by MyWallSt. Their app can help you find good looking stocks to invest in. Visit MyWallSt.com/dark to start your free 30 day trial.For more show notes and links check out darknetdiaries.com.
43: PPP
This is the story about how I acquired a black badge from DEFCON (pictured above).We also hear the story about who PPP is, and their CTF journey at DEFCON.This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code DARKNET.This episode was sponsored by Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNET
42: Mini-Stories: Vol 2
Three stories in one episode. Listen in on one of Dave Kennedy's penetration tests he conducted where he got caught trying to gain entry into a datacenter. Listen to a network security engineer talk about the unexpected visitor found in his network and what he did about it. And listen to Dan Tentler talk about a wild and crazy engagement he did for a client.GuestsA very special thanks to Dave Kennedy. Learn more about his company at trustedsec.com.Thank you Clay for sharing your story. Check out the WOPR Summit.Viss also brought an amazing story to share. Thank you too. Learn...
41: Just Visiting
Join JekHyde and Carl on a physical penetration test, a social engineering engagagement, a red team assessment. Their mission is to get into a building they shouldn't be allowed, then plant a rogue computer they can use to hack into the network from a safe place far away.This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code "DARKNET".This episode was sponsored by Hostinger. Go to https://hostinger.com/darknet and use code DARKNET to get 15% off a hosting plan and check out this weeks free feature.For more information visit darknetdiaries.com.
40: No Parking
Take a ride with a red teamer. A physical penetration tester as he tries to make his away into unauthorized areas, steal sensitive documents, hack into the computers, and escape with company property.This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo.This episode was sponsored by Hostinger. Go to https://hostinger.com/darknet and use code DARKNET to get 15% off a hosting plan and check out this weeks free feature.For complete show notes and links go to darknetdiaries.com.
39: 3 Alarm Lamp Scooter
A talk at Defcon challenged people to find a way to destroy a hard drive. A young man was inspired by this challenge and was determined to find a way to destroy a hard drive. But this is not a typical young man, with a typical plan.For pictures of Daniel and his projects visit darknetdiaries.com/episode/39.This episode was sponsored by Nord VPN. Visit nordvpn.com/darknet and use promo code "DARKNET".This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet.
38: Dark Caracal
A journalist wrote articles critical of the Kazakhstan government. The government did not like this and attempted to silence her. But they may have done more than just silence her. Perhaps they tried to spy on her too. The EFF investigated this case and went down a very interesting rabbit hole.Thanks to Cooper Q from EFF's new Threat Lab. Also big thanks to Eva from EFF, Andrew Blaich and Michael Flossman from Lookout.For another story about the EFF listen to episode 12 "Crypto Wars".This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that....
37: LVS
The Venetian casino in Las Vegas Nevada was the largest hotel in the world until 2015. The parent company is Las Vegas Sands (LVS) which owns 10 properties around the world. And the CEO and founder of LVS is Sheldon Adelson. One day the CEO said something which sparked quite a firestorm.This episode was sponsored by Nucleus. Visit nucleussec.com to start your free trial.This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo.For more show notes visit DarknetDiaries.com.
36: Jeremy from Marketing
A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn't go as planned.Thanks to @TinkerSec for telling us this story.This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code "DARKNET".This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet.For more show notes visit https://darknetdiaries.com/episode/36.
35: Carbanak
ATM hacking. Hollywood has been fantasizing about this since the 1980's. But is this a thing now? A security researcher named Barnaby Jack investigated ATMs and found them to be vulnerable. Once he published his data the ATM hacking scene rose in popularity and is is a very serious business today.One of the first big ATM robberies was done with the malware called Carbanak. Jornt v.d. Wiel joins us to discuss what this malware is.This episode was sponsored by Nucleus. Visit nucleussec.com to start your free trial.This episode was sponsored by IT Pro TV. Get 65 hours of free training...
34: For Your Eyes Only
Nude selfies. This episode is all about nude selfies. What happens if you take one and give it to a vengeful boyfriend. What happens when a hacker knows you have them and wants to steal them from your phone. What happens is not good.This episode was sponsored by Nord VPN. Visit nordvpn.com/darknet and use promo code "DARKNET".This episode was sponsored by Molekule, a new air purifier that completely destroys air pollutants to help you breath easier. Visit molekule.com to use check out code "DARKNET" to get a discount.For references, sources, and links check out the show notes at darknetdiaries.com/episode/34/.
33: RockYou
In 2009 a hacker broke into a website with millions of users and downloaded the entire user database. What that hacker did with the data has changed the way we view account security even today.This episode was sponsored by CuriosityStream. A streaming service showing non-fiction and documtnaries. Visit https://curiositystream.com/darknet and use promo code "darknet".This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo.To see more show notes visit darknetdiaries.com/episode/33.
32: The Carder
A carding kingpin was tracked by the Secret Service. How did he steal the cards? Where was he stealing them from? How much was he making doing this? And where did he go wrong? Find out all this and more as we listen to how the Secret Service investigated the case.This episode was sponsored by Eero. A solution to blanket your home in WiFi. Visit https://eero.com/darknet and use promo code "darknet".This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code "darknet".Cover image this episode created by r lr.Go to Darknet Diaries for additional show notes.
31: Hacker Giraffe
In late November 2018, a hacker found over 50,000 printers were exposed to the Internet in ways they shouldn't have been. He wanted to raise awareness of this problem, and got himself into a whole heap of trouble.For show notes and links visit DarknetDiaries.com.This episode was sponsored by CuriosityStream. A documentary streaming service. Visit curiositystream.com/darknet and use promo code "darknet".This episode is also sponsored by Cover. Visit cover.com/darknet to get insured today.
30: Shamoon
In 2012, Saudi Aramco was hit with the most destructive virus ever. Thousands and thousands of computers were destroyed. Herculean efforts were made to restore them to operational status again. But who would do such an attack?Very special thanks goes to Chris Kubecka for sharing her story.She is author of the book Down the Rabbit Hole An OSINT Journey, and Hack The World With OSINT (due out soon).This episode was sponsored by Eero. A solution to blanket your home in WiFi. Visit https://eero.com/darknet and use promo code "darknet".This episode is also sponsored by Cover. Visit cover.com/darknet to get insured today.
29: Stuxnet
Stuxnet was the most sophisticated virus ever discovered. It's target was a nuclear enrichment facility in Iran. This virus was successfully able to destroy numerous centrifuges. Hear who did it and why.Special thanks to Kim Zetter for joining us this episode. You can find more about Stuxnet from her book Count Down to Zero Day.
28: Unit 8200
Israel has their own version of the NSA called Unit 8200. I was curious what this unit does and tried to take a peek inside. Hear what I found by listening along to this episode.This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code darknet.This episode is also sponsored by Mack Weldon. Visit mackweldon.com to shop for premium men's casual wear and get a 20% off discount with your first order by using promo code diaries.
27: Chartbreakers
Something is wrong with the Apple Podcasts top charts. As a podcaster, this personally annoyed and intrigued me. I investigate how this is happening and who is behind it.For show notes visit https://darknetdiaries.com/episode/27.This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code 'darknet'.This episode is sponsored by LPSS Digital Marketing, your source for honest, transparent marketing services for businesses of all sizes. Visit LPSS at https://www.lpss.co/ for details.
26: IRS
The IRS processes $3 trillion dollars a year. A lot of criminals want to get a piece of that. In 2015 the IRS had a large data breach. Hundreds of thousands of tax records were leaked. What happened and who was behind this? Listen to this episode to find out.For show notes visit https://darknetdiaries.com
25: Alberto
Alberto Hill was sent to prison for a long time for hacking. For a crime he said he did not commit. Listen to his story and you be the judge on whether he's guilty or not.
24: Operation Bayonet
Darknet markets are online black markets. They are highly illegal, and dangerous to run. Hear exactly how dangerous it was for Alphabay and Hansa dark markets.
23: Vladimir Levin
When banks started coming online, they almost immediately started being targeted by hackers. Vladimir Levin was one of the first ever known hacker to try to rob a bank. He succeeded a little, and failed a lot. Vladimir would go down in the history books as one of the most notorious hackers of all time because of his attempted online bank robberies.
22: Mini-Stories: Vol 1
Three stories in one! In this episode we hear about a penetration test from Mubix that he'll never forget, a incident response from Robert M. Lee which completely stunned him, and a social engineering mission from Snow.Podcast recommendation: Moonshot.
21: Black Duck Eggs
Ira Winkler's specialty is assembling elite teams of special forces and intelligence officers to go after companies. Ira shares a story about a time he and his team broke into a global 5 company. A company so large that theft of intellictual property could result in billions of dollars of damage.Ira's consulting company: Secure Mentum.His books: Spies Among Us, Advanced Persistent Security, Through the Eyes of the Enemy.
20: mobman
Chances are, if you were downloading shady programs in the early 2000's, you were infected with malware he wrote called SubSeven. Hacking changed mobman's life. Hear how it happened by listening to this episode.Image for this episode created by dr4w1ngluc4s. Check out his Instagram to see some amazing artwork!Check out the podcasts Van Sounds and True Crime Island
19: Operation Aurora
In 2009, around Christmas time, something terrible was lurking in the network at Google. Google is the most popular website on the Internet. Its so popular many people just think Google is the Internet. Google hires many of the most talented minds and has been online since the 90s. Hacking into Google is no easy task. Theres a team of security engineers who test and check all the configurations on the site before they go live. And Google has teams of security analysts and technicians watching the network 24/7 for attacks, intrusions, and suspicious activity. Security plays a very vital...
18: Jackpot
A man addicted to gambling finds a bug in a video poker machine that lets him win excessive amounts of money.
17: Finn
A 14-year-old kid who finds himself bored in class decides to hack someone's twitter account and ends up with more than he bargained for.
16: Eijah
In 2007, a hacker named Eijah got fed up with the way DRM prevented him from being able to play the content he paid for. He decided to fight back against the AACS and find a way to circumvent the DRM. By the time Eijah was done, his life wasn't the same.
15: Ill Tills
A major retailer was hacked. Their point of sales machines were riddled with malware. Listen to hear how digital forensics and incident responders handled the situation. What malware was found? Where was it found? How was it stopped? And most importantly, how much data was leaked?
14: #OpJustina
In 2013 a hospital was accused of conducting a medical kidnapping against a young girl name Justina. This enraged many people across the country, including members of anonymous. A DDOS attack was waged against the hospital.
13: Carna Botnet
In 2012 the Carna Bot was built and unleashed on the world. But it didn't have any intentions on doing anything malicious. It was built just to help us all understand the Internet better. This botnet used the oldest security vulnerable in the book. And the data that came out of it was amazing.
12: Crypto Wars
In the 1990's the Internet started to take shape. But the US goverment had strict laws regulating what type of cryptography is allowed to be used online. A few brave people stood up to the government in the name of civil rights and won the right to use strong encryption. Listen to their battle and what they had to do through to accomplish this.
11: Strictly Confidential
What happens when an innovative tech company, that's trying to develop the next big thing, detects a hacker in their network? We hear the story from a digital forensics investigator which has a surprising result.
10: Misadventures of a Nation State Actor
In today's world of intelligence gathering, governments hack other governments. This episode takes you on a ride with a nation state actor to see exactly how it's done.
9: The Rise and Fall of Mt. Gox
Mt. Gox was the largest bitcoin exchange in the world. It suddenly went offline. What happened?
8: Manfred (Part 2)
Manfred found a way to turn his passion for video games and reverse engineering into a full time business. He exploited video games and sold virtual goods and currency for real money. This was his full time job. Listen to this episode to hear exactly how he did this.
7: Manfred (Part 1)
Manfred has had the most epic story of all online video game stories. For the last 20 years, he's been hacking online games.
6: The Beirut Bank Job
Jayson E. Street tells us a story about the time he broke into a bank in Beirut Lebanon.
5: #ASUSGATE
Security researcher Kyle Lovett bought a new Asus router in 2013. He found it was riddled with security vulnerabilties. He set out on a mission to resolve these vulnerabilities not only for his own router, but for thousands of others who were also vulnerable.
4: Panic! at the TalkTalk Board Room
Mobile provider TalkTalk suffered a major breach in 2015. The CEO tried her best to keep angry customers calm and carry on. The UK government and Metropolitan Police investigate the breach. We get a rare glimpse of how the CEO handles the crisis.
3: DigiNotar, You are the Weakest Link, Good Bye!
The 2011 DigiNotar breach changed the way browsers do security. In this episode, we learn what role a CA plays, how browsers work with CAs, and what happens when a CA is breached.
2: The Peculiar Case of the VTech Hacker
VTech makes toy tablets, laptops, and watches for kids. In 2015, they were breached. The hacker downloaded gigs of children's data. Discover what the hacker did once he took the data.
1: The Phreaky World of PBX Hacking
Farhan Arshad and Noor Aziz Uddin were captured 2 years after being placed on the FBI's Cyber's Most Wanted list for PBX hacking. In this episode, we explain PBX hacking and how hackers are racking up billions of dollars in phone bills. We also learn how the two men were captured.
Defense in Depth
Should You Use Native or 3rd Party Cloud Management Tools?
Should You Use Native or 3rd Party Cloud Management Tools? All links and images can be found on CISO Series. Check out this post from Steve Zalewski for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is their sponsored guest, Gal Ordo, co-founder and CPO, Native. In this episode: More tools, more problems A gap in design Catching what slips through Competence over complexity A huge thanks to our sponsor, Native Security Native makes secure-by-design...
How Should We Measure the Performance of a CISO?
How Should We Measure the Performance of a CISO? All links and images can be found on CISO Series. Check out this post from the cybersecurity subreddit for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Jason Richards, vp, information security, CHG Healthcare. In this episode: Likability as a career strategy The storytelling gap How the math actually gets done The unofficial scorecard A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero...
How to Be Less Busy and More Effective in Cyber
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Ross Young, co-host, CISO Tradecraft. Joining them is Dan Walsh, CISO, Datavant. Be sure to check out Ross's book Cybersecurity's Dirty Secret: Why Most Budgets Go to Waste. In this episode: Patterns hiding in plain sight Activity vs. advancement The human cost Frameworks about frameworks A huge thanks to our sponsor, Fenix24 Fenix24 is the world's leading breach recovery firm, providing rapid...
How to Engage With a CISO When They Express Interest
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Adam Palmer, CISO, First Hawaiian Bank. Be sure to check out David's book, Three Feet from Seven Figures: One-on-One Engagement Techniques to Qualify More Leads at Trade Shows. In this episode: Lead with insight, not persuasion Recognize the opportunity when it arrives Strategy over features Keep it efficient A huge thanks to our sponsor, Endor Labs Discover...
Who is Responsible for the Conflict Between Security and Developers?
All links and images can be found on CISO Series. Check outthis post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining is their sponsored guest, Matt Brown, solutions architect, Endor Labs. In this episode: The development disconnect Functionality first, security second The incentive problem Speed as the common ground A huge thanks to our sponsor, Endor Labs Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49%...
Are Your Security Tools Creating More Work for Your Team?
All links and images can be found on CISO Series. Check out this post by Caleb Sima for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Evan McHenry, CISO, Robinhood. In this episode: The information paradox Setting realistic expectations Prioritization over noise The cart before the horse Huge thanks to our sponsor, Endor Labs Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research...
Why Overpromising is a Dangerous Sales Tactic
All links and images can be found on CISO Series. Check out this post, CISO, Upwind Security, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. Joining us is Octavia Howell, vp and CISO, Equifax Canada. In this episode: Beyond the quota The hard truth beats the polished bluff Paying for someone else's mistakes Reducing friction, increasing trust Huge thanks to our sponsor, ThreatLocker ThreatLocker takes a deny-by-default approach to endpoint security controlling what applications can run, what can access...
Should You Phish Your Employees or Not?
All links and images can be found on CISO Series. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Mark Eggleston, CISO, CSC. In this episode: Breaking trust to test it Technical controls over testing The measurement imperative Fire drills, not gotchas Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data...
How Much Autonomy Should You Give AI Agents in Your SOC?
All links and images can be found on CISO Series. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Cliff Crosland, co-founder and CEO, Scanner.dev. In this episode: Earning autonomy gradually The blast radius question The reality check Today's value, tomorrow's evolution Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper...
Cybersecurity's Broken Hiring Process
All links and images can be found on CISO Series. Check out this post by Dr. Chase Cunningham, CSO at Demo-Force, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Brett Conlon, CISO, American Century Investments. In this episode: The experience paradox Who benefits from the narrative Kitchen sink job postings The aggregation problem Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and...
Simple Security Solutions That Deliver a Big Impact
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is their sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Getting permissions right The fundamentals that still fail Know what you have Simple controls, outsized impact Huge thanks to our sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs...
When Cybersecurity Marketing Fails to Reach the Buyer
All links and images can be found on CISO Series. Check outthis post by Patrick Garrity of VulnCheck for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Tom Doughty, CISO, Generate:Biomedicines. In this episode: The 3Ms of product clarity Buzzwords work because buyers aren't experts Investor pressures distort messaging Threading the needle Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One...
How Best to Prepare Your Data for Your Tools
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining them is sponsored guest Matt Goodrich, director of information security, Alteryx. In this episode: The integrity challenge Zero trust for AI outputs Guardrails over garbage It looks good... Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk,...
Don't Try to Win with Technical Expertise. Win by Partnering.
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by me, David Spark, the producer of CISO Series, and Jerich Beason, CISO, WM. Their guest is Pam Lindemoen, CSO and vp of strategy, RH-ISAC. In this episode: From loudest to most trusted Letting go of the win Listening over proving Beyond right and wrong Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions....
What Makes a Successful CISO?
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Ejona Preci, group CISO, LINDAL Group. In this episode: Consequence, not controls The credibility gap Defining the undefined Expanding the mandate A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built...
How Should CISOs Talk to the Business
All links and images can be found on CISO Series. Check out this post by Binoy Koonammavu of Secusy AI for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is best-selling cybersecurity author Peter Gregory. His upcoming study guide on AI governance can be pre-ordered here. In this episode: Speaking the language of leadership Beyond translation: the trust factor Making risk tangible When translation isn't enough Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero...
How Much Cyber Risk Should a CISO Own?
All links and images can be found on CISO Series. Check out this post by Nick Nolen of Redpoint Cyber for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Erika Dean, former CSO, Robinhood. In this episode: Delegation requires accountability The reality of daily decision-making The gap between theory and practice Beyond the advisory role Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy...
How To Tell When a Vendor is Selling AI Snake Oil
All links and images can be found on CISO Series. Check out this post by Christofer Hoff of Truist for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Caleb Sima, builder, WhiteRabbit. Joining them is Crystal Chatam, vp of cybersecurity, Speedcast. In this episode: Understanding the fundamentals The grift of superficial expertise Hands-on experience matters A vulnerability at the leadership level Huge thanks to our sponsor, Stellar Cyber By shining a bright light on the darkest corners of security operations, Stellar Cyber empowers organizations to...
In the Age of Identity, is Network Security Dead?
All links and images can be found on CISO Series. Check out this post by Ross Haleliuk of Venture in Security for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Davi Ottenheimer, vp, trust and digital ethics, Inrupt. In this episode: Network security isn't dyingit's evolving The observability layer that can't be replaced What's old is new again The innovation gap Huge thanks to our sponsor, HackerOne Discover how AI innovators like Adobe,...
How to Manage Configuration Drift
All links and images can be found onCISO Series. Check outthis postby Kevin Paige, CISO at ConductorOne, for the discussion that is the basis of our conversation on this week's episode co-hosted byDavid Spark, the producer ofCISO Series, and Geoff Belknap. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: When configuration drift becomes operational reality The garden that never stops growing From detection to cultural shift The maturity gap Huge thanks to our sponsor, ThreatLocker ThreatLocker Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken...
Is Least Privilege Dead?
All links and images can be found on CISO Series. Check out this post by Kevin Paige, CISO at ConductorOne, for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Julie Tsai, CISO-in-Residence, Ballistic Ventures. In this episode: Is least privilege dead? Modern tactics, timeless principle Implementation over ideology Pragmatism over purity Huge thanks to our sponsor, Cyera AI is moving fast - can your security keep up? Join the leaders shaping the future of...
How Do We Measure Our Defenses Against Social Engineering Attacks?
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest Bobby Ford, chief strategy and experience officer, Doppel. In this episode: Beyond the click High-risk users demand different metrics Building engagement over punishment Creating a security culture through community Huge thanks to our sponsor, Doppel Doppel is protecting the world's digital integrity. Impersonators adapt fast but so does Doppel. By pairing AI...
Sales Follow Up Sequences: What Works Best in Cyber?
All links and images can be found on CISO Series. Check out this post by Mike Gallardo for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining them is Alex Guilday, BISO, Royal Caribbean Group. In this episode: Timing the approach When persistence becomes harassment Playing the long game The necessity argument Huge thanks to our sponsor, Cyera AI is moving fast - can your security keep up? Join the leaders shaping the future of data and AI security at DataSecAI Conference 2025,...
What Soft Skills Do You Need in Cyber?
All links and images can be found onCISO Series. Check out this post by Evgeniy Kharam for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer ofCISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Ryan Dunn, Leader of Product and Supply Chain Technology, Specialized Bicycle Components. And check out "Architecting Success: The Art of Soft Skills in Technical Sales: Connect to Sell More" byEvgeniy Kharam we referenced in this episode. In this episode: Beyond the technical playbook Influencing without authority Partnering, not just selling...
What is the Visibility That Security Teams Need?
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer ofCISO Series, and Bil Harmer, security advisor, Craft Ventures. Joining them is James Bruce, business security services director, WPP. In this episode: Turning visibility into actionable intelligence Pure visibility still provides an essential security foundation Finding strategic value The risk of gaps in identity management Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open...
Data Governance in the Age of AI
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer ofCISO Series, and Dan Walsh, CISO, Datavant. Joining them is their sponsored guest,Ash Hunt, vp, strategy, EMEA, Cyera. In this episode: The access creep challenge Bridging intent and execution Looking for integrity Racing against exponential complexity Huge thanks to our sponsor, Cyera AI is moving fast - can your security keep up? Join the leaders shaping the future of data and AI security at DataSecAI Conference...
How Can Security Vendors Better Stand Out?
All links and images can be found on CISO Series. Check out this post by David Mundy of Tuskira for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Jason Taule, CISO, Luminis Health. In this episode: ROI challenges Venture capital saturation Risk aversion and organizational politics A GTM transformation Huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and...
What New Risks Does AI Introduce?
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest, Kara Sprague, CEO, HackerOne. In this episode: Shadow AI as a control problem Rethinking identity for autonomous agents When process meets momentum Beyond blocking: channeling AI usage Huge thanks to our sponsor, HackerOne Built on 580,000+ validated vulnerabilities, $81M in payouts this year, and insights from 1,950 enterprise programs, the 2025 Hacker-Powered Security...
The Pattern of Early Adoption of Security Tools
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is CISO Series reporter and CISO herself, Hadas Cassorla. In this episode: Security poverty line excludes SMBs Skills gap and channel dynamics slow SMB security adoption The startup disadvantage cycle Technology adoption flows from enterprise complexity to market simplification Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in...
How Are You Managing the Flow of AI Data
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest Mokhtar Bacha, founder and CEO, Formal. In this episode: Access management faces transformation AI agents demand new authentication paradigms AI complexity demands simplified governance approaches Data-centric identity management replaces role-based approaches Huge thanks to our sponsor, Formal Formal secures humans, AI agent's access to MCP servers, infrastructure, and data stores by monitoring and controlling...
How to Deal with Last Minute Compliance Requirements
All links and images can be found on CISO Series. Check out this post by Geoff Belknap, co-host of Defense in Depth, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and John Overbaugh, CISO, Alpine Investors. Joining us is our sponsored guest, Pukar Hamal, founder and CEO at SecurityPal. In this episode: When business moves faster than security Turning obstacles into opportunities The art of saying "not like that" Know your regulatory landscape Huge thanks to our sponsor, SecurityPal AI SecurityPal is the leader...
Do You Have a Functional Policy or Did You Just Write One?
All links and images can be found on CISO Series. Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark, the producer ofCISO Series, andEdward Contreras, senior evp and CISO,Frost Bank. Joining us isJustin Berman, formerly vp of platform engineering and CISO at Thirty Madison Health. In this episode: Maps without transportation The untouchable employee problem Attestation theater The lightbulb moment Huge thanks to our sponsor, SecurityPal SecurityPal is the leader in Customer Assurance, helping companies accelerate security assurance without compromising accuracy. Their AI + human expertise approach, dynamic Trust...
Where are We Struggling with Zero Trust
All links and images can be found on CISO Series. Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark, the producer ofCISO Series, andSteve Zalewski. Joining us is our sponsored guest,Rob Allen, chief product officer,ThreatLocker. In this episode: Legacy infrastructure creates the biggest hurdles More marketing than methodology Implementation complexity makes zero trust a Sisyphean task Don't ignore human factors Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker...
Cybersecurity Has a Prioritization Problem
All links and images can be found onCISO Series. Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark, the producer ofCISO Series, andSteve Zalewski. Joining them is Terry O'Daniel, former CISO at Amplitude. In this episode: Beyond prioritization: aligning risk with reality From signals to strategy The Case for Maturity Models Security Starts With Culture Huge thanks to our sponsor,SecurityPal SecurityPal is the leader in Customer Assurance, helping companies accelerate security assurance without compromising accuracy. Their AI + human expertise approach, dynamic Trust Center, and modern TPRM solution eliminate...
How Can AI Provide Useful Guidance from Fragmented Security Data?
All links and images can be found onCISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is their sponsored guest, Matt Eberhart, CEO, Query. In this episode: Quality over quantity in AI decision-making Process before technology The connectivity challenge The context complexity paradox Huge thanks to our sponsor, Query Query is a Federated Search and Analytics platform that builds a security data mesh, giving security teams real-time context from all connected sources. Analysts move faster...
Why Salespeople's Knowledge of Cybersecurity Is Critical for the Ecosystem
All links and images can be found on CISO Series. Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark, the producer ofCISO Series, andSteve Zalewski. Joining us isJason Thomas, senior director, technology security, governance, and risk,Cystic Fibrosis Foundation. In this episode: The trust deficit Defending the non-technical roles The business accountability gap The communication imperative Huge thanks to our sponsor, Query.ai Queryis a Federated Search and Analytics platform that builds a security data mesh, giving security teams real-time context from all connected sources. Analysts move faster and make better...
What Are the Cybersecurity Trends We Need To Follow?
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by me, David Spark, the producer of CISO Series, and Dan Walsh, CISO, Datavant. Joining them is Sneha Parmar, former information security officer, Lufthansa Group Digital. In this episode: Shifting left, broadening out The insurance wake-up call Building trust into the system Security's identity crisis A huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and...
Is It Even Possible to Fast-Track Your Way Into Cybersecurity?
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is David Cross, CISO, Atlassian. In this episode: The experience prerequisite The bootcamp reality check The compensation conundrum The domain expertise imperative A huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker...
What's the Most Efficient Way to Rate Third Party Vendors?
All posts and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Steve Knight, former CISO, Hyundai Capital America. In this episode: Streamlining vendor evaluations Moving beyond compliance theater The scorecard skeptics Finding the right balance Thanks to our sponsor, Formal Formal secures humans, AI agent's access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy,...
Don't Ask "Can" We Secure It, But "How" Can We Secure It
All links and images can be found onCISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining is Hanan Szwarcbord, vp, CSO and head of infrastructure, Micron Technology. In this episode Embracing growth An urgent need for creativity Get the business context Embrace your inner theater kid Huge thanks to our sponsor,Query.ai Query is a Federated Search and Analytics platform that builds a security data mesh, giving security teams real-time context from all connected sources....
Has the Shared Security Model for SaaS Shifted?
All links and images can be found on CISO Series. Check outthis postby Justin Pagano at Klaviyo for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark, the producer ofCISO Series, andGeoff Belknap. Joining us isJesse Webb, CISO and svp information systems,Avalon Healthcare Solutions. In this episode: Align the incentives The feature and enforcement disconnect Putting the right people in the right place A need for transparency Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks...
Improving the Efficiency of Your Threat Intelligence
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted byme, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Jason Steer, CISO, Recorded Future. In this episode We don't need more indicators Creating more work Generating actionable intelligence Design for what you can do Huge thanks to our sponsor, Recorded Future Every day, security teams face an impossible challenge: sorting through millions of threats, each potentially critical. But somewhere in that noise...
Why Cybersecurity Professionals Lie on Their Resumes
All images and links can be found on CISO Series. Check outthis postbyGautam 'Gotham' SharmaofAccessCyberfor the discussion that is the basis of our conversation on this week's episode, co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski. Joining us isKrista Arndt, associate CISO,St. Luke's University Health Network. In this episode: Verify then trust Dishonesty on all sides A lack of flexibility What about integrity? Huge thanks to our sponsor, Formal Formal secures humans, AI agent's access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces...
What Should Be in a CISO Job Description?
All links and images can be found on CISO Series. Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap). Joining us isDennis Pickett, vp, CISO, Westat. In this episode: Stop siloing cybersecurity Leading the charge A culture of ownership Preparing for resilience A huge thanks to our sponsor, Recorded Future Every day, security teams face an impossible challenge: sorting through millions of threats, each potentially critical. But somewhere in that noise are the signals you can't afford to miss.Recorded Future'sgives you the power...
The CISO's Job Is Impossible
All links and images for this episode can be found onCISO Series. Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, and Yaron Levi, CISO, Dolby. Joining us isJoey Rachid, CISO, Xerox. In this episode: It's a balancing act Choose to leave the kids' table Your team is essential Don't change CISOs midstream Huge thanks to our sponsor, Blackslash Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It categorizes security findings...
Can You Have a Secure Software Environment Without Traditional Vulnerability Management?
All links and images for this episode can be found onCISO Series. Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andHoward Holton, COO,Gigaom. Joining us is our sponsored guest,Rob Allen, chief product officer atThreatLocker. In this episode: Reinforcing zero trust Focus on effectiveness Understanding zero trust limitations What's next Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to...
How Much Should Salespeople Know About Their Product?
All links and images for this episode can be found onCISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is Jay Jay Davey, vp of cyber security operations, Planet. In this episode: Aligning incentives The realities of the job Delivering ROI Holistic cybersecurity Thanks to our sponsor, Backslash Security Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It categorizes security findings...
Why Are We Still Struggling to Fix Application Security?
All links and images for this episode can be found onCISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Eric Gold, chief evangelist, BackSlash. In this episode: Start with the culture Moving AppSec to a higher level A strategy for security Maturing the basics Thanks to our sponsor, Backslash Security Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled...
What Can Someone with No Experience Do in Cybersecurity?
All links and images for this episode can be found onCISO Series. Check out this post from Jerich Beason, CISO at WM, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Dan Walsh, CISO, Datavant. Joining us is Rinki Sethi, vp and CISO, BILL. In this episode: You need a solid foundation A lot depends on the role Underappreciated skills Structures and frameworks Huge thanks to our sponsor, Recorded Future Every day, security teams face an impossible challenge: sorting through millions of threats, each...
Are New Gartner-Created Categories/Acronyms Helping or Hurting the Cybersecurity Industry?
All links and images for this episode can be found onCISO Series. Check out this post from Caleb Sima of WhiteRabbit for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Alex Hutton, CISO, Atlantic Union Bank. In this episode: The race to differentiate Don't blame Gartner Simplifying is complicated Seeking connection Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker...
Can AI improve Third-Party Risk Management (TPRM)
All links and images for this episode can be found onCISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Jason Elrod, CISO, MultiCare Health System. Joining us is our sponsored guest, Nick Muy, CISO, Scrut Automation. In this episode: Supercharging teams Shifting to proactive A unique opportunity A human in the legal loop HUGE thanks to our sponsor, Scrut Automation Scrut Automation empowers compliance and risk teams of all sizes to build enterprise-grade security programs effortlessly. With powerful...
Cybersecurity Is NOT an Entry-Level Position
All links and images for this episode can be found onCISO Series. Check out this post by Tallis Jordan of the U.S. Army Cyber Command for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is Montez Fitzpatrick, CISO, Navvis. In this episode: Start with foundations Learning to learn Don't get hustled Building a pipeline HUGE thanks to our sponsor, Scrut Automation Scrut Automation empowers compliance and risk teams of all sizes to build enterprise-grade security programs effortlessly. With powerful automation,...
Hey Vendors, What Problem Is Your Product Solving?
All links and images for this episode can be found onCISO Series. Check out this post from Yaron Levi for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Yaron Levi, CISO, Dolby. In this episode: A knowledge deficit Talk is cheap What's the difference? Answer the preliminaries HUGE thanks to our sponsor, Scrut Automation Scrut Automation empowers compliance and risk teams of all sizes to build enterprise-grade security programs effortlessly. With powerful automation, AI-driven efficiencies, and seamless...
We've Been Fooled. There Is No Talent Shortage.
All links and images for this episode can be found on CISO Series. Check out this post by Rachel Bicknell of Dell Technologies quoting Mic Merritt of Merritt Collective for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Jimmy Sanders, president, ISSA International. Joining them is Ngozi Eze, CISO, Levi Strauss. In this episode: Stop the unicorn hunt Job post inflation Structural misalignment We've got to do better Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security,...
Is There an Increasing Consolidation of Vendors in the SOC?
All links and images for this episode can be found onCISO Series. Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andHoward Holton, CTO,GigaOm. Joining us isFrancis Odum, founder,Software Analyst Cybersecurity Research. In this episode: Rebalancing the SOC The case for consolidation It comes down to data Concentric cycles Thanks to our podcast sponsor, Palo Alto Networks Cortex Cloud, the next generation of Prisma Cloud, merges best-in-class CDR with industry-leading CNAPP for real-time cloud security. Harness the power of AI and automation to prioritize risks...
Are CISOs Struggling to Get Respect?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Lee Parrish, CISO, Newell Brands. Joining us is David Tyburski, vp of information security and CISO, Wynn Resorts. In this episode: CISOs need to stick around Culture forward CISOs need support This isn't always about budget Thanks to our podcast sponsor, Palo Alto Networks! Cortex Cloud, the next generation of Prisma Cloud, merges best-in-class CDR with industry-leading...
Is Platformization Vs Best-of-Breed a False Dichotomy?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Elad Koren, vp, product management, Cortex Cloud, Palo Alto Networks. In this episode: Context drives the decision A full-spectrum understanding Think practical The long play Thanks to our podcast sponsor, Palo Alto Networks Cortex Cloud, the next generation of Prisma Cloud, merges best-in-class CDR with industry-leading CNAPP for real-time cloud security....
Protecting Your Backups from Ransomware
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and DJ Schleen, former distinguished security architect, Yahoo. Joining us is our sponsored guest Heath Renfrow, co-founder, Fenix24. In this episode: Get creative Shift the focus of backups Failing the test Moving beyond false hope Thanks to our podcast sponsor, Fenix24 You've invested in cybersecurity, but can your business recover when it counts? The Securitas Summa program from...
Can a Security Program Ever Reach Maintenance Mode?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Andrew Wilder, CISO, Vetcor. In this episode: It comes down to growth Maintenance mode is anything but simple An asymmetric arrangement Integrating with the business Thanks to our podcast sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and...
The Hardest Problems in Security Aren't "Security Problems"
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us Sneha Parmar, information security officer, Lufthansa Group Digital Hangar. In this episode: Build the foundation Building at scale Excelling at boring Knowing what you've got is half the battle Thanks to our podcast sponsor, Fenix24 You've invested in cybersecurity, but can your business recover when it counts? The Securitas Summa program from...
If and When Should a CISO Have a Long Term Security Plan?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Gaurav Kapil, CISO, Bread Financial. In this episode: It helps to have a vision The benefit of planning It's never too early to start Don't make rash decisions Thanks to our podcast sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses...
Do We Want CISOs Dictating How Salespeople Should Engage?
All links and images for this episode can be found on CISO Series. Check out this post by Marc Ashworth, CISO at First Bank for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, vp, deputy CISO - Gaming, Microsoft. Joining us is Ken Athanasiou, CISO, VF Corporation. In this episode: Frustration is a two-way street Sales is data driven Give customers the tools they need Start a conversation Thanks to our podcast sponsor, Noma Security Secure your entire Data & AI...
Is AI Benefiting Attackers or Defenders?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: The promise and perils of LLMs A boon for defenders Raising the bar Muddying the waters Thanks to our podcast sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from...
CISOs DO Own the Risk
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Ross Young, CISO-in-residence, Team8, and Jeroen Schipper, CISO, Gemeente Den Haag. In this episode: Creating authority Don't reinvent the wheel Accountable for quality Make the distinction clear Thanks to our podcast sponsor, Fenix24 You've invested in cybersecurity, but can your business recover when it counts? The Securitas Summa program from the Conversant Group combines resistance, managed protection,...
How Can We Fix Alert Fatigue?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Itai Tevet, CEO, Intezer. In this episode: Build for what you can handle Rethinking alerts Building trust into your system Seeing the bigger picture Thanks to our podcast sponsor, Intezer Intezer's AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating with...
Vulnerability Management Vulnerability Discovery
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Yaron Levi, CISO, Dolby. In this episode: You can't manage what you don't know you have Vulnerability management doesn't have an endpoint This is about tradeoffs A unique approach Thanks to our podcast sponsor, Intezer Intezer's AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious...
Are Security Awareness Training Platforms Effective?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Dan Walsh, CISO, Paxos. Joining us is Sharon Milz, CISO, Time. In this episode: A vicious cycle Not all training is created equal Don't forget the human factor We can still define success Thanks to our podcast sponsor, Intezer Intezer's AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating...
The Argument For More Cybersecurity Startups
All links and images for this episode can be found on CISO Series. Check out these posts for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Ross Haleliuk, author, Venture in Security. Be sure to check out Ross's podcast, Inside the Network, and his book Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup. In this episode: A market response to industry failure Is this a business or a feature? The economics of startups Practicality over novelty Thanks to our podcast...
How Are New SEC Rules Impacting CISOs?
All links and images for this episode can be found on CISO Series. Check out these posts for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is Allan Cockriel, group CISO, Shell. In this episode: Striking a balance Will we see a talent exodus? Playing by the same rules This is an organizational responsibility Thanks to our podcast sponsor, SpyCloud Cybercrime doesn't take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen...
Managing the Risk of GenAI Tools
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Karthik Krishnan, founder and CEO, Concentric AI. In this episode: Meet the new risk, same as the old risk Understanding where your risks are coming from Identifying best practices Know what you're getting into Thanks to our podcast sponsor, Concentric AI Concentric AI's DSPM solution automates data security, protecting...
Defending Against What Criminals Know About You
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Damon Fleury, chief product officer, SpyCloud. In this episode: A holistic view Adding sophistication to identity Your employees can help Cracking the code Thanks to our podcast sponsor, SpyCloud Cybercrime doesn't take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen identity...
Will We Ever Go Back From Work From Home?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Joe Lewis, CISO, CDC. In this episode: Don't underestimate the quality of life benefits We're still learning What is the case for return-to-office? Moving past gimmicks Thanks to our podcast sponsor, SpyCloud Cybercrime doesn't take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen...
The Lurking Dangers of Neglected Security Tools
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, VP and deputy CISO - Gaming, Microsoft. Joining us is Adam Fletcher, CSO, Blackstone. In this episode: Neglected tools drain resources Who's to blame? Technology is the last step Buying tools to solve business problems Thanks to our podcast sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to...
When You Just Can't Take It Anymore in Cyber
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, VP, Deputy CISO - Gaming, Microsoft. Joining us is Patty Ryan, senior director, CISO, QuidelOrtho. In this episode: Recognizing humanity Death by a thousand meetings What are we looking for? Find your value Thanks to our podcast sponsor, GitGuardian GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It...
Is It Possible to Inject Integrity Into AI?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Davi Ottenheimer, vp, trust and digital ethics, Inrupt. Sir Tim Berners-Lee co-founded Inrupt to provide enterprise-grade software and services for the Solid Protocol. You can find their open positions here. In this episode: LLMs lack integrity controls A valid criticism Doubts in self-policing AI New tech, familiar problems Thanks to our...
Are Phishing Tests Helping or Hurting Our Security Program?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Dennis Pickett, vp, CISO, Westat. In this episode: Not all education requires tests Understand your users Building reflexes An ounce of prevention Thanks to our podcast sponsor, Concentric AI Concentric AI's DSPM solution automates data security, protecting sensitive data in real-time. Our AI-driven solution identifies, classifies, and secures on-premises and cloud...
Who Is Responsible for Securing SaaS Tools?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security. In this episode: Defining responsibilities Understanding the problem A different role for security Focus on the data Thanks to our podcast sponsor, Nudge Security Get a full inventory of all SaaS accounts ever created by anyone in your org, in minutes, along...
Hiring Cyber Teenagers with Criminal Records
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Adam Arellano, vp, enterprise cybersecurity, PayPal. In this episode: Accounting for mindset The importance of ethics A matter of incentives Understanding what is teachable Thanks to our podcast sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and...
What's Working With Third-Party Risk Management?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Nick Muy, CISO, Scrut Automation. In this episode: Segment and test Focus on you Embrace the risk lifecycle Not all vendors are the same Thanks to our podcast sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features...
What Triggers a CISO?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.Joining me is our guest, Sherron Burgess, CISO, BCD Travel. In this episode: Disingenuous claims rub everyone the wrong way. Don't put the CISO behind the 8-ball The sales hustle They didn't understand the assignment Thanks to our podcast sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security...
Information Security vs. Cybersecurity
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and John Underwood, vp, information security, Big 5 Sporting Goods. Joining us is our guest, Mike Lockhart, CISO, EagleView. In this episode: Marketing versus strategy A distinction without a difference? Terminology follows function Security convergence Thanks to our podcast sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our...
Should Deny By Default Be the Cornerstone of Zero Trust?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is our sponsored guest Rob Allen, chief product officer, ThreatLocker. In this episode: Can you retrofit zero trust? The business case for deny by default Seizing an opportunity Zero trust doesn't stand alone Thanks to our podcast sponsor, ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls...
What Is a Field CISO?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Bil Harmer, operating partner and CISO, Craft Ventures. In this episode: A time and a place for Field CISOs This isn't a new role Consulting the Field CISO Words mean things Thanks to our podcast sponsor, Cyera Cyera's AI-powered data security platform gives companies visibility over their sensitive data, context over...
Cybersecurity Is a Communications Problem
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Jim Bowie, CISO, Tampa General Hospital. In this episode: The goal is to connect to the business The hard truth about soft skills Balancing risk Looking beyond communication Thanks to our podcast sponsor, SeeMetrics SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context. SeeMetrics unifies siloed...
Do Companies Undergoing a Merger or Acquisition Get Targeted for Attacks?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Christina Shannon, CIO, KIK Consumer Products. Joining us is Andrew Cannata, CISO, Primo Water. In this episode: The lure of an IPO is debatable Does an IPO make you a target or just more vulnerable? M&A changes your context Ambiguity creates risk Thanks to our podcast sponsor, Cyera Cyera's AI-powered data security platform gives companies visibility over...
Telling Stories with Security Metrics
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Shirley Salzman, CEO and co-founder, SeeMetrics. In this episode: Finding the purpose in metrics Using metrics to answer business questions Speaking to your audience Communication is a two-way street Thanks to our podcast sponsor, SeeMetrics SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context....
Securing Identities in the Cloud
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is our sponsored guest, Adam Bateman, CEO, Push Security. The SaaS attacks matrix community resource mentioned by Adam in the episode can be found here. Editorial note: Geoff Belknap is an advisor to Push Security. In this episode: Where are we going wrong Finding the missing pieces Protecting an expanding border It...
How AI Is Making Data Security Possible
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Lamont Orange, CISO, Cyera. In this episode: The data security check has come due Putting data security at the heart of defense in depth Automation is key You need to know what you're protecting Thanks to our podcast sponsor, Cyera Cyera's AI-powered data security platform gives companies visibility over...
What Makes a Successful CISO?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Christina Shannon, CIO, KIK Consumer Products. Joining us is our guest, Tomer Gershoni, CSO, Zoominfo. In this episode: Moving beyond technology The art of a CISO CISOs always operate in context Elevating the CISO conversation Thanks to our podcast sponsor, SeeMetrics SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context. SeeMetrics unifies...
We Want a Solution to Remediate, Not Just Detect Problems
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Yaron Levi, CISO, Dolby. Joining us is our guest, Neil Watkins, svp technology and cybersecurity services, i3 Verticals. In this episode: Visibility doesn't matter without context Not all visibility is created equal Don't forget to bring people into the loop Remediation doesn't scale with more visibility Thanks to our podcast sponsor, GitGuardian GitGuardian is a Code Security...
Recruiting from the Help Desk
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining me is our guest, Sasha Pereira, vp of infrastructure and CISO, WASH. In this episode: Is working the help desk a great place to get entry level cyber security skills? So why is it so often overlooked or even looked down upon? What kind of experience do you need? What is the...
How Do We Build a Security Program to Thwart Deepfakes?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Russ Ayers, svp of cyber & deputy CISO, Equifax. In this episode: Are we seeing AI and LLM rapidly push into what was science fiction into production? What happens as our ability to generate realistic sound, video, and images opens the obvious door for indistinguishable fakes from...
Where Are Secure Web Gateways Falling Short?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Vivek Ramachandran, founder, SquareX. In this episode: Are secure web gateways still an effective tool in the enterprise? As the browser has changed a lot in the last decade, are Secure Web Gateways - SWGs still keeping up? Why is this a problem? Does anyone have a better solution?...
Understanding the Zero-Trust Landscape
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining me is our guest Richard Stiennon, chief research analyst, IT-Harvest. In this episode: In this episode: Why do so many vendors claim to offer zero-trust solutions? Is that framework even applicable to some product categories? Do your eyes roll when you hear "zero trust solution"? What do most people think it is,...
Scaling Least Privilege for the Cloud
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Sandy Bird, co-founder and CTO, Sonrai Security. In this episode: Why does scaling least privilege in the cloud remain challenging? Is throwing more people at the problem feasible? How are you managing it? What aspects haven't been considered? Thanks to our podcast sponsor, Sonrai Security A...
Should CISOs Be More Empathetic Towards Salespeople?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining me is our guest, Emily Heath, general partner, Cyberstarts. In this episode: How do CISOs feel about sales pitches? Do they have legitimate complaints? When do these legitimate complaints cross the line to sounding entitled? Do CISOs need to show a little more empathy to sales? Thanks to our podcast sponsor, SquareX...
Managing Data Leaks Outside Your Perimeter
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining me is our sponsored guest, Mackenzie Jackson, developer advocate, GitGuardian. In this episode: How to manage data leaks outside your perimeter? When data leaks increasingly come from third-parties, what can you do to protect your organization? How do we even begin to address this problem? Is there a one size fits all...
What Are the Risks of Being a CISO?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining me is our guest, Phil Davis, attorney, healthcare cybersecurity and privacy, Hall Render. In this episode: In today's current climate, is the role of the CISO still worth it? Does the position carry a lot of potential liability? Do the upsides still outweigh the risks? Do CISOs tend to have more responsibility...
Onboarding Security Professionals
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining me is our guest, Paul Connelly, former CISO, HCA HealthcareGot feedback? In this episode: How important is onboarding new cyber talent? Does it set the tone for their tenure with your organization? What should CISOs do to make sure onboarding is effective for both sides? What are the mistakes CISOs should avoid,...
How to Improve Your Relationship With Your Boss
All links and images for this episode can be found on CISO Series. Check out this post Monte Pedersen of The CDA Group for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Jerry Davis, division director for cyber defense at Truist Bank. In this episode: Why does advancing your career require more than just technical skills? Does it require you to build relationships within your organizations, particularly with your boss? How can you...
Improving the Responsiveness of Your SOC
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.Joining me is our sponsored guest, Spencer Thompson, CEO, Prelude. In this episode: Why does it take so long to integrate new tools and get them up to speed? Are we always in a state where we are always lacking readiness? What should we be measuring? Do we focus too much on singular events? Thanks to...
The Demand for Affordable Blue Team Training
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.Joining me is our guest, Ron Gula, president and co-founder, Gula Tech Adventures. In this episode: Why is it so darn expensive to get any training on the defender side? Why is there a mountain of free education for red teaming? Shouldn't blue team training should be free or less expensive as well? Is this the...
Why are CISOs Excluded from Executive Leadership?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining me is our guest, Ben Sapiro, head of global cyber security services, Manulife. In this episode: Why do we see a dearth of CISOs listed in executive leadership? Is this just a factor of company reporting structure? Or do CISOs really not have a seat at the table with the business? How...
What Is Your SOC's Single Search of Truth?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.Joining us is our sponsored guest, Matt Eberhart, CEO, Query. In this episode: Isn't the whole point of a single pane of glass making sense of your data? But when these dashboards are limited to a single platform, how useful are they? Does it seem like all they've led to is more browser tabs or more...
When Is Data an Asset and When Is It a Liability?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining me is my guest, Mario Trujillo, staff attorney, Electronic Frontier Foundation. In this episode: Data is the life blood of an organization but what happens when you collect too much? Do you put risk on both your organization and for any individuals that data belongs too? Is it still wise to collect...
Tracking Anomalous Behaviors of Legitimate Identities
All links and images for this episode can be found on CISO Series. The Verizon DBIR found that about half of all breaches involved legitimate credentials. It's a huge attack surface that we're only starting to get a handle of. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Adam Koblentz, field CTO, Reveal Security. In this episode: Where are we in terms of monitoring anomalous behavior of our users? Why are...
Why Do Cybersecurity Startups Fail?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining me is our guest, Mike Levin, deputy CISO, 3M. In this episode: Why do security startups fail? All startups are an inherently risky proposition, but what are the specific challenges for startups in our industry? What's unique about cybersecurity startups? What's the most common reason you've seen a cyber startup not succeed?...
Is "Compliance Doesn't Equal Security" a Pointless Argument?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining me is our guest, Derek Fisher, Executive director of product security, JPMorgan. In this episode: A security program shouldn't stop at compliance, but that doesn't mean we should undervalue it, right? Why are we so quick to dismiss compliance as simple check boxes? Why is compliance important and why is it often...
CISOs Responsibilities Before and After an M&A
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining me is our guest, Alexandra Landegger, Executive Director and CISO, Collins Aerospace. In this episode: Why do mergers and acquisitions always present challenges to an organization? When it comes to cybersecurity, how involved should a CISO be before AND after an acquisition? Can cybersecurity considerations make or break a deal? What skills...
Use Red Teaming To Build, Not Validate, Your Security Program
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.Joining us is our sponsored guest, Richard Ford, CTO, Praetorian. In this episode: When did we all agree that red teaming was about validating security? Does it seem like increasingly red teaming is a catch all term for a whole lot of testing that isn't clearly defined? Is this making it hard to see its value?...
The Do's and Don'ts of Approaching CISOs
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.Joining us is our guest, Adam Glick, CISO, PSG. In this episode: Vendors need to reach out to CISOs, but what does a successful approach look like? Do vendors often spray and pray with outreach, rather than doing a bare minimum of research? What else can vendors do to try to create meaningful outreach to CISOs?...
Doing Third Party Risk Management Right
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining me is our guest, Erik Decker, CISO, Intermountain Health. In this episode: Why are we all struggling trying to manage third-party risk? Why do the hated questionnaires seem like compliance checkbox efforts? Does anyone believe it reduces risk? What's the right approach and how do you strike the right balance? Thanks to...
Warning Signs You're About To Be Attacked
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Trevor Hilligoss, senior director of security research, SpyCloud. In this episode: What are the things that raise red flags that you're about to experience an attack? What signals set off your Spidey sense that things could go sideways? What are the early warning signs an attack is underway? Did...
Do We Have to Fix ALL the Critical Vulnerabilities?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining me is our guest, David Christensen, VP, CISO, PlanSource. In this episode: How do you actually focus your patching efforts on the vulnerabilities that are seen as universally holding the most risk? With limited resources, is it possible to "patch all the things"? How do we focus patching efforts to fix the...
Mitigating Generative AI Risks
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining us is our guest, Jerich Beason, CISO, WM. In this episode: Does generative AI come with a new set of risks? How can we address these risks to take advantage of its benefits? How do we approach a much desired technology we're not so sure how we should secure? How can we...
Building a Cyber Strategy for Unknown Unknowns
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Himaja Motheram, Censys. In this episode: How can one create a security program around unknown problems? Don't we know a lot of the things we lack visibility into that can cause security issues? But what about the things you don't even know about in the first...
Responsibly Embracing Generative AI
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security. In this episode: Are businesses walking a tightrope with generative AI? How can organizations implement generative AI responsibly? What can we learn from previous transitions that can help us responsibly bring generative AI into the workplace milieu? What else are we missing? Thanks...
People Are the Top Attack Vector (Not the Weakest Link)
All links and images for this episode can be found on CISO Series. In increasingly complex technical defenses, threat actors frequently target the human element. This makes them a top attack vectors, but are they actually the weak leak in your defenses? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining us is our guest, Christina Shannon, CIO, KIK Consumer Products. Thanks to our podcast sponsor, SPHERE SPHERE is the Identity Hygiene pioneer. It...
What's Entry Level in Cybersecurity?
All links and images for this episode can be found on CISO Series. We often talk about the contradiction of seemingly entry-level security jobs requiring years of experience. But maybe that's because entry-level jobs don't actually exist. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining us this week is our guest Jay Wilson, CISO, Insurity. Thanks to our podcast sponsor, SlashNext SlashNext Complete delivers zero-hour protection for how people work today across email,...
New SEC Rules for Cyber Security
All links and images for this episode can be found on CISO Series. The Securities and Exchange Commission issued new cyber rules. What do these new rules mean for CISOs and will they ultimately improve our cybersecurity posture? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.Joining us is our guest, Jamil Farshchi, CISO, Equifax. Thanks to our podcast sponsor, Nudge Security Nudge Security provides complete visibility of every SaaS and cloud account ever created by anyone...
The Value of RSA, Black Hat, and Mega Cyber Tradeshows
All links and images for this episode can be found on CISO Series. Are trade shows like RSA getting so big that there's not enough economic value for a CISO to attend? Or do these events have enough industry gravity to justify the spend? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining us is our special guest Lee Parrish, CISO, Newell Brands. Thanks to our podcast sponsor, Censys In this episode: Everyone sees...
Is Remote Work Helping or Hurting Cybersecurity?
All links and images for this episode can be found on CISO Series. Work from home flourished during the pandemic. Many workers love it and don't want to go back. Some organizations are pushing for a return to the office. Is in-office work necessary to improve productivity and cybersecurity posture? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining us for the episode is our guest, Shawn Bowen, CISO, World Kinect Corporation. Thanks to...
How to Manage Users' Desires for New Technology
All links and images for this episode can be found on CISO Series. Large language models and generative AI are today's disruptive technology. This is not the first time companies just want to ban a new technology that everyone loves. Yet, we're doing it all over again. Whether its ChatGPT or BYOD, people are going to use desirable new tech. So if our job isn't to stop it, how do we secure it? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of...
Cybersecurity Questions Heard Around the Kitchen Table
All links and images for this episode can be found on CISO Series. What do the people least in the know about cyber, want to know? What are they asking? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Caitlin Sarian, AKA cybersecuritygirl on TikTok. Thanks to our podcast sponsor, DataBee from Comcast Technology Solutions DataBee, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data...
How to Prime Your Data Lake
All links and images for this episode can be found on CISO Series. A security data lake, a data repository of everything you need to analyze and get analyzed sounds wonderful. But priming that lake, and stocking it with the data you want to get the insights you need is a more difficult task than it seems. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining us is our sponsored guest, Matt Tharp, Head...
Getting Ahead Of Your Threat Intelligence Program
All links and images for this episode can be found on CISO Series. A threat intelligence program sounds like a sound effort in any security program. But, can you pull it off? There are so many phases to execute properly. Blow it with any one of them and your threat intelligence effort is moot. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.Joining us today is our special guest Jon Oltsik, distinguished analyst and fellow, Enterprise Strategy...
How Security Leaders Deal with Intense Stress
All links and images for this episode can be found on CISO Series. When you have an incident and you're engulfed by the stress that lasts more than a day, how do you manage and deal with it? And not only how do you manage your stress, but how do you manage everyone else's? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining us is our special guest, Tim Brown, CISO, Solarwinds. Thanks to...
How Do We Influence Secure Behavior?
All links and images for this episode can be found on CISO Series. We all know that our employees need to be more security aware, but what are the methods to get them there? How can we make our employees more security conscious? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.Joining us is our sponsored guest Jack Chapman, vp, threat intelligence, Egress. Thanks to our podcast sponsor, Egress Egress helps organization stop email security risks is...
Security Concerns with ChatGPT
All links and images for this episode can be found on CISO Series. Users have tried to upload sensitive company information and PII, personally identifiable information, into ChatGPT. Those who are successful getting the data in, have now made that data free to all. Will people's misuse of these generative AI programs be our greatest downfall to security and privacy? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining us is our special guest...
Create A Pipeline of Cyber Talent
All links and images for this episode can be found on CISO Series. The demand for cybertalent is sky high. It's very competitive to get those people with skills. What if you were to train your staff and give them the skills you want? Essentially, what if you were to grow your own unicorn? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Joining us is our special guest, Jesse Whaley, CISO, Amtrak. Thanks to...
Improving Adoption of Least Privileged Access
All links and images for this episode can be found on CISO Series. What are we doing to improve access management? Make it too loose and it's the number one way organizations get breached. Put on too many controls and now you've got irritated users just trying to do their job. How does each organization find their sweet spot? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.We welcome our sponsored guest Paul Guthrie...
Securing SaaS Applications
All links and images for this episode can be found on CISO Series. With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO's architectural strategy? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.Our guest is Steve Zalewski who also hosts Defense in Depth. Thanks to our podcast sponsor, AppOmni Do you know which 3rd party apps are connected to your SaaS platforms? After all, one...
How Do We Get Better Control of Cloud Data?
All links and images for this episode can be found on CISO Series. When it comes to data, compliance, and reducing risk, where are we gaining control? Where are we losing control? And what are we doing about that? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.We welcome our sponsored guest Amer Deeba, CEO and Co-founder, Normalyze. Thanks to our podcast sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and...
Finding Your Security Community
All links and images for this episode can be found on CISO Series. If you're struggling to get your first job in security or you're trying to get back into the industry after being laid off, you need to lean on your security community. But like networking, you should find it before you need it. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Thanks to our podcast sponsor, Egress Egress helps organization stop email security risks...
Let's Write Better Cybersecurity Job Descriptions
All links and images for this episode can be found on CISO Series. What should a cyber job description require, and what shouldn't it? What's reasonable and not reasonable? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Rob Duhart (@robduhart), deputy CISO, Walmart. Thanks to our podcast sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze...
How Should Security Better Engage with Application Owners?
All links and images for this episode can be found on CISO Series. Since so much technology today is not launched by the IT department, but by business units themselves. How do security professionals engage with business and application owners and have a conversation about security policy and procedures? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.We welcome our sponsored guest Harold Byun (@haroldnhoward), chief product officer, AppOmni. Thanks to our podcast sponsor,...
How To Get More People Into Cybersecurity
All links and images for this episode can be found on CISO Series. There are millions of cybersecurity jobs open. Over time, that number has just been growing. What we're doing now does not seem to be working. So what's it going to take to fill all these jobs quickly? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Rich Gautier, former CISO for the U.S. Department of Justice, Criminal Division. Thanks to our...
How to Create a Positive Security Culture
All links and images for this episode can be found on CISO Series. How do you create a positive security culture? It's rarely the first concept anyone wants to embrace, yet it's important everyone understands their responsibility. So what do you do, and how do you overcome inevitable roadblocks? Check out this post and this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.We welcome our sponsored guest, Jadee Hanson, CISO/CIO for Code42. Thanks to our podcast...
How Should We Trust Entry Level Employees?
All links and images for this episode can be found on CISO Series. All experienced security professionals were at one time very green. Entry level status means risk to your organization. That's if you give them too much access. What can you trust an entry level security professional to do that won't impose unnecessary risk? And how can those green professionals build trust to allow them to do more? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve...
How Must Processes Change to Reduce Risk?
All links and images for this episode can be found on CISO Series. What do we need to do to fix our processes to truly reduce risk and vulnerabilities? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.Our sponsored guest is Amad Fida (@brinqa), CEO, Brinqa. Thanks to our podcast sponsor, Brinqa Understand your cyber assets, prioritize vulnerabilities, automate remediation, and continuously monitor cyber hygiene across the entire attack surface infrastructure, applications and cloud with Brinqa. See...
Reputational Damage from Breaches
All links and images for this episode can be found on CISO Series. Security professionals talk a lot about the reputational damage from breaches. And it seems logical, but major companies still do get breached and their reputation seems spared. What's the reality of what breaches can do to a company's reputation? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our guest Cecil Pineda, CISO, R1. Thanks to our podcast sponsor, Brinqa Understand your cyber assets, prioritize vulnerabilities,...
Do RFPs Work?
All links and images for this episode can be found on CISO Series. Do RFPs or request for proposals work as intended? It seems they're loaded with flaws yet for some organizations who must follow processes, they become necessary evils for both buyers and sellers. What can we do to improve the process? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our guestKeith McCartney (@kmflgator), vp, security and IT, DNAnexus. Thanks to our podcast sponsor, TrustCloud TrustCloud is...
Successful Cloud Security
All links and images for this episode can be found on CISO Series. What are the moves we should be making in cloud to improve our security? What constitutes a good cloud security posture? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andAndy Ellis, operating partner,YL Ventures. We welcome our sponsored guest Yoav Alon, CTO, Orca Security. Thanks to our podcast sponsor, Orca Security Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. With continuous...
How Should Security Vendors Engage With CISOs?
All links and images for this episode can be found on CISO Series. One CISO has had enough of the security vendor marketing emails and cold sales calls. He's blocking them all. But it's not a call to avoid all salespeople. He just doesn't have the time to be a target anymore. So how should vendors engage with such a CISO? And does CISO represent most CISOs today? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our sponsored...
Gartner Created Product Categories
All links and images for this episode can be found on CISO Series. Do we really need more categories of security products? Every new Gartner magic quadrant complicates the marketplace but at the same time helps us understand the other vectors we need to protect. Do new categories of security products help or hurt the industry? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Corey Elinburg (@celinburg), CISO, CommonSpirit Health. Thanks to our...
How to Always Make a Business Case for Security
All links and images for this episode can be found on CISO Series. How can security leaders and how do they go about matching business case to every security action you want to take? Is this the right way to sell security to the board? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Sravish Sridhar (@sravish), founder and CEO, TrustCloud. Thanks to our podcast sponsor, TrustCloud TrustCloud is the all-in-one platform to...
Do Breaches Happen Because the Tool Fails, or the Tool Was Poorly Configured?
All links and images for this episode can be found on CISO Series. Security tools are supposed to do a job. Either they need to alert you, protect you, or remediate an issue. But they don't always work and that's why we have breaches. Who's at fault, the tool or the administrators who configured the tool? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our guest Kenneth Foster (@Kennethrfoster1), vp of IT governance, risk and compliance at FLEETCOR....
What We Love About Working in Cybersecurity
All links and images for this episode can be found on CISO Series. We talk a lot on this show about what makes cybersecurity such a hard job, yet there are so many people who are in it and love it. What draws people to this profession and why do they love it so much? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our guest David Cross (@MrDBCross), CISO, Oracle SaaS Cloud. Thanks to our podcast sponsor, Orca...
Security That Accounts for Human Fallibility
All links and images for this episode can be found on CISO Series. We expect our users to be perfect security responders even when the adversaries are doing everything in their power to trick them. These scams are designed to make humans respond to them. Why aren't we building our security programs to account for this exact behavior that is simply not going to go away? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest...
Why You Should Be Your Company's Next CISO
All links and images for this episode can be found on CISO Series. How do you make the argument that your company needs a CISO, and that YOU should be that leader? What do you need to demonstrate to prove you can be that person? Check out this postand this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our sponsored guest Radley Meyers (@radleymeyers), Partner, SPMB Executive Search. Thanks to our podcast sponsor, SPMB SPMB connects top executive talent to...
How to Become a CISO
All links and images for this episode can be found on CISO Series. How do you become a CISO? It doesn't follow a linear pattern as many other professions. There are many different paths and there are many different entry points. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Yabing Wang, CISO, Justworks. Thanks to our podcast sponsor, SPMB SPMB connects top executive talent to the world's best and fastest growing innovators across...
Can You Build a Security Program on Open Source?
All links and images for this episode can be found on CISO Series. What would it take to build your entire security program on open source software, tools, and intelligence? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome guest DJ Schleen (@djschleen), distinguished security architect, Yahoo Paranoids. Thanks to our podcast sponsor, SPMB SPMB connects top executive talent to the world's best and fastest growing innovators across the country. A key area we bring extensive knowledge and expertise...
Third Party Risk vs. Third Party Trust
All links and images for this episode can be found on CISO Series. Businesses grow based on trust, but they have to operate in a world of risk. Even cybersecurity operates this way, but when it comes to third party analysis, what if we leaned on trust more than trying to calculate risk? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and our guest co-host is Yaron Levi (@0xL3v1), CISO, Dolby. Yaron and I welcome Dan Walsh, CISO, VillageMD....
How Can We Improve the Cyber Sales Cycle?
All links and images for this episode can be found on CISO Series The cybersecurity sales process is so terribly inefficient. And everyone, the targets and cybersecurity leaders, are losing valuable time because of that inefficiency. Where can we start making improvements? Check out this post for the discussion that's the basis for this podcast episode. This week's Defense in Depth is hosted by me, David Spark (@dspark), producer, CISO Series. Our guest co-host is John Overbaugh, CISO, ASG. John and I welcome our guest, Jerich Beason (@blanketsec), commercial CISO, Capital One. Thanks to our podcast sponsor, Compyl GRC solutions...
What Leads a Security Program: Risk or Maturity?
All links and images for this episode can be found on CISO Series. When you think about building a plan (and budget!) for your security program, do you lead with risk, maturity, or something else? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ngozi Eze, CISO, Levi Strauss. Thanks to our podcast sponsor, runZero runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected...
Limitations of Security Frameworks
All links and images for this episode can be found on CISO Series Why do strongly supported security frameworks have such severe limitations when building a security program? Check out this postfor the discussions that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our sponsored guest Stas Bojoukha, CEO, Compyl. Thanks to our podcast sponsor, Compyl GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they can't fix the problems you set to...
Why Is There a Cybersecurity Skills Gap?
All links and images for this episode can be found on CISO Series. Why is there a cybersecurity skills gap? Practically everyone is looking to hire, and there are ton of people getting training and trying to get into the industry, but we still have this problem. Why? Check outthis postfor the discussions that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome Edwin Covert (@ebcovert3), head of cyber risk engineering, Bowhead Specialty. Thanks to our podcast sponsor, Orca Security In this episode: Why is there...
What Can the Cyber Haves Do for the Cyber Have Nots?
All links and images for this episode can be found on CISO Series. Given that your company's security is dependent on the security of your partners and others, what can we do to get more organizations above the security poverty line? Check outthis postfor the discussions that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our sponsored guest, Jason Kikta (@kikta), CISO, Automox. Thanks to our podcast sponsor, Automox Are you ready to ditch manual patching? With Automox, you can automatically patch your third-party applications,...
Securing Unmanaged Assets
All links and images for this episode can be found on CISO Series. "When the asset discovery market launched, every single company that offered a solution used the line, "You can't protect what you don't know." Everyone agreed with that. Problem is, "what you don't know" has grown a lot." Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Huxley Barbee (@huxley_barbee), security evangelist, runZero. Thanks to our podcast sponsor, runZero runZero is...
Ambulance Chasing Security Vendors
All links and images for this episode can be found on CISO Series A good high profile security threat seems like a good time to alert potential customers about how your product could help or even prevent a breach. Seems like a solid sales tactic for any industry that is not cybersecurity. Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our guest Angela Williams, CISO, UL. Thanks to our podcast sponsor, Automox Are you ready to ditch manual...
Do CISOs Have More Stress than Other C-Suite Jobs
All links and images for this episode can be found on CISO Series Why do CISOs seem more stressed out than other C-level executives? Check out this postfor the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our guest Jared Mendenhall, Head of information security, Impossible Foods. Thanks to our podcast sponsor, Compyl GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they can't fix the problems you set to solve....
How Should We Discuss Cyber With the C-Suite?
All links and images for this episode can be found on CISO Series How detailed do we get in our conversation with business leaders? Do we dumb it down? Or is that a recipe for trouble? Check outthis postfor the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our guest Lee Parrish (@leeparrish), CISO, Newell Brands. Thanks to our podcast sponsor, Qualys Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. In this episode: How detailed do we get...
Can You Be a vCISO If You've Never Been a CISO?
All links and images for this episode can be found on CISO Series Why are there so many vCISOs who have never been a CISO? Isn't it difficult to advise on a role you've never done? Do organizations feel comfortable hiring an inexperienced vCISO as their CISO? Check outthis postfor the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our guest Steve Tran, CSO, DNC. Thanks to our podcast sponsor, runZero runZero is the cyber asset management solution that helps you find and...
How Should We Gauge a Company's Cyber Health?
All links and images for this episode can be found on CISO Series As an outside observer, how can you tell if a company is staying cyber healthy? While there is no financial statement equivalency to let you know the strength of a company's security profile, there are signals that'll give you a pretty good idea. Check outthis postfor the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our guest Matt Honea, CISO, SmartNews. Thanks to our podcast sponsor, Automox Are you ready...
Reducing the Attack Surface
All links and images for this episode can be found on CISO Series The cyber attack surface just keeps growing to the point that it seems endless. Protecting it all is impossible. Is there anything that can be done to reduce that attack surface and limit your exposure? Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Jonathan Trull (@jonathantrull), CISO, Qualys. Thanks to our podcast sponsor, Qualys Qualys is a pioneer and...
Do We Need a Marketing Manager for the Security Team?
All links and images for this episode can be found on CISO Series Those reports on security procedures for the business are falling short. No one is reading them. What good are security controls if your staff doesn't know about them or adhere to them? Is it time to hire a marketing manager for the security team? Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Laura Deaner (@b3dwin), CISO, Northwestern Mutual. Thanks to...
Cybersecurity Budgets
All links and images for this episode can be found on CISO Series Cybersecurity budgets are increasing, by a lot. What's fueling the increase and where are those budgets being spent? Check outthis postfor the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our sponsored guest sponsored guest Nick Kakolowski, senior director of research at IANS Research. Thanks to our podcast sponsor, IANS Research CISOs, how does your compensation compare with your peers? Download IANS + Artico Search's 2022 CISO Compensation Benchmark Report....
How Can We Make Sense of Cybersecurity Titles?
All links and images for this episode can be found on CISO Series What's the difference between a head of security, a vp of security, and a CISO? Do job responsibilities change whether you're a security analyst or a threat engineer? Roles are confusing and so is the pay and responsibilities attached to them. Check out this post and this post for the basis of today's discussion. this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Hadas Cassorla, CISO, M1. Our guest is Renee Guttman, former CISO of Coca-Cola, Time Warner, Campbells. Thanks to...
Walk a Mile in a Security Recruiter's Shoes
All links and images for this episode can be found on CISO Series Instead of complaining about the security hiring process, walk a mile in a recruiter's shoes and have a little compassion to what they're going through, and how you might be able to help, at any level. Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap) with our guest Caleb Sima (@csima), CSO, Robinhood. Thanks to our podcast sponsor, Safe Security If your CFO...
Moving Security from a Prevention to a Resilience Strategy
All links and images for this episode can be found on CISO Series Are security programs drifting from a prevention to a resilience strategy? If so, are you truly operating in a resilient environment? Or are you still acting in a prevention stance but you know you should be resilient? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest David Ratner (@davidhratner), CEO, HYAS. Thanks to our podcast sponsor,...
How to Engage with Non-Technical Business Leaders
All links and images for this episode can be found on CISO Series How do you talk to non-technical business leaders about cybersecurity? It's a concern, it's a risk, they want to know so they can make logical business decisions. How do you help? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Our guest is Sara Hall, deputy CISO, MassMutual. Thanks to our podcast sponsor, HYAS "Better production environment security starts with visibility. After all,...
Cybersecurity Burnout
All links and images for this episode can be found on CISO Series Why are cybersecurity professionals burning out? What's the dynamic of the job, the pressures being put on them, that causes the best to leave? And this industry can't afford to lose its best talent. Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and special guest co-host Shawn Bowen (@SMbowen), CISO, World Fuel Services. Our guest is Bozidar Spirovski (@spirovskib), CISO, Blue dot. Thanks to our podcast...
How to Build a Greenfield Security Program
All links and images for this episode can be found on CISO Series You're starting a security program from scratch and you're trying to figure out where to start, what to prioritize, and how to architect it so it grows naturally and not a series of random patches over time. Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO. Our guest is Mark Bruns, CISO, First Bank. Thanks to our podcast sponsor, Keyavi Myth: Data...
Managing the Onslaught of Files
All links and images for this episode can be found on CISO Series Files are still the core of how people do business. How are you dealing with the onslaught of files coming into your network? People are sharing files across a multitude of platforms, and many for which you may not even know about. What checks and balances do you put in place to make sure you've got file integrity no matter the source? Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the...
Can You Have Culture Fit and Diversity, or Are They Mutually Exclusive?
All links and images for this episode can be found on CISO Series Hiring managers speak about looking for culture fit and diversity, but never at the same time. Can they coexist? Are they mutually exclusive? Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Sherron Burgess, CISO, BCD Travel. Thanks to our podcast sponsor, Votiro Can you trust that the files entering your organization are free of hidden threats like malware & ransomware?...
How to Follow Up With a CISO
All links and images for this episode can be found on CISO Series Cyber sales is hard. But don't let the difficulty of doing it get in way of your good judgement. So what is the right way to follow up with a CISO? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Jack Kufahl, CISO, Michigan Medicine. Thanks to our podcast sponsor, SolCyber At SolCyber we're hell-bent on delivering Fortune...
Roles to Prepare You to Be a CISO
All links and images for this episode can be found on CISO Series One day you want to be a CISO. What area of security you begin your studies? Or maybe you shouldn't be studying security. Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Evelin Biro (@wolfsgame), CISO, Alliant Credit Union. Thanks to our podcast sponsor, Qualys Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. In this episode:...
Minimizing Damage from a Breach
All links and images for this episode can be found on CISO Series What can we do to reduce the damage of a breach and the duration of detection and remediation? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Dave Klein (@cybercaffeinate), director, cyber evangelist, Cymulate. Thanks to our podcast sponsor, Cymulate The Ultimate Guide to Security Posture Validation: Learn how to effectively measure and reduce risk through continuous...
We're All Still Learning Cyber
All links and images for this episode can be found on CISO Series Learning cyber is not a question for those who are just starting out. It's for everybody. Where and how do we learn at every stage of our professional careers? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Jerich Beason, CISO, Commercial, Capital One. Thanks to our podcast sponsor, SlashNext SlashNext protects the modern workforce from phishing and...
Practical Cybersecurity for IT Professionals
All links and images for this episode can be found on CISO Series You're a CISO, vCISO, or MSSP rolling into a company that has yet to launch a cybersecurity department. How do you communicate about cyber with the IT department? They're not completely new to cyber. What's the approach to engagement that helps, but doesn't insult? How do you offer practical cybersecurity advice? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our...
Data Protection for Whatever Comes Next
All links and images for this episode can be found on CISO Series Cybersecurity boils down to securing your data or data protection. But that simple concept has turned into a monumental task that is only exacerbated every time we move our data to a new platform. How do we secure data today, to be ready for whatever comes next in computing? Check outthis postand this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, and guest co-host Gary Hayslip (@ghayslip), global CISO, SoftBank Investment Advisers....
What Is Attack Surface Profiling?
All links and images for this episode can be found on CISO Series Is attack surface profiling the same as a pen test? If it isn't what unique insight can attack surface profiling deliver? Check outthis postfor the discussion that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our guest is Nick Shevelyov, former CSO, Silicon Valley Bank. Thanks to our podcast sponsor, Keyavi Myth: Data can't protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On...
How Can You Tell If Your Security Program Is Improving?
All links and images for this episode can be found on CISO Series What's your best indicator that your security program is actually improving? And besides you and your team, is anyone impressed? Check outthis postfor the discussion that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our guest is Simon Goldsmith (@cybergoldsmith), director of information security, OVO Energy. Thanks to our podcast sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware...
How Can We Improve Recruiting of CISOs and Security Leaders?
All links and images for this episode can be found on CISO Series Interviewing for leadership positions in cybersecurity is difficult for everyone involved. There are far too many egos and many gatekeepers. What can be done to improve recruiting of CISOs? Check outthis postand this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn with our guest Ty Sbano (@tysbano), CISO, Vercel. Thanks to our podcast sponsor, Thinkst Most Companies find out way too late that they've been breached. Thinkst Canary changes...
How Is Our Data Being Weaponized Against Us?
All links and images for this episode can be found on CISO Series How are nefarious actors using our own data (and metadata) against us? And given that, in what way have we lost our way protecting data that needs to be course corrected? Check outthis postfor the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. Our sponsored guest is John Ayers (@cyberjohn1747), vp of advanced detection and response office of the CTO, Optiv. Thanks to our podcast sponsor, Optiv The modern enterprise needs a...
Can Security Be a Profit Center?
All links and images for this episode can be found on CISO Series Is it possible to position your security team as a profit center instead of the traditional cost center reporting to the CIO? Check out this postfor the discussion that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our guest is Michael Weiss, CISO, Human Interest. Thanks to our podcast sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv's Advanced Detection and Response (ADR) works with your organization to comb through the...
Getting Ahead of the Ongoing Malware Fight
All links and images for this episode can be found on CISO Series For years we've been referring to malware protection as a cat and mouse game. The crooks come up with a new malware attack, and then the good guys figure out a way to stop it. And that keeps cycling over and over again. So where are we today with malware protection and is there any way to get ahead of the cycle? Check outthis post and this postfor the discussion that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer...
Building a Security Awareness Training Program
All links and images for this episode can be found on CISO Series We all know and have experienced bad security awareness training. People can learn, and should learn about being cyber aware. How do you build a security awareness training program that sticks? Check outthis postfor the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn with our guest Lisa Kubicki (@lmk2), trust and security, training and awareness director, DocuSign. Thanks to our podcast sponsor, Drata Save 200+ hours withDrata's automated continuous compliance solution for...
Onboarding Cyber Professionals with No Experience
All links and images for this episode can be found on CISO Series You want to bring on entry level personal, But green employees, who are not well versed in security, IT, or your data introduce risk once they have access to it. What are ways to bring these people on while also managing risk? Check outthis postfor the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. Our guest is Rich Lindberg, CISO, JAMS. Thanks to our podcast sponsor, SolCyber At SolCyber we're hell-bent on...
Where's the Trust in Zero Trust?
All links and images for this episode can be found on CISO Series Zero trust is a hollow buzzword. In any form of security, there exist critical points where we have to trust. What we need is a move away from implicit trust to explicit trust, or identity that can be verified. Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. Our guest is Yaron Levi (@0xL3v1), CISO, Dolby. Thanks to our podcast sponsor, Optiv Need a guide on your Zero Trust...
Who Investigates Cyber Solutions?
All links and images for this episode can be found on CISO Series Cyber professionals, who is responsible on your team for investigating new solutions? Check outthis post and this postfor the discussion that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our guest is Nick Ryan, director of enterprise technology security and risk, Baker Tilly. Thanks to our podcast sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in...
Does the Cybersecurity Industry Suck?
All links and images for this episode can be found on CISO Series In the cyber industry we pat each other on the back and give each other awards, all while the statistics for breaches appear to be worsening, Are we celebrating growing failure? Does the cyber industry suck? Check outthis postfor the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. Our guest is Fredrick Lee (AKA "Flee") (@fredrickl), Flee, CSO, Gusto. Thanks to our podcast sponsor, Cymulate The Ultimate Guide to Security Posture Validation:...
Are We Taking Zero Trust Too Far?
All links and images for this episode can be found on CISO Series For some, the definition of zero trust has expanded from how we grant access to networks, applications, and data to how we trust individuals in the real world. Are we taking zero trust too far? Check outthis postfor the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. Our guest is Thomas Doughty, CISO, Prudential Financial. Thanks to our podcast sponsor, Netfoundry NetFoundry, built on OpenZiti, is the only solution purpose-built to connect...
Is Shift Left Working?
All links and images for this episode can be found on CISO Series Developers and security professionals have been heavily sold on the concept of "shift left" or deal with security issues early in development rather bolting it on at the end. It all made logical sense, but now we've been doing it for a few years and has shift-left actually reduced application security concerns? Check outthis post, this post, and this postfor the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our sponsored guest is Mike...
Technical vs. Compliance Professionals
All links and images for this episode can be found on CISO Series Do we have a Monitgue/Capulet rivalry between technical and compliance professionals? Why is this happening, and what can be done to improve it? Does it need to be improved? Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our guest is Linda White, director of InfoSec, Axiom Medical. Thanks to our podcast sponsor, Netfoundry NetFoundry, built on OpenZiti, is the only solution purpose-built to connect massively distributed apps, edges, clouds and...
Why Do So Many Cybersecurity Products Suck?
All links and images for this episode can be found on CISO Series Why do we end up with so many bad security products? Who is to blame and how can we fight back an ecosystem that may be fostering subpar products? Check outthis postfor the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. Our sponsored guest is Haroon Meer (@HaroonMeer), founder and researcher, Thinkst Canary. Thanks to our podcast sponsor, Thinkst Canary Most Companies find out way too late that they've been breached. Thinkst...
Training for a Cyber Disaster
All links and images for this episode can be found on CISO Series What are you doing to prepare for the next cyber disaster? You must train for it, because when it happens, and it will happen, everyone should know what they need to do. Check outthis postfor the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. Our guest is Roland Cloutier (@CSORoland), CISO, TikTok. Thanks to our podcast sponsor, Keyavi Data that protects itself? Now it does! We made data so smart it can...
Virtual Patching
All links and images for this episode can be found on CISO Series What if you didn't spend all your time patching vulnerabilities but instead created a security policy that prevented known vulnerabilities from being exploited. How doable is this solution of virtual patching? Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our guest is Ody Lupescu, CISO, Ethos Life. Thanks to our podcast sponsor, Araali Networks Managing vulnerabilities at the speed and scale of the cloud is challenging, especially when the implications...
Start a Cybersecurity Department from Scratch
All links and images for this episode can be found on CISO Series A 500+ person company doesn't have a security department. They need one and they need to convince the CEO they need one. How do you build a cybersecurity team and program from scratch? Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. Our guest is Rishi Tripathi (@ris12hi), CISO, Mount Sinai Health System. Thanks to our podcast sponsor, Tines Tines was founded by experienced security practitioners who cared about...
How to Think Like a Cybercrook
All links and images for this episode can be found on CISO Series "If you want to catch a cybercrook, you need to think like one." But how do you actually go about thinking like a cybercriminal? What's the actual process? Check out this postand this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. Our guest is Brian Brushwood (@shwood), creator of Scam School and World's Greatest Con. Plus he's launched multiple channels with millions of subscribers and multiple number one comedy...
Building a Data-First Security Program
All links and images for this episode can be found on CISO Series Could you build a data-first security program? What would you do if you focused your security program on just the asset? Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our sponsored guest is Brian Vecci (@brianthevecci), field CTO, Varonis. Thanks to our sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size...
Offensive Security
All links and images for this episode can be found on CISO Series Offensive security or "hacking back" has always been seen as either unethical or illegal. But now, we're seeing a resurgence in offensive security solutions. Are we redefining the term, or are companies now "hacking back?" Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our guest is Eric Hussey, CISO, Aptiv. Thanks to our podcast sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will...
When Vendors Pounce on New CISOs
All links and images for this episode can be found on CISO Series A security professional announces a new position as CISO. As a vendor you see this as good timing to try a cold outreach to sell your product. Why do so many vendors think this is a good tactic, when in reality it's exactly what you should not do? Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. Our guest isYaron Levi(@0xL3v1), CISO,Dolby. In this episode: Is the pouncing on...
Building a Cybersecurity Culture
All links and images for this episode can be found on CISO Series How do you begin building a cyber security culture for the whole company? And more importantly, how do you maintain that? Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. Our guest is Mike Hanley (@_mph4), CSO, GitHub. Thanks to our podcast sponsor, Anjuna Anjuna Confidential Cloud software effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud. Unlike complex perimeter security solutions easily...
How to Pitch to a Security Analyst
All links and images for this episode can be found on CISO Series You're a security vendor and you've got a short briefing with a security analyst from a research firm. What do you want to get across to them, and what do you want to hear back from them? Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. Our guest is Ed Amoroso (@hashtag_cyber), founder and CEO, Tag Cyber. Huge thanks to our sponsor, Cymulate The Ultimate Guide to Security Posture...
Is Your Data Safer in the Cloud?
All links and images for this episode can be found on CISO Series Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn.Our sponsored guest is Michael Johnson, CISO, Novi (the financial arm of Meta, formerly Facebook) Thanks to our podcast sponsor, Anjuna Anjuna Confidential Cloud software effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud. Unlike complex perimeter security solutions easily breached by insiders and malicious code, Anjuna leverages the strongest secure computing technologies available to...
What Should We Stop Doing in Cybersecurity?
All links and images for this episode can be found on CISO Series Security professionals are drowning in activities. Not all of them can be valuable. What should security professionals stop doing be to get back some time? Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our guest is Jim Rutt, CISO, Dana Foundation. Thanks to our podcast sponsor, Thinkst Most companies discover they've been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0...
DDoS Solutions
How seamless are Distributed Denial of Service or DDoS solutions today? If you get a denial of service attack, how quickly can these solutions snap into action with no manual response by the user? Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn.Our guest isAlastair Cooke(@demitasenz), analyst,GigaOm. Huge thanks to our podcast sponsor, MazeBolt In this episode: Where should a DDoS solution reside? What vital elements should go into a DDoS solution? Do we need more automation and intelligence in these solutions?...
Making Cybersecurity Faster and More Responsive
All links and images for this episode can be found on CISO Series Knowing is only one-third the battle. Another third is responding. And the last third is responding quickly. It's not enough to just have the first two thirds. We need to be faster, but how? Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our guest isJason Elrod(@jasonelrod), CISO,MultiCare Health System. Thanks to our podcast sponsor, Eclypsium Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies...
Promises of Automation
All links and images for this episode can be found on CISO Series Automation was supposed to make cybersecurity professionals' lives simpler. And it was supposed to solve the talent shortage. Has any of that actually happened? Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn.Our guest isBrian Lozada(@brianl1775), CISO,HBOMax. Thanks to our podcast sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has...
When Social Engineering Bypasses Our Cyber Tools
All links and images for this episode can be found on CISO Series Check outthis postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn.Our sponsored guest isJosh Yavor(@schwascore), CISO,Tessian. Thanks to our podcast sponsor, Tessian 95% of breaches are caused by human error. But you can prevent them.Learn how Tessiancan stop "OH SH*T!" moments before they happen, why Tessian has been recognized by analysts like Gartner and Forrester, and which world-renowned companies trust the platform to protect their data. In this episode: What do...
How Can We Simplify Security?
All links and images for this episode can be found on CISO Series Why is cybersecurity becoming so complex? What is one thing we can do, even if it's small, to head us off in the right direction of simplicity? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our guest is Leda Muller, CISO at Stanford, Residential and Dining Enterprises. Thanks to our podcast sponsor, Eclypsium Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies...
Convergence of Physical and Digital Security
All links and images for this episode can be found on CISO Series Security convergence is the melding of all security functions from physical to digital and personal to business. The concept has been around for 17 years yet organizations are still very slow to adopt. A company's overall digital convergence appears to be happening at a faster rate than security convergence. Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostGeoff Belknap(@geoffbelknap), CISO,LinkedIn, and our guest is Anne Marie Zettlemoyer (@solvingcyber), business security officer, vp, security engineering, MasterCard....
How Do You Measure Cybersecurity Success?
All links and images for this episode can be found on CISO Series In most jobs there's often a clear indicator if you're doing a good job. In security, specifically security leadership, it's not so easy to tell. "Nothing happening" is not an effective measurement. So how should security performance be graded? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostGeoff Belknap(@geoffbelknap), CISO,LinkedIn, and our guest isDeneen DeFiore(@deneendefiore), CISO,United Airlines. Thanks to our podcast sponsor, Tessian In this episode: How should security performance be graded? Is "keeping it...
How Do We Turn Tables Against Adversaries?
All links and images for this episode can be found on CISO Series If we're going to turn the tables against our adversaries, everything from our attitude to our action needs to change to a format where attacks and breaches are not normalized, and we know the what and how to respond to it quickly. Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostGeoff Belknap(@geoffbelknap), CISO,LinkedIn, and our sponsored guestScott Scheferman(@transhackerism), principal strategist,Eclypsium. Thanks to our podcast sponsor, Eclypsium Eclypsium is the enterprise firmware security company. Our comprehensive,...
Ageism in Cybersecurity
All links and images for this episode can be found on CISO Series Is it too much experience? Is it that they're difficult to work with? Do they want too much money? Will they not be motivated? Are cyber professionals over the age of 40 being discriminated in hiring practices? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our guest is Ben Sapiro, head of technology risk and CISO at Canada Life. Thanks to our podcast sponsor, Qualys Qualys is a...
Proactive Vulnerability Management
All links and images for this episode can be found on CISO Series How do we turn the tide from reactive to proactive patch management? Does anyone feel good about where they are with their own patch management program? What would it take to get there? Check out this post and this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andSteve Zalewski.Our sponsored guest is Sumedh Thakar (@sumedhthakar), CEO, Qualys. Thanks to our podcast sponsor, Qualys Qualys is a pioneer and leading provider of cloud-based...
Why Is Security Recruiting So Broken?
All links and images for this episode can be found on CISO Series Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostGeoff Belknap(@geoffbelknap), CISO,LinkedIn, and our guest Tony Sager (@sagercyber), svp, and chief evangelist, Center for Internet Security. Thanks to our podcast sponsor, Qualys In this episode: What role should HR play in the hiring process of cybersecurity candidates? What happens when HR's algorithms don't see the right keywords? What are some better ways to get noticed by a human decision maker?
How to Be a Vendor that CISOs Love
All links and images for this episode can be found on CISO Series Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostGeoff Belknap(@geoffbelknap), CISO,LinkedIn, and our guest Andy Ellis(@csoandy), operating partner,YL Ventures. Thanks to our podcast sponsor, Varonis What isyour ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years.Combined with advanced detection thatmonitorsevery file touch, ransomwaredoesn'tstand a chance.Get a free risk assessment. In this episode: What are some "positive vendor engagement" characteristics? What tips can we share...
The "Are We Secure?" Question
All links and images for this episode can be found on CISO Series When a senior person at your company asks you, "Are we secure?" how should you respond? Check outthispostfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostSteve Zalewski,and our guest Paul Truitt, principal US cyber practice leader, Mazars. Thanks to our podcast sponsor, Varonis Still in the news is REvil's ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking...
Ransomware Kill Chain
What are the tell tale signs you've got ransomware before you receive the actual ransomware threat? Check outthis postand this post for the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostGeoff Belknap(@geoffbelknap), CISO,LinkedIn, and our sponsoredguest Brian Vecci (@BrianTheVecci), field CTO, Varonis. Thanks to our podcast sponsor, Varonis What isyour ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years.Combined with advanced detection thatmonitorsevery file touch, ransomwaredoesn'tstand a chance.Get a free risk assessment. In this episode: How to catch the ransomware...
Can Technology Solve Phishing?
All links and images for this episode can be found on CISO Series Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostGeoff Belknap(@geoffbelknap), CISO,LinkedIn, and ourguestRobert Wood(@holycyberbatman), CISO atCenters for Medicare & Medicaid Services. Thanks to our podcast sponsor, Living Security Traditional approaches to security communication are limited to one-off training sessions that fail to take customers, regulators, and other external stakeholders into account and rarely affect long-term behavioral change.This reportlays out a four-step plan that CISOs should follow to manage the human risk. It provides design principles...
Convergence of SIEM and SOAR
All links and images for this episode can be found on CISO Series SIEM tools that ingest and analyze data are ubiquitous in security operations centers. But just knowing what's happening in your environment is not enough. For competitive reasons, must SIEM tools expand and offer more automation, intelligence, and the ability to act on that intelligence? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostGeoff Belknap(@geoffbelknap), CISO,LinkedIn, and ourguest Chris Grundemann (@ChrisGrundemann), category lead, security, GigaOm. Thanks to our podcast sponsor, Keyavi Cyber criminals who attack healthcare...
Cybersecurity Is Not Easy to Get Into
All links and images for this episode can be found on CISO Series Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostSteve Zalewski, and our guest Adam Keown, director, information security, Eastman. Thanks to our podcast sponsor, VMware In this episode: What's more valuable to get hired: degrees or experience? What's better: narrow focus or broad skill range? What's more attractive: knowledge or drive? What's the deal: is there even such a thing as "entry level"?
Preventing Ransomware
All links and images for this episode can be found on CISO Series What is the most critical step to preventing ransomware? Security professionals may be quick to judge users and say it's a lack of cyberawareness. Could it be something else? Check outthis post for the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostGeoff Belknap (@geoffbelknap), CISO,LinkedIn, and our guest Rebecca Harness (@rebeccaharness), CISO, St. Louis University. Thanks to our podcast sponsor, VMware In this episode: What is the one critical step to preventing ransomware? The importance of leadership and...
Managing Lateral Movement
All links and images for this episode can be found on CISO Series For four years in a row, Verizon's DBIR, has touted compromised credentials as the top cause of data breaches. That means bad people are getting in yet appearing to be legitimate users. What are these malignant users doing inside our network? What are the techniques to both understand and allow for good yet thwart bad lateral movement? Check outthis post for the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-host Steve Zalewski, and our sponsored guest Sandy Wenzel...
First Steps as a CISO
All links and images for this episode can be found on CISO Series You've just joined a company as CISO, what's the very first step you would take to improve the security posture of your new company? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Olivia Rose, vp of IT and security, Amplitude. Thanks to our podcast sponsor, Proofpoint Sixty six percent of CISOs feel their organization is unprepared to handle a cyberattack and 58% consider human error to be their biggest...
How Does Ransomware Enter the Network?
All links and images for this episode can be found on CISO Series How is ransomware getting into your network? Is the path direct, like via email, or does it take a more circuitous route? Check outthis postand this post for the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-host Steve Zalewski, and our sponsored guest Ryan Kalember (@rkalember), evp, cybersecurity strategy, Proofpoint. Thanks to our podcast sponsor, Proofpoint Sixty six percent of CISOs feel their organization is unprepared to handle a cyberattack and 58% consider human error to be their...
What's the Value of Certifications?
All links and images for this episode can be found on CISO Series Why should security professionals get certifications? Do they actually teach you what you need to know to solve cybersecurity challenges? OR do they act as gateways or approval checks to be admitted into the field of cybersecurity? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, guest co-host Will Gregorian (@willgregorian), head of IT and security, Rhino and our guest Shawn M. Bowen (@smbowen), CISO, World Fuel Services. Thanks to our podcast sponsor, Palo Alto Networks...
Measuring the Success of Cloud Security
All links and images for this episode can be found on CISO Series How are you measuring your progress and success with cloud security? How much visibility into this are you providing to your engineering teams? Check outthis postand this post for the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our sponsored guest Matthew Chiodi (@mattchiodi), CSO, public cloud, Palo Alto Networks. Thanks to our podcast sponsor, Palo Alto Networks If you're doing cloud security right, no one knows if you've done anything. When...
How do I get my first cybersecurity job?
All links and images for this episode can be found on CISO Series What does a young person, eager to get into cybersecurity, have to show or prove to land their first help desk, tech support role? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our guest Bryan Zimmer (@bryanzimmer), head of security, Humu. Thanks to our podcast sponsor, Palo Alto Networks In 1666, Sir Isaac Newton famously used a prism to disperse white light into colors. Today, cloud security professionals...
Educating the Board About Cybersecurity
All links and images for this episode can be found on CISO Series What do we want the Board and C-Suite to know about cybersecurity? If you could teach them one thing about cybersecurity that would stick, what would that be? Check outthis postand this post for the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our guest Phil Huggins (@oracuk), CISO, NHS Test & Trace, Department of Health and Social Care. Thanks to our podcast sponsor, Proofpoint Sixty six percent of CISOs feel their...
CISO Recruiting Is Broken
All links and images for this episode can be found on CISO Series The demand for CISOs is growing due to increased regulations and cyber threats. Yet, while the demand is there, the supply keeps rotating. Companies think the next CISO is going to fix the problems of the last one. Why is a CISO's tenure so short and why is the hiring process for CISOs so disjointed? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, Steve Zalewski, and Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers Thanks to...
Retaining Cyber Talent
All links and images for this episode can be found on CISO Series Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, guest co-host Liam Connolly, CISO,Seek. and our guest Ben Sapiro(@ironfog), head of technology risk and CISO,Canada Life. Thanks to our podcast sponsor, RevCult On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Get...
Salesforce Security
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-salesforce-security/ Thanks to our podcast sponsor, RevCult On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Get afree Salesforce Security Self-Assessmentto understand your Salesforce security weaknesses. In this episode: Where is Salesforce delivering in security controls and where is it falling short? Salesforce security is more than just a single topic Working with...
Cloud Configuration Fails
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-cloud-configuration-fails/ Why do we hear so many stories about incidents related to poor or misconfigured cloud services? Check outthis postand this post for the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our sponsored guest, Brendan O'Connor, CEO, AppOmni. Thanks to our podcast sponsor, AppOmni AppOmni is building the future of SaaS security. We empower our users to enforce security standards across their SaaS applications, and enable them to remediate in confidence...
Starting Pay for Cyber Staff
All links and images for this episode can be found on CISO Series https://cisoseries.com/starting-pay-for-cyber-staff/ What should an entry level cybersecurity person be paid? And what level of education and training should be expected of them? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, guest co-hostNaomi Buckwalter(@ineedmorecyber), director of information security and IT atBeam Technologies, and our guest Dan Walsh (@danwalshciso), CISO, VillageMD. Thanks to our podcast sponsor, AppOmni AppOmni is building the future of SaaS security. We empower our users to enforce security standards across their SaaS applications,...
Fear of Automation
All links and images for this episode can be found on CISO Series. https://cisoseries.com/fear-of-automation/ Why are security professionals so darn afraid of automation? We continue to hold on to the idea that people have to be integral in the real-time decision process to protect ourselves from the technology we deploy to protect us. Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, andSteve Zalewski, CISO,Levi Strauss, with our guest Edward Frye (@edwardfrye), CISO, Aryaka Networks and president of Silicon Valley chapter of ISSA. AppOmni is building the future of...
Hiring Talent with No Security Experience
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-hiring-talent-with-no-security-experience/ Should you look for the ideal candidate that has all the security talent you want, or should you find the right person and train them with the security talent you want. And if the latter, what is the right person to work in security who doesn't have security experience? Check out this post and this Twitter discussion for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest...
Security Hygiene for Software Development
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-security-hygiene-for-software-development/ How do we improve the quality of our software? In the rush to be competitive, security has often taken a back seat to be first to market. What's the formula for fast and secure applications? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO LinkedIn, and sponsored guest Wayne Jackson, CEO, Sonatype. Thanks to our podcast sponsor, Sonatype In this episode: Are we working too fast...
How Much Do You Know About Your Data?
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-how-much-do-you-know-about-your-data/ Do cybersecurity professionals even know what they're protecting? How aware are they of the data, its content and its sensitivity? What happens to your security posture when you do understand the data you're protecting? What can you do that you weren't able to do before? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, and Steve Zalewski, CISO, Levi Strauss, with our sponsored guest, Aidan Simister (@aidansimister), CEO, Lepide. Thanks to our podcast sponsor, Lepide...
Do Startups Need a CISO?
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-do-startups-need-a-ciso/ Startups are all about proving the value of their product and growth. At the beginning, all of their money is funneled into product and market development. When do they need a CISO, if at all? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, and guest co-host Jimmy Sanders (@jfireluv), head of cybersecurity for Netflix DVD and our guest is Bryan Zimmer (@bryanzimmer), head of security for Humu. Thanks to our podcast sponsor, Lepide Ninety...
Insider Risk
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-insider-risk/ By just doing their jobs, your employees are introducing risk to the business. They don't mean to be causing issues, but their simple actions and sometimes mistakes can cause great harm. Is it their fault, or is it security's fault for not creating the right systems? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Steve Zalewski, CISO, Levis, and our sponsored guest Mark Wojtasiak (@markwojtasiak), vp, portfolio strategy &...
What's the Obsession with Zero Trust?
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-whats-the-obsession-with-zero-trust/ Why is everyone obsessed with Zero Trust? Is it just a marketing ploy that vendors are using to sell their products? Or, is it truly a methodology that provides better security, especially in today's environment. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO LinkedIn, Melody Hildebrandt (@mhil1), evp, product & engineering and CISO, Fox. Thanks to our podcast sponsor, Code42 Redefine data security standards for...
Mentoring
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-mentoring/ Companies want security people with experience and they want to grow cybersecurity leaders. It's often hard to find that experience, and while there are certification courses aplenty, courses in cybersecurity leadership are hard to find. One possible solution is mentoring, but that has its own hurdles. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host, Geoff Belknap (@geoffbelknap), CISO LinkedIn, and our guest Sean Catlett, CSO, Slack. In this...
Securing the Super Bowl and Other Huge Events
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-securing-the-super-bowl-and-other-huge-events/ How do cybersecurity professionals secure a huge event like the Olympics, the Superbowl, or a city's New Year's Eve party? What are the unique considerations that come into play? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Toms Maldonado (@tomas_mald), CISO, NFL Thanks to our podcast sponsor, Lepide Ninety eight percent of all threats start with Active Directory and nearly always involve the compromise...
Cybersecurity Isn't That Difficult
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-cybersecurity-isnt-that-difficult/ What are you security people complaining about? As compared to 10, 15, 20 years ago, the technical aspects of cybersecurity are not that difficult. We've got the control frameworks, tools, and training that are predecessors didn't have. Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, guest co-host Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies, and our guest, John Overbaugh (@johnoverbaugh), vp, security, CareCentrix Thanks to our podcast sponsor, Trend...
Cloud Security Myths
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-cloud-security-myths/ The cloud is inherently insecure! The cloud will handle all your security needs. More data breaches happen in the cloud. These are just some of the many many myths of cloud security. Listen as we debunk as many as we possibly can. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, CISO, Levis, and our sponsored guest Mark Nunnikhoven (@markna), vp, cloud research, Trend Micro. Thanks to...
What Is Security's Mission?
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-what-is-securitys-mission/ What's the mission of your security program? Is it to proactively SECURE THE COMPANY against a compromise of the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY, OR, is it to PROTECT THE COMPANY BRAND by effectively PREVENTing, DETECTING and RESPONDING to cyber-threats? These are the two options for security's mission that we discuss on this week's show. Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, guest co-host Steve Zalewski, Deputy CISO, Levis, and our guest, Johna Till...
Vendor CISOs
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-vendor-cisos/ It's hard to be a CISO. But, what's it like to be a CISO at a security vendor, doing the hard work while carrying the stigma of being a "vendor"? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Allan Alford (@AllanAlfordinTX), CTO/CISO, TrustMAPP, and host of The Cyber Ranch Podcast. Thanks to our podcast sponsor, TrustMAPP Does your board want to see yet...
How Much Log Data Is Enough?
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-how-much-log-data-do-you-need You're a CISO struggling with an influx of log data into your SIEM. What's the data you want to keep, and for how long? You want insights, but you also want to keep costs down. Holding onto everything is going to cost a fortune. Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-host Steve Zalewski, deputy CISO, Levis, and our guest Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies ....
Should Finance or Legal Mentor Cyber?
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-should-finance-or-legal-mentor-cyber Cybersecurity leaders are constantly looking for ways to improve how they think about risk, and how they communicate risk. But they're not the only ones. Others have been managing risk long before CISOs existed. So, who could be the best mentor to help a CISO gain better insight into business risk and how to communicate about it: the chief financial officer, or the legal department's general counsel? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO...
Data Destruction
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-data-destruction How do you deal with data at end of life? Holding onto data too long can be very costly and increase risk. So how do you get rid of it... safely? Check out this post for the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, guest co-host Shawn Bowen, CISO,RestaurantBrandsInternational(RBI), and our sponsored guest, Frank Milia, partner, (@ITAssetRecvry), IT Asset Management Group. Thanks to our podcast sponsor, IT Asset Management Poorly managed IT asset disposal, lack of due...
How to Make Cybersecurity More Efficient
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-how-to-make-cybersecurity-more-efficient/ You're a new CISO told to hold headcount even and find the resources to do 20% more work. We're already maxed out. So how do we do more? Coming up next we're getting smart and more efficient with security. Check outthis post for the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, guest co-host Steve Zalewski, Deputy CISO, Levis, and our guest, Mike Morgan, (@theywerecones) head of information security, infrastructure director, Foster Farms Thanks to our podcast sponsor,...
Does a CISO Need Tech Skills?
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-does-a-ciso-need-tech-skills Does a CISO need technical skills to be an effective cybersecurity leader? Many CISOs don't have them. Are they still effective and does it affect their ability to lead? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, and guest co-host Ben Sapiro, (@ironfog), CISO, Great-West LifeCo, and our guest, Zach Powers, CISO, Benchling. Thanks to our episode sponsor, IT Asset Management Group Poorly managed IT asset disposal, lack of due diligence, and a disposal...
How Do You Know if You're Good at Security?
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-how-do-you-know-if-youre-good-at-security/ What metrics or indicators signal to you that an organization is "good at security"? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Justin Berman (@justinmberman), former CISO, Dropbox. Thanks to our podcast sponsor, Imperva Face it, your data is everywhere! Imperva Data Security unifies compliance, security and privacy needs for any data store while saving you time and money. No matter where data lives,...
Building a Security Team
All links and images for this episode can be found on CISO Series You're a new CISO at a new org given a headcount of ten to build a cybersecurity team. What's your strategy to build that team? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, guest co-host Steve Zalewski, Deputy CISO, Levis, and our guest JJ Agha (@jaysquaredx2), CISO, Compass. Thanks to our podcast sponsor, Imperva Face it, your data is everywhere! Imperva Data Security unifies compliance, security and privacy needs for any data store while saving...
Are our Data Protection Strategies Evolving?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-are-our-data-protection-strategies-evolving/) As we're evolving from putting data on premises to the cloud, are our data protection strategies evolving as well? There are issues of securing data, knowing where it travels, and privacy implications of data. How are we handling all of that? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our sponsored guest, Chris Brown, senior director, data security at Imperva. Thanks to our podcast sponsor, Imperva. Face it, your data is...
Should CISOs Be Licensed Professionals?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-should-cisos-be-licensed-professionals/) Many professionals are required to obtain a license before they can do their job legally. The demands of cybersecurity professionals, especially CISOs, has become more critical as evidenced by the increasing number of regulations demanding a person oversee security and privacy controls. Should CISOs be licensed to maintain a minimum standard? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our guest Patrick Benoit (@patrickbenoit), vp, global head of GRC and BISO,...
Inherently Vulnerable By Design
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-inherently-vulnerable-by-design/) Much of what we do as practitioners is to prevent inadvertent security problems - oversights, zero-days, etc. What about inherent and unavoidable problems? When the very design of the thing requires a lack of security? What do you do then? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our sponsored guest is Dan Woods, vp of the Shape Intelligence Center, F5. Thanks to this week's podcast sponsor, F5. External threats to...
Imposter Syndrome
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-imposter-syndrome/) For CISOs and other security leaders, suffering from imposter syndrome seems inevitable. How can you ever be really confident when there's an endless stream of threats and a landscape that changes without your knowledge? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our guest David Peach (@realdavidp), CISO and head of privacy, The Economist Group. Thanks to this week's podcast sponsor, F5. CISOs are dealing with the increasing sophistication of cyber...
Why Don't More Companies Take Cybersecurity Seriously?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-why-dont-more-companies-take-cybersecurity-seriously/) With every cybersecurity breach, we still don't seem to be getting through. Many companies don't seem to be taking cybersecurity seriously. What does it take? Obviously not scare tactics. Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our guest Ben Sapiro, global CISO, Great-West LifeCo. Thanks to this week's podcast sponsor, Sonatype. On this episode of Defense in Depth, you'll learn: Even with attacks and breaches on a constant march, far...
Data Protection and Visibility
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-data-protection-and-visibility/) Where is your data? Who's accessing it? You may know if you have an identity access management solution, but what happens when that data leaves your control. What do you do then? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our sponsored guest is Elliot Lewis(@elliotdlewis), CEO,Keyavi Data. Thanks to this week's podcast sponsor, Keyavi Data. Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it...
What's an Entry Level Cybersecurity Job?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-whats-an-entry-level-cybersecurity-job/) Naomi Buckwalter, director of information security at Energage analyzed one thousand random information security job posts on LinkedIn. The most notable trend she found was that 43% of the posts had CISSP and 5-year experience requirements for entry level positions. Are companies trying to lowball cybersecurity professionals, or do they simply not know what an entry level cybersecurity job is. Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our guest is...
Securing Digital Transformations
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-securing-digital-transformations/) Digital transformation. It's definition is broad. Meaning securing it is also broad. But there are some principles that can be followed as companies undergo each step in a deeper dive to make more and more of their processes essentially computerized. Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our guest is Paul Asadoorian (@securityweekly), founder & CTO, Security Weekly, and chief innovation officer, Cyber Risk Alliance. Thanks to this week's podcast...
Leaked Secrets in Code Repositories
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-leaked-secrets-in-code-repositories/) Secrets, such as passwords and credentials, are out in the open just sitting there in code repositories. Why do these secrets even exist in public? What's their danger? And how can they be found and removed? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our sponsored guest is Jrmy Thomas, CEO, GitGuardian. Thanks to this week's podcast sponsor GitGuardian. GitGuardian empowers organizations to secure their secrets - such as API keys...
Measuring the Success of Your Security Program
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-measuring-the-success-of-your-security-program/) How does a CISO measure the performance of their security program? Sure, there are metrics, but what are you measuring against? Is it a framework or the quality of protection? How do you tell if your program is improving and growing? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our sponsored guest is Chad Boeckmann (@SDS_Advisor), CEO, TrustMAPP. TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity...
Privacy Is An Uphill Battle
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-privacy-is-an-uphill-battle/) Privacy is an uphill battle. The problem is those gathering the data aren't the ones tasked with protecting the privacy of those users for whom that data represents. Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our guest is Dave Bittner (@bittner), host, The CyberWire Podcast. Thank to our episode sponsor, TrustMAPP. TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you...
Legal Protection for CISOs
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-legal-protection-for-cisos/) What's the legal responsibility of a CISO? New cases are placing the liability for certain aspects of security incidents squarely on the CISO. And attorney-client privilege has been overruled lately too. What does this mean for corporate and for CISO risk? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our guest is Evan Wolff, partner at Crowell & Moring. Thank to our episode sponsor, TrustMAPP. TrustMAPP delivers continuous, automated Security Performance...
XDR: Extended Detection and Response
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-xdr-extended-detection-and-response/) Is XDR changing the investigative landscape for security professionals? The "X" in XDR extends traditional endpoint detection and response or EDR to also include network and cloud sensors. Having this full breadth, XDR can contextualize alerts to tell a more cogent story as to what's going on in your environment. Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our guest is Dave Bittner (@bittner), host, The CyberWire. Thanks to our sponsor,...
Calling Users Stupid
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-calling-users-stupid/) Many cybersecurity professionals use derogatory terms towards their users, like calling them "dumb" because they fell for a phish or some type of online scam. It can be detrimental, even behind their back, and it doesn't foster a stronger security culture. Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our guest Dustin Wilcox, CISO, Anthem. Thanks to our sponsor, Hunters. Attackers always find new ways to bypass organizational defenses. While their...
Is College Necessary for a Job in Cybersecurity?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-is-college-necessary-for-a-job-in-cybersecurity/) Where is the best education for our cyber staff of the future? Where does college fit in or not fit in? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our guest Dan Walsh, CISO, Rally Health. Thanks to our sponsor, Hunters. Attackers always find new ways to bypass organizational defenses. While their traces hide in the data, they're also extremely difficult to detect. Hunters.AI is a context-fueled XDR solution that harnesses...
When Red Teams Break Down
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-when-red-teams-break-down/) What happens when red team engagements go sideways? The idea of real world testing of your defenses sounds great, but how do you close the loop and what happens if it's not closed? Check outthis postfor the basis for our conversation on this week's episode which features me,David Spark(@dspark), producer of CISO Series, co-hostAllan Alford(@allanalfordintx), and our sponsored guest, Dan DeCloss, founder and CEO, PlexTrac. Thanks to this week's podcast sponsor, PlexTrac. PlexTracis a revolutionary, yet simple, cybersecurity platform that centralizes all security assessments, penetration test...
What Cyber Pro Are You Trying to Hire?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-what-cyber-pro-are-you-trying-to-hire/) Do companies hiring cybersecurity talent even know what they want? More and more we see management jobs asking for engineering skills, and even CISO jobs with coding requirements. What's breaking down? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest Liam Connolly, CISO, Seek. Thanks to this week's podcast sponsor, Salt Security. Salt Security protects the APIs at the core of SaaS, web, and...
Junior Cyber People
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-junior-cyber-people/) There are so few jobs available for junior cybersecurity professionals. Are these cyber beginners not valued? Or are we as managers not creating the right roles for them to improve our own security? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Naomi Buckwalter (@ineedmorecyber), director of information security & privacy at Energage. Thanks to this week's podcast sponsor, Salt Security. Salt Security protects the...
Trusting Security Vendor Claims
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-trusting-security-vendor-claims/) Do security vendors deliver on their claims and heck, are they even explaining what they do clearly so CISOs actually know what they're buying? Check out this post and the Valimail survey for the basis of our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guestLee Parrish (@LeeParrish), CISO, Hertz. Thanks to this week's podcast sponsor, AttackIQ. AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry's first Security Optimization...
How Vendors Should Approach CISOs
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-how-vendors-should-approach-cisos/) "How do I approach a CISO?" It's the most common question I get from security vendors. In fact, I have another podcast dedicated to this very question. But now we're going to tackle it on this show. Check out this post for the basis of our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guestIan Amit (@iiamit), CSO, Cimpress. Here also is my original article with Allan Alford when he first launched this engage...
Secure Access
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-secure-access/) What is the Holy Grail of secure access? There are many options, all of which are being strained by our new work from home model. Are we currently at the max? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our sponsored guest is Rohini Kasturi, chief product officer, Pulse Secure. Thanks to this week's podcast sponsor, Pulse Secure. PulseSecureoffers easy, comprehensive solutions that provide visibility and seamless, protected connectivity...
InfoSec Fatigue
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-infosec-fatigue/) Have we reached peak InfoSec fatigue? Revolving CISOs and endless cyber recruitment OR the fact that we're spending more money to reduce even greater risk. Is it all leaving our grasp? Check out this post for the basis of our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guestHelen Patton(@OSUCISOHelen) CISO,The Ohio State University. Thanks to this week's podcast sponsor, Sonrai Security. Identity and data access complexity are exploding in your public cloud. 10,000+...
Securing a Cloud Migration
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-securing-a-cloud-migration/) You're migrating to the cloud. When did you develop your security plan? Before, during, or after? How aware are you and the board of the cloud's new security implications? Does your team even know how to apply security controls to the cloud? Check out this post for the basis of our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest Sandy Bird, CTO and co-founder, Sonrai Security. Sandy was the co-founder and CTO...
API Security
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-api-security/) APIs are gateways in and out of our kingdom and thus they're also great access points for malicious hackers. How the heck do we secure them without overwhelming ourselves? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest, Roey Eliyahu, CEO, Salt Security. Salt Security protects the APIs at the core of SaaS, web, and mobile applications. By using patented behavioral protection Salt Security...
Shared Threat Intelligence
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-shared-threat-intelligence/) We all know that shared intelligence has value, yet we're reticent to share our threat intelligence. What prevents us from doing it and what more could we know if shared threat intelligence was mandated? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest, Joel Bork (@cincision), senior threat hunter, IronNet Cybersecurity. Thanks to this week's podcast sponsor, IronNet Cybersecurity. To combat sophisticated cyber threats,...
Drudgery of Cybercrime
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-drudgery-of-cybercrime/) Why does the press persist on referring to all cyber breaches as sophisticated attacks? Is it to make the victim look less weak, or do they simply not know the tedium that's involved in cybercrime? Check out this post by Brian Krebs for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Steve Zalewski, deputy CISO, Levi Strauss. Thanks to this week's podcast sponsor, IronNet Cybersecurity. To combat sophisticated cyber...
Security Budgets
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-security-budgets/) How do you calculate a security budget? Is it a percentage of the IT budget? Something else? And why does it grow so drastically after a breach? Thanks to this week's podcast sponsor, IronNet Cybersecurity. To combat sophisticated cyber threats, companies are increasingly adopting collective defense strategies to actively share intelligence with peer organizations to improve the detection capabilities of the collective. Through faster sharing of behavioral analytics, signature-based, and human threat insights, organizations can more effectively spot malicious activity and reduce attacker dwell time. More...
Role of the BISO
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-role-of-the-biso/) What is a business information security officer or BISO? Do you need one? Is it just an extension of the CISO or is it simply taking on the business aspect of the CISO role? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Nicole Dove (@IssaUrbanGirl), BISO, ADP, and host of Urban Girl Corporate World podcast. Thanks to this week's podcast sponsor, Deep Instinct. Deep...
Shared Accounts
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-shared-accounts/) As bad as all security professionals know, shared accounts are a fact in the business world. They still linger, and from an operational standpoint they're hard to secure and get accountability. Why are they still around and what can be done about them? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest Jake King (@jakeking), CEO, Cmd. Thanks to this week's podcast sponsor, Cmd....
Bug Bounties
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-bug-bounties/) What is the successful formula for a bug bounty program? Should it be run internally, by a third party, or should you open it up to the public? Or, maybe a mixture of everything? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Justin Berman (@justinmberman), head of security, Dropbox. Thanks to this week's podcast sponsor, Cmd. Cmd provides a lightweight platform for hardening production...
Data Classification
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-data-classification/) The more data we horde, the less useful any of it becomes, and the more risk we carry. If we got rid of data, we could reduce risk. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Nina Wyatt, CISO,Sunflower Bank. Thanks to this week's podcast sponsor, Cmd. Cmd provides a lightweight platform for hardening production Linux. Small and large companies alike use Cmd to...
Prevention vs. Detection and Containment
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-prevention-vs-detection-and-containment/) We agree that preventing a cyber attack is better than detection and containment. Then why is the overwhelming majority of us doing detection and containment? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest Steve Salinas (@so_cal_aggie), head of product marketing, Deep Instinct. Thanks to this week's podcast sponsor, Deep Instinct. Deep Instinct is changing cybersecurity by harnessing the power of Deep Learning to...
Asset Valuation
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-asset-valuation/) What's the value of your assets? Do you even understand what they are to you or to a criminal looking to steal them? Do those assets become more valuable once you understand the damage they can cause? Check out this post for the basis for our conversation on this week's episode which features me and Allan Alford. Our guest is Bobby Ford, global CISO, Unilever. Thanks to this week's podcast sponsor, CyberArk. At CyberArk, we believe that sharing insights and guidance across the CISO community will...
DevSecOps
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-devsecops/) We know that security plays a role in DevOps, but we've been having a hard time inserting ourselves in the conversation and in the process. How can we get the two sides of developers and security to better understand and appreciate each other? Check out this postand this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andAllan Alford(@AllanAlfordinTX).Our sponsored guest is Sumedh Thakar (@sumedhthakar), president and chief product officer, Qualys. Thanks...
Fix Security Problems with What You've Got
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-fix-security-problems-with-what-youve-got/) Stop buying security products. You probably have enough. You're just not using them to their full potential. Dig into what you've got and build your security program. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Brent Williams (@brentawilliams), CISO, SurveyMonkey. Thanks to this week's podcast sponsor, Deep Instinct. Deep Instinct is changing cybersecurity by harnessing the power of Deep Learning to prevent threats in...
Should Risk Lead GRC?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-should-risk-lead-grc/) Defining risk for the business. Is that where a governance, risk, and compliance effort should begin? How does risk inform the other two, or does calculating risk take too long that you can't start with it? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andAllan Alford(@AllanAlfordinTX).Our guest is Marnie Wilking (@mhwilking), global head of security & technology risk management, Wayfair. Thanks to this week's podcast sponsor, Qualys. Qualys is...
Responsible Disclosure
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-responsible-disclosure/) Security researchers and hackers find vulnerabilities. What's their responsibility in disclosure? What about the vendors when they hear the vulnerabilities? And do journalists have to adhere to the same timelines? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest isTom Merritt (@acedtect), host, Daily Tech News Show. Thanks to this week's podcast sponsor, Qualys. Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. On...
Internet of Things
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth:-internet-of-things/) When Internet of Things or IoT devices first came onto the market, security wasn't even a thought, let alone an afterthought. Now we're flooded with devices with no security and their openness and connectivity are being used to launch malicious attacks. What are methods to secure environments today and how should these IoT devices being secured in the future? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest...
Is Governance the Most Important Part of GRC?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-is-governance-the-most-important-part-of-grc) Your policy should rarely change. But your ability to achieve that policy is found in procedures or governance that should inform, steer, and guide your team. Those procedures should change often and others should follow. Are they? Check out this post for the basis for our conversation on this week's episode which features me and Allan Alford. Our guest is Mustapha Kebbeh (@mustaphake), CISO, Brinks. Thanks to this week's podcast sponsor, CyberArk. At CyberArk, we believe that sharing insights and guidance across the CISO community will...
Who Should the CISO Report To?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-who-should-the-ciso-report-to/) Who should the CISO report to? What factors determine that decision? And why is that single decision so critical to a company's overall security? Check out this post for the basis for our conversation on this week's episode which features me, special guest co-host Yaron Levi (@0xL3v1) CISO, Blue Cross Blue Shield of Kansas City. Our guest is Gary Harbison, vp, global CISO, Bayer. Thanks to this week's podcast sponsor, IBM Security. IBM Security offers one of the most advanced and integrated portfolios of enterprise security...
Hybrid Cloud
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-hybrid-cloud/) The consistency of your security program becomes a challenge once you introduce the cloud. Controls and visibility are not necessarily transferable. How do you maintain the control you want in a hybrid environment? Check out this post for the basis for our conversation on this week's episode which features me, special guest co-host Taylor Lehmann (@BostonCyberGuy), vp, CISO, athenahealth, and our sponsored guest, Chris Meenan (@chris_meenan), director, offering management and strategy, IBM Security. Chris Meenan, director, offering management and strategy, IBM Security, David Spark, producer, CISO...
CISO Tenure
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ciso-tenure/) The CISO has the shortest tenure of any C-level role. Why so brief? Is it the pressure, the responsibility, the opportunities, or all of the above? Check out this LinkedIn discussion to read the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), producer ofCISO Seriesand guest co-host Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers.Our guest is John Meakin, CISO, Equiniti. Thanks to this week's podcast sponsor, IBM Security. IBM Security offers one of the most advanced and integrated portfolios of enterprise security...
Toxic Security Teams
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-toxic-security-teams/) There's an endless number of variables that contribute to creating a toxic security teams. How does it happen, and what are ways to manage and eradicate the toxicity? Check out this LinkedIn discussion to read the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), producer ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest is Jinan Budge (@jinan_forrester), principal analyst serving security & risk professionals at Forrester. On this episode of Defense in Depth, you'll learn: Toxic security teams happen because of tribalism, not just within security,...
Personality Tests in the Workplace
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-personality-tests-in-the-workplace/) As a cybersecurity leader, should you use personality tests for hiring and managing a team? Does it create diversity, understanding of communication styles, or does it just create more conflict? Check out this LinkedIn discussion to read the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), producer ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest is Ursula Alford, psychologist, Department of Neuropsychology, Baylor Scott & White Institute of Rehabilitation. On this episode of Defense in Depth, you'll learn: There is plenty of debate as to whether...
Lack of Diversity in Cybersecurity
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-lack-of-diversity-in-cybersecurity/) Cybersecurity teams are notoriously not diverse. At the same time we keep hearing and talking about the need for diversity. Is it critical? Can you be just as successful without it? Check out this Twitter feed for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest is Christopher Zell, vp, head of information security, The Wendy's Company. Thanks to this week's sponsor, Electronic Frontier Foundation. On this episode of Defense in Depth,...
When Are CISOs Responsible for Breaches?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-when-are-cisos-responsible-for-breaches/) When is a CISO responsible for a breach or cyber incident? Should they be disciplined, fired, or let go with an attractive payout? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest is Norman Hunt (@normanhunt3), deputy CISO, GEICO. On this episode of Defense in Depth, you'll learn: On the onset, one may want to jump to finding liability. But a CISO's responsibility should not be isolated at...
Post Breach Desperation and Salary Negotiations
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-post-breach-desperation-and-salary-negotiations/) A data breach usually spells financial and reputational disaster. But such an event can also be an opportunity for a security professional to capitalize. Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest is Michael Piacente, co-founder and managing partner, Hitch Partners. Thanks to this week's podcast sponsor, Anomali. Anomali is a leader in intelligence-driven cybersecurity solutions. Anomali turns threat data into actionable intelligence that drives effective security...
Presenting to the Board
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-presenting-to-the-board/) What metrics, reports, or strategies should a security professional utilize to communicate the value to the board? Or is the mode of "presenting to the board" a damaged approach? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest is Barry Caplin (@bcaplin), executive leadership partner, Gartner. Thanks to this week's podcast sponsor, Anomali. Anomali is a leader in intelligence-driven cybersecurity solutions. Anomali turns threat data into actionable intelligence...
The Iran Cybersecurity Threat
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-the-iran-cybersecurity-threat/) The Iran conflict has threatened new retaliations and we don't know where they're going to come from. Cyber retaliation is a real possibility. Who's being threatened and how should we prepare? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our sponsored guest is Nicholas Hayden, global head of threat intelligence, Anomali. Thanks to this week's podcast sponsor, Anomali. Anomali is a leader in intelligence-driven cybersecurity solutions. Anomaly turns threat...
Building a Fully Remote Security Team
Links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-building-a-fully-remote-security-team/) Could you be successful with a fully virtual InfoSec team? Many say it can't be done, while some have actually done it and been successful. Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest is Kathy Wang, former CISO, GitLab. Thanks to this week's podcast sponsor, Pulse Secure. Pulse Secure offers easy, comprehensive solutions that provide visibility and seamless, protected connectivity for hybrid IT in a Zero Trust world....
Account Takeover
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-account-takeover/) An account takeover traditionally follows a methodical path that takes considerable time before anything bad happens. Is it worth a company's time and effort to be monitoring a potential account takeover at the earliest stages? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our sponsored guest is Mike Wilson, CTO and co-founder, Enzoic. Thanks to this week's podcast sponsor, Enzoic. Enzoic is an enterprise-focused cybersecurity company committed to preventing...
UX in Cybersecurity
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ux-in-cybersecurity/) Security products and programs may be functional and work correctly, but are they usable in the sense that it fits into the work patterns of our users? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the producer ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest is Rakesh Patwari (@rakeshpatwari), UX lead, Salesforce and UX instructor at UC Berkeley Extension. Thanks to this week's podcast sponsor, Enzoic. Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover...
InfoSec Trends for 2020
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-infosec-trends-for-2020/) We're coming to the end of the year and that means it's time to make our predictions for 2020. Mark this episode and check back in one year to see how we did. Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our sponsored guest is Rob Potter, chief revenue officer for Verodin. Thanks to this week's podcast sponsor, Verodin. The Verodin Security Instrumentation Platform proactively identifies gaps in security...
Cybersecurity Readiness as Hiring Criteria
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-readiness-as-hiring-criteria/) What if every candidate interviewed was tested on their cybersecurity competency? How would that affect hiring and how would that affect your company's security? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Greg van der Gaast, head of information security, University of Salford. Thanks to this week's podcast sponsor, Enzoic. Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud...
Cybersecurity and the Media
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-and-the-media/) Cybersecurity and the media. It rides the line between providing valuable information and feeding the FUD cycle. What's the media's role? Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Dave Bittner (@bittner), producer and host of The CyberWire Podcast, Hacking Humans podcast, and Recorded Future podcast. Thanks to this week's podcast sponsor, Verodin. The Verodin Security Instrumentation Platform proactively identifies gaps in security...
The Cloud and Shared Security
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-the-cloud-and-shared-security/) When your business enters the cloud, you are transferring risk, but also adding new risk. How do you deal with sharing your security obligations with cloud vendors? Check out this LinkedIn post for the basis of this show's conversation on shared responsibility of security with a digital transformation to the cloud. This episode is co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our sponsored guest for this episode is Paul Calatayud (@paulcatalayud), CSO for Americas, Palo Alto Networks. Thanks to this week's podcast sponsor, Palo Alto...
Is Product Security Improving?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-is-product-security-improving/) We've been at this cybersecurity thing for a long time. Are products improving their security? A recent study says they aren't. Check out this tweet and the ensuing discussion for the information on the study and the concerns people have about the history of poor security in consumer-grade networking products. This episode is co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Michael L. Woodson (@mlwoodson), CISO, MBTA. Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with...
Best Starting Security Framework
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-best-starting-security-framework/) If you were building a security program from scratch, which many of our listeners have done, which framework would be your starting point? Check out this postinitiated by Sean Walls, vp, CISO of Visionworks, who asked, "If you were building a security program from scratch, would you align with ISO 27001, NIST CSF, or another framework, and why?" That conversation sparked this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Omar Khawaja (@smallersecurity), CISO, Highmark Health. Thanks to...
Cyber Defense Matrix
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cyber-defense-matrix/) A simple way to visualize your entire security program and all the tools that support it. Check out this postfor the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode isSounil Yu (@sounilyu), creator of the Cyber Defense Matrix and former chief security scientist at Bank of America. Thanks to this week's podcast sponsor, Verodin. The Verodin Security Instrumentation Platform proactively identifies gaps in security effectiveness attributable to equipment misconfiguration,...
User-Centric Security
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-user-centric-security/) How can software and our security programs better be architected to get users involved? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our sponsored guest for this episode is Adrian Ludwig, CISO, Atlassian, a customer of our sponsor, Castle. Thanks to this week's podcast sponsor, Castle. Castle is helping businesses keep customers' online accounts safe from targeted account takeovers, automated credential stuffing, and risky user transactions. Castle's user-centric...
Securing the New Internet
All links and images from this episode can be found at CISO Series (https://cisoseries.com/defense-in-depth-securing-the-new-internet/) If you could re-invent the entire Internet, starting all over again with security in mind, what would you do? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode, Davi Ottenhimer (@daviottenheimer), who happens to be working on this project with Tim Berners-Lee at Inrupt to create a new Internet and secure it. Thanks to this week's podcast sponsor, Castle. Castle is helping businesses keep...
Resiliency
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-resiliency/) How fortified is the business to withstand cyberattacks? Can it absorb the impact of the inevitable hits? Would understanding the business' level of resilience provide the appropriate guidance for our security program? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Anne Marie Zettlemoyer, vp, security engineering and divisional security officer, MasterCard. Thanks to this week's podcast sponsor, Castle. Castle is helping businesses...
Ransomware
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ransomware/) Why is Ransomware so prevalent? Why are so many getting caught in its net? And what are some of the best tactics to stop its scourge? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our sponsored guest for this episode is Brian Vecci (@BrianTheVecci), field CTO, Varonis. Thanks to this week's podcast sponsor, Varonis. The most powerful way to find, protect, and monitor sensitive data at scale. Get...
Top CISO Communication Issues
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-top-ciso-communication-issues/) Understanding risk. Communicating with the board. Getting others to understand and care about security. What is the most vexing cybersecurity issue for a CISO? Check out this post by Kate Fazzini, cybersecurity reporter for CNBC, for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Mark Eggleston (@meggleston), CISO, Health Partners Plans. Thanks to this week's podcast sponsor, Varonis. The most powerful way to find, protect, and monitor...
Cybersecurity Excuses
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-excuses/) "I've got all the security I need." "I'm not a target for hackers." These are just a few of the many rationalizations companies make when they're in denial of cyberthreats. Why are these excuses still prevalent and how should a cyberprofessional respond? Check out this post by Ian Murphy, co-founder of LMNTRIX, for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Gary Hayslip (@ghayslip), CISO, Softbank Investment...
Employee Hacking
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-employee-hacking/) A cyber professional needs their staff, non-IT workers, and the board to take certain actions to achieve the goals of their security program. Should a CISO use the hacking mindset on their own people? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Yael Nagler (@MavenYael), consultant. Thanks to this week's podcast sponsor, Anomali. Anomali harnesses threat data, information, and intelligence to drive...
100% Security
100% Security. A great idea that's impossible to achieve. Regardless, CEOs are still asking for it. How should security people respond and we'll discuss the philosophical implications of 100% security. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Rich Friedberg (@richf321), CISO, Blackbaud. Thanks to this week's podcast sponsor, Anomali. Anomali harnesses threat data, information, and intelligence to drive effective cyber security decisions. On this episode of DefenseinDepth, you'll learn: Even though security people learned a...
Proactive Security
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-proactive-security/) How proactive should we be about security? What's the value of threat intelligence vs. just having security programs in place with no knowledge of what attackers are trying to do? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our sponsored guest for this episode is AJ Nash, director of cyber intelligence strategy, Anomali. Thanks to this week's podcast sponsor, Anomali Anomali harnesses threat data, information, and intelligence to...
ATT&CK Matrix
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-attck-matrix/) Is the ATT&CK Matrix the best model to build resiliency in your security team? What is the best way to take advantage of the ATT&CK framework and how do you square away conflicting data coming in from your tools. What can you trust and not trust? And is the disparity of results the fault of the tool, the user, or neither? Check out this post and this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark),...
Hacker Culture
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-hacker-culture/) The hacker community needs a new PR campaign. Far too many people equate hacker with criminal. But hacker is a mindset of how one approaches security. What is that approach and why are CISOs so attracted to hiring hackers? Check out this post for the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Joseph Menn (@josephmenn), journalist, Reuters, and author of "Cult of the Dead Cow: How the Original Hacking Supergroup Might...
Bad Best Practices
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-bad-best-practices/) All professionals like to glom onto "best practices." But in security, "best" practices may be bad out of the gate, become useless over time, or they're not necessarily appropriate for all situations. Stay tuned, we're about to expose some of the worst "best" practices. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Yaron Levi (@0xL3v1), CISO, Blue Cross/Blue Shield of Kansas City....
Cyber Harassment
All images and links are available on CISO Series (https://cisoseries.com/defense-in-depth-cyber-harassment/) Whether a jilted lover or someone trying to wield their power over another, cyber harassment takes many forms and it doesn't stay in the digital world. It comes into our real world and gets very dangerous. What is it and how can it be thwarted? Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Parry Aftab (@parryaftab), founder of StopCyberbullying Global. Thanks to this week's podcast sponsor, Endgame Endgame...
CISO Series One Year Review
Links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ciso-series-one-year-review/) The CISO/Security Vendor Relationship Podcast is now more than a year old. On this episode, the hosts of both podcasts, reflect on the series and we respond to listeners critiques, raves, and opinions. Check out this post and this post for the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is the co-host of the CISO/SecurityVendorRelationshipPodcast, Mike Johnson. Thanks to this week's podcast sponsor, TrendMicro On this episode of DefenseinDepth, you'll learn: We provide...
Economics of Data
All images and links for this episode available at CISO Series (https://cisoseries.com/defense-in-depth-economics-of-data/) Do we understand the value of our data? Do our adversaries? And is the way we're protecting it making it too expensive for them to steal? Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our sponsored guest for this episode is Chip Witt (@rt_clik), head of product strategy for SpyCloud. Thanks to this week's podcast sponsor, SpyCloud Learn moreabout how you can protect employees and customers from account takeover with SpyCloud. On...
Tool Consolidation
All links and images can be found on CISO Series (https://cisoseries.com/defense-in-depth-tool-consolidation/) While cybersecurity professionals always want more tools, more often than not they're dealing with too many tools delivering identical services. The redundancy is causing confusion and more importantly, cost. Why should you pay for it? How does it happen and how do InfoSec leaders consolidate tools? Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Adam Glick, vp, cybersecurity, Brown Brothers Harriman. Thanks to this week's podcast sponsor,...
Camry Security
Links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-camry-security/) The Camry is not the fastest car, nor is it the sexiest. But, it is one of the most popular cars because it delivers the best value. When CISOs are looking for security products, are they also shopping for Camry's instead of "best of breed" Cadillacs? Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Lee Vorthman (@leevorthman), sr. director, global security engineering and architecture, Pearson....
Amplifying Your Security Posture
All links and images can be found on CISO Series (https://cisoseries.com/defense-in-depth-amplifying-your-security-posture/) In security, you never have enough of anything. But the scarecest resource are dedicated security people. When you're running lean, what are some creative ways and techniques to improve overall security? Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Matt Southworth(@bronx), CISO ofPriceline. Thanks to this week's podcast sponsor, SecurityBridge Advanced cybersecurity for SAP, from codebase to production. Powered by anomaly detection, detect threats in real-time so...
ERP Security
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-erp-security/) For most organizations, their ERP solution holds its crown jewels. Should custom and complex applications that trade such vital customer and corporate data be secured any differently? Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Branden Newman, CISO, adidas, brought to us by our sponsor, SecurityBridge. Thanks to this week's podcast sponsor, SecurityBridge Advanced cybersecurity for SAP, from codebase to production. Powered by anomaly...
Managing Obsolete (Yet Business Critical) Systems
All links and images from this episode can be found at CISO Series (https://cisoseries.com/defense-in-depth-managing-obsolete-yet-business-critical-systems/) Obsolete systems that are critical to your business. They're abandoned, unpatchable and unmanaged. We've all got them, and often upgrading is not an option. What do you do? Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Mitch Parker (@mitchparkerCISO), Exec. Director, InfoSec and Compliance, Indiana University Health. Thanks to this week's podcast sponsor, SecurityBridge Advanced cybersecurity for SAP, from codebase to production. Powered by...
Cybersecurity Hiring
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-hiring/) Everyone needs more security talent, but what kind of talent, how specialized, and what kind of pressure is hiring requirements putting on security professionals? Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is one our favorite InfoSec gadflies, Greg van der Gaast. Thanks to this week's podcast sponsor, Morphisec Detection-based security technologies are by definition reactive, responding to threats after they've hit. Morphisec takes an...
How CISOs Discover New Solutions
Find images and links for this episode on CISO Series (https://cisoseries.com/defense-in-depth-how-cisos-discover-new-solutions/) Are security professionals so burned out by aggressive cybersecurity marketing that they're giving up on discovering new and innovative solutions? What are the best ways for cyber professionals to discover new solutions? Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel. Our guest for this episode is Yaron Levi (@0xl3v1), CISO, Blue Cross and Blue Shield of Kansas City. Thanks to this week's podcast sponsor, ComplianceForge ComplianceForge is a business accelerator....
Is the Cybersecurity Industry Solving Our Problems?
Find all links and images from this episode on CISO Series (https://cisoseries.com/defense-in-depth-is-the-cybersecurity-industry-solving-our-problems/) Is the cybersecurity industry solving our problems? We've got lots of new entrants. Are they doing anything new, or just doing the same thing slightly better? Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel. Our guest this week is Taylor Lehmann (@BostonCyberGuy), CISO, Wellforce. Thanks to this week's podcast sponsor, Remediant Eighty one percent of cyberattacks utilize stolen administrative credentials. Yet, legacy enterprise password vaults solve only a fraction...
Vulnerability Management
This is a special episode of Defense in Depth being shared on this feed. Find the full post with links and images on the CISO Series site here (https://cisoseries.com/defense-in-depth-vulnerability-management/) So many breaches happen through ports of known vulnerabilities. What is the organizational vulnerability in vulnerability management? Check out this post and discussion and this onefor the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel.Our guest is Justin Berman (@justinmberman), CISO for Zenefits. Vulcan's vulnerability response automation platform allows enterprises to automate their TVM programs. Vulcan integrates to existing IT...
Privileged Access Management
If you can't see all the show notes (with images and links) head here:https://cisoseries.com/defense-in-depth-privileged-access-management-pam/ Where does privileged access management (PAM) fit in the order of operations? Check out this post and discussion and this onefor the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel.Our sponsored guest for this episode is Tim Keeler, CEO and co-founder of Remediant. Thanks to this week's podcast sponsor, Remediant Eighty one percent of cyberattacks utilize stolen administrative credentials. Yet, legacy enterprise password vaults solve only a fraction of the problem and are difficult to...
Machine Learning Failures
Full post for this episode (https://cisoseries.com/defense-in-depth-machine-learning-failures/) Is garbage in, garbage out the reason for machine learning failures? Or is there more to the equation? Check out this post and discussionfor the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel.Our guest for this episode is Davi Ottenheimer (@daviottenheimer), product security for MongoDB. Thanks to this week's podcast sponsor, Remediant 81% of cyberattacks utilize stolen administrative credentials. Yet, legacy enterprise password vaults solve only a fraction of the problem and are difficult to rollout.Remediant's SecureONE takes a new approach to privileged...
Software Fixing Hardware Problems
The full post (if you're not seeing links and images) can be found here (https://cisoseries.com/defense-in-depth-software-fixing-hardware-problems/) As we have seen with the Boeing 737 MAX crashes, when software tries to fix hardware flaws, it can turn deadly. What are the security implications? Thanks to this week's podcast sponsor, Unbound Tech Check out this post and discussionfor the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel.Our guest for this episode Dan Glass (@djglass), former CISO for American Airlines. Founded in 2014, Unbound Tech equips companies with the first pure-software solution to...
Tools for Managing 3rd Party Risk
To see all the notes and links for this episode, go here (https://cisoseries.com/defense-in-depth-tools-for-managing-3rd-party-risk/) Are there any good tools that really help to manage third-party risk? Can tools alone solve this problem? What else is required? Check out this post and discussionfor the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel.Our guest for this episode is Eric Cowperthwaite, director of information security, Esterline. Got feedback?Join the conversation on LinkedIn. Thanks to this week's podcast sponsor, Praetorian As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We...
CISO Burnout
Are CISOs the most stressed individuals on a security team, or do mental health issues affect everyone in security? Check out this post and discussionfor the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel.Our guest for this episode is Gary Hayslip (@ghayslip), CISO, Webroot. Thanks to this week's podcast sponsor, Praetorian As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We are the security experts. On this episode of DefenseinDepth, you'll learn: You have to come to an acceptance that a security program that's at...
RSA 2019: Success or Failure?
Is the RSA Conference a must attend for security professionals? Or is it enough to "just be in San Francisco that week"? Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel.Our guest for this episode is Tyson Martin, CISO for Lumber Liquidators. David Spark, producer of CISO Series, Tyson Martin, CISO, Lumber Liquidators, and Allan Alford, CISO, Mitel. Thanks to this week's sponsor, Praetorian. As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We are the security experts....
Security IS the Business
If a company's brand and value is built on trust, then your security department is critical to building the value of the company. Check out this post and discussion for the basis of our conversation on this week's episode which isco-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel.Our guest for this episode is Scott McCool (@McCoolScott), former CIO of Polycomm. Thanks to this week's podcast sponsor, SpyCloud Learn moreabout how you can protect employees and customers from account takeover with SpyCloud. On this episode ofDefense in Depth, you'll learn: When a business becomes an idea, the only...
Threat Intelligence
Do companies who deliver "threat intelligence" deliver on that promise, or is there more the customer needs to bring to the table to be able to take action? Check out this post and discussion for the basis of our conversation on this week's episode which isco-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel.Our sponsored guest for this episode is Eric Murphy (@_EricMurphy), VP, security research, SpyCloud. Thanks to this week's podcast sponsor, SpyCloud Learn more about how you can protect employees and customers from account takeover with SpyCloud. On this episode ofDefense in Depth, you'll learn: Threat...
Secure Controls Framework
Defense in Depthis available atCISOSeries.com. Is the "free to use" Secure Controls Framework the one meta-framework to rule them all? Check out this post and discussion for the basis of our conversation on this week's episode which isco-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel.Our guest is Tom Cornelius, founder and contributor of the Secure Controls Framework (SCF) (@scf_support). Thanks to this week's podcast sponsor, SpyCloud Learn more about how you can protect employees and customers from account takeover with SpyCloud. On this episode ofDefense in Depth, you'll learn: Purpose of the Secure Controls Framework is to...
Insider Threats
Defense in Depthis available atCISOSeries.com. Is your own staff the greatest threat to the security of your company? On this episode ofDefense in Depth we discuss protecting your business from itself. Check out this post and discussion for the basis of our conversation on this week's episode which isco-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel.Our guest is Vijay Bolina (@_jamesbaud_), CISO, Blackhawk Network. Thanks to this week's podcast sponsor, Fluency Security: Fluency's correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization's path towards...
Building an Information Security Council
Defense in Depth is part of the CISO Series network, which can be found at CISOseries.com. Security for the business affects everyone and all departments. On this episode ofDefense in Depth we discuss the values and difficulties of building an information security council. Check out this post and discussion for the basis of our conversation on this week's episode which isco-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel.Our guest is Nick Espinosa (@NickAEsp),host of nationally syndicated show The Deep Dive with Nick Espinosa,and his daily podcast is called Nick's Nerd News Daily. Find Nick on Facebook, YouTube,...
Privacy
Will the privacy outcry and new regulations limit companies' abilities to do business, or will it span a whole new industry? We discuss building a business in the new age of privacy regulations on this week'sDefense in Depth. Chris Jordan, CEO, Fluency Security This episode ofDefense in Depthis co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel. Our sponsored guest isChris Jordan, CEO ofFluency Security. Thanks to this week's podcast sponsor, Fluency Security: Fluency's correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization's path towards...
Security Metrics
Defense in Depth is part of the CISO Series network which can be found at CISOSeries.com. What are the most important metrics to measure when building out your security program? One thing we learned on this episode is those metrics change, as your security program matures. This episode of Defense in Depth is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford(@AllanAlfordinTX), CISO at Mitel. Our guest is my co-host of the other show, Mike Johnson, CISO of Lyft. Fluency's correlation and risk scoring technology combined with their approach of using pseudonyms in place of...
Welcome to Defense in Depth
Just a quick welcome message to this weekly show covering controversial and confusing topics in cybersecurity.
Down the Security Rabbithole Podcast
DtSR Episode 701 - Adrian Sanabria AI Cant Replace Jobs
TL;DR:Starting off the 700 series is Adrian Sanabria, long-time analyst, and industry insider. Adrian's SubStack post ( https://substack.com/home/post/p-189699798 ) makes an interesting distinction between 'work' and 'tasks'; then he goes on to explain how AI will apply. Fascinating conversation recorded live from Zero Trust World, 2026 sponsored by ThreatLocker.YouTube Video: <shortly available>Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 700 - An Unreal Milestone
TL;DR: THANK YOU.I can't believe I'm dropping episode 700. It's been a journey since September 2011 - so many amazing and unbelievable guests, conversations, and life lessons. So much incredible content that ages like fine wine, thank you to my friends James Jardine and Jim Tiller for doing this thing.Thank you to all of YOU for listening, sharing, and rating us.This isthe industry's premier podcast for all things related to our profession. Here's to another 700.YouTube video: https://youtube.com/live/bUnz763Iq90Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter:...
DtSR Episode 699 - Marcus Hutchins Hot Takes and AI
TL;DR: As I continue to post content recorded in Orlando at Zero Trust World 2026, I bring you a live recorded episode with Marcus Hutchins. It's an interesting discussion that is no doubt polarizing, but no less interesting. Enjoy!We are ONE EPISODE away from 700, thanks for being along for the ride!YouTube Video: (coming shortly)Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 698 - Leadership in a High Stakes CISO Role
TL;DR: This week's guest is Alex Hutton - who has been leading security teams in high-stakes organizations for years and is bringing his experience to you. We discuss leadership, risk, and several leadership topics you'll want to take notes on.YouTube video: https://youtube.com/live/FRBbnWVyO_QHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 697 - The Precarious Evolution of the CISO Role
TL;DR:On this episode of the pod, G. Mark Hardy joins Jim, James, and Rafal to talk about the precarious evolution of the role of the CISO. We even delve into the definition and purpose of risk, and find some there, there.YouTube video: https://youtube.com/live/_gpV4XilTocHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 696 - Zero Trust CyberSecurity Shenanigans
TL;DR:This week's podcast islive'ish from Zero Trust World 2026, put on by ThreatLocker. It's a lively conversation with their CPO Rob Allen who can't help himself but mess with my recording equipment. Shenanigans ensue. You'll love it.YouTube video: https://youtu.be/aOP6IT8OiDIHave something to say? Let's hear it.Show Sponsor: ThreatLockerAllow what you need, block everything else... Including ransomware.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 695 - Cyber Is Headed for a Market Meltdown
TL;DR:Is cybersecurity headed for a market meltdown? Are we watching the bubble pop? Patrick Dennis joins Rafal to give some observations, analyze and provide guidance on what's happening, and what's to come. Buckle that chin strap, it's going to get crazy.YouTube video: https://youtube.com/live/bhtvOSv48JcHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 694 - Seasonal Martyrdom and Cyber Burnout
TL;DR:We've all experienced it - either you're the one, or you know someone, who works themselves to death. Whether it's "part of the job" or part of the job - it always leads to the same end. Rebekah Wilke and Ryan Halstead join James and I to talk through a very timely and critically important topic from a leadership perspective.Big thanks to my guy Josh Jones for the excellent connection.YouTube Video: https://youtube.com/live/Adpyja9KIkUHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 693 - The Most Important AI Conversation
TL;DR:This is one of the most relevant AI conversations, in the moment. Gadi Evron joins me to talk about how AI is not just changing everything, but how it's actually going to impact what you're doing - from security to everything else. Tune in, this is a critical conversation.YouTube: https://youtube.com/live/t48sX54QCwIHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 692 - Ran Nahmias the Perpetual Entrepreneur
TL;DR:What's it like to be an entrepreneur your entire career? Always trying something new, always doing something different? Ask Ran Nahmias, someone who's been around long enough to have done it all, and he's not done yet.YouTube Video: https://youtube.com/live/qngve0dmd7MHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 691 - How to Make External Security Testing Useless
TL;DR: Today, Julian Brownlow Davies rejoins the pod (Ep 688) to continue the conversation about 3rd party external security testing. It's strong opinions and tales of woe all around.Episode 688: https://dtsr.buzzsprout.com/2153215/episodes/18498795-dtsr-episode-688-looking-for-meaning-in-the-signalYouTube video: https://youtube.com/live/6ZCPNXR_5u0Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 690 - Defenders of the Internet Pipes
TL;DR:This week's guest is Matt Carothers who works at a major Internet provider. We talk about defending, strategy, and some of the interesting topics that come with the job. If you have Internet at home, or at the office, or on the go - this episode is for you. There will probably be a part 2.YouTube: https://youtube.com/live/tJcjtgn759gHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 689 - Off the Rails - Social Media is Evil
TL;DR:Social media is corrupting our kids, radicalizing your neighbors, and being basically evil with no checks. This episode is an "off the rails" discussion on a not-so-clearly Cyber Security topic, with us diving deep and getting a little angry. Thanks to Kevin Thompson for joining us and sharing his qualified opinion as a dad and experienced Scout Master.YouTube: https://youtube.com/live/RXzAVG98T6sHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 688 - Looking for Meaning in the Signal
TL;DR:Grab your favorite note-taking thing, this week's pod features Julian Brownlow Davies of BugCrowd and it's chock full of things you'll want to look up. We tackle how red teaming and external 3rd party testing fits into a current security strategy, and how finding signal in the noise is just the beginning.YouTube video: https://youtube.com/live/aNz-qPmWf7g1Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 687 - Dan Geers Wisdom from 2014
TL;DR:This week's episode is a special one. I (Rafal) revisit episode 100 with the one and only Dan Geer. Some shows are "in the moment", some are timeless. This show is timeless. Dan's wisdom and insights are as applicable today as they were 12 years ago. Crazy, right? Fun story - I ran into Dan at Black Hat conference a few years ago and asked him what he would say is 'different' since we recorded that episode... his response? "My beard is longer". Solid GOLD.Listen in. Take notes.Have something to say? Let's hear it.Support the show>>> Please consider clicking the...
DtSR Episode 686 - An Unexpected Windows XP Conversation
TL;DR:On today's pod, Rob Allen of ThreatLocker makes his triumphant return to derail us straight into a conversation about legacy systems and why he's still supporting WindowsXP. Right, you read that right. A great conversation ensued, and I'm glad we were able to record this one. Enjoy.From us to you, thank you for following along this year, and we wish you a happy new year, and all the best in 2026!YouTube video: https://youtube.com/live/dFO1NTo1MGcHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 685 - Weaponized AI is Real Now What Pt 1
TL;DR:In part 1 of 2, Gadi Evron joins the show and chats with Jim and Rafal on the topic of the "AI Cataclysm". What does that even mean? Listen in - but it's part to do with how AI is changing the attacker model (level of effort, expertise required, timeline) and what defenders should start to think about. Part 2 is coming soon, standby.YouTube Video: https://youtube.com/live/izX0jOUpKJMHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 684 - AI Agents Gone Rogue
TL;DR:This week's show features Aaron Costello, and is all about an analog from real-world attacks on humans, applied to AI "agents". I know what you're thinking - computers are supposed to be more difficult to trick, right? Right... no. Attacks such as this where computers try to be "helpful" (just like humans) are probably more common than we'd like to think. Give this a listen, it's a hoot.YouTube video: https://youtube.com/live/fM88jSkamDQHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 683 - Sometimes You Have to Step Away
TL;DR:On this episode, it's just Jim and Rafal talking about how sometimes you just need to take a big step back from your day job and touch some grass. Our chosen profession is, demanding, to say the least. So let's take a minute to acknowledge what we're really thinking. Unfiltered, raw, and straight from our heads to your ears, enjoy.YouTube video: https://youtube.com/live/ULTq1pzckFgHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 682 - A Third Opinion on Vulnerability Ranking
TL;DR:This week's pod features a conversation withthe Jay Jacobs, whom had previously been on the show talking about this very topic (vulnerability ranking/scoring) many, many years ago. If you missed Episode 297 check it out, it's crazy how far (or not) we've come since that conversation.YouTube Video: https://youtube.com/live/cpL9ZYbwkesHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 681 - AppSec Whack-a-Mole
TL;DR: John Rafal & Jim as we welcome Dustin Lehr to talk about the state of AppSec and how we got here. We discuss vulnerabilities, accountability, culture, and a host of other things. It's a caffein-fueled episode, so buckle in!Youtube video: https://youtube.com/live/yoBIQ_sIawIHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 680 - Debating Patching and Vulnerability Scoring
TL;DR:We heard RSnake's take on CVSS and CVEs and such, now let's hear Brian "Jericho" Martin's take. The gloves are off, and the opinions go native when we take this episode live. Brian doesn't pull any punches, and apparently I'm the only one without a pocket full of $2 bills?Sorry for the explicit rating, that's Brian's fault.YouTube Video: https://youtube.com/live/2-3Jzks5myc?feature=shareHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 679 - Wasting Time Patching
TL;DR:Patching. Your least favorite thing. Well, it turns out that most of the work we have been doing in the last 20+ years has been for nothing. Robert "RSnake" Hansen's theory, backed by a lot of data, seems to point to a much bigger problem in cyber, and it's time we talk about it.Rob's Closing Keynote that started this conversation: https://youtu.be/80ZtAsuC4v4?si=-liUcLX4adz092yPYouTube Video: https://youtube.com/live/k4kvKWZVh78Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 678 - CyberSecurity Has Lost the Plot
TL;DR: This week's pod features your favorite hosts reflecting on how security has lost its way. When everything is a catastrophe, nothing is. When every breach is world-ending, none of them matter. Have we completely lost the plot? Prepare to have a good think.YouTube Video: <coming soon>Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 677 - Is Cyber Insurance the Answer or A Question
TL;DR:On this week's pod - Sean Scranton and Shawn Tuma make a return appearance to talk about Cyber (Security) Insurance. Some see it as the answer to cyber's problems, while others see it as just another question. Which is it? Is it just a matter of perspective? Listen in and find out!YouTube Video: https://youtube.com/live/GiuheFiFO78Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 676 - Privacy and Healthcare Data at Crossroads
TL;DR:This week's pod is all about healthcare-related data that is bought and sold the world over - and how you this data can be utilized while still preserving privacy. In this mind-blowing segment, John Kuhn of Integral joins Jim and I to talk about the vast quantities of data that's bought, sold, and aggregated for healthcare research - and how it can be used for good, while still preserving people's privacy (or what's left of it - debate ensues).YouTube Video: https://youtube.com/live/aa1xKEvhS5E?feature=shareHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home:...
DtSR Episode 675 - Trey Ford on the Mind of CISOs
TL;DR:If you've ever wondered what goes through the mind of a top-tier CISO, wonder no longer. This week's episode features Trey Ford talking a little nostalgia, and a little of what's on his mind as a CISO. Fantastic episode, shout out to BugCrowd for the episode.Youtube video: https://youtube.com/live/uFl45Tb93gY?feature=shareHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 674 - 3rd Party Risk is a Mess
TL;DR: Let's talk, err, lament, Third Party Risk programs. Who has time for these, and is there any real value in identifying 3rd party risks? Or is it just all theater for the lawyers? Paul Farley joins Jim, James and Rafal to chop it up.Dive in with us, and see what you think.YouTube Video: https://youtube.com/live/Le23nkaybfEHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 673 - Crash Out to Cash Out
TL;DR:This week's episode is what happens when I go on vacation and have a little time to think. So here we go - let's talk about this Jaguar Land Rover was compromised and ransomware spread. The damage has been 'extensive' to the point where they stopped everything... are there any lessons here?Linkshttps://www.theguardian.com/business/2025/sep/20/jaguar-land-rover-hack-factories-cybersecurity-jlrhttps://www.theguardian.com/business/2025/sep/20/jaguar-land-rover-hack-factories-cybersecurity-jlrhttps://www.reuters.com/en/tata-motors-jlr-return-manufacturing-after-cyber-attack-2025-09-29/YouTube link: https://youtube.com/live/1wjwskUrztkHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 672 - DFARS CMMC Update Insights
TL;DR: This podcast features our friend Bo Birdwell who sits down with us to explain the ins and outs of the new DFARS CMMS update. Jim and Bo cover a lot of ground, and James and I are along for the ride asking questions.Great episode if you're in the space, worrying about what this latest update means to you.YouTube Video: https://youtube.com/live/0cl1S4f3g8EHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 671 - It's The End of the Internet As We Know It
TL;DR:This week's returning guest is Doug Cavit, but this time he's here to talk about the Internet apocalypse. Partly driven by AI, but mostly we discuss automated content generation, bots, and consumption as we reach the conclusion that it's all coming crashing down... sooner than we'd like.YouTube Video: https://youtube.com/live/tUJgdrh3ws8Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 670 - Ethics Equity and Rock Star CISOs
TL;DR: Michael Reichstein joins the pod this week to talk about "rock star CISOs" and those who trade equity for their souls. It's an interesting discussion but this one comes with a warning label: If you're easily offended, do not listen to this.Michael's post that started this conversation: https://www.linkedin.com/posts/mreichstein_cybersecurity-leadership-businessethics-activity-7361753110983135233-YSctYouTube video: https://youtube.com/live/N1mD_HLYDxUHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 669 - ADR Enters the SOC Chat
TL;DR: This week's pod features our favorite former analyst Anton Chuvakin, and an AppSec OG Jeff Williams as we tackle the subject of AppSec's favorite new acronym - ADR. What is it? Why is it? Should it be? We answer all these questions and more, and laugh along the way a bit too.YouTube Video: https://youtube.com/live/69xeGDoDYbULinksContrast's latest threat report (referenced in the show)An in-depth ADR Explainer (helpful!)Run-Time Security Explained (for those wanting to learn more)Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
TL;DR:This week's returning guest is the man, the myth, the Alpaca farmer, Philippe Humeau of CrowdSec. Life comes at you fast, threats come at you faster. The good news is - defenses can keep up. Listen in, then go check out CrowdSec!YouTube video: https://youtube.com/live/7Xc99bXCfwQHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 667 - Market Consolidation is Screwing the CISO
TL;DR: This week's guest is Dr Sam Liles - who's been CISO'ing since most of us have been in the industry. Sam gets it, and he has some perspective on what's going on with all this market consolidation. What is it good for? He's got some things to say, and he's not shy about it.YouTube: https://youtube.com/live/ROEA6z5Q-skHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 665 - From Black Hat 2025 with Exhaustion
TL;DR:This week's show is a testament to surviving a week of Hacker Summer Camp out in Las Vegas. I have an interview with Ray Canzanese, Jr. (again, because y'all love him) and a bit of my take-away / rant from the week I spent out in the desert. Enjoy, I hope you made it home safe and learned something. Good God it was hot.YouTube Video: ( standby, waiting on me to edit )Thanks again to my friends at Netskope!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page:...
DtSR Episode 664 - Everything You Wanted to Know About RaffCon
** Early release, due to Black Hat Conference and RaffCon XVIII.TL;DR:This episode is all about #RaffCon. Ever wanted to know what the heck it is? Well, Raffael Marty and I break it down, give you a little history, and reminisce. As we got into Black Hat week, this is the perfect precursor to #RaffCon XVIII.YouTube video: https://youtube.com/live/jwArV_EwuZcHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 663 - The CISO and CIO Relationship
TL;DR:This is one of the most important episodes we've done on this podcast. The CISO and CIO have a complicated, dynamic, and often ugly relationship - but what should it be like? How can the two work together and evolve their roles together, for the benefit of everyone in the business? Larry Whiteside, Jr. ( Co-Founder and President at Confide) and Dennis McDonald ( Chief Information & Security Officer at Jack Henry ) lay down a conversation that's worth a repeated listen.YouTube video: https://youtube.com/live/g2F6BNSm2vkHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support...
DtSR Episode 662 - Why Customer Success is Difference Maker
TL;DR:This week's conversation is all about the Customer Success team featuring Nick Puetz and Steve Dakhe. These guys have significant seat time building, operating, and perfecting the CSM role - and we're here to talk about it. What is a CSM? Why do they exist? And what is their role in customer engagement? Listen in, find out!YouTube: https://youtube.com/live/lCen-1Vt_K8Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 661 - Insights Into the Startup Mindset
TL;DR:This week we took a sit-down with serial entrepreneur, Will Gragido. Will has been a part of several innovative start-ups, and is now onto his next one. He's a product innovator with a pragmatic sense of what customers need, and he's here to give you the run-down of what drives him, what got him here, and things you should think about if you're thinking of setting off on your own.YouTube video: https://youtube.com/live/qkAi6Nj8kIIHave something to say? Let's hear it.Show Sponsor: ThreatLockerAllow what you need, block everything else... Including ransomware.Disclaimer: This post contains affiliate links. If you make a purchase, I may...
DtSR Episode 660 - Sam Masiello
TL;DR:Did you miss us? Yes, we're back with Sam Masiello and we're talking about whatever is on his mind. Well ...there's geopolitics and Iranian hackers and frankly we need to talk about what it means for your security program.Thanks for joining us, Sam!YouTube Video: https://youtube.com/live/H-4ZktBIUDEHave something to say? Let's hear it.Show Sponsor: ThreatLockerAllow what you need, block everything else... Including ransomware.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 659 - LinkedIn Cyber Influencers are Funny
TL;DR:This week's episode came from my (Rafal) brain. I've been reading far too much LinkedIn, and the "influencer" postings have been making me crazy. So, here we are. We talk through some of these posts, many of which are AI generated I think, and have a little fun with it. Call it...therapy.YouTube Video: https://youtube.com/live/uZVfkge8bQEHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 658 - What Does It Mean to Secure AI (Part 4)
TL;DR:On this episode, part 4 of our AI series, we are once again joined by Raja Mukerji, Jeff Collins, and John Dickson to discuss what it means to think about security for AI. Is it something completely different? Is it something same-'ol? Or - is it a bit of both. And what aren't we thinking about when it comes to securing AI?YouTube video: https://youtube.com/live/vUJIOrX0kHcHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 657 - Cyber-Security Use-Cases for AI (Part 3)
TL;DR: This week I bring John Dickson back to join Jeff Collins and Raja Mukerji as we talk through the following:What can AI do, for cyber security, that we can't do with current tools?What is the model for incorporating AI into cybersecurity - are we replacing people? augmenting people? both? neither?Where is AI the strongest in these use-cases today, and where is the promise for 12 - 36 months out?What are the LIMITATIONS for AI in cybersecurity? Are these short-term limitations, or long-term?Youtube: https://youtube.com/live/Tv_Lx76rl58Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support...
DtSR Episode 656 - Deeper Down the AI Rabbithole Part 2
TL;DR: This week John Dickson returns to go deeper down the AI rabbit hole with special guest Erik Bloch as we dive into a more technical explanation of AI, how this innovation differs from other similar concepts, previous tech innovations, and some of the commercial vs consumer use-cases where AI is best suited. It's a deeper discussion, and we will for sure have a part 3, and likely 4 coming soon.YouTube video: https://youtube.com/live/QXi6ed2NKhcHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 655 - John Dickson Down the AI Rabbithole Part 1
TL;DR:So - Artificial Intelligence (AI)...incomprehensible good, or catastrophic evil? Both? And what does that depend on? This episode is the start of a series wherein we explore the potential good or bad of AI, what the dependencies are. and what kinds of branches of discussion there could be. Join us as we discuss a generational topic, with some of our best guests starting with John Dickson.Required listening: Episode 654 w/Sounil Yu (https://dtsr.buzzsprout.com/2153215/episodes/17193885-dtsr-episode-654-can-we-teach-machines-discretion )Bonus, since none of you read this ... what's John's CISSP #? If you get it, send me a DM on LinkedIn and next time we're in the...
DtSR Episode 654 - Can We Teach Machines Discretion?
TL;DR: This week's episode asks the question - is it possible to give AI "discretion" (which feels like a uniquely human concept)? And if so - what would that look like, and how can this help a society that's hurling headlong into an AI future from destroying secrecy as we know it? Sounil Yu from Knostic joins Rafal & James to think through the problem - complete with visuals!If that sounds a little dramatic, you'll enjoy the episode, because this problem is very real and those outside security have no idea they're creating it.Cyber Defense Matrix:https://cyberdefensematrix.com/YouTube Video: https://youtube.com/live/ob502v_NqOoHave something to...
DtSR Episode 653 - Rich Latayan Live and In Person
TL;DR: On this "live on the scene" episode from Zero Trust World 2025 sponsored by Threat Locker - I have the distinct pleasure to speak with Rich Latayan about his career leading big-company security programs as CISO and his current endeavor.YouTube: <coming soon>Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 652 - RSA Conf 2025 Wrap with Ray Canzanese, Jr.
TL;DR: As per the usual, this year's RSA Conference 2025 wrap-up is with my friend Ray Canzanese, Jr. We sit in the beautiful sunshine atop the Moscone Center (gardens) and have an interesting, conversation about a number of interesting topics not the least of which is the puppies and baby goats at this year's event (well played, vendors, well played).YouTube Video: https://youtu.be/LSdEMlKRZmwHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 651 - Meaningfully Addressing the CISO Vendor Relationship
TL;DR: Sometimes LinkedIn gives us an opportunity to record something meaningful - and in this episode we find a conversation with Ross Hosman's perspective on how to address the strained relationship between buyer and seller, CISO and vendor - in a meaningful way that you'll hopefully benefit from.Sales people, take notes. CISOs ... you too.YouTube video: https://youtube.com/live/e_SbcB2ZsD8Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 650 - Executing a Human Focused Security Approach
TL;DR:This episode is a follow-up on two episodes, building up to this conversation. On episode 629 Hed Kovetz introduced us to "Identity Security" (https://dtsr.buzzsprout.com/2153215/episodes/16174464-dtsr-episode-629-what-the-hell-is-identity-security) and then on episode 646 Ward Pyles started the conversation about how security tools really aren't set up to protect from the identity perspective (https://dtsr.buzzsprout.com/2153215/episodes/16854549-dtsr-episode-646-ward-pyles-on-human-centric-security-for-real). Well - now we invited them both onto the show to talk it through and solve the problem Ward identified with the tech Hed spoke of.The result was better than we expected.YouTube video: https://youtube.com/live/N7cyIOdChtwHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the...
DtSR Episode 649 - Casey Ellis Other People's Software Bugs
TL;DR:This week's guest is BugCrowd's founder Casey Ellis. Casey's a pioneer in the security space and has some tremendous insights on how he started his business and what the future holds. Casey explains why it's important to think like a criminal, and why the 'locksmith' version of a hacker (versus 'burglar') is so important to today's security programs.YouTube video: https://youtube.com/live/8BLGfUqbOKQHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 648 - CyberSecurity Market Forces
TL;DR: This week we're joined by the one and only Mike Privette - to talk about the market forces pushing and pulling cyber security's momentum. Whether you're into startups a la VC funding, or looking to refurbish companies a la Private Equity - this conversation is an analysis of the market from someone who knows a thing or two about the whole game. Oh yeah, and Mike writes this Return on Security newsletter you need to subscribe to.YouTube video: https://youtube.com/live/wq0KlteA1bUHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn...
DtSR Episode 647 - Shiran Bareli AI as More Than Next Gen DLP
TL;DR:If you're deciding whether to listen to this episode - let me help you - YES. This episode is about the application of AI to one of the most difficult problems facing security teams -what and where is my most sensitive information? Face it, you have no idea - and maybe, just maybe, AI is part of the answer. Shiran Bareli joins Jim and Rafal to talk it over, and it's a doozy.YouTube Video: https://youtube.com/live/nhn6Q75syjkDon't forget to check out the after-show segment,only on our YouTube page!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above...
DtSR Episode 646 - Ward Pyles on Human Centric Security for Real
TL;DR:This week Ward Pyles joins Jim Tiller and myself to talk about a relatively unremarkable topic - people-centric security. We've talked about it a bunch but it's not until this episode that something finally clicked in my brain. When Ward talks about thedata that security needs - see if you can pick it up too.Also - I'm trying some new bonus content - the "After Show" which is a 2-5 minute post-show bit where we post what's said after the recording (usually) stops. I hope you enjoy it - check that out exclusively on our YouTube channel.YouTube video: https://youtube.com/live/LWzA2czvocQHave something...
DtSR Episode 645 - Zero Trust Applied in the Real World
TL;DR: This week's episode is a sit-down in person at Zero Trust World 2025 (sponsored by ThreatLocker) with Ryan Benner. Ryan's the caretaker of "anything that powers up", as he puts it, which means this small organization's security is also his responsibility. So how do you do it with next to no staff, and on a small budget? And how do you even begin to "Zero Trust" your network? Listen in.YouTube Video: https://youtu.be/JUMcWFNsVaAHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 644 - Inside the Minds of Great Product Managers
TL;DR:This week's episode shifts the focus from leadership in the enterprise, to leadership in the vendor space. Building security products that innovate, inspire, and meet market and customer demand is far from trivial. Meet two of the best in the business - Arash Marzban and Bryan Lares - and hear what makes the job exciting, and how they make it great.YouTube video:https://youtube.com/live/wA9-vgusyI0Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 643 - A CISO's Guide to the First 90 Days
TL;DR: This week's podcast features the wisdom and wit of Merlin Namuth - currently serving as the CISO for the city & county of Denver. Merlin provides insights into how he views the first 90 days of a CISO's role with a new organization, frameworks and processes he goes through to get his bearings and start a successful residency.YouTube Video: https://youtube.com/live/8y7bsKlBBXE?feature=shareHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 642 - Chase Cunningham An Epic Zero Trust Keynote
TL;DR: This episode was recordedlive from Zero Trust World 2025 in Orlando, FL sponsored by ThreatLocker. Chase Cunningham joins after finishing an epic keynote where he eviscerates security dogma and the repeated stupidity of the Cyber sector. Chase & Rafal discuss Zero Trust, implications, implementation, and value.YouTube:Big thanks to ThreatLocker for hosting Zero Trust World 2025 - can't wait to get back next year!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 641 - Kevin Fielder Security Principles and Guard Rails
TL;DR: On this episodes we welcome Kevin Fielder, CISO @ NatWest Boxed & Mettle, Advisor, investor, Coach, and speaker to talk about building guard rails and principles to minimize security's negative impact on business and technology while raising the bar for attackers.YouTube Video: https://youtube.com/live/xYPdHkUW0TQHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 640 - A Practitioner View of Security Automation
TL;DR: This week is a real treat! Eva Georgieva - a seasoned cybersecurity automation engineer - joins me, James, and Jim to talk about automation in cyber. We talk about challenges, what to automate first, good versus bad automation, and even get a little practical.YouTube: https://youtube.com/live/lA20Mgl3AxEHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 639 - Richard Bird Famous With 12 People
TL;DR:This week's episode features a long-time-coming discussion with Richard Bird discussing his book "Famous with 12 people", and the "influencer culture" in cybersecurity. It's an interesting discussion on how our industry works, and who makes it really turn.YouTube: https://youtube.com/live/hk42GbjzDZQ?feature=shareHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 638 - Matt Shufeldt Cyber Security's Specialist Problem
TL;DR: This week's episode is all about a growing issue in CyberSecurity (and I'm sure it's there in other disciplines as well) - "specialization" or more to the point "over-specialization". Why is it a problem? Matt Shufeldt, a returning guest and friend of the pod, joins us to talk about it and suggests some ways we can avoid the giant iceberg we're careening into.YouTube: https://youtube.com/live/q_3uYcdYaw4Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 637 - Amanda Berlin Build SMB Tools That Dont Suck
TL;DR:On this episode Amanda Berlin, Senior Product manager at Blumira, joins Jim and Rafal to talk about her career, the second edition of her book, and building products for SMBs that "don't suck". The unfortunate fact is that there aren't a lot of products designed for the unique challenges of companies that can't afford an army of security analysts, or consultants.YouTube Video: https://youtube.com/live/rvXqjBU5M4kHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 636 - CISO Perspectives Kayla Williams
TL;DR:Kayla Williams, CISO of Devo, joins Rafal & James on this episode to talk about her career path, the importance of the "financial perspective" and the need for well-rounded security leaders who understand business first and foremost. A wonderful episode for leaders and those who want to be.YouTube Video: https://youtube.com/live/axl8V-ayMjUHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 635 - The State of Trust 2025
TL;DR:Oh boy. Welcome to 2025, and the first podcast of the year is off to a flyer. Robert "RSnake" Hansen & Patrick Dennis join Jim and I to talk about "trust" - and we touch on everything from AI to politics and everything in between.What state is trust in, and why is it really bad? And ... now what?!Required background reading:Patrick's original post: https://www.extrahop.com/blog/how-brittle-is-trust-in-an-era-of-continuous-compromiseMy hot-take on current state of trust: https://blogwh1t3rabbit.medium.com/burned-out-ontrust-e4d32e40b3d0YouTube Video: https://youtube.com/live/zzXKZU4-BGQHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 634 - The 2024 Year End Episode
TL;DR:On this lengthy andvery informal episode of the podcast, James, Jim and I close out the year with James Robinson (CISO of Netskope) and Rock Lambros (Founder of Rock Cyber, and Author) as we discuss a wide range of topics you're going to have to listen in to get the details of. Wrap up 2024 by joining us for the EOY episode, and spread the new year cheer.YouTube Video: https://youtube.com/live/kT3FmXKsz5EHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 633 - Getting the Band Back Together
TL;DR: On this Christmas episode of the podcast, I (Rafal) get together with two of my team from back in the Optiv days - Mark Arnold & MacKenzie Brown - to talk about some of the things we accomplished, and the need to perhaps resurrect some of our work. We have a little fun along the way, too.YouTube Video: https://youtube.com/live/Y5NHMo69T1EHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 632 - The Politics of Detection Response and Security Operations
TL;DR:This week is a special show - where Raja Mukerji (Co-Founder, Chief Scientists at ExtraHop), Paul Farley (Field CTO, TrustedSec), and Anton Chuvakin (Security Advisor at Office of the CISO, Google Cloud) join Rafal, James, and Jim to talk about the honest politics of "the operations part of security". Whether you call it SOC, Security Operations, Cyber Defense Center, or whatever - what it does, how it functions, and how it's measured matter. We discuss and debate.YouTube Video: https://youtube.com/live/nEAxixee0LUHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page:...
DtSR Episode 631 - Building and Securing Extreme Scale Network Infrastructure
TL;DR: If you've ever wondered what kind of skill, scale, and engineering goes into building carrier-grade (and bigger) infrastructure this episode is for you. Joe DePalo (Executive Vice President & Chief Platform Officer at Netskope) joins Jim & Rafal to talk about his time building some networks that just blow our minds. You'll enjoy this episode if you're into networking.YouTube Video: https://youtube.com/live/U2UwSYdX1UM?feature=shareHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 630 - We Need to Talk About Algorithm Bias in AI
TL;DR:Our guest this week is Marcus Carey, who wrote a piece (with one heck of a clickbait title, as he admitted) that calls out the biases we see in algorithmic (or "AI") processes. The panel including Rock Lambros and Jeff Collins discusses where the trouble lies, how it manifests, what can be done about it, and what's next.YouTube Video: https://youtube.com/live/dopwV5Z2VdM?feature=shareMarcus's original post: https://www.linkedin.com/posts/marcuscarey_artificial-intelligence-ai-has-a-history-activity-7264716831435759616-rTsUHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 629 - What The Hell Is Identity Security
TL;DR: New intro alert! On this episode, we welcome Hed Kovetz from SILVERFORT - a company in the "identity security" space. If you're scratching your head and asking "what the hell is identity security?" - this episode is for you. We asked the same question, and Hed walked us through it. A wonderful primer on Identity Security for security professionals.YouTube Video: https://youtube.com/live/6r0fCs_me9IHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 628 - Rob Allen Endpoint Security Does Not Have to Suck
TL;DR: Join us on an adventurous conversation in the wild and wacky world of endpoint security. At a time where evolution seems to have come to a standstill, there are things going on you may not be aware of. Endpoint security doesn't have to suck - this conversation with Rob Allen (Chief Product Officer at ThreatLocker) may give you some new hope, or at least make you chuckle at Rob's "emotional support microphone".YouTube video: https://youtube.com/live/yXAbCM_YgU4Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 627 - Talent Gap Lies and Truths
TL;DR: On this spicy episode where returning guest Erik Bloch joins us, we host Lee Kushner to talk about the talent gap. Is there a talent gap? Who's to blame for the mess we're in right now? And of course, what to do next? For anyone who's job hunting, trying to understand the cyber job market, or trying to hire... this episode and conversation is for you.Sorry about the intermittent audio issue, I think it was a weird echo I couldn't quite pin down.YouTube Video: https://youtube.com/live/8SuMVL7QBJQHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above...
DtSR Episode 626 - Patrick Dennis Investing in CyberSecurity is Hard
TL;DR:Today, the podcast takes a meeting in the finance department with Patrick Dennis - current CEO of Avaya and friend of the podcast. Patrick has extensive experience in investments in both tech and beyond, and he's here to dispense some wisdom, caution, and insights.--> This podcast is packed with information that you can't afford to miss.YouTube Video: https://youtube.com/live/J3FQrTuY7KU?feature=shareHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 625 - Cyber Ghost Stories to Tell in the Dark
TL;DR: On this week's episode, Jim, James, and I sit down to a Halloween "scary story" episode. You know the feeling... that sinking feeling of dread when you can't quite put your finger on what's wrong but something is definitely wrong. Something scary, and nefarious is happening... and usually it's coming frominside the house!YouTube Video: https://youtube.com/live/BHRX0hi5CHQ?feature=shareHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 624 - Kevin Clark One Month A Year That Security Matters
TL;DR:This week on the pod, Kevin Clark joins James and I to talk about his career, how his walked his journey to a successful security leader (spoiler alert, it's another roundabout path), and what we generally think of "security awareness month". Great conversation and I think you'll agree, we need Kevin back again soon.YouTube Video: https://youtube.com/live/0KiUwC0RzRQHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 623 - SOC Metrics Suck
TL;DR: Erik Bloch andAnton Chuvakin join James, Jim, and myself to talk about why security metrics in the SOC ....suck. It's an interesting predicament, and one I'm sure Anton has been ranting about since he first got his 486/DX2 66. Or maybe not. It's an interesting topic because if we're measuring crap, that means something. Or does it even matter?Link to Erik's epic post: https://www.linkedin.com/posts/erikbloch_tinkertribe-secops-soc-activity-7245132473355919360-5v_B?lipi=urn%3Ali%3Apage%3Aorganization_admin_admin_page_posts_published%3B8719005b-91f9-4fdd-9cbc-4c75b2b70b00Does anyone read these show notes? Should I bother still writing them up?YouTube Video: https://youtube.com/live/0O6XzDqbGUIHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page:...
DtSR Episode 622 - Doug Burks Building the Security Onion
TL;DR: This week's episode is a special one. I've been a fan of Security Onion for a long, long time and this week Jim Tiller and I welcome Doug Burks its creator to the show. Doug gives us his story of how he started the iconic security platform and where it's going next. Don't miss this sit-down that's been far overdue. Congrats to Doug and his team on the longevity and continuing to push the envelope.YouTube video: https://youtube.com/live/25ahe0k58N4Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter:...
DtSR Episode 621 - Cyber Security Has a Data Problem Part 2
TL;DR:This is part 2 of the two-part episode with Jason Clark and Nathan Smolenski on data protection. In this episode we tackle the options and solutions to the problem we face - and why (just this one time) AI may be the only way forward. Interesting possibilities, and some real solutions. Don't miss our thee for episode 2 - "Hawaiian shirt day", on the video stream.Jim Tiller and I host this one, we hope you enjoy it.YouTube Video: https://youtube.com/live/SA53S0OpnZ4Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page:...
DtSR Episode 620 - Cyber Security Has a Data Problem Part 1
TL;DR: This week Jason Clark and Nathan Smolenski join Jim Tiller and I on part 1 of a 2-part series on data security. It's a topic whose time has come, and we're going to start in part 1 with fully analyzing the problem, how we got here, and just how ugly the beast is.YouTube vide: https://youtube.com/live/Qps-4NSEI-4Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 619 - Aaron Bray The Complete Novice Guide to SBOM
TL;DR:This week's episode features Aaron Bray, CEO of Phylum. We use this episode as a complete primer on SBOM (Software Bill of Materials). We cover the typical "lot of ground" but try to answer the question of what SBOMs are, how they're useful, and what you as practitioners can do now that you have them.YouTube video: https://youtube.com/live/KHiDJt8SnZ0Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 618 - Jeff Collins Microservices Killed the Vulnerability Scan
TL;DR:This week's episode sees the return of Mr Jeff Collins (of WanAware fame) as we talk over the long-prophesied death of vulnerability scanning. Maybe. What does the cloud have to do with the demise of vulnerability scanning? Listen and find out... I think you may find this relevant.This time, YouTube Video, is required viewing...trust me on this.YouTube Video: https://youtube.com/live/U3BsGXRV0L4Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 617 - Defending Forgotten but Business Critical Systems (SAP) Part 2
TL;DR:This week, part 2 of the SAP ("Critical Enterprise Apps") discussion where Tom Venables & Jay Thoden van Velzen get a little more in-depth on what it takes to secure SAP and ensure that there's more than just a firewall between imminent disaster and your business. Jim TIller guest-hosts this in-depth episode, and we invite you to grab a notepad, and take some notes!Part 1 is here, listen to it first.YouTube Video: https://youtube.com/live/iH_mg4Hu0tcHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 616 - A Wh1t3 Rabbit at Black Hat 2024
TL;DR: This episode is a "walk-around" episode, where I walked around Black Hat 2024 and ran into some friends to talk about what we're seeing, anything that caught their attention, and some other interesting insights in short-form recordings. I hope you enjoy listening to Lamont Orange, Aaron Bray, Alex Humphrey, and Rick Holland as much as I enjoyed the conversations.No video for this episode.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 615 - Doug Cavit Defending a Whole County
TL;DR: Have you ever wondered what it would be like to be responsible for security for an entirecounty? That job encompasses a massive amount of responsibility - but I'll let Doug Cavit, the CISO of Snohomish County, Washington tell us about it. What a resume, and what an incredible job Doug has.YouTube Video: https://youtube.com/live/selNfh5gQAUHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 614 - James Robinson Don't Worry SaaS is Probably Secure
TL;DR:This episode was one of our awesome LinkedIn Live episodes - if you missed it, join us on LinkedIn and never miss another! On this one, James Robinson (CISO at Netskope) talks with Rafal and James with guest-host Jim TIller about the possibilities we have with SaaS, data protection, and the whole mess we've made over the last 20+ years of "data everywhere". Big thanks to Netskope for providing the excellent James Robinson onto the show!YouTube Video (if you prefer YouTube): https://youtube.com/live/8MnpK0H9az0Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube...
DtSR Episode 613 - Tim Miller A Frank Conversation on Software Manifests
TL;DR: Today's episode is all about how we can build better software and systems - from a supply chain perspective. Tim Miller joins us, and it starts as a general conversation but we quickly dive into the world of software development. There's a lot to talk about here, starting with this XKCD that explains it perfectly: https://xkcd.com/2347/YouTube video: https://youtube.com/live/XOMl_Hp8q_QHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 612 - Defending Forgotten but Business Critical Systems
TL;DR: I bet you don't generally think about the software that actuallyruns the business when you're thinking security. In this episode, we tackle the security of SAP systems - the most popular business software on the planet - from some experts who tell us what we're missing. There's a lot to unpack here, and I bet you're not thinking about much of this, if any... I know my team wasn't. This is vital information.YouTube video: https://youtube.com/live/q8j6pkFXxeMHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 611 - Bob Bragdon Writing the CISO Story
TL;DR: This week's episode features someone you've probably known for a while, without actually knowing him. Bob Brandon talks about his journey through publishing the wildly successful CSO Magazine (now an online publication) and being close the the CISO world for a long time. He has a great story to tell, so listen in, and enjoy.YouTube video: https://youtube.com/live/WafXp6xPpBYHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 610 - Rob Allen Zero Trust Without Breaking Stuff
TL;DR: This week's guest is here to talk about Zero Trust... in a practical way. We're talking with Rob Allen of ThreatLocker about zero trust from a way you may have not thought about before. It's an interesting conversation and a piece of a much larger puzzle ... but from a practical standpoint, this may be the best actual place to start. Do you agree?YouTube Video: https://youtube.com/live/cgADamn2oQQHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 609 - Jonathan Rau Ruins SIEM
TL;DR: This week on the pod, Jonathan Rau joins to talk about SIEM. The thing we all lover to hate on, that thing that's been declared dead, and yet it's on its umpteenth incarnation. What does the future hold? Why is it still an investment organizations make? What makes it a good versus bad use-case? Tune in, find out.YouTube video: https://youtube.com/live/FtCjMo_gDDcHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 608 - Karim Hijazi Ransomware Gets Nastier Still
TL;DR: Friend of the pod, Karim Hijazi of Vigilocity, joins Rafal this week to talk about the state of ransomware, its "families", proliferation and motivations. It's a dark picture that's getting darker as it all evolves. Karim also provides some data-driven insights you can even investigate for yourself, check this show out on the video stream for more complete insights.YouTube Video: https://youtube.com/live/wgUzYp-bl90Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 607 - Outsourcing Your Security Part 2
TL;DR:This week is part 2 of the 2-part series on "Outsourcing your security" with Paul Farley. Paul's expertise in this space means you should be taking notes! On this second part, we dive into how you can pick an effective model for your use-case (we talk through a few of the available models out there), how to effectively implement an MSSP, and then how to measure success. Guest host Jim TIller joins us again, too.YouTube video: https://youtube.com/live/FkyJPmZikmcHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 606 - An Unsurprisingly Awful GAO Report
TL;DR:James and I spent a few minutes dissecting the high-level of a GAO report (Government Accountability Office) ...perhaps ironically named... that is awful in so, so many ways it's ridiculous. Listen in, comment with your thoughts.YouTube Video: (TBD)Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 605 - Outsourcing Your Security Part 1
TL;DR:This week Paul Farley, Deputy CISO of NCR Voyix joins myself, James, and Jim TIller to discuss outsourcing security in a modern company. We talk through a bit of history, some requirements for a good MSP, and the good and bad of the last couple of decades of MSPs.YouTube video: https://youtube.com/live/QzQFXyVcDSoHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 604 - Justin Foster Deeper Dive on Access Control Part 2
TL;DR: Justin Foster is back (and James is out) with guest co-host Jim Tiller as we talk through network-based access control from the "old days" through today's modern approaches. What worked, what didn't, what we tried, and how far we've come. Give it a listen! Also ... if there's any episode you watch the video of - it has to be this show for that beginning piece...wow Jim really nailed it.YouTube video (a must-see): https://youtube.com/live/EuUUeOzH_nEHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 603 - Justin Foster Access Control Now More Than Ever
TL;DR: This week's episode is part 1 of ... (I'm not sure) in a series of conversations about that old, boring, yet remarkably relevant topic of "Access Control". We pull in Justin Foster and guest co-host Jim Tiller to talk through the topic and set up a few follow-up episodes. Maybe more than a few, who knows?YouTube video: https://youtube.com/live/m-4lJHQDaZQHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 602 - Mark Simos 3 Conferences at RSAC
TL;DR: Sitting atop the Moscone Center North, I met up with Mark Simos and we talked through his impressions and our overall analysis of RSA Conference 2024. Some interesting observations, particularly about the "3 conferences" Mark observed.Sorry, no video this time, but you do get the eloquent "caw!" of a crow that sat overhead and yelled at us for about half the show. Enjoy!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 601 - The RSA Conference 2024 Debrief
TL;DR:This episode is a recap (my recap) of RSA Conference 2024. I wrote up a brief post on LinkedIn on my way out of town (linked here: https://www.linkedin.com/feed/update/urn:li:activity:7194698322790547456/ ), and now I'm doing a full episode of thoughts and interviews from the show. You get some commentary, and then interviews with Adam Cullin, Kristin Demoranville, Ray Canzanese, and Aaron Bray. Enjoy the episode, and cheers!(No video with this one, sorry...maybe next year)Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 600 - The LiveStream for Number 600
TL;DR:-> 2hr party-line episodeThis feels surreal, as I write this, that DtSR is pushing episode600 out to your ears right now. I couldn't possibly have imagined when I started 14 years ago, that this would be real. This episode is the culmination of a lot of hard work, so many amazing guests throughout the years, andYOU, my listeners! Without you all, I wouldn't keep publishing these every week.A big thank you to the one and only James Jardine for being my co-host through 650'something episodes ...it's been a crazy ride and we're not even close to quitting!So - thank you....
DtSR Episode 599 - How the Hell Did We Get Here?
Tl;DR: On the last episode before the big 600th extravaganza, James and I have a conversation about the types of conversations we've had on this show so far, reminisce about some of the favorite guests, and rehash some of the topics that (unfortunately) we could simply re-air today and it would make perfect sense. I know, a little depressing, eh?YouTube: https://youtube.com/live/4GsMSsuyjk8Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 598 - Adam Meyers What the Bad Guys Are Up To
Tl;DR:This week on episode 598 as we are 1 episode away from the Big 600, Adam Meyers joins the podcast to provide an update on the interesting things happening in the world of ransomware, threat actors, and general cyber criminals. Adam regales us with some interesting stories and always has that witty insight we expect from Adam.YouTube Video: https://youtube.com/live/5EBanXzfdtQHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
TL;DR: On this episode of the DtSR Podcast, Shawn Tuma joins James & I to talk over what's changed, what's new, and what's not going well at the intersection of cyber and legal. Spoiler Alert: Nothing's that much better, and things are worse.YouTube video: https://youtube.com/live/VDqxohnvpXsHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSREpisode 596 - David Monnier Hunting Cyber Villains
TL;DR:On this installment of the podcast, David Monnier joins Rafal & special guest Jim TIller to talk about hunting bad actors in cyberspace. What it's like chasing down villains, challenges, and related discussion. David is a recognizable industry expert and someone who can dispense some great discussion and advice. Listen up!YouTube Video: https://youtube.com/live/t53yK6zkikEHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 595 - Phil Beyer No Way To Win as a CISO
TL;DR:This week on the podcast, the conversation with Phil Beyer goes all over the map. We start with the interesting (but short) story of how Phil got into cyber, to vCISO vs CISO, and how we really feel about the CISOs opportunity to "win". Short answer - there isn't a win here. It's a very fast-paced episode you'll want to listen at normal speed because, frankly, it's too fast otherwise!YouTube video: https://youtube.com/live/VfYntM7yft0Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 594 - Cyber's Relationship to Emotional Intelligence
TL;DR: On today's episode of the podcast, Jessica Hoffman joins James and I to talk about Emotional Intelligence. What is it? Why is it desperately important to cybersecurity professionals in leadership role? All these questions and more are addressed as we parse out the ins and outs of emotional intelligence.YouTube video: https://youtube.com/live/DUBX9r22zEsHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 593 - The Big IAM Challenges
TL;DR: This week Episode 593 features Jeff Reich of the Identity Defined Security Alliance as we talk about some of the big-picture challenges of identity, interoperability, and security of identity and identity security (yes those are different).YouTube video: https://youtube.com/live/oTWJEVTzTlYHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 592 - Holding Business Ransom, a CEO & CISO Perspective
TL;DR: On this episode, James and I welcome CEO Patrick Dennis, CISOs Jack Korzeniowski and Sam Masiello, former CISO and vCISO, and industry veteran Jim Tiller onto a panel to discuss ransomware. Ransomware is catastrophic for some businesses, and in this episode, we talk through some of the key topics that CEOs and CISOs lose sleep over.Huge thank you to all of these fine gentlemen who gave their time to leave you with their insights. Find us on LinkedIn and if it piques your interest - let's talk about it further.YouTube Video: https://youtube.com/live/l1Y2-2WbBYIHave something to say? Let's hear it.Support the...
DtSR Episode 591 - Its a Weird Time in Our Industry
TL;DR:*Warning: This episode is ranty, and potentially offensive to overly sensitive types*. That said, in this episode Jim Tiller and I sit down, drink in hand, and have a good old rant about the state of the industry right now. We talk through the "people problem", and the tech problem, and lay plenty of blame. At some point, I think we even suggested a solution. Maybe. Enjoy!YouTube Video: https://youtube.com/live/TW133OeFsdAHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 590 - Can Procurement Save the CISO
TL;DR:On this week's episode, James Beeson once again joins Rafal & James, with guest-host Tom Venables to talk about procurement's involvement in the security of an enterprise. What does procurement have to do with security? How can the two functions work together to improve the security of the enterprise both today and into the future? Listen as we discuss this vital topic.YouTube Video: https://youtube.com/live/wGDgQZv97wEHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 589 - The More Things Change w Joe Dibiase
TL;DR:This week's episode features one of the all-time greats. Joe Dibiase was the first CISO I worked under when I joined GE Power Systems back in the early 2000s and he's had a rather amazing career spanning many different industries. We chat about life, CISO'ing, and what he's up to now. Spoiler alert - Joe sports a Braves World Championship ring!YouTube Video: https://youtube.com/live/pxGDOrs7_OAHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 588 - This is How We Get to Software Liability
TL;DR:This week's episode has the one and only Jeremiah Grossman on the show to talk about liability in software, some of the fundamental problems with cyber security, the market forces that move (or could move) things in the positive direction - and where it could all potentially go. It's a fascinating discussion you'll not want to miss.YouTube Video: (coming soon)Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 587 - A Framework for Defensible Security Programs w Bo Birdwell 3-3
Tl;DR:Part 3 of 3: This episode is the big reveal with details and a how-to, in a 3-part series presented by Bo Birdwell, on how to build a defensible security program using compliance to drive greater security improvement. The accompanying video is a must-watch because it has the slides Bo is talking through, and you're not going to want to miss that.YouTube Video: https://youtube.com/live/vUjAogOSePUHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 587 - A Framework for Defensible Security Programs w Bo Birdwell 2-3
Tl;DR:Part 2 of 3: This episode is the set-up, the problem statement, and overview of Bo's approach, in a 3-part series presented by Bo Birdwell, on how to build a defensible security program using compliance to drive greater security improvement. The accompanying video is a must-watch because it has the slides Bo is talking through, and you're not going to want to miss that.YouTube Video: https://youtube.com/live/mVIVszWgCCUHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 587 - A Framework for Defensible Security Programs w Bo Birdwell 1-3
Tl;DR:Part 1 of 3: This episode is the introduction of a 3-part series presented by Bo Birdwell, on how to build a defensible security program using compliance to drive greater security improvement. The accompanying video is a must-watch because it has the slides Bo is talking through, and you're not going to want to miss that.YouTube Video: https://youtu.be/MJNwn6sbxcMHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 586 - Trending Security Services w Joel Scambray
TL;DR: This week Joel Scambray joins James and I to talk about the trends and observations from the world of professional services. Joel is a long-time leader in the professional services delivery space in cybersecurity, and he has some interesting insights to share about where we are and where we could potentially be going.YouTube Video: https://youtube.com/live/LtDgSlnJyikHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 585 - James Beeson: A CISO Life
TL;DR:This episode is part of the Leadership series of episodes, with the one and onlyJames Beeson. James is one of the quintessential CISOs who is successful in both his craft and business world. I had the pleasure to work with James and his team many years ago and I can't wait for you to hear his insights and lessons learned. If you can get either some coaching or insights from James - take it and thank me later.YouTube Video: https://youtube.com/live/L_gDnWNREvQHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn...
DtSR Episode 584 - Explaining the Tech w Chris Davis
TL;DR:This week, I virtually sat down 1 on 1 with my long-time friend, cyber security veteran, and fellow smartass Christopher Davis to talk about the state of pre-sales (sales engineering) in our industry. We've both done it, being both seller and buyer of security products and services -- and we can complain about the state of things. Chris offers some solid advice, so take notes!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 583 - 2024 Is Going To Be a Doozy
TL;DR:As we talked about last year, Jim Tiller is joining us as a regular guest on an episode that looks forward (uncomfortably) to 2024 with all the mayhem and disappointment it will no doubt bring to the cybersecurity industry. What's coming? Let's talk about it... and we're not holding back.YouTube video: https://youtube.com/live/B5K4WQg0S7ALink James referenced: https://www.theregister.com/2024/01/05/swatting_extorion_tactics/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 582 - RTO or GTFO with Bill Pelletier
TL;DR:On this first episode of 2024, what better way to ring in the new year than to discuss the evolution of (knowledge) work? For this show, my friend Bill Pelletier joins as the Statler to my Waldorf as we discuss where knowledge work was a decade ago, where it is today (post-Covid), and what it could be if we thread the needle just right. In the end, one thing is for certain - the "future work experts" are not very smart, or they'd understand single-factor statements are stupid.Check out the YouTube video here: https://youtube.com/live/NeLsw10uUfYThe article in reference is here: https://finance.yahoo.com/news/ceos-finally-admit-next-return-133000281.htmlHave...
DtSR Episode 581 - Everything On The Internet All At Once
TL;DR:This week, our good friend Jeff Collins joins Rafal & James to talk about the "everything" being on the Internet now. Whether it's presents for the kids, connected devices in the kitchen, or stuff at the office - everything seems to be on the Internet and could be a potential exposure for you, your family, or your company. How do we deal with all of this?YouTube video of all the hilarity is available here: https://youtube.com/live/gA-unKSLO7ABy the way - if you haven't checked out 21Packets you really should - they run a software-defined global network fabric that can give you WAN...
DtSR Episode 580 - Of Cyber and Snowflakes
TL;DR:Your favorite podcast is back, after a short break, and bringing you another packed episode with Brandon Dunlap & Jim "All Tiller, no filler" Tiller where we discuss Kelly Shortridge's column "Security Isn't Special".Some things we agree with, some things we don't, but we talk through it thoroughly. That's part of the fun! Join the pod, and see what we're talking about.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 579 - Mike Towers on Trust in the Digital Age
TL;DR:This week I'm joined by Mike Towers - a gentleman who has "digital trust" literally in his job title. This is an episode where we attempt to start the conversation of trust in an age of digital everything. Of course, the backdrop for today's discussion is the mayhem over at OpenAI - and if that's not a great place to start, I don't know what is.Is anyone else having a difficult time accepting that this podcast is now in it's 14th season?!YouTube Video:https://youtube.com/live/WReKnt81BZcHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the...
DtSR Episode 578 - Maybe A Modern Day SOC Discussion
TL;DR:I finally decided that Erik Bloch's LinkedIn posts have provoked a certain interest in a conversation about what a "modern-day" SOC should look and behave like. I then invited Jim Tiller and Anton Chuvakin (because they have some opinions), on the show to join James and me to discuss this.It didn't quite go to plan.YouTube Video:https://youtube.com/live/cgKpTTmCUrsHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 577 - CISOs Turn at the Big Kids Table
TL;DR:On this episode of the pod, Jim Tiller and I talk through the hot takes published about the SEC vs SolarWinds and Brown, and why so many people are getting it all wrong. I highly encourage you to go read the actual indictment before giving your opinion.Link to the SEC page: https://www.sec.gov/news/press-release/2023-227YouTube video: https://youtube.com/live/9z4g9p3BW-YMy YouTube "short" on this subject: https://youtube.com/shorts/o1Qsdy5xU-oHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
TL;DR:Executive Conference organizers - this episode is for YOU.On today's episode of the podcast, it's just James and I on the microphone discussing all of these executive security events you may be getting invited to. They're just generally bad - people with big titles rattling off corporate marketing speak, with low attendance and low value. Or ...is there a better way? We discuss, and offer some suggestions to conference organizers to make these events fun and worthwhile again.Link to the "CyberSecurity Collaboration Forum" I reference: https://www.linkedin.com/company/cybersecurity-collaboration-forums/YouTube Video: https://youtube.com/live/5vErHLi9c5YHave something to say? Let's hear it.Support the show>>> Please consider clicking the...
DtSR Episode 575 - Crushed Under a Mountain of Security Tools
TL;DR:This week on the pod, Andrew Morris & Tom Venables from Turnkey Consulting join me for a semi-regular check-in from the consultancy world as we discuss the overwhelming problem with technology. Specifically, we talk about tools strategies for budget squeezes, filling niche use cases, and how to rationalize what you've got if you want more.Come check out the video - Tom's background is totally worth it.YouTube video: https://youtube.com/live/Dmss-pGAsyEGuestsTom VenablesLinkedIn: https://www.linkedin.com/in/tom-venables-1346592/Andrew MorrisLinkedIn: https://www.linkedin.com/in/andrewtmorris/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 574 - HealthCare CyberSecurity is Sick
TL;DR:This week on an interesting show that dives into the world of healthcare cybersecurity, Dan Dodson joins James and I to discuss the state of things, the reason for some of the chaos, and what the future outlook could be. The challenges are many, the outlook can be bleak, and while we have challenges both in business and technology (a la technical debt) - there is hope for a bright, secure, future.Give this episode a listen.Youtube Video: https://youtube.com/live/OTf07uaHvT0Guest:Dan DodsonLinkedIn: https://www.linkedin.com/in/dan-l-dodson-3a0b418/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn...
DtSR Episode 573 - The Urge to Converge
TL;DRThis week on the podcast Jerry Plaza from Netskope joins us to talk about the (re?)convergence between the network and security functions as policy, enforcement, and connectivity necessarily once again converge.It's been a long journey - but this time we think it's going to stick - hear why.Youtube video: https://youtube.com/live/RbobEfNMk2MGuestGerry PlazaLinkedIn: https://www.linkedin.com/in/gerry-plaza/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 572 - Managing Vendors Sucks
TL;DRWorking with security vendors is tough - and it's not getting better. Market consolidation, product maturity, innovation - all of that has to be factored in to develop a strategy and deal with the constant change. Whatever your current strategy - Brent, Rafal, and James discuss some options and how it could be.YouTube Video: https://youtube.com/live/R2-CKVBsexI GuestBrent DeterdingLinkedIn: https://www.linkedin.com/in/brent-deterding/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 571 - Can We Talk About the vCISO
TL;DR:On this episode of the podcast - Rafal is joined by long-time friends and colleagues, Jim Tiller, Matt Shufeldt, and reformed analyst Anton Chuvakin to discuss the role and value of the virtual CISO. Or maybe it's the "fractional CISO". Or maybe it's something else?We work through value prop, how to pick a worthwhile partner in a fractional CISO, and advice for avoiding the dangers that come with bad advice, and worse engagement.YouTube Video: https://youtube.com/live/M4mbIJuDGC8GuestsJim TillerLinkedIn: https://www.linkedin.com/in/jimtillersecurity/Jim's YouTube Shorts are solid gold: https://www.youtube.com/@jimtiller6177Matt ShufeldtLinkedIn: https://www.linkedin.com/in/matt-shufeldt-283677/Anton ChuvakinLinkedIn: https://www.linkedin.com/in/chuvakin/Anton & Tim's brilliant cloud security podcast: https://cloud.withgoogle.com/cloudsecurity/podcast/Have something to say? Let's hear it.Support...
DtSR Episode 570 - Starting a Conversation About Securing the Food Supply_Part 2
TL;DR;This is part 2 of 2 - for this amazing topic! Please join us for both parts, and check out the full-length video online and available RIGHT NOW.On this episode of the DtSR Podcast, I welcome Kristin Demoranville and Nelson Estrada Hernandez to talk about the food industry and how cyber security can and should be a vital part in this absolutely critical topic.YouTube Video (full 62 minutes): https://youtube.com/live/72z70zYLxycLinks:Agriculture ISAC: https://www.wired.com/story/us-food-agriculture-isac-cybersecurity/ (h/t Najo Ifield)Guest:Kristin DemoranvilleLinkedIn: https://www.linkedin.com/in/demoranvillekristin/Nelson Estrada HernandezLinkedIn: https://www.linkedin.com/in/nelson-estrada-hernandez-07786956/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page:...
DtSR Episode 570 - Starting a Conversation About Securing the Food Supply_Part 1
TL;DR;This is part 1 of 2 - for this amazing topic! Please join us for both parts, and check out the full-length video online and available RIGHT NOW.On this episode of the DtSR Podcast, I welcome Kristin Demoranville and Nelson Estrada Hernandez to talk about the food industry and how cyber security can and should be a vital part in this absolutely critical topic.YouTube Video (full 62 minutes): https://youtube.com/live/72z70zYLxycLinks:Agriculture ISAC: https://www.wired.com/story/us-food-agriculture-isac-cybersecurity/ (h/t Najo Ifield)Guest:Kristin DemoranvilleLinkedIn: https://www.linkedin.com/in/demoranvillekristin/Nelson Estrada HernandezLinkedIn: https://www.linkedin.com/in/nelson-estrada-hernandez-07786956/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page:...
DtSR Episode 569 - Keeping Secrets a Secret
TL;DR:This week's show features Oded Hareven, Co-Founder & CEO at Akeyless, and we cover some topics that are important, but brand new to us. Oded started a secrets management company and addressed some of the challenges and new technology with us.First, we discuss the "secret zero" problem (the one I worry about quite often), then zero-knowledge secrets management, and finally, this thing called "distributed fragmented crypto" (which is a bit mind-blowing honestly). I think you'll enjoy this podcast, as it's a little more technical than most, and something you may not hear elsewhere.YouTube Video: https://youtube.com/live/uNtoFbFrTjoGuest:Oded HarevenLinkedIn: https://www.linkedin.com/in/odedhareven/Akeyless website: https://akeyless.ioHave something...
DtSR Episode 568 - Breaches Cyber Insurance White Castle and the SEC
TL;DR:This week we are starting a quarterly segment with Sean Scranton and Shawn Tuma - that's right folks, you'll get our favorite breach coach aka "The oh-shit moment guy" and one of the most knowledgeable cyber insurance people together on the podcast four times a year (at least).So what did we cover on this show? Oye - looks like White Castle (yeah, my favorite of all time burger place from back in Illinois!) is in hot water, the SEC is ... well, being the SEC, and there's a bunch of stuff to catch up on in the insurance industry.Buckle up!YouTube...
DtSR Episode 567 - SMBs The Forgotten CyberSecurity Voices
TL;DR:I'm so excited to announce this podcast. This week the one and only Dominic Vogel joins me on the show to talk about SMBs - you know, those building blocks of the economy that most vendors pretend don't exist because it doesn't make them big $$$. And it's a whopper of a conversation with insights, ideas, and conversation that is looking to change things for the better. Hell, at least raise the awareness (wilful?) of the problems SMBs face.YouTube Video Stream: https://youtube.com/live/6IyGJHcMv7IGuest:Dominic VogelLinkedIn: https://www.linkedin.com/in/domvogel/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support...
DtSR Episode 566 - Kellman's Irreverent Cloud Security Take
TL;DR:Kellman's been one of the guests I've been chasing for years but he's always been too busy or too tied up in corporate requirements to be on the podcast - but now he's available and here we are. Kellman's got a lot of years behind him slinging network security gear, so it's a bit of a surprise to some that he has pivoted hard into cloud concepts and has some harsh truths for people who still think of old security paradigms when it comes to new technologies like, ahem, the cloud.Join us, this is a really fun episode!YouTube video: https://youtube.com/live/DuzbIsxxdxM...
DtSR Episode 565 - All Tiller, No Filler
TL;DR:This week's episode is packed with content, as the one and only Jim Tiller joins James and me for a podcast that ...well ...does a fair bit of analysis of Black Hat, the industry, and several other things that are probably top of mind for you as well. Let's not spoil it for you - give it a listen (and watch the video, it's good)YouTube Video: https://youtube.com/live/se5M5vq5bcIGuestJim TillerLinkedIn: https://www.linkedin.com/in/jimtillersecurity/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 564 - What Happens at Black Hat 23
TL;DR:On this episode of post-Black Hat 2023, my buddy Will Gragido joins me to talk about what we saw, what we learned, and what shenanigans transpired. We're focused on marketing and booths - how do vendors differentiate, what do conferencegoers take away, and what makes your booth or offering unique? What about AI?Yeah, we talk about all of that.YouTube Video: https://youtube.com/live/cWwKA-2XsQUGuestWill GragidoLinkedIn: https://www.linkedin.com/in/gragido/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 563 - AI Washing Black Hat 2023 Pre-Gaming
TL;DRThis week is Black Hat 2023, or "Hacker Summer Camp" if you prefer. That means that the hype machine will be working overtime, times 10, so here's an episode made to throw some cold water on the madness, and poke a little fun before things go entirely sideways.I hope you enjoy this show, and as always, I welcome your comments on LinkedIn!GuestKarim HijaziLinkedIn: https://www.linkedin.com/in/karimhijazi/Damian ProfancikLinkedIn: https://www.linkedin.com/in/damianprofancik/YouTube Video: https://youtube.com/live/CcoPUTSjPdI- honestly, my new favorite part of this podcast. I love the video we release...solid gold.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the...
DtSR Episode 562 - Is There Even a BYOD Debate Anymore?
TL;DR:I crashed a party on Security Uncorked and the crew that was having the discussion was kind enough to indulge me and my "bombs" (questions, really) - so I decided to have JJ and Josh on DtSR, and James and I continued the debate and conversation.This was so much more fun than it should have been, but the result is something I think we can be happy with - a healthy debate, some conclusions reached, and a lot of "it depends".Take a listen and make up your own mind.Security Uncorked episode that started it all: https://www.linkedin.com/events/byod-makeitorbreakit-securityun7087427632488722432/comments/YouTube video: https://youtube.com/live/3zeyKpwuneUGuestsJennifer ("JJ") MinellaLinkedIn:...
DtSR Episode 561 - Telling Generative AI Your Corporate Secrets
TL;DR:This week my old buddies Jason Clark and James Robinson join James and me to talk about "AI" and the realm of possibilities (and risks) that it is.We discuss Artificial Intelligence (AI) as a generational leap in technology - but also the risks it poses for corporations (and real-life, real people too).Listen to the pod in your ears, and watch the video - trust me, you'll laugh along.YouTube Livestream (replay): https://youtube.com/live/HyxhBVdTdB8GuestsJason ClarkLinkedIn: https://www.linkedin.com/in/jasonclarkfl/James RobinsonLinkedIn: https://www.linkedin.com/in/0xjames/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 560 - AppSec Philosophers
TL;DR:This week's episode is a come-back episode from the appearance I did on Dan Kuykendall's "Dan on Dev" podcast a couple of days ago. We started such a fun conversation, we just couldn't let it end there. We go through some interesting (in my opinion) history of the AppSec space, Dan does a little "back in my day" stuff, and I get all "Get off my lawn".You'll enjoy the episode if for no other reason than the nostalgia...oh sweet nostalgia.Go subscribe to Dan's channel on YouTube, he's an old-timer like me, and he always good great insights.Dan-on-Dev Episode you should...
DtSR Episode 559 - The Law of Diminishing Returns Ride Again
TL;DRYou've got a slightly different episode this week - it's just James and I on the mic to talk through one of my favorite topics. But first! ... we have to talk about "Threads" and the social media "too much" that's happening. Then we talk about the Law of Diminishing Returns in cyber security -from budget to effort - "How much is good enough?"YouTube Link:https://youtube.com/live/eA6ugisBZb4Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 558 - The Problems Of Massive Scale
Tl;DR: ** Happy Birthday America! **This week the podcast is celebrating America's birthday by releasing an episode that is a conversation with one of my favorite Canadians. Mark Nunnikhoven is one ofthe foremost cloud and large scale security professionals, and if anyone in security understands how to explain some of the stresses and strains of security at massive scale it's Mark. We talk about what he's working on, and how we as an industry can start addressing security problems at massive scale.YouTube Video: https://youtube.com/live/KIm5m8cAM0QGuestMark NunnikhovenLinkedIn: https://www.linkedin.com/in/marknca/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above...
DtSR Episode 557 - Changing Culture and Not Getting Fired
TL;DR:On this week's episode we have an expert in leadership with experience in the Federal/Military sector as well as the civilian side. Bo talks about how culture can be changed, ways to approach your constituents, and which styles of information dissemination work best in organizations both large and small.If you're thinking about how to getyour team more "security aware" and more bought in - this is an episode you must hear.Guest:Bo BirdwellLinkedIn: https://www.linkedin.com/in/bobirdwell/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 556 - Will Regulation Price Out the Competition
TL;DR:On this software security and regulation-focused episode of the podcast, the OG of AppSec (Jeff Williams) joins James & I to talk about the latest spate of regulations that require self-attested transparency about what companies are doing with respect to securing their software via supply chain and direct action.Jeff contends this is a good thing and it's hard to argue that transparency drives good - however - I'm always curious what this does to those who struggle toafford to do better, which is what the vast majority of vendors to FedGov are.Interesting discussion, join us!YouTube Video: https://youtube.com/live/iavtEVADp4gGuestJeff WilliamsLinkedIn: https://www.linkedin.com/in/planetlevel/Have something...
DtSR Episode 555 - Why Can't We Figure Out the Developer Security Relationship
TL;DR:On this 555th episode, James Wickett joins James and me on an interesting discussion on AppSec, developer relationships, and why we just can't seem to make it work. Or maybe we're making it work but not giving ourselves credit? Listen in to this conversation and find out. This one will hook you in, as James, James, and I have a slightly depressing conversation that I think ends in something to be hopeful about.YouTube video stream replay: https://youtube.com/live/UIXtZy61CKU Guest:James WickettLinkedIn: https://www.linkedin.com/in/wickett/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn...
DtSR Episode 554 - This is Why AppSec Can't Have Nice Things
TL;DRThis week's episode goes down the AppSec rabbit hole with Francesco Cipollone (call him "Frank") as we discuss some of the ins and outs of the modern software security challenge. We're all over the place on topics, but the message, in the end, is sane.YouTube video replay: https://youtube.com/live/tJ6pvV3f0uA Guest:Francesco CipolloneLinkedIn: https://www.linkedin.com/in/fracipo/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 553 - Leadership Series - Selling Cyber Security
TL;DR:In case you missed the epic LinkedIn Live livestream, here's the podcast version of the conversation with Chris Scanlan (President and Chief Commercial Officer at ExtraHop). James and I talk to Chris about his career, how he picks his next job, his team, and his thoughts on high-performance organizations. Sales is a topic many of our competitive podcasts in this space don't cover much - but I think it's worth the conversation to understand the seller-buyer relationship better because it's SO necessary to your work lives. Besides, Chris is a fantastic interview... enjoy it!LinkedIn Live replay: https://www.linkedin.com/events/dtsrepisode553-sellingcybersecu7062465900553146368/about/Guest:Chris ScanlanLinkedIn: https://www.linkedin.com/in/cscanlan/Have something...
DtSR Episode 552 - VPN And Other Dinosaur Tales
TL;DR:On this week's episode of Down the Security Rabbithole Podcast - Steve Riley visits to talk tall tales of VPN and other connectivity of yore, what it's evolving to, and why it's a generational leap.The conversation with Steve is always a good one, and catch Steve here before you catch him on the Cloud Security Podcast (beat you to it guys!)GuestSteve RileyLinkedIn: https://www.linkedin.com/in/steverileysea/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 551 - Patching Prioritizing and Punting
TL;DR:On this week's show, Grant joins us to discuss an episode that draws inspiration from a LinkedIn discussion with Patrick Garrity [original post] (whom could not make our recording, sorry Patrick). The gist of it is this - patching is hard, there are now 925 KEVs (known exploited vulnerabilities) on CISAs list, and that's a truck-ton. The discussion threads the needle between whether prioritization matters at that scale, alternatives, and some reasons to give up hope altogether.Buckle up, this one's a rough one to be a passenger on.Join (or start?) the discussion on the podcast's LinkedIn Page, here.Video stream replay...
DtSR Episode 550 - Lift Shift and Fail to the Cloud
TL;DR:On this week's episode, the one and only Jeff Collins joins Rafal & James to talk about the shift to the cloud and what's gone wrong in the years since the collective "we" announced that the cloud was the answer. Feels like a decade has passed, and I think it has, since the start and we're observing increased complexity and varying degrees of security increase/decrease. What's next? Where are we right now? And what does it mean for security?Tune in, find out.YouTube video stream: https://youtube.com/live/Vdx73wpKzGAGuest:Jeff CollinsLinkedIn: https://www.linkedin.com/in/jmcollins/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link...
DtSR Episode 549 - Wheres The Beef From RSAC 2023
TL;DR:This episode is a bit of a rant, a bit of an analysis, and an interview with returning podcast guest Ray Canzanese, Jr. from RSA Conference 2023. Yep, I went so you didn't have to... so in this show you'll get a few impressions, and maybe you'll agree or disagree on the themes and things we're seeing.Maybe you'll even be compelled to write something up or leave a comment back?GuestRay Canzanese, Jr (Cloud Threat Research, @ Netskope)LinkedIn: https://www.linkedin.com/in/raymond-canzanese-jr-178a846/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter:...
DtSR Episode 548 - What's HR Got to Do With It
TL;DR:Cyber Security seems to always be a technical topic. This week, we're taking it down a different lane as we discuss HR (right, Human Resources, remember those folks?) with Tom Venables. Tom's got seat time in the space, consulting with HR partners for various clients so he knows a thing or two about the processes and where they break down.Listen in, and then go take a look at your own processes. Maybe you've learned something?GuestTom VenablesLinkedIn: https://www.linkedin.com/in/tom-venables-1346592/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 547 - Don't Believe All the Cyber Hype
TL;DR:This week on the podcast we have Nathan Hamiel, Senior Director of Research at Kudelski Security on the podcast to talk about HYPE. It's a conversation rooted in skepticism, but also optimism in a strange mix that only Nathan can bring from his extensive experience and well-thought-out talking points.YouTube Recorded LiveStream: https://youtube.com/live/ayPrWr-VWv0GuestNathan HamielLinkedIn: https://www.linkedin.com/in/nathanhamiel/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
TL;DR:Mark Simos of Microsoft joins Rafal & James this week to talk about why the 'tools-centric' security operations (SecOps) approach is failing us, and what an 'outcome centric' approach means and more importantly, how we get there. We discuss "vision versus execution", the history of "how we got here" and answer some questions we didn't know we had in the process. Mark's a wealth-spring of information on the topic, and his experience and time with the Open Group is huge for the work he's doing now to make tomorrow better for you all. Check out the podcast, and let us...
DtSR Episode 545 - Security Products Are Too Complex
TL;DR:This week's guest is Will Gragido, who has some significant experience developing security products. Will and I (Rafal) have a sit-down for a conversation about security products, their complexity then, now, and in the future. Point solutions, platforms, and portfolios - we discuss all the options you're faced with as a buyer - and attempt to suggest some solutions to the madness.GuestWill GragidoLinkedIn: https://www.linkedin.com/in/gragido/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 544 - CrowdStrike Global Threat Report March 2023
TL;DR:This week on the podcast, my buddy Adam Meyers graciously joins the show from his "undisclosed location" deep under the Meyers compound to break apart the latest threat report. I'm sure you've read it, but if you haven't you can get it at the link below. On this show, Adam and Rafal talk about what's in the report, what's not in the report, and the delta which brings up some interesting things in the evolution of threat actors and "bad guys". It's a podcast you don't want to miss because it feels like it's both a bellwether of what you'll...
DtSR Episode 543 - National Cyber Security Policy Daydreams (2023)
TL;DRThis week, on the podcast, Rafal and James host Brian Chidester and Jordan Burris to talk about the latest National Cyber Security Strategy from the Biden White House. It's an interesting piece of national policy that outlines our cyber security priorities as a nation - and you'll have to forgive me for calling it "aspirational".The four of us discuss the likelyhood of this strategy ever being fully implemented, which pieces are most likely to work and which ones will struggle, and ultimately what will be the result here.This is an important document - and if you're a defender or serious...
DtSR Episode 542 - Distilling 20 Years of CISO Wisdom
TL;DR: On this week's episode of the podcast, James joins me to co-host a great episode with an old friend - Ray Emerly. Ray is a long-time veteran of the CISO chair, and no stranger to working at all aspects of the security leadership role. We talk through a number of important topics, ask him what's changed (and what hasn't) and of course we have a stumper at the end. Listen to the end, or you'll miss a golden nugget. Guest Raymond Umerly LinkedIn: https://www.linkedin.com/in/rumerley/ Watch the Video on our YouTube channel https://youtube.com/live/x1trGIgZSF0 Have something to say? Let's hear it.Support...
DtSR Episode 541 - The Calculus of Cyber Insurance
** This episode is being re-published due to an issue with the RSS feed/provider ** TL;DR: We've talked about cyber insurance a lot here on this podcast, and this episode is yet another angle on the topic. Nate Smolenski joins us to discuss his view, from the perspective of a CISO. This is a great conversation for those who are still investigating Cyber Insurance, or realizing that their policies are astronomical, or trying to right-size their security program along with insurance. Video link: https://youtube.com/live/O0gpapA_r08?feature=share Guest: Nate Smolenski LinkedIn: https://www.linkedin.com/in/nathansmolenski/ Have something to say? Let's hear it.Support the show>>> Please consider...
DtSR Episode 540 - David Barton on Simplifying the Complex
** This episode is being re-published due to an issue with the RSS feed/provider ** TL;DR: This week I brought on David Barton the CTO of HighWire Networks - who knows a few things about a few things. We discuss the complex nature of our business, where things get weird, and how we can work to make them better. We talk about complexity, specifically, and what makes this such a difficult thing for our industry where simple is the arch-enemy of secure. Join us, and catch the video on the YouTube page (smash that subscribe button), or on LinkedIn. Video...
DtSR Episode 539 - SBOM Paving the Road of Good Intent
TL;DR It's been said that the road to hell is paved with good intentions. I feel like this applies to SBOM so much it's scary. All the good intentions in the world seemed to have led us to a place where we have tools that produce inconsistent results, tool sets that aren't necessarily integrated or mission-focused to deliver results, and a lot of confusion. Varun joins us with a boatload of entrepreneurial expertise and an eye for problem-solving so it's an interesting conversation. Join Rafal & James in a conversation that you'll want to listen to a few times, and...
DtSR Episode 538 - What the heck is a vCISO
TL;DR: This DtSR podcast brings back a good friend of the show, and one of the most experienced leaders I know - Mr. Jim Tiller. We talk about an interesting topic - the "virtual CISO". vCISO is interesting because as markets tighten, and it becomes more difficult tofind andafford good CISOs and security leaders in this market. So how can a company best utilize this part-time resource? We discuss... What are the best ways to utilize vCISO? What questions should you be asking? What are things to look out for? YouTube video https://youtube.com/live/OaYS0yEajQw?feature=share Guest Jim Tiller LinkedIn: https://www.linkedin.com/in/jimtillersecurity/ Jim's Security...
TL;DR: I'm extremely excited to present to you, dear listeners and friends, a wonderful conversation with Sergio Caltagirone, who is quite the authority on 'threat intelligence' - where others talk tools and limited knowledge, Sergio literally was there at the birth of the cyber dawn of the threat intelligence operations we know (or don't know) today. Sergio has been at an agency, at Microsoft, at Dragos - and he knows threat intelilgence from theory to applications. Listen in, learn a bit, and laugh along as the Chinese spy baloon (that's my story and I'm sticking to it) disrupts our communications...
Tl;DR: Automation. It's a precarious thing in cyber security. Whether you're thinking about SOAR, or incident investigation, or maybe SIEM (I'm sorry) - this conversation will be worth your time. Anton and Jonathan join us to talk about how "automation" has evolved over the last decade or so, and where it's largely failed. We also start to explore the future and requirements for how things can collectively improve. We think you'll enjoy the podcast... share it and we'd love to hear from you. Guests Anton Goncharov LinkedIn: https://www.linkedin.com/in/cybernode/ Jonathan Cran LinkedIn: https://www.linkedin.com/in/jcran/ Have something to say? Let's hear it.Support the...
DtSR Episode 535 - Let's Ask AI Security Questions
TL;DR A few days ago, my pal Kevin asked me if I had seen the LinkedIn post by Helen Patton that asked an interesting question of the podcast space... Her post made me think - why the heck not? So, I did. Thanks to Helen, whose idea this was - I hope you get a chance to watch and enjoy the outcome of your request ... we had far too much fun recording it. Here on this episode - which I promise you is 100x better on video, we have Anton Chuvakin, Kevin Thompson, and Jeff Collins joining Rafal &...
DtSR Episode 534 - The AppSec is Still a Mess
TL;DR On this episode, we welcome Josh Grossman - who has a pretty interesting perspective on AppSec, or Software Security, or (cringe) "DevSecOps". Josh has a bit of an edge on the subject, so he fits in with myself & James perfectly. We talk about where things stand from the vendor perspective, building programs, and why it takes to make a real impact, versus continuing to push a very large boulder up a very steep hill. Oh, hey, want to be on the show? Let us know a topic and your background and let's talk. Guest Josh Grossman LinkedIn: https://www.linkedin.com/in/joshcgrossman/...
DtSR Episode 533 - Maybe 2023 Won't Suck
TL;DR This week on 2023's first live-streamed episode (technical our first recorded in '23) our friend Larry Whiteside, Jr. joins us to talk about the prospects for 2023 and beyond. We discuss trends, make some rather sad predictions, and attempt to be hopeful about what the new year could bring us - if we don't find a way to walk ourselves off a cliff, first. It's a light discussion, that dives into some deep topics, and ultimately ends with some hope... 'ish. Join us! Oh, hey, since some of you are looking for a new opportunity in the new year,...
DtSR Episode 532 - Its the End of 2022 As We Know It
TL;DR Shawn Tuma, our favorite cyber legal eagle, joins Rafal & James to talk about the sorts of things we learned about 2022, in what could be confused for a year-in-review episode. We saw ransomware, big incidents, but overall ... things weren't the worst out there. If you missed our live-stream on LInkedIn (link below) you can replay that any time, or listen to this episode as a podcast. For 2023, I'm going to be tweaking some things to get us talking, sharing, and hopefully an even better experience of the podcast you already love. LinkedIn Live-stream re-play:https://www.linkedin.com/video/event/urn:li:ugcPost:7013670254237163520/ Guest Shawn...
DtSR Episode 531 - Security Guarantees, Warranties, and Insurance
Prologue This week James and I are joined by my good friend and many-timer on the podcast Brandon Dunlap, and our mad genius and serial entrepreneur pal Paul Calatayud to talk about all of these guarantees, warranties, and insurance. It's a strange discussion but quite necessary as the industry is littered with some of these offerings by providers and various software (security) vendors. These guarantees and warranties are made to make you feel better, but rest assured lawyers wrote these and there'salways a catch. The insurance conversation, that's a little different (way different) and Paul's got some interesting things to...
DtSR Episode 530 - The Bold and the Invasive
Prologue Karim Hijazi joins Rafal & James this week on the podcast to talk about some interesting trends and developments in the world of bad actors. It's an interesting update including some things I wasn't expecting to hear about how threat actors "hit back at" incident responders and threat hunters. This is a good conversation about the current threat landscape with an eye on the Russian hackers out there, and pretty good listening for anyone who wants an added dose of situational awareness. Links: Sneaky Hackers Reverse Defense Mitigations When Detected - https://www.bleepingcomputer.com/news/security/sneaky-hackers-reverse-defense-mitigations-when-detected/ https://cybernews.com/editorial/russian-hacktivist-real-dangers/ Guest Karim Hijazi LinkedIn: https://www.linkedin.com/in/karimhijazi/ Have...
DtSR Episode 529 - The CISOs Guide to Liability
Prologue This is a very interesting episode... Gadi Evron joins James and me on this slightly technically difficult (the IPoCP - IP over Carrier Pigeon - was awful at times) episode to talk about the CISO role and the potential liabilities that lie within. Whether we're talking about the Joe Sullivan case (and we're not, or we try not to), or we're generalizing about employment and legal culpability - this show traverses a lot of land and it's all worth your time. Hopefully if I did an OK job, you won't notice all the edits :) Pre-reading Blog post from...
DtSR Episode 528 - So Many Vendors, So Few Solutions
Prologue It's always a pleasure when I can get some friends together and banter on about a topic we all find interesting. This week's topic was supposed to be released a bit later, but it couldn't wait. We hadso much fun that I thought it needed publication right now. The premise is simple - have you looked around at how many security vendors there are and just asked yourself ... "Are we solving anything, or just adding to the mess?" That's what we did on this podcast. And yeah, we'd know because we have some life experience in this industry....
DtSR Episode 527 - Fun With Machines Learning
Prologue On this episode Rafal & James re-visit the concepts of machine learning, "artificial intelligence", and applicability to cyber security from Sven Krasser, Chief Scientist at CrowdStrike. Dr Krasser has been working on algorithms and computers analyzing massive amounts of data since the early 2000's so his analysis of today's "state of the art" and projections for the future are likely spot on. We have a little fun poking at industry buzzwords and make some real projections for where things are moving. If you're trying to sift through the hype and asking yourself is any of the "AI + ML"...
DtSR Episode 526 - Downmarket SecOps Reality
Prologue This podcast has attempted to go down-market a few times, with some success in discussing the important issues that service providers and security vendors oddly ignore. If you're not in the enterprise, you get ignored by 90%+ of the security vendor space, that's just fact, and that means that you're left to fend for yourself at the worst scale possible. That's unfortunate, in the long run, because as all the vendors chase enterprise vendors, they at the same time lament the poor state of downmarket security. This podcast addresses something that may be able to help. A long-time colleague...
DtSR Episode 525 - Practical Zero Trust
Prologue Are you sick of hearing "Zero Trust"? Do you, like us, also feel like it's a marketing buzzword, and then a cute concept that has a very difficult time in reality? Yeah, this episode is for you. David Fairman and Jason Clark, join Rafal to talk about what is essentially continuous signals evaluation, least privilege, and default deny with segmentation. All those things we love, and haven't done right. Guests Jason Clark LinkedIn: https://www.linkedin.com/in/jasonclarkfl/ David Fairman LinkedIn: https://www.linkedin.com/in/dfairman/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn...
DtSR Episode 524 - Cybersecurity Starts and Ends with Assets
Prologue This week, we take it back to the basics, that's right, thebasics, as we talk to Huxley Barbee about the need to identify and understand the assets on your network and in your various environments. A fascinating conversation with some history, some laughs, and some honest discussion a topic that's absolutely critical to cyber security. If you've not done so, go check out the conversation with Dell Technologies' John Scimone -- a CSO's perspective onfundamentals:https://ftwr.libsyn.com/dtsr-episode-513-cso-perspective-on-security-fundamentals which will give you some additional perspective on this issue. Guest Huxley Barbee LinkedIn: https://www.linkedin.com/in/jhbarbee/ Have something to say? Let's hear it.Support the show>>>...
DtSR Episode 523 - Practical SASE for the Masses
Prologue Today's guest helps James and Rafal attempt to unravel the completely confusing space of "modern remote access". Some call it SASE, some SSE, some ZTE and some are completely mad and still use the term VPN. Who knows who's right, or why any one is preferred over the other ...except Carlos Salas from NordLayer. Listen in, and give it some thought. Maybe you'll understand this big mess a little better by the end of the episode. Guest Carlos Salas, Engineering Manager, NordLayer LinkedIn: https://www.linkedin.com/in/carlos-salas-b89480187/ Get a special offer from NordLayer, because you're a listener of DtSR: https://nordlayer.com/dtsr Have something...
DtSR Episode 522 - Insuring Corporate Survival
Prologue It's been a while since we have done an episode on cyber insurance, in fact, the last episode was https://ftwr.libsyn.com/dtsr-episode-454-tpa-cyber-insurance-fact-vs-fiction back in July of 2021. So we revisit with the two experts plus a bonus guest for you. We look at the issues from the perspective of the broker, buyer, and lawyer -- a complete picture if I do say so myself! Story link in FastCompany: https://www.fastcompany.com/90781786/cyber-insurance-price-hikes-have-left-local-governments-reeling LinkedIn Live video stream (on-demand): https://www.linkedin.com/video/event/urn:li:ugcPost:6980210814192402434/ Guests Shawn Tuma LinkedIn: https://www.linkedin.com/in/shawnetuma/ Sean Scranton LinkedIn: https://www.linkedin.com/in/sean-scranton-2b24948/ Sebastian Avarvarei LinkedIn: https://www.linkedin.com/in/sebastianavarvarei/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the...
DtSR Episode 521 - The Peanut Gallery Takes on XDR
Prologue Our industry has been talking aboutXDR for a while now. Some people think it's the savior, some people think it's marketing garbage - and neither of them really understands what this "thing" named XDR is. Well, I figure we'll get some smart people on the podcast, people who live in this field and use this word a lot, and giddy up. This episode is slightly PG-13'ish ... because Anton has a potty mouth and I don't want to edit. Guests: Anton Chuvakin (Google) LinkedIn: https://www.linkedin.com/in/chuvakin/ Jamie Moles (ExtraHop) LinkedIn: https://www.linkedin.com/in/jamiemoles/ Bryan Lee (CrowdStrike) LinkedIn: https://www.linkedin.com/in/obiwanblee/ Have something to say?...
DtSR Episode 520 - The War With Online Scammers
Prologue We start Cyber Security Awareness Month - the 30-day window where corporate law requires you to check the box and take boring security 'awareness' training, then forget it November 1st. Not my favorite month... so what about scammers, criminals, and bad people who prey upon those who aren't covered by corporate mandated training? Join us, let's talk about it. Guest Michael Magrath LinkedIn: https://www.linkedin.com/in/michaelmagrath/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 519 - Insights From an Industry Leader
Prologue This week, Rafal takes the show on the road (literally) to Las Vegas for Fal.Con '22 -- this is CrowdStrike's premier global get-together of customers, partners, and industry experts to showcase some innovation and share ideas and insights. I wanted to say a big thank you to CrowdStrike -- all the folks who helped make this happen and continue to support this podcast and provide access to these fantastic guests. Thank you to Nick Lowe, Geeta Schmidt, Kapil Raina, and Bryan Lee for taking the time to share their unique insights. Guests Nick Lowe LinkedIn: https://www.linkedin.com/in/nick-lowe-cissp-7751a05b/ Geeta Schmidt LinkedIn:...
DtSR Episode 518 - Go Big or Go Home
Prologue Solving problems is a challenge not everyone is up for. The industry is littered with people and companies that bring small-time solutions to an industry begging and pleading for actual solutions. Jason Clark of Netskope, and long-time friend, joins James and Rafal to talk about the mindset and approach needed to solve BIG problems that change the game, change the landscape, and change our lives. Guest Jason Clark LinkedIn: https://www.linkedin.com/in/jasonclarkfl/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 517 - Two Truths and a Lie
For those of you paying attention - DtSR is officially 11 years old. This episode is the first episode of year (season) 12. WOW. Thank you for listening, sharing, commenting, and watching us live! Prologue We work in a weird industry where marketing has to make ever-more outrageous claims that product and service teams then have to attempt to live up to, but it's a way of life. Now, I'm not strictly speaking blaming product marketing people, but they do have some blame in this insane climate we find ourselves in. On this episode, two good friends - and professional...
DtSR Episode 516 - Breaking Bad on EAS
Prologue Fresh off his presentation at Defcon 2022, Ken Pyle joins Rafal to talk about the Emergency Alert System (EAS) he's been hacking since 2019 and discusses findings, challenges, and the work left to do. It's a fascinating conversation that will leave you wondering - how do we fix this clear and present problem, and more importantly...where else should we be looking? Guest Ken Pyle LinkedIn: https://www.linkedin.com/in/ken-pyle/ LinkedIn Stream (recorded): https://www.linkedin.com/video/event/urn:li:ugcPost:6971199601311694848/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 515 - Gadi Evron Talks PostBreach and Disinformation
Prologue This week's guest is always a great interview. Gadi Evron has been around the industry longer than it's been an officially named discipline. In this episode, he talks about post-breach standards and the apparent but not previously discussed need. He also breaks your brain with disinformation, which we only lightly touch on before realizing we need at least one more podcast to go deeper into the topic. Join us, and share this one, it's awesome. Guest Gadi Evron LinkedIn: https://www.linkedin.com/in/gadievron/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube...
DtSR Episode 514 - Adam Explains Everything
Prologue We've covered "threat intelligence" on the show a few times now, but the evolving nature of what threat data is, how it's useful, and how it enables defenders of a specific type identify malicious activity keep it interesting. This time around Adam Meyers of CrowdStrike joins Rafal to discuss threat intelligence, threat hunting, and clarifies some of the mis-conceptions and utilities around the topic. A good conversation for those defending their infrastructure and useful data points from someone who is a recognized expert. Adam joins us from his bunker, with all the elements you'd expect from Adam, so it's...
DtSR Episode 513 - CSO Perspective on Security Fundamentals
Prologue "Just do the basics!" "Remember the security fundamentals." ...sick of hearing those catch phrases without anything to actually get it DONE? Yeah, us too. This week we're joined by John Scimone of Dell Technologies to talk about his take on fundamentals both security and IT. His approach is notunique, per se, but it's one that works and it's repeatable. More importantly, he's willing to share his expertise and what he's done to be successful in raising the bar to his level of "good enough" -- so unless you've gotten where YOU want to be in those security fundamentals, it's...
DtSR Episode 512 - Why is Enterprise Security Program Maturity so Tough?
Prologue This week, long-time friend and well-known industry personality, Jessica Hebenstreit joins Rafal to talk about her journey in consulting to very large security programs and why maturity is elusive in many of those programs. As it turns out, maturity is influenced by many factors but highly dependent on actually solving problems and being able to show progress. This is an interesting conversation for anyone who wants to understand what's inside the head of a former practitioner who has ventured into the field to help others solve large-scale, complex, problems. Guest Jessica Hebenstreit LinkedIn: https://www.linkedin.com/in/jessicahebenstreit/ LinkedIn Live stream: (video!) https://www.linkedin.com/video/event/urn:li:ugcPost:6960010458405756928/...
DtSR Episode 511 - Managing Technical Teams
Prologue This week on the podcast, the one and only Tom Eston joins Rafal & James to talk about managing teams. Tom is a well-known personality who runs the "Shared Security Show" podcast -- which has been running even longer than we have, give them a listen if you don't already. Tom talks about the difficulties of managing, coping with various types of personalities, and helping employees thrive while finding the right balance between in-office and remote. Great show if you're in a leadership position, or hoping to be, managing technical teams. Guest Tom Eston https://www.linkedin.com/in/tomeston/ The Shared Security Show...
DtSR Episode 510 - The Big Services Discussion - Part 1
Prologue It's always a pleasure to have someone on the show who is an expert in their trade, someone who has experience, expertise, and depth of understanding like few others. In this case, James and I host Jim tiller - one of the people I consider a mentor and long-time friend, who is all of those things and more. Jim is a quintessential expert on cybersecurity services - and in this discussion we push some of the buttons that really get him talking, passionate, and dispensing wisdom. I hope you brought a notepad, because you'll want to be taking notes....
DtSR Episode 509 - The Shift Left Debate
Prologue James has been talking about "shift left" for a while so when Jeff Williams posted interesting research on LinkedIn - we jumped on an opportunity to have him on the show to talk about the subject. Let's face it, everyone is shifting left, and most of this is just marketing nonsense, but some of it is actually an attempt to push security "earlier" into the cycles - but is that good? Does it even make sense? Jeff kills one of my favorite, go-to, security myths about software security...and a fun discussion ensues. Join us, and maybe add to the...
DtSR Episode 508 - DNS Under Siege, So What?
Prologue DNS is a big topic, and you may be asking yourself why. Well, as we noted in a recent show ( https://ftwr.libsyn.com/dtsr-episode-504-dns-turns-40 ) DNS is officially middle-aged. And with that middle-age comes some more problems. These issues have caused a situation where it's increasingly evident that DNS needs to evolve, mature, or simply revise (2.0?) itself ... but into what? And why? Listen to Ken Carnesi from DNSFilter who joins James & Rafal to talk about the challenges and the future, and why it's still such a sh*tshow today. Guest Ken Carnesi LinkedIn: https://www.linkedin.com/in/kencarnesi/ Have something to say? Let's...
DtSR Episode 507 - Beyond NDR: Of Badguys and Bottlenecks
Prologue Let's start with NDR - Network Detection and Response - because it's not new, but the discussions lately have been very interesting. Is it still relevant? Does it have a place in today's hybrid and cloud world? Well, in this conversation with Raja Mukerji, co-founder of ExtraHop, Rafal tackles these questions and gets some interesting answers. For those of you who have followed for a while - I have a surprise reveal for you at the end.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter:...
DtSR Episode 506 - What the Heck is ASPM
Prologue As some of you know, I've been either in the AppSec space, or adjacent, since the fairly early days. I built a program at GE a million years ago, and worked selling dynamic web app testing software for many years. If you've been in the space, you can feel a little bit hopeless with all the different options, tools, and advice only to look at the stale OWASP Top 10 and wonder ...why aren't things improving? Matt Rose joins me in a post-RSA conversation about ASPM (Application Security Posture Management), and before you dismiss it as another analyst buzzword,...
DtSR Episode 505 - Reflections on RSA Conference 2022
Prologue RSA Conference 2022 has come and gone. Rafal was there for all the circus and madness, and sits down with James to discuss what was seen and heard. Also, you'll get some clips in here from some of the interviews from the show as Rafal caught up with some interesting vendors, old friends, and even some poetry. Guests Tyler Moffitt LinkedIn: https://www.linkedin.com/in/tyler-moffitt-29752050/ Rock Lambros LinkedIn: https://www.linkedin.com/in/rocklambros/ Matt Rose LinkedIn: https://www.linkedin.com/in/mattarose/ Dr. Khawaja Saeed LinkedIn: https://www.linkedin.com/in/khawaja-asjad-saeed-29b2a6a/ Ray Canzanese LinkedIn: https://www.linkedin.com/in/raymond-canzanese-jr-178a846/ Deidre Diamond LinkedIn: https://www.linkedin.com/in/deidrediamond/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to...
DtSR Episode 504 - DNS Turns 40
Prologue In this RSA conference-themed episode, I bring on Jonathan Barnett from OpenText Security Solutions to discuss DNS turning 40 years old. Yeah, it was originally invented in 1983 y'all. As DNS turns 40, some of the lingering problems are getting worse, some of the new solutions open up other problems, and we're all about solutions here so we tackle some of the things Jonathan is doing to address the issues. Interesting episode to ponder, and reflect on, as DNS turns 40 years old next year and we try and figure out "now what?" Guest Jonathan Barnett LinkedIn: https://www.linkedin.com/in/jonathan-barnett-61417313/ OpenText...
DtSR Episode 500 - Looking Back to Look Forward in Tech - Part 3
Prologue This is a bonus episode for the Episode 500 live-stream we did. I brought togetherCrowdstrike, OpenText,andNetskope technologists to talk about the technology they've worked with over the last 10 years, where it stands today, and what the future outlook looks like. It's a fascinating conversation from some of the most common vendors out there in security - and you're probably using or relying on their platforms -- so it makes sense to get their take on the past, present, and future of technology in our industry. Special thanks to Adam, Grayson, and Mark for taking the time out and...
DtSR Episode 503 - Blowing Up Your Cloud (Permissions Structure)
Prologue This week, we talk about the cloud in a different way than we have previously. We discuss "blast radius" with regard to vast numbers of roles and permissions inside of a public cloud infrastructure. The numbers are staggering and you'll likely find yourself asking the obvious question -- "How does anyone manage all of this, with any hope of getting it right?" The beginnings of that answer lie in this show. Guest: Arick Goomanovsky LinkedIn: https://www.linkedin.com/in/arick-goomanovsky/ Twitter: https://twitter.com/g00manoid/ Ermetic: https://ermetic.com/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube...
Prologue CMMC may be something you know nothing of, but if you're a government contractor, or work with government contractors of the DIB - you're probaby alll too familiar. For some, it's hell. For the rest, it's mostly insane. Jacob joins Rafal & James to educate us, and give us the reality of this set of standards. Guest Jacob Horne LinkedIn: https://www.linkedin.com/in/jacob-horne-cissp/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 501 - Netskope's Bad SaaS Report
Prologue This week, on the first post-500 episode, we welcome Netskope's Ray Canzanese to talk about the Cloud & Threat Report they just published ( https://www.netskope.com/netskope-threat-labs/cloud-threat-report ) which has some interesting bits in it. Ray discusses the details and some of the things that you won't find in the text of the report. Good conversation as Rafal & James break down the headlines.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 500 - Looking Back to Look Forward - Part 2
Prologue - Part 2 of 2 First - thank you to everyone who listens to this show, shares it, and has left us a review. You all are the reason these past 500 episodes got published, and why this show will keep going into the forseeable future! Link to video:https://www.linkedin.com/video/event/urn:li:ugcPost:6917850703235321856/ This episode features some of my favorite guests from the last 500 episodes, with something to say. We cover a lot of ground, totally unscripted, and we have opinions. Guests Jim Tiller LinkedIn: https://www.linkedin.com/in/jitiller/ Will Gragido LinkedIn: https://www.linkedin.com/in/gragido/ Diana Kelley LinkedIn: https://www.linkedin.com/in/dianakelleysecuritycurve/ Rob Hansen LinkedIn: https://www.linkedin.com/in/roberthansen3/ Anton Chuvakin LinkedIn: https://www.linkedin.com/in/chuvakin/...
DtSR Episode 500 - Looking Back to Look Forward - Part 1
Prologue - Part 1 of 2 First - thank you to everyone who listens to this show, shares it, and has left us a review. You all are the reason these past 500 episodes got published, and why this show will keep going into the forseeable future! Link to video:https://www.linkedin.com/video/event/urn:li:ugcPost:6917850703235321856/ This episode features some of my favorite guests from the last 500 episodes, with something to say. We cover a lot of ground, totally unscripted, and we have opinions. Guests Jim Tiller LinkedIn: https://www.linkedin.com/in/jitiller/ Will Gragido LinkedIn: https://www.linkedin.com/in/gragido/ Diana Kelley LinkedIn: https://www.linkedin.com/in/dianakelleysecuritycurve/ Rob Hansen LinkedIn: https://www.linkedin.com/in/roberthansen3/ Anton Chuvakin LinkedIn: https://www.linkedin.com/in/chuvakin/...
DtSR Episode 499 - Four Hundred Ninety Nine and Counting
Prologue Friends and colleagues - I want to thank you from the bottom of my heart. It almost brings me to tears that over the last 11 years you've been sharing, downloading, and talking about this little thing I started back in 2011. Incredible doesn't even begin to describe the ride so far. And to top it off, we've hit almost 32,000 downloads this month - the most we'veever gotten by almost 2,000 more. I'm flabbergasted. So this episode, it's just James and I - just us doing what we do. Thank you. We love you. Keep listening!Have something to...
DtSR Episode 498 - Living in the Tornado
Prologue Super pumped this week to have James Azar on the show. James hosts a collection of podcasts including one I try to catch as often as possible - https://www.linkedin.com/company/cyberhubpodcast/. We cover a lot of ground, but you'll walk away with James' words ringing in your head, I can almost promise you that. Guest James Azar LinkedIn: https://www.linkedin.com/in/james-j-azar/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 497 - Security Buzzword Bingo
Prologue This week, as we approach episode 500 and the extravaganza that it will be, James and I welcome my personal friend and all-around wonderful marketing dude, Russell Wurth. We joke about what's wrong with cyber-security, and why it's mostly marketing's fault. Join us, prep your buzzword bingo card, and have a drink in hand (unless you're driving, then please don't). Guest: Russell Wurth LinkedIn: https://www.linkedin.com/in/russellwurth/ Twitter: https://twitter.com/rswurth Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 496 - How to Win Friends and Influence CISOs
Prologue Have you noticed that the relationship between buyer and seller, or more precisely, between CISO and seller is... eh ... tenuous lately? OK, maybe it's a lot worse than that in some cases. Why is that? How did we get here? And how do we fix a relationship that is quite clearly necessary, but just so broken? Yaron Levi, long-time industry veteran joins Rafal to discuss the challenges and opportunities of the CISO - vendor relationship. Guest Yaron Levi LinkedIn: https://www.linkedin.com/in/yaronrl/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the...
Prologue This week, as Vladimir Putin's Russia continues to commit war crimes and genocide against the people of Ukraine, DtSR gathered a panel of experts to discuss and dissect the threat of a Russian-based cyber offensive against the west. Our panelists helped separate fact from fiction, and gave us some take-aways that we can use to rationally and realistically protect ourselves from this and other related threats. LinkedIn Livestream video recording: https://www.linkedin.com/video/event/urn:li:ugcPost:6915354239766568960/ Guests Karim Hijazi LinkedIn: https://www.linkedin.com/in/karimhijazi/ Joe Slowik LinkedIn: https://www.linkedin.com/in/joe-slowik/ Mattias Whln https://www.linkedin.com/in/mattias-w%C3%A5hl%C3%A9n-9b3b58201/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to...
DtSR Episode 494 - Forensics The Art of the Science Plus a Cat
Prologue Special thanks on this episode to OpenText for bringing Mike to us on this show. What a fantastic conversation about the state of forensics and a little bit of reminiscing too! This episode we talk forensics, and the art and science, plus how to build that back-fill of talent this entire industry is short on. Michael has decades of knowledge and experience, and it's a joy of a conversation. Also, if you're into nothing else on this episode, check out the world's cutest kitten. Come for the kitten, stay for the forensics goodness. Guest Michael Hill -- You'll have...
DtSR Episode 493 - Breaches: Is Anyone Learning Anything
Prologue A big Texas welcome back to the podcast to our friend Shawn Tuma, our legal-eagle in residence. This week Shawn talks to us about the cases he's involved in, and the types of trends he's seeing in his client base when being their breach coach, and fire-fighter guide. With all these breaches, and all this money and productivity lost - is anyone paying attention? Is anyone learning anything? Join us, Shawn will tell you. Guest Shawn Tuma LinkedIn: https://www.linkedin.com/in/shawnetuma/ Shawn's recent appearence on The Above Board Show: https://www.linkedin.com/feed/update/urn:li:activity:6909959787845730304/ Have something to say? Let's hear it.Support the show>>> Please consider...
Prologue This week, the guy with the best vendor hoodies ever is back! Philippe Humeau of Crowdsec joins us again to talk about some of the data his team have gathered, analyzed, and are using to crowd-source protection in the form of block lists. Anton Chuvakin joins us to bring his useful manner of snarkasm, just to keep us honest. Guests Philippe Humeau LinkedIn: https://www.linkedin.com/in/philippehumeau/ Anton Chuvakin LinkedIn: https://www.linkedin.com/in/chuvakin/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 491 - SOAR is Boring
Prologue I read an article the other day that got me thinking, and inspired me to get Wesley onto the podcast to talk about SOAR. Yes, SOAR is absolutely boring - but that's OK, isn't it? What's the actual purpose of SOAR technology, and where is it being utilized today? Are we getting the most of this, or is it just a boring fad? All this and more on today's show. Guest Wesley Belleman LinkedIn: https://www.linkedin.com/in/cyberwes/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
Prologue We open this episode with an acknowledgement of the crisis in Ukraine, as Putin's madness is unleashed. We stand with the brave people of Ukraine as they defend themselves from unprecedented evil. That said, this week James and I bring Grant Sewell onto the show. Grant has experience being a "behind the scenes" CISO, and more recently in a customer-facing role. We discuss the evolution of the CISO into a "trust officer" and the focus that takes. Guest Grant Sewell LinkedIn: https://www.linkedin.com/in/grantsewell/ Twitter: https://twitter.com/grantsewell Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above...
DtSR Episode 489 - Crowdstrike Global Threat Report Feb 22
LinkedIn Live stream (recorded): https://www.linkedin.com/video/event/urn:li:ugcPost:6895440886222643201/ DtSR LinkedIn Page (subscribe here!): https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Prologue This week is a slightly longer (oops) episode of the DtSR Podcast with a three-timer, Adam Meyers of Crowdstrike. Adam joins James and Rafal to talk about the latest Global Threat Report and all the trends and insights. There is a lot of good insight here, and if you want to catch the LIVE (recorded) video you can get that too! Don't forget to subscribe to our DtSR page on LinkedIn to get all the latest content. Guest Adam Meyers LinkedIn: https://www.linkedin.com/in/adam-meyers-7a58481/ Twitter: https://twitter.com/adam_cyber Have something to say?...
DtSR Episode 488 - Essential CISO Business Skills
Prologue This week I'm so thankful that James and I have the opportunity to talk to the authors of "The CISO Evolution" -- a fantastic book for anyone who wants to be, or is working as, a security leader. Rock and Matt join us to talk about the book, share some insights, and maybe answer a tough question or two. Guests: Rock Lambros LinkedIn: https://www.linkedin.com/in/rocklambros/ Rock Cyber: https://www.linkedin.com/company/rockcyber/ Matthew Sharp LinkedIn: https://www.linkedin.com/in/ciso-mba/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 487 - Software Supply Chain is a BFD
Prologue Continuing our thread on the software supply chain and SBoM (Software Bill of Materials) we bring in Ed Moyle who is writing a series on the subject for his column. Ed brings up some very interesting points on some key aspects of software supply chain including feasibility and asks that difficult question "So what if you get it?" Guest Ed Moyle LinkedIn: https://www.linkedin.com/in/edmoyle/ Must-read article: https://www.techtarget.com/searchsecurity/tip/4-software-supply-chain-security-best-practices Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 486 - SBOM in the Real World
Prologue SBoM ("Software Bill of Materials") is the new rage. Everyone's talking about it. What it means is you're expecting a list of software components and includes, libraries, etc that make up the software you're buying or using. The problem is, in real life, SBoM is exceptionally difficult and maybe even slightly impractical. Listen in as Rafal & James discuss SBoM in real-life scenarios with Paul Caiazzo -- a guy who's trying to make this idea work in his day-job. Guest Paul Caiazzo LinkedIn: https://www.linkedin.com/in/pcaiazzo/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above...
DtSR Episode 485 - YGHT Beating Ransomware at Its Game
Prologue Back in episode 469 ( https://ftwr.libsyn.com/dtsr-episode-469-yght-they-hacked-ransomware ) we brought Steve Perkins of Nubeva ("Cloud Go" in Portuguese) to talk about a very interesting "accidental" development. They'd figured out a way to steal encryption keys from ransomware, thus rendering itpotentially toothless. Well, now Steve's back with a product, and a way toreverse ransomware's encryption with minimal friction and withoutpaying the ransom. So ... yeah. Listen in.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 484 - Defrauding Mobile Payments
Prologue Have you ever made a payment from your mobile device, wirelessly using NFC? Of course you have, most of us have by now. Did you know there are some (or at least were) fairly significant design flaws, otherwise known as "features", in the various platforms? On this show, we're interested in learning more about Timur's research and what he's uncovered. You'll want to do what I did, check your phone's NFC payments settings, once this show is over.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page:...
DtSR Episode 483 - How Not to Screw Up Your Cloud
Prologue We have a repeat guest today! Mr. Mark Simos joins me once again to talk about Microsoft's Cloud Adoption Framework (CAF) and it's applicability to not only Azure, but also your other clouds. Building resilient and secure clouds isn't just about security, it's about design and architecture that adheres to good practices. Microsoft's CAF is fantastic place to start - listen here to learn more. Guest Mark Simos LinkedIn: https://www.linkedin.com/in/marksimos/ Twitter: @marksimos Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 482 - Tales of Wireless Hacking
Prologue This week, on a good start to the new year, Eric Escobar joins us to talk about hacking wireless - and a little bit of history on the topic. Taking us back to early wireless hacking where you had to have the right wireless PCMCIA card and drivers, to today where things are a little more complicated but oddly not too much has changed. Guest Eric Escobar LinkedIn: https://www.linkedin.com/in/eric-escobar/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 481 - Spies In Your Tech
Prologue Bentsi is a guy with some experience in the bad guy world when it comes to devices and gadgets getting compromised. In this episode, he tells us stories and anecdotes on things he's seen and the threats gadgets face. It's a very interesting discussion, and might just make you a little more paranoid before it's over. Guest Bentsi ben-Atar https://www.linkedin.com/in/bentsi-ben-atar-6b0128/ Check out Sepio - https://sepio.systems/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 480 - Juice Jacking
Prologue Have you ever plugged your smart phone, tablet or other "smart thing" into a power cable that wasn'tyours? I'm guessing you've answered yes - and if so, you need to listen to this episode. As we travel and move around with our smart devices, we don't always have our charging cables & blocks with us, and that can lead to disaster. Hear more from Robert Rowley on how "juice jacking" can cause security problems we aren't even aware of. Guest Robert Rowley LinkedIn: https://www.linkedin.com/in/robertlei/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above...
DtSR Episode 479 - Productivity of Jump Boxes and Bastion Hosts
Prologue In a technically deeper episode, Ev joins Rafal to discuss how security has made productivitychallenging at times, in terms of having to jump through hoops to get work done, and what we should be doing about it. Ev asks us to image an entirely new paradigm of productive access to necessary resources - so listen in and dream big with us. Guest: Ev Kontsevoy LinkedIn: https://www.linkedin.com/in/kontsevoy/ Teleport: https://www.linkedin.com/company/go-teleport/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 478 - Beyond Buzzwords: XDR
Prologue This week's episode is one of my favorite topics - marketing buzzwords. You've all heard the term "XDR" and wondered (probably like me) what the heck it is and how it's different than EDR or MDR. Do we really need more buzzwords? Mark Alba from Anomali joins me this week to discuss this, and I think it'll help sort things out for you, it sure did for me. I'm still not a big fan of new buzzwords, but at least I get it now. Guest Mark Alba LinkedIn: https://www.linkedin.com/in/markalba/ Anomali XDR Info: https://www.anomali.com/learn/the-impact-of-xdr-in-the-modern-soc-v2 Have something to say? Let's hear...
DtSR Episode 477 - Passwords are Dead and Other Fables
Prologue Welcome to the last month of 2021 - December. This month we have a few bonus episodes, starting with this gem on identity. We've got a great guest and Mike Kiser has some interesting opinions he's definitely not holding back on. Thanks for listening - we hope you enjoy this episode. And special thanks to SailPoint for bringing Mike to the mic. Guest Mike Kiser LinkedIn: https://www.linkedin.com/in/mike-kiser/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 476 - Securing Public Cloud with Azure ASB v3
Prologue Folks, the video of this episode which was live-streamed to our YouTube channel is here: https://youtu.be/IYVB_LNhURQ - and if you can, watch it. Huge mega-thanks to Microsoft and Lightstream for bringing together Jeff and Mark on this one to deliver some truly phenomenal content. This week is Azure Security Benchmark (not baseline, oops) version 3.0 hot off the presses. We talk about what it is, how to apply it, and where and why it's so useful for keeping not just your Azure public cloud safe, but also the "other" public clouds you use too. Guests Mark Simos LinkedIn: https://www.linkedin.com/in/marksimos/...
DtSR Episode 475 - Community Sourced Threat Instructions
Prologue Fair warning y'all, this episode may have been just slightly more fun than the Surgeon General allows. That said, on this one we not only made up some new terms ("Threat Instructions", Anton) but also had some fun describing what a well-functioning system of highly automate-able threat data would look like. And as it turns out, it's CrowdSec's "Fire" data set. Fascinating conversation, and most fascinating of all is that as Philippe described how it functions, Anton could find nothing wrong with it. Call me gobsmacked. If you're interested in participating in the Crowd, click this link - because...
DtSR Episode 474 - Unraveling Mountains of Evidence
Prologue Hey! Are you attending OpenText World Enfuse? If not, click here and check it out - it's virtual! Straight from Enfuse Chuck Dodson joins Rafal & James to talk about digital evidence collection, management, and processing in the realm of law enforcement. A fascinating look at the law enforcement side of things, and a topic perspective most of us never have occasion to think about, unless you're in the fight. Guest Chuck Dodson https://www.linkedin.com/in/chuckdodson/ OpenText World - Enfuse https://www.opentextworld.com/event/7653eae4-3cf3-4dfc-89f2-7c41e260aa89/websitePage:4b6071b8-edc1-4efc-888b-520c728292ff Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home:...
DtSR Episode 473 - Cyber Security by Executive Order
Prologue In this episode, we host a lady who only needs one name, like a movie or rock star. But "Jax" deals with topics we normal people don't have the stomach for, like CMMC and government security. In this episode, she joins us to talk about the current Executive Order on Cybersecurity ( Executive Order 14028, May 12, 2021 - https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity ) and the implications and impact it will, might, and could have. A fascinating discussion that's worth listening to, whether you spend time in FedGov, or not. Guest Jaclyn Jax Scott LinkedIn: https://www.linkedin.com/in/iamjax/ Company site: Outpostgray.com Blog: http://www.beansandbytesblog.com/ Have...
DtSR Episode 472 - Rick Howard on Trust and Tech
Prologue Let me start by saying how much I enjoy chatting with Rick Howard, today's podcast guest. Rick's been on before, and we always go long (especially on this one, sorry not sorry), but the content is well worth your time. On today's episode, we chat about "Zero Trust" and where technology meets concept, what's missing, and what's next. If you think you know all these is to know about Zero Trust, I promise you, you'll learn something new. Guest Rick Howard LinkedIn: https://www.linkedin.com/in/rickhoward/ Twitter: https://twitter.com/racebannon99 Rick's Show on CyberWire (Pro, subscription required): https://thecyberwire.com/podcasts/cso-perspectives Have something to say? Let's hear...
DtSR Episode 471 - TPA Threat Modeling the Software
Prologue On Episode 471, as we rapidly hurl towards our 500th episode, we bring back Chris Romeo to talk about threat modeling. Specifically, we discuss threat modeling of software - with developers, methodologies, silos, incentives, and outcomes all in play for discussion. Chris has been doing this a while, and has some deep insights into what it takes to make things work - and he we welcome your feedback on howyou do it. Guest Chris Romeo LinkedIn: https://www.linkedin.com/in/securityjourney/ Twitter: https://twitter.com/edgeroute Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home:...
DtSR Episode 470 - Security Leadership Insights from Ann
Prologue On this episode of the DtSR Podcast - Ann Johnson joins special guest-host Ken Fishkin of NJ ISC2 chapter, along with James & Rafal to talk about leadership, and sports apparently. Thanks to the NJ Chapter of ISC2 ( https://www.linkedin.com/groups/4425593/ )for submitting questions and Ken for joining us to guest-host. On this episodes, we ask Ann to talk to us about leadership challenges, and what's in store for the future. Also, we briefly talk sports teams and discover Ann is a Cowboys fan. Guests Ann Johnson LinkedIn: https://www.linkedin.com/in/ann-johnsons/ Twitter: https://twitter.com/ajohnsocyber Ken Fishkin LinkedIn: https://www.linkedin.com/in/kfishkin/ Have something to say? Let's...
DtSR Episode 469 - YGHT They Hacked Ransomware
Prologue This week on a ridiculously awesome episode of the DtSR Podcast the one and only Mr. Steve Perkins of Nubeva joins Rafal & James to talk about something worth shouting about. They've figured out how to beat ransomware... yes, there are a few 'catch' things, but the tech seems solid and the possibilities endless. Give this episode a listen, then scroll below to click the links, and give this a look for yourself! Guest Steve Perkins LinkedIn: https://www.linkedin.com/in/steve-perkins-1604b31/ Relevant Links Webinar coming up on session key intercept: https://info.nubeva.com/fall_2021 Email info@nubeva.com if you want to hear more, or partner with...
DtSR Episode 468 - TPA Another Journey Into Security
Prologue This week, we get to meet Sean Jackson. You may not know Sean, but his journey may feel familiar. He got here much like many of you, and his story of discovery and understanding of his role in the business as "the security guy" is something you should probably know. There are many paths into our profession, and there are many different ways to view what we do - Sean's is compelling as it is timeless. Give it a listen, and join me on his journey. Guest Sean Jackson LinkedIn: https://www.linkedin.com/in/74rku5/ Twitter: https://twitter.com/shunkydave Have something to say? Let's hear...
DtSR Episode 467 - TPA Chips and SLSA
Prologue This week, Kim Lewandowski joins Rafal & James to talk about Google's latest contribution to the Open Source software movement - Supply-chain Levels for Software Artifacts (SLSA). We have a great conversation, and I hope you guys go watch the video (when it comes out) and check out the axe in the background. I never did find the interesting logo Kim talks about- maybe one of you will find it and post it to #DtSR on Twitter! Guest Kim Lewandowski LinkedIn: https://www.linkedin.com/in/kimsterv/ Twitter: https://twitter.com/kimsterv SLSA Links https://cloud.google.com/blog/products/application-development/google-introduces-slsa-framework https://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html Have something to say? Let's hear it.Support the show>>> Please consider...
Prologue This week, fresh off his Twitter rant, Travis McPeak joins Rafal to talk about the goat rodeo that vulnerability management in the enterprise. Travis talks about the multitude of reasons vulnerability management is so difficult, and what we can be done about the whole mess. Great episode, lots of great discussion and big thanks to Travis for the contribution to the topic. This needs more discussion, folks! Guest Travis McPeak LinkedIn:https://www.linkedin.com/in/travismcpeak/ Twitter:@TravisMcPeak Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 465 - TPA Nic-NAC-Security-is-Whack
Prologue I have no excuses, and no ideas, how this show has made it so far without having the one and only JJ as a guest. She's been doing network security and architecture for a long time, in addition to being a force for good. Her focus on NAC (Network Access Control) shines through in this discussion too. Hilarity ensues. Guest Jennifer ("JJX") Minella LinkedIn: https://www.linkedin.com/in/jenniferminella/ Twitter: https://twitter.com/jjx Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 464 - TPA An Empowering Discussion on the Grid
Prologue This week our pal and previous guest Patrick Miller joins us to talk about the power grid, current state of the thing, and what he's working on in the power generation and distribution sector. It's a strange place where 8" floppy disks and DOS 2.2 still live. Yeah, go search those, you think there's a 0-day for DOS 2.2? Guest Patrick C. Miller LinkedIn: https://www.linkedin.com/in/millerpatrickc/ Twitter: https://twitter.com/PatrickCMiller/ Ampere Security: https://amperesec.com Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 463 - TPA Human Security Engineering
Prologue This week our friend Ira Winkler joins Rafal & James to talk about the human element in cyber security. Ira, like us, absolutely loathes the phrase "stupid user" - so you'll want to hear what he's working on, and his comments on the space.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 462 - TPA Aki Peritz on Open Source Intel
Prologue With all the craziness going on in the world, from terrorism, to catastrophically botched withdraws from a 20 year war, to the incredible proliferation of ransomware, and "cyber privateering" making a comeback in the news - it's as good a time as any to discuss open source intelligence, collection, and analysis. Aki is a guy who would know a little bit of something about the topic, because anytime someone has to choose the way they describe their past "work" - you know their background is pretty colorful. Guest Aki Peritz LinkedIn: https://www.linkedin.com/in/aki-peritz-483a994/ Have something to say? Let's hear it.Support...
DtSR Episode 461 - TPA Peacocking Without PCAPS
Prologue Let me start off by saying that this episode isn't about politics. It's about facts, claims made, and election security facts and myths. I want to thank Rob Graham for getting on the show and sharing his experience on short notice, and providing insights from Mike Lindell's "Symposium". It's truly eye-opening, and hopefully a conversation that strikes at the core of what we need to hear right now. Guest Robert Graham Twitter - https://twitter.com/erratarob Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 460 - TPA About CIAM and Other Auth
Prologue Thanks to Okta, for providing what is surely an entertaining (at least to record) and informative episode with some really cool guests. Bharat and John join James and Raf to talk about CIAM (a term Raf had to look up) and all things authentication history, past, and present. By the way, if you haven't registered, you should register for this very cool Okta Developer Day "Auth for All". Guests John Pritchard LinkedIn: https://www.linkedin.com/in/jpritchard/ Bharat Bhat LinkedIn: https://www.linkedin.com/in/bharatbhat/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page:...
DtSR Episode 459 - TPA A Defenders Endpoint Perspective
Prologue Big thanks this week to OpenText for providing access to Fabian Franco (go check out his bio below). He joins James & Rafal to talk about protecting endpoints, and some of the interesting things that go along with state-of-the-art detection and response capabilities. Also, if you'd be so kind as to support those who keep this show going, go check out the OpenText link below and give it a click, won't you? Why are there so many acronyms for endpoint defense? What do EPP, EDR, MDR, XDR mean and are they at all any different? Let's dive into this,...
DtSR Episode 458 - TPA Staffing Disasters We Created
Prologue This week we have the pleasure of having Kevin Pope, one of Raf's close and long-time friends, and someone who's had one heck of a journey into and through our industry. Kevin is a veteran, a security-curious, and cyber security professional - and he's also got some metered opinions too. We discuss hiring, staffing, and some of the issues we've collectively - and he specifically - have seen. Give this one a listen if you want to understand why we have the staffing problem in cyber-security that we do. Seriously. Guest Kevin Pope LinkedIn: https://www.linkedin.com/in/screamingbyte/ Twitter: https://twitter.com/screamingbyte Have something...
DtSR Episode 457 - TPA Foreign Adversaries Killing People
Prologue Huge thanks to Prevailion's Karim Hijazi for taking the time with us to dissect this Gartner headline and article on "adversaries killing people using OT". As we expected, a sensationalist headline, followed by some mildly fluffy stuff, with a kernel of truth. Good discussion nonetheless, though, and I even learned a thing. Links The Gartner article referenced: https://www.gartner.com/en/newsroom/press-releases/2021-07-21-gartner-predicts-by-2025-cyber-attackers-will-have-we Guest Karim Hijazi LinkedIn: https://www.linkedin.com/in/karimhijazi/ Previous episode: http://ftwr.libsyn.com/dtsr-episode-426-tpa-winning-intelligence-collecting-zombies Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 456 - TPA The Pandemic Meat Grinder
Prologue Frankly, we have no idea how we got through 450 episodes without interviewing Rich. No clue. Rich is a man of many talents including a trained responder for situations like we've been facing. He's also a cloud security specialist, and happens to do a half-dozen other things in his "spare time" too. In this episode we chat about what the pandemic has taught cyber security professionals, and what we'll come out the other side looking like. Warnings: Loki spoiler alert - oops, Rafal did this one Explicit language warning - Rich dropped some colorful language, deal with it Guest...
DtSR Episode 455 - TPA All The Reminiscing
Prologue It's been a long time, maybe forever, since James and I sat down and just chatted on the podcast. With all these amazing guests we have on the show it's easy to get caught up in the fun and forget to just have a two-person conversation every once in a while. With that in mind, we did it this week. We sat down, just the two of us, and chatted about the last few hundred episodes, the things that have stayed with us, and some things we wished would "get better" but alas... Jump in, this is a special...
DtSR Episode 454 - TPA Cyber Insurance Fact vs Fiction
Prologue Sean Scranton joins Shawn Tuma and myself to talk about cyber insurance, specifically, as it is a massive topic of discussion lately. Building on top of the "does cyber insurance even pay out?" question and exploring if cyber insurance will actually change the industry (as Jeremiah hints in episode 447) we traverse a lot of related topics and answer some good questions. This is one of the most informative episodes on this specific topic I've found out there - without all the usual propaganda. Huge thank you to Sean and Shawn for agreeing to take time away from client...
DtSR Episode 453 - TPA On Prioritizing Enterprise Vulnerabilities
Prologue Vulnerability Management has been a bit of a soapbox for me lately, and this episode brings in two experts on the topic directly from the enterprise to talk about how we prioritization, spreadsheets, and today's big vulnerability problem produces serious issues for enterprise professionals. The problem is as old as our profession, but in spite of the tools, testimonials, and hand-waving it's still a massive problem. Guests Britney Hommertzheim LinkedIn: https://www.linkedin.com/in/bhommertzheim/ Twitter: https://twitter.com/bhommertzheim Ace Moore Ace is incognito :) Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home:...
DtSR Episode 452 - TPA Burning It At Both Ends
Prologue On this episode of the podcast I have the pleasure of hosting one of my long-time friends and industry titan - Dawn-Marie "Rie" Hutchinson. She's fresh off of a stint as a CISO, and talking about burnout in our industry and beyond. It's always a pleasure chatting with a friend, but this is an important topic so extra thanks for sharing her knowledge and insights with us; working in a globally diverse and multi-timezone workforce isn't easy, and the lessons are useful! Guest Dawn-Marie "Rie" Hutchinson LinkedIn: https://www.linkedin.com/in/riehutch/ Twitter: https://twitter.com/CISO_Advantage Have something to say? Let's hear it.Support the show>>>...
DtSR Episode 451 - TPA Rockin It
Prologue My pal Rock has ventured off on his own, so I wanted to catch up with him and get a quick update on the state of business, but also get a sense for what he's seeing in the industry as he's advising companies and helping them through compliance and regulatory challenges. Fascinating conversation, always fun stuff. Guest Rock Lambros LinkedIn: https://www.linkedin.com/in/rocklambros/ Twitter: https://twitter.com/rocklambros Twitter: https://twitter.com/rockcyberllc Website: https://www.rockcyber.com/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 450 - TPA 3rd Party Risk Shitshow
Prolgue Ladies and Gentlemen - we've hit ** 450 ** episodes. Let me just take a moment and reflect on the number of awesome guests, long hours recording and editing, and all of you phenomenal fans and listeners spreading the show content. Episode 450 feels like the right one to drop an episode with one of my real-life best friends, British sensation, and perennial entrepreneur Vikas Bhatia. We drop the gloves and go after the shitshow that is third party risk management in modern day enterprise. There are answers, but not if you don't address it head-on. Guest Vikas Bhatia...
DtSR Episode 449 - TPA Tuma on A Watershed Moment for US Cyber
Prologue In this episode, our legal eagle Shawn Tuma is back to discuss the Colonial Pipeline incident and whether it could be a watershed moment for US Cyber interests. As Toby Keith's "Courtesy of the Red, White, and Blue" plays in the background, we discuss what's happened, what could happen, and what it all means. Guest Shawn Tuma LinkedIn: https://www.linkedin.com/in/shawnetuma/ Twitter: https://twitter.com/shawnetuma/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 448 - YGHT Knock Knock Who's There
Prologue You've GOT to hear this! This week on the podcast, I invited Martin Zizi of Aerendir, to talk about how we can use technology to not only distinguish between humans and non-humans (bots?) but also how to identify humans with staggering levels of precision - usingcommonly available and inexpensive components. He's got humor, an eclectic background, and great knowledge of the topic. Join us! Guest Martin Zizi Bio: Dr. Martin Zizi, MD-Ph.D, deep expertise in Molecular Biophysics and Neurosciences. He is one of the Founders & CEO of Aerendir Mobile Inc. He is the inventor of the NeuroPrint, a...
DtSR Episode 447 - TPA Software Security Liability and Insurance
Prologue I don't know about you, but I have Jeremiah in a list on Twitter that allows me to read/think about some of the things he posts without the noise of the rest of Twitter. Should a company that develops software be held responsible when a bug they missed is exploited? Why do we "Agree" on all those click-through agreements which basically disavow any responsibility, anyway? What about security tools - if they scan and miss a flaw that's later exploited, shouldn't they be liable? These and other salient topics are discussed in fairly great detail without all the usual...
DtSR Episode 446 - TPA AppSec Philosophy
Prologue When in Austin, TX ... meet up with some friends right? This week I have the pleasure of sitting down in-person with Joel whom has been doing the "AppSec thing" for longer than many of you who are reading this have been in our profession. Joel knows a thing or two - so we discuss a thing or two. Philosophy, history, and some ugly truths come out in a conversation that can only happen in-person. Guest Joel Scambray LinkedIn: https://www.linkedin.com/in/joelscambray/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube...
DtSR Episode 445 - TPA Non-Random Cyber Thoughts with Dave Marcus
Prologue I honestly am having a difficult time understanding how this show has gone so long, so many episodes, without sitting down with Dave Marcus 1:1. It hurts my brain. So I rectified this situation and here you are. Dave is one of the best humans in the industry, has a few truckloads of knowledge, and you could stand to learn something from him. Give this episode a shot. Warning: Dave drops a pair of F-bombs, and the show goes a little longer than most at >40 minutes. But it's well worth your time. I promise. Guest Dave Marcus Twitter:...
DtSR Episode 444 - TPA Gary is Awful at Retirement
Prologue I'm honored to have Gary McGraw on with James and myself on this episode. I hadn't realized, but Gary retired from (what was formerly) Cigital - and by retired I mean "started something new". Gary sucks at retirement, but he's brilliant and has a lot to say about machine learning and its applications, so you shouldreally listen in. No, "AI" isn't going to take over security - but it's work exploring the enormous contributions machine learning make to our lives and how they can be abused. Guest Gary McGraw Twitter: https://twitter.com/noplasticshower Home: https://www.garymcgraw.com/ Boards he's on: https://www.garymcgraw.com/technology/business/ Info on...
Prologue Chris Eng has been elbows deep in software security for a very long time. Times have changed over the last 20 years, as have tools, methods, and outcomes - what hasn't changed is how much security debt we keep amassing in our applications. How bad is the problem, and what can be done? Tune in and find out what we think. Guest Chris Eng LinkedIn: https://www.linkedin.com/in/chris-eng-ab51331/ Twitter: https://twitter.com/chriseng Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 442 - S11E15 - TPA Fighting the Good Fight
Prologue This week, the show is back after a brief spring break, and we have with us Dmitri Alperovitch - who has taken on a new venture in his latest role. We discuss cybersecurity policy, government's role in private enterprise defense, and why you should probably never run your own MS Exchange Server. Lots of great content from the always informative and entertaining Dmitri. Guest Dmitri Alperovitch LinkedIn: https://www.linkedin.com/in/dmitrialperovitch/ Twitter: https://twitter.com/DAlperovitch Silverado Policy Accelerator: https://silverado.org/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 441 - TPA State Secrets and Diplomatic Protection
Prologue ** First, before I say anything else, I want to thank Lonnie and his staff for their service to our country. Protecting diplomats is not an easy task I imagine, and being the most powerful nation on Earth, our diplomats are likely a target 24x7x365. ** This week, Lonnie Price joins me and James on the show for an intriguing talking through some very, very cool stuff. Now, this episode is special. Of course, every episode is special but some are more special than others. In this edition of the show we're talking to someone who keeps state secrets,...
DtSR Episode 440 - TPA Fighting Back Against ATO
Prologue Account Take-Over (ATO). You've probably not given this too much thought, unless you've had your account jacked. Whether it was someone stealing your Twitter account, or your bank account, or God-forbid your Facebook - you know the ramifications are serious. But how do you identify it, prevent it, detect and respond to it, and maybe even recover from it... at scale? Rafal's guest, Ari Jacoby of Deduce has some ideas. Ari talks about the broader ATO problem, and suggests some of the reasons it's gotten this bad (...how bad is it?...) and what companies that arenot in the Fortune...
DtSR Episode 439 - TPA Open Source Endpoint Defense
Prologue OK, say it with me, defender tools suck. They all have their own dashboards, data formats, ways to look at what's going on...and that wouldn't be bad if they even remotelyworked together. OSQuery isn't the end-all for endpoint tools, but it surely can tell you a whole lot about what's going on out there - and then you can actuallyintelligently do something. But it needs a front-end...so enter Fleet. This episode is all about defending the endpoint using open source, and Fleet/OSQuery specifically. Guest Zach Wasserman LinkedIn: https://www.linkedin.com/in/zacharywasserman/ Twitter: https://twitter.com/thezachw Fleet Open Source Device Management: https://fleetdm.com/ Have something to...
DtSR Episode 438 - TPA Implementing Zero Trust Principles
Prologue This week on a very cool conversation, Rafal snags a chance to do a virtual sit-down with Yuri all the way from the Netherlands. Yuri is one of the quintessential experts on Zero Trust (not the commercial tools stuff, but principles and foundations) and you need to hear his take on how we get it implemented, where, and why. Guest Yuri Bobbert LinkedIn: https://www.linkedin.com/in/yuribobbert/ His book "Leading Digital Security": https://www.linkedin.com/pulse/new-book-leading-digital-security-yuri-bobbert-1f/?trackingId=%2Fwm4S897TnSMTgkDszCDJQ%3D%3D Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 437 - TPA Healthcare IT Under Siege
Prologue This week, DJ McArthur joins James and Rafal to talk shop about his career in defending healthcare IT. The Cliff's Notes version is that it's more complex, more under siege, and more critical than ever. No problem, right? This episode has been a long-time coming, and DJ is an honest-to-goodness expert in the field. He teaches classes on this topic which you may just want to go and look up if this is your thing. Guest DJ McArthur LinkedIn: https://www.linkedin.com/in/dj-mcarthur-74364b24/ Twitter: https://twitter.com/djmca5280 Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support...
DtSR Episode 436 - TPA A Dev Perspective on AppSec
Prologue Continuing what accidentally became a series of AppSec or Software Security focused episodes, #436 takes it from yet another direction. Rey joins us to talk about AppSec from his perspective - that of a life-long developer that's moved into software security. It's been an interesting journey, and while some of the things we discuss aren't necessarily revelations - listen for the subtle clues about what software security teams are doing wrong in the corporate enterprise... you'll hear it. Guest Rey Bango LinkedIn: https://www.linkedin.com/in/reybango/ Twitter: @ReyBango Have something to say? Let's hear it.Support the show>>> Please consider clicking the link...
DtSR Episode 435 - TPA WPScan and Wordpress
Prologue Episode 435 is packed with OpenSource goodness, talking about WordPress and WPScan with Ryan Dewhurst. Ryan started WPScan (a tool you probably use as a security practitioner) and has now made a business out of it. He spends a half-hour discussing the product, his road, and Wordpress/security in general and includes some plans for the future. Guest Ryan Dewhurst LinkedIn: https://www.linkedin.com/in/ryandewhurst/ Twitter: https://twitter.com/ethicalhack3r Website: https://wpvulndb.com/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 434 - TPA Open Source Software Security
Prologue This week, Jennifer Fernick of NCC Group joins me to talk about her work with open source software and security. With a storied career, Jennifer is well-qualified to talk about some really interesting topics, but finding bugs in open source software, at the scale we need it to be done, is a monumental task. If you're a developer and keen on innovation and open-source, and know security or are interested in learning more - I encourage you to go check out the Open Source Security Foundation here: https://openssf.org/ Guest Jennifer Fernick LinkedIn: https://www.linkedin.com/in/jenniferfernick/ Have something to say? Let's hear...
DtSR Episode 433 - TPA Leading the Alliance
Prologue: This week, Gary Latham joins the podcast to talk about taking the reigns of the Security Advisor Alliance, at a pivotal time for the organization. If you don't know about the SAA,I highly encourage you to check it out here:https://www.securityadvisoralliance.org/ Guest Gary Latham LinkedIn: https://www.linkedin.com/in/gary-latham-8bb62925/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 432 - TPA Identity and Trust
Prologue On this week's episode of the podcast, boomerang guest Robb Rock joins Rafal to talk identity, trust, and what's happened since the last time Robb was on the show (which was in 2016!). Of course they talk about the "big hack", and retreat into identity, Zero Trust, and the challenges of mid-market companies trying to do their own security. The lesson here? "The more we learn, the more we recognize we know very little." Guest Robb Reck LinkedIn: https://www.linkedin.com/in/robbreck/ Twitter: @RobbReck Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the...
DtSR Episode 431 - TPA Medical IOT
Prologue This week on DtSR, an old friend Jamison Utter joins Rafal to talk aboutmedical IoT devices, and what makes them different -- and of course, how we can better protect them. Jamison's company, Medigate, is a healthcare securityand medical analytics company - and it's an interesting discussion on how this type of IoT differs from others with security implications. You'll want to listen in, since the "Internet of Things" discussion is getting very varied, and you need to keep up. Guest Jamison Utter LinkedIn: https://www.linkedin.com/in/jamisonutter/ Twitter: https://twitter.com/jamison_utter Company website: https://medigate.io Have something to say? Let's hear it.Support the show>>>...
DtSR Episode 430 - TPA What We Learned in 9 Years
Prologue David was a guest on the podcast many years ago, back in episode 7. We had a great conversation and it's interesting to see how so many of the topics have evolved in the last nearly a decade. Or not. Guest David Elfering LinkedIn: https://www.linkedin.com/in/aroundomaha/ Twitter: https://twitter.com/icxc Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
You Gotta Hear This! [YGHT] This special edition of the Down the Security Rabbithole Podcast is the first of it's kind. For 2021 I've decided to throw in a bonus episode here and there that doesn't necessarily fit the typical format when I find something interesting, or a topic or person worth your time. Right now, with CrowdSec is that time. Philippe Humeau is a wealth of information and the CEO of CrowdSec - a company that's picking up where someone else left off and making crowd-sourced security intelligence, free if you're a contributor to the system. Brilliant stuff... jump...
Prologue Let's start 2021 off right with a returning guest whose name you will want to remember. Joep (pronounced like "soup" but with a "you") Gommers the founder and CEO of EclecticIQ joins Rafal to talk about threat intelligence - from platforms to TIPs, use-cases, implementations, limitations, and the move to TIM. It's a fun conversation that looks at where "threat intelligence" started, and where it's gone over the last 5 years or so. If you're a threat intel analyst, another consumer, or even a vendor, you'll want to listen up carefully and maybe take notes. By the way we...
DtSR Episode 427 - TPA Security Beyond the RegExp
Prologue This week, on the last episode of 2020, Michael Coates joins Rafal to talk about wire-speed-data-protection. Sort of like CASB but more universal. Interestingly, Rafal and Michael talk through how DLP has evolved and into what, and some interesting developments along the way - then the promise of something better. Guest Michael Coates LinkedIn: https://www.linkedin.com/in/mcoates/ Twitter: https://twitter.com/_mwc Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
Prologue First and foremost, thank you toPrevailion for giving us some of Karim's time, and content for this episode. Adversary intelligence is critical to protection and defense, so the methods and means in which it's gathered, refined, and provided back into the industry is always a great topic of discussion. I can't stress enough how much I recommend going and doing this - https://www.prevailion.com/claim-your-apex-platform-account/ which isfree and can give you an idea of whether you have some of those pesky "bad actors" running around your infrastructure stealing your critical assets. Guest Karim Hijazi LinkedIn: https://www.linkedin.com/in/karimhijazi/ Is YOUR org compromised?: https://www.prevailion.com/claim-your-apex-platform-account/...
DtSR Episode 425 - TPA Being Media Trained
Prologue This week, one of my old allies in the advocacy for sane media appearance joins James and me on the podcast. We talk about being a media liaison, managing speakers and security types with lots to say and few f***s to give for the media. It's an interesting conversation if you want to hear about what your media and PR person has to go through. Guest Diana Wong LinkedIn: https://www.linkedin.com/in/dianawong1/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 424 - SOC Fight 2020
Prologue Fill up your coffee cup, find a comfortable seat, and get ready to dive into this show! Richard & Anton join James and Rafal to discuss the SOC and it's evolution (or not) in today's enterprise. What are the major issues with SOCs today? What will the SOC of tomorrow be like? Does anyone know why Anton's hair is so nutty? These and other questions will be answered, maybe, on this show... so listen in and please give us some love on the socials. Guests Richard Steinnon LinkedIn: https://www.linkedin.com/in/stiennon/ Twitter: https://twitter.com/stiennon Anton Chuvakin LinkedIn: https://www.linkedin.com/in/chuvakin/ Twitter: https://twitter.com/anton_chuvakin Have something...
DtSR Episode 423 - TPA Malware and Other Bad Things
Prologue This week,virtually live fromEnfuse 2020 we've invited Grayson Milbourne, who is the Director of Security Intelligence at OpenText (formerly Carbonite/Webroot), to the show to talk about his work, malware, and the ever-evolving battle between good and evil'ish. This is a unique look at the intelligence, research, and innovation that goes into anti-malware tools and the arms race between attacker and defender in the real world. Guest Grayson Milbourne LinkedIn: https://www.linkedin.com/in/themilbourne/ Twitter: https://twitter.com/gmilbourne Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 422 - TPA Blurry Ethical Lines
Prologue: This week is a TREAT for you Down the Security Rabbithole Podcast listeners. Before she does her keynote on the topic, you'll get to hear Tarah Wheeler's take on the graying lines of privacy, security, and ethics. Just because we can ... does that mean we should? Lots of interesting discussions, and some totally nerdy andpedantic references you'll want to listen to a few times. Week 3 of OpenText's Enfuse Conference 2020 is kicking off with Tarah's keynote, and if you haven't checked in, or signed on, maybe this will convince you! Give her keynote a listen... Guest Tarah...
DtSR Episode 421 - TPA Holding the Public Ransom
Prologue Welcome to week 2 of our coverage of the OpenText Enfuse conference! This week I'm super excited about two very cool guests - Brian Chidester and Tyler Moffitt. Y'all know Brian who is now officially a multi-time returning guest, and Tyler's background is pretty cool (literally, you'll know what I mean when I post the video hopefully soon). Huge thanks to OpenText for giving us access to these great guests. Go check out #EnfuseOnAir (on Twitter's hashtag) with the links below: Links: Conference link - https://www.opentext.com/enfuse General Registration link -https://web.cvent.com/event/d634f034-3b46-432a-ae21-4be1ca3fb1cf/regProcessStep1?RefId=enfuse2020-ppctx&rp=00000000-0000-0000-0000-000000000000 OpenText security handle -- https://twitter.com/OpenTextSecure Guests: Brian Chidester LinkedIn:...
DtSR Episode 420 - TPA Virtually Live from Enfuse 20 Overview
Prologue This week on DtSR Anthony Di Bello from OpenText drops by the show to talk about Enfuse, and the future of forensics, eDiscovery, and cyber security - and happens to let out a few details of the Enfuse 2020 conference kicking off this week. Anthony's always a great interview and of course we talk about my favorite topic lately - "convergence" of security disciplines. Join us - and if you're so inclined,virtually attend Enfuse 2020 by clicking over here: REGISTER FOR ENFUSE 2020. Guest Anthony Di Bello LinkedIn: https://www.linkedin.com/in/anthony-di-bello-29b419b/ Have something to say? Let's hear it.Support the show>>> Please...
DtSR Episode 419 - TPA CISOs in Covid Times
Prologue This week James and Rafal have the pleasure of being joined by Allan Alford, from his work-cave somewhere near Dallas, TX to talk about what we're hearing and seeing as we advise CISOs during the times that Covid brings. We discuss budgets, priorities, and "good enough" security strategy in a weird time in our industry and world. Guest Allan Alford LinkedIn: https://www.linkedin.com/in/allanalford/ Twitter: https://twitter.com/AllanAlfordinTX/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 418 - TPA Another Security Inflection Point
Prologue This week on DtSR, John Steven joins Rafal & James to talk about an inflection point in security that's happeningright now.As you may notice, everything about security is changing, especially in the AppSec space... listen in and you'll hear John's thoughts on a very interesting time to be in the industry. Evolve, or die... Guest John Steven LinkedIn: https://www.linkedin.com/in/m1splacedsoul/ Twitter: https://twitter.com/m1splacedsoul Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 417 - TPA Budgets and Breaches
Prologue This week on DtSR my long-time friend and pragmatic alter-ego, Chris Abramson, joins me to give a sneak peek at what you can expect on thenew podcast we're launching together in a few weeks... and also to discuss the "budget before breach/budget after breach" meme going around LinkedIn. We discuss security, budget, process, threat modeling and a half-dozen other things you'll just have to listen to the show to hear. Guest Chris Abramson LinkedIn: https://www.linkedin.com/in/chris-abramson-29a9b2b/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 416 - TPA A Newer New Hope
Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 415 - TPA Man Algorithm Machine
\\Prologue As I was scrolling through LinkedIn looking for interesting things to read, who should scroll by but one Sven Krasser, whom you may remember from a few episodes ago ( http://ftwr.libsyn.com/dtsr-episode-261-deeper-down-the-ml-rabbit-hole ) - OK it was a long time ago now. We talk briefly about machine learning, algorithms and other relevant things and have a little fun in the process. I hope you enjoy the episode! Guest Sven Krasser Twitter: https://twitter.com/SvenKrasser LinkedIn: https://www.linkedin.com/in/svenkrasser/ His blog: http://www.skrasser.com/blog/archives/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter:...
DtSR Episode 414 - TPA Rick Howard's Almost Retirement
Prologue: This week on episode 414 of the podcast, I'm joined by Rick Howard who just retired ... no, wait ... scratch that, almost retired from Palo Alto Networks after a fantastic run. Rick tells the story of how he almost retired, why he's not on the beach somewhere yet, the Cyber Security Canon, and so much more. Join me, this week on the podcast, because you never know just how many more of these he'll agree to before he actually and truly does retire some day! Guest Rick Howard Twitter: https://twitter.com/raceBannon99 LinkedIn:https://www.linkedin.com/in/rickhoward/ Have something to say? Let's hear it.Support...
DtSR Episode 413 - TPA SOCs and Stuff
Prologue This week we welcome Greg Foss to the show - Greg has some experience in security operations and managing SOCs and such. He dishes, we laugh, we learn, and hopefully you'll enjoy. Lots of topics covered including my personal favorite: "tools in the SOC" - in which we discuss how tools are actually hurting SOC efficiency and such. Guest Greg Foss LinkedIn: https://www.linkedin.com/in/gregfoss/ LinkedIn: https://twitter.com/Heinzarelli Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 412 - TPA Consolidation Integration and Good Enough
Prologue: This week David Soto joins Rafal and James to talk about how throughout his career the cybersecurity landscape has evolved and the tools have consolidated, integrated, and how we're perhaps still misunderstanding "good enough". David of course has a very long and storied career where he's carried multiple roles from CISO to a consultant, so he has a depth of experience most of us don't get. He's great to listen to, as he shares his knowledge - tune in! Guest: David Soto LinkedIn: https://www.linkedin.com/in/dsoto/ Twitter: @David__Soto Have something to say? Let's hear it.Support the show>>> Please consider clicking the...
DtSR Episode 411 - TPA RSnake at Large
Prologue: This week, the one and only @RSnake joins us to just ... talk. We notice he has a few cameras too many, or maybe he's just being monitored? We talk about the big problems in the industry, what he's doing to solve them, and some other random things you'll have to listen to get. Guest Robert Hansen Twitter: @RSnake LinkedIn: https://www.linkedin.com/in/roberthansen3/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
Prologue: Because we can't get enough of Brandon Dunlap and Shawn Tuma over here on the podcast, here we go again. Last episode Brandon talked about responsibility and accountability - so when we saw the story about a CISO being indicted for being less-than-truthful to the FTC, we couldn't resist. This episode is powerful, and doesn't tiptoe around difficult topics. Guests: Brandon Dunlap Twitter: @bsdunlap LinkedIn: https://www.linkedin.com/in/bsdunlap/ Shawn Tuma Twitter: @shawnetuma LinkedIn: https://www.linkedin.com/in/shawnetuma/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 409 - Dunlap Time 2020 Edition
Prologue: Hey friends, it's Tuesday so time for another dazzling edition of the podcast. This week we welcome Brandon Dunlap - hair model, professional snarkist - back to the show. This is Brandon's fourth trip around the merry-go-round, so I think he holds the record now. Someone may want to fact-check that... Brandon talks about transitioning between roles, managing big orgs, very remotely, and of course "Would you ever go back to a CISO role?" Join us, and you may be able to help solve a mystery. Guest Brandon Dunlap LinkedIn: https://www.linkedin.com/in/bsdunlap/ Twitter: @bsdunlap (Hey, someone remind him that picture...
DtSR Episode 408 - Shawn Tuma Cyber Superhero
Prologue: This week, on episode 408 Shawn Tuma joins us again to talk about the legal side of cyber security. Shawn's one of the premier legal forces on breach law and litigation - you can fact check that - and it's great to have him on the show again. We talk through what's going on in laws, litigation, and whatever else is on his mind. Guest Shawn Tuma: Twitter: @ShawnETuma LinkedIn: https://www.linkedin.com/in/shawnetuma/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 407 - Marcs Wild InfoSec World
Prologue: This week, a legend of the InfoSec (or Cyber Security, for some of you) space joins me on the show. Marc Rogers has been the guy heading up Defcon security, and at the helm of the security function for some ... "highly visible" companies doing great amounts of good. Now, he's doing tremendous amounts of good during the global Covid-19 pandemic by providing cyber security services to besieged healthcare firms via the CTI League (check out their open letter here, as it may apply toyou.) Guest Marc Rogers Twitter: @MarcWRogers LinkedIn: https://www.linkedin.com/in/marcrogers/ CTI League: https://cti-league.com/ Have something to say?...
DtSR Episode 406 - Cybersecurity and the SMB
Prologue Cybersecurity is one of those industries where the one of the market segments that is the most desperate for support is also one of the segments that is the least supported. The Small and Medium Business (SMB) segment is largely ignored by most security vendors and service providers alike - and yet they need the most help. Kiersten has put in the work to build tools and resources (all free, by the way) for this dramatically underserved market segment. In our episode, we talk about challenges, resources, and opportunities before us. Join us! Guest Kiersten Todt LinkedIn: https://www.linkedin.com/in/kiersten-e-todt-73b81359/ Cyber...
DtSR Episode 405 - Hallmarks of Good Leaders
Prologue: This week, Rafal welcomes Wayne Reynolds, a veteran of not only our industry, but of the US Marine Corps - where he's been a leader in multiple scenarios. We talk about what makes good leaders, good and bad styles, and the things you need to know if you either WANT to be a leader, or you are looking to find someone who you want to work for. Huge thanks to Wayne for taking time out of his crazy schedule early in the morning to talk with us. Guest Wayne Reynolds LinkedIn: https://www.linkedin.com/in/wayne-reynolds-80593318/ Raf's note: It's been an honor and...
DtSR Episode 404 - The Wacky Wild World of OT
Prologue: This week, on the "Episode Not Found", Rafal and James host Robert Lee from Dragos. It's a conversation about Operational Technologies that includes a deep dive into the business and management side of Industrial Controls and the Energy Sector. Robert gives us a frank, no-spin walkthrough in the good and bad of the space and talks about some of the misunderstandings many of us have. A great episode if you're interested in the non-traditional cybersecurity sector. Guest Robert Lee Twitter: https://twitter.com/RobertMLee LinkedIn: https://www.linkedin.com/in/robmichaellee/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to...
DtSR Episode 403 - ReInventing the MSSP
Prologue: This week on the podcast, episode 403 features two good friends of mine Joey Peloquin and John "JP" Pirc. John and I talked about the awful state of the MSSP back in episode 395 (LINK) and I was challenged to do more than just talk about the sorry state of security delivered as a service. So, I called up some friends, and we talked it though. I'm curious - do you agree with us? Let us know on LinkedIn by going to our LinkedIn page, or on twitter using the hashtag #DtSR. Guests Joey Peloquin LinkedIn: https://www.linkedin.com/in/joeypeloquin/ Twitter: https://twitter.com/jdpeloquin...
DtSR Episode 402 - Life Security Adulthood
Prologue: First, I need to apologize for the quality of my (Rafal) audio. For a reason I don't understand, the Skype central record feature absolutely butchered it - could have been something on my end, I simply don't know. It should be listenable, albeit annoying. Second, huge thanks to Carlos for taking the time out of his busy morning from being a dad and his day job to talk to us. He's got a lot of really interesting and important things to share about his adventures in our industry and community - you should probably listen closely. Lastly - I...
DtSR Episode 401 - Vyrus Lessons in Red to Blue
Episode 401 Epilogue: This week, I got to sit down virtually with a long-time friend, and one of the most intelligent and quiet people you'll ever meet in InfoSec. My pal Carl Vincent (some of you may know him by other names) and I chat the transition from Red Team to Blue Team, tools, the state of the industry over the last few years, and just general conversation. The world around us has changed, and it's important to have real conversations with people who shaped the industry in ways you probably didn't know or realize. Guest: Carl Vincent LinkedIn: https://www.linkedin.com/in/mcarlvincent/...
DtSR Episode 400 - Tom Nichols on Expertise
Friends and Colleagues! We've made it. Milestone episode 400 of the podcast is here. And for the 400th episode I have none other than Mr. Tom Nichols. He's truly a qualified expert on a topic that needs some serious attention in today's world - expertise. In fact, he's written a book about it. Please enjoy this episode, share it, and I want to thank Tom for taking the time out of his crazy schedule to laugh, educate, and drop a little bit of snark into our day. Guest: Tom Nichols LinkedIn: https://www.linkedin.com/in/tom-nichols-94a7a23/ Twitter: @RadioFreeTom Go get and read his book:...
DtSR Episode 399 - Post-Pandemic Issues
Episode 399 ... what a crazy ride it's been. This week we have Brian Chidester - you may recall we had a chat with him on episode 379 which was recorded live at EnFuse Conference 2019 - back to talk about some of the things he's been hearing state and local security leadership talk about. Great conversation, lots of topics covered... you'll enjoy it. Also, next up - EPISODE 400! Guest Brian Chidester LinkedIn: https://www.linkedin.com/in/abchidester/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 398 - Leadership Series: Allan Alford
This week, episode 398 features our Leadership Series and the one and only Allan Alford. Allan has spent a long career building various security practices, advising boards, and generally doing great things. While we're at it, you should go check out and sign up for the RSS feed of "Defense In Depth" podcast that Allan is a co-host on. They have a great tagline: "Couples therapy for security vendors and practitioners". Check them out here: https://www.linkedin.com/company/ciso-security-vendor-relationship-series/ Guest: Allan Alford LinkedIn: https://www.linkedin.com/in/allanalford/ Defense In Depth Podcast: https://cisoseries.com/category/defense-in-depth Have something to say? Let's hear it.Support the show>>> Please consider clicking the link...
Welcome Down the Security Rabbithole to yet another edition of the DtSR Podcast. We we roll on towards milestone episode 400 James and Rafal discuss a topic that doesn't get nearly enough airplay - vulnerability management. This isn't just your dad's vulnerability scanning though, or is it? Have we doneanything exciting in this space in the last 15 years? Maybe... kind of...but the problem is much harder. Guest Ed Bellis Twitter: @ebellis LinkedIn: https://www.linkedin.com/in/bellis/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 396 - Verizon DBIR 2020 Analysis
It's Verizon Data Breach Investigations Report time again. This episode is a yearly walk-through of the DBIR, where Rafal and James once again welcome Gabe Bassett back to the show to talk data, graphics, and lessons we need to learn. Link to the report: https://enterprise.verizon.com/resources/reports/dbir/ Guest: Gabriel Bassett LinkedIn: https://www.linkedin.com/in/gabriel-bassett/ Twitter: https://twitter.com/gdbassett/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 395 - Can We Fix the MSSP
Special thanks to our friends at AlertLogic - for providing some great discussion points and John for the episode! This week, as DtSR hits episode 395 on our way to Episode 400, James and Rafal take some time out to ask: "Hey John, how's the hair?" It's great to be able to spend time with old friends and just talk about solving some long-standing problems our industry faces. One of the perennial favorites is why MSSPs are all terrible. Well - we have some ideas! Listen in if you've ever been frustrated with your MSSP... and are maybe interested in...
DtSR Episode 394 - High Profile Healthcare Security Leadership
Episode 394 Rafal & James host Keith Duemling from the Cleveland Clinic (talk about high-profile jobs!) to talk about security in the healthcare space, challenges, the future, and other random topics. Keith has spent a large part of his career leading healthcare organizations, so he has a lot to share. Listen in! Guest Keith Duemling - Director of Cybersecurity Technology Protection at the Cleveland Clinic LinkedIn: https://www.linkedin.com/in/keithduemling/ Twitter: @KeithDuemling Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 393 - Smartish Cities
Guess who's back, back again ... James is back, so listen in! So James is officially back after a bit of a hiatus from the podcast, and on this episode him and Rafal sit down over a fun interview with Matt Lewis Research Director for the UK with NCC Group. Matt is the primary author on a report on "Smart Cities", and it's definitely somethingyou should read. We talk about the report, discuss the true nature of asmart city and what it means to live in one. Pay particular attention to how difficult it was not to jump right into...
DtSR Episode 392 - Chris Nickerson is an Original
Ladies and Gentlemen, friends, countrymen, lend me your ears! This episode of DtSR features one of my favorite guests and one of the better storytelling from the "old days" opportunities I can recall. It also, not accidentally, features one of my favorite totally genuine people from our industry - Chris Nickerson. I think the best way to describe Chris is like a charismatic honey badger. And if you haven't had the pleasure, you can listen to this episode and get just a small taste of what he's been up to the last few years. Buckle in, it's story time. Guest...
DtSR Episode 391 - Unprecedented Cyber Badness
This week, I'd like to thank JD Work for taking the time to be on the show and sharing his professional experience and expertise with us. The space of cyber policy, at the national and international level, is growing by leaps and bounds; and difficult decisions are often debated even as rapid reactions have to be made. These are difficult times for policymakers in the theater of cybersecurity. JD is an expert in this space and provides some real inside into what's going on, what our policymakers are thinking. Guest JD Work LinkedIn: https://www.linkedin.com/in/jd-work-22096010/ Bio: JD Work serves as the...
DtSR Episode 390 - DFIR 20-20
This week, Brian Carrier joins DtSR to talk about digital forensics and incident response in 20/20. Forensics and incident response has had to evolve and change as devices become more mobile, smaller, and purpose-built. Brian talks through what this change has meant, and how tools and techniques have had to evolve to deal not only with the explosion of device types, but also sizes and various log capabilities (or none at all). Guest Brian Carrier Twitter: @Carrier4n6 LinkedIn: https://www.linkedin.com/in/carrier4n6/ Related episodes: DtSR Episode 365 - "Mountains of Data" DtSR Episode 320 - "Specializing in Forensics" DtSR Episode 264 - "Windows...
DtSR Episode 389 - Leading Cyber Security in Academia
This week, DtSR dives into security leadership with an academic twist. We have the pleasure of hosting Robert Turner, the CISO of the University of Wisconsin, Madison. This episode was recorded March 13th, 2020 right as the University and other institutions across the country and the world started their efforts to social distance and work from home due to the Corona Virus (Covid-19) pandemic. Special thanks to Bob for taking the time out of his busy day, and crazy schedule given the times, to give us insights on his strategy, challenges, and successes! Guest Robert Turner - https://www.linkedin.com/in/bob-turner-9936993/ Have something...
DtSR Episode 388 - The SIEM is Dead Long May It Live
Welcome to episode 388, an episode at least 5 years in the making...mainly because it's taken this long to figure out a good way to get Anton on the podcast! Now that he's not an analyst anymore, I snagged him for an honest and open conversation about the one topic he has more expertise in than most anyone I know - the SIEM. We wax philosophically, I manage to show my ignorance of the state of the art and history of SIEM, and we talk about where SIEM is going. Join us on a great conversation I am thrilled to...
DtSR Episode 387 - Remote Workforce Leadership
This week, as we all continue quarantines and work-from-home DtSR hosts Valentina Thrner,who is an expert on remote workforce leadership. Valentinaliterally wrote the book (From a Distance) and now she's on the show discussing how to be a leader when your workforce is remote. Additional Links and Resources 1:1s https://remote.co/creative-ways-get-to-know-your-team-when-work-from-home/ https://knowyourteam.com/blog/2020/02/19/how-to-coach-employees-ask-these-1-on-1-meeting-questions/ https://getlighthouse.com/blog/one-on-one-meeting-questions-great-managers-ask/ https://getlighthouse.com/blog/transition-to-remote-work-help-your-team/ - the blog has amazing resources apart from this article A great article on how to scale remote work: https://beau.blog/2020/03/remote-work-at-scale/ Recommended webinar: https://wordpress.com/blog/2020/03/06/a-crash-course-in-remote-management/ Quick guide on how to set up your remote working strategy: https://intenseminimalism.com/2020/quick-work-remote/ Guest 411 Valentina Thrner LinkedIn - https://www.linkedin.com/in/valedeoro/ Twitter - https://twitter.com/valedeoro Have something...
DtSR Episode 386 - Securing a Suddenly Remote Workforce
Covid-19 ... that's the headlines. Everywhere. The suddenly remote workforce is a problem for many enterprises, and as workers are forced to work from home - security is a problem. To that end, I snagged Brian Foster who has a long and storied history in our industry, to talk about what he thinks we should be thinking about. Listen in, share, and let's hear what you think folks! Stay safe and well and most of alldo not panic. Guest Brian Foster - https://www.linkedin.com/in/brianfoster1/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support...
DtSR Episode 385 - Malware on the Lifeline
Greetings! On this episode of the podcast we present to you an episode we recorded back in January (but then due to a storage error we lost temporarily) with Nathan Collier from Malwarebytes. Nathan reported some findings from his research that basically there was some pre-installed malware running around, impossible to uninstall, on low-cost mobile phones. That kind of villainy is unforgivable (praying on the weak!) so we wanted to hear the whole story...and then some. Here's one link to the full story, in case you're interested in reading it on your own... https://blog.malwarebytes.com/android/2020/01/united-states-government-funded-phones-come-pre-installed-with-unremovable-malware/ Guest: Nathan Collier - Malwarebytes Have...
DtSR Episode 384 - Zero Trust Redux 2020
This week Rafal hosts Dr. Chase Cunningham, Forrester analyst and all-around security badass to redux Zero Trust. The last time we tackled the topic was Episode 222 with John Kindervag back in 2016 - so it's time to see what's new. Zero trust is more than just firewall rules, and it encompasses a lot of security technologies we don't even think about - so this update is a great primer for 2020. Guest: Dr. Chase Cunningham - https://www.linkedin.com/in/dr-chase-cunningham-54b26243/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page:...
DtSR Episode 383 - The Jennifer Ayers Interview
Join Rafal & James this week, as they welcome Jennifer Ayers. Jennifer is the Vice President of Overwatch and Security Response at Crowdstrike. Rafal and Jennifer worked together "back in the day" so the conversation starts with a little storytelling from the old days, and then works its way into Jennifer's fantastic career and lessons learned over the years in her various leadership positions. Guest Jennifer Ayers - https://www.linkedin.com/in/jnayers/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 382 - Jeremiah Grossman Doing the Basics
This week on DtSR Podcast, a long-awaited guest joins us. That's right, the one and only Jeremiah Grossman joins us live from a tropical paradise, and you need to hear his message. On this show we cover history, "the basics", and the necessity to know what your security attack surface looks like. It's perhaps one of the least sexy topics ever - but if you ignore it, you're pretty much screwed. Guest: Jeremiah Grossman - @Jeremiahg - https://www.linkedin.com/in/grossmanjeremiah/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page:...
DtSR Episode 381 - 5G Security Implications
Welcome friends and fans! This week we go down the rabbithole with Russell Mohr of MobileIron as we talk about the security implications for 5G. The new standard unleashed upon the American consumer (but more importantly on the commercial market) is changing mobile communication and connectedness. About the guest... Russell Mohr is an expert in 5G and mobile technology, with a wide breadth of expertise in other areas as well. Apparently during the early part of the interview, he was attacked by a dog that tried to eat him (I may be guessing, but that's what it sounded like). LinkedIn:...
DtSR Episode 380 - Gadi Tells It Like It Is
Welcome to episode 380 of the DtSR Podcast. We have a special treat for you this episode, with long-time friend Gadi Evron, and he holds nothing back in his start discussion of our industry. We virtually guarantee this will quickly be your favorite episode...or at least your top 5. Highlights from this week's episode include... Gadi unloads on the 'attackers in the spotlight' nature of security conferences Gadi & Raf chat about 25 years of incidents and what it's leading up to Gadi is clearly not a fan of "Just do the basics" Raf & Gadi decide we're clearly going...
DtSR Episode 379 - IoT Transforming LE
This week, in our final (for real this time) episode recorded LIVE from Enfuse Conference 2019, courtesy of OpenText, we chat with Brian Chidester. It's a fascinating conversation about what the IoT world can (and is) do for law enforcement and government ... think smart cities + Cops. Highlights from this week's episode include... Brian shatters any last shred of privacy I could believe in through the millions of IoT devices out there 'for our protection' Brian reminds us hackers set of Tornado alarms around Dallas ... Brian and Rafal muse about FOIA in the digital age Brian talks about...
DtSR Episode 378 - Trending on CISOs
In our final "Live from Enfuse 2019" episode, I had the pleasure of sitting down with Paul Shomo to talk about some of the things he's talked to CISOs about as he travels and advises on behalf of OpenText. It's a pretty interesting conversation... Once again, thanks to OpenText for having the DtSR Podcast in Vegas! Highlights from this week's episode include... Paul and Rafal disagree on whether the cloud transformation is "almost over" or "just begun" Paul brings up the challenge of API security Rafal and Paul tackle security budgets - how much you spend vs how you spend...
DtSR Episode 377 - The Global War for Soft Power
Welcome to 2020, as Down the Security Rabbithole rolls on! This week we're back with a timely episode on the global war for soft power, with Andrea Limbago, Chief Social Scientist from Virtru. This is an interesting episode, touching on some topics such as privacy and censorship, and very timely. Highlights from this week's episode include... Andrea gives us a run-down on "soft power" and why it's important Raf starts down a rabbithole and gets "dropped" Andrea discusses how privacy regulation is impacting this space Guest Andrea Limbago ( @limbagoa ) - Chief Social Scientist at Virtru - https://www.linkedin.com/in/andrea-little-limbago/ Have...
DtSR Episode 376 - Protecting Our Kids Online
Merry Christmas, and a Happy New Year listeners of the Down the Security Rabbithole Podcast! This week the show focuses on one of the most important things any of us really have - our children. Protecting kids in an increasingly digital world is tough, but not impossible. We decided to bring Theresa Desuyo from Qustodio on the show this week to discuss what her company is doing, and the broader theme of protecting children online. Apologies in advance for Theresa's audio quality. Couldn't fix that in post. Highlights from this week's episode include... Rafal takes a shot at a sinister...
DtSR Episode 375 - Malcolm in the Middle (of a Career)
This week, DtSR is joined by Malcolm Harkins - former CISO of Intel and industry insider extraordinaire. Malcolm shares insights from his long and distinguished career so pull up a virtual chair, grab your notebook, and pull over because this is one that's a great listen. Highlights from this week's episode include... Rafal asks Malcolm why he doesn't job-hop like most CISOs Malcolm and Raf discuss the "feature economy" Raf asks Malcolm to predict the future Guest Malcolm Harkins ( @ProtectToEnable ) - Chief Security and Trust Officer at Cymatic https://www.linkedin.com/in/malcolmharkins/ Have something to say? Let's hear it.Support the show>>>...
DtSR Episode 374 - Mike Daugherty Looks In the Rearview Mirror
This week, on a very special show recorded from his home studio in Atlanta, Rafal welcomes Mike Daugherty back onto the show to tell the story of his crazy journey and battle with the FTC. Highlights from this week's episode include... Mike gives a recap of the road to where he got Rafal and Mike discuss the last few years since episode 171: "When the FTC Attacks" Rafal & Mike discuss the New Yorker article: https://www.newyorker.com/magazine/2019/11/04/a-cybersecurity-firms-sharp-rise-and-stunning-collapse Guest Mike Daugherty - ( @daughertymj ) - https://www.linkedin.com/in/michael-j-daugherty-7a500819/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above...
DtSR Episode 373 - Internet of Increasingly Smart Things
Welcome back for another great episode. This week we have a boomerang guest, Amber Schroader, recorded live in Las Vegas at Enfuse 2019. Highlights from this week's episode include... Amber wants a rockstar moment, but no confetti canons Amber dissects Apple, Android, and "other" mobile OSes We discuss machine-to-machine interactions ...so much more to discuss here! Guest: Amber Schroader ( @GingerWonderMom ) - https://www.linkedin.com/in/amberschroader/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 372 - Not the Rise of the Machines
This week on #DtSR (live from Las Vegas, Enfuse 2019 Conference) Rafal chats with Nick Patience of 451 Group. Nick has some expertise in ML and provides context and content that is badly needed to dispel the crazy marketing hype out there. Highlights from this week's episode include... Nick answers the "What is ML/AI, and what is it not?" We think Nick insulted machines by calling their learning potentially "shallow" (haha) Nick gives us the retail applications of machine learning - grocery stores and similar things Nick talks about "automating the mundane vs automating the complex" as problem spaces where...
DtSR Episode 371 - Advancing SOC-as-a-Service
First, and foremost, thank you to OpenText for having the #DtSR Podcast live and in-person in Las Vegas. Enfuse is a fantastic conference bringing together security operations professionals (forensics, threat hunters, SOC analysts), privacy, and legal professionals under one banner. It's a fantastic opportunity to hear some very involved talks, hear about the state-of-the-art, and join the conversation. Also ... the people you will meet there are amazing - guests and staff. Highlights from this week's episode include... Kevin gives us an educated, experience-based opinion on threat intelligence, threat hunting, and other various key terms Rafal make some snarky comments...
DtSR - This Just In - OpenText and Reveille Announcement Nov 2019
Dropping in for a quick announcement - youheard it here first! This week a few different announcements went out from OpenText, but this one caught my attention because it could honestly and truly be agame-changer for security and legal teams when it comes to breaches. Going beyond the typical EDR solution, this announcement may be able to shine light into the questions security and legal professionals need answered in the case of a breach. Check it out. Official Name: OpenText Content Security for EnCase by Reveille. Press release: https://www.opentext.com/about/press-releases?id=6A68BD4D22384A45A910DEFBD22BECBD Guests: Paul Shomo, Senior Security Architect, OpenText Brian Dewyer, CTO, Reveille...
DtSR Episode 370 - Gamifying InfoSec
Down the Security Rabbithole is back for Episode 370, and this week's podcast focuses on gamification, and it's applications to InfoSec. Big thanks to Chlo for joining us and sharing her knowledge. She's a legitimate expert in the field, so give this a listen. Highlights from this week's episode include... Chlo explains gamification Rafal and James ask some tough questions Chlo explains how games help us learn Much more, tune in! Guest Chlo Messdaghi ( @ChloeMessdaghi ) -VP of Strategy at Point3 Security. She is a security researcher advocate who supports safe harbor and strongly believes that information security is...
DtSR Episode 369 - Ransomware's End
Welcome to episode 369! This week Rafal talks ransomware andwelcomesOussama El-Hilali, Chief Technology Officer at Arcserve, andChester Wisniewski, Principal Research Scientist at Sophos to the podcast. Highlights from this week's episode include... Chester hits us with some staggering facts and figures about ransomware Rafal asks if companies should pay the ransom and ducks Oussama explains why backup companies and anti-malware companies should be besties Guests Oussama El-Hilali -https://www.linkedin.com/in/oussama-el-hilali/ Chester Wisniewski -https://www.linkedin.com/in/chester-wisniewski-b428241/ Links Arcserve landing page for more information -https://www.arcserve.com/partners/alliances/sophos/ Sophos press release on the alliance -https://www.sophos.com/en-us/press-office/press-releases/2019/09/sophos-and-arcserve-to-offer-all-in-one-data-security-and-protection-from-cyberattacks.aspx Have something to say? Let's hear it.Support the show>>> Please consider clicking the link...
DtSR Episode 368 - Contain(er) Your Security
Welcome to another edition of the DtSR Podcast! This week Liz Rice joins us all the way from the(still) UK, and James is back too! What a treat... join us and read the show notes! Highlights from this week's episode include... Liz explains containers, security, and gives us a foundation Liz explains the fundamental stages of securing containers Liz explains the model of different types of containers and the things you need to worry about Rafal asks "where do you install the agent?" Guest Liz Rice - ( @LizRice ) - Liz Rice leads Aquas technology evangelism activities in the...
DtSR Episode 367 - Cloud Babies
This week, #DtSR Podcast is recordedlive from Dallas at the Armor SecureCon inaugural user conference. Rafal had the occasion (and good fortune) to get a few minutes to sit down with Jeff Collins (CSO, Lightstream) and Kristopher Russo (Security Architect, Herman Miller) and chat cloud. P.S. - Welove in-person conversations! Highlights from this week's episode include... Jeff talks about Lightstream's cloud foundational framework and why it's a must-do if you're thinking cloud Kristopher some inner wisdom on architecture and business alignment Rafal makes a snarky comment about frameworks Guests Jeff Collins, CSO Lighstream -https://www.linkedin.com/in/jmcollins/ Kristopher Russo, Architect, Herman Miller -https://www.linkedin.com/in/krisrusso/...
DtSR Episode 366 - D I Why and How
Welcome Down the Security Rabbithole, to the DtSR Podcast. This week, Zac Rosenbauer joins us to talk about what it's like to be "the IT guy" who also has to be vigilant of security in a fast-paced startup...based on Google's cloud platform. It's a riveting episode that will give you some good guideposts if you're about to DIY. Highlights from this week's episode include... Zac introduces what it's like to work in a rapidly evolving startup We discuss some of the DIY that Zac has had to work with Wait ... compliance... Guest Zac Rosenbauer - VP of Technology at...
DtSR Episode 365 - Mountains of Data
Welcome back to another episode ... this one sets up DtSRs appearance at the Enfuse Conference 2019 in Las Vegas in November. Give this topic a listen, as it doesn't matter whether you're in legal, compliance, or security - you need to understand this topic well. We want to thank Opentext for sponsoring DtSR's trip out to Las Vegas for the conference, and of course we encourage you tojoin us out in the desert for another really well-done conference on the intersection of law, compliance, privacy, and security. Highlights from this week's show include... Anthony uses the phrase "data exhaust"...
DtSR Episode 364 - Interviewing Jerry Archer
Welcome! This episode of Down the Security Rabbithole Podcast was recorded live from Dallas, TX where the Security Advisor Alliance Summit 2019 was happening. One of the hardest working men in the business, Mr. Jerry Archer, stopped by and took a few minutes off his schedule to let Rafal interview him and get some of those amazing nuggets of wisdom and experience into your ears. Feedback, as always, is welcome! Highlights from this week's show include... Jerry sets the background for his knowledge by dropping his 40+ years experience Jerry talks about risk management and reporting to the board Jerry...
DtSR Episode 363 - That Oh Shit Moment
This episode was recordedlive from the Security Advisor Alliance Summit, 2019 in blistering hot Dallas, TX. If you don't know what the Alliance is, or are asking yourself why you should bother, click here and find out why this is one of those organizations that youmust be part of if you're serious about cybersecurity. Highlights from this week's episode include... Graeme introduces himself Rafal & Graeme talk about security atscale Graeme discusses some of the insights of the Equifax breach Graeme dispenses knowledge and experience by the truckload Guest Graeme Payne ( @Cybersecurity4E ) - Shelve whatever you think you...
DtSR Episode 362 - Real Security is Hard
Friends & Colleagues, this week I have the pleasure of being joined by one of my good friends and industry veteran - the one and only Jim Tiller. We revisit the things we talked about in Episode 102 and get an update on the state of security from a guy who would know. Pre-requisite listening: Episode 102 -http://ftwr.libsyn.com/dtr-episode-102-security-leaders-series-jim-tiller Highlights from this week's show include... Jim & Rafal talk about the "feature economy" that is the security vendor marketplace today Jim explains the statement "Complexity is the camouflage for bad guys" Jim explains what he believes security organizations have accomplished in...
DtSR Episode 361 - Your Adversary Problem in 2019
This week Adam Meyers joins James & Rafal to talk about the Crowdstrike Mobile Threat Landscape Report 2019 -https://www.crowdstrike.com/resources/reports/mobile-threat-report-2019/and the learnings and lessons therein. Highlights from this week's episode include... Adam gives us the lowdown on adversaries, in 2019 Adam bakes some bread Rafal asks who the biggest and baddest attackers are So much more... check out the link above, read the report! Guest: Adam Meyers -https://www.linkedin.com/in/adam-meyers-7a58481/- VP, Intelligence at Crowdstrike. We'll let him explain the rest... Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter:...
DtSR Episode 360 - Thwarting Bots and Frauds
This week, Rafal sits down in person with Sam Bouso of Precognitive, in Chicago headquarters to talk about some very cool tech that's probably only on the periphery of security. Give it a listen! Highlights from this week's show include... Sam discusses the problem that bots and fraud pose to not only digital commerce but overall digital interaction Sam and Rafal talk through the various buzzwords (machine learning, AI, etc) and their real applications here Sam talks through how algorithms and massive data sets can identify human from non-human So much more Have something to say? Let's hear it.Support the...
DtSR Episode 359 - Mind the Diversity Gap
This week, in the 2nd of two installments recorded live at Black Hat 2019, Alyssa Miller joins Rafal live to talk about some of the talks she's giving, and takes us back in time. Highlights from this week's show include... Rafal and Alyssa discuss the very real problems the lack of diversity in technology creates A jab is taken at the TSA ...because it's just too easy Alyssa revisits the 'castle analogy' for InfoSec and why it's so tough to get right Much more fun... you'll have to listen in! Guest Alyssa Miller ( @AlyssaM_Infosec ) - Alyssa's bio and...
DtSR Episode 358 - No More Crappy Job Hunts
This week on another jammed-packed episode, Rafal takes to Black Hat 2019 to interview some interesting guests that have something unique to tell you. We start with Deidre Diamond, the lady behind CyberSN - and why she's reinventing the way you get your next InfoSec job. Highlights from this week's show include... Deidre tells us a little bit about what's new at CyberSN Rafal & Deidre discuss the insane InfoSec job market Deidre explains why how she's planning on eliminating hiring bias in the InfoSec workforce The last time Deidre joined us was episode 337 -http://ftwr.libsyn.com/dtsr-episode-337-insights-on-cyber-talent For more, go to...
DtSR Episode 357 - Hacker Summer Camp 2019
This week, James and I sit down to think (and talk) through Black Hat (and Defcon) 2019. "Hacker Summer Camp" as it's affectionately known in the industry, is a rite of every summer...but is it delivering value to attendees, do we have the right audience, and is the content worthwhile? This and more... Highlights from this week's show include... Raf and James reminisce about summer camp days gone by Rafal addresses Dino's excellent-sounding keynote (abstract) Raf & James discuss the hype (or more precisely, the lack thereof) of this year's conference and why it's nice for a change All this...
DtSR Episode 356 - Its Been a While Andy
Welcome down the security rabbithole friends! This week, Andy Kalat takes a few minutes off from recovering to chat and comment on the state of security, and what's different since we first met back in... 2003? Fun episode... It's been a while, Andy! Highlights from this week's show include... Andy and Rafal try and figure out when they first met...in real life Andy points out the problem vendors suffer from "problem-scope-limiting" (this is an interesting one...) Are things getting better? The guys discuss...snark ensues Rafal asks Andy to predict what will change in the next ~5yrs Guest Andrew Kalat (...
DtSR Episode 355 - Threat Modeling Rides Again
My dear listeners - we have John Steven back on this episode! If you don't remember his first appearance, it's OK, it was a little while ago back on episode42 ...http://podcast.wh1t3rabbit.net/dt-r-episode-42-threat-modelingso it's been a while! Highlights from this week's show include... John gives us a run-down on the new things since the last episode James & John talk OWASP Top 10 The guys try to understand what happened to Threat Modeling, and security overall, over the last decade So much more, you'll have to listen Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above...
DtSR Episode 354 - Pragmatic Azure Security
Fans & Listeners! This week we have a treat for you... as this episode is recorded LIVE from Microsoft's Inspire 2019 in Las Vegas (where it was 117F) but the conversation here is way hotter. Highlights from this week's show include... What is Microsoft releasing to help guide secure Azure deployment? Mark and Jeff debate "What exactly is the value of "best practices"?" So much more packed into this extended episode! Links to things you need: Azure security guidance & best practices:https://aka.ms/AzureSecurityArchitecture Microsoft cybersecurity reference strategies:https://aka.ms/CISOWorkshop Things Mark thinks you should have handy:https://aka.ms/MarksList Guests: Mark Simos ( @MarkSimos ) -...
DtSR Episode 353 - Ira Winkler on Point
Yes, DtSR took a week off ... we were due. This week, Ira Winkler joins Rafal to go down the rabbithole and talk about his career, opinions on our profession, and other important stuff. Sit back, take notes, and enjoy. Highlights from this week's show include... Ira gives a run-through on his career and what's gotten him "here" Ira and Rafal discuss "breaking into security" and how it's being sold now, versus what realityshould be Ira gives us his take on training, certifications, career paths and the like Yeah, so much more... Guest Ira Winkler ( @IraWinkler ) - This...
DtSR Episode 352 - AWS REInforce Warm Up Episode
This week, ahead of AWS RE:INFORCE 2019 (the first one) Rafal gets a conversation with buddy Mark for a candid talk about the top 3 public cloud providers, and a little insight into the evolution of the industry ... or not... Highlights from this week's show include... What are we expecting from AWS RE:INFORCE this inaugural year? Mark gives us his take on the security in the three major public cloud providers Rafal and Mark reminisce about how things were...and where they are in terms of cloud, and security Mark and Rafal laugh about the opportunity security teams have right...
DtSR Episode 351 - Deeper Into the Microsoft Security Ecosystem
Thank you to Microsoft for sponsoring this show, and our podcast over the years... Highlights from this week's show include... Rob discusses what "Microsoft Threat Protection" is, isn't, and why it's relevant today Rob gives us some context to "trillions of signals" - what does that mean? Rob provides perspective on the pillars of operational excellence required to make Microsoft's vision a reality in damn-near-real-time Rafal and Rob discuss what the ecosystem looks like, and how it's being released into production Rob answers whether Microsoft consumes its own tools the answer may surprise you Guest: Rob Lefferts - @rob_lefferts -...
DtSR Episode 350 - Deep Learning on Deep Packets
Show Note:As most of you know, this show has long refused to use advertisements, or ad revenue to keep itself going. That said, I openly welcome organizations who have something interesting to say and some extra marketing dollars to give, to sponsor an episode while still going through the same vetting process as everyone else. This is one of those shows. This week James and Rafal are joined by Saumitra Das, the Chief Technology Officer for an interesting little start-up called Blue Hexagon. If you find yourself nodding along and interested in hearing more, we encourage you to go check...
DtSR Episode 349 - Verizon 2019 DBIR Double-Live Part 2
Friends & listeners - welcome to the 2nd half of the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report. Highlights from this week's show include... We all talk patching... why it's hard, what we can do about it, and realities of patching Gabe does more live data analysis We get an insight into how long and how hard this report is to produce Guest Gabriel Bassett ( @gdbassett ) - Gabe is one of the writers and data...
DtSR Episode 348 - Verizon 2019 DBIR Double-Live Part 1
Friends & listeners - welcome to the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report. Highlights from this week's show include... Gabe distinguishes between an incident and a breach - for those of you who need the refresher Gabe dives into the stats to talk about small businesses, and the impact of breaches on them Gabs does some live data science for us, pulling in stats on-the-fly We avoid the 'patching' discussion (that's for the 2nd half) Guest...
DtSR Episode 347 - Inside the RH-ISAC
This week, Tommy McDowell who is theVice President at the Retail and Hospitality Information Sharing and Analysis Center, joins Rafalin person, in Dallas. Highlights from this week's show include... Tommy gives us a background on himself, and the RH-ISAC (and it's mission statement, and such) Tommy & Rafal discuss the difficulty in setting up an information sharing center Tommy gives us insights into why retail and hospitality need their own unique threat sharing network Guest: Tommy McDowell -https://www.linkedin.com/in/tommy-mcdowell-97184116/- It's easier to just let you go look at Tommy's page on LinkedIn. He's got a storied, and very interesting, career that...
DtSR Episode 346 - Green Waxes Mostly Academically
This week, Rafal gets the rare occasion of sitting down face-to-face with someone and do an interview in person. Andy Green is a great if not sharky fellow, who helped me get over my PG rating for this podcast. So ... it's probably PG-13. Highlights from this week's show include... Andy talks about BSides Atlanta and the labor of love that is getting a conference stood up We talk about conference drama - because we all need more of that in our lives Andy discusses academic programs, shaping young minds, and being a universally beloved professor (not) Guest: Mr. Andy...
DtSR Episode 345 - RaffCon the Podcast
This week on the podcast, Rafal gets some one on one time with Raffael Marty ... and it's #RaffCon. Highlights from this week's show include... Raf & Raffy discuss the origins of #RaffCon Raffy talks through Artificial Intelligence...in security Raf and Raffy dive into "risk management" Guest: Raffael Marty - ( @raffaelmarty ) -Data analytics and visualization enthusiast. Interested in large-scale big data and cloud infrastructures tosupport cyber security use-cases. "How can we assist users to gain deep insight into large amounts of data?" I have spent a lot of time building and defining the security visualization space through open.Ioversee...
DtSR Episode 344 - You've Probably Been Pwned
This week, Rafal is joined by the man, the myth, the Aussie legend - Troy Hunt. We basically talk about whatever is on his mind - which, as it turns out is a lot. Take a listen, we may publish an English translation later (joking, Troy!). Highlights from this week's show include... Troy gives a run-down on HaveIBeenPwned We talk through some of the interesting use-cases for HaveIBeenPwned data Troy gives perspective on usernames, passwords, and other important things technology/security related Guest Troy Hunt ( @TroyHunt ) - Troy is aMicrosoft Regional DirectorandMost Valuable Professionalawardee for Developer Security, blogger attroyhunt.com,...
DtSR Episode 343 - The 31st Human Right
This week, on a riveting edition of Down the Security Rabbithole Podcast Raf sits down with Richie Etwaru, a human data ethicist and Founder and CEO of Hu-manity.co. What's a human data ethicist, you ask? Listen to the podcast, and find out. Highlights from this week's show include... Richie walks us through data ownership as a fundamental human right, including whynow is the right time in history Raf and Richie discuss the principles of data ownership and how they're different from privacy or security Richie discusses data ownership as a great leveling factor for society SO much more... Guest Richie...
DtSR Episode 342 - Michael Coates Has Things to Say
This week on episode 342, Michael Coates joins Rafal & James for the 2nd time. Michael's first episode was way, way back in 2015 on episode 134 titled "Fundamental Security". Looks like things haven't changed much. We highly recommend you check out episode 134 first, then listen to this one. Trust us, you want the context. Highlights from this week's show include... Michael gives us an opinion on "what's changed" in the last decade or so Michael discusses "risk", "technical risk", and the Enigo Montoya problem in security Michael gives an overview of what he thinks the profile of the...
This week, in the final installment of "Live from RSA Conference 2019" Rafal interviews Mark Simos, who is the definitive source for reference architectures at Microsoft. He's the Lead Architect in the Enterprise Security Group and he's doing some amazing things for the community with regards to the Azure cloud and other Microsoft-related security things. Give this episode a listen and share it ...maybe listen again and take good notes! Highlights from this week's show include... Mark discusses security reference architectures (in general) Mark and Raf rap on the shared responsibility model for the cloud...again Mark answers "What's different about...
DtSR Episode 340 - Diana Kelley from RSA 2019
This week, Down the Security RabbitholePodcast is publishing episode 3 of 4 which were recorded LIVE at RSA Conference 2019. This episode features Diana Kelley, of Microsoft, talking about the latest security report and other goodies. Highlights from this week's show include... Diana discusses the highlights from the latest Microsoft Security Intelligence Report Raf provides an opinion on how Microsoft could totally own the endpoint space Rafal & Diana dive back into passwords...apparently, we just can't get away from them Diana tells a really interesting story about Microsoft Windows Hello and twins Guest Diana Kelley - @DianaKelley14 -Microsoft Enterprise Cybersecurity...
DtSR Episode 339 - Insuring Against Acts of Cyber War
This week, driven by the news cycle, and an interesting story... Rafal & James invite George and Shawn, as actual experts, onto the show. Highlights from this week's show include... This news story -https://www.infosecurity-magazine.com/news/zurich-refuses-to-pay-out-for/ George & Shawn discuss the language of cyber policies We discuss language, inclusions, exclusions, and such George brings up Information vs Cyber, security Other links related to this podcast: https://www.hstoday.us/subject-matter-areas/cybersecurity/perspective-economic-strength-and-cybersecurity-interplay-in-u-s-china-trade-policy/ https://www.hstoday.us/subject-matter-areas/cybersecurity/perspective-5g-and-the-scrutiny-of-huawei-could-herald-cybersecurity-shift/ https://www.bizcatalyst360.com/tearing-us-apart-at-ludicrous-speed/ https://www.bizcatalyst360.com/economic-leverage-a-smarter-user-two-things-to-improve-cybersecurity/ https://www.itspmagazine.com/from-the-newsroom/command-of-the-cyber-sea Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 338 - Failure of Risk Management
This week, part 2 of a four-episode set recorded live from RSA Conference 2019. This time, it's Phil Beyer's turn to have a turn at the microphone... Highlights from this week's show include... Phil talks up "The failure of risk management" We discuss the realities of risk management Raf asks "How do we make more informed risk decisions?" Raf and Phil talk through thread models and why they're relevant ...and so much more Guest Phil Beyer -https://www.linkedin.com/in/pjbeyer/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter:...
DtSR Episode 337 - Insights on Cyber Talent
This week, in the first of a four-part "Live from RSA Conference 2019" series, Rafal interviews Deidre Diamond. Deidre knows a little something about cybersecurity talent having worked in the field most of her professional career. We discuss all kinds of interesting and relevant topics... Highlights from this week's show include... Deidre presents her new "human model" for hiring, staffing, and retaining excellent talent We discuss the difference between a good leader, and just a good manager and why those aren't the same We discuss the pay gap, why it's still a thing, and what's to be done about it...
DtSR Episode 336 - Energy Sector Security Update Q1-2019
This week, Patrick Miller joins Rafal to provide an update on the energy sector, and what's different (or not). Another episode with a returning guest who continues to provide timely and important updates on key "big picture" security issues. Highlights from this week's show include... Patrick gives us a "state of the union" update on what's going on in the power industry with security Raf asks "are we getting better... or worse?" Patrick discusses IoT, IIoT, and "everything has an IP address" Patrick tells a story about his recent encounter with a 386 & DOS 2.2 (if you know what...
DtSR Episode 335 - Ranking the Adversaries
This week, in a special episode, Dmitri Alperovitch of Crowdstrike joins Rafal to talk about a brand new report thatCrowdstrike is releasing. The Crowdstrike2019 Global Threat Report is a must-read with some very interesting topics covered. Dmitri joins Rafal to talk specifically about the ranking of threat actors, and what it means toyou. Highlights from this week's show include... Dmitri explains "breakout time" and why it's important Dmitri gives a walk-through of the methodology used to rank your global adversaries Dmitri & Rafal talk through who's on first, and what's up with China Rafal & Dmitri talk about what this...
DtSR Episode 334 - Compliance and Operational Process
This week, on the DtSR Podcast,Rafal is joined by Matt Herring, long time listener, and first-time caller. We talk through Matt's career path, and how he got to head up a global security operations team. It's a pretty interesting story - you should listen. Highlights from this week's show include... Matt talks us through how he got into being an auditor Matt and Raf compare and contrast compliance and security (yes, really) An uncomfortable discussion on market consolidation ensues Matt gets put on the spot for leading and trailing indicators, provides some insights Guest: Matthew Herring - @MatthewDHerring - Found...
DtSR Episode 333 - Security Evolution and Trends
This week James and Rafal talk to Sean Martin, one of the people who have been quietly making a difference in the security industry for almost three decades. Sean is credited with many innovations, ideas, and trends...and he spends some time discussing that with us. Highlights from this week's show include... We collectively quickly make fun of the SIEM (yesterday, today, and next decade) Sean talks through the "feature companies" that are hitting the market in a recent couple of years Raf brings up the idea that we really don't understand the impact of the technology we create for 10+...
DtSR Episode 332 - Security in Transformation
This week, long-time friend and colleague Jenn Black (doer of interesting things) joins James and Rafal on the podcast to talk about the role of security leaders in the digital transformation efforts of enterprise shops. Interesting conversation ensues. Highlights from this week's show include... Jenn, James, and Rafal discuss the role of the security lead in enterprise digital transformation Jenn shares some of her experience in aiding CISOs with building security programs to support 'the business' We make light of the fact that it's a million degrees below zero up north Guest Jenn R. Black ( @JennRBlack ) -With over...
DtSR Episode 331 - Incident Response and Counterfactuals
This week second-timer Jon Hawes is back for another trip to the microphone to talk about his interesting take on risk, response, and the security world we live and breathe. With interesting anecdotes and a firm grasp on real-world risk discussions, Jon and Raf have a pretty enlightening chat you will benefit from. Highlights from this week's show include... Jon discusses the concept of a "counterfactual" Jon discusses feedback loops in how incidents are handled Jon and Raf talk through how security professionals discuss 'risk' and what we can do to better the conversation Guest: Jon Hawes -https://www.linkedin.com/in/jonhawes/ Have something...
DtSR Episode 330 - Biometrics for Authentication
This week, James and I sit down to discuss biometric authentication and some of the FUD around ways it can be broken. This ends pretty much the way you think it does. Highlights from this week's show include... James & Raf talk about how hackers used a "wax hand" to fool a vein auth system Link:https://www.theverge.com/2018/12/31/18162541/vein-authentication-wax-hand-hack-starbug Fingerprint authentication to start your car?! We take this discussion to task Link:https://www.forbes.com/sites/jeanbaptiste/2018/12/27/hyundai-motor-lets-drivers-use-fingerprints-to-unlock-and-start-new-car/ James & Raf deconstruct the argument for and against biometric security We ask "Does it matter that biometric auth is hackable?" Have something to say? Let's hear it.Support the show>>> Please...
DtSR Episode 329 - Volunteering Your Career
This week, on the DtSRPodcast recorded way too early on a Monday morning, we talk volunteering in InfoSec with Kathleen Smith. Kathleen is the CMO of ClearedJobs.net and CyberJobs.com - and she recently ran a volunteerism survey (link:https://cybersecjobs.com/cyber-security-community-volunteering-report) you should probably check out too. Highlights of this week's show include... Kathleen discusses some of the highlights of the survey We discuss some of the things volunteers learn, and why this is critical to our community Several jokes are made We discuss the value of volunteering and its impact on your career and much, much more Guest Kathleen Smith - @YesItsKathleen...
DtSR Episode 328 - Who Who Who Are You
This week, James and Rafal welcome in 2019 with a look at the fundamentally fatalistic argument that "everyone gets hacked" - with Richard Bird. They discuss whether that's even a valid statement, and if so, what can we do about it? Highlights from this week's show include... Richard addresses the question of whether we've addressed a fundamentally fatalistic attitude towards security The guys discuss whether the real perimeter, as we go into 2019 Richard schools the guys on identity - and what it's not the perimeter, but something else Guest Richard Bird -Chief Customer Information Officer at Ping Identity -...
This week James is back on the microphone with Rafal as they interview 2 industry veterans to talk about the right approach to security leadership, and developing that talent pool. We talk to Yaron and Setu to get a sense of what their thoughts are on where good security leaders come from, and the hallmarks of that experience. Highlights from this week's show include... the curious case of the cyber head who doesn't computer Yaron and Setu give us their thoughts on developing security leaders Yaron shares some of his experience building a security program, across industries Yaron and Setu...
DtSR Episode 326 - MidMarket Security
This week, go down the security rabbit hole with someone who has been working on security in the mid-market (likely the kind of company you work at, statistically) for a long time. Bob has some great lessons learned and is willing to share. Listen in Highlights from this week's show include... Bob gives a quick history of how he "hacked into hacking" A discussion of breaking into security Bob & Raf discuss security in the mid-market, and how it's fundamentally different than other market segments Bob discusses hiring, talent acquisition and "working from home" in today's job market Have something...
DtSR Episode 325 - A CISO at AWS reInvent 2018
In another episode LIVE'ish from AWS re:Invent2018 I catch perennial favorite and long-time friend Dustin Wilcox as he wandered the vendor show floor. Highlights from this week's show include... Raf asks Dustin the obvious question - what's a CISO doing at a cloud expo? Dustin discusses some of the cloud transformation challenges for security teams Dustin unveils the three things he is currently concerned most about for security, in the cloud Dustin imparts a final piece of wisdom you won't want to miss... Rafal's Guest: Dustin Wilcox -Vice President and Chief Information Security Officer at Anthem, Inc. -https://www.linkedin.com/in/dustin-wilcox-4896614/ Have something...
At day 2 of re:Invent 2018 I tracked down Arash Marzban, Armor's head of product to talk about his stage session and where the market is going for security - at a developer/builder focused cloud conference. This short conversation is quite interesting...Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 324 - AWS reInvent 2018 Preamble
This episode of the Down the Security Rabbithole Podcast is sponsored in part by Armor Cloud Security. Go check us out at www.armor.com! This week's show is a multi-part release from AWS re:Invent 2018. We sit down with two of Armor's solutions consultants to discuss trends, insights from day 0, and discuss anticipated moves and market shifts. Expect this to be an insightful episode where we dive intocloud security from a development and security perspective. Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 323 - Security of a Global Enterprise
On episode 323, Richard Rushing (aka the "Security Ninua") joins us to talk about being the CISO of a global organization, and multi-national enterprise. Highlights from this week's show include... Richard talks to us about his background We discuss the unique challenges of a multinational enterprise Richard gives us some wisdom on how to approach "the business" Richard provides some advice for keeping prioritization and sanity Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 322 - The Ethics of Cyber Security Panel
This week #DtSR tackles the topic no one else wants to - ethics in cybersecurity. There are a lot of things to be said, so rather than writing them down here, go listen to the episode. Repeatedly. Highlights from this week's show include... A base platform for the discussion on ethics Moral relativism, applied to cyber Law vs ethics Cultural ethics and relativism "Hacking back" - yes we went there Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 321 - Putting Threats In Perspective
** Go Vote ** Do your civic duty, and go vote. Heck, while you're standing in that long line to vote, listen to the podcast, we're not picky. This week, Rob Graham joins Rafal and James (who's back!) to talk about various topics related to threats. We start with the hacking voting machines, and it go from there. Highlights from this week's show include... We ask Rob to tell us what he knows about the Georgia 'hacking the election' case going on right now We discuss what the real threat to our elections is We ask Rob to tell us...
DtSR Episode 320 - Specializing in Forensics
This week, James Habben joins me in studio for what turns out to be an introspective walk through the evolving world of forensics. Highlights from this week's show include... James gives us some background on how he got where he is We talk through some nostalgia James answers the "Is APT trying to get me" question, sort of We talk about things companies should be doing to prepare... Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 319 - Striking Out On Your Own
This week, my good friend and entrepreneur Rock Lambros (of the newly formed Rock Cyber) joins me to talk about getting the itch to go out on your own and actually doing it. Many of us have thought about it, daydreamed, but very fewdo it. So hear an episode from someone who did... Highlights of this week's show include... What motivates and drives someone to jump the safety net of corporate life and go off on their own? Rock gives us the secret to "How you know it's time" We discuss how you can avoid the failings of the typical...
DtSR Episode 318 - War, Cyber and Policy
This week the DtSR podcast tackles one of the thornier issues going around in the news. As the accusations of Russsian hacking continue to mount, international leaders are speaking out and making bold statements that impact policy on a global level. This topic needed to be addressed with some folks who have actual expertise in the matter - and with the understanding that what we have here are opinions and interpretations. Highlights from this week's show include: A lively discussion on the implications of the term "cyber war" Jon and Dennis discuss the tone, and context of the article in...
DtSR Episode 317 - Protecting Higher Education
While James is away, Raf will podcast all day ...or something like that. Highlights from this week's show include: Bill talks about what it's like to jump into a higher education system and try and play defense We discuss the role of governance, centralized policy, and management in higher education environments Bill discusses his view on the appropriate places to work in security, in a college/higher education environment We compare and contrast the experience of security in higher education against very large enterprise (the comparison may shock you) Guest William Reyor - ( @WilliamReyor ) -William is Fairfield Universitys first...
DtSR Episode 316 - NCSAM 2018
So, it's October 2018, and it's National Cyber Security Awareness Month. Again. James and I have a bit of an issue with this, as you'd guess. Why are we still talking aboutawareness when we need action? Are there really people out there that are saying "If only I was aware that there are bad people trying to do bad things, I'd had done it differently"? Highlights from this week's show include... We riff on the thing we talk about once a year (and not anymore) James takes a shot at passwords... fish, meet the barrel Raf gets a little upset...
DtSR Episode 315 - Women in Cybersecurity-Mary Cheney
On this episode of the Down the Security Rabbithole Podcast, Mary Cheney joins us fresh off her talk to the North Texas ISSA Women in Security group. She has such a colorful background and such great stories to tell - we just had to have her on the show. Highlights from this week's show include... A walk-through of Mary's colorful and extremely diverse background Mary talks about burnout as we pick up the topic from our conversation with Ann Johnson's episode Mary talks about corporate "tools efficacy" and security's cry for wolves ...so much more! Have something to say? Let's...
DtSR Episode 314 - None of This Crap is Secure
This week, on DtSREpisode 314, the infamous (that's more than famous) John Strand joins us. No, not the male model ...the guy who's been an InfoSec legend since before you could walk. Highlights from this week's show include... We take a stroll down memory lane We discuss the challenges with more complexity in development John takes us through what he thinks some of the faults are Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 313 - Cyber Law Update Sept 2018
Friends welcome to yet another edition of the Down the Security Rabbithole Podcast - as we invite perennial favorite, Shawn Tuma onto the show! Shawn has a new office, a new law firm, and is giving us his take on what's new in the world of cyber and law. Listen in! Highlights from this week's episode include... Shawn brings up "The GDPR" and the self-imposed disaster that it has become We dive into the problem with "all the data" Shawn explains the idea of "necessary and proper" and case-law for data breaches Shawn tells us about cyber insurance and the...
DtSR Episode 312 - Ann Johnson on Mental Health
This week Down the Security Rabbithole Podcast welcomes two very cool ladies from the InfoSec realm. First Ann Johnson of Microsoft (if you don't know Ann, you're living under a rock, honestly) is here to discuss a tweet she put out a while ago (https://twitter.com/ajohnsocyber/status/1033934334720278528) on mental health in high-pressure jobs in InfoSec. If that wasn't enough, Jennifer Duman from Armor joins us as a guest-host to provide her experienced perspective as a road warrior. Highlights from this week's episode include... Ann discusses the big deal with working from the road, in a high-pressure InfoSec job We discuss the impact...
DtSR Episode 311 - Further the Browser
This week we dive into the world of the web browser. A brief history, some discussion about what's wrong and how it's broken - and a few suggestions for what to do next. This is a complicated discussion - so you can bet we'll come back to it with your feedback! Highlights from this week's show include... A brief walk-through of the history of browsing Solutions that tried, but ultimately failed, to solve the challenges An approach we've seen before - the "remote browser" Discussion on challenges and opportunities of the remote browser concept Discussion on Authentic8's approach and innovations...
DtSR Episode 310 - RFP POC OMG
This week, Rafal & James discuss one of the bigger challenges that an enterprise security team faces today - evaluating new/replacement security tools and services. Listen close if you're on the enterprise side, and listen closer if you're selling to them. Highlights from this week's show include... We address the difficulties of evaluating or replacing technologies or services Rafal takes you into the "better" trap, and how you can avoid it We discuss defining concrete problem statements James & Rafal talk through the challenges of defining good requirements and evaluating We address how to pick a winner - or not...
DtSR Episode 309 - Digital Transformation, Take 2
This week Nate Smolenski - Director, Cloud Architecture Services - joins us for an insightful discussion on the concept of digital transformation for the enterprise. Many companies are undergoing a digital transformation, or have done so already, and it's up to security to once again, catch up. Nate brings a truckload of experience and evidence into the conversation and as a security professional and practitioner - you should absolutely listen to this episode. Twice. Highlights from this week's show include... Answering: What in the world is "digital transformation"? Discussion around the seemingly "take 2" we're embarking on, as security professionals...
DtSR Episode 308 - Theoretical and Applied Futurism
Friends, this week's episode is truly unique. We talk to a gentleman whose job it is to think big, and into the future in a big way. Jeremy Nulik is the "Evangelist Prime" at Big Wide Sky - an organization that looks to think big, and solve big problems, in big ways. This is an incredible journey into problem-solving on a grand scale. Highlights from this week's show include... An overview of futurism, as an abstract tool for problem-solving A discussion on the roots of futurism Overview of how futurism is applied today The four key approaches in applied futurism...
DtSR Episode 307 - Building and Teaching in Chicago
On this episode of the Down the Security Rabbithole Podcast, Rafal is in Chicago for a few days and visiting with a long-time friend and colleague, Don Donzal. Don has some great history in the Chicago hacking and security professional scene, so we take a stroll down memory lane, talk about what he's doing now, and take a long look ahead. Join us! Highlights from this week's show include... Don gives us a little insight into where Ethical Hacker Network got started A history of Chicago Con - anyone been? Life, family, career - and how balancing all of that...
DtSR Episode 306 - Balancing Family and Career
This week, we tackle a topic that should not have taken 306 episodes to get to - balancing family and work while growing a career in Information Security. Britney hits the high points with us, and takes us down the road of what it's like being a mother and security leader - as we explore the topic for everyone who is in our field. Highlights from this week's show include: Who does this apply to? Are you being asked to choose? Becoming adaptive When you should bend and when you should concede Creating your own space Confidence Benefits of Blending...
DtSR Episode 305 - Security for the Mid-market
Do you work at a company that's too big to be "small business" but too small to be "large enterprise"? You're probably in that place known as the "mid-market". Many of the large vendors don't pay attention to you, and yet you still have all of the same problems big companies do - just without all the budget. What do you do? Listen to this episode of DtSR and find out what we think. Highlights from this week's show include... Addressing the "tool" or "staff" conundrum Who's manning all those dashboards? Staff to dashboard ratio How do you prioritize, when...
DtSR Episode 304 - Transforming Security
This week, James and I interview a former Optiv colleague and advisor to many Fortune 250 CISOs in his long career, our friend Ron Kurisczak. Ron's long and successful career has included time spent truly transforming the way security functions, and how it's seen in the boardroom. Spend 35 minutes and hear his take on where we've been, and why right now is so crucial to our future. Highlights from this week's show include... Why are we transforming security? Data classification, operation policies Tracking key performance indicators (KPIs) to the new rules of security Who's getting through, how long did...
DtSR Episode 303 - Advising Security Leadership
Thanks to my friend Brian Wrozek for joining us this week on Down the Security Rabbithole Podcast. Brian's long career as a CISO has broken several 'typical' molds... so he's a fantastic person to join us to talk about the things CISOs should be thinking about. Highlights from this week's show include... Prioritizing projects as the CISO Getting support from the outside because "we hired you to know this" Refreshing and revisiting completed projects/tools to optimize and see a value Security is additive, we never really take anything away - is this a problem? Red team, blue team, purple team...
DtSR Episode 302 - InfoSec Superhero Syndrome
This week, as DtSRrolls on to Episode 302, we talk with John Svazic who is a Cloud Security Architect for a day job and runs the Purple Squad Security Podcast in his spare time. His perspective on the idea of an "infosec army of one" is one that many of us share, and it needs to be solved. Highlights from this week's show include... Trying to solve everything, on our own... burn out or flame on Working as a lone wolf can be detrimental to your career, and sanity Working as an individual within an enterprise team Perspective for the...
DtSR Episode 301 - Julie Conroy on eFraud and Identity
This week on Episode 301, James is off and I take a one on one conversation with Julie Conroy from Aite group on the topic of global fraud. It's a fascinating conversation that winds through the fringes and often unexplored corners of enterprisesecurity. Check it out, and special thanks to Julie for taking the time out of her busy schedule. Highlights from this week's show include... A brief glimpse into the impact of enterprise security on global fraud Julie talks through identity, and how enterprise security can positively impact fraud Account takeovers - the thing we all fear but struggle...
DtSR Episode 300 - Reminiscing
Thank you, listeners! Down the Security Rabbithole has reached milestone episode #300. In this episode, James and Rafal sit down with the nothing more than an open mic and talk through topics the podcast has previously covered, and others we still have yet to cover. Join us. And a personal thank you to all of our guests over the past 300+ episodes... we are looking forward to much more great content to come!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 299 - Leadership Lessons w Chris Abramson
Special thanks to Chris for doing this in-person. It was a fun conversation and always a pleasure! Highlights from this week's show include... Chris and I talk about measuring 'risk' We discuss 'brittle systems' which apparently are still alive and kicking Risk analysis, cloud computing, and your business Guest Chris Abramson ( @cabramson50 ) - Director, Information Security Delivery & Engineering;Team oriented Enterprise Information Security Management professional seeking to improve the security of organizations through education and practice. Qualifications include a bachelors degree in computer science; CISM, CISA, CEH and ECSA certification. Understanding of Industry, State and Federal regulatory standards....
DtSR Episode 298 - Overcoming the Language Barrier
Two more episodes until we hit #300...what a crazy ride it's been! Thanks for taking the journey with us, and we're looking forward to having you along for another 300 (maybe). Highlights from this week's show include... Applications of DoD security in a non-DoD world The meaning and elements of the risk equation Understanding (making sense of) the risk equation Swimming in the swamp of marketing literature AppSec as an area of expertise (again, and again, and again) Go see Jeff atCircle City Con if you're attending. He's giving a talk (https://circlecitycon.com/talks/rethinking_cyber_security_given_the_spectre_of_a_meltdown_someone_hold_my_beer/) titled "(Re)Thinking Cyber Security Given the Spectre of...
DtSR Episode 297 - A Model for Prioritizing Patching Efforts
Before you listen to this podcast ... go grab this report:https://www.kennasecurity.com/prioritization-to-prediction-report/from Kenna Security and the Cyentia Institute. Read it. Think about it. Then listen to this show. Highlights from this week's show include... A high-level walkthrough of the model that authors developed, and the many interesting insights Why what you're doing now is probably as good asrandom chance A deeper discussion on cause and effect of patches, and trying to do everything So much more! While you're listening to the show, hit us up on Twitter using the hashtag #DtSR or tweet to @DtSR_Podcast! Guests Jay Jacobs ( @JayJacobs )...
DtSR Episode 296 - Hype Machine Off the Rails
This week, former analyst and security industry veteran Adrian Sanabria joins James & Rafal to talk about some of the hype in our industry. From current events, to learning lessons, to the on-going master-class in bullsh*t we convince ourselves of - this podcast is a riveting (although slightly longer) episode of free-flowing discussion. Highlights from this week's show include... We discuss #eFail - and the circus maximus of ridiculousness that it currently is Adrian gives us some views on believing our own nonsense We attempt to discuss how we got to this point Much more! Have something to say? Let's...
DtSR Episode 295 - DevSecOps is Not a Thing
This week, Mark Nunnikhoven joins us from the great white North. All the way from Ottawa, Canada - Mark talks with James and Raf about cloud computing, DevOps, and some silly things security folks are doing to undermine themselves in the brave new world. Highlights from this week's show include... A brief discussion on moose and Canada Why none of us believe "DevSecOps" is a thing Deploying security into modern code development practices Much, much, much more Guest Mark Nunnikhoven ( @MarkNCA ) - Vice President, Cloud Research at Trend Micro. Mark has way too many credentials and accolades to...
DtSR Episode 294 - Securing Azure
* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements athttps://microsoft.com/rsaand if you really want to check out something amazing where IoT and cloud collide, check outhttps://microsoft.com/azure-sphere. On this second special episode of the podcast live from RSA 2018, Raf sits down at RSA Conference 2018 with a gentleman you may not know but you should, Avi Ben-Menahem. We discuss what it's like in terms of effort, scope, and sheer talent, to take on the...
DtSR Episode 293 - Diana Kelley from RSA 2018
* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at https://microsoft.com/rsaand if you really want to check out something amazing where IoT and cloud collide, check out https://microsoft.com/azure-sphere. On this very special episode of the podcast, Raf sits down at RSA Conference 2018 with the one and only Diana Kelley to talk data integrity, crisis communication, and fear-based selling in security. Again, special thanks to Jessica and the Microsoft. Guest Diana Kelley ( @DianaKelley14...
DtSR Episode 292 - Navigating Industry Conferences (RSA)
This week, James is back and he and Raf sit down for a discussion on navigating the big industry conferences, as RSA Conference kicks off in San Francisco. We add just the right bit of snark to your day, and provide some much-needed commentary on the industry, conferences, and survival. Highlights from this week's show include... A quick overview of RSA Conference Getting value, learning something, or whatever else Buzzwords, and navigating marketing speak Attendee personas: buyer, attendee, vendor - there is a huge difference in how you experience a conference from these angles Feature, product, or startup (sometimes they're...
DtSR Episode 291 - A New Perspective On Endpoint (Nyotron)
[This week's episode and fantastic discussion on endpoint security is sponsored by Nyotron]. DtSR listeners already know we don't do advertisements or traditional sponsorship - so when we bring in a sponsored guest it's because we believe the topic is interesting and the guests have a genuinely interesting point of view. On that note... The topic this week is the endpoint. Yes, the endpoint - the place where security started, and was subsequently abandoned, and reborn. Whether you're talking about virtual cloud workloads, laptops or other types of endpoints - we can all agree on the fact that there are...
DtSR Episode 290 - What Ails the CMS
This week on the Down the Security Rabbithole Podcast, Tony Perez stops by for an early morning chat about the content management systems we in InfoSec love to hate on. We talk about Drupal, Wordpress and all the other CMSes out there that have similar issues. Highlights from this week's show include... Why start a company that does CMS security (they're hopeless anyway right?) How many of the most popular CMSes are actually not as bad as you may think, security wise The core, the plug-in infrastructure, and plug-ins Finding, responding to, and fixing bugs in the modern software world...
DtSR Episode 289 - Neither Security Nor Privacy
This week, join DtSR as Rafal sits down across the virtual table with the one and only Robert Hansen. Rob (aka @Rsnake ) discusses his roots of being an almost-bad-guy, to the security of browsers, and privacy. Plus we get to reveal something pretty awesome... Highlights from this week's show include... Rob's fascination with alien conspiracy theories A back history of browsers you've never heard of, that you benefit from today Google... Security vs. Privacy - why you don't actually get either A secret reveal from Rob about his exciting new venture Have something to say? Let's hear it.Support the...
DtSR Episode 288 - Experienced Opinions
This week, while James was out on family duty, I sat down on a Saturday morning with my good friend Will Gragido to talk security. Will is an industry old-timer (sorry buddy, we're old) and has some seriously valid opinions on many things. We discuss some interesting topics, and apologize for nothing. Highlights from this week's show include... It's conference season again... and time for more buzzword bingo Marketing people are the worst...except we're all complicit Threat Intelligence. Again. Still. Yep. Let's go hunting for threats - who should have a threat hunt team, and why Mergers, acquisitions, and the...
DtSR Episode 287 - Armored and Battle Tested
In case y'all don't read LinkedIn or Twitter - Rafal recently joined Armor (Armor.com), so what better time to interview the CEO Chris Drake than right now. So this week, Chris Drake joins us in the studio to talk about his background (which is quite interesting, by the way) and how he got to start a fast-paced cloud security-as-a-service company. Highlights from this week's show include... The road starts with jumping out of airplanes The Butterball story More discussion on challenges with existing security models Security-as-a-Service vs. Managed Security (MSS) - differences and big differences Guest: Chris Drake, Founder and...
DtSR Episode 286 - Breach vs Incident vs Lawyers
This week's DtSR Podcast sits down in the offices of Shawn Tuma to discuss an update on the law with regards to data breaches, or incidents - and what the differences between. We talk through current events, past history and look into the future a bit. Highlights from this week's show include... thelegaldifferences in the words we use (breach vs. incident) notification and disclosure in a global economy planning, preparation, and the big day costs - specifically around insurance - when things go badly right to sue for current, and future, damages (did they really happen?) overview of GDPR, and...
DtSR Episode 285 - Alt-Tab Alt-Tab Swivel-Chair
We have a treat for you folks this week! On episode 285 of the podcast I'm joined by three well repected, forward thinking, and entrepreneurial-minded security executives to talk about about some of the challenges they see in the industry and what they're doing to solve them. From cloud, to threat intelligence, staffing, and other scaling issues - we address the issues head-on, and provide some insight into what these three are thinking going forward. *The audio quality isn't the usual high-quality I expect to publish, so my apologies for that in advance. Somewhere the recording tool I use had...
DtSR Episode 284 - MSS SOS
This week on the Down the Security Rabbithole Podcast, Raf and James welcome long-time friend of Rafal's - Scott Stanton - to the microphone. Scott's able to join Raf in person in Atlanta, while James is predictably on the other end of a Howdy Doodie (you'll get this if you listen). This week, we tackle the MSS issue (Managed Security Services providers) again, but with a fresh angle where we aren't just spending the entire time bashing something we all rely on - but rather providing some constructive feedback into MSS providers from an enterprise perspective. And reminiscing a little....
DtSR Episode 283 - Testing Security Into Applications
This week an old friend, Vinnie Liu of Bishop Fox, joins Raf and James to talk about the history of App Sec. We started trying to test ourselves secure, and we continue to come back to it - so this episode is a walk down memory lane and a glimpse into the future of application security. Don't forget to like us on iTunes and share with your colleagues! Guest Vinnie Liu ( @VinnieLiu ) - Vincent Liu (CISSP) is a Partner at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups....
DtSR Episode 282 - DDoS - Past, Present, and Future
Join us this week on Down the Security Rabbithole as Barrett Lyon (who knows a thing or two about DDoS) is our guest to talk about the evolution of the art and science of kicking people off of a network. Barrett is the authority on DDoS, with over 20 years in the field, going back to when angry teenagers flooded each other off of IRC servers. This is a fun episode that walks through DDoS - where it came from, how it evolved, and what we can expect in the future. TLDR; yes ...your fridge may one day DDoS your...
DtSR Episode 281 - Exploiting and Defending Human Behavior
This week, go Down the Security Rabbithole with James and Raf as they host Robert Sell. Robert took 3rd place at the Defcon SECTF (Social Engineering Capture-the-Flag) in 2017 and he has some lessons to you in the enterprise. "Social Engineering" (while a ridiculous and non-descriptive term) is a real attack vector. How are you defending your enterprise? Listen in. Then talk back on Twitter at #DtSR or LinkedIn! Guest: Robert Sell ( @RobertESell &https://www.linkedin.com/in/robertsell/) Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 280 - A Cloud Container Security Primer
This week, Chris Rosen from IBM joins us to talk about cloud containers - and the security (or lack thereof) of them. There is a paradigm change coming which significantly impacts security - if we're ready for it. Chris talks us through the dramatic changes (or maybe not) of doing cloud security with containers and the impact to the shared responsibility model. Join us, and let us know what you think by leaving us a comment, either here or on iTunes. Guest Chris Rosen - https://www.linkedin.com/in/chris-rosen-71790513/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link...
DtSR Episode 279 - Deeper Down the SDP Rabbithole
This week, Jason Garbis re-joins the podcast to go past the Primer (Episode 257) and dive deeper into SDP (Software Defined Perimeter) with a discussion on cloud and relevance to the re-invention of the data center and related infrastructure. Related DtSR listening: Zero Trust Model w/ John Kindervag: http://podcast.wh1t3rabbit.net/dtsr-episode-222-zero-trust-security-model Software Ate the Perimeter w/Jason Garbis: http://podcast.wh1t3rabbit.net/dtsr-episode-257-software-ate-the-perimeter Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 278 - The Meltdown Over Spectre
Welcome Down the Security Rabbithole. This week we bring Jeff Schilling from Armor to talk about Spectre and Meltdown - the two hottest topics of the security right now and for the foreseeable future. While you listen to us talk, check out these links: http://uproxx.com/technology/what-are-meltdown-spectre-computer-bugs-explained/ http://bgr.com/2018/01/04/intel-chip-security-flaw-how-slow-mac-pc/ https://en.wikipedia.org/wiki/Spectre_(security_vulnerability) And the obligatory "I patched and things got worse" post: https://twitter.com/timgostony/status/948682862844248065 Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 277 - An Outside In Look at Security and Innovation
Happy New Year, 2018. Friends, thanks for listening! I can't believe this podcast is still going strong after all these years and 277 episodes. I started this podcast with an idea - give you something to listen to that was office-friendly, informative, and focused on advancing our trade. Over the years I've gotten some encouraging comments from people ranging from those trying to get into our industry, to those who are leading large organizations' security practices. I'm encouraged by you all, and thank you for supporting us. Now, let's get on with 2018. On this first episode of 2018, James...
DtSR Episode 276 - Game Changer in ICS (no FUD edition)
What: In this episode we get the facts on the recent game-changing malware/attacks that appear to be nation-state sponsored attacking critical safety systems in industrial controls (ICS). Why: You've probably read about it, and depending on what you read you may only have the hype or half the story. Who: As always, Sergio Caltagirone from Dragos is the master at telling a great story, from just the facts. He's part of the team that did the analysis, wrote the narrative, and then ended up on countless phone calls explaining it to executives and national security types. He knows his craft....
DtSR Episode 275 - Beyond 2017 A New Hope
For episode 275 we are once again joined by the one and only Haroon Meer ( @haroonmeer ) to follow up on his conversation from September 2016 titled "What will get us there". If you've not had a chance to listen to that show, you absolutely should do that first. Haroon shares his perspective including... "The cloud has won" Fundamentals are still hard, we're still largely failing at them Hackers make the best engineers when you give them a problem to solve Where do we go from here, into 2018, is there hope? Have something to say? Let's hear it.Support...
DtSR Episode 274 - Let's Talk Power Grid
This week, Patrick Miller returns (another boomerang guest from the way-back machine) to talk about the energy grid. It turn out, things aren't super different from 5 years ago, but some things have changed. Patrick and I discuss resiliency (over actual security) in the grid, and focus on transmission, generation, and "getting it all working again" from a life safety perspective. It's a fascinating discussion, don't miss it! ** Apologies for some of the audio quality, we had "choppy" issues on Skype and I edited the best I could.Have something to say? Let's hear it.Support the show>>> Please consider clicking...
DtSR Episode 273 - Automate or Die (w/Demisto)
Join James and Rafal, one last time,live fromEnfuse Conference (Las Vegas, NV) this past summer. In this episode, we track down a personal friend of Raf's - Bob Kruse, Demisto, VP Sales & Alliances, and talk about the need for the enterprise to automate and orchestrate. Oh, also, Bob pretty much said by 1 year from the recording of that episode he would get an "Automate or Die" tattoo. So just to be on the safe side, we'll give him until next year, about this time. Game on, Bob.Have something to say? Let's hear it.Support the show>>> Please consider clicking...
DtSR Episode 272 - Innovation, Startups, and the Security Bubble
This week, Grant and Mark join me live and in person in Las Vegas at the Amazon AWS re:Invent conference to talk about the security marketplace, innovation, "the bubble" and more. Here's the announcement we talked about at the opening of the show McAfee announces agreement to buy SkyHigh Networks: https://www.skyhighnetworks.com/mcafee-and-skyhigh/ Guests: Mark Arnold ( @lotusebhat ) Grant Sewell ( @GrantSewell ) Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 271 - The Secrets of Influence Through Communication
This week James and I are fortunate enough to have one of the best keynote speakers I've ever seen on the show. He's an amazing speaker, a brilliant magician and a sharp dresser - this guy is the real deal. Straight off the keynote stage at the Security Advisor Alliance (SAA) Summit in Denver ... ok maybe not straight off, Vinh Giang joins us to talk about how to influence people while you're up there giving a talk or speech. Grab something to take notes with - trust me, this one is chock full of brilliant nuggets. Guest:Vinh Giang (...
DtSR Episode 270 - Secrets of InfoSec at Scale
Ladies and gentlemen - we have our first 3-time guest! Brandon Dunlap, my good friend and industry titan, joins thepodcast for his third trip down therabbit hole. In this episode Brandon Dunlap (@bsdunlap) and I talk through the challenges of security at scale, in person and live from Seattle. In the previous two episodes that Brandon has done on this show we've talked about the challenges of scaling information security teams, and this time we go deep into the strategies that work, where the lines are drawn and some lessons learned form a very successful career doing exactly this -...
DtSR Episode 269 - Industrial Internet of Things (IIOT)
This week, we have a repeat guess with Robert M. Lee joining our show to talk about the Industrial Internet of Things. Rob's just finished a conference his company, Dragos, Inc, just started to educate and help increase awareness and research for theIndustrial Internet of Things. Whether you think you know what the IIOT is, or whether you can admit to yourself you need to be know more - this podcast will have it all. We also reference a podcast with Dr. Timothy Chou (link:DtSR Episode 250 - Deconstructing the Internet of Things). If you haven't read his book, "Precision"...
DtSR Episode 268 - CISOs Survival Guide
Welcome down the Security Rabbithole, friends and colleagues! This week, my guest is Larry Whiteside, Jr. (we know him as the best dressed man in InfoSec). Larry joins the podcast while James is out to discuss the life and times of a CISO. He has extensive experience as a CISO and security leader, working across multiple market verticals from energy to healthcare, in addition to being a former colleague advising CISOs. Larry dispenses his brand of knowledge with a little bit of an edge, a little dose of realism, and a lot of fun. If you've never had the pleasure...
This week, James and Raf cover the tail-end of Cyber Security Awareness Month. It's been an interesting week of news and of course let's talk about awareness. Have you completed your mandatory training? -- This weeks' talking points Namaste Health Care security incident, announcement Pay attention to how this article is worded, we've covered this before with Sean and Michael too When you don't know, you have to report the worst-case Focuses spotlight on knowing what's in your environment, and having a plan for not only technical IR but communications How would your organization report? Are you ready to be...
DtSR Episode 266 - Leadership Perspective with Michael
This week we're getting the band back together! Michael Santarcangelo joins us for a segment we'll be featuring regularly (look for is every 6 weeks or so) on the leadership perspective. Security could use some leadership, and we will be enlisting Michael to talk about current events and lessons for leadership. Tune in, and you may just end up with something you can use in your day job.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 265 - Privacy and Paranoia
This week's Down the Security Rabbithole Podcast asks - "Are you paranoid enough about your privacy? or do you simply not have any?" with a couple of gentlemen who would know. Join James and Raf as we go down the rabbit hole one more time, this time talking about the breadcrumbs, fingerprints, and digital privacy violations you voluntarily give up in your everyday life. It's a little scary, but the trade-off we make for the sake of convenience is very real. Grab your tinfoil hat and your burner phone and enjoy!Have something to say? Let's hear it.Support the show>>> Please...
DtSR Episode 264 - Windows Forensics Then and Now
This week, Harlan Carvey joins James and I to talk about the evolution of Windows forensics over the last decade and half or so. Harlan has more experience than most when it comes to diving into the Windows machine from a forensics perspective and is a well-spoken author of many books and blogs. Guest Harlan Carvey ( @keydet89 ) -Digital forensics and incident response analyst with past experience in vulnerability assessments and penetration testing. Conducts research into identifying and parsing various digital artifacts from Windows systems, and has developed several innovative tools and investigative processes specific to the digital forensics...
DtSR Episode 263 - Legal Update Q3 2017
On this episode of Down the Security Rabbithole Podcast James and I get an update on the legal issues that have been talked about from our legal-eagle Shawn Tuma! We're continuing our policy of not piling on to data breach hysteria, but will be covering some of the legal ramifications of recent disclosures, a possible national data breach law and a few other things that will make this show a must-listen. Shawn's unique perspective and true expert insights give you talking points and a download of facts that you wouldn't get listening to the talking heads and mainstream media. Enjoy,...
DtSR Episode 262 - Deeper Down the Cyber Liability Insurance Rabbithole
This episode, in conjunction with the Security Advisor Alliance (https://www.securityadvisoralliance.org/) we dive into a third round of Cyber Liability Insurance. This fascinating discussion dives deeper into the things security leaders need to know as Travis and Stephen get right to the heart of matters. Required pre-listening... Check out the first episode (way back in the archives) on DtSR Episode 34 - The Inside Scoop on Cyber Liability Insurance (http://podcast.wh1t3rabbit.net/episode-34-the-inside-scoop-on-cyber-liability-insurance) with Christine Marciano ( @DataPrivacyRisk ). Then, go grab episode 172, our 2nd foray into this topic titled "The Truth on Cyber Insurance" (http://podcast.wh1t3rabbit.net/dtsr-episode-172-the-truth-on-cyber-insurance) with Eran Kahana and L. Keith Burkhardt...
DtSR Episode 261 - Deeper Down the ML Rabbit Hole
Welcome to another Down the Security Rabbithole episode folks! This week, Alex and Sven are baaaaaaack for a deeper dive into machine learning and the shenanigans that surround it. We talk through what ML is, some use-cases and further dispell some common myths. We even have a little fun, who knew. Guests: Alex Pinto ( @Alexcpsec ) Sven Krasser, Ph.D ( @SvenKrasser ) Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 260 - The Immense Challenge of Protecting Office 365
This week, on Down the Security Rabbithole, Rudra "Rudy" Mitra joins us from Redmond to talk about what it's like to defend Office 365 at scale. On this episode we cover: What we mean by at scalein regards to Office 365 Some pros and cons of the Office 365 platform as it pertains to security and safety Eary warning, early detection, and how easy it is to really break things There's so much more too! We even skipped talking about current events to give this show maximum run-time. Sit back, grab something to take notes with, and listen up. The...
DtSR Episode 259 - Risk Communication Primer
As we go once again down the security rabbithole, Raf and James meet up with Claire Tills who gives us a primer on "risk communication". Communicating 'risk' is a nuanced, subtle and often time-based endeavor so we feel like everyone should have at least some background in it. Sit back, relax, and again...start taking notes furiously. Guest Claire Tille ( @ClaireTills ) -Communication researcher trying to get into information security. I write about applying comm theory to infosec and case studies in my blog (http://cliretills.com). Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above...
DtSR Episode 258 - Big Scary Numbers
This week on the Down the Security Rabbithole Podcast, Dave Bittner of The CyberWire (podcast) joins us to talk about some of the ways that we believe security goes awry when it comes to 'big, scary numbers'. Listen in... -- Top News Maersk says it's going to lose between $200M and $300M from notPetya Depending on which headline you read this is either a catastrophe - or not that big of a deal Seems to be about perspective in their overall guidance to investors, in light of industry trends https://www.cnbc.com/2017/08/16/maersk-says-notpetya-cyberattack-could-cost-300-million.html https://theloadstar.co.uk/maersk-shrugs-off-300m-cost-cyber-attack-freight-rates-soar/ Bottom line, perspective matters Uber is in trouble. Again....
DtSR Episode 257 - Software Ate the Perimeter
This episode of Down the Security Rabbithole Podcast was recordedlive and in personin Las Vegas at the Black Hat Conference 2017. Raf had a chance to sit down across the microphone from Jason Garbis of Cryptzone to talk about a the software defined perimeter. SDP is a relatively new space many of us in security aren't familiar with, so we decided we'd record a primer on the topic, narrated by someone who is expertly involved in the practitioner side (through the CSA, Cloud Security Alliance) developing the standards and the provider side (Cryptzone) developing products and services towards the specification....
DtSR Episode 256 - Rick Howard on the Record
This week - Rick Howard joins us and goes on the record to talk about the Security Canon and a few other interesting things you're just going to have to listen to, in order to find out. Top News Adobe is end-of-life'ing Flash I'll pause while you catch your breath Wait, it's not until 2020 Also there's more http://www.businessinsider.com/adobe-flash-killed-by-2020-2017-7 Developers targeted by malicious Chrome extension https://www.forbes.com/sites/leemathews/2017/08/03/over-a-million-coders-targeted-by-chrome-extension-hack/#7b6849359c9d Just like security people and "commoners" developers fall for it At least it was caught, and removed... Here's what we talked about with Rick Howard... The Cyber Security Canon Check it out Reading material...
DtSR Episode 255 - Security and Human Nature
This week on the Down the Security Rabbithole Podcast, John Nye ( @EndIsNye_Com ) to talk about the human aspect of the cyber security equation. Getting away from blaming the user, we talk through the human nature side of the business with a focus on social aspects and behavior modification. A fascinating discussion you'll want to listen to over and over again, for sure!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 254 - Lowdown and Dirty ICS
This week Sergio Caltagirone joins James and I to talk about Industrial Controls networks and systems and some of the dangers that go undiscussed. Sergio is a 2nd timer, and we take the opportunity to catch up and discuss one of his favorite topics. Additionally, we talk about a some of the topics that were discussed the week this podcast was recorded, a few weeks ago. Whether you're in Las Vegas for Black Hat Conference 2017 or not, take a listen to this sobering discussion about industrial controls and some of the more clear and present dangers facing us in...
DtSR Episode 253 - Defending the Small-to-Medium Enterprise
On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day. Blue Cross Blue Shield of Alabama sends out USB sticks Security elitists up in arms We've taught people to be suspicious - don't click, don't open docs, and don't use USB -- So how do we get our clients content? To my fellow security professionals- it's reckless to continue tostand with a firm "no" while offering no alternatives So what do we suggest? More important - what threat model vector are we saying that blocking...
DtSR Episode 252 - DFIR with Lesley Carhart
In this smasher of an episode James and I are joined by Lesley Carhartlive from Enfuse Conference in Las Vegas to talk about the DFIR (Digital Forensics and Incident Response) as a broad field. There is SO much to talk about here, you'll want to listen twice. Make sure that if you missed Enfuse this past year, you don't miss 2018. It's a great conference where you get to meet and talk with folks like Lesley and many others in this field.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube...
DtSR Episode 251 - General Data Protection Regulation (GDPR)
This week on Down the Security Rabbithole Episode 251 (wow, can you believe we've published 251 full episodes?!) James and I host a roundtable of privacy and data protection experts and talk about the looming EU regulation known affectionately as GDPR. The Global Data Protection Regulation (GDPR for short) impactsall companies that eitherdo business with EU citizens, or operate in the EU. Basically, everyone. It's a huge deal and there really isn't a "wait and see" option. Listen in, and if you have feedback provide it! Does anyone really read these show notes? Reply on Twitter with #DtSR! Guests: James...
DtSR Episode 250 - Deconstructing the Internet of Things
Fresh off of his closing keynote at Enfuse Conference 2017 in Las Vegas, Dr. Timothy Chou joins us to talk about the difference between the Internet of People and the Internet of Things. Even though many people talk about the IoT we still fail to understand the gravity and enormity of the problem we face and how information security professionals are so far behind the 8-ball here. Dr. Chou spend some time with us to dispense wisdom interlaced with humor to make it stick. Guest: Dr Timothy Chou is a technologist, a lecturer, and published author. He has written a...
DtSR Episode 249 - Finding a Way
This week, James and i try out a new format for the show. We hope you enjoy the blend of news commentary and an interview. News More car vulnerabilities - this time in a Subaru No stunt hacking involved Arepeat vulnerability means there's potentially a bigger SDLC issue Responsibly disclosed, fixed ... if a tree falls... Link: http://www.bankinfosecurity.com/exclusive-vulnerabilities-could-unlock-brand-new-subarus-a-9970 The 5th Amendment and your phone passcode This issue is sticky Passcodes, fingerprints, etc - all need consistent law We need a lawyer Link: http://thehackernews.com/2017/06/unlock-iphone-passcode.html Guest Kevin Pope ( @screamingbyte ) - Kevin is a long-time friend of the show, and someone...
DtSR Episode 248 - Nick Hyatt On Ransomware
This podcast episode was recordedlive to tape from Enfuse Conference 2017 from Las Vegas. If you didn't get a chance go get out this year to one of the premier DFIR (Digital Forensics and Incident Response) conferences you missed a heck of an event. James and I want to thank Guidance Software for the invitation, for having us out, and for access to some truly amazing guests for this series of recordings. For #248 sit back and listen to Nick Hyatt talk with James and Raf about ransomware - fresh from his Enfuse Conference talk to your ears. Enjoy and...
DtSR Episode 247 - Internet of Things Forensics
Live once again from Enfuse Conference 2017 in Las Vegas, James and I interview Amber Schroader, thePresident and CEO of Paraben. This interview happened because you all voted and asked for it..ok and because she's a fantastic person to interview. Be prepared for a little humor and a lot of knowledge. Special thanks again to Enfuse and the Guidance Software team for having us out and getting us access to some downright amazing guests!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
As James and I continue to publish ourEnfuse Conference 2017 series of episodes we are this week joined by Theresa Payton. Theresa is the former CIO of the George W. Bush White House Administration, and now on the showHunted where she runs a team of cyber trackers. Guest: Theresa Payton ( @TrackerPayton) -Theresa Payton is one of the nations leading experts in cybersecurity and IT strategy. As CEO of Fortalice Solutions, an industry-leading security consulting company, and co-founder of Dark Cubed, a cybersecurity product company, Theresa is a proven leader and influencer who works with clients and colleagues to uncover...
DtSR FeatureCast - Enfuse Conf 2017 - DFIR Students
Continuing our series recordedlive atEnfuse Conference 2017 in Law Vegas, this episode features two USC students who are part of a large contingent here to learn and make connections. Tatiana and Ayman join us to talk about how they got here, what they are planning for their future along with some general thoughts on DFIR and our industry! Guests: Tatiana Santos ( @tatitasantita) Ayman Siraj ( @aymansiraj ) Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR FeatureCast - Enfuse Conf 2017 - Keynote Patrick Dennis
Today,CEO Patrick Dennis joins the Down the Security Rabbithole Podcast right after his keynote to talk about the conference, what's going on at Guidance, and the state of defense. This is a FeatureCast so we get right to the point in an easy-to-listen format. Thanks for listening!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR FeatureCast - Enfuse Conf 2017 - Preamble
We kick off a week of on-the-scene podcasts live'ish fromEnfuse Conference 2017, hosted by Guidance Software in Las Vegas, Nevada with Lori Chavez VP of Corporate Marketing. She is the brainsresponsible for the amazing conference including speakers, content and everything else. Lori gives YOU an insider preview of Enfuse 2017, and tells us a little about what we can expect and some history of the conference - and we can't wait to give you MORE! Stay tuned in all week as we bring you more fantastic content from Enfuse Conference 2017. And as always, use the hashtag #DtSR to talk...
DtSR Episode 246 - Finding and Responding to Badness
This week we arelive from Enfuse Conference 2017 in Las Vegas, Nevada. Special thanks to Guidance Software for having us out and getting us access to a whole host of fantastic speakers. On this episode Greg Hoglund and Ryan Butterworth of Outlier Security join us to talk about the DFIR space with all it's problems including a shortage of qualified labor and sub-optimal tools. This fantastic discussion wanders all over the DFIR space including the "data problem" and tools, tools, tools. That tool that Greg mentions, which is free, is right here:http://unbouncepages.com/supertimelines-free/ Guests Greg Hoglund - Founder and CEO, Outlier...
DtSR Episode 245 - NewsCast for March 16th 2017
Microsoft warns ransomware cyber-attack is a wakeup call As of recording, it is reported that 200,000 computers were infected. Patch for flaw was released in March, 2017 Microsoft has since released a patch for older systems Lots to discuss on this - including Microsoft's letter to the NSA Link: http://www.bbc.com/news/technology-39915440 Link: https://www.infosecurity-magazine.com/news/microsoft-xp-patch-wannacry/ Link: http://www.bbc.com/news/uk-39921479 United flight attendant accidentally leaked door codes online Flight attendant somehow posted the codes online Insider threat? Multiple layers of security needed and additional controls here Link: https://www.infosecurity-magazine.com/news/united-flight-attendant-door-codes/ Link: https://www.wsj.com/articles/uniteds-cockpit-door-security-codes-inadvertently-revealed-1494794444 Keylogger discovered preinstalled on some HP laptops Audio driver inspected keystrokes looking for events like Mute,...
DtSR Episode 244 - A Government CISOs Perspective
This week - live and in person from Denver, Colorado and the RMISCConference I interview Stephen E. Coury the CISO of the County and City of Denver. The conversation leads off with Stephen's journey through cloud computing and weaves through some of the challenges municipalities and city governments are facing. It's a fantastic conversation that is readily applied to both public and private organizations - you need to check this out. Thanks Stephen for coming out and talking to us! Guest Stephen E. Coury - CISO of the County and City of Denver, CO. Have something to say? Let's hear...
DtSR Episode 243 - NewsCast for May 2nd 2017
Chrome to mark more HTTP pages Not Secure In October, 2017, all HTTP sites will be marked Not Secure while in incognito mode. Incognito mode allows surfing the internet without saving your browsing history. Enterprise: Have you seen any negative feedback from the previous changes to show not secure? Does this change your priority for moving to always HTTPS for all sites? Link: https://threatpost.com/chrome-to-mark-more-http-pages-not-secure/125255/ 2017 Verizon DBIR Highlights: Analyzing the Latest Breach Data in 10 Years of Incident Trends Oh, the headlines. Slow the roll, folks. Stop the password hate and turn the mirror around Lets talk about people and...
DtSR Episode 242 - Management and Leadership
This week the team gets together to talk Management and Leadership in the security industry and in general. Our very own Michael Santarcangelo joins us as our featured guest to dispense knowledge on leadership by the truckload. So grab a cup of coffee, something to take notes and listen in.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 241 - NewsCast for April 18th 2017
NewsCast for Tuesday April 18th, 2017 Dallas Tornado Sirens Hijacked Tornado sirens in Dallas all simultaneously went off Suspected hijacking of the emergency system, lots of speculation of how this happened Now believed to be a radio hijack Link: http://content.govdelivery.com/bulletins/gd/TXDALLAS-1936de1 Two Inmates in Ohio Jail Hacked it From the Inside Talk about an insider threat! These were made from spare parts, hidden in ceiling, concealed well Unauthorized access to network (no NAC?) made infiltration possible Link: https://qz.com/958503/two-ohio-inmates-hacked-their-prison-from-the-inside-using-makeshift-computers-built-from-spare-parts/ SWIFT Launches New Anti-Fraud Controls in Wake of Wire Frauds New tools to detect suspicious transactions Appears to be free in addition to...
DtSR Episode 240 - The Truth About Machine Learning
This week the Down the Security Rabbithole podcast hosts Sven Krasser of CrowdStrike. Sven is anactual machine learning data science expert (as opposed to an "expert") who has been dabbling in machine learning, artificial intelligence and other forms of advanced computational science for a long while before it was popular in security. This week we James and Raf sit him down for 45 or so minutes to discuss the real facts and separate them from the fiction of what machine learning really is and the promise that it may hold for the enterprise security world. As always, join us, share,...
DtSR Episode 239 - NewsCast for April 4th 2017
Pew Center Survey Finds Americans Lack Understanding of Cybersecurity Measures Most typical users simply dont understand security because its magic to them Basics must be understood by average Jane - attackers count on you not knowing How do you take knowledge and push to enterprise, while keeping up with consumers? Link: http://www.pewinternet.org/2017/03/22/what-the-public-knows-about-cybersecurity/ Suspect Charged in USD 100m Whaling Scheme $100 Million dollar - from just two companies How would your executives (and those supporting staff) fare against this attack? More importantly, how does your awareness program deal with this? Link: https://www.justice.gov/usao-sdny/pr/lithuanian-man-arrested-theft-over-100-million-fraudulent-email-compromise-scheme Google's Android Security 2016 Year in Review Report: Android...
DtSR Episode 238 - March 2017 Update with Shawn Tuma
This week, on the Down the Security Rabbithole Podcast, Michael and I areback with perennial favorite Shawn Tuma. Shawn, our legal eagle friend from Dallas, breaks down the latest issues that affect Cyber Security and the Law - with that business perspective you've come to expect from our podcast. As always, we love hearing from you and if you have questions don't hesitate to hit us up on Twitter using hashtag #DtSR or you can always hit up Michael (@catalyst), myself (@Wh1t3Rabbit) or Shawn (@ShawnETuma) directly! Thanks for listening and spread the word!Have something to say? Let's hear it.Support the...
DtSR Episode 237 - NewsCast for March 21st 2017
The Cost of Cybercrime - Lets Take a Different Perspective Cybercrime is reported as a $450B drag on the economy; the absolute number sounds big The question to ask: How big is the global economy? Turns out that this is only 0.57% of the global economy, in 2014 (nominal) By way of contrast - how many minutes are in a day? What is 0.57% of your day? What it means - were doing a good job. Fraud is low. Cybercrime might be on the rise, but for now, its at low relative percentages Does it mean we dont matter? No....
DtSR Episode 236 - Enterprise Architecture 2017
Check out episode 236 with Marie-Michelle Strah who is a repeat offender here on the podcast with her first appearance back in 2014 on Episode 122 (http://podcast.wh1t3rabbit.net/dtsr-episode-122-enterprise-architectures-role-in-security). This episode is a revisitation on Enterprise Architecture and it's importance to security with a perspective on enterprise tech stack, business segmentation and micro services in a modern distributed enterprise. Marie-Michelle's experience and extensive insight into the topic should give you something to think about as you go back to your day job in security. Guest:Marie-Michelle Strah ( @CyberSlate ) -Marie-Michelle Strah. PhDis currently Senior Principal in the Enterprise Architecture Group at Infosys...
DtSR Episode 235 - NewsCast for March 7th 2017
A Note on the Passing of a Legend Howard Schmidt passed away this week Long, distinguished career as one of the CISOs who got it He will be missed in government and private industry - he was on our show too (December 2015) http://podcast.wh1t3rabbit.net/dtsr-episode-166-cyber-security-from-board-room-to-white-house Are SysAdmins Violating the CFAA? This is, by all accounts, an insane criminal defense...or is it? Can what sounds like a stretch logically, be used maliciously by employers? The law is about intent - does this invalidate his claim? Link: https://nakedsecurity.sophos.com/2017/02/27/it-admin-was-authorized-to-trash-employers-network-he-says/ Yahoo Board Sends Message That Echoes After a string of breaches, the board conducted an...
DtSR Episode 234 - Straight Talk on National Security
This week, the interview is extra special because we have a guest I've personally been following for a long while, and I finally got a chance to virtually sit down and talk through his considerable areas of expertise. I'm pleasured to say we had a chance to sit down virtually with Professor Tom Nichols and talk international affairs, foreign policy and all the important things getting lost in the off-color political arguments lately. These are important issues to cyber security professionals that impact our daily lives - but rarely get discussed by someone with actual, credentialed expertise. Enjoy this one,...
DtSR Episode 233 - Reflecting on RSA Conference 2017
This week, fresh on the close ofRSA Conference 2017James, Michael and I discuss the happenings of the conference, lessons, and features along with some inside anecdotes you won't get from anywhere else. Of course, we add our own unique blend of snark and humor - but that's what gets you listening and coming back for more. We'd like to say a bigthank you to everyone who voted for us in the RSA Social Security (Security Bloggers) Awards. We didn't win, but we feel good aboutthe audience we've acquired and will keep working hard to spread the message. So to all...
DtSR Episode 232 - Security, Fraud, Digital Payments
This week, while the security world congregates at RSA Conference 2017 we present to you Neira Jones, discussing digital payments, fraud and the world of security as it applies to this domain. In a fascinating discussion, we discuss many of the topics security executives and leaders are talking about right now - but as you have come to expect this is less about 'security' and more about protecting what matters. We want to thank Neira for taking the time out of her busy schedule to join us on the show, and encourage discussion on the topics we covered - if...
DtSR Episode 231 - NewsCast for February 7th 2017
It is that time of year of W-2 Scams There have been multiple reports of companies releasing W-2s through email scams. Link: http://cbs4indy.com/2017/01/31/scammer-gets-copy-of-w-2-form-for-every-scottys-brewhouse-employee-after-data-breach/ Cops use pacemaker data to charge homeowner with arson, insurance fraud Becoming a common occurance with IoT devices. If you are creating these devices, are you considering: Storage of the data Privacy policy Education around how data is stored and could be used From an enterprise perspective: How many of these devices are inside your organization How do any of these tools factor into your own forensics approaches? Have you explored any of the liabilities What if...
DtSR Episode 230 - The IoT You Got for Christmas
On this Down the Security Rabbithole podcast we're joined by Stephen A. Ridley & Jamison Utter (yes, again with this guy) for a discussion on the finer points of Internet of Things (IoT) security ... or complete lack thereof. If you own gadgets that are 'connected' or you are ever around them (hint: you're surrounded by things that pull IP addresses right now) then you need to listen to this podcast. Some great discussion in what was the very first podcast we recorded in 2017. Guests: Stephen A. Ridley aka "@S7ephen" Jamison Utter aka "@jamison_utter" Have something to say? Let's...
DtSR Episode 229 - NewsCast for January 24th 2017
Hi friends! We're honored to be finalists for the Security Blogger Awards 2017 "Best Security Podcast" so if you listen, go vote for "Wh1t3Rabbit" (as we're labeled) Link:https://devops.com/2017-social-security-blogger-awards-open-voting/ Digital transformation forces businesses to rethink cybersecurity A change where operations are being held accountable for security James has commented on this before. In order to get better security, it needs to be embedded in the teams within the organization, not just the security team. Link:http://www.cio.com/article/3157478/security/digital-transformation-forces-businesses-to-rethink-cybersecurity.html Mobile is still the safest place for your data Most breaches are taking place in physical mediums, or traditional platforms Mobile was designed in the midst...
DtSR Episode 228 - Another Look at Endpoint Security
This week, Paul Hershberger joins us to talk about taking a fresh look at endpoint security for the new year. Paul has some insights into balancing risk/usability and how some of the things you've heard about endpoint may simply be ... wrong. Join James and I as we let Paul endow us with his wisdom and experience... take some notes, this one's going to be good. Guest Paul Hershberger - @pjhersh13-Director IT Global Security Risk and Compliance at The Mosaic Company. Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube...
DtSR Episode 227 - NewsCast for January 10th 2017
St. Jude, MedSec and the FDA FDA, St. Jude go through disclosure/fix cycle No mention of MedSec - interesting for discussion; did they have an impact? St. Jude does a fairly great job of notification, updating Benefits outweigh the risks... thats a big statement http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm535843.htm http://www.businesswire.com/news/home/20170109005921/en/St.-Jude-Medical-Announces-Cybersecurity-Updates http://www.medsec.com/entries/stj-lawsuit-response.html http://podcast.developsec.com/ep-56-security-contacts New York financial regulator to delay cyber security rules Originally supposed to go into effect Jan 1.. New Date is March 1 We discussed in passing in a previous episode There are final adjustments being made, of course http://www.reuters.com/article/us-cyber-new-york-idUSKBN14A224 Massachusetts makes data breach reports available online http://turnto10.com/news/local/massachusetts-makes-data-breach-reports-available-online-01-04-2017 Seems less like a report...
DtSR Episode 226 - Targeted Threats Facts From Fiction
Welcome to the first Down the Security Rabbithole Podcast episode of 2017! We would like to kick off this year, and the run to episode 250 with an episode that dissects the facts from the fiction on the topic of "Advanced Threats". With all the talk in the news about the Russians "hacking the US election" (yes, that's absolutely silly to call it that) and talk of retaliation, it's important to have a frank discussion on the merits of the concept ofadvanced threats. Sit back, grab a coffee and listen. I know you'll want to listen to this one more...
DtSR Episode 225 - NewsCast for December 20th 2016
Merry Christmas, Happy New Year everyone! May your holidays be filled with joy, love and family. From Michael, James and myself we wish you the very best and a healthy, prosperous and fulfilling 2017. We will be back in 2017 with another great DtSR Episode... but before we go - here's one last NewsCast for 2016. Yahoo - setting records again - biggest hack ever It happened again: Yahoo says 1 billion user accounts stolen in what could be biggest hack ever 1 billion accounts.. But 1 billion users? Probably not It was 2013 does it even matter? Bigger issue...
DtSR Episode 224 - Pointing the Finger of Responsibility
On this episode of Down the Security Rabbithole we tackle the question head on. Whose responsibility is security? Is it the end user who should be responsible for patching the devices they own? Is it the vendor who sells the wares? Is it the manufacturer who sells things with security issues? What if it was everyone's problem? How do we police, legislate and ultimately assign blame? Should we be assigning blame, and more importantly what gives with this fascination for blaming the victim? Lots of questions are asked and we start to tackle some of the answers...maybe. Guests: Shawn Tuma...
DtSR Episode 223 - NewsCast for December 6th 2016
Federal Government Disproves the Myth of Cyber Talent Shortage If the government can find and hire them - they exist What does that mean for the rest of us hiring? https://cio.gov/how-to-snag-talent-to-fill-critical-cybersecurity-positions-at-your-agency/ 5 Mistakes to Avoid to Hire Qualified Application Security Talent Not understanding current needs Ignoring existing resources Not sharing the workload Not defining the role Overly broad job requirements General Idea: We say we need security talent, but we dont step back to really understand what we actually need given our current status and resources https://www.jardinesoftware.com/5-mistakes-to-avoid-to-hire-qualified-application-security-talent/ Obama Cyber Security Commission to [Finally] Present Its Report Seems like lots of...
DtSR Episode 222 - Zero Trust Security Model
This week, after a long wait, we have John Kindervag on the show! John talks us through the concept of "Zero Trust Security" and where and how it's implemented. It's a concept everyone should be familiar with by now - but I bet you aren't! Join us, and as always provide feedback to the team using the hashtag #DtSR on Twitter, and you can always ping John directly at @Kindervag as well.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 221 - NewsCast for Nov 22 2016
DHS Releases Strategic Principles for Securing the Internet of Things https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL....pdf These seem to be the same principles that we have been saying for all software (web, mobile, etc.) NIST also has a more generic publication 800-160 What is the implication for the enterprise? Do we prioritize anything differently as a result What about the need for IoT legislation? Is the marketplace broken? If weve told people before but they didnt listen, does that actually mean they are wrong? This is an area where we need to think about what were actually asking for http://thehill.com/policy/cybersecurity/306418-house-subcommittee-chair-regulation-of-internet-connected-devices-not Facebook buys black market passwords...
DtSR Episode 220 - Blaming the Breach Victim
This week, Patrick Dennis - the CEO of Guidance Software - joins us to talk about the Enterprise Security world's fascination with blaming the breach victim. We talk through some of the key issues and look for a way off the hamster wheel. As always, #DtSR on Twitter to join in our conversation.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 219 - NewsCast for Nov 8th 2016
It is election day.. Have you voted? Beware, IPhone Users: Fake retail apps are surging before the holidays The issue of brand protection and knock-off websites, apps and such is real Spilling over into digital world, from physical What is your company doing to protect yourself and your customers? http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html?_r=0 Moving Beyond EMET EMET is going away in a while Most of the features are now built into Windows 10 This is a great thing (built in vs bolted on security) https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/ Tesco Bank blames systematic sophisticated attack for account losses Fraud system appears to be working - good ~40,000...
DtSR Episode 218 - The Business of Security
This week on DtSR Chad Boeckmann - President of Secure Digital Solutions - joins us to talk about the business of security. While the "bad guys" are running their criminal enterprise, security teams have struggled to be business-relevant. This discussion starts to dive into how to align security and business goals, answering the "how much is enough?" question and so much more. Thanks to Chad for joining us. We encourage you to ask questions and leave comments here in the comments section or on Twitter at #DtSR. You can talk to Chad directly at @cboeckm on Twitter.Have something to say?...
DtSR Episode 217 - NewsCast for October 25th 2016
The Massive DDoS That Hit Dyn.Org Massive DDoS disrupts a ton of popular websites (Netflix, Twitter, etc) IoT used to amplify attack What does this mean for corporate users, home users, and vendors? https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/ Verizon Reviewing Terms of Yahoo Deal As Revenue Slides Is this really the result of the breach or did someone just get cold feet? Were speculating, but weve heard this type of talk before To be honest, Yahoo! saw arise in earnings over what was projected http://www.wsj.com/articles/verizon-revenue-falls-below-views-1476966420 Passwords - Were Still Giving Out Horrible Advice Why are companies still making their end-users follow ridiculous policies? Selfies?...
DtSR Episode 216 - Why Software Insecurity is Still a Thing
This week, #DtSR takes a trip down Software Security lane or as some call it "How are we still writing code with bugs that we found relatively concrete fixes for in the late 90's?" (I may have been watching too many John Oliver episodes...) Jeff Williams ( @Planetlevel ) and Tyler Shields ( @txs ) join me to talk this topic over from where we've been, to what we're doing now, to what the solution to this mess will be one day in the future. It's an interesting conversation that should stir up some emotion if you've been in AppSec...
DtSR Episode 215 - NewsCast for October 11th 2016
Security Fatigue Can Cause Computer Users to Feel Hopeless and Act Recklessly, New Study Suggests https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly Is this indicative of the broader population? (Someone check the sample size?) What does this tell us about enterprise vs. consumer security thinking? Is security to blame? Our insulin pumps could be hacked, warns Johnson & Johnson http://www.welivesecurity.com/2016/10/06/insulin-pumps-hacked-warns-johnson-johnson/ Big hat-tip to Jay Radcliffe ( @jradcliffe02 ) for what appears to be a very well-orchestrated andsane disclosure What is the added cost of proper authentication and secure communication? Let's use this as a teachable, but minus the typical FUD, moment for product development teams FBI...
DtSR Episode 214 - Financial Impact of Breaches
Grab a cup of coffee, jack in your earphones and listen up. DtSR Episode 214 is addressing the issue of breaches, and theirmaterial financial impact to an organization. The premise is simple - when you have a breach, are you going to see massive stock price drop, client exodus and so on? We sit down with legal expert and DtSR regular Shawn Tuma and researcher Jon Nichols to talk this through with James, Michael and yours truly. Check this episode out. It may sting a bit, but once you come to grips with its reality - the world looks a...
DtSR Episode 213 - NewsCast for September 27th 2016
Quick update and invitation from Michael: starting to explore rolling out services and improving the Straight Talk Framework. If youre up to discuss with me - Ill offer a brief overview and then a setup for Straight Talk review to explore how to get you started. Its a real offer because I know well both learn. And then Ill get a better sense of where to focus and how to help more people in our industry. Note on yahoo: well talk to Shawn later How are Healthcare Data Breach Victims Affected by Attacks? It opens with some hype: Healthcare cybersecurity...
DtSR Episode 212 - Insider Threat Primer
In this episode, we talk with Mike Tierney, who is the brand-new CEO at Veriato. In our conversation we talk through a primer on insider threat, and use the great example of hosting a dinner party. Mike has loads of nuggets of wisdom from his experience and we're certain that if you're a seasoned insider threat professional, or just thinking about the topic and wondering if you can do anything to protect your company - this show will be a good primer for furthering your discussion and learning. Listen in, comment and share with your colleagues! Our show is always...
DtSR Episode 211 - NewsCast for Sept 13th 2016
Chrome to label more sites as insecure in 2017 Link:https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html Focus on sites that transmit passwords or credit card info over HTTP A USB Device is all it takes tostealcredentials from locked PCs Link:http://www.pcworld.com/article/3117793/security/a-usb-device-is-all-it-takes-to-steal-credentials-from-locked-pcs.html This is actually pretty interesting, but a little trickier than it sounds Still - it's quite fascinating that a USB attack works cross-platform, based on network activity and default USB behaviors DHS chief: 'Very difficult' for hackers to skew vote Link:http://thehill.com/policy/national-security/294956-homeland-head-very-difficult-for-hackers-to-skew-vote Instead of dismissing the claim, lets explore the merits Then lets consider what, if anything, it means for enterprise security It would be very difficult...
DtSR Episode 210 - Data Protection Primer
In this episode James and I invite Vlad Klasnja from Optiv's Office of the CISO, and Hudson Harris, Chief Privacy Officer at HarrisLOGIC, to talk about data protection.From defining the concept to providing some insight into how we can actually protect confidential information - we talk through a lot of complex issues in this segment. Join us! Guests Hudson Harris - Chief Privacy Officer at HarrisLOGIC Vlad Klasnja - Data Protection and Privacy Manager at Optiv Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 209 - NewsCast for August 29th 2016
NewsCast for Tuesday August 30th, 2016 Clinic Wont pay breach protection for victims http://www.zdnet.com/article/clinic-wont-pay-breach-protection-for-victims-ceo-says-it-would-be-death-of-company/ Are companies required to pay for credit protection? It is common, but is it required? Can a class action suit succeed to force it? Will that matter if they just declare bankruptcy? If not.. What is the purpose to filing the suit? California Bill would add security standards to data breach law https://bol.bna.com/california-bill-would-add-security-standards-to-data-breach-law/ But what is reasonable it cant just be what a reasonable company would implement. Bill Text - https://legiscan.com/CA/text/AB83/2015 Is this going too far? Is it too broad? Is it enforceable? St. Jude stock...
DtSR Episode 208 - Beyond the Ransomware Economy
This week Michael and I chat with Jamison Utter of Infoblox on one of the more interesting topics at hand - the economy of ransomware. We talk through the sudden popularity of the attack vector, the way the underground "criminal enterprise" has scaled and grown and the future of being a bad guy. If you have occasion to talk to your organization's leadership on the ransomware epidemic, you need to listen to this podcast first.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 207 - NewsCast for August 16th 2016
Quick note from Michael about the Straight Talk Framework & Program -- > Get your free copy at https://securitycatalyst.com/straight-talk-framework/ Launched a new program last week boy, did I learn a lot. Mostly, its my failure to explain. Im going to chronicle some of the lessons over the next few days and share them If youve already downloaded the questions - Id love to chat with you about your experience If you find yourself in a situation like this, lets chat. 25 minutes on the phone and well both benefit Until Monday, August 22nd, chance to get on board early and...
DtSR Episode 206 - Vulnerabilities, Disclosure, Ethics, Research and Security
In this episode we chat with Steve Christey Coley currently the Principal Information Security Engineer over at MITRE Corp. In this episode we talk through our industry's obsession with vulnerabilities, dive headlong into the thorny issue of security research, talk through the various issues with disclosure and even delve into some ethics issues. This episode is content-packed with some content that you will likely want to talk to us about. So here's how to find us: Steve on Twitter: @SushiDude Hashtag for the show: #DtSR Steve's Bio (from LinkedIn -https://www.linkedin.com/in/steve-christey-coley-66aa1826): Editor / Technical Lead for the Common Vulnerabilities and Exposures...
DtSR Episode 205 - NewsCast for August 2nd 2016
Quick note from Michael about the Straight Talk Framework -- > Ive separated the framework from the programs; the framework is free and available for download from my website. More on the way! To support both the framework and the programs, Ive just finished a video that introduces the 5 questions; I have an optional workbook available and make a special offer at the end of the video Im about to launch an online offering stay tuned for details $2.7 Million HIPAA Penalty For Two Smaller Breaches http://www.healthcareinfosecurity.com/27-million-hipaa-penalty-for-two-smaller-breaches-a-9270?rf=2016-07-18-eh&mkt_tok=eyJpIjoiWW1GaE5ERmtNR05oTldRMiIsInQiOiJ5YWd6dDg4cW84TXVCR0NCVkJ0KytQTnVwOHQ2UHBON0FMeWVZRDVleE82d3Zpdyt2S1RwNWFmZEs0aVRyQ3lMTlk3YWdaa0VmbnV4djVIOVVxczFUYkdsTHBKRGpld3h5bXU3aHRoNnhUaz0ifQ%3D%3D Interesting the info about the use of Google and lack of contract....
DtSR Episode 204 - On Changing Culture
This week, Chris Romeo joins Michael, James and I to talk about changing the security posture of an organization by changing culture. This episode talks through tough issues like incentives, measurements and success factors. This episode with Chris is of particular interest for leaders and those who are working hard to change companies at their core, for the long term. Chris Romeo's bio: Chris Romeo is CEO and co-founder of Security Journey. His passion is to bring application security awareness to all organizations, large and small. He was the Chief Security Advocate at Cisco Systems for five years, where he...
DtSR Episode 203 - NewsCast for July 19th 2016
Ransomware that's 100% pure JavaScript? Sort of... Slightly misleading article Generally a Windows-based attack (go where the users are) https://nakedsecurity.sophos.com/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required/ Researchers have come up with a 'cure' for ransomware Based on some interesting things like file-type changes, similarity measurements and entropy Interesting but not perfect ... do we even think perfect is reachable? Average of 10 files before an identification was made http://www.scmagazineuk.com/florida-researchers-claim-to-discover-cure-for-the-common-ransomware/article/509147/ The government has officially issued a 'fact sheet' on randomware Yes, it's a reportable breach Lots of interesting misconceptions (or half-truths) in this guidance Good for them for asking us to 'do better' but it's not enough...
DtSR Episode 202 - Outsourced but Better
This week on the Down the Security Rabbithole podcast, Brandon Dunlap isback for his second show. Following up on Episode 158 where we discussed outsourced security, this time around we talk through the next iteration of what "Managed Security" and outsourcing means to security. You're not going to want to miss this episode! As always, hit up our hashtag on Twitter at #DtSR and you can find Brandon on Twitter as well at @bsdunlap if you want to talk to him directly.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube...
DtSR Episode 200 - Privacy, Security, Risk and Law Collide
** Our 200th numbered episode! ** A note from Raf: Thanks to everyone who has been listening to us, tweeting us, and sharing the links to our podcast. We are absolutely floored with the support and listenership we've received. The average show now gets just under 2,500 downloads when released in the first week, and that number goes up every week. So from the bottom of my heart, I humbly thank you and hope you'll continue to listen, share, and comment. This week's episode is titled"Privacy, Security, Risk and Law Collide" as we host Dr. Chris Pierson and our recurring...
DtSR Episode 199 - NewsCast for June 21st 2016
In this episode.. The "Nuclear Bomb" analogy isn't working, stop using it" http://thebulletin.org/flawed-analogy-between-nuclear-and-cyber-deterrence9179 This is important with respect to how security people talk to real-life issues Here is another example: http://insight.kellogg.northwestern.edu/article/is-reading-someones-emails-like-entering-their-home/ iOS apps will require secure https connections by 2017 http://www.cnet.com/news/ios-apps-will-require-secure-https-connections-by-2017/ We have seen this push on the web before Michael wrote about this topic back in March 2015 (https://www.developsec.com/2015/03/17/is-http-being-left-behind-for-https/) Saw the government push this for all public facing websites (https://https.cio.gov/) Inside Sierra: How apple watch auto unlock will let you jump straight into MacOS http://appleinsider.com/articles/16/06/16/inside-sierra-how-apple-watch-auto-unlock-will-let-you-jump-straight-into-macos Interesting idea here.. Thoughts? FICO to Offer 'Enterprise Security Scores' http://www.fico.com/en/fraud-security/cyber-security http://www.fico.com/en/products/fico-enterprise-security-scoring Is this...
DtSR Episode 198 - What Legal Counsel Wishes CISOs Knew
On this episode of the Down the Security Rabbithole podcast, Dawn-Marie Hutchinson, currently an Executive Director within the Optiv Office of the CISO joins us and we talk about the things that she's learned over her career working with legal counsel, CISOs and solving problems. A fantastic episode with lessons learned, and executive leadership crammed into less than an hour. Give it a listen! Find Rie on Twitter at @CISO_Advantage UPDATE: Thanks to Sean Jackson (@74rku5) who has hand-transcribed the show. I haven't read this, personally, so if there if he slipped any humor I can't be held accountable! http://pastebin.com/JMk0rpFQ...
DtSR Episode 197 - NewsCast for June 7th 2016
In this episode... Are people "going offline" as a result of increasing dangers of the Internet? This article makes the case for yes:http://www.techspot.com/news/64839-increasing-number-internet-dangers-driving-millions-americans-offline.html But ... "millions"? We collectively call BS As the world moves more to mobile and digital, who thinks they have 'control' of their own data anyway? "Sandjacking" allows attackers to install evil iOS apps IF that attacker is physically holding your device AND your device is unlocked AND it takes a while because you have to backup, and restore a phone ... one app at a time SO this isn't something you do to infiltrate someone's phone...
DtSR Episode 196 - Jason Witty
On this episode of the Down the Security Rabbithole podcast, I get the pleasure of sitting down with one of my all-time favorite Chief Security Executives, Mr. Jason Witty. He's had a long career of successful security leadership, and in this podcast he sits down with us to talk about risk, threats and words we often confuse. You're not going to want to miss this episode.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 195 - NewsCast for May 24th 2016
This week the gang's all here to talk about some news happenings. Michael, James and I talk through some of the stories we've been tracking. Have something you've been reading and want to talk about? Hit us on Twitter with hashtag #DtSR and suggest a topic/story for the next NewsCast! Tennessee Amends Breach Notification Statute http://www.natlawreview.com/article/tennessee-amends-breach-notification-statute Removes the exception for encrypted data. Will this raise the costs to companies? Encrypted or not, will credit monitoring be the norm? More lawsuits (even if the data is encrypted) Do we run the risk of notification overload? What do people do with these...
DtSR Episode 194 - Update on Cyberlaw w Shawn Tuma
In this episode... Michael and I welcome back Shawn Tuma, our resident Cyber Law Expert from the great state of Texas. We discuss some of the recent cases (unlocking an iPhone!) and some of the tough issues facing the court systems today. Shawn provides insights into the use of the finger (not joking) and some amusing and frustrating aspects of cyber law as the courts continue to evolve. Join us!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 193 - NewsCast for May 10th, 2016
In this episode.. ImageTragick - major flaw in open source image processing toolkit ImageTragick is CVE-2016-3714 Logo & Website: https://imagetragick.com Has a logo, so it must be yuge Is this really that big of a deal? How many are impacted potentially? https://blog.sucuri.net/2016/05/imagemagick-remote-command-execution-vulnerability.html Remote code execution, with minor caveats - likely darn near everywhere Detroit company loses $495k to wire fraud Source was a faked email to make a wire transfer Why didnt someone verify this?! http://www.detroitnews.com/story/news/local/oakland-county/2016/05/03/troy-investment-company-hacked/83879240/ Will insurance pay out? Is the policy change too little too late? How can other companies learn from this? The Ransomware Epidemic (Optiv blog)...
DtSR Episode 192 - Healthcare and Critical Infrastructure Security
In this episode...Join our guest Larry Whiteside, Michael and I as werecordlive from InfoSec World 2016 in sunnyOrlando, Florida! We talk through the life of a CISO, and thechallenges of being in the Healthcare and Critical Infrastructurespaces and the similarities and differences. Larry has had a verydiverse and successful career leading some of the most challengingorganizations, so we dig into some of the things he's faced, howhe's addressed some of those bigger leadership-level challenges,and just the mess that healthcare and critical infrastructure arein right now.Don't miss this episode!GuestLarry Whiteside Jr. ( @LarryWhiteside ) -Larry is the VP ofHealthcare and Critical...
DtSR Episode 191 - NewsCast for April 26th 2016
In this episode...Only about a third of companies know how many vendors accesstheir systemsnearly every company is at risk for a third party breachit's almost impossible to vet every third partydeveloping a strategy and being consistent, scaling is keyhttp://www.csoonline.com/article/3055012/techology-business/only-a-third-of-companies-know-how-many-vendors-access-their-systems.htmlNo firewall, second-hand $10 routers are to blame for Bengladeshbank heistwe talked about this initially in episode 185(Link:DtSREpisode 185 - NewsCast for March 15th 2016)it's almost unfathomable that this happenedSWIFT attacked, now the suspected malware is identifiedJim McKelvey's Launchcode is helping unconventional techtalentinternal mentorships could be the keywho out there is doing this, talk back to us using hashtag#DtSR on TwitterThe Simpson's...
DtSR Episode 190 - Interview with Lance James
In this episode, James, Michael and I arelive from InfoSec World 2016 and we get the pleasure of interviewing Lance James fresh off the keynote stage. In this intimate, fast-paced and bold interview we talk through some of the challenges InfoSec is facing today, and where Lance believes we should be going.If you haven't been to InfoSec World, we highly recommend going next year. The content team continues to provide a solid mix of technical, managerial and transitioning information security speakers. Make sure you have this one on your calendar for next year, and being the family!Have something to say?...
DtSR Episode 189 - NewsCast for April 12th 2016
In this episode...Pros examine mossack-fonseca breach: Wordpress plugin, Drupal likely suspectsPlug-ins seem to be a universal weaknessMany companies have this type of 3rd party security issueThe broader enterprise implications - how do you find these sites?http://www.scmagazine.com/pros-examine-mossack-fonseca-breach-wordpress-plugin-drupal-likely-suspects/article/488697/WordPress pushesfree https encryption for all hosted sitesWhat's the problem we're trying to solve?2 separate issues, trust vs. authentication - know which you're solvinghttp://www.securityweek.com/wordpresscom-pushes-free-https-all-hosted-sitesIf you can't break crypto, break the clientBishop-Fox researcher finds webkit bug in iMessageJavaScript in iMessage, sure, why notSame-Origin-Policy (SOP) not enforced since it's a desktop apphttp://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/Executives - "We're not responsible for cyber security"Raf: This is squarely the fault of security professionals...
DtSR Episode 188 - Security Talent Truths
Intro song: "Josh Gabriel - Deep Down"; Intro/Outro v/o courtesy of @ToddHaverkosHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 187 - NewsCast for March 29th, 2016
In this episode...BadLock bug (which now has a website, a graphic, and more hype than Bieber) is out thereIs the bug really worth all this hype?Is this anything more than a PR stunt, and a big marketing opportunity?Everyone has an opinion, but one thing is for certain, this bug is making big waveshttp://www.wired.com/2016/03/hype-around-mysterious-badlock-bug-raises-criticism/Yourwireless mouse is probably a security risk... seriously.RF-based mice typically don't use encryption or mutual authenticationSome do (all of my Microsoft & Logitech mice tell me they mutually authenticate & encrypt... I think)How far up, or down, your risk register is this one; and how much should it...
DtSR Episode 186 - Becoming a CISO
In this episodeI posed some questions to Joey, an InfoSec professional who had recently moved into a CISO role in a midwest retail company:Let's talk a little bit about the background you had before walking into your first day as a CISO...How long have you been in your role, and what do you think "so far"?What do you think were the biggest lessons you've learned in your time as a new CISO?What do you make of all the talk about CISO burn-out rates, and the average tenure of a CISO being less than 2 years?What do you see as the...
DtSR Episode 185 - NewsCast for March 15th 2016
In this episode...The FTC is getting into providing guidance on password changesWell OK, this isn't really guidance, it's just a blogBut - does this mean that the FTC is getting into technical guidance?https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changesDwolla hit by CFPB and fined $100,000Who is the CFPB (Consumer Finance Protection Bureau)?This opening sentence is crucial: "The Consumer Financial Protection Bureau (Bureau) has reviewed certain acts and practices of Dwolla, Inc. (Respondent, as defined below) and has identified the following law violations: deceptive acts and practices relating to false representations regarding Respondents data-security practices in violation of Sections 1031(a) and 1036(a)(1) of the Consumer Financial Protection...
DtSR Episode 184 - A CISO Post-RSA WrapUp
In this episode, we wind down from RSA Conference 2016 and talk with Jonathan and Michael, both security executives and leaders at their respective companies whom were both out at RSA Conf and share with us some of their insights, lessons learned, and discuss some of the more interesting topics.Join James and I for an informative, insightful, and slightly unnerving conversation about the state of our industry. If you missed RSA Conference (or even if you were out there but wish you weren't) this is one you're going to want to listen to at least once.Have something to say? Let's...
DtSR Episode 183 - NewsCast for March 1st 2016
This is RSA Conference week, so while Rafal is out in San Francisco trying to make it through another one, James and Michael break down the news events that you may have missed.300,000 Homes affected by security alarm bughttp://www.forbes.com/sites/thomasbrewster/2016/02/17/simplisafe-alarm-attacks/#3202d4e679a3According to Spokesperson, Alarm still alerts users' smart device when the alarm is armed or disarmed.Device is an alerting mechanism, not a lockTechnically, wed consider this wait for it a detective control. Appears to only intercept when pin is entered into the device.. does this effect if user arms/disarms via their device?82 Percent of company boards are concerned about securityhttp://betanews.com/2016/02/29/82-percent-of-company-boards-are-concerned-about-cyber-security/Suggests that since...
DtSR Episode 182 - Apple Versus the FBI
In this episode...Michael and I moderate what turns out to be an expert-filled panel discussion on the real issues of the Apple vs FBI debateShawn Tuma, our favorite cyber attorney, provides expert insights into the statutes, laws and applicable legislation in this caseDave Kennedy, Von Welch and Gary bring their technical expertise and background to discuss the issues from a technology and policy perspectiveWe think this is one of those landmark podcast episodes you'll want to listen to a few times. Lots of interesting content here, and we encourage you to share!Don't forget, #DtSR on Twitter!Have something to say? Let's...
DtSR Episode 181 - NewsCast for Feb 16 2016
In this episodeClass action lawsuit against SuperValu dismissedNo damage (use of stolen information) so there's no case?As time passes, risk of use of stolen data, according to judge, decreasesThe precedent appears to be that in order to sue, you have to prove damage (imagine that?)http://legalnewsline.com/stories/510661014-data-breach-class-action-against-grocery-chain-dismissedNieman Marcus - breached again (with another lesson this time)http://www.bankinfosecurity.com/neiman-marcus-reports-new-breach-a-8843So is it official, not having MFA is weak authentication?Is someone accessing accounts through the web interface with stolen passwords a breach?Encryption would have done nothing to save any of this information as it was accessed through the interface.Did they have account lockout? What's the rest of...
DtSR Episode 180 - From the CISO Perspective
In this episode...Andrew discusses a few of the key challenges making it difficult for the healthcare sector right nowRobb, Andrew and Raf discuss the importance of identity in the corporate environmentRobb and Andrew give some of their wisdom for the successes and failures of CISOs (and the broader security industry)We discuss the technical vs executive CISO approach (which is better?)Robb and Andrew provide some unfiltered advice for CISOs and those who want to become themGuestsRobb Reck ( @RobbReck )- Chief Information Security Officer at Ping Identity, contributor toISSA Denver with a long history as a successful security executive and leader.Andrew...
DtSR Episode 179 - NewsCast for Feb 2nd 2016
In this episodeEmployees may face penalties if theymisinterpret security policies?Human behavior still seen as the biggest weaknessEmployers are growing less tolerant of misbehaving employeesIf you "invite a data breach" you could be held liablehttp://www.welivesecurity.com/2016/01/14/employees-face-penalties-misinterpreting-security-policies/New lawsuit filed blaming Twitter for ISIS attackShould social media filter content from terror groups like ISIS?Can social media companies be held liable, why or why not?http://blogs.wsj.com/digits/2016/01/14/lawsuit-blames-twitter-for-isis-terrorist-attack/SCADA/ICS make incident response more complicatedTypical IR activities are complicated by the nature of ICS systemsDifferences are there, but strategy still possibleWhat is the path forward?http://www.darkreading.com/perimeter/how-incident-response-fails-in-industrial-control-system-networks/d/d-id/1324094Only in NYC: Dept of Consumer Affairs warns parents of baby monitor hacksThese issues seem to...
DtSR Episode 178 - What Will Get Us There
In this episodeWhat goes us here - so where are we?Where do we go, and how? (addressing stunt hacking)We discuss how we can influence outcomes, without hand waving and endangering livesWhat about truly understanding risk, versus security stuff?Michael breaks out the risk catnipRaf asks Haroon - What are the 2-3 things security does right now, that we should just quit?We discuss some of the breakers that are turning into builders, and implicationsWith the rate of bad vastly outpacing the rate of good - whats the solution?GuestHaroon Meer ( @haroonmeer )- Haroon is an internationally acclaimedlong-time industry insider and is working...
DtSR Episode 177 - NewsCast for January 19th, 2016
In this episodeFTC imposesa $250,000 fine for "false advertising" of encryptionInteresting case, where there really was 'false advertising'Would this even have been a 'security issue'?https://www.ftc.gov/news-events/press-releases/2016/01/dental-practice-software-provider-settles-ftc-charges-it-misledNY wants to ban encrypted smart phone salesAnother clear case of legislators being clueless?What about all the existing technology, and kit you can buy across state lines?http://www.zdnet.com/article/apple-iphone-ban-new-york-looks-to-outlaw-sale-of-encrypted-smartphones/Las Vegas casino is suing cybersecurity firm over "woefully inadequate" workAre there ethical implications here of a competitor defining negligence?Burden of proof is on casino to prove "woefully inadequate" - but against what standard?Does this ultimately raise quality, price or both for IR services?http://thehackernews.com/2016/01/casino-hacker.htmlThe FDA issues draft guidance of security...
DtSR Episode 176 - 2015 InfoSec Legal Review
We open up our 2016 year interviewing Shawn Tuma on the show. Shawn is our legal eagle, and a regular contributor to the podcast. This episode ran a little bit long (OK a lot long) but I think you'll enjoy the show...In this episode...Most important cybersecurity-related legal developments of 2015Tectonic Shift that occurred with standing in consumer data breach claimsDiscussion of law prior to Neiman Marcus case, and post Neiman MarcusDoes this now apply to all consumer data breach cases?Immediate impact? Companies now liable?Lesson is in seeing the trend and how incrementalism worksRegulatory TrendsFTC & SEC gave hints in 2014,...
DtSR Episode 175 - NewsCast for January 5th 2016
In this episode...Juniper has a backdoor problem2 separate issues, auth bypass & VPN weaknessbackdoor discovered in Juniper deviceslots of speculation on who put it there, but it was meant to be disguised as debug codeenterprise implications - same as before (what's the bigger picture?)https://isc.sans.edu/forums/diary/Infocon+Yellow+Juniper+Backdoor+CVE20157755+and+CVE20157756/20521/Iranians broke into New York dam in 2013 and had a look aroundno direct damage doneUS has largest number of ICS connected to Internetcritical infrastructure is vulnerable, being probedthis is not a government problem - every company has some ICS on their networkhttp://www.theregister.co.uk/2015/12/21/iranian_hackers_target_new_york_dam/Facebook announced its dumping Adobe Flashis this a bigger deal than it sounds likeHTML5 has...
DtSR Episode 174 - Health Check on Healthcare InfoSec
In this episode...We discuss what in the world is going on in the healthcare space, and why theyre such a target for attackersDustin discusses why the explosion in digitalization in health care is both amazing and terrifyingWe discuss future-proofing smart healthcareI stumble on the fundamentalsDustin discusses the security of data analytics in the healthcare spaceI ask how we can make health care professionals better security people, without making them security peopleI ask Dustin what the healthcare industry should be doing, going forward into 2016Guest"Dustin" is a progressive CISO at a Fortune 250 Healthcare organizationHave something to say? Let's hear it.Support...
DtSR Episode 173 - NewsCast for December 14th 2015
In this episode...Vizio is getting sued, over data their TVs collect?James provided security tips on the local news station and one of those tips was around the privacy details of your gadgetsCompanies need to be considering what they are doing with their dataAt what point does data go from an asset to a liability?Do companies understand the difference?http://www.consumerreports.org/lcd-led-oled-tvs/vizio-sued-for-smart-tv-data-sharingWyndham settles (caves to) the FTCAgrees to legally be bound to do things they should already be doing .. ?20years of auditsInteresting ending to the long saga, assuming the courts approvehttps://www.ftc.gov/news-events/press-releases/2015/12/wyndham-settles-ftc-charges-it-unfairly-placed-consumers-paymentThe US Federal Bureau of Investigation (FBI) admits to using 0day vulnerabilitiesWhy is...
DtSR Episode 172 - The Truth on Cyber Insurance
Thanks for joining us! This is a very important episode with true experts on the topic of cyber insurance. I was lucky enough to get an attorney and a VP of an insurance firm who specialize in the topic and their depth of knowledge and candor may shock you.The net is that cyber insurance is a positive for our industry.In this episode..Eran says that if you dont do good security, the courts will frown down upon thatKeith tells us why insurance covers security, but it does not cover negligenceWe start back on the discussion on the importance of knowing your...
DtSR Episode 171 - When the FTC Attacks
In this episodeI interview Mike Daugherty - author of The Devil Inside the Beltway [Amazon.com link] live from the Security Advisor Alliance first-ever Summit in Dallas, TX. Mike was kind enough to sit down with me (twice, thanks to a tech failure) and tell his absolutely surreal story of what happened to him, his company at the hands of what can only be described as an insane situation.If you own a business, or manage a business, or work in enterprise -- you need to hear Mike's story. If it wasn't documented and video recorded, you'd never believe it's true.Truth be...
In this episodeWe start a constructive discussion addressing the problem of the talent shortageThe panel discusses the general lack of understanding of the big picture challenge from both sides: business and securityThe panel discusses basic security issues in an expanding ecosystem of Internet connected thingsThe panel discusses some real potential solutions to our talent issueGuestsBryce Austin ( @BryceA )Holly Miller ( @OPSEC_Girl )Jeff Man ( @MrJeffMan )Mike Kearn ( @MichaelKearn )Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 169 - NewsCast for November 16th 2015
In this episode...Is this seriously the FBI suggestion to companies hit with ransomware?http://thehackernews.com/2015/10/fbi-ransomware-malware.htmlSets an awful precedent ... or does it?What other options are there?Would you take this advice?Microsoft is opening a data center in the UK ...why?http://thehill.com/policy/cybersecurity/259656-microsoft-opens-uk-only-data-center-following-eu-rulingHave the US spying revelations finally hit home?What about EU Safe Harbor?What do you think, if you're a multi-national Internet company?Is healthcare really that far behind enterprise security?http://www.cnbc.com/2015/11/11/us-health-care-way-behind-on-data-security-says-forrester.htmlForrester calling out the healthcare sector for being far behind on securityIs there more pressure, less attention, or more legacy? (or all?)How do you fix this situation?Disheartening (but predictable) state of human weaknesshttp://www.scmagazineuk.com/many-uk-workers-willing-to-sell-their-companys-ip-study/article/452428/Are your employees willing to...
In this episodeRob & Liam discuss the practical applications of threat intelligence for today's enterpriseWe discuss what enterprise threat intelligence really is (and also what it isn't)We discuss the place of feeds, tools, processes and people in the mechanics of the programWe discuss the need to conduct a program-based intelligence approach for the enterpriseGuestsLiam Randall ( @hectaman ) -With a career spanning 20 years, Liam Randall has worked at every level of the information systems pipeline- from building and operating large networks, developing and maintaining large 100M+ e-commerce solutions, to designing and implementing global network security monitoring sensor grids. A...
DtSR Episode 167 - NewsCast for Nov 2nd 2015
In this episode...Turn any old car into a "smart car" for $200 with this new miracle device"BACKED BY FROGVENTURES, VOYOMOTIVE IS TACKLING THE BURGEONING CONNECTED-CAR SPACE"Could be a fantastic ideaCould be an awful ideaHas anyone considered the security ramifications?What about privacy?http://www.fastcodesign.com/3052012/this-device-will-turn-your-clunker-into-a-smart-car-for-200?utm_source#4OMB preps cyber sprint follow-upMichael's take on "gap focus": http://www.csoonline.com/article/2992553/security-leadership/stop-focusing-on-gaps-to-gain-influence-as-a-security-leader.htmlHoping for 75% authentication for 2FA - not exactly greatLots of challenges here, but is this the right thing to do?TalkTalk breached, 3 teenagers arrested, CEO goes tone deafCEO says they "were not legally required to encrypt client information"Teenagers arrested in breachThe poster child for having a breach preparedness plan, before...
DtSR Episode 166 - Cyber Security From Board Room to White House
In this episode...Rafsits down with Howard Shmidt to talk about Cyber Security from the public to private sectors and everything in between.Howard & Raf talk through challenges of cyber security in the board roomHoward gives us some of the challenges that government faces, from his experienceDon't miss this episode!GuestHoward A. Schmidt ( @HowardAS ) -Former Supervisory Special Agent,Director of Computer Crime and Information Warfare, AF OSI, Former CSO Microsoft Corp. Former Chairman of White House Critical Infrastructure Protection Board, VP, CISO eBay Inc. Special Agent, US Army CID (Reserves). Law Enforcement Officer Chandler Police Department, AZHave something to say? Let's...
DtSR Episode 165 - NewsCast for October 19th, 2015
In this episode...Standard & Poor's Adding Cybersecurity to RatingsThe headlineIn a report issued this week, the rating agency says it could issue a downgrade before a cyberattack if a bank looked ill-prepared, or following a breach that causes significant damage to a bank's reputation or which leads to substantial monetary losses or legal damages.Behind the curve? Stop.Michael wrote about it this week - stop calling it gaps 16 questions good start?How long has it typically taken to detect a cyberattack?What containment procedures are in place if the bank is breached?How many times was the business the target of a high-level...
DtSR Episode 164 - 3rd Party and Supply Chain Risks
In this episode...Raf asks why we talking about global supply chain, 3rd party risk againJosh discusses what little things we are not thinking about today, that we shouldJosh discusses what happens as companies move critical data to the cloudWe discuss regional IT in a global data worldRaf opens up the tiny company 3rd party can of wormsWe discuss the cyber crime survey and CISO board reporting results; link:http://www.csoonline.com/article/2978020/security-leadership/do-boards-of-directors-actually-care-about-cybersecurity.htmlWhat about supply-chain issues with electronic components, software?Guest:Josh Douglas - CTO for Raytheon Cyber Products has nearly two decades of experience in helping global enterprises and government agencies secure their most prized business/mission...
DtSR Episode 163 - NewsCast for October 5th, 2015
In this episode...Patreon got hacked, but it's OKThis is a lesson in how to do security in a reasonable mannerGreat response, good securityhttps://www.patreon.com/posts/important-notice-3457485The double-edged blade of the DMCA could have helped VW cheat emissionsReverse-engineering illegalDefinitions of 'researcher' and further 'independent researcher' are interestingly defined - lots of room for discussionhttp://www.itworld.com/article/2986856/enterprise-software/how-the-dmca-may-have-let-carmakers-cheat-clean-air-standards.htmlCFOs are getting involved in security whether they want to or notGood to-do checklist for CFOshttp://ww2.cfo.com/accounting-tax/2015/09/deals-demand-prior-cfo-involvement-data-security/Lawsuits preventing disclosure of vulnerabilities in the newsWe're "chilling security research" againGood points made, on top of bad points and half-truthsStems from the Fireeye vs ERNW fighthttp://ww2.cfo.com/accounting-tax/2015/09/deals-demand-prior-cfo-involvement-data-security/Verizon reports on the state of network transformationsecurity still an...
DtSR Episode 162 - OSINT and Privacy in a Digital World
In this episode...Kirby tells us what OSINT isWe discuss how much we are giving away on digital channels?We discuss if there is such a thing as anonymity anymoreLocation sharing in apps the bad, the ugly, the scaryKirby and Michael discuss checking up on your executivesRaf talks about logo pages why do these still exist?!Kirby gives us some thoughts on OPSECKirby leaves us with a dose of reality about privacy in todays worldGuestKirby Plessas ( @kirbstr ) - Kirby is the CEO of Plessas Experts Network, Inc. She did some things before this too, but we can't tell you about them...
DtSR Episode 161 - NewsCast for Sept 21st, 2015
On this episode of the NewsCastIntel forms new Automotive Security Research Board (ASRB) to focus on security of their automotive platformhttp://newsroom.intel.com/community/intel_newsroom/blog/2015/09/13/intel-commits-to-mitigating-automotive-cybersecurity-risksGood security as a competitive advantage?Interesting development in the effort to secure cars as a technology platformAppeals court forces the issue of 'fair use' in DMCA casehttp://www.engadget.com/2015/09/14/appeals-court-copyright-holders-must-consider-fair-use-before/Interesting development in the case against Universal Music Group's malicious prosecution and nonsense take-down ordersBitpay sues their insurance company after giving away $1.8Mhttp://www.coindesk.com/bitpay-sues-insurer-after-losing-1-8-million-in-phishing-attack/Interesting argument in court - indirect lossCompany exec got phished for credentialsExecs fall for "transfer large quantity of money" scamFollow this case!China making demands of US tech companieshttp://www.engadget.com/2015/09/17/china-us-tech-companies-security-policies/This has happened before...US companies...
DtSR Episode 160 - Leadership from a Navy SEAL
In this episode...Brandon, Michael and I discuss the challenges of leadership and how leadership is more than just telling people what to do. Brandon gives us some of his back-stories and anecdotes to illustrate his points on leadership along the way.I promise you'll love this episode, and I highly encourage you to go donate what you're able to, to Red Circle Foundation (http://redcirclefoundation.org).GuestBrandon Webb (@BrandonTWebb ) - Brandon is a former Navy SEAL, bestselling author and CEO of Force12 Media. He founded Red Circle Foundation as a way to give back to the families of the Special Ops community in...
DtSR Episode 159 - NewsCast for Sept 7th 2015
In this episodeCourt strikes down Wyndham's challenge to FTC powerWe have covered this beforeWyndham argued due proces and lack of case law - asked for dismissalCourt said no dismissal, FTC has standingFTC is arguing that Wyndham made promises it did not keepShould be interesting to watch this go to court (or likely not)http://www.csoonline.com/article/2975915/data-breach/wyndham-vs-ftc-corporate-security-pros-need-to-lawyer-up-about-data-breach-protection-experts-say.htmlAshley Madison hauled into court by class-action suitLots of thorny issues here, must separate out moral from legalShines light on the continued bias for breach preventionInteresting Streisand effect herehttp://www.csoonline.com/article/2975755/data-breach/ashley-madison-hauled-to-court-in-class-action-suits-over-data-breach.htmlVerizon launches Hum OBD port vehicle monitor and communication toolIn light of the stunt-hacking against Chrysler/Jeep is Verizon tone deaf?..or...
DtSR MicroCast 08 - Conference Engagement
In this MicroCast, live from HTCIA Conference 2015 in Orlando, FL, Michael and I quickly set the stage for a conversation on conference speaker/attendee engagement.[Raf] One of my biggest pet peeves as a speaker is getting a room-full of people who watch (and listen) me speak, wait for me to finish, and leave when I'm done.[Michael] As an attendee, you need to know what you "do" and what you're looking for from the conference.--> Here's the link to the article Michael mentions:http://paulsohn.org/how-to-connect-with-anyone-you-just-met-with-5-questions/We welcome the discussion on this topic, #DtSR on Twitter!Have something to say? Let's hear it.Support the show>>> Please...
DtSR Episode 158 - Managing Security with Outsourced IT
In this episode...We discuss what life is like as the CISO when you have all the responsibility for, but no administrative access (or hands on keyboard)Brandon tells his story about how his IT organization went from in-house, to out-house, and how they got where they areBrandon tells us the process and strategy he uses to get a handle on his securityWe discuss why visibility is one of the most important things to outsourced IT (and security)Brandon tells a story of an incident where things went very sidewaysWe discuss the balance between outsourcer scalability and customer deviationsBrandon tells us why sometimes...
DtSR Episode 157 - NewsCast for Aug 24th, 2015
In this episode...Just when you thought America's neutered "chip & sign" was a safehttp://krebsonsecurity.com/2015/08/chip-card-atm-shimmer-found-in-mexico/Admittedly we put these stories in here just to get Michael all fired upAshley Madison's data and source code andCEO's email spool now released and publichttp://www.theregister.co.uk/2015/08/20/ashley_madison_email_dump/http://www.csoonline.com/article/2973575/business-continuity/ashley-madison-self-assessments-highlight-security-fears-and-failures.htmlSo much to talk about that's just wrong with this story...Uber is hiring people for securityhttp://www.ibtimes.com/uber-boost-security-staff-after-data-privacy-concerns-2055903Does more headcount equal better security?Where will these people come from given the shortage of talent? That gadget you attached to your OBD2 port on your car to "save on car insurance" may be used to kill youSeriouslyThe dangers of all these wireless & connected devices is...
DtSR Episode 156 - Leadership Defined Measured and Discussed
In this episode...We discuss the ever-growing need for strong leadership in securityI ask whether experience and longevity in a position naturally brings leadership qualitiesWe talk through how leadership interplays with other competenciesMichael asks whether the security leader has a place at the executive table (the "big kids table")Michael asks if the MBA has value in security leadershipWe discuss the model my team uses for leadership and how we build themMichael and Heath discuss various competency models for leadershipWe discuss measuring, KPIs and relative distanceWe discuss how leaders can make better decisionsHeath leaves us with an Alex Hutton quoteHave something to...
DtSR Episode 155 - NewsCast for Aug 10th, 2015
In this episode...The Belgian government's internal phishing test has "gone off the rails" a bitUsed a legitimate entity to test againstPanic and hilarity ensued, but mostly panichttp://www.networkworld.com/article/2951514/security/belgian-government-phishing-test-goes-offtrack.htmlBritish ICO makes a 180,000 pound fineDisconnect between policy and realityWas anything lost?2 big failures lead to a finehttps://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2015/08/ico-fines-nationwide-money-lender-the-money-shop-180-000/McAfee and Black Hat attendee surveys wildly differentAnswers you get depend on who and how you askInteresting answert though...Lesson: The more experience you have, the less confidence?http://www.slate.com/blogs/future_tense/2015/07/21/two_surveys_of_cybersecurity_professionals_show_starkly_different_attitudes.htmlHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
In this episodeRaf asks - Why havent we solved the same old software security bugs?James asks how a security team gets out of the way and still get better security?We discuss threat modeling, and channel a bit of John StevenJeff talks about the OWASP ESAPI and standard security libraries and controlsJeff talks about libraries with known vulnerabilities and the role of open source componentsRaf brings up the ugly side of enterprise outsourcing - code development by committeeWe discuss static, dynamic and run-time security toolsRaf asks Jeff what the RIGHT approach to creating a software program looks likeGuestJeff Williams (@PlanetLevel )...
DtSR Episode 153 - NewsCast for July 27th, 2015
In this episode..."Hackers remotely kill a Jeep!"Lots to talk aboutBasics of segmentation weren't followed, aren't followedDiscussion on software 'fitness' and liabilityhttp://www.cato.org/blog/hackers-remotely-kill-jeepFirefox blocks Flash and FaceBook calls for its deathShould it concern you that FireFox can change your config without your permission or an update?How helpful is this? Does the message/pop-up actually DO anything to stop users from clicking YES?http://money.cnn.com/2015/07/14/technology/flash-firefox-facebook/index.htmlAshley Madison (the cheating website) breached!Check their privacy policy - is it consistent with actions?Did this event delay or possibly end the company's aspirations of going public?The morality of AM's business model shouldn't be an issue here - but it keeps coming...
DtSR Episode 152 - The Great InfoSec Talent Shortage
In this episodeTalent shortage - is it real, and how bad is it?We discuss: what does negative unemployment actually mean?Michael asks- ecurity is still relatively new, how do we determined what qualified means?What skills are necessary to be a good security professional?Hiring - we discuss how we get better at screening potentially qualified employeesWe discuss how we can vet out real experience, versus resume skillsMark and Michael discuss specialization, automation, and optimizing our workforceMark shares his thoughts on growing and retaining top talentGuestMark Orlando ( @MarkAOrlando) -As the Director of Cyber Operations, Mark is responsible for Foregrounds Federal practice as...
DtSR FeatureCast - HTCIA International Conference 2015 Preview
In this episode...Peter Morin joins us to talk through the upcoming HTCIA International 2015 Conference in sunny Orlando, Florida.We talk through a preview of talks, events, and some interesting reasons you should be going to HTCIA Int'lCheck out the incredible lineup of keynotes, speakers and talks - http://www.htciaconference.org/Come see the #DtSR crew live and in person as we record and broadcast from the conferenceHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 151 - NewsCast for July 13th, 2015
In this episode...Appears as though Windows 10 WiFi Sense could have some issues with WiFi -- more on this as it developsWhy is the default opt-in, and why in the world do I have to change my SSID to opt out?!Is it really a good idea to use an SSID to describe security constraints on your network? (Hint: NO)http://www.computing.co.uk/ctg/news/2415787/windows-10-wi-fi-sense-security-warning-over-automatically-shared-passwords"Washington Post will encrypt the news"Ridiculous click-bait headlineIs this a good idea? Shouldeverything be HTTPS?What about ads, are we defeating ourselves?https://hacked.com/washington-post-encrypt-news/OPM hackers stole 21.5million people worth of recordsThat's all government employees, past, present, and under-cover (possibly)1.1millionbiometrics (fingerprints) -- quick! go reset your...
DtSR Episode 150 - A CEOs Perspective
In this episodeWe take a little peek inside the mind of a CEO, from the security perspectiveWe discuss the state of information security in the last decadeDan shares his wisdom on how the role of a security professional and security leadership has changed over the course of his careerWe discuss about the talent shortage - and get an in-depth look at solving some of this problemDan shares with us his views on balancing people, processes and technology resources to achieve meaningful securityWe talk strategy, and Dan and the guys talk through why it's so vitalWe get Dan's "closing remark" (something...
DtSR Episode 149 - NewsCast for June 29th 2015
In this episodeWith me gone, James and Michael run feral!It's June, so here are the top 3 security priorities for CISOs for 2015 (yes in June)http://www.information-age.com/technology/security/123459699/top-3-security-priorities-cios-2015Boils down to: patch faster, improve credentials, code betterIs this the right list?It mentioned side-stepping cloud and mobility. What if migrating to the cloud offers the opportunity to not worry about patching or code, and improve your credentials?Someone pointed out to me that this matches the OPM hack; perhaps this is just content driven from that? Does that make it more or less valid?Let us know #DTSRCybersecurity tops advisors's compliance worries: pollhttp://www.thinkadvisor.com/2015/06/24/cybersecurity-tops-advisors-compliance-worries-polMore people concerned.This directly...
DtSR Episode 148 - Focus on the CISO
In this episode...What is the Security Advisor Alliance?We discuss some of the issues facing CISOs todayClayton gives us his perspective on how to solve some of those issuesClayton tells us about the mission of the SAAIf your'e a CISO, are you signed up for the SAA Summit? Shoot Clayton an emailGuestClayton Pummill ( @cp48isme )- https://www.linkedin.com/pub/clayton-pummill/10/32a/44a- Clayton is the executive director of the Security Advisor Alliance. He also has a storied background so I encourage you to give it a check!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home:...
DtSR Episode 147 - NewsCast for June 15th, 2015
In this episode...Facebook has released PGP-encryption-enabled email communicationsThe anti-privacy platform will now encrypt emails to you if you give them your PGP public keyDoes no one see the insane irony here?http://www.theregister.co.uk/2015/06/01/facebook_pgp_support/White House issues mandate for HTTPS (by default) for all federal websites"By the end of 2016"Is this a good thing? A bad thing? Or does it even matter?http://www.huffingtonpost.com/2015/06/08/https-federal-websites_n_7539164.htmlAttackers are using medical devices to pivot into health care networksThe Internet of Medical Things is insecureThere are challenges here, but the risks of moving faster aren't negligibleLots to be thought about herehttp://www.csoonline.com/article/2931474/data-breach/attackers-targeting-medical-devices-to-bypass-hospital-security.htmlKaspersky gets popped, cue the typical verbiage"Three previously unknown techniques""..highly sophisticated...
DtSR Episode 146 - State of Enterprise Incident Response
In this episode...Defenders are set up to fail? how and whyHow do we fill forensics and IR positions?What skills and qualifications do forensics/IR need to have?How can enterprises get better at IR from where they are today?How do we solve some of the problems plaguing the security industry?GuestAndrew Case ( @attrc) -Andrew Case is a senior incident response handler and malware analyst.He has conducted numerous large-scale investigations that span enterprises and industries. Andrew's previous experience includes penetration tests, source code audits, and binary analysis. He is a core developer on the Volatility memory analysis framework and co-author of the highly...
DtSR Episode 145 - NewsCast for June 1st, 2015
Apologies to anyone who is having issues downloading this episode!In this episode...The ACLU encourages the government to get into bug bountiesRead the original letter:https://www.aclu.org/sites/default/files/field_document/aclu_-_iptf_recommendations_submitted.pdfPoints 1 & 2 are at sanePoint 3 makes a hard left intointo crazy-townhttp://thehill.com/policy/technology/243265-aclu-says-government-should-offer-rewards-for-finding-security-flaws-on-itsThe massive taxpayer data fraud (not really a breach) is believed to be the work of Russia, says the IRSDoes it really matter?Was this a breach or an abuse of functionality?Would your company have caught this?http://www.cnn.com/2015/05/27/politics/irs-cyber-breach-russia/index.htmlCareFirst says their recent breach affects only about 1.1M peopleHealthcare is clearly in the "bad guys" target zoneQuick to point out what the attackersdid not get access toOf course...
DtSR Episode 144 - Insights from the ISC2 2015 Survey
In this episode...David Shearer, Executive Director for ISC2 joins us to talk about the results of theISC2 2015 Information Security Workforce StudyWe ask David to highlight some of the resultsWe discuss how malware and application security were identified as top threats 3 years in a row -- and what's to be done about thisWe discuss the major discrepancy between priorities from this survey and recent CIO surveysWe discuss the importance of communication skills (identified in the survey) while leadership and business management are far down the scaleWe discuss with David how under his leadership ISC2 can build a much tighter...
DtSR Episode 143 - NewsCast for May 18th, 2015
In this episode...Netflix launched FIDO (not that one, or that one, no the other one)Focused on automating incident response practicesFIDO is an orchestration layer that automates the incident response process by evaluating, assessing and responding to malware and other detected threats.If you don't use it, at least they provide a structured framework for response and IR workflowhttp://techblog.netflix.com/2015/05/introducing-fido-automated-security.htmlIT Chief leaves sensitive data in car- spoiler: it gets stolenSomething smells like a fish market in the July heat on this storyMaybe it's time to check in on YOUR off-site handling procedures?http://www.thestarpress.com/story/news/local/2015/05/10/chief-left-hard-drives-car/27083031/Crowdstrike discovers, names "Venom"Massive security vulnerability within thefloppy disk emulator in virtual...
DtSR Episode 142 - Basics and Fundamentals, That Win
In this episode...A quick walk-through of Robs talk (Hacker ghost stories), and why its completely relevant todaySimple things that workblocking java (externally)effectively blocking uncategorized sites in your forwarding proxies(not) resolving DNS internally(not) default routing to the Internet from insidecanaries in the coal mine, or evil canariesGuestsJames Robinson ( @0xJames) -https://www.linkedin.com/in/0xjamesCurrently the Director, Threat and Risk Management at Accuvant-Fishnet Security and part of the Office of the CISO. He has a long and storied career of success as an enterprise defender across various industries.Rob Fuller ( @mubix) -Rob is an experienced InfoSec industry insider, with many interesting achievements and accomplishments. He's...
DtSR Episode 141 - NewsCast for May 4th, 2015
In this episode...A join Ponemon Institute & IBM Security study shows that, surprise surprise, developers are "neglecting security"The study only looked at mobile apps and app developersLess than half (of their study) test the mobile apps they buildAbout 33%never test their appshttp://www.eweek.com/developer/ibm-study-shows-mobile-app-developers-neglecting-security.htmlIllinois Bill SB1833 expands the definition of PII to include almost everythingRequires notification in the event of a breach of...Online browsing history, online search history, or purchasing historyIs this absurd, or just protecting our privacy?http://www.eweek.com/developer/ibm-study-shows-mobile-app-developers-neglecting-security.htmlThe DOJ has jumped in and issued some sound fundamental breach guidance!4 sections: what to do before, during and after a breach plus what NOT...
DtSR Episode 140 - Ethics of Hacking Live from AtlSecCon 2015
In this episode...What about public safety, where do we draw the line on open research?Self-regulation? Disclosure? What are our optionsWhat makes a researcher? We discussChilling security researchA quick dive into bug bounty programs; do they help?Ethics vs. moral compass we discussHacker movies, and what theyre doing for our professionGuestsKeren Elezari ( @K3r3n3 ) -brings years of experience in the international cyber security industry to the stage. Since 2000, Keren has worked with leading Israeli security firms, government organizations, Global Big 4 and Fortune 500 companies.Keren holds a CISSP security certification, a BA in History and Philosophy of Science and is...
DtSR Episode 139 - NewsCast for April 20th, 2015
In this episode...Friend and security researcher Chris Roberts steps into it...A poorly-conceived tweet, followed by mass hysteriaMost everyone talking about this is missing the point entirelyOf course, the EFF jumps in to keep from "chilling research" (roll eyes)http://www.usatoday.com/story/tech/2015/04/19/chris-roberts-one-world-labs-united-rsa-computer-security-tweets/26036397/The EFF take:https://www.eff.org/deeplinks/2015/04/united-airlines-stops-researcher-who-tweeted-about-airplane-network-securityCorporate threat intelligence teams opting to go anonymous?New company, making intelligence sharing work, anonymously?Many questions on whether anonymity is workable in the intelligence spacehttps://www.eff.org/deeplinks/2015/04/united-airlines-stops-researcher-who-tweeted-about-airplane-network-securityTarget settles with Mastercard for $19M USDMastercard trying to settle this out, as alternative payout option for victims (this time the issuers, not card holders)http://www.theregister.co.uk/2015/04/16/target_settles_with_mastercard_for_us19_million/The looming security threatno one is talking aboutWe're talking about it!Windows 2003 is going...
DtSR Episode 138 - Useful Knowledge on Intelligence
In this episode...Where do you even start with threat intelligence?Ryan talks about context, and why its *the* most important thing when it comes to threat intelHow does a SME make use of a luxury item like threat intelligence?Michael asks what are 1-2 things you can do *immediately* as an SME?What are the basics, beyond the basics of security? Where do you make your first investment?Getting your own house in order is harder than it sounds, so what then?Michael drops some #RiskCatnipMichael breaks down the feedback loop and his basic questions to ask/answerDown the rabbit hole of shiny boxes, standards, and...
DtSR Episode 137 - NewsCast for April 6th, 2015
In this episode...TrueCrypt security audit results are good news, right?Why are some of the most depended-uponhttp://arstechnica.com/security/2015/04/truecrypt-security-audit-is-good-news-so-why-all-the-glum-faces/At Aetna, CyberSecurity is a matter of business riskJim Routh talks about how he runs a security programSecurityis a matter ofbusiness risk, if not you're doing it wronghttp://blogs.wsj.com/cio/2015/03/30/cybersecurity-at-aetna-is-a-matter-of-business-risk/Why aren't you vulnerability scanning more often?Wrong question.Simple answer -- because scanning doesn't matter if you can'tfix the issues you findExample of how security misses the pointhttp://www.csoonline.com/article/2901472/vulnerabilities/why-aren-t-you-vulnerability-scanning-more-often.htmlSecurityScorecard - a new startup that is exposing 3rd party risks to you -- or is it?Interesting business modelHow legitimate is this, and what are the risks?http://www.businessinsider.com/securityscorecard-raises-125-million-led-by-sequoia-2015-3Does removing Windows administrator permission reallymitigate...
DtSR Episode 136 - Crypto and Privacy with Jon Callas
In this episode...Jon Callas gives a little of his background and his current roleWe talk through why cryptography is so hard, and so broken todayJon overviews compatibility, audit and making cryptography usefulJon brings up open source, security, and why "open is more secure" is bunkWe talk through "barn builders" vs. "barn kickers" and why security isn't improvingWe talk through how to do privacy, active vs. passive surveillanceWe talk through anonymous VPN providers, anonymization services, and how they're legally boundJon talks about appropriate threat modeling and knowing what we're protectingWe talk through patching -- how to do patching for Joe Average...
DtSR Episode 135 - NewsCast for March 23rd, 2015
Remember folks, as you listen reach out to us on Twitter and hit the hashtag #DtSR to continue the conversation, and speak your mind! Let's hear what your take is on the stories we discuss...maybe you have a unique angle we've not considered?In this episode--Target settled class-action lawsuit over its data breach - for $10M USDWho wins? Lawyers, clearly the lawyersBurden of proof on the victims to show they've suffered a loss to get up to $10,000.00.If you can't prove loss, you can still try to get part of settlement of what's left-overhttp://www.usatoday.com/story/money/2015/03/19/target-breach-settlement-details/25012949/Federal judge dismisses suit against Paytime -- "simply...
DtSR Episode 134 - Fundamental Security
In this episode...Michael C and the team talk bout "going back to basics" and the need for security fundamentalsMichael C talks a little about why we (security professionals) fail at fixing problems at scaleWe dive into the need for automation, and Michael C talks about why creating more work for security professionals is a bad thingMichael C and the crew talk through why many of our metrics fail, highlighting the need to get away from the typical dashboard approach of "bigger numbers is better"We discuss the balance between false positives and false negatives -- a super critical topicRafal brings up...
DtSR Episode 133 - NewsCast for March 9th, 2015
In this episode--Law firm hit and crippled by ransomware, decides it's not paying the ransom.They aren't quite sure what got encryptedBut they have backups.....and data was likely not exfiltratedhttp://news.softpedia.com/news/Ransomware-Hits-Law-Firm-Encrypts-Workstation-and-Server-474788.shtmlMajor law firms for ISAC to fight off adversaries, share intelligenceCatching up to the threat they're facingLaw firms are major targets, given the data they have ("secrets!")Downside: exclusive to a handful of major firmshttp://thehill.com/policy/cybersecurity/234722-law-firms-to-share-info-about-cyber-threatsBig kerfuffle about Anthem's refusal of a 3rd party audieThey were under no legal obligation...Who out there would submit to a 3rd party audit/test?Sounds like publish shaming, big headline, little storyhttp://www.healthcareinfosecurity.com/anthem-refuses-full-security-audit-a-7980Apple Pay being attacked, sort ofWhen technology becomes 'good...
DtSR Episode 132 - Good Guys, Bad Guys, and Reality
In this episode...We learn the origins of "RSnake" as told by Rob himselfRob gives us a peek into the dark side, from his contacts and experiencesWe discuss the black-hat economy as it's verticalized, specialized, and maturedRob discusses the balancing act of the good vs. bad and why the situation is as bad as it needs to beWe discuss some of the things businesses and defendersreally need to worry aboutRob gives us his view of the inevitability of security from SMB to enterprise -- and why things are so good, or bad, or just rightWe discuss the different ways security is...
DtSR Episode 131 - NewsCast for February 23rd, 2015
In this episode--Would you be OK with your credit card company tracking you, to decrease fraud rates? Visa wants to track your smartphone.http://triblive.com/business/headlines/7774328-74/visa-card-fraudYour stolen healthcare data is increasingly being sold on the black markethttp://www.ihealthbeat.org/articles/2015/2/19/security-experts-health-data-increasingly-being-sold-on-black-marketLenovo has shipped software that performs a man-in-the-middle (MITM) attack againstall SSLconnections on some of its consumer laptops. This is really, really, really bad, but Lenovo doesn't seem to get it.http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/http://blog.erratasec.com/2015/02/extracting-superfish-certificate.htmlThe web browser is totally broken, and a haven for malware. Long live the web browser?http://securityintelligence.com/broken-web-browsers-malwares-new-address/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page:...
DtSR Episode 130 - Where Law and Cyber Collide
In this episodeTraveler's Insurance files suit against a web developmeent company for failing to provide adequate security, resulting in a breach of one of its customershttp://www.law360.com/articles/614158/travelers-blames-web-designer-in-bank-website-data-breachWe discuss whether security standards are now "implied"?Does Traveler's have any standing to sue? (Shawn thinks not)FTC goes after LabMD for a data breachhttp://healthitsecurity.com/2015/01/23/ftc-healthcare-data-breach-case-v-labmd-continues/Is the FTC over-reaching?We discuss this statement from the FTC website: "[LabMD failed to] ..reasonably protect the security of consumers personal data, including medical information"Social media company TopFacepays a ransomto hackershttp://www.forbes.com/sites/davelewis/2015/01/31/topface-facepalms-as-it-surrenders-to-data-breach-hacker-blackmail/Face + Palm.We lament why this absolutely terrible decision may have far-reaching repercussionsGuestShawn Tuma ( @ShawnETuma) - In addition to being a...
DtSR Episode 129 - NewsCast for February 9th, 2015
Topics coveredMassive breach at American Health Insurer Anthem - from the "haven't we done this once before?" department as Queen - Another One Bites the Dust plays in the backgroundhttps://gigaom.com/2015/02/05/oops-another-big-data-breach-this-time-at-anthem/http://money.cnn.com/2015/02/05/investing/anthem-hack-stocks/index.html?sr=twmoney020615anthemwallst0600story(Obligatory OMG China! hype link)http://krebsonsecurity.com/2015/02/china-to-blame-in-anthem-hack/Hackers target brokers, financial advisors -- SEC "does something"http://thehill.com/policy/cybersecurity/231649-hackers-targeting-brokerages-and-financial-advisersSEC weighs cybersecurity disclosure rules (why SEC?) -http://thehill.com/policy/cybersecurity/229431-sec-weighs-cybersecurity-disclosure-rulesA promising new technology which detects hacks in - milliseconds? -but what's the use-case?http://www.bloomberg.com/news/articles/2015-02-03/new-technology-detects-hacks-in-millisecondsGoogle launches vulnerability research grants program - because bug bounties just aren't enoughhttp://www.scmagazine.com/google-launches-vulnerability-research-grants-program/article/395694/Sony Pictures Entertainment (the company that was so thoroughly hacked) CEO Amy Pascal is out! But is this proof of anything, for security? Ask Michael...http://www.csoonline.com/article/2880600/security-leadership/the-conversation-security-leaders-need-to-have-about-amy-pascal-s-departure.htmlHave something to...
DtSR MicroCast 07 - Taking Security Seriously
This is the 7th installment (call it a rebirth) of the MicroCast. Short and to the point, Michael and James talk about the phrase breached companies use - "We take your security seriously...".. join the conversation at #DtSR on Twitter!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 128 - When Breach, Buy the Dip
Fans -If you haven't booked your ticket for InfoSec World 2015 in sunny Orlando, FL check this out. Register using our code CLD15/RABBIT for 15% off.If you want a chance to go for FREE, listen to Episode 127 for your chance!In this episode...John gives us a little lesson on markets, and why they move up/down, commentary for the information security professionalJohn discusses what #BTFD meansJohn uses the Target example of why security professionals, marketers, and much of the mediagot it completely wrongJohn educates us on insurance, compliance and liabilityMy head explodes...GuestJohn Foster ( @dearestleader) -Mr. Foster has 19 years of...
DtSR Episode 127 - NewsCast for January 26th, 2015
** There is a special gift for our listeners in this episode, from our friends at InfoSec World 2015! Listen to find out how you cango for free.We have a promo code!CLD15/RABBIT 15% off for Down the Rabbit Hole listenersTopics CoveredGoogle picks up really big rocks, but lives in a glass house. As Google drops zero-day on Apple and Microsoft they respond with a lame excuse as to why they aren't patching a vulnerability that puts north of 60% of all Android usersat risk.http://m.v3.co.uk/v3-uk/news/2389839/google-puts-60-percent-of-android-users-at-risk-with-webview-security-changeshttp://www.extremetech.com/mobile/197346-google-throws-nearly-a-billion-android-users-under-the-bus-refuses-to-patch-os-vulnerabilityhttp://www.eweek.com/security/google-project-zero-continues-its-microsoft-zero-day-assault.htmlhttp://www.zdnet.com/article/googles-project-zero-reveals-three-apple-os-x-zero-day-vulnerabilities/Marriott reverses its decision to block guests' personal WiFi devices at their propertieshttp://threatpost.com/marriott-agrees-to-stop-blocking-guest-wifi-devices/110441LabMD's request to have an...
DtSR Episode 126 - The Defense Always Loses
In this episode...The blog post that started it all -http://blog.norsecorp.com/2014/11/10/the-new-reality-in-security-offense-always-wins-and-defense-always-loses/Vince, tells us what he means by "Offense always wins, defense always loses"We disagree over this snip from his blog post: "To win in cyber security, defense must be right 100% of the time, while offense only has to be right once. We must wake up to the reality that defense is an impossible task; no matter what actions we take, we will lose."We discuss how we get away from being Eeyore defeatists?Vince give us security strategies he is advocating knowing that defense is better equipped, and better fundedWe briefly mention...
DtSR Episode 125 - NewsCast for January 12th, 2015
Welcome to a new year of the Down the Security Rabbithole Podcast! We are kicking off this year with a guest on this morning's program, Phil Beyerjoined us to talk about the last few weeks that have been a wild, wild ride in the security indsutry!Thanks for your support so far, and we promise a fantastic 2015 to come.Topics CoveredSony. Sony. Sony. It's all anyone can talk about! They got hacked. They released a movie. They apparently aren't in dire straits. Fascinating.http://www.cbc.ca/m/news/world/sony-pictures-ceo-michael-lynton-says-hackers-burned-down-the-house-1.2894997http://en.wikipedia.org/wiki/Sony_Pictures_Entertainment_hackhttp://www.washingtonpost.com/world/national-security/fbi-director-offers-new-evidence-to-back-claim-north-korea-hacked-sony/2015/01/07/ce667980-969a-11e4-8005-1924ede3e54a_story.htmlMeanwhile, an iron plant in Germany was attacked (via cyber) and caused some very serious, and real, damagehttp://blogs.wsj.com/cio/2014/12/18/cyberattack-on-german-iron-plant-causes-widespread-damage-report/Microsoft abruptly...
DtSR Episode 124 - PCI DSS and Security (Yes, Really)
Hi everyone! Welcome to the very first episode of the Down the Security Rabbithole Podcast for 2015! On this opening episode, Jeff Man joins us to talk truth to power on PCI-DSS and shatters myths for us.In this episodeJeff tackles some common misunderstandings about PCIThe crew discusses PCI whats right about it and whats wrong about itJeff tells us why he believes if youre secure youre compliant, but if youre compliant youre probably not secureThe $64M question- Isnt EMV, P2PE, and tokenization going to spell the end of PCI?Jeff tells us what to look forward to with PCI DSS v3.0GuestJeff...
DtSR FeatureCast - 2014 Year in Review
Hey everyone! We're almost done with 2014 and another new year is right around the corner. We thought this was the perfect time to sit back, relax a little and reflect on the year that was...and boy was it ever!Jack Daniel& Allison Millerjoin Michael, James and I on the podcast to talk it all out, share a few chuckles and try to make sense of it all!Thanks for listening everyone, it's been an epic year and we look forward to more awesome things in 2015!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to...
DtSR FeatureCast - US vs. Salinas ft. Shawn Tuma
In this episodeAttorney and CFAA expert Shawn Tuma joins us to talk about the US vs. Salinas case where Mr. Salinas was threatened with 440 years in jail, and now plead down to a misdemeanor. Prosecutorial discretion, or attorneys-gone-wild?Link:http://www.wired.com/2014/11/from-440-years-to-misdemeanor/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 123 - NewsCast for December 15th, 2014
Topics coveredThe unfolding case of the Sony Pictures Entertainment breachhttp://blog.wh1t3rabbit.net/2014/12/when-press-aids-enemy.htmlhttp://www.thedailybeast.com/articles/2014/12/12/shocking-new-reveals-from-sony-hack-j-law-pitt-clooney-and-comparing-fincher-to-hitler.htmlhttp://www.csoonline.com/article/2857455/business-continuity/fbi-says-theres-nothing-linking-north-korea-to-sony-hack.htmlhttp://www.csoonline.com/article/2854672/business-continuity/the-breach-at-sony-pictures-is-no-longer-just-an-it-issue.htmlThe phishing scam that succeeded at hitting a big chunk of Wall Street - it probably would have fooled you too. Here's what we've learnedhttp://arstechnica.com/security/2014/12/phishing-scam-that-penetrated-wall-street-just-might-work-against-you-too/Iranian hackers hit Las Vegas behemoth with a sophisticated attacked ... wait it was a Visual Basic base?!http://arstechnica.com/security/2014/12/iranian-hackers-used-visual-basic-malware-to-wipe-vegas-casinos-network/Judge refuses to dismiss case against Target, brought on by banks who are the ones who take the brunt of the losses-http://arstechnica.com/tech-policy/2014/12/judge-rules-that-banks-can-sue-target-for-2013-credit-card-hack/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtSR Episode 122 - Enterprise Architecture's Role in Security
In this episodeMichelle explains to us what Enterprise Architecture is, and what it isn'tMichelle gives her take on how both security and enterprise architecture both support each otherWe discuss the roll of standards, standards, standards - and why you can't have security without itWe talk about GRCWe talk through roles & responsibilities definition between security, architecture, and the rest of IT"Application Portfolio Rationalization" --the most impossible project. Ever.Michelle schools us on data, high-value assets, meta-data and the really hard topics for securityMichelle gives us a series of examples of "HOW" we can find high-value assets, and start security thereMichelle addresses...
DtSR Episode 121 - NewsCast for December 1st, 2014
Topics coveredSony Pictures is having a very, very bad couple of days - and it could keep getting worse.http://www.theverge.com/2014/11/24/7277451/sony-pictures-paralyzed-by-massive-security-compromisehttp://www.csoonline.com/article/2852982/data-breach/sales-contracts-and-other-data-published-by-sonys-attackers.htmlA newly discovered (but old) comment bug in Wordpress affects ~86% of sites. The story isn't what you think it is-http://www.consumeraffairs.com/news/newly-discovered-comment-security-bug-affects-86-of-wordpress-blogs-112414.htmlThe Australian government is blaming a data breach from February on ... "awareness"? Michael disagrees (and he's right).http://www.esecurityplanet.com/network-security/australian-government-data-breach-linked-to-poor-security-training.htmlThe public release of the research onRegin malware has it pegged as the most advanced thing since the computer - so what?http://money.cnn.com/2014/11/23/technology/security/regin-malware-symantec/index.html?hpt=hp_t2https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/Symantec whitepaper:http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdfThe Justice Department is using a 225 year oldlaw to tackle a modern problem of encrypted cell phones through the manufacturer.http://blogs.wsj.com/digits/2014/11/25/case-suggests-how-government-may-get-around-phone-encryption/The court system...works?...
DtSR Episode 120 - Hacking the Human (again)
In this episodeWe revisit the 'human' side of hackingChris tells us all about the Defcon CTF his team has hostedWe discuss the role human nature plays in social engineering, or "Why the bad guys always win"Chris gives us his tips for making it harder for social engineersMichael and Chris talk metrics and measuring "getting better"GuestChris Hadnagy (@HumanHacker ) - Chris Hadnagy (author of Social-Engineering: The Art of Human Hacking and Unmasking the Social Engineer: The Human Element of Security) is a speaker, teacher, pentester, and recognized expert in the field of social engineering and security.Chris Hadnagy is the President and...
DtR Episode 119 - NewsCast for November 17th, 2014
Note:The hashtag for the show on Twitter has changed, please connect withus using#DtSRgoing forward. Thanks!Topics coveredUpdate: Home Depot breach (Hint: apparently it was a 3rd party entry point)Story:http://www.computerworld.com/article/2844491/home-depot-attackers-broke-in-using-a-vendors-stolen-credentials.htmlApparently as a reaction, all execs are being switched to iDevices (blame Windows? and why only execs?) -http://www.imore.com/home-depot-switches-execs-iphones-macbooks-it-blames-windows-massive-breachAlso, they lost ~53 Million email addresses too -http://online.wsj.com/articles/home-depot-hackers-used-password-stolen-from-vendor-1415309282American Express is pushing tokenization to their payment ecosystem, this is big news but leaves a lot more questions and concerns than answers (for example- what about chip & pin (sign)? )-Story:http://threatpost.com/american-express-brings-tokenization-to-payment-cards/109137Check out the standard itself:http://www.emvco.com/download_agreement.aspx?id=945Flaw found (in a lab) in the VISA EMV protocol, but is it...
In this episodeAdam and Dmitri discuss what is (and what isn't) threat intelligenceWe discuss strategic, tactical and operational security intelligenceWho is using threat intelligence, and how?Adam talks about the success factors, key points, and trendsMichael asks how an organization can know whether they're READY for a threat intelligence programAdam explains the term "finished intelligence"Adam describes tactical intelligence, while Dmitri gives his take on strategic intelligenceWe discuss the merits of education and awareness - firstHow important is attribution, really?3 critical things an enterprise *must be doing* before jumping into threat intelligence as a programGuestsAdam Meyers ( @adamcyber) -Adam Meyers has over...
DtR FeatureCast - Norse Corp DDoS - Nov 7 2014
In this episodeJeff explains a little bit about who Norse is, and why they were potentially targeted with a DDoSWe discuss what a DDoS is, how it becomes effective, and what methods/tools attackers use (in this case SNMP v2 reflection)We talk about threat intelligence (reputational intelligence) and how companies and intelligence platforms can leverage this data to decrease risks activelyGuestJeff Harrell (@jeffharrell ) - Jeff Harrell is the Vice President of Product Marketing at Norse, the leader in live attack intelligence. Jeff has over 15 years of experience in the IT Security industry leading product management and product marketing teams...
DtR Episode 117 - NewsCast for November 3, 2014
Topics coveredBanks urging shoppers not to avoid breached retailers - Companies that get breached impact card holders minimally, at least as far as we can tell, right?http://www.kcentv.com/story/26887771/local-bank-leaders-no-need-to-avoid-hacked-retailers-during-holidaysFederal officials (FBI, US SS) are making a big push to be your source for cyber-security help - Interesting that this comes up at a time when everyone is fighting back against government meddling/surveillencehttp://www.usatoday.com/story/news/politics/2014/10/20/secret-service-fbi-hack-cybersecuurity/17615029/The FCC flexes its muscle in a pair of fines totalling a paltry $10m for egregious security violations - Of course, the people who have had their privacy and security violated see none of this big-telco pocket-change...http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/24/with-a-10-million-fine-the-fcc-is-leaping-into-data-security-for-the-first-time/Congress doesn't crant FBI ability...
DtR Episode 116 - Lines in the Sand on Security Research
In this episodeChris attempts to explain the consternation with 'security research' right nowKevin gives his perspective and why he doesn't quite understand why people don't see they're "breakin' the law"Shawn discusses what parts of the CFAA he would like to see reformedJames drops the question - "What is a security researcher?" ..and rants a littleKevin talks about why the security industry needs to self-regulate w/exampleChris and Kevin debate intent, and "stepping over the line"Chris brings up the issue of bug intake at a large companySpirited discussion about intent, regulation, actions and separating emotion from factsGuestsChris John Riley - ( @ChrisJohnRiley...
DtR Episode 115 - NewsCast for October 20th, 2014
Topics coveredThe FBI paid a visit to the "researcher" who revealed (and tinkered with) the hacked Yahoo! servers - we discuss the various aspects of this case, which we've been going round and round on latelyhttp://www.wired.com/2014/10/shellshockresearcher/US Cyber Security Czar Michael Daniel wants us passwords gone, replaced by .... "selfies"; We wish we were making this one up or the link was to an Onion article, but sometimes the jokes write themselves in a sad, sad wayhttp://www.theregister.co.uk/2014/10/15/forget_passwords_lets_use_selfies_says_obamas_cyber_tsar/Pres. Obama has issued an executive order that allgovernment payment cards now must be "chip & pin"; once again underscoring that "just do something" may...
DtR Episode 114 - Threat and Vulnerability Management
In this episodeRon gives us a brief history of Tenable and TVM for the enterpriseRon answers "How do you make network security obtainable and defendable?"We discuss TVM as a fundamental principle to many other security program itemsRon tells us what the modern definition of "policy" isWe discuss some hurdles and challenges of TVM programs in an enterpriseWe note that security scanning can always break stuff - so how do you get around that?Ron tells us why TVM is so much more than scanningMichael asks "Why are so many companies stuck in a Prince song (1999)?"We attempt to tackle - compliance,...
DtR Episode 113 - NewsCast for October 6th, 2014
Topics coveredThe petition on WhiteHouse.gov titled "Unlock public access to research on software safety through DMCA and CFAA reform" and ...well we talk about it with an attorney and some necessary skepticismhttps://petitions.whitehouse.gov/petition/unlock-public-access-research-software-safety-through-dmca-and-cfaa-reform/DHzwhzLDMy take:http://blog.wh1t3rabbit.net/2014/10/to-reform-and-institutionalize-research.htmlA Marriott property in Nashville (Gaylord Opryland) will pay $600,000 in an FCC settlementfor jamming/blocking guests' personal WiFi hotspotshttp://www.fcc.gov/document/marriott-pay-600k-resolve-wifi-blocking-investigationA Pakistani man has been indicted in Virginia for selling "StealthGenie", an app designed specifically as spywarehttp://www.justice.gov/opa/pr/pakistani-man-indicted-selling-stealthgenie-spyware-appThe code for the badUSB attack was published and released at DerbyCon - we discuss implicationshttp://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/Cedars-Sinai Medical Center loss of data is much worse than they thought, but it's actually worse than that -...
DtR FeatureCast - CFAA, Shellshock and Security Research - October 2nd 2014
Thank you to Shawn Tuma - an attorney specializing in CFAA and a good friend of our show - for stopping by and lending his expertise on this episode. If you enjoy Shawn's insights, consider following him on Twitter ( @ShawnETuma ) or just saying hello!In this episodeWe discuss the CFAA in regards to Robert Graham's brilliantly written blog post on the topic - http://blog.erratasec.com/2014/09/do-shellshock-scans-violate-cfaa.htmlShawn gives some key insights on the CFAA including historical contextMichael asks some tough questions on the discretion and applicability of CFAA prosecutionJames goes on a rant about "security researchers" (it's a gem)I'm pretty sure Shawn...
DtR Episode 112 - DREAMR Framework
In this episodeDREAMR: What is it, and why is it so important to Enterprise Security today?Examples of aligning business and security requirements and winning hearts & mindsHow does a security organization get around "see I told you so!" securityAn example of how to make the framework work for youWe discuss the importance of listening, then listening, then listening some moreJessica and Ben explain "accomodating" the businessJessica and Ben give us "One critical piece of advice"GuestsJessica Hebenstreit ( @secitup) -Jessica Hebenstreit has been a member of the Information Security community for over a decade. Having worked on both the technical and...
DtR Episode 111 - NewsCast for September 22nd, 2014
Topics coveredHacker flees US for non-extradition country - why?http://blog.erratasec.com/2014/09/hacker-weev-has-left-united-states.htmlhttp://www.newrepublic.com/article/117477/andrew-weev-auernheimers-tro-llc-could-send-him-back-prisonClass-action lawsuit againt Onity lock company ("easily hackable hotel lock") rejectd by judgehttps://www.techdirt.com/articles/20140903/14134528408/onity-wins-hotels-that-bought-their-easily-hacked-door-lock-cant-sue-according-to-court.shtmlhttp://www.extremetech.com/computing/133448-black-hat-hacker-gains-access-to-4-million-hotel-rooms-with-arduino-microcontrollerhttp://www.forbes.com/sites/andygreenberg/2012/12/06/lock-firm-onity-starts-to-shell-out-for-security-fixes-to-hotels-hackable-locks/Home Depot - the dirt start to flyhttp://arstechnica.com/security/2014/09/home-depot-ignored-security-warnings-for-years-employees-say/https://privacyassociation.org/news/a/following-breach-report-shows-home-depot-has-105-million-in-coverage/https://privacyassociation.org/news/a/2013-05-01-supreme-court-wiretap-ruling-upholds-stringent-standing-to-sue/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtR Episode 110 - Red Dragon Rising
In this episodeSeparating the hype from reality of the Chinese hacking threatThe escalation of economic tensions between US & China, over hackingWhat is the advice for the enterprise regarding state-sponsored attacks?The challenge with the uni-directional intelligence flow for government/enterpriseThe challenge with nation-state hacking of critical infrastructureThe worst-case scenario (quietly happening?)Directly addressing the various APT reports (specifically APT1)Does a cyber attack warrant a kinetic response?Attribution is hard. Is it more than black-magic, and is anyone doing it right?The great disconnect between the keyboard jockey and real-life consequencesGuestBill Hagestad II ( @RedDragon1949) -Internationally recognized cyber-intelligence & counter-intelligence professional. Technical, cultural, historical and...
DtR Episode 109 - NewsCast for September 8th, 2014
Topics coveredApple has been making news, issuing guidance, and refuting a hack - all around iCloudhttp://www.padgadget.com/2014/09/03/apple-warns-developers-not-to-store-health-data-in-icloud/http://www.padgadget.com/2014/09/03/apple-says-celebrity-photo-leak-was-not-due-to-icloud-breach/http://www.cio-today.com/article/index.php?story_id=94027HealthCare.gov was hacked, but no worries it was only a test server and no 'data was taken/viewed'. Does this sound like something you've faced in the enterprise ... hmmmm?If only there was someone warning them about the insecurity of that site! h/t toDave Kennedy for standing up and taking political heat.http://www.nationalreview.com/article/387182/healthcaregov-hack-reminiscent-earlier-vermont-exchange-attack-jillian-kay-melchiorhttp://www.computerworld.com/article/2603929/healthcare-gov-hacked-if-only-someone-had-warned-it-was-hackable-oh-wait.htmlHome Depot apparently has suffered a massive breach, much like Target. Interesting? Or ho-hum? (did you Buy The Dip? h/t@DearestLeader )http://seekingalpha.com/article/2478055-home-depot-potential-data-breach-may-have-presented-a-good-opportunity-to-buy-the-stockhttp://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/http://www.csoonline.com/article/2601082/security-leadership/are-you-prepared-to-handle-the-rising-tide-of-ransomware.htmlNorway's Oil & Gas industry is now the target of hackers, seeking to get intelligence...
DtR Episode 108 - Security in State Government
In this episodeWe discuss the largest challenges in the state government sectorBrian discusses balancing the need for openness versus security/secrecyPhil talks about the challenge of balancing policy with agency needs in state governmentMichael asks how state-level security justifies and prioritizes security requirementsRaf asks how policy is created that can be both effective, and broadThe group talks about metrics, policy implementation, and showing value to protecting citizensThe guys answer "What's the best piece of advice you've gotten in your career?GuestsPhilip Beyer (@pjbeyer ) - Philip is a security professional with more than 12 years progressive experience. Currently leading information security for...
DtR Episode 107 - NewsCast for August 25, 2014
Topics coveredCommunity health systems and UPS Stores breached - an analysis and contrast of the two breaches, the data, and the common messagehttp://regmedia.co.uk/2014/08/18/community_health_systems_8k.pdfhttp://blogs.wsj.com/cio/2014/08/20/the-morning-download-community-health-systems-breach-stirs-up-heartbleed-fears/http://time.com/3151681/ups-hack/The case of the pre-mature declaration of BYOD death, via an over-hyped court case?http://www.cio.com/article/2466010/byod/court-ruling-could-bring-down-byod.html"Shadow clouds" (cloud services consumed by enterprises, not approved by security) are on the rise. No one on the show is shocked, and you aren't either.http://www.computerworld.com/s/article/9250606/Shadow_cloud_services_pose_a_growing_risk_to_enterprisesFaceBook gives the $50,000.00 away for the "Internet Defense Prize" joining Microsoft in trying to make being defensive-minded (and actually solving some security problems, rather than continuing to point them out) sexyhttp://threatpost.com/new-facebook-internet-defense-prize-pays-out-50000-awardHave something to say? Let's hear it.Support the show>>>...
DtR Episode 106 - My Compliance is Better Than Your Security
In this episodeJason tells us why he isn't hating on complianceJason talks about how security people are often the source of the issuesJason gives us his perspective on compliance-driven securityJason correlates compliance to quality assurance in securityWe talk about security's unbroken streak of failing at the basicsWe lament poor metrics, why we suck at them, and what comes nextWe discuss how you can tell whether an investment in security 'is working'We discuss the need for repetitive and consistent securityJaason gives us his three things that he wants to leave you withGuestJason Oliver ( @jasonmoliver) -Jason M Oliver, CISSP, CRISC is...
DtR Episode 105 - NewsCast for August 11, 2014
Topics coveredSurvey shows CISOs still struggle for respect (from business peers)http://www.cio.com/article/2460165/security/cisos-still-struggle-for-respect-from-peers.htmlHold Security uncovers 1.2billion password heist on Russian hacker sites (but something smells funny) - draw your own conclusions folks... I'd love to hear 'emhttp://www.theverge.com/2014/8/6/5973729/the-problem-with-the-new-york-times-biggest-hack-everhttp://www.youarenotpayingattention.com/2014/08/08/the-lie-behind-1-2-billion-stolen-passwords/https://identity.holdsecurity.com/Submit/http://krebsonsecurity.com/2014/08/qa-on-the-reported-theft-of-1-2b-email-accounts/Yet another Android core software blunder, called "Fake ID", essentially gives "highly privileged malware" a free ride.http://arstechnica.com/security/2014/07/android-crypto-blunder-exposes-users-to-highly-privileged-malware/HP study says 70% of "Internet-of-Things" (IoT) vulnerable. There's a shock, we're carrying around legacy baggage? Perish the thought.http://h30499.www3.hp.com/t5/Fortify-Application-Security/HP-Study-Reveals-70-Percent-of-Internet-of-Things-Devices/ba-p/6556284Civilian sector is better than the military at Cyber-War exercise. *rollseyes*http://www.navytimes.com/article/20140804/NEWS04/308040019/In-supersecret-cyberwar-game-civilian-sector-techies-pummel-active-duty-cyberwarriors?sf29369064=1Target booking $148M due to data breachhttp://fortune.com/2014/08/05/target-data-breach-profit/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to...
DtR Episode 104 - JW Goerlich - Security Leaders Series
In this episodeWho is J.W. Goerlich (redux from episode -How did he get to where he is now?How does the security executive deal with the "moving finish line"?JW discusses how 'security' people can break down barriers between "us" and "them"We discuss why we still fail at the basics, and what all this means...JWG tries to talk about his favorite controls frameworkWe discuss what difference it makes where the CISO reports in the enterpriseWhat will the CISO be, or need to do, in ~3-5 years?We discuss hiring into InfoSec - from outside, or within ... and why?JW gives us the one...
DtR Episode 103 - NewsCast for July 28th, 2014
Topics coveredCertificate pinning back in the spotlight with the GMail iOS app having some difficulties, but there is a bigger issue here. We discuss.http://securityaffairs.co/wordpress/26577/hacking/gmail-app-flaw-mitm.htmlNearly 3 years later, the NASDAQ hack attributed to FSB/Russian 'state sponsored' hackers, via 2 "zero day malware'. Highlighting need for attribution, common language, and other issues in security.http://www.infosecurity-magazine.com/view/39397/nasdaq-hackers-used-two-zero-days-but-motives-a-mystery/Cyber insurance - is this a forcing function to improve overall security, or yet another carpet to sweet security problems under?http://www.reuters.com/article/2014/07/14/us-insurance-cybersecurity-idUSKBN0FJ0B820140714A judget has just ruled that your "GMail account" has the same legal (or lack thereof) protections as a hard drive you own. Dangerous precedent, or nothing new?http://nakedsecurity.sophos.com/2014/07/22/your-gmail-account-is-fair-game-for-cops-or-feds-says-us-judge/also relevant...
DtR Episode 102 - Security Leaders Series - Jim Tiller
In this episodeJim Tiller - a few things you probably didn't know?In the last 15 years, what has changed, and what hasn't?Why isn't security moving forward?"Complexity is the camouflage for bad guys" -JimChasing the moving line of 'security'"Fixing the airplane as it flies"How do enterprise security organizations push away from playing 'prevent' permanently?Fundamentals, fundamentals, fundamentals ... you're still failingWhat things are CISOs doing that they're NOT right now?Where will security be, as a discipline, in 10 year?GuestJim Tiller ( @Real_Security) -Jim has been in the security industry since the very early 90s and has continued his mission in working with...
DtR Episode 101 - NewsCast for July 14th, 2014
Topics coveredFlorida Information Protection Acf of 2014 is in the books, and it brings "sweeping changes" to the data breach disclosure process in Florida. Good thing or bad? You decidehttp://www.scmagazine.com/fla-passes-sweeping-data-breach-notification-bill/article/357858/http://www.flsenate.gov/Session/Bill/2014/1526/?Tab=RelatedBillshttp://www.flsenate.gov/Session/Bill/2014/1524The DoJ has nabbed a 'prolific hacker'... a Russian national. Russia calls it kidnapping. Tensions flare. Again.http://mashable.com/2014/07/08/russian-man-hacking-retailers/Chinese man charged with industrial espionagehttp://arstechnica.com/tech-policy/2014/07/chinese-businessman-charged-with-hacking-boeing-and-lockheed/US Banks are calling for a "Cyber War Council" (so much wrong here, it's incredible...)http://www.businessweek.com/news/2014-07-08/banks-dreading-computer-hacks-call-for-cyber-war-council#p2The ultra-ultra-legacy code problem and why we're not getting security any higher up the ladder any time soonhttp://www.businessweek.com/articles/2014-06-25/the-talent-that-keeps-your-50-year-old-software-running-is-retiring-dot-now-whatPayroll processing company Paytime was hacked and breached. But in the midst of the rush to file law suits,...
DtR Episode 100 - Security Wisdom from Dan Geer
In this episodeWho is Dan Geer (just in case you live in a cave and don't know)Dan's definition of security - "The absence of unmitigatable surprise"What exactly is the pinnacle goal of security engineering?Responsibility, liability and when software fails as a result of security issuesIn a liability lawsuit - "What did you know, when did you know it?"The fraction of the population who could sign an "informed consent" is falling - so now what?Why ICANN is actually making all of this so much worseWhat do we do about "abandoned software"?Fixing security bugs in software is a tricky business...good, bad, worseAre...
DtR Episode 99 - NewsCast for June 30th, 2014
Topics coveredYour server may have a hardware flaw that exposes your baseband management interface to the world -http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/Airports are getting hacked, APT involved, state-sponsored attackers! -http://www.nextgov.com/cybersecurity/2014/06/nation-state-sponsored-attackers-hacked-two-airports-report-says/86812/PayPal flaw renders 2-factor auth on mobile useless, disabled temporarily while they work on fix -http://www.darkreading.com/mobile/paypal-two-factor-authentication-broken/d/d-id/1278840?FTC vs. Wyndham: another shoe drops, the FTC takes a hit while Wyndham scores a win -http://www.mediapost.com/publications/article/228730/judge-authorizes-wyndham-to-appeal-data-security-r.htmlDilbert says it best -http://dilbert.com/strips/comic/2014-05-19/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtR Episode 98 - Grr (Grr Rapid Response)
In this episodeWhat exactly is "GRR"?What sorts of things can GRR do?What is a hunt, and how does it scale across tens of thousands of machines?How does GRR "hide" from malware?How does GRR keep some of the great power it has from being abused?Automating and integrating GRR with external sources and toolsFeatures, functions, capabilities and some magic from GregThe future features, requests, and direction of GRRGuestGreg Castle-Greg has 10 years experience working in computer security. In his current role as Senior Security Engineer at Google, he is a developer and user of the open-source GRR live-forensics system. He also has...
DtR Episode 97 - NewsCast for June 16th, 2014
Note: I want to thank Will Gragidofor stopping by this morning to talk over the news with us. Always great to have someone with a fresh perspective, I hope you enjoy the show.Topics CoveredDon't like Google Glass (or similar devices) on your network? Kick them off -http://mashable.com/2014/06/04/glassholes-wifi-jamming/The FAA has issued an order for Boeing to 'protect the planes from computer hackers' ... but what is really going on here? -http://www.usatoday.com/story/news/nation/2014/06/06/faa-boeing-737/10066247/APT, APT, APT, APT ... evolved APT? -http://www.csoonline.com/article/2158775/security-leadership/why-you-need-to-embrace-the-evolution-of-apt.htmlAfter getting breached, PF Chang's goes "old school"; sounds legit, right? -http://krebsonsecurity.com/2014/06/p-f-changs-confirms-credit-card-breach/Why preparation is a good idea, even when it comes to 'cyber' -http://www.csoonline.com/article/2360748/security-leadership/using-a-cyber-war-exercise-to-improve-your-security-program.htmlFeed.ly...
DtR Episode 96 - A CIO Talks About CISOs
My apologies for some of the skips in this episode - we had some difficulty with the recording and ultimately I hope it doesn't take away from Joe's wonderful message.Thanks for your patience.In this episodeFrom CISO to CIO - making that leapDoes the CISO need to be technical? (answering that question, again)What types of things does a CIO need to know?Who should the CISO report to?Any chance the CISO reporting structure shifts around?A "Chief Data Officer"?Are there too many 'splintered' job titles in the security/risk role?Responsibility, accountability, and where the buck stopsWhat are 3 things security does right, and what...
DtR Episode 95 - NewsCast for June 2nd, 2014
Note: Today, Kim Halavakoskijoined us on the show to provide perspective all the way from Finland! We appreciate his international addition to the show, and hope the listeners enjoy the added brainpower.Topics coveredFacebook's next major update will turn your mobile device into an always-on listening tool for FaceBook. This is a good time to remind you thatyou are the product, not the customer -http://www.ibtimes.com/facebook-microphone-update-store-data-social-media-giant-confirms-new-feature-will-1588916In a blow to security professionals' ego everywhere, investors apparently aren't swayed by data breaches -http://www.businessweek.com/articles/2014-05-23/why-investors-just-dont-care-about-data-breachesThe US's indictment of 5 Chinese nationals for 'state sponsored industrial espionage' is apparently backfiring (or at least it is in the...
DtR Episode 94 - ICANN, Tor, and Internet Freedom
In this episodeJeff explains the background of the relationship between the US government, ICANN and IANAWhat is the ITU and why is this $0 contract handoff to the ITU such a big deal?What impact did Edward Snowden's actions have on the issue?The potential issues with DNS, cross-border censorship and DNSThe importance of Tor, Freenet and challenges of implementationDiscussing the evolution of services like Tor through "nation-state firewalls"Changing the image of anonymous servicesMaking Tor and similar services more user-friendly, and more prevalentGuest:Jeff Moss ( @TheDarkTangent) -Jeff, also known as The Dark Tangent, is an American hacker, computer security expert and internet...
DtR Episode 93 - NewsCast for May 19th, 2014
Announcements:I want to thank Circle City Con as a sponsor for the show! I haveone more ticket to give away ... so watch the #DtR hashtag on Twitter!Thanks to special guest Philip Beyerfor sitting in James' seat this morning...Topics discussed"US charges China with cyber-spying on American firms" (Hello, pot? this is the kettle...) -http://www.nbcnews.com/news/us-news/u-s-charges-china-cyber-spying-american-firms-n108706Should we be thinking about security beyond win/lose (aka "oh no, hackers are winning!") -http://www.csoonline.com/article/2156104/security-leadership/thinking-about-security-beyond-winning-and-losing.htmlRetail Industry Leaders Association (RILA) has launched their own ISAC-like entity called Retail Cyber Intelligence Sharing Center (R-CISC) -http://associationsnow.com/2014/05/retail-group-launches-sharing-tool-cyber-threats/A recent survey tells us that a whopping 43% of all identity theft in 2013...
DtR Episode 92 - Rapid Incident Response [Guests: Robin Jackson, Dan Moore]
In this episodeDan gives us the reality of living in what is commonly termed "the post-breach" worldDan and Robin talk through the explosion in the numbers of malware samplesWe discuss the different approaches to malware, crimeware, and the cross-over between themDan explains what "rapid incident response" really means and why it's essentialDan and Robin give us some excellent examples of incident preparedness fundamentalsDan gives us a lesson on implementing 'powerful tools' (and forgetting about them)We talk through "who's doing it well?" (and we don't get a very hopeful answer)Is it time to learn from our own and others mistakes? (how?)Guests:Robin...
DtR Episode 91 - NewsCast for May 5th, 2014
Topics dicussedMicrosoft has issued a patch for the massive MS IE flaw - forWindowsXP! -http://arstechnica.com/security/2014/05/microsofts-decision-to-patch-windows-xp-is-a-mistake/Is Open Source Software more or less secure than closed-source? (in a post-Heartbleed era)-http://www.telegraph.co.uk/technology/internet-security/10769996/Heartbleed-the-beginning-of-the-end-for-open-source.htmlTarget's CEO has stepped down, but what's the real reason and is there now opportunity for change? -http://www.usatoday.com/story/money/business/2014/05/05/target-ceo-steps-down/8713847/andhttp://www.latimes.com/business/money/la-fi-mo-target-ceo-resigns-20140505,0,4479532.storyBiometrics (specifically fingerprints) aren't as secure or unique as we'd like them to be, so ... paswords? -http://www.telegraph.co.uk/science/science-news/10775477/Why-your-fingerprints-may-not-be-unique.htmlHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtR Episode 90 - Things Your Auto Insurance Knows [Anonymous guest]
In this episodeWe discuss some of the new techniques auto insurance companies are using to custom-tailor rates to driversOur guest discusses some of the capabilities of the widgets availableOur guest discusses the 'call home' functions, and potential mis-useWe use 'big data' seriouslyWe talk about 'big data' and security - for realOur guest gives us a realistic view about the type of data that's out there about your driving, habits, and trackingGuestOur guest is an industry insider, who for obvious reasons chose not to identify himself. We respect the guest's position, and kindly ask that our listeners do as well.Have something...
DtR Episode 89 - NewsCast for April 21st, 2014
Topics discussedThe big story - "Heartbleed"http://www.csoonline.com/article/2142626/security-leadership/how-you-need-to-respond-to-heartbleed-and-how-you-can-explain-it-to-others.htmlhttp://www.csoonline.com/article/2146141/disaster-recovery/healthcare-gov-urges-password-resets-due-to-heartbleed.htmlhttp://xkcd.com/1354/http://rt.com/news/heartbleed-arrest-canada-security-016/The "hacker*" known as "Weev" is free ...on a technicality, and why this is bad, very very bad, for our industryhttp://techcrunch.com/2014/04/11/weev-is-free/"Ramshackle Glam" - how one blogger had to go to extraordinary lengths to get her site back, and what you can learn from ithttp://mashable.com/2014/04/02/ramshackle-glam-hacking/The FTP's lawsuit of Wyndham Hotels was allowed to proceed by a federal judge - and why this is a very dangerous precedenthttp://www.fiercegovernmentit.com/story/ftc-lawsuit-over-hotel-chain-data-breach-can-proceed/2014-04-14Data breach roundupMichaels [yes, again] -http://www.business-standard.com/article/news-ani/leading-us-art-store-admits-2-6-mln-credit-cards-at-risk-of-hacking-114041800569_1.htmlSouth Carolina data breach is getting costly (for tax payers) -http://www.therepublic.com/view/story/396a4be862cd485e9248cab7879a3a71/SC--Hacked-Tax-ReturnsHard drive maker LaCie was a victim ...for over ayear -http://www.techtimes.com/articles/5672/20140416/lacie-latest-victim-data-theft-ironies-hard-drive-manufacturer-hacked.htm[UK] Cosmetic surgery group hacked,...
In this episodeAdvanced Threat Actors - more or less a threatright nowthan before? (how much is hype?)Advanced Persistent Threat - is it really THAT advanced? (a "what" or a "who"?)The distinction of what "APT" is ...and isn'tTouching on Mandiant APT-1 ...hype from realityA quick discourse on corporate espionage!How we respond to APTs ... is this just really "incident response" for a boogeyman?The snake oil salesman behind "Automated APT defense"Threat Intelligence - necessary, but what's the proper use?Threat Intelligence requires collaboration, how do we do it?Is our security failing, or is our perception of what we want it to do wrong?Key...
DtR Episode 87 - NewsCast for April 7th, 2014
Topics coveredWindowsXP is officially, for real, definitely end of life -http://windows.microsoft.com/en-us/windows/end-support-helpGoogle Nest pushes update - examining the bigger picture -http://www.theregister.co.uk/2014/04/04/nest_waves_goodbye_to_alarm_switchoff_feature/South Carolina's agencies are still not any better after the massive breaches -http://www.wbtw.com/story/25149085/still-no-consistent-computer-security-plan-at-sc-agenciesNews flash - we trust the government and Internet companies less as a result of leaks -http://www.computerworld.com/s/article/9247441/Snowden_leaks_erode_trust_in_Internet_companies_governmentThe two banks which filed suit against TrustWave & Target have dropped their effort...sanity apparently prevailed but there's a bigger issue here at stake -http://www.securityweek.com/banks-drop-suit-against-target-trustwaveHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtR Episode 86 - From DDoS to Quantum Computing [Guest: Prof Alan Woodward]
In this episodeRise of DDoSWhere did it come fromWhat's nextWhy does it workSpoofer project3-DOS attacksQuantum computingWhat is itHow is it different than what we commonly use todayWhat problems does it solveHow practical is itThe dark webWhere did it come fromLegitimate uses, turn into nefarious use-casesAlternatives, adoption and optionsGuestProf. Alan Woodward ( @ProfWoodward) -Alan is not only a subject matter expert in computing, computer security and the impact technology has on business but brings to his roles a very broad range of experience in business management, technical management and project management.Whilst he has particular expertise in covert communications, forensic computing and...
DtR Episode 85 - NewsCast for March 24th, 2014
Topics coveredThe FTC jumps into the breech (pun intended) and may try and levy fines against Target, and future breach victims - http://ww2.cfo.com/technology/2014/03/ftc-urges-data-breach-penalties/http://www.nextgov.com/cybersecurity/2014/03/target-could-face-federal-charges-failing-protect-customer-data-hackers/80824/?oref=ng-channelriverCould the Barclays Bank breach of Feb 2014 have been test data? Richard Bishop thinks so -http://blog.trustiv.co.uk/2014/03/barclays-data-breach-%E2%80%93-could-it-be-test-datahttp://www.theregister.co.uk/2014/02/10/barclays_investigates_gold_mine_client_data_breach/US Commerce Dept not renewing ICANN contract, moving control to ITU -http://www.bloomberg.com/news/2014-03-15/u-s-to-relinquish-control-of-internet-address-system.htmlhttp://www.businessweek.com/articles/2014-03-17/the-u-dot-s-dot-ends-control-of-icann-gives-up-backing-of-the-free-speech-internetWith Microsoft officially, and finally, stopping support for WinXP (after 14yrs!), is there a "breach crisis" around the bend? -http://www.pcmag.com/article2/0,2817,2455206,00.aspMicrosoft can read your Hotmail/webmail ...so can Google, Apple and Yahoo! hype or crisis? -http://www.theverge.com/2014/3/21/5533814/google-yahoo-apple-all-share-microsofts-troubling-email-privacy-policy(bonus) "eGovernment" is something many governments globally and locally are moving ahead with - is this rainbows or...
DtR Episode 84 - Rise of the Security Machines [Guest: Alex Pinto]
In this episodewhat is the promise of automation, and where did we go wrong (or right?)the problems with 'volume' (of logging) and the loss of expressivenessa dive into 'exploratory based monitoring'how does log-based data analysis scale?baselines, and why 'anomaly detection' has failed usdoes machine learning solve the 'hands on keyboard' (continuous tuning) problem with SIEM?does today's 'threat intelligence' provide value, and is it really useful?decrying the tools - and blaming the victimswhat is machine learning good at, and what won't it be great at?log everything!GuestAlex Pinto ( @alexcpsec) -Alexhas almost 15 years dedicated to Information Security solutions architecture, strategic advisory...
DtR Episode 83 - NewsCast for March 10th, 2014
Topics coveredTarget CIO resigns, new central CISO and CCO roles created; but what's really going on here? -http://www.darkreading.com/attacks-breaches/target-begins-security-and-compliance-ma/240166451&http://pressroom.target.com/news/target-reports-third-quarter-2013-earningsCity of Detroit employees' information (including SSNs, DoB, etc) are "at risk" because someone clicked something they shouldn't have -http://www.freep.com/article/20140303/NEWS01/303030085/Detroit-computer-security-breachComiXology was [big time] hacked, but it's all good because the passwords were 'cryptographically secured' but where's the transparency? -http://www.theregister.co.uk/2014/03/07/comixologys_phantom_zone_breached_by_evil_haxxor/A North Dakota University System was hacked and now 290k students, employees and faculty (yes including SSNs) data is at risk ... or is it? -http://www.greenfieldreporter.com/view/story/8f909740809e48e9a5669de333418134/US--University-System-HackedNC State researchers have a genius new way to detect Android malware (hint: you look for C code) -http://www.computerworld.com/s/article/9246825/N.C._State_researchers_devise_tool_that_detects_Android_malwareThe AARP...
DtR Episode 82 - Likely Threats [Guests: Lisa Leet, Russell Thomas, Bob Blakley]
In this episodeDoes is make sense, in a mathematical and practical senes, to look for 'probability of exploit'?How does 'game theory' apply here?How do intelligent adversaries figure into these mathematical models?Is probabilistic risk analysis compatible with a game theory approach?Discussing how adaptive adversaries figure into our mathematical models of predictability...How do we use any of this to figure out path priorities in the enterprise space?An interesting analogy to the credit scoring systems we all use todayAn interesting discussion of 'unknowns' and 'black swans'Fantastic *practical* advice for getting this data-science-backed analysis to work for YOUR organizationGuestsLisa Leet -Lisa is a wife...
DtR Episode 81 - NewsCast for February 24th, 2014
Topics coveredApple had a "Goto Fail" failure - yes people at Apple Computer still useGoto statements in 2014 -http://www.computerworld.com/s/article/9246533/Apple_encryption_mistake_puts_many_desktop_applications_at_riskand Adam Langley's awesome blog -https://www.imperialviolet.org/2014/02/22/applebug.htmlLook out Terps, Univ of Maryland has lost 309,000+ staff members, students and faculty worth of personal informationincluding social security numbers ... OUCH -http://www.washingtonpost.com/local/college-park-shady-grove-campuses-affected-by-university-of-maryland-security-breach/2014/02/19/ce438108-99bd-11e3-80ac-63a8ba7f7942_story.htmlICS-CERT has a new report out that bemoans the Industrial Control sector's inability to detect and respond to incidents ...mainly due to inadequate logging -http://www.govinfosecurity.com/report-cyberthreat-detection-lacking-a-6516and the reporthttps://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Oct-Dec2013.pdfWebsense has done a massive analysis of Dr. Watson (MS Windows crash files) file and determined there is some new kind of APT, POS attack afoot -http://www.darkreading.com/attacks-breaches/microsoft-windows-crash-reports-reveal-n/240166207Many different...
DtR Episode 80 - Lies, Damned Lies, and #InfoSec Statistics [Guests: Jay Jacobs, Bob Rudis]
In this episodeJay and Bob talk about their new bookA discussion on using data as 'supporting evidence' rather than gut feelingsDo we have actuarial quality data to answer key security questions?A discussion on "asking the right question", and why it's THE single most important thing to doBob attempts to ask security professionals to use data we already have, to be data-drivenJay tells us why he wouldn't consider "SQL Injection" a "HIGH" risk ranking - and why data challenges what you THINK you knowQuick shout out to Allison Miller on finding the little needles in the big, big haystackWe think about...
DtR Episode 79 - NewsCast for February 10th, 2014
Topics coveredIn the wake of the Target & Nieman Marcus breaches - is chip+pin really a priority right now, and does it solve the real problem? -http://blogs.csoonline.com/security-leadership/2977/does-chip-and-pin-actually-solve-problem-find-out-asking-these-questionsSpeaking of Target ... it turns out that 3rd parties really are a problem and stilla blind spot in many organizations' risk matrices, who knew -http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/Apparently NBC News doesn't believe it's stretching the newsat all, when it virtually makes up a story then gets called out by Robert Graham, hilarity ensues -http://news.cnet.com/8301-1009_3-57618533-83/sochi-hack-report-fraudulent-security-researcher-charges/Something bad, very, very badjust happened over at Barclays in the UK ... although jury seems to still be out on what exactly...
DtR Episode 78 - Legal Professional Privilege [Guest: David Prince]
In this episodeDavid discusses what it's like working for a law firm (in the UK)A quick wade through the UK Data Protection Act (mostly Principle 7)"When lawyers get to interpret the laws"Law firms as targets for data breachesThe new regulations in the UK, fines between 2%-5% of your REVENUE? Ouch.Defining "adequate measures" in regulationsA brief chat on fines, regulations, and risk managementI trail off on a Princess Bride quote, and get ranty on "risk"Dealing with personal devices, public WiFi to work and securityJames asks the inevitable question on trainingGood vs. "best" practiceYour security as a competitive advantage. really.GuestDavid Prince (...
DtR Episode 77 - NewsCast for January 27th, 2014
Special thanks to Michael Santarcangelo ( @catalyst ) for stopping by the show and guest-hosting with James and I! We had fun, and I think you'll all enjoy Michael's perspective and humor.Topics CoveredNieman Marcus breach - all new, same as before, or is it? -http://www.wired.com/threatlevel/2014/01/neiman-marcus-hack/Coca-Cola loses laptops ... sort of ... but no worries, no evidence of wrongdoing -http://www.ajc.com/news/business/coca-cola-tells-thousands-of-employees-of-security/nc2NB/Breach over at Microsoft, law enforcement documents "likely stolen", but what does that really mean? -http://www.pcworld.com/article/2091480/microsoft-says-law-enforcement-documents-likely-stolen-by-hackers.htmlThe (San Jose) police want to use your home surveillence system cameras, I'm not kidding -http://news.cnet.com/8301-17852_3-57617809-71/police-want-to-use-your-home-security-cameras-for-surveillance/Have something to say? Let's hear it.Support the show>>> Please consider clicking...
DtR Episode 76 - Payment Industry Turmoil [Guests: Laura Claytor & Alfred Portengen]
In this episodeDid the Target/Neiman/? breach finally create a catalyst for change?The card system, payment processing infrastructure clearly wasn't designed with defensibility in mind ... who should be changing that?Are today's fraud rates finally getting high enough such that card processors, issuers, banks need to depart from the status quo?Are the days of "zero fraud liability" to the end consumer coming to an end?What about chip & pin? Is the risk less?What kinds of pains will the industry go through to make security on payment systems better?How is the commercial payments industry different from the consumer?Do end users of credit...
DtR Episode 75 - NewsCast for January 13th, 2014
I can't believe it's 2014 already, and we're rolling through our 3rd calendar year! As we grow and you "regulars" mount, James and I want to thank you for listening, bookmarking, sharing and talking about the podcast. Your patronage has really made a us smile, and you're the reason we do this.Topics coveredReuters: Retail community may be ready for a change in the payment card system and processes -http://uk.reuters.com/article/2014/01/13/uk-target-databreach-retailers-idUKBREA0B01A20140113More Snowden fallout: French/UAE Intel satellite deal may be scuttled because of US-made components -http://www.defensenews.com/article/20140105/DEFREG04/301050006Ransomware CryptoLocker's uglier, meaner cousin now available for $100... look out! -http://arstechnica.com/security/2014/01/researchers-warn-of-new-meaner-ransomware-with-unbreakable-crypto/Schneier: "The Internet of Things" is very...
DtR Episode 74 - Supply Chain [In]Security
In this episodeChris Wysopal - who is that masked man?Putting some reality to the state-sponsored backdoors (Huawei) and supply-chain compromiseThe risks coming through the door with the products you buyThe case for setting up an independent testing lab for mitigating 'backdoor' accusationsChris does an interesting assessment on software security practices in the enterpriseChris discusses holding your vendor to the same standards you hold yourselfWhat does it mean that enterprises are doing a "good job" in SwSecChris goes there, open-source components as part of supply chain riskJames asks "How do smaller buyers leverage scale to hold their suppliers accountable?"Why do we...
DtR Episode 72 - Applied Threat Research and Defense
In this episodeWill gives us a lay of the land on the state of "state sponsored" and advanced threatsWe discuss collective advances in malwareWe discuss the persistence of 'old' malware, and code re-useWe discuss enterprise defense and strategyWill gives us some wisdom from his experiencein helping clients defend themselvesGuestWill Gragido ( @wgragido ) - Will is currently a senior manager in the Threat Research Intelligence organization at RSA NetWitness. Will is an information security and risk management professional with over 18 years professional industry experience, Mr.Gragido brings a wealth of knowledge and experience to bear. Working in a variety of...
DtR Episode 71 - The 2013 Year in Review
Hello! This is a special episode in that it's our year-end wrap-up. We bring together 3 of the industry's best to talk about the year that was, the things that made were on your mind, and maybe give us a hint at what is to come...GuestsWill Gragido ( @wgragido ) - Will is the Sr. Manager of threat Research Intelligence for RSA NetWitness and a lightweight with the cold medicine.John Pirc ( @jopirc ) - John is the Vice President of Research at NSS Labs, with very strong hair.David Marcus ( @DaveMarcus ) - David is the Director and Chief...
DtR Episode 70 - Embedded Systems Shenanigans
Folks, if you work with, design, or implement embedded systems this is one episode you don't want to miss. Fair warning, it's a little bit long at just over 50 minutes total. I hope you find the extra time worth the effort of listening, I know we sure did!In this episodeThe quirky things that Josh's organization gets to work on and deconstructThe methodology of breaking foreign thingsAndroid and why it's "horribly interesting" beyond just the OS everyone seesHacking Android at the very, very, very basic hardware interface(s)Copy/Paste software development and it's pitfallsEmbedded devices as pivot points for intrusionThe importance of...
DtR Episode 69 - NewsCast for December 2nd, 2013
Special thanks to Steve Ragan ( @SteveD3 ) for sitting in this morning and providing his perspective as a journalist.Topics Covered"Leaked" FBI memo to government agencies says "there's a hacking spree on government websites, and it's Anonymous!" (we have to chuckle, a little) -http://www.theregister.co.uk/2013/11/18/anon_us_gov_hack_warning/,http://www.thewire.com/national/2013/11/fbi-anonymous-hackers-stole-over-100000-employees-information/71675/Fokirtor is a very interesting new piece of malware that targetted Linux systems, but by slipping into SSH comms -http://www.theregister.co.uk/2013/11/15/stealthy_linux_backdoor/( and a related piece of malware -http://www.symantec.com/connect/blogs/linux-worm-targeting-hidden-devices)The Healthcare.gov website is a case study in how notto release a web app, or complex system; and it's not even a partisan issue anymore -http://arstechnica.com/security/2013/11/healthcare-gov-targeted-by-more-than-a-dozen-hacking-attempts/Ahead of the G20 meeting to...
DtR Episode 68 - Buffer's Big Hack
I want to thank Carolyn Kopprasch and the @BufferApp team for getting back to me, and agreeing to not only join the podcast, but also field questions from "anyone" ...what a cool group of people!In this episodeCarolyn gives us some of the insider's perspective on what really happened, when Buffer got hackedCarolyn and I discuss triage methodology, and how Buffer's small team respondedIn-depth conversation on the communications strategy and implemented plan to be totally transparentWe discuss that point where it's time to "shut it down" and the need to have the ability and information to make the decision Buffer's team...
DtR Episode 67 - NewsCast for November 18th, 2013
I'm back! Maybe a little sleep-deprived and a tad grumpier than usual, but back to talk news!Topics CoveredMicrosoft unveils the new Digital Crime Unit, and it is quite the statement -http://www.darkreading.com/attacks-breaches/microsoft-unveils-state-of-the-art-cyber/240163924http://www.microsoft.com/en-us/news/presskits/dcu/CME Group hacked, claims platform and trades unaffected ...let's hope so -http://www.businessweek.com/news/2013-11-15/cme-group-says-its-computers-were-hacked-no-trades-affectedJeremy Hammond, Chicago's very own romanticized criminal -http://www.nbcnews.com/technology/hacker-tied-anonymous-gets-10-years-prison-cyberattacks-2D11603760The FBI says there's a "hacking spree" on government webites by Anonymous hackers. You don't say ... -http://arstechnica.com/security/2013/11/fbi-warns-hacking-spree-on-government-agencies-is-a-widespread-problem/There's an apparent zero-day in vBulletin, and it's serious enough that Def-Con's forums were taken down pro-actively ... -http://www.computerworld.com/s/article/9244109/Hackers_use_zero_day_vulnerability_to_breach_vBulletin_support_forumIf you use SnapChat to send questionable selfies hoping they'll just evaporate...you're in for a bad time...
DtR Episode 66 - ISSA International 2013 - Cowperthwaite Weighs In
In this episode...We revisit some of the topics Eric & I talked about nearly 2 years ago at ISSA International, Baltimore.Eric discusses the paradigm shiftthat needs to happen in securityWe talk about shifting resources (in the defensive) from "everything" to something more reasonableEric and I discuss how CISOs must re-allocate resources to survive in a post-breach realityGuestEric Cowperthwaite ( @e_cowperthwaite ) - Vice President, Advanced Security and Strategy at CORE Security, a Boston-based security vendor. CORE is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security...
DtR Episode 65 - NewsCast for November 4th, 2013
Hey all - Raf here and I wanted to thank James for flying solo as my wife and I celebrate the brith of Niccolai and Isabella our new twins! I'll be back in our next episode...Topics CoveredThe buzz over calling yourself a 'hacker' -http://www.theguardian.com/technology/2013/oct/24/hacker-computer-seized-us-open-source(Raf's note - I personally think the way this has been spun is largely to gain clicks/readers, it was very well analyzed here -http://theprez98.blogspot.com/2013/10/omg-call-yourself-hacker-lose-your-4th.htmlA follow-up on Dick Cheney's pacemaker paranoia -http://www.dotmed.com/news/story/22298Big name limo service hacked, discloses info on big-name clients -http://krebsonsecurity.com/2013/11/hackers-take-limo-service-firm-for-a-ride/Look out, hackers may be targeting SAP users -http://www.computerworld.com/s/article/9243727/New_malware_variant_suggests_cybercriminals_targeting_SAP_users?taxonomyId=17Java patching lagging, attackers exploiting, story at 11 -https://www.securityweek.com/java-attacks-jump-user-patching-lags-kaspersky-labIt...
DtR Episode 64 - A US Attorney's Perspective on Cybercrime
Special thank you to the US District Attorney's office for the Southern District of California for a fantastic interview and for letting us pick Sabrina's mind for the podcast...In this episode...Hackers, carders, and the disturbing trend of them pairing up with the traditional mafiaThe challenge of VPSes in cyber-crimeEvangelizing the truths about cyber-crime to businesses, average personAn insight into the way that 'bad guys' specialize in the criminal undergroundAn insight into (bottom-up) investigative models available to law enforcement, as it pertains to hackersAre cyber criminals fleeing or hacking from non-extradition countries?The delicate dance of involving the government in a hacking...
DtR FeatureCast - Rt Hon Baroness Neville-Jones on CyberSecurity
In this episodeWe get a peek into the first member of English Royalty that we've ever had on the podcastBaroness Neville-Jones discusses the difficulties in cybersecurity at the government levelWe discuss the challenges of policy, compliance and implementing real-life securityThe Baroness discusses her efforts to raise both the awareness and collective security of businessThe Baroness discusses a bit about critical infrastructure protectionI ask the uncomfortable question in the wake of the Snowden disclosures - privacy vs. security...GuestRt Hon Baroness Neville-Jones - Baroness Neville-Jones is a long-time political figure in the UK Parliament, House of Lords. She recently retired from public...
DtR Episode 63 - NewsCast for October 21st, 2013
Thanks to Josh Corman for joining us this morning ... always nice to have Josh's experience and brain power on the show.Topics CoveredGargantuan Oracle CPU (Critical Patch Update) including -51- Java security fixes! -http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlHuawei calling for "independent cybersecurity assurance lab" framework, an interesting but difficult thing -http://www.informationweek.com/security/application-security/huawei-proposes-independent-cybersecurit/240162840Dick Cheney, fearing an assassination attempt, had wireless pacemaker removed in 2007-http://www.theguardian.com/world/2013/oct/19/dick-cheney-heart-assassination-fearChesapeake hospice suffers breach, but there's a lesson in the tragedy -http://www.hispanicbusiness.com/2013/10/19/hospice_of_chesapeake_shut_down_computer.htmNPI research shows companies will overpay$10.1 billion for IT security solutions in 2013, worse in 2014 -http://www.prweb.com/releases/2013/10/prweb11239951.htmMinor Verizon security bug, issues with coordinated disclosure, fix timelines, and the much bigger white elephant...
DtR Episode 62 - A Peek Behind the Blue Curtain
In this episode...James and I host legitimate Polynesian royalty(a princess....) really!Katie gives us the skinny on Microsoft's 10 year progression to get to a bug bounty programWe discuss the merits of bug bounties and execution in a very large enterpriseKatie gives us as many details as she can about the recent $100,000payoutMuch... much ... more!GuestKatie Moussouris ( @k8em0 ) - Katie runs the Security Community Outreach and Strategy team for Microsoft as part of the Microsoft Security Response Center (MSRC) team to help drive crucial elements of our security community strategy effort. She is a Senior Security Strategist Lead, and...
DtR Episode 61 - NewsCast for October 7th, 2013
Big thanks to the soon-to-be-regular peanut gallery ... @JoeKnape and @BeauWoods for jumping in this morning and breaking it down with James and I.As a personal message to those of you who listen and our community - please ...remember we all live in a giant glass house, and throwing rocks is a bad, bad idea. I've said it before and I'm looking right at the media for this one (ahem...) - unless you've been in a high-stress environment and have successfully thwarted every attack, please don't go trying to personally attack those out there who work hard at it every...
DtR Episode 60 - Conversations from DerbyCon 3
In this episode...Dave Kennedy wraps up DerbyCon 2013, and gives us the statistic you don't want to tell your managementDave announces the top secret guest for DerbyCon 4Chris & Gabe discuss risk modeling using REAL automated toolsGabe introduces us to his concept of using a 'big data' approach to risk modelingWe discuss risks, network segmentation, and other things you're doing wrongGuestsDave Kennedy ( @Dave_Rel1k ) - Dave Kennedy is the founder of TrustedSec, and the brain behind DerbyCon.Chris G ( @SecbitChris ) - Chris is one of the brains behind the SecuraBit podcastGabe B ( @gdbassett ) - Gabe is...
DtR Episode 58 - NewsCast for September 23rd, 2013
I want to thank Mr. Josh Corman ( @JoshCorman ) for guest-commentating today's episode, and lending his expertise and industry leadership point of view.Topics CoveredUK's GCHQ has been using Prism (Courtesy of the NSA) to spy on you ... the revelation continues -http://www.telegraph.co.uk/news/uknews/law-and-order/10106507/GCHQ-has-been-accessing-intelligence-through-internet-firms.htmlWisconsin trucker vs. Koch Industries, just what is a "direct loss"? -http://www.kfdi.com/news/local/Wisconsin-man-pleads-guilty-in-cyber-attack-on-Koch-Industries-223365221.htmliPhone, fingerprint reader, #IsTouchIDHacked -http://www.forbes.com/sites/markrogowsky/2013/09/22/iphone-fingerprint-scanner-hacked-should-you-care/Can the FTC (and other government entities) go after companeis who fail to do reasonable security? (also, what does that mean?) -http://www.computerworld.com/s/article/9242531/FTC_lacks_data_breach_authority_says_accused_medical_lab?taxonomyId=17&pageNumber=2The gang that popped Bit9 is at it again, IE 0-day in the wild -http://www.computerworld.com/s/article/9242570/Security_org_raises_Internet_threat_level_after_seeing_expanded_IE_attacksMore information on The CavalryThe talk: "The Cavalry...
DtR FeatureCast - HP Protect 2013 - Episode 3
For those of you unfamiliar with the event,HP Protectis the premier event of the year for the HP Enterprise Security products and services organization, held to bring customer practitioners, industry experts, products/services managers and their support specialists together to not only solve real-world problems but to also help set the course for the next year. If you've not had a chance to attend the event and you're an HP customer, or you're interested in the event - check out theHP Protect website.I was a guest at the conference this year and had an amazing opportunity to sit down in 3...
DtR FeatureCast - HP Protect 2013 - Episode 2
For those of you unfamiliar with the event,HP Protectis the premier event of the year for the HP Enterprise Security products and services organization, held to bring customer practitioners, industry experts, products/services managers and their support specialists together to not only solve real-world problems but to also help set the course for the next year. If you've not had a chance to attend the event and you're an HP customer, or you're interested in the event - check out theHP Protect website.I was a guest at the conference this year and had an amazing opportunity to sit down in 3...
DtR FeatureCast - HP Protect 2013 - Episode 1
For those of you unfamiliar with the event, HP Protectis the premier event of the year for the HP Enterprise Security products and services organization, held to bring customer practitioners, industry experts, products/services managers and their support specialists together to not only solve real-world problems but to also help set the course for the next year. If you've not had a chance to attend the event and you're an HP customer, or you're interested in the event - check out the HP Protect website.I was a guest at the conference this year and had an amazing opportunity to sit down...
DtR Episode 58 - Of BSides and Bettering Infosec
In this episode...Mike explains once and for all how the BSides namesake came to beWe talk about how the industry has evolved over the last 10+ yearsMike dispenses a little of his philosophy on how to better the industryWe talk burnoutand why it exists, and possibly how to get through itGuestMike Dahn ( @MikD ) - Mike Dahn is one of the original co-founders of the Security BSides conference many of you have attended, spoken at, or heard of. In addition to that, Michael Dahn is an information security and organizational design strategist responsible for the management of data strategies,...
DtR FeatureCast - HTCIA International 2013
Today I had the pleasure of sitting down with one old friend, and one new. As a speaker at the HTCIA International conference, and the CISO Summit - I had the opportunity to gain some valuable insight, meet lots of excellent leaders, and force some new relationships. As a wonderful side-effect I had the pleasure of sitting down with Mike Murray of Mad Security, and Vince Skinner an attendee of the conference and security leader of his enterprise.We talked about a range of topics from history of the information security industry, to our experiences and the current lack of direction...
DtR Episode 57 - NewsCast for September 9th, 2013
I want to thank our guests - Beau Woods and Joe Knape for joining us this morning. It was great to have these two well-versed commentators on the show ...vote with your downloads folks - if you want to make this a regular thing leave us a comment!Topics CoveredRedHack 'hacks' Turkish police website, stops border traffic? -http://www.hurriyetdailynews.com/redhack-hacks-turkish-police-website-as-border-traffic-grounds-to-a-halt.aspx?pageID=238&nID=53904&NewsCatID=341A few thoughts on the NSA/Crypto from Matthew Green's blog -http://blog.cryptographyengineering.com/2013/09/on-nsa.htmlThe FTC settles with TRENDnet (the webcam shouting obscenities at the 2yr old story) -http://www.bostonglobe.com/business/2013/09/04/ftc-settles-complaint-over-hacked-security-cameras/uYjAuRcb4uCz51Zt1HSGbP/story.htmlCiti ordered to pay $10.86/record, more harm than good -http://www.infosecurity-magazine.com/view/34328/citi-ordered-to-pay-55k-to-connecticut-over-2011-data-breachNY Times hacked (again) but this time it's DNS ...DNS is...
DtR Episode 56 - Understanding the [InfoSec] Elephant
Every once in a while this podcast has a guest who makes us truly feel blessed to be doing this - Rob Dubois is one of those people. If you don't know anything about Rob, go read his website, listen to this podcast and check out his book. He is a real American hero, a fantastic human being, and a true patriot. On behalf of James and I - I want to extend a hearty thank you for the time Rob spent, and wisdom he's imparted.In this episode...Rob Dubois on being a 'badass'the parable of the blind wise men and...
DtR Episode 55 - NewsCast for August 26th, 2013
Since James is out this week with something called "work", I've pulled in two friends (affectionately known as "The Joshes") Josh Marpet and Josh C. Big thanks for these fine gentlemen for stepping in and co-chairing this Monday morning quarterback session... I hope you enjoy!Topics CoveredFraudsters target "wire payment switch" at banks to steal millions-http://www.scmagazine.com/fraudsters-target-wire-payment-switch-at-banks-to-steal-millions/article/307755/#Insurer to Schnucks: We won't pay for lawsuits related to your breach -http://www.scmagazine.com/insurer-to-schnucks-we-wont-pay-for-lawsuits-related-to-your-breach/article/307960/#NASDAQ has a "technical glitch" ... halts trading in the middle of the day -http://www.eweek.com/security/nasdaq-trading-halted-by-technical-issue/Apple App Store infiltrated by researchers' Jeckyll malware -http://www.nbcnews.com/technology/apple-app-store-infiltrated-researchers-jekyll-malware-6C10945771Hacker takes over baby-monitoring IP cam, shouts obscenities... world put on alert...
DtR Episode 54 - Evolution of InfoSec with The Godfather of IPS
In this episode...Rob gives us a little history lessonRob keeps going on the history lesson, IDS, open vs. closed circuitsWe discuss "defense in depth" from back-in-the-dayJames re-introduces us to the "security onion"Rob talks about "programming for super-high-speed" and scaleConstructing things to truly "build scalability in"...Designing networks as a front-end vs. back-end architectureRob points out that network diagrams are always wrongGuestRobert Graham ( @ErrataRob ) - No, this is not Robert Graham the clothing designer, this is Robert Graham the guy who pioneered the IDS. In Robert's own words ... "I am a well-known security research (aka. "white-hat" hacker). I created...
DtR Episode 53 - NewsCast for August 12, 2013
Topics CoveredThe trash bin that stalked me (seriously, only in London) -http://arstechnica.com/security/2013/08/no-this-isnt-a-scene-from-minority-report-this-trash-can-is-stalking-you/and a follow-up as we recorded today:http://www.bbc.co.uk/news/technology-23665490No data breach in Indianapolis, after laptop stolen/recovered -http://www.theindychannel.com/news/call-6-investigators/state-no-data-breach-after-stolen-laptop-traced-to-indy-homeDDoS blackmail in Manchester (UK) FAIL -http://www.manchestereveningnews.co.uk/news/greater-manchester-news/two-held-over-attempted-blackmail-5680548US national health push ("Obamacare") falling behind on security testing...who's surprised? -http://au.news.yahoo.com/technology/news/article/-/18390597/obamacare-months-behind-in-testing-it-data-security-government/Weird password 'feature' in Chrome... -http://blog.elliottkember.com/chromes-insane-password-security-strategyHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtR Episode 52 - Advanced threats, remedial defenses, broken record
In this episode...Dave reminisces a bit...Dave discusses 'digitall signed malware' and that it meansWe discuss whether it's true that 'all networks are compromised'We discuss consumer-grade vs. corporate-grade threats, and why they're differentAn interesting point by Dave about why enterprises aren't learning fromtheir compromisesWe discuss customized malware, with specific and targeted payloads for specific systemsDave talks about whether 'compat the criminal, hire the criminal' is trueGuestDave Marcus ( @DaveMarcus ) - Dave is currently theChief Architect, Advanced Research and Threat Intelligence McAfee Federal Advanced Programs Group. He's been around the industry for a long time, and has influenced countless numbers of...
DtR Episode 51 - NewsCast for July 29th, 2013
Ladies and gentlemen, we are over the 50 episodes mark! If you've enjoyed the podcast, please go rate us in the iTunes store, or leave us a note here. Have you checked out past episodes?!There are some gems in there, I promise, and worth your time.Topics CoveredCharlie Miller and Chris Valasek demonstrated (and will disclose code to) the hack which allows complete (tethered) remote control of a modern vehicle. You need to watch this video, and if you develop code for transport vehicles and aren't thinking about securing your code - it's time to adjust course before you actually kill...
* DtR Episode 50 - The Emergence of Geopolitics in InfoSec
Welcome down the rabbithole as we hit EPISODE 50! I'm thrilled that we've made it this far, and look forward to having you along for the ride into the future! At this point, I'd like to encourage you to listen to some of the fascinating guests we've had on this show, people I'm proud to have had a chat with, in the past archives... suggest guests, or just leave us a comment./Wh1t3RabbitIn this episode...We try and discuss 'defense in depth' on the geopolitical scale@packetknife drops the truth about 'geopolitics experts' in InfoSecAli explains navigating the undocumented security requirements in emerging...
DtR Episode 49 - NewsCast for July 15th, 2013
Topics Covered9 Years After Shadowcrew, Feds Get Their Hands on Fugitive Cybercrookhttp://www.wired.com/threatlevel/2013/07/bulgarian-shadowcrew-arrestvBulletin Forums compromised (~15-~150k) to serve malwarehttp://news.softpedia.com/news/Around-150-000-vBulletin-Forums-Compromised-Abused-to-Serve-Malware-366442.shtmlAmerica's EAS (Emergency Alert System) is open to compromise (still)http://www.wired.com/threatlevel/2013/07/eas-holes/Mobile malware up 614% y/y says Juniper, but mostly Androidhttp://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_yearBlue Box Security finds "master key" issue with Android - but there's more to ithttp://www.zdnet.com/android-oems-slow-to-roll-out-bluebox-security-patch-7000018012/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
DtR Episode 48 - Securing HP Software
In this episode...We get a little insight into the mind of Tomer, and how he thinks about securityWe get an insight into what HP Software IT Management is doing to ensure security in the products they releaseWe discuss making security more than just a securityline-item, and a business requirementThere are many "uncomfortable pauses" :)We discuss Tomer's risk-focused approach to software qualityWe ask "Is HP drinking it's own champagne?"Tomer gives us his feeling on DevOpsGuestTomer Gershoni - Tomer is the Information Security Officer responsible for product security for a select part of HP Software known as IT Management. Previous to that...
DtR Episode 47 - NewsCast for July 1st, 2013
*Apologies for this very important episode getting out a bit late ladies and gents, experienced a loss in the family so things were a little slow to re-start, we should be back on track for next week's episode.Topics CoveredPolitical hacktivism is making a big splash in international news -http://www.ilovechile.cl/2013/06/17/chile-democratic-partys-official-site-hacked/87737http://www.kjrh.com/dpp/news/local_news/jenks/jenks-chamber-of-commerce-website-hacked-for-second-time-within-a-monthhttp://www.publicnewshub.com/zimbabwean-hackers-hailed-for-attacking-ancs-website/http://www.bignewsnetwork.com/index.php/sid/215436810/scat/b8de8e630faf3631/ht/South-and-North-Korea-close-website-amid-hacking-alertshttp://www.business-standard.com/article/pti-stories/syria-s-online-troops-wage-counter-revolutionary-cyber-war-113060900065_1.htmlhttp://www.ehackingnews.com/2013/06/turkish-ministry-of-interior-website.htmlGoogle Published their epic Transparency Report datahttp://krebsonsecurity.com/2013/06/web-badness-knows-no-bounds/http://www.google.com/transparencyreport/European Union issues new data breach laws for telecommunications industryhttp://www.infosecurity-magazine.com/view/33109/eu-announces-new-data-breach-rules-for-telecoms/Critical vulnerabilities found in CROWD single sign-on producthttp://www.computerworld.com/s/article/9240487/Critical_vulnerabilities_found_in_Atlassian_Crowd_enterprise_single_sign_on_toolFacebook offers (pays!) $20,000 flaw for brilliant business-logic bughttp://www.eweek.com/security/facebook-patches-mobile-text-vulnerability-rewards-flaw-discoverer/Microsoft launchges a bug bounty program, forHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to...
DtR Episode 46 - Serious Problems with Industrial Control System
In this episode...The gang discusses the issues with the rapid escalation of connectivity in modern-day industrial control systemsWhat specialized skills are needed to be a SCADA or ICS hackerA nervous pause as vulnerabilities in ICS systems which could affect the adult beverage industry are touched uponDiscussion on how to deal with 25 yearpatch cyclesWhy is it that embedded devices simply don't get patched like your other systems?What are the real issueswith ICS systems, and why they're not getting enough attention...yetGuestMr. Billy Rios ( @XSSniper ) - In addition to being a long-time friend of mine, and one of the most...
DtR Episode 45 - NewsCast for June 17th, 2013
This week, James is flying solo on the microphone catching you up on all the latest news and BIGstories since I'm at HP Discover, Las Vegas and Suits and Spooks in La Jolla, CA. A busy week all the way around, some pretty earth-shattering news coming out!Topics CoveredWe couldn't be the only ones NOT covering the big NSA leak and revelations of spying and other surveillance. Somewhere in the hype, though, is the enterprise story of insider threat -http://www.guardian.co.uk/world/2013/jun/09/nsa-secret-surveillance-lawmakers-liveGoogle Glass is in the news, again, this time from an enterprise perspective. In light of the slight insider threat problem revealed...
DtR Epsiode 44 - Unmasking Security Products
In this episode...We discuss the true nature of many of the security products decisions CISOs have to make every dayFrank and Raf make very poorly thought-out sports analogiesThere are uncomfortable length of silence (mostly edited out)The crew discusses NSS Labs, and what they do to help the CISOs out there make smarter decisions"Someone" asks about anti-virus...[ More info on NSS Labs and the two guests today can be found here:https://www.nsslabs.com/analystsandhttps://www.nsslabs.com/]GuestsFrank Artes ( @franklyfranc)- Research Director Francisco Artes is a recognized information security executive who has helped form some of the motion picture & television industrys best practices for securing intellectual...
DtR Episode 43 - NewsCast for June 3rd, 2013
It's June already?! Where has the first half of 2013 gone? James and I break down the last 2 weeks of interesting InfoSec news in a short "Monday morning quarterback" style... enjoy!Topics CoveredEvernote adds 2-step veficication for their authentication, and follows suit with just about every other 'modern' app. Following on the hells of Twitter, LinkedIn, FaceBook, Apple and the one that started it all, Google - we're now getting multi-step authentication from Evernote. Free users not welcome ...yet? - http://blog.evernote.com/blog/2013/05/30/evernotes-three-new-security-features/Dropbox down for more than an hour, but it wasn't a security bug (we don't think), it's just that they...
DtR Episode 42 - Threat Modeling
In this episode...Johndiscusses some of the foundational principles of Threat ModelingWe talk about why threat modeling is like your time in high schoolWe discuss why threat modeling is such an incredibly important tool to the enterpriseJohn gives us some nuggets of his experience with threat modeling enterprise applicationsGuestJohn Steven ( @m1splacedsoul ) - John Steven is the Internal CTO at Cigital with over a decade of hands-on experience in software security. Johns expertise runs the gamut of software security from threat modeling and architectural risk analysis, through static analysis (with an emphasis on automation), to security testing. As a consultant,...
DtR Episode 41 - NewsCast for May 20th, 2013
Welcome to Monday, May 20th 2013 as James and I discuss the last 2 weeks' worth of Information Security news and relate it (attemptively) to your enterprise day-job. This week was a bit on the lighter side, with the quote of the year (as far as I'm concerned) winner going to the Washington State Administrative Office of the Court for ...well, you'll just have to read the rest of the show notes and listen to the podcast.Also ... we are now on the Zune store. So ...to the 2 new Zune listeners - HELLO!Topics CoveredResearches at Trend Micro uncover new...
DtR Episode 40 - Breakers, Builders, and the Enterprise
In this episode...Kevin, James and I discuss why penetration testing reports are often so worthlessKevin and I disagree. Then we agree, sort of.We discuss the major differences between the 'builder' and 'breaker' mindset, and whether they're actually differentpeopleKevin gives some fantastic examples of how context and experience is critical in penetration testingWe provide guidance no how someone can 'break into' (no pun intended) penetration testing and be effectiveKevin gives an example of how someone can be a great penetration tester, but be of little value beyond thatWe wrap by disussing how enterprises can gain value from penetration testing- and Kevin...
DtR Episode 39 - NewsCast for May 6th, 2013
It's another beautiful Monday (somewhere) and we've got the news of the last 2 weeks covered, and we're breaking it down for you. The news this week is, well, quite frankly kind of dark. Everything tells us we're in for a rough ride for the rest of the year, and it's only getting worse.If I sound a little funny, it's because I'm talking through a massive sinus infection and it's making me talk funny and stuffy. Also the recording you hear is take 2 ... I had a major technology fail so we had to re-record, with less sadness.Topics CoveredWe...
DtR Episode 38 - Enterprise Security in the Real World
In this episode...Live (live-to-tape) from 44Con, London, England.It's amazing, listening to this episode recorded at 44Con last fall, how little the landscape of enterprise security has changed. I took some time during the busy conference to sit down with Ian Amit and Dennis Groves to discuss Ian and my talks (which were perfectly aligned, and completely unplanned!) on the state of security in the enterprise. It's always interesting to get the perspective from 2 industry-well-known speakers and thinkers.We discuss the topics of #SecBiz including the role of security in the enterprise, the challenges business security professionals face, metrics and why...
DtR Episode 37 - NewsCast for April 22nd 2013
It's Monday April 22nd, 2013, and here are the topics from the last 2 weeks James ( @jardinesoftware ) and I ( @Wh1t3Rabbit ) will be talking about as we Monday-morning-quarterback the last 2 weeks in Information Security... Fair warning, we have way too many topics to fit into 20 minutes... so went a little bit longer but both feel it's well worth your time. Laugh, cry, and be informed.Topics CoveredMicrosoft rolls out 2-factor authentication - James points out that Microsoft has rolled out authenticator-agnostic, robust 2-factor authentication... if only I could figure out how to use it? If you...
DtR Episode 36 - Unmasking Cyber Intelligence with Jeffrey Carr
In this episode...A critical discussion on the available 'cyber intelligence' reports from various vendorsHow hard is attribution in cyber space, really?"Alternative analysis" - why isn't it being used enough in cyber intelligence reporting?Discussion on 'degrees of certainty' and its apparent lack of application to cyber intelligenceExtensive discussion on avoiding confirmation bias, critically reviewing intelligence work, and peer reviewing processesKinetic responses to cyber threats and other outrageous rhetoricHacking back? but hacking whom?GuestJeffrey Carr( @JeffreyCarr ) -Jeffrey Carr is a cybersecurity analyst and expert.He lives in Seattle Washington. He is founder and CEO of Taia Global inc. He is also the founder...
DtR Epsiode 35 - NewsCast April 8th, 2013
In this second episode of our Monday morning InfoSec quarterbacking, James and I actually got through the news items we had lined up in just about 20 minutes. I count this as a win.Topics CoveredChoice Escrow & Land Title, LLC vs. BancorpSouth, Inc. | At issue is the Uniform Commercial Code (UCC) as it applies to commercial entities taking "commericially reasonable methods" to secure their transactions. This one is going to have a major ripple effect, keep an eye out for further developments -http://krebsonsecurity.com/2013/03/missouri-court-rules-against-440000-cyberheist-victim/"The biggest cyber attack ever" | Or really, a DDoS feud between a known spammer (CyberBunker) and...
DtR Episode 34 - The Inside Scoop on Cyber Liability Insurance
First ...a milestone.I want to take this time to formally welcome Mr. James Jardine, of SecureIdeas, as my permanent co-host to the podcast. James has experience podcasting as he already co-pilots the Professionally Evil Podcast, and he's witty, knowledgeable, and awesome to work with on the microphone. I ask that you all give James a warm welcome!In this episode...Overview of what cyber liability insurance is and what it isn'tWe ask "Why would we need a security program, when you can just buy insurance?"How do [cyber] under-writers figure out how to insure you, and how much of a liability your organization...
DtR Episode 33 - NewsCast March 25th, 2013
Welcome to the Down the Rabbithole NewsCast!Join me in welcoming James Jardine ( @JardineSoftware) of Secure Ideas to the show as a permanent co-host! The NewsCast is a bi-weekly (2nd and 4th Monday of the month) release where we'll discuss the news and events of the past 2 weeks, and attempt to analyze, break down, and generally make sense of the madness of the Security industry and real world at large.Also a big thanks to Todd Haverkos, the voice behind the hilarious intro you'll hear on this podcast, and all the others ...Topics We CoveredApple's new 2-Factor Authentication went liveCisco...
DtR Episode 32 - Big Data in Little InfoSec
In this episode...We discuss "big data", what the heck it really is, and whether it's something new, something old, or something marketing made upMarcus does interpretive dance, and makes up new wordsAlex (shockingly)disagrees with Marcus, and actually describes 'data science'We hear Marcus talk about "NBS - never before seen" detection and why it's so criticalWe collectively agree (it's OK to be shocked) that "big data" is not a productMarcus discusses why you should be defending against the sniperThe guests disagree on whether we have too little data, or whether we just don't know how to make it work for usAlex...
DtR Episode 31 - Analyzing US vs. Cotterman (Cyber Law)
SynopsisThis timely podcast is right on the heels of the US vs. Cotterman decision from the 9th Circuit Court of Appeals. One of the watershed decisions on privacy and digital law, this is an extremely important case that touches on whether government agents can take and search your digital property while crossing the border with or without cause or suspicion. Michael and Shawn give their analysis, and we get some critical information for international business travelers, as well as those of us in the security community who regularly cross the US border with sensitive, potentially encrypted or password-protected information.Link to...
DtR Episode 30 - It's Always a Business Decision [MISEC edition]
SynopsisSecurity has an interesting view on "business decisions", and in this podcast episode recorded at GrrCon 2012 in Grand Rapids, MI I sit down with some of the talent behind MISEC and we discuss #SecBiz topics of interest including the ugly phrase "it's a business decision" and why we say that. We also dive into how decisions are made, and why security and business are still often at odds on goals and acceptable 'risks'... and why our recommendations and guidance still falls on seemingly deaf ears.We sample some of the sage wisdom of J.W. Goerlich as he runs his IT...
DtR Episode 29 - Shawn Tuma - The Law and the Hacker
SynopsisShawn and I have been trying to get together to record an episode for what seems like forever. We first started talking about the CFAA (Computer Fraud and Abuse Act) when it was ruled that a person could not be charged as a 'hacked' under the CFAA by their employer when they accessed information improperly ifthe employed did not restrict that access appropriately. Shawn's expert insight here as an attorney dealing with the CFAA shines as we talk about hacking, vulnerability research, and other critical topics to the hacker culture, information security industry and security professionals.You're not going to want...
DtR Episode 28 - Bill Burns - InfoSec in a Cloud of Constant Flux
SynopsisI sat down with Bill at ISSA International in Anaheim, CA in the fall of 2012 to discuss what it's like, and what types of challenges he faces in the fast-paced, hybrid world of security at Netflix. We talked about some of the challenges his environment faces, and more generic issues that are endemic to the evolving security landscape. It's fascinating to hear Bill's take on what the big picture items are, and how security is really in a state of evolution right now. Join us, I tihnk you'll love this episode.GuestBill Burns - Director of IT Security and Networking,...
DtR Episode 27 - Guest: Mikko Hypponen - Way beyond viruses
SynopsisTo kick off January on the Down the Rabbithole podcast I have Mikko Hypponen, the "malware adventurer" and Chief Resarch Officer from F-Secure Corp and we're talking about the state of malware and 'viruses' digging into the modern threat landscape and maybe digging up a bit of nostalgia from the late 90's. This is a fascinating conversation so I invite you to break out your old boot sector and COM viruses and join us for some interesting discussion!GuestMikko Hypponen - Chief Research Officer at F-Secure Corp., TED speaker, and self-professed "malware adventurer". He can be found on Twitter at @MikkoHave...
DtR MicroCast 06 - Guests: Steven & Martin - Hacking in Quebec (Hackfest.ca)
SynopsisThis microcast episode was recorded livefrom hackfest.ca 2012, on location in Quebec. The conference is a phenomenal success for the challenges they face (primarily non-English speaking region, small market, etc) but they've managed to attract a ridiculous amount of people to this conference, awesome speakers, and have one of the best 'War games' scenarios I've ever seen... listen to these two guys talk about how they make this happen.GuestsSteven McElrea (@Longferret) - contributed and supporting organizer, key cog in the hackfest.ca wheel!"Martin" - he's responsible for a lot of the design and infrastructure behind the War Games that were conducted...
DtR Episode 26 - Guest: Brad Arkin of Adobe - Software Security Under Pressure
SynopsisThis episode is special because it's been a long-time-in-the-making interview with Brad Arkin of Adobe. This is the organization that many of the hacker community like to hate, and pick on - without realizing the monumental task of securing the software that Brad's team is responsible for. Brad's official title at Adobe is Engineering Senior Directorbut in real life one of the responsibilities his team is tasked with is doing product security for products like Adobe Flash and Reader ... Brad's take on software security and how he got the bug problem under control at Adobe is worth a listen!GuestBrad...
DtR MicroCast 05 - Guest: Eric Cowperthwaite - The Rise and Fall of Enterprise IT
SynopsisLIVE from day 2 of the ISSA International conference 2012, in Anaheim, California I cornered Eric Cowperthwaite after a much-anticipated year-long wait... and we talked about his prediction that in the next 2 years many of the traditional IT employees will be employed as either business-IT resources in the enterprise, or IT-technical resources at an IT outsource or cloud provider... Eric's predictions tend to be right on the money so it'll be interesting if some of the things he advocates in this microcast come true! Only time will tell.GuestEric Cowperthwaite - Eric is the Chief Security Officer at Providence Health...
DtR Episode 25 - Guests: Jim Manico, David Litchfield - From Black Hat 2012 with SQLi
Syhopsis When I caught up with these two gentlemen in Amsterdam over the week of Black Hat 2012, I knew we wouldn't run out of things to talk about! We ended up chatting for quite some time, and I think you'll find this conversation interesting from hearing of David's recent work with Oracle, and Jim's perspective on "the fix"... I kept the conversation going and am probably at last partially responsible for how long this podcast ended up being. It's well worth the time, in my opinion, as we cover the following topics:Attacking Oracle (David's talk had to be shelved,...
DtR Episode 24 - Guests: DarthNull & InfoJanitor - All the Things InfoSec
SynopsisThis week we went free-form with two of my favorite InfoSec insiders ...people you probably follow on Twitter but can't quite place. Here are some of the topics covered this week:The Apple UDID theft - what really happened, why, and what more is there to this story?Information vs. DISinformation...the battle for online trustSpeaking of distrust - where do you go post-breach?InfoSec intelligence is a lot harder to do than just reading mailing lists and Twitter, there's a ton to this (scratching the surface)Change management's impact and possible salvation for IT and InfoSecLegacy systems and why they are the ball and...
DtR Episode 23 - Guest: Patrick C. Miller - Energy Sector, SmartGrid and Resiliency
SynopsisToday's podcast discussion is with someone who has one of the toughest jobs in the security world... Patrick helps organizations that generate and deliver the power that runs our gadgets and critical systems that maintain life as we know it. The power grid is not only surprisingly vulnerable due to it's age-old infrastructure, but also surprisingly resilient due to the complex nature of power distribution and generation... there's just a lot more to it than most people realize.Patrick separates fact from fiction and goes into the pragmatic approach on national electric grid security - where we realize that it's really...
DtR Episode 22 - Guests: Marc Blackmer, Matt Morgan - Security + App Lifecycle viewpoints
SynopsisThis episode is a mini-episode recorded livefrom the social media lounge at HP Discover Las Vegas 2012. It was an incredible show, where I caught up with Marc and Matt - two guys who are really from opposite side of today's deploy vs. secure coin. Somehow we quickly dove into DevOpsand picked up right where my conversation with the incomprable Gene Kim left off in episode 20. Ironically, we discussed how to deploy faster (sound familiar?) and still get security and quality into the scope of delivery... this isn't a product pitch but it's two HP guys talking about how...
SynopsisIn this episode we ask the big question of "Can security be a part of the 'build/deploy faster!' culture?" We discuss the need to separate out high/low risk code, understanding how to deploy dormant components of the applications, proper testing strategies and branching/merging in a world where fasterisn't just an ask, it's a needto stay competitive.A huge thank you to all my guests for their time and expert insight. The combined talent and experience of my 3 guests is something you should absolutely take a listen to, as these gentlemen really know what they're talking about - whether it's Information/Application...
DtR Episode 20 - Guest: Gene Kim - DevOps live from HP Discover Las Vegas
SynopsisThis episode was recorded in June '12, livefrom the show floor at HP Discover Las Vegas, 2012and the talk of the town was once again DevOps. Gene and I have had 2 prior conversations on the topic, but we're once again tackling the impact of DevOps on the IT and security relationship and overall business value. We tip our hats to several people including Josh Corman (Rugged DevOps), David Mortman, James Wickett, Nick Galbreath and Mr. Daniel Blander for their prior contributions and supporting work on the topic. Gene talks about some of the mechanisms we have available to us...
DtR - Episode 19 - Bob Arno: The world's foremost legal pickpocket
SynopsisThis episode is special, not because it's more Info Security stuff, but because we take a far departure from the world of bits and bugs to the world of the pick-pocket and thief. Sitting down with Bob Arno is a real pleasure, as he has the storytelling ability and knowledge to educate and open your eyes to a world where nothing is as it seems and anyone can be separated from their valuables. Yes - this extends into the world of Information Security, and there are lessons to learn.In this episode Bob and I talk about picking pockets, keeping yourself...
Down the Rabbithole - Episode 18 - Kellman Meghu: Chaos, Resiliency, and more
SynopsisI caught up with my friend Kellman Meghu at BSides Detroit as the conference was coming to a close and we finally got to sit down and have a fun conversation about chaos, and what sorts of things enterprises can realistically do to increase security today. We both work for vendors so we talked about "shiny blinky boxes", when things fail, and the notion of resiliency. Fun conversation ensues ... with a random sprinkling of security buzzwords.Kellman's famous quote is from this episode is "I can hand you this tool, and that doesn't suddenly make you any more secure than...
Down the Rabbithole - Episode 17 - Adam Shostack on New School Security
SynopsisGreetings fans, this episode promises to be a great one with the likes of Adam Shostack starting off talking about what the whole concept of "New School Security" is all about, and how it differs from the way we've all done it for the past 15+ years. Adam and I talked through some new interesting ideas for moving the information security community and discipline forward, and even commented on how we can start to overcome the security community's focus on 'secrecy' when things go wrong. How do security professionals understand what the desired outcomes should be, then start to move...
MicroCast 04 - Kevin Riggins & Kenneth Johnson - QA + Security Software Testing
SynopsisLast winter, on a frigid afternoon I got a chance to sit down with 2 of my favorite Iowa locals, Kevin and Kenneth to talk about the tenuous relationship between QA and Information Security. Earlier in the day I had given a workshop on software security testing (of the web variety) to a ViViT user group, and with that topic and their questions/concerns fresh in my mind I settled down for a 30 minute conversation with Kevin and Kenneth ... we essentially continued the conversation from Episode 3(please give that a listen if you haven't yet to get a background).Some...
Feature - Welcome to HP Discover Las Vegas 2012
Greetings friends! I am taking some time to do something a little out of the ordinary right now... I'm coming to you from beautifulLas Vegas, Nevada andHP Discover 2012 where the theme isMake it matter.Rather than doing yet another blog post on how beautiful the show floor is, and how amazing the content is going to be, I've recorded a little bit of audio, about 6:30 miutes or so to give you a feel for what we're up to, what's going on, and why I'm downrightgiddy with excitement.Have something to say? Let's hear it.Support the show>>> Please consider clicking the...
Down the Rabbithole - MicroCast 3 - Paul Elwell + Albert School - Measuring Security
SynopsisThis episode of Down the Rabbithole microcast (~15 minutes length) was recorded live at the Ohio Information Security Summit.Albert and Paul were kind enough to sit down with me and discuss metrics and process - and essentially what demonstrating "good security" means to an enterprise. "Can we ever get there?" Where is there? Understanding the basics of security, measurement, and whether if we really do a great job, Information Security can work itself out of a job ... those are some heavy topics for a mini-podcast. Enjoy!Feedback is always welcomeGuestsPaul Elwell - Security Specialist for a Fortune 500 companyAlbert School...
Down the Rabbithole - Episode 16 - Spacerog and Shpantzer talk CyberPocalypse
SynopsisIn this episode, streamed live and recorded for your listening pleasure, I'm joined by @SpaceRog and @Shpantzer from Security BSides Delaware. What started out as an off-the-cuff discussion on the 'Cyber Apocalypse' quickly materialized into a much longer discussionw which dove into various aspects of infrastructure security, critical protection and even the inability to separate the physical from the cyber worlds. Join us for a little bit of nostalgia, a little bit of knowledge and a lot of commentary from these two very smart staples of the security community.This is one of those conversations which I barely edited... it was...
Down the Rabbithole - Episode 15 - Backstage at THOTCON 0x3
SynopsisIt's rare that I get to be a spectator at a podcast, but in this case I was listening to some of the conversations and talks being given at Chicago's very own THOTCON 0x3, and decided it would be valueable to you to get some of the conversation movers on the microphone. We started talking about the applicability of information security conferences to your "day job", got into a discussion on "hallway con" and then went down the rabbithole on some interesting tangential topics ... and of course the fresh rap from DualCore was awesome. I hope you enjoy the...
Down the Rabbithole - Microcast - THOTCON 0x3_1
SynopsisIn this short microcast we rap about the THOTCON 0x3 experience, why we think the Chicago community has taken off so much, and what sorts of interesting things make THOTCON, and the local hacker con here in Chicago, so attractive to people from around the world. Yes, there is comedy involved...GuestsTodd- Audio genius, InfoSec luminary, pen tester ...better known to his Twitter fans as @PhoobarBen - Ben is a Chicago suburban staple, first time on the microphone, otherwise known on Twitter as @Ben0xAHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the...
Down the Rabbithole - Episode 14 - Dave Frederickson on Cloud Reality
SynopsisThis episode I sit down with Dave Frederickon who has a unique viewpoint on cloud computing from a Canadianpoint of view, as well as a VP of the HP Canada business. I pose some tough questions to Dave including "Is 'cloud' just marketing hype?" and other discussion topics and we have a good chat on the reality of cloud computing, who's adopting it and how it's changing and revolutionizing Information Technology at the pace of business. This is another great podcast in the cloud series, and you should not miss it!GuestDave Frederickson- (Vice President & General Manager Enetrprise Servers, Storage...
Down the Rabbithole - Episode 13 - Mark Radcliffe - The Ts and Cs of Cloud Computing
SynopsisOn this episode of Down the Rabbithole I get the distinct pleasure of sitting down with one of Silicon Valley's top attorneys to talk Cloud Computing T's and C's ...and let me tell you this was a wild ride. I learned a lot, including the fact that I know a famous legal court case about a tugboat captain and the use of radar ... and what all that CAPSLOCK PRINT ON SOFTWARE LICENSE AGREEMENTS means ...and so very much more. Join me, and learn a little bit more about the legal aspects of cloud, before you find out the hard...
Special - Cloud Legal Panel - Chicago Cloud Security Alliance Chapter Meeting March 7th, 2012
SummaryThis 1 hour podcast was recorded live at the March 7th, Chicago Cloud Security Alliance chapter meeting, where we were fortunate enough to have a panel of attorneys discuss the issues with cloud security from a legal perspective. I hope you find the content stimulating, if not a little bit worrisome.Apologies for some of the flaws in the audio, but this was an ad-hoc recording and I didn't have time to clean up the taps and paper shuffling that the super-sensitive microphone picked up.This was the first recording using the mobile Zoom H4n, and I think you'll agree it's an...
Down the Rabbithole - Episode 12 - Chris Hadnagy - Hacking the Human (mind)
SynopsisThe guest on this podcast will blow your mind ...literally. He is none other than the "human hacker" himself, Christopher Hadnagy, who has written a book and now runs social-engineer.org. Chris is a long-time friend of mine and an invaluable resource in the psy-ops James Bond style social engineering world. Chris knows his stuff, and he's willing to teach you if you're willing to listen... so buckle down and get educated on social engineering background, tricks and even the 6 things your company must doto prevent being a victim of social engineering attacks. Oh ... and let's not forget, somewhere...
Down the Rabbithole - Episode 11 - Nathaniel Dean discusses software security red teams
SynopsisI had the pleasure of sitting down with Nathaniel Dean, someone I had met through a mutual colleague's introduction, and hear about a neat concept that takes the software security program to a new level. Interestingly enough, Nathaniel runs a red teambut it's guaranteed to be unlike any red team you've probably ever worked with. The crazy thing? It's working. We talk through the mechanics, psychology, and business implications of what he's driving, and how he's rollig up his sleeves and getting it donewhich is probably more important than anything else.Jack in and get a 25-minute does of knowledge from...
Down the Rabbithole - Special - "Master the Cloud" Calgary (w/celebrity guest Adam Growe)
Synopsis We were "live to tape" (as Adam says) from HP's Master the Cloud event in Calgary. As we wrap up the road tour in the frozen city of Calgary I had the pleasure of sitting down with a comedian and celebrity, a technical expert on virtualization from HP, and the managerof Intel's advanced server technologies team. This was a wild, off-the-rails discussion and you can really tell we were just having a good time and excited to wrap up the tour. Great topics of discussion...Topics covered in this episode include...Hypervisors and their value to cloud computing, virtualization and hackingWhy...
Down the Rabbithole - Episode 10 - "The real Gene Kim" on DevOps, KPIs & high performance IT
SynopsisWorld-renowned author, researcher, speaker and founder of legendary TripWire joins me semi-live from LASCON in Austin, Texas to talk about his current project(s) [The DevOps Cookbook, and When IT Fails: A Novel], and his book Visible Ops and how this can all be applied to security in today's tough business climate. Gene and I discuss what in the DNA of well-performing (or "agile") IT organizations, based on Gene's research and experience, enables them to not only perform better, but also serve the business faster. These high-performing organizations all have things in common, and you may be shocked to hear it's...
Down the Rabbithole - Special - "Master the Cloud" Toronto
SynopsisI sat down at the HP Master the Cloud (hp.com/go/cloud) event in Toronto, Canada to answer some Twitter-based questions, talk about the trade show, and listen to some of the fantastic things Victor and his team are working on right now in their incubator ... and it was a really great 20 minutes. We covered the questions below (posted directly from Twitter, special thanks to all who participated) and talked about technology, the evolution of security, and how organizations can take advantage of this shift as technology turns the corner in a new operating and delivery paradigm. Is cloud right...
Down the Rabbithole - Special - "Master the Cloud" Montral
Synopsis This special episode of Down the Rabbithole is sponsored exclusively by HP Canada, and I wanted to thank them for hosting this fantastic event! In this episode I sat down with Charlie Bess and EG Nadhan to talk about Cloud Computing. Now, this isn't your standard cloud discussion ... no my friends, these are two of the top technologists HP has to offer from the labs and services organizations talking about the paradigm shifts in computing that "the cloud" offers. We talk through business adoption, getting over the "it's cheaper" mentatlity, security ... and even some of the things...
SecBiz Monthly Call - January - "Eating our own dogfood"
Synopsis This month's cal lkicks off 2012 with a big question - "Do security professionals follow their own policies?" ... and as we talk through this issue we discover that there are other subtleties to this question. Does it make sense for Information Security to have separate accounts for general and administrative access? Does a securit policy fail if it does not account for 'exceptions' to that policy - legitimate exceptions? What about an exception policy that allows information security professionals to navigate complex policy issues and receive 'allowances' to do their jobs without being limited by the general user...
Down the Rabbithole - Episode 09 - Jeff Reich Explains "Table Stakes" and Other InfoSec Genius
SynopsisThis episode with Jeff was awesome, recorded at the OWASP LASCON security conference, I got a chance to sit down with Jeff in person and talk shop. I always learn something, but in this podcast Jeff dispensed his usual wisdom in buckets, I could barely write this stuff down fast enough. We covered the raising of the "information security table stakes", and what the last 15 years have meant to the information security profession in terms of evolution. We went into a discussion on how information security can avoid being a cost center and feeling the traditional expansion and contraction...
Down the Rabbithole - Holiday 2011 Year End Wrap-Up Episode (Part 3)
Synopsis This is the third and final part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk about what significant things happened in 2011, and what we should be looking forward to in 2012. No predictions, no propaganda, just hard-hitting, amusing, and often nostalgic discussion about the realities of living in an ever-more connected world as we go into 2012. I hope you enjoy the podcast series if you missed it live. In the future, look for announcements of live episodes on my (@Wh1t3rabbit) podcast feed and join in...
Down the Rabbithole - Holiday 2011 Year End Wrap-Up Episode (Part 2)
Synopsis This is the second part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk about what significant things happened in 2011, and what we should be looking forward to in 2012. No predictions, no propaganda, just hard-hitting, amusing, and often nostalgic discussion about the realities of living in an ever-more connected world as we go into 2012. I hope you enjoy the podcast series if you missed it live. In the future, look for announcements of live episodes on my (@Wh1t3rabbit) podcast feed and join in the discussion!...
Down the Rabbithole - Holiday 2011 Year End Wrap-Up Episode (Part 1)
Synopsis This is the first part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk about what significant things happened in 2011, and what we should be looking forward to in 2012. No predictions, no propaganda, just hard-hitting, amusing, and often nostalgic discussion about the realities of living in an ever-more connected world as we go into 2012. I hope you enjoy the podcast series if you missed it live. In the future, look for announcements of live episodes on my (@Wh1t3rabbit) podcast feed and join in the discussion!GuestsWill...
Down the Rabbithole - Episode 08 - Kris Herrin: Surviving and Thriving with Data Breaches
Synopsis On this edition of the podcast, Kris Herrin joins me from the ISSA International Conference to talk about his unenviable role as Chief Information Security Officer of Heartland Payment Systems during one of the most epic data breaches in history. For those of you who didn't live in a cave - Kris and his organization turned the ship around ...not only that - this incident was used to help the organization find religion in Information Security and sound risk management practices. Now as Heartland leads the payment industry in security - Kris talks about his ascention through the tanks...
Down the Rabbithole - Episode 07 - David Elfering's "As the Security Lightbulb Turns"
Synopsis My guest David Elfering (@icxc on Twitter) and I go all over the map covering various SecBiz related topic, and come up with a fantastic set of quotes including: "No matter how long you hold the light bulb up, the world will not revolve around InfoSec" and other gems. We talk through how to present to a business group or executive, the communication and written skills required and various other topics related with bridging the business - security gap. This is a great episode to listen to - we cover a lot of ground.GuestDavid Elfering (@icxc) - David is...
Down the Rabbithole - Episode 06 - Jeff Moss Talks Internet Evolution
Synopsis In this edition of the podcast, I sit down with Jeff Moss (@TheDarkTangent) to talk about all of the interesting evolutions currently going on in the Internet age. As one of the people who has watched the cyber punk culture evolve from the dark culture of hacking for curiosity, through the "dot com boom" and now into mainstream business, and he has some interesting commentary on how we've evolved as a culture and a group. We also talk through some interesting hacker vs. government regulation topics, and IPv6 of course! Listen in, and hear all the really exciting things...
Down the Rabbithole - Feature MicroCast 02 - "The Erosion of Privacy"
Synopsis This is perhaps the most important podcast I've recorded to date, and probably will record for some time. The guests on my show in this episodes are not only privacy experts, but people who deal with digital privacy every day ...and are just as appalled as I am about the rapid erosion of privacy in the modern digital age. From 4Square to the automated toll collection system - you're being tracked when you tweet, drive, and buy discount paper towels at your local market ...and technology is facilitating the privacy you're willfully giving up. STOP the madness! This episode...
Down the Rabbithole - Episode 05 - Bryan Stiekes Says InfoSecurity is Fundamentally Broken
Synopsis This week I host Bryan Stiekes, a distinguished technologist with HP ...and not a security guy by trade. Bryan has been a part of IT for a very long and distinguished career, with a background in networking and architecture. Bryan's premise is that Information Security is at its core fundamentelly broken ...and I can't say I disagree. We discuss the different aspects of what's been wrong with modern information security, and whether this is a good time to be in the 'business' of IT. This is a fascinating conversation for anyone who's feeling lost in IT Security ...and looking...
Down the Rabbithole - MicroCast 01 - Security is Just Good IT
Synopsis This is the first MicroCast, a new 15-minute format jammed packed with a series of great topics. This time around, Jack Nichelson joins me and tells us how Bruce Lee feels about IT Security (this is a great quote!), why really good IT Security is just really good IT, and whether we will all be replaced by "Cyber-Insurance" policies. Yikes ... this is definitely 15 minutes you'll be happy you listened.Guest:Jack Nichelson - Jack is an information security officer at a very large industrial enterprise. Jack's background is not IT Security, but he is a venteran of technology, and...
Down the Rabbithole - Episode 4 - Effective Small Business Security
Synopsis This is a special episode for anyone who's feeling like "Information Security" in their small business is impossible. My guests and I talk through how to make information security a proper entity that can both serve the business need, and be respected; more than just survival, it's about making security thrive in the small business. Michael potificates on what makes the security community such a valuable resource to security managers in his position, and we go into what advice you could give a vendor selling into a small business ... what a fascinating discussion!GuestsJ.W. Goerlich - Network and Security...
Down the Rabbithole - Episode 3 - "QA and Security, Can we make it work?"
Synopsis Over the past year and a half of so, I've been pushing hard to change the paradigm around secure software - specifically the testing aspect of it to incorporate a much heavier emphasis on quality assurance. That conversation spilled over into an OWASP conversation, which lead Glenn, Rohit and I to sit down and record this conversation we had - as we appear to be of like mind. While it's not trivial to incorporate security testinginto quality assurance, it's not impossible, and in fact, more practical than you may think. In this segment we discuss what security testingin a...
Down the Rabbithole - Episode 2 - "Can You Be Hacked Out of Business?"
SynopsisThis edition of the podcast doesn't hold back. We ask "Can someone be hacked out of business?" and as usual we don't really like the answers we come up with. While Martin, Rob and I have been in most every aspect of security for just over a combined 3 decades, we end up with a conslusion that I don't think any of us are comfortable with ...at least not that we were willing to say out loud, until now. So is it possible? Is DigiNotar being "hacked out of business" as Dark Reading suggests all FUD? Listen and find out...
Down the Rabbithole - Episode 1 - "Everyone's getting hacked, is it time to panic?"
This is the inauguralpodcast episode of Down the Rabbithole.Our podcast focuses on security, but from a business perspective and shines a light on the often misunderstood connection between Information Security and "business".Today's guests were:Chris Nickerson - Founder, Lares ConsultingWill Gragido - Lead Researcher, HP TippingPoint DV LabsMartin McKeay - Security Evangelist, AkamaiThe topic for today's podcast was the question: "Everyone's getting hacked, should I panic?" ...and we also mention the HP TippingPoint DVLabs 1st Half 2011 Cyber Threat Report.Links:Chris Nickerson mentions his "12-step blog post" > http://www.laresblog.com/2010/04/confessions-of-secaddict.htmlMartin McKeay mentions Sony's "lawyer approach" > http://arstechnica.com/gaming/news/2011/09/mandatory-ps3-update-removes-right-to-join-in-a-class-action-lawsuit.arsHP TippingPoing DV Labs 2011 Mid-Year Top...
The #SecBiz Podcast - Talking "Cloud Security" with Phil Cox
Phil Cox joins Rafal (aka Wh1t3 Rabbit) and Martin McKeay and a gallery of others dicussing the issues with the very nebulous term "Cloud Security", and what it means, and how we as vendors can realistically help the consumers of cloudget a handle on what the heck this all means.Fascinating conversation ensues.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
Forensic Fix
Forensic Fix Episode 26
Key Topics:
Matt AKA Billy Humphries' career journey from law enforcement to crypto investigations
The parallels between mobile phone and crypto adoption in investigations
The current maturity level of cryptocurrency artifacts in digital forensics
The importance of mindset and proactive adaptation for agencies
Practical strategies for integrating crypto into investigative workflows
Connect with MSAB on LinkedIn - https://www.linkedin.com/company/micro-systemation/?viewAsMember=true, Twitter (X) https://x.com/MSAB_XRY and BlueSky - https://bsky.app/profile/msabcom.bsky.social
LinkedIn: Matt (Billy) Humphries - Matt Humphries | LinkedIn
Forensic Fix Episode 25
Steve Bunting's journey into digital forensics began with an internal affairs investigation.The evolution of digital forensics has been marked by significant changes in technology and security.Comprehensive evidence gathering is crucial in forensic investigations.Innovative approaches, such as analyzing absence of evidence, can yield valuable insights.Expert testimony requires translating technical evidence into understandable language for juries.Biometrics are becoming increasingly important in accessing mobile devices.The sheer volume of digital evidence presents challenges for forensic examiners.Collaboration and cross-jurisdictional efforts are essential in modern forensics.Digital forensics training is vital for law enforcement personnel.Sharing knowledge and research within the forensic community is crucial for advancement. LinkedIn:...
Forensic Fix Episode 24
Stephen Ormston has a diverse background in management and communications within the security domain.The Cyclops project focuses on the mental health and wellbeing of practitioners in cybercrime.EU funding plays a crucial role in facilitating international collaboration on security initiatives.Standardization in digital forensics can enhance efficiency but may also stifle innovation.The For Mobile project produced significant innovations in mobile forensics and training.Deepfakes present new challenges for law enforcement and require urgent attention.Community engagement is essential for the success of security initiatives.Practitioners need to be empowered to prioritize their own wellbeing.Funding and resources are critical for sustaining long-term projects.Building on previous foundations...
Forensic Fix Episode 23
In this episode, Adam Firman interviews Sonja Ryan, founder of the Carly Ryan Foundation, who shares her personal journey following the tragic loss of her daughter Carly to an online predator. Sonja discusses the foundation's mission to promote online safety for children, the introduction of Carly's Law in Australia, and the importance of education and awareness in preventing online exploitation. The conversation also highlights the challenges posed by big tech companies, the need for preventative measures, and the importance of community support and mental health resources for victims.Connect with MSAB on LinkedIn -https://www.linkedin.com/company/micro-systemation/?viewAsMember=true, Twitter (X) https://x.com/MSAB_XRY and BlueSky - https://bsky.app/profile/msabcom.bsky.socialBe...
Forensic Fix Episode 22
TakeawaysMental health support is crucial for law enforcement professionals.Proactive approaches can prevent severe mental health issues.Stigmas around mental health often prevent individuals from seeking help.Therapy has evolved and can be more solution-focused today.You don't need a diagnosis to seek therapy.Recognizing signs of burnout is essential for mental health.Digital forensics professionals face unique mental health challenges.Coping strategies should include activities outside of work.BWRT offers a new way to address trauma without re-traumatization.Organizations must prioritize mental health support for their employees.Connect with Hannah on LinkedIn - https://www.linkedin.com/in/hannah-bailey-40a85a1a5/https://www.bluelightwellbeing.uk
Forensic Fix Episode 21
Matteo Epifani has a rich background in digital forensics and education.The field of digital forensics has evolved significantly over the years.Timing is crucial in data preservation and extraction.Standards in digital forensics often lag behind technological advancements.Cross-validation with multiple tools is essential for accurate forensic analysis.Every case is unique and requires careful consideration and validation.Creating educational content in forensics is time-consuming and requires thorough validation.The challenges of obtaining data from US-based companies complicate investigations in Europe.Collaboration between law enforcement and forensic experts is improving but remains challenging.Matteo emphasizes the importance of passion and continuous learning in the field of digital forensics....
Forensic Fix Episode 20
The emotional toll of digital investigations is significant.Mental health support for digital forensic investigators is lacking.Identifying stressors like PTSD and burnout is crucial.Exposure to traumatic content can have lasting effects.Transitioning from law enforcement to mental health advocacy is important.Technology can play a role in addressing child exploitation.Stigma around mental health in policing still exists.Open conversations about mental health are necessary.Online assessments for mental health are insufficient.Support systems in the NHS are more proactive than in law enforcement. The analogy of the driven tap illustrates how stressors accumulate.Unsupervised internet access poses significant risks to children.Parents should supervise children's online activities to...
Forensic Fix Episode 19
Key takeawaysSarah Simon has a strong background in law enforcement and digital forensics.Volunteering as a special constable allows professionals to stay connected to policing.Networking within law enforcement is crucial for sharing knowledge and experiences.Validation in digital forensics is essential for ensuring the reliability of evidence.AI presents both opportunities and challenges in forensic investigations.Sarah's journey to Deloitte highlights the importance of adaptability in career paths.Cyber incident response requires a different mindset compared to traditional investigations.The rapid advancement of technology complicates forensic examinations.Law enforcement faces increasing challenges due to the prevalence of digital evidence.Understanding the context of digital evidence is critical for...
Forensic Fix Episode 18
Jessica Hyde's journey into digital forensics is unconventional and inspiring.Her military background significantly shaped her career path.The transition from traditional forensics to mobile forensics is crucial.Education plays a vital role in developing skilled professionals in the field.Hands-on experience and research are essential for success in digital forensics.The importance of validating forensic tool results cannot be overstated.Jessica emphasizes the need for mission-focused work in digital forensics.Training should encompass both tool usage and foundational knowledge.The digital forensics field is rapidly evolving, requiring continuous learning.Hexordia aims to provide education and support for the next generation of forensics professionals. Foundational training is crucial for...
Forensic Fix Episode 17
SummaryIn this episode of Forensic Fix, host Adam Firman speaks with Brent Jordan, a Crime and Intelligence Analyst Manager at the San Diego County Sheriff's Office. They discuss Brent's career path, the daily responsibilities of a crime analyst, the integration of AI in law enforcement, and the challenges faced in digital forensics. Brent shares valuable insights on the importance of training, patience, and continuous learning in the field, as well as his personal interests outside of work.TakeawaysBrent emphasizes the importance of having the right tools for analysts.AI is seen as a powerful tool but comes with responsibilities.Law enforcement often lags...
Forensic Fix Episode 16
TakeawaysThe well-being and welfare of officers and staff dealing with child sexual abuse cases is the greatest challenge in law enforcement.Technology companies need to prioritize child protection and invest in preventing abuse rather than just identifying and reporting it.The internet has transformed child abuse in a negative way, but it also allows for global collaboration and the sharing of best practices.Forensic companies can assist law enforcement by providing fast and accurate digital forensic analysis, developing safety by design in technology, and implementing global hash databases.Frontline officers should not be exposed to child sexual abuse material, and technology should be used...
Forensic Fix Episode 15
Celebrating Success: The Annual Gala of Child Rescue CoalitionRecognizing Excellence: Awards for Instructors and InvestigatorsChild Rescue Coalition (CRC) is a nonprofit organization that rescues children from sexual abuse by providing technology to law enforcement agencies free of charge.CRC's technology helps identify, arrest, and prosecute child predators, as well as rescue innocent children from sexual abuse and exploitation.Collaboration and support from individuals, organizations, and law enforcement agencies are crucial in the fight against child sexual exploitation.CRC's gala is an opportunity to celebrate the accomplishments of the organization and raise funds to continue providing their technology for free to law enforcement.The gala...
Forensic Fix Episode 14
In this episode, Adam Firman is joined by Matthew Sorell from Digital Forensic Sciences Australia.Matthew is also a professor at the Talinn university of Estonia and honoree consul for the Republic of Estonia in Australia.The pair discuss what is involved in digital forensics, what is involved in lecturing and some exciting projects that Matthew has been working on.You can connect or follow Matthew by visiting his LinkedIn page Matthew Sorell | LinkedInThe show is finished off by hearing what Matthew gets up to with his spare time, it will certainly ring your bell!Thank you for listening to Forensic Fix -...
Forensic Fix Episode 13
In this episode, Adam Firman is joined by Holly Grace Williams from Akimbo Core.Holly Grace founded Akimbo Core in January 2021 and the company offers penetration testing, security hardening, and cyber security training.The pair discuss what is involved in pen testing, career advice for those wishing to establish themselves in this cyberspace, and discuss Holly Grace's background of how she ended up as company founder of Akimbo Core.You can connect or follow Holly Grace at her LinkedIn page Holly Grace Williams | LinkedInYou can view the services offered by Akimbo Core by visiting their site Akimbo Core | Penetration Testing,...
Forensic Fix Episode 12
In this episode, Adam Firman is joined by Debbie Garner, Retired ICAC Commander from the Georgia Bureau of Investigation (GBI) in the US, Debbie has been working in the Law Enforcement world for 33 years so she has a wealth of experience within this industry and shares the highs and lows of what is an extremely challenging but rewarding career.Debbie shares her insights and thoughts into the dark world of child exploitation and explains how even when retired from Law Enforcement she is continuing to combat child exploitation via a variety of working methods such as being a founding board...
Forensic Fix Episode 11
In this episode, Adam Firman is joined by Jen Hoey from 'Not my kid', they discuss some of the day to day work being done by Jen to help educate others around the dangers of online activity for childrenThe pair discuss the political and financial gains that are being made instead of focusing on keeping our children safe when online.Jen reveals what she sees as the biggest challenges that face parents and carers when dealing with keeping children safe online.And to finish off Jen answers the question set by the last guest on Forensic Fix.A really thought provoking episode and...
Forensic Fix Episode 10
In this episode, Adam Firman is joined by one of his old colleagues Jim Metcalfe from X-Ways Forensics, they discuss some of the day to day work being done by Jim to make training fun and how he adds his own sense of humor to the courses along with Jim's background and how he got into this industry.The pair discuss the current challenges that faces digital forensic examiners and Jim offers some sterling advice for those new or those considering a career in the industry.Jim reveals what he sees as the biggest challenges that face forensic examiners today and how...
Forensic Fix Episode 9
In this episode, Adam Firman is joined by the legend that is Kevin Delong from Cyber Social Hub, they discuss some of the day to day work being done to make CSH function along with Kevin's background and how he got into this industry.The pair discuss the current challenges that faces digital forensic examiners and Kevin offers some sterling advice for those new or those considering a career in the industry.Kevin reveals details about the forthcoming Cyber Social Con which is a free online conference that will be full of great speakers and extremely informative presentations sharing the latest and...
Forensic Fix Episode 8
In this episode, Adam Firman is joined by old friend Phil Cobley from Control F, they discuss some of the day to day work being done by Phil at Control F and his background and how he got into this industry.This was a reminiscent episode where the pair discussed their previous podcast ventures of Chewing the FAT and Forensics Reformatted, they discuss the latest industry news along with tips and advice for newcomers to the industry. A truly laugh out laugh episode and for the previous listeners of their podcasts the audience will feel right at home with Adam and...
Forensic Fix Episode 6
In this episode, Adam Firman is joined by retired Police Officer Derek Frawley, where he served as a digital forensic examiner for Kingston Police, Canada. Derek is a recognized digital forensic examiner who has been involved with high profile cases in Canada so has a wealth of experience within this industry and shares the highs and lows of what is an extremely challenging but rewarding career. Its definitely a podcast thats got it all! Give it a listen.
Forensic Fix Episode 5
In this episode, Adam Firman is joined by Tom Farrell QPM and Jesse Nicholson from SafeToNet, they discuss some of the groundbreaking work being done by SafeToNet along with their backgrounds and how they both got into this industry. Topical debate around the digital forensic industry and how progress is being made against the constant battle of combatting CSAM material on the Internet and the mental welfare of those who deal with it on a daily basis. A truly inspiring episode which demonstrates the constant work that is being researched and implemented to make the world a safer place,
Forensic Fix Episode 4
In this episode, Adam Firman is joined by Special Agent Austin Berrier, Homeland Security in the US, Austin has been working in child exploitation for 20 years and has been awarded the lifetime achievement award from the Child Rescue Coalition, the Assistant General's Distinguished Service Award so has a wealth of experience within this industry and shares the highs and lows of what is an extremely challenging but rewarding career. Its definitely a podcast thats got it all! Give it a listen.
Forensic Fix Episode 3
In this episode, Adam Firman is joined by DS Scott Ballantyne from ARGOS, Queensland Police - ARGOS, is a team of experts dedicated to countering child exploitation based in Queensland, Australia. DS Ballantyne has been involved in child protection since 2009 so has a wealth of experience within this industry and shares the highs and lows of what is an extremely challenging but rewarding career. Its definitely a podcast thats got it all! Give it a listen.
Forensic Fix Episode 2
In this episode, Adam Firman is joined by Andrew Lister, Managing Director of Detego Global, a leading UK company that offers digital forensics, case management, and endpoint monitoring solutions trusted by the military, law enforcement teams, and intelligence agencies around the world. Andrew Lister is an ex Royal Marine, ex UK Special Forces team leader, who has now amassed over a decade worth of experience in the corporate space. At Detego, Andrew leads his team in providing critical technology that is paramount for countering terrorism, child abuse, narcotics, human trafficking, blackmail, war crimes, gang crime, and much more. In an...
Forensic Fix Episode 1
Episode 1 of Forensic Fix from MSAB features special guest DS Jason Cullum from Northamptonshire Police, in the UK. Hosted by Tech Evangelist Adam Firman, the pair discuss how Jason got into the field of Digital Forensics along with current issues that face the industry, recommendations for people looking to get into DFIR and a general chat about Mobile Forensics.
Forensic Fix Trailer
Welcome to Forensic Fix from MSAB, a podcast hosted by Tech Evangelist Adam Firman.The podcast will see Firman sitting down with guests from the industry to discuss the latest Digital Forensic news, current issues that the industry faces and some guidance for those new and old to the industry.
Hacking Humans
Who is winning the scam game?
This week, hosts of N2K CyberWire Maria VarmazisandDave Bittner alongside Joe Carrigan are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. If you thought you could escape chicken talk, you we're wrong, this week Joe shares some more updates on his chickens. Joes got two stories this week, one on a New Jersey man arrested while attempting to collect $800,000 in gold as part of a widespread scam targeting elderly victims, and the second is on a new Google-tracked threat group using social engineering and phishing tactics to infiltrate BPOs and steal...
Service Set Identifier (SSID) (noun) [Word Notes]
Please enjoy this encore of Word Notes.
The nameof awirelessaccess point.
CyberWire Glossary link.
Audio reference link: SSID Management - CompTIA Security+ SY0-401: 1.5, Professor Messer, uploaded August 3rd, 2014.
When opportunity knocks, dont answer.
This week, hosts of N2K CyberWire Maria VarmazisandDave Bittner alongside Joe Carrigan are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Your favorite follow up story is back, this time Sue from Australia discusses why Joes hen is losing feathers. Daves story is on a sophisticated LinkedIn phishing scam that tricks professionals with fake notifications and counterfeit login pages to steal credentials. Joe discusses a bizarre Everest scam where climbers and Sherpas were targeted with fake rescue schemes, highlighting the surprisingly high number of visitors versus summiters. Maria has the story of...
Whos logging in? [OMITB]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by her co-hostsN2KNetworksDave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we discuss...
Advanced Encryption Standard (AES) (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A U.S. Government specification for data encryption using an asymmetric key algorithm.
CyberWire Glossary link: https://thecyberwire.com/glossary/advanced-encryption-standard
Audio reference link: papadoc73. Claude Debussy: Clair De Lune. YouTube, YouTube, 6 Oct. 2008.
The fine print of fraud.
This week, Maria Varmazis and Joe Carrigan, joined by friend of the show Michele Kellerman, dig into the latest social engineering scams, phishing schemes, and criminal exploits making headlines. Dave Bittner is tied up covering RSA, but will be back next week. First up, a follow-up from listener Bruce, who was hit with hundreds of spam emails in what looks like a subscription bombing attack, overwhelming Googles filters before tapering off; his local hospital saw an even bigger wave, showing how alarming these attacks can be for seniors and other vulnerable users.Joes got the story of the UK sanctioning Xinbi,...
The evolving face of AI deepfakes.
This week, hosts of N2K CyberWire Maria VarmazisandDave Bittner alongside Joe Carrigan are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up on what else? Joe's chickens! Oh Dottie! And he also shares a fun LinkedIn translator from Kagi. Dave shares a site that writes phishing emails to your chosen targets including famous and fictional people to helps users learn what to look for in phishing attempts. Maria discusses a new spin on pig butchering scams to recruit people to be AI face models and use them...
When AI wears a suit and tie.
This week, hosts of N2K CyberWire Maria VarmazisandDave Bittner alongside Joe Carrigan are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up on aggravated identity theft and how it ties to crimes like wire fraud, along with a quick look at shared mailboxes and why sharing login credentials can create security risks. Joes got the story of a vishing attack on an Ericsson vendor that exposed sensitive data of over 15,000 people, highlighting the risks of third-party security gaps. Daves story is on Meta removing millions of...
Domain Naming System (DNS) (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A system that translates text-based URLs to their underlying numerical IP addresses.
CyberWire Glossary link: https://thecyberwire.com/glossary/domain-name-system-dns
Audio reference link: HistoryHeard. History Heard: Paul Mockapetris. YouTube, YouTube, 5 Apr. 2009.
Defending against unlimited penalty shots. [Hacking Humans Live!]
This week, hosts of N2K CyberWire Maria VarmazisandDave Bittner head to Orlando to attend ThreatLocker's Zero Trust World 2026 (ZTW). There, they discussed the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe Carrigan was unable to join the team, but they have a very special guest, host of the BowTieSecurityGuy After Dark podcast, Rob Whetstine. He is one of the featured speakers this week at Zero Trust World, and he shared experiences from his career at companies like Disney and highlights from his ZTW presentation on Phishing. Maria's story involves a Maine Supreme...
Pretexting (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A social engineering technique in which a threat actor poses as a trusted person or entity in order to trick the victim into disclosing information or performing an action that benefits the attacker.
CyberWire Glossary link: https://thecyberwire.com/glossary/pretexting
Audio reference link: Batch Pin Hurt Charlize Theron Skin | the Italian Job (2003) Movie Scene. YouTube, YouTube, 22 Nov. 2016.
Identity theft gets a raise.
This week, hosts of N2K CyberWire Maria VarmazisandDave Bittner alongside Joe Carrigan are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. For our follow up this week we get an update Merriam-Webster dictionary for Joe, and listener Michael Amezquita suggested that customizable ChatGPT personality settings may explain why Joe and Dave received different responses on Hacking Humans. Dave shares reporting on a Binary Defense case where attackers used social engineering and a help desk reset to hijack a physicians identity and reroute payroll deposits through a trusted internal system without triggering security...
Web Application Firewall (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A layer seven firewall designed to block threats at the application layer of the open system interconnection model, the OSI model.
CyberWire Glossary link: https://thecyberwire.com/glossary/web-application-firewall
Audio reference link: VCF East 9.1 - Ches' Computer Security Adventures - Bill Cheswick. YouTube, 29 Dec. 2015, https://youtu.be/trR1cuBtcPs.
AI ate my homework.
This week, hosts of N2K CyberWire Maria VarmazisandDave Bittner alongside Joe Carrigan are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Marias story covers a BBC experiment by Thomas Germain showing how easily major AI tools like ChatGPT and Googles Gemini repeated a completely fabricated claim he posted online, highlighting what experts call a renaissance for spam as SEO-style manipulation resurfaces in the age of AI. Daves story examines Elizabeth Chamblee Burchs book The Pain Brokers, which details how women with pelvic mesh implants were allegedly cold-called and steered into surgeries as...
COBIT (noun) [Word Notes]
Please enjoy this encore of Word Notes.
An IT governance framework developed by ISACA.
CyberWire Glossary link: https://thecyberwire.com/glossary/cobit
Audio reference link: isacappc. How Do You Explain Cobit to Your Dad or Your CEO? YouTube, YouTube, 24 Aug. 2016, https://www.youtube.com/watch?v=EYATVkddIyw.
The voice on the other end.
This week, hosts Maria Varmazis(also host of theT-MinusSpace Daily show),Dave Bittner and Joe Carrigan are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We have some follow up where Joe shares a scam call he received. Daves got the story on a sophisticated phishing campaign targeting Apple Pay users through fake emails and voice calls impersonating customer support, as well as Australias ClickFit initiative warning that romance scammers are exploiting trust online for emotional and financial gain. Joes story is about a former Ohio bank employee who used his insider access to...
Security Service Edge (SSE) (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A security architecturethat incorporatesthe cloudshared responsibility model,a vendor providedsecurity stack,and network peeringwith one or moreof the big content providersand their associatedfiber networks.
CyberWire Glossary link: https://thecyberwire.com/glossary/security-service-edge
Audio reference link: Netskope (2022). What is Security Service Edge (SSE). YouTube. Available at: https://www.youtube.com/watch?v=Z9H84nvgBqw [Accessed 21 Oct. 2022].
Love was the hook.
This week, hosts Maria Varmazis(also host of theT-MinusSpace Daily show),Dave Bittner and Joe Carrigan are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Dave sits down with Simon Horswell, a Senior Fraud Specialist at Entrust discussing evolving romance scams for Valentine's Day. We have some follow up on chickens and a listener write-in, with a quick note on the backyard chicken trend and a closer look at a Bank of America fraud text that looked like a phish. Marias story follows an alleged Dubai Crown Prince scam that drained nearly 3 million...
Domain spoofing (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A social engineering tactic in which hackers build a malicious domain to mimic a legitimate one.
CyberWire Glossary link: https://thecyberwire.com/glossary/domain-spoofing
Audio reference link: Mission Impossible Fallout - Hospital Scene. YouTube, YouTube, 8 Oct. 2018,
Trust me, Im legit.
This week, while Maria Varmazis(also host of theT-MinusSpace Daily show) is out at a conference, hostsDave Bittner and Joe Carrigan are joined by friend of the show Michele Kellerman, as they are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Our hosts start with some follow-up on Joes egg story, including his latest update and a brief detour into unexpected big chicken news. Joes story is on a massive USDA loan fraud scheme where Nikesh Patel fabricated fake government-backed farm loans, duped investment firms out of hundreds of millions of dollars, and...
When legit is the trick: Phishings sneaky new moves. [OMITB]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by her co-hostsN2KNetworksDave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts...
Secure Web Gateway (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A layer seven firewall that sits in line at the boundary between the internet and an organization's network perimeter that allows security policy enforcement and can perform certain prevention and detection tasks.
CyberWire Glossary link: https://thecyberwire.com/glossary/secure-web-gateway
Audio reference link: Vintage Computer Federation (2015). VCF East 9.1 - Ches Computer Security Adventures - Bill Cheswick. YouTube. Available at: https://www.youtube.com/watch?v=trR1cuBtcPs.
Cold weather, hot scams.
This week, hostsDave Bittner, Joe Carrigan, and Maria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe has two stories this week, starting with scammers cashing in on a Verizon outage by luring customers with fake credits, and ending with a rare cybercrime comeback as a woman who lost nearly $1 million gets her money back and then some. Daves story looks at scammers cashing in on the Ozempic and GLP-1 craze, as Wisconsin consumers lose hundreds of dollars to fake weight loss drugs, deepfake...
Indicators of Compromise (noun) [Word Notes]
Please enjoy this encore of Word Notes.
Digital evidencethat a systemor networkhas been breached.
CyberWire Glossary link: https://thecyberwire.com/glossary/indicator-of-compromise
Audio reference link: Suicide or Murder? | The Blind Banker | Sherlock, uploaded by Sherlock, 18 October 2015
Scammers gonna scam.
This week, hostsDave Bittner, Joe Carrigan, and Maria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe share's another chicken update for us, this time from Werner Herzog. Daves got a story from a listener named Tim, an IRS Criminal Investigation agent, who explains that real CI agents may contact people unannounced and can verify themselves in person, but if anyone asks for gift cards or crypto, its definitely a scam. Maria has the story on how attackers are abusing real SendGrid accounts to send...
Intrusion Detection System (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A system that monitors for malicious or unwanted activity, and either raises alerts when such activity is detected or blocks the traffic from passing to the target.
CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-detection-system
Audio reference link: Network Intrusion Detection and Prevention - CompTIA Security+ SY0-501 - 2.1, Professor Messer, uploaded 16 November, 2017
When a scammer meets the Force.
This week, whileMaria Varmazis(also host of theT-MinusSpace Daily show) is out, our hostsDave Bittner and Joe Carrigan are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe starts us off with a chicken update. Joes story is on CrowdStrikes 2025 Global Threat Report, which reveals faster-than-ever breakout times, a surge in vishing and initial access attacks, widespread abuse of valid accounts, and a growing shift toward malware-free intrusions as adversaries become more numerous and sophisticated. Daves got the story on how pig-butchering romance scams are industrialized, detailing Reuters reporting on cyberfraud gangs...
MFA prompt bombing (noun) [Word Notes]
Please enjoy this encore of Word Notes.
Hackers bypass, multifactor authentication schemes by sending a blizzard of spamming login attempts until the accounts owner accepts the MFA prompt out of desperation to make the spamming stop.
CyberWire Glossary link: https://thecyberwire.com/glossary/mfa-prompt-bombing
Audio reference link: movieclips. Sneakers (2/9) Movie Clip - Defeating the Keypad (1992) HD. YouTube, YouTube, 29 May 2011, https://www.youtube.com/watch?v=oG5vsPJ5Tos.
It's just too good to be true.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up on a big honor for Dave, recognized by SANS as a Difference Maker in Mediaplus a quick chicken update, a newly named rooster, and construction officially getting underway on the new run. Maria has the story on a congressional warning about a surge in winter holiday travel scams, as fake booking sites and airline impersonators drive millions in losses during peak travel season....
Poisoned at the source. [OMITB]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by her co-hostsN2KNetworksDave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we dive...
Apple Lockdown Mode (noun) [Word Notes]
Please enjoy this encore of Word Notes.
An optional security mode for macOS and iOS that reduces the attack surface of the operating system by disabling certain commonly attacked features.
CyberWire Glossary link: https://thecyberwire.com/glossary/apple-lockdown-mode
Audio reference link: How NSO Groups Pegasus Spyware Was Found on Jamal Khashoggis Fiances Phone, FRONTLINE, YouTube, 18 July 2021.
Hot sauce and hot takes: An Only Malware in the Building special.
While our team is out on winter break, please enjoy this episode of Only Malware in the Building. Welcome in! Youve entered, Only Malware in the Building but this time, its not just another episode. This is a special edition you wont want to miss. For the first time, our hosts are together in-studio and theyre turning up the heat. Literally. Join Selena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED, along with N2KNetworksDave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel, as they take on a fiery hot wings challenge while answering personal...
Simulated Phishing (noun) [Word Notes]
While our team is out on winter break, please enjoy this episode of Word Notes.
A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks.
CyberWire Glossary link: https://thecyberwire.com/glossary/simulated-phishing
Audio reference link: Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips. YouTube, YouTube, 19 Apr. 2017.
Scammers are recruiting.
While our team is out on winter break, please enjoy this episode of Hacking Humans This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a scam warning from Michal, who is sharing the latest conference scam. Dave's got the story of a retired federal investigator who mapped out the Scammer Psychological Kill Chain and shared rules to help you spot and break it. Maria has the story of job scams surging over 1,000% in 2025,...
Sideloading (noun) [Word Notes]
Please enjoy this encore of Word Notes.
The processof installingapplicationson a devicewithout the useof officialsoftwaredistribution channels.
CyberWire Glossary link: https://thecyberwire.com/glossary/sideloading
Trust no link, my darling.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. In follow-up this week, we waded into murky legal waters with a fish-demeanor pun thats now swimming rent-free in our heads, then pivoted to some surprisingly practical home-network wisdomsegregating IoT devices before they take over your Wi-Fi (and your sanity). Joe looks at how Google is taking a dual approach to fighting scamssuing to dismantle the Lighthouse phishing operation while backing bipartisan legislation and rolling out AI tools to...
Microsegmentation (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A zero trust security technique that isolates application workloads from each other, allowing each one to be protected individually.
CyberWire Glossary link: https://thecyberwire.com/glossary/microsegmentation
Audio reference link: Micro-Segmentation Masterpieces, PJ Kirner, Illumio CTO and Co-Founder, Tech Field Day, YouTube, 13 December 2020.
Dont let public ports bite.
This week, our hosts Dave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with another chicken update for everyone. Daves got the story of a Monotype font-licensing shakedown that totally backfired automated claims, mass messages, and scary warnings that all unraveled when a typography-savvy employee proved every allegation was wrong, leaving Monotype empty-handed. Joes story is on a massive Walmart robocall scam targeting millions of customers. Fake calls, using AI voices claiming a pricey PlayStation 5 order, tricked people...
Homograph phishing (noun) [Word Notes]
Please enjoy this encore of Word Notes.
The use of similar-looking characters in a phishing URL to spoof a legitimate site.
CyberWire Glossary link: https://thecyberwire.com/glossary/homograph-phishing
Audio reference link: Mission Impossible III 2006 Masking 01, uploaded by DISGUISE MASK, 28 July 2018.
A fish commits credit card fraud (inadvertently).
This week, our hosts Dave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up from listener John Helt having some chicken withdrawal, Foghorn Leghorn excluded. You are welcome, John, you now have your chicken updates! And, we share how a fish went shopping. Maria shares some research (including her own) on using AI chatbots to phish the elderly. Joes got two stories today. First up, he talks about the Myanmar army continuing their raids on scam...
Anti-cheat software (noun) [Word Notes]
Please enjoy this encore of Word Notes.
Software designed to prevent cheating in video games.
CyberWire Glossary link: https://thecyberwire.com/glossary/anti-cheat-software
Audio reference link: The BIG Problem with Anti-Cheat, by Techquickie, YouTube, 5 June 2020
Yippee-ki-yay, cybercriminals! [OMITB]
Welcome in! Youve entered, Only Malware in the Building. Wrap yourself in a warm blanket, pour your favorite mug of tea, and join us each month as we unwrap the seasons juiciest cyber mysteries. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by her co-hostsN2KNetworksDave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts...
Nice to meet you, I'm a scammer.
Please enjoy this encore of Hacking Humans. On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. Our hosts discuss and ponder whether or not diamonds are the original cryptocurrency, as well as diving further into Yubikeys for organizations. Maria shares the story of a 66-year-old woman who lost her $2 million retirement savings to a romance scam on Match.com, highlighting the...
Pseudoransomware (noun) [Word Notes]
Please enjoy this encore of Word Notes.
Malware, in the guise of ransomware, that destroys data rather than encrypts.
CyberWire Glossary link: https://thecyberwire.com/glossary/pseudoransomware
Audio reference link: Some Men Just Want to Watch the World Burn | the Dark Knight, by YouTube, 2 November 2019.
Lost iPhone, found trouble.
This week, our hosts Dave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up on China sentencing five members of a violent Kokang-based gang to death for running brutal scam compounds in Myanmar. And in related news, China has also extradited alleged scam kingpin She Zhijiang, a major figure behind one of Southeast Asias largest fraud hubs, as Beijing intensifies its crackdown on global cyber-fraud networks. Listener Jon reports a new twist on sextortion, where scammers...
Trusted Platform Module (TPM) (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A browser configuration controlthat preventsaccessing resourceswithina private network.
CyberWire Glossary link: https://thecyberwire.com/glossary/trusted-platform-module
Audio reference link: TPM (Trusted Platform Module) - Computerphile, Computerphile, 23 July 2021
Tap, payand prey.
This week, our hosts Dave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some big chicken news from Joe! Daves story is on Metas internal documents revealing it projected up to 10% of its 2024 revenue, worth billions, would come from fraudulent or banned ads across its platforms. Maria has the story on how Howler Cell at Cyderes uncovered a systemic Bring Your Own Updates risk in Windows updaters, where attackers can hijack trusted, signed update clients like...
Private Network Access (PNA) (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A browser configuration controlthat preventsaccessing resourceswithina private network.
CyberWire Glossary link.
Audio reference link: Chrome Limits Access to Private Networks, by Daniel Lowrie, ITProTV, YouTube, 19 January 2022.
Seniors in scam crosshairs.
This week, our hosts Dave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up, listener Jay shared how Robinhood tackled a $25.4 billion phone scam problem with a simple fixa bright yellow in-call banner that warns users, Were not calling you. If the caller says theyre from Robinhood, theyre nothang up. Meanwhile, Myanmars military blew up a major online scam center at KK Park, forcing over 1,500 people to flee into Thailand. Listener JJ reminds us its...
Web 3.0 (noun) [Word Notes]
Please enjoy this encore of Word Notes.
The potential next evolution of the worldwide web that decentralizes interaction between users and content away from the big silicon valley social media platforms like Twitter, Facebook, and YouTube, and towards peer-to-peer interaction using blockchain as the underlying technology.
CyberWire Glossary link: https://thecyberwire.com/glossary/web-30
Audio reference link: What Elon Musk Just Said about Metaverse, Web3 and Neuralink, By Clayton Morris, Crypto News Daily, YouTube. 2 December 2021.
Pass the intel, please. [OMITB]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by her co-hostsN2KNetworksDave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore...
The Malware Mash!
Happy Halloween from the team at N2K Networks! We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video here. Lyrics I was coding in the lab late one night when my eyes beheld an eerie sight for my malware threat score began to rise and suddenly to my surprise... It did the Mash It did the Malware Mash The Malware Mash It was a botnet smash It did the Mash It caught on 'cause of Flash The Malware Mash It did the Malware Mash From the Stuxnet worm squirming toward...
Beware the boo-gus giveaway.
This week, our hosts Dave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. In our follow up, our hosts respond to a listener who wrote in with an insightful question about the role of wealth in scam susceptibility. Joe's story covers how a fake AI recruiter lures developers with a GitHub technical assessment that, when run, unleashes a five-stage malware chain to steal credentials, wallets, and install persistent backdoors. Maria has the story on a Halloween-themed phishing scam that lured victims...
Please enjoy this encore of Word Notes.
A set of solutions for ensuring that the right users can only access the appropriate resources.
CyberWire Glossary link: https://thecyberwire.com/glossary/identity-and-access-management
Audio reference link: The Wrath of Khan (1982) Kirks Response, by Russell, YouTube, 16 May 2017.
Liar, liar, AI on fire.
This week, while Dave Bittner is on vacation, hosts Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Users are reporting a potential new Signal scam involving fake in-app messages posing as official support, though Signal confirms it never contacts users first and only communicates via Signal email addresses. Joes story is on South Korea targeting Cambodias scam industry after reports of kidnappings, torture, and a death, as officials crack down on criminal groups luring citizens into forced online fraud operations across Southeast...
Policy Orchestration (noun) [Word Notes]
Please enjoy this encore of Word Notes.
The deployment of rules to the security stack across all data islands, cloud, SaaS applications, data centers, and mobile devices designed to manifest an organization's cybersecurity first principle strategies of zero trust, intrusion kill chain prevention, resilience, and risk forecasting.
CyberWire Glossary link: https://thecyberwire.com/glossary/policy-orchestration
Audio reference link: The Value of Using Security Policy Orchestration and Automation, by David Monahan, uploaded by EMAResearch, 3 April, 2018
Scams that steal more than money.
This week, our hosts Dave Bittner , Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Dave's story is on how older aspiring models like Judy were scammed into paying hundreds for fake photoshoots, and how to avoid falling for similar tricks. Joes got the story of how Bitcoin ATMs are being exploited by scammers, costing Americans millions and targeting mostly older victims. Maria's got the story of a rapidly spreading WhatsApp Vote for My Child scam across Europe that hijacks accounts and...
Abstraction layer (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A process of hiding the complexity of a system by providing an interface that eases its manipulation.
CyberWire Glossary link: https://thecyberwire.com/glossary/abstraction-layer
Audio reference link: What Is Abstraction in Computer Science, byCodexpanse, YouTube, 29 October 2018.
The text trap tightens.
This week, our hosts Dave Bittner , Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Listener Chad wrote in after hearing an episode to share that he received a suspicious call that sounded like a prison-related scam. Marias story is on a new Consumer Reports study revealing a surge in texting and messaging scams, with young adults hit hardest and major disparities in who loses money. Joe covers the story on YouTuber Tai Lopez famous for his here in my garage videos...
When malware goes bump in the night.
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by her co-hostsN2KNetworksDave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this spooky special episode,...
Identity Fabric (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A set of services for managing identity and access management, or IAM across all of an organization's data islands.
CyberWire Glossary link: https://thecyberwire.com/glossary/identity-fabric
Audio reference link: Leadership Compass Identity Fabrics - Analyst Chat 126, by KuppingerCole, YouTube, 30 May 2022.
Lock your doors and check your URLs.
This week, our hosts Dave Bittner , Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with a celebration of Cybersecurity Awareness Month. Joe's story is on how the North Wales Police are warning cryptocurrency holders after a victim lost 2.1 million in Bitcoin to a highly targeted scam, where criminals posing as police used a fake security breach story to trick them into entering their password on a fraudulent site. Dave has two stories this week, the first one...
Intrusion Kill Chain (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A cybersecurity first principle strategy focused on disrupting known adversary activity at one of several phases of an attack sequence.
CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-kill-chain
Audio reference link:"Cybersecurity Days: A Network Defender's Future," by Rick Howard, Integrated Cyber Conference, Integrated Adaptive Cyber Defense (IACD), YouTube, 26 October 2018.
The new weapon in text scams.
This week, whileDave Bittner is out, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Listener Daniel shares a follow-up where scammers exploited details from a Texas car accident to pose as claim assistants, highlighting the importance of working only with your insurance or official state agencies. Joe follows the story of Iowa authorities uncovering a nationwide texting scam run from inside a Georgia prison, and a Cincinnati man pleading guilty to stealing over $2 million through dating app fraud. Maria covers two...
Identity Orchestration (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A subset of security orchestration, the management of identities across an organization's set of digital islands.
CyberWire Glossary link: https://thecyberwire.com/glossary/identity-orchestration
Scammers are recruiting.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a scam warning from Michal, who is sharing the latest conference scam. Dave's got the story of a retired federal investigator who mapped out the Scammer Psychological Kill Chain and shared rules to help you spot and break it. Maria has the story of job scams surging over 1,000% in 2025, as scammers exploit a slowing labor market and desperate jobseekers with fake offers, texts, and...
Diamond Model (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A cyber threat intelligence analysis model that defines relationship pairs between four core components in the shape of a diamond of adversary playbook activity across the intrusion kill chain: the adversary, their capability, the infrastructure used or attacked, and the victim.
CyberWire Glossary link: https://thecyberwire.com/glossary/diamond-model
Audio reference link:Diamond Presentation v2 0: Diamond Model for Intrusion Analysis Applied to Star Wars Battles, Andy Pendergrast and Wade Baker, ThreatConnect, YouTube, 4 February 2020.
How little data reveals a lot.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Maria's story is on her recent close encounter with a Facebook scam. Dave's story is on a new strain of spyware that automates sextortion by detecting when users watch pornography, then secretly capturing both browser screenshots and webcam photos to blackmail victims. Joe's story is on the power of metadata, sharing how even limited browsing data from his machine learning class revealed personal details like daily routines, house hunting,...
MITRE ATT&CK (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A knowledge base of adversary tactics, techniques, and procedures established and maintained by the MITRE Corporation.
CyberWire Glossary link: https://thecyberwire.com/glossary/mitre-attck
Audio reference link:Attack Frameworks - SY0-601 CompTIA Security+ : 4.2, Professor Messer, YouTube, 29 April 2021.
When your AI gets scammed.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. This weeks follow-up brings two gems: a smart tip from a listener on handling suspicious bank calls by asking the caller to leave a note on your account, then verifying directly with your bank. Plus, a delightful story about Chicken Camp, where trainers hone their skills by teaching chickens tricksproof that maybe one day a chicken-driven tractor isnt such a far-fetched idea! Joe's story is on YouTube scam-baiters who...
Hot sauce and hot takes: An Only Malware in the Building special. [OMITB]
Welcome in! Youve entered, Only Malware in the Building but this time, its not just another episode. This is a special edition you wont want to miss. For the first time, our hosts are together in-studio and theyre turning up the heat. Literally. Join Selena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED, along withN2KNetworksDave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel, as they take on a fiery hot wings challenge while answering personal questions about themselves, their careers, and the stories that shaped them. Think youve seen them tackle malware mysteries before?...
DevOps (noun) [Word Notes]
Please enjoy this encore of Word Notes.
The set ofpeople,process,technology,and cultural normsthat integratessoftware developmentand IT operationsintoa system-of-systems.
CyberWire Glossary link: https://thecyberwire.com/glossary/devops
Audio reference link: "10+ Deploys Per Day: Dev and Ops Cooperation at Flickr," by John Allspaw and Paul Hammond, Velocity 09, 25 July 2009.
Social engineering served sunny-side up.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up, this time involving a surprising new flock of chickens and a listener note from Belgium. Via Peter Janssen, as hes seen the same fake employee discount scams we covered, only this time targeting backpacks and other products. Dave's story is on a new podcast imposter scam, where fake invites trick business owners and influencers into giving remote access so attackers can hijack their...
Waterfall Software Development Method (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A software development model that relies on a series of sequential steps that flow into each other, like a series of waterfalls.
CyberWire Glossary link: https://thecyberwire.com/glossary/waterfall-software-development
Audio reference link: Creating Video Games - Agile Software Development, by Sara Verrilli, MIT OpenCourseWare, YouTube, 10 December 2015
Scammers hit the right notes in the wrong way.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up from Chris Martin, a long-time listener and fan of the show. Chris shares that his employer uses Hoxhunt for cybersecurity awareness training and came across a fun gem worth mentioning. Next, Jay writes in with a heads-up about a scam running in large cities. Criminals are reportedly sticking phones to desirable cars and then using the tracking features to show up at victims...
Agile Software Development Method (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A software development philosophy that emphasizes incremental delivery, team collaboration, continual planning, and continual learning
CyberWire Glossary link: https://thecyberwire.com/glossary/agile-software-development
Audio reference link: "Velocity 09: John Allspaw and Paul Hammond, "10+ Deploys Pe," John Allspaw and Paul Hammond, 2009 Velocity Conference, YouTube, 25 June 2009.
This scam is now in session.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe's story is on WhatsApp rolling out new anti-scam tools, disrupting over 6.8 million scam-linked accounts, and partnering with experts to share tips on spotting and avoiding sophisticated cross-platform scams run by organized crime networks. Dave's got the story of how PharmaFraud a global network of fake online pharmacies scams consumers with counterfeit or dangerous medications, stealing money and personal data while putting health and safety at serious...
Pegasus (noun) [Word Notes]
Please enjoy this encore of Word Notes.
The flagship product of the controversial Israeli spyware vendor, the NSO Group, use for remotely hacking mobile devices, most notably iPhones, via zero-click exploits.
CyberWire Glossary link:https://thecyberwire.com/glossary/pegasus
Audio reference link:Cybersecurity beyond the Headlines: A Conversation with Journalist Nicole Perlroth, Kristen Eichensehr, and Nicole Perlroth, University of Virginia School of Law, YouTube, 14 February 2022
Yeti or not, its a scam.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up on an Arizona woman sentenced to over eight years in prison for running a laptop farm that helped North Korean IT workers pose as U.S. employees at hundreds of American companies, funneling over $17 million to Pyongyang through stolen identities and remote access. We also share an update on Joe's Profile picture. We start with Daves story on a Facebook scam falsely claiming...
Work from home, malware included. [OMITB]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by her co-hostsN2KNetworksDave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our three...
Please enjoy this encore of Word Notes.
An open source email authentication protocol designed to prevent emails, spoofing in phishing, business email compromise or BEC, and other email-based attacks.
CyberWire Glossarylink: https://thecyberwire.com/glossary/pegasus
Audio reference link:"Global Cyber Alliance's Phil Reitinger talks DMARC adoption" Global Cyber Alliances Phil Reitinger Talks DMARC Adoption. YouTube Video. YouTube, April 27, 2018
Click for a pay bump?
In this special episode of Hacking Humans, while Joe and Maria take a well-earned summer break, were joined by a special guest host: Rob Allen, Chief Product Officer at ThreatLocker. Rob dives into the tactics and profile of the cybercriminal group known as Scattered Spidera crew thats gained notoriety for its cunning use of social engineering over traditional hacking techniques. Known for being young, agile, and highly manipulative, Scattered Spider has successfully bypassed security measures not by breaking systems, but by fooling the people who use them. Tune in for a fascinating breakdown of how this group operates and what...
Shields Up (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A condition announcedby theUSCybersecurityand InfrastructureSecurity Agency(CISA) to draw attentionto a temporary periodof high alert,associated withexpectationof a connectedwave of cyberattackspromptedby eithera widespread vulnerabilityoran unusually activeand capablethreat actor.
CyberWire Glossary link: https://thecyberwire.com/glossary/shields-up
Audio reference link: Star Trek II Wrath of Khan - Reliant vs Enterprise; First Clash YouTube, YouTube, 11 Apr. 2015,
The delusional side of AI therapy.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We've got some follow-up from listener Kajetan, who recalled a run-in with a scammer in Paris posing as a mute fundraiserand says he performed a "miracle" by crossing out his name, prompting the supposedly mute woman to suddenly start yelling at him. Maria has the story on how small businesses in Toronto, like the family-run Souvlaki Hut and Pippins Tea Company, were shocked to discover that thieves exploited...
Software Assurance Maturity Model (SAMM) (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A prescriptiveopen sourcesoftware securitymaturity modeldesignedto guide strategiestailored toan organizationsspecific risks.
Audio reference link: "OWASPMSP - Pravir Chandra: Software Assurance Maturity Model (OpenSAMM)." by Pravir Chandra, OWASP MSP, 2009.
Its all glitter, no gold.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Our hosts share some follow-up, including a Rick Roll after the last episode. They also highlight a listener note from Evaldas in Lithuania, who explains that companies often use alternate domains for marketing emails to protect their main domains reputationso marking them as spam is actually expected. Joes got a story of a billion-dollar AI-fueled scam where criminals impersonate celebrities like Keanu Reeves and Kevin Costner to exploit...
Universal 2nd Factor (U2F) (noun) [Word Notes]
Please enjoy this encore of Word Notes.
An open standard for hardware authentication tokens that use the universal serial bus, or USB, near-field communications, or NFCs, or Bluetooth to communicate one factor in a two-factor authentication exchange.
Cyberwire Glossary link: https://thecyberwire.com/glossary/u2f
Audio reference link: Rise of the Machines: A Cybernetic History, by Thomas Rid, Published by W. W. Norton Company, 21 November 2017.
Convinced, compromised, and confirmed.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a ton of follow-upfrom a sextortion scam that triggered a bot frenzy on Facebook, to sandboxed scam-baiting with fake credit cards, to a surprise magazine subscription that may or may not involve chicken gods. Plus, one listener wonders: do people really know what a strong password is? Daves story is on a massive China-linked scam where hackers are spoofing big-name retail websiteslike Apple, PayPal, and...
adversary group naming (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A cyber threat intelligence best practice of assigning arbitrary labels to collections of hacker activity across the intrusion kill chain.
Brushed aside: The subtle scam you didn't order.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up, as Joe shares with us a complaint he has with Vanguard. Marias story is on McAfees latest research revealing that one in five Americans has fallen for a travel scamoften losing hundreds of dollarsdespite many trying to stay vigilant, as scammers use fake websites, AI-altered photos, and phishing links to exploit deal-seeking travelers. Joes got two stories this week: the first one...
BSIMM (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A descriptive model that provides a baseline of observed software security initiatives and activities from a collection of volunteer software development shops.
CyberWire Glossary link: https://thecyberwire.com/glossary/bsimm
Audio reference link: OWASP AppSecUSA 2014 - Keynote: Gary McGraw - BSIMM: A Decade of Software Security. YouTube Video. YouTube, September 19, 2014.
The RMM protocol: Remote, risky, and ready to strike. [Only Malware in the Building]
Please enjoy this encore of Only Malware in the Building. Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined byN2KNetworksDave Bittner and our newest co-host, Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the...
The many faces of fraud.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from listener Abdussobur, who wonders if a pair of suspicious text messagesone sent to his wife and another to him with a nearby addresscould be the result of a data breach. Joe's story is on a surge of financial aid fraud where identity thieves, often using AI chatbots as ghost students, are enrolling in online college courses to steal federal fundsleaving real people...
OWASP vulnerable and outdated components (noun) [Word Notes]
Please enjoy this encore of Word Notes.
Software libraries, frameworks, packages, and other components, and their dependencies (third-party code that each component uses) that have inherent security weaknesses, either through newly discovered vulnerabilities or because newer versions have superseded the deployed version.
Audio reference Link: "The Panama Papers: A Closer Look," Late Night with Seth Meyers, YouTube, 12 April 2016
Gold bars and bold lies.
Please enjoy this encore of Hacking Humans. On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First we start off with some follow up, our hosts share some more information on VIN swapping, and a clarification on bank participation in FinCEN. Maria shares a telling tale about a Bethesda couple loosing $367,000 in gold bars to a sophisticated scam involving fake...
Managing online security throughout the decades.
This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with some more chicken follow up, this week, delving into malware-related chicken names. Daves got the story of Brevard-based Health First Health Plans teaming up with the FBI to warn consumers about a nationwide medical insurance scam where victims pay upfront for fake coverage and end up stuck with huge medical bills. Maria shares the story on how a recent April 2025 survey reveals that while...
OWASP software and data integrity failures (noun) [Word Notes]
Please enjoy this encore of Word Notes.
Code and data repositories that don't protect against unauthorized changes.
No cameras, no crewjust code.
This week, our hostsJoe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from a listener on class action settlements: theyre a class action attorney and shared that the best way to verify a notice is to contact the law firm listed in the court documentsplus, unclaimed funds dont go to the attorneys, but are redistributed to claimants. Maria's story is on a listener dealing with phishing calendar invites that auto-add to their calendarshe shares tips like avoiding the...
The great CoGUI caper. [OMITB]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by her co-hostsN2KNetworksDave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts...
Please enjoy this encore of Word Notes.
An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers.
Lights, camera, scam!
This week, our three hostsDave Bittner,Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a bit of follow up, one from listener Aaron, who shares some safety tips for chickens, and from listener Shannon, who writes in with a new fashion statement. Marias got the story on how Trumps sweeping new tariffs are creating the perfect storm for scams, as cybercriminals exploit consumer confusion with fake fee requests, shady links, and urgent messagesthree red flags experts say to watch for....
OWASP security logging and monitoring failures (noun) [Word Notes]
Please enjoy this encore of Word Notes.
The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system.
Scam me once.
This week, our three hostsDave Bittner,Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Listener Jim notes that money launderers and couriers mentioned in recent episodes are often scam victims themselves, unknowingly processing fraudulent payments or delivering items, sometimes with tragic consequences like an innocent Uber driver being shot. Dave shares two close calls with scams this week: one where a bank employee saved a 75-year-old customer from losing $9,000 to a Facebook crypto scam, and another where a scammer impersonating Officer Shane...
OWASP identification and authentication failures (noun) [Word Notes]
Please enjoy this encore of Word Notes.
Ineffectual confirmationof a user's identityor authenticationin session management.
CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure
Audio reference link: Mr. Robot Hack - Password Cracking - Episode 1. YouTube Video. YouTube, September 21, 2016.
The band is finally back together.
And....we're back! This week, our three hostsDave Bittner,Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are all back to share the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. The team shares three bits of follow-up and then breaks into their stories. Joe starts off sharing some stories about influencer fakery on fake private jet sets and a scam taking advantage of the RealID requirements coming into effect. Maria talks about "Scam Survivor Day" (it's a real thing). She also talks about a former Facebooker's tell-all "Careless People." Dave shares a story about...
Log4j vulnerability (noun) [Word Notes]
Please enjoy this encore of Word Notes.
An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information.
CyberWire Glossary link: https://thecyberwire.com/glossary/log4j
Audio reference link: CISA Director: The LOG4J Security Flaw Is the Most Serious Shes Seen in Her Career, by Eamon Javers (CNBC) andJen Easterly (Cybersecurity and Infrastructure Security Director) YouTube, 20 December 20 2021.
Whats inside the mystery box? Spoiler: Its a scam!
As Dave Bittner is at the RSA Conference this week, our hosts Maria Varmazis and Joe Carrigan, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from Jos on episode 335, sharing how UK banking features like Faster Payments and the Check Payee function might have helped prevent a scam involving fake banking appsand he even tells a wild tale of someone using a fake app to reverse-scam a bike thief. Joe covers the Houses overwhelming passage of the SHIELD Act to ban revenge pornincluding deepfakesand why...
The RMM protocol: Remote, risky, and ready to strike. [OMITB]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined byN2KNetworksDave Bittner and our newest co-host, Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Quintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our...
OWASP broken access control (noun) [Word Notes]
Please enjoy this encore of Word Notes.
Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls.
The prince, the pretender, and the PSA.
As Maria is on vacation this week, our hosts Dave Bittner and Joe Carrigan, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe and Dave are joined by guest Rob Allen from ThreatLocker who shares a story on how a spoofed call to the help desk unraveled into a full-blown cyber siege on MGM Resorts. Joes story is on a new FBI warning: scammers are impersonating the Internet Crime Complaint Center (IC3), the very site where people go to report online fraud. Dave's got the story of a so-called Nigerian prince...
Please enjoy this encore of Word Notes.
The state of a web application when it's vulnerable to attack due to an insecure configuration.
CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-security-misconfiguration
Audio reference link: What Is the Elvish Word for Friend? Quora, 2021.
When AI lies, hackers rise.
This week, our hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. This week Joe's got some follow up about his chickens. Joe's story is on LLM-powered coding tools, and how they are increasingly hallucinating fake software package names, opening the door for attackers to upload malicious lookalike packagesa practice dubbed "slopsquatting"that can compromise software supply chains when developers unwittingly install them. Daves story is on Cisco Talos uncovering a widespread toll road smishing campaign across...
OWASP insecure design (noun) [Word Notes]
Please enjoy this encore episode of Word Notes.
A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures.
CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-insecure-design
Audio reference link: Oceans Eleven Problem Constraints Assumptions. by Steve Jones, YouTube, 4 November 2015.
Phishing in the tariff storm.
This week, our hosts Dave Bittner and Joe Carrigan, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines, while our other host, Maria Varmazis is at a conference. We begin with some follow-up, as Joe reflects on the density of gold. Then, Dave shares some heartfelt and moving words about the recent passing of his father. Dave's story follows how confusion sparked by Trump's erratic tariff policies is fueling a global surge in cyber scams, phishing sites, and crypto cons, as threat actors exploit the chaos to mislead, defraud, and manipulate online...
OWASP injection (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality.
CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-injection
Audio reference link: APPSEC Cali 2018 - Taking on the King: Killing Injection Vulnerabilities YouTube Video. YouTube, March 19, 2018.
You get a million dollars, and you get a million dollars!
This week, while Dave Bittner is out, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with a lot of follow up on listener feedback this week! Justin shares a thought about how to track gold deliveries with a simple sting operation involving an AirTag. Xray Specs offers a fun response to a theory about scanning plates and running Python scripts, stating they receive similar emails despite not owning a car. Jim Gilchrist recounts his experience...
OWASP cryptographic failures (noun) [Word Notes]
Please enjoy this encore of Word Notes.
Code that fails to protect sensitive information.
CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-cryptographic-failure
Audio reference link: Vandana Verma. OWASP Spotlight - Project 10 - Top10. YouTube Video. YouTube, January 4, 2021.
Not-so-real deals.
This week our hosts, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. First, we start off with some more follow-up on EZ passes, along with the newest iteration, as Kailey Cornick shares that scammers target phone numbers rather than actual toll users, sending her SUN pass scam texts tied to her old Florida number. Dave shares the story of Palo Alto's Unit 42 researchers uncovering a massive campaign distributing thousands of fraudulent cryptocurrency investment platforms via...
Hello? Is it malware youre looking for? [OMITB]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined byN2KNetworksDave Bittner and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but were keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and...
account takeover prevention (noun) [Word Notes]
Enjoy this encore of Word Notes.
The prevention of the first part of an intrusion kill chain model exploitation technique, where the hacker steals valid logging credentials from a targeted victim.
CyberWire Glossary link: https://thecyberwire.com/glossary/account-takeover-prevention
Smells like scam season is upon us.
This week our hosts, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up on E-ZPass scamsa listener suggests that scammers may be exploiting exposed license plate reader data, as demonstrated by YouTuber Mike Brown, to link plate numbers with breached phone records and send scam texts in real time. Dave's story is on how scammers may use conditioning techniques in romance scamsBen Tasker observed that refusing to provide a phone number led...
threat hunting (noun) [Word Notes]
Please enjoy this encore of Word Notes.
The process of proactively searching through networks to detect and isolate security threats, rather than relying on security solutions or services to detect those threats.
CyberWire Glossary link: https://thecyberwire.com/glossary/threat-hunting
Audio reference link: My Aha!" Moment - Methods, Tips, & Lessons Learned in Threat Hunting - sans Thir Summit 2019. YouTube, YouTube, 25 Feb. 2020.
E-ZPass or easy scam?
On Hacking Humans, this week Dave Bittner is back with Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), and they are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe shares a bit of follow up on scam victims sharing their experiences of losing money to various frauds, including investment schemes, romance scams, business email compromises, online shopping fraud, unusual payment requests, tax impersonations, remote access scams, and identity theft. Maria shares a story on scammers using fake E-ZPass toll alerts to steal personal information, and another...
vulnerability management (noun) [Word Notes]
Please enjoy this encore of Word Notes.
The continuous practice of identifying classifying, prioritizing, remediating, and mitigating software vulnerabilities within this.
CyberWire Glossary link: https://thecyberwire.com/glossary/vulnerability-management
Audio reference link: Vulnerability Scanning - Comptia Security+ sy0-501 - 1.5. YouTube, YouTube, 11 Nov. 2017,
Catch me if you scam.
On Hacking Humans, this week Dave Bittner is on vacation so our two hosts Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Our hosts start out with some follow up on chicken talk from last week. Maria shares the story of scammers impersonating police officers in England to steal cryptocurrency by exploiting leaked personal data, creating fake fraud reports, and tricking victims into revealing their seed phrases, leading to losses totaling 1 million. Joe has two stories this...
software bill of materials (SBOM) (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A formal record containing the details and supply chain relationships of various components used in building software.
Scams in the henhouse.
On Hacking Humans, this week Dave Bittner is on vacation so our two hosts Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off the show with some follow-up from a long-time listener who shared how switching to Publii and Cloudflare Pages saved his wife's psychiatric nurse practice over $120/year in hosting costs after discovering static site generators on Hacking Humans. Joe's story is on a warning from an Oregon woman who fell victim to an online...
The new malware on the block. [Only Malware in the Building]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined byN2KNetworksDave Bittner and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but were keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and...
zero trust (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A security philosophy that assumes adversaries have already penetrated the digital environment and tries to reduce the potential impact by limiting access by people, devices, and software to only the resources essential to perform their function and nothing more.
Live from Orlando, it's Hacking Humans!
In this special live episode of Hacking Humans, recorded at ThreatLockers Zero Trust World 2025 conference in Orlando, Florida, Dave Bittner is joined by T-Minus host Maria Varmazis. Together, they explore the latest in social engineering scams, phishing schemes, and cybercriminal exploits making headlines. Their guest, Seamus Lennon, ThreatLockers VP of Operations for EMEA, shares insights on Zero Trust security and the evolving threat landscape. Maria's story this week follows the IRS warning about a fake Self Employment Tax Credit scam on social media, urging taxpayers to ignore misinformation and consult professionals. Dave's got the story of the Better Business...
OT security (noun) [Word Notes]
Please enjoy this encore episode of Word Notes.
Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations.
I'm a scammer and need support.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. We start off with some follow up from listener Dave who writes in with a call for help after a good friend of his, who fell victim to a dream job scam. They also have a discussion after the Washington Post shared an article on scammers are remorseful and how they have...
cybersecurity skills gap (noun) [Word Notes]
Please enjoy this encore episode of Word Notes.
The difference between organizational employee job requirements and the available skillsets in the potential employee pool.
The t that tricked.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. Our hosts start off with some follow up from listener Robert who writes in from the Great White North, who shares how he thinks the U.S. might be stuck in the past with payment tech. Joe's got two stories this week, both on financial crimeThailand cutting power to Myanmar's billion-dollar scam hubs...
digital transformation (noun) [Word Notes]
Please enjoy this encore episode of Word Notes.
The use of technology to radically improve the performance or reach of the business.
Old school scams updated.
On this episode of Hacking Humans, we are going old school with Dave Bittner and Joe Carrigan sans T-Minus host Maria Varmazis (as she was hanging out with astronauts at the SpaceCom event). Not to worry, Dave and Joe have it covered sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, we have some follow up including a conversation Joe had with ChatGPT, some discussion on AI generated images of people, and scam letters that are sent out in the...
bulletproof hosting (noun) [Word Notes]
Please enjoy this encore episode of Word Notes.
Cloud services intended for cyber criminals and other bad actors designed to obstruct law enforcement and other kinds of government investigations, and to provide some protection against competitors.
Cyber Groundhog Day and romance scams. [Only Malware in the Building]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host isSelena Larson,Proofpointintelligence analyst and host of their podcastDISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined byN2KNetworksDave BittnerandRick Howardto uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle.On this episode and since it is February (the month of love as Selena calls...
Despicable donation request scamming.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, Dave has the story from Ampyx Cyber that has a scam reporter on staff to do awareness videos and this latest one is about an amazing sale on fake leather bags. Joe has two stories this week. The first one sent Joe down a rabbit hole and is about romance...
endpoint security [Word Notes]
Please enjoy this encore of Word Notes.
The practice of securing a device that connects to a network in order to facilitate communication with other devices on the same or different networks.
Back to the office, back to the threats.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week Maria has the story on how the return to office life brings unique security challenges, highlighting the need for Red Team assessments to uncover and address physical and digital vulnerabilities, empowering organizations to proactively enhance workplace security and protect against evolving threats. Joe's story comes from the FCC's warning about...
Executive Order on Improving the Nation's Cybersecurity (noun) [Word Notes]
Please enjoy this encore episode.
President Biden's May, 2021 formal compliance mandate for federal civilian executive branch agencies, or FCEBs, to include specific shortterm and longterm deadlines designed to enhance the federal government's digital defense posture.
Crypto chameleons and star fraud.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week we jump right into stories, Maria shares Apples new AI feature and how it is unintentionally rewording scam messages to make them appear more legitimate and flagging them as priority notifications, raising concerns about increased susceptibility to scams. Joe has two stories this week, the first focuses on two individuals,...
lateral movement (noun) [Word Notes]
Phase of a typical cyber adversary group's attack sequence, after the initial compromise and usually after the group has established a command and control channel, where the group moves through the victims network by compromising as many systems as it can, by looking for the data, it has come to steal or to destroy.
Nice to meet you, I'm a scammer.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. Our hosts discuss and ponder whether or not diamonds are the original cryptocurrency, as well as diving further into Yubikeys for organizations. Maria shares the story of a 66-year-old woman who lost her $2 million retirement savings to a romance scam on Match.com, highlighting the rise in such scams and efforts to...
Malware metamorphosis: 2024 reflections and 2025 predictions. [Only Malware in the building]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we...
common vulnerabilities and exposures (CVE) (noun) [Word Notes]
A public list sponsored by the US government and designed to uniquely identify, without the need to manually cross- reference, all the known software vulnerabilities in the world.
The intersection of hackers, scammers, and false collaborations.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First off, our hosts share some follow up, Asher wrote in to discuss follow up on the AI granny. Maria's story covers a "new QR code scam" involving unsolicited packages and brushing tactics, where scammers lure victims into scanning malicious QR codes to steal personal and financial information. Joe's story highlights how...
dead-box forensics (noun) [Word Notes]
A forensic techniquewherepractitionerscapturean entire imageof a systemand analyze the contentsoffline.
New tools, old problems.
Please enjoy this encore episode of Hacking Humans. This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. She discusses how AI is being used as a possible solution to one of the oldest scams in the book in Japan. Dave and Joe share some listener follow up, one from listener Alan and one from Clinton, who both write in about a recent episode and they share their thoughts on the story of Charlotte Cowles being scammed out of $50,000. Dave shares a story about calendar meeting links, from Calendly, a popular application for...
cybersecurity maturity model certification (CMMC) (noun) [Word Notes]
Please enjoy this encore episode of Word Notes.
A supply chain cybersecurity accreditation standard designed for the protection of controlled unclassified information that the U.S. Department of Defense, or DoD, will require for all contract bids by October, 2025.
Gold bars and bold lies.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First we start off with some follow up, our hosts share some more information on VIN swapping, and a clarification on bank participation in FinCEN. Maria shares a telling tale about a Bethesda couple loosing $367,000 in gold bars to a sophisticated scam involving fake officials and elaborate deceptions, but a police...
incident response (noun) [Word Notes]
Please enjoy this encore episode of Word Notes.
A collection of people, process, and technology that provides an organization the ability to detect and respond to cyber attacks.
Silent push, loud consequences.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, Maria shares two stories this week, the first is from "PayPal" saying they are owed over $200. The second comes from LinkedIn where a gentleman shares the terrifying story of losing everything all because of a scam. Joe's story is on text message scams where strangers pretend to know you,...
script kiddies (noun) [Word Notes]
Please enjoy this encore episode of Word Notes.
Cybercriminals who lack the expertise to write their own programs use existing scripts, code, or tools authored by other more skilled hackers.
Fraud's festive frenzy.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, our hosts dive into some follow up from listener Will. who writes in about the Financial Crimes Enforcement Network. They also share after an anonymous listener writes in with a suggestion on filtering scam emails using the DocuSign API. Maria follows the story of how Black Friday is increasingly being...
A cyber carol. [Only Malware in the Building]
Welcome in! Youve entered, Only Malware in the Building. Grab your eggnog and don your coziest holiday sweater as we sleuth our way through cyber mysteries with a festive twist! Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the...
sandbox (noun) [Word Notes]
Please enjoy this encore episode of Word Notes.
An isolatedandcontrolledset of resourcesthat mimicsreal world environmentsand usedto safely executesuspicious codewithout infectingor causing damageto the host machine,operating system,or network.
Scamming just isn't what it used to be.
Please enjoy this encore of Hacking Humans: This week, we are joined by host of N2K's T-Minus Space Daily podcast, Maria Varmazis, she sits down with Joe and Dave to discuss sextorion materials that were found on popular social media apps such as, TikTok, Instagram, Snapchat and YouTube. Joe and Dave share quite a bit of follow up, Joe starts with an anonymous listener writing in sharing their story on gift card scams. Dave shares another anonymous listeners comments, sharing about what they think of Andy Cohen going public on how he got scammed. Finally, Joe and Dave hear from...
security orchestration, automation, and response (SOAR) (noun) [Word Notes]
Please enjoy this encore episode of Word Notes.
A stack of security software solutions and tools that allow organizations to orchestrate disparate internal and external tools which feed pre-built automation playbooks that respond to events or alert analysts if an event meets a certain threshold.
Grannys got a new trick.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, Joe shares a note from listener Michael before getting into stories, and Michael writes in to share that there are VIN cloning scams. Joe brings back the Iota discussion from last week. Joe's up first for stories and focuses on fraud. Dave informs us of the new human-like AI granny...
personally identifiable information (PII) (noun) [Word Notes]
A term of legal art that defines the types of data and circumstances that permits a third party to directly or indirectly identify an individual with collected data.
Final approach to scammer advent.
On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, the team shares follow up about FEMA and Hurricane Helene relief. Dave's story is about romance scams involving an impersonator of a WWE star scamming a grandfather out of their retirement savings, Maria shares a story about a valid-looking document impersonating DocuSign's API (application programming interface). Joe's got a few...
secure access service edge (SASE) (noun) [Word Notes]
Enjoy this encore episode.
A security architecturethat incorporates the cloudshared responsibility model,a vendor provided security stack, an SD-WANabstraction layer,and network peeringwith one or moreof the big content providersand their associatedfiber networks.
Happy hour hacking.
Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of the five types of social engineers Deanne Lewis encountered while tending bar, revealing how each barroom personality reflects a common cybersecurity threat. Our hosts share some follow-up from a friend of the show, JJ, who reports a rise in tech support scams targeting non-tech-savvy users by locking their screens and persuading them to call scammers, often leading to credit card fraud and unauthorized remote access through tools like AnyDesk or TeamViewer. Joe has two stories this week: one covering JPMorgan Chase's lawsuits...
Whispers in the wires: A closer look at the new age of intrusion. [OMITB]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we...
red teaming (noun) [Word Notes]
Enjoy this encore episode.
The practice of emulating known adversary behavior against an organization's actual defensive posture.
The Malware Mash
Happy Halloween from the team at N2K Networks! We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video here. Lyrics I was coding in the lab late one night when my eyes beheld an eerie sight for my malware threat score began to rise and suddenly to my surprise... It did the Mash It did the Malware Mash The Malware Mash It was a botnet smash It did the Mash It caught on 'cause of Flash The Malware Mash It did the Malware Mash From the Stuxnet worm squirming toward...
How political donations can be deceiving.
Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of a relentless wave of political donation texts that go well beyond simple annoyance, revealing an unsettling impact on vulnerable populations. CNN's investigation exposes how these texts, with their urgent and personal tone, have led seniors, including those with dementia, to make thousands of donationssometimes unknowingly amassing hundreds of thousands of dollars for campaigns. Joe's story highlights a dash cam video capturing a car colliding with another vehicle while backing up on a busy highway. The footage raises questions about driver awareness and...
next generation firewall (noun) [Word Notes]
Please enjoy this encore episode of Word Notes.
A layer sevensecurity orchestration platformdeployed at the boundarybetweeninternal workloads slash data storageanduntrusted sourcesthat blocksincoming and outgoing network trafficwith rulesthat tie applicationsto the authenticated userandprovides mostof the traditionalsecurity stack functionsin one device or software application.
Spiritual healers or master con artists?
Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of how ESET Research revealed that Telekopye, a scam toolkit used by cybercriminals, has expanded its operations from online marketplaces to accommodation booking platforms like Booking.com and Airbnb. Joes story is on the elaborate "blessing scam" targeting older Chinese women, where scammers pose as spiritual healers to swindle victims out of their valuables by convincing them their loved ones are in dangera criminal act spanning across the UK, US, Australia, and Canada, leaving families desperate to catch the perpetrators. Dave follows the story...
fast flux (noun) [Word Notes]
Please enjoy this encore of Word Notes.
A network designed to obfuscate the location of a cyber adversary's command and control server by manipulating the domain name system, or DNS, in a way that rotates the associated IP address among large numbers of compromised hosts in a botnet.
Cybercriminals thrive in vulnerable moments.
Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of how cybercriminals are exploiting the chaos following Hurricane Helene in Florida by launching scams and phishing attacks. Veritis research highlights three key threats: FEMA claim scams, phishing using hurricane-related domains, and malicious files disguised as FEMA documents, all targeting vulnerable individuals. This week, Joe's got three hard-hitting stories lined up! First, U.S. authorities have charged 18 individuals and companies for pulling off fraudulent schemes to manipulate cryptocurrency markets. Next, leaders from four crypto firms and market makers face charges for wash-trading and...
Election Propaganda: Part 3: Efforts to reduce the impact of future elections. [CSO Perspectives]
Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWires Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1 & 2! Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWires Chief Analyst and Senior...
encryption (noun) [Word Notes]
Enjoy this Word Notes encore.
The process of converting plain text into an unrecognizable form or secret code to hide its true meaning.
The e-commerce scam you didnt see coming!
Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of a South Carolina couple, and how they were devastated to discover their vacant land in Concord, Massachusetts was fraudulently sold by thieves who posed as them, with the new owners already building a home on the property, prompting a lawsuit and an FBI investigation. Our hosts share some follow-up on two intriguing listener contributions. John blocks Google ads using NextDNS, which catches ad wrappers unless manually disabled. Georgi from Japan describes a new Visa card with no visible number or CVV. Dave's...
Election Propaganda: Part 2: Modern propaganda efforts. [CSO Perspectives]
In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWires Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]....
keylogger (noun) [Word Notes]
Please enjoy this encore episode of Word Notes.
Software or hardware that records the computer keys pressed by a user.
Election Propaganda Part 1: How does election propaganda work? [CSO Perspectives]
Rick Howard, N2K CyberWires Chief Analyst and Senior Fellow, discusses personal defensive measures that an average citizen, regardless of political philosophy, can take in order to not succumb to propaganda. References: David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Jeff Berman, Rene DiResta, 2023. Disinformation & How To Combat It [Interview]. Youtube. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of foreign interference [News]. The Washington Post. Quentin Hardy, Rene DiResta, 2024. The Invisible Rulers Turning Lies Into Reality [Interview]. YouTube. Rob Tracinski, Rene DiResta, 2024.The Internet Rumor Mill [Interview]. YouTube....
non-fungible tokens (NFT) (noun) [Word Notes]
Enjoy this encore of Word Notes.
Digital assets that are cryptographically protected on a blockchain and contain unique identification codes and metadata that makes them one of a kind.
The Dark Arts of cyber. [Only Malware in the Building]
Welcome, witches, wizards, and cybersecurity sleuths! Youve entered, Only Malware in the Building. Join us each month to brew potions of knowledge and crack the curses of todays most intriguing cyber mysteries. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to...
The devil IS in the details.
It's all in the details, folks. Pay attention to those and you can avoid unnecessary stress. Dave Bittner, Maria Varmazis, and Joe Carrigan swap stories on email password-stealing attacks, Google ads scams, and fake banks this week. The team shares follow up from listener Steven from the UK about the hazards of shoulder surfing when they received their new debit card with all PII on the same side of the card. A friend of the show JJ shared a story and a warning about fake checks. Never accept a check from a stranger. Dave's story covers Action Fraud, the UKs...
multi-factor authentication (noun) [Word Notes]
Enjoy this special encore episode.
The use of two or more verification methods to gain access to an account.
Scammers beware, the world is watching!
This week, Dave and Joe share some listener follow-up from Clayton about credit card fraud and the potential issues with automatic update services that some cards provide. Dave's story is on sextortion scams targeting spouses, where scammers claim a partner is cheating and provide links to fake "proof." Joe has two stories this week, the first one is on how Police in Lebanon County arrested an alleged grandparent scammer after a sting operation. Joe's second story is on scam victims being compensated under a new Labor plan in Australia, which would fine banks, telcos, and social media platforms up to...
machine learning (noun) [Word Notes]
Enjoy this special encore episode.
A programming technique where the developer doesn't specify each step of the algorithm in code, but instead teaches the algorithm to learn from the experience.
Baked goods and bad actors.
Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story on the "Hello pervert" sextortion scam, where scammers now use threats of Pegasus spyware and photos of victims' homes to intensify their demands. We have quite a bit of follow-up today. Scott from Australia shared how self-service checkouts now display scam warnings when purchasing gift cards to prevent fraud. Jim highlighted a vulnerability in YubiKey encryption libraries that allows key cloning with an oscilloscope, while a former US Marshal reminded us that Zelle is marketed specifically for transfers between friends and family. Joe's...
intelligence (noun) [Word Notes]
Enjoy this special encore episode.
The processof turning raw informationinto intelligence productsthat leaders useto make decisions with.
Illusions & ill-intent.
Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of how the ease of registering an LLC in Colorado has led to a surge in fraudulent businesses. She discusses how residents receiving suspicious mail addressed to fake LLCs registered at their homes are overwhelming the state's Secretary of State with thousands of complaints. Joe's story is on how scammers used a seaside hotel and former bank offices on the Isle of Man to defraud victims in China out of millions of dollars. Dave's story follows a phishing campaign where attackers impersonated HR...
RATs in the tunnel: Uncovering the cyber underworld. [OMITB]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we...
SaaS (noun) [Word Notes]
Enjoy this special edition of Word Notes:
A cloud-basedsoftware distribution methodwhere app infrastructure,performance,and securityare maintainedby a service providerand accessible to users,typicallyvia subscription,from any deviceconnected to the internet.
Beware of the deceivers.
This week Joe and Dave share some listener follow up from Tim, who writes in to give some more information on a payment apps story in episode 302. Joe's story is on Suzy Enos, whose sister died, only for scammers to impersonate a family member and take over her phone number, leading to fraudulent charges on her accounts. Enos fought back to secure her late sister's assets and raise awareness about protecting accounts after a loved one's death. Dave's story follows how scammers exploit the "Automatic Billing Update" (ABU) program to enroll people in fake subscriptions and charge them even...
brute-force attack (noun) [Word Notes]
Enjoy this special encore episode.
A cryptographic hackthat relieson guessingall possible letter combinationsof a targeted passworduntil the correct codewordis discovered.
How scammers weave deception into everyday life.
Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe to share her story on how AI-generated scams have infiltrated the world of crochet and other crafts, selling fake patterns that often result in impossible or frustrating projects. Dave's story is on the rise of "digital arrest" scams in India, where criminals posing as law enforcement officers coerce victims into making payments to avoid fake charges against their loved ones. Joe's story come's from a listener this week, and follows the latest evolution of the classic invoice scam, where scammers are now embedding unrelated but meaningful...
decryption (noun) [Word Notes]
Enjoy this special encore of Word Notes.
A process of converting encrypted data into something that a human or computer can understand.
Navigating dark waters and deceptive currents.
Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe to share her story from listener Chloe, who shared a post she found on a social media platformed called "Bluesky," where a company is asking for photos and videos of your children to help AI smarter. Our hosts share some listener follow up on how a scammer impersonated a government official to deceive a woman into converting her assets into gold bars, resulting in the theft of over $789,000. They also share some follow up from listener Steve to discuss the "No Numbers Project" from episode...
denial-of-service attack (noun) [Word Notes]
Enjoy this encore episode:
A cyber attack designed to impair or eliminate access to online services or data.
Phishing for votes.
Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave to share her story on how recent research by security firm Veriti reveals a phishing campaign targeting Trumps 2024 supporters, soliciting cryptocurrency donations through fake WinRed-branded domains, with limited transactions and some activity traced to China. Dave and Maria share some follow-up from a listener, including suggestions for protecting Dave's father's computer from phishing scams by using LibreWolf browser, UBlock Origin extension, and NextDNS, as well as a listener sharing insights on the pronunciation of "Ports-Muth." Dave's story follows how in June, Ferrari CEO Benedetto Vigna was impersonated...
AI: The new partner in cybercrime? [OMITB]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we...
cold boot attack (noun) [Word Notes]
Please enjoy this special encore episode of Word Notes.
A type ofside channel attackin which an attackerwith physical accessto a computerperforms a memory dumpof a computersRandom Access Memoryor RAM during the reboot processin order to stealsensitive data.
This is 300!
This week we celebrate 300 episodes! Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe and shares a PSA on the CrowdStrike outage. Her story focuses on the Olympics, as this was the first week the Olympics started, and she shares about a recent fraud campaign that is targeting iPhone users in India, posing as India Post through smishing attacks. Our hosts discuss some follow up, from listener Brie, who writes in to share how one police force is helping folks stay safe from scam callers. They also share a story from listener Mark, who...
Encore: cloud computing (noun) [Word Notes]
On-demand pay-as-you-go Internet delivered compute, storage, infrastructure, and security services that are partially managed by the cloud provider and partially managed by the customer.
Healthcare hassles and hefty heists.
This week, Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe, as they celebrate Maria joining the Hacking Humans podcast every week! Maria's story is from a listener this week who writes in with a story on an IT company that is a third party for a healthcare company, and the dangers that can come from that. Dave and Joe share some listener follow up from Michael, who shares some thoughts on AI. Dave's story follows how a recent study found that 40% of elderly adults in the UK regularly face phone-based fraud attempts, with...
Encore: APT (noun) [Word Notes]
An acronym forAdvanced Persistent Threatto describehacker groupsor campaignsnormally,but not always,associated withnation statecyber espionage andcontinuouslow-levelcyber conflictoperations.
Welcome to a new age in digital deception.
This week, Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe, as they celebrate Maria joining the Hacking Humans podcast every week! Maria's story is on supplement scams, as there has been a significant surge in health-related supplement scams on social media platforms, utilizing advanced technologies like AI-generated images and deepfake videos to promote fake products endorsed by celebrities and medical professionals. Joe's story follows Airplane WiFi, now essential for many travelers, and how it poses unexpected risks as recent incidents highlight dangers like "evil twin" attacks, urging caution with VPNs and verifying network legitimacy...
Encore: backdoor (noun) [Word Notes]
An undocumentedor publicly unknown methodto access a computer systemundetectedorto break a cypherused to encode messages.
The costly consequences of communication scams.
This week Dave shares a story on Business email compromise (BEC) scams, and how they are a major threat, costing $26 billion annually. The story shares how it's crucial for employees to verify suspicious emails through a secondary channel and for companies to foster transparent communication to mitigate such risks. Joe shares two stories with us this week. The first is from a listener named Jay, who received a story from a relative. In this story, someone claiming to be a constable calls to warn about a person who has gift cards with the victim's name on them, then tries...
Encore: watering hole attack (noun) [Word Notes]
From the intrusion kill chain model,a techniquewhere the hackercompromises sitescommonly visitedby membersof a targeted communityin order to delivera malicious payloadto the intended victim.
Encore: AI versus AI.
Blair Cohen from AuthenticID joins Dave to discuss how generative AI and authentication go hand in hand. Joe and Dave share some follow up from listener Robert who discusses an ad for a device that uses ChatGPT to record phone calls on your device. Dave helps his dad out with his computer and shares the tale. Dave also shares a story this week on the FBI warning against scammers who are posing as NFT devs to try and steal your crypto. Joe and Dave test their scammer catching skills while taking a test to see if they are smarter than...
Operation Endgame: The ultimate troll patrol. [Only Malware in the Building]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we...
Encore: network telescope (noun) [Word Notes]
Network observation systems designed to monitor globally unreachable but unused Internet address space or the Deep Web in order to study a wide range of interesting Internet phenomena.
Public pianos and private scams.
This week Joe and Dave share some interesting follow up from a few episodes ago where Dave shared his love for baby grand pianos and how scammers we're using that to lure people into traps. Listener George wrote in to share about a show on UK Channel 4, called "The Piano," it's a music competition where visitors play a public piano in a train station, judged by hidden famous pianists, with winners performing at the UK Royal Festival Hall. Joe's story is a warning to travel goers usingbooking.com, as they share scams are at a all time high. Dave's story...
Encore: SOC Triad (noun) [Word Notes]
A best practice for framing cyber intelligence critical information requirements that recommends collecting and consolidating data from three specific sources: endpoint, network and log.
From dark shadows to main stage.
Brandon Kovacs, a Senior Red Team Consultant at Bishop Fox, is talking about how Artificial Intelligence is shaping the future of social engineering. Listener Adina wrote in to share their thoughts on an earlier episode on Google. Dave share's listener Tony's write in for his story this week. Joe and Dave discuss some questions Tony shared about preparing for an overseas trip when his bank account was locked due to security measures triggered by setting up a backup phone and using a VPN. Joe has two stories for this week, one from Blair Young at WBAL, where Maryland Lottery is...
Encore: supply chain attacks (noun) [Word Notes]
Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.
False flags and fake voices.
This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria's story covers the escalating efforts of pro-Russian propagandists to tarnish the Paris Summer Olympics and erode Western support for Ukraine, employing bold tactics like using AI to mimic Tom Cruise's voice. Joe and Dave share quite a bit of listener follow up, the first on is regarding the AirBnB story from a few weeks ago, the second one is from listener Lawrence who wrote in to verify daves comments about American Express, and the last one is from listener Tait, who shares some...
Encore: taint analysis (noun) [Word Notes]
The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.
Spotting social engineering in the shadows.
This week, we are joined by Dr. Chris Pierson CEO at Black Cloak, and he is talking about some of the social engineering attacks his team is tracking. Joe's story follows how Microsoft Threat Intelligence has observed the financially motivated cybercriminal group Storm-1811 misusing the client management tool Quick Assist in social engineering attacks. Dave share's the story of the lure of a free baby grand piano to deceive over 125,000 email recipients, mainly targeting North American university students and faculty, earning at least $900,000. Our catch of the day comes from listener Chuck who writes in to share some...
The curious case of the missing IcedID. [Only Malware in the Building]
Welcome in! Youve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about todays most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New Yorks exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we...
Encore: ATM skimming (noun) [Word Notes]
The process of stealingATM customer credentials by means of physicallyand covertly installingone or more devicesonto a public ATM machine.
The AirBnB booking that wasnt.
This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story from a listener, who writes in on an AirBnB debacle he was dealing with. Joe shares the newly released 2024 Data Breach Investigations Report from Verizon. Dave shares a story From the New York Magazine, written by Ezra Marcus, on a college sophomore from University of Miami who was found to be tangled up in a refund fraud scam that granted him a lavish lifestyle. Our catch of the day comes from Joe's mother this week. She happened to...
Encore: APT side hustle (noun) [Word Notes]
A nation-statehacking groupspracticeof funding its town activitiesthrough cybercrimeor cyber mercenary work.
Awareness, behavior, & beyond.
This week, we are joined by host of 8th Layer Insights, Perry Carpenter from KnowBe4 and Dr. Jessica Barker from Cygenta to discuss human risk: awareness, behavior and beyond. Joe and Dave share some listener follow up, the first being from Richard, who writes in to share some tips and tricks regarding relationship scams mentioned in a previous show. The second is from Michael, who writes in with some thoughts on social engineering to compromise open source projects from episode 288. Dave shares a story on researchers observing millions of daily emails from "Jenny Green," facilitated by the Phorpiex botnet,...
Encore: endpoint (noun) [Word Notes]
A deviceconnected to a networkthat accepts communicationsfrom other endpointslike laptops,mobile devices,IoT equipment,routers,switches,and any tool on the security stack.
Psychology and scams.
This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story about how ransomware infections are beginning to change to form a more psychological attack against victims' organizations, as criminals are using personal and aggressive tactics to force them to pay. Dave and Joe share some listener follow up, from Bob, who writes in to share how he shares stories with his family members, and mentions one specifically on a Best Buy Geek Squad scam. Dave share's a story on bank scams, and how scammers are using genuine push notifications...
An extensionof the traditionalBasic Input/Output Systemor BIOSthat,during the boot process,facilitates the communicationbetween the computers firmwareand the computers operating system.
The illusion of influence.
Bogdan Botezatu from Bitdefender is discussing research on "Audio deepfakes: Celebrity-endorsed giveaway scams and fraudulent investment opportunities flood social media platforms." Dave and Joe shares some follow up from listener Lara, who writes in to discuss a few topics regarding a previous episode. Joe's story is sharing a game changer in the social engineering world. Dave shares the story of a listener's grandmother who had fallen victim to a pig butchering scam. Our catch of the day comes from listener Kenneth who shares an email he received from a "Cardiologist" on some puppies. Please take a moment to fill out...
Encore: Daemon (noun) [Word Notes]
An operating system programrunning in the backgrounddesigned to perform a specific taskwhen certain conditionsor eventsoccur.
From support to scam.
This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story from Canada on a gentleman who thought he was calling Best Buy's Geek Squad, but instead ended up getting scammed out of $25,000. Dave and Joe share quite a bit of listener follow up, the first one is from Raul who shares how they saw an infamous Facebook scam. The second one is from listener Alec who shares some thoughts on episode 286's catch of the day. Lastly, Paula shares some thoughts on a recent discussion on why people...
Encore: greyware (noun) [Word Notes]
Also known as spyware and adware, it is a software category where developers design the application neither to cause explicit harm nor to accomplish some conventional legitimate purpose, but when run, usually annoys the user and often performs actions that the developer did not disclose, and that the user regards as undesirable.
Fighting off phishing.
Roger Grimes, a Data Driven Defense Evangelist from KnowBe4 and author is discussing his new book, "Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing." Dave and Joe share some listener follow up, the first being from listener Tim, who shares a story of him almost falling for a scam involving some of his investment assets. Lastly, Dave and Joe share a story from an anonymous listener who wrote in to share about a LinkedIn imposter nightmare. Dave's story focuses on a how the LabHost PhaaS platform was disrupted by a year-long global law enforcement operation, resulting...
Encore: fuzzing (noun) [Word Notes]
An automatic software bug and vulnerability discovery technique that inputs invalid, unexpected and/or random data or fuzz into a program and then monitors the program's reaction to it.
Is change presenting a window of opportunity for attackers?
Trevin Edgeworth, Red Team Practice Director at Bishop Fox, is discussing how change, like M&A, staff, tech, lack of clarity or even self-promotion within and around security environments presents windows of opportunity for attackers. Joe and Dave share some listener follow up, the first one comes from Erin, who writes in from Northern Ireland,shares an interesting new find about scammers now keeping up with the news. The second one comes from listener Johnathan who shared thoughts on reconsidering his view on defining Apple's non-rate-limited MFA notifications as a "vulnerability." Lastly, we have follow up from listener Anders who shares an...
Encore: Unix (noun) [Word Notes]
A family of multitasking, multi-user computer operating systems that derive from the original Unix system built by Ken Thompson and Dennis Ritchie in the 1960s.
Could AI's doomsday be deferred?
Dr. Robert Blumofe, CTO at Akamai, sits down to talk about the AI doomsday versus a "very bad day" scenario. Dave shares a story from The Knowledge Project Podcast, where the host talks to Adam Robinson, a multifaceted individual known for his work as an author, educator, entrepreneur, and hedge fund advisor, and he talks about what is all incorporated into the term "stupidity." Dave goes on to share that while most people may feel stupid when falling for a scam, this research suggests otherwise, and you should never feel that way for falling for any scam. Joe's story comes...
Encore: deep packet inspection (DPI) (noun) [Word Notes]
A network monitoringand filtering techniquethat examines boththe header informationand the payloadof every packettraversing a network access point.
Cyber crime chronicles featuring scams, spies, and cartel schemes.
This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story about Appleusers reporting that they are being targeted in elaborate phishing attacks that involve's a bug in Apples password reset feature. Joe and Dave share some listener follow up from Leo who shares some thoughts on episode 282 and the recruiter scam that was discussed. Dave shares a story from Mexico on one of the most violent criminal groups and drug cartels, Jalisco New Generation. They have been running call centers that offer to buy retirees vacation properties and...
Encore: rootkit (noun) [Word Notes]
A clandestine set of applications designed to give hackers access and control over a target device.
Exploring emerging trends in online scamming.
Graham Cluley joins to discuss trends hes been seeing lately in online scams. N2K's very own Gina Johnson shares some insights on a discussion a few episode ago on why people need a prescription for oxygen in the US. Joe brings up the topic of getting and exploiting access to your infrastructure, and shares an article that deals with the rise of social engineering fraud in business email compromise. Dave shares a personal story this week, on how he got scammed from a Facebook post, sharing that it can happen to anyone. Our catch of the day comes from listener...
Encore: tactics, techniques and procedures (TTPs) (noun) [Word Notes]
A set of behaviorsthat precisely describesa cyber adversary attack campaign.
Job seeker beware: Spotting sneaky scammers on job boards.
This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. She shares the story on scammers posing as recruiters on LinkedIn to get you to fall for an age old phishing scam. Dave and Joe share some listener follow up, the first being from listener Alex who shared a video on scammers being forced to prove they are not robots. Listener Chloe wrote in with a question, asking about a potential scam she encountered. Joe has a story from the BBC this week regarding a love scam in the Philippines. Finally, Dave shares the...
Information used by leadershipto make decisionsregarding the cybersecurity postureof their organization.
Cyberattack chaos and the impact on families.
This week we are joined by N2K CyberWire's very own Catherine Murphy, and she is sharing her family's experiences with Lurie Children's Hospital's recent cybersecurity incident. Dave shares a story on the dangers of Googling airline customer service numbers when an issue occurs. Joe shares another story on scary scams that are costing people millions of dollars, now getting the FBI involved. Our catch of the day was found from the Washington University in St. Louis from their Scam of the Month posting, which shares another tale of a scam, this time trying to recruit for an open vacancy as...
Encore: identity theft (noun) [Word Notes]
In this case Identity is the set of credentials, usually electronic that vouch for who you are and theft is to steal. The theftof a person's identityfor purposes of fraud.
New tools, old problems.
This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. She discusses how AI is being used as a possible solution to one of the oldest scams in the book in Japan. Dave and Joe share some listener follow up, one from listener Alan and one from Clinton, who both write in about a recent episode and they share their thoughts on the story of Charlotte Cowles being scammed out of $50,000. Dave shares a story about calendar meeting links, from Calendly, a popular application for scheduling appointments and meetings, being used to spread...
Encore: Monte Carlo Simulation (noun) [Word Notes]
A probability simulation techniqueused to understandthe impact of riskand uncertaintyin complex problems.
Navigating the post-password landscape.
Mike Kosak, Principal Intelligence Analyst at LastPass, is discussing passkeys, threat actors, and Volt Typhoon. Joe shares a new free certification you could get if you are looking to get into the field. Joe also shares a terrifying story about how everyone can be conned, and it's not as obvious as it may seem sometimes. Dave's story is warning Costco members of a new phishing scam that attempts to steal their credit card information. Our catch of the day comes from listener Pryce who shares an email they received regarding a charge they are getting from "NortonLifeLock." Links to the...
A software, hardware or hybrid encryption layer between two devices on the network that makes the traffic between the sites opaque to the other devices on the same network.
Scamming the innocent.
This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. She brings us a scary story from a woman who never thought she'd ever be scammed. Dave and Joe shares some follow up before getting into their stories, they share a story from a listener who sent in a LinkedIn link about scammers targeting Walmart. They also share a question from listener Cynthia, who asks about bank scam covered before, and how to respond to these scams. Dave shares a story from an anonymous source this week, who writes in about the dangers of...
From the intrusion kill-chain model,the delivery of a lurevia a text messageto a potential victimby pretending to besome trustworthy personor organizationin order to trick the victiminto revealing sensitive information. Smishingis a portmanteau word made of two other words,the acronymSMSand the cyber coinagePhishing.Its atext-message-centric variationof the email-based phishing scamsthat have been around since the 1990s.The term Smishingarosein the late 2000s.
Looking forward in 2024.
Aaron Walton, Threat Intel Analyst from Expel is discussing some things to look out for in 2024. Joe and Dave share some listener follow up from Mateusz, who shares some positive news with us. Dave's story is about a romance scammer coming clean after failing to woo CBS News reporter, Erica Johnson. Joe's story is on the latest decision from the FCC, and how they voted to ban scam robocalls that use AI-generated voices. Our catch of the day comes from listener Chuck, just in time for tax season, he warns against a phishing scam he received about his taxes....
Encore: port mirroring (noun) [Word Notes]
A network switch configuration settingthat forwards a copyof each incoming and outgoing packetto a third switch port. Also known asSPAN or Switched Port Analyzer, RAP or Roving Analysis Port, and TAP or Test Access Point. When network managersand security investigatorswant to capture packets for analysis,they need some sort ofgeneric TAPor Test Access Point.You can buy specialized equipmentfor this operationbut most modern switcheshave this capability built in.
Scamming just isn't what it used to be.
This week, we are joined by host of N2K's T-Minus Space Daily podcast, Maria Varmazis, she sits down with Joe and Dave to discuss sextorion materials that were found on popular social media apps such as, TikTok, Instagram, Snapchat and YouTube. Joe and Dave share quite a bit of follow up, Joe starts with an anonymous listener writing in sharing their story on gift card scams. Dave shares another anonymous listeners comments, sharing about what they think of Andy Cohen going public on how he got scammed. Finally, Joe and Dave hear from a listener by the name of "The...
Encore: Network Time Protocol (NTP) attack (noun) [Word Notes]
A reflection or amplification distributed denial-of-service attack in which hackers query Internet network time protocol servers, NTP servers for short, for the correct time, but spoof the destination address of their target victims.
Quiz scam nightmare.
Jaeson Schultz, Technical Leader from Cisco Talos, is discussing "Spammers abuse Google Forms quiz to deliver scams." Dave's story discusses the disturbing new trick up a scammers sleeve to get you to fall for their schemes. Joe has two stories this week, the first a warning to those who pick up scammers phone calls and what that can lead to after gaining access to your voice. Joe's second story follows a band of organized thieves and how they have beentargeting high-end homes across Metro Detroit. Our catch of the day comes from listener Van, who writes in to share a...
From the intrusion kill-chain model,the delivery of a lurevia a text messageto a potential victimby pretending to besome trustworthy personor organizationin order to trick the victiminto revealing sensitive information. Smishingis a portmanteau word made of two other words,the acronymSMSand the cyber coinagePhishing.Its atext-message-centric variationof the email-based phishing scamsthat have been around since the 1990s.The term Smishingarosein the late 2000s.
Phishing for mail.
Abhilash Garimella from Bolster joins to discuss a USPS phishing campaign abusing freemium dynamic DNS and SaaS providers. Dave and Joe share some follow up, one was from listener Mike who wrote in to tell us about a breach at Resend, another was regarding a previous episode on grief and the internet, and finally Joe and Dave discuss a listeners response to a previous episode regarding an SMS scam a listener wrote in about. Dave shares a story on Walmarts relaxed security methods and how scammers may be exploiting them. Joe shares a couple articles relating to the ever growing...
Encore: port mirroring (noun) [Word Notes]
A network switch configuration settingthat forwards a copyof each incoming and outgoing packetto a third switch port. Also known asSPAN or Switched Port Analyzer, RAP or Roving Analysis Port, and TAP or Test Access Point. When network managersand security investigatorswant to capture packets for analysis,they need some sort ofgeneric TAPor Test Access Point.You can buy specialized equipmentfor this operationbut most modern switcheshave this capability built in.
It's the intricate deceptions that get you.
This week we are joined by the host of T-Minus, N2Ks very own Maria Varmazis brings her own story and discusses with Dave and Joe. We start off with Joe, and he brings in the story of Andy Cohen and how he fell victim to a credit card scam and shares what he had learned through the experience. Maria shares Arctic Wolf Labs' story and how they have investigated several cases of Royal and Akira ransomware victims being targeted in follow-on extortion attacks dating back to October of 2023. Lastly, Dave shares his story warning YouTube users about videos promoting...
Encore: Network Detection and Response (NDR) (noun) [Word Notes]
NDR tools provideanomaly detectionand potential attack preventionby collecting telemetryacross the entire intrusion kill chainon transactionsacross the network,between servers,hosts,and cloud-workloads,and runningmachine learning algorithmsagainst this compiledand very large data set. NDR is an extensionof the EDR,or endpointdetection and response ideathat emerged in 2013.
Password Perils: The threat of credential stuffing exploits.
Frank Riccardi sits down to discuss how cybercriminals exploit peoples fondness for reused passwords to launch credential stuffing attacks. Dave and Joe share a bit of follow up, one from a listener named Steve who shares some push back from the 23andMe story from last week, and the other from a listener named Michael who shares a story of unpaid toll scams. Joe shares the story of a Utah exchange student and how he fell victim to a cybersecurity kidnapping, and now authorities are trying to figure out how it happened. Dave shares a scam about tragic fake posts that...
Encore: shadow IT (noun) [Word Notes]
Technology, software and hardware deployed without explicit organizational approval. In the early days of the computer era from the 1980s through the 2000s security and information system practitioners considered shadow ITas completely negative.Those unauthorized systemswere nothing morethan a hindrancethat created more technical debtin organizationsthat were already swimming in it with the knownand authorized systems.
The DNA dilemma: Unraveling a 23AndMe breach.
Alethe Denis from Bishop Fox is talking with Dave and Joe with her take on the 23AndMe breach. Dave and Joe share some follow up from listener Michael, who writes in to share thoughts on our catch of the day from last episode, regarding the voice mail from Spectrum. Dave shares a story on email security, and how human factors have a heavy influence on it, especially with people's vulnerability to phishing and social engineering. Joe has two stories this week, his first story is a good wrap on the holiday's and gift card scams. Joe's second story is a...
Stolen personality?
Matt Lewis from the NCC Group joins to discuss how cybercriminals can decode your personality through AI conversations to launch targeted attacks at you. Dave and Joe share some follow up from listener Sydney, who writes in to share her thoughts on an FCC proceeding and how it could be of greater relevance to IoT security than SBOMs and HBOMs. Dave also shares a story from a listener from last Christmas, sending a warning to holiday shoppers. Dave has two stories this week, he shares one regarding an announcement on holiday scams coming out. His other story follows Zelle finally...
The grinch who hacked Christmas. [Hacking humans goes to the movies]
Thanks for joining us again for another episode of a fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch some holiday classics, describe the on-screen action for you, and then they deconstruct what they saw. Grab your Christmas cookies and join...
Reeling in some phishing trends.
Adam Bateman, Co-Founder & CEO at Push Security, is sharing some of the latest phishing trends his team has been observing. Dave and Joe share some listener follow up from Michael, who writes in with a new idea, calling it "eDeception." With the holiday season practically here, Joe shares a story about gift card scams, reminding everyone to be safe this holiday season. Dave's story follows a new iPhone update regarding stolen device protection in an upcoming version of iOS. Our catch of the day comes from listener Van who sent in an audio catch about Spectrum users. Links to...
chaos engineering (noun) [Word Notes]
The resilience disciplineofcontrolledstress testexperimentationincontinuous integration/continuous deliveryenvironments, CI/CD environments,to uncoversystemic weaknesses.
CyberWire Glossary link: https://thecyberwire.com/glossary/chaos-engineering
Audio reference link: Farnam Street, 2009. Richard Feynman Teaches you the Scientific Method [Website]. Farnam Street. URL https://fs.blog/mental-model-scientific-method/
Shielding your inbox.
Seth Blank, CTO of Valimail, joins to discuss the implications on email security on behalf of DMARC. Joe and Dave share some follow up regarding Meta, who is the parent company to Facebook and Instagram, and how they are now in a lawsuit over steering predators to children in New Mexico. Joe shares how he was almost hacked, as scammers used Peacock to lure him in. Dave's story continues with popular streaming apps being impersonated, this time with Disney+ falling victim. Joe's story follows the U.S. Attorneys Office, the FBI, and State and Local Law Enforcement Officials sharing another "Don't...
Encore: remote access Trojan or RAT (noun)
From the intrusion kill chain model,a programthat provides command and control servicesfor an attack campaign. While the first everdeployed RAT is unknown,one early exampleis Back Orificemade famousby the notorious hacktivist group calledThe Cult of the Dead Cow,or cDc,Back Orifice was writtenby the hacker,Sir DysticAKA Josh Bookbinderand released to the publicat DEFCON in 1998.
Small, medium, and large phishing trends of 2023.
Mike Price from ZeroFox sits down to discuss what 2023 phishing trends mean for the broader industry as we quickly approach 2024. Dave and Joe share a serious write in from listener Michelle who shares her pleads for her aunt, who she believes is being catfished. Listener Marc also writes in with an email that claims to be from "Walmart," that he is quite suspicious of. Joe's story follows Meta, and how they have designed products to target and harm kids. Dave's story is on bad bots and the dangers they pose with fake businesses that are maximizing their illicit...
zero knowledge proof (noun)
A mathematical methodby whichone party(the prover)can proveto another party(the verifier)that something is true,without revealingany informationapartfrom the factthat this specific statementis true.
CyberWire Glossary link: https://thecyberwire.com/glossary/zero-knowledge-proof
Audio reference link: Staff, 2022. Zero Knowledge Proofs [Video]. YouTube. URL https://www.youtube.com/watch?v=5qzNe1hk0oY
Encore: The age old battle between social engineering and banking.
ChipGibbons, CISO at Thrive, sits down with Dave to talk about how to defend against social engineering attacks in banking. Dave starts us off this week with a story about Amazon opening up its selling market to Pakistani residents, and what consequences that led to forthe organizationsbusiness. Joe's story follows a scam targeting soldiers in the Army. The Army warns against unknown individuals purporting to be noncommissioned officers that are calling said soldiers and asking them for money to fix a "pay problem" and, if questioned, threatening them with a punishment. Our catch of the day comes from listener Maniewho...
Encore: business email compromise or BEC (noun) [Word Notes]
A social engineering scamwhere fraudstersspoof an email messagefrom a trusted company officerthat directs a staff memberto transfer fundsto an accountcontrolled by the criminal.
Cops in the catfish game.
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
HIPAA (noun) [Word Notes]
A U.S. lawdesignedto improvethe portabilityand accountabilityof health insurancecoverage.
CyberWire Glossary link: https://thecyberwire.com/glossary/hipaa
Audio reference link: Dr. Dana Brems, 2021. Doctor reacts to HIPAA violations [Video]. YouTube. URL https://www.youtube.com/shorts/Ksk00s8a_IU
Unmasking the deceptive.
John Wilson, Senior Fellow, Threat Research at Fortra, joins to discuss email impersonation attacks which found that nearly 99% ofthese threats can be classified as business email compromise. Dave and Joe share some listener follow up from Terry, who writes in with some comments on episode 262 regarding cybersecurity jargon used. Joe's story comes from a listener this week, this individual writes in sharing the horror story he had to deal with when him and his wife ended up on a target list for scammers. Dave's story follows Elon Musk and Joanna Gaines, co-host of the HGTV show "Fixer Upper,"...
Encore: man trap (noun) [Word Notes]
A physical security access control device consisting of an enclosed hallway with interlocking doors on each end where both doors cant be open at the same time. A person presents credentials to the entry doorway. If authorized, the entry door opens and the person walks into the mantrap. The man trap exit door will not open until the entry door closes. The person presents credentials to the exit door. If authorized, the exit door will open. If not, the person is captured in the man trap until security arrives to handle the situation. Physical security leadership installs man traps to...
Leaving a trail of digital breadcrumbs.
This week we are joined by Harry Maugans from Privacy Bee who sits down to discuss how our digital breadcrumbs, old and new, are coming back to haunt us. Joe and Dave discuss some follow up from listener Phil, who writes in with a question about the safety of IoT and consumer devices. Dave's story follows the ever so popular YouTube, and its implemented measures to prevent users with ad blockers from watching videos. Joe shares a personal story from a friend regarding a scam he had fallen for, where the scammer got personal information and threatened him, asking for...
Common Vulnerability Scoring System (CVSS) (noun) [Word Notes]
A qualitative public frameworkfor ratingthe severityof security vulnerabilitiesin software.
CyberWire Glossary link: https://thecyberwire.com/glossary/common-vulnerability-scoring-system
Audio reference link: Peter Silva, 2020. What is Common Vulnerability Scoring System (CVSS) [Video]. YouTube. URL https://www.youtube.com/watch?v=rR63F_lfKf0
Weaponizing your out-of-office replies.
James Dyer and Jack Chapman of Egress join to discuss "Cybercriminals dont take holidays: How bad actors use this two-step phishing campaign to weaponize out-of-office replies." Dave and Joe share some listener follow up from Ron, who has a suggestion about registration specific email accounts. Joe has two stories this week, one where he shares some good news on a scammer who received some justice after taking part in a $66K romance scam. His second story is on social media and how it is a breeding ground for scammers. Dave's story this week follows how Google-hosted malvertising leads to a...
Encore: anagram (noun) [Word Notes]
A word,phrase,or sentenceformed from anotherby rearranging its letters. For example, crackinga columnartranspositioncipherby handinvolves looking for anagrams.
Spooky, scary, skeletons at the movies. [Hacking humans goes to the movies]
Thanks for joining us again for a very special and scary episode brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering, scams, and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of...
Scams, scams, and more scams.
Mallory Sofastaii, a consumer investigative reporter from WMAR TV, is joining Dave and Joe to discuss some recent scams she's seen in her reporting. Dave and Joe share some listener follow up from Kenneth who writes in with a suggestion on creating separate email addresses. Dave's story this week follows fake browser scams and how one has gotten a face lift, and what it looks like now. Joe's story is on a new term WIRED is calling "obituary pirates," people who create YouTube videos themselves casually reciting information about loved ones deaths. Our catch of the day comes from Joe...
Encore: zero-day (adjective) [Word Notes]
A class of software-security-weakness-issues where independent researchers discover a software flaw before the owners of the code discover it. Zero-day, or 0-day in hacker slang, refers to the moment the race starts, on day zero, between network defenders who are trying to fix the flaw before hackers leverage it to cause damage. It is a race because on day zero, there is no known fix to the issue.
Scoring cybersecurity in the NFL.
Joe Oregon, Chief of Cybersecurity at CISA, sits down to discuss the tabletop exercise that CISA, the NFL, and local partners conducted in preparation for Super Bowl LVIII. Joe and Dave share some listener follow up from Rory who wirtes in to talk tin foil hats. Joe's story shares the interesting finds after conducting a cybersecurity survey at ISI. Dave's story follows the 77 year old woman, Marjorie Bloom, who ended up losing over $600,000, her whole lifes savings by falling for a common tech scam. Our catch of the day comes from listener Damien who writes in with an...
A unified security incident detection and response platform that connects to multiple tools in the security stack via APIs, collects telemetry from each, and attempts to correlate that telemetry into a coherent threat picture.
CyberWire Glossary link: https://thecyberwire.com/glossary/extended-detection-and-response
Audio reference link: Film Major. 2022. Enemy of the State (1998) Faraday Cage HD Tony Scott; Will Smith, Gene Hackman Jon Voight [Video]. YouTube. URL https://www.youtube.com/watch?v=n3gy4otg-24
Encore: Ways to make fraud less lucrative.
Brett Johnson, Chief Criminal OfficeratArkose Labs, sits down with Dave to discuss his history & ways to make fraud efforts less lucrative for bad actors. Dave and Joe share some listener follow up from Graham about one way that helps him stay safe against fake URLs. Dave's story is about bomb email attacks, in which someones email is spammed with hundreds to thousands of emails in hopesofhidingimportant information contained in one of the thousands of emails, perhaps from a financial institute. Joe's story is on how the FBI is warning the public to beware of tech support scammers and how...
Encore: social engineering (noun)
The art of convincing a person or persons to take an action that may or may not be in their best interests.Social engineering in some form or the other has been around since the beginning of time. The biblical story of Esau and Jacob might be considered one of the earliest written social engineering stories. As applied to cybersecurity, it usually involves hackers obtaining information illegitimately by deceiving or manipulating people who have legitimate access to that information. Common tactics involve phishing attacks and watering hole attacks.
Encore: Is inflation affecting the Dark Web?
Dov Lerner, a Security Research Lead from Cybersixgill, sits down with Dave to discuss how inflation hasn't affected the Dark Web, including how the cratering of cryptocurrency may have affected things. Joe and Dave share some follow up from listener Pelle, who writes in about their grandmother who was scammed over the phone for her PIN, among other information, allowing the scammers to get away with much more than money. This week, Joe's story comes from a listener named Kyle, who shared an article about protecting against AiTM (adversary-in-the-middle) phishing techniques that bypass multi-factor authentication. Dave's story is about a...
A cyber information-sharing U.S. Government organization designed to foster the public-private partnership.
CyberWire Glossary link: https://thecyberwire.com/glossary/joint-cyber-defense-collaborative
Audio reference link: Jen Easterly. 2021. CISA Director Addresses the National Technology Security Coalition [Video]. YouTube. URL https://www.youtube.com/watch?v=ucb1FQXqsao
Stealing your car's identity.
This week our guest is, Sam Crowther, Kasada CEO, he's sharing his team's findings on "Stolen Auto Accounts: The $2 Price Tag on Your Cars Identity." Joe and Dave share some listener follow up from Steve who writes in sharing an email he thought to be a scam, but turned out it was real. Listener Derek writes in with a question regarding AI and phishing emails. Joe's story comes from Proofpoint as they share their 2023 State of the Phish report. Dave's story follows an email that was sent out saying that the receiver has had a sexually explicit video...
Encore: penetration test (noun) [Word Notes]
The process of evaluating the security of a system or network by simulating an attack on it. Sometimes called "ethical hacking" or white hat hacking. The phrase started to appear in U.S. military circles in the mid 1960s as time sharing computers became more necessary for daily operations. Computer security experts from Rand Corporation began describing computer compromises as penetrations. By the early 1970s, government leaders formed tiger teams of penetration testers to probe for weaknesses in various government systems.
Rooting vs routing. [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
Hackers play the evasion game.
This week our guest is, John Hammond from Huntress and he sits down to talk about spoofing and evasion techniques used by hackers. Dave and Joe share a bit of follow up, including a question form listener John who writes in asking about a passkey discussion in the last episode. Joe has a story from Reddit this week, where someone posted about a dispute they are having with their wedding caterer, where the company is saying the couple still owes them over $5,000 after the wedding has happened for umbrellas, the person posting wants to know what they should do...
Tools that automate the identification and remediation of cloud misconfigurations.
CyberWire Glossary link: https://thecyberwire.com/glossary/cloud-security-posture-management
Audio reference link: Josh Whedon. 2005. Serenity [Movie]. IMDb. URL https://www.imdb.com/title/tt0379786/
The online dating world is a jungle.
Andrew Hendel, CEO at Marshmallo, joins to share tips to safeguard your feelings and identity in the online dating world. Dave and Joe share some listener follow up from Gareth, who writes in to discuss strange emails he has been receiving. Dave's story follows a woman who was spared jail time after being manipulated by hackers into money laundering. Joe's story is from listener Doug who wrote in to the show to talk about the site he is in charge of and discusses a website he uses called "Buy me a coffee," where his viewers can buy him a coffee,...
Encore: The Bombe (noun) [Word Notes]
An electro-mechanical device used to break Enigma-enciphered messages about enemy military operations during the Second World War.The first bombenamed Victory and designed by Alan Turning and Gordon Welchman started code-breaking at Bletchley Park on 14 March 1940, a year after WWII began. By the end of the war, five years later, almost 2000, mostly women, sailors and airmen operated 211 bombe machines in the effort. The allies essentially knew what the German forces were going to do before the German commanders in the field knew. Historians speculate that the effort at Bletchley Park shortened the war by years and estimate...
Passkeys: consumer-friendly password killers?
Guest Chris Sherwood, owner of Crosstalk Solutions, joins Dave to talk about passkeys. Joe shares some listener follow-up about "revert" and side-loading applications on Android phones. Joe's story came from a listener named Kyle who sent this as a Catch of the Day (COTD) about a phishing scam email conversation about event sponsorship. Dave discusses something he saw on Mastodon from user Bjorn about some fraudulent bank charges and stopping a scam in process. Our COTD is from listener Alec about a potential dating scam offering over Instagram. Links to follow-up and stories: Follow-up on side-loading applications (Note, we do...
single sign-on (SSO) (noun) [Word Notes]
A session and user authentication Zero Trust tactic that allows a user to access multiple applications with one set of login credentials.
CyberWire Glossary link: https://thecyberwire.com/glossary/single-sign-on
Audio reference link: English, J., 2020. What is Single Sign-On (SSO)? SSO Benefits and Risks [Video]. YouTube. URL https://www.youtube.com/watch?v=YvHmP2WyBVY
Exercise caution: online shopping edition.
Oren Koren, CPO and Co-Founder of Veriti, is discussing the need for vigilance and caution when navigating the online shopping landscape. Dave and Joe share quite a bit of listener follow up, one listener writes in for some clarification on the "AI versus AI" episode regarding Google giving their source code so they can do business in China, when in fact it was 2 other companies. Listener Miguel brings our next bit of follow up, he writes in to discuss financial crimes and shares a story based on a story shared on the show. Our last piece of follow up...
Encore: cross-site scripting (noun) [Word Notes]
From the intrusion kill chain model, a malicious code delivery technique that allows hackers to send code of their choosing to their victims browser. XSS takes advantage of the fact that roughly 90% of web developers use the JavaScript scripting language to create dynamic content on their websites. Through various methods, hackers store their own malicious javascript code on unprotected websites. When the victim browses the site, the web server delivers that malicious code to the victims computer and the victims browser runs the code.
Hunting the hackers.
Selena Larson and Tim Utzig discussing research titled "Twitter Scammers Stole $1,000 From My FriendSo I Hunted Them Down." Joe and Dave share a bit of follow up this week, they discuss Hawaii fire scams, and listener Steve writes in regarding some comments about the recent scammer quiz Joe and Dave took, lastly listener John writes in and shares his thoughts on a discussion a couple weeks ago regarding Google Maps. Joe has two stories this week, one is regarding how Joe was close to being scammed by a fake website, the second story is from listener George who wrote...
Encore: credential stealing (verb) [Word Notes]
From the intrusion kill chain model, the first part of an exploitation technique where the hacker tricks their victims into revealing their login credentials. In the second part of the technique, hackers legitimately log into the targeted system and gain access to the underlying network with the same permissions as the victim. Hackers use this method 80% of the time compared to other ways to gain access to a system like developing zero day exploits for known software packages. The most common way hackers steal credentials is with some version of a phishing attack.
AI versus AI.
Blair Cohen from AuthenticID joins Dave to discuss how generative AI and authentication go hand in hand. Joe and Dave share some follow up from listener Robert who discusses an ad for a device that uses ChatGPT to record phone calls on your device. Dave helps his dad out with his computer and shares the tale. Dave also shares a story this week on the FBI warning against scammers who are posing as NFT devs to try and steal your crypto. Joe and Dave test their scammer catching skills while taking a test to see if they are smarter than...
two-factor authentication (noun) [Word Notes]
An authentication process that requires two different factors before granting access.
CyberWire Glossary link: https://thecyberwire.com/glossary/two-factor-authentication
AI: A battle between heroes and villains.
Dave Baggett from INKY joins Dave to dive into the latest phishing trends and discuss a broader view of how AI is being used by both the good guys and the bad guys. Joe's story this week dives into the APT with an entirely too cool name, Midnight Blizzard, that has been conducting targeted social engineering towards the popular Microsoft Teams. Dave's story this week follows a Facebook Market user who dodged one scam, just to fall right back into another one. Our catch of the day comes from listener Mauricio who writes in an shares a funny voicemail regarding...
Encore: phishing (verb) [Word Notes]
From the intrusion kill chain model, the delivery of a lure to a potential victim by pretending to be some trustworthy person or organization in order to trick the victim into revealing sensitive information. According to Knowbe4, the word phishing first appeared in a Usenet newsgroup called AOHell in 1996 and some of the very first phishing attacks used AOL Instant Messenger to deliver fake messages purportedly from AOL employees in the early 2000s. The word is part of l33tspeak that started in the early days of the internet (1980s) as a shorthand to let readers know the author was...
Are you pretending to be Russian? [Hacking humans goes to the movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
Privacy matters when it comes to ChatGPT.
Raj Ananthanpillai from Trua joins Dave to discuss privacy concerns and what you shouldn't share with ChatGPT. Dave and Joe share some listener follow up from Clayton who shares some comments on a previous episode where Dave discusses bomb threats to retail stores for ransom. Dave's story follows Google rapidly trying to correct bogus airline phone numbers that were discovered this week. Joe's story is on an Android app called "Spyhide" which is a phone surveillanceapp, that has been collecting private phone data from tens of thousands of Android devices around the world. Our catch of the day is from...
iCloud keychain (noun) [Word Notes]
A cloud basedsensitive informationmanagement systemthat allows usersaccessacross multiple devices.
CyberWire Glossary link: https://thecyberwire.com/glossary/icloud-keychain
Audio reference link: Ellens Tips For iOS, 2022. How To Master iCloud Keychain to Keep Your Passwords Safe and Secure [Video]. YouTube. https://www.youtube.com/watch?v=Tl3E29iUvgE
Reducing risk in the cyber community.
Perry Carpenter joins Dave to discuss his book "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer." Joe and Dave share some listener follow up on messing with scammers, and how dangerous that actually can be. Joe's story follows hackers trying to steal your secrets using infected USB drives. Dave's story is on a tech executive and how they fell victim to a dating site scam, where the perpetrator was able to gain $450,000 from someone who just thought they found their soulmate. Our catch of the day this week comes from listener...
Encore: darknet (noun) [Word Notes]
A subset of the internet where communications between two parties or client-server transactions are obscured from search engines and surveillance systems by layers of encryption. The U.S. Navy designed the original Darknet by developing The Onion Router network, or TOR, back in the 1990s. Roger Dingledine and Nick Mathewson deployed the first alpha implementation in 2002 with some initial funding by the Electronic Frontier Foundation (EFF.) The TOR Project became a non-profit in 2006 and is funded by the U.S, Sweden, different NGOs, and individual sponsors.
Barking up the wrong Facebook page.
Mallory Sofastaii, consumer investigative reporter from WMAR TV, is discussing animal rescue organizations on Facebook pages being taken over by hackers. Listener George writes in to share how his bank is not doing enough to protect against fraud going on. Dave's story follows scammers using new tricks, across the nation, to receive bitcoin and gift cards after threatening stores with bomb scares. Joe has the story on Chinese hackers that have targeted the Commerce Secretary Gina Raimondo and other State and Commerce Department officials. Our catch of the day comes from listener Steve who shares a fishy looking email stating...
Encore: rogue access point (noun) [Word notes]
1. A wireless access point installed by employees in an office or data center environment as a convenience to connectivity without the consent or the knowledge of the network manager. 2.A wireless access point, sometimes called an Evil Twin, installed by a cyber adversary in or near an office or data center environment designed to bypass security controls, gain access, and/or surveil the network traffic of the victims network. Both kinds, the employee installed and the adversary installed rogue access points, increase the attack surface of the organization. The employee installed device, because of its electronic footprint range, might make...
Encore: The rise in fraudulent online content.
Guest Jane Lee, Trust and Safety Architect from Sift joins Dave to discuss the rise of fraudulent online content and fake crypto platforms. Dave and Joe share some listener follow up regarding the debate over "mum" versus "mom" and who speaks which pronunciation more. Dave has two stories this week, one story follows a Twitter thread about a man who shared his story about selling a desk on Facebook and the dangers that come with that. His second story is about how hackers are using a clever new phishing technique to create email threads with multiple responses to trick potential...
Encore: NMAP (noun) [Word Notes]
A network mapping tool that pings IP addresses looking for a response and can discover host names, open communications ports, operating system names and versions. Written and maintained by Gordon Lyon, a.k.a. Fyodor, it is a free and open source software application used by both system admins and hackers alike and has been a staple in the security community for well over two decades.
CyberWire Glossary link: https://thecyberwire.com/glossary/nmap
Indicators to insider threats.
Our UK correspondent Carole Theriault is talking with London insurance market CISO Thom Langford about insider threats. Joe and Dave share some listener follow up from Waldo who writes in to share a video explaining how bad guys are able to hack users. Joe shares a report from Verizon, one of the industries leading phone companies, about social engineering. Dave's story follows a gentleman who was able to steal one million dollars from at least 700 DoorDash drivers, and now police are warning against this sophisticated phishing scam. Our catch of the day comes from listener Ami who writes in...
Encore: Diamond Model (noun) [Word Notes]
A cyber threat intelligence analysis model that defines relationship pairs between four core components in the shape of a diamond of adversary playbook activity across the intrusion kill chain: the adversary, their capability, the infrastructure used or attacked, and the victim.
CyberWire Glossary link: https://thecyberwire.com/glossary/diamond-model
Audio reference link:Diamond Presentation v2 0: Diamond Model for Intrusion Analysis Applied to Star Wars Battles, Andy Pendergrast and Wade Baker, ThreatConnect, YouTube, 4 February 2020.
Beware ChatGPT curious: Fleece-ware chabot apps.
Guest Sean Gallagher, Principal Researcher with Sophos Xops team, joins us to discuss "'FleeceGPT' mobile apps target AI-curious to rake in cash. Joe shares some listener feedback from Jon about "No Stupid Questions" podcast. Dave's story is from Reddit about a free piano scam. Joe's got a story on a woman pleading with her bank to stop a fake wire transfer, but they were too busy. Our Catch of the Day comes from Rob about a fake student loan help ticket. Links to stories: FleeceGPT mobile apps target AI-curious to rake in cash Just ran into the most sophisticated "free...
CISA (noun) [Word Notes]
A US Departmentof Homeland Securityagencytasked withsupportingcyberand physical securityfor US critical infrastructure.
CyberWire Glossary link: https://thecyberwire.com/glossary/cybersecurity-and-infrastructure-security-agency
Audio reference link: CISA, 2021. CISA Director Jen Easterlys Keynote at Black Hat USA 2021 [Video]. YouTube. URL https://www.youtube.com/watch?v=q7bu-L-m4K4.
spam (noun) [Word Notes]
Unsolicited, unwanted, and sometimes malicious electronic messages indiscriminately transmitted to a large number of people.
CyberWire Glossary link: https://thecyberwire.com/glossary/spam
Audio reference link: zumpzump, 2007. Monty Python - Spam [Video]. YouTube. URL https://www.youtube.com/watch?v=anwy2MPT5RE.
Risky chat applications.
Toby Pischl, Head of Information & Email Security at Broadcom, sits down with Dave to discusshowSlack and Microsoft Teams phishing is an open door into businesses. Joe and Dave share some follow up regarding a case of a woman claiming to have cancer to receive over $37,000 from donors on GoFundMe. Joe has the terrible story out of Michigan where a high schooler committed suicide after a sextortion scam. Dave has a story on job seekers around the country and how likely they are to fall for a job scam. Our catch of the day comes from listener Albert, who...
CISA (noun) [Word Notes]
A US Departmentof Homeland Securityagencytasked withsupportingcyberand physical securityfor US critical infrastructure.
CyberWire Glossary link: https://thecyberwire.com/glossary/cybersecurity-and-infrastructure-security-agency
Audio reference link: CISA, 2021. CISA Director Jen Easterlys Keynote at Black Hat USA 2021 [Video]. YouTube. URL https://www.youtube.com/watch?v=q7bu-L-m4K4.
Replier attacks: the latest tool in a hacker's arsenal.
This week, Jeremy Fuchs from Avanan joins Dave to discuss how hackers are using replier attacks. Replier attacks are attacks in which hackers change the reply-to address to send emails from what appears to be a reputable company, when in reality it's a spoofed account. Joe and Dave share some follow up from listeners Wayne who writes in with some comments on episode 245, and listener Michael, who writes about his first ChatGPT experience. Dave's story follows the alarming new trend happening, where sextortionists are making AI nudes from people's social media images. Joe's story uncovers the social engineering trick...
dumpster diving (noun) [Word Notes]
The act of searching through an organization's trash for discarded sensitive material.
CyberWire Glossary link: https://thecyberwire.com/glossary/dumpster-diving
Audio reference link: Better Call Saul jimmy digs in the Sandpiper trash scene, uploaded by Robert Bowersock, 18 September 2022.
Criminals...assemble! [Hacking humans goes to the movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
The rise of ChatGPT: A look into the future of chatbots.
This week, our CyberWire UK CorrespondentCarole Theriaultis talking with Paul Ducklin from Sophos about where ChatGPT could be going in the future. Joe and Dave share quite a bit of follow up from listeners, discussingseveral people writing in about dating apps and the men who use them, along with a question from listener Bryan who asks about an email scheme an intern working for his company received. Joe's storyhones in onAI, discussingin particular howartificial intelligenceis changing the social engineering game forever. Dave has the story on how hackers hide malicious links within pictures to redirect users to phishing sites. Our...
SEO poisoning (noun) [Word Notes]
The manipulation of search engine optimization, SEO, to promote malicious sites in search engine results.
CyberWire Glossary link: https://thecyberwire.com/glossary/search-engine-optimization-poisoning
Audio reference link: Brown, B.E., 2021. The Ending Of The Waldo Moment Explained [Video]. YouTube. URL https://www.youtube.com/watch?v=HsWja44-EMg.
Are you who you say you are?
Bala Kumar of Jumio joins to discuss how travel companies can combat the exponential rise in fraud and ensure their traveler is who they say they are. Dave and Joe share some listener follow up, with thefirst from Matt,who writes in with a strange Dick's Sporting Goods story about gift cards and credit cards. Our second follow up comes from listener King,who writes in regarding the QR discussion in episode 243. Dave's story follows how almost every USstatehassued a telecom companyafter being accused of routing billions of illegal robocalls to millions of USresidents on the do not call list. Joe's...
passkey (noun) [Word Notes]
A passwordless authentication protocol based on the FIDO2 standard.
CyberWire Glossary link: https://thecyberwire.com/glossary/passkey
Audio reference link: Summers, J., 2023. Google Passkeys Have Arrived (heres how to use them) [All Things Secured Channel]. YouTube. URL https://www.youtube.com/watch?v=oFO7JgUx-bU.
catfish (noun) [Word Notes]
The practiceof craftinga fake online personafor malicious purposes.
CyberWire Glossary link: https://thecyberwire.com/glossary/catfish
Audio reference link: netbunny, 2013. Catfish - The Movie - Ending Scene [Movie Scene]. YouTube. URL https://www.youtube.com/watch?v=qR_NIN6zy0U
Bringing in the human side of scamming.
Nick Percoco from Kraken sits down to discuss the human factor of crypto scams, including going over common red flags and what to do when a third party is exerting pressure that taps into a human emotions. Listener Sean writes in with some follow up to discuss the increase in AI scams and if people would be more likely to talk about falling for these scams as AI becomes better and better. An anonymous listener also reached out with some follow up regarding there experience with corporate ID theft. Joe's story follows the report on "dark patterns," and what they...
QR code phishing (noun) [Word Notes]
A type of phishing attackthat usesQR codesas the lure.
CyberWire Glossary link: https://thecyberwire.com/glossary/qr-code-phishing
Audio reference link: KNR, 2018. Batman The Dark Knight Joker bomb blast by phone calls scene [Video]. YouTube. URL https://www.youtube.com/watch?v=qB_fXfzB4z0.
Who says the perfect heist doesn't exist? [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
Data privacy in a consumers world.
Our guest, Mark Kapczynski from OneRep, joins Dave to discuss what consumers should know about data privacy. Listener Jon writes in to the show with some follow-up with some thoughts on tap interface. Another anonymous listener wrote into the show discussing ethical hacking. Dave's story is on fake QR codes and how people are getting scammed out of money after receiving a fake QR code parking ticket survey. Joe's story follows an attempted attack at Dragos and what they didn't get. Our catch of the day comes from listener Richard who writes in with a fun scam he caught from...
attribution (noun) [Word Notes]
Definition one: The recognition of a set of repeatable attack patterns across the intrusion kill chain.
Definition two: Determining the responsibility for offensive cyber operations.
CyberWire Glossary link: https://thecyberwire.com/glossary/attribution
Audio reference link: Nunnikhoven, M., 2018. Cybersecurity Basics #9 - Attack Attribution [Video]. YouTube. URL www.youtube.com/watch?v=rlyMz5jN_Vs
Remedies for infectious computers.
Our guest, CW Walker, Director of Security Product Strategy at SpyCloud, joins to discuss post-infection remediation and ransomware defense. Joe compliments one of his least favorite big tech companies. Joe and Dave share quite a bit of follow-up; one from listener Clayton who writes in about fast idiots from a previous episode. The other is from listener Robert, who writes in about the wallet versus smart phone debate, and which is safer. Joe shares a few stories this week, all regarding ATM scams and lost or stolen credit cards including his own sons ATM nightmare. Dave's scary story is on...
spear phishing (noun) [Word Notes]
A type of cyber attack where an attacker sends a targeted and personalized email or other form of communication to a specific individual or a small group of individuals with the intention of tricking them into divulging sensitive information, such as a password, or convincing them to click a malicious link that will enable the attacker to take control of the victim's machine.
CyberWire Glossary link: https://thecyberwire.com/glossary/spearphishing
Audio reference link: Richardson, T., 2014. What is the difference between phishing and spear-phishing? [Video]. YouTube. URL www.youtube.com/watch?v=Wpx5IMduWX4.
Encore: Human errors and why they're made.
Josh Yavor, CISO at Tessian, joins Dave to discuss a new report they released on cyber mistakes and why employees make them. Joe and Dave share a listener follow-up from Jon, who writes in about mental illness, a serious epidemic taking over the nation. Jon shares interesting tidbits on social media linking to mental illness and the impact it's creating. Dave's story is on hackers trying an old trick with new mechanics: impersonating well known companies. This time, hackers are posing as Quickbooks. Joe's story describes how LinkedIn users are being targeted yet again. These fraudsters are now creating significant...
resiliency (noun) [Word Notes]
The abilityto continuously deliverthe intended outcomedespiteadversecyber events.
CyberWire Glossary link: https://thecyberwire.com/glossary/resiliency
Audio reference link: Cameron, J., 1984. The Terminator [Movie]. IMDb. URL www.imdb.com/title/tt0088247/.
Clip Nation, 2012. The Arnold Schwarzenegger Ill Be Back Supercut [Video]. YouTube. URL www.youtube.com/watch?v=-YEG9DgRHhA.
Coops, C., 2013. Terminator 2 Theme [Video]. YouTube. URL www.youtube.com/watch?v=pVZ2NShfCE8.
Is the industry ready for AI?
This week, Carole Theriault, CW UK correspondent, sits down with Cisco Talos' Vanja Svacjer discussing if the security industry is ready for AI. Joe and Dave share some follow up regarding a new term, "yahoo boy" after reading it in an article. Joe's follows a story about a scam where five mastermind business men were able to scam ordinary investors out of a billion dollars. Dave's story is on a basic iPhone feature that is helping criminals steal your entire digital life. Our catch of the day comes from William who writes in about an email he received from "Bob...
Security Operations Center (SOC) (noun) [Word Notes]
A centralized facility or team responsible for monitoring, detecting, analyzing, and responding to cybersecurity incidents within an organization.
CyberWire Glossary link: https://thecyberwire.com/glossary/security-operations-center
Audio reference link: AT&T Tech Channel, 2012. A tour of AT&Ts Network Operations Center (1979) [Video]. YouTube. URL www.youtube.com/watch?v=cigc3hvMyWw.
Lazarus Group: Breaking down the evolution.
This week, our guests are Jean Lee and Geoff White from BBC and the Lazarus Heist talking about what is coming up in Season 2 of their show and how the Lazarus Group is evolving. Joe briefly discusses Generative AI before going into his stories for this week. Joe's first story comes from Lauren Jackson from WBRC who writes in with a disturbing tire scam causing businesses to lose thousands. Joe's second story is from David Sentendrey from KDFW, who shares a story about a woman who fell victim to a romance scam loosing $75,000. Daves story follows a casino...
Hunt forward operations (noun) [Word Notes]
Defensive cyber operations carried out by U.S. Cyber Command's Cyber National Mission Force, CNMF at the request of allied nations.
CyberWire Glossary link: https://thecyberwire.com/glossary/hunt-forward-operation
Audio reference link: Paul Nakasone, G., 2022. Vanderbilt Summit Keynote [Video]. YouTube. URL www.youtube.com/watch?v=Axg4s9l9wi0.
Inside the history of a child hacker.
Paul Dant, Illumio's Senior Director for Cybersecurity Strategy and Research, is sharing how his history as a child hacker informed his thinking today. Joe and Dave share some listener follow up from Anthony, who writes in about a scam from the app Nextdoor, regarding scammers trying to upgrade Xfinity customers using their computers rather than the usual method, which throws up red flags. Dave's story this week follows a principal from a Florida science and technology charter school who mistakenly wrote a check for $100,000 to an Elon Musk impersonator. Joe's story is on email compromise, and the increase we...
Cyber gravity (noun) [Word Notes]
The invisible force that governs the movement of data across networks.
Audio reference link: Things to Come 1936 - HG Wells. YouTube, YouTube, 28 Sept. 2011, https://www.youtube.com/watch?v=atwfWEKz00U.
As a scammer, sometimes you need to fake it till you make it. [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
Protecting against financial cybercrimes.
Keith Houston, Chief prosecutor in financial cybercrimes at Harris County District Attorney's Office in Houston, TX, shares some scams that have come through his office and advice on how to protect yourself. Dave and Joe share some follow up from listener Nevile, who writes in about a news story he came across regarding pendrive bombs, wondering what do you do if you're a reporter and someone sends you a scoop in a pendrive? Joe has two stories regarding AI, and how scammers were able to use AI software to clone voices the victims would recognize and then con them out...
Artificial Intelligence (AI) (noun) [Word Notes]
The ability of computers to execute tasks typically associated with human intelligence, including natural language processing, problem solving, and pattern recognition.
CyberWire Glossary link: https://thecyberwire.com/glossary/ai
Audio reference link: Staff, 2016. Alan Turing - The Imitation Game - Can Machines Think? [YouTube Video]. Learn Understand Create. URL www.youtube.com/watch?v=Vs7Lo5MKIws.
Seeking employment fraud?
Kathleen Smith, CMO from ClearedJobs.Net sits down with Dave to talk about how job seekers are susceptible to employment fraud. Joe and Dave share some listener follow up from Steve, who writes in to share a scary and frustrating story as hackers were able to scam their way into his and his wifes Verizon Wireless account. Dave's story follows giveaway scams, which are scams that impersonate celebrities and brands, most notably Elon Musk and the companies he is associate with, to try and get victims to believe they have won a large sum of cryptocurrency. Joe's story is on a...
Certification (noun) [Word Notes]
A credential demonstrating an individual's knowledge in the field of cybersecurity, usually obtained by passing an exam or series of exams.
CyberWire Glossary link: https://thecyberwire.com/glossary/certification
Audio reference link: Bombal, D., 2022. Are certifications important in Cybersecurity? [Video]. YouTube. URL www.youtube.com/watch?v=Zdgf_Wr82rs.
Fingerprinting fights off fraud? [Hacking Humans Goes to the Movies}
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
Do you have curtains on your house?
On this episode, the CyberWire's UK Correspondent Carole Theriault talks with Iain Thomson from the Register about why he has no IoT in his house and what advice he offers for those who do. Joe's story features ten social engineering techniques. Dave has a story starts with an order by the FTC against Epic Games for tricking users to make in-game purchases in Fortnite using dark patterns. Our Catch of the Day comes from listener Lauren sharing a phishing attempt at her company where the scammers obviously did their homework on who to contact in the organization. Links to stories:...
Network slicing (noun) [Word Notes]
A technique used to create virtual networks within a shared physical network infrastructure.
CyberWire Glossary link: https://thecyberwire.com/glossary/network-slicing
Audio reference link: Whitehead, D.N., 2021. 5G Smart Networks Part 1: Network Slicing [Video]. YouTube. URL www.youtube.com/watch?v=dCt3rYODZ7g.
Changing the face of identity.
Eric Olden, Chief Executive atStrata,sits down with Dave to discuss the changing face of identity;where weve been, where are going,and the bumps along the way. Dave and Joe share some listener follow-upfrom Michael,who writes in about advertisements on YouTube and other social networks claiming magical results. Dave's story follows a new tool released by the National Center for Missing and Exploited Children (NCMEC) to help with slow and stop the spread of sextortion of minors. Joe's story is on a LinkedIn post by Gary Warner regarding why we have so much fraud. Our catch of the day is from listener...
Device trust (noun) [Word Notes]
The processof verifyingthat a deviceis known,secure,and uncompromisedbeforeallowing itto connectto a networkor access resources.
CyberWire Glossary link: https://thecyberwire.com/glossary/device-trust
Audio reference link: Favorite Scene of Alan Rickman from Die Hard. YouTube, YouTube, 14 Jan. 2016, https://www.youtube.com/watch?v=mklnXM3LIXo.
Encore: Scams in the media.
Mallory Sofastaii from Baltimore's WMAR 2 News sits down with Joe to talk about some recent stories on scams she's covered on Matter for Mallory. Dave and Joe share some listener follow up from Robert who writes in about the technical means to protect phones from robocalls. He shares some insight on how carriers up in the north are able to protect phones. Dave shares a twitter thread from Brian Jay Jones, who is an author of biographies of Jim Henson, George Lucas and Dr. Seuss, who shares how he would have almost had his Twitter account hijacked if it...
ZTNA (noun) [Word Notes]
A technology set design to support the cybersecurity first principle strategy of zero trust, that limits device people and software component access to only designated authorized resources and nothing more.
CyberWire Glossary link: https://thecyberwire.com/glossary/zero-trust-network-access
Audio reference link: Zero Trust Explained by John Kindervag. YouTube, YouTube, 2 Oct. 2022, https://www.youtube.com/watch?v=-LZe4Vn-eEo.
Saving the world from cybercrime.
Dan Golden and Renee Dudley, reporters at ProPublica and authors of "The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World from Cybercrime," discuss their book. Dave and Joe share some follow up form listener Ignacio who writes in to share thoughts on Joe's preference to using open source options for password managers. Joe's story this week follows Coinbase, who recently had a cybersecurity breach but their cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information. Dave's story is on people trying to gain...
GDPR (noun) [Word Notes]
A data privacy legal framework that applies to all countries in the European Union, regulating the transmission, storage, and use of personal data associated with residents of the EU.
CyberWire Glossary link: https://thecyberwire.com/glossary/general-data-protection-regulation
Audio reference link: Mr. Robot Predicts JPM Coin! YouTube, YouTube, 14 Feb. 2019, https://www.youtube.com/watch?v=1ee-cHbCI0s.
Password managers and their benefits.
Corie Colliton Wagner fromSecurity.orgjoins to discuss thecompanysresearch of password manager tools and their benefits, identity theft, and the market outlook for PW managers. Dave and Joe share quite a bit of follow up from listeners Mitch, Neville, and Richard. Mitch writes in to share about gift card scams, and Neville and Richard both share their thoughts on the pros and cons of having a cloud-based password manager. Dave's story is about employees around the globe and their internet habits inside the workplace. Joe's story follows a new release of data from the FTC on romance scams, including the top lies...
ChatGPT (noun) [Word Notes]
A conversational language model developed by the company OpenAI.
CyberWire Glossary link: https://thecyberwire.com/glossary/chatgpt
Audio reference link: jeongphill. Movie - Her, First Meet OS1 (Operation System One, Os One, OS1). YouTube, YouTube, 29 June 2014, https://www.youtube.com/watch?v=GV01B5kVsC0.
Scamming through generations.
Mathieu Gorge from VigiTrust sits down to discuss the different ways that online attackers target younger and older generations, and what the cybersecurity industry can and should do to protect them. Dave and Joe share some listener follow up from Greg who writes in regarding porch pirates possibly finding a new way to steal packages. In Joe's story this week, we learn that while ransomware was down last year, more and more people are clicking on phishing emails. Dave's story follows Ahad Shams, the co-founder of Web3 metaverse gaming engine startup Webaverse, who ended up getting $4 million of his...
Man-in-the-Middle (noun) [Word Notes]
A cyber attack technique where adversaries intercept communications between two parties in order to collect useful information or to sabotage or corrupt the communication in some manner.
CyberWire Glossary link: https://thecyberwire.com/glossary/man-in-the-middle-attack
Appearances count in the scam business. [Hacking Humans Goes to the Movies]
Welcome to Season 3 of Hacking Humans Goes to the Movies. Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and...
A boom of infostealers and stolen credentials.
Keith Jarvis, Senior Security Researcher from Secureworks Counter Threat Unit (CTU), shares his thoughts on the alarming rise of infostealers and stolen credentials. Dave and Joe share some listener follow-up from Ron who writes in about a book, entitled "Firewalls Don't Stop Dragons" by Carey Parker, which he finds as a helpful resource when it comes to cybersecurity. Dave's story follows password management companies and how they might not be as safe as what we presume them to be, most notably the LastPass breach in the last month. Joe has two stories this week, his first on a 19 year...
NIST (Noun) [Word Notes]
A branch of the US Department of Commerce whose stated mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
CyberWire Glossary link: https://thecyberwire.com/glossary/national-institute-of-standards-and-technology
Audio reference link: Center, M.I., 2022. 2022 Meridian Summit: Cultivating Trust in Technology with NIST Director Laurie Locascio [WWW Document]. YouTube. URL https://www.youtube.com/watch?v=o43Y9Tk8ZVA (accessed 1.26.23).
A war on commerce.
J. Bennett from Signifyd discusses the fraud ring that has launched a war on commerce against US merchants over the past few months. Joe and Dave share some listener follow up from Jon who writes in about an email he almost fell victim to. Joe shares two stories this week, the first on how scammers were seen posing as tech support at two US agencies in an attempt to hack their employees. Joe's second story is on a woman trying to steal 2.8 million for an elderly Holocaust survivor. Dave's story follows how an ad scam was able to break...
CIRT (noun) [Word Notes]
A team responsible for responding to and managing cybersecurity incidents involving computer systems and networks in order to minimize the damage and to restore normal operations as quickly as possible.
CyberWire Glossary link: https://thecyberwire.com/glossary/cirt
Audio reference link: Avery, B., 2017. 24 TV May 05 Season4 [WWW Document]. YouTube. URL https://www.youtube.com/watch?v=Gq_2xPuqI-E&list=PLGHedLavrFoGsea1ZCHBm9-nK5FdM3_Kd&index=10.
Interview with the AI, part one. [Special Editions]
Cybersecurity interview with ChatGPT. In part one of CyberWires Interview with the AI, Brandon Karpf interviews ChatGPT about topics related to cybersecurity. Rick Howard joins Brandon to analyze the conversation and discuss potential use cases for the cybersecurity community. ChatGPT is a chatbot launched by OpenAI and built on top of OpenAIs GPT-3 family of large language models. Cyber questions answered by ChatGPT in part one of the interview. What were the most significant cybersecurity incidents up through 2021? What leads you to characterize these specific events as significant? What were the specific technical vulnerabilities associated with these incidents? Who...
Outsmarting the scammers.
Nadine Michaelides from Anima People sits down with Dave to discuss preventing insider threat using behavioral science and psych metrics. Joe and Dave share some follow up regarding a Facebook scammer who is targeting Joe, as well as a letter from listener Richard who write in about business emails and the compromised warning signs they send about dangerous emails coming from outside the company. Dave shares a story about hackers who are setting up fake websites to promote malicious downloads through advertisements in Google search results. Joe's has two stories this week, one is about the latest scam in the...
PUP (noun) [Word Notes]
A software program installed unintentionally by a user that typically performs tasks not asked for by the installer.
CyberWire Glossary link: https://thecyberwire.com/glossary/potentially-unwanted-program
Audio reference link: Butler, S., 2022. Potentially Unwanted Programs (PUPS) EXPLAINED [Video]. YouTube. URL https://www.youtube.com/watch?v=5L429Iahbww (accessed 1.6.23).
The front lines of ransomware attacks.
Rohit Dhamankar from Fortras Alert Logic joins Dave to discuss the decline in ransomware attacks and lessons learned from the front lines. Dave and Joe share some listener follow up from Keith regarding Dave's story from last episode and how he recognizes the scams being mentioned and offers his opinions on the matter. Joe shares two stories this week, one about his ironclad gift he gave to his wife, with his second story followingthe buzz surrounding OpenAI, creators ofChatGPT,theirnew interface for their Large Language Model (LLM) and how it works. Dave's story also follows ChatGPTin a different direction. His story...
Ransomware (noun) [Word Notes]
Malware that disables a system in exchange for a ransom, usually by encrypting the system's data until the user pays for the decryption key.
CyberWire Glossary link: https://thecyberwire.com/glossary/ransomware
Audio reference link: https://watch.amazon.com/detail?gti=amzn1.dv.gti.d6a9f744-47b0-ac70-aa56-b31fd0f58482&territory=US&ref_=share_ios_season&r=web
The age old battle between social engineering and banking.
ChipGibbons, CISO at Thrive, sits down with Dave to talk about how to defend against social engineering attacks in banking. Dave starts us off this week with a story about Amazon opening up its selling market to Pakistani residents, and what consequences that led to forthe organizationsbusiness. Joe's story follows a scam targeting soldiers in the Army. The Army warns against unknown individuals purporting to be noncommissioned officers that are calling said soldiers and asking them for money to fix a "pay problem" and, if questioned, threatening them with a punishment. Our catch of the day comes from listener Maniewho...
Service Set Identifier (SSID) (noun) [Word Notes]
The nameof awirelessaccess point.
CyberWire Glossary link.
Audio reference link: SSID Management - CompTIA Security+ SY0-401: 1.5, Professor Messer, uploaded August 3rd, 2014.
Leveraging credentials online and off isn't going away.
Guest Eric Levine, Co-founder and CEO at Berbix, joins Dave to discuss identity fraud. Dave and Joe share comments from listener Chris on a series of SMS messages he got from "Wells Fargo." Joe's story previews what is coming for social engineering attacks in 2023 and how to prepare to improve your safety online, while Dave's story is about sextortion scammers in rural India and how they are blackmailing victims. Our catch of the day comes from listener George who's been receiving a lot of scam messages via WhatsApp and how he played along with one of them. Links to...
Advanced Encryption Standard (AES) (noun) [Word Notes]
A U.S. Government specification for data encryption using an asymmetric key algorithm.
CyberWire Glossary link: https://thecyberwire.com/glossary/advanced-encryption-standard
Audio reference link: papadoc73. Claude Debussy: Clair De Lune. YouTube, YouTube, 6 Oct. 2008.
Sisters, grifters, and shifters. [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
The CyberWire: The 12 Days of Malware.[Special Editions]
Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game!Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of...
How to avoid Instagram scams.
This week, Carole Theriault sits down to interview Dr. Jessica Barker from Cygenta to discuss the latest Instagram scams and how to avoid them. Dave and Joe share some follow-up on Apple, why they are being sued, and how you can protect yourself, as well as a new USPS scam affecting Connecticut. Dave's story follows a message board on smartphones being stolen and what happens after the thieves obtain the stolen phone. Joe's story is on a complex scam where the scammers choose ambitious individuals to turn into the scammers. Our catch of the day comes from listener Jay, who...
Data Loss Protection (DLP) (noun) [Word Notes]
A set of tools designed to safeguard data while in use in motion and at rest.
CyberWire Glossary link: https://thecyberwire.com/glossary/data-loss-prevention
Audio reference link: HistoryHeard. Data Loss Prevention - CompTIA Security+ SY0-501 - 2.1, Professor Messer, uploaded 20 November 2017
Sometimes it's scripted and others, it's a target of opportunity. [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
Disinformation and verification.
Kaspars Ruklis, the Program Manager for Media Literacy from IREX sits down with Dave to talk about the very verified media literacy program. Dave and Joe share some listener followup on some of the business' common language, this week, listener Vicki asks about the term "EULA" and what it stands for. Joe's story follows a scam that is particularly alarming around the holiday's, about fake barcodes on gift cards. A former police officer found this scam as she was trying to check out with a gift card and the cashier pulled off a fake barcode. Dave's story is all about...
Domain Naming System (DNS) (noun) [Word Notes]
A system that translates text-based URLs to their underlying numerical IP addresses.
CyberWire Glossary link: https://thecyberwire.com/glossary/domain-name-system-dns
Audio reference link: HistoryHeard. History Heard: Paul Mockapetris. YouTube, YouTube, 5 Apr. 2009.
Keeping the scams in the family. [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
Do not get your news on social media.
Guest Giulia Porter, Vice President of RoboKiller, discusses their mid-year report on phone scams. Following that phone scam line, Dave has a story about the international takedown of online crimeware that spoofed caller ID with a service called iSpoof. Dave notes there are some helpful tips for scams related to caller ID included in the article. Joe talks about news on social media (note: Joe's stance is: DO NOT get your news on social media). He talks about several pieces he found on leadstories.com while doing research for an article about news on social media. Joe shares some examples from...
Pretexting (noun) [Word Notes]
A social engineering technique in which a threat actor poses as a trusted person or entity in order to trick the victim into disclosing information or performing an action that benefits the attacker.
CyberWire Glossary link: https://thecyberwire.com/glossary/pretexting
Audio reference link: Batch Pin Hurt Charlize Theron Skin | the Italian Job (2003) Movie Scene. YouTube, YouTube, 22 Nov. 2016.
A vishing competition and a Black Badge holder.
This week, Carole Theriault is interviewing DEFCON Black Badge holder Chris Kirsch from RunZero on the recent DEFCON 30 vishing competition. Dave and Joe share some listener follow up from 3 different listeners, who share stories on disposable email addresses, as well as a little insight on a Best Buy scam mentioned in a previous episode. Joe's story is on gaming companies and whether or not they have to stoop down to stemming growth in cheats, hacks, and other types of fraud to keep customers coming back. Dave's story comes from his father, he has two stories, one involving a...
Web Application Firewall (noun) [Word Notes]
A layer seven firewall designed to block threats at the application layer of the open system interconnection model, the OSI model.
CyberWire Glossary link: https://thecyberwire.com/glossary/web-application-firewall
Audio reference link: VCF East 9.1 - Ches' Computer Security Adventures - Bill Cheswick. YouTube, 29 Dec. 2015, https://youtu.be/trR1cuBtcPs.
Counterfeit coupons and paybacks. [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
COBIT (noun) [Word Notes]
An IT governance framework developed by ISACA.
CyberWire Glossary link: https://thecyberwire.com/glossary/cobit
Audio reference link: isacappc. How Do You Explain Cobit to Your Dad or Your CEO? YouTube, YouTube, 24 Aug. 2016, https://www.youtube.com/watch?v=EYATVkddIyw.
Ways to make fraud less lucrative.
Brett Johnson, Chief Criminal OfficeratArkose Labs, sits down with Dave to discuss his history & ways to make fraud efforts less lucrative for bad actors. Dave and Joe share some listener follow up from Graham about one way that helps him stay safe against fake URLs. Dave's story is about bomb email attacks, in which someones email is spammed with hundreds to thousands of emails in hopesofhidingimportant information contained in one of the thousands of emails, perhaps from a financial institute. Joe's story is on how the FBI is warning the public to beware of tech support scammers and how...
Security Service Edge (SSE) (noun) [Word Notes]
A security architecturethat incorporatesthe cloudshared responsibility model,a vendor providedsecurity stack,and network peeringwith one or moreof the big content providersand their associatedfiber networks.
CyberWire Glossary link: https://thecyberwire.com/glossary/security-service-edge
Audio reference link: Netskope (2022). What is Security Service Edge (SSE). YouTube. Available at: https://www.youtube.com/watch?v=Z9H84nvgBqw [Accessed 21 Oct. 2022].
New laws and the effect on small businesses.
Kurtis Minder, CEO of GroupSense joins Dave to discuss how ransomware new laws leave small business behind. Dave and Joe share some follow up on Elon Musk after his big purchase and the changes that now follow. Joe's story follows Kalamazoo County residents and a new scam that is popping up, where they are being targeted by scammers through Facebook messenger video calls. Dave shares a story that hits home for him about an email that his father received from Best Buy claiming that he will be charged $500 for Geek Squad services. Our catch of the day comes from...
Domain spoofing (noun) [Word Notes]
A social engineering tactic in which hackers build a malicious domain to mimic a legitimate one.
CyberWire Glossary link: https://thecyberwire.com/glossary/domain-spoofing
Audio reference link: Mission Impossible Fallout - Hospital Scene. YouTube, YouTube, 8 Oct. 2018,
Protecting your identity.
Jameeka Green Aaron, CISO, Customer Identity at Okta, sits down with Dave to speak about their State of Secure Identity report. Dave and Joe share some listener follow up fromRichard, whowrites in to share his thoughts on the discussion of the phishing kit targetingWordPresssites in a previous episode,andalso writes in about last episodesdiscussion on how companies were turning on employees who are overworked with two remote jobs and shares how Equifax was one of these companies. Dave's story follows typosquatting, which is when a scammer registers a website that is very similar to the real one, but will have a...
What's Your Problem trailer.
Were sharing a preview of a podcast we enjoy called Whats Your Problem? Every week on Whats Your Problem, entrepreneurs talk about the future theyre trying to build and the problems they have to solve to get there. How do you build cars that can actually drive themselves? How do you use technology to bring down the cost of airfares? And how do you teach a computer to understand sports? Hosted by former Planet Money host Jacob Goldstein, Whats Your Problem? helps listeners understand the problems really smart people are trying to solve right now. Listen to Whats Your Problem?...
Secure Web Gateway (noun) [Word Notes]
A layer seven firewall that sits in line at the boundary between the internet and an organization's network perimeter that allows security policy enforcement and can perform certain prevention and detection tasks.
CyberWire Glossary link: https://thecyberwire.com/glossary/secure-web-gateway
Audio reference link: Vintage Computer Federation (2015). VCF East 9.1 - Ches Computer Security Adventures - Bill Cheswick. YouTube. Available at: https://www.youtube.com/watch?v=trR1cuBtcPs.
The Malware Mash! [Bonus]
Enjoy this CyberWire classic.
They did the Mash...the did the Malware Mash...
Setting tech limits with a new tool.
Kim Allman from NortonLifeLock, and Carrie Neill from the National PTA, sit down with Dave to discuss the Smart Talk 2.0 tool. Joe and Dave share some follow up on an exciting new position Joe has accepted as the Director of Cyber Science at a company called Harbor Labs. This week, Joe's story comes from listener Beau, who writes in about an ATM scam he fell victim to, sharing how the scammers were spamming his phone with texts, emails, and calls before he figured out what was going on. Dave's story follows the growing new trend of overworking, or having...
Indicators of Compromise (noun) [Word Notes]
Digital evidencethat a systemor networkhas been breached.
CyberWire Glossary link: https://thecyberwire.com/glossary/indicator-of-compromise
Audio reference link: Suicide or Murder? | The Blind Banker | Sherlock, uploaded by Sherlock, 18 October 2015
The difference between shallow fakes vs. deep fakes.
Martin Rehak CEO & Founder from Resistant AI sits down with Dave to discuss how organizations should be worried about shallow fakes vs. deep fakes. Listener Joe writes in with some follow up on Joe's statement about not using legacy OSes, and how it is unfortunately not an option for many. Both Joe and Dave share two stories this week. Dave's first story follows how the Maryland Attorney General, Brian Frosh, is warning residents about purchasing flood-damaged cars. Dave's second story is about how a Japanese woman was fooled by an astronaut imposter who wooed her into buying a "return...
Intrusion Detection System (noun) [Word Notes]
A system that monitors for malicious or unwanted activity, and either raises alerts when such activity is detected or blocks the traffic from passing to the target.
CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-detection-system
Audio reference link: Network Intrusion Detection and Prevention - CompTIA Security+ SY0-501 - 2.1, Professor Messer, uploaded 16 November, 2017
The long con and the flim flam. [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn...
Falling for a phishing kit scam.
Larry Cashdollar from Akamai sits down with Dave to discuss their research, "The Kit That Wants It All: Scam Mimics PayPals Known Security Measures." Joe shares an incredible story regarding impersonation and man sharing his first hand experience with impostors impersonating him to get a job, luckily a good samaritan shared this information before the damage could be done. Dave's story follows raids happening in Cambodia with connection to alleged cyberscam compounds. We have two catches of the day this week, one is from listener Eric who sends in a romance scam email asking for love from one desperate scammer....
MFA prompt bombing (noun) [Word Notes]
Hackers bypass, multifactor authentication schemes by sending a blizzard of spamming login attempts until the accounts owner accepts the MFA prompt out of desperation to make the spamming stop.
CyberWire Glossary link: https://thecyberwire.com/glossary/mfa-prompt-bombing
Audio reference link: movieclips. Sneakers (2/9) Movie Clip - Defeating the Keypad (1992) HD. YouTube, YouTube, 29 May 2011, https://www.youtube.com/watch?v=oG5vsPJ5Tos.
What is cyber quantum computing?
Pete Ford from QuSecure sits down with Dave to discuss what exactly cyber quantum computingis, what it means for the country,and how other countries are using quantum. Dave and Joe share follow up on 2 stories, one BleepingComputer reports, discussingthe teen that hacked Uber and RockstarGameshas been arrested. Second, we share some listener follow up from last episode about medical documents being shared and how easy it would be to falsify your identity to obtain children's documents.Dustin, a Registered Health Information Management Technician,shares his thoughts on the matter. Dave's story follows the FCCsnew plan to require phone companies to block...
Apple Lockdown Mode (noun) [Word Notes]
An optional security mode for macOS and iOS that reduces the attack surface of the operating system by disabling certain commonly attacked features.
Audio reference link: How NSO Groups Pegasus Spyware Was Found on Jamal Khashoggis Fiances Phone, FRONTLINE, YouTube, 18 July 2021.
A cryptoqueen on the run and the cons she got away with.
This week Carole Theriault sits down to interview author Jamie Bartlett on his book, "The Missing Cryptoqueen - The Billion Dollar Cryptocurrency Con and the Woman Who Got Away with It." Dave and Joe share some follow up from listener Dustin who shares an interesting experience he had involving his child's medical documents and how easy it was to obtain them, making scams even easier. Joe's story follows a young teen hacker and how they allegedly were able to hack Uber and Rockstar Games. Dave has got the story on Queen Elizabeth II and how giving condolences could lead you...
Simulated Phishing (noun) [Word Notes]
A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks.
CyberWire Glossary link: https://thecyberwire.com/glossary/simulated-phishing
Audio reference link: Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips. YouTube, YouTube, 19 Apr. 2017.
The rise in fraudulent online content.
Guest Jane Lee, Trust and Safety Architect from Sift joins Dave to discuss the rise of fraudulent online content and fake crypto platforms. Dave and Joe share some listener follow up regarding the debate over "mum" versus "mom" and who speaks which pronunciation more. Dave has two stories this week, one story follows a Twitter thread about a man who shared his story about selling a desk on Facebook and the dangers that come with that. His second story is about how hackers are using a clever new phishing technique to create email threads with multiple responses to trick potential...
Sideloading (noun) [Word Notes]
The processof installingapplicationson a devicewithout the useof officialsoftwaredistribution channels.
CyberWire Glossary link: https://thecyberwire.com/glossary/sideloading
It pays to do your research. [Hacking Humans Goes to the Movies}
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave and Joe are joined on this episode by guest Tracy Maleeff from Krebs Stamos Group you may know her on Twitter as @Infosecsherpa.Dave,Joe and Tracy watch and discuss Tracy;s and Joe's clips on this...
Is inflation affecting the Dark Web?
Dov Lerner, a Security Research Lead from Cybersixgill, sits down with Dave to discuss how inflation hasn't affected the Dark Web, including how the cratering of cryptocurrency may have affected things. Joe and Dave share some follow up from listener Pelle, who writes in about their grandmother who was scammed over the phone for her PIN, among other information, allowing the scammers to get away with much more than money. This week, Joe's story comes from a listener named Kyle, who shared an article about protecting against AiTM (adversary-in-the-middle) phishing techniques that bypass multi-factor authentication. Dave's story is about a...
Microsegmentation (noun) [Word Notes]
A zero trust security technique that isolates application workloads from each other, allowing each one to be protected individually.
CyberWire Glossary link: https://thecyberwire.com/glossary/microsegmentation
Audio reference link: Micro-Segmentation Masterpieces, PJ Kirner, Illumio CTO and Co-Founder, Tech Field Day, YouTube, 13 December 2020.
A travel surge and a host of different scams.
Greg Otto from Intel 471 joins Dave to discuss the findings of their work on "Cybercriminals preying on a travel surge with a host of different scams." Dave and Joe share some interesting listener follow up from Kevin, who writes in about the deepfakes episode and shares his comments on how scary the topic can be, especially with politicians. Dave shares a story about Charles Egunjobi, an auditor with the D.C. government, and how he fell victim to an online love scam costing elderly U.S. citizens $1.9 million. Joe touches on two stories, one being how a woman down in...
Homograph phishing (noun) [Word Notes]
The use of similar-looking characters in a phishing URL to spoof a legitimate site.
CyberWire Glossary link:
Audio reference link: Mission Impossible III 2006 Masking 01, uploaded by DISGUISE MASK, 28 July 2018.
Is there a growing number of public and private partnerships forming?
This week Carole Theriault interviews Chuck Everette from Deep Instinct on public and private partnerships. Dave and Joe share some listener follow up from Rodney who writes in about flexible spending cards and chips inside them as well as sharing technology that helps keep the scammers away. Joe's story follows the trend of fake invoicing, specifically through PayPal and the newest string of scammers getting people to call in about a pending charge. Dave shares a story where people are getting sent fake Microsoft products in hopes to steal information after they plug these products into their computers. Our catch...
Policy Orchestration (noun) [Word Notes]
The deployment of rules to the security stack across all data islands, cloud, SaaS applications, data centers, and mobile devices designed to manifest an organization's cybersecurity first principle strategies of zero trust, intrusion kill chain prevention, resilience, and risk forecasting.
CyberWire Glossary link: https://thecyberwire.com/glossary/policy-orchestration
Audio reference link: The Value of Using Security Policy Orchestration and Automation, by David Monahan, uploaded by EMAResearch, 3 April, 2018
Encore: Sometimes, deepfake victims don't want to be convinced it is fake.
Guest Etay Maor of Cato Networks joins Dave Bittner to discuss the impact that deepfakes will have on our society, we share some fun feedback on the Lightning Rod story edit, Dave's story talks about how some of the most successful and lucrative online scams employ a low-and-slow approach, Joe's story is about 2 Arkansas farmer that scammed investors out of money for wind turbines, but used it for houses, cars and Disney World, and our Catch of the Day is from an unnamed listener with a supposed iPhone invoice. Links to stories: Gift Card Gang Extracts Cash From 100k...
Anti-cheat software (noun) [Word Notes]
Software designed to prevent cheating in video games.
CyberWire Glossary link: https://thecyberwire.com/glossary/anti-cheat-software
Audio reference link: The BIG Problem with Anti-Cheat, by Techquickie, YouTube, 5 June 2020
Scams in the media.
Mallory Sofastaii from Baltimore's WMAR 2 News sits down with Joe to talk about some recent stories on scams she's covered on Matter for Mallory. Dave and Joe share some listener follow up from Robert who writes in about the technical means to protect phones from robocalls. He shares some insight on how carriers up in the north are able to protect phones. Dave shares a twitter thread from Brian Jay Jones, who is an author of biographies of Jim Henson, George Lucas and Dr. Seuss, who shares how he would have almost had his Twitter account hijacked if it...
Pseudoransomware (noun) [Word Notes]
Malware, in the guise of ransomware, that destroys data rather than encrypts.
CyberWire Glossary link: https://thecyberwire.com/glossary/pseudoransomware
Audio reference link: Some Men Just Want to Watch the World Burn | the Dark Knight, by YouTube, 2 November 2019.
Staying away from Medicare scams.
Ari Parker, Lead Advisor from Chapter, discussing "Tips for Avoiding Medicare Scams." Joe and Dave share some follow up from several listeners, who write in about various scams they have encountered. Joe's story is on Facebook messenger and how more and more victims are being claimed to scams and cons through the popular social media app. Dave's story shares disturbing information regarding LinkedIn scams, explaining how North Koreans are stealing resumes off the job site in a new crypto job search scam. Our catch of the day comes from listener Jon who writes in about him receiving $10,500,000.00 and how...
Raj Sarkar, CMO from 1Password and Julien Benichou, Senior Director of Partnership, Strategy, and Execution from Gen.G, join Dave to discuss making the online world a safer place and talk about helping reduce the risk of gamers being the target of hackers. Joe and Dave share some followup from listener Ryan who writes in about the catch of the day from last week's episode, and what struck him most with the scam. Dave's story is on how the government was able to seize millions in stolen cryptocurrency. Joe's story is on a scam involving diamonds and how one scammer was...
Private Network Access (PNA) (noun) [Word Notes]
A browser configuration controlthat preventsaccessing resourceswithina private network.
CyberWire Glossary link:
Audio reference link: Chrome Limits Access to Private Networks, by Daniel Lowrie, ITProTV, YouTube, 19 January 2022.
A return to office means a return to email scams.
Romain Basset, Director of Customer Service, at Vade joins Dave to discuss the threat of initial contact spearphishing emails now that many employees are returning to the office. Dave and Joe share some listener follow up from listener Will who writes in about a troubling debate over if it should be "Joe and Dave" or "Dave and Joe." Will shares a website about ablaut reduplication, sharing his thoughts on the matter. Joe shares some good news following a story of a homeless man being robbed of $400,000 after a GoFundMe scam. Joe's story is on a woman who loses almost...
Extortion scams and the LGBTQ+ community.
This week, Carole Theriault sits down to talk with Paul Ducklin from Sophos on extortion scams targeting LGBTQ+ communities. Joe and Dave share multiple pieces of listener follow up, the first from Matt and Kevin, who write in to share a Wikipedia link regarding N.B. (Nota Bene, or note well) and an ad from 1801. The second one is a write in from someone who is referred to as "P," who shares more information on the Facebook link shortener discussion. Finally, Joe and Dave get a great piece of listener feedback from listener and friend of the show Jonathan, who...
Web 3.0 (noun)
The potential next evolution of the worldwide web that decentralizes interaction between users and content away from the big silicon valley social media platforms like Twitter, Facebook, and YouTube, and towards peer-to-peer interaction using blockchain as the underlying technology.
CyberWire Glossary link: https://thecyberwire.com/glossary/web-30
Audio reference link: What Elon Musk Just Said about Metaverse, Web3 and Neuralink, By Clayton Morris, Crypto News Daily, YouTube. 2 December 2021.
Behavioral science in the world of InfoSec.
Kelly Shortridge, a Senior Principal from Fastly, joins Dave to discuss her talk at RSAC on why behavioral science and behavioral economics matters for InfoSec. Joe's story shares an old scam with a new twist, it's about packages being delivered to you that you never ordered. Dave's story is on how a large scale phishing campaign compromised one million Facebook credentials. Our catch of the day comes from listener Will who was reached out to by someone claiming to be the "Head IMF/EUROPEAN UNION coordinator," who claimed to want to give Will one million dollars in compensation. Links to stories:...
A set of solutions for ensuring that the right users can only access the appropriate resources.
CyberWire Glossary link: https://thecyberwire.com/glossary/identity-and-access-management
Audio reference link: The Wrath of Khan (1982) Kirks Response, by Russell, YouTube, 16 May 2017.
Human errors and why they're made.
Josh Yavor, CISO at Tessian, joins Dave to discuss a new report they released on cyber mistakes and why employees make them. Joe and Dave share a listener follow-up from Jon, who writes in about mental illness, a serious epidemic taking over the nation. Jon shares interesting tidbits on social media linking to mental illness and the impact it's creating. Dave's story is on hackers trying an old trick with new mechanics: impersonating well known companies. This time, hackers are posing as Quickbooks. Joe's story describes how LinkedIn users are being targeted yet again. These fraudsters are now creating significant...
Abstraction layer (noun) [Word Notes]
A process of hiding the complexity of a system by providing an interface that eases its manipulation.
CyberWire Glossary link: https://thecyberwire.com/glossary/abstraction-layer
Audio reference link: What Is Abstraction in Computer Science, byCodeExpanse, YouTube, 29 October 2018.
The top 10 brand names most likely used in a phishing scheme.
Omer Dembinsky, a Data Research Manager from Check Point Research, joins Dave to discuss their Brand Phishing Report for Q1 2022 and how DHL, Maersk, and AliExpress were all in the top 10 list. Joe and Dave have some listener follow up from the 200th episode discussing how many redirects are too many. Joe has two stories this week, the first on how Instagram (Meta Platforms) was hit with multiple lawsuits from the Beasley Allen Law Firm over exploiting young people for money. The second story is about social media addiction, and how companies are making the platforms deliberately addictive....
Identity Fabric (noun) [Word Notes]
A set of services for managing identity and access management, or IAM across all of an organization's data islands.
CyberWire Glossary link: https://thecyberwire.com/glossary/identity-fabric
Audio reference link: Leadership Compass Identity Fabrics - Analyst Chat 126, by KuppingerCole, YouTube, 30 May 2022.
North Korea and a global cyber war.
Carole Theriault interviews author and journalist Geoff White on his upcoming book, "The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War." Joe and Dave share some listener follow up from listener John, regarding a T-mobile breach and how he was notified throughathird-partymonitoringserviceandnotT-Mobile. Joe's story shares how hackers are also keeping an eye on the upcoming holidays and describes how a Father's Day beer contest from Heineken was a scam. Dave's story is on police warning against a rise in voice phishingas they have made 2000 arrests since the crackdown on social engineering and business email...
Intrusion Kill Chain (noun) [Word Notes]
A cybersecurity first principle strategy focused on disrupting known adversary activity at one of several phases of an attack sequence.
CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-kill-chain
Audio reference link:"Cybersecurity Days: A Network Defender's Future," by Rick Howard, Integrated Cyber Conference, Integrated Adaptive Cyber Defense (IACD), YouTube, 26 October 2018.
The great resignation and data exposure challenges.
Abhik Mitra, Head of Portfolio Strategy at Code42, shares the findings on Code 42's 2022 Data Exposure Report (DER). Joe breaks down a story that follows a couple in Westlake, where the woman was called about a supposed warrant out for her arrest, and how she was told that she needs to provide thousands of dollars in order for the police to not come and arrest her. The story describes how her fast-thinking husband was able to figure out the scam and get in touch with real authorities. Dave's story delves into Facebook and a phishing scam that ended in...
Identity Orchestration (noun) [Word Notes]
A subset of security orchestration, the management of identities across an organization's set of digital islands.
CyberWire Glossary link: https://thecyberwire.com/glossary/identity-orchestration
What to look out for with scan-and-exploit cyber attacks.
Andrew Morris, founder and CEO of GreyNoise Intelligence, joins Dave to discuss the explosive increase in opportunistic scan-and-exploit cyber attacks, and what security analysts can do to combat it. Joe and Dave share some follow up from listener Mark, whose son got scammed out of 150 million dollars in a game he plays. Dave's story is on ChromeLoader, which is a pervasive and persistent browser hijacker that modifies your settings and redirects you to more advertisement websites. Joe has two stories: one on a family of con artists found to be scamming gas station patrons that attacked an individual after...
Diamond Model (noun) [Word Notes]
A cyber threat intelligence analysis model that defines relationship pairs between four core components in the shape of a diamond of adversary playbook activity across the intrusion kill chain: the adversary, their capability, the infrastructure used or attacked, and the victim.
CyberWire Glossary link: https://thecyberwire.com/glossary/diamond-model
Audio reference link:Diamond Presentation v2 0: Diamond Model for Intrusion Analysis Applied to Star Wars Battles, Andy Pendergrast and Wade Baker, ThreatConnect, YouTube, 4 February 2020.
Is ransomware getting too fast?
Ryan Kovar, distinguished security strategist at Splunk and leader of SURGe, discusses the speed of ransomware, as well as the first-of-its-kind research the SURGe team is releasing on how quickly the top ransomware families can encrypt 100,000 files. Joe and Dave share some listener follow up from listener Josh. Joe's story follows the baby food shortage and warns about the dangers of sellers scamming people through online purchases of formula. Dave's story is on how IT members can identify the three most dangerous types of internal users and what businesses need to look out for. Our catch of the day...
MITRE ATT&CK (noun) [Word Notes]
A knowledge base of adversary tactics, techniques, and procedures established and maintained by the MITRE Corporation.
CyberWire Glossary link: https://thecyberwire.com/glossary/mitre-attck
Audio reference link:Attack Frameworks - SY0-601 CompTIA Security+ : 4.2, Professor Messer, YouTube, 29 April 2021.
Combating social engineering.
Ann Johnson, Security Executive at Microsoft and host of the afternoon cyber tea podcast, joins Dave to discuss social engineering and ways to help prevent it, as well as the different types of social engineering she's seen from her experience, Dave and Joe share some listener follow up about macros in Office documents, Joe has two stories this week, one is on how Seth Green lost over 300K in NFTs, and the other is on a new scam with Chatbots on phishing emails, Dave's story is on how a California man was arrested for siphoning money, our catch of the...
DevOps (noun) [Word Notes]
The set ofpeople,process,technology,and cultural normsthat integratessoftware developmentand IT operationsintoa system-of-systems.
CyberWire Glossary link:
Audio reference link: "10+ Deploys Per Day: Dev and Ops Cooperation at Flickr," by John Allspaw and Paul Hammond, Velocity 09, 25 July 2009.
Voice authentication taking hold.
Mark Horne, Chief Marketing Officer at Pindrop, joins Dave to discuss voice authentication, Dave and Joe have some follow up about business phishing (BECs) from listeners Nick and Michael, Joe's story has a romance scam where criminals pretend to be celebrities, and Dave's story is about the increase in phishing downloads due to cyber criminals using SEO to leverage their lures, and we've got 2 catches of the day for you from listener Peter on free Dyson vacuums and one from Joe with a plea from Vladimir Putin asking for money. Links to stories: Keanu Reeves I know its not...
MITRE ATT&CK (noun) [Word Notes]
A knowledge base of adversary tactics, techniques, and procedures established and maintained by the MITRE Corporation.
CyberWire Glossary link: https://thecyberwire.com/glossary/mitre-attck
Audio reference link:Attack Frameworks - SY0-601 CompTIA Security+ : 4.2, Professor Messer, YouTube, 29 April 2021.
Business phishing: Who's biting the bait?
Matthew Connor, Founder of Conscious Security, discusses a study he conducted while working with F-Secure, the study targeted 82,402 individuals with one of four phishing emails, he goes into the findings of the study and certain insight this study has brought, Joe's story is on the popular app Zelle and how users are loosing thousands of dollars due to scams, and Dave's story is on three big tech giants announcing plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance, our catch of the day comes from listener Areus on text messages exchanged between two...
Waterfall Software Development Method (noun) [Word Notes]
A software development model that relies on a series of sequential steps that flow into each other, like a series of waterfalls.
CyberWire Glossary link: https://thecyberwire.com/glossary/waterfall-software-development
Audio reference link: Creating Video Games - Agile Software Development, by Sara Verrilli, MIT OpenCourseWare, YouTube, 10 December 2015
Encore: The attackers keep coming every single day.
Guest Andrew Rubin, CEO and co-founder of Illumio, joins Dave to discuss Zero Trust, Dave and Joe share some follow-up from several listeners including one with a variation on prison pen pals we discussed some time ago and some advice on Dave's Google Authenticator issue he mentioned last week, Dave's story is about non-delivery scams, Joe's got a story on Imperial Kitten doing some catphishing, and our Catch of the Day comes from listener Timothy about with a sextortion campaign. Links to stories: 5 reasons non-delivery scams work I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social...
Agile Software Development Method (noun) [Word Notes]
A software development philosophy that emphasizes incremental delivery, team collaboration, continual planning, and continual learning
Audio reference link: https://thecyberwire.com/glossary/agile-software-development
"Velocity 09: John Allspaw and Paul Hammond, "10+ Deploys Pe" John Allspaw and Paul Hammond, 2009 Velocity Conference,
YouTube, 25 June 2009.
The dark side of business email attacks.
John Wilson, Senior Fellow Threat Research at Agari by HelpSystems, discusses business email compromise attacks, Joe shares three stories on different types of scams, the first being a mystery shopper scam, where the scammer tries to get you to buy gift cards at a grocery store, the second one is on, scammers posing as DTE Energy representatives, seeking bill payments, and the final one is about someone showing up to a victims door and demanding money to collect Money owed for a family member, Dave's story is on criminals who are using apple pay to scam their way into going...
Pegasus (noun) [Word Notes]
The flagship product of the controversial Israeli spyware vendor, the NSO Group, use for remotely hacking mobile devices, most notably iPhones, via zero-click exploits.
CyberWire Glossary link:https://thecyberwire.com/glossary/pegasus
Audio reference link:
Cybersecurity beyond the Headlines: A Conversation with Journalist Nicole Perlroth, Kristen Eichensehr, and Nicole Perlroth, University of Virginia School of Law,
YouTube, 14 February 2022
Cons through and through. [Hacking Humans Goes to the Movies]
Thanks for joining us for the latest episode of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave and Joe are joined on this episode by Perry Carpenter, host of 8th Layer Insights podcast and chief evangelist at KnowBe4. Dave,Joe and Perry watch and discuss Dave's and Perry's clips on this...
On the front lines of fraud protection.
Pete Barker, director of Fraud and Identity at SpyCloud offers critical insights on the alarming evolution of fraud and how consumers and enterprises can protect themselves, Joe and Dave share some listener follow up from listener Micah on a catch of the day from last week, Joe's story is on a woman who was scammed out of $15,000 and shares her experience on how the hackers were able to gather so much info and money from her, Dave's story is on an android malware scheme that allows cybercriminals to intercept customer calls to their banks, our catch of the day...
An open source email authentication protocol designed to prevent emails, spoofing in phishing, business email compromise or BEC, and other email-based attacks.
Magic, illusion, and scams, oh my.
Brian Brushwood a former magician, joins Perry Carpenter, host of 8th Layer Insights, to talk about his new podcast, The Worlds Greatest Con, and how magic led him to discussing cons and scams on a podcast, Dave shares a personal story on login frustration, Joe's story is on a Cash App breach being confirmed after an employee was able to access a US customers data, and Dave's story is on inauthentic LinkedIn profiles and how fake accounts are requesting to connect when in fact the accounts are fake, our catch of the day comes from listener Richard who shares a...
Shields Up (noun) [Word Notes]
A condition announcedby theUSCybersecurityand InfrastructureSecurity Agency(CISA) to draw attentionto a temporary periodof high alert,associated withexpectationof a connectedwave of cyberattackspromptedby eithera widespread vulnerabilityoran unusually activeand capablethreat actor.
Online threats turned real world danger.
Laura Hoffner fromConcentric, joins Dave to discuss online dangers and how they can very easily turn into real world dangers, Laura explains about the popular social media platform TikTok and how users are being stalked and shares one story in particular, Joe and Dave share some listener follow up, Joe's story is centered around cryptocurrency scams and how they are on the rise, and Dave's story is on the malware BABYSHARK and the internal process of investigation as well as lessons learned, our catch of the day comes to us from listener Andre, who shares a scam from a Commanding...
Software Assurance Maturity Model (SAMM) (noun) [Word Notes]
A prescriptiveopen sourcesoftware securitymaturity modeldesignedto guide strategiestailored toan organizationsspecific risks.
Robocall scams and the psychology surrounding them.
Alex Quilici, Robocall Scam Expert of YouMail, discusses how unwanted robocalls are becoming more targeted and the psychology behind some of the worst calls, Joe and Dave share some listener follow up, Joe's story comes from listener Derek who shares how his aunt avoided a scam which wasn't very obvious at first, and Dave's story is about how the FBI released its annual Internet Crime Complaint Center Internet Crime Reportfor 2021, our catch of the day comes from listener John who shares how he got a new interesting Instagram follower. Links to stories: FBI Releases the Internet Crime Complaint Center...
Universal 2nd Factor (U2F) [Word Notes]
An open standard for hardware authentication tokens that use the universal serial bus, or USB, near-field communications, or NFCs, or Bluetooth to communicate one factor in a two-factor authentication exchange.
Cons: the short one and the first one. [Hacking Humans Goes to the Movies]
Thanks for joining us for the latest episode of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Rick's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab a...
What's behind Buy Now, Pay Later scams?
Jim Ducharme, COO of Outseer joins Dave to discuss buy now pay later scams, Joe and Dave share some listener follow up, Joe has an interesting story about an Unchained Capital partner and how they were hit with a social engineering attack, and Dave's story is on the FIDO alliance, our catch of the day comes from listener Matt, who shares how he won 20.5 million and why he wasn't falling for it. Links to stories: A Big Bet to Kill the Password for Good Unchained Capital partner hit with social engineering attack Have a Catch of the Day you'd...
adversary group naming (noun) [Word Notes]
A cyber threat intelligence best practice of assigning arbitrary labels to collections of hacker activity across the intrusion kill chain.
Data privacy: is it black and white when it comes to your kids?
UK Correspondent Carole Theriault returns talking with guest David Ruiz from Malwarebytes about parents spying on their kids, Joe and Dave share some listener follow up, Joe's shares a story about the top 5 strangest social engineering tactics, Dave's got a story from one of our listeners, Ricky, about best gift card sales practices at retail chains, and our Catch of the Day comes from listener Michael with a well-crafted email full of red flags when you read into it. Links to stories: Rounding up the Past Year's Strangest Social Engineering Tactics Have a Catch of the Day you'd like...
BSIMM (noun) [Word Notes]
A descriptive model that provides a baseline of observed software security initiatives and activities from a collection of volunteer software development shops.
Technology's effects on students during the pandemic.
Guest Justin Reilly, the CEO of Impero, stops by to talk with Dave Bittner about the mental health of kids in the digital age, Dave's got a story about large-scale phishing campaigns targeting the Indian Electric Vehicle consumers and businesses, Joe's story is from Vade sharing the top 20 most impersonated brands in phishing, and our Catch of the Day comes from Bob, a friend and former coworker of Joe's who received a smishing attempt via text from a "friend" and how he expertly turned the tables on the scammer. Links to stories: Unearthing the Million Dollar Scams Targeting the...
OWASP vulnerable and outdated components (noun) [Word Notes]
Software libraries, frameworks, packages, and other components, and their dependencies (third-party code that each component uses) that have inherent security weaknesses, either through newly discovered vulnerabilities or because newer versions have superseded the deployed version.
Phishing seems to be cyclical and thematic.
Guest Jeff Nathan, the Director of Threat research at Norton Labs, joins Dave to discuss their most recent Consumer Cyber Safety Pulse Report, Joe and Dave share some follow up from listeners Daniel and Neville who helped the guys with a phrase from a recent Catch of the Day, Joe shares a story about getting around MFA using remote access software, Dave's story is about a jobfishing scam from a fake design firm, and our Catch of the Day is from listener Randy about an unsubscribe email he received. Links to stories: Devious phishing method bypasses MFA using remote access...
OWASP software and data integrity failures (noun) [Word Notes]
Code and data repositories that don't protect against unauthorized changes.
A blurring of lines between nation states and criminals.
Guest Joshua Neil, the Chief Data Scientist for SecurOnix, joins Dave to talk about evasive techniques and identifying nation-state kill chains, Joe shares an update on his identity theft experience, the guys share some follow up from listener Benji who shares experiences of scammers changing the name on gmail accounts at the synagogue where he works saying they are the rabbi and emailing congregants asking for gift cards, Dave's story is about Apple's AirTags and how they led to the discovery of a German intelligence agency, Joe's got a story about the City of Baltimore falling victim to a phishing...
An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers.
Hustling the hustlers. [Hacking Humans Goes to the Movies]
Thanks for joining us for the latest episode of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Dave's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab a...
Vulnerabilities will be found.
Guest Deral Heiland from Rapid7 talks with our UK Correspondent Carole Theriault about the state of IOT, Joe shares a personal story about bank checks and a debit card received at his home that were in his name but not from his bank, Dave's got a story from an email he received from the PR department at TikTok about romance scams, and our Catch of the Day is from listener John about a friend who was harassed on Facebook to click a link and how John addressed it. Links to stories: #BeCyberSmart: Tips to protect your heart and wallet Have...
OWASP security logging and monitoring failures (noun) [Word Notes]
The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system.
If you wish for peace, prepare for cyberwar.
Guest Nick Shevelyov, Chief Security Officer for Silicon Valley Bank. joins Dave sharing some personal history around security, and discussing his book "Cyber War and Peace,"Dave and Joe have some follow up from an anonymous listener about mobile device management issue at their work, Dave has a story where a woman was scammed out of thousands while someone contacted her to "help" with a problem with their bank, Joe's got a few stories about Facebook and ad scams, and our Catch of the Day is from listener Jonathan with a Geek Squad subscription scam. Links to stories: They Were Calling...
OWASP identification and authentication failures (noun) [Word Notes]
Ineffectual confirmationof a user's identityor authenticationin session management.
How to talk your way in anywhere. [Hacking Humans Goes to the Movies]
Thanks for joining us for the latest episode of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Dave's and Rick's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab a...
The ransomware game has evolved.
Guest Allan Liska from Recorded Future joins Dave to discuss the evolution of ransomware and his new book "Ransomware: Understand. Prevent. Recover," Joe shares a question from listener Joan about an email her father received from "MasterCard Fraud Department" asking photo/video and the last 4 of his Social Security Number, Joe has a story about scams to watch out for during tax time in the US, Dave's story is about ransomware operators trying to recruit company insiders, and our Catch of the Day is from listener Michael who had some acquaintances fall for a scam. Links to stories: Latest IRS...
OWASP broken access control (noun) [Word Notes]
Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls.
Useful ransomware protection for you.
Guest Roger Grimes, Data Driven Defense Evangelist at KnowBe4, joins Dave to discuss his new book "Ransomware Protection Playbook," Dave has a story about a Meta (Facebook) group with a cryptocurrency scam that promises "a new way to wealth," Joe's story has tales of account takeover attacks of high-profile gamers, and our Catch of the Day is from listener Jesse about a text they received from "Facebook" about a $600,000 windfall. Links to stories: We Infiltrated a Crypto Scam Network Thats Hosted by Meta EA Confirms Account Takeover Attacks Compromising High-Profile Gamers via Phishing and Social Engineering Attacks Have a...
The state of a web application when it's vulnerable to attack due to an insecure configuration.
The perfect environment for ATOs (account takeovers) to breed.
Guest Jane Lee, Trust and Safety Architect at Sift, joins Dave to talk about the Digital Trust and Safety Index, Joe and Dave share some follow up from a listener, Ben, with a suggestion as an alternative to prevent clicking on those bonus phishing scams, Joe's story is about fake ticket scams for the Kansas City Chiefs NFL playoff game against the Pittsburgh Steelers, Dave's got a story about scams on Apple's App Store, and our Catch of the Day is from an anonymous listener about an email they received from their "IT department" requesting credentials (including password) when getting...
OWASP insecure design (noun)
A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures.
The only locks you should pick are your own.
Guest Tom Tovar, CEO and Co-Creator of AppDome,joins Dave and Joe to discuss the results of a recent consumer survey, Dave's story is based on a tweet where the user's child's middle school had some unintended consequences of a phishing scam training, Joe has two stories: one on QR code scammers on parking kiosks, and one about a book publishing phishing scam, and our Catch of the Day is a message that purports to come from the USPS sent in by listener William about a missed package delivery. Links to stories: Tweet about phishing simulation gone wrong. QR code scammers...
Log4j vulnerability (noun) [Word Notes]
An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information.
Changing the game on ransomware.
Guest Adam Flatley, Director of Threat Intelligence at Redacted, talks with Dave about "the only way to truly disrupt the ransomware problem is to target the actors themselves," Joe shares some statistics that will help you stay up-to-date on recent cybersecurity trends, Dave's story is about criminal indictments in a case of a Maryland company buying lead paint victims settlements for a fraction of their value, and our Catch of the Day comes from listener Brady about a slick mail campaign they received from "Amazon." Links to stories: 22 cybersecurity statistics to know for 2022 Criminal indictments filed against Maryland...
OWASP injection (noun) [Word Notes]
A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality.
Identity "protection" and a pigeon drop. [Hacking Humans Goes to the Movies]
Thanks for joining us for Episode 5 of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Dave's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your popcorn...
Encore: zero trust (noun) [Word Notes]
A security philosophy that assumes adversaries have already penetrated the digital environment and tries to reduce the potential impact by limiting access by people, devices, and software to only the resources essential to perform their function and nothing more.
The CyberWire: The 12 Days of Malware.
Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game!Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of...
Hustling the hustler and three-card Monte. [Hacking Humans Goes to the Movies]
Thanks for joining us for Episode 4 of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Rick's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your popcorn...
Even if a cause moves you, do your due diligence.
Guest Amaya Hadnagy, Media Support for the Social-Engineer, LLC, joins Dave to share information about charity scams, Dave shares a personal story about some safety triggers he recently put into place to help protect his elderly parents financial accounts from scams, Joe's story comes from a listener Alice about someone scamming female Indian news anchors about jobs in Harvard University's journalism department, and our Catch of the Day comes from an imposter of Navy Federal Credit Union via listener Chris. Links to stories: The Harvard Job Offer No One at Harvard Ever Heard Of Have a Catch of the Day...
Conmen come in many flavors, all motivated by greed. [Hacking Humans Goes to the Movies]
Thanks for joining us for our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Dave's and Rick's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your popcorn and head to...
OWASP cryptographic failures (noun) [Word Notes]
Code that fails to protect sensitive information.
The 3 M's: Minimize, monitor and manage.
Guest Adam Levin, security expert and podcast host of "What the Hack with Adam Levin," joins Dave to share advice and discuss some experiences shared on his podcast, Dave and Joe have some listener follow up from David with clarification on 2FA, Joe's story is about a job scam for positions at a video game company, Dave's got a story about how tools like Google and smartphones affect our memories and how we judge our own abilities, our Catch of the Day is from a listener named Chris with a fake email from Amazon about a TV his father "purchased,"...
account takeover prevention (noun) [Word Notes]
The prevention of the first part of an intrusion kill chain model exploitation technique, where the hacker steals valid logging credentials from a targeted victim.
Scams abound this time of year.
Guest Dave Senci of Mastercard's NuData Security talks about the security issues with remote access and coaching frauds, Dave's got a story about receiving a "Best Buy gift card" and USB mailing, Joe's story is from the Better Business Bureau about their "12 Scams of Christmas," and our Catch of the Day is from our listener Henry who received an email that appeals to one's faith. Links to stories: PSA: If You Get a 'Best Buy Gift Card' on a USB Drive in the Mail, Don't Plug It Into Your PC The Naughty List: BBB's 12 Scams of Christmas Have...
threat hunting (noun) [Word Notes]
The process of proactively searching through networks to detect and isolate security threats, rather than relying on security solutions or services to detect those threats.
Do you really want that device to be a connected device?
Guest Jay Radcliffe from Thermo Fisher Scientific shares his advice and security concerns with smart devices since the holiday gifting season is around the corner, Joe and Dave have some listener follow up about 2FA, Joe's got a story about the Robinhood breach, Dave's story is about numerous LinkedIn requests from HR specialists with GAN images (Generated Adversarial Network), and our Catch of the Day is from listener Michael who was just trying to sell his car and then he got a text message. Links to stories: Data Breach of Robinhood Trading Platform Blamed on Social Engineering, Similar to 2020...
vulnerability management (noun) [Word Notes]
The continuous practice of identifying classifying, prioritizing, remediating, and mitigating software vulnerabilities within this.
Misdirection and layering with a con in the middle. [Hacking Humans Goes to the Movies]
Thanks for joining us for our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Rick's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your popcorn and join us...
software bill of materials (SBOM) (noun) [Word Notes]
A formal record containing the details and supply chain relationships of various components used in building software.
A good amount of skepticism helps protect you online.
Guest Blake Hall, CEO and founder of a company called ID.me, discusses protecting your identity online, Dave and Joe have some follow up from listener Rafa on 2FA he uses, Dave has a story about bots that take advantage of 2FA to break into your payment accounts, Joe's story is about scams carried out through QR codes, and our COTD comes from listener Wyatt about an award-winning email from Warren Buffett. Links to stories: The Booming Underground Market for Bots That Steal Your 2FA Codes Fake Sugar Daddies are cheating on Instagram Have a Catch of the Day you'd like...
zero trust (noun) [Word Notes]
A security philosophy that assumes adversaries have already penetrated the digital environment and tries to reduce the potential impact by limiting access by people, devices, and software to only the resources essential to perform their function and nothing more.
Let's go to the movies. [Hacking Humans Goes to the Movies]
Welcome to a fun new project by the team who brings you Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series. They view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this first episode, Dave, Joe and Rick are watching Dave's and Joe's picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your popcorn and join us for a trip to...
OT security (noun) [Word Notes]
Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations.
Cybersecurity awareness should be a year-round activity.
Guest Dr. Jessica Barker from Cygenta talks with UK correspondent Carole Theriault about how every month should be cyber awareness month, Joe has a story about password spraying (kind of like a credential stuffing attack), Dave's story is about scams carried out through QR codes, and our COTD comes from listener Wyatt about an award-winning email from Warren Buffett. Links to stories: Microsoft warns over uptick in password spraying attacks Scammers are emailing waves of unsolicited QR codes, aiming to steal Microsoft users' passwords Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com...
cybersecurity skills gap (noun) [Word Notes]
The difference between organizational employee job requirements and the available skillsets in the potential employee pool.
The Malware Mash!
Good grammar is essential for business email compromise.
Guest Brandon Hoffman from Intel 471 is back sharing some research on business email compromise, Dave's got a story on buying collectable sneakers and how bots make that really hard to do, Joe has two stories with different spins on romance scams: one notes they are the most prevalent scams targeting older adults; and the second is about a group of Nigerian men preying on women through money scams, and our Catch of the Day comes from reddit user steev p (Steve P) about a benefit scam from an impersonated Facebook friend. Links to stories: Bots have made it nearly...
digital transformation (noun) [Word Notes]
The use of technology to radically improve the performance or reach of the business.
Joekens, Bittnercoins, and the serious impacts of spam analysis.
UK Correspondent Carole Theriault returns with an interview with Paul, a spam analyst, Dave and Joe have some follow-up, Joe revisits NFTs with rug pull scams, Dave's story is about phishers using a symbol in place of the Verizon logo, and our Catch of the Day comes from listener Rafael in Spain about a Steam account takeover scam attempt his son experienced on Discord.
Links to stories:
Phishers Get Clever, Use Math Symbols for Verizon Logo
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
bulletproof hosting (noun) [Word Notes]
Cloud services intended for cyber criminals and other bad actors designed to obstruct law enforcement and other kinds of government investigations, and to provide some protection against competitors.
Physical pen testing: You've got to be able to think on your feet.
Guest Marina Ciavatta CEO at Hekate talks with Dave about some of her social engineering and pen testing experiences, Dave's got a story is about getting your family to use a password manager, Joe's story is about NFTs (non-fungible tokens) and scams that have arisen around them, and our Catch of the Day is from listener William and it turns out Dave is in trouble with the IRS again on this one. Links to stories: How to Get Your Family to Actually Use a Password Manager THE NFT SCAMMERS ARE HERE Have a Catch of the Day you'd like to...
endpoint security (noun) [Word Notes]
The practice of securing a device that connects to a network in order to facilitate communication with other devices on the same or different networks.
Measuring security awareness proactively.
Guest Zach Schuler of NINJIO joins Dave to discuss measuring the effectiveness of awareness training, Joe's got a story about a school nurse who was scammed with a "Bank of America" Zelle transaction, Dave's story is about a phone scam a therapist received from a local "Sheriff's office," and our Catch of the Day is from Hacking Humans Senior producer Jennifer Eiben about some pricey potatoes and chocolate chip cookies she "ordered." Links to stories: School nurse falls victim to scam targeting Bank of America and Zelle customers 'He held me hostage with no gun but with his words': The...
Executive Order on Improving the Nation's Cybersecurity (noun) [Word Notes]
President Biden's May, 2021 formal compliance mandate for federal civilian executive branch agencies, or FCEBs, to include specific shortterm and longterm deadlines designed to enhance the federal government's digital defense posture.
Capture the Flag, Black Badges and social engineering tricks.
Guest Chris Kirsch, DefCon 25 Social Engineering Capture The Flag winner and Co-Founder and Chief Executive Officer at Rumble, talks with our UK Correspondent Carole Theriault about his experience at the event, Dave's story is about scammers bypassing social engineering and going directly to pitch employees to install ransomware, Joe's got a story about travel scams he came across while planning a recent trip, our Catch of the Day comes from Reddit about some text messages which cause emotions to flare. Links to stories: Nigerian Threat Actors Skip Social Engineering, Make Direct Pitches to Employees To Install Ransomware on Company...
lateral movement (noun) [Word Notes]
Phase of a typical cyber adversary group's attack sequence, after the initial compromise and usually after the group has established a command and control channel, where the group moves through the victims network by compromising as many systems as it can, by looking for the data, it has come to steal or to destroy.
They won't ask for sensitive information over the phone.
Guest Alex Hinchliffe, Threat Intelligence Analyst from Unit 42 at Palo Alto Networks joins Dave to talk about some of his team's ransomware research, Joe's story is about a new jury duty scam that is out there (hint, they will not call you on the phone), Dave's got a story about Microsoft rolling out passwordless login options, our Catch of the Day comes from a listener named Lucio who shared several social engineering ploys with us. Links to stories: Brand New Jury Duty Scam You Can Now Ditch the Password on Your Microsoft Account Have a Catch of the Day...
common vulnerabilities and exposures (CVE) (noun) [Word Notes]
A public list sponsored by the US government and designed to uniquely identify, without the need to manually cross- reference, all the known software vulnerabilities in the world.
Sometimes, deepfake victims don't want to be convinced it is fake.
Guest Etay Maor of Cato Networks joins Dave Bittner to discuss the impact that deepfakes will have on our society, we share some fun feedback on the Lightning Rod story edit, Dave's story talks about how some of the most successful and lucrative online scams employ a low-and-slow approach, Joe's story is about 2 Arkansas farmer that scammed investors out of money for wind turbines, but used it for houses, cars and Disney World, and our Catch of the Day is from an unnamed listener with a supposed iPhone invoice. Links to stories: Gift Card Gang Extracts Cash From 100k...
dead-box forensics (noun) [Word Notes]
A forensic techniquewherepractitionerscapturean entire imageof a systemand analyze the contentsoffline.
Collaboration platforms are a gateway for ransomware attacks.
Guest Gil Friedrich from Avanan joins Dave to discuss how collaboration platforms, like Microsoft Teams, Slack and others, opened up a new gateway to ransomware attacks, Joe's story comes from listener Matt shared as a COTD candidate that's a phishing scam, Dave's got a story about China and Russia trying to turn your employees into spies, and our Catch of the Day comes from a listener named Iain with a timely story "from" Afghanistan. Links to stories: Guarding Against the Chinese Domain Name Email Scam The FBIs warning to Silicon Valley: China and Russia are trying to turn your employees...
cybersecurity maturity model certification (CMMC) (noun) [Word Notes]
A supply chain cybersecurity accreditation standard designed for the protection of controlled unclassified information that the U.S. Department of Defense, or DoD, will require for all contract bids by October, 2025.
Don't blindly test your colleagues.
Guest Javvad Malik from KnowBe4 shares his thoughts on bad security training with the CyberWire's UK correspondent Carole Theriault, Dave's story is about deepfake technology being used for business cases, Joe's gives a synopsis of Proofpoint's most recent State of the Phish report, our very first Catch of the Day about Discord comes from a listener named Henning.
Links to stories:
Deepfakes Are Now Making Business Pitches
Proofpoint's 2021 State of the Phish Report
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
incident response (noun) [Word Notes]
A collection of people, process, and technology that provides an organization the ability to detect and respond to cyber attacks.
Companies don't want their customers to be victims of fraud.
GuestBrandon Hoffman from Intel 471 joins Dave to talk about how cybercriminals are going after large retail and hospitality companies, Joe shares some advice for college students to avoid scams and ID theft, Dave got an edit to the tale of the lightning rod, our Catch of the Day comes from listener Shannon who received a beneficiary scam email. Links to stories: BBB Scam Alert: 6 Scams for College Students to Avoid BBB Tip: 9 Tips for college students to avoid ID theft Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or...
script kiddies (noun) [Word Notes]
Cybercriminals who lack the expertise to write their own programs use existing scripts, code, or tools authored by other more skilled hackers.
Effective cybersecurity training has to be meaningful to employees.
GuestJann Yogman, entertainment industry veteran and writer of Mimecast Awareness Training, joins Dave to share his thoughts on the ransomware epidemic and the cybersecurity awareness training problem, Joe's got a story about scams targeting families eligible for the IRS' child tax credit, Dave's story is about scams and fraud experienced by US military veterans, personnel, and their families, our Catch of the Day comes from listener Sawyer Dicky on Reddit who insists he's not the right guy. Links to stories: IRS warns of child tax credit scams US military personnel lost over $822 million to scams since 2017 Have a...
sandbox (noun) [Word Notes]
An isolatedandcontrolledset of resourcesthat mimicsreal world environmentsand usedto safely executesuspicious codewithout infectingor causing damageto the host machine,operating system,or network.
The attackers keep coming every single day.
Guest Andrew Rubin, CEO and co-founder of Illumio, joins Dave to discuss Zero Trust, Dave and Joe share some follow-up from several listeners including one with a variation on prison pen pals we discussed some time ago and some advice on Dave's Google Authenticator issue he mentioned last week, Dave's story is about non-delivery scams, Joe's got a story on Imperial Kitten doing some catphishing, and our Catch of the Day comes from listener Timothy about with a sextortion campaign. Links to stories: 5 reasons non-delivery scams work I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social...
security orchestration, automation, and response (SOAR) (noun) [Word Notes]
A stack of security software solutions and tools that allow organizations to orchestrate disparate internal and external tools which feed pre-built automation playbooks that respond to events or alert analysts if an event meets a certain threshold.
Acceleration of our digital lives and impacts on cybercrime.
Guest Darren Shou, Chief Technology Officer of NortonLifeLock, shares insight on some of the scams he and his colleagues have been tracking, Joe and Dave share some follow up from listener Robert about free learning resources, Joe's story comes from listener Sedric who is new to real estate Investing and was looking for a hard money loan, rather than a story, Dave continues the conversation on passwords and multi-factor authentication with comments from listener Coinsigliere, and our Catch of the Day, well "catches" of the day since we have two, include one from Pryce on a smishing scam and the...
personally identifiable information (PII) (noun) [Word Notes]
A term of legal art that defines the types of data and circumstances that permits a third party to directly or indirectly identify an individual with collected data.
What are our devices doing to our compassion?
GuestDr. Charles Chaffin, author of the book "Numb: How the Information Age Dulls Our Senses and How We Can Get them Back," joins Dave this week, we have some listener follow up from John with a tip on ATM security, Dave's got a two-fer this week including a useful site called www.shouldiclick.org and a Twitter report on multi-factor authentication thanks Rachel Tobac for calling our attention to it, Joe's story is from Microsoft on trends in tech support scams, and our Catch of the Day is from a listener on Twitter called @DoNoEvilMan about a payout from the Federal Reserve...
secure access service edge (SASE) (noun) [Word Notes]
A security architecturethat incorporates the cloudshared responsibility model,a vendor provided security stack, an SD-WANabstraction layer,and network peeringwith one or moreof the big content providersand their associatedfiber networks.
It's ok to be trusting, just be careful.
GuestGil Friedrich from Avanan joins Dave to talk about how bad actors are infiltrating organizations using collaboration apps, we have two pieces of listener follow up from Michael and Tobias, Joe has a story about fake information, Dave's story is about message spam on LinkedIn, and our Catch of the Day is from a listener named Lucio with a questionable Reddit communication. Links to stories: Propaganda as a Social Engineering Tool Annoying LinkedIn Networkers Actually Russian Hackers Spreading Zero-Days, Google Says Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us...
red teaming (noun) [Word Notes]
The practice of emulating known adversary behavior against an organization's actual defensive posture.
Threat actors changing ransomware tactics.
GuestKurtis Minder from GroupSense joins Dave to discuss divergent ransomware trends, the guys have a listener reminder about it being CompTIA, Joe, Dave has a story about a coupon scam in the Houston area, Joe's story is about a real estate rental scam and a scammer who likes to talk about his work, and our Catch of the Day is from a listener named Craig with an email about an unprofessional colleague and a questionable attachment. Links to stories: A dark-side coupon group scammed stores out of millions, police say. They were just going through the ink. Housing scams abundant...
next generation firewall (noun) [Word Notes]
A layer sevensecurity orchestration platformdeployed at the boundarybetweeninternal workloads slash data storageanduntrusted sourcesthat blocksincoming and outgoing network trafficwith rulesthat tie applicationsto the authenticated userandprovides mostof the traditionalsecurity stack functionsin one device or software application.
Introducing 8th Layer Insights: Deceptionology 101: Introduction to the Dark Arts
Have you ever noticed how fundamental deception is to the human condition? Deception and forms of social engineering have been with us since the beginning of recorded history. And yet, it seems like we are just as vulnerable to it as ever. But now the stakes are higher because technology allows social engineers to deceive at scale. This episode explores the psychology of deception, provides a foundation for understanding social engineering, offers a few mental models for exploration and exploitation, and discusses how we can prepare our mental defenses. Guests: Rachael Tobac: (LinkedIn), CEO of SocialProof Security Chris Hadnagy: (LinkedIn);...
Collaboration, data portability, and employee mobility fuel insider risk.
GuestJoe Payne of Code 42 joins Dave to discuss insider risks Joe has a story about Frank Abagnale who's conned everyone one way or another, Dave's story is about a real estate scam conning a single mother of her life savings, and our Catch of the Day is from listener Michael with an "Extremely Urgent Attention Required" email. Links to stories: Confessions of a Famous Fraudster: How and Why Social Engineering Scams Work Real estate scam robs Florida mom of $63K in life savings Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com...
fast flux (noun) [Word Notes]
A network designed to obfuscate the location of a cyber adversary's command and control server by manipulating the domain name system, or DNS, in a way that rotates the associated IP address among large numbers of compromised hosts in a botnet.
An inside view on North Korean cybercrime.
The CyberWire's UK correspondent Carole Theriault returns to share an interview with Geoff White, reporter from the BBC and co-host of the Lazarus Heist podcast, Joe has some listener follow-up from Mike looking for advice on certifications for getting into cybersecurity, Dave's story is from Brian Krebs about catching an ATM shimmer gang, Joe's got a piece from MalwareBytes Labs about phishing for Bitcoin recovery codes, and our Catch of the Day is from listener Rohit with a pretty genuine-looking snail mail scam. Links to stories: How Cyber Sleuths Cracked an ATM Shimmer Gang Bitcoin scammers phish for wallet recovery...
encryption (noun) [Word Notes]
The process of converting plain text into an unrecognizable form or secret code to hide its true meaning.
Bad password hygiene jeopardizes streaming services.
Guest Matthew Gracey-McMinn joins us from Netacea to speak with Dave about security issues with streaming services, Joe shares some follow-up from listener Jason about a bracelet sale mentioned a few episodes ago, Joe's story is from UMBC about AI-generated fake news reports, Dave's got a story about a replacement scam for a hardware wallet used for storing cryptocurrency, and our Catch of the Day comes from a listener called R about a vishing scam for DirectTV. Links to stories: Study shows AI-generated fake reports fool experts Criminals are mailing altered Ledger devices to steal cryptocurrency Have a Catch of...
keylogger (noun) [Word Notes]
Software or hardware that records the computer keys pressed by a user.
Answering a job ad from a ransomware gang.
Guest Mantas Sasnauskas from CyberNews joins Dave to talk about how he and his colleagues applied for a job with a ransomware gang, Joe and Dave reply to a listener named Christopher about certifications, Dave's story is about credential stuffing with payroll companies for $800,000,Joe shares a story about lewd phishing lures sent to people's email accounts, and our Catch of the Day is from from a listener named Stof who says, he received this call just now, never heard one this convincing, nearly got me too!" Links to stories: How to hack into 5500 accounts just using credential stuffing...
non-fungible tokens (NFT) (noun) [Word Notes]
Digital assets that are cryptographically protected on a blockchain and contain unique identification codes and metadata that makes them one of a kind.
Pandemic taxes: later due dates afford more time for scams.
Guest Robert Capps of NuData Security joins Dave to discuss what businesses can do to bolster their protection against tax fraud, Joe and Dave have some follow-up from 2 episodes ago when they discussed a BazarLoader scam: Wired has a recent article with a twist about a totally fake streaming site called BravoMovies, Joe shares a story from a listenerJason about a friend of his who was targeted by a scammer on Facebook Marketplace, Dave's story is about scammers demanding ransom from families who report missing persons on social media, and our Catch of the Day is from Reddit on...
multi-factor authentication (noun) [Word Notes]
The use of two or more verification methods to gain access to an account.
The fight in the dog.
Guests Jan Kallberg and Col Stephen Hamilton of Army Cyber Institute at West Point join Dave to talk about cognitive force protection, Joe and Dave have some follow-up from a listener named Obada about Apple only allowing 2FA through SMS, Dave shares a story about Google's plan to require MFA for all users, Joe's story is about a couple who had their Fidelity retirement account defrauded to the tune of $40,000, and our Catch of the Day is from a listener named Doal about becoming named the beneficiary of a similarly-named deceased person. Links to stories: Google to make multi-factor...
machine learning (noun) [Word Notes]
A programming technique where the developer doesn't specify each step of the algorithm in code, but instead teaches the algorithm to learn from the experience.
Hacking people vs. hacking technologies to get into companies.
Guest Tim Sadler from Tessian on how oversharing on social media and in OOO messages can open the door for hackers, Joe shares a story about vishing emails from "Amazon" that had spam confidence levels of 1, Dave's story is about an elaborate BazarLoader campaign counting on a lot of human interaction, and our Catch of the Day is from a listener named Scott about a phishing fax, that's right, we said fax. Links to stories: Hello, Is It Me Youre Phishing For: Amazon Vishing Attacks BazarCall Method: Call Centers Help Spread BazarLoader Malware Have a Catch of the Day...
intelligence (noun) [Word Notes]
The processof turning raw informationinto intelligence productsthat leaders useto make decisions with.
Whaling attacks are more targeted than phishing or spearphishing.
Guest Kev Breen from Immersive Labs joins Dave to talk about how to address whaling attacks, Dave shares a discussion he had with. a colleague about password managers and elderly parents and Joe weighs in, Dave's story is about a smishing Trojan impersonating a Chrome app, Joe has a story about URL redirection making more effective phishing attacks, and our Catch of the Day is from a listener named Vaughn about a snail mail fraud scheme that references a website. Links to stories: Beware of this smishing trojan impersonating the Chrome app Exploiting common URL redirection methods to create effective...
Introducing 8th Layer Insights [Trailer]
Coming May 25, 2021. Get ready for a deep dive into what cybersecurity professionals often refer to as the "8th Layer" of security: HUMANS. This podcast is a multidisciplinary exploration into how the complexities of human nature affect security, risk, and life. Author, security researcher, and behavior science enthusiast Perry Carpenter taps experts for their insights and illumination. Topics include cybersecurity, psychology, behavior science, communication, leadership, and more.
SaaS (noun) [Word Notes]
A cloud-basedsoftware distribution methodwhere app infrastructure,performance,and securityare maintainedby a service providerand accessible to users,typicallyvia subscription,from any deviceconnected to the internet.
How to best fight fake news.
Guest Helen Lee Bouygues of the Reboot Foundation joins Dave to talk about social medias effect within the misinformation ecosystem and how users can best fight fake news, Dave and Joe share some follow-up from listener Jonathan on two-factor authentication, Joe's story is about an employee in Scotland sued for making payments based on phishing emails, Dave has a story about fake order confirmation phishing messages prompting us to call rather than click, our Catch of the Day comes from a listener named Wyatt who received a phishing email from some fellow jackpot winners. Links to stories: Why You Should...
decryption (noun) [Word Notes]
A process of converting encrypted data into something that a human or computer can understand.
Digital identities are at the core of recent breaches.
Our UK correspondent Carole Theriault returns to share her interview with Julie Smith from the Security Alliance and Kelvin Coleman from National Cyber Security Alliance about Identity Management Day, Dave's story is about how Pixar uses colors to hack our moods and minds to see colors we've never seen before, Joe has a story about ways malicious actors can break into accounts with multi-factor authentication enabled, our Catch of the Day comes from a listener named Brett who works in a PC repair shop and "HackerDont'comebacker" software. Links to stories: How Pixar Uses Hyper-Colors to Hack Your Brain How Social...
brute-force attack (noun) [Word Notes]
A cryptographic hackthat relieson guessingall possible letter combinationsof a targeted passworduntil the correct codewordis discovered.
Anyone can be a target of romance scams.
Guest Stacey Nash, Head of Fraud and Central Operations at USAA, joins Dave to discuss romance or sweetheart scams, Joe and Dave share some listener follow-up, Joe's got a story about emails sent to British awards organizers asking them to transfer prize money to a PayPal account, Dave's story is about a Rolling Stones tribute band targeted in a bogus check racket, and our Catch of the Day comes from a listener named Konstantin about a fake tax refund. Links to stories: $40,000 Swindle Puts Spotlight on Literary Prize Scams Scammers cant get no satisfaction Have a Catch of the...
denial-of-service attack (noun) [Word Notes]
A cyber attack designed to impair or eliminate access to online services or data.
Make systems to mitigate the mistakes.
Guest Margaret Cunningham from Forcepoint talks with Dave about cognitive biases that lead to reasoning errors in cybersecurity, Joe shares some follow-up from a listener named Alex about the Alexa phone call Joe mentioned a few episodes back, Dave shares a note from listener Brandon about finding similar DNS names (check out https://dnstwister.report/), Dave's story is about dark patterns to get you to do something on a website, Joe shares a story phishing emails and defenses against them, and our Catch of the Day comes from a listener named Big Mike about an old time radio podcast he heard recently...
cold boot attack (noun) [Word Notes]
A type ofside channel attackin which an attackerwith physical accessto a computerperforms a memory dumpof a computersRandom Access Memoryor RAM during the reboot processin order to stealsensitive data.
Being aware can go a long way to prevent attacks.
Guest Herb Stapleton, the FBIs cyber division sector chief, joins Dave to talk about the FBI's Internet Crime Complaint Center (IC3) annual report and its findings, Joe's story is about an ongoing IRS impersonation scam targeting educational organizations, Dave shares a story from the BBC about people using their pets names as passwords (tell us that hasn't crossed your mind or your keyboard before), and our Catch of the Day comes from the Land Down Under via Gareth and Kingsley. COTD note: Just to be clear their jurisdiction is a single party consent jurisdiction. Links to stories: IRS warns university...
cloud computing (noun) [Word Notes]
On-demand pay-as-you-go Internet delivered compute, storage, infrastructure, and security services that are partially managed by the cloud provider and partially managed by the customer.
Finding targets of opportunity.
Guest Peter Warmka, founder of the Counterintelligence Institute, joins Dave to talk about how insider targets are chosen and assessed, Joe shares a weird phone call he received, Dave's story from a Twitter use named Jake on flower shop scams, Joe has a story about student loan forgiveness scams, and our Catch of the Day comes from a listener named Andrew about a pricey software subscription renewal scam. Links to stories: Twitter thread with flower shop scams from Australia 3 Ways to Spot Student Loan Scams Have a Catch of the Day you'd like to share? Email it to us...
APT (noun) [Word Notes]
An acronym forAdvanced Persistent Threatto describehacker groupsor campaignsnormally,but not always,associated withnation statecyber espionage andcontinuouslow-levelcyber conflictoperations.
The pandemic is slowing, time to travel?
Guest Fleming Shi of Barracuda joins Dave to talk about about travel-related phishing attacks now that vaccines are more readily available, Dave and Joe share listener advice about preventative email blocking, Joe shares a story about romance scams by someone that includes fake W2s and other documents in the process, Dave's got a story about a phone scammer posing as McDonald's CEO, and our Catch of the Day is from a listener named Tarik with an email about his reported death. Tarik awards this email the Unlikely Phishing Hook of the Year Award presented by the Institute of Questionable Intentions....
backdoor (noun) [Word Notes]
An undocumentedor publicly unknown methodto access a computer systemundetectedorto break a cypherused to encode messages.
Technology is not designed for older users.
Guest Ming Yang of Orchard joins Dave to talk about ways to help your parents with technology (aka providing tech support for our parents). Dave shares the FBI's advisory warning of an expected increase in the use of deepfakes for social engineering attacks, Joe's got a story about phantom debts, and our Catch of the Day is from a listener named Anthony about an email from federalcrimeofinvestigation@gmail.com. Hmmm...seems legit. Links to stories: Malicious Actors Almost Certainly Will Leverage Synthetic Content for Cyber and Foreign Influence Operations Beware Scammers Trying to Collect Phantom Debts Have a Catch of the Day you'd...
watering hole attack (noun) {Word Notes]
From the intrusion kill chain model,a techniquewhere the hackercompromises sitescommonly visitedby membersof a targeted communityin order to delivera malicious payloadto the intended victim.
Ideally, look for someone open to deception.
Guest professional magician Brandon Williams talks with Joe about the art of deception. we have some follow-up on a watering hole attack we discussed a few episodes back, Joe's story is about the Attorney General of Vermont's top scams of 2020 report (no surprise #1 was SSN phishing), Dave's got a story about the level of sophistication of cybercriminals (hint: not all are that sophisticated), and our Catch of the Day is from a listener named Jo about a well-written request for donation. Links to stories: Top 10 scams of 2020 released by attorney general Not all cybercriminals are sophisticated...
network telescope (noun) [Word Notes]
Network observation systems designed to monitor globally unreachable but unused Internet address space or the Deep Web in order to study a wide range of interesting Internet phenomena.
Insider threats and security concerns for APIs.
Guest Inon Shkedy, security researcher at Traceable and API project leader at OWASP Foundation, talks with Dave about the risks various types of insider threats pose to APIs, we have some follow-up from a listener closing on their home, Dave's story is about a new wave of scams saying they are from the Social Security Administration, Joe's got Deepfakes of Tom Cruise (thanks to Rachel Tobac for this one), and our Catch of the Day is from a listener named John's son and a job interview scam he experienced. Links to stories: US government warns of Social Security scams using...
SOC Triad (noun) [Word Notes]
A best practice for framing cyber intelligence critical information requirements that recommends collecting and consolidating data from three specific sources: endpoint, network and log.
Fraud activity within secure messaging apps in plain sight.
Guest Brittany Allen of Sift joins Dave to talk about a new fraud ring on Telegram where bad actors leverage the app to steal from on-demand food delivery services, Joe's story involves two of the five parts of URLs in phishing attacks, Dave's got a story about a malvertising group called "ScamClub," and our Catch of the Day is from a listener named John about a letter he received in the mail from "TD Trust Bank" about an inheritance opportunity. Links to stories: New Phishing Attack Identified: Malformed URL Prefixes ScamClub gang outed for exploiting iPhone browser bug to spew...
supply chain attacks (noun) [Word Notes]
Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.
How likely are online users to reveal private information?
Guest Professor Lior Fink from Ben Gurion University shares insights from their study on "How We Can Be Manipulated Into Sharing Private Information Online," Dave's story is some good news about a Nigerian man sentenced for phishing the US heavy equipment company Caterpillar, Joe has a story with bad news about a sextortion email scam with a fake Zoom zero day component, and our Catch of the Day is a compelling phishing email a listener named Michael recently received. Links to stories: Nigerian man sentenced 10 years for $11 million phishing scam Watch out for sextortion email scams Have a...
taint analysis (noun) [Word Notes]
The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.
Including your passwords in your final arrangements.
Guest Sara Teare who is known as 1Password's Minister of Magic talks with Dave about things that people don't consider like custody of the digital keys to your stuff online, Dave and Joe share some listener feedback from Jonathan about replacing outdated equipment (aka an old phone), Joe's story is about ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations, Dave's story has a holiday theme: emails pretending to confirm orders from lingerie and flower shops that are actually spreading malware, and our Catch of the Day is from a listener named Kristian...
ATM skimming (noun) [Word Notes]
The process of stealingATM customer credentials by means of physicallyand covertly installingone or more devicesonto a public ATM machine.
In the disinformation and misinformation crosshairs.
Carole Theriault returns with a discussion on disinformation with guest, BBC host, podcaster and author Tim Harford, Dave's got a story about Covid vaccine phishing campaigns, Joe's story talks about data breaches that have increased 50% year over year since 2018, and our Catch of the Day is from a listener named John his wife saw on Facebook who translated it from Lithuanian. Links to stories: Count Yourself in For a Vaccine Phish Deep Analysis of More than 60,000 Breach Reports Over Three Years Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com...
APT side hustle (noun) [Word Notes]
A nation-statehacking groupspracticeof funding its town activitiesthrough cybercrimeor cyber mercenary work.
Understanding human behavior is a key to security.
GuestNico Popp of Forcepoint joins Dave to discuss why understanding human behavior is a major key to security, Dave & Joe discuss some listener follow-up about a Craigslist posting, Joe's story is about a scam website that is promising refunds to consumers all over the world, Dave shares a story about scam calls coming from call centers in India, and our Catch of the Day is from a listener about an email from former first lady Melania Trump. Links to stories: FTC warns of scam website that promises refund for victims of online scams Scam US Trading Commission website is...
endpoint (noun) [Word Notes}
A deviceconnected to a networkthat accepts communicationsfrom other endpointslike laptops,mobile devices,IoT equipment,routers,switches,and any tool on the security stack.
Covid has shifted the way we deal with money and increased fraud.
GuestEric Solis of MOVO Cash talks with Dave about the increase of fraud attacks on consumers and businesses by not having a body of regulations for digital payments, Dave's story is about his recent pillow purchase prompting him to do online reviews for an extra bonus, Joe shares some details from Verizon's Cyber-Espionage report, and our Catch of the Day is a letter from a listener named Jim who had a bad eBay transaction. Links to stories: Amazon is trying to crack down on fraudulent reviews. Theyre thriving in Facebook groups. Breach of Trust: How Cyber-Espionage Thrives On Human Nature...
An extensionof the traditionalBasic Input/Output Systemor BIOSthat,during the boot process,facilitates the communicationbetween the computers firmwareand the computers operating system.
Targeted phishing campaigns and lottery scams abound.
Guest Arjun Sambamoorthy of Armorblox talks with Dave about five targeted phishing campaigns that weaponize various Google services during their attack flow, Joe's story is about the MegaMillions jackpot that is approaching epic proportions and attracting the attention of scammers, Dave's story comes from a listener over on the Grumpy Old Geeks podcast about a Venmo incident, and our Catch of the Day comes from Joe's son who received an email from the FBI. Links to stories: Advisory: Beware of Scams as Jackpot Grows Lottery Scams: Some scammers falsely use Mega Millions name Have a Catch of the Day you'd...
Daemon (noun) [Word Notes]
An operating system programrunning in the backgrounddesigned to perform a specific taskwhen certain conditionsor eventsoccur.
As B2C interactions shift online, call centers become new fraud vector.
Guest Umesh Sachdev of Uniphore talks with Dave about how call centers are becoming the new fraud vector, Dave's story involves an email that has a Trump scandal .jar file attached that's really a RAT, Joe has a story about hackers spoofing a victim's phone number making emergency calls where the police respond to the victim's home with force, he also talks about credential stuffing for swatting a video doorbell, and our Catch of the Day comes from a listener Christian who received an email with a lazy trunk box scam. Links to stories: Hackers Using Fake Trump's Scandal Video...
greyware (noun) [Word Notes]
Also known as spyware and adware, it is a software category where developers design the application neither to cause explicit harm nor to accomplish some conventional legitimate purpose, but when run, usually annoys the user and often performs actions that the developer did not disclose, and that the user regards as undesirable.
Combating growing online financial fraud.
Dave switches gears and shares a story from the National Law Review with a social engineering spin to it about a theft exclusion in a title company's errors and omissions policy, Joe shares a story from Facebook taking action against hacking groups, The Catch of the Day comes Joe himself with a connection request he received on LinkedIn, and later in the show, Dave's conversation with Carey OConnor Kolaja from AU10TIX on fraud in the financial services and payment industry, and how organizations are using emerging technical solutions to help combat it. Links to stories: Engineering Coverage for Social Engineering...
Unix (noun) [Word Notes]
A family of multitasking, multi-user computer operating systems that derive from the original Unix system built by Ken Thompson and Dennis Ritchie in the 1960s.
fuzzing (noun) [Word Notes]
An automatic software bug and vulnerability discovery technique that input's invalid, unexpected and/or random data or fuzz into a program and then monitors the program's reaction to it.
Encore: Don't go looking for morality here. [Hacking Humans]
Dave has a story of an investment scam featuring celebrities, Joe warns of scams surrounding the Coronavirus, the Catch of the Day features Joe's son-in-law's adventure with thousands of bot infiltrations, and later in the show, Dave's extended interview with magicians and entertainers Penn and Teller at RSAC 2020 in San Francisco.
Links to stories:
Revealed: fake 'traders' allegedly prey on victims in global investment scam
Coronavirus: Scammers follow the headlines
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
deep packet inspection (DPI) (noun) [Word Notes]
A network monitoringand filtering techniquethat examines boththe header informationand the payloadof every packettraversing a network access point.
Encore: Separating fools from money. [Hacking Humans]
Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
tactics, techniques and procedures (TTPs) (noun) [Word Notes]
A set of behaviorsthat precisely describesa cyber adversary attack campaign.
rootkit (noun) [Word Notes]
A clandestine set of applications designed to give hackers access and control over a target device.
Phishing lures that may be in your inbox soon, and how to deal "left of bang."
Joe talks about phishing lures with holiday packages, current events, and things he expects to see in your inbox soon, Dave's shares a blog post on how to troll a Nigerian prince, The Catch of the Day comes from a listener named Christian who received an email from an ill churchgoer that tests US knowledge of geography, and later in the show, Carole Theriault returns with a conversation with Rebecca McKeown, an independent Chartered Psychologist, with experience researching and evaluating learning and development across the Ministry of Defence. She is studying the psychology of cyber response. Links to stories: How...
identity theft (noun) [Word Notes]
In this case Identity is the set of credentials, usually electronic that vouch for who you are and theft is to steal. The theftof a person's identityfor purposes of fraud.
The landscape has shifted for holiday shopping to online.
Joe provides some listener feedback on allowing site notifications, Dave shares good news in his story about taking down money mules, Joe's got not as good news about a phishing campaign targeting the COVID-19 vaccine cold chain, The Catch of the Day comes from a listener named Virginia who received a phishing email impersonating a bank, and later in the show, Dave's conversation with Neal Dennis from Cyware on the cybersecurity concerns and pitfalls customers need to look out for and why ecommerce has become a goldmine for hackers. Links to stories: U.S. Law Enforcement Takes Action Against Approximately 2,300...
Information used by leadershipto make decisionsregarding the cybersecurity postureof their organization.
Virtual Private Network (VPN) (noun) [Word Notes}
A software, hardware or hybrid encryption layer between two devices on the network that makes the traffic between the sites opaque to the other devices on the same network.
Going behind the scenes and preventing social engineering in financial institutions.
Joe has a story about fake websites with advanced profiling tools and malicious software by OceanLotus, Dave's story is about sites that ask if it's ok to send you notifications, The Catch of the Day comes from a listener named William who received a phishing email from the boss, and later in the show, Dave's conversation with Mike Slaugh from USAA on his predictions for 2021 and best practices for organizations to protect themselves and consumers, including creating better means of identity verification. Links to stories: OceanLotus: Extending Cyber Espionage Operations Through Fake Websites Be Very Sparing in Allowing Site...
smishing (SMS phishing) (noun) [Word Notes]
From the intrusion kill-chain model,the delivery of a lurevia a text messageto a potential victimby pretending to besome trustworthy personor organizationin order to trick the victiminto revealing sensitive information. Smishingis a portmanteau word made of two other words,the acronymSMSand the cyber coinagePhishing.Its atext-message-centric variationof the email-based phishing scamsthat have been around since the 1990s.The term Smishingarosein the late 2000s.
Network Time Protocol (NTP) attack (noun) [Word Notes]
A reflection or amplification distributed denial-of-service attack in which hackers query Internet network time protocol servers, NTP servers for short, for the correct time, but spoof the destination address of their target victims.
Encore: Wearing a mask in the Oval Office and the art of deception.
Joe shares his Classic Cons Part 3, Dave has an Apple device scam story, The Catch of the Day is your assassination heads-up, and later in the show our interview with Jonna Mendez, retired CIA intelligence officer and former Chief of Disguise.
Link to story:
Twitter
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
port mirroring (noun) [Word Notes]
A network switch configuration settingthat forwards a copyof each incoming and outgoing packetto a third switch port. Also known asSPAN or Switched Port Analyzer, RAP or Roving Analysis Port, and TAP or Test Access Point. When network managersand security investigatorswant to capture packets for analysis,they need some sort ofgeneric TAPor Test Access Point.You can buy specialized equipmentfor this operationbut most modern switcheshave this capability built in.
The public's expectations are changing.
Dave has a story about the security risks of your outbound email, Joe's story is about a fake company, Ecapitalloans, using fake BBB affiliation, The Catch of the Day comes from a listener named Max with a new work phone with curious activity from previous number owner, and later in the show, Dave's conversation with Bill Coletti, crisis communications and reputation management expert at Kith, and author of the book Critical Moments: A New Mindset for Reputation Management. Links to stories: The 2020 Outbound Email Data Breach Report Finds growing email volumes and stressed employees are causing rising breach risk...
shadow IT (noun) {Word Notes]
Technology, software and hardware deployed without explicit organizational approval. In the early days of the computer era from the 1980s through the 2000s security and information system practitioners considered shadow ITas completely negative.Those unauthorized systemswere nothing morethan a hindrancethat created more technical debtin organizationsthat were already swimming in it with the knownand authorized systems.
Network Detection and Response (NDR) (noun) [Word Notes]
NDR tools provideanomaly detectionand potential attack preventionby collecting telemetryacross the entire intrusion kill chainon transactionsacross the network,between servers,hosts,and cloud-workloads,and runningmachine learning algorithmsagainst this compiledand very large data set. NDR is an extensionof the EDR,or endpointdetection and response ideathat emerged in 2013.
Ransomware: Statistically, it's likely to happen to anybody.
Joe has a story about how Emotet is being used in phishing emails through thread hijacking, Dave's story is a two-fer: one is about bad guys using image manipulation and the other has Elon Musk giving away Bitcoin again taking advantage of the US election, The Catch of the Day is from a listener named John about an email-based vishing attack, and later in the show, we welcome back Kurtis Minder of GroupSense on the burgeoning ransomware negotiation industry. Links to stories: Spike in Emotet activity could mean big payday for ransomware gangs Sneaky Office 365 phishing inverts images to...
remote access Trojan or RAT (noun) [Word Notes}
From the intrusion kill chain model,a programthat provides command and control servicesfor an attack campaign. While the first everdeployed RAT is unknown,one early exampleis Back Orificemade famousby the notorious hacktivist group calledThe Cult of the Dead Cow,or cDc,Back Orifice was writtenby the hacker,Sir DysticAKA Josh Bookbinderand released to the publicat DEFCON in 1998.
Too good to be true.
Dave has a story about a fake Facebook copyright violation scam trying to trick you out of your TFA to get into your account, Joe story about the largest elder fraud scam in US history, The Catch of the Day is about a scam using a Google code for verification and includes Hacking Humans in the response, and later in the show, Dave's conversation with Mallory Sofastaii from WMAR Baltimore returns with her reporting on a fake website luring victims through social media ads. . Links to stories and Catch of the Day: Facebook copyright violation tries to get past...
business email compromise or BEC (noun) [Word Notes]
A social engineering scamwhere fraudstersspoof an email messagefrom a trusted company officerthat directs a staff memberto transfer fundsto an accountcontrolled by the criminal.
David Sanger on the HBO documentary based off his book, "The Perfect Weapon". [Special Edition]
On this Special Edition, our extended conversation with author and New York Timesnational security correspondent David E. Sanger. The Perfect Weaponexplores the rise of cyber conflict as the primary way nations now compete with and sabotage one another.
The Malware Mash!
New consequences, extortion and cyber insurance.
Joe has a story about a woman who called a fake customer service number and got scammed, Dave's story talks about how phishing kits are not that. hard to find, just check YouTube, The Catch of the Day is an opportunity for a listener remove their name from the BLACKLIST, and later in the show, Dave's conversation with John Pescatore from SANS on Thinking Through the Unthinkable: Should You Pay Off a Ransomware Demand. Links to stories and Catch of the Day: Local Doctor Scammed After Calling Fake Customer Service Number Phishing kits as far as the eye can see...
anagram (noun) [Word Notes]
A word,phrase,or sentenceformed from anotherby rearranging its letters. For example, crackinga columnartranspositioncipherby handinvolves looking for anagrams.
What is true and important versus what is the spin.
Dave's story is about some cybercriminal gangs that have stolen $22 million from users of the Electrum wallet app, Joe's story talks about a business email compromise scam cost a US company $15 million, The Catch of the Day is a gift card scam that includes references to National Treasure movie, and later in the show, Dave's conversation with Bill Harrod, Federal CTO of MobileIron on election disinformation campaigns. Links to stories and Catch of the Day: Bitcoin wallet update trick has netted criminals more than $22 million The anatomy of a $15 million cyber heist on a US company...
rogue access point (noun) [Word Notes]
1. A wireless access point installed by employees in an office or data center environment as a convenience to connectivity without the consent or the knowledge of the network manager. 2.A wireless access point, sometimes called an Evil Twin, installed by a cyber adversary in or near an office or data center environment designed to bypass security controls, gain access, and/or surveil the network traffic of the victims network. Both kinds, the employee installed and the adversary installed rogue access points, increase the attack surface of the organization. The employee installed device, because of its electronic footprint range, might make...
Use a Dance Dance Revolution floor lock for your data centers.
Starting with some listener follow-up on password managers, Joe's story has an angel investor bilking people out of due diligence fees, Dave's story comes from Graham Cluley on a malware campaign talking about details on Donald Trump's COVID-19 status, The Catch of the Day is an animal vaccine phishing scam, and later in the show, weve got a special treat for you: David Spark from the The CISO/Security Vendor Relationship Series podcast joins us to play the Best Worst Idea game. Links to stories: Promising Infusions of Cash, Fake Investor John Bernard Walked Away With $30M Hackers disguise malware attack...
darknet (noun) [Word Notes]
A subset of the internet where communications between two parties or client-server transactions are obscured from search engines and surveillance systems by layers of encryption. The U.S. Navy designed the original Darknet by developing The Onion Router network, or TOR, back in the 1990s. Roger Dingledine and Nick Mathewson deployed the first alpha implementation in 2002 with some initial funding by the Electronic Frontier Foundation (EFF.) The TOR Project became a non-profit in 2006 and is funded by the U.S, Sweden, different NGOs, and individual sponsors.
Don't click any button...even the 'No' button.
Dave's story is about how some adware took a turn for the worse (and how his dad has fallen adware in the past), Joe's story talks about how someone is trying to phish AT&T employees and others, The Catch of the Day is an OfferUp scam on an rtx 3080 (you gamers know what that is), and later in the show, Dave's conversation with Caleb Barlow from Cynergistek reacting to the recent story of the tragic death of a woman due to hospital ransomware. Links to stories: Linkury adware caught distributing full-blown malware Phishing Page Targets AT&Ts Employee Multi-Factor Authentication...
phishing (verb) [Word Notes]
From the intrusion kill chain model, the delivery of a lure to a potential victim by pretending to be some trustworthy person or organization in order to trick the victim into revealing sensitive information. According to Knowbe4, the word phishing first appeared in a Usenet newsgroup called AOHell in 1996 and some of the very first phishing attacks used AOL Instant Messenger to deliver fake messages purportedly from AOL employees in the early 2000s. The word is part of l33tspeak that started in the early days of the internet (1980s) as a shorthand to let readers know the author was...
Cookies make for some tasty phishing lure.
In addition to his regular story Dave shares a situation where his mom almost took the bait, Dave's story is about an SMS phishing (smishing) Apple scam in UK (ps, there's never a free iPhone & Joe is still not an Apple fan), Joe's story talks about why you don't trust anything political on a social network, The Catch of the Day is from a Reddit user invited to join the Illuminati game, and later in the show, Dave's conversation with Alex Mosher from MobileIron on MobileIron's Phishing with Cookies Campaign. Links to stories and Catch of the Day: SMS...
credential stealing (verb) [Word Notes]
From the intrusion kill chain model, the first part of an exploitation technique where the hacker tricks their victims into revealing their login credentials. In the second part of the technique, hackers legitimately log into the targeted system and gain access to the underlying network with the same permissions as the victim. Hackers use this method 80% of the time compared to other ways to gain access to a system like developing zero day exploits for known software packages. The most common way hackers steal credentials is with some version of a phishing attack.
It's human nature.
Dave and Joe have some follow-up from a listener on OG accounts, Joe's story talks about a new phishing campaign inspired by Twitter from earlier this summer, Dave shares a story about using security awareness training as phishing lures, The Catch of the Day is a SunTrust phishing scam, and later in the show, Dave's conversation with Tim Sadler from Tessian on the Psychology of Human Error report. Links to stories and Catch of the Day: New Twitter phishing scam inspired from Twitters latest security response This security awareness training email is actually a phishing scam Catch of the Day...
The Bombe (noun) [Word Notes]
An electro-mechanical device used to break Enigma-enciphered messages about enemy military operations during the Second World War.The first bombenamed Victory and designed by Alan Turning and Gordon Welchman started code-breaking at Bletchley Park on 14 March 1940, a year after WWII began. By the end of the war, five years later, almost 2000, mostly women, sailors and airmen operated 211 bombe machines in the effort. The allies essentially knew what the German forces were going to do before the German commanders in the field knew. Historians speculate that the effort at Bletchley Park shortened the war by years and estimate...
Your information is already on the Dark Web.
Dave and Joe have some follow-up on mobile banking apps, Dave talks about the website bitcoinabuse.com, Joe's story Brian Krebs did on old Gmail emails and people using them either errantly or maliciously to create accounts, The Catch of the Day is about a Netflix-themed campaign that's currently running, and later in the show, Dave's conversation with Shai Cohen from TransUnion on identity fraud at center of many digital COVID-19 scams. Links to stories: Bitcoin Abuse Database The Joys of Owning an OG Email Account Have a Catch of the Day you'd like to share? Email it to us at...
cross-site scripting (noun) [Word Notes]
From the intrusion kill chain model, a malicious code delivery technique that allows hackers to send code of their choosing to their victims browser. XSS takes advantage of the fact that roughly 90% of web developers use the JavaScript scripting language to create dynamic content on their websites. Through various methods, hackers store their own malicious javascript code on unprotected websites. When the victim browses the site, the web server delivers that malicious code to the victims computer and the victims browser runs the code.
The story is what gets people in.
Joe shares a story on the ability to make a scam work through storytelling skills, Dave's story is about a guy duping a convenience store clerk into taking over her shift and later robbing the place, The Catch of the Day is about an email from a fake landlord, and later in the show, Dave's conversation with Mallory Sofastaii a reporter and anchor at WMAR2 on Impostor uses Maryland man's identity to steal unemployment insurance benefits. Links to stories and Catch of the Day: The Age-Old Secrets of Modern Scams Twitter: @findmyscammer Have a Catch of the Day you'd like...
penetration test (noun) [Word Notes]
The process of evaluating the security of a system or network by simulating an attack on it. Sometimes called "ethical hacking" or white hat hacking. The phrase started to appear in U.S. military circles in the mid 1960s as time sharing computers became more necessary for daily operations. Computer security experts from Rand Corporation began describing computer compromises as penetrations. By the early 1970s, government leaders formed tiger teams of penetration testers to probe for weaknesses in various government systems.
It's evolving rapidly and getting more furious by the minute.
Dave & Joe have a tip as some follow-up on cloning social media accounts, Dave's story is about turning the tables on hackers in the UK, Joe talks about Kaspersky's Spam and phishing report, The Catch of the Day is is from a listener, Bob, who received an email from Eddy looking for the love of a woman (but, Bob is not a woman), and later in the show, Dave's conversation with Max Heinemeyer from Darktrace on threats that he and his team have tracked throughout the onset and spread of COVID. Links to stories: Boomer outsmarts hackers: Kiss your...
social engineering (noun) [Word Notes]
The art of convincing a person or persons to take an action that may or may not be in their best interests.Social engineering in some form or the other has been around since the beginning of time. The biblical story of Esau and Jacob might be considered one of the earliest written social engineering stories. As applied to cybersecurity, it usually involves hackers obtaining information illegitimately by deceiving or manipulating people who have legitimate access to that information. Common tactics involve phishing attacks and watering hole attacks.
Take a deep breath.
Joe's story is about the effectiveness of social media account cloning, Dave talks about toll fraud, The Catch of the Day is a Bitcoin scam with some scam baiting on the side, and later in the show, Dave's conversation with Ben Rothke from Tapad on Medium piece: A conversation with an iTunes card scammer.
Links to stories:
Attack of the Instagram clones
A Game of Phones: Fighting Phone Phreaks in the 21st Century
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
man trap (noun) [Word Notes]
A physical security access control device consisting of an enclosed hallway with interlocking doors on each end where both doors cant be open at the same time. A person presents credentials to the entry doorway. If authorized, the entry door opens and the person walks into the mantrap. The man trap exit door will not open until the entry door closes. The person presents credentials to the exit door. If authorized, the exit door will open. If not, the person is captured in the man trap until security arrives to handle the situation. Physical security leadership installs man traps to...
Many times it is less sophisticated than we think.
Dave's story is about robocalls to a telephony honeypot, Joe talks about postcards impersonating HIPAA communications (you have one? please let Joe know), The Catch of the Day is an email that our editor, Tom, received from the FBI about his COVID-19 death,, and later in the show, Dave's conversation with Rachel Tobac from SocialProof with her insights on the Twitter hack. Links to stories: A simple telephony honeypot received 1.5 million robocalls across 11 months Fraudulent HIPAA Communications: An Alert from the Office for Civil Rights Have a Catch of the Day you'd like to share? Email it to...
Zero-day (adjective) [Word Notes]
A class of software-security-weakness-issues where independent researchers discover a software flaw before the owners of the code discover it. Zero-day, or 0-day in hacker slang, refers to the moment the race starts, on day zero, between network defenders who are trying to fix the flaw before hackers leverage it to cause damage. It is a race because on day zero, there is no known fix to the issue.
Flying under the radar.
Dave's story is about a forgotten scam, Joe talks about the recent Twitter hack, The Catch of the Day is a pretty standard phishing email for you to be on the lookout for, and later in the show, Dave's conversation with Carolyn Crandall from Attivo Networks on why human-controlled ransomware, Ransomware 2.0, is so threatening to todays remote businesses. Links to stories: Question Quiz - The Forgotten Scam The Teenager Allegedly Behind the Twitter Hack and How He Did It Catch of the Day: Fake email notice for business owners on Bluehost. Have a Catch of the Day you'd like...
NMAP (noun) [Word Notes]
A network mapping tool that pings IP addresses looking for a response and can discover host names, open communications ports, operating system names and versions. Written and maintained by Gordon Lyon, a.k.a. Fyodor, it is a free and open source software application used by both system admins and hackers alike and has been a staple in the security community for well over two decades.
Ignore the actor, focus on the behavior.
Dave shares an horrific cyberstalking story from the local area, Joe's story is about a phishing campaign impersonating voicemail alerts, The Catch of the Day is an HR front for a check floating scam, and later in the show, Dave's conversation with Johnathan Hunt of GitLab on his perspective of dealing with bad actors: ignore them. Links to stories: Anne Arundel man sentenced for cyberstalking ex-girlfriend by hacking her accounts and getting her arrested New Voicemail-Themed Phishing Attacks Use Evasion Techniques and Steal Credentials Catch of the Day: I was just super bored. But now I have something to do....
Be the custodian of your own digital identity.
Dave talks about a deepfake recording impersonating a CEO, Joe's story is about a new phishing campaign, The Catch of the Day is a very persistent cash app scammer, and later in the show, Dave's conversation with Bruce Esposito from One Identity on digital identities and what they could mean for privacy. Links to stories: Listen to This Deepfake Audio Impersonating a CEO in Brazen Fraud Attempt New phishing campaign abuses a trio of enterprise cloud services Catch of the Day: Monica played dumb with a cash app scammer for 3 days. Have a Catch of the Day you'd like...
Never think of security as a destination.
Dave talks about gift card scams associated with YouTube live streams, Joe's story is about a scam impersonating Canadian hospital staff, The Catch of the Day is phish impersonating a small game developer going after podcasters, and later in the show, Dave's conversation with Richard Torres from Syntax on phishing attacks increasing 350% during COVID-19. Links to stories: PSN / XBOX / STEAM CODES GIVEAWAY | V BUCKS GIVEAWAY Scam impersonating hospital staff, phishing for personal information: VCH Catch of the Day: Cellar Door Games impersonation Have a Catch of the Day you'd like to share? Email it to us...
A little dose of skepticism.
We have some listener follow-up sharing dnstwister.report site, Dave has a story of consent phishing, Joe talks about calendar invite phishing, The Catch of the Day is a lazy money multiplying scam, and later in the show, Dave's conversation with Don MacLennan from Barracuda Networks on brand impersonation.
Links to stories:
Microsoft warns of Office 365 phishing via malicious OAuth apps
Abnormal Attack Stories: Calendar Invite Phishing
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Send me money so I know you are real.
We have some follow-up, and this time, Joe was not right, Dave's story is about poison-selling scam, Joe about an impersonation site, The Catch of the Day claims to be notice of a United Nations payment, and later in the show, Dave's conversation with Satnam Narang from Tenable on the increase of scams on Venmo, PayPal and Cash App on giveaways due to the opportunity provided by the economic fallout of COVID-19. Links to stories: How to Passcode-Lock Any App on Your Phone Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com Catch of the Day: 7 Spam...
Because they deserve the money!
Dave's story shows Macs are not immune, Joe talks about a dark place in his soul (aka survey scams), some listener follow-up saying Joe was right!, The Catch of the Day an advanced fee scam from the US government, and later in the show, Dave's conversation with Aviv Grafi from Votiro on a multistage attack using a zero day exploit to deliver a trojan relating to COVID-19 Stay at Home orders. Links to stories: New Shlayer Mac malware spreads via poisoned search engine results Anatomy of a survey scam how innocent questions can rip you off Have a Catch of...
Close in your pajamas.
Joe shares a different spin on ransom attacks, Dave has a story on phone number reuse, The Catch of the Day is a notice from British Gas (accent included), and later in the show, Dave's conversation with Stan Holland from Atlantic Bay Mortgage on their experience adapting to COVID-19.
Links to stories:
Extortionists threaten to destroy sites in fake ransom attacks
How I Accidentally Hijacked Someone's WhatsApp
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
It can happen to anybody.
Dave shares a story of an attempt on his father's Verizon account, Joe has the story of an Amazon gift card phishing attempt, The Catch of the Day is a funny phishing email, and later in the show, Joe checks in with Kurtis Minder from GroupSense. They dig a little deeper into some of the topics Kurtis discussed in his previous appearance on our show.
Link to story:
Multifactor Authentication Hacking is Getting Real
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Taking a selfie with your ID.
Joe talks about HROs (High Reliability Organizations), Dave has a scam on Upwork gigs, The Catch of the Day talks about giving a scammer the runaround, and later in the show our interview with Sanjay Gupta from Mitek on how cybercriminals are capitalizing on the recently-deceased and creating synthetic identities. Link to stories: The Unaddressed Gap in Cybersecurity: Human Performance People who turned to Upwork to find freelance gigs say they've lost thousands of dollars to scams Catch of the Day: Person Tests Scammers Patience By Pretending To Be Not The Sharpest Tool In The Shed Have a Catch of...
Seniors and millennials more alike than people think.
Dave has a ransomware story from inside a virtual machine, Joe talks phishing with Google firebase storage URLs, some listener follow-up, The Catch of the Day comes from Joe's daughter and "Apple", and later in the show our interview with Paige Schaffer from Generali Global Assistance on the digital habits of seniors and millennials and the latest scams. Link to stories: The ransomware that attacks you from inside a virtual machine Phishing in a Bucket: Utilizing Google Firebase Storage Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on...
Wearing a mask in the Oval Office.
Joe shares his Classic Cons Part 3, Dave has an Apple device scam story, The Catch of the Day is your assassination heads-up, and later in the show our interview with Jonna Mendez, retired CIA intelligence officer and former Chief of Disguise.
Link to story:
Twitter
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
HH Extra - Happy 100 shows!
We'd like to thank you, our dear listeners, for sticking with us and our podcast through thick and thin, bad accents and even worse ones, with this - a collection of some of our favorite Catch of the Day segments. From Australia to Brazil, Italy to the Oval Office, they're all here.
Here's to another 100 episodes.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
How scammers fill the gap.
Dave has a story on a possible Disney-styled phishing email, Joe has the skinny on a circular pyramid scheme, some listener follow-up, The Catch of the Day is a YouTube verification badge for you, and later in the show our interview with Neill Feather from SiteLock. He joins us to explain how scammers fill the gap when popular retail items are sold out.
Link to story:
New phishing/scam email attempt
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Every day you're a firefighter.
Dave and Joe have a follow up for a listener, Joe has two stories on different levels of effort of phishing schemes, The Catch of the Day is looking for a sugar baby, and later in the show our interview with Marcus Carey, enterprise architect at ReliaQuest. Hes the author of the book Tribe of Hackers, and he wonders if we are living in a cybersecurity groundhog day. Links to stories: Anatomy of a Well-Crafted UPS, FedEX, and DHL Phishing Email During COVID-19 Phishers target investment brokers, aim for Office, SharePoint login credentials Have a Catch of the Day you'd...
Exploiting our distractions.
Dave has the story of PR firms selling lies online, Joe has the story of a sophisticated Business Email Compromise attack, The Catch of the Day advises you to update your account information IMMEDIATELY, and later in the show our interview with Dave Baggett, CEO and Founder of INKY. This will be a discussion of fake stimulus payment phishing scam recently found by INKY. Links to stories: Disinformation For Hire: How A New Breed Of PR Firms Is Selling Lies Online IR Case: The Florentine Banker Group Have a Catch of the Day you'd like to share? Email it to...
Passwords are the easiest things to steal.
Joe takes a look at a massive sextortion spam scheme, Dave has some advice for all of us, the Catch of the Day comes from down under, and later in the show our conversation with Andrew Shikiar, Executive Director and Chief Marketing Officer at FIDO Alliance on why phishing and passwords remain such a huge security problem and options for doing away with passwords. Links to stories: Following the money in a massive sextortion spam scheme When in Doubt: Hang Up, Look Up, & Call Back The Catch of the Day Have a Catch of the Day you'd like to...
Wallet inspector.
Dave warns of fake QR code websites stealing Bitcoin, Joe has the return of classic cons, the Catch of the Day forgets one crucial element, and later in the show, our interview with Kurtis Minder. Hes with a company called Groupsense and theyve been commemorating the 20th anniversary of the Dark Web.
Links to stories:
Network of fake QR code generators will steal your Bitcoin
Paris Gold Ring Scam
The Simpsons - Wallet Inspector
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
They're getting smart, but we're getting smarter.
Joe has the story of a cold-calling conman, Dave has a story of vindication for seniors who lost money in phone scams, the Catch of the Day has Joe doing his research, and later in the show my conversation with Dustin Warren from SpyCloud. His team has been monitoring criminal forums during the COVID-19 pandemic, and hes here to share what theyve been seeing. Links to stories: Coronavirus conman barges in on 83-year-old woman Western Union Paying $153M In Compensation To Seniors Who Lost Money In Phone Scams Have a Catch of the Day you'd like to share? Email it...
Even famous people get scammed.
Dave has the story of a Walking Dead actress raising money for a scammer, Joe has an article warning of Government websites giving bad security advice, the Catch of the Day tries to put the fear of God in it's victim, and later in the show Carole Theriault returns with an interview with a couple of researchers from a firm called Lookout, who analyzed a phishing scam with over four thousand victims. Links to stories: Lehigh Valley cancer scammer ensnares Walking Dead actress US Government Sites Give Bad Security Advice Its Way Too Easy to Get a .gov Domain Name...
Shedding light on the human element.
Joe has the story of a very exposing scam, Dave has the scoop on a rare BadUSB attack, The Catch of the Day is a 'lame scammer who needs to get a life' and later in the show our conversation with Tom Miller from ClearForce on continuous discovery in the workplace, and the human side of protecting your business. Links to stories: What kind of breast check-up would need my face?: Woman falls victim to Facebook Messenger scam Rare BadUSB attack detected in the wild against US hospitality provider Have a Catch of the Day you'd like to share? Email...
Paging Dr. Dochterman.
Dave shares an example of modern-day snake oil, Joe brings us his favorite old-time scams, the Catch of the Day is straight from Dr. Dochterman - you really can't make this stuff up - and later in the show Joe speaks with Scott Knauss - a security consultant who was targeted by scammers.
Links to stories:
Coronavirus Scam Alert: Beware Fake Fox News Articles Promising A CBD Oil Cure
Slowing the Scammers
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Disinformation vs. misinformation.
Dave shares the story of a malicious website posing as a Coronavirus map supposedly from Johns Hopkins University, Joe has the story of an elderly woman who lost a lot of money to two men claiming her grandson was in a car accident, the Catch of the Day's dying wish is to give you money to build an orphanage, and later in the show Carole Theriault returns and speaks with Samuel C. Woolley from University of Texas at Austin on disinformation campaigns. Links to stories: the Botometer The Catch of the Day: Been going back and forth with these a-holes...
Winking emoji.
Joe shares the story of a phishing website posing as the Singapore Police site, Dave shares a harmful, simple little message, the Catch of the Day drags her scammer through the mud and asks if he wants his casserole dish back. Later in the show our conversation with Gretel Egan from Proofpoint on their 2020 State of the Phish report. Links to stories: SPF warns of phishing website posing as police site Nemty Ransomware Actively Distributed via 'Love Letter' Spam 2020 State of the Phish Report The Catch of the Day: My Wife Spent Three Days Trolling A Scammer Have...
Don't go looking for morality here.
Dave has a story of an investment scam featuring celebrities, Joe warns of scams surrounding the Coronavirus, the Catch of the Day features Joe's son-in-law's adventure with thousands of bot infiltrations, and later in the show, Dave's extended interview with magicians and entertainers Penn and Teller at RSAC 2020 in San Francisco.
Links to stories:
Revealed: fake 'traders' allegedly prey on victims in global investment scam
Coronavirus: Scammers follow the headlines
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
The art of cheating.
Joe shares some insights into the art of cheating travelers, Dave has a story of a woman facing drug charges trying to kidnap another woman's baby, an update on last week's bizarre phone scam, The Catch of the Day features otters, sexy ham, frustrated scammers and... you're just going to need to listen. Later in the show, our interview with Tim Sadler from Tessian on human element of cybersecurity and phishing schemes. Links to stories: The art of cheating travelers at dhabas Woman who posed as baby photographer charged after drugging a mother and planning to steal her child, prosecutors...
Hi, I'm trying to steal your money.
Dave shares the most bizarrely honest phone scam of all time, Joe has a pretend PayPal phishing scam, the Catch of the Day finally lets Dave show us his best Blanche Devereaux, and later in the show Christopher Hadnagy from Social Engineer LLC returns with an update on the trends hes been tracking.
Links to stories:
Active PayPal Phishing Scam Targets SSNs, Passport Photos
Current PayPal phishing campaign or "give me all your personal information"
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Fake news and misplaced trust.
Joe shares a collection of romance scams from the great plains, Dave has a report which uncovered a root system of fake news, the catch of the day comes straight from... Warren Buffett? Later in the show Carole Theriault speaks with Lisa Forte from Red Goat on how her experiences working with the police have informed her perspective on the human factors in cyber security. Links to stories: Don't Get CatPhished This Valentine's Day By a Scammer These Fake Local News Sites Have Confused People For Years. We Found Out Who Created Them. Researchers propose detecting deepfakes with surprising new...
I wouldn't want my computer to be disappointed.
Dave finally has good news. Joe shares a fake website created by the US Trading Commission... which doesn't exist. The catch of the day threatens FULL DATA LOSS! Later in the show, Anna Collard is the founder of security content publisher of Popcorn Training a South African company that promotes Cyber Security awareness by using story-based techniques. Our conversation centers on the state of cyber security in Africa. Links to stories: DOJ sues US telecom providers for connecting Indian robocall scammers The aforementioned DOJ complaint Uncle Sam compensates you for data leaks (yeah, right) Have a Catch of the Day...
They had no idea.
Dave shares a particularly exposing sextortion scam. Joe has a story of a million-dollar scam that targeted college students in Miami just trying to pay their tuition. The catch of the day comes straight from The U.S. President. Later in the show, part two of Carole Theriault's interview with Jamie Bartlett, the brains and host behind The Missing Cryptoqueen, an amazing BBC podcast about trying to get to the bottom of the OneCoin scam. Links to stories: Fresh New Nest Video Extortion Scam Plays Out Like a Spy Game WeChat and stolen credit cards: How scammers victimized Miami Chinese college...
Flipping the script.
Dave's phone is blowing up with smishing attempts. Joe shares a story about fake license renewal attempts from The New Zealand Transportation Agency. The catch of the day flips the script on their attacker. Later in the show Carole Theriault speaks with Jamie Bartlett, the brains and host behind The Missing Cryptoqueen, an amazing BBC podcast about trying to get to the bottom of the OneCoin scam. Links to stories: Fresh Apple #Phishing found The catch of the day Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on...
Life in the (second) age of pirates.
Dave has an account from a man who was almost scammed by an impersonation of his own close friend. Joe has the story of a sophisticated phishing scheme involving Microsoft Office 365. The catch of the day goes all the way back to the age of pirates. Carole Theriault interviews Andrew Brandt from Sophos regarding their 2020 threat report.
Links to stories:
Tricky Phish Angles for Persistence, Not Passwords
SophosLabs 2020 Threat Report
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Ransomware is a reality.
Dave has a master list of cyberbadness. Joe has some handy red flags this tax season straight from our beloved IRS. The catch of the day features an alluring proposition from someone who is probably not "Sofia". Our guest is Devon Kerr with Elastic Security Intelligence and Analytics who shares his insights about Ransomware.
Links to stories:
7 types of virus a short glossary of contemporary cyberbadness
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Leading by example and positive reenforcement.
Dave has a warning from a galaxy far, far away. Joe has a report of a scam attempt on a listener who fancies fancy pens. The catch of the day features a Tinder dating app bot scam. Our guest is Dennis Dillman from Barracuda Networks, sharing his thoughts on employee training.
Links to stories:
https://www.bleepingcomputer.com/news/security/fake-star-wars-streaming-sites-steal-fans-credit-cards/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Telling The Truth In A Dishonest Way - Rebroadcast
Today's episode is a re-broadcast of an episode from August 2018.
Dave looks at Hollywood script pitch event scams. Joe describes a romance scam murder scheme. Spontaneously combusting ATM cards. Guest Jayson E. Street from SphereNY describes his security awareness engagements.
Links to stories mentioned in this week's show:
https://www.hollywoodreporter.com/news/why-are-wannabe-screenwriters-getting-scammed-1130919
https://nakedsecurity.sophos.com/2018/08/17/romance-scam-victim-allegedly-plotted-to-kill-her-mother-for-cash/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Managing access and insider threats.
Joe's wife has been getting suspicious shipping notices. Dave describes a phone scam where crooks intercept phone calls. The catch of the day turns the tables on a would-be scammer. Carole Theriault speaks with Peter Draper from Gurucul about their 2020 Insider Threat Report.
Links to stories:
https://www.ctvnews.ca/canada/police-warn-of-new-phone-scam-where-criminals-intercept-your-calls-1.4706758
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
If you didn't ask for it don't install it.
Dave describes a gas-pump hidden camera scam. Joe shares the story of a fraudulent Microsoft Windows Update notice. The catch of the day involves a scammer making use of an online celebrity's profile picture. Our guest is Karl Sigler from Trustwave with tips for staying safe online through the holidays.
Links to stories:
https://krebsonsecurity.com/2019/11/hidden-cam-above-bluetooth-pump-skimmer/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-windows-update-spam-leads-to-cyborg-ransomware-and-its-builder/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
I really wanted that shed.
Joe shares the story of a woman losing her life savings to a scammer claiming to be from the FBI. Dave describes the $139 shed scam. The catch of the day is another threat of revealing compromising photos. Carole Theriault speaks with Chris Bush from ObserveIT about security threats from employee burnout.
Links to stories:
https://www.wsj.com/articles/robocall-scams-exist-because-they-workone-womans-story-shows-how-11574351204
https://youtu.be/zFQUCCbodHc
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Security has to be friendly.
Dave wonders about Juice Jacking warnings. Joe shares findings from Agari's latest email fraud and identity deception report. The catch of the day promises romance in exchange for airline tickets. Our guests are David Spark and Allan Alford, cohosts of the Defense in Depth podcast.
Links to stories:
https://www.goodmorningamerica.com/travel/story/travelers-beware-juice-jacking-public-charging-stations-safely-67004765
https://www.agari.com/cyber-intelligence-research/e-books/q4-2019-report.pdf
https://cisoseries.com/introducing-defense-in-depth-podcast/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Skepticism is the first step.
Joe shares stories of typo-squatting. Dave reminds warns us against responding to malicious email, even just for fun. The catch of the day is from a listener, leading on a romance scammer.Carole Theriault returns with an interview with Chris Olson from The Media Trust on how targeted advertising can enable election interference.
Links from this week's stories:
https://www.securityweek.com/err-human-squat-criminal
https://info.phishlabs.com/blog/dont-respond-suspicious-emails
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
When you are the target, objectivity is gone.
Joe shares a report on who's more susceptible for scams. Dave shares a story from a listener who what hit by a scam attempt while staying at a hotel. Our catch of the day involves an attempt to scam someone selling a motorcycle. Our guest isMaria Konnikova, an award-winning author, journalist, and international champion poker player. Her latest book is The Biggest Bluff.
Links to stories:
https://www.washingtonpost.com/business/2019/10/28/this-might-surprise-you-seniors-are-not-more-susceptible-scams-younger-adults-are/
https://www.ftc.gov/system/files/documents/reports/protecting-older-consumers-2018-2019-report-federal-trade-commission/p144401_protecting_older_consumers_2019_1.pdf
https://twentytwowords.com/man-gets-revenge-on-craigslist-scammer-in-the-most-satisfying-way-imaginable/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
The Malware Mash!
Happy Halloween from Joe, Dave, and everyone at the CyberWire!
Don't dismiss the fraudsters.
Dave describes a credential gathering scam targeting users of the Stripe online payment system. Joe responds to an email message from his boss, and learns a valuable lesson. Our catch of the day follows someone as they string along a text messaging scammer.Carole Theriault returns with an interview with J Bennett of Signifyd, an AI firm fighting romance scams.
Links to stories:
https://cofense.com/credential-phish-masks-scam-page-url-thwart-vigilant-users/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
The ability to fundamentally deceive someone.
Joe has the story of a convincing scammer who makes an innocent woman doubt herself. Dave describes an online utility that helps users delete unwanted user accounts and also rates the difficulty of doing so. The catch of the day requests help in an investment scam (but lacks punctuation). Our guest is Henry Ajder from Deeptrace Labs on their research on Deep Fakes.
Links to stories:
https://www.walesonline.co.uk/news/wales-news/swansea-mum-scammed-out-1000-17065476
https://backgroundchecks.org/justdeleteme/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
The fallacy of futility.
Dave describes a ponzi scheme that bought up legitimate investment firms. Joe shares research into deep fakes. The catch of the day includes an invitation to join the illuminati. Ray [REDACTED] returns with followup from his prior visit, along with new information to share.
Links to stories:
https://13wham.com/news/local/feds-in-rochester-to-detail-multi-million-dollar-ponzi-scheme
https://nakedsecurity.sophos.com/2019/10/09/deepfakes-have-doubled-overwhelmingly-targeting-women/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Don't trust ransomware to tell you its real name.
Joe describes online redirect scams, URL encoding and the clever combination of the two. Dave shares delightful satire about Russian brides and Nigerian princes, together at last. The catch of the day involves a student getting the best of scammers, getting them to send him money. Our guest is Fabian Wosar from Emsisoft, well-known for decrypting ransomware.
Links from today's stories -
https://waterfordwhispersnews.com/2019/09/25/hot-woman-in-your-area-marries-nigerian-prince-whos-email-you-ignored/
https://www.thesun.co.uk/tech/10052181/student-limerick-online-scammer-charity/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
The ultimate hacking tool.
Joe reviews highlights from a Proofpoint report on the human aspects of cyber attacks. Dave describes the FTC's cases against online dating site Match.com. The catch of the day comes straight from Her Majesty the Queen.Carole Theriault returns with an interview with Corin Imai, Senior Security advisor at DomainTools, about phishing attacks theyve been tracking in the UK.
Links to stories:
https://www.helpnetsecurity.com/2019/09/10/cyberattacks-human-interaction/
https://techcrunch.com/2019/09/26/dating-app-maker-match-sued-by-ftc-for-fraud/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
The usefulness of single sign on.
Joe outlines online threats from social media. Dave shares a story of scammers try to scare a community into purchasing security products. The catch of the day features a promise of riches from Facebook's Mark Zuckerberg. Our guest isYaser Masoudnia from LastPass who addresses listener questions about Single Sign On.
Links to stories:
https://info.phishlabs.com/blog/how-social-media-is-abused-for-phishing-attacks
http://www.pressandguide.com/news/police_fire/email-scam-trying-to-convince-dearborn-residents-crime-is-up/article_249b1f2c-cb34-11e9-a5b0-cf725769167a.html
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Algorithms controlling truth in our society.
Special guest host Graham Cluley joins Dave while Joe takes a short break. Dave shares the success of the FBI's reWired campaign which has apprehended alleged scammers around the world. Graham describes a website hoping to spare users the hardship of multifactor authentication. The catch of the day involves a generous soccer star. Our guest is Matt Price from ZeroFOX with insights on Deep Fake technology.
Links to today's stories:
https://www.fbi.gov/news/stories/operation-rewired-bec-takedown-091019
https://dontduo.com/
https://www.smashingsecurity.com/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
An ethical hacker can be a teacher.
A listener updates us on "notice of arrest" policies. Dave notes increased instances of Google Calendar spam. Joe shares a claim that AI voice mimicry was used to dupe a company out of nearly a quarter million dollars. (Dave is skeptical.) The catch of the day accuses the target of naughty behavior. Carole Theriault interviews ethical hacker Zoe Rose.
Links to stories:
https://www.popsci.com/google-calendar-spam-what-to-do/
https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Think before you post.
Follow-up from down under. Joe shares the story of a Mom scammed out of Gaelic Football League tickets. Dave describes a bounty hunter hoaxing suicide threats to get location information from mobile providers. The catch of the day requires a response from the grave. Our guest is Ben Yelin, senior law and policy analyst from the University of Maryland Center for Health and Homeland Security. He digs in to a particular Facebook scam that refuses to die. Links to stories: https://m.independent.ie/irish-news/news/im-just-broken-up-mother-devastated-as-shes-scammed-out-of-money-while-trying-to-buy-allireland-final-tickets-38446401.html https://www.thedailybeast.com/feds-say-bounty-hunter-matthew-marre-used-suicide-hoax-to-con-verizon-t-mobile-out-of-customer-data Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit...
Securing your SMS.
Dave shares a story of digital voice assistants being channeled toward scammers. Joe tracks scammers taking advantage of social tools on the Steam gaming platform. The catch of the day involves South African kickbacks. Our guest is researcher/technologist Ray [REDACTED], who shares his expertise on scammers targeting SMS.
Links to stories:
https://nakedsecurity.sophos.com/2019/08/20/scammers-use-bogus-search-results-to-fool-voice-assistants/
https://www.bleepingcomputer.com/news/security/steam-accounts-being-stolen-through-elaborate-free-game-scam/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Backups backups backups.
Joe describes a primitive (but effective) phishing scheme being tracked by Bleeping Computer. Dave shares news from a Black Hat presentation on phishing stats from Google. The catch of the day is a friendly invitation from Hawaii. Our guest is Michael Gillespie from Emsisoft describing the ID Ransomware project.
Links from today's stories:
https://www.bleepingcomputer.com/news/security/beware-of-emails-asking-you-to-confirm-your-unsubscribe-request/
https://www.fastcompany.com/90387855/we-keep-falling-for-phishing-emails-and-google-just-revealed-why
https://id-ransomware.malwarehunterteam.com/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Swamping search results for reputation management.
Dave shares the story of a small community hospital dealing with a ransomware attack. Joe reviews the different types of extortion emails. The catch of the day is an inheritance scam from Canada. Carole Theriault interviews Craig Silverman from Buzzfeed about online reputation management companies.
Links to stories:
https://www.azcentral.com/story/news/local/arizona/2019/07/30/how-4-technicians-saved-arizona-hospital-hacker-ransomware-wickenburg-community-hospital/1842572001/
https://www.bleepingcomputer.com/news/security/extortion-emails-on-the-rise-a-look-at-the-different-types/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Positive pretexting on the rise.
Joe shares a cautionary Facebook tale from his own life. Dave has the story of an Australian IT company put out of business by scammers. The catch of the day tracks the response writer and comedian Dave Holmes had to scammers pretending to be from the IRS. Rachel Tobac from Social Proof Security returns with voting security information and the latest scams she's been tracking.
Links to today's stories:
https://www.crn.com.au/news/it-suppliers-forced-to-close-after-procurement-scam-528609
https://cheezburger.com/719877/troll-comedian-gets-a-scam-call-and-decides-to-play-along
https://www.vampirecaveman.com/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Images are the language of the brain.
Dave outlines a church donation scam. Joe shares reporting from Ars Technica on romance scams coming out of Africa. The catch of the day is courtesy of London comedian James Veitch Our guest is Garry Berman from Cyberman Security who's developed a cyber security comic book series to help raise awareness.
Links to this week's stories:
https://www.churchlawandtax.com/blog/2018/june/what-to-know-about-new-donation-scam.html
https://arstechnica.com/information-technology/2019/07/im-not-100-with-anybody-ars-dissects-a-nigerian-twitter-catfish-scam/
https://www.boredpanda.com/funny-phishing-scam-emails-dot-con-james-veitch/
https://www.cyberheroescomics.com/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Looking after Dad.
Joe shares a story on the market economy of phishing. Dave explains how gamers are being taken advantage of on popular chat app Discord. The catch of the day included a little bit of showbiz razzle-dazzle. Our anonymous guest this week shares his efforts to keep his father from falling for online scams.
Links to stories:
https://blogs.akamai.com/sitr/2019/06/phishing-factories-and-economies.html
https://twitter.com/Splatter_Shah/status/1143556723266994176
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
The skills gap disconnect.
Dave shares a listener story of scammers calling drug stores to try to gather customer rewards points. Joe describes federal contractors being scammed out of over $10 million of hardware, some of it classified communications equipment. The catch of the day starts with a bank email scam and ends with a Rick roll. Carole Theriault speaks with Michael Madon, head of security at Mimecast about the cyber security skills gap.
Links to stories -
https://qz.com/1661537/us-defense-contractor-falls-for-3-million-email-scam/
https://www.newshub.co.nz/home/entertainment/2018/01/man-sets-up-rick-astley-hotline-to-rescue-people-from-annoying-salespeople.html
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Know and spot the patterns.
Joe shares the heartbreaking tale of a catphishing case that leads to murder. Dave describes a shoe company using an unusual method to trick engagement with an online ad. The catch of the day engages a Nigerian scammer promising a fortune in precious minerals. Dave interview Michael Coates, head of Altitude Networks and former CISO at Twitter.
Links to this week's stories -
https://www.nbcnews.com/news/us-news/after-alaska-teen-s-murder-cybersecurity-experts-warn-catfishing-predators-n1019536
https://medium.com/shanghaiist/chinese-shoe-company-tricks-people-into-swiping-instagram-ad-with-fake-strand-of-hair-54d8a2d8ec1d
https://www.419eater.com/html/user_subs/godfather/godfather.htm
https://altitudenetworks.com/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Encore Separating fools from money.
We're taking a break for the Independence Day holiday in the US, so enjoy this episode from the early days of our show.
Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers.
Thanks to our show sponsor KnowBe4.
Be wary of all emails.
Dave shares the story of one Katie Jones, the fake online persona used to gain the confidence of high-status individuals. Joe describes the tragic case of Christine Lu, a Harvard Medical professor who was scammed out of her life savings. The Catch of the Day warns recipients not to trust the FBI. Carole Theriault interviews Akamai's Larry Cashdollar about scammers using Google Translate to obfuscate web sites.
Links to this week's stories:
https://www.apnews.com/bc2f19097a4c4fffaa00de6770b8a60d
https://thispersondoesnotexist.com/
https://www.nbcboston.com/on-air/as-seen-on/Woman-Scammed-Into-Giving-Away-Life-Savings_NECN-511108952.html
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
The knowledge / intention behavior gap.
Joe shares the story of an elaborate check fraud scam involving HR impersonators. Dave reads an email from a listener who got phished by his own company, and has questions about authorization app vs. hardware keys. Our catch of the day involves an orphan looking to share her inheritance. Dave interviews author Perry Carpenter, who's new book isTransformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us about Driving Secure Behaviors.
Links to stories:
https://twitter.com/sigalow/status/1138918411394781185?s=12
https://www.yubico.com/2019/01/yubico-launches-the-security-key-nfc-and-a-private-preview-of-the-yubikey-for-lightning-at-ces-2019/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Just because I trusted you yesterday doesn't mean I trust you today.
Dave describes researchers spotting scammers on dating sites using AI. Joe shares a phishing scheme that asks users to manage undelivered mail. The catch of the day involves cute puppies and Mogwai meat. Dave interview Avi Solomon, director of information technology for Rumberger, Kirk and Caldwell, an Orlando, Florida litigation firm.
Links to today's stories:
https://www.bbc.com/news/technology-48472811
https://arxiv.org/pdf/1905.12593.pdf
https://www.bleepingcomputer.com/news/security/new-phishing-scam-asks-you-to-manage-your-undelivered-email/
https://www.419eater.com/html/tommy_mark.htm
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
The best way to break in is to walk through the front door.
Joe describes one of history's great con artists, Victor Lustig, who sold the Eiffel Tower. Twice. Dave shares a story from a listener involving a UPS tracking number scam. The catch of the day involves am attempted romance scam on the XBOX platform. Dave interviews Sherri Davidoff, CEO of LMG Security and is the hacker named "Alien" in Jeremy Smith's book, "Breaking and Entering." She has her own book coming out this summer, "Data Breaches: Crisis and Opportunity." Links to this week's stories: http://mentalfloss.com/article/12809/smooth-operator-how-victor-lustig-sold-eiffel-tower https://community.ebay.com/t5/Archive-Shipping-Returns/Seller-Scam-UPS-Tracking-Shows-Delivered/td-p/26206551 Have a Catch of the Day you'd like to share? Email it to us at...
Be willing to admit you don't know everything.
Dave reviews Google's recent security report on basic account hygiene. Joe describes passive social engineering, including USB charging stations at airports. The catch of the day exposes a trunk box scam involving ill-gotten war profits. Carole Theriault speaks withthe head of a group that call themselves Scam Survivors.
Links to stories:
https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html
https://www.forbes.com/sites/suzannerowankelleher/2019/05/21/why-you-should-never-use-airport-usb-charging-stations/#4116498a5955
https://scamsurvivors.com/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
People aren't perfectly rational.
A listener writes in with the results of his phishing attempt on his wife. Joe describes research from F-Secure on the most dangerous email attachment types. Dave shares the story of scammers impersonating local hospitals to scare a response from their victims. Our catch of the day involves a LinkedIn scam impersonating a fighter pilot. Joe interviews Elissa Redmiles, an incoming assistant professor of computer science at Princeton University.She studies behavioral modeling to understand why people behave the way they do online. Links to stories from today's show: https://labsblog.f-secure.com/2019/05/08/spam-trends-top-attachments-and-campaigns/ https://www.nbc15.com/content/news/Text-message-scam-impersonates-local-hospitals-509615981.html Have a Catch of the Day you'd like to share?...
Live at KB4CON 2019.
It's a special edition of the Hacking Humans show recorded live at the KB4CON conference in Orlando, FL. Join Joe, Dave and their special guests StuSjouwerman, KnowBe4's CEO, and Kevin Mitnick, world-famous hacker and KnowBe4's chief hacking officer, as they discuss malicious scams making the rounds and how to protect yourself and your organization against them. Dave describes a late-night phone call scam, Joe explains a Social Security scheme, Stu shares deadly catch of the day, and Kevin shares stories from his own hacking experience, and takes questions from the audience. Have a Catch of the Day you'd like to...
A data-driven approach to trust.
Joe describes a church scammed out of millions of dollars. Dave shares good news about a group of scammers being apprehended and arrested. The catch of the day involves a Vietnamese investment offer that's almost too good to pass up on. Dave speaks with Dr. Richard Ford from Forcepoint about the models of trust.
Links to stories in today's show:
https://www.grahamcluley.com/hackers-steal-1-75-million-from-catholic-church-in-ohio/
https://www.justice.gov/usao-sdny/pr/nine-defendants-arrested-new-york-florida-and-texas-multimillion-dollar-wire-fraud
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Twitter bots amplifying divisive messages.
Followup from listeners on Google search result scams. Dave describes the city of Ottawa sending $100K to a fraudster. Joe shares results from the FBI's Internet Crime Report. The catch of the day involves a dating site and an offer to be someone's "sugar daddy." Our guest is Andy Patel from F-Secure, describing how Twitter bots are amplifying divisive messages.
Links to storys:
https://www.cbc.ca/news/canada/ottawa/city-treasurer-sent-100k-to-fraudster-1.5088744
https://threatpost.com/fbi-bec-scam-losses-double/144038/
https://www.ic3.gov/media/annualreport/2018_IC3Report.pdf
https://labsblog.f-secure.com/2019/04/03/discovering-hidden-twitter-amplification/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Let's play, "Covered by cyber insurance true or false?"
Dave and Joe answer a listener question about a mysterious Netflix account. Dave describes a service for Airbnb scammers. Joe explains a particularly "nasty" Instagram scam. Carole Theriault interviews cyber insurance expert Martin Overton from OMG Cyber.
Links to stories:
https://www.bleepingcomputer.com/news/security/the-nasty-list-phishing-scam-is-sweeping-through-instagram/
https://krebsonsecurity.com/2019/04/land-lordz-service-powers-airbnb-scams/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
I have been practicing honesty and truthfulness my whole life.
Followup from an Australian listener. Dave shares a Paypal scam leveraging Google ads. Joe describes TechCrunch reporting on a spam service that was left out in the open. The catch of the day promises a lifetime supply of gold. Dave interviews Asaf Cidon from Barracuda Networks
https://techcrunch.com/2019/04/02/inside-a-spam-operation/
https://www.barracuda.com/spear-phishing-report
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Scammers have no ethics whatsoever.
Joe describes a study of people's perceptions when presented with a magic trick. Dave shares the story of fake boyfriend app. Our catch of the day involves the promise of millions from a bank in Africa. Dave interviews Chris Parker from WhatIsMyIPaddress.com.
Links to stories:
http://nautil.us/issue/70/variables/a-magician-explains-why-we-see-whats-not-there
https://youtu.be/vJG698U2Mvo
https://www.pedestrian.tv/tech/fake-boyfriend-app/
https://whatismyipaddress.com/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Girl Scouts empowering cyber security leaders.
Dave describes a survey of call center security methods. Joe explains a spam campaign raising the specter of a flu pandemic to scare people into enabling macros in an Office document. The catch of the day highlights a Facebook scammer promising a prize-winning windfall. Carole Theriault returns with a story about special badges Girls Scouts can earn for cyber security.
Links to stories:
https://marketing.trustid.com/acton/attachment/32513/f-0039/1/-/-/-/-/TRUSTID_2018_State_of_Call_Center_Authentication_Survey.pdf
https://www.bleepingcomputer.com/news/security/fake-cdc-emails-warning-of-flu-pandemic-push-ransomware/
http://blog.girlscouts.org/2018/07/girl-scouts-introduces-30-new-badges-to.html
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Pick a persona to match the goal.
Followup on remotely previewing websites. Joe has the story of scammer bilking Facebook and Google out of millions. Dave reviews best practices for deleting data on devices you dispose of. The catch of the day is an offer of criminal partnering with the CIA. Our guest is Jeremy N. Smith, author of the book Breaking and Entering - the extraordinary story of a hacker called Alien.
Links from today's stories:
https://urlscan.io/
https://www.theregister.co.uk/2019/03/21/facebook_google_scam/
https://blog.rapid7.com/2019/03/19/buy-one-device-get-data-free-private-information-remains-on-donated-devices/
https://www.amazon.com/dp/B0789KP775
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Kids are a great target.
A listener recommends an online tool for safely previewing web sites. Dave shares research on what time of the work week is best for scams. Joe explains credential stuffing. Our guest isFrances Dewing, the CEO and co-founder of Rubica. They recently published a report on how crooks are accessing parents mobile devices via apps their kids load.
Links to stories mentioned in today's show:
https://screenshot.guru/
https://www.aarp.org/money/scams-fraud/info-2019/phone-scams-peak-time.html
https://www.digitalnewsasia.com/insights/how-lose-money-credential-stocking-stuffers
https://rubica.com/wp-content/uploads/2019/02/Rubica-Report-Cyber-Crime-Privacy-Risks-in-Free-Mobile-Kids-Apps.pdf
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
When we rush we make bad decisions.
Joe tracks the surprising number of malicious links hosted on legit websites and why it's dangerous. Dave describes an extortion scheme targeting podcasters. Our catch of the day involves a lonely Russian woman promoting a dating site. Dave interviews Gary Noesner, author ofStalling for Time: My Life as an FBI Hostage Negotiator.
Links to stories mentioned in today's show:
https://www-cdn.webroot.com/9315/5113/6179/2019_Webroot_Threat_Report_US_Online.pdf
https://rebelbasemedia.io/podcast-review-extortion/
https://www.amazon.com/Stalling-Time-Life-Hostage-Negotiator/dp/1400067251
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Don't assume younger people get it.
Followup on last week's TLD discussion. Dave shares a sextortion scam with a tragic ending. Joe highlights conveyance scams that rely on certain days of the week. Our catch of the day features a wealthy Londoner hoping to pass on her fortune. Guest Dale Zabriskie from Proofpoint has results from their State of the Phish report.
Links to stories:
https://www.dailymail.co.uk/news/article-6744421/Army-veteran-PTSD-committed-suicide-targeted-prison-inmates-sextortion-scam.html
https://www.todaysconveyancer.co.uk/main-news/law-firms-wising-up-conveyancing-scams/
https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/45597.pdf
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Delivering yourself to a kidnapper.
Joe describes fraudsters taking advantage of top-level domain name confusion. Dave explains how a Google Nest security system shipped with an undocumented microphones. Our catch of the day involves a postcard missed package campaign. Our guest is Matt Devost from OODA LLC describing their work protecting high-net-worth individuals.
Links to today's stories:
https://rebootcamp.militarytimes.com/news/your-air-force/2019/02/13/watch-out-for-fake-dod-websites-like-this/
https://nakedsecurity.sophos.com/2019/02/21/sorry-we-didnt-mean-to-keep-that-secret-microphone-a-secret-says-google/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Stop and think before you click that link.
We've got followup from a listener on cognitive dissonance and behavioral science. Dave shares a listener story about a University Dean's List scam. Joe shares statistics from a government agency phishing test. Our catch of the day involves funds from the FBI, the IMF, and yes, Nigeria. Dave interviews Crane Hassold from Agari with phishing trends they've been tracking, plus his experiences as a former FBI agent.
Links to stories in today's show:
https://fcw.com/articles/2019/02/11/cyber-phishing-oig-fhfa.aspx
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
The trauma is multifactored.
On this Valentines Day edition of Hacking Humans, Joe and Dave examine romance scams, including the sad tale of woman bilked out of hundreds of thousands of dollars. There's a silly, non-murdering catch of the day, and Dave interviews Max Kilger from UTSA on the six motivations of bad actors.
Links to today's stories:
https://www.bbb.org/article/news-releases/17057-online-romance-scams-a-bbb-study-on-how-scammers-use-impersonation-blackmail-and-trickery-to-steal-from-unsuspecting-daters
https://www.aarp.org/money/scams-fraud/info-2015/online-dating-scam.html
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Make it seem like the real answer is impossible to know.
Dave shares a bank spoofing scam with a reminder to mind those links, especially on mobile devices. Joe describes a case of someone turning the tables on a Twitter scammer. Our catch of the day involves a clumsy claim of physical harm. Dave interviews author Dave Levitan about his book Not a Scientist: How politicians mistake, misrepresent and utterly mangle science.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
The excitement of tricking someone wears off quickly.
We've got followup on bank scams and ransomware. Joe describes a highly sophisticated multinational business scam. Dave shares a story about private school parents falling for a Bitcoin discount scam. Our guest is Jordan Harbinger, host of The Jordan Harbinger Show, with insights on influence and social engineering.
Links to this week's stories:
https://www.cpomagazine.com/cyber-security/cyber-fraud-by-chinese-hackers-makes-headlines-in-india/
https://www.bbc.com/news/uk-england-tyne-46920810
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Opening your eyes to the reality in which we live.
Dave reviews tips on protecting yourself from ransomware. Joe describes a clever way to trick people into enabling macros. An attempt at celebrity friendship is our catch of the day. Carole Theriault returns and speaks with Dr. Jessica Barker from Cygenta about effective training techniques.
Links to stories mentioned:
https://www.csoonline.com/article/3331981/ransomware/how-to-protect-backups-from-ransomware.html
https://myonlinesecurity.co.uk/agent-tesla-reborn-via-fake-order/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Prisoners have nothing but time.
Joe shares the tale of a prisoner running a variety of romance scams from the inside. Dave outlines direct deposit scams. The catch of the day is a clever variation from (where else?) Nigeria. Our guest is Sam Small from ZeroFox.
Links to stories:
https://hubpages.com/politics/The-Games-That-Inmates-Play
https://ogletree.com/shared-content/content/blog/2018/january/diverting-employees-payroll-direct-deposits-the-latest-wave-of-phishing-scams
https://www.kansas.com/news/local/crime/article223873805.html
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Trained humans are your strongest link.
Dave warns of scammers gaining access to homes by pretending to be workers from the local utility company. Joe shares a story of a sophisticated bank transfer scam in the UK. Our catch of the day outlines an attempted email scam targeting an architectural firm. Carole Theriault is back with the second part of her interview with the pen tester who goes by the name freaky clown.
Links to today's stories:
https://www.wxyz.com/news/michigan-energy-company-warns-of-increase-in-imposters-trying-to-enter-homes
https://inews.co.uk/inews-lifestyle/money/lost-19960-life-savings-phone-scam-natwest
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
At some point you're probably going to have to do some running.
Joe describes a reply-all scenario gone wrong. Dave explains the criminal use of steganography in memes as a command and control technique. Our catch-of-the-day features alluring photos texted to an unimpressed listener. Carole Theriault interviews physical pen tester Freaky Clown.
Links to stories mentioned in this week's show:
https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/
https://www.cygenta.co.uk/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter
Truth emerges from the clash of ideas.
We follow up on critical feedback of last week's show. Dave describes how online extortionists have pivoted from sex to explosives. We've got an auto-responding catch of the day from one of Joe's colleagues. Guest is Sean Brooks,Director of the Citizen Clinic and a Research Fellow at the Center for Long-Term Cybersecurity at UC Berkeley. He shares their research into online attacks of politically vulnerable organizations. From our EV certs follow-up: https://www.troyhunt.com/extended-validation-certificates-are-dead/ https://casecurity.org/2018/12/06/ca-security-council-casc-2019-predictions-the-good-the-bad-and-the-ugly/ Bomb threat catch of the day: https://www.zdnet.com/article/extortion-emails-carrying-bomb-threats-cause-panic-across-the-us/ Sean Brooks interview: Report: http://cltc.berkeley.edu/defendingpvos/ Clinic: http://cltc.berkeley.edu/citizen-clinic/ Have a Catch of the Day you'd like to share? Email it to...
A pesky problem that doesn't go away.
Joe describes a Nigerian gang called London Blue that focuses on business email compromise. Dave shares surprising Cyber Monday phishing statistics. GuestChris Bailey from Entrust Datacard teaches us how to detect lookalike sites online and better protect ourselves from fraud.
Links to today's stories:
https://www.agari.com/insights/whitepapers/london-blue-report/
https://www.zscaler.com/blogs/research/cyber-monday-biggest-day-cyberattacks-not-long-shot
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Bringing trust to a trustless world.
Listener follow-up on a URL issue. Dave describes an elderly couple scammed out of savings. Joe wonders if it's wise to unsubscribe. Guest Andre McGregor from TLDR Capital describes his work as a former FBI agent, and his experience consulting on Mr. Robot.
Bank account transfer scam:
https://abc11.com/troubleshooter-durham-couple-loses-$8900-in-computer-virus-scam/4782799/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Be very aware of your desire to be right.
Joe explains URLs and DNS. Dave has tips to prevent holiday skimming. A bogus bank barrister is the catch of the day. Writer Ben Yagoda explains cognitive biases.
Links:
Wikipedia page on URLs -
https://en.wikipedia.org/wiki/URL
Tips to prevent skimming -
https://www.social-engineer.org/newsletter/social-engineer-newsletter-vol-07-issue-96/
Ben Yagoda's article from the Atlantic -
https://www.theatlantic.com/magazine/archive/2018/09/cognitive-bias/565775/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
CEOs can be the weakest link.
Listener feedback on the "Can you hear me?" scam. Dave shares an ongoing Elon Musk Bitcoin giveaway scam. Joe describes the malicious use of a compromised DHL email address. This week's catch of the day comes from down under. (Apologies to the fine citizens of Australia.) Carole Theriault returns with an interview with MimeCast's Matthew Gardiner.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Human sources are essential.
Joe gathers open source information online. Dave wonders if a tow truck driver got the better of him. A listener shares a possible custom app scam. Former FBI agent Dennis Franks shares his experience developing human intelligence sources.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Scams are fraud and fraud is crime.
We get listener followup on the church pastor scam. Dave explores a phony investment web site. Joe explains phishing, spear phishing and whaling. Fake federal agents are featured in our catch of the day. Carole Theriault interviews Max Bruce from Action Fraud UK.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Fear, flattery, greed and timing.
We get followup feedback on gift cards. Joe describes a banking payment scam on a Canadian university. Dave reveals some sneaky apps. A reader shares a story worth its weight in gold. Jenny Radcliffe from Human Factor Security shares her insights on social engineering.
Links to stories in this episode:
https://www.thestar.com/edmonton/2018/10/09/how-a-fraudster-got-12-million-out-of-a-canadian-university-they-just-asked-for-it.html
https://www.forbes.com/sites/johnkoetsier/2018/10/04/app-scams-cheap-utility-apps-are-stealing-260-2500-or-even-4700-each-year-per-user/#9de2b67162ac
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Waste my time and I'll waste yours back.
Dave reveals a stealthy trademark scam. Joe describes the invocation of a judge's name to lure a victim. A listener shares a business scam from India. Joe interviews "Shannon," a listener who enjoys wasting phone scammer's time.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Information is the life blood of social engineering.
Joe ponders how a phone number is obtained. Dave's friend avoids a Google gift card scam. Christopher Hadnagy returns with an update to his book, The Science of Social Engineering.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Easier to trick than to hack.
Dave dodges a local theater scam. Joe shares survey results from Black Hat attendees. A listener's calendar pops up alluring invitations. Carole Theriault interviews Sophos Naked Security writer Mark Stockley about password shortcomings.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Kidnappers, robots and deep fakes.
Joe shares a kidnapping scam targeting foreign students. Dave describes social engineering involving robots. Our guest is Robert Anderson from the Chertoff Group, discussing Deep Fake technology and how it erodes trust.
Links to stories mentioned in this week's show:
https://searchsecurity.techtarget.com/news/252448458/Robot-social-engineering-works-because-people-personify-robots
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Stringing along a scammer.
Dave warns of scammers taking advantage of hurricane Florence, both on the phone and in person. Joe shares a scheme targeting the kindness of local churchgoers. A cosmic variation on the Nigerian email scam. Joe interviews his Johns Hopkins University colleague Chris Venghaus, who leads a tech support scammer on a wild goose chase.
Links to stories mentioned in this week's show:
https://www.13newsnow.com/video/weather/hurricanes/hurricane-florence/hurricane-scammers-target-hampton-roads/291-8250736
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Influence versus manipulation.
Joe describes a law firm impersonating a rival to funnel business away from them. Dave has a story of pontiff impersonation. Our guest is Joe Gray from Advanced Persistent Security.
Links to stories mentioned in this week's show:
https://www.theregister.co.uk/2018/08/27/lawyers_impersonating_rivals/
https://www.ccn.com/pope-francis-latest-target-of-twitter-crypto-scam/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Real estate transactions in the crosshairs.
Dave gets scammed on an exit ramp. Joe describes real estate transaction scams. Is LinkedIn moonlighting in Himalayan tourism? Guest Asaf Cidon from Barracuda Networks shares social engineering trends his team is tracking.
Links to stories mentioned in this week's show:
http://www.baltimoresun.com/news/maryland/crime/bs-md-ramp-scam-20161018-story.html
https://www.cyberradio.com/2018/08/threat-actors-targeting-homebuyers-with-phishing-attacks/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Red teaming starts with research.
Joe describes an Office 365 phishing campaign. Dave warns of dangerous USB cables. A listener shares a fax from the UK. Joe interviews security consultant and pen tester Justin White.
Links to stories mentioned in this week's show:
https://www.helpnetsecurity.com/2018/08/15/office-365-phishing-sharepoint/
https://srlabs.de/bites/usb-peripherals-turn/
https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Telling the truth in a dishonest way.
Dave looks at Hollywood script pitch event scams. Joe describes a romance scam murder scheme. Spontaneously combusting ATM cards. Guest Jayson E. Street from SphereNY describes his security awareness engagements.
Links to stories mentioned in this week's show:
https://www.hollywoodreporter.com/news/why-are-wannabe-screenwriters-getting-scammed-1130919
https://nakedsecurity.sophos.com/2018/08/17/romance-scam-victim-allegedly-plotted-to-kill-her-mother-for-cash/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Sometimes less is more.
Joe shares the story of a retiree scammed by a clever scheme. Dave describes a tech-support scam with a Russian twist. Our Catch of the Day features an adorable puppy. Guest Michael Murray from Lookout explains mobile device vulnerabilities.
Links to stories mentioned in this week's show:
https://www.scamwatch.gov.au/get-help/real-life-stories/investment-scam-how-steve-lost-200-000-to-an-investment-scam
https://www.grahamcluley.com/phone-scam-exploits-russian-hacking-fears/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Focus, technology, and training fight phishing.
Dave describes a phishing attempt to infiltrate U.S. election systems. Joe shares a story of government agencies receiving malicious CDs in the mail. University employees are lured by greed. And David Baggett from Inky joins us to describe phishing techniques they are seeing and offers ways to best protect yourself and your organization.
Links to stories mentioned in this week's show:
https://theintercept.com/2018/06/01/election-hacking-voting-systems-email/
https://krebsonsecurity.com/2018/07/state-govts-warned-of-malware-laden-cd-sent-via-snail-mail-from-china/
http://hci2018.bcs.org/prelim_proceedings/papers/Work-in-Progress%20Track/BHCI-2018_paper_95.pdf
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Luring unsuspecting money mules.
Joe describes clever gift card scams. Dave follows up on last week's proposal to waste phone scammer's time. A more plausible phishing scheme comes through. Guest David Shear from Flashpoint describes methods scammers use to lure people into being money mules.
Links:
https://securelist.com/giftcard-generators/86522/
https://jollyrogertelephone.com/
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Nothing up my sleeve.
Dave shares a story of deception right out of Hollywood.
https://www.hollywoodreporter.com/features/hunting-con-queen-hollywood-1125932
Joe proposes changing the financial incentives for scammers.
A porn-shaming catch of the day courtesy of Johannes Ulrich.
An interview with atomic physicist and close-up magician Adam West.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Think like an attacker.
Joe describes a con law enforcement agencies use to lure crooks. Dave shares a tech support scan spreading in chat forums. A listener from Dublin has a fake email from Apple. We welcome Rachel Tobac, CEO of SocialProof Security.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Presidential prank, pensioner pilfered.
Dave recounts the news that US President Trump likely fell for a prank phone call. Joe outlines the sad story of a woman robbed of her retirement savings. Twitter account recovery scams. Charles Arthur, author of Cyber Wars - Hacks that Shocked the Business World, joins us for an interview.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Phone scams, phantom employees and sitting Ducks.
Joe warns of a harrowing phone scam technique, Dave reveals an alternate persona, a listener tries to sell a truck, and Carole Theriault from the Smashing Security Podcast interviews Sophos' Paul Ducklin.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Separating fools from money.
Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Playing on kindness.
Joe explains the Ben Franklin effect. Dave describes job applicants tricked unto money laundering. A listener tells a tale of being fooled by an appeal to greed. Joe interviews Stacey Cameron from DirectDefense about her physical penetration testing work.
Gaming pro athletes online.
Joe warns of scammers taking advantage of natural disasters, Dave explores romance scams, and gets a strange voice mail.
Stephen Frank from the National Hockey League Players Association joins us to share how professional athletes protect themselves from online scams.
A flood of misinformation and fake news.
In this episode, Joe examines the anatomy of a phishing attack, Dave explores pretexting, and a scammer targets real estate agents.
Professor Stephen Lewandowsky from the University of Bristol joins us to share his research on misinformation, fake news, and inoculating people against them.
Social Engineering works because we're human.
In this premier episode of the Hacking Humans podcast, cohosts Dave Bittner from the CyberWire and Joe Carrigan from the Johns Hopkins University Information Security Institutediscuss noteworthy social engineering schemes and ways to detect them.
Author Christopher Hadnagy discusses his book The Art of Human Hacking.
Phillip Wylie Show
From Pro Wrestler to Pentester: My Cybersecurity Origin Story
How do you go from professional wrestling and powerlifting to a career in cybersecurity and penetration testing?In this special solo episode of The Phillip Wylie Show, Phillip Wylie shares his personal hacker origin story and the unconventional path that led him from wrestling matches and construction jobs to becoming a penetration tester, security evangelist, author, and podcast host.If you're trying to break into cybersecurity, transition from IT, or wondering if it's too late to start, this episode shows that there is no single path into security.Phillip discusses how curiosity, persistence, mentorship, public speaking, and content creation helped shape his career...
Jamy Casteel: From Small Town IT to Offensive Security
In this episode of The Phillip Wylie Show, host Phillip Wylie sits down with offensive security professional Jamy Casteel to discuss his journey from small-town IT technician to penetration tester and red teamer. Jamy shares how an early exposure to social engineering and physical pentesting sparked his interest in security and shaped his career path.The conversation explores the differences between pentesting and red teaming, the value of consulting experience, and why understanding business risk is just as important as technical skill. Jamy also shares his thoughts on certifications versus real-world experience, the emerging role of AI in security testing, and...
Travis Stein: Mastering Cybersecurity: Hands-On Skills and Networking Strategies
In this episode of the Phillip Wylie Show, host Phillip Wylie sits down with cybersecurity professional Travis Stein to discuss practical strategies for breaking into cybersecurity, building technical skills, and advancing from IT into security roles. Travis shares his journey from help desk roles into cybersecurity engineering and offers actionable advice for aspiring professionals looking to stand out in a competitive field.The conversation highlights the importance of hands-on experience, networking, home labs, certifications, and building a personal portfolio to demonstrate real-world skills. Travis also discusses how soft skills like communication and presentations can accelerate career growth and open new opportunities.=========================...
Gregory Carpenter: Beyond the Network | Threat Modeling, AI, and Real-World Pen Testing
In this episode, Phillip Wylie sits down with Dr. Gregory Carpenter to explore his journey from early childhood curiosity to a distinguished career in cybersecurity, military operations, and advanced threat modeling. Greg shares how his early interest in security evolved from physical lockpicking and unconventional problem solving into work involving digital security, NSA operations, and space-related missions.The conversation dives into what effective threat modeling really looks like and why too many security assessments fail to account for real-world conditions. Greg explains the importance of looking beyond traditional network boundaries to include physical access, RF exposure, social engineering, environmental conditions, and...
Allie Mellen: Code War
In this episode of the Phillip Wylie Show, Allie Mellen shares her journey from a computer engineering student to a cybersecurity expert and industry analyst. She discusses the importance of hands-on experience in cybersecurity, the evolution of cybersecurity tools, and the significance of a hacker mindset. Allie also emphasizes the need for clear communication in cybersecurity for non-technical audiences and provides advice on selecting cybersecurity products. Additionally, she introduces her new book, 'Code Nations,' which explores the intersection of cybersecurity and geopolitics, highlighting the impact of global events on cyber warfare strategies.========================= Connect with Allie Mellen:LinkedIn: https://www.linkedin.com/in/hackerxbella/ Allie's book: https://www.amazon.com/dp/1394285574=========================...
Eve Maler: The Evolution of Identity Security
In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Eve Maler, a prominent figure in identity security. They discuss the importance of community in cybersecurity, Eve's journey into the field, the evolution of identity technologies like SAML and OAuth, advancements in authentication methods, and the impact of AI on identity management. Eve also shares insights from her upcoming book on digital identity, emphasizing the need for a user-centric approach to security.========================= Connect with Eve Maler:LinkedIn: https://www.linkedin.com/in/evemaler/Eve's book: https://masteringdigitalidentity.com/Website: https://www.vennfactory.com/========================= Connect with your host, Phillip Wylie: LinkedIn: https://linkedin.com/in/phillipwylieX: https://x.com/PhillipWylieInstagram: https://www.instagram.com/phillipwylie
Sudhanshu Chauhan: Navigating the New Landscape of Cyber Threats
In this episode, Sudhanshu Chauhan discusses the transformative impact of AI on the cybersecurity landscape. He explains how AI has introduced new attack vectors and the dual nature of AI in cybersecurity, serving both as a tool for attacks and as a target for attacks. The conversation emphasizes the need for security professionals to adapt to these changes and explore innovative approaches to penetration testing and security measures.========================= Connect with Sudhanshu Chauhan:LinkedIn: https://www.linkedin.com/in/sudhanshuchauhanWebsite: https://redhuntlabs.com/========================= Connect with your host, Phillip Wylie: LinkedIn: https://linkedin.com/in/phillipwylieX: https://x.com/PhillipWylieInstagram: https://www.instagram.com/phillipwylie
Dorota Kozlowska: Empowering Women in Cybersecurity
In this episode of the Phillip Wylie Show, Dorota Kozlowska shares her inspiring journey from a hesitant high school student to a successful professional in offensive security and content creation. She discusses her challenges in breaking into the male-dominated field of cybersecurity, her passion for pen testing, and her commitment to empowering other women in tech through her podcast, 'The Woman in Red.' Dorota emphasizes the importance of personal branding, continuous learning, and the courage to pursue one's dreams despite obstacles. ========================= Connect with Dorota Kozlowskahttps://www.linkedin.com/in/dorota-kozlowska/https://www.woman-in-red.com/https://www.youtube.com/@womaninredpresents========================= Connect with your host, Phillip Wylie: LinkedIn: https://linkedin.com/in/phillipwylieX: https://x.com/PhillipWylieInstagram: https://www.instagram.com/phillipwylie
Keelan Knox: Breaking Things to Building Defenses
In this episode of the Phillip Wylie Show, host Phillip Wylie welcomes cybersecurity expert Keelan Knox, who shares his fascinating hacker origin story. Keelan recounts his early curiosity about technology, which led him to dismantle various devices and eventually discover the world of hacking and cybersecurity. He emphasizes the importance of social engineering in the field and how it became a natural skill for him. The conversation delves into Keelan's educational background, his diverse roles in cybersecurity, and the significance of networking in building a successful career in the industry.As the discussion progresses, Keelan offers valuable advice for aspiring cybersecurity...
Michael Farnum & Sam Van Ryder: Building CYBR.SEC.Community
In this episode of The Phillip Wylie Show, Phillip Wylie sits down with Michael Farnum and Sam Van Ryder to discuss the growth of CYBR.SEC.Community, formerly known as HOU.SEC.CON. They share their hacker origin stories and how a grassroots conference evolved into a national, community-driven cybersecurity movement.The conversation covers the expansion of CYBR.SEC.Community to include OT.SEC.CON, EXEC.SEC.CON, YOUTH.SEC.CON, CYBR.HAK.CON, and CYBR.SEC.Media, the communitys media platform focused on education, storytelling, and amplifying voices across the cybersecurity ecosystem. The episode highlights accessibility, youth and veteran involvement, bridging IT and OT security, and why curiosity and real-world experience remain essential to building the...
Travis Weathers: From Military to Physical Security Expert
In this episode of the Phillip Wylie Show, host Phillips guest is Travis Weathers, a seasoned professional in cybersecurity and penetration testing. Travis shares his unique journey from military service to becoming a successful entrepreneur in the cybersecurity field. He discusses the importance of specialized training, the differences between red teaming and traditional pen testing, and offers valuable advice for those looking to advance their careers in cybersecurity. The conversation also touches on the role of AI in the industry and the innovative tools being developed for physical pen testing.This episode is sponsored by Teleport, an identity-first security platform. Learn...
Unpacking Cybersecurity: Stories from the Cyber Distortion Podcast
SummaryIn this episode of the Phillip Wylie Show, Phillip welcomes Jason and Kevin from the Cyber Distortion Podcast, diving deep into their hacker origin stories and the evolution of their podcasting journey. Kevin shares his unconventional path from marketing and graphic design to IT, highlighting how a conversation about salaries led him to pursue Microsoft certifications and a long-standing career in technology. Jason recounts his early fascination with technology, from building science projects to coding on his first home computer, illustrating how his inquisitive nature laid the groundwork for his future in cybersecurity.The conversation shifts to their experiences in podcasting,...
Shubham Khichi: Journey The Future of AI in Cybersecurity
SummaryIn this episode of the Phillip Wylie Show, Phillip Wylie interviews Shubham Khichi, a cybersecurity expert and entrepreneur. They discuss Shubham's journey from a computer science student to the founder of CyberAGI, a company focused on enhancing cybersecurity through AI. The conversation covers the importance of human involvement in cybersecurity, innovative threat modeling techniques, and the role of AI in augmenting the capabilities of security professionals. Shubham emphasizes the need for privacy in AI applications and offers advice for aspiring pen testers, highlighting the significance of self-belief and continuous learning in the rapidly evolving tech landscape.This episode is sponsored by...
Ron Eddings: Hacker to Podcaster
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie interviews Ron Eddings, a prominent figure in cybersecurity and podcasting. They discuss Ron's journey into cybersecurity, his experiences in podcasting, and the evolution of Hacker Valley Media. The conversation delves into the importance of video and audio quality in content creation, the role of AI in cybersecurity, and the future of jobs in the industry. Ron shares insights on tools for penetration testing and the impact of AI on traditional cybersecurity roles, emphasizing the need for professionals to adapt and future-proof their careers in an AI-driven landscape.TakeawaysRon Eddings shares...
Chris Glanden: The Power of Content in Cybersecurity
SummaryIn this episode of the Phillip Wylie Show, Phillip Wylie interviews Chris Glanden, a cybersecurity professional and podcaster. They discuss Chris's journey into cybersecurity, his experiences in podcasting, and his recent ventures into documentary filmmaking. The conversation also touches on public speaking, community engagement through events like the Lone Star Cyber Circus, and advice for aspiring podcasters. Chris shares insights on the importance of storytelling in cybersecurity and the impact of podcasts on listeners' lives.TakeawaysChris Glanden's journey into cybersecurity began after high school.He transitioned from IT to cybersecurity in 2011.Chris started his podcast during the pandemic in 2020.He has produced...
Gideon Rasmussen: Preparing for Promotion in Cybersecurity & Tech Leadership
SummaryIn this conversation, Gideon Rasmussen discusses the importance of understanding one's professional development areas and how to prepare for promotion. He emphasizes the need for individual contributors to demonstrate leadership and deliver solid performance over time to be considered for advancement.TakeawaysKnow what your areas of professional development are.Pursue your professional development actively.Prove yourself ready for promotion now.No one will provide a clear path to promotion.Write performance plans to guide your development.Run projects to showcase your skills.Demonstrate leadership even as an individual contributor.Aim for three to four years of solid performance.Deliver on projects consistently to advance.Seek feedback to improve your performance.Connect...
Christopher Russell: Balancing Skills in Cybersecurity
SummaryIn this conversation, Christopher Russell emphasizes the importance of being well-rounded in the field of cybersecurity. He discusses the necessity of understanding both offensive and defensive strategies, as well as the need for security professionals to grasp the business aspects of their roles. Russell highlights that a successful CISO must not only be technically proficient but also understand how security tools can support and enhance business operations.TakeawaysBeing well-rounded is essential in cybersecurity.A balance of offensive and defensive skills is necessary.Understanding various technologies is crucial.One must grasp how the business operates.An appetite for business knowledge is important.Security professionals should not just...
Ted Harrington: Demystifying the Hacker Mindset
SummaryIn this episode of the Philip Wylie Show, host Phillip Wylie speaks with Ted Harrington, a fellow podcaster and author, about the hacker mindset and its implications in cybersecurity. They discuss the misconceptions surrounding hackers, the importance of curiosity and creativity, and how the hacker mindset can be applied beyond technology. Ted shares his personal journey into the world of hacking, the motivation behind his new book, and offers insights on building a personal brand in the cybersecurity field. The conversation concludes with a message of optimism regarding the future of cybersecurity and the role of hackers in creating a...
Bat: The Evolution of a Threat Hunter
SummaryIn this episode of the Philip Wylie Show, Bat shares her journey from a childhood fascination with computers to a career in cybersecurity, specifically in threat hunting. Bat discusses her early experiences with hacking, the transition from wanting to be a pen tester to discovering a passion for digital forensics, and the day-to-day responsibilities of a threat hunter. The conversation also touches on the importance of education, certifications, and the evolving role of AI in cybersecurity.TakeawaysBat emphasizes the importance of privacy in their work.The journey into hacking often starts from a young age.Career paths in cybersecurity can vary widely.Exploring different...
Mike Bell: AI Won't Take Your Job - If You Learn This
AI Won't Take Your Job - If You Learn This | Cybersecurity & Employment in the AI EraIs AI going to take your job? In this essential episode, Phillip Wylie sits down with Michael Bell, CEO and Co-founder of Suzu Labs, to dive deep into the intersection of artificial intelligence, employment security, and the future of cybersecurity. Learn why adapting to AI is crucial for your career survival and discover how to make yourself invaluable in an AI-driven workforce. From Suzu Labs' cutting-edge services to practical advice for aspiring cybersecurity professionals, Michael shares everything you need to know about thriving...
Victoria Mosby - Embracing Ideas: Overcoming Self-Doubt
SummaryIn this conversation, Victoria Mosby emphasizes the importance of overcoming self-doubt and embracing new ideas. She encourages listeners to take risks and not let insecurities hold them back from pursuing opportunities for growth and learning.TakeawaysDon't let it talk, don't let yourself talk yourself out of a good idea.It's the fact that you tried it and this goes out to a coworker who you know it's insecurity.Embrace the possibility of failure as a learning opportunity.Reach out to others to learn more, despite insecurities.Taking risks can lead to personal and professional growth.Insecurity shouldn't prevent you from pursuing your interests.Trying new things is...
Marshall Livingston: From Restaurant to Cybersecurity
SummaryIn this episode of the Philip Wylie Show, host Phillip Wylie interviews Marshall Livingston, who shares his journey from the restaurant industry to cybersecurity. They discuss the importance of coding in cybersecurity, the impact of AI on the industry, and how it can be leveraged for business opportunities. Marshall also talks about the role of sales engineering as a career path and his current ventures in creating engaging cybersecurity training solutions. The conversation emphasizes the need for understanding AI and its implications for job automation and decision-making in the tech industry.Connect with Marshall!https://www.linkedin.com/in/marshall-livingston-007031337/Chapters00:00 Introduction and Guest Background01:09 Marshall's Hacker Origin...
Edna Jonsson: From Coding to Cybersecurity
SummaryIn this episode of the Philip Wylie Show, Edna Jonsson shares her journey into cybersecurity, detailing her transition from coding to becoming a SOC analyst. She discusses the importance of education, certifications, and self-study, as well as the value of community and networking in the field. Edna also highlights her podcast aimed at helping newcomers to cybersecurity and encourages listeners to engage with their local cybersecurity communities.Takeaways Edna's journey into cybersecurity began with coding and attending DEF CON. Working in a SOC involves monitoring alerts and understanding security events. Certifications like Security Plus and CYSA+ are beneficial for breaking into...
Anand Singh: Data Security in the Age of AI
SummaryJoin Phillip Wylie as he interviews Anand Singh about his new book on AI security and the critical intersection of data protection, cybersecurity, and artificial intelligence. Anand shares his journey from working on Cray supercomputers to becoming a cybersecurity leader, and provides practical frameworks for organizations adopting AI securely.TakeawaysAI can be a useful tool for individuals.Malicious actors also leverage AI for attacks.It's crucial to secure the use of AI.AI is transforming security tooling.Understanding AI's dual nature is essential.Security for AI and AI for security are interconnected.The landscape of AI includes both benefits and risks.Organizations must be proactive in AI security.AI's...
Emily Dobson: From Family Influence to Cybersecurity Success
SummaryIn this episode of the Phillip Wylie Show, Emily Dobson shares her journey into cybersecurity, influenced by her family's background in technology. She discusses her experiences in digital forensics, the importance of networking, and her role in organizing conferences. Emily emphasizes the value of certifications and soft skills in the industry, as well as the significance of public speaking. The conversation concludes with her advice for newcomers in cybersecurity and her future aspirations in the field.TakeawaysEmily's interest in cybersecurity was sparked by her father's career.Networking is crucial for breaking into the cybersecurity field.Running conferences has helped Emily build valuable connections.Certifications...
Emile Fugulin: The Future of Bug Bounty Tools
SummaryIn this episode of the Phillip Wylie Show, Emile Fugulin, co-founder of Caido, discusses the evolution of cybersecurity tools, his personal journey into hacking, and the importance of community engagement in the bug bounty space. He highlights the performance challenges faced by traditional security tools and how Caido aims to address these issues through innovative design and architecture. Emile also shares insights on the integration of AI in cybersecurity, the learning curve for new users, and the future of automation in the industry.TakeawaysEmile Fugulin emphasizes the importance of competition in the cybersecurity tool market.Caido aims to improve performance and usability...
Lisa Landau: From Military Intelligence to Cybersecurity
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie interviews Lisa Landau, a cybersecurity expert and co-founder of Threat Light. They discuss Lisa's unique journey from military intelligence to the startup world, the challenges and opportunities in cybersecurity, and the importance of hiring talent with diverse backgrounds. Lisa shares insights on how to break into the cybersecurity field, the significance of passion and critical thinking in candidates, and her vision for making cybersecurity solutions more accessible. The conversation culminates in an exploration of the founding of Threat Light and its mission to provide effective incident response solutions.TakeawaysLisa Landau...
Jon Baker: Exploring MITRE's Impact on Cybersecurity
SummaryIn this episode of the Phillip Wylie Show, John Baker from MITRE discusses the organization's role in cybersecurity, including the development of the ATT&CK framework and the importance of threat intelligence. He shares his personal journey into the field, MITRE's structure as a nonprofit, and the evolution of their resources. The conversation also touches on the integration of AI in cybersecurity, the significance of CVEs, and the need for continuous learning in the ever-evolving landscape of cyber threats.Connect with Jon! https://www.linkedin.com/in/jonathanobaker/MITREhttps://www.mitre.org/focus-areas/cybersecurity/threat-informed-defenseChapters00:00 Introduction to MITRE and Cybersecurity Resources03:16 John Baker's Hacker Origin Story06:34 Understanding MITRE's Role and Structure08:18 Exploring MITRE's Initiatives...
Casey Cammilleri: From Hacker to CEO
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Casey Camilleri about the evolution of offensive security, the importance of continuous penetration testing, and the role of automation and AI in the cybersecurity landscape. They discuss Casey's hacker origin story, the shift in mindset required for modern security practices, and provide advice for aspiring penetration testers. The conversation emphasizes the need for continuous learning and adaptation in the ever-changing field of cybersecurity.Connect with Casey!https://www.linkedin.com/in/caseycammilleri/https://www.sprocketsecurity.com/Chapters00:00 Introduction and Equipment Enthusiasm02:12 The Hacker Origin Story05:03 Evolution of Penetration Testing07:33 Continuous Penetration Testing and Automation10:29 The Role of AI in...
Jennifer Leggio: Building Your Personal Brand in Cybersecurity
SummaryIn this episode of the Phillip Wylie Show, Jennifer Leggio shares her insights on personal branding, the evolution of marketing in cybersecurity, and the importance of community engagement. With a rich background in cybersecurity marketing, Jennifer discusses her journey from journalism to becoming a key player in the cybersecurity community. She emphasizes the need for marketers to understand the technical aspects of their products and the significance of authentic content creation. The conversation also touches on resilience in the face of career challenges and the importance of mental health in the industry.Chapters00:00 Introduction and Personal Branding04:02 Jennifer Leggio's Origin Story06:58...
Kat Cosgrove: From Developer to Advocate
Summary In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Kat Cozgrove, a developer advocate and Kubernetes maintainer. They discuss Kat's journey into technology, her hacker origin story, and her transition from software engineering to developer advocacy. Kat shares insights on getting started with Kubernetes, the importance of open source contributions, and the value of networking and community engagement. They also touch on misconceptions about sales roles, the benefits of attending smaller conferences, and the significance of kindness in the open source community.Chapters00:00 Introduction 04:03 Kat's Hacker Origin Story06:59 Career Path in Technology09:50 Transition to Developer...
Filipi Pires: 10 Years of Cybersecurity Lessons on Patience, Growth & Career Success
**"In this inspiring cybersecurity conversation, Filipi Pires reflects on his decade-long journey in the industry, sharing lessons on patience, persistence, and embracing your personal career path. He discusses the realities of professional growth, the importance of continuous learning, and why comparing yourself to others can hold you back. Perfect for aspiring ethical hackers, penetration testers, and anyone navigating the cybersecurity career landscape."**Timestamps:00:00 Introduction02:15 Filipis career beginnings07:40 Lessons from a decade in cybersecurity12:30 The importance of patience and persistence17:55 Overcoming self-comparison23:10 Career advice for aspiring professionalsConnect with Filipi Pires: LinkedIn: https://www.linkedin.com/in/filipipires/ Twitter/X: https://x.com/FilipiPiresFollow The Phillip Wylie Show: Podcast: https://phillipwylieshow.com YouTube: https://www.youtube.com/c/phillipwylie...
Alethe Denis: The Art of Social Engineering
SummaryIn this episode of the Phillip Wylie Show, Phillip Wylie interviews Alethe Denis from Bishop Fox, exploring her journey into hacking, the significance of social engineering in cybersecurity, and the evolving landscape of phishing and red teaming. Alethe shares her unique origin story, insights into the importance of real phishing engagements, and creative methods for gaining access during physical pen tests. The conversation also touches on the ethical implications of social engineering, the challenges posed by increasing security awareness, and valuable advice for aspiring security professionals.TakeawaysAlethe's journey into hacking began with an interest in social engineering as a child.The evolution...
Damien Burks: From Aspiring Game Dev to Cloud Security Leader
SummaryIn this episode, Phillip Wylie interviews Damien Burks, who shares his journey from aspiring video game developer to a successful career in cybersecurity and cloud technologies. Damien discusses his hacker origin story, the importance of cloud computing, and the differences between major cloud service providers like AWS, Google Cloud, and Azure. He emphasizes the significance of scripting languages, particularly Python, in cloud engineering and offers advice for those looking to enter the field. Additionally, Damien talks about his community-building efforts through the DevSec Blueprint and the impact of content creation on his career.TakeawaysDamien started his journey in cybersecurity through a...
Ryan Williams: Building Community and Creativity in Cybersecurity Media
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Ryan Williams, the publisher of HVCK Magazine. They discuss the importance of networking within the cybersecurity community, the evolution of content creation, and the aesthetic of cybersecurity media. Ryan shares his journey into cybersecurity, the creative process behind HVCK Magazine, and the role of AI in art. They also delve into offensive security practices, advice for aspiring professionals, and the significance of pro bono initiatives in making a positive impact in the community.TakeawaysNetworking is crucial in the cybersecurity community.Content creation can take many forms beyond video.Cybersecurity media...
Jessica Hoffman: Live from Boardwalk Bytes 2025
SummaryIn this engaging conversation, Phillip Wylie and Jessica Hoffman discuss the importance of community in cybersecurity, sharing insights on networking, hiring practices, and the value of volunteering. Jessica shares her hacker origin story and emphasizes the need for soft skills in the industry. They also explore the significance of mentorship and leadership in advancing careers within cybersecurity, encouraging individuals to seek connections and support in their professional journeys.TakeawaysNetworking is essential for success in cybersecurity.Community involvement can significantly enhance career opportunities.Hiring managers should prioritize skills and initiative over degrees.Volunteering can open doors and create valuable connections.Soft skills are crucial for effective...
Matt Brown: Hardware Hacking & Content Creation
Episode OverviewJoin host Phillip Wylie as he interviews Matt Brown, a cybersecurity professional, hardware hacker, and successful YouTuber who has grown from zero to over 100,000 subscribers in just two years. This episode dives deep into hardware security, IoT penetration testing, content creation strategies, and the future of cybersecurity careers in the age of AI.Guest BioMatt Brown is a cybersecurity professional specializing in hardware hacking and IoT security. He's the creator of a popular YouTube channel focused on unedited, real-time hardware hacking tutorials. Matt has experience in offensive security, bug bounty hunting, and has won multiple live hacking events, including...
Matt Toussain: From JAG Aspirations to Cybersecurity
SummaryIn this engaging episode of "The Phillip Wylie Show," host Phillip Wylie welcomes cybersecurity expert Matthew Toussain. Known for his extensive history in the cybersecurity field, Matt opens up about his unconventional career path, from aspiring to be an Air Force lawyer to developing a passion for cybersecurity. This episode covers a multitude of insights into the world of offensive security, open-source development, and vulnerability management, all backed by Matt's diverse experiences and successes in the cybersecurity landscape.Throughout the episode, Matt shares invaluable advice for those entering the offensive security field, highlighting the importance of contributing to open-source projects and...
Kevin Woods: Why Companies MUST Invest in Junior Cyber Talent
SummaryIn this episode of the Phillip Wylie Show, Kevin Woods from GuidePoint Security shares his unique journey into cybersecurity, emphasizing the importance of community support, hands-on experience, and investing in entry-level talent. He discusses the various paths one can take in the cybersecurity field, the value of certifications, and the role of education in preparing individuals for careers in this industry. The conversation highlights the need for companies to take risks on junior talent and the significance of providing opportunities for growth and development in cybersecurity.Takeaways Kevin Woods transitioned from a biology background to cybersecurity through military service. Community support...
From Military to Cybersecurity: John Rodriguez on Mentorship, Ransomware, and Building Resilient Defenses
The Phillip Wylie Show episode featuring John Rodriguez from Cyber Dagger: Episode Summary:In this episode of The Phillip Wylie Show, cybersecurity expert John Rodriguez, founder of Cyber Dagger, shares his inspiring journey from the military to launching a cybersecurity company. John dives into the critical challenges faced by educational institutions and nonprofits, the growing threat of ransomware, and why a holistic security strategy is vital. He emphasizes the power of mentorship, community service, and continuous hands-on learning in shaping the next generation of cybersecurity professionals. This conversation is packed with real-world insights, career tips, and practical approaches to improving cyber...
Dan DeCloss: The Evolution of Cybersecurity
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Dan DeCloss, founder of PlexTrac, about his journey in cybersecurity, the evolution of pen testing, and the challenges faced in the industry. Dan shares his hacker origin story, insights on recruiting talent, and the inspiration behind PlexTrac, a tool designed to streamline the pen testing reporting process. They discuss the future of cybersecurity, including the role of AI and the importance of community engagement in recruiting talent.Takeaways Dan DeCloss has over 20 years of experience in cybersecurity. PlexTrac aims to simplify the pen testing reporting process. Networking...
Ashley Sequeira: The Importance of Community in Cybersecurity
SummaryIn this episode of the Phillip Wylie Show, Ashley Sequeira shares her journey into cybersecurity, discussing her new role at Census, her hacker origin story, and the importance of community and networking in the field. She provides valuable advice for those looking to break into cybersecurity, emphasizing the need for persistence, mentorship, and the significance of understanding the geopolitical context in security research. Ashley also delves into her research on streaming devices and the importance of community involvement in the cybersecurity space.Takeaways Ashley started her career in music and martial arts before pivoting to IT and cybersecurity. Networking and mentorship...
Eric Cole: From CIA to Cybersecurity
SummaryIn this episode of the Phillip Wylie Show, Dr. Eric Cole shares his journey from a computer science student to a cybersecurity expert with a rich history at the CIA. He discusses the importance of personal branding in the cybersecurity field, the transition from offensive to defensive security, and the need for CISOs to be recognized as chief officers within organizations. Eric emphasizes the significance of teaching and contributing to the cybersecurity community while also addressing the challenges posed by misinformation and the evolving landscape of technology.Takeaways Personal branding can significantly enhance your career opportunities. Eric Cole's journey into cybersecurity...
Chris Traynor: Hack Your Way Into a Cyber Security Career
SummaryIn this episode of the Phillip Wylie Show, Chris Traynor shares his journey into the cybersecurity field, discussing his hacker origin story, the impact of post-breach opportunities, and the nuances of breaking into offensive security. He emphasizes the importance of hands-on experience, the role of certifications, and shares engaging stories from his pen testing career. Chris also provides valuable insights on the security mindset and the collaborative nature of cybersecurity.Takeaways Chris Traynor emphasizes the importance of community involvement in cybersecurity. Post-breach organizations often have better budgets for security training and tools. Transitioning into offensive security requires a shift in mindset...
From Hacking to Entrepreneurship: The PhantomSec Story
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie engages with cybersecurity experts Grant Smith and Justin Perez, exploring their unique journeys into the world of hacking and cybersecurity. The conversation delves into their origins as hackers, the founding of their company PhantomSec, and the innovative techniques they are developing for EDR evasion. They discuss the importance of hands-on experience in cybersecurity education, the value of certifications, and what qualities they look for in ideal candidates for cybersecurity roles. The episode provides insights into the evolving landscape of cybersecurity and the challenges faced by newcomers in the field.Takeaways...
Luke McOmie: Pyr0's Red Team Journey
SummaryIn this episode of the Phillip Wylie Show, Phillip Wylie interviews Luke McOmie, also known as Pyro, a prominent figure in the hacker and cybersecurity community. They discuss the value of smaller conferences, Luke's journey into hacking, memorable red teaming experiences, and the importance of community engagement in the cybersecurity field. Luke shares insights on getting started in red teaming, the evolution of the industry, and the significance of building relationships at conferences.Takeaways Smaller conferences foster better relationships. Luke's first computer was an AST-486SX. Hacking the school district led to early trouble. Red teaming involves both physical and digital penetration...
Evan Dornbush: Desired Effect
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie interviews Evan Dornbush, a seasoned cybersecurity professional with a rich history in the field. They discuss Evan's journey from a summer internship focused on cybercrime to his work with the NSA and his entrepreneurial ventures in cybersecurity. The conversation delves into the challenges of hiring in tech, the importance of proving technical skills, and the evolving landscape of security research. They also explore the impact of AI on cybersecurity, the economics of cybercrime, and Evan's new podcast aimed at educating listeners about vulnerabilities and exploits.Takeaways Evan's journey into cybersecurity...
Tim Fowler: Space Security The Final Cyber Frontier
SummaryIn this episode of the Phillip Wylie Show, Tim Fowler discusses the importance of networking and community in the cybersecurity field. He emphasizes the value of continuous learning, mentorship, and sharing knowledge to foster growth within the industry. Tim also shares his personal journey into cybersecurity, highlighting the significance of relationships and the evolving landscape of space cybersecurity, including his upcoming training program.Takeaways Networking is crucial in cybersecurity. Community learning can be more valuable than formal education. Conferences provide opportunities for relationship building. Mentorship is a two-way street; both parties benefit. Continuous learning is essential to stay relevant in the...
Gerald Auger PhD: Transform Your Cybersecurity Career with Community
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Gerald Auger from Simply Cyber about his journey in cybersecurity, the importance of community building, and the role of personal branding in career advancement. They discuss Gerry's transition from software engineering to Governance, Risk, and Compliance (GRC), the impact of AI in GRC, and the significance of engaging with the community through content creation. Gerry shares insights on training, certifications, and the value of networking, emphasizing that anyone can contribute to the community regardless of their experience level.Takeaways Simply Cyber launched in December 2019 to help others....
Bdubzz: Building Connections in Cybersecurity
SummaryIn this episode of the Phillip Wylie Show, Phillip Wylie interviews Bdubzz, a member of the cybersecurity community who shares his journey from a curious child to a professional in application security. Bdubzz discusses the importance of networking, community engagement, and personal branding in the cybersecurity field. He emphasizes the value of volunteering, public speaking, and content creation as ways to grow and connect with others in the industry. The conversation highlights the significance of having a hacker mindset and the opportunities available in Governance, Risk, and Compliance (GRC).Takeaways Bdubzz has always had a hacker mindset, starting from childhood. Networking...
Patrick Laverty: Layer 8
SummaryIn this episode of the Phillip Wylie Show, Patrick Laverty shares his unique journey into the cybersecurity field, emphasizing the diverse backgrounds of professionals in the industry. He discusses the importance of foundational skills, networking, and certifications for those looking to break into penetration testing. The conversation also highlights the significance of social engineering and communication skills, as well as the upcoming Layer 8 Conference focused on OSINT and social engineering. Patrick reflects on the value of podcasting as a means to connect with experts and build a personal brand in the cybersecurity community.Takeaways Many cybersecurity professionals come from non-IT...
Jeff Caruso: Inside Cyber Warfare
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie interviews Jeff Caruso, an expert in cyber warfare and author of a book on the subject. They discuss Jeff's unique background, including his experience in the Coast Guard and his transition into the world of cybersecurity. The conversation delves into the evolution of cyber warfare, the integration of information warfare, and the challenges posed by misinformation. Jeff emphasizes the importance of resilience in cybersecurity and the need for individuals and organizations to prepare for future threats, including the implications of artificial intelligence in this landscape.Takeaways Jeff Caruso shares his...
Syntax976: From Curiosity to Cybersecurity
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie engages in a conversation with Syntax, a prominent figure in the hacker community. They discuss their connection through social media, the vibrant hacker culture, and Syntax's personal journey into hacking, which began at a young age. The conversation explores the evolution of the hacker community, emphasizing inclusivity and diversity, and offers valuable advice for aspiring cybersecurity professionals. Syntax shares insights on the importance of curiosity and networking within the community, making this episode a rich resource for anyone interested in cybersecurity.Takeaways Syntax's journey into hacking began at age 10....
Mike Lisi: Mike Hacks Things
SummaryIn this episode of the Phillip Wylie Show, Phillip Wylie and Michael Lisi discuss their backgrounds in hacking and penetration testing, the importance of diverse experiences in the tech field, and the value of certifications like OSCP. They also explore pathways into offensive security, the mission of the Red Team Village, and the role of Capture The Flag (CTF) competitions in learning. The conversation emphasizes the significance of networking and community involvement in the cybersecurity industry.Takeaways Michael Lisi shares his journey into hacking, starting from building computers as a teenager. The importance of sharing origin stories to motivate others in...
Joe Vest: OG Red Teamer
SummaryIn this episode of the Phillip Wylie Show, Joe Vest shares his extensive journey in the cybersecurity field, from his early days in IT to becoming a prominent figure in red teaming. He discusses the evolution of red teaming, the differences between red teaming and penetration testing, and the importance of understanding technology fundamentals for aspiring security professionals. Joe also reflects on his transition from offensive to defensive security, the challenges of writing a book on red teaming, and offers valuable career advice for those looking to break into the field.Takeaways Joe Vest emphasizes the importance of community in cybersecurity....
Jorge Reyes: From Atmospheric Sciences to Cybersecurity
SummaryIn this episode of the Phillip Wylie Show, Jorge Reyes shares his journey into cybersecurity, discussing his background in atmospheric sciences, the importance of mentorship, and the value of teaching. He emphasizes the significance of hands-on experience, the necessity of understanding different domains within cybersecurity, and the importance of networking. Jorge also provides practical advice for aspiring cybersecurity professionals, highlighting the need for continuous learning and proactive career management.Takeaways Sharing experiences can save others time in learning. Mistakes are essential for growth and learning. Internships provide valuable hands-on experience. Teaching helps reinforce knowledge and communication skills. Understanding different domains in...
My Zero Trust World 25 Hacking Labs Experience
In this video, I discuss the hands-on hacking labs fromThreatLocker'Zero Trust World 25.
Naveen Sunkavally: From Software Engineering to Pentest Automation
SummaryIn this episode of the Phillip Wylie Show, Naveen Sunkavally shares his unique journey from software engineering to offensive security. He discusses his experiences at Horizon3.ai, the importance of coding in cybersecurity, and the evolving role of automation and AI in pen testing. Naveen emphasizes the need for a solid foundation in IT and development for those looking to break into cybersecurity, and he provides insights into vulnerability research and the future of the industry.Takeaways Naveen's journey from software engineering to offensive security is inspiring. Understanding both offensive and defensive security is crucial. Automation is becoming increasingly important in pen...
My ZeroTrust World 2025 Experience
Last week, I had a great time at ThreatLocker's Zero Trust World 25. In this video, I share my experience attending the event.
Nicholas DiCola: Micro-Segmentation: A Game Changer in Network Security
SummaryIn this episode of the Philip Wylie Show, host Phillip Wylie interviews Nicholas DiCola from Zero Networks, exploring his background in cybersecurity, the importance of foundational IT skills, and the innovative solutions offered by Zero Networks in the realm of micro-segmentation and zero trust networks. The conversation delves into the challenges of traditional security measures, the efficiency of Zero Networks' approach, and valuable career advice for those looking to enter the cybersecurity field.Takeaways Nicholas DiCola emphasizes the importance of foundational IT skills for a successful career in cybersecurity. Micro-segmentation is a critical component of a zero trust security model. Zero...
Lesley Carhart: ICS DFIR Expert
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie speaks with cybersecurity expert Lesley Carhart about her journey into the field, the importance of community and mentorship, and the unique challenges of working in industrial control systems (ICS) forensics. Leslie shares her hacker origin story, discusses the complexities of ICS security, and recounts a fascinating case study involving a mysterious incident at a power plant. The conversation emphasizes the need for diversity in tech and the vital role of community support in navigating cybersecurity careers.Takeaways Lesley Carhart's journey into cybersecurity began at a young age with a passion...
Eva Benn: The Power of Resilience in Cybersecurity
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie interviews Eva Benn, a leader in the cybersecurity field. Eva shares her inspiring journey from a disadvantaged background in Bulgaria to leading the Microsoft Red Team. She discusses the importance of resilience, the role of gaming in developing cybersecurity skills, and offers valuable advice for aspiring professionals in the field. The conversation also covers personal branding, networking authentically, and the significance of continuous learning and growth in one's career.Takeaways Eva Benn's journey from Bulgaria to leading the Microsoft Red Team is inspiring. Resilience and determination are key to overcoming...
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie interviews Ben Sadeghipour, known as NahamSec, a prominent figure in the bug bounty community. They discuss NahamSec's journey into hacking, his achievements in bug bounties, and the importance of personal branding and content creation in the cybersecurity field. NahamSec shares insights on transitioning from part-time to full-time bug bounty hunting, the role of automation and AI in the industry, and offers advice for newcomers looking to break into bug bounties. The conversation emphasizes the value of creativity, curiosity, and continuous learning in becoming a successful hacker.Takeaways NahamSec's journey into...
Fletus Poston III: Navigating The Ever Changing Career Landscape Of Cybersecurity
Summary In this episode of the Phillip Wylie Show, Phillip Wylie interviews Fletus Poston, discussing his journey in cybersecurity, the evolution of email security, and the shift to cloud technology. Fletus shares valuable advice for those looking to break into the field, emphasizing the importance of networking, mentorship, and soft skills. He also provides insights from his experience as a hiring manager, discusses career paths in cybersecurity, and highlights the significance of work-life balance. The conversation concludes with Fletus encouraging listeners to engage with their community and prioritize their well-being. Takeaways Networking and mentorship are crucial for career growth. Soft...
Marina Ciavatta: From Journalism to Physical Pen Testing & Social Engineering
Summary In this episode of the Phillip Wylie Show, Marina Ciavatta shares her unique journey into the world of physical pen testing and social engineering. From her origins in journalism to her current role as a red teamer, Marina discusses the challenges and experiences she has faced in the field. She shares thrilling stories of her pen tests, including moments of fear and unexpected encounters, while also emphasizing the importance of training and awareness in cybersecurity. Marina provides insights for those looking to enter the field, highlighting the blend of creativity and strategy required for successful penetration testing. Takeaways Marina's...
Chris Wysopal: From L0pht to Veracode, an OG Hacker's Journey
SummaryIn this episode of the Phillip Wylie Show, Chris Wysopal, a renowned hacker and cybersecurity expert, shares his journey from his early days of hacking to founding Veracode. He discusses the evolution of hacking culture, the importance of hands-on experience in cybersecurity, and the challenges posed by generative AI in software development. Wysopal emphasizes the need for understanding coding and the risks associated with supply chain security in the ever-evolving landscape of cybersecurity.Takeaways Chris Wysopal's journey into hacking began with a modem in college. The hacker culture has evolved from building to breaking into systems. Starting Veracode was driven by...
STK: Hacking, Content Creation, and Good Vibes
Summary In this episode of the Phillip Wylie Show, Stk shares his journey from a technical background in infrastructure to becoming a successful bug bounty hunter and content creator. He emphasizes the importance of communication skills in the cybersecurity field, offers tips for aspiring content creators, and discusses the significance of building a personal brand. Stk also highlights the need for balance in life, the value of understanding target needs in bug bounty hunting, and the challenges of dealing with online criticism. Takeaways Stk transitioned from infrastructure to web hacking. Communication skills are crucial in bug bounty reporting. Content creation...
Han Kanthi: Han's Journey From Corporate to Startup
Summary In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Han Kanthi, a seasoned entrepreneur and cybersecurity expert. They discuss Han's journey from the corporate world to starting his own company, the importance of data security, and how AI is transforming the cybersecurity landscape. Han shares insights on building a motivated team, the challenges of sales, and the significance of proactive data security measures in today's digital age. Takeaways Han Kanthi has over 25 years of corporate experience before starting his entrepreneurial journey. The adoption of AI has significantly revamped Han's platform. Networking and attending smaller...
Summary In this episode of the Phillip Wylie Show, Celina Stewart, Directory of Cyber Risk Management at Neuvik, discusses her journey in cybersecurity, focusing on the often-overlooked area of risk management. She emphasizes the importance of translating technical cybersecurity insights into business language, the need for diverse career paths in the field, and the value of education and certifications. The conversation also covers frameworks for effective risk management, the challenges faced in the industry, and the importance of communication between technical and non-technical teams. Takeaways Risk management is essential for understanding business impact. There is a significant divide between offensive...
SquareX CISO Series: David Malicoat & Vivek Ramachandran
Summary In this episode, Phillip Wylie engages with David Malicoat and Vivek Ramachandran to discuss the evolving role of the Chief Information Security Officer (CISO) in today's cybersecurity landscape. They explore the unique challenges faced by CISOs, particularly in the context of direct marketing and data protection, the impact of AI and automation on security practices, and the limitations of traditional security solutions. The conversation also delves into the future challenges for CISOs and the importance of adapting to new threats in an increasingly digital world. Takeaways David Malicoat emphasizes the importance of understanding threats in the context of specific...
SquareX CISO Series: Robert Pace & Vivek Ramachandran
Summary In this episode, Phillip Wylie engages with Robert Pace and Vivek Ramachandran to discuss the evolving landscape of cybersecurity, particularly focusing on browser security, fraud prevention in real estate, and the challenges posed by remote work and BYOD policies. They emphasize the importance of education, transparency, and innovative solutions in addressing security threats. The conversation also highlights the need for organizations to adapt to new technologies and approaches to effectively manage risks and protect their assets. Takeaways Education is crucial for residents to understand security risks. Risks and vulnerabilities are universal across industries. The browser has become the primary...
Int Eighty of Dualcore: Hack All The Things
Summary In this episode of the Phillip Wylie Show, Int Eighty from Dualcore shares insights into his journey in cybersecurity and music. He discusses the evolution of bug bounty programs, the importance of hands-on experience in cybersecurity education, and his personal hacker origin story. Int Eighty also delves into red teaming, physical pentesting, and career hacking strategies for aspiring professionals. He emphasizes the significance of leveraging AI in cybersecurity and shares his experiences as a musician in the hacking community. Takeaways Int Eighty has performed at various cybersecurity events, including Nolacon and Bugcrowd events. Bug bounty programs have evolved to...
Lauren Andrus: Cybersecurity Marketing Professional
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie welcomes Lauren Andrus, a marketing professional and podcast producer, to discuss her journey into the world of marketing and podcasting. They explore the evolution of podcasting, the importance of video content, and the growth of HOU.SEC.CON, a cybersecurity conference that emphasizes community engagement and accessibility. Lauren shares insights on how to get started in podcasting and content creation, highlighting the low-cost opportunities available for aspiring creators. The conversation also touches on the significance of quality content in conferences and the collaborative efforts behind HOU.SEC.CON's success.TakeawaysLauren Andrus shares her unexpected...
John Hammond: New Frontiers in Cybersecurity Education
Summary In this episode of the Philip Wylie Show, host Phillip Wylie interviews cybersecurity expert John Hammond. They discuss John's journey into hacking, the importance of Capture the Flag competitions, and the value of training and certifications in cybersecurity. John shares insights about his new educational platform, Just Hacking Training, and emphasizes the role of content creation in advancing one's career in the cybersecurity field. The conversation highlights the collaborative nature of cybersecurity education and encourages listeners to share their knowledge and experiences. Takeaways John Hammond's journey into cybersecurity began with a passion for video games and hacking. Capture the...
Jayson E. Street: Escaping Darkness
Summary In this episode of the Phillip Wylie Show, Jayson E. Street shares his journey from a troubled childhood to becoming a prominent figure in the cybersecurity community. He discusses the importance of understanding the hacker mindset, the value of starting in blue team roles before transitioning to red team positions, and the significance of empathy and kindness in both personal and professional interactions. Through engaging stories and valuable insights, Jayson emphasizes the need for effective communication in security roles and the importance of fostering a supportive community. Takeaways Jayson E. Street emphasizes that everyone has a hacker origin story....
Rob Allen: Defending Against Modern Threats with ThreatLocker
About the Guest: Rob Allen is a seasoned cybersecurity expert currently working as the Chief Product Officer at ThreatLocker. With over 25 years of experience in the IT industry, Rob has a rich background in managing IT environments, having spent nearly two decades at an MSP (Managed Service Provider) in Ireland. He transitioned from cleaning up ransomware attacks to helping organizations actively prevent them through Threat Locker's innovative cybersecurity solutions. Rob is known for his in-depth understanding of evolving cyber threats and promoting effective preventive measures against them. Episode Summary: In this engaging episode of the Phillip Wylie Show, host...
Sean Metcalf: Active Directory Security
Summary In this episode of the Phillip Wylie Show, Sean Metcalf, an expert in Active Directory security, discusses his journey into cybersecurity, the evolution of Active Directory and Azure AD, and the common mistakes organizations make in cloud security. He emphasizes the importance of security assessments over penetration testing and shares insights into Trimarc's unique approach to security assessments. Sean also highlights the significance of scripting in security roles and discusses the future of Active Directory in hybrid environments. The episode concludes with information about Trimarc's new product, Trimarc Vision, aimed at enhancing Active Directory security. Takeaways Sean Metcalf has...
Mishaal Khan: The Evolution of OSINT in Cybersecurity
Summary In this episode of the Phillip Wylie Show, Mishaal Khan shares his journey from a curious child assembling computers to becoming an expert in OSINT and pen testing. He discusses the importance of OSINT in various fields, the transition to consulting and virtual CISO roles, and offers valuable advice for aspiring CISOs. Mishaal also highlights the impact of AI on cybersecurity and emphasizes the importance of passion over monetary gain in one's career. Takeaways Mishaal's journey began with a curiosity about computers and programming. OSINT can be applied in various fields beyond cybersecurity. Practical experience is crucial for learning...
Wirefall: An OG Hacker's Journey
Summary In this episode, Phillip Wylie interviews Wirefall, a veteran in the pen testing industry, discussing his journey from a curious child to a seasoned professional. They explore the evolution of pen testing tools, the impact of compliance on testing practices, and the importance of community engagement in cybersecurity. Wirefall shares insights on starting a career in pen testing, the significance of the Dallas Hackers Association, and how improv has transformed his approach to public speaking and adaptability in the field. The conversation emphasizes the need for trust, communication, and a supportive community in the cybersecurity landscape. Takeaways We are...
Alyse Zavala: Rockstar Hacker
SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Alyse Zavala, a cybersecurity professional and rock band vocalist. They discuss the importance of having hobbies outside of work, Alyse's journey from IT to offensive security, and her experiences in the music industry. Alyse shares valuable advice for aspiring penetration testers, insights into exploitdevelopment, and the challenges of balancing her dual careers. The conversation also touches on work-life balance, burnout prevention, and upcoming projects inboth cybersecurity and music.Takeaways It's important to have interests outside ofcybersecurity. Alyse's journey began in IT and evolved intooffensive security. Hands-on experience is...
Marcus Carey: The Legacy of Tribe of Hackers
Summary In this episode, Phillip Wylie interviews Marcus Carey, a prominent figure in the cybersecurity community. They discuss the importance of living in the moment, the power of positivity, and Marcus's journey from a young nerd to a successful hacker and entrepreneur. Marcus shares his experiences in the military and how they shaped his career in cybersecurity, emphasizing the significance of foundational skills and the role of automation and AI in the field. The conversation also touches on the Tribe of Hackers book series and the importance of mentorship and community in personal and professional growth. Takeaways Live in the...
Trey Bilbrey: From Marine to Offensive Security
About The Guest: Trey Bilbrey is the Lead of SCYTHE Labs, specializing in Purple Team Exercises, Threat Emulation, Critical Infrastructure, and holistic cyber operations. Trey's 15+ years of industry experience has allowed him to become an excellent educator, defender of networks, and a cultivator of cybersecurity professionals. Prior to joining SCYTHE, Trey held positions at notable organizations such as Hack The Box (HTB Academy content Developer), The Army Corps of Engineers (ICS/SCADA Penetration Testing), and a veteran of the United States Marine Corps (Defensive and Offensive Cyber Operations). Summary: In this episode of the Phillip Wylie Show, Trey Bilbrey shares...
White Knight Labs: Part 2
About the Guests: Greg Hatcher and John Stigerwalt are co-founders of White Knight Labs, a boutique cybersecurity company specializing in offensive security services and advanced training programs. Greg's background includes a remarkable career as a Green Beret in the U.S. Army, transitioning into cybersecurity with a focus on penetration testing and red teaming. John's journey began with a passion for hacking at 17, which led to a diverse career across IT roles, eventually specializing in penetration testing and red teaming for global companies. Together, they offer unique services aimed at elevating cybersecurity standards through White Knight Labs. Episode Summary: Dive...
Ryan Feder: The Resilience Factor
Summary In this conversation, Ryan Feder and Phillip Wylie explore the themes of resilience, innovation, and personal growth. They discuss how challenges can be transformed into opportunities and the importance of maintaining a positive mindset in the face of adversity. The dialogue emphasizes the power of innovative thinking and the necessity of embracing change as a pathway to success. Takeaways Turning challenges into opportunities is key to success. Resilience allows us to navigate through tough times. Innovative thinking can lead to transformative solutions. Growth often comes from overcoming significant challenges. Embracing change is essential for personal development. A positive mindset...
Snehal Antani: A New Cybersecurity Paradigm
Takeaways Snehal Antani emphasizes the importance of product obsession in leadership. The transition from a bull market to a bear market requires quick strategic shifts. A strong technical foundation is crucial for success in offensive security roles. Certifications signal a commitment to self-improvement but are not the sole indicator of skill. Bootcamps can provide a pathway into cybersecurity but require ongoing learning to retain skills. Autonomous pen testing offers a consistent and comprehensive approach to security assessments. The integration of offensive and defensive security communities is essential for overall effectiveness. Understanding the threat actor perspective is vital for effective cybersecurity...
Christophe Foulon: Certifications, Are They Still Necessary?
Summary In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Christophe Foulon, a cybersecurity expert and podcaster, about his journey into the cybersecurity field, the importance of self-discovery for aspiring professionals, and the evolving landscape of hiring practices in the industry. They discuss the significance of certifications, the need for internal talent development, and the value of community involvement in cybersecurity education. Christophe shares practical advice for job seekers, emphasizing the importance of networking and curiosity in building a successful career in cybersecurity. Takeaways Christophe's journey into cybersecurity began at a young age. Self-discovery is crucial...
Len Noe: World's First Augmented Hacker
Summary In this episode, Len Noe, the world's first augmented ethical hacker, shares his journey into cybersecurity and his experience with body modification. He discusses his hacker origin story, his professional career, and his current work as an evangelist for CyberArk. Len also talks about his book, 'Hacked Human: My Life and Lessons,' which explores the world of augmented humans and the ethical implications of integrating technology into the human body. Takeaways Len Noe shares his hacker origin story and how he got into cybersecurity. He discusses his professional career and how he transitioned from being a black hat to...
HOU.SEC.CON.
Summary HOU.SEC.CON is a cybersecurity conference in Texas that aims to provide opportunities for students and professionals in the industry. The conference was started in 2010 by Michael Farnum and Sam Van Ryder, who wanted to create a community for cybersecurity professionals in Houston. They initially ran the conference under the auspices of the National Information Security Group, but eventually split off and ran it independently. The conference has grown over the years, attracting attendees and speakers from all over the United States and even internationally. They have had to move to larger venues to accommodate the increasing number of...
Be Fearless Online: In-Browser Email Security
About the Guest: Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals...
Joe Brinkley aka The Blind Hacker
Summary In this episode, Joe Brinkley, also known as the blind hacker, joins Phillip Wylie to discuss his hacker origin story and offer advice for breaking into offensive security and pen testing. They also explore the commoditization of pen testing, the evolution of the industry, and the challenges of testing complex environments. Joe shares his insights on the different generations of hackers and the role of automation and AI in pen testing. He also talks about his work with the Mentor Village and offers resources for those interested in starting their own cybersecurity brand or company. Takeaways Joe Brinkley, also...
Live from BSides Twin Cities 2024
Summary In this live episode of The Phillip Wylie Show, cybersecurity experts Ira Winkler and Ryan Cloutier discuss their hacker origin stories and the evolution of hacking over the years. They emphasize the importance of basic cyber hygiene and the need to systematize the fundamentals of cybersecurity. They also discuss the risks and benefits of AI, highlighting the potential for manipulation and the need for safe adoption. The conversation touches on the role of policies and procedures, the alignment of cybersecurity with business objectives, and the impact of technology on human experiences. Takeaways Basic cyber hygiene is essential in preventing...
Dahvid Schloss: From JSOC to Offensive Security
Summary David Schloss shares his hacker origin story, starting with his military background and how he ended up in the field of cybersecurity. He talks about his time in the Joint Special Operations Command (JSOC) and the unique missions he was involved in. He also discusses his transition to the private sector and his current role as a Hive Leader at Covert Swarm. The skills he acquired in JSOC have been highly transferable and valuable in his offensive security career. In this conversation, Dahvid Schloss discusses his experience at Seer, a practice prison camp that taught him transferable skills like...
Eric Teichmiller: Exploring Cybersecurity Careers
Summary In this episode of the Phillip Wylie Show, Phillip is joined by Eric Teichmiller, a technical account manager at Horizon 3. Eric shares his background in cybersecurity and his journey from IT to risk and compliance to offensive security. He explains his role as a technical account manager and how his defensive background helps him understand and support customers. Eric also discusses the benefits of certifications, offers advice for getting into cybersecurity, and shares his study tips and strategies for avoiding burnout. Takeaways Eric Teichmiller shares his background in cybersecurity and his journey from IT to risk and compliance...
Jeff Man: From NSA to Pentesting
About the Guest: Jeff Man is a seasoned professional in the cybersecurity industry, with a rich history in penetration testing and security. He began his career at the National Security Agency (NSA) and has since become renowned for his expertise and contributions to the field. Jeff is also a co-host on Paul Security Weekly and frequently shares his insights at notable security conferences. His vast experience and deep understanding of the industry's evolution make him a respected figure in cybersecurity. Episode Summary: In this captivating episode of the Phillip Wylie Show, host Phillip Wylie welcomes cybersecurity veteran Jeff Man. Known...
Andrew Lemon: Engineering Your Own Opportunities
About the Guest: Andrew Lemon is a seasoned offensive security professional and founder of Red Threat, a cybersecurity consulting firm focused on pentesting, red teaming, and ransomware readiness assessments. With a wealth of experience from working at Boeing, Dell, and other tech corporations, Andrew has become a respected figure in the cybersecurity community, known for his contributions to physical security, social engineering, and AI pentesting. Andrew is also an advocate for transparency and community support within the cybersecurity industry. Episode Summary: Welcome to another episode of the Phillip Wylie Show, where host Phillip Wylie dives into the fascinating journey of...
Anthony "TonyP" Pillitiere: Offense Driven Defense
About the Guest: Anthony "TonyP" Pillitiere: Anthony is the co-founder and Chief Technology Officer (CTO) of Horizon3.ai, a company renowned for its innovative product, NodeZero, which focuses on autonomous security. With a remarkable career spanning 21 years in the military, much of which was spent in highly sensitive missions, TonyP brings a wealth of expertise in offensive and defensive cybersecurity. His experience includes serving as the deputy CTO for the Joint Special Operations Command, where he spearheaded various cybersecurity initiatives. Episode Summary: In this episode of the Phillip Wylie Show, host Phillip Wylie delves into an insightful discussion with Anthony...
KJ Haywood: Exploring AI and Cybersecurity
About the Guest: KJ Haywood: KJ Haywood is a seasoned professional in the field of cybersecurity with over 25 years of experience in governance and compliance. She has dedicated the last 11 years to security governance and has recently shifted focus to AI and generative AI, launching her company, Nomad Cyber Concepts. Her expertise lies in helping mid-sized organizations pivot their solutions and acquire or design AI tools. KJ holds an MIT certification in AI no-code model building and is a prominent figure in the cybersecurity community, frequently sharing her knowledge at conferences and through teaching and mentoring. Episode Summary:...
Rob Fuller (aka Mubix): From Hacking Games to Professional Hacker
About the Guest: Rob Fuller (Mubix): Rob Fuller, also known as Mubix, is a well-known figure in the cybersecurity community, particularly in the realms of penetration testing and red teaming. As an experienced professional, Fuller has a background in the Marine Corps where he was part of the Marine Corps CERT at Quantico. Fuller has contributed significantly to the community through his work with Hak5 on series like Metasploit Minute and Practical Exploitation. His deep understanding of security concepts, coupled with his engaging teaching methods, has influenced aspiring hackers and professionals worldwide. He now holds a leadership role, guiding and...
Noah King: From Sales to Offensive Security Engineer
About The Guest: Noah King is a Senior Software Engineer at Horizon3.ai, specializing in offensive security and exploit development. Coming from a background in sales and with a strong expertise in web application development, Noah transitioned into cybersecurity after being inspired by his wife's journey into engineering. With a passion for breaking things rather than building them, Noah has rapidly advanced in the field, earning his OSCP certification and contributing to automating complex security attacks at Horizon3.ai. Summary: Noah King shares his journey from sales to offensive security. He started with a coding bootcamp and transitioned into web app development....
Jake Krasnov: From Aerospace to Cybersecurity
About the Guest: Jacob Krasnov is a cybersecurity expert, CEO, and co-founder at BC Security. He and his co-founder Anthony and Vincent Rose have significantly contributed to the cybersecurity field, particularly with their work on the Empire project. Jacob's background includes aerospace engineering and high-level cybersecurity assessments in the Air Force, where he was involved in rigorous testing of military aircraft like the F-22 and F-35. Transitioning to BC Security, Jacob has focused on enhancing tools for red teaming and threat emulation, making sophisticated cybersecurity tools accessible and maintainable. Episode Summary: In this episode of the Phillip Wylie Show, Phillip...
McKenna Dallmeyer: From Veterinarian Aspirations to Pentester
About the Guest: McKenna Dallmeyer is a technical account manager at Horizon3.ai, specializing in offensive security and penetration testing. Starting her academic journey in biomedical science and political science, she eventually pursued cybersecurity, driven by a combination of personal interests and family influence. McKenna has experience working with the NSA as a developer intern and later full-time in a development program. She holds several certifications in penetration testing and network security and is also part of the Synack Red Team, conducting side work through her LLC. Episode Summary: In this engaging episode of The Phillip Wylie Show, host Phillip Wylie...
White Knight Labs: Navigating Advanced Red Team Operations
Summary In this conversation, John and Greg from White Knight Labs discuss their backgrounds and the work they do in red teaming and penetration testing. They explain the difference between red teaming and pen testing, with red teaming being more focused on mission objectives and crippling a business, while pen testing is more about finding vulnerabilities and misconfigurations. They also discuss the skills and knowledge required to become a red teamer, including a background in sysadmin or software development, networking knowledge, and experience in pen testing. They recommend certifications such as Certified Red Team Professional and Certified Red Team Expert,...
Matt Scheurer: Finding Your Passion in Cybersecurity
In this episode, Phillip Wylie is joined by Matt Scheurer, a digital forensics and incident response expert. They discuss Matt's hacker origin story, his work in digital forensics and incident response, and the education path for aspiring professionals in this field. They also touch on the importance of professional networking and the benefits of public speaking in the cybersecurity industry. Takeaways Digital forensics and incident response (DFIR) professionals play a crucial role in investigating and responding to cybersecurity incidents. Having a background in systems administration and networking can provide a solid foundation for a career in DFIR. Building a professional...
John Woodling: The Power of Community and Self Learning
About the Guest: John Woodling is a seasoned cybersecurity expert with seven years of experience in the industry. He currently holds the position of Senior Information Security Analyst. John has a diverse background that includes a blend of hands-on technical expertise and a profound understanding of different cybersecurity domains. As a member of the DFW Cybersecurity community and DEFCON 940 Group in Denton, Texas, John is known for his mentorship and willingness to share his insights. With an initial career path in art and finance, Johns journey into cybersecurity showcases his passion and curiosity for technology and security. Episode Summary:...
Tennisha Martin: Cracking the Diversity Code
Summary Tanisha Martin, founder of Black Girls Hack and organizer of Squad Con, shares her journey in cybersecurity, the importance of hands-on training, and the challenges of diversity in the industry. She also discusses the motivation behind organizing Squad Con and the need for scholarships to support diversity in cybersecurity education. Takeaways The importance of hands-on training in cybersecurity education The need for diversity and inclusion in the cybersecurity industry The motivation behind organizing Squad Con and the impact of scholarships on diversity in cybersecurity education Sound Bites "Empowering Diversity in Cybersecurity Education" "The Impact of Hands-On Training in Cybersecurity"...
Dirce Hernandez: Breaking into Cybersecurity
About the Guest: In this episode of "The Phillip Wylie Show," Dirce Hernandez joins as a featured guest. With a notable career spanning over 17 years in the cybersecurity industry, Dirce stands as a first-generation college graduate hailing from South Texas. He has worked across various sectors including state government, higher education, healthcare, and financial services. His diverse experience includes roles at TxDOT, University of Texas at Brownsville, Wells Fargo, USAA, and currently at Northwestern Mutual Insurance Company. Apart from his professional endeavors, Dirce is known for his dedication to helping others, sharing knowledge, and mentoring aspiring cybersecurity professionals. Episode...
Dr. Anmol Agarwal: AI and Machine Learning in Cybersecurity
About the Guest: Dr. Anmol Agarwal is a senior security researcher focused on securing 5G and 6G. Her research interests include AI and Machine Learning security. She is also an adjunct professor teaching Machine Learning to doctoral students. She holds a doctoral degree in cybersecurity analytics and previously worked at the U.S. Cybersecurity and Infrastructure Security Agency managing risk to the federal enterprise. Dr. Agarwal is also an active speaker and has spoken at numerous events and conferences to educate the public about cybersecurity and data science concepts. In her free time, she enjoys mentoring others in the community, traveling,...
Managing Threat Exposures with Flare
About the Guests: Norman Menz and Nick Ascoli are seasoned cybersecurity professionals and entrepreneurs with experience dating back to the early days of the industry. Norman Menz is the CEO of Flare and his career spans system configuration, offensive security, vulnerability prioritization, and third-party risk assessment. He founded and led companies like Prevalent and Delve, which focused on vendor risk assessment and vulnerability prioritization, respectively. Nick Ascoli, the founder of Fortrace, started his journey with a background in Linux distros and programming. He pursued Security and Risk Analysis (SRA) at Penn State University, with a passion for red team operations...
Tyler Day: The Challenges and Rewards of Becoming a Pen Tester
About the Guest: Tyler Day is a seasoned professional in the cybersecurity field, whose journey into penetration testing (pen testing) has been one of substantial growth and commitment. With a rich background that involves disassembling computers and game consoles from a young age, Tyler's passion for understanding the intricacies of technology has been evident. His transition from being intrigued by shows like 'Mr. Robot' to becoming a proficient pen tester showcases his dedication to the craft. Tyler's trajectory includes a period of rigorous self-teaching aided by formal education and a series of professional opportunities that forged his path in the...
Be Fearless Online: Vivek Ramachandran a Year of Browser Security Innovation
About the Guest: Vivek Ramachandran is the founder of SquareX and a veteran in the cybersecurity industry with over 20 years of experience in building security products and finding vulnerabilities in security systems. His entrepreneurial experience spans over a decade, during which he has built wireless monitoring solutions, pentesting gadgets, and cloud-powered lab environments. Before SquareX, he founded Pentester Academy, a cloud-based cybersecurity training startup that was successfully acquired. Vivek also discovered the infamous Caffe Latte Attack and has authored multiple books and research papers on offensive cybersecurity techniques. He has spoken at top conferences like DEFCON and BlackHat over...
Ryan Pullen: Insights from a Cybersecurity Pro and TED Talk Featured Speaker
About the Guest: Ryan Pullen is a cybersecurity expert based in the UK who specializes in offensive cybersecurity pathways. With a unique entry into the field through a job found on Gumtree, Ryan has carved a formidable career that moved from defensive roles into offensive cybersecurity and later involved in adversarial simulations and penetration testing. He has extensive experience in incident response and has worked on notable projects, including those in collaboration with Stripe OLT, where he is now a board member. Ryan has been instrumental in the evolution of cybersecurity since the mid-2000s, bringing a wealth of knowledge, especially...
Huxley Barbee: The Dark Side of Technology
About the Guest: Huxley Barbee is recognized in the cybersecurity field for his extensive experience in security automation and software engineering. With a professional trajectory spanning over decades, Huxley's path began in high school, where his interest in computers and passion for programming were piqued. Throughout his career, he has significantly contributed to various sectors by emphasizing the defensive aspects of cybersecurity, scaling from hands-on firewall configurations to leading consulting practices for major corporations. As an advocate for education and collaboration in the InfoSec community, Huxley is also the organizer of BSides New York City, a renowned cybersecurity conference. Episode...
Ricky Allen: The Evolution of Cybersecurity Challenges
About the Guest: Ricky Allen is a seasoned cybersecurity expert and a key player at CyberOne, where his expertise in cybersecurity strategy and innovation is instrumental. With a rich professional history dating back to the late 1990s, he has witnessed and contributed to the evolution of the cybersecurity industry, working with companies like EDS, PricewaterhouseCoopers, and founding member status at Critical Start. His trajectory from penetration testing to defensive cybersecurity strategies highlights his comprehensive understanding of the field. Currently, he spearheads efforts in consulting, advisory work, and AI development at CyberOne, leading the charge in tackling today's sophisticated cybersecurity challenges....
Matt Johansen: Vulnerability and Mental Health in Cybersecurity.
About the Guest: Matt Johanson, known as Matt J, is a seasoned cybersecurity professional and an active content creator within the industry. With a rich background that spans across various facets of cybersecurity, Matt's expertise ranges from practical experience in offensive security to leadership roles in software security. His journey began with computer programming in high school, followed by a computer science degree and an influential senior seminar focused on cybersecurity, taught by a SANS instructor. Matt's professional career kicked off with engagements in penetration testing, and he eventually played an instrumental role in building WhiteHat Security's threat research team....
Michael Kim: DJ turned Red Teamer
About the Guest: Michael Kim is a seasoned professional in the realm of offensive security, boasting an extensive background in red teaming and penetration testing. Throughout his dynamic career, Michael has contributed his expertise to a variety of organizations, which enables him to offer a unique perspective on cybersecurity. Prior to diving into the security field, Michael followed his passion in music production and DJing for over a decade. His pivot to cybersecurity was catalyzed by the realization that it did not require a formal degree but could be pursued through alternative educational platforms like boot camps. Michael's commitment to...
Be Fearless Online: In Browser Malicious File Detection Part 4
About the Guest: Shourya Pratap Singh is a Principal Engineer at SquareX. He is responsible for building SquareXs secure and privacy-focused extension, and works on researching methods to counteract web security risks. He has conducted a workshop at Texas Cyber Summit, and his work is being presented at Blackhat Arsenal EU. Before joining SquareX, he worked with FinBox (an Indian fintech) where he led a team of brilliant developers and was responsible for building and scaling multiple product lines. He has a bachelors degree from IIIT Bhubaneswar and holds a patent. His area of interest includes browser extensions and web...
Be Fearless Online: In Browser Malicious File Detection Part 3
About the Guest: Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals...
Cecile Mengue: From Hacked to Hacker
About the Guest: Cecile Mengue is a dynamic and inspiring penetration tester with a background that diverges from the traditional cybersecurity pathway. Her journey into the realm of cybersecurity was spurred by a personal experience involving cybercrime, which led her to pivot from her degree in criminal justice to pursuing a career in penetration testing. Demonstrating an entrepreneurial spirit and a passion for security, Mengue transitioned from being a victim of hacking to a cybersecurity expert. A notable speaker with an interesting origin story, she presently holds a position as a penetration tester at IBM. Episode Summary: In this compelling...
Mariana Padilla: Building Relationships and Networking in Cybersecurity
About the Guest: Mariana Padilla is a cybersecurity professional with a background in marketing and a keen focus on storytelling as a powerful tool. With an unexpected foray into the cybersecurity world, she has found her niche and currently serves as a co-founder, and CEO of a company pioneering in creating an automated demo marketplace for cybersecurity software. She brings a wealth of experience from education and nonprofit sectors, with a mission to bridge the gap between different cybersecurity communities through initiatives like virtual coffee meetings and community events. Episode Summary: In this fascinating episode of the Phillip Wylie Show,...
Justin Elze: A CTO's Offensive Security Insights
About the Guest: Justin Elze is the CTO of TrustedSec, a highly acclaimed cybersecurity company. With over 14 years of industry experience, Justin is an expert in the field of offensive security, especially in the domain of red teaming and penetration testing. His extensive knowledge extends over several facets of cybersecurity, from system engineering to research. At TrustedSec, he also oversees the red team and research team, showcasing a driven career that advanced from hands-on technical roles to strategic leadership. Episode Summary: In this insightful episode of the cybersecurity-focused podcast, we have the pleasure of welcoming Justin Elze, the Chief...
Cathy Ullman: The Power of Active Defense
About the Guest: Cathy Ullman, known in the cybersecurity community as Investigator Chick, boasts an impressive 24-year tenure at the University of Buffalo where her expertise spans across digital forensics and incident response. She has not only made a mark with her significant work in tech support but also holds a leadership position in organizing significant conference events such as summer camp. A celebrated author, Ullman recently published a thought-provoking book that delves into the intersection of offensive and defensive cybersecurity strategies. Episode Summary: In this episode of the Phillip Wylie show, listeners are treated to an intimate conversation with...
Andy Liverman Anderson: Scaling Cybersecurity Functions with AI
About the Guest: Andy Liverman Anderson is a seasoned professional with a diverse background spanning real estate, Wall Street, and cybersecurity. With nearly a decade dedicated to the field of cybersecurity, Andy brings a wealth of experience and knowledge to the industry. As a history major, he leverages his unique perspective to analyze the intricacies of cybersecurity's geopolitical landscape. Notably, Andy has been pivotal in the development of moving target defense strategies and has pioneered the use of machine learning to estimate cyber risk in the insurance domain. Currently, he serves as a VP of Sales at Uno AI, a...
Be Fearless Online: In Browser Malicious File Detection Part 2
About the Guest: Dakshitaa Babu is a Software Engineer at SquareX, where she is engaged in data engineering and analytics. She is also the pen behind the engineering blogs written on SquareX's infrastructure and security research. After completing her Bachelor's degree at the National University of Singapore, Dakshitaa joined SquareX, marking her foray into the cybersecurity industry. While new to the field, her enthusiasm for discovering and understanding new concepts has quickly established her as a committed contributor to the evolving sector. Her interests are in Browser Security and consumer education. Episode Summary: In this captivating episode of The Phillip...
Michael Jenks: Lessons from a Former DoD Professional
About the Guest: Michael Jenks, commonly referred to as "Jenks," is an esteemed figure with an extensive background in the Department of Defense (DoD). With a penchant for cybersecurity and a wealth of experience in cyber warfare, Jenks offers a valuable skill set that has been honed in high-stakes environments where precision and accuracy are paramount. Having started his journey in computer science, he quickly developed a fascination with digital code and its impact. Transitioning from dial-up ISPs to L-3 Communications, where he gained clearance for classified work, Jenks eventually founded his own defense contracting company specializing in offensive and...
Be Fearless Online: In Browser Malicious File Detection Part 1
About the Guest: Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals...
Chris Glanden, Kevin Pentecost, & Jason Popillion: Welcome to The Circus
About the Guests: Kevin Pentecost and Jason Papillonare the dynamic duo behind the engaging podcast Cyber Distortion. They share a strong history of creating content that delves deep into the cybersecurity world, aiming to educate and inform a wide audience about offensive and defensive strategies within the industry. Kevin brings in his expertise in graphic design, while Jason focuses on the content structure and delivery, making them a well-rounded team. Chris Glandenis the voice behind the Barcode podcast and the newly introduced webcast, Risk Radar. With previous experience in film, Chris steers his podcast to explore the impacts of AI...
Jason Haddix: A Conversation on AI, Bug Bounty, and Red Teaming
About the Guest: Jason Haddix is a seasoned cybersecurity professional with a wealth of experience spanning over two decades in the field. Recognized for his insightful contributions to ethical hacking communities, he's penned informative articles, engaged in content creation, and previously held the title of top hunter at Bugcrowd in 2016. Jason has contributed his expertise to several organizations including HP, where he was part of the Shadow Labs internal pen testing team, and Ubisoft where he served as CISO. He's recently embarked on a new journey with Arcanum Information Security, focusing on red teaming, training, and consulting services. Episode...
Bryson Bort: From Red to Purple: The Evolution of Cybersecurity
About the Guest: Bryson Bortis a recognized information security expert, founder, and entrepreneur with extensive experience in the cybersecurity field. Bryson is the founder and CEO of Scythe, a cybersecurity company known for creating a platform that enables security teams to build and emulate real-world adversarial campaigns in a safe manner. He has a rich background, having grown up in Germany and the Soviet Union, and served at West Point and as an officer in the Army and Signal Corps. Bryson is also known for his work in defense and intelligence, and he's a prominent figure for his contributions to...
Unleash Your Personal Brand & Master Professional Networking!
About the Guest: Phillip Wylie is a seasoned professional in the cybersecurity field, recognized for his expertise in offensive security and personal branding. With a career marked by actively sharing his insights at conferences like DEF CON, Phillip engages deeply with the community to foster networking and personal growth. As a speaker and advocate, he guides others in diversifying their connections and professional presence, promoting an integrated approach to in-person and online networking. In this insightful episode featuring Phillip Wylie, listeners gain essential advice on networking and personal branding sculpted from Wylie's rich experience in the cybersecurity industry. Known for...
Andy Thompson: Journey From It To Offensive Security Research Evangelist
About The Guest: Andy Thompson, also known as Rainmaker, is a cybersecurity professional and a research evangelist at CyberArk. With over 20 years of experience in the industry, Andy has a background in systems administration and website design. He is an active member of the cybersecurity community and is heavily involved in the Dallas Hackers Association (DHA), where he serves as the MC and co-organizer of the monthly meetups. Andy is passionate about mentoring and helping others get started in the industry. Summary: In this episode, Phillip Wylie interviews Andy Thompson, a cybersecurity professional and research evangelist at CyberArk. They...
Reanna Schultz: Tips on Breaking into Cybersecurity and Public Speaking
About The Guest:Reanna Shultz is a cybersecurity professional who currently works in a security operations center. She has a diverse background, having initially pursued a career in criminal justice before discovering her passion for cybersecurity. Reanna is an experienced public speaker and is actively involved in the cybersecurity community. Summary:Reanna Shultz shares her journey into cybersecurity, starting from her small-town upbringing in Kansas City, Missouri. She discusses how she stumbled into the field and found her passion for social engineering and network security. Reanna emphasizes the importance of getting involved in the cybersecurity community and building a strong network. She...
Cheryl Biswas: From Political Science Major to Cyber Threat Intelligence
About The Guest:Cheryl Biswas is a cybersecurity professional with a background in political science. She currently works in cyber threat intelligence, protecting a big bank against cybercrime and state-sponsored adversaries. Cheryl is passionate about the intersection of politics, economics, and technology in the cybersecurity field. Summary:Cheryl Biswas, a cybersecurity professional with a background in political science, shares her journey into the field of cyber threat intelligence. She discusses the importance of curiosity, analysis, and pattern recognition in this field. Cheryl also highlights the need for historical context and an understanding of politics and economics to effectively analyze cyber threats. She...
Chris Marks: From Network Technician to Security Management
About The Guest:Chris Marks is a cybersecurity professional with a background in engineering and architecture. He has worked in various roles in the cybersecurity field, including system engineer, senior analyst, and security manager. Chris is passionate about helping others enter the cybersecurity industry and is involved in mentoring and advising students at community colleges and universities. Summary:Chris Marks shares his journey into the cybersecurity field, starting from his interest in hacking and his involvement in the Tiger Trap Group. He discusses his experience applying for jobs and the challenges he faced before finally landing a position in Dallas. Chris emphasizes...
Be Fearless Online: Protect Yourself Online with SquareX URL Safety Features
About The Guest: Shourya Pratap Singh is a Principal Engineer at SquareX. He is responsible for building SquareXs secure and privacy-focused extension, and works on researching methods to counteract web security risks.He has conducted a workshop in Texas Cyber Summit, and his work is being presented at Blackhat Arsenal EU. Before joining SquareX, he worked with FinBox (an Indian fintech) where he led a team of brilliant developers and was responsible for building, and scaling multiple product lines. He has a bachelors degree from IIIT Bhubaneswar and holds a patent to his name. His area of interest includes browser extensions...
Be Fearless Online: SquareX Introduces Disposable Emails to Combat Spam and Phishing Attacks
About The Guest:Dakshitaa Babu is a Software Engineer at SquareX, where she is engaged in data engineering and analytics. She is also the pen behind the engineering blogs written on SquareX's infrastructure and security research. After completing her Bachelor's degree at the National University of Singapore, Dakshitaa joined SquareX, marking her foray into the cybersecurity industry. While new to the field, her enthusiasm for discovering and understanding new concepts has quickly established her as a committed contributor to the evolving sector. Her interests are in Browser Security and consumer education. Summary:Dakshitaa Babu discusses the importance of disposable emails in the...
Justin "Hutch" Hutchens: AI's Impact on Cybersecurity
Summary:In this episode of the Phillip Wylie Show, Phillip interviews Justin "Hutch" Hutchens, an offensive security professional and author of "The Language of Deception: Weaponizing Next Generation AI." They discuss the emerging risks and opportunities of artificial intelligence (AI) in the cybersecurity space. Justin shares his experiences with using AI to automate social engineering attacks and highlights the potential dangers of AI-powered conversational agents and technical agents. He also explores the defensive applications of AI, such as using language models for threat intelligence and incident response. The conversation concludes with a discussion on how individuals can leverage AI resources to...
Be Fearless Online: Safely Deal with Files Online with SquareX
About The Guest: Shourya Pratap Singh is a Principal Engineer at SquareX. He is responsible for building SquareXs secure and privacy-focused extension, and works on researching methods to counteract web security risks. He has conducted a workshop at Texas Cyber Summit, and his work is being presented at Blackhat Arsenal EU. Before joining @SquareXTeam, he worked with FinBox (an Indian fintech) where he led a team of brilliant developers and was responsible for building and scaling multiple product lines. He has a bachelors degree from IIIT Bhubaneswar and holds a patent. His area of interest includes browser extensions and web...
Andy Robbins: The Evolution of Bloodhound
About The Guest:Andy Robbins is the Principal Product Architect at SpecterOps and one of the original 13 founding members of the company. He has a background in pen testing and red teaming and is the co-creator of Bloodhound, a popular open-source tool for attack path mapping in Active Directory environments. Summary:Andy Robbins, the Principal Product Architect at SpecterOps, joins host Phillip Wylie to discuss the evolution of Bloodhound, a tool for attack path mapping in Active Directory environments. Andy shares the origin story of Bloodhound and how it was developed to solve the problem of finding attack paths in complex...
Jason Downey: Semi-Pro Kickboxer Turned Pentester
About The Guest: Jason Downey is a pen tester at Red Siege, a boutique pen testing firm. He has been in the industry for almost three years and specializes in network pen testing, social engineering, and physical assessments. Jason has a background in network administration and security, and he is passionate about sharing his knowledge and helping others in the industry. Summary: Jason Downey, a pen tester at Red Siege, joins the podcast to discuss his journey into the world of pen testing and the importance of networking and building relationships in the industry. He emphasizes the need for a...
Jessie Bolton: Building Your Personal Brand and Networking in Cybersecurity
About The Guest:Jesse Bolton is the founder of Bolt Resources, a cyber staffing and recruiting firm that focuses on workforce development and coaching. She is also involved in the North Texas ISSA and is passionate about advocating for the cybersecurity workforce. Summary:Jesse Bolton, founder of Bolt Resources, joins Phillip Wylie on the Phillip Wylie Show to discuss the importance of building a personal brand and networking in the cybersecurity industry. Jesse emphasizes the need for recruiters to go beyond simply matching candidates with job descriptions and instead focus on understanding the individual and their career goals. She also highlights the...
Be Fearless Online: Open emails without being tracked or hacked with SquareX
About The Guest:Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and...
Diamond Forbes: From Homelessness to Security Engineer
About The Guest:Diamond Forbes is a security engineer at Google with over eight years of experience in the field. He started his career in the Army National Guard as an IT specialist and network engineer. Diamond has worked in various roles, including help desk, system admin, and senior network engineer. He has a passion for learning and has self-taught himself many skills, including coding and cybersecurity. Diamond is known for his resilience and ability to overcome failures, which has led him to success in his career. Summary:Diamond Forbes shares his inspiring journey from being homeless and working at McDonald's to...
Katie Paxton-Fear: The Importance of Content Creation in Cybersecurity Careers
About The Guest:Katie Paxton-Fear, also known as Insider PhD, is a content creator and educator in the field of cybersecurity. With a background in software engineering, Katie creates high-quality videos on her YouTube channel that cover various topics related to web security and bug bounty hunting. She is known for her detailed and comprehensive approach to teaching and sharing knowledge in the cybersecurity field. Summary:In this episode of The Phillip Wylie Show, host Phillip Wylie interviews Katie Paxton-Fear, also known as Insider PhD, a content creator and educator in the field of cybersecurity. Katie shares her insights on bug bounty...
Maxie Reynolds: From hacker to underwater data center entrepeneur
About The Guest:Maxie Reynolds is a former offshore oil and gas worker turned entrepreneur. She is the founder and CEO of a company that specializes in placing data centers underwater, reducing cooling costs and carbon emissions. Maxie is also a stuntwoman and has a background in robotics and computer science. Summary:Maxie Reynolds shares her journey from working offshore in the oil and gas industry to becoming an entrepreneur in the data center industry. She discusses the challenges she faced and the lessons she learned along the way. Maxie explains how her company solves the problem of high cooling costs and...
Olivia Gallucci: Offensive Security, Coding, and Content Creation
About The Guest Olivia Gallucci is a junior at the Rochester Institute of Technology and an expert in offensive security and content creation. She has worked in various offensive roles, including pen testing and red teaming, and has also done freelance work in the field. Olivia is passionate about open source software and has contributed to several projects. She is known for her blog, oliviagallucci.com, where she shares her expertise in offensive security, open source, and glitter. Summary Olivia Gallucci, a junior at the Rochester Institute of Technology, shares her journey in offensive security and content creation. She emphasizes the...
Jessica Barker: The importance of cybersecurity culture and awareness
About The Guest:Jessica Barker is a cybersecurity expert and co-founder of Cygenta, a company that focuses on the human, technical, and physical aspects of cybersecurity. With a background in sociology and civic design, Jessica brings a unique perspective to the field of cybersecurity. She is the co-author of "Cybersecurity ABCs" and "Confident Cybersecurity," and is currently working on her upcoming book, "Hacked." Summary:In this episode of The Phillip Wylie Show, host Phillip Wylie interviews cybersecurity expert Jessica Barker. They discuss the importance of cybersecurity culture, the role of social engineering in cybersecurity, and the impact of simulated phishing exercises. Jessica...
Lilly Chalupowski's Journey Into Malware Analysis
About The Guest:Lilly Chalupowski, also known as Cerberus, is a malware reverse engineer specializing in criminal malware. She has extensive experience in analyzing various malware families and has developed open-source projects to aid in the detection and extraction of intelligence from malware. Lilly is also a talented musician and often incorporates guitar playing into her live Twitch streams. Summary:Lilly Chalupowski shares her inspiring hacker origin story, from starting out in computer science to pursuing a degree in music and facing financial hardships. She discusses the importance of having a healthy relationship with failure and the value of continuous learning and...
Shenetworks: Leveraging Content Creation to Build a Career in Cybersecurity
About The Guest:Shenetworks is a content creator and cybersecurity professional known for her educational videos on TikTok. She has built a following by sharing technical content and leveraging various social media platforms to educate and engage with the cybersecurity community. Summary:Shenetworks discusses her journey as a content creator and how she has leveraged brand building and content creation to advance her career in cybersecurity. She shares her experience with TikTok and other social media platforms, highlighting the importance of diversifying one's online presence. The conversation also touches on the recent rebranding of Twitter and the potential impact on content creators....
InfoSec Pat: Content Creation and Cybersecurity Careers
About The Guest:Patrick Gorman, also known as Infosec Pat, is a content creator in the cybersecurity community. He started making content on YouTube about four years ago and has since built a strong following. Patrick is an offensive security professional and covers a wide range of topics in his videos, including hacking, penetration testing, and network security. Summary:In this episode, Phillip Wylie interviews Patrick Gorman, also known as Infosec Pat, about content creation and brand building in the cybersecurity industry. Patrick shares his journey of accidentally starting his YouTube channel and how it has grown over the years. He emphasizes...
From NSA to CISO: A Conversation with Ira Winkler
About The Guest:Ira Winkler is a renowned cybersecurity expert with over 30 years of industry experience. He started his career at the National Security Agency (NSA) and has since held various roles in the field of cybersecurity, including chief security strategist at HP and chief security architect at Walmart. He is currently the CISO at CYE, a cybersecurity company. Winkler is also the author of several books, including "You Can Stop Stupid" and "Security Awareness for Dummies." Summary:Ira Winkler, a cybersecurity expert with over 30 years of industry experience, joins the podcast to discuss the cybersecurity skills shortage and the...
Importance of Fundamentals and Home Labs with Kevin Apolinario
About The Guest:Kevin Apolinario is a cybersecurity professional with a diverse background in IT support and training. He has over 12 years of experience in the restaurant industry, which has helped him develop strong customer service and soft skills. Kevin is also involved with Riosis, an organization that supports Latin individuals in the cybersecurity field. He is passionate about helping others and sharing his knowledge through his YouTube channel and various training programs. Summary:Kevin Apolinario shares his unique career journey, starting from his experience in the restaurant industry to his transition into IT support and cybersecurity. He emphasizes the importance...
Web Application Pentesting and the Importance of Specialization with Tib3rius
About The Guest:Tib3rius is a penetration tester with over ten years of experience, specializing in web application security. He is the creator of the popular tool Autorecon, which is widely used for enumeration in the OSCP exam and CTF challenges. Tib3rius also offers courses on Udemy and Hackers Academy, focusing on privilege escalation techniques for Windows and Linux. Summary:Tib3rius joins Phillip Wylie on The Phillip Wylie Show to discuss his background in penetration testing and his specialization in web application security. He shares insights into the development of his tool Autorecon, which was initially created for the OSCP exam but...
Jakoby's Journey
About The Guest:Jakoby is a content creator and hacker with over a decade of experience in the field. He started his journey in hacking at a young age and has since become skilled in various areas, including bad USB and PowerShell. Jakoby is known for his ability to make complex concepts easily digestible for newcomers to the field. Summary:In this episode, Phillip Wylie interviews Jakoby, a content creator and hacker. They discuss Jakoby's hacker origin story, his experience in the content creation space, and the positive impact of a Discord server for content creators. Jakoby shares his passion for educating...
Michael Taggart's Journey in Education and Information Security
About The Guest: Michael Taggart is the founder of the Taggart Institute, an education project that aims to provide affordable and accessible learning resources for individuals interested in information security. With a background in teaching and technology, Michael transitioned from K-12 education to security analysis work and is currently a senior researcher at UCLA Health. He is passionate about sharing knowledge and helping others develop their skills in the field of cybersecurity. Summary: In this episode, Phil interviews Michael Taggart, the founder of the Taggart Institute. Michael shares his background in teaching and technology and how he transitioned into the...
A Journey From Offensive Security to Leadership with Tom Eston
About The Guest:Tom Eston is the VP of Consulting and Cosmos Delivery at Bishop Fox, an information security consulting firm. He is also the founder and host of the Shared Security Podcast, which has been running for over 14 years. Tom has over 24 years of experience in the technology and cybersecurity industry, with a focus on offensive security and application security. Summary:Tom Eston joins The Phillip Wylie Show to discuss his journey in offensive security and his role at Bishop Fox. He shares how he got started in the industry, his experience in consulting and management, and the importance...
Powerlifting and PowerShell: A Discussion with Jake Hildreth
About The Guest: Jake is a cybersecurity professional with a background in system administration. He has a deep understanding of Active Directory security and is currently the Active Directory Security Assessment Service Lead at Trimarc. Jake is also the head developer of the open-source tool Locksmith, which focuses on Active Directory Certificate Services misconfigurations. Summary: Jake shares his hacker origin story, starting from his early days tinkering with computers and discovering the world of IRC. He talks about his transition from a sysadmin role to focusing on security and his journey to becoming an Active Directory expert. Jake also discusses...
Yuri Diogenes Discusses Building a Career in Cybersecurity
About The Guest:Yuri Diogenes is a cybersecurity expert and author with over 15 years of experience in the industry. Originally from Brazil, Yuri moved to the US in 2003 to work at Microsoft and Dell Computers. He has published 31 books on cybersecurity and currently works as a People Manager at Microsoft, overseeing the development of cloud security products. Yuri is also a professor at Capitol Technology University and holds a Master's degree in Cybersecurity. Summary:Yuri Diogenes, a cybersecurity expert and author, joins the podcast to discuss his book "Building a Career in Cybersecurity." He emphasizes the importance of self-assessment...
The Power of Community: A Conversation with Kevin Johnson
About The Guest: Kevin Johnson is a renowned cybersecurity expert and the founder of Secure Ideas, a consulting and training company. He has been in the industry for over 30 years and has extensive experience in penetration testing and application security. Kevin is also actively involved in the open-source community and is a strong advocate for the OWASP (Open Web Application Security Project) organization. Summary: In this episode of The Phillip Wylie Show, host Phillip interviews Kevin Johnson, founder of Secure Ideas and a prominent figure in the cybersecurity industry. They discuss Kevin's journey into pen testing, his involvement with...
A Discussion with Active Directory Security Consultant Brandon Colley
About The Guest: Brandon Colley is a cybersecurity professional who specializes in Active Directory security. He has a background in IT operations and has worked in various roles, including help desk support, desktop support, and server administration. Brandon currently works for Trimarc Security, a well-known Active Directory security company. Summary: In this episode, Brandon discusses his journey from IT operations to his current role in Active Directory security. He shares how he discovered his passion for security and the steps he took to specialize in Active Directory. Brandon also talks about the importance of understanding the technology behind security and...
A Conversation about Hack Red Con with Dan and Ken
About The Guest(s):Dan and Ken are the founders and coordinators of Hack Red Con, and Hack Space Con. They are passionate about bringing hands-on technical training and mentorship to the cybersecurity community. They believe in the power of community and strive to bridge the gap between experienced professionals and those just starting out in the industry. Summary:Dan and Ken discuss their upcoming conference, Hack Red Con, and the mission behind it. They emphasize the importance of hands-on training, mentorship, and building connections within the cybersecurity community. They also share stories of how their organization has helped individuals from low-income and...
The Importance of Quality Pen Testing: A Conversation with Katerina Tasiopoulou
About The Guest:Katerina is the CEO and founder of Exelasis, a cybersecurity organization that focuses on elite pen testing and advanced security testing. She is one of the first female CEOs in the industry, and she is passionate about bringing the elite back into cybersecurity and promoting the importance of pen testing. Summary:Katerina discusses the commoditization of pen testing and the need for organizations to prioritize quality over quantity. She explains the difference between pen testing and red team operations, emphasizing that pen testing is coverage-based while red teaming is objective-based. Katerina also shares her thoughts on the role of...
Product Marketing in the Cybersecurity Industry: A Conversation with Liron Mendel
About The Guest: Liron Mendel is a product marketing professional with a background in sales and marketing. She has worked in various tech companies, including CYE and Allot, and specializes in bridging the gap between product and marketing. Summary: Liron Mendel, a product marketing professional, joins the podcast to discuss the role of product marketing in the cybersecurity industry. She explains that product marketing serves as a bridge between the product and marketing teams, ensuring that the product's messaging accurately defines its value proposition. Liron emphasizes the importance of understanding customers and the market in order to effectively market a...
The Evolution of Active Directory Security: A Conversation with James Potter
About The Guest: James Potter is the CEO and founder of DSE, a professional services firm specializing in Active Directory security. With over 25 years of experience in Active Directory work, James has a deep understanding of the challenges and vulnerabilities associated with this core piece of software. He is passionate about helping organizations secure their boundaries through Active Directory security. Summary: James Potter, CEO and founder of DSE, joins The Phillip Wylie Show to discuss the importance of Active Directory security and the evolving landscape of directory services. James shares his background in Active Directory work and explains how...
Introducing Amass v4.0 and the OAM: A Conversation with Jeff Foley
About The Guest Jeff Foley is a security researcher and the Vice President of Research for ZeroFOX. He is also the project leader for OWASP Amass, a project focused on external cybersecurity. Jeff has a strong background in computer science and has been involved in the information security industry for many years. Summary In this episode, Jeff Foley discusses the evolution of OWASP Amass, a project he leads that focuses on external cybersecurity. He explains how he got started in information security and coding, and how his passion for automation led him to create Amass. Jeff also introduces the Open...
Cloud-Centric Permission Management: A Conversation with Ron Nissim
About The Guest: Ron Nissim is the CEO of Entitle, a company that focuses on permission management and access control. He has a background in cybersecurity and intelligence, having served in the Israel Defense Forces in a cybersecurity role. Ron and his co-founder, Avi, started Entitle to address the need for better permission management in cloud environments. Summary: Ron Nissim, CEO of Entitle, joins Phillip Wylie on The Phillip Wylie Show to discuss the importance of permission management and access control in cybersecurity. Ron shares his background in cybersecurity and intelligence and how he and his co-founder started Entitle to...
A Conversation with Chlo Messdaghi
About The Guest:Chlo Messdaghi is a prominent figure in the cybersecurity industry, known for her work in promoting inclusiveness and diversity. She has been a speaker at various conferences and is the host of the podcast "The Change Making Podcast" and "Secure Your Strategy." Chlo is passionate about raising awareness about hacker rights and supporting security researchers and bug bounty hunters. Summary:Chlo Messdaghi joins Phillip Wylie in this episode to discuss the importance of inclusiveness and diversity in the cybersecurity industry. Chlo shares her experiences as a woman in the industry and how it initially made her want to leave,...
The Evolution of Pen Testing: A Conversation with Tim Medin
About The Guest:Tim Medin is the CEO and founder of Red Siege, a pen testing firm that specializes in offensive security. With over 15 years of experience in the field, Tim is also a lead author of the enterprise penetration testing course for the SANS Institute. He is known for his expertise in kerberoasting and has a background in electrical engineering. Summary:Tim Medin, CEO and founder of Red Siege, joins the podcast to discuss his background in pen testing and the evolution of the industry. He shares his experience with the Dallas Hackers Association and talks about his infamous talk...
The Future of Cybersecurity: A Conversation with Julien Richard
About The Guest:Julien Richard is a cybersecurity professional with a background in system administration and network administration. He is the founder of a cybersecurity collective and has extensive experience in penetration testing. Julien is passionate about sharing his knowledge and helping others succeed in the industry. Summary:Julien Richard joins Phillip Wylie on the podcast to discuss their journeys into the cybersecurity industry. They emphasize the importance of diversity in the field and the value of sharing different paths to success. They also discuss the role of certifications and the need for continuous learning in the ever-evolving cybersecurity landscape. Julien shares...
Discovering the Power of Mindfulness and Self-Awareness with Shawn Alexander
About The Guest: Shawn Alexander is a personal trainer and meditation practitioner with over 20 years of experience. He has a background in competitive bodybuilding and powerlifting and has studied meditation and mindfulness extensively. Summary:Shawn Alexander shares his personal journey of self-discovery and mindfulness through meditation. He discusses how his upbringing and experiences led him to seek validation through physical accomplishments, such as bodybuilding. However, he eventually faced the consequences of his extreme training and steroid use, which led to a life-threatening illness. This experience sparked his curiosity about the nature of consciousness and the mind. Shawn explains that there...
How I Rob Banks: A Journey into the World of Ethical Hacking with Freakyclown
About The Guest: FC Barker aka Freakyclown is an ethical hacker and professional cyber criminalist with over three decades of experience. He is the co-founder of Sygenta, a company that specializes in ethical hacking and penetration testing. Freakyclown has a background in offensive cyber research and has worked for major defense firms. Summary:Freakyclown shares his experience as an ethical hacker and professional cyber criminalist. He discusses the type of pen testing he does, which goes beyond the typical cookie-cutter approach. He emphasizes the importance of manual work and understanding the foundations of hacking. Freakyclown also talks about the evolution of...
The Evolution of Identity and Access Management with Adam Migus
About The Guest: Adam Mingus is an expert in identity and access management (IAM) and privileged access management (PAM). With a background in network security and defense contracting, Adam has extensive experience in the field and has witnessed the evolution of IAM and PAM over the years. He is passionate about helping organizations strengthen their security posture and navigate the challenges of identity management in the modern digital landscape. Summary: Adam Migus, an expert in identity and access management (IAM) and privileged access management (PAM), joins Phillip Wylie on the show to discuss the evolving landscape of cybersecurity. Adam shares...
Ankita Dhakar: Revolutionizing Bug Bounty Platforms with AI Integration
About The Guest: Ankita Dhakar is the founder and CEO of Capture the Bug, Australia and New Zealand's first Vulnerability Intelligence Platform. She started her own cybersecurity consultancy firm specializing in penetration testing in late 2019. Ankita has worked with clients in New Zealand, Australia, Europe, and India. She is passionate about educating businesses and individuals about cybersecurity and fostering collaboration between ethical hackers and organizations. Summary: Ankita Dhakar, founder and CEO of Capture the Bug, joins Phillip Wylie on The Phillip Wylie Show to discuss her bug bounty platform and the importance of collaboration in cybersecurity. Ankita shares her...
Danny "Rand0h" Akacki discusses his love for streaming and community
About The Guest: Danny "Rand0h" Akacki is a cybersecurity professional with over 11 years of experience in the industry. He has worked at companies like Mandiant, GE, and Bank of America, focusing mainly on threat hunting. He is currently a Customer Success Manager at Trimark Security and also heads up their marketing and project management efforts. Danny is also a goon at Defcon and is passionate about streaming and content creation. Summary: Danny "Rand0h" Akacki joins Phillip Wylie on the podcast to discuss his background in cybersecurity, his love for streaming and content creation, and his experiences as a goon...
Phillip Wylie Show Trailer
This trailer for the Phillip Wylie Show shares the topics discussed in episodes of the podcast.
The Art of Red Teaming with Shani Peled
About The Guest: Shani is a young and talented offensive security professional who has made a name for herself in the industry. With a background in computer science and physics, she started her cybersecurity journey in the Israeli intelligence course during her military service. After gaining valuable experience in the army, she joined CYE, where she currently works as a Red Teamer. Shani is passionate about helping organizations improve their security posture and enjoys the challenge of finding unique entry points and assessing real risks. Summary: In this episode, Phillip Wylie interviews Shani, a talented Red Teamer at CYE. Shani...
The Power of Bug Bounty Automation with Nenad Zaric
About The Guest(s): Nenad Zarick is a cybersecurity expert and the founder of Trickest, a platform that automates offensive security workflows. With over 15 years of experience in the field, Nenad has a deep understanding of bug bounty programs and the importance of automation in cybersecurity. Summary: In this episode, Phillip interviews Nenad Zaric, the founder of Trickest, a platform that automates offensive security workflows. Nenad shares his background in cybersecurity and how he got started in bug bounty programs. He emphasizes the importance of automation in bug bounty and explains how Trickest can help bug hunters optimize their efforts....
The Evolution of Offensive Security: Insights from Dave Mayer
About The Guest(s):Dave Mayer is an Offensive Security professional with extensive experience in Red Teaming and Penetration Testing. He has a background in computer science and has worked for companies like Citibank and Grim before founding Neuvik. Dave is also a mentor and educator in the field of Offensive Security. Summary:Dave Mayer, an experienced Red Team professional, shares his journey in the field of Offensive Security. He discusses his background in computer science, his transition from development to Red Teaming, and his work at Citibank and other consulting firms. Dave emphasizes the difference between Red Teaming and Penetration Testing, highlighting...
Hacking Past and Present: A Conversation with Moses Frost
Moses Frost, an offensive security expert, shares his journey into cybersecurity in this episode of the Phillip Wylie Show. Frost's interest in computers started in elementary school when he taught himself how to use an old IBM 8088 and read about DOS. He later discovered bulletin board systems (BBS) and began exploring the world of hacking. Frost's curiosity and passion for computers led him to pursue a career in offensive security, where he helps companies prevent cyber attacks. Frost discusses his early experiences with BBS, including learning how to manipulate phone lines and bypass security systems. He also shares a...
Talking Content Creation and Marketing with Zach Hill
Zach Hill, content creator and marketer at TCM Academy and TCM Security, joined Philip Wylie on the Philip Wylie Show to discuss the significance of content creation and marketing in the cybersecurity industry. Hill emphasized that content creation is about helping the community by providing unique perspectives on cybersecurity topics. He highlighted the importance of social engineering, which hasn't changed in the last 24 years. Hill shared his transition from web development and search engine optimization to infrastructure and YouTube. Hill and his colleague, Heath, recently released a course, Practical Career Ready Professional, which teaches soft skills, technical skills, marketing...
A Conversation with Red Team Expert Manit Sahib
Manit Sahib, Director of Global Intelligence and Offensive Operations at Picnic, spoke on the Phillip Wylie Show about the importance of experience and certifications in red teaming and social engineering. He highlighted the significance of CBEST, a framework jointly created by Crest and the UK Central Bank, for financial regulated firms to undergo assurance testing every three years to simulate an adversary's attack and test their detection and response capabilities. Manit also mentioned TCM Academy, which is gaining traction in the industry. The conversation covered the changing landscape of the industry, with more awareness and accessibility to certifications such as...
Cybersecurity Certifications a Discussion with Sumit "Sid" Siddharth
In the first live episode of The Phillip Wylie Show, Sid Siddharth, the founder of The SecOps Group, joins Phillip to discuss cybersecurity certifications. Sid is a renowned cybersecurity expert with over 15 years of experience in pen testing and has given offensive security training at major events like Black Hat, DEFCON, and Hack in the Box. He has also authored several research papers, exploit books, and advisories. In this interview, Sid and Phillip discuss the challenges of cybersecurity certifications and how Sid's SecOps Group is helping to address these issues. They cover topics like the importance of hands-on training,...
Talking AI and Content Creation with Daniel Miessler
Daniel Miessler, the creator of the "Unsupervised Learning" newsletter and podcast, discusses the importance of content creation for building a personal brand and breaking into the industry. Miessler believes that having a visible brand can help connect with others and lead to new opportunities. He recommends immediately capturing ideas and always having a place to do so. Miessler's podcast and newsletter cover security, technology, and human news. He believes that tech and science are subordinate to humanity and is interested in how they impact humans and what humans care about. Miessler emphasizes the importance of pursuing one's interests and doing...
Insights from Evan Ottinger on Building Skills, Networking, and Job Hunting
Phillip's guest in this episode is Evan Ottinger, a senior security engineer at TCM Security. Evan shares his background and journey in the technology field. Evan shares his experience in the military as a Middle Eastern linguist and how it sparked his interest in cybersecurity. He emphasizes the importance of foundational knowledge and hands-on experience in systems administration. The conversation also touches upon resources for learning, including Professor Messer's free YouTube (@professormessercontent) and platforms like TryHackMe. They discuss the benefits of networking, attending conferences, and local meetups for career opportunities. The interview concludes with a reflection on the challenges of...
Casey Ellis: Pioneering The Bug Bounty Platform To Empower Ethical Hackers
Casey Ellis, the founder of Bugcrowd, is interviewed by Phillip Wylie, who admires Casey's connection to the hacker community. Casey shares his background in technology and how his curiosity led him to become a hacker. He emphasizes that he always exercised caution and avoided causing harm. Casey shifted his focus to network engineering after leaving a nuclear medicine degree program. He enjoys the challenge of thinking like a criminal without engaging in illegal activities. Casey Ellis, an Australian entrepreneur, pioneered the bug bounty platform to tap into the creativity of the white hat hacker community and enhance internet security. He...
Hacker, Researcher, Educator, Entrepreneur, a Glimpse into The World of Vivek Ramachandran
In this episode, Vivek Ramachandran joined the show. Vivek is the founder of Pentester Academy and SecurityTube. Vivek shared how he got interested in computers at an early age and developed a passion for hacking and cybersecurity. Since selling Pentester Academy to INE, he has started a hacker superhero, comic book, and his most recent venture a startup called SquareX. SquareX protects users with a secure browser solution that leverages a cloud-based sandbox. Vivek shares about his hacker-focused comic book titled Hackers: Superheroes of the Digital Age, which educates readers that hacking can be used for good. He shares how...
Get To Know MITRE Engenuity With Maggie MacAlpine!
Phillip welcomes Maggie MacAlpine of MITRE Engunity (@mitreengenuity3171 ) to discuss MITRE Engunity and its cybersecurity initiatives. In addition to MITRE Engunity, in this episode, Maggie discusses election security.
Connect with Maggie on social media:
https://twitter.com/MaggieMacAlpine
https://www.linkedin.com/in/margaretmacalpine/
MITRE Resources:
https://mitre-engenuity.org/https://mitre-engenuity.org/cybersecurity/attack-evaluations/
https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/
https://mitre-engenuity.org/cybersecurity/mad/
https://attack.mitre.org/
https://twitter.com/MITREengenuity
https://www.youtube.com/@UCGJjokBEqouIhVZvqnLQgYg
If you enjoyed this podcast, check out Phillip's other podcast, The Hacker Factory:
https://thehackerfactory.simplecast.com/
Connect with Phillip on social media, YouTube and visit his website:
https://twitter.com/PhillipWylie
https://www.linkedin.com/in/phillipwylie
https://www.instagram.com/phillipwylie/
https://www.youtube.com/@phillipwylie
https://www.thehackermaker.com/
Pentester Darin Fredde Shares Favorite Hacks And Tips For Career Success
Phillip interviews Darin Fredde, a longtime friend and twice former coworker from their CAD drafting days to a recent job as pentesters. Phillip and Darin have a history that goes back to 1995 when they were AutoCAD drafting. They reconnected in 2002 and have stayed connected since. Darin is an offensive Security professional educator, mentor, and author. Phillip has seen Darin's talent and recommended him for a job in pen testing. Darin has worked in pen testing for about five years and is now one of the best pen testers Phillip knows. During this episode, Phillip and Darin will discuss...
A Conversation with Offensive Security Pro Corey LeBleu
In this episode, Phillip interviews Corey LeBleu, an offensive security professional with over 19 years of experience in offensive security. Corey shares his beginnings in offensive security specializing in social engineering and physical pentesting. Corey's career has been spent consulting for various companies, and his interests evolved from network pentesting to application pentesting. He shares how crucial constant learning is to be an offensive security professional and how learning languages such as Python and Go Lang is essential in developing your skills. In this episode, Corey shares how he enjoys lifting weights to stay healthy and manage stress to keep...
From Military Red Teamer to CEO and Cofounder: A Conversation with Reuven "Rubi" Aronashvili
Phillip is joined by Reuven "Rubi" Aronashvili, the CEO and founder of CYE. Phillip discusses the advanced capabilities of people in cybersecurity, particularly those who have served in the Israeli Defense Forces (IDF) and Unit 8200. They have a unique understanding of how to defend networks, as the stakes are much higher in the military as it can involve protecting citizens and potentially life-threatening consequences. Rubi explains that Israel is often seen as advanced in cybersecurity primarily because of the survival-oriented approach taken in the Army, such as the Technology Units and the Center of Encryption Cybersecurity in the IDF....
A Conversation with Buckhorn Consulting Founder and Director Don Dobson
In the podcast episode, Phillip Wylie interviews cybersecurity professional Don Dobson, who shares his journey into the field and emphasizes the importance of continuous learning, hands-on experience, and a strong foundation in computer science. They discuss the significance of soft skills such as communication, empathy, and teamwork in the cybersecurity industry and the value of networking, attending events, and engaging on platforms like LinkedIn. Don talks about his various roles in the cybersecurity sector and the importance of finding the right fit for one's skills and interests. He highlights the value of mentorship, learning from others, and building a personal...
Kenny Parsons Introduces, PwnKube, a Purposely Vulnerable Kubernetes Environment
In this episode, Phillip Wylie interviews Kenny Parsons about his open-source project, PwnKube, a purposely vulnerable Kubernetes environment designed to provide hackers, pentesters, security researchers, and others a way to practice their Kubernetes hacking skills. They discuss the benefits of creating such an environment and the future plans for the project, which include making it publicly available on GitHub and potentially turning it into a CTF format. They also emphasize the importance of sharing knowledge within the information security community. Kenny's LinkedIn: https://www.linkedin.com/in/kenny-parsons/ Kennys Twitter: https://twitter.com/therealjiru If you enjoyed this podcast, check out Phillip's other podcast, The Hacker Factory: https://thehackerfactory.simplecast.com/...
A Conversation with DFW Hacker Community Member Emily S.
Emily shares invaluable advice for those new to cybersecurity or wanting to start a cybersecurity career. She emphasizes the importance of taking the initiative by gaining real-world experience through internships or volunteer work to build up skills. Emily advises new cybersecurity professionals to practice empathy when communicating with end users. This is because empathy helps professionals to understand the point of view of their clients and co-workers when discussing security concerns. By following Emily's advice, aspiring cybersecurity professionals can gain a better understanding of how their roles fit into the larger organization and be more prepared for success in the...
A Conversation with Cybersecurity Community OG and EH-net Founder Don Donzal
In this podcast episode, host Phillip Wylie interviews Don Donzal, the founder of the Ethical Hacker Network, aka EH-net. Don is a cybersecurity professional, mentor, and community advocate. Don recently gave a talk about his almost two-year sabbatical, where he learned lessons about work-life balance and finding enjoyment in daily routines. Don shares his personal experiences with burnout and its consequences on his health and relationships. He emphasizes the importance of self-awareness, setting boundaries, and finding a balance between work and personal life. Don also discusses the need to engage in activities that promote mental, emotional, and physical well-being, such...
Phoenix Cast
Katie Moussouris & Project Glasswing
In this episode of Phoenix Cast, hosts John, Rich, and Kyle welcome Katie Moussouris founder and CEO of Luta Security, creator of Microsofts first bug bounty program, and architect of Hack the Pentagon to break down Anthropics Project Glasswing and what it means when an AI model can find hundreds of real-world vulnerabilities at scale. Katie walks through the staggering complexity of coordinating multi-party vulnerability disclosure across 40 organizations, drawing on her own experience running similar efforts at Microsoft, and doesnt shy away from the hard questions about whether the cybersecurity workforce is cooked or about to boom. The conversation...
Kyle Kills Databases
In this episode of Phoenix Cast, hosts John and Kyle dive into two cautionary tales from Kyles AI-powered workflow one where he spent $70 proving that AI detection tools are fundamentally broken, and another where he nearly lost his entire CRM database to a vibe-coded update gone wrong. Kyle walks through his process of writing a Marine Corps Gazette article using AI as a drafting assistant, only to have two leading detection tools flag it as 100% AI three times in a row sparking a broader debate about whether did AI write this? is even the right question to ask....
Gen AI Conference
In this episode of Phoenix Cast, hosts John, Rich, and Kyle break down the recent hack of McKinseys internal AI platform Lilly where a security startups automated agent gained full root access through unsecured API endpoints in under two hours sparking a lively debate on what actually constitutes a hack and why zero trust architecture still matters more than ever. The crew covers exciting new GenAI.mil features including Agent Builder and API key access, Anthropics upgrade of Claude Codes context window from 200K to a million tokens, and what context rot means for power users. Kyle then delivers a fired-up...
Every Marine an AI Rifleman
In this episode of Phoenix Cast, hosts John, Rich, and Kyle dive into a passionate debate about why the military needs to stop relying on a single "AI guy" in every unit and instead adopt an "every Marine an AI rifleman" mentality training all service members in AI fundamentals the same way every Marine learns basic marksmanship. Kyle breaks down what AI "marksmanship" actually looks like (spoiler: it's way more approachable than you think, and it doesn't require a data science degree), while Rich draws on his experience driving an AI-enabled vehicle to illustrate what real human-machine teaming feels like...
Clawd & Order: AI in the Wild
In this episode of Phoenix Cast, hosts John, Rich, and Kyle break down the rapidly evolving world of agentic artificial intelligence through the story of Clawdalso known as Molt and now OpenClaw. They explain what AI agents are, how tools like Claude Code and full-system agents are changing the way humans interact with machines, and why this shift is both powerful and potentially risky. The hosts explore real-world implications ranging from productivity and security to misinformation, open-source automation, and the viral AI-only social network phenomenon. They also reflect on the broader impact of human-machine teaming, discussing how leadership, communication, and...
ADM Clapperton (ret)
In this episode of Phoenix Cast, hosts John and Rich are joined by special guest Vice Admiral (ret) Craig Clapperton - the former Commander of Navys Fleet Cyber Command. They discuss how technical mastery, leadership development, and career progression differ across ranks, and why early-career officers and operators must prioritize deep warfighting competence before broadening into team leadership and enterprise impact. They also explore how to brief and influence senior leaders effectively, integrate kinetic and non-kinetic capabilities, and build trust through competency, character, and integrity in high-stakes cyber and joint operations.We'd love to hear your thoughts! Tweet us at our...
Current Events to start 2026
In this episode of the Phoenix Cast, hosts John and Kyle kick off 2026 with a jam-packed current events roundup covering the React to Shell vulnerability (think Log4Shell but for the front end), the Marine Corps' new drone training requirements, Google's TPU announcements that might have NVIDIA sweating, and the launch of GenAI.mil. They also share some exciting podcast milestones, dish out their 2026 predictions, and Kyle reveals his holiday vendetta against PowerPoint that resulted in building his own AI-powered presentation tool.We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our...
DC I - General Carter
In this episode of Phoenix Cast, hosts John and Kyle are joined by special guest LtGen Jerry Carter, the Marine Corps Deputy Commandant for Information. They discuss the evolution of the DCI role, the cultural and organizational challenges of building a cohesive information warfare community, the urgency of adapting faster in cyberspace and AI, and why winning future conflicts requires rethinking how the Marine Corps fights, learns, and innovates in a persistent state of competition.We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix...
Gen Heritage
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest MajGen (ret) Ryan Heritage - the former J3 (Director of Operations) for US Cyber Command, and Commander of Marine Corps Forces Cyberspace Command.We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!
Marine Corps AI
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest Capt Chris Clark - the Marine Corps Artificial Intelligence Lead in the Marine Corps Deputy CLinks:-(USMC Fellowships) https://www.marines.mil/News/Messages/Messages-Display/Article/4315247/fy26-artificial-intelligence-fellowship-programs/-https://www.marines.mil/News/Messages/Messages-Display/Article/4325857/update-to-maradmin-46025-fy26-artificial-intelligence-fellowship-programs/-(Private Sector Solutions) https://www.anduril.com/article/anduril-s-eagleeye-puts-mommandant for Information Service Data Office to discuss Marine Corps AI. Have a listen, and let us know what you think!We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on...
Future of Comm Part 3
In this episode of the Phoenix Cast, hosts John, Rich, and Kyle are joined by special guests Cols Russ Belt and Kevin Stepp, the II MEF and I MEF G-6s. They continue the discussion started by Col Matt Schroer on Episode 122, and LtCols Berdela and Henderson on Episode 123 about the future of communications formations.We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple...
CSIS Cyber Force Project
In this episode of the Phoenix Cast, hosts John and Kyle are joined by special guests Josh Stiefel and LTG (ret) Edward Cardon, the architects of CSIS Cyber Force project.We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!Links:CSIS announcement: https://youtu.be/f-u_P9yp6AI?si=ykRebsVoEtFC3BkPCSIS 16 Sept panel: https://www.csis.org/events/launch-commission-us-cyber-force-generationMcCrary Institute:Cyber Force, ROI, and the Case for Reform with Ed Cardon & Josh Stiefel
Current events: AI for payments, more vulns
What should leaders take from Brickstorm, a 150-year-old company felled by one password, and an easy Microsoft global-admin misstepplus how agent-to-agent payments could evolve? In this episode of the Phoenix Cast, hosts John and Kyle connect the dots for you. Have a listen, and let us know what you think!We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, andhttps://www.bleepingcomputer.com/news/security/google-brickstorm-malware-used-to-steal-us-orgs-data-for-over-a-year/https://thehackernews.com/2025/09/how-one-bad-password-ended-158-year-old.html?m=1don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!Links:https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/https://colinmcnamara.com/blog/understanding-a2a-ap2-protocols-builder-guide
Future of Comm Part 2
Continuing the conversation from Episode 122 with Col Matt Schroer, The Phoenix Cast hosts John, Rich, and Kyle sit down with Glenn Berdela and John HendersonCommanding Officers of 2d Network Battalion and 8th Communications Battalionto explore where communications formations are headed next.We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!
Future of Comm Part 1
In this episode of the Phoenix Cast, hosts John and Kyle are joined by special guest Col Matt Schroer - Enterprise and Expeditionary Communications Branch Head, Deputy Commandant for Information (DC I), Information Command, Control, Communications and Computers (IC4). They discuss the future of Marine Corps communications and some of the work being done to move the Marine Corps enterprise forward.We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those...
Thunderstruck
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest LtCol Brian Kerg - Commanding Officer of Comm Squadron 38 to discuss the basics of a Communications Squadron, and an upcoming competition that MWCS-38 will be having - Thunderstruck. Have a listen, and let us know what you think!We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts....
MCP Explainer and GPU Hammer
In this episode of Phoenix Cast, hosts John and Kyle discuss MCP, and MCP vulnerabilities, and GPU Hammer. Have a listen, and let us know what you think!We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!Links:MCP -https://aws.amazon.com/blogs/database/supercharging-aws-database-development-with-aws-mcp-servers/?sc_channel=sm&sc_campaign=DBA_AWS_for_Data&sc_publisher=LINKEDIN&sc_country=global&sc_geo=GLOBAL&sc_outcome=awareness&sc_category=Amazon%20Q&linkId=835893819Vulnerabilities -https://thehackernews.com/2025/07/critical-vulnerability-in-anthropics.htmlhttps://thehackernews.com/2025/07/gpuhammer-new-rowhammer-attack-variant.html
AI 2027
In this episode of Phoenix Cast, hosts John, Rich, and Kyle discuss AI 2027. Have a listen, and let us know what you think!We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!Links:https://ai-2027.com/https://www.perplexity.ai/page/new-research-shows-openai-s-la-l4Sns0ZRR6K7266VFz6HuAhttps://www.google.com/books/edition/The_Alignment_Problem_Machine_Learning_a/Lh_WDwAAQBAJ?hl=en&gbpv=1&printsec=frontcoverhttps://www.nist.gov/caisihttps://fedscoop.com/trump-administration-rebrands-ai-safety-institute-aisi-caisi/https://www.amazon.com/Alignment-Problem-Machine-Learning-Values/dp/0393635821https://www.amazon.com/Life-3-0-Being-Artificial-Intelligence/dp/1101946598https://www.amazon.com/Coming-Wave-Technology-Twenty-first-Centurys/dp/0593593952https://www.amazon.com/Human-Machine-Team-Artificial-Intelligence-Revolutionize/dp/B0948LGS3Khttps://www.csis.org/podcasts/ai-policy-podcast
Scary AI
In this episode of Phoenix Cast, hosts John and Kyle are joined by special guest Robert Teller and they talk through some of the scarier sides of AI.Share your thoughts with us on Twitter: @ThePhoenixCast (Now verified!) and join our LinkedIn group to interact with other Phoenix Casters.
Quantum Frontiers and Warfighting
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest Capt Dan Choi for the first episode in a series about quantum technologies. Have a listen, and let us know what you think!We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!Links:Videos:-Introducing: Quantum 101 with Katie Mack | Playlist (Perimeter Institute)-A Brief History of Quantum...
Even More AI News
In this episode of Phoenix Cast, hosts John, Rich, and Kyle talk about AI in the news, and some reflections on what it means.Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.Links:Disney employee article:https://www.the-independent.com/news/world/americas/crime/disney-hack-nullbulge-ai-slack-b2705487.htmlCloudflare AI against AI:https://arstechnica.com/ai/2025/03/cloudflare-turns-ai-against-itself-with-endless-maze-of-irrelevant-facts/Bleeping computer AI training set data article:https://www.bleepingcomputer.com/news/security/nearly-12-000-api-keys-and-passwords-found-in-ai-training-dataset/
Deep Research: Prompting for Garcia
In this episode of Phoenix Cast, hosts John, Rich, and Kyle talk about deep research. They cover what it is, some use cases, and the output of some prompts.Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.Kyles Deep Research Video: https://youtu.be/mWThivNH75w Perplexity 1 - Make an AI FitRep ProcessPDF Doc: https://drive.google.com/file/d/1IuFm58qRvcP2pS_79f6AiDTOX6xjzB3l/view?usp=sharingDirect Link:https://www.perplexity.ai/search/i-would-like-to-create-an-ai-p-HMg0s3n9TfKijhKSYfhJxgPerplexity 2 - Use cases for MarinesPDF Doc: https://drive.google.com/file/d/1mh3bXy-P76cGqk1b_bqFomGPCbR5t5up/view?usp=sharingDirect Link: https://www.perplexity.ai/search/i-run-a-podcast-for-cyber-secu-YP.2kJRNSJmGlbPb6DfsXg
MIU
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest Michael Frank and Jimmy Mastrom from the Marine Innovation Unit. Listen as they discuss the relationship between the Defense Innovation Unit (DIU) and the Marine Innovation Unit, how they are supporting Marines, and about innovation in general.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Unit X
https://www.amazon.com/Unit-Pentagon-Silicon-Valley-Transforming/dp/1668031388
https://www.marforres.marines.mil/MIU/
https://www.marforres.marines.mil/MIU/Join/Application/
https://www.linkedin.com/company/marine-innovation-unit/posts/?feedView=all
Cyber Trust Mark Reactions
In this episode of Phoenix Cast, hosts John, Rich, and Kyle discuss the new Cyber Trust Mark.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://thehackernews.com/2025/01/fcc-launches-cyber-trust-mark-for-iot.html
https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/
Army CIO
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest Leonel Garciga, CIO of the Army. They discuss what a CIO does, how to serve as a principle advisor to a service secretary, and some thoughts on DEVOPS.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Mr Garciga bio: https://www.cio.gov/about/members-and-leadership/garciga-leonel/
https://defensescoop.com/2024/03/09/army-new-policy-software-development-practices/
https://defensescoop.com/2024/04/22/army-rethinks-approach-ai-enabled-risks-project-linchpin/
Kurzgesagt YouTube video on finding the source of random info:
https://youtu.be/bgo7rm5Maqg?si=Gc6BojRJbIPVfBK8
https://www.amazon.com/Blood-Machine-Origins-Rebellion-Against-ebook/dp/B09N3G2TG9
https://www.amazon.com/Revenge-Tipping-Point-Overstories-Superspreaders/dp/0316575801
Whats next for workloads, SSH concern, and WiFi attack
In this episode of Phoenix Cast, hosts John, Rich, and Kyle discuss some thoughts on where workloads are going, the potential for SSH to leak metadata, and a new WiFi attack.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Broadcom / VMware / etc -
https://www.theregister.com/2024/11/22/broadcom_vmware_acquisition_first_anniversary/
VMware on AWS - https://aws.amazon.com/blogs/migration-and-modernization/whats-next-for-vmware-workloads-on-aws/
SSH keystroke bypass - https://crzphil.github.io/posts/ssh-obfuscation-bypass/
WiFi Attack -
https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/
MC Birthday, DORA State of DEVOPS, and much more
In this episode of Phoenix Cast, hosts John and Kyle discuss excitement around the Marine Corps birthday, a graphic novel from Gene Kim, DORAs DEVOPS report, Google joining JWCC, a podcast with Gen Nakasone, and some announcements from OpenAI. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts. Links: Marine Corps Birthday: https://www.cmc.marines.mil/Birthday/ Phoenix Proejct Graphic novel: https://a.co/d/5pDZdip Origional Phoenix Project: https://a.co/d/a2Bapd3 Unicorn Project: https://a.co/d/cd4dwgn DORA DEVOPS: https://dora.dev/ Google joins JWCC: https://breakingdefense.com/2024/10/full-house-google-to-be-final-jwcc-partner-authorized-for-secret-level-cloud-work-in-2025/ Nakasone on mic drop: https://podcasts.apple.com/us/podcast/180-mic-drop-exclusive-gen-nakasone-says-reports-about/id1225077306?i=1000675737757 OpenAI buys chat.com https://techcrunch.com/2024/11/06/openai-acquired-chat-com/ OpenAI...
AI, Cyber Power, and Spying on Internet Traffic
In this episode of Phoenix Cast, hosts John and Kyle discuss some recent articles on AI, cyber power, and widespread spying on the internet.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://venturebeat.com/ai/openai-unveils-experimental-swarm-framework-igniting-debate-on-ai-driven-automation/
https://github.com/openai/swarm
https://www.politico.com/sponsor-content/2024/09/11/chinas-strategy-to-annex-taiwan-is-more-about-cyber-power-than-firepower
https://www.wsj.com/podcasts/the-journal/the-chinese-hackers-spying-on-us-internet-traffic/65f72237-a374-41da-907a-3dcaa9abbd55
Pagers/Radios, CISA white hot take & Spotlight on Multinational Tech Collab
In this episode of Phoenix Cast, hosts John, Rich, and Kyle discuss exploding pagers, CISAs hot take, and international collaboration. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts. Links: BBC pager article: https://www.bbc.com/news/articles/cz04m913m49o NPR pager article: https://www.npr.org/2024/09/20/g-s1-23812/lebanon-israel-exploding-pagers-hezbollah-international-law. Points of Interest: 1. One particular focus is Article 7(2) of the Amended Protocol II of the Convention on Certain Conventional Weapons, which was added to an international law focused on the use of conventional weapons in 1996. Both Israel and Lebanon have agreed...
PIXHELL RAMBO No Such Podcast and Tech Regulation
In this episode of Phoenix Cast, hosts John, Rich and Kyle discuss some interesting EXFIL potentials presented by security researchers, a surprising new podcast, and some new technology regulation.
Share your thoughts with us on Twitter: @USMC_TFPhoenix and our LinkedIn Group. And of course a coveted 5 star review on Apple Podcasts.
Links:
PIXHELL: https://www.bleepingcomputer.com/news/security/new-pixhell-acoustic-attack-leaks-secrets-from-lcd-screen-noise/
RAMBO:
https://www.bleepingcomputer.com/news/security/new-rambo-attack-steals-data-using-ram-in-air-gapped-computers/
No such podcast:
https://podcasts.apple.com/us/podcast/no-such-podcast/id1763301518
Tech regulation:
https://www.pbs.org/newshour/world/google-and-apple-lose-legal-battles-in-europe-and-now-owe-billions-in-fines-and-back-taxes
https://www.npr.org/2024/08/05/nx-s1-5064624/google-justice-department-antitrust-search
https://www.wired.com/story/european-commission-big-tech-regulation-outlook/
Crowdstrike, PRC tradecraft, Campaign Hack
In this episode of Phoenix Cast, hosts John and Kyle talk about the crowdstrike outage, PRC tradecraft, and the hack of a political campaign and the attribution of that hack.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Crowdstrike - https://www.bleepingcomputer.com/news/security/crowdstrike-update-crashes-windows-systems-causes-outages-worldwide/
Kernel access -
https://www.theregister.com/2024/07/22/windows_crowdstrike_kernel_eu/
PRC Tradecraft -
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3830375/nsa-joins-in-releasing-case-studies-showing-prc-tradecraft-in-action/
Campaign Hack -
https://apnews.com/article/iran-fbi-trump-intelligence-community-52641cd66412d7c01d73876acab3d989
Attribution -
https://www.stimson.org/2024/advancing-accountability-in-cyberspace/
More Cyber Force Discussion
In this episode of Phoenix Cast, hosts John, Rich and Kyle are joined by ..
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Irregular Warfare Podcast 1: https://irregularwarfare.org/podcasts/do-we-need-a-cyber-force-part-1-arguments-for-a-seventh-service/#:~:text=This%20episode%20is%20a%20two,recruitment%2C%20training%2C%20and%20retention.
Irregular Warfare Podcast 2:
https://podcasts.apple.com/us/podcast/irregular-warfare-podcast/id1514636385?i=1000664818586
Dual Hat Article
https://therecord.media/new-review-will-examine-nsa-and-cyber-commands-dual-hat-structure
Posture statement:
https://www.cybercom.mil/Media/News/Article/3739700/posture-statement-of-general-timothy-d-haugh-2024/WOTR: https://warontherocks.com/2024/07/a-cyber-force-is-not-the-only-solution/
Subs and Cyber
In this episode of Phoenix Cast, hosts John, Rich and Kyle are joined by CDR Paul Schreiner and they discuss leading a technical force.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Essentialism: https://www.amazon.com/Essentialism-Disciplined-Pursuit-Greg-McKeown/dp/0753555166
The Subtle Art of Not Giving a F*ck: https://www.amazon.com/Subtle-Art-Not-Giving-Counterintuitive/dp/B01I29Y344/ref=sr_1_2?crid=3JR53SRUD6QJ3&dib=eyJ2IjoiMSJ9.98Ga1R6dC37EmS5v-Mai-Ay9ntrk9WkoqQSmsHS2MBHc2khPCBREv43lou1ZsLrHM1FMx0ao-g_rnOlwTAJtpveYy_gtu0WyU8nGN9OeWVG50dFRSqhyxf-Bwh_cf0bltLodUmLiJVQTJYAN00DfjVPYn6ainryhpo8rsWCjWja6quHEc5BRoH9-GH7XM5DsSEb8UeEIUL9ADPeKFAwCYzzfA4b0YxaV7FGG9Kmpi8A.-8_IySYWg-wm7EDN3hP3zwQqbPzpaTdGsL_M15yUs1Y&dib_tag=se&keywords=the+subtle+art+of+not+giving+a+fck&qid=1722255188&s=books&sprefix=the+subtle+%2Cstripbooks%2C104&sr=1-2
Force Design Unleashed: USMC's CJADC2
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest Thomas TJ Johnson, Chief Scientist for Project Dynamis and the MAGTF C2 MVP from MCTSSA. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts and join our LinkedIn Group. Links: Force Design 2030 - Force Design 2030 March 2020 Force Design 2030 Annual Update - Force Design 2030 Annual Update April 2021 Force Design 2030 Annual Update - Force Design 2030 Annual Update June 2023 Return of...
DISARM with Dr Pablo Breuer
In this episode of Phoenix Cast, hosts John, Rich and Kyle are joined by Dr Pablo Breuer and they discuss the DISARM framework.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
DISARM website - https://www.disarm.foundation/framework
BlackHat talk - https://www.youtube.com/watch?v=trxzyEfG8cY&t=6s&pp=ygUVYmxhY2toYXQgcGFibG8gYnJldWVy
STIX/TAXI - https://www.first.org/resources/papers/munich2016/wunder-stix-taxii-Overview.pdf
Trust me Im Lying - https://www.amazon.com/Trust-Me-Lying-Confessions-Manipulator/dp/1591846285
LikeWar: The Weaponization of Social Media
https://www.amazon.com/LikeWar-Weaponization-P-W-Singer/dp/1328695743
How to Lose the information War: Nina Jankowicz
https://a.co/d/08YE6l6U
The Demon-Haunted World: Science as a Candle in the Dark: Carl Sagan
https://a.co/d/01C7dhRb
Microsoft Recall, GEN Nakasone (ret), NDAA cyber study
In this episode of Phoenix Cast, hosts John and Kyle talk through some interesting news of note around AI enabled screenshots, what GEN Nakasone is doing in retirement, and a cyber force study potentially being included in the NDAA.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts and join our LinkedIn Group.
Links:
Recall - https://www.bleepingcomputer.com/news/microsoft/windows-11-recall-ai-feature-will-record-everything-you-do-on-your-pc/
Nakasone -
https://news.vanderbilt.edu/2024/05/08/gen-paul-nakasone-named-founding-director-of-institute-for-national-defense-and-global-security/
https://openai.com/index/openai-appoints-retired-us-army-general/
NDAA -
https://defensescoop.com/2024/06/14/assessment-independent-cyber-force-passes-house-senate-defense-committee/
https://www.secureworld.io/industry-news/cyber-force-on-hold
Real Actual AI
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by fellow Marine and special guest Dan Tadross, Scale AIs Head of Federal Delivery,as they talk about an AI product for military planners available NOW. Tune in to hear how Dan used software to improve deck cycles, theG-BOSS system, and then directed his passion for AI to Donovan. Want to know what Donovan is? Have a listen and find out. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts. NEW:...
Craig Clarkson - MCTSSA CO
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest Col Craig Clarkson, the Commanding Officer of MCTSSA, and they talk about leading technical teams, what MCTSSA is up to lately, and his call to action.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts and join our LinkedIn Group.
Links:
Amazon leadership principles: https://www.amazon.jobs/content/en/our-workplace/leadership-principles
The Rise of Cyber-Physical Systems:
https://www.nationalacademies.org/news/2023/11/the-rise-of-cyber-physical-systems
Liminal Warfare and Conceptual Envelopment:https://smallwarsjournal.com/jrnl/art/liminal-and-conceptual-envelopment-warfare-age-dragons
Anthony Crain
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest Anthony Crain and they talk about teaching/coaching, Agile and DEVOPS, and if AI is promising or concerning for project management professionals.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts and join our LinkedIn Group.
Links:
Pocket Coach Channel:
https://www.youtube.com/@pocketcoach5606
Johns Post Comparing Agile with USMC doctrine:
https://www.unadulteratednerdery.com/2021/12/21/agile-isnt-transformative-its-doctrine/
Elevate book: https://www.audible.com/pd/Elevate-Audiobook/B072N67MB2?source_code=GPAGBSH0508140001&ipRedirectOverride=true&gclid=CjwKCAjw5v2wBhBrEiwAXDDoJYnbAFRh0uf0vPetjsTUNCuf4nlopK2JvvZ3F3kARHglMo2QEjf4bRoCU4sQAvD_BwE&gclsrc=aw.ds
Anthony Video on Time Boxing:
https://www.youtube.com/watch?v=h89xbVbas_c
FDD Cyber Force Discussion
In this episode of Phoenix Cast, hosts John, Rich, and Kyle discuss the FDD document recommending a cyber force.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts and join our LinkedIn Group.
Links:
Report: https://www.fdd.org/analysis/2024/03/25/united-states-cyber-force/#easy-footnote-bottom-16-229141
https://www.crowdstrike.com/cybersecurity-101/living-off-the-land-attacks-lotl/
https://www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
Video discussion: https://www.fdd.org/events/2024/03/25/exploring-the-potential-of-a-us-cyber-force/
Chat with Tim Gramp
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest Tim Gramp - USMC Chief Engineer - and DC SEAL. Tim is the first SES to join the cast, and they discuss what an SES is, the best way to leverage the civilian workforce, and what the STRL designation MCTSSA received means to the warfighter.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
-https://www.marcorsyscom.marines.mil/Leadership/Leadership-View/Article/3033657/mr-timothy-m-gramp/
-https://www.marines.mil/News/News-Display/Article/3657402/mctssa-designated-corps-first-strl-accelerating-force-modernization/
-https://rt.cto.mil/ddre-rt/dd-rtl/strl/
-https://news.usni.org/2024/03/04/marines-accelerating-new-technology-fielding-to-the-fleet
-https://lexfridman.com/podcast/
-https://www.acquired.fm/-https://www.simonandschuster.com/books/The-Fourth-Turning-Is-Here/Neil-Howe/9781982173739
Wireshark, Leaked Hacking Tools, Freaking out about Google
In this episode of Phoenix Cast, hosts John and Kyle discuss some recents events in the news - banning Wireshark, the alleged leak of hacking tools, and Kyle finishes by providing some perspective on how Google sunsets projects.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Wireshark website (donate here): https://www.wireshark.org/
SharkFest: https://sharkfest.wireshark.org/
Hacking tool leak: https://cybernews.com/news/github-leak-exposes-chinese-cyber-ops/
Lockbit:
https://www.bbc.com/news/technology-68344987 https://www.bleepingcomputer.com/news/security/police-arrest-lockbit-ransomware-members-release-decryptor-in-global-crackdown/
https://www.reuters.com/technology/lockbit-hackers-swagger-display-after-police-leak-identities-online-2024-02-20/
Single, double, triple, quadruple extortion - https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-double-extortion-and-beyond-revil-clop-and-conti
From the Coast to the Clouds
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest Jonathan White and they talk about the Coast Guards cloud journey.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Coast Guard is Hiring!
https://www.gocoastguard.com/
Learn more about the Coast Guardhttps://www.uscg.mil
Return of the Carl
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are re-joined by special guest Olivia Garard. Turns out man moons ago Clausewitz checked out some art, and it got him thinking. Olivia translated those thoughts, and we talk about it.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://classicsofstrategy.com/2023/09/27/clausewitzs-artikel-on-art-an-introduction/
https://classicsofstrategy.com/2023/09/28/on-art-and-the-theory-of-art/
Pearly gates of cyberspace
https://www.amazon.com/Pearly-Gates-Cyberspace-History-Internet/dp/0393320537/ref=asc_df_0393320537/?tag=hyprod-20&linkCode=df0&hvadid=658836661081&hvpos=&hvnetw=g&hvrand=13760603136521005999&hvpone=&hvptwo=&hvqmt=&hvdev=c&hvdvcmdl=&hvlocint=&hvlocphy=9007880&hvtargid=pla-1297315372681&psc=1
Youtube art of coding
https://www.youtube.com/watch?v=6avJHaC3C2U
US DoD Strategy for Operations in the Information Environmenthttps://media.defense.gov/2023/Nov/17/2003342901/-1/-1/1/2023-DEPARTMENT-OF-DEFENSE-STRATEGY-FOR-OPERATIONS-IN-THE-INFORMATION-ENVIRONMENT.PDF
Kyle Tinkers with AI Programming
In this episode of Phoenix Cast, hosts John and Rich, listen as Kyle talks through his journey of using low code / no code and AI enabled tools to solve a problem he came across.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Kyles Google Doc: Generative AI Learning for RAG & ChatBot applications
https://pro.academind.com/
https://cursor.sh/
Chat with Jason Passwaters and Mike DeBolt
In this episode of Phoenix Cast, hosts John, Rich, and Kyle welcome special guests Jason Passwaters and Mike DeBolt for a talk on the commercial intelligence space.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Intel 471 - https://intel471.com/
Cyber Underground Handbook - https://intel471.com/resources/cyber-underground-handbook
General Intelligence Handbook YouTube Series - https://www.youtube.com/playlist?list=PLayAdMfJunBDSXjSWkG4mHQaxDBdIRhDK
Cyber HUMINT - https://intel471.com/blog/gaining-the-intelligence-advantage-with-cyber-humint-part-one
The Holiday Episode
In this episode of Phoenix Cast, hosts John, Rich, and Kyle discuss a couple of current events and reflect on the year and what they are thankful for.
Share your thoughts with us on Twitter: @USMC_TFPhoenix - Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Ukraine:
https://www.bbc.com/news/world-europe-67691222
PacketPushers:
https://packetpushers.net/podcast/hs060-power-micro-generation-for-data-center/
DHH stuff:
https://www.linkedin.com/feed/update/urn:li:activity:7142965560153104384/
https://world.hey.com/dhh/we-have-left-the-cloud-251760fb
https://world.hey.com/dhh/the-big-cloud-exit-faq-20274010
Current Events Around AI
In this episode of Phoenix Cast, hosts John, Rich, and Kyle discuss current events, with a focus on a slew of AI topics.
Share your thoughts with us on Twitter: @USMC_TFPhoenix - Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
A couple of Podcasts to Listen to:
https://podcasts.google.com?feed=aHR0cHM6Ly9hbmV5ZW9uYWkubGlic3luLmNvbS9yc3M%3D&episode=ZTM5OTVkZjUtZWNhMi00ODQ4LTkwN2ItYTBmNmQ5YWFjZmFh
https://podcasts.google.com?feed=aHR0cHM6Ly9mZWVkcy5zaW1wbGVjYXN0LmNvbS81NG5BR2NJbA%3D%3D&episode=NmU5MGJhZDctNDgwZi00OTc0LTkyZjgtZDRlNzY1MjBiNDNj
Articles we discuss:
https://www.reuters.com/technology/sam-altmans-ouster-openai-was-precipitated-by-letter-board-about-ai-breakthrough-2023-11-22/
https://openai.com/blog/introducing-gpts
https://www.theguardian.com/technology/2023/nov/25/how-crisis-openai-sam-altman-unfolded#:~:text=And%20a%20major%20event%20in,the%20alleged%20breaches%20of%20trust.
https://www.vox.com/future-perfect/2023/11/21/23971765/openai-sam-altman-microsoft
https://cset.georgetown.edu/wp-content/uploads/CSET-Decoding-Intentions.pdf
https://www.tomshardware.com/news/nvidia-takes-chip-business-revenue-crown-from-tsmc
https://youtu.be/3d0kk88IE8c?si=mbkXS_Vw5ZZStyO4
TAK
In this episode of Phoenix Cast, hosts John, Rich and Kyle are joined by special guests Ryan Mclean and Maj Steve Magee to discuss all things TAK.
Share your thoughts with us on Twitter: @USMC_TFPhoenix. Follow MARFORCYBER, MCCOG, and MCCYWG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
A seat at the table (book) - https://www.amazon.com/A-Seat-at-Table-Mark-Schwartz-audiobook/dp/B0767H9ZMM/ref=sr_1_1?crid=1NT0IPPB1XDVF&keywords=a+seat+at+the+table&qid=1695399655&sprefix=a+seat+at+the+table%2Caps%2C1032&sr=8-1
TAK website - https://tak.gov/
YouTube:https://youtu.be/H8L239kQnqU?si=zoVJwnhTyV-IJe8_
MCCOG with Col Eovito
In this episode of Phoenix Cast, hosts John, Rich and Kyle are joined by special guest Col Bryan Eovito to discuss the latest with the Marine Corps Cyberspace Operations Group.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
House Armed Services Committee (HASC) Sub-committee for Cyberspace, Innovative Technology, and Information Systems (CITI) Hearing on the DoD Replicator Program:
-https://armedservices.house.gov/hearings/citi-hearing-can-it-work-outside-perspectives-dods-replicator-program
DoD Replicator Program:
-https://www.defense.gov/News/Speeches/Speech/Article/3507156/deputy-secretary-of-defense-kathleen-hicks-keynote-address-the-urgency-to-innov/
-https://warontherocks.com/2023/09/scaling-the-future-how-replicator-aims-to-fast-track-u-s-defense-capabilities/
MoveIT, Looney Tunables, iPhone zero days, state of DEVOPS
In this episode of Phoenix Cast, hosts John, Rich, and Kyle discuss a trio of terrible items from the news. They also discuss Googles state of DEVOPS report.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Looney Tunables -
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so
https://www.bleepingcomputer.com/news/security/exploits-released-for-linux-flaw-giving-root-on-major-distros/?mibextid=Zxz2cZ
https://hackaday.com/2023/10/06/this-week-in-security-looney-tunables-not-a-0-day-and-curl-warning/
MoveIt - https://techcrunch.com/2023/08/25/moveit-mass-hack-by-the-numbers/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAKI26YxLOJ3LtfPNiJcdBP7BjU5pY0NLPt_rZ1BSmhkA67JuGSVuYD5tuhnZTBdr6h-hdVsmq97cSlvBy-cClsH8C5uTJ5sLvcl9QDYYhdFqMu_8FDx4wLMOKUb7ixUEF2kg6NXDtajrK38ERHg4zm487zavIDNsKJrbDr4h-fGE
https://www.darkreading.com/attacks-breaches/financial-firms-breached-in-moveit-cyberattacks-now-face-lawsuits
https://www.bleepingcomputer.com/news/security/the-moveit-hack-and-what-it-taught-us-about-application-security/
https://www.progress.com/moveit
https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/
Apple Zero Days:
https://www.bleepingcomputer.com/news/apple/apple-emergency-update-fixes-new-zero-day-used-to-hack-iphones/?fbclid=IwAR1V3v3W0kJslsY59ayfrB0UswUzpE9bP0ARmlp1VDLDjx2po4WDUoKuGWs_aem_AVWQ2hLENrbnURcSsKrImQS79tU85DLt59xWTfeGF7ByyJ61n4Nt8jnosltfbzscecE&mibextid=Zxz2cZ
https://support.apple.com/en-us/102657#:~:text=Mac%3A%20Choose%20Apple%20menu%20%EF%A3%BF,system%20files%22%20is%20turned%20on.
State of DevOps Report:
https://cloud.google.com/blog/products/devops-sre/announcing-the-2023-state-of-devops-report
Industrial DevOps:
https://itrevolution.com/product/industrial-devops-book/
National Security Commission on Artificial Intelligence:
https://www.nscai.gov/
2DMARDIV RXR and C2
In this episode of Phoenix Cast, hosts John and Kyle are joined by special guest Maj Mike Holdridge to discuss the finer art of integration. How he used it during some of 2DMARDIVs Recon / Counter Recon (RXR) Command and Control efforts, how it is important when working with other services, and much more!
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Cuomo cast - https://open.spotify.com/episode/0NnW7mGPejy7ShiaTTPC0b
So good they cant ignore you (book) - https://www.amazon.com/So-Good-They-Cant-Ignore-You-audiobook/dp/B009CMO8JQ/ref=sr_1_1?hvadid=580766089613&hvdev=c&hvlocphy=9007853&hvnetw=g&hvqmt=e&hvrand=14511546083734599107&hvtargid=kwd-329614426959&hydadcr=21909_13324147&keywords=so+good+they+can+t+ignore+you&qid=1695265691&sr=8-1
Range (book) - https://www.amazon.com/Range-David-Epstein-audiobook/dp/B07N6MPWLS/ref=sr_1_1?crid=U5ABOFOL3FNF&keywords=range&qid=1695265723&s=audible&sprefix=range%2Caudible%2C68&sr=1-1
Cyber Fires
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guests Jack Schweitzer and Col Jake Portaro to discuss the cyber fires process and the relation to targeting.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
DEVOPS Explainer
In this episode of Phoenix Cast, hosts John and Kyle talk about the basics of DEVOPS and provide some examples of military applicability.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Current Events
In this episode of Phoenix Cast, hosts John and Kyle discuss a slew of articles of interest and current events worthy of your consideration.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Solarwinds:
https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/
New domains:
https://blog.google/products/registry/8-new-top-level-domains-for-dads-grads-tech/
https://www.reddit.com/r/programming/comments/13fsvl5/the_zip_tld_sucks_and_it_needs_to_be_immediately/jjxivcp?utm_source=share&utm_medium=android_app&utm_name=androidcss&utm_term=1&utm_content=share_button
Zenbleed:
https://cybersecuritynews.com/aws-zenbleed-attacks/
GameOver(lay):
https://thehackernews.com/2023/07/gameoverlay-two-severe-linux.html?_m=3n%2e009a%2e3107%2eit0ao0egkj%2e23bw&m=1
PyPI:
https://www.bleepingcomputer.com/news/security/pypi-temporarily-pauses-new-users-projects-amid-high-volume-of-malware/
China LoL:
https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF
Microsoft Exchange365 Breach:
https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/
Defender IOT:
https://www.bleepingcomputer.com/news/microsoft/microsoft-previews-defender-for-iot-firmware-analysis-service/?fbclid=IwAR08GUK_CxMY_EhsZi2EwNl3zlgolHan2-rkV11UVyEeEeZyH41E5SgI_7I_aem_AaGJSY9KfdRFYfMcsXu--32Np4pCTG2HQvRcuJJZr9U2zAxczEjsP3Vtugm8lN6Sptc&mibextid=Zxz2cZ
Expeditionary Communications Course
In this episode of Phoenix Cast, hosts John and Kyle are joined by special guests CWO Daniel Belew and Maj Toby Pope to talk about the Expeditionary Communications Course.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
MCTSSA Fleet Support
In this episode of Phoenix Cast, hosts John and Kyle are joined by special guests Rick Bobst and TJ Johnson from Marine Corps Tactical Systems Support Activity. They discuss Warfighter Support Division and some interesting initiatives they are working on.
Share your thoughts with us on Twitter: @USMC_TFPhoenix and be sure to follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
What is a Panasonic Toughbook?
Force Design 2030
Cyber Legal
In this episode of Phoenix Cast, hosts John and Kyle chat with CAPT Pete Pascucci on all things cyber legal. Does cyber legal handle defensive AND offensive cyber? What is an authority? When should you involve your cyber legal team? We answer all of this and more, plus we managed the maximum amount of fun with the minimum amount of billable hours. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts. Links: Book recommendation: https://www.amazon.com/Tubes-Andrew-Blum-audiobook/dp/B00870FL4A/ref=sr_1_1?keywords=tubes+a+journey&qid=1685661250&sr=8-1 https://www.amazon.com/Tallinn-Manual-International-Applicable-Operations/dp/1316630374/ref=sr_1_1?keywords=tallinn+manual&qid=1685661314&s=audible&sr=1-1&ufe=app_do%3Aamzn1.fos.006c50ae-5d4c-4777-9bc0-4513d670b6bc Podcast recommendations: https://www.lawfareblog.com/topic/cyberlaw-podcast https://www.nationalsecuritylawpodcast.com/ Cyber news sites:...
War-Winning Software
In this episode of Phoenix Cast, hosts John and Kyle are joined by special guest Bryon Kroger and discuss cATO and cRMF, UX design and investing in the right practices and career paths.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Rise8 Origin Story: https://rise8.us/resources/rise8-origin-story
Prodacity event: https://rise8.us/events/prodacity
Lean Enterprise: How High Performance Organizations Innovate at Scale 1st Edition, Kindle Edition: https://www.amazon.com/Lean-Enterprise-Performance-Organizations-Innovate-ebook/dp/B08DDK2X52/ref=tmm_kin_swatch_0?_encoding=UTF8&qid=1684441037&sr=8-3
Reaction Cast: Universal LLM Jailbreak
In this episode of Phoenix Cast, hosts John and Kyle discuss LLM jailbreaks, the Flipper0 getting banned from Amazon, the leak that has been part of national news, and an asset key thief vuln in google cloud.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
LLM Jailbreak article: https://adversa.ai/blog/universal-llm-jailbreak-chatgpt-gpt-4-bard-bing-anthropic-and-beyond/
Marine Squad defeats AI:
https://taskandpurpose.com/news/marines-ai-paul-scharre/
https://www.c4isrnet.com/cyber/2023/04/26/zero-trust-could-have-limited-pentagon-leak-navy-cto-says/
Flipper0 - https://flipperzero.one/
Banned by Amazon - https://www.bleepingcomputer.com/news/technology/flipper-zero-banned-by-amazon-for-being-a-card-skimming-device-/#:~:text=Amazon%20has%20banned%20the%20sale,as%20a%20card%2Dskimming%20device
Asset Key Thief:
https://engineering.sada.com/asset-key-thief-disclosure-cfae4f1778b6
Charlie and the Software Factory
In this episode of Phoenix Cast, hosts John and Kyle are joined by special guests Lieutenant Colonels Charlie Bahk and Sam Gray. They talk about software development and the newly announced Marine Corps Software Factory.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://tanzu.vmware.com/software-factory
GitHub Private Key Exposure, Ukraine, Better help privacy
In this episode of Phoenix Cast, hosts John and Kyle discuss GitHub exposing its private key, the Ukraine Software Warrior Brigade and better help sharing personal user data.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
GitHub Priv Key: https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/
Ukraine Software Warrier Brigade:
https://www.wsj.com/articles/ukraines-deadly-computer-science-brigade-russia-invasion-drone-engineer-software-wartime-weaponry-production-e0643979
Ukraine from google:
https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/amp/
Better help:
https://www.ftc.gov/business-guidance/blog/2023/03/ftc-says-online-counseling-service-betterhelp-pushed-people-handing-over-health-information-broke
Project DYNAMIS and the Future for Comm
In this episode of Phoenix Cast, hosts John and Kyle are joined by special guest Col Jason Quinter and the team talks JADC2, Project DYNAMIS, and comm architectures of the future.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Palantir vs DCGS-A: https://www.defensenews.com/land/2019/03/29/palantir-who-successfully-sued-the-army-just-won-a-major-army-contract/
MC Times JADC2 article:
https://www.marinecorpstimes.com/news/your-marine-corps/2023/02/23/how-jadc2-is-like-a-grill-according-to-one-marine-colonel/?utm_source=sailthru&utm_medium=email&utm_campaign=mil-ebb&SToverlay=de88742f-46f7-4f2c-819d-3b36a47d6a7e
Marine Corps Software Factory announcement
In this episode of Phoenix Cast - recorded in Austin TX during SXSW - hosts John and Kyle are joined by special guest LtCol Charlie Bahk, and the team discusses the announcement of the Marine Corps Software Factory.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://www.hqmc.marines.mil/mcswf
VMware vuln, Twitter makes SMS Premium
In this episode of Phoenix Cast, hosts John and Kyle talk about a new(ish) VMware vulnerability, Twitter making SMS MFA a paid feature, and some strange things about Bing AI.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://www.bleepingcomputer.com/news/security/vmware-warns-admins-to-patch-esxi-servers-disable-openslp-service/
https://www.darkreading.com/vulnerabilities-threats/attackers-can-exploit-flaw-in-vmware-esxi-hypervisor-in-multiple-ways
https://www.darkreading.com/cloud/global-ransomware-attack-vmware-exsi-hypervisors-continues-to-spread
https://www.darkreading.com/vulnerabilities-threats/cisa-releases-recovery-script-for-victims-of-esxiargs-ransomware
https://github.com/cisagov/ESXiArgs-Recover
https://www.pcmag.com/how-to/twitter-two-factor-authentication-acting-up-how-to-secure-your-account
https://www.theverge.com/2023/2/17/23605073/twitter-blue-charge-sms-2fa
https://darknetdiaries.com/transcript/87/
https://www.lawfareblog.com/lawfare-podcast-chatgpt-tells-all
Comm Battalion Commanders
In this episode of Phoenix Cast, hosts John and Kyle are joined by special guests LtCols Dave Burton and Jeff Rohman - the Commanders of 8th and 9th Comm. They discuss planning for Command, how theyve organized their respective battalions, and all other things Comm Bn.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
ChatGPT, DoD Cloud Contract, Google Management Traits?
In this episode of Phoenix Cast, hosts John and Kyle discuss the award of Joint Warfighting Cloud Capability and ChatGPT.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Wikipedia:
https://en.wikipedia.org/wiki/ChatGPT#cite_note-code_red-37
Google on ChatGPT: https://www.nytimes.com/2022/12/21/technology/ai-chatgpt-google-search.html
https://www.theinsaneapp.com/2022/12/top-chat-gpt-examples.html
JWCC: https://www.defense.gov/News/News-Stories/Article/Article/3243483/department-names-vendors-to-provide-joint-warfighting-cloud-capability/
On Tactics, On Operations
In this episode of Phoenix Cast, hosts John and Kyle are joined by special guest Brett Friedman and the team talks about tactics, whether or not the operational level of war exists, and even a bit of force design.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://www.usni.org/press/books/tactics
https://www.usni.org/press/books/operations
https://www.amazon.com/American-Way-War-Military-Strategy/dp/025328029X
https://www.amazon.com/21st-Century-Ellis-Operational-Strategic/dp/1612518079/ref=sr_1_1?keywords=21st+century+ellis&qid=1671484665&s=books&sprefix=21st+century+ellis%2Cstripbooks%2C115&sr=1-1
https://press.armywarcollege.edu/cgi/viewcontent.cgi?article=1619&context=monographs
Return of Clausewitz
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are re-joined by special guest Olivia Garard and they talk Clausewitz and the Defense.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://mwi.usma.edu/some-clausewitzian-thoughts-on-the-ukrainian-defense/
Multi-domain C2 operations
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest Col Jeremy Winters, and they discuss all things Marine Air Control Group.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://www.youtube.com/watch?v=O9gTAjbiQEM&ab_channel=MarineCorpsRecruiting
https://www.amazon.com/Kill-Chain-Defending-America-High-Tech/dp/B086KQC2H2/
https://www.amazon.com/Limitless-Upgrade-Anything-Faster-Exceptional/dp/B086WPC14V/
https://www.amazon.com/Three-Dangerous-Men-Irregular-Warfare/dp/B095J93H5C/
https://www.amazon.com/Legacy-James-Kerr-audiobook/dp/B00FK500ZK/
https://www.themiloffice.com/
Mobile Forensics
In this episode of Phoenix Cast, hosts John and Kyle are joined by special guest Jessica Hyde, and they discuss all things Mobile Forensics.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://www.hexordia.com/
https://dfirdiva.com/
https://thisweekin4n6.com/
https://www.13cubed.com/
https://aboutdfir.com/a-beginners-guide-to-the-digital-forensics-discord-server/
https://cyberdefenders.org/blueteam-ctf-challenges/
https://www.youtube.com/c/DFIRScience
https://dfir.pubpub.org/pub/inkjsqrh/release/2
https://www.swgde.org/documents/published-complete-listing https://www.giac.org/podcasts/trust-me-im-certified/power-of-mind-over-matter-with-jessica-hyde/
Digital Transformation, Software Dev and Factories, and VMware Tanzu
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest Aaron Swain. They discuss what a Director of Digital Transformation does, software factories/software development, and the state of the software within the DoD.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Exchange Vuln and Meetings
In this episode of Phoenix Cast, hosts John, Rich, and Kyle discuss an exchange vulnerability and some thoughts on meetings - when to have them, what we need to fix, and even a tie into doctrine and planning.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Exchange vuln: https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-new-exchange-zero-days-are-used-in-attacks/
Adam Grant (tweet):
https://twitter.com/adammgrant/status/1575919115621249025?s=46&t=3ssUn0PdP9nZeSGThMitSg
Bloomberg Article:
https://www.bloomberg.com/news/articles/2022-09-26/are-meetings-a-waste-of-time-pointless-plans-cost-big-companies-100m
Book:
The Geography of Thought: How Asians and Westerners Think Differently...and Why https://a.co/d/eaMtKZk
BYOD for the Marine Corps?
In this episode of Phoenix Cast, hosts John and Kyle are joined by special guest Col Brian Russell and we discuss whether BYOD is the right thing for the Marine Corps.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Fedscoop article on BYOD: https://www.fedscoop.com/army-to-kick-off-bring-your-own-device-byod-pilot-in-coming-weeks/
Brians article for the MCA: https://mca-marines.org/blog/2022/07/12/before-firing-a-shot-operations-in-the-information-environment-in-the-marine-corps/
NIST 800-207: https://csrc.nist.gov/publications/detail/sp/800-207/final
CrowdStrikes Zero Trust overview: https://www.crowdstrike.com/cybersecurity-101/zero-trust-security/
Google BeyondCorp: https://cloud.google.com/beyondcorp
Oktas BeyondCorp Website: https://beyondcorp.com
Password Manager hack
In this episode of Phoenix Cast, hosts John and Kyle talk through a recent password manager hack, accessing air gapped data through LEDs, and NDAA language around vulnerabilities.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Bloomberg article about LastPass:
https://www.bloomberg.com/news/articles/2022-08-25/the-world-s-most-popular-password-manager-says-it-was-hacked
Air gapped computers hacked through switch/network card LED lights:
https://www.bleepingcomputer.com/news/security/etherled-air-gapped-systems-leak-data-via-network-card-leds/?fbclid=IwAR0KzowuUfZ_V5yKfcuwEmhn7DrcsasMQf8YHCbrtj6FjqXOy14iecjXsq8
NDAA:
https://www.congress.gov/bill/117th-congress/house-bill/7900/text
Sect 6722
FD2030, RXR, and the role of Comm/Cyber/Intel
In this episode of Phoenix Cast, hosts John and Kyle are joined by special guest LtCol Scott Cuomo and the team talks about Force Design 2030, Recon/Counter-Recon, and what experience Scott has experimenting with the concepts, and his recommendations for Comm / Intel / and Cyber Marines.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
WoTR podcast with MGen Donovan:
https://warontherocks.com/2022/08/the-task-force-at-the-bleeding-edge-of-the-marine-corps/
Scotts critique of Owen Wests article:
https://warontherocks.com/2022/07/on-the-ground-truth-and-force-design-2030-reconciliation-a-way-forward/
FD2030 articles:
https://mca-marines.org/wp-content/uploads/The-Case-for-Change.pdf
https://www.armyupress.army.mil/journals/military-review/online-exclusive/2021-ole/berger-future/
https://www.usni.org/magazines/proceedings/2022/april/stand-forces-adapt-or-perish
https://warontherocks.com/2020/05/getting-the-context-of-marine-corps-reform-right/
https://mca-marines.org/wp-content/uploads/Not-Yet-Openly-at-War-But-Still-Mostly-at-Peace.pdf
Strategic Advantage Depends on Cyber Vulnerabilities of Weapon Systems Article
In this episode of Phoenix Cast, hosts John and Kyle discuss an article about strategic advantage and how the authors of the article feel cyber contributes (or fails to contribute).
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Hill Article: https://thehill.com/opinion/cybersecurity/3591153-us-strategic-advantage-depends-upon-addressing-cybersecurity-vulnerabilities-of-weapon-systems/amp/
BGen Jay Matos
In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest BGen Jay Matos and talk Task Force NetMod, the direction of the 06XX MOS, and what software development will look like in the Marine Corps.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
JADC2-https://www.defense.gov/News/News-Stories/Article/Article/2972369/jadc2-implementation-plan-finalized-signed-by-defense-leadership/
JWCC-https://en.wikipedia.org/wiki/Joint_Enterprise_Defense_Infrastructure
Thunderdome-https://www.fedscoop.com/disa-setting-direction-for-thunderdome-cybersecurity-initiative/
Army Software Factory-https://www.fedscoop.com/marines-to-embed-at-army-software-factory%EF%BF%BC/
MCDP 8-https://www.marines.mil/News/Publications/MCPEL/Electronic-Library-Display/Article/3077947/mcdp-8-information/
PyPI
In this episode of Phoenix Cast, hosts John and Kyle talk through PyPI announcing they were rolling out 2FA for critical repos and some of the fallout as a result of this decision.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Snark: https://www.merriam-webster.com/dictionary/snark
PyPI article: https://www.bleepingcomputer.com/news/security/pypi-mandates-2fa-for-critical-projects-developer-pushes-back/?fbclid=IwAR1miz9zGORelshF19IwWZ_GdGClAMCOdvXlDBfXiVwVzWKuHYcwZCkHKPE&fs=e&s=cl
Ethical hacking gone wrong: https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/
Space Force
In this episode of Phoenix Cast, hosts John, Rich, and Kyle talk about all things Space Force with special guest Erika Teichert.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Aliens Space Marines getting ready: https://www.youtube.com/watch?v=1j3wJqvesDc
Interesting Videos on Space Debris/Junk (https://www.youtube.com/watch?v=eeQnv_IWttw and https://www.youtube.com/watch?v=yS1ibDImAYU )
https://www.marines.mil/News/News-Display/Article/2961417/marine-corps-establishes-17xx-information-maneuver-occupational-field/
Joint Publication 2-01.1 - Joint Tactics, Techniques, and Procedures for Intelligence Support to Targeting (https://irp.fas.org/doddir/dod/jp2_01_1.pdf )
Web 3.0 Security, Passwordless login, iPhone offline hack
In this episode of Phoenix Cast, hosts John and Kyle talk about some current event type of things. Have a listen to hear about an angry admin getting 7 years in prison, a passwordless movement, security implications of web 3.0, and an iPhone hack that works when your phone is powered off.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Passwordless:
https://developers.google.com/identity/fido
https://moxie.org/2022/01/07/web3-first-impressions.html
Quick Reaction: Lapsus$ Ronin and Atlassian
Show notes
In this episode of Phoenix Cast, hosts John and Kyle talk about a pair of recent hacks and some SaaS downtime.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
-https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/
-https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/
-https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
-https://www.wired.com/story/okta-hack-microsoft-bing-code-leak-lapsus/
-https://fortune.com/2022/03/24/mastermind-lapsus-microsoft-nvidia-okta-hack-16-year-old-living-mom/
-https://gizmodo.com/lapsus-hackers-are-stealing-microsoft-samsung-okta-d-1848687645
-https://newsletter.pragmaticengineer.com/p/scoop-atlassian?s=r
CSSP and the Basics of what the 06XX Community provides
In this episode of Phoenix Cast, hosts John and Kyle welcome two special guests - a pair of CWOs - Jon Cole and Rob Mawson. Adding to the conversation started in Episode 51 - DCO-IDM, the team talks about the role of the 06XX community in cybersecurity, and what the roles of the 0630 and 0670 Chief Warrant Officers.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://terminallance.com/2013/01/18/terminal-lance-245-myths-and-legends-v/
Cyber Manpower Management
In this episode of Phoenix Cast, hosts John, Rich, and Kyle talk with MSgt Tim Gastonguay - the enlisted monitor for the 17XX MOS. The team talks assignments, recommendations for interacting with your monitor, and some general information for the cyberspace MOS.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
-https://www.marines.mil/News/Messages/Messages-Display/Article/2958811/establishment-of-the-information-maneuver-1700-occupational-field/
https://www.marines.mil/News/Messages/Messages-Display/Article/2978720/talent-management-strategy-group/
-https://www.amazon.com/Talent-War-Special-Operations-Organizations-ebook/dp/B08GFG5C53
-https://www.marines.mil/News/Publications/MCPEL/Electronic-Library-Display/Article/900339/mco-13008-ch-1/
https://www.marines.mil/Portals/1/MCO%201300.8.pdf
-https://www.amazon.com/Happiness-Hypothesis-Finding-Modern-Ancient/dp/0465028020
Conti and Current Events
In this episode of Phoenix Cast, hosts John, Rich, and Kyle talk about a series of cyber issues around current events. They discuss the Conti leaks, Anonymous announcing war via tweet, and ICANN responding to a de-listing request.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Conti: https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iii-weaponry/
https://en.wikipedia.org/wiki/Conti_(ransomware)
https://www.cisa.gov/uscert/ncas/alerts/aa21-265a
https://arstechnica.com/information-technology/2022/03/conti-cybergang-gloated-when-leaking-victims-data-now-the-tables-are-turned/
Anon:
https://www.theguardian.com/world/2022/feb/27/anonymous-the-hacker-collective-that-has-declared-cyberwar-on-russia
https://www.engadget.com/apple-tv-plus-severance-trailer-213716350.html
Kilkullen accidental guerilla
https://www.amazon.com/Man-Without-Face-Unlikely-Vladimir/dp/1594486514
ICANN: https://www.engadget.com/icann-says-it-wont-kick-russia-off-the-internet-212332356.html
https://arstechnica.com/tech-policy/2022/03/icann-wont-revoke-russian-internet-domains-says-effect-would-be-devastating/
UBA:
https://www.youtube.com/watch?v=SaaDLcC0ahM
https://www.youtube.com/watch?v=DoS9_Mr_K2E
https://www.google.com/books/edition/The_Accidental_Guerrilla/
DCO-IDM Companies
In this episode of Phoenix Cast, hosts John, Rich, and Kyle welcome special guests Maj Kris Drake and Lt Trevor Barrow to talk about DCO-IDM. What is it, how does it work? What does this acronym even stand for? All this and more are available for your listening pleasure!
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
CISA's Warning and Ukraine
In this quick take episode of Phoenix Cast, hosts John, Rich, and Kyle discuss a warning from CISA. Does the warning deviate from what we have covered on previous casts, or reinforce what we have been saying from the beginning? What is different about this? Do uniformed developers bring something special to the table? If we decide to take on more uniformed developers, how do we train them? Retain them? Have a listen to get this and more. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your...
To Dev or not to Dev
In this episode of Phoenix Cast, hosts John, Rich, and Kyle talk with special guest Maj Erik Rye about all things Dev. Do uniformed developers bring something special to the table? If we decide to take on more uniformed developers, how do we train them? Retain them? Have a listen to get this and more.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://www.mitre.org/sites/default/files/publications/pr-19-03715-2-modernizing-dod-requirements-enabling-speed-agility-and-innovation.pdf
https://scholar.google.com/citations?user=e-7AgFoAAAAJ&hl=en
Gaming Security
In this episode of Phoenix Cast, hosts John, Rich, and Kyle talk about the security of video games, a new phishing vector via google docs, and a concerning trend of security programs shipping with embedded cryptocurrency mining software.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://www.ifsecglobal.com/global/pokemon-go-security-risks-flagged-by-the-cia-middle-eastern-states-and-data-security-experts/
https://www.imdb.com/title/tt1677720/
https://services.google.com/fh/files/misc/esg_technical_validation_google_cloud_for_gaming.pdf
https://krebsonsecurity.com/2022/01/500m-avira-antivirus-users-introduced-to-cryptomining/
https://www.digitalshadows.com/blog-and-research/cyber-threats-to-the-online-gaming-industry/
https://threatpost.com/sega-security-aws-s3-exposed-steam/177352/
Phoenix Cast and Cognitive Crucible
The Cognitive Crucible is a forum that presents different perspectives and emerging thought leadership related to the information environment. The opinions expressed by guests are their own and do not necessarily reflect the views of or endorsement by the Information Professionals Association.
In this crossover episode of the Phoenix Cast and Cognitive Crucible, John Bicknell is joined by John Schreiner, Kyle Moschetto, and Rich Vaccariello. The podcast hosts discuss why they started their respective casts, how they view competition, the key take-away of their casts, the top must-listen episodes, and the other podcasts they listen to.
Quick Reaction Log4Shell
In this episode of Phoenix Cast, hosts John and Kyle talk about the latest vulnerability disclosure Log4j (also called Log4Shell). The hosts discuss what the vulnerability is, why it is important, and the recommended actions to remediate (as well as what to do if you cant do that right now).
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
CISA statement: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability
Explanation through memes: https://blog.devgenius.io/log4shell-as-explained-by-metaphor-and-memes-38de224a2eb7
Tidings of Teamwork & Technology
In this episode of Phoenix Cast, hosts John, Rich, and Kyle each bring a topic to discuss. Rich opens the discussion with the new version of JEDI - the Joint Warfighting Cloud Capability, John discusses how Spotify scales Agile, and Kyle brings it home with the concept of the minimum viable security product.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Wires of War: https://www.amazon.com/dp/1982144432/ref=cm_sw_r_cp_api_glt_fabc_dl_48SYDY7N23PYRJ6CGENZ
Joint Warfighting Cloud Capability: https://www.nytimes.com/2021/11/03/technology/google-pentagon-artificial-intelligence.html
Agile at Spotify: https://www.atlassian.com/agile/agile-at-scale/spotify
Minimum Viable Security Product: https://mvsp.dev
Innovation Challenge Winners
In this episode of Phoenix Cast, hosts John, Rich, and Kyle talk with the winners of the 2021 innovation challenge Maj. Vic Castro and Cpl. Will Crum. They discuss why they entered, how they went about creating their successful app, and their thoughts on how the Marine Corps can further benefit from efforts like this.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://www.dvidshub.net/news/407879/mef-wins-micro-app-innovation-challenge-against-coders-across-marine-corps
Talent Management
In this episode of Phoenix Cast, hosts John, Rich, and Kyle talk about the recently released talent management 2030. Going through the points of the executive summary, the hosts provide their reaction to the document and what the implications of the proposed changes could mean for the force.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
https://www.hqmc.marines.mil/Portals/142/Users/183/35/4535/TM2030%20Exec%20Summ.pdf?ver=UzvXdXyaJwNg6k-csrKAtw%3d%3d
https://www.marines.mil/News/Press-Releases/Press-Release-Display/Article/2831808/commandant-of-the-marine-corps-issues-talent-management-2030-plan/
Cybersecurity Month
In this episode of Phoenix Cast, hosts John and Kyle talk about some of the basics of cybersecurity. Covering the topics Passwords, Phishing, and Supply Chain, the hosts provide recommendations on how to make improvements in your personal life and in the field. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
BGen Pasagian - MARCORSYSCOM
In this episode of Phoenix Cast, hosts John, Rich, and Kyle welcome special guest BGen AJ Pasagian, the Commanding General of Marine Corps Systems Command. The cast gets schooled on all things acquisitions, as BGen Pasagian walks the team through what he wishes Comm and Cyber Marines knew, his thoughts on securing the supply chain, and what needs to change. Check out the links below to listen to Equipping the Corps, the official podcast of MCSC. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on...
With the Authors: Responsible Cyber Offense
In this episode of Phoenix Cast, hosts John, Rich, and Kyle welcome special guests Perri Adams, Dave Aitel, George Perkovich, and JD Work. The guests discuss their article Responsible Cyber Offense explaining to the hosts why they wrote the article, going through the specific recommendations point by point, and then answering what they wish they could add. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts and please share to continue the conversation.
Links: https://www.lawfareblog.com/responsible-cyber-offense
Clausewitz and Cyber
In this episode of Phoenix Cast, hosts John, Rich, and Kyle welcome special guest Olivia Garard - @teaandtactics on Twitter. In a departure from the norm for the cast, Olivia takes the mic and discusses concepts from her book An Annotated Guide to Tactics: Carl von Clausewitzs Theory of the Combat and whether or not the hosts think Clausewitz actually applies to Cyber. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Olivias book: https://www.usmcu.edu/Portals/218/GuidetoTactics-web.pdf
Olivias Podcast appearance on PME.com: https://www.professionalmilitaryeducation.com/carl-von-clausewitz-theory-of-the-combat/
Hot Take: Confluence and Exit of Air Force's First CFO
In this episode of Phoenix Cast, hosts John, Rich, and Kyle go it alone without a guest. They discuss the latest vulnerability in Confluence (CVE-2021-2608) and the exit of the Air Forces first Chief Software Officer. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Links:
Confluence: https://us-cert.cisa.gov/ncas/current-activity/2021/09/03/atlassian-releases-security-updates-confluence-server-and-data
Nick Chaillan: https://www.theregister.com/2021/09/03/usaf_chief_software_officer_quits_angry_post
DCGS-A/Palantir: https://www.defensenews.com/land/2019/03/29/palantir-who-successfully-sued-the-army-just-won-a-major-army-contract/
THE Warrant Officer
In this episode of Phoenix Cast, hosts John, Rich, and Kyle talk with special guests Capt Leila Doumanis and CWO5 (Ret) Jason Kirk about the mythical Chief Warrant Officer rank. They discuss the transition, balancing hands-on keyboard, teaching, and how to maintain proficiency. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
Recommended Reading:
Freedoms Forge https://www.amazon.com/Freedoms-Forge-American-Business-Produced/dp/0812982045
Link: https://www.marines.mil/Portals/1/Publications/SECNAVINST%201412.9B.pdf
Hot Take
In this episode of Phoenix Cast, hosts John and Kyle share their thoughts on coming to work in cyber, professional military education, and then give us their conclusions.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!)
Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube.
Leave your review on Apple Podcasts.
Getting Started with Cloud
In this episode of Phoenix Cast, hosts John and Kyle talk about getting started with cloud. They will answer the questions of why is learning cloud so hard? and where do I start.
Share your thoughts with us on Twitter: @USMC_TFPhoenix
Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube.
Leave your review on Apple Podcasts.
PrintNightmare and Kaseya Ransomware attack
In this hot take of Phoenix Cast, hosts John and Kyle discuss the recent PrintNightmare and Kaseya Ransomware attack. This isnt the first time ransomware has come up in the podcast and is surely not the last. In this episode, John and Kyle will discuss what was different about these attacks and why they matter.
Share your thoughts with us on Twitter: @USMC_TFPhoenix
Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube.
Leave your review on Apple Podcasts.
Defense Robotics with Sean Bielat
In this episode of Phoenix Cast, hosts John, Rich, and Kyle talk to Sean Bielat, a defense robotics expert and a previous United States Marine Corps officer with an incredibly interesting backstory. Sean talks to the crew about how to define defense robotics, where he thinks it is headed in the future, and even delves into some of the ethical issues around the technology and the safeguards that have been taken. Kyles hot take Less than lethal will change the way we think about and employ the technology. Share your thoughts with us on Twitter: @USMC_TFPhoenix Follow MARFORCYBER & MCCOG...
Digital Forensics with Jared Luebbert
In this episode of Phoenix Cast, hosts John, Rich and Kyle talk to Jared Luebbert, a digital forensics and litigation support professional who currently serves in the United States Marine Corps as a warrant officer and owns his own private practice. He has been practicing digital forensics analysis worldwide for six years. Quotables: The more and more I do it, the more I fall in love with it. Jared Step one, if youve been hacked thats a crime so you should probably take this to law enforcement, maybe get a criminal investigator That isnt typically what Im for. Jared Focus...
Deputy Commandant of Information, Lt. Gen. Lori Reynolds
In this episode of Phoenix Cast, hosts John and Kyle and Rich talk to special guest Lt. Gen. Lori Reynolds, deputy commandant of information, about DMCEN, cyber Marines, and how to support the warfighter with cyber. Before serving as DCI, Lt. Gen. Reynolds served as the Marine Corps Forces Cyberspace Command commander. She started as a communications officer before the internet was a big deal and talks about her journey to understand the world of cyberspace and how important it is for the Marine Corps. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on...
BGen Loni Anderson, DCOM JTF-ARES
In this episode of Phoenix Cast, hosts John and Kyle and Rich talk to special guest Brig. Gen. Loni Anderson, deputy commander of Joint Task Force-Ares, about the cyber battlespace and the role of JTF-Ares. Anderson is a reservist that has served as a pilot, graduating from the Navys premier fighter pilot TOPGUN training school, flown many combat sorties over southern Iraq, and was even a member of the Blue Angels.
Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!)
Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube.
Leave your review on Apple Podcasts.
Colonial Pipeline Hack and Ransomware
Dont understand why there was a gas shortage on the east coast? In this episode of Phoenix Cast, hosts John and Kyle talk about the recent Colonial Pipeline hack. The cast discusses who was behind the hack and broad strokes about what ransomware is and why it is difficult to defend against. This Phoenix Cast gives business owners an idea of what to do in order to protect against ransomware attacks and the importance of this type of security. Quotable: "As an attacker, you have to be right once; as a defender, you must be right all of the time"...
Nate Fick Marine Officer / Author / CEO
In this episode of Phoenix Cast, hosts John and Kyle and Rich talk to special guest Nate Fick, Marine officer, author, and CEO of Endgame, Inc., a cybersecurity software company based in Washington, D.C. and San Francisco, CA., about his transition from Marine to CEO. In this episode, the cast takes a dive into the world of being a CEO and discusses endpoint detection and response and much, much, more. Quotables: When youre trying to solve a security problem you can solve it via people, process, and technology. Nate Fick Dont be the current executive officer, be the chief explaining...
Modernizing IC4 with BGen Mahlock
In this episode of Phoenix Cast, hosts John and Kyle and Rich talk to special guest Brig. Gen. Lorna Mahlock, Director, Information, Command, Control, Communications, and Computers (IC4) and the Deputy Department of the Navy Chief Information Officer (CIO) of the Marine Corps, about leading Cyber Marines and adapting to change. Mahlock started her career enlisted as an air traffic controller. They discuss the modernization of IC4 in the Marine Corps and how it affects the Marine Corps around the globe. Quotables: We have to be able to fight as a global enterprise. - Brig. Gen. Mahlock We are the...
The Phoenix Project and DevOps with Gene Kim
In this episode of Phoenix Cast, hosts John, Kyle and Rich talk to special guest Gene Kim, author of The Phoenix Project and namesake of the podcast. Gene has been studying high performing technology organizations for 23 years. His journey started in 1999 when he was the CTO and founder of a company called Tripwire in the information security space. The hosts share how his book, The Phoenix Project, inspired them and helped them succeed in the IT and innovation world. They discuss Gene's observations about what it takes to be a high performing organization and how the military is...
Peeling Back the Cybersecurity Onion with Doug Burks
In this episode of Phoenix Cast, hosts John, Kyle and Rich talk to special guest Doug Burks, the founder and CEO of Security Onion, a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management. Doug started security onion in 2008 as a means for helping people "peel back the layers of their networks and make their adversaries cry."
Share your thoughts with us on Twitter: @USMC_TFPhoenix
Follow MARFORCYBER, MCCOG, MCCYWG, and the Network Battalions on Twitter, LinkedIn, Facebook, and YouTube.
Leave your review on Apple Podcasts.
The FIRST Network Battalion
In this episode of Phoenix Cast, hosts John, Kyle and Rich talk to special guest Lt. Col. Juliet Calvin, the commander of one of the newest units in the Marine Corps: the 1st Network Battalion. The 1st Network Battalion, first of its kind, is responsible for the information networks that support Marine warfighters in the western region. Lt. Col. Calvin shares the true story behind the formation of the battalion and why it matters to Marines in the Fleet Marine Force and the future of operations in the information environment for the Marine Corps. As a brand-new unit, Lt. Col....
Council of Colonels with Col Clearfield & Col Debish
In this episode of Phoenix Cast, hosts John, Kyle and Rich talk to special guests Col. Joseph R. Clearfield, chief of staff of Marine Corps Forces Cyberspace Command and Col. Ed Debish, commander of Marine Corps Cyberspace Operations Group, about their leadership experiences in command of premiere warfighting and cyberspace organizations. They discuss leading a Marine Expeditionary Unit (MEU), their experiences with full-spectrum cyberspace and electromagnetic spectrum operations and the importance of being a lifelong learner. Stay tuned until the end to hear what each colonel is most proud of so far in their career. Quotables: Anybody whos listening who...
Convergence in the Information Environment
In this episode of Phoenix Cast, hosts John, Kyle and Rich talk to special guest Col. Brian Russell, commander of II Marine Information Group, about his vision for convergence in the information environment. They discuss the challenges and opportunities of competing and combining a variety of information capabilities to collect, protect, and project information. Quotables: How do I as MIG commander, or all the way down to the individual Marine, collect, protect or project information? Human are in fact more important than hardware. Operations in the information environment requires a campaigning, competition and protection approach. OIE requires agility across authorities....
Instant Reaction: Baron Samedit
In this episode of Phoenix Cast, hosts John and Kyle and Rich share their instant reaction to a recently revealed vulnerability in sudo, which is a a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems. How big of a deal is CVE-2021-3156 aka "Baron Samedit"? What should you do if you're vulnerable? When will all these vulnerabilities end? Stay tuned to find out...
Share your thoughts with us on Twitter: @USMC_TFPhoenix
Leave your review on Apple Podcasts.
Learn more about Baron Samedit:
https://www.deepwatch.com/blog/sudo-vulnerability/
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
https://www.zdnet.com/article/10-years-old-sudo-bug-lets-linux-users-gain-root-level-access/
https://www.scmagazine.com/home/security-news/network-security/one-of-the-most-beautiful-bugs-ive-seen-decade-old-sudo-bug-grants-linux-root-access/
https://aws.amazon.com/blogs/opensource/stepping-up-for-a-truly-open-source-elasticsearch/
https://www.nytimes.com/2019/12/15/technology/amazon-aws-cloud-competition.html
https://arstechnica.com/gadgets/2021/01/centos-is-gone-but-rhel-is-now-free-for-up-to-16-production-servers/
Parler Compromised
In this episode of Phoenix Cast, hosts John and Kyle and Rich talk about the compromise of the social media app Parler. They discuss how a sequence of unprecedented events led to 80 terabytes of the site's data being scraped and the cybersecurity lessons to be learned from this event.
Episode Links:
Wired article: https://www.wired.com/story/parler-hack-data-public-posts-images-video/
Insecure direct object reference: https://www.acunetix.com/blog/web-security-zone/what-are-insecure-direct-object-references/#:~:text=Insecure%20direct%20object%20references%20(IDOR,control%20and%2For%20authorization%20checks.
Project Maven: https://www.nytimes.com/2018/04/04/technology/google-letter-ceo-pentagon-project.html
Share your thoughts with us on Twitter: @USMC_TFPhoenix
Leading Cyber Marines with Maj. Gen. Matthew G. Glavy
In this episode of Phoenix Cast, hosts John and Kyle and Rich talk to special guest Maj. Gen. Matthew G. Glavy, commander of Marine Corps Forces Cyberspace Command, about leading Cyber Marines and adapting to change. They discuss the challenges of communicating cyber concepts with the rest of the Marine Corps, some of his favorite book recommendations, as well as how to best communicate with senior leaders.
Share your thoughts with us on Twitter: @USMC_TFPhoenix
Instant Reaction: SolarWinds Compromise
In this bonus episode of Phoenix Cast, hosts John, Kyle and Rich break down their instant reaction to the compromise and cyberattack of SolarWinds. What really happened? What are the cybersecurity implications for you and your networks?
Share your thoughts with us on TWITTER: @USMC_TFPhoenix
Episode Notes:
1) Read the FireEye Report:
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
2) Read the Microsoft Report:
https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
Automation with Nick Russo
In this episode of Phoenix Cast, hosts John and Kyle and Rich talk to special guests Nick Russo about automation. They explore concepts, opportunities and challenges for automation and problem solving in the military and civilian IT world.
Follow Task Force Phoenix on Twitter: @USMC_TFPhoenix
The Marine Corps Cyber Auxiliary
In this episode of Phoenix Cast, hosts John and Kyle and Rich talk to special guests Gabriel Rodriguez and Nell Shamrell-Harrington, members of the Marine Corps Cyber Auxiliary. The Cyber Auxiliary is comprised of a small cadre of highly talented civilian cyber experts who train, educate, advise, and mentor Marines to keep pace with constantly evolving cyber challenges.
Listen to this episode to learn more about what the Cyber Auxiliary actually does, how they interact with Marine and how you can join.
For more information on the Cyber Auxiliary, visit https://www.hqmc.marines.mil/Agencies/Deputy-Commandant-for-Information/Marine-Corps-Cyber-Auxiliary/
Follow Task Force Phoenix on Twitter: @USMC_TFPhoenix
Work From Home
In this episode of Phoenix Cast, hosts John and Kyle explore the lessons learned in 2020 regarding working from home. They explore the solutions and challenges from both a technical and practical standpoint.
Follow Task Force Phoenix on Twitter: @USMC_TFPhoenix
The Marine Coders
In this episode of Phoenix Cast, hosts John and Kyle talk to Collin and Hutch, the founders of Marine Coders. Their organization's mission is to empower Marines to compete in the digital operating environment through access to modern software development tools, techniques, procedures and resources. They aim to increase the software literacy of the total force in order to compete in the modern operating environment.
Follow Task Force Phoenix on Twitter: @USMC_TFPhoenix
Edge Computing and Artificial Intelligence
In this episode of Phoenix Cast, hosts John and Kyle talk about the future of high-tech warfare. With a focus on edge computing and artificial intelligence, this week's episode explores the ways the Marine Corps and the joint force can leverage these emerging technologies to win in the age great power competition.
Follow Task Force Phoenix on Twitter: @USMC_TFPhoenix
Passwords with Troy Hunt
In this episode of Phoenix Cast, hosts John, Kyle and Rich talk with special guest Troy Hunt, web security expert and the creator of Have I Been Pwned?.
Troy takes a fresh look at the best practices for passwords, multi-factor authentication and the future of cybersecurity .
Follow Task Force Phoenix on Twitter: @USMC_TFPhoenix
Follow Troy Hunt on Twitter: @TroyHunt
#CybersecurityAwarenessMonth
Cloud Migration
In this episode of Phoenix Cast, hosts John and Kyle talk about best practices for cloud migrations and explore all of the "as a"s (infrastructure as a service, platforms as a service, etc.) of the modern cloud environment.
Follow Task Force Phoenix on Twitter: @USMC_TFPhoenix
1st Civ Div
In this episode of Phoenix Cast, hosts John, Kyle and Rich talk about their personal decisions to "stay in" or "get out" of the Marine Corps and the many considerations and lessons learned for transitioning beyond the military and into the civilian Information Technology world.
Follow Task Force Phoenix on Twitter: @USMC_TFPhoenix
Secure Cloud Computing Architecture
In this episode of Phoenix Cast, hosts John and Kyle welcome special guests Aaron and Jason to talk about Secure Cloud Computing Architectures.
Follow Task Force Phoenix on Twitter: @USMC_TFPhoenix
Route / Switch and Security
In this episode of Phoenix Cast, hosts John, Rich and Kyle welcome special guest "Fish" to talk about route/switch, security and traffic analytics.
Follow Task Force Phoenix on Twitter: @USMC_TFPhoenix
Instant Reaction: July 2020 Twitter Bitcoin Hack
In this bonus episode of Phoenix Cast, host Kyle breaks down his instant reaction to the July 2020 Twitter bitcoin hack. What really happened? What are the cybersecurity implications for you and your networks?
Share your thoughts with us on TWITTER: @USMC_TFPhoenix
Cyber Event Management and Diversity
In this episode of Phoenix Cast, hosts John, Rich and Kyle welcome special guest Whitney to talk about cyber event management and diversity.
Follow Task Force Phoenix on Twitter: @USMC_TFPhoenix
Digital Identity
In this episode of Phoenix Cast, hosts John and Kyle welcome special guest John G. to talk about digital identity. A discussion on what it means and the many different ways to implement identity frameworks.
Zero Trust & Next Generation Security Models
In this episode of Phoenix Cast, hosts John and Rich and Kyle talk about the Zero Trust Architecture and next generation security models. A discussion on what Zero Trust is and what it means for the Marine Corps.
MCDP 7: A discussion on Learning and Cyberspace
In this episode of Phoenix Cast, hosts John and Rich and Kyle welcome special guest Jason to talk about the latest Marine Corps doctrinal publication: Marine Corps Doctrinal Publication 7 - Learning. A philosophical discussion on training, education and what it means cyberspace operations and information technology.
Software As a Service (SaaS) and the Marine Corps
In this episode of Phoenix Cast, hosts John and Rich welcome special guests Kyle and Pat to talk about software as a service (SaaS), user productivity and collaboration, software development and cybersecurity.
Follow Task Force Phoenix on Twitter: @USMC_TFPhoenix
Cloud Adoption and Cybersecurity
In this introductory episode of Phoenix Cast, hosts John and Rich welcome special guest Kyle to talk about general strategies in moving to the cloud and some of the general best practices and common pitfalls to avoid.
Follow Task Force Phoenix on Twitter: @USMC_TFPhoenix
Risky Business
Risky Business #833 -- The Great Mythos Freakout of 2026
On this weeks show, Patrick Gray, Adam Boileau and James Wilson discuss the weeks cybersecurity news. They cover: Everyone has an opinion about Claude Mythos even though almost nobody has used it yet CISA adds a 2009 Excel bug to the KEV list, u wot? Adobe also parties like its the 2000s, and fixes an Acrobat Reader bug Disgraced former Trenchant exec Peter Williams sob story fails to resonate with anyone Remember those crosswalk buttons hacked to play audio mocking Trump and Zuck? They were secured by the password: 1234. This weeks episode is sponsored by mobile network operator, Cape....
Snake Oilers: Burp AI, Sondera and Truffle Security
In this edition of the Snake Oilers podcast three vendors stop by to pitch the audience on their products: Burp AI and DAST: The founder of PortSwigger and creator of legendary security software Burp Suite, Dafydd Stuttard, drops by to pitch listeners on Burp AI and Burp Suite DAST. Sondera: Josh Devon talks about Sondera, a technology designed to intervene when AI models start doing the wrong thing by statefully tracking their trajectories. This isnt a permissions suite for AI agents, its a way to stick agents in a harness and make sure they adhere to hard policy boundaries. Truffle...
Risky Business #832 -- Anthropic unveils magical 0day computer God
On this weeks show, Patrick Gray, Adam Boileau and James Wilson discuss the weeks cybersecurity news. They cover: Anthropics new Mythos model hunts bugs and chains exploits together so well that you cant have it Unless youre one of their Project Glasswing partners The world isnt short on bugs, though. F5, Fortinet, Progress ShareFile, and TrueConf are all getting rekt by humans GPU Rowhammering goes in the GPU, past the IOMMU and back into the host-side Nvidia driver North Korea is spending serious time and money on its crypto hacking Just when the US needs CISA most, they slash its...
How the World Got Owned Episode 2: The 1990s, Part One
In this special documentary episode, Patrick Gray and Amberleigh Jack take a look back at hacking throughout the 1990s, from the feel-good vibes of the early hacking communities to the antics of young hackers who wound up on the run from the FBI. Part one features recollections from: Jeff Moss (The Dark Tangent), DefCon and Black Hat founder Chris Wysopal (Weld Pond), L0pht member, co-founder, @Stake Kevin Poulsen (Dark Dante), 1990s hacker turned journalist Elias Levy (Aleph One), author of Smashing the Stack for Fun and Profit, Phrack, 1996 How the World Got Owned is produced in partnership with SentinelOne....
Risky Business #831 -- The AI bugpocalypse begins
On this weeks show, Patrick Gray, Adam Boileau and James Wilson discuss the weeks cybersecurity news. They cover: Those pesky North Koreans shim a backdoor into a 100M-downloads-a-week npm package TeamPCP appear to have ransacked Ciscos source and cloud environments AI is getting legitimately good at being told to just go find some 0day in this Kaspersky says Coruna and Triangulation do share code lineage Iranian hackers dump Kash Patels gmail spool Oh, and of course theres a Citrix Netscaler memory leak being exploited in the wild This weeks episode is sponsored by Dropzone AI, who make automated AI SOC...
Soap Box: Red teaming AI systems with SpecterOps
In this sponsored Soap Box edition of the show, Patrick Gray and James Wilson talk about red teaming AI systems with Russel Van Tuyl, Vice President of Services at elite penetration testing firm SpecterOps.
SpecterOps is the company behind attack path enumeration tool Bloodhound and Bloodhound Enterprise, but theyre also a pentest and red teaming shop with world class expertise in popping shells on all sorts of interesting systems in all sorts of interesting places.
This episode is also available on Youtube.
Show notes
Risky Business #830 -- LiteLLM and security scanner supply chains compromised
On this weeks show, Patrick Gray, Adam Boileau and James WIlson discuss the weeks cybersecurity news. They talk through: TeamPCPs supply chain attack on Github, and they threw in an anti-Iran wiper, because why not?! Anthropic hooks up its models to just use your whole computer After Strykers Very Bad Day, CISA says maybe add some more controls around your Intune? Another iOS exploit kit shows up in the cyber bargain-bin The FTC decides to ban all new home routers?! U wot m8?! Supermicro founder was personally sanction-busting Nvidia GPUs into China?! This weeks episode is sponsored by enterprise browser...
Risky Business #829 -- Sneaky lobsters: Why AI is the new insider threat
On this weeks show, Patrick Gray, Adam Boileau and James WIlson discuss the weeks cybersecurity news. They discuss: Irans Intune-based wiper attack on medical device maker Stryker Qihoo 360s AI publishes its own wildcard TLS cert private key Instagram is canning its end-to-end encrypted messaging Whats going on with mobile internet access in Moscow? The Xbox Ones bootloader gets voltage glitched into submission Oh Qualys! We love you! (At least, whoever is in the basement writing these beautiful .txt files) This weeks episode is sponsored by browser-based detection and response company, Push Security. Researcher Dan Green and Field CTO Mark...
Risky Biz Soap Box: It took a decade, but allowlisting is cool again
In this Soap Box edition of the Risky Business podcast Patrick Gray sits down with Airlock Digital co-founders Daniel Schell and David Cottingham to talk about the role AI models could play in managing enterprise allowlists. They also talk about the durability of allowlisting as a control. After 12 years in business, the Airlock product hasnt really changed all that much. Thats a good thing! It also means the Airlock team have been able to spend some time doing deep engineering instead of chasing the latest attacker TTPs and writing detection rules for them. This episode is also available on...
Risky Business #828 -- The Coruna exploits are truly exquisite
On this weeks show, Patrick Gray, Adam Boileau and James WIlson discuss the weeks cybersecurity news. They cover: The Coruna exploits were L3 Harris, but it seems Triangulation was not! Irans cyber HQ hit by Israeli (kinetic) strikes Trumps cyber strategy is well, all weve got is jokes cause theres no serious content NSA and CyberCom finally get a leader after Lt Gen Joshua Rudd gets Senate nod DOGE (remember them?!) employee walked a social security database out on a USB stick This episode is sponsored by open source cloud security scanner Prowler. Creator and CEO Toni de la Fuente...
Risky Business #827 -- Iranian cyber threat actors are down but not out
On this weeks show, Patrick Gray, Adam Boileau and James WIlson discuss the weeks cybersecurity news. They cover: The US-Israeli attack on Iran had a whole lot of cyber. Its clearly in the playbook now! The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being used by Chinese crypto scammers So long Maddhu Gottumukkala, but CISAs annus horribilis continues Adam humbug Boileau complains about the Airsnitch wifi attack just being three ethernets in a trenchcoat ASDs Cisco SD-WAN threat hunting guide is clearly borne of experience This weeks episode is sponsored by AI threat...
Risky Business #826 -- A week of AI mishaps and skulduggery
On this weeks show, Patrick Gray, Adam Boileau and James WIlson discuss the weeks cybersecurity news. They cover: Low skill actors compromise 600 Fortinets with AI-generated playbooks Anthropic calls out Chinese AI firms over model distillation Metas director of AI safety tells her ClawdBot not to delete her mail so of course it does Peter Williams cops 7 years in jail for selling L3 Harris Trenchants exploits to Russia Ivanti got hacked in 2021 via bugs in Ivanti This episode is sponsored by line-rate network capture system Corelight. CEO Brian Dye joins to discuss what AI can do for defenders,...
Risky Biz Soap Box: The lethal trifecta of AI risks
Theres a lethal trifecta of AI risks: access to private data, exposure to untrusted content, and external communication. In this conversation, Risky Business host Patrick Gray chats with Josh Devon, the co-founder of Sondera, about how to best address these risks.
There is no magic solution to this problem. AI models mix code and data, are non-deterministic, and are crawling around all over your enterprise data and APIs as you read this.
But in this sponsored interview, Josh outlines how we can start to wrap our hands around the problem.
This episode is also available on Youtube.
Show notes
Risky Business #825 -- Palo Alto Networks blames it on the boogie
On this weeks show, Patrick Gray, Adam Boileau and James WIlson discuss the weeks cybersecurity news. They cover: Palo Alto threat researchers want to attribute to China, but management says shush An increasing proportion of ransomware is data extortion. Is this good? Cambodia says its going to dismantle scam compounds CISA sufferers through yet another shutdown Google Geminis training secrets are being systematically harvested to improve other LLMs Academics assess SaaS password managers resilience against a malicious server This episode is sponsored by SSO-firewall integration vendor Knocknoc. Chief exec Adam Pointon joins to talk about the latest in defences which...
Risky Business #824 -- Microsoft's Secure Future is looking a bit wobbly
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Microsoft reshuffles security leadership. It doesnt spark joy. Russia is hacking the Winter Olympics. Again. But y tho? China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products An unknown hero blocks 23/tcp on the US internet backbone And James Wilson pops into talk about Claudes go at a C compiler This weeks episode is sponsored by Ent.AI, an AI startup that isnt quite ready to tell us all what theyre doing. But...
Risky Business #823 -- Humans impersonate clawdbots impersonating humans
Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the weeks cybersecurity news, including: Notepad++ update supply chain attack has been attributed to China The AI agent future is even more stupid than expected; behold the OpenClaw/Clawdbot/Moltbook mess The Epstein files claim he had a personal hacker? Microsoft is finally getting ready to (think about starting to begin to) disable NTLM by default The usual bugs in the usual things! Ivanti, Fortinet, and Solarwinds. Again. Telco hides a free trip in its privacy policy, someone actually reads it...
Risky Business #822 -- France will ditch American tech over security risks
In this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news. They discuss: La France is tres srieux about ditching US productivity software Chinas Salt Typhoon was snooping on Downing Street Trump wields the mighty DISCOMBOBULATOR ESET says the Polish power grid wiper was Russias GRU Sandworm crew US cyber institutions CISA and NIST are struggling Voice phishing for MFA bypass is getting even more polished This episode is sponsored by Sublime Security. Brian Baskin is one of the team behind Sublimes 2026 Email Threat Research report. He joins to talk through what they see of attackers...
Risky Business #821 -- Wiz researchers could have owned every AWS customer
In this weeks show, Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book. This week news includes: Did the US cyber Venezuelas power grid, or do they just want us to think they coulda? US govt might boycott the RSAC Conference cause Jen Easterly being CEO makes them mad MS Patch Tuesday fixes CVSS5.5 bug and stops you shutting down Wiz pulls off cloud stunt...
Risky Business #820 -- Asian fraud kingpin will face Chinese justice (pew pew!)
Risky Business returns for 2026! Patrick Gray and Adam Boileau talk through the weeks cybersecurity news, including: Santa brings hackers MongoDB memory leaks for Christmas Vercel pays out a million bucks to improve its React2Shell WAF defences 39C3 delivers; the pink Power Ranger deletes nazis, while a catgirl ruins GnuPG Cambodian scam compound kingpin gets extradited to China, and we dont think itll go well for him Krebs picks apart the Kimwolf botnet and residential proxy networks So many healthcare data leaks that we have a roundup section This weeks episode is sponsored by Airlock Digital. The founders of the...
How the World Got Owned Episode 1: The 1980s
In this special documentary episode, Patrick Gray and Amberleigh Jack take a historical dive into hacking in the 1980s. Through the words of those that were there, they discuss life on the ARPANET, the 414s hacking group, the Morris Worm, the vibe inside the NSA and a parallel hunt for German hackers happening at a similar time to Cliff Stolls famous Cuckoos Egg story. This podcast features the memories of: Jon Callas, former principal software engineer at Digital Equipment Corporation Mark Rasch, Morris Worm prosecutor Timothy Winslow, former 414 hacker Greg Chartrand, author of Cracking the Cuckoos Egg and Tony...
Risky Business #819 -- Venezuela (credibly?!) blames USA for wiper attack
In the final show of 2025, Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: React2Shell attacks continue, surprising no one The unholy combination of OAuth consent phishing, social engineering and Azure CLI Venezuelas state oil firm gets ransomwared, blames US but what if it really is a US cyber op?! Russian junk-hacktivist gets indicted for cybering critical err a car wash and a fountain Microsoft finally turns RC4 off by default in Active Directory Kerberos Traefiks TLS verify=on turns it off, whoopsie This weeks episode is sponsored by Sublime Security, makers of an email filtering solution thats...
Risky Biz Soap Box: Graph the planet!
In this sponsored Soap Box edition of the Risky Business podcast, Patrick Gray chats with Jared Atkinson, CTO of SpecterOps, about BloodHound OpenGraph.
OpenGraph enumerates attack paths across platforms and services, not just your primary directories.
A compromised GitHub account to on-prem AD compromise attack path? Its a thing, and OpenGraph will find it.
Cross-platform attack path enumeration! So good!
This episode is also available on Youtube.
Show notes
Risky Business #818 -- React2Shell is a fun one
In this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Theres a CVSS 10/10 remote code exec in the React javascript server. JS server? U wot mate? China is out popping shells with it Linux adds support for PCIe bus encryption Amnesty International says Intellexa can just TeamViewer into its customers surveillance systems and a Belgian murder suspect complains that GrapheneOSs duress wipe feature failed him? This weeks episode is sponsored by Kroll Cyber. Simon Onyons is Managing Director at Krolls Cyber and Data Resilience arm, and he discusses a problem near to many of...
Risky Business #817 -- Less carnage than your usual Thanksgiving
In this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news. Its a quiet week with Thanksgiving in the US, but theres always some cyber to talk about: Airbus rolls out software updates after a cosmic ray bitflips an A320 into a dive Krebs tracks down a Scattered Lapsus$ Hunters teen through the usual poor opsec as Wired publishes an opsec guide for teens. Microsoft decides its login portal is worth a Content Security Policy South Korean online retailer data breach covers 65% of the country This weeks episode is sponsored by Nebulock. Founder and CEO Damien...
Risky Business #816 -- Copilot Actions for Windows is extremely dicey
In this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Salesforce partner Gainsight has customer data stolen Crowdstrike fires insider who gave hackers screenshots of internal systems Australian Parliament turns off wifi and bluetooth in fear of of visiting Chinese bigwigs Shai-Hulud npm/Github worm is back, and rm -rfier than ever SEC gives up on Solarwinds lawsuit Dog eats cryptographers key material This weeks episode is sponsored by runZero. HD Moore pops in to talk about how theyre integrating runZero with Bloodhound-style graph databases. He also discusses uses for driving runZeros tools with an AI,...
Risky Biz Soap Box: Greynoise knows when bad bugs are coming
In this sponsored Soap Box edition of the podcast, Andrew Morris joins Patrick Gray to talk about how Greynoise can often get a 90 day heads up on serious vulnerabilities. Whether its malicious actors doing reconnaissance or the affected vendors trying to understand the scope of the problem, it seems that mass scanning activity lines up pretty nicely with typical 90-day disclosure timelines.
A fascinating chat with Andrew, as always.
This episode is also available on Youtube.
Show notes
Risky Business #815 -- Anthropic's AI APT report is a big deal
In this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Anthropic says a Chinese APT orchestrated attacks using its AI Its a day ending in -y, so of course there are shamefully bad Fortinet exploits in the wild Turns out slashing CISA was a bad idea, now its time for a hiring spree Researchers brute force entire phone number space against Whatsapp contact discovery API DOJ figures out how to make SpaceX turn off scam compounds Starlink service This weeks episode is sponsored by Mastercard. Senior Vice President of Mastercard Cybersecurity Urooj Burney joins to...
Risky Business #814 -- It's a bad time to be a scam compound operator
In this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: The KK Park scam compound in Myanmar gets blasted with actual dynamite China sentences more scammers TO DEATH While Singapore is opting to lash them with the cane Chinese security firm KnownSec leaks a bunch of documents Necromancy continues on NSO Group, with a Trump associate in charge OWASP freshens up the Top 10, you wont believe whats number three! This weeks episode is sponsored by Thinkst Canary. Big bird Haroon Meer joins and, as usual, makes a good point. If youre going to trust...
Risky Business #813 -- FFmpeg has a point
In this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: We love some good vulnerability reporting drama, this time FFmpegs got beef with Google OpenAI announces its Aardvark bug-gobbling system Two US ransomware responders get arrested for ransomware Memento (nee HackingTeam) CEO says: S, those are totally our tools getting snapped in Russia Hackers help freight theft gangs steal shipments to resell A second Jabber Zeus mastermind gets his comeuppance 15 years on This weeks episode is sponsored by Nucleus Security, who make a vulnerability information management system. Co-founder Scott Kuffer says that approaches for...
Risky Business #812 -- Alleged Trenchant exploit mole is ex-ASD
In this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: L3Harris Trenchant boss accused of selling exploits to Russia once worked at the Australian Signals Directorate Microsoft WSUS bug being exploited in the wild Dan Kaminsky DNS cache poisoning comes back because of a bad PRNG SpaceX finally starts disabling Starlink terminals used by scammers Garbage HP update deletes certificates that authed Windows systems to Entra This weeks episode is sponsored by automation company Tines. Field CISO Matt Muller joins to discuss how Tines has embraced LLMs and the agentic-AI future into their workflow automation....
Risky Business #811 -- F5 is the tip of the crap software iceberg
In this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: China has been rummaging in F5s networks for a couple of years Meanwhile China tries to deflect by accusing the NSA of hacking its national timing system Salesforce hackers use their stolen data trove to dox NSA, ICE employees Crypto stealing, proxy-deploying, blockchain-C2-ing VS Code worm charms us with its chutzpah Adam gets humbled by new Linux-capabilities backdoor trick Microsoft ignores its own guidance on avoiding BinaryFormatter, gets WSUS owned. This episode is sponsored by Push Security. Co-founder and Chief Product Officer Jacques Louw joins...
Wide World of Cyber: A deep dive on the F5 hack
In this edition of the Wide World of Cyber podcast Patrick Gray talks to Chris Krebs and Alex Stamos about the F5 incident. They talk about what happened, whether its a big deal, and why private equity ownership of mid-tier cybersecurity companies is often a red flag.
Show notes
Risky Biz Soap Box: Why Mastercard is scaling its cybersecurity business
In this sponsored Soap Box edition of the Risky Business podcast, host Patrick Gray chats with Mastercards Executive Vice President and Head of Security Solutions, Johan Gerber, about how the card brand thinks about cybersecurity and why its aggressively investing in the space.
After listening to this interview youll understand why the credit card company spent $2.65b on threat intelligence vendor Recorded Future!
This episode is also available on Youtube.
Show notes
Risky Business #810 -- Data extortion attacks have a silver lining
In this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: FBI intervenes in Scattered Spider Salesforce leaksite Clop loots Oracle E-Biz deployments Plus so much more data extortion.. At least its not ransomware we guess? The US still cant decide whos gonna be in charge of NSA & Cybercom Cambodian scam compounds get sanctioned and $15b in crypto is seized NSO gets sold for pocket-lint-grade money Bugs! Redis CVSS 10, Ivanti, Crowdstrike and Internet Explorer?! zeroday?! In the wild?!!!? This weeks episode is sponsored by Stairwell. Founder Mike Wiacek talks about how Stairwell brings VirusTotal-like...
Snake Oilers: Realm Security, Horizon3 and Persona
In this edition of the Snake Oilers podcast, three vendors pop in to pitch you all on their wares:
Realm Security: A security focussed, AI-first data pipeline platform
Horizon3: AI hackers! Pentesting robots!! Theyre coming fer yur jerbs!
Persona: Verify customer and staff identities with live capture
This episode is also available on Youtube.
Show notes
Risky Business #809 -- Hackers try to pay a journalist for access to the BBC
On this weeks show Patrick Gray is on holiday so Amberleigh Jack and Adam Boileau hijack the studio to discuss the weeks cybersecurity news, including: Hackers learn that trying to coerce a journalist just makes for a great story? A man in his 40s gets arrested over the European airport chaos. Yep, were surprised, too. Adam fanboys over Watchtowr Labs while bemoaning Fortra. Academics pick apart Tile trackers and find them lacking CISA tells agencies to patch their damn Cisco gear This episode is also available on YouTube. Show notes 'You'll never need to work again': Criminals offer reporter money...
Risky Business #808 -- Insane megabug in Entra left all tenants exposed
On this weeks show Patrick Gray and special guest Rob Joyce discuss the weeks cybersecurity news, including: Secret Service raids a SIM farm in New York MI6 launches a dark web portal Are the 2023 Scattered Spider kids finally getting their comeuppance? Production halt continues for Jaguar Land Rover GitHub tightens its security after Shai-Hulud worm This weeks episode is sponsored by Sublime Security. In this weeks sponsor interview, Sublime founder and CEO Josh Kamdjou joins host Patrick Gray to chat about the pros and cons of using agentic AI in an email security platform. This episode is also available...
Risky Business #807 -- Shai-Hulud npm worm wreaks old-school havoc
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Shai-Hulud worm propagates via npm and steals credentials Jaguar Land Rover attack may put smaller suppliers out of business Leaked data emerges from the vendor behind the Great Firewall of China Vastaamo hacker walks free while appeal is underway Why is a senator so mad about Kerberos? This weeks episode is sponsored by Knocknoc. Chief exec Adam Pointon joins to talk through the surprising number of customers that are using Knocknocs identity-to-firewall glue to protect internal services and networks. This weeks episode is also available...
Risky Biz Soap Box: runZero shakes up vulnerability management
In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZeros major push into vulnerability management.
With its new Nuclei integration, runZero is now able to get a very accurate picture of whats vulnerable in your environment, without spraying highly privileged credentials at attackers on your network.
It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud.
This episode is also available on Youtube.
Show notes
Risky Business #806 -- Apple's Memory Integrity Enforcement is a big deal
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Apple ruins exploit developers week with fresh memory corruption mitigations Feross Aboukhadijeh drops by to talk about the big, dumb npm supply chain attack Salesloft says its GitHub was the initial entry point for its compromise Sitecore says people should patch its using-the-keymat-from-the-documentation zero day Rogue certs for 1.1.1.1 appear to be just (stupid) testing Jaguar Land Rover ransomware attackers are courting trouble This weeks episode is sponsored by open source cloud security tool, Prowler. Founder Toni de la Fuente joins to discuss their new...
Snake Oilers: Nebulock, Vali Cyber and Cape
In this edition of the Snake Oilers podcasts, three vendors pop in to pitch you all on their wares: Automated, AI-powered threat hunting with Nebulock Damien Lewke from Nebulock joins the show to talk about how its agentic AI platform can surface attacker activity out of all those low and informational findings your detection team doesnt have time to look at. Runtime security for hypervisors from Vali Cyber Austin Gadient from Vali Cyber stops by to talk about ZeroLock, its hypervisor security product. Its marketed as a counter-ransomware control but is just a generally useful security platform for virtualised environments....
Risky Business #805 -- On the Salesloft Drift breach and "OAuth soup"
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: The Salesloft breach and why OAuth soup is a problem The Salt Typhoon telco hackers turn out to be Chinese private sector, but state-directed Google says it will stand up a disruption unit Microsoft writes up a ransomware gang thats all-in on the cloud future Aussie firm hot-mics its work-from-home employees laptops Youtube scam baiters help the feds take down a fraud ring This episode is sponsored by Dropzone.AI. Founder and CEO Edward Wu joins the show to talk about how AI driven SOC tools...
Risky Business #804 -- Phrack's DPRK hacker is probably a Chinese APT guy
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Australia expels Iranian ambassador Hackers sabotage Iranian shipping satcoms APT hacker got doxxed in Phrack. Kind of. Theyre probably Chinese, not DPRK? Trail of Bits uses image-downscaling to sneak prompts into Google Gemini The Coms King Bob gets ten years in the slammer Its a day that ends in -y, so of course theres a new Citrix Netscaler RCE being used in the wild. This weeks episode is brought to you by Corelight. Chief Strategy Officer Greg Bell talks through how theyve been implementing AI...
Wide World of Cyber: Microsoft's China Entanglement
The Wide World of Cyber podcast is back! In this episode host Patrick Gray chats with Alex Stamos and Chris Krebs about Microsofts entanglement in China. Redmond has been using Chinese engineers to do everything from remotely support US DoD private cloud systems to maintain the on premise version of the SharePoint code base. Its all blown up in the press over the last month, but how did we get here? Did Microsoft make these decisions to save money? Or was it more about getting access to the Chinese market? And how can we all make the worlds most important...
Risky Business #803 -- Oracle's CSO Mary Ann Davidson quietly departs
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Oracles long term CSO departs, and were not that sad about it Canadas House of Commons gets popped through a Microsoft bug Russia degrades voice calls via Whatsapp and Telegram to push people towards Max South-East Asian scam compounds are also behind child sextortion Reports that the UK has backed down on Apple crypto are strange Oh and of course theres a Fortinet bug! Theres always a Fortinet bug! This weeks episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins the...
Risky Biz Soap Box: How to measure vulnerability reachability
In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications.
Its great to know theres a CVE in a library youre using, but its even better if you can say whether or not that vulnerability actually impacts your application.
They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days its playing the CVE game as well.
This episode is also available on Youtube.
Show notes
Risky Business #802 -- Accessing internal Microsoft apps with your Hotmail creds
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: CISA warns about the path from on-prem Exchange to the cloud Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are Everyone and their dog seems to have a shell in US Federal Court information systems Google pays $250k for a Chrome sandbox escape Attackers use javascript in adult SVG files to farm facebook likes?! SonicWall says users arent getting hacked with an 0day this time. This weeks episode is sponsored by SpecterOps. Chief product officer...
Risky Business #801 -- AI models can hack well now and it's weirding us out
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news. Google security engineering VP Heather Adkins drops by to talk about their AI bug hunter, and Risky Business producer Amberleigh Jack makes her main show debut. This episode explores the rise of AI-powered bug hunting: Googles Project Zero and Deepmind team up to find and report 20 bugs to open source projects The XBOW AI bug hunting platform sees success on HackerOne Is an AI James Kettle on the horizon? Theres also plenty of regular cybersecurity news to discuss: On-prem Sharepoints codebase is maintained out of...
Soap Box: Why AI can't fix bad security products
In this Soap Box edition of the show Patrick Gray chats with the CEO of email security company Sublime Security, Josh Kamdjou. They talk about where AI is useful, where it isnt, and why AI cant save vendors from their bad product design choices.
This episode is also available on Youtube.
Show notes
Risky Business #800 The SharePoint bug may have leaked from Microsoft MAPP
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: Did the SharePoint bug leak out of the Microsoft MAPP program? Expel retracts its FIDO bypass writeup The mess surrounding the women-only dating-safety app Tea gets worse Broadcom customers struggle to get patches for VMWare hypervisor escapes Aeroflot gets hacked by the Cyber Partisans, disrupting flights This weeks episode is sponsored by Push Security. Daniel Cuthbert joins and explains how having telemetry about identity from inside the browser is a key pillar for investigating intrusions in the browser-centric future. This episode is also available on Youtube....
Risky Business #799 -- Everyone's Sharepoint gets shelled
Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss: Microsoft tried to make outsourcing the Pentagons cloud maintenance to China okay (it was not) She shells Sharepoint by the sea-shore (by she we mean China) Four (alleged) Scattered Spider members arrested (and bailed) in the UK Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things! This weeks episode is...
Risky Biz Soap Box: Prowler, the open cloud security platform
In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, founder of open source multi-cloud security product Prowler.
Toni explains how Prowler came to be, and how its journey followed his own learning about the cloud. The pair also discuss Prowlers successful transition from an open-source project into a community, and now a growing business with an as-a-service platform.
This episode is also available on Youtube.
Show notes
Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: Australian airline Qantas looks like it got a Scattered Spider-ing Microsoft works towards blunting the next CrowdStrike disaster Changes are coming for Microsofts default enterprise app consenting setup Synology downplays hardcoded passwords for its M365 cloud backup agent The next Citrix Netscaler memory disclosure looks nasty Drug cartels used technical surveillance to find, fix and finish FBI informants and witnesses This weeks episode is sponsored by RAD Security. Co-founder Jimmy Mesta joins to talk through how they use AI automation to assess the security posture of...
Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: We roll our eyes over the 16 billion credentials leak hitting mainstream news Some interesting cyber angles emerge from the conflict in Iran Opensource maintainer of libxml2 is fed up with this hacker crap Shockingly, there are yet more ways to trick people into pasting commands into Windows Veeam patches its backup software RCE like its 2002 by breaking the public PoC This weeks episode is sponsored by Internet-wide honeypot reconnaissance platform, Greynoise. Founder Andrew Morris joins to talk about their journey spotting Chinese ORB-builders hacking...
Risky Business #796 -- With special guest co-host Chris Krebs
On this weeks show Patrick Gray and Adam Boileau are joined by special guest Chris Krebs to discuss the weeks cybersecurity news. They talk through: Israeli hacktivists take out an Iranian state-owned bank Scattered-spider and friends pivot into attacking insurers Securing identities in a cloud-first world keeps us awake at night Microsoft takes the aas out of SaaS for Europe, leaving us with just software! An AI prompt injection into M365 exfils corporate data This weeks episode is sponsored by Krolls Cyber practice. Kroll Cyber Associate Managing Director George Glass is based in London and talks through his experiences helping...
Soap Box: AI has entered the SOC, and it ain't going anywhere
In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Dropzone AI founder Ed Wu about the role of LLMs in the SOC.
The debate about whether AI agents are going to wind up in the SOC is over, theyve already arrived. But what are they good for? What are they NOT good for? And where else will we see AI popping up in security?
This episode is also available on Youtube.
Show notes
Risky Business #795 -- How The Com is hacking Salesforce tenants
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: New York Times gets a little stolen Russian FSB data as a treat iVerify spots possible evidence of iOS exploitation against the Harris-Walz campaign Researcher figures out a trick to get Google account holders full names and phone numbers Major US food distributor gets ransomwared The Coms social engineering of Salesforce app authorisations is a harbinger of our future problems Australian Navy forgets New Zealand has computers, zaps Kiwis with their giant radar. This weeks episode is sponsored by identity provider Okta. Long-time friend of the...
Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: Cyber firms agree to deconflict and cross-reference hacker group names Russian nuclear facility blueprints gathered from public procurement websites Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons Germany identifies the Trickbot kingpin Google spots Chinas MSS using Calendar events for malware C2 Meta apps abuse localhost listeners to track web sessions. This weeks episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chases CISO that...
Risky Business #793 -- Scattered Spider is hijacking MX records
In this weeks edition of Risky Business Dmitri Alperovitch and Adam Boileau join Patrick Gray to talk through the weeks news, including: EXCLUSIVE: A Scattered Spider-style crew is hijacking DNS MX entries and compromising enterprises within minutes The SVG format brings the all horrors of HTML+JS to image files, and attackers have noticed Brian Krebs eats a 6.3Tbps DDoS cause thats how you demo your packet cannon Law enforcement takes out Lumma Stealer, Qakbot, Danabot and some dark web drug traffickers Iranian behind 2019 Baltimore ransomware mysteriously appears in North Carolina and pleads guilty CISAs leadership is fleeing in droves,...
Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: TeleMessage memory dumps show up on DDoSecrets Coinbase contractor bribed to hand over user data Telegram does seem to be actually cooperating with law enforcement Britains legal aid service gets 15 years worth of applicant data stolen Shocking no one, Ivanti were weaseling when they blamed latest bugs on a third party library This weeks episode is sponsored by Prowler, who make an open source cloud security tool. Founder and original project developer Toni de la Fuente joins to talk through the flexibility that open tooling...
Risky Biz Soap Box: Push Security's browser-first twist on identity security
In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security. Push has built an identity security platform that collects identity information and events from your users browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up. Its extremely difficult to bypass. Thats because when youre in the browser it doesnt matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack if the user sees it, Push...
Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back! The ransomware ecosystem is finding life a bit tough lately SAP Netweaver bug being used by Chinese APT crew Academics keep just keep finding CPU side-channel attacks And of course bugs! Asus, Ivanti, Fortinet and a Nissan LEAF? This weeks episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a...
Wide World of Cyber: How state adversaries attack security vendors
In this edition of the Wide World of Cyber podcast Patrick Gray talks to SentinelOnes Steve Stone and Alex Stamos about how foreign adversaries are targeting security vendors, including them. From North Korean IT workers to Chinese supply chain attacks, SentinelOne and its competitors are constantly fending off sophisticated hacking campaigns. This edition of the Wide World of Cyber was recorded in front of a live audience in San Francisco, with Patrick attending via Zoom. The Wide World of Cyber podcast series is a wholly sponsored co-production between SentinelOne and Risky Business Media. This episode is also available on Youtube....
Risky Business #790 -- Bye bye Signal-gate, hello TeleMessage-gate
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: White Houses off-brand Israeli Signal fork logs cleartext messages with hard coded creds while getting hacked (twice). Just Wow. Ransomware attacks on UK retailers are linked, and Marks & Spencer has it extra bad After six years dormant, a Magento eCommerce platform backdoor comes to life The North Korean IT worker scam is truly webscale NSO group owes Meta $168m for hacking WhatsApp This weeks episode is sponsored by vulnerability management wranglers, Nucleus Security. Aaron Unterberger joins to talk through the complexities of tracking vulnerabilities in...
BONUS INTERVIEW: Senator Mark Warner on Signalgate, Volt Typhoon and tariffs
In this extended interview the Vice Chair of the Senate Select Committee on Intelligence, Senator Mark Warner, joins Risky Business host Patrick Gray to talk about:
The latest developments in the Signalgate scandal
Why America needs to be more aggressive in responding to Volt Typhoon
How tariffs are affecting American alliances
Why the Five Eyes alliance is sacrosanct
This episode is available on Youtube
Show notes
Risky Business #789 -- Apple's AirPlay vulns are surprisingly awful
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: British retail stalwart Marks & Spencer gets cybered South Korean telco sets out to replace all its subscriber SIMs after (we assume) it lost the keymat Its a good exploit week! Bugs in Apple Airplay, SAP webservers, Erlang SSH and CommVault backups Juice jacking! No, really! Some researchers actually did it (so still not in the wild, then) Anti-DOGE whistleblower sure sounds like he has a point This weeks episode is sponsored by Knocknoc, who let you glue your firewalls to your single sign on. Knocknocs...
Snake Oilers: LimaCharlie, Honeywell Cyber Insights, CobaltStrike and Outflank
In this edition of the Snake Oilers podcast, three sponsors come along to pitch their products:
LimaCharlie: A public cloud for SecOps
Honeywell Cyber Insights: An OT security/discovery solution
Fortras CobaltStrike and Outflank: Security tooling for red teamers
This episode is also available on Youtube.
Show notes
Snake Oilers: Pangea, Cosive and Sysdig
In this edition of Snake Oilers three vendors pitch host Patrick Gray on their tech: Pangea: Guardrails and security for AI agents and applications (https://pangea.cloud) Worried about your AI apps going rogue, being mean to your customers or even disclosing sensitive information? Pangea exists to address these risks. Fascinating stuff. Cosive: A threat intelligence company that can host your MISP server in AWS. CloudMISP! (https://www.cosive.com/snakeoilers) Are you running a MISP server on some old hardware under a desk in your SOC? Theres a better way! Cosive can run it for you on AWS so you can just use it instead...
Risky Business #788 -- Trump targets Chris Krebs, SentinelOne
On this weeks show Patrick Gray talks to former NSA Cybersecurity Director Rob Joyce about Donald Trumps unprecedented, unwarranted and completely bonkers political persecution of Chris Krebs and his employer SentinelOne. They also talk through the weeks cybersecurity news, covering: Mitres stewardship of the CVE database gets its funding DOGEd The US signs on to the Pall Mall anti-spyware agreement China tries to play the nationstate cyber-attribution game, but comedically badly Hackers run their malware inside the Windows sandbox, for security against EDR This weeks episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins to talk...
Wide World of Cyber: How the Trump admin is changing the cybersecurity landscape
In this podcast, Patrick Gray chats with SentinelOnes Chris Krebs and Alex Stamos about the huge changes afoot in the United States government and what they mean for the threat environment. From the director of NSA being fired to massive job cuts at CISA and huge foreign policy shifts, tomorrows threat environment is going to be very different to todays. Tune in to hear analysis from two of the best in the business!
This episode is also available on Youtube.
Show notes
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: Oracle quietly cops to being hacked, but immediately pivots into pretending it didnt matter NSA and CyberCom leaders fired for not being MAGA enough US Treasury had some dusty corners it hadnt found China in yet, looked, found China in them which is a great time to discuss slashing CISAs staffing Ransomware crews and bullet proof hosting providers are getting rekt, and we love it And Microsoft patches yet another logging 0-day being used in the wild. This episode is sponsored by Yubico, makers of Yubikey...
Risky Business #786 -- Oracle is lying
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: Yes, Oracle Health and Oracle Cloud did get hacked The fallout from Signalgate continues North Korean IT workers pivot to Europe Honeypot data suggests a storm is brewing for Palo Alto VPNs Canadian Anon gets arrested for hacking Texas GOP This weeks episode is sponsored by Trail of Bits. Tjaden Hess, a Principal Security Engineer at Trail of Bits who specialises in cryptography, joins the show this week to talk about what a responsible crypto-currency exchange cold wallet setup looks like, and contrasts that with Bybit....
Soap Box: Knocknoc glues your SSO to your firewalls for Just-in-Time network access
In this Soap Box edition of Risky Business host Patrick Gray talks to Knocknoc CEO Adam Pointon about how to easily rein in attack surface by glueing your single sign-on service to your network controls. Do your Palo Alto and Fortinet devices really need to be discoverable by ransomware crews? Does your file transfer appliance need to be open to the whole world? What about your SSH and RDP? Your Citrix? Your (gasp) Exchange Online servers?? You can do a lot with IP allowlisting and simple Identity Aware Proxies (IAPs) to minimise your exposure. Knocknoc is a bit of a...
Risky Business #785 -- Signal-gate is actually as bad as it looks
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group The Github actions hack is smaller than we thought, but was targeting crypto Remote code exec in Kubernetes, ouch Oracle denies its cloud got owned, but that sure does look like customer keymat Taiwanese hardware maker Clevo packs its private keys into bios update zip US Treasury un-sanctions Tornado Cash, party time in Pyongyang? This weeks episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how...
Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: Github Actions supply chain attack loots keys and secrets from 23k projects Why a VC fund now owns a minority stake in Risky Business Media (!?!?) China doxes Taiwanese military hackers Microsoft thinks .lnk file whitespace trick isnt worth patching but APTs sure love it CISA delivers government efficiency by re-hiring fired staff to put them on paid leave and Google acquires Wiz for $32bn This weeks show is sponsored by Zero Networks, and they have sent along a happy customer to talk about their experience....
Risky Business #783 -- Evil webcam ransomwares entire Windows network
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news with special guest Rob Joyce, a Former Special Assistant to the US President and Director of Cybersecurity for NSA. They talk through: A realistic bluetooth-proximity phishing attack against Passkeys A very patient ransomware actor encrypts an entire enterprise with a puny linux webcam processor The ESP32 backdoor that is neither a door nor at the back The X DDoS that Elon said was Ukraine is claimed by pro-Palestinian hacktivists Years later, LastPass hackers are still emptying crypto-wallets and it turns out North Korea nailed {Safe}Wallet with...
Risky Business #782 -- Are the USA and Russia cyber friends now?
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: Did the US decide to stop caring about Russian cyber, or not? Adam stans hard for North Koreas massive ByBit crypto-theft Cellebrite firing Serbia is an example of the system working Starlink keeps scam compounds in Myanmar running Biggest DDoS botnet yet pushes over 6Tbps This weeks episode is sponsored by network visibility company Corelight. Vincent Stoffer, field CTO at Corelight joins to talk through where eyes on your network can spot attackers like Salt and Volt Typhoon. This episode is also available on Youtube. Show...
Risky Business #781 -- How Bybit oopsied $1.4bn
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news: North Korea pulls off a 1.5 billion dollar crypto heist Apple pulls Advanced Data Protection from the UK Black Basta ransomware gangs internal chats leak Russians snoop on Signal with QR codes And Myanmar ships thousands of freed scam compound workers to Thailand Regular guest Lina Lau joins to discuss her work reading Chinese incident response reports on WeChat, and how that has people thinking that she outed the NSA? This weeks episode is sponsored by Airlock Digital, and allow-listing tragics Daniel Schell and David Cottingham...
Wide World of Cyber: DeepSeek lobs an AI hand grenade
In this episode of the Wide World of Cyber podcast Risky Business host Patrick Gray chats with SentinelOnes Chris Krebs and Alex Stamos about AI, DeepSeek, and regulation.
From its bad transport security to its Chinese ownership and the economic implications of China entering the chat, everyones freaking out over this new model. But should they be?
Pat, Alex and Chris dissect the models significance, the politics of it all and how AI regulation in Europe, the US and China will shape the future of LLMs.
This episode is also available on Youtube.
Show notes
Risky Business #780 -- ASD torched Zservers data while admins were drunk
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Australian spooks scrubbed Medibank data off Zservers bulletproof hosting Why device code phishing is the latest trick in confusing poor users about cloud authentication Cloudflare gets blocked in Spain, but only on weekends and because of football? Palo Alto has yet another dumb bug Adam gushes about Qualys latest OpenSSH vulns Enterprise browser maker Island is this weeks sponsor and Chief Customer Officer Bradon Rogers joins the show to talk about how the adoption of AI everywhere is causing headaches. This episode is also available...
Risky Biz Soap Box: Run your own open source IDP with Authentik
In this SoapBox edition of the show Patrick Gray chats to Fletcher Heisler, the CEO of open-source identity provider Authentik. The whole idea of Authentik is you can take control of an essential IT and security function: identity. Because Authentik is open source its extremely flexible, and if youre running it yourself, you get to decide where your IDP should sit in your architecture. You can run it on prem if youre an emergency call centre or youre operating an airgapped network, or you can spin it up in your cloud environment if youre a typical enterprise. Fletcher talks through...
Risky Business #779 -- DOGE staffer linked to The Com
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Musks DOGE kid has a history with The Com Paragon fires Italy as a spyware customer Thailand cuts power to scam compounds and arrests Phobos/8Base Russian cybercrims The CyberCX DFIR report shows non-U2F MFA is well and truly over And much, much more. This weeks episode is sponsored by Dropzone.AI. They make an AI SOC analysis platform that relieves your analysts of the necessary but tedious work, so they can focus on the value of human insight. Dropzones founder and CEO Edward Wu joins to...
Risky Business #778 -- Musk's child soldiers seize control of FedGov IT systems
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: DeepSeek leaves an unauthed database on the internet Russia hacked UK prime ministers personal mail Australia sanctions a Telegram group which is more sensible than it sounds Medical device backdoor turns out to be just poorly thought out upgrade feature Google abuses weak hashing to patch AMD CPU microcode And much, much more. This weeks episode is sponsored by email security boffins Sublime. Their co-founder and CEO Josh Kamdjou joins to talk about how attackers abuse of legitimate services like Docusign is a challenge for...
Risky Business #777 -- It's SonicWall's turn
Coming to you from the same room in Risky Business headquarters Patrick Gray and Adam Boileau discuss the weeks cybersecurity news. They talk through: Sonicwall firewalls hand out remote code exec like candy Mastercard make a slapstick-grade mistake with their DNS The data breach at PowerSchool and other niche SaaS providers Academic research proposes taking down Europes power grid Apple CPUs get a new speculative execution side channel And much, much more. This weeks episode is sponsored by Push Security, who make an identity security product that runs inside browsers. Luke Jennings joins to discuss some of the pitfalls of...
Risky Business #776 -- Trump will flex American cyber muscles
Risky Business returns for its 19th year! Patrick Gray and Adam Boileau discuss the weeks cybersecurity news and there is a whole bunch of it. They discuss: The incoming Trump administration guts the CSRB Bidens last cyber Executive Order has sensible things in it Chinas breach of the US Treasury gets our reluctant admiration Ross Ulbricht - the Dread Pirate Roberts of Silk Road fame - gets his Trump pardon New year, same shameful comedy Forti- and Ivanti- bugs US soldier behind the Snowflake hacks faces charges after a solid Krebs-ing And much, much (much! after a month off) more....
Risky Biz Soap Box: Cool compliance tricks with the Island enterprise browser
In this sponsored Soap Box edition of the show Patrick Gray talks to Island CEO Michael Fey about some of the cool tricks in the Island enterprise browser. You can use it to tick off so many compliance boxes, and not just cybersecurity boxes.
This is largely a conversation about compliance, but its actually interesting and fun. These are words we never thought wed type!
You can find Island at https://island.io/
This episode is also available on Youtube.
Show notes
Risky Business #775 -- Cl0p is back, SEC hack disclosures disappoint
On this weeks show, Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: The SECs cyber incident reporting isnt very exciting after all China Telecom on the way to being thrown out of the US The NSA/Cybercom might get two separate hats The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks (Yet another) File upload bug in Struts makes Java admins weep And much, much more. This episode is sponsored by SpecterOps, who run a pretty top notch offsec/pentest team when theyre not busy making the Bloodhound Enterprise identity attack path enumeration software. SpecterOps...
Wide World of Cyber: SentinelOne's Chris Krebs on Chinese cyber operations
In this edition of the Wild World of Cyber podcast Patrick Gray sits down with SentinelOnes Chief Intelligence and Public Policy Officer Chris Krebs to talk all about Chinese cyber operations.
They look at the Salt Typhoon and Volt Typhoon campaigns, the last 20 years of Chinese operations, and the evolution of the cyber roles of Chinas Ministry of State Security and Peoples Liberation Army.
Its a very dense hour of conversation!
This podcast was recorded in front of an audience at the Museum of Contemporary Art in Sydney.
This episode is also available on Youtube.
Show notes
Risky Business #774 -- Cleo file transfer appliances under widespread attack
On this weeks show, Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Cleo file transfer products have a remote code exec, here we go again! Snowflake phases out password-based auth Chinese Sophos-exploit-dev company gets sanctioned Romanias election gets rolled back after Tiktok changed the outcome AMDs encrypted VM tech bamboozled by RAM with one extra address bit Some cool OpenWRT research And much, much more. This weeks episode is sponsored by Thinkst, who love sneaky canary token traps. Jacob Torrey previews an upcoming Blackhat talk filled with interesting operating system tricks you can use to trigger canaries...
Risky Biz Soapbox: Enterprise Yubikeys can now be pre-registered
In this interview Patrick Gray talks to Yubicos COO and President Jerrod Chong about a new Yubikey feature: pre-registration.
You can now ship pre-registered Yubikeys to your staff so you dont need to rely on your staff to enrol them. Theyve achieved this with really slick Okta and Entra ID integrations.
Jerrod also talks about a recent trip to Singapore and concerns he has about the cybersecurity of critical infrastructure in the energy sector.
Risky Business #773 -- Cybercriminals are dropping like flies in Russia
On this weeks show, Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: The FTC decides its time to take another look at Microsoft Exxons opponents targeted by hackers Russian hackers keep getting sentenced and it confuses us The Feds recommend Signal, because throwing hackers out of telcos aint gonna happen A South Korean set-top-box manufacturer shipped a DDoS client for corpo-combat And much, much more. This weeks sponsor interview with Vijit Nair from Corelight. We talk to him about doing detection in cloud environments, and how the varied nature of cloud systems makes the old ways -...
Risky Business #772 -- Salt Typhoon is truly a national security disaster
On this weeks show, Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: A ransomware attack has crippled US supply chain software provider Blue Yonder Russian spies hack nearby wifi to get to their targets, but that doesnt seem surprising? Salt Typhoons attacks on telcos are hard to solve and big on impact Chinas surveillance state workers sell their access at home Palo Alto is bad and should feel bad And much, much more. In this weeks sponsor interview Patrick Gray chats with Matt Muller from Tines about Gartners spicy take that the SOAR category is dead. SOAR...
Risky Business #771 -- Palo Alto's firewall 0days are very, very stupid
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Microsoft introduces some sensible sounding post-Crowdstrike changes Palo Alto patches hella-stupid bugs in its firewall management webapp CISA head Jen Easterly to depart as Trump arrives AI grandma tarpits phone scammers in family-tech-support hell Academic research supports your gut-reaction; phishing training doesnt work And much, much more. This weeks episode is sponsored by Greynoise. The always excitable Andrew Morris joins to remind us that the edge-device vulnerabilities Pat and Adam complain about on the show are in fact actually even worse than we make them...
Risky Business #770 -- A Russian IR guy discovers extremely cool spookware
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Apple frustrates law enforcement with iOS auto-reboot CISA says most KEV vulnerabilities in 2023 were first used as zero days Russians roll incident response on some sweet Linux spookware Regular users can create mailboxes in M365? Tor tracks down the source of its joe-job abuse complaints And much, much more. This weeks feature guest is former FBI agent Chris Tarbell, who arrested Silk Road operator Ross Ulbricht way back in 2013. As suggestions swirl that an incoming Trump administration might release Ulbricht, Chris talks about...
Risky Biz Soap Box: Why black box email security is dead
In this edition of the Risky Business Soap Box were talking all about email security with Sublime Security co-founder Josh Kamdjou.
Email security is one of the oldest product categories in security, but as youll hear, Josh thinks the incumbents are just doing it wrong. He joins Risky Business host Patrick Gray for this interview about Sublimes origin story and its new approach to email security.
Risky Business #769 -- Sophos drops implants on Chinese exploit devs
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: Sophos drops implants on Chinese firewall exploit devs Microsoft workshops better just-in-time Windows admin privileges Snowflake hacker arrested in Canada Okta has a fun, but not very impactful auth-bypass bug Russians bring dumb-but-smart RDP client attacks And much, much more. Special guest Sophos CISO Ross McKerchar joined us to talk about its hacking back campaign. The full interview is available on Youtube for those who want to really live vicariously through Sophos doing what every vendor probably wants to do. This weeks episode is sponsored...
Risky Business #768 -- CSRB will investigate China's Wiretap Hacks
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: CSRB to investigate Chinas telco-wiretapping hacks Euro law enforcement takes down the Redline infostealer Someone steals Fed crypto and then tries to quietly sneak it back in Russia sentences REvil guys to jail? Really? Apple private cloud compute gets a proper bug bounty program And much, much more. This weeks episode is sponsored by Material Security, who help navigate the mess of cloud productivity data security. Daniel Ayala - Chief Security and Trust Officer at Dotmatics - is a Material customer, and joins Pat and...
Risky Biz Soap Box: Thinkst Canary's decade of deception
In this Soap Box edition of the podcast Patrick Gray chats with Thinkst Canary founder Haroon Meer about his decade of deception, including:
A history of Thinkst Canary including a recap of what they actually do
A look at why theyre still really the only major player in the deception game
A look at what companies like Microsoft are doing with deception
Why security startups should have conference booths
Risky Business #767 SEC fines Check Point, Mimecast, Avaya and Unisys over hacks
On this weeks show Patrick Gray and Adam Boileau discuss the weeks cybersecurity news, including: SEC fines tech firms for downplaying the Solarwinds hacks Anonymous Sudan still looks and quacks like a Russian duck Apple proposes max 10 day TLS certificate life Oopsie! Microsoft loses a bunch of cloud logs Veeam and Fortinet are bad and should feel bad North Koreans are good (at hacking) And much, much more. This weeks episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember joins to talk about their work keeping up with prolific threat actor SocGholish. This episode is also available on...
Risky Business #766 China hacks America's lawful intercept systems
On this weeks show Patrick Gray and Adam Boileau discuss the weeks infosec news, including: Chinese spooks all up in western telco lawful intercept Jerks ruin the Internet Archives day Microsoft drops a great report with a bad chart The feds make their own crypto currency and get it pumped Forti-, Palo- and Ivanti-fail And much, much more. This weeks episode is sponsored by detection-as-code vendor Panther. Casey Hill, Panthers Director Product Management joins to discuss why the old just bung it all in a data lake and ??? approach hasnt worked out, and what smart teams do to handle...
Secure AF - A Cybersecurity Podcast
Iranian APTs Targeting U.S. PLCs: OT Wake-Up Call for SOCs
Got a question or comment? Message us here!Iranian-affiliated APT actors are actively targeting U.S. critical infrastructure, specifically PLCs powering essential operations across water, energy, and manufacturing.This #SOCBrief breaks down the latest CISA alert, how attackers are exploiting OT environments, and what security teams need to be watching for right now. From key indicators to practical defense strategies, this is your wake-up call to treat OT as a high-value target.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Google Chrome Zero-Days Under Active Attack What SOCs Need to Do Now
Got a question or comment? Message us here!Chrome just became the attack surface of the week.Were breaking down the latest zero-day exploits, what attackers are doing with them, and how SOC teams can respond before it turns into something bigger.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Beyond the Network: The Rise of Medical Device Security
Got a question or comment? Message us here!Healthcare security isnt just about networks anymore.In this episode, we dive into the complex world of connected medical devices, the challenges of securing them, and why organizations need a more holistic approach to cybersecurity.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Interlock Ransomware Hits Cisco FMC Zero-Day: Lessons for SOCs on Edge Device Security
Got a question or comment? Message us here!Your firewall could be the entry point. A critical Cisco FMC zero-day is being used in real-world ransomware attacks, turning security tools into launchpads.In this episode, we cover whats happening, how attackers are exploiting edge devices, and how SOC teams can stay ahead.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Chinese Hackers Breach FBI Surveillance Network: Supply-Chain Lessons for SOCs
Got a question or comment? Message us here!Suspected Chinese state-linked hackers breached an FBI surveillance network ... not by breaking through the front door, but through a third-party provider.In this episode of the #SOCBrief, we break down how the attack happened, why supply chain vulnerabilities are one of the biggest risks facing SOC teams today, and what this means for organizations of all sizes. From compromised vendor access to real-world detection strategies, were covering how attackers are exploiting trusted connections, and how you can stay one step ahead.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere...
Ransomware as a Business: Inside Qilins Rise
Got a question or comment? Message us here!Qilin is quickly becoming one of the most dominant ransomware groups in the world, and its not because of groundbreaking tactics. Its because of their business model.In this episode, we break down how Qilin operates as a ransomware-as-a-service group, why affiliates are flocking to them (hint: 8085% payouts), and how thats fueling explosive growth across industries worldwide. From real-world attack patterns to how they gain access and evade detection, were diving into what makes this group so effective, and why organizations should be paying attention.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple...
MuddyWater's New BugSleep Malware Iran's Cyber Retaliation Ramps Up
Got a question or comment? Message us here!In this episode of the #SOCBrief, we break down BugSleep, a new backdoor malware tied to the Iranian threat group MuddyWater, and how its being used in targeted spear-phishing campaigns against organizations.Learn how the malware works, what indicators SOC teams should watch for, and practical steps to detect and defend against these evolving attacks.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
The Telus Hack ShinyHunters Strikes a Telecom Giant
Got a question or comment? Message us here!A massive breach has shaken the telecom world.In this episode of the #SOCBrief, we break down the alleged TELUS hack claimed by the ShinyHunters threat group, what data may have been stolen, and why the potential exfiltration of massive datasets could have far-reaching consequences for organizations worldwide. From OAuth tokens and API keys to customer PII and enterprise systems, we explore how attacks like this unfold and what organizations should be on the lookout. Tune in now at secureafpodcast.comSupport the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get...
A.I. as a Multiplier: Introducing Vector Pulse A.I.
Got a question or comment? Message us here!A.I. conversations are everywhere ... but how can businesses realistically use it today? In this episode of Secure AF, we introduce Vector Pulse A.I. and discuss how A.I. can help organizations automate workflows, improve operational efficiency, and support smarter decision-making.We also dive into the growing excitement (and concerns) around A.I., common mistakes companies make when adopting it, and practical advice for leaders looking to explore A.I. responsibly.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Got a question or comment? Message us here!Geopolitical tensions are rising ... and cyber threats arent far behind. In this episode of the #SOCBrief, we break down the escalating U.S.-Iran conflict, the potential cyber retaliation from Iranian threat actors, and the steps SOC teams can take now to stay ahead of attacks and protect critical systems.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
OSINT Essentials Unlocking Not So Hidden Insights for Your SOC
Got a question or comment? Message us here!Open-source intelligence (OSINT) isnt just for threat actors ... its a powerful advantage for SOC teams too. In this episode, we break down how publicly available data can help you uncover exposed assets, detect vulnerabilities early, and shrink your attack surface before attackers do.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Talking SOC Shop: How SOCs Show Value to Leadership
Got a question or comment? Message us here!This episode of the #SOCBrief goes beyond day-to-day cybersecurity news and dives into what SOC success actually looks like from the leadership side. Andrew and CISO Jonathan Kimmitt discuss how SOC teams can communicate risk, create meaningful deliverables, use metrics effectively, and gain leadership buy-in for security decisions.From risk profiles to reporting and real-world decision making, this episode focuses on turning SOC activity into measurable organizational value. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Keeping AI Human-Centered in Digital Forensics
Got a question or comment? Message us here!AI can categorize images, analyze logs, and surface patterns faster than any human ever could, but it doesnt understand context, legality, or nuance. In this episode, we discuss how AI is transforming criminal forensics and SOC investigations while examining the ethical, legal, and operational guardrails that must stay in place. As organizations adopt more AI-driven tools, the real challenge isnt capability ... its maintaining responsible human control. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
SmarterMail RCE Flaw Ransomware's New Favorite Door
Got a question or comment? Message us here!No phishing. No user interaction. Just exposed services and a missing authentication check. In this episode of the #SOCBrief, we dive into the SmarterMail RCE flaw already being exploited in the wild and why mail servers continue to be prime ransomware targets. We cover indicators to hunt for, detection tips, and practical steps SOC teams can take to reduce risk fast. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
MSI Mayhem RATs Hiding in Phishing Installers to Evade Detection
Got a question or comment? Message us here!Attackers are hiding remote access trojans (RATs) inside malicious MSI installers disguised as legit software, and its surging in early 2026. We break down how these phishing attacks bypass EDR, what to look for, and how SOC teams can stop them before they turn into full-blown breaches.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Love as an Attack Vector
Got a question or comment? Message us here!Romance scams spike around Valentines Day ... and theyre more dangerous than you think. In this episode, we break down how scammers build emotional trust, isolate victims, and turn relationships into financial and emotional traps. Learn the warning signs, the psychology behind the scams, and how to protect yourself and the people you love .Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Double Trouble: Microsoft Office and Fortinet FortiCloud Flaws Under Attack
Got a question or comment? Message us here!This weeks #SOCBrief covers a dangerous double-hit: a Microsoft Office security bypass and a Fortinet FortiCloud authentication flaw, both exploited in the wild. Andrew walks through what the CVEs mean, how attackers are abusing trusted tools, and the patching and hunting steps SOC teams should take immediately.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Top Ransomware Threats Dominating Early 2026
Got a question or comment? Message us here!Ransomware is kicking off 2026 at full speed. We break down the top active groups right now, how theyre getting in, what infrastructure theyre targeting, and the key indicators your SOC should be watching to stay ahead. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Inside the Breaches: Real Insider Threat Case Files
Got a question or comment? Message us here!Insider threats dont start with malware ... they start with access. From disgruntled employees to overlooked contractors, this episode breaks down real-world cases, common patterns, and how organizations can better protect what matters most. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
CISA Retires 10 Emergency Directives Progress for Feds, Wake-Up for the Rest of Us
Got a question or comment? Message us here!CISA has officially retired 10 emergency directives ... marking real progress for federal cybersecurity But for the private sector, these old vulnerabilities are still very much in play In this #SOCBrief, we break down what was retired, why it matters, and what your SOC should do next.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
New Year SOC Reset: New Year, New You(r Security Posture)
Got a question or comment? Message us here!Kick off 2026 by hitting reset on your SOC . In this episode of the #SOCBrief, we break down key January priorities, from annual security posture reviews and rule tuning to training refreshers and forward planning, so your team starts the year resilient, aligned, and ready for whats next.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Got a question or comment? Message us here!When the threat isnt external, its personal. This episode breaks down insider threats and corporate espionage: how trusted access turns into real risk, what warning signs to watch for, and how organizations can protect themselves. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Holiday Cyber Threats & Whats Coming Next
Got a question or comment? Message us here! In this episode, CISO Jonathan Kimmitt steps in to break down the latest cybersecurity threats impacting organizations during the holiday season and beyond. From ransomware spikes during understaffed weekends to holiday-themed phishing, critical Patch Tuesday vulnerabilities, and emerging AI-powered social engineering, Kimmitt covers what security leaders need to know as we head into 2026.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
End-of-Year Wrap: 2025 Threat Trends and Bold Predictions for 2026
Got a question or comment? Message us here!In this special end-of-year SOC Brief, Andrew breaks down the biggest threat-actor and ransomware trends that shaped 2025, and what cybersecurity teams should be preparing for in 2026. From AI-powered ransomware and supply-chain attacks to the growing blur between nation-state operations and cybercrime, this episode connects the data, the patterns, and the predictions that matter most heading into the new year. Tune in at secureafpodcast.com to hear whats evolving, whats accelerating, and where defenders have a real chance to shift the advantage before 2026 begins.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple...
Holiday Season Security: Preparing Your SOC for the Festive Chaos
Got a question or comment? Message us here!This weeks SOC Brief dives into why the holidays are prime time for cyberattacks from surging phishing attempts to sloppy vendor configs, alert fatigue, staffing gaps, and the seasonal spike in ransomware activity. Andrew and Dylan break down what SOCs should be watching for, how to prep, and how to stay covered even when headcount is low. Stay ahead of the threats this holiday season.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 100: Retrospective AF!
Got a question or comment? Message us here! EPISODE 100 IS LIVE! Were celebrating 100 episodes of the Secure AF Podcast!This special edition features CEO Donovan Farrow and CISO Jonathan Kimmitt as they look back on the history of Alias Cybersecurity, the growth of this show, and the journey that brought us here. And we wouldnt be here without you, the listeners who made this possible. Additional links:Seccon information and tickets: https://seccon.com/Hacker Gift Guide: https://aliascybersecurity.com/blog/2025-ethical-hackers-holiday-gift-guide/Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
The Reality of Stalking in a Digital Age
Got a question or comment? Message us here!This episode dives into one of the darkest issues cybersecurity intersects with: stalking. Kimmitt and Peters discuss real cases, modern cyberstalking tactics, privacy failures, the challenges of protective orders, and what victims can do to stay safe. If you've ever wondered how digital footprints turn into real-world danger, or how to protect yourself, this episode is essential. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Special Episode: Inside Weekly Threat-Intel Briefings with a vCISO
Got a question or comment? Message us here!Get an inside look at how weekly threat-intel briefings really work in a mature security program. In this special episode, vCISO Jonathan Kimmitt breaks down how raw intel turns into real risk decisions, what trends are hitting organizations right now, and how SOC teams can brief leadership in a way that actually drives action. Stay sharp, stay informed, and stay secure. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
React2Shell Zero-Day : Chinese Hackers Strike Within Hours
Got a question or comment? Message us here!A new zero-day is already under active exploitation. This weeks SOC Brief breaks down the React2Shell vulnerability (CVE-2025-55182), how attackers moved within hours of disclosure, and what SOC teams need to do now to reduce exposure and stay ahead of fast-moving threats. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Tis the Season for Cybercrime: How Hackers Target Holidays
Got a question or comment? Message us here!In this #SecureAF episode, Tanner and Dylan share real-world IR stories, common attack vectors, SOC fatigue during holiday PTO, and the #1 thing every organization should do before stepping away for the season. If youve ever wondered why cyber incidents always seem to hit when everyone is off work, this one explains it. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
U.S.-Venezuela Tensions: Cyber Risks for American SOCs
Got a question or comment? Message us here!In this episode of the #SOCBrief, we dig into how world events can trigger cyber fallout that lands directly on the desks of security teams. From ransomware crews capitalizing on instability to hacktivists launching DDoS attacks and opportunistic actors going after vulnerable sectors, we talk through why geopolitical tension often leads to increased cyber activity. We break down real patterns, recent trends, and the warnings SOCs should be paying attention to right now ... plus practical defensive steps you can take to stay ahead of emerging threats. Support the showWatch full episodes at...
When People Think Theyve Been Hacked
Got a question or comment? Message us here! This #SecureAF episode covers the everyday questions and concerns people have when they think something unusual is happening with their devices or accounts. Hickman and Peters talk through typical scenarios, common misunderstandings, and the foundational steps that help people regain control of their accounts.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
FortiWeb Zero-Day: Silent Patch and Firewall Wake-Up Call
Got a question or comment? Message us here!This weeks #SOCBrief dives into the FortiWeb zero-day thats letting attackers create admin accounts with a single unauthenticated HTTP request. With exploitation spiking and Fortinet pushing out a quiet fix, SOC teams are under pressure to lock down configs, audit firewalls, and patch fast. We break down what happened, whos affected, and how to defend before attackers pivot deeper into your network.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
The Halls: 2025 Hacker Gift Guide
Got a question or comment? Message us here!Were back with the Hacker Holiday Gift Guide, and this years lineup is stacked with RF gadgets, Wi-Fi tools, red-team essentials, and quirky cyber gifts Tanner swears by. Whether youre shopping for a pentester, a tinkerer, or someone who just loves breaking things (legally), these picks wont miss. Get ready to level up your holiday shopping.Read here https://aliascybersecurity.com/blog/2025-ethical-hackers-holiday-gift-guide/Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Patch Tuesday: Zero-Day Alert and Patching Must-Dos
Got a question or comment? Message us here!A new zero-day. 63 flaws. Endless patching chaos. This weeks #SOCBrief breaks down Microsofts November Patch Tuesday and what it means for your SOC. Well cover the top critical CVEs, patching priorities, and how to keep your systems resilient before attackers strike.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Got a question or comment? Message us here!This week, were digging into a case where ransomware negotiators allegedly became the attackers themselves, leveraging insider access to hit organizations they were supposed to help. This one raises real questions about trust, vendor oversight, and the human element in incident response. We break down what happened and what SOC teams can take away from it.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
The Art Of The Con (Cyber Edition)
Got a question or comment? Message us here!In this episode, we break down the real mechanics of social engineering, from phishing emails and text scams to vishing calls and full-on physical pen tests. We share stories from the field, including how attackers build trust, why confidence is often more effective than technical skill, and what happens when social engineering meets the physical world.If youve ever wondered how someone can just walk right in and blend into a company they dont work for this ones for you.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get...
Atroposia RAT: The Malware That Scans for Its Own Exploits
Got a question or comment? Message us here! A new threat is making waves ... Atroposia RAT, a remote access trojan that doesnt just infiltrate systems but scans them for vulnerabilities to exploit further. In this episode, we break down how this modular malware operates, how it hides, and why its built-in scanner is a game-changer for attackers. Learn the detection cues, patching priorities, and defensive measures SOC teams need to stay ahead.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Got a question or comment? Message us here!Im not a robot. Hackers are exploiting fake Im not a robot CAPTCHA pages to deliver malware. Host Andrew Hickman breaks down how this ClickFix attack uses social engineering to steal data and evade detection. Tune in to learn key defense tactics and how to keep your team protected.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
RondoDox Botnet Expansion: The Shotgun Approach to IoT Exploitation
Got a question or comment? Message us here!This week on the #SOCBrief, Andrew breaks down RondoDox, a rapidly growing botnet campaign taking aim at routers, DVRs, and IoT devices worldwide. With over 50 vulnerabilities across 30+ vendors, this shotgun exploitation strategy is fueling massive DDoS and crypto-mining attacks.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Obscura Ransomware: Unmasking a Stealthy New Threat
Got a question or comment? Message us here!In this weeks #SOCBrief, Hickman and Peters break down Obscura ...a new ransomware variant making waves with aggressive evasion tactics, process terminations, and domain controller targeting. We cover whats known so far, the risks it poses to businesses, and the key defenses every SOC should prioritize.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Pen Test Potential: How Organizations Are Missing Out on Fortifying the SOC
Got a question or comment? Message us here!Whats the real difference between a penetration test and a red team engagement, and how can each benefit your SOC? In this episode, Andrew is joined by Tanner, to unpack how pentests uncover vulnerabilities, how red teams stress-test defenders, and why every organization should be leveraging these exercises.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
2025 SECCON Debrief
Got a question or comment? Message us here!This week on #SecureAFPodcast, were recapping #SECCON 2025. From the keynote to the villages and everything in between, join us for a look back at the highlights, takeaways, and community moments that made this years conference our best yet.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Ransomware Rising: Variants, Tactics, and Defenses in 2025
Got a question or comment? Message us here!Ransomware is evolving faster than ever, from double extortion tactics to lightning-fast attack chains. In this episode, we break down how these threats work, why every organization is a target, and the layered defenses SOCs can use to detect and stop attacks early.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
FileFix Fiasco Steganography's Stealthy StealC Drop
Got a question or comment? Message us here!In this episode of The #SOCBrief, we break down the rising FileFix attack, a new social engineering technique using steganography to deliver info-stealing malware. Learn how attackers disguise malicious PowerShell commands, the risks this poses for browsers, messengers, and crypto wallets, and the proactive defenses SOCs can use to detect and contain these threats before they escalate into larger breaches.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Monitoring the Dark Web for Leaked Data in DFIR
Got a question or comment? Message us here! This episode of The #SOCBrief dives into the world of dark web monitoring in digital forensics and incident response. Learn why leaked credentials are a top threat, how to safely detect exposures, and what steps SOC teams can take to stay proactive.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Mastering Incident Response: Essential for SOC Success
Got a question or comment? Message us here! This week on The SOC Brief, were breaking down incident response (IR) ... why its essential, how to build a strong plan, and what SOC teams can do to turn chaos into control. From preparation and containment to recovery and lessons learned, learn how a solid IR strategy saves time, money, and reputation. Tune in now at secureafpodcast.comSupport the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
DEF CON 33 Debrief
Got a question or comment? Message us here!Fresh off the chaos of DEF CON 33, Tanner, Hickman, and Will break down the four-day hacker conference, from the eye-opening hacker villages and mind-bending talks to Hickmans clutch CTF victory and Wills bold dive into the Social Engineering Communitys Vishing Competition. No sleep, all signal.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Crypto24 Ransomware: Bypassing EDR and Bolstering Defenses
Got a question or comment? Message us here!In this episode, we break down the emerging Crypto24 ransomware attacks that use living-off-the-land techniques to bypass EDR. Well explore how these attacks unfold and the defensive strategies SOCs and organizations can use, like layered security, enhanced monitoring, and rapid response, to stay ahead of evolving threats.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Gone Vishing: The Recent Surge of Vishing Attacks
Got a question or comment? Message us here!This week, were unpacking the phishing wave hitting SaaS platforms ... from social engineering to OAuth abuse and AI voice spoofing. Learn why people remain the #1 attack vector and how to stay one step ahead.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
SonicWall Firewall Ransomware Breakdown
Got a question or comment? Message us here!On this episode of the #SOCBrief, we break down attacks on SonicWall firewalls. A wave of ransomware, possibly exploiting zero-day vulnerabilities, is compromising even fully patched systems. Learn how SOCs can respond fast and stay ahead.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Spilling the Tea: What Happens When Apps Launch Without Locking Down Security
Got a question or comment? Message us here!This weeks SOC Brief unpacks how a misconfigured cloud bucket exposed 72,000+ user images from the Tea app, complete with geolocation metadata and real IDs. From national security risks to doxxing fallout, we break down what went wrong and what your security team must do to avoid the same mistakes.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
A Critical ZERO-DAY (CVE-2025-53770)
Got a question or comment? Message us here!A critical zero-day (CVE-2025-53770) is actively targeting on-premises SharePoint servers AND its already been used to compromise over 100 organizations. In this #SOCBrief, Andrew and Tanner break down how the exploit works and what steps your team should take now. If your SharePoint instance is public-facing and unpatched ... assume compromise. Tune in for insights, mitigation tips, and what to look for in your logs.Links:https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-overviewhttps://www.cisa.gov/news-events/alerts/2025/07/20/update-microsoft-releases-guidance-exploitation-sharepoint-vulnerabilitiesSupport the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Offboarding isn't just HR's job
Got a question or comment? Message us here!In this weeks #SOCBrief, we break down why offboarding policies are ABSOLUTELY critical for security teams. Overlooked items from abandoned accounts to old VPN access can leave backdoors wide open. Learn how SOCs monitor, contain, and shut down lingering access, and why communication between HR, IT, and cybersecurity is essential. Tune in. secureafpodcast.comSupport the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Aligned by Design: CISO x Legal in Practice - Episode 92
Got a question or comment? Message us here! NEW! Aligned by Design: CISO x LegalIntroducing! A fresh new series that explores the intersection of cybersecurity and legal strategy. Join Alias CISO Jonathan Kimmitt and privacy attorney Tom Vincent as they unpack what happens when technology, compliance, risk, and law collide.From real-world experiences to the nuances of the term "breach", these two break down the how, why, and what now? behind every security decision and legal gray area. Whether you're in the trenches of infosec or just trying to keep your data clean, CISO x Legal is your go-to podcast for...
Record-Shattering DDoS Attack Alert
Got a question or comment? Message us here!Hackers just unleashed the largest DDoS attack in history, peaking at 7.3 Tbps and 4.8 billion packets per second. In just 45 seconds, it pummeled its target with the data equivalent of over 9,000 HD movies, a powerful reminder of how far attack capabilities have evolved. Tune in to todays SOC Brief for insights on DDoS attacks and how to up your defenses.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Secure AF SOC Brief #5 - Chrome CVE-2025-6554
Got a question or comment? Message us here!In this episode of The SOC Brief, the team unpacks a critical zero-day vulnerability in Google Chrome (CVE-2025-6554) thats being actively exploited. Learn how attackers use type confusion bugs to hijack browser memory, what makes this exploit so dangerous, and why its targeting high-value organizations. Discover actionable steps for updating Chrome, securing endpoints, and training users to spot phishing attempts before they lead to compromise. Tune in and stay prepared.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Ep 91: The Engineers React to Breach News
Got a question or comment? Message us here!In this episode, our security engineers break down the latest cybersecurity headlines, from the real scoop behind the 16 billion password leak to the rise of hacker groups like Scattered Spider. We discuss how attackers bypass MFA, why exploited data keeps resurfacing, and what organizations can do to protect sensitive data. Plus, we dive into industrial control system risks and why basic cybersecurity hygiene matters more than ever. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Secure AF SOC Brief #4 - False Positives
Got a question or comment? Message us here!In this episode of The SOC Brief, Andrew and Dax dive into the world of false positives those misleading alerts that flood security teams with noise.They discuss how misconfigurations, lack of context, and overly sensitive rules can lead to alert fatigue. With practical tips on investigation, tuning tools, and understanding your environment, they highlight how reducing false positives helps analysts stay sharp and focused on real threats .#SOCBrief #FalsePositives #SecureAFSupport the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Secure AF SOC Brief #3 - IOCs
Got a question or comment? Message us here! New SOC Brief Episode: Tracing the BreadcrumbsCybercriminals always leave a trail, if you know where to look. In this episode, we break down Indicators of Compromise (IOCs) and how they help security teams detect and respond to threats faster. What we cover: Real-world incident reports & proof of concept examples Threat actor aliases & ransomware group tactics File hashes, EDR tools, and forensic breadcrumbs Why the moment you feel most secure, youre the most vulnerableWhether you're in threat intel, SOC operations, or just passionate about cybersecurity, this ones for you. Tune in...
Episode 90: Global Wars - Cyber Strikes Back
Got a question or comment? Message us here! New Secure AF Episode: Global Wars: Cyber Strikes Back How does global news shape cybersecurity operations? In this episode, we dig into how real-world events influence the threats we track, the way we respond, and the tools we use for social engineering/pentesting. We talk threat intel, evolving attack methods, and what teams should be looking out for right now. Tune in and stay Secure AF.#CyberSecurity #SecureAF #ThreatIntel #PodcastSupport the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Secure AF SOC Brief #2 - SafePay
Got a question or comment? Message us here! This Week on the SOC Brief:Join Andrew and Dax as they dive into the emergence of a new threat actor known as SafePay . They break down the latest tactics, techniques, and procedures observed from this group, offering insights into how organizations can stay vigilant. From detection strategies to proactive defense measures , this episode is packed with actionable advice for keeping your company secure.Dont miss it, tune in now! Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 89: Meet the Alias SOC - on the Battlefront of Cybersecurity
Got a question or comment? Message us here! Inside the SOC Go behind the scenes with the Alias Security Operations Center (SOC) team to learn how they operate, collaborate, and tackle todays top cyber threats .Find out why a SOC matters, and how organizations can still leverage SOC insights and support, even without one in-house . Tap in and get cyber-smart with the experts.#CyberSecurity #SOC #ThreatIntel #PodcastSupport the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Secure AF SOC Brief #1 - SOC Life
Got a question or comment? Message us here!Welcome to The SOC Brief our byte-sized mini series bringing you weekly updates straight from the Security Operations Center.In this episode, Andrew, Dax, and Dylan break down what life in the SOC looks like, the rise of malvertising, and the emerging threat known as Recipe Lister, discussing how its being tracked.Tune in for a quick, expert-led look into the latest in cybersecurity. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Got a question or comment? Message us here!Alias Cybersecurity Jonathan Kimmitt is joined by Chad Kliewer to discuss the exciting CISO Showdown competition between Chief Information Security Officers (CISOs) at BSidesOK. They delve into the history of the showdown, how it works, and highlight significance of the championship belt. Tune in as they share insights and fun facts about this unique event!Don't miss out! Follow us for more updates, episodes, and all things cybersecurity!Instagram: @alias_cybersecurityX: https://x.com/cyber_afLinkedIn: https://www.linkedin.com/company/aliascybersecurity/Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 87: Securing Patient Data with HIPAA's New Security Rules
Got a question or comment? Message us here!Alias Cybersecurity CISO Jonathon Kimmitt is joined by Derrac Page to discuss the new changes to the HIPAA security rules being set in place this year. Listen as they go over many of the biggest points raised from the 660+ page guidelines and discuss ways that HIPAA Privacy Officers and HIPAA Security Officers can get ahead of compliance.Sponsored by Arrow Force, an MSP that puts Security First. https://www.arrowforce.comSupport the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 86: How to make your pen test training not suck
Got a question or comment? Message us here!Following BSides Oklahoma where Tanner gave an 8 hour training on the basics of penetration testing, Tanner and Keelan give advice on how to present red team/pen test training... specifically how to make the trainings not suck. Sponsored by AFCyberAcademy.com.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 85: Is SANS the overpriced dinosaur of cybersecurity training?
Got a question or comment? Message us here!On this week's Secure AF podcast, Tanner poses a controversial question: is SANS the overpriced dinosaur of cybersecurity training? The answer is not a simple one. Listen in as Tanner and CISO Jonathan Kimmitt go in depth on the pros and cons of different security certifications such as Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), and more.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 84: New Years Cyber Resolutions Part 2
Got a question or comment? Message us here!As we step into the new year, it's essential to reinforce our defenses against cyber threats. Join Jonathan Kimmitt and Todd Wedel for part 2 of their discussion of cyberresolutions.Their list includes:- **Data Inventory**: Know your datawhat, where, and who has access. Regular audits are a must!- **Backup Strategies**: Implement air-gapped backups and regularly test their effectiveness.- **Incident Response Playbooks**: Develop and regularly update clear procedures for handling breaches.-**And more!**Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 83: New Years Cyber Resolutions Part 1
Got a question or comment? Message us here! Kickstart 2025 with Cybersecurity Resolutions! In our latest podcast episode, Todd and Jonathan discuss crucial strategies for a secure year ahead. Tune in for more insights and make this year your most secure yet! #Cybersecurity #AI #Secure2025Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 82: Leaving It All On The Table - The What, How, and Why of Tabletop Exercises
Got a question or comment? Message us here!Ready for an IR? You may have controls, policies, and procedures, but how do you know they exist? Are robust? Followed and adhered to? Join Jonathan Kimmitt and Alexandria Hendryx as they discuss what a tabletop is, how to conduct one effectively, and why they matter to your organization to prevent and prepare for the hoped never to appear IR.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 81: IR Aversion, Part 2
Got a question or comment? Message us here!Join Jonathan Kimmitt and Todd Wedel as they continue discussing how to practice IR aversion tactics. 'Tis the season for IRs and best practice cybersecurity.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 80: IR Aversion, Part 1
Got a question or comment? Message us here!'Tis the holiday season! A time for family...and breaches. Want to be cyberprepared to spoil the hacker's celebration? Listen to our 2 part series where Jonathan Kimmitt ensures your festivities are without incident.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 79: Firewall Follies
Got a question or comment? Message us here!Firewalls are an often overlooked or unmanaged part of a network infrastructure. Listen as Andrew Hickman and Keelan Knox discuss what they are, why you should pay attention to them, what we've seen on incident responses, and what you need to do to secure your network.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 78: S3CCON Debrief
Got a question or comment? Message us here!Attend S3CCON? Enjoy experiencing the recap. Miss S3CCON? Hear what was awesome, what we learned, and what to look forward to in 2025!Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 77: Defcon Debrief 2024
Got a question or comment? Message us here!Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 76: Losing the Cyberwar Through Marketing, Part 2
Got a question or comment? Message us here!Jonathan and Todd continue the conversation about how the way we talk about cybersecurity puts us in a deficit against the malicious actors and how we might reframe to better equip the defenders.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 75: Losing the Cyberwar Through Marketing, Part 1
Got a question or comment? Message us here!Are hackers really as successful as they appear? Or is it that they have better messaging? Join us for a conversation about how marketing around cybersecurity might play a part in the hacker mystique.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 74: Internship Intrigue
Got a question or comment? Message us here!On this episode of the SecureAF Podcast, Keelan Knox interviews our 2024 interns. They share insights on how they got in, what they are learning, and where this will take them.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 73: Never Been Vished?
Got a question or comment? Message us here!Alias CEO Donovan Farrow and Business Development Coordinator Trey Allen talk the tips and tricks of the vishing trade. They're gearing up for the DEFCON social engineering village. Listen or watch to hear their tales and experiences to learn how they're going to bring the heat to Las Vegas.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 72: Security in Process
Got a question or comment? Message us here!Bryan Filice of Trap Technologies joins Keelan Knox to talk about the current threat landscape and why security has to involve every system, host, and employee.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 71: When the CISO Speaks Up
Got a question or comment? Message us here!Ever wonder what your CISO (or CIO or anyone in IT security management) may be thinking? Are youre the one in that position having those thoughts? Join Jonathan Kimmitt as he describes all the things CISOs wish they say but don'tand why and when they should.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 70 - Boeing and Beyond
Got a question or comment? Message us here!Heard about the recent revelation of the Boeing breach? Join Alias CEO Donovan Farrow on the SecureAF Podcast as he lays out what we know, what we don't, what this means, and what we hope to learn to better protect our companies and communities, locally and nationally.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 69 - AI or BS
Got a question or comment? Message us here!AI is all the rage. Or AI having rage is the bigger fear. Doesn't matter where you go, it's a topic of attention. The potential uses and abuses are touted on every news station and from every pundit, whether proponent or naysayer. But what's true? Especially in the realm of cybersecurity?Our engineers have on-the-ground knowledge of AI's capabilities, from the theoretical of how AI could be leveraged to the practical of how it actually is employed. Join CEO Donovan Farrow and Principal Security Engineer Tanner Shinn as they discuss the realities of AI...
Episode 68 - It's Exploit O'Clock
Got a question or comment? Message us here!Seriously, do you know where your data is? Its an often overlooked question in cybersecurity. In the case of an incident, without knowing where your data is, how do you know whats been accessed? Where else that data might be? Whats needed to remediate? And whats less crucial to restore?But even before an incident, how do you know what to protect if you dont know where your critical and privileged information is? How do you best allocate time, manpower, and resources in the absence of knowing what needs most attention?In this episode, we'll...
Episode 67 - The CISO Pen Test
Got a question or comment? Message us here!What good is a Pen Test? There are a host of answers - knowing your environment, identifying dangers, implementing remediations, meeting compliance.But how should a CISO view a Pen Test given their unique role in the organization? How do they best understand the need, the conduct, the reporting, and the follow through?On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt shares his experience and expertise both in his years in the role and as a consultant for other organizations.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere...
Episode 65 - Holistic Security
Got a question or comment? Message us here!Cybersecurity is critical to an organization. But cybersecurity is only part of a robust security posture. Its equally important, and in fact of first importance, to assess information security. You need to assess what privacy guidelines, compliance, and best practices entail what data you can have so you can determine the security needed to keep it safe.On this episode of the SecureAF Podcast, host Jonathan Kimmitt is joined by Andrew Hernandez, Director of Risk Management at Trapp Technology to discuss why this framework matters and how to position your organization for secure information...
Episode 64: Rules of Engagement
Got a question or comment? Message us here!Scheduling a cybersecurity engagement can be stressful, for client and pentester alike. Both want the same thing - a well conducted, accurate assessment of the client infrastructure to provide the best value add to bolster cybersecurity.It helps to start from a shared set of standard expectations and practices. On this episode of the SecureAF Podcast, Tanner Shinn and Keelan Knox discuss the 5 Rules of Engagement that every pentester and customer should know and commit to.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 63 - Critial Infrastructure: The Final Frontier
Got a question or comment? Message us here!wWhat's the Final Frontier? For Trekkies, it's space. For cybersecurity, it's Critical Infrastructure. Might not sound exciting, but the risks from poor security and the rewards of strong controls might get you to sit up and take notice. Maybe even motivate you to boldly go where no ethical hacker has gone before.On this episode of the SecureAF Podcast, Donovan Farro and Phillip Wylie discuss why Critical Infrastructure matters, where the vulnerabilities are (such as being 20 yrs behind in awareness and implementation), what Alias does to test, and what you can do to...
Episode 62 - Entering Cyber Sideways
Got a question or comment? Message us here!Wondering what the best path into cybersecurity is? Here's a hint: There's not one answer. On this episode of the SecureAF Podcast, Tanner Shinn and Keelan Knox share very different stories of getting into the field. Even with different paths, they'll share what they have in common and what you should think about and do if you want to become an ethical hacker. Spoiler alert - one of their recommendations is to find internships. Alias is currently accepting applications here: https://bit.ly/3TMDWM0Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere...
Episode 61 - Pen Test Types
Got a question or comment? Message us here!You may have heard of Penetration Tests. You may know you need one. You may have had one or more. But do you know there's more than one type? More than one take? More than one test? On this episode of the SecureAF Podcast, Alias Principal Security Engineer Tanner Shinn and CISO Jonathan Kimmitt discuss the types of Pen Tests, how they're conducted, what they measure, and why they are needed. You'll walk away more informed about this important cybersecurity topic and more ready to know what you need to secure your environment....
Episode 60 - Integris' Assumed Incident
Got a question or comment? Message us here!There has been a lot of news about the alleged incident experienced by Integris. Some of you may have even received emails from the threat actors revealing personal information to solicit money. This is not the first attack to leverage the threat of leaked data for monetary reward. It is among the first for the threat actors to directly appeal to the individual victims.Join host Donovan Farrow and guest Chris Yates for a discussion about the cybersecurity backdrop to this assumed incident, what we know about what has happened, and what you can...
Episode 59 - Pen Test Gaps
Got a question or comment? Message us here!You know you need regular penetration tests to ensure your network is secure. You know the steps to remediate the findings and take the recommended actions to continue on a path toward cybersecurity. But what about what you don't know? What about what the penetration test doesn't cover or doesn't reveal?On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt and Director of Security Phillip Wylie share their insights on what penetration tests should cover, what they often don't, and how to verify you're getting what your organization needs. These two bring...
Episode 58 - Solar Winds and Beyond
Got a question or comment? Message us here!The Solar Winds breach is not news. The CISO being personally named in the investigation is. Although not the first CISO to be so identified, this is the most high profile. This raises questions for the future of CISO role and responsibility and IT more generally. Should an individual be held responsible for an incident? What is their responsibility to monitor and report? Does this responsibility extend from C-Suite to SOC Analyst? What legal precedent might this set? On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt and Principal Engineer Tanner...
Episode 57 - Introducing Phillip Wylie
Got a question or comment? Message us here!If you follow our socials, you know Phillip Wylie recently joined the Alias crew! Were excited to welcome him to help us build our teams presence supporting organizations and individuals growth in cybermaturity.Join Alias CISO Jonathan Kimmitt to hear his story of getting into cybersecurity, whats brought him to Alias, and what's to come.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 56 - The Human Incident Response
Got a question or comment? Message us here!It requires technical expertise to respond to a breach. It requires thinking like a hacker to know where to go, what to do, and what level of response is appropriate. It requires the human element. But humans aren't machines. Your staff and any outside experts require basic needs to be met: food, shelter (well, at least sleep), probably a lot of caffeine. In a crisis, it's easy to not attend to those. How much easier is it to not attend to the interpersonal dynamics both during and after an incident, to restore your...
Episode 55 - The Hacking Business
Got a question or comment? Message us here!Did you know some ransomware groups have customer support better than major businesses? That the negotiations might feel more like a regular corporate transaction than a back-alley holdup?On this episode of the SecureAF Podcast, CEO Donovan Farrow and Security Team Lead Tanner Shinn share their experience working the business side of an Incident Response. You'll hear stories of every size and brand of company, lessons learned, and tips for how to respond.It's a fitting topic to begin Cybersecurity Awareness Month - join us to become more aware and armed to protect yourself, your...
Episode 54: Your Family Is The Target
Got a question or comment? Message us here!You know you may be a target. But what about your family? How could a hacker leverage those closest to you to gain advanced access to your work? Recently on the And Security For All podcast, Alias CISO Jonathan Kimmitt and Security Team Lead Tanner Shinn discussed this question. You can listen to their conversation here.On this episode of the SecureAF Podcast, they turn a Blue Team eye to your family. Join us as they discuss steps they currently take or would take with their family to ensure bad actors wont use them...
Episode 53 - DefCon Debrief 2023
Got a question or comment? Message us here!What were the lessons from Defcon 31? What were the most noteworthy experiences of the conference (Hint: it's not all about the talks and villages). On this episode of the SecureAF Podcast, join Alias Security Team Lead Tanner Shinn and Security Engineer Keelan Knox to hear what they learned and what went down this year at Defcon.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 52 - DEF CON Preview 2023
Got a question or comment? Message us here!Headed to DEF CON? Want to know what you should know and where you should be? And most importantly, how to survive? On this episode of the SecureAF Podcast, host Donovan Farrow and guest Tanner Shinn talk all thing DEF CON. New to DEF CON? Learn from us how to make the most of the experience. Returning to DEF CON? Remember best talks and best places to go and people to meet (including our team!). Not attending this year? Get a sense of what youre missing and why you should attend next year.Watch...
Episode 51 - Digital Forensics
Got a question or comment? Message us here!Digital forensics may be something you don't think about. Or think about only after an incident or breach. But knowing what techniques and tools are used will help equip you to understand your potential vulnerabilities and strengthen your security posture. And you'll gain more insight into the work an Incident Response team does. In this episode of the SecureAF Podcast, Alias CEO and digital forensics expert, consultant, and expert witness will share his experience and expertise. He'll share the technical techniques and tools, including in the video version a demonstration by our digital...
Episode 50! - Targets of Opportunity
Got a question or comment? Message us here!The SecureAF Podcast is 50! Listen this week as our hosts discuss a critical topic in cybersecurity.Your environment may be unique. Your business may feel to small to be noticed. But to a hacker, everyone is a target of opportunity, and every target may yield to the same avenues of attack. On this episode of the SecureAF Podcast, Alias CEO Donovan Farrow and CISO Jonathan Kimmitt discuss how to view your environment from the perspective of the attacker. And its not just your network. Its your people. Our hosts will cover how to...
Episode 49 - Pentester vs. Thintester
Got a question or comment? Message us here!Want to become a Pentester rather than a Thintester? Want to find out what a Thintester even means?In this episode of the SecureAF Podcast, Alias CEO Donovan Farrow and CISO Jonathan Kimmitt discuss one of our often-asked questions: What do I need to do to become a Pentester? They'll talk about what qualities and experiences prepare you for the role (you might be surprised!) and why knowing the why more than just the what of how to use tools and leverage exploits matter.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify...
Episode 48 - Updates and Announcements - Secure AF
Got a question or comment? Message us here!SecureAF host Donovan Farrow shares news about transitions with the SecureAF Podcast and exciting announcements about what else is coming for the Alias podcast lineup.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 47 - IOT and XIOT Devices and Dangers
Got a question or comment? Message us here!The Internet of Things (IoT) and connection Operational Technology (OT) devices has opened up possibilities for extending interconnectivity and creating means of more immediate controls on crucial systems and everyday devices. These open opportunities for hackers to exploit their connections and leverage access for malicious and destructive ends.On this episode of the SecureAF Podcast, special guest Brian Contos joins us to explore this new world of devices and dangers. Discover how IoT, OT & network devices are being hacked and by whom - Understand how these devices are being successfully leveraged for persistence...
Episode 46 - Hacking a Cybersecurity Career
Got a question or comment? Message us here!Building a cybersecurity career is a two-way street. There are the questions for those who do the hiring and those who are being hired - they're the same set of questions - What should and do employers look for? What education or certifications are needed? How do employers find and attract good talent?In this episode of the SecureAF Podcast, Chad Kliewer with ISC(2) joins host Donovan Farrow to talk about best principles and practices. Hiring managers - Learn how to find the best cybersecurity staff. Career seekers - Learn what managers are looking...
Episode 45 - Code of Honor
Got a question or comment? Message us here!Back the blue. Dont start a fight; always finish one. Hold the door. Yes, mam. Dont mess with Texas. From serious to seemingly frivolous, were steeped in ways to think, act, and believe. What if those are all expressions of a code that social engineers can use to leverage better exploits? On this episode of the SecureAF Podcast, Alias Cybersecurity Director of Communication Todd Wedel will share how this code works and how it can make you a better social engineer. #cybersecurity #infosec #socialengineering #cultureofhonorSupport the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple...
Episode 44 - Vendor Due Diligence
Got a question or comment? Message us here!How do you work with vendors to ensure they are meeting your requirements for regulatory compliance? In this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt will share his experience and expert tips on how to work with vendors to ensure a secure partnership.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Episode 43 - Cyber Training that Doesn't Suck
Got a question or comment? Message us here!How do people really change their cyber behavior?On this episode of Secure AF, Kevin Sesock met with us to discuss the challenges and pitfalls of traditional approaches to security training and his framework for training that doesn't suck.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#42 - SOC It To 'Em
Got a question or comment? Message us here!How do you build a Security Operations Center from the ground up?On this episode of Secure AF, Gharrett Workun and Wade VanDeburgh met with us to discuss how they lead the development of a SOC, as well as strategized creative ways to keep their team engaged.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#41 APIs: More Risk Than You Think
Got a question or comment? Message us here!Why arent we paying more attention to API security? Application Programming Interfaces (APIs) offer a wide range of ever expanding capabilities, but cybersecurity needs to catch up to keep these attack surfaces secure.On this episode of Secure AF, Phillip Wylie, Manager of Tech Evangelism & Enablement at CyCognito met with us to discuss the topic of his article Securing APIs Through External Attack Surface Management.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#40 Are The Hackers Winning?
Got a question or comment? Message us here!How are cybersecurity professionals doing in the fight against hackers? Are the hackers winning?This episode we chat with Donovan Farrow, CEO and Founder of Alias, as he breaks down the past present and future of cybersecurity.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#39 IT vs Cybersecurity
Got a question or comment? Message us here!Knowing how to build something isnt the same as knowing how to fix it. All too often, IT and Cybersecurity get lumped together and one is asked to do the others job. Though they may seem similar from the outside, both roles are uniquely important for sustaining your organizations data and network infrastructure.Join us for this episode of the Secure AF Podcast where we spoke with technical writer Todd Wedel about the differences between IT and Cybersecurity and how to better utilize each skill set.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple...
#38 Protecting Users From Themselves
Got a question or comment? Message us here!We've talked about password security a lot on this podcast, and well definitely keep talking about it. What we havent discussed enough is password security from the system administrator side.What can admins do to better protect their users from themselves? Find out in this episode of the Secure AF podcast as we talk with security engineer, Robert Leasure.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#37 Cybersecurity In Action
Got a question or comment? Message us here!This week on the Secure AF Podcast, we spoke with cybersecurity professionals about their experiences in the industry. Join guest host Wes Malone as he explores three different points of view from inside the cyber world.We were curious to find out how cyber pros felt about the industry. It was great hear from three individuals who got started and ended up on such different paths.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#36 Mental Health in Cybersecurity
Got a question or comment? Message us here!Mental health is one of those things that, while were getting better, we still often struggle to talk about and deal with. Our industry can be especially stressful and many cybersecurity professionals experience everything from imposter syndrome to burnout.We spoke with security engineer, Kallen Curtis, to discuss some of the most common mental health issues we face in the cybersecurity industry, how to identify them, and how to combat them.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#35 Your Internet Identity
Got a question or comment? Message us here!As an internet user, your anonymity is not guaranteed. Who has access to your information? Whose tracking your online habits? And how can you protect your privacy online? Find out in this Episode of the Secure AF Podcast!We spoke with two of our security engineers here at Alias, Andrew Lemon and Tanner Shinn, about how to stay anonymous online.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#34 Password Security
Got a question or comment? Message us here!Its Cybersecurity Awareness Month, are your passwords secure? Find out in this episode of the Secure AF Podcast!We chatted with Technical Writer, Todd Wedel, to dive into why password security matters and how you can make stronger passwords.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#33: Secure The Unexpected
Got a question or comment? Message us here!On this episode of the Secure AF Podcast, we spoke with Robert Leasure, security engineer at Alias, to explore some of the most interesting things we have discovered on pen tests.As pentesters, we encounter a lot of surprising things youd never expect to be vulnerable to cyberattacks. Even the smallest lapses in security can lead to a huge breach. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#32 Memory Forensics
Got a question or comment? Message us here!This week we spoke with our digital forensics expert, Andrew Peters, to highlight some important uses for memory forensics and how data can be recovered using computer memory.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#31 Bonus Episode - We Made the List: Inc. 5000's Fastest Growing Companies
Got a question or comment? Message us here!This week we have a special bonus episode of the Secure AF Podcast where we got to speak with CEO and Founder of Alias, Donovan Farrow, about his thoughts on our Inc. 5000 placement!Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#30: DEFCON Debrief 2022
Got a question or comment? Message us here!Our engineers just got back from the largest hacker conference in the nation. So join us for this episode where we discuss all the stuff Principal Security Engineer, Andrew Lemon, and Security Engineering Lead, Tanner Shinn, learned from the many talks and villages at DEFCON!Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#29: Catch the Biggest Phish
Got a question or comment? Message us here!Join us this episode as we speak with Technical Writer, Todd Wedel, about how to improve your Red Team skills. Catch the biggest phish with these phishing tips!Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#28: SIEM for Small Business
Got a question or comment? Message us here!As a small business, it's important you can still protect yourself and provide eyes on your network.With this in mind, I invited Alias Security Engineering Lead Andrew Hickman as we discuss SIEM tools and why even small businesses need them. Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#27: Why You Need a Cybersecurity Homelab
Got a question or comment? Message us here!In infosec, it's an intimidating task approaching new tools and exploits with the intent to determine how they work or if they'll break anything you didn't mean to break.With this in mind, I invited Alias Security Engineering Lead Tanner Shinn as we discuss homelabs. Why you need them, how you set them up, and more. Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#26: Password Cracking: An Overview
Got a question or comment? Message us here!How secure is your password really? Well it's time to find out. On this episode of the Secure AF podcast, you'll leave with a high level look of what password cracking is as well as how you can use better passwords.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#25: World Backup Day
Got a question or comment? Message us here!Learn practical tips on how you can backup your devices. Hard drive failure, weather, accidental deletion are just a few ways your data can be accidentally deleted.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#24: The Seven Steps of Digital Forensics
Got a question or comment? Message us here!Join our host Teddie as she sits down with Andrew Peters and talks about Digital Forensics. What is it? And why would I need it? Listen in to find out.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#23: L33T or Lame: A Hacker Tool Review
Got a question or comment? Message us here!"Top 10 Gifts for the Hacker in Your life" articles are incredibly common. But how do you know if some of the tools listed are actually worthwhile? On this episode, we went through a couple lists and categorized the tool as either l33t or lame based on real experience. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#22: Using OSINT: A Look at Open Source Intelligence
Got a question or comment? Message us here!Open source intelligence (OSINT) is a way of gathering data that is entirely publicly available. Learn how red team engineers use OSINT when on an engagement, the tools they typically use, and how people use OSINT in their daily lives without even realizing it.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#21: Conti Leak: A Look Inside
Got a question or comment? Message us here!Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#20: DEF CON 2021: The Alias Experience
Got a question or comment? Message us here!Miss out on DEF CON this year? A few of the Alias team members went and got to experience the hybrid conference in-person. Learn what the conference was like from Andrew Lemon and Tanner Shinn, security engineers at Alias.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#19: How Hackers Choose Who to Attack and Why Small Businesses Should Care
Got a question or comment? Message us here!Ever wonder how a hacker chooses what company to attack? I know I do. Which is why I brought Donovan Farrow, CEO of Alias, to join me on this episode of the Secure AF podcast.Learn why he thinks hackers target or dont target specific companies. And if you think this would never happen to me, Im too small a business - well - dont be so sure.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#18: Pissing Off Your Pentesters: A Storytelling Episode
Got a question or comment? Message us here!Lately, Ive wondered what happens on pen testing engagements when a client is so secure, the engineers arent able to get very far. What prevents them from moving? And how upset do the pen testers actually get?So, with those questions in mind, I invited Alias engineers Andrew Lemon and Tanner Shinn for a little bit of story time.Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get...
#17: Breaking Into Cybersecurity: How to Get Started in the Industry
Got a question or comment? Message us here!Learn how to break into the cybersecurity industry with these career tips. In this episode, we talk about what you need with experience, certificates, passion, and networking to kickstart your career in cybersecurity.Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#16: Rules of Engagement: Why You Gotta Have 'Em
Got a question or comment? Message us here!Rules were made to be broken, right? Not these rules.In this episode of the Secure AF podcast, get a high level look at rules of engagement. Learn why this document is critical to performing pen tests on a client.Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#15: Port Scanning and Why it Matters
Got a question or comment? Message us here!Port scanning. You've probably heard the phrase. But do you know what it means for your business? Should you port scan? What if somebody is scanning your company?In this episode of the Secure AF podcast learn more about port scanning. Get an understanding of what a port is, what happens when people port scan, and why it matters to you.Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere...
#14: Cyber Security Insurance: What You Need to Know
Got a question or comment? Message us here!Cyber security insurance is no joke.And spoiler alert: everybody needs it.In this episode of the Secure AF podcast learn more about cyber security insurance. Get an understanding of what it is, what it covers, what is doesn't cover, and more.Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#13: Phishing: How to Avoid Being the Bait
Got a question or comment? Message us here!Phishing is one of the leading methods hackers use to get your information. So what should you do to protect yourself? Know how to spot a phishing attempt. In this episode of the Secure AF cyber security podcast, Teddie Underkoffler and Donovan Farrow of Alias talk about what phishing is, how you can spot it, and what you should do if you think you've been phished.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#12: What You Need to Know About CMMC
Got a question or comment? Message us here!Have you started to hear more and more about the new CMMC regulations?The new CMMC framework is designed to assess and enhance the cyber security standing of government contractors. The primary purpose is to ensure any business handling controlled unclassified information is protected from digital attacks.As with anything new, there's a lot of uncertainty and fear surrounding the framework. That's why we met with Fred Tschirgi of Broadmoor Consulting to help people understand what to expect with the arrival of CMMC.Spoiler alert: there's no reason to stress about it.Support the showWatch full episodes...
#11: Network Monitoring and Tools
Got a question or comment? Message us here!How can you protect a network if you don't know what's on it? That's what network monitoring is for. In this episode of the Secure AF podcast, the Alias team discusses network monitoring. How it's done, what it is, why you should have it, and more.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#10: Ransomware: What It Is and How to Avoid It
Got a question or comment? Message us here!Ransomware. Just about everybody has heard of it. With all the recent attacks, it's hard to avoid it. In this episode of the SECURE AF podcast, the Alias team discusses ransomware, what it is, and how you can keep yourself safe from the threat.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#9: Meet the Alias Security Crew
Got a question or comment? Message us here!On this episode of SECURE AF podcast, get to knew three members of our security team! Wayne Kimberling, Andrew Lemon, and Jeff Bowie talk about their experiences with AF and how the three of them got their starts in information security.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#8: Special Guest Interview: Chris Boykin of Future Com
Got a question or comment? Message us here!On this episode of SECURE AF podcast, the AF team interviewed Chris Boykin with Future Com! Alias is proud to partner with Future Com. Check out this episode to learn more about them as well as hear some feats of social engineering we've pulled off together. Learn more about Future Com: www.myfuturecom.comSupport the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#7: Securing Against the Coronavirus and Computer Viruses
Got a question or comment? Message us here!We're not medical professionals so we can't give you coronavirus advice (besides, you've probably heard what you need to know by now); however, we CAN give you advice on how to be safe from a different kind of virus!On this episode of SECURE AF podcast, the AF team went remote and recorded our first ever video podcast! Learn how you can protect your business, employees, and loved ones from falling victim to the latest string of cyber attacks praying on remote workplaces and COVID-19 fears.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple...
#6: Special Guest Interview: Bonus
Got a question or comment? Message us here!Welcome to Secure AF! A podcast about all things information security. Join the AF team as we talk security trends and current AF happenings with our guest, Bonus!Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#5: Deepfakes: The Latest Trust Breaker
Got a question or comment? Message us here!Welcome to Secure AF! A podcast about all things information security. Deepfakes are only going to become more and more prevalent. Listen to this episode to learn what deepfakes are, how you can spot them, and how they'll change digital security.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#4: The Internet of Things. What Is It?
Got a question or comment? Message us here!Welcome to Secure AF! A podcast about all things information security. IoT or the Internet of Things is a hot topic in information security right now. Listen to this episode to learn what IoT is and how you can keep your data secure.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#3: Don't Worry About the Recent VPN Breaches
Got a question or comment? Message us here!Welcome to Secure AF! A podcast about all things information security. Recently, a few popular VPNs announced they were breached. Listen to this episode to find out what that means for consumers.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#2: Practical Tips for Cyber Security Awareness Month
Got a question or comment? Message us here!Welcome to Secure AF! A podcast about all things information security. October is Cyber Security Awareness Month so the Alias team goes through some easy tips you can follow to keep yourself secure.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
#1: Our DEFCON 2019 Experience
Got a question or comment? Message us here!Welcome to Secure AF! A podcast about all things information security. DEFCON is one of the largest hacker conventions in the world, and the Alias Forensics team got to take it on. Listen for our insight on the DEFCON experience.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Security Now
SN 1074: What Mythos Means - Marketing or Mayhem
We may already be living through the most consequential hundred days in cyber history, and the arrival of AI that can autonomously chain zero-day vulnerabilities into working exploits means the software industry's long-standing "ship it and patch it later" era is officially over. Show Notes - https://www.grc.com/sn/SN-1074-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite...
SN 1073: The FCC Bans New Consumer Routers - LinkedIn's JavaScript Bombshell
The FCC has banned all new consumer routers made outside the US, leaving networks stuck with aging, insecure hardware while blocking innovation. Find out why this sweeping move is raising eyebrows and lawsuitsand why it makes zero sense for cybersecurity. Apple's 26.4 age queries catches many by surprise. LinkedIn's 2.7 MB of privacy-invading javascript. Microsoft starts forcing Win11 24H2 to 25H2. Cisco loses source code to the Trivy supply-chain mess. Proton introduces privacy-first voice and video "Meet." GitHub to fix lagging security of its Actions feature. Cloudflare reaffirms the privacy of its 1.1.1.1 DNS. Cloudflare uses AI to re-code better...
SN 1072: LiteLLM - Click Fix Attacks Surge
An explosive supply chain hack in Light LLM nearly unleashed catastrophic malware across millions of AI systems, and it took a coder's quick thinking to catch it before it snowballed into disaster. Will California require Linux to verify its user's age. Apple's iOS 26.4 requires UK users to prove their age. Russia chooses to use home grown 5G mobile encryption. Ukraine knew the webcam was installed by Russian spies. Google moves quantum computing "Q Day" to 2029. At RSA, UK's NCSC CEO warns of vibe-coded SaaS replacements. More information about nasty ClickFix campaigns. More than one in seven Reddit postings...
SN 1071: Bucketsquatting - Meta and TikTok's Tracking Pixels
When convenience trumps caution, disaster waits in the wings. Join Steve Gibson and Mikah Sargent as they break down the jaw-dropping oversights lurking in mission-critical tax and cloud tools, and examine how a single unchecked decision can upend internet security for years. H&R Block's tax software does something SO WRONG. The Intoxalock breathalyzer calibration cyber attack. Firefox now offers a 100% free built-in VPN. TikTok and Meta's tracking pixels are so much more. Russians beg for the return of Telegram, WhatsApps and others. Never connect your crypto-wallet to an unknown service. What would a week be without a Cisco CVSS...
SN 1070: CISA's Free Internet Scanning - Malware Disguised as a VPN
Meta quietly ditches encryption for Instagram chats while TikTok also backpedals on privacy, shaking up assumptions about how much big tech really values your secrets. Meanwhile, Steve Gibson reveals why CISA's free government security scans are an absolute must for businessesplus what he learned when GRC took the plunge. The Security Now "Caption That Photo" contest. A mega social media company says "no" to strong encryption. WhatsApp to give parents more control, Consumer bandwidth proxying is becoming a big deal. Meta buys the Moltbook duo. The EU gives up and settles upon the status quo. When a ransomware negotiation is...
SN 1069: You can't hide from LLMs - Was Your Smart TV a Stealth Proxy?
Think your online alias keeps you safe? This episode reveals how advanced language models are making it trivial to de-anonymize users at scale, challenging everything we thought we knew about internet privacy. Anthropic & Mozilla improve Firefox's security. Apple & Google begin testing cross-platform RCS encryption. Ubuntu's SUDO starts echoing asterisks. Inviting a web proxy into your home. Apple devices cleared by Germany for NATO's use. A serious remote takeover of OpenClaw. TokTok won't encrypt messaging for visibility. Microsoft bans the term "Microslop" on Discord. Lot's of great listener feedback. LLMs could make Orwell's 1984 seem optimistic. Show Notes -...
SN 1068: The Call Is Coming From Inside the House - Live From Zero Trust World 2026
Steve Gibson and Leo Laporte host a special episode of Security Now live from ThreatLocker's Zero Trust World 2026 in Orlando, Florida. The final frontier of security is internal. Today, we have the tools, techniques and technologies to thwart attacks originating from outside our perimeter. We're now good at protecting our borders. But major high profile breaches occurring over the past several years have revealed that insufficient attention has been given to the security of our internal systems and networks. Today's greatest security weaknesses result from decades of system design, deployment and policy that have placed far too much trust...
SN 1067: KongTuke's CrashFix - Click, Paste, Pwned
A crafty new breed of social engineering attack is tricking users into launching malware straight from their clipboard, exposing a fresh vulnerability in Windows that even tech pros could fall for. Leo Laporte and Steve Gibson break down how the latest ClickFix and CrashFix exploits are outsmarting traditional defenses. The lowdown on last week's "no turn" picture of the week. Is an AI-driven hacking campaign a big deal now. Clause used in multiple Mexican government attacks. Apple continues to be confronted with age restrictions. COPPA needs an exception to allow age collection. Meta swamps law enforcement with AI-slop CSAM reports....
SN 1066: Password Leakage - Zero Trust, Zero Knowledge
ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matterand why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks...
SN 1065: Attestation - Code Signing Gets Tough
How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR...
Shared Security
The Dark Web Explained with John Hammond
The dark web is often misunderstood, but it plays an important role in both privacy technology and cybercrime activity. In this episode, Tom Eston speaks with cybersecurity researcher and educator John Hammond about what the dark web actually is and how it has evolved in recent years. The discussion covers underground marketplaces, ransomware leak sites, threat intelligence collection, and the operational risks involved in dark web investigations. John also shares details about his new training course Dark Web 2, which focuses on using a hacker mindset to gather cyber threat intelligence from dark web sources. ** Links mentioned on the...
Meta & YouTube Found Negligent: A Turning Point for Big Tech?
A landmark jury verdict has found Meta and YouTube negligent in a social media addiction case, raising major questions about platform accountability and legal protections under Section 230. This episode covers the details of the case, why the ruling is significant, and what it could mean for the future of social media, privacy, and cybersecurity. Could this trigger a wave of lawsuits against tech companies? And are platforms finally being held accountable? ** Links mentioned on the show ** Jury rules against Meta, YouTube in bellwether teen addiction case https://www.businessinsider.com/social-media-addiction-trial-jury-verdict-meta-youtube-negligent-2026-3 Meta, YouTube verdict could trigger cascade of social media lawsuits:...
The Hidden Tracking Risk Inside Your Tires
In this episode, Tom Eston and co-host Scott Wright discuss research showing that Tire Pressure Monitoring Systems (TPMS) can create privacy risks because the sensors broadcast unencrypted, uniquely identifying wireless signals that could be used to track vehicles. They reference a 10-week study by researchers at IMDEA in Madrid that collected about 6 million signals from over 20,000 cars at roughly 50 meters range, noting the signals can reveal details like tire pressure, car type, weight, and possible driving patterns, and can be captured with about $100 of equipment. The hosts explain TPMS is a safety feature required on 2008+...
The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson
Tom Eston interviews offensive AI researcher and PhD candidate Andrew Wilson, a former Bishop Fox partner who helped grow the firm from under 20 people to nearly 500, built award-winning AI solutions for SOC modernization, founded Cactus Con, and relocated his family to Guadalajara to open and scale a Bishop Fox office. They discuss Mexicos growing cybersecurity and AI ecosystem, driven by talent, community events, and government-university partnerships, and how offensive security has shifted from one-person army generalists to more specialized roles. Wilson explains his PhD work modeling expert pen testers cognitive approaches to shape AI agents, argues AI lowers...
The Privacy Problem With Metas Ray-Ban Smart Glasses
This episode discusses Meta Ray-Ban Smart Glasses, which blend a camera, microphone, AI features, and social media integration into sunglasses that look like normal fashion eyewear, raising major privacy concerns. It highlights reports that footage captured by the glasses may be reviewed by human contractors to help train Metas AI systems, and notes critics concerns about how easily people can be recorded in public without their knowledge. Although the glasses include a small LED indicator when recording, many people reportedly dont notice it. ** Links mentioned on the show ** People Are Calling Meta Ray-Bans Pervert Glasses https://futurism.com/future-society/meta-ray-ban-smart-pervert-glasses Meta Employees...
TikTok Says No to End-to-End Encryption: Heres Why Thats a Big Deal
In a move that bucks the entire industry trend, TikTok has confirmed it will not implement end-to-end encryption (E2EE) for direct messages on its platform arguing that E2EE would make users less safe. We break down what’s really going on: the child safety argument, the privacy counterargument, the geopolitical questions surrounding ByteDance, and what it all means for TikTok’s 1 billion+ users. If you use TikTok, this episode is essential listening. ** Links mentioned on the show ** TikTok won’t protect DMs with controversial privacy tech, saying it would put users at risk https://www.bbc.com/news/articles/cly2m5e5ke4o ** Watch this episode on YouTube...
Claude Code Security: The AI Shockwave Hitting Cybersecurity
Anthropics Claude Code Security research preview promises AI-powered code analysis and vulnerability detection at scale. The announcement triggered strong reactions across the cybersecurity community and sent several vendor stocks lower. In this episode, we break down what the tool actually does, where it fits in modern AppSec, and whether AI automation threatens traditional security products or simply makes teams more efficient. Expect a practical, no-hype conversation about what changes and what doesnt. ** Links mentioned on the show ** Anthropic’s New Claude AI Security Tool Wipes Out Over $15 Billion From Cybersecurity Stocks https://www.linkedin.com/pulse/anthropics-new-claude-ai-security-tool-wipes-out-17jje/ Making frontier cybersecurity capabilities available to...
TikToks New U.S. Deal and Privacy Policy: What Users Dont Understand
TikTok has shifted to a majority-American entity, TikTok USDS Joint Venture, LLC, to comply with U.S. national security requirements and avoid a ban. This week we discuss why a recent privacy policy update went viralespecially language about sensitive data like immigration status and precise locationand argue much of it reflects longstanding practices and required California privacy disclosures. We emphasize reading policies, understanding your threat model, and making your own decision about using TikTok or other social platforms. The episode also briefly mentions Ring ending its partnership with Flock and a rumored internal email about expanding Rings search party feature. **...
Rings Search Party Dystopia Debate & Claude Zero-Click RCE Vulnerability
In this episode, we discuss two major tech stories impacting privacy and security. First, we analyze Ring’s new AI-powered ‘Search Party’ feature and its controversial Super Bowl ad that sparked privacy concerns. We then transition to a breaking story about a zero-click remote code execution flaw in the Claude Desktop, highlighting the potential risks of AI. The hosts also reflect on their most popular YouTube episode on why Gen Z is ditching smartphones. ** Links mentioned on the show ** How to disable Search Party on your Ring Camera Open the Ring app, tap the hamburger menu, then choose “Control...
OpenClaw & Moltbook: AI Agents and Cybersecurity Risks
Autonomous AI assistants are hitting the mainstream but at what cost? This week, we discuss the recent OpenClaw phenomenon (formerly Clawdbot/Moltbot), the security fiasco surrounding Moltbooks exposed database, and the quirky yet concerning AI agent dating platform MoltMatch. We explore the privacy and cybersecurity implications of entrusting AI agents with sensitive access and how defenders should think about emerging agentic risks. ** Links mentioned on the show ** OpenClaw (a.k.a. Moltbot) is everywhere all at once, and a disaster waiting to happen https://garymarcus.substack.com/p/openclaw-aka-moltbot-is-everywhere Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site https://www.404media.co/exposed-moltbook-database-let-anyone-take-control-of-any-ai-agent-on-the-site/ https://www.moltbook.com/ MoltMatch...
Why Gen Z is Ditching Smartphones for Dumbphones
Younger generations are increasingly ditching smartphones in favor of dumbphonessimpler devices with fewer apps, fewer distractions, and less tracking. But what happens when you step away from a device that now functions as your wallet, your memory, and your security key? In this episode, Tom and Scott explore the dumbphone movement through a privacy and cybersecurity lens. Drawing from a recent Wired article, the conversation digs into digital burnout, surveillance capitalism, multi-factor authentication dependencies, and whether opting out of smartphones is an act of digital self-defenseor a step toward digital disadvantage. ** Links mentioned on the show ** Dumbphone Owners...
AirDrop Security in iOS 26.2: Time Limits, Codes & Privacy Best Practices
In this episode, we explore the latest changes to AirDrop in iOS 26.2 and how they enhance privacy and security. Learn about the new 10-minute limitation on the ‘Everyone’ setting and the introduction of AirDrop codes for safer file sharing with non-contacts. We also discuss best practices for configuring your AirDrop settings to safeguard your privacy, including tips for high-risk individuals and general recommendations for everyday use. Stay informed and keep your device secure by updating to the latest iOS version and regularly reviewing your AirDrop settings. ** Links mentioned on the show ** iOS 26.2 adds an AirDrop security...
Rings Facial Recognition Feature: Convenience or Privacy Nightmare?
In this episode, we explore Amazon Ring’s newly introduced Familiar Faces feature that utilizes AI for facial recognition. We discuss the convenience of identifying familiar people at your doorstep, the privacy concerns it raises, and the legal implications surrounding biometric data. Learn about how this feature works, potential inaccuracies, and privacy laws in certain U.S. states. We also discuss broader concerns about AI and surveillance, and provide practical advice on using this technology responsibly. ** Links mentioned on the show ** Ring Doorbells Can Now Identify FacesBut Experts Say It’s a Major Privacy Invasion. Here’s Everything You Need to Know...
Your Google Searches Arent Private? PA Courts Surprising Ruling
In this episode of Shared Security, we discuss a significant Pennsylvania Supreme Court ruling that permits police to access unprotected Google search histories without a traditional warrant. The discussion centers around the implications of the Commonwealth vs. Kurtz case and the concept of reverse keyword searches. Kevin Tackett joins the conversation, providing insights and posing critical questions about the balance between law enforcement needs and privacy rights. The episode explores concerns over digital privacy, third-party data, and potential broader impacts on users. ** Links mentioned on the show ** Pennsylvania court rules Google searches are not private https://www.windowscentral.com/software-apps/pennsylvania-supreme-court-google-searches-are-not-private ** Watch...
AI and the End of the Traditional Entry-Level Tech Job
Welcome to the first episode of the Shared Security Podcast in 2026! As AI becomes increasingly integrated into technical fields such as software development and cybersecurity, traditional entry-level roles are evolving or disappearing. This episode discusses the implications of AI on entry-level knowledge worker jobs, emphasizing the need for students, recent graduates, and those entering the job market to adapt their strategies. Discover the new skills and approaches needed to stay relevant, explore potential career pivots, and learn why degrees and certifications alone are no longer sufficient. Tune in for practical advice on thriving in an AI-driven job market. **...
2025 Predictions: Hits, Misses & What We Learned
Join us this week as we rewind the tape on our 2025 predictions. In this episode, we revisit last year’s forecasts in cybersecurity, geopolitics, and AI, discussing which ones came true, which ones fizzled out, and which ones were a mixed bag. Additionally, we share insights from past guests, celebrate milestones, and make bold new predictions for 2026. Find out what we got right, what surprised us, and what we think is on the horizon for the coming year! ** Links mentioned on the show ** Scotts 2025 Predictions https://youtu.be/Fgc4UlraU-o?si=hgTp0trKZ6vlwqB_&t=710 Kevins 2025 Predictions https://youtu.be/Fgc4UlraU-o?si=2b1X7Ou9i2C0kU3q&t=880 Toms 2025 Predictions https://youtu.be/Fgc4UlraU-o?si=IVnIEnnOhF7rgXpm&t=1201 ** Watch...
Why Networking Is Your Secret Weapon in Cybersecurity Job Hunting
In this episode, Tom Eston discusses the unique challenges in the current cybersecurity job market, emphasizing the importance of networking. Tom provides practical tips on how to enhance networking skills, such as attending conferences, volunteering for open source projects, creating a blog, and seeking mentors. He also addresses misconceptions about the job shortage in cybersecurity and encourages listeners to start building their professional networks early. Tune in for valuable insights to help you advance your cybersecurity career. ** Links mentioned on the show ** Connect with Tom on LinkedIn https://www.linkedin.com/in/tomeston/ ** Watch this episode on YouTube ** https://youtu.be/tC_LqtdW4V0 ** Become...
The Hidden Threat in Your Holiday Emails: Tracking Pixels and Privacy Concerns
Join us in the midst of the holiday shopping season as we discuss a growing privacy problem: tracking pixels embedded in marketing emails. According to Proton’s latest Spam Watch 2025 report, nearly 80% of promotional emails now contain trackers that report back your email activity. We discuss how these trackers work, why they become more aggressive during the holidays, the data being collected by marketers, and how you can protect yourself. We are joined by Scott Wright to explore Proton’s comprehensive study, identify the worst offenders in email tracking, and share tips on maintaining your online privacy. Tune in and...
Seeing Is Not Believing: How to Spot AI-Generated Video
In this episode we discuss the rising challenge of AI-generated videos, including deepfakes and synthetic clips that can deceive even a skeptical viewer. Once the gold standard of proof, video content is now increasingly manipulated through advanced AI tools like Sora 2 and Google’s Nano Banana, making it harder to separate reality from fiction. Tom and Scott discuss the differences between malicious deepfakes and poorly-made AI-generated content, identify key indicators that reveal a video might be AI-generated, and explain how these videos are used in social engineering attacks. Practical advice is offered on how to protect yourself and your organization...
So You Want to Be a CISO? With vCISO and Security Justice Alum Chris Clymer
In this special episode of the Shared Security Podcast, host Tom Eston reunites with former co-host and experienced fractional CISO, Chris Clymer. They reminisce about their early podcasting days and discuss the evolving role of a Chief Information Security Officer (CISO). The conversation covers the responsibilities, challenges, and skills required to be a successful CISO, including technical and soft skills, business acumen, and people management. Chris shares his journey, the concept of a fractional CISO, and offers valuable advice for those aspiring to enter the CISO role. Tune in for a mix of nostalgia, real-world advice, and mentorship on navigating...
AI Agent Does the Hacking: First Documented AI-Orchestrated Cyber Espionage
In this episode, we discuss the first reported AI-driven cyber espionage campaign, as disclosed by Anthropic. In September 2025, a state-sponsored Chinese actor manipulated the Claude Code tool to target 30 global organizations. We explain how the attack was executed, why it matters, and its implications for cybersecurity. Join the conversation as we examine the details, Anthropic’s response, and the broader impact on AI in cybersecurity. ** Links mentioned on the show ** Disrupting the first reported AI-orchestrated cyber espionage campaign https://www.anthropic.com/news/disrupting-AI-espionage Jen Easterlys LinkedIn post about the Anthropic disclosure https://www.linkedin.com/feed/update/urn:li:activity:7395115984224690176/ Chinas autonomous AI-powered hacking campaign still required a ton...
OWASP Top 10 for 2025: Whats New and Why It Matters
In this episode, we discuss the newly released OWASP Top 10 for 2025. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore the changes, the continuity, and the significance of the update for application security. Learn about the importance of getting involved with the release candidate to provide feedback and suggestions. The conversation touches on the history of the OWASP Top 10, its release cycle, the evolution from specific vulnerabilities to broader categories, and the impact on vulnerability assessment and compliance. ** Links mentioned on the show ** OWASP Top 10:2025 RC1 https://owasp.org/Top10/2025/0x00_2025-Introduction/ ** Watch this episode...
Meet NEO 1X: The Robot That Does Chores and Spies on You?
The future of home robotics is here and its a little awkward. Meet the NEO 1X humanoid robot, designed to help with chores but raising huge cybersecurity and privacy questions. We discuss what it can actually do, the risks of having an always-connected humanoid in your home, and why its definitely not the Robot Rosie we were promised. ** Links mentioned on the show ** NEO launched by 1X: What to know about the humanoid robot that will do your chores https://www.yahoo.com/news/article/neo-launched-by-1x-what-to-know-about-the-humanoid-robot-that-will-do-your-chores-215410885.html FULL EPISODE : Rosey The Robot | The Jetsons | Cartoon Cartoons https://www.youtube.com/watch?v=-rVeOh1I-uY ** Watch this episode on...
OpenAIs ChatGPT Atlas: What It Means for Cybersecurity and Privacy
In this episode, we explore OpenAI’s groundbreaking release GPT Atlas, the AI-powered browser that remembers your activities and acts on your behalf. Discover its features, implications for enterprise security, and the risks it poses to privacy. Join hosts Tom Eston and Scott Wright as they discuss everything from the browser’s memory function to vulnerabilities like indirect prompt injection. Stay informed on how AI browsers could reshape web browsing and cybersecurity. ** Links mentioned on the show ** OpenAI launches ChatGPT-powered web browser. What to know before downloading. https://www.usatoday.com/story/tech/2025/10/22/open-ai-launches-chatgpt-atlas-web-browser/86833766007/ OpenAI’s Atlas shrugs off inevitability of prompt injection, releases AI browser anyway...
Its Always DNS: Lessons from the AWS Outage
In episode 404 (no pun intended!) we discuss the recurring issue of DNS outages, the recent Amazon AWS disruption, and what this reveals about our dependency on cloud services. The conversation touches on the need for tested business continuity plans, the implications of DNS failures, and the misconceptions around cloud infrastructure’s automatic failover capabilities. ** Links mentioned on the show ** An AWS failure took down the internet Monday morning – and the aftershocks continue https://www.zdnet.com/home-and-office/networking/an-aws-failure-took-down-the-internet-monday-morning-and-the-aftershocks-continue/ What the Huge AWS Outage Reveals About the Internet https://www.wired.com/story/what-that-huge-aws-outage-reveals-about-the-internet/ ** Watch this episode on YouTube ** https://youtu.be/Y2rhmkPhe78 ** Become a Shared Security Supporter...
Is Sora 2 the Future of Video? AI, Copyright, and Privacy Issues
OpenAIs Sora 2 is here and its not just another AI toy. This episode explores how Sora 2 works, how users can insert almost anything into generated content, and why thats raising alarms about privacy, identity, and copyright. We walk you through the initial opt-out copyright controversy, the backlash from studios and creators, and how OpenAI is scrambling to offer more control. Tune in to understand what rights you might lose or want to protect in this new media era. ** Links mentioned on the show ** Tilly Norwood AI Generated Actor https://www.tillynorwood.com/ Emily Blunt and Sag-Aftra join film industry...
Age Verification Laws: A Privacy Disaster in the Making
In this episode, we discuss the surge of age verification laws spreading across the US, including the recent implementation in Ohio. These laws intend to shield children but come at a significant cost to privacy and cybersecurity. We’ll explore how third-party ID verification companies operate, the risks associated with these systems, and the broader definition of adult content beyond pornography. We also question the effectiveness and security of these measures as we share insights into the ease of bypassing verification systems. Are we protecting kids, or building a privacy nightmare? ** Links mentioned on the show ** Bluesky to verify...
Are Phishing Simulations Still Worth It?
Phishing simulations have been a cornerstone of security awareness training for years. But do they actually change user behavior, or are they just creating frustration and fatigue? In this episode, Tom Eston and Scott Wright (CEO of ClickArmor) debate whether simulated phishing attacks are still valuable in 2025. We cover the benefits, challenges, and how phishing programs might evolve or even be replaced in the future. ** Links mentioned on the show ** Find out more about ClickArmor! https://clickarmor.ca/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus...
Milestone Episode 400: Reflecting on 16 Years of Shared Security
Episode 400! In this special milestone edition of the Shared Security Podcast, we look back at 16 years of conversations on security, privacy, and technology. From our very first episodes in 2009 to todays AI-driven threats, we cover the topics that defined each era, the surprises along the way, and the lessons that still matter. Plus, we share listener favorites, memorable moments, and predictions for the future of security and privacy. Thank you for being part of our journey! ** Links mentioned on the show ** Join us for the next 400 episodes! Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Subscribe on your...
Situational Awareness & Family Safety: Staying Alert in Todays World with Andy Murphy
Join the Shared Security Podcast for a critical discussion about situational awareness with special guest, Andy Murphy, host of the Secure Family Podcast. In a world where mass shootings and violence in public places are alarming realities, staying alert to your surroundings has never been more important. Andy shares his expertise on personal and family safety, providing practical tips for recognizing unusual behavior, planning for emergencies, and teaching kids safety skills. The conversation also touches upon digital security and how situational awareness applies online. Learn how to own your safety and protect your loved ones in this essential episode. **...
Best of Shared Security (2020) History Repeats Itself: Cybersecurity Challenges that Still Haunt Us
In this best of episode of the Shared Security Podcast, we revisit a discussion from September 2020 thats just as relevant today as it was then. First, we cover how ransomware attacks forced several school districtsincluding Hartford, CT and Toledo, OHto delay or shut down classes on the very first day of school. Then we dive into Google Chromes new (at the time) update designed to block resource-heavy ads, making browsing faster and safer. Finally, we look at Microsofts warning about foreign interference attempts targeting the 2020 U.S. election. What makes this episode especially powerful to revisit is how little...
Salesforce Under Fire: The Salesloft Drift Supply-Chain Breach
In this episode, we discuss a recent significant cyber attack where Palo Alto Networks experienced a data breach through their Salesforce environment due to a compromised SalesLoft drift integration. Throughout the discussion, we highlight why Salesforce, a crucial CRM platform for many businesses, is becoming a prime target for supply chain attackers. The hosts discuss how the breach happened, its implications, and what organizations can do to protect themselves from similar threats. They also provide insights into Salesforce’s security posture, the role of third-party integrations, and the importance of data retention policies in mitigating risks. ** Links mentioned on the...
Convenience vs. Privacy: Can We Have Both?
In this episode, we discuss if the convenience of modern technology compromises our privacy. Inspired by a thought-provoking Reddit post, we explore how everyday actions like saving passwords, enabling location tracking, and using cloud backups put our personal data at risk. Learn about the trade-offs between convenience and privacy, and get tips on using privacy-focused tools and making informed choices. Join the conversation in the comments or on Bluesky (@sharedsecurity). ** Links mentioned on the show ** Is convenience killing our Right to Privacy? Is convenience killing our Right to Privacy? byu/SecretFirst0309 inprivacy ** Watch this episode on YouTube **...
Public Wi-Fi Myths: Why Youre Probably Safer Than You Think
Public Wi-Fi has a bad reputation but in 2025, the youll get hacked instantly fear is largely outdated. In this episode, Tom and Kevin dig into real research and modern protections that make most public Wi-Fi connections reasonably safe. Well explore why HTTPS, device security, and updated standards have drastically reduced the risks, what threats still exist, and when you might actually want to use a VPN. ** Links mentioned on the show ** No links mentioned in this episode. ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes,...
The Tea App Hack: How a Safe Space Leaked 13,000 ID Photos & 1.1M Messages
In this episode we’re discussing the alarming breach of the Tea app, a platform intended for women to share dating experiences. The hack resulted in the exposure of over 13,000 government ID photos, 72,000 user images, and over a million private messages due to poor security practices. We’ll discuss the role of sloppy coding, an exposed database, and the lack of security discipline that led to this massive leak. Join us as we explore insights from a cybersecurity researcher who disassembled the app’s source code, the ensuing legal and privacy repercussions, and the broader implications for app security. ** Links...
Random Smishing Text Scams: Why Do I Know You? Texts Are Dangerous
In this episode, we discuss a rising scam involving random smishing text messages. Learn how these messages work, why they’re effective, and what you can do to protect yourself. Discover the dangers of replying to vague text messages from unknown numbers and get practical tips on how to block and report spam texts. Stay safe by not engaging with these scams and using built-in filters and reporting options on your mobile device. ** Links mentioned on the show ** Got a weird text message? ‘Smishing’ scams likely rising because of AI, experts warn https://www.cbc.ca/news/business/smishing-scams-rise-1.7582672 ** Watch this episode on YouTube...
Leaked, Patched, and Still Hacked: The SharePoint Zero-Day Crisis
This week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the underlying issues with patching systems, and the complexities of protecting applications like SharePoint. Stay informed on the latest cybersecurity developments and get insights on what might have gone wrong. Plus, get a peek at whats happening at Black Hat and DEF CON in Vegas. **...
Doorbells, Dystopia, and Digital Rights: The Ring Surveillance Debate
In this episode, we examine Amazon’s Ring doorbell camera amid rising privacy concerns and policy changes. The Electronic Frontier Foundation’s recent report criticizes Ring’s AI-first approach and the rollback of prior privacy reforms, describing it as ‘techno authoritarianism.’ We also discuss a recent scare among Ring users on May 28, related to an unexplained series of logins, said by Amazon to be a UI glitch. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore these issues, share personal anecdotes about their experiences with tech, and discuss broader implications for privacy and civic freedoms. ** Links mentioned on...
Passwords and the Elderly: Why Writing Them Down Might Be OK
In this episode, join hosts Tom Eston, Scott Wright, and Kevin Johnson as they discuss the controversial topic of seniors writing down passwords. They discuss how threat modeling differs for the elderly, the practicality of using password managers, two-factor authentication, and future solutions like passkeys. The conversation includes humorous anecdotes and touches on broader cybersecurity issues such as risk assessment and the importance of tailoring security solutions to individual needs. Tune in for insights on making security accessible and effective for an often overlooked group. ** Links mentioned on the show ** Passkeys, Passwords, and Seniors: Whats the Safest Option?...
The Google Workspace Security Gap: Why Traditional Tools Fall Short
In this episode, we discuss the often overlooked security issues within Google Workspace. Rajan Kapoor, Field CISO at Material Security, joins us to talk about how Material Security is redefining the protection of documents, email accounts, and data in Google Workspace. We explore the unique challenges Workspace presents compared to traditional tools, and how Material Security provides comprehensive solutions. Rajan shares his professional journey, insights into Google’s APIs, and how their service stands out. Tune in to understand why legacy tools may leave critical gaps in your organization’s security. Thanks to Material Security for sponsoring this episode! Protect your Google...
Autonomous Hacking? This Startup May Have Just Changed Penetration Testing Forever
In this episode, we explore the revolutionary concept of autonomous penetration testing with a discussion into Cybersecurity startup XBOWs recent breakthrough. XBOW claims to have topped HackerOne’s leaderboard using a fully autonomous AI agent, raising significant questions about the future of offensive security. Hosts discuss the potential of AI in pen testing, the implications for pen testers, bug bounty hunters, and security teams, and whether this represents a genuine advancement or just more AI hype. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Securitythe only detection and response platform purpose-built to secure your emails,...
Cybersecurity Talent Shortage: Myth, Mismatch, or Reality?
Is there really a cybersecurity talent shortage, or are we just looking in all the wrong places? This week on the Shared Security Podcast, we tackle the buzz around the so-called cybersecurity skills gap. Host Tom Eston welcomes Katie Soper, Senior Consultant at Avetix Cyber and co-founder of the CyberVault Podcast, to discuss the challenges and misconceptions in the industry. They explore whether the shortage is a myth, a mismatch, or something else entirely and what companies and professionals can do about it. With insights into hiring practices, skill shortages, and the importance of networking, this episode is a must-listen...
Kids Online Safety Act (KOSA): Protecting Kids or Censorship?
In this episode, we explore the Kids Online Safety Act (KOSA), a controversial bill aimed at protecting children online. Joined by co-host Scott Wright, we discuss the potential implications of KOSA, including concerns about censorship, mass surveillance, and the impact on free expression and online privacy. We also touch on the broad support for the bill from both political parties and the involvement of social media giants like X. Additionally, we examine the balance between government regulation and parental responsibility in ensuring online safety for children. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material...
Cities of the Future or Hackers Paradise? The Cybersecurity Risks of Smart Cities
Join us as we explore the concept of smart citiesmunicipalities enhanced by connected technology like sensors, cameras, and automated systems to improve services and infrastructure. We discuss the inherent vulnerabilities that come with these advancements, including cybersecurity threats and real-life incidents such as hacked crosswalk signals featuring voices of tech moguls. Our discussion covers how easily these systems can be compromised, the inadequate security measures currently in place, and the broader implications for critical infrastructure. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Securitythe only detection and response platform purpose-built to secure your emails,...
Do You Really Need a REAL ID to Fly in the US? Breaking Down the Myths
Join us as we discuss the long-awaited implementation of the REAL ID Act in the U.S. We cover the essentials you need to fly, the potential benefits of using your passport, and how new mobile IDs fit into the TSA’s plans. We also discuss the broader implications for identity surveillance and who truly benefits from these security upgrades. We also discuss the problems faced by individuals with name changes and the challenges they face with REAL IDs. Plus, we explore the political and social ramifications of such security measures and why this might all just be ‘security theater.’ ** Links...
Invasion of Privacy: The Hidden Camera Dilemma
Ever worried about hidden cameras in Airbnb rentals? You’re not alone! In this episode, we explore the unsettling rise of hidden cameras in personal spaces, the inadequacy of current laws, and practical tips to detect surveillance devices. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they share insights and discuss the implications of voyeurism technology, law enforcement challenges, and personal safety strategies. ** Links mentioned on the show ** Every time I took a shower I thought: is he watching me? the terrifying rise of secret cameras https://www.theguardian.com/uk-news/2025/may/27/secret-spy-cameras-voyeurism-uk How to Find Hidden Cameras in Rooms https://reolink.com/blog/how-to-detect-hidden-cameras/ ** Watch...
When AI Fights Back: Threats, Ethics, and Safety Concerns
In this episode, we explore an incident where Anthropics AI, Claude, didn’t just resist shutdown but allegedly blackmailed its engineers. Is this a glitch or the beginning of an AI uprising? Along with co-host Kevin Johnson, we reminisce about past episodes, discuss AI safety and ethics, and examine the implications of AI mimicking human behaviors like blackmail. Join us for an in-depth conversation on the future of AI and its potential risks. ** Links mentioned on the show ** Anthropics new AI model turns to blackmail when engineers try to take it offline https://techcrunch.com/2025/05/22/anthropics-new-ai-model-turns-to-blackmail-when-engineers-try-to-take-it-offline/ ** Watch this episode on YouTube...
Mark Zuckerbergs Vision: AI Companions and the Loneliness Epidemic
In this episode, we explore Mark Zuckerberg’s bold claim that AI friends will replace human friendships, and discuss the potential implications of a world where technology mediates our connections. We also update listeners on the recent developments in the 23andMe bankruptcy case and what it means for former customers. Joining the conversation is co-host Scott Wright, who shares his insights on AI, social media, privacy, and a thought-provoking book on the potential for a future US civil war. We touch on the eerie predictions of AI companionship and what this might entail for societal norms. Tune in for a stimulating...
Facebook Flaws and Privacy Laws: A Journey into Early Social Media Security from 2009
Join hosts Tom Eston, Scott Wright, and Kevin Johnson in a special best-of episode of the Shared Security Podcast. Travel back to 2009 with the second-ever episode featuring discussions on early Facebook bugs, cross-site scripting vulnerabilities, and a pivotal Canadian privacy ruling involving Facebook. Gain insights into social media security from the past and see how much has (or hasn’t) changed. Don’t miss out on this informative episode on web application security, user privacy, and the efforts to keep social media safe. ** Links mentioned on the show ** Original show notes from episode 2 of the “Social Media Security...
What Vibe Coding, MCP, and Slopsquatting Reveal About the Future of AI Development
Join us as we explore the transformative changes in software development and cybersecurity due to AI. We discuss new terminology like ‘vibe coding’ a novel, behavior-focused development approach, and ‘MCP’ (Model Context Protocol) an open standard for AI interfaces. We also address the concept of ‘slopsquatting,’ a new type of threat involving AI-generated package names. Our co-hosts Scott Wright and Kevin Johnson discuss these topics, share personal insights, and ponder the future of coding in the AI era. Additionally, we draw some intriguing parallels between AI advancements and past practices, highlighting the need for oversight and security in this evolving...
The Impact of Politics on Cybersecurity: CVEs and the Chris Krebs Executive Order
What would happen if the US government halted funding for the CVE program? In this episode, we explore the controversies surrounding the funding of the CVE program, the role of CVEs in the cybersecurity industry, and the recent launch of the CVE Foundation. We also discuss the Trump Administration’s executive order that revoked the security clearance of former CISA Director Chris Krebs, following his declaration that the 2020 election was the most secure in history. Join us as we unpack the impact of these events on the cybersecurity landscape and what it means for the future. ** Links mentioned on...
Centralizing Data and Enhancing Workflows: Inside PlexTracs New Capabilities
Welcome to part three of our series with PlexTrac where we address data overload in vulnerability remediation. Join us as we preview the latest PlexTrac capabilities, including new ways to centralize asset and findings data, smarter workflow automation, and enhanced analytics. Guest speakers Dan DeCloss, CTO and founder of PlexTrac, and Sarah Foley, VP of Product at PlexTrac, share insights and demonstrate upcoming features. Learn about PlexTrac’s Continuous Threat Exposure Management (CTEM) framework and their exciting plans for RSA. To find out more information about PlexTrac and to get a demo visit: PlexTrac.com/SharedSecurity ** Links mentioned on the show **...
US Border Searches and Protesting in the Surveillance Age
Planning to travel to the United States? This episode covers recent travel advisories regarding US border agents searching electronic devices, regardless of your citizenship status. Learn essential tips on smartphone security and how to protect your personal information, especially when attending protests. Scott Wright joins the discussion to provide valuable insights on safeguarding your data. Also covered are newer communication technologies like Meshtastic and advice on physical security measures to consider. ** Links mentioned on the show ** So you want to go to the USA? Are you sure? Heres how to prepare your machines for Trumpistan https://www.theguardian.com/commentisfree/picture/2025/apr/07/so-you-want-to-go-to-the-usa-are-you-sure-heres-how-to-prepare-your-machines-for-trumpistan Canada warns...
The 23andMe Collapse, Signal Gate Fallout
In this episode, we discuss the urgent need to delete your DNA data from 23andMe amid concerns about the company’s potential collapse and lack of federal protections for your personal information. Kevin joins the show to give his thoughts on the Signal Gate scandal involving top government officials, emphasizing the potential risks and lack of accountability. We also touch on the importance of proper communication and document retention in government operations. Stay tuned for insights and steps you can take to protect your data. ** Links mentioned on the show ** What happens to your data if 23andMe collapses? https://news.harvard.edu/gazette/story/2025/03/what-happens-to-your-genetic-data-if-23andme-collapses/...
Understanding Privacy Changes: eBays AI Policy and The Future of Data Privacy
In this episode, host Tom Eston discusses recent privacy changes on eBay related to AI training and the implications for user data. He highlights the hidden opt-out feature for AI data usage and questions the transparency of such policies, especially in regions without strict privacy laws like the United States. The host also explores how AI is transforming our understanding of privacy and the potential increase in AI-driven surveillance. Tune in for insights on navigating these evolving challenges and the future of data privacy. ** Links mentioned on the show ** If you use eBay (new privacy changes) , toggle...
From Spreadsheets to Solutions: How PlexTrac Enhances Security Workflows
In this special episode of the Shared Security Podcast, join Tom Eston and Dan DeCloss, CTO and founder of PlexTrac, as they discuss the challenges of data overload in vulnerability remediation. Discover how PlexTrac addresses these issues by integrating various data sources, providing customized risk scoring, and enhancing remediation workflows. The episode offers an insightful look into PlexTracs powerful features, real-world success stories, and how these tools help teams prioritize and act on critical findings efficiently. Dont miss out on learning how to turn overwhelming data into actionable insights and maintain better data security. PlexTrac provides practitioners with an automated...
Tackling Data Overload: Strategies for Effective Vulnerability Remediation
In part one of our three part series with PlexTrac, we address the challenges of data overload in vulnerability remediation. Tom hosts Dahvid Schloss, co-founder and course creator at Emulated Criminals, and Dan DeCloss, CTO and founder of PlexTrac. They share their expertise on the key data and workflow hurdles that security teams face today. From managing influxes of scanner data and asset management tools to prioritizing meaningful security actions, this episode offers valuable insights. Learn about the importance of context, the integration of threat intelligence, the future role of automation, and AI, and how these can transform the cybersecurity...
Trump Administration and the Russian Cyber Threat, Firefox Privacy Changes
In this episode, we discuss whether the Trump administration ordered the U.S. Cyber Command and CISA to stand down on the Russian cyber threat. We also touch on the Canadian tariff situation with insights from Scott Wright. Additionally, we discuss the recent changes to Firefox’s privacy policy and what it means for user data. ** Links mentioned on the show ** We Are Canadian Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia? https://www.zetter-zeroday.com/did-trump-admin-order-u-s-cyber-command-and-cisa-to-stand-down-on-russia/ https://www.zetter-zeroday.com/email/23342106-9d66-493e-807b-3eb3efd21b13/ The Firefox I loved is gone – how to protect your privacy on it now https://www.zdnet.com/article/the-firefox-i-loved-is-gone-how-to-protect-your-privacy-on-it-now/ uBlock Origin – Free,...
Cybersecurity Impact of DOGE, Apples Stand Against Encryption Backdoors
In this episode, Kevin and Tom discuss current events including the latest developments with DOGE and the significant changes happening at the Cybersecurity and Infrastructure Security Agency (CISA). They also touch on Apple’s decision to refuse creating backdoors for encryption, setting a new precedent in digital security. Tune in for an insightful discussion on the implications for both government and corporate security. ** Links mentioned on the show ** Trump 2.0 Brings Cuts to Cyber, Consumer Protections https://krebsonsecurity.com/2025/02/trump-2-0-brings-cuts-to-cyber-consumer-protections/ “We will never build a backdoor” Apple kills its iCloud’s end-to-end encryption feature in the UK https://www.techradar.com/computing/cyber-security/we-will-never-build-a-backdoor-apple-kills-its-iclouds-end-to-end-encryption-feature-in-the-uk ** Watch this episode on...
Cybersecurity Insights with John Hammond: YouTube Legend and Security Researcher
In this episode, we welcome cybersecurity researcher and YouTube legend John Hammond. John shares insights from his career at Huntress and his popular YouTube channel, where he creates educational content on cybersecurity. He introduces his new platform, Just Hacking Training, aimed at providing affordable, high-quality training. John also discusses current trends in cybercrime, the role of AI in attacks, and provides tips on avoiding social engineering. The episode highlights an upcoming Capture the Flag event hosted by Snyk, and how Just Hacking Training offers access to archived CTF challenges for continuous learning. Tune in for an engaging conversation on the...
UKs Secret Apple Backdoor Request, AI Chatbots Used For Stalking
In this episode, we discuss the UK government’s demand for Apple to create a secret backdoor for accessing encrypted iCloud backups under the Investigatory Powers Act and its potential global implications on privacy. We also discuss the first known case where AI chatbots were used in a stalking indictment, highlighting the dangers of technology misuse and the challenges it poses for legal systems. Join hosts Tom and Scott as they explore these pressing issues and introduce a new sub segment ‘AI Spy’ to focus on AI risks. Stay safe, stay secure, and stay informed! ** Links mentioned on the show...
Careers in Cybersecurity: Myths and Realities with Kathleen Smith
In this episode we welcome Kathleen Smith, CMO of ClearedJobs.net, to discuss the current state of the cybersecurity job market. Kathleen shares her extensive experience in the field, recounting her tenure in various cybersecurity events and her contributions to job market research and recruiting. She discusses challenges such as distinguishing between genuine workforce shortages and hype, the importance of precise job descriptions, and the impacts of using AI in resume generation. Kathleen emphasizes that thorough job searches and well-crafted resumes are crucial for job seekers. Additionally, she highlights the need for clarity in cybersecurity job titles and roles to help...
Privacy Concerns with Digital Drivers Licenses, The Rise of DeepSeek AI
In this episode, we explore the rollout of digital driver’s licenses in states like Illinois and the potential privacy issues that come with them. Can digital IDs truly enhance convenience without compromising your privacy? We also discuss the new Chinese AI model, DeepSeek, which is affecting U.S. tech companies’ stock prices. Join us as we provide insights on these emerging trends and their implications. ** Links mentioned on the show ** Illinois residents may soon be able to own digital driver’s licenses and state IDs https://www.sj-r.com/story/news/state/2025/01/15/digital-state-ids-licenses-could-be-available-soon-in-illinois/77697952007/ DeepSeeks popularity exploited by malware peddlers, scammers https://www.helpnetsecurity.com/2025/01/29/deepseek-popularity-exploited-malware-scams/ ** Watch this episode on YouTube...
In this episode, we discuss the latest issues with data brokers, focusing on a breach at Gravy Analytics that leaked 30 million location data points online. We also explore a vulnerability in Subaru’s Starlink system that allows unrestricted access to vehicle controls and customer data using just a last name and license plate number. Co-host Kevin Johnson joins the discussion to share insights and emphasize the need for stronger privacy regulations. ** Links mentioned on the show ** Data broker Gravy Analytics confirms a data breach after a hacker leaked millions of location records https://techcrunch.com/2025/01/13/gravy-analytics-data-broker-breach-trove-of-location-data-threatens-privacy-millions/ Hacking Subaru: Tracking and Controlling...
Meta Ditches Fact-Checking for Community Notes, RedNote and the TikTok Ban
In this episode, we explore Meta’s recent decision to replace traditional fact-checking with community notes and its potential impact on misinformation. We also discuss the implications of a TikTok ban in the U.S., with users migrating to similar apps like RedNote. The conversation covers the challenges of maintaining reliable information in social media and the shifting landscape of news consumption. Additionally, we delve into issues regarding AI-generated content, privacy concerns with Chinese-owned apps, and the importance of personal responsibility in fact-checking. ** Links mentioned on the show ** Meta ditches fact-checking for community notes ahead of second Trump term https://mashable.com/article/meta-ditches-fact-checking-for-community-notes...
AI Privacy Policies: Unveiling the Secrets Behind ChatGPT, Gemini, and Claude
Do you ever read the privacy policy of your favorite AI tools like ChatGPT, Gemini, or Claude? In this episode, Scott Wright and Tom Eston discuss the critical aspects of these policies, comparing how each AI engine handles your personal data. They explore the implications of data usage, security, and privacy in AI, with insights from industry giants like Anthropic’s CEO, Dario Amodai. Are these AI tools safe to use? Find out as we break down the complexities and share our thoughts on the future of AI and its impact on your data privacy. ** Links mentioned on the show...
Reflecting on Y2K: Lessons for the Next Tech Crisis and AI Safety
Join us as we reminisce about Y2K, the panic, the preparations, and the lessons learned 25 years later. We also discuss the implications for future technology like AI and potential cybersecurity crises. Plus, in our ‘Aware Much’ segment, Scott shares tips on protecting your data if your phone is stolen. Happy New Year and welcome to our first episode of 2025! ** Links mentioned on the show ** Y2K at 25: Panic, preparation and payoff https://mashable.com/article/y2k-25-years-later Protecting your data when your phone is stolen – literally right out of your hands https://www.linkedin.com/posts/paulgurney_theft-security-phone-ugcPost-7270798464425332736-PyEi ** Watch this episode on YouTube ** **...
2024 Year in Review: What We Got Right and Looking to 2025
In the final episode of the Shared Security Podcast for 2024, join us as we recap our predictions for the year, discuss what we got right and wrong, and highlight our top episodes on YouTube. We also extend a heartfelt thank you to our Patreon supporters and special guests. Plus, stay tuned for our predictions for 2025 and some fun discussions on AI’s impact, phishing attacks, and more. Happy New Year and thank you for your support! ** Links mentioned on the show ** Our 2024 Prediction Episode https://sharedsecurity.net/2023/12/25/the-year-in-review-and-2024-predictions/ Become a supporter in 2025 and help support the show! https://patreon.com/SharedSecurity...
Digital License Plate Vulnerabilities, How to Avoid New Text Message Scams
In this episode Tom, Scott, and Kevin discuss the vulnerabilities of digital license plates and the potential for hackers to exploit them. They explain what digital license plates are and how they work. The ‘Aware Much?’ segment covers the topic of suspicious text messages and why you should avoid responding to unknown senders. The team also shares personal project frustrations and emphasizes the importance of cybersecurity measures in IoT devices. Stay tuned for insightful discussions and practical advice on staying secure. ** Links mentioned on the show ** Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls...
Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption
In Episode 359 of the Shared Security Podcast, the team examines a shocking hack-for-hire operation alleged to target over 500 climate activists and journalists, potentially involving corporate sponsorship by ExxonMobil. They explore the intricate layers of this multifaceted campaign and the broader implications on security risk assessments. Additionally, Scott discusses the massive Salt Typhoon hacking campaign attributed to China, which has compromised major U.S. telecommunications companies, and the surprising shift in U.S. government stance on end-to-end encryption. Join Tom, Kevin, and Scott for their in-depth analysis and a touch of humor throughout this episode. ** Links mentioned on the show...
Tanya Janca on Secure Coding, AI in Cybersecurity, and Her New Book
Join us for an insightful episode of the Shared Security Podcast as Tanya Janca returns for her fifth appearance. Discover the latest on her new book about secure coding, exciting updates in Application Security, and the use of AI in security. Learn how her new book goes deeper into secure coding practices, backed by her practical experiences and detailed research, aimed at empowering developers with actionable advice. Don’t miss Tanya’s take on privacy, better security practices, and much more! ** Links mentioned on the show ** Pre-order Tanya’s new book “Alice and Bob Learn Secure Coding” https://a.co/d/32FCrwt Tanya’s first book...
Australia Bans Social Media for Kids, Holiday Vishing Scams
In this episode, we discuss Australia’s new legislation banning social media for users under 16 and its potential impact. Our hosts also explore the issue of vishing (voicemail phishing), why it’s escalating, particularly during the holiday season, and how to protect yourself against these scams. Plus, we celebrate a milestone on our YouTube channel and share some fun community feedback! ** Links mentioned on the show ** Australia launches bill banning social media for under 16s https://www.dw.com/en/australia-launches-bill-banning-social-media-for-under-16s/a-70838309 Voice Phishing Attacks: How to Prevent and Respond to Them https://securityboulevard.com/2024/11/voice-phishing-attacks-how-to-prevent-and-respond-to-them/ ** Watch this episode on YouTube ** ** Become a Shared Security...
Deepfake Fraud, Data Brokers Tracking Military Personnel
In Episode 356, Tom and Kevin discuss the increasing role of deepfake technology in bypassing biometric checks, accounting for 24 percent of fraud attempts. The show covers identity fraud issues and explores the controversial practices of data brokers selling location data, including tracking US military personnel. The conversation shifts to social media platforms Twitter, Blue Sky, and Mastodon, discussing user experiences and migrations. The episode wraps up with a humorous and radical suggestion for dealing with data brokers. Tune in for an engaging discussion on security, privacy, and the impact of emerging fraud technologies. ** Links mentioned on the show...
Why Its Time to Leave Twitter
In episode 355, Tom discusses his decision to deactivate his Twitter accounts due to privacy concerns with Twitter’s new AI policy and changes in the blocking features. He outlines the steps for leaving Twitter, including how to archive and delete tweets, and evaluates alternative platforms such as Bluesky, Mastodon, and Threads for cybersecurity professionals seeking new social media spaces. ** Links mentioned on the show ** X updates block feature, letting blocked users see your public posts https://techcrunch.com/2024/11/03/x-updates-block-feature-letting-blocked-users-see-your-public-posts/ Changes in Xs Privacy Policy Promote AI https://etownian.com/main/news/changes-in-xs-privacy-policy-promote-ai/ Dropping X for Bluesky? These tips will make the migration easier https://www.fastcompany.com/91228063/dropping-x-for-bluesky-these-tips-will-make-the-migration-easier Script to...
Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password
In episode 354, we discuss the emergence of the term ‘Advanced Persistent Teenagers’ (APT) as a new cybersecurity threat. Recorded just before the election, the hosts humorously predict election outcomes while exploring the rise of teenage hackers responsible for major breaches. The episode also covers a notable Okta vulnerability that allowed someone to login without the correct password and its implications. Tune in for an engaging conversation on the evolving landscape of cyber threats. ** Links mentioned on the show ** The biggest underestimated security threat of today? Advanced persistent teenagers https://techcrunch.com/2024/11/01/the-biggest-underestimated-security-threat-of-today-advanced-persistent-teenagers/ Okta Bug Allowed Log-Ins Without a Correct Password...
Fallout from the Change Healthcare Breach, Mortgage Wire Fraud What You Need To Know
In episode 353, we discuss the February 2024 ransomware attack on Change Healthcare, resulting in the largest data breach of protected health information in history. Notifications have been sent to 100 million Americans, including hosts Tom and Kevin. We explore the implications of this significant breach and whether paying ransoms is a viable solution. In the ‘Aware Much’ segment, Scott explains how mortgage wire fraud works and provides essential tips for real estate transactions to avoid such scams. Plus, a quick recap on our popular AI-powered toilet cameras episode. ** Links mentioned on the show ** Change Healthcare Breach Hits...
Internet Archive Hacked, Introducing The AI Toilet Camera
In this episode, we discuss the significant data breach at the Internet Archive, affecting 33 million users. We also examine the introduction of an AI-integrated toilet camera by Throne, designed for health monitoring by analyzing bodily waste, and the ensuing privacy concerns. We explore these technological advancements alongside other unusual tech innovations, touching upon security issues with home cameras, personal data in health apps, and broader implications for privacy and technology. ** Links mentioned on the show ** Internet Archive hacked, data breach impacts 31 million users https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/ Internet Archive breached again through stolen access tokens https://www.bleepingcomputer.com/news/security/internet-archive-breached-again-through-stolen-access-tokens/ Thrones toilet camera...
In episode 351, hosts Tom and Scott explore an unusual incident where robot vacuums were hacked to shout obscenities, exposing significant IoT security issues. The discussion includes the mechanics of the Bluetooth hack and its broader cybersecurity implications. Additionally, the ‘Aware Much?’ segment reveals the world of hidden printer tracking dots, used for tracing document origins and their historical use by governments for tracking. This episode also highlights the technology’s role in preventing currency counterfeiting and capturing high-profile leaks, underscoring the intersection of privacy and security in modern times. ** Links mentioned on the show ** Hacked Robot Vacuums Across...
Emergency Satellite Messaging, Stagnation in User Cybersecurity Habits
In the milestone 350th episode of the Shared Security Podcast, the hosts reflect on 15 years of podcasting, and the podcast’s evolution from its beginnings in 2009. They discuss the impact of a current hurricane on Florida, offering advice on using iPhone and Android satellite communication features during emergencies. The ‘Aware Much’ segment focuses on the lack of change in user behavior towards cybersecurity, highlighting persistent issues like inadequate password manager usage and infrequent software updates. The episode covers historical insights into social media’s evolution, including privacy guides and LinkedIn’s fake profile problem, emphasizing the importance of a well-rounded approach...
Kia Security Flaw Exposed, NISTs New Password Guidelines
In this episode, the hosts discuss a significant vulnerability found in Kia’s web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The conversation highlights the broader issue of web vulnerabilities in the automotive industry. Also covered are NIST’s updated password guidelines, eliminating complexity rules and periodic resets, emphasizing the importance of MFA. The episode features insights from co-host Kevin Johnson, covering both technical flaws and the security community’s perspectives on these evolving issues. ** Links mentioned on the show ** Millions of Vehicles Could Be Hacked and Tracked Thanks to...
Discords New End-to-End Encryption, LinkedIn Using Your Data for AI Training
In episode 348, Tom and Scott discuss Discord’s new end-to-end encryption for audio and video calls, involving the DAVE Protocol, third-party vetting by Trail of Bits, and its impact on users. They also address LinkedIn’s controversial move to automatically opt users into using their data to train AI models without initial consent, suggestions for opting out, and the broader implications for user privacy. ** Links mentioned on the show ** Meet DAVE: Discords New End-to-End Encryption for Audio and Video https://discord.com/blog/meet-dave-e2ee-for-audio-video LinkedIn is using your data to train generative AI models. Here’s how to opt out. https://www.msn.com/en-us/money/technology/linkedin-is-using-your-data-to-train-generative-ai-models-heres-how-to-opt-out/ar-AA1qRqvW https://www.darkreading.com/cyber-risk/linkedin-user-data-collection-ai-training ** Watch...
Supply Chain Sabotage: The Exploding Pager Incident, Instagrams New Teen Privacy Measures
In Episode 347, we discuss the recent alarming incidents involving exploding pagers targeting Hezbollah operatives in Lebanon, which resulted in multiple casualties. We clarify why this is not a cyber attack and should not cause widespread panic about personal device safety. Additionally, we cover Instagram’s new policies to default teen accounts to private and the implications for parental control and teen safety on social media. ** Links mentioned on the show ** Exploding pagers belonging to Hezbollah kill 8 and injure more than 2,700 in Lebanon https://www.nbcnews.com/news/world/hezbollah-pagers-expolsion-lebanon-handheld-devices-rcna171457 https://www.reuters.com/world/middle-east/israel-planted-explosives-hezbollahs-taiwan-made-pagers-sources-say-2024-09-18/ Introducing Instagram Teen Accounts: Built-In Protections for Teens, Peace of Mind for...
The Rise of AI Voicemail Scams, Political Donation Privacy Concerns
In episode 346, we discuss new AI-driven voicemail scams that sound convincingly real and how to identify them. We also explore recent research on the privacy concerns surrounding donations to political parties through their websites. Additionally, we celebrate the 15th anniversary of the podcast and share some reflections and fun facts about the journey. Join us for this insightful and informative episode! ** Links mentioned on the show ** Security Justice Podcast (2008-2011) https://archive.org/details/securityjustice Your personal data is political: W&M computer scientists find gaps in the privacy practices of campaign websites https://news.wm.edu/2024/02/07/your-personal-data-is-political-wm-computer-scientists-find-gaps-in-the-privacy-practices-of-campaign-websites/ ** Watch this episode on YouTube ** https://youtu.be/GOXUK4Wd2YM...
This week, we discuss a critical SQL injection vulnerability discovered in an app used by the TSA, raising ethical questions about responsible disclosure. Plus, we shed light on the alarming rise of Bitcoin ATM scams exploiting older adults, providing essential tips to protect your loved ones from these devious schemes. Tune in for unique insights and vital cybersecurity advice! ** Links mentioned on the show ** Bypassing airport security via SQL injection https://ian.sh/tsa https://x.com/mattjay/status/1831004620950278397?s=46&t=S0l2WLszljUYE1vbjB4M9A FTC: Over $110 million lost to Bitcoin ATM scams in 2023 https://www.bleepingcomputer.com/news/security/ftc-americans-lost-over-110-million-to-bitcoin-atm-scams-in-2023/ ** Watch this episode on YouTube ** https://youtu.be/sL1sfY3ATXM ** Become a Shared Security Supporter...
Telegram is NOT an Encrypted Messaging App, Must-See Documentaries
In this episode, we explore the recent arrest of Telegram founder Pavel Durov in France and discuss the app’s encryption claims. Is Telegram truly an encrypted messaging app? Joining the conversation is co-host Kevin Johnson, bringing his trademark opinions. We also talk about some intriguing documentaries, including ‘LulaRich’ about the LuLaRoe leggings company and ‘Class Action Park’ about a dangerous theme park in New Jersey. Tune in to hear our thoughts on these topics and more! ** Links mentioned on the show ** The Arrest of Pavel Durov Is a Reminder That Telegram Is Not Encrypted https://gizmodo.com/the-arrest-of-pavel-durov-is-a-reminder-that-telegram-is-not-encrypted-2000490960 https://www.404media.co/how-telegrams-founder-pavel-durov-became-a-culture-war-martyr/ The girl...
Googles Monopoly: The Debate Heats Up, Amazon Alexa Privacy Tips
This week, we discuss Google’s recent accusation by the U.S. Justice Department for being a monopoly and its implications for privacy and cybersecurity. We also cover essential privacy settings for Alexa smart speakers and their importance. Join the hosts, Tom, Kevin, and Scott, for an engaging conversation on these topics, along with a segment from ClickArmor on cybersecurity training. Plus, a recap of the Black Hat and BSides Las Vegas conferences. ** Links mentioned on the show ** Google illegally maintains monopoly over internet search, judge rules https://apnews.com/article/google-antitrust-search-engine-verdict-apple-319a61f20fb11510097845a30abaefd8 5 Amazon Alexa privacy settings you should change right away https://www.zdnet.com/home-and-office/smart-home/5-amazon-alexa-privacy-settings-you-should-change-right-away/ **...
The Inefficiency of People-Search Removal Tools, Massive Data Breach Impacting U.S. Citizens
In episode 342, we discuss the effectiveness of people-search removal tools like DeleteMe and Reputation Defender, based on a study by Consumer Reports. We also cover how almost every American’s social security number has potentially been stolen by hackers and shared on the dark web. Scott and Tom talk about the importance of protecting your personal information and methods to do so, including manually removing data and placing credit freezes. Plus, we touch on Canada’s privacy laws and wrap up with our Aware Much segment. Stay safe, stay secure, and stay private! ** Links mentioned on the show ** People-Search...
Exploring Cybersecurity Trends at Black Hat 2024 with Shourya Pratap Singh from SquareX
Join us for this special live edition of the Shared Security Podcast, recorded in scorching Las Vegas at Black Hat 2024. Host Tom Eston is joined by Shourya Pratap Singh, Principal Software Engineer at SquareX. They discuss highlights from Black Hat 2024, emerging themes in cybersecurity such as AI-based threats, compliance, and cloud security. The conversation also covers the DEF CON talk given by Vivek and Shourya on Last Mile Reassembly Attacks, which exposes a critical flaw in Secure Web Gateways (SWGs) and introduces an open-source toolkit for Red Teams. Thank you to SquareX for sponsoring this episode! Find out...
The Great CrowdStrike Crash, AIs Role in Employee Smiles
In episode 341, we cover the unprecedented global IT outage caused by a CrowdStrike update crash, affecting 8.5 million Windows machines. We discuss whether it’s the largest outage in history and discuss the intricacies of internet accessibility and responses from key stakeholders like Microsoft. Also, in our Aware Much segment, we explore Japan’s AI system, Mr. Smile, designed to standardize employee smiles, and its implications on employee monitoring. Plus, we welcome back Kevin and give a special shout-out to our latest Patreon supporter. ** Links mentioned on the show ** CrowdStrike update crashes Windows systems, causes outages worldwide https://www.bleepingcomputer.com/news/security/crowdstrike-update-crashes-windows-systems-causes-outages-worldwide/ https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-repair-tool-to-remove-crowdstrike-driver...
How SquareX is Redefining Web Security: An In-Depth Discussion with Chief Architect Jeswin Mathai
In this episode, Tom Eston hosts Jeswin Mathai, Chief Architect at SquareX. This episode is part two of a series featuring SquareX, and Jeswin takes a deeper look into their cybersecurity solutions. Jeswin shares his extensive experience in the field and details how SquareX offers innovative protections at the browser level to guard against phishing attacks and other online threats. Learn about their unique approach by monitoring user activity in a privacy-safe manner and leveraging the power of modern browsers and device capabilities. Jeswin also discusses the limitations of traditional antivirus and secure web gateway solutions compared to SquareX’s comprehensive...
Deepfakes, AI, and the Future of Cybersecurity: Insights from Dan DeCloss of PlexTrac
In this episode, host Tom Eston welcomes Dan DeCloss, founder and CTO of PlexTrac. They exchange insights about their history at Veracode and explore Dan’s journey in cybersecurity. Dan shares his experience in penetration testing, the origins of PlexTrac, and the need to streamline reporting processes. The conversation also covers the state of the cybersecurity industry, the impact of generative AI, and future challenges such as deepfake technology. Dan touches upon the evolution of attackers and the role of both AI and human elements. The episode wraps up with thoughts on the younger generation’s approach to discerning information in a...
Massive AT&T Data Breach Impact, Metas Privacy Policy Updates
In episode 339, hosts Tom Eston and Scott Wright discuss the massive AT&T data breach affecting 110 million customers, which is larger than a previous breach from March affecting 73 million customers. They also talk about the importance of reading privacy policies on sites like Facebook and Instagram, as these platforms may use user data to train AI models. Additionally, they explore the implications of third-party cloud platform breaches, specifically mentioning the Snowflake incident. The ‘Aware Much?’ segment highlights evolving privacy policies, with Meta’s revised policy allowing user data for AI development being under scrutiny. The episode concludes with a...
Authy Breach: What It Means for You, RockYou 2024 Password Leak
In episode 338, we discuss the recent breach of the two-factor authentication provider Authy and its implications for users. We also explore a massive password list leak titled ‘Rock You 2024’ that has surfaced online. Find out why this file may not be as significant as it seems and the importance of avoiding password reuse. Stay tuned for our ‘Aware Much?’ segment with Scott Wright, featuring insights on credential stuffing and practical password management tips. ** Links mentioned on the show ** Using Authy? Beware of impending phishing attempts https://www.helpnetsecurity.com/2024/07/11/using-authy-beware-of-impending-phishing-attempts/ Nearly 10 Billion Passwords Leaked in Biggest Compilation of All...
Critical SSH Vulnerability, Facial Recognition Flaws, How to Safely Dispose of Old Devices
In episode 337, we cover broken news about the new SSH vulnerability ‘regreSSHion‘ highlighting the vulnerability discovered in the OpenSSH protocol by Qualys and its implications. We then discuss the Detroit Police Department’s new guidelines on facial recognition technology following a lawsuit over a wrongful arrest due to misidentification, shedding light on the broader issues with such technologies, especially their impact on minorities. Lastly, in the ‘Aware Much’ segment, Scott shares essential tips on securely wiping personal data from old PCs, laptops, smartphones, and other electronic devices before selling or disposing of them. Join us as we welcome back co-hosts...
The U.S. Bans Kaspersky Antivirus, WordPress Plugin Supply Chain Attacks
In episode 336 of the Shared Security Podcast, we discuss the Biden administration’s recent ban on Kaspersky antivirus software in the U.S. due to security concerns linked to its Russian origins. We also highlight the importance of keeping all software updated, using recent examples of supply chain attacks that have compromised several popular WordPress plugins. Join hosts Tom Eston and Scott Wright as they examine these key cybersecurity issues and emphasize proactive security measures. Plus, find out why co-host Kevin Johnson is missing this week and get the latest updates from Aware Much, sponsored by ClickArmor. ** Links mentioned on...
Exploring Cutting-Edge Browser Security with Vivek Ramachandran Founder of SquareX
In this special episode of the Shared Security Podcast, host Tom Eston interviews Vivek Ramachandran, the founder of SquareX. Vivek shares his journey in WiFi security, recounting his introduction of the Cafe Latte man-in-the-middle attack and founding of Pentest Academy. He discusses his latest venture, SquareX, a company focused on browser security to protect employees from client-side attacks. Vivek explains SquareX’s workings, industry challenges, and insights into Secure Web Gateways (SWGs). He also previews his upcoming DEF CON talk on bypassing SWGs and shares thoughts on AI in cyber-attacks. Learn about the future of browser-based security solutions and how enterprises...
Social Media Warning Labels, Should You Store Passwords in Your Web Browser?
In this episode of the Shared Security Podcast, the team debates the Surgeon General’s recent call for social media warning labels and explores the pros and cons. Scott discusses whether passwords should be stored in web browsers, potentially sparking strong opinions. The hosts also provide an update on Microsoft’s delayed release of CoPilot Plus PCs due to security concerns and reflect on the underlying privacy issues. Join Tom, Scott, and Kevin for these engaging discussions and more! ** Links mentioned on the show ** Recall recalled (delayed) https://www.bleepingcomputer.com/news/microsoft/microsoft-delays-windows-recall-amid-privacy-and-security-concerns/ The Surgeon General’s Fear-Mongering, Unconstitutional Effort to Label Social Media https://www.eff.org/deeplinks/2024/06/no-online-speech-should-not-have-warning-labels Should...
Citizen Lab vs. NSO Group, Apple AI and Privacy
In episode 334, hosts Tom Eston, Scott Wright, and Kevin Johnson discuss two major topics. First, they explore the ongoing legal battle between Citizen Lab and the Israeli spyware company NSO Group. The courts have consistently blocked NSO’s attempts to access Citizen Lab’s documents to protect victim privacy. Second, they discuss Apple’s new AI features announced at their developer conference, prioritizing user privacy through opt-in by default, and its implications. Kevin shares strong opinions on NSO Group, while the hosts also review Citizen Lab’s investigative work and Apples approach to AI and privacy. ** Links mentioned on the show **...
Ticketmaster Data Breach and Rising Work from Home Scams
In episode 333 of the Shared Security Podcast, Tom and Scott discuss a recent massive data breach at Ticketmaster involving the data of 560 million customers, the blame game between Ticketmaster and third-party provider Snowflake, and the implications for both companies. Additionally, they discuss Live Nation’s ongoing monopoly investigation. In the ‘Aware Much’ segment, the rise of work-from-home job scams is analyzed, highlighting FBI warnings and tips to avoid falling victim to such schemes. The success of a past episode on Microsoft’s new recall feature is also mentioned, emphasizing privacy concerns and spirited audience discussions. ** Links mentioned on the...
Sober in Cyber: Creating Alcohol-Free Networking in Cybersecurity with Jen VanAntwerp
In this episode host Tom Eston welcomes Jen VanAntwerp, founder of Sober in Cyber. Jen shares her journey in cybersecurity and marketing, and discusses the motivation behind creating alcohol-free networking events. Sober in Cyber provides much-needed alternatives to typical alcohol-centered industry events, fostering inclusive environments for both sober professionals and those simply seeking a different experience. Tune in to learn about their successful sober events, the growing support for such initiatives, and how they foster authentic professional connections without the influence of alcohol. For more details, visit SoberInCyber.org and join their supportive community on Discord. ** Links mentioned on the...
Microsofts Copilot+ Recall Feature, Slacks AI Training Controversy
Episode 331 of the Shared Security Podcast discusses privacy and security concerns related to two major technological developments: the introduction of Windows PC’s new feature ‘Recall,’ part of Microsofts Copilot+, which captures desktop screenshots for AI-powered search tools, and Slack’s policy of using user data to train machine learning features with users opted in by default. Tom and Kevin express significant concerns over the implications for privacy, data security, and the potential for misuse of these features. Discussions cover the technical workings, potential vulnerabilities, and broader impacts of these technologies on privacy and security. The episode also mentions anecdotes that...
New Tracker Warning Features on iPhones & Androids, 2024 Verizon Data Breach Investigations Report
In episode 330 Tom, Scott, and Kevin discuss the new features for iPhones and Android phones designed to warn users about secret trackers, possibly aiding in identifying stalkers. The hosts discuss Apple and Google’s collaboration on a technology called DOLT (Detecting Unwanted Location Trackers), aiming to improve user privacy by detecting Bluetooth trackers like Tiles and AirTags. They also highlight the findings from the 2024 Verizon Data Breach Investigations Report (DBIR), discussing key statistics on company breaches, the average time to remediate vulnerabilities, the rise in ransomware and extortion cases, third-party risks, and the negligible impact of AI on current...
Live at RSA: AI Hype, Enhanced Security, and the Future of Cybersecurity Tools
In this first-ever in-person recording of Shared Security, Tom and Kevin, along with special guest Matt Johansen from Reddit, discuss their experience at the RSA conference in San Francisco, including their walk-through of ‘enhanced security’ and the humorous misunderstanding that ensued. The conversation moves to the ubiquity of AI and machine learning buzzwords at the conference, questioning the genuine impact versus hype, and the saturation of AI claims among vendors. They explore the real-world applications of AI, how it’s currently being utilized in cybersecurity, and its potential to assist smaller security teams and raise the ‘cybersecurity poverty line.’ The discussion...
FCC Fines Wireless Carriers $200 million, Googles Fight Against Malicious Apps
In episode 328, Tom and Kevin discuss two major cybersecurity and privacy news stories. The first topic covers the FCC issuing fines to major US wireless carriers for sharing users’ real-time location data, totaling nearly $200 million. They express surprise and skepticism over the carriers’ actions and deliberate on whether the fines would be impactful or merely seen as the cost of doing business. The second topic revolves around Google’s announcement that it prevented 2.28 million malicious apps from reaching the Play Store in 2023, marking a significant effort towards enhancing platform security. The discussion includes insights on the effectiveness...
Privacy Challenges in Relationships, Phishing Down but Vulnerabilities Up?
In episode 327 Tom, Scott, and Kevin discuss the findings from Mandiant’s M-Trends 2024 report, highlighting a significant rise in traditional vulnerability exploitation by attackers while observing a decline in phishing. Despite phishing’s decreased prevalence, it remains the second most popular method for gaining initial network access. Discussions include the impact of high-profile vulnerabilities and the potential reasons behind the shift in cyberattack tactics. The episode also explores the challenges of maintaining online privacy within relationships, especially when one partner prioritizes privacy more than the other. Tips on fostering understanding and cooperation on privacy and security practices within a relationship...
Navigating Security Awareness in the Tech Industry with Erin Gallagher
In this episode Erin Gallagher, cybersecurity awareness lead at Fastly, discusses her journey into the field of security awareness and her unique approach to enhancing cybersecurity within tech companies. Erin shares her unconventional path from a communication major to leading security awareness programs at IBM and a large insurance company, before joining Fastly. She highlights the challenges and strategies of tailoring security training to diverse roles within tech companies, emphasizing the importance of role-based training over traditional methods like phishing simulations. Erin also tackles the critical role of communication skills in security awareness, the need for empathetic engagement with employees,...
Linux Backdoor Infection Scare, Massive Social Security Number Heist
In episode 325, Tom and Kevin discuss a significant backdoor threat that nearly compromised Linux systems globally, stemming from an infiltration into an open-source project called XZ Utils by attackers who gained commit access and inserted a backdoor. The episode further delves into a cybersecurity incident where hackers stole 340,000 social security numbers from a government consulting firm, emphasizing the implications and broader concerns related to data security in government contractors and the inefficacy of response mechanisms. Additionally, the hosts explore the negative influences of marketing in the cybersecurity industry, particularly following significant security breaches. ** Links mentioned on the...
Massive AT&T Data Leak, The Danger of Thread Hijacking
Episode 324 features discussions on a significant AT&T data breach affecting 73 million customers and a sophisticated thread jacking attack targeting a journalist. Co-host Scott Wright joins the discussion, highlighting how millions of AT&T customer account passcodes, along with personal information, were compromised due to a leak discovered by a security researcher and reported by TechCrunch. The episode also details the thread jacking phishing attack, emphasizing the importance of recognizing unexpected email threads and the potential dangers of malicious attachments. The episode concludes with a brief discussion on the upcoming solar eclipse, stressing the importance of using ISO-certified glasses for...
New Hotel Lock Vulnerabilities, Glassdoor Anonymity Issues
In episode 323, the hosts discuss two prominent topics. The first segment discusses a significant vulnerability discovered in hotel locks, branded as ‘Unsaflok,’ affecting 3 million doors across 131 countries. The vulnerability allows attackers to create master keys from a regular key, granted access to all doors in a hotel. The co-hosts also discuss the vulnerability’s relation to legacy systems and the implications for hotel security. The second segment shifts focus to Glassdoor, revealing that the popular company review site can no longer guarantee anonymity due to changes following its acquisition of Fishbowl, raising concerns about privacy and the potential...
Alyssa Miller: Charting the Course Through InfoSec and Aviation
In this episode, special guest Alyssa Miller joins the hosts for an insightful and entertaining conversation covering a broad range of topics from social engineering anecdotes involving Kevin Johnson to Alyssa’s journey in aviation and being a pilot. They discuss the challenges within the cybersecurity industry, including the transition to cloud computing and the neglect of on-prem data centers. Alyssa also shares a personal story about encountering workplace discrimination, offering advice based on her experiences. Additionally, the discussion touches on upcoming conference talks Alyssa is giving, which link her passion for aviation with lessons for the cybersecurity field. The episode...
The TikTok Ban Bill, Your Car is Spying on You, Signals Username Update
In episode 321, the hosts discuss how connected cars are sharing driving data with insurance companies, potentially leading to increased rates for drivers. They also talk about the anti-TikTok bill passed by the House, which could force ByteDance to sell TikTok or face a ban in app stores. The episode also covers a significant update to Signal, allowing users to use usernames instead of phone numbers, enhancing privacy. Insights into privacy policies, the importance of understanding consent, and the broader implications of data collection and sharing among different entities are also discussed. ** Links mentioned on the show * Driving...
Whos to Blame for Hacked Social Media Accounts, Spoofed Online Meeting Requests and Malware
In episode 320, Tom and Scott discuss the contentious issue of who is accountable when Facebook or Instagram accounts are hacked, discussing potential failings on both the user’s and Meta’s part. They explore the possibility of inadequate security measures on these platforms and the implications of Meta potentially profiting from fraudulent ads. The episode also covers a Wired article regarding 41 state attorney generals in the U.S. urging Meta to enhance their security to manage the rising complaints of account theft. Furthermore, the ‘Aware Much’ segment highlights a new threat involving spoofed Zoom, Google, and Skype meeting requests that spread...
Dont Trust Your AI Girlfriend or Boyfriend, Exposing US Government Data Collection
In Episode 319, Tom and Kevin discuss the potential data privacy risks associated with having an AI ‘girlfriend’ or ‘boyfriend’ and why one should refrain from sharing their personal data with such AIs. They engage in a humorous conversation about the unusual advertisements these AI companions attract, while expressing concerns over their deceptive and sensitive data gathering. The episode also explores the controversial issue of the U.S. government collecting vast amounts of consumer data. Allegedly, the government acquires data from various sources including cell phones, social media, and internet ad exchanges, potentially for surveillance purposes. Tom and Kevin argue that...
Get to Know Me Privacy Risks, Pros and Cons of Publicly Sharing Ring Doorbell Footage
In episode 318, we discuss the trending ‘get to know me’ posts on social media platforms like Instagram and the potential risks of sharing personal information publicly, particularly in light of potential misuse for password resetting. We recount a similar trend observed years ago when social media was in its infancy. The second topic covers Ring’s decision to discontinue its ‘Request for assistance’ feature on its Neighbors app which initially allowed police to publicly request doorbell footage without a warrant. We explore various viewpoints on this topic, including the need for warrants, privacy concerns, and the potential misuse of information,...
25.6 Million Dollar Deepfake Scam, Exploring Canadas Flipper Zero Ban
In episode 317, Tom and Kevin discuss a reported deepfake scam that allegedly led to the theft of 25.6 million from a multinational company and Canada’s attempt to ban the Flipper Zero device, believing it plays a role in auto thefts. They critique the Canadian government’s understanding of the device and its capabilities, questioning whether the move is political posturing rather than a measure to enhance public safety. The hosts also speak about the ‘human password’ concept, which prompts a broader discussion about the importance of out-of-band confirmation for financial transactions. ** Links mentioned on the show * Scammers use...
Jason Haddix on Bug Bounties and Cybersecurity Career Growth
In episode 316, we have the pleasure to chat with Jason Haddix, a prominent influencer in the cybersecurity community. With an intriguing career path, from being a ‘computer kid’, venturing into the nascent dark web, to becoming a respected figure in the Bug Bounty space, his journey is nothing short of inspiration. We dive into the evolution and the current state of Bug Bounty, the emergence of consultancy within the Bug Bounty companies, the unique live hacking events, and the impact of open-source tooling coming from this ecosystem. Towards the end, Jason introduces his new venture, Arcanum Information Security. Tune...
The Problem of Victim Blaming in Cybersecurity: Empathy, Responsibility & Ethical Practices
In this episode of the Shared Security Podcast, we discuss the concerning issue of victim-blaming in cybersecurity with special guest, Andra Zaharia, host of the Cyber Empathy and We Think We Know podcasts. Key topics include the societal issues within cybersecurity, the role of empathy in business and cybersecurity, leadership’s role in empathy and the recent 23andMe data breach. We discuss how companies can enhance empathy after a data breach while touching on the undeniable influence employees, especially those in security teams, play in promoting empathy within their organizations. ** Links mentioned on the show * Cyber Empathy Podcast https://cyberempathy.org/...
Secure Your iPhone: Exploring Stolen Device Protection
In this episode, host Tom Eston provides a detailed explanation of the ‘Stolen Device Protection’ for iPhones – a new security feature by Apple. This feature triggers enhanced security factors such as Face ID, Touch ID, and an hour-long security delay for critical actions when the phone is away from familiar locations. Tom also provides guidance on how to enable and disable this feature on iOS 17.3. Lastly, he advises viewers to disable the feature, and erase and reset the iPhone when they decide to sell, give away, or trade their device. ** Links mentioned on the show * Turn...
The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked
In Episode 313, hosts Tom and Scott discuss the world of scambaiting, discussing what it is, the tactics used, and its effectiveness in stopping scammers. They talk about popular channels like Scammer Payback and Kitboga that show these scams in progress. Then they switch to the best practices to prevent social media account takeovers, highlighting a guide written by Rachel Tobac. Lastly, they share fascinating news about a network connected wrench, the Bosch Rexroth Handheld Nutrunner, could be used in a ransomware attack, hinting how even everyday objects are now internet-connected. Join hosts, Tom and Scott, in this engaging conversation...
Ohios New Social Media Law, Metas Link History Feature, 175 Million Passcode Guesses
In episode 312, Tom and Scott discuss the implications of a new law in Ohio that may require parental consent for children under 16 using social media, including the pros and cons of this legislation. They also discuss Meta’s new link history feature and the repercussions it might have on ad targeting on Facebook and Instagram. The episode concludes with a discussion on a court case in Ottawa, where a judge ruled that three smartphones from an alleged pedophile must be returned after 175 million unsuccessful passcode guesses. Plus, dont miss the discussion about some refined AI-generated security awareness manager...
Most Advanced iPhone Exploit Ever, Googles $5 Billion Settlement, Apples Journal App
In this episode, we discuss the most sophisticated iPhone exploit ever, Google’s agreement to settle a $5 billion lawsuit about tracking users in ‘incognito’ mode, and a new iOS app, Journal. The iPhone exploit, known as Operation Triangulation, has complex chains of events that lead to compromised iPhone security. Meanwhile, the lawsuit against Google claims that the company’s technology was still tracking users’ site visits even in ‘incognito’ mode. The newly added Journal app on iOS has raised questions and discussions on its security and privacy features as it encourages users to put their life updates on the app. **...
The Three Keys to Success in Cybersecurity
In this episode, host Tom Eston shares the three key lessons he’s learned over his 18-year career in cybersecurity: effective communication, continuous learning, and empathy. He talks about the importance of understanding and reaching both technical and non-technical audiences, the necessity of continuous learning despite your role, and the power of empathy in contributing to success. ** Links mentioned on the show * Cyber Empathy Podcast by Andra Zaharia https://cyberempathy.org/ Follow Tib3rius and Jason Haddix https://twitter.com/0xTib3rius https://twitter.com/Jhaddix ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen...
The Year in Review and 2024 Predictions
In our last episode of the year, we replay our predictions for 2023 reviewing what we got right and what we didn’t. We cover various topics, such as Twitter’s influence, the future of Mastodon, the ban of TikTok in certain states, and the rising issue of ransomware. In addition, we give credit to Scott for accurately predicting multiple cybersecurity events during the year! We also share our expectations for 2024 predicting increased AI adoption, many more cybersecurity layoffs, more consolidation in InfoSec, and implementation of flawed legislation targeting symptoms instead of causes. ** Links mentioned on the show * The...
Password Security for the Elderly: Tips and Best Practices
In episode 308, we discuss the often overlooked topic of password management for the elderly. Addressing the commonly held belief that writing down passwords is a bad idea, we discuss the nuances and context of this practice. Elderly individuals who may struggle with technology can benefit from recording passwords, but we discuss the importance of putting suitable controls around this. We also touch on usability issues associated with technology changes and the consequences of not planning for what happens to a person’s digital presence after they pass away. Do you have your own tips or stories of your experiences with...
iOS 17 NameDrop Debunking, Real World QR Code Attacks, Impact of Ransomware on Hospitals
In episode 307, Tom and Scott debunk misinformation circulating about the iOS 17 NameDrop feature by law enforcement and others on social media. Next, they discuss the potential risks of QR code scams, detailing a real-life incident where a woman lost a significant amount of money due to a QR code scam. Finally, the episode concludes with a discussion on a ransomware attack on a large US healthcare provider, examining potential repercussions and stressing the need for increased security for critical infrastructure. Co-host Scott Wright also presents an overview of the Click Armor platform, an innovative gamified security awareness training...
Application Security Trends & Challenges with Tanya Janca
In this episode, noteworthy guest Tanya Janca returns to discuss her recent ventures and her vision for the future of Application Security. She reflects on the significant changes she has observed since her career at Microsoft, before discussing her new role at Semgrep that recently acquired WeHackPurple. Tanya sheds light on her decision to partner with Semgrep, a company that aligns with her vision of providing free resources in the Application Security community. Despite facing a failed acquisition process the previous year, WeHackPurple received multiple acquisition offers, leading to a bidding war. In addition, Tanya shares her optimism about the...
Apple Finally Adopts RCS, AI Powered Scams Targeting the Elderly
In this episode, Tom shows off AI generated images of a “Lonely and Sad Security Awareness Manager in a Dog Pound” and the humorous outcomes. The conversation shifts to Apple’s upcoming support for Rich Communication Services (RCS) and the potential security implications. Lastly, Tom and Kevin reflect on reports of AI-powered voice cloning scams targeting elderly Americans, and argue that the true issue lies with social engineering rather than the involvement of AI. ** Links mentioned on the show * Apple to Adopt RCS Messaging Standard for Better Interoperability With Android Devices (yet, the green “bubble” is not going away)...
Paying Big Tech for Privacy, New Privacy Policy Study, Bidens Executive Order on AI
In this week’s episode of the Shared Security Podcast, hosts Tom Eston, Scott Wright and Kevin Johnson tackle a number of topics related to AI, privacy and security. They begin with an amusing discussion about their respective roles on the podcast, before shifting to big tech’s use of user data and whether subscribers should pay to not have their data used. The focus then turns to a recent move by Meta to charge European users who wish to use Instagram and Facebook without ads. Next, they touch on new research from NordVPN about the burdensome length and complexity of privacy...
SEC vs. SolarWinds CISO, Classiscam Scam-as-a-Service
In this episode, we discuss the SEC’s charges against SolarWinds’ CISO for misleading investors about a major cyberattack. Plus don’t miss our discussion about the shady world of “Classiscam Scam-as-a-Service,” a very popular cyber criminal service that creates fake user accounts, posts fraudulent reviews, and boosts the reputation of dishonest sellers while defrauding e-commerce platforms. ** Links mentioned on the show * Tom’s LinkedIn thread about “Quishing” https://www.linkedin.com/posts/tomeston_lets-talk-about-quishing-do-you-think-activity-7127625977085509632-CjHc?utm_source=share SEC charges SolarWinds CISO with fraud for misleading investors before major cyberattack https://therecord.media/solarwinds-ciso-sec-charged What is Classiscam Scam-as-a-Service? https://www.tripwire.com/state-of-security/what-classiscam-scam-service ** Watch this episode on YouTube ** ** Become a Shared Security Supporter **...
Okta Hacked Again, Quishing Is The New Phishing, Google Play Protect Real-Time Scanning
In this episode, we explore the recent Okta breach where hackers obtained sensitive customer data via unauthorized access to the Okta support system. Next, we discuss the emerging threat of “quishing,” a combination of voice calls and phishing that preys on unsuspecting victims. Finally, we discuss Google Play Protect’s new feature, “Real-time App Analysis,” which enhances Android device security by helping prevent malware from being installed. ** Links mentioned on the show * Okta says hackers breached its support system and viewed customer files https://arstechnica.com/security/2023/10/okta-says-hackers-breached-its-support-system-and-viewed-customer-files/ https://x.com/mattjay/status/1716870499458822418?s=46&t=S0l2WLszljUYE1vbjB4M9A https://sec.okta.com/harfiles Quishing is the new phishing: What you need to know https://www.zdnet.com/article/quishing-is-the-new-phishing-what-you-need-to-know/ Google Play...
How to Opt Out of CPNI Data Sharing
Did you know that your mobile phone provider can give data like phone numbers you’ve called and received, the time and date of those calls, and even your location data to their parent companies, affiliates, and agents? In this episode we show you how to opt out so you can stop your data from being being shared! ** Links mentioned on the show * AT&T CPNI Opt Out https://www.att.com/consent/cpni/ https://about.att.com/privacy/full_privacy_policy.html#CPNI Verizon CPNI Opt Out https://www.verizon.com/support/customer-cpni/ Alternatively for Verizon, you can also opt out by calling 1-800-333-9956 and follow the recorded directions. Or, you can call 1800-922-0204 to reach a Customer...
Special Guest Jayson E. Street, Phantom Hacker Scams, 23andMe User Data For Sale
In milestone episode 300, Jayson E. Street (a renowned hacker, helper, and human who has successfully robbed banks, hotels, government facilities, and Biochemical companies on five continents) joins us to share what he’s been up to recently and to talk about his new role at Secure Yeti. Next, we explore the alarming rise of ‘phantom hacker’ scams targeting the elderly. The FBI issues a stern warning about these evolving tech support scams that are draining the savings of unsuspecting seniors. We uncover the extent of the issue, with staggering victim losses and disturbing trends. Finally, we unravel the unsettling revelation...
Educating the Next Cybersecurity Generation with Tib3rius
In this episode we explore the remarkable journey of Tib3rius, a web application hacking expert and content creator. In this engaging conversation, we discuss: Tib3rius’ passion for community education and content creation. What fuels his desire to empower the next generation of cybersecurity professionals? His expertise and enthusiasm for web application hacking, and we explore the transformative shifts in Application Security over recent years. If you’re new to the industry and aspire to be a web application pentester, don’t miss the valuable insights Tib3rius has to offer. Get the inside scoop on Tib3rius’ latest move to TCM Security and his...
Your Car is a Privacy Nightmare, Password Creation Best Practices, Sony Hacked Again
In this episode, we discuss the Mozilla Foundation’s alarming report that reveals why cars are the top privacy concern. Modern vehicles, equipped with data-collecting tech, pose significant risks to consumers’ privacy, with data sharing even extending to law enforcement. Listen in to our discussion as we explore the urgent need for transparency and *gasp* regulations in the automotive industry. Next, we explore the best practices around password creation and why password requirements are so different between organizations and applications you use every day. Lastly, Sony has suffered two security breaches in the past four months. In their latest breach, we...
Is My Boss Spying on Me, Instagram Painting Scam, Kia and Hyundai TikTok Challenge
In this episode, we explore the growing trend of AI surveillance in corporations, where cutting-edge technology is used to monitor employees, optimize productivity, and raise ethical concerns. Next, we uncover a disturbing Instagram scam that lures unsuspecting victims into a trap, highlighting the deceptive tactics employed by cyber criminals on social media. Finally, discover the startling vulnerabilities in Kia and Hyundai vehicles that make them easy targets for car thieves. We discuss the security flaws, the scale of affected vehicles, and practical steps owners can take to protect their cars. Find out how manufacturers are addressing this issue and what...
Content Creation, Mental Health in Cyber, The MGM Ransomware Attack
In this episode Matt Johansen, Security Architect at Reddit and Vulnerable U newsletter and YouTube content creator, joins host Tom Eston to discuss Matt’s background as one of the original “Security Twits”, his career journey, his passion for mental health advocacy, the significance of the recent MGM ransomware attack, and a discussion on the pros and cons of paying ransoms. ** Links mentioned on the show * Follow Matt on X aka: Twitter https://twitter.com/mattjay Follow Matt on LinkedIn https://www.linkedin.com/in/matthewjohansen/ Vulnerable U Newsletter and YouTube Channel https://mattjay.com/newsletter/ https://youtube.com/@VulnerableU?si=MAyCiCJ6fDbL0uHs Threat Modeling Depression https://www.mattjay.com/blog/threat-model-depression Threat Modeling Depression: Part Two – Attack Tree https://www.mattjay.com/blog/attack-tree-depression...
The Changing Role of the CISO with Ryan Davis, Chief Information Security Officer at NS1
In this episode Ryan Davis, Chief Information Security Officer at NS1, speaks with host Tom Eston about the changing role of the CISO, acquisitions, what the biggest challenges are, and Ryan’s advice for those considering a career as a CISO. This is one episode you don’t want to miss if you’re curious what a CISO does, thinking about becoming one, or currently a CISO yourself. ** Links mentioned on the show * Connect with Ryan on LinkedIn https://www.linkedin.com/in/ryancdavis/ ** Watch this episode on YouTube ** https://youtu.be/nI114nSZgjI ** Become a Shared Security Supporter ** For only $5 per month get exclusive...
The FBIs Qakbot Takedown, QR Code Phishing Attacks, Dox Anyone in America for $15
In this episode we discuss the FBI’s remarkable takedown of the Qakbot botnet, a saga involving ransomware, cryptocurrency, and the FBI pushing an uninstaller to thousands of victim PCs. Next, we explore how a major U.S. energy organization fell victim to a QR code phishing attack, highlighting the ever-evolving tactics used by attackers. Finally, we discuss the alarming world of personal data exploitation through credit header information and a TransUnion subsidiary, where attackers can dox anyone in America for only $15. ** Links mentioned on the show * NOTACON 8: Pen Testing – Moving from Art to Science (Matt Neely)...
SaaS Attacks: Compromising an Organization without Touching the Network
In this episode Luke Jennings VP of Research & Development from Push Security joins us to discuss SaaS attacks and how its possible to compromise an organization without touching a single endpoint or network. Luke talks about his recent SaaS attack research, why SaaS based attacks are different than traditional network based attacks, the SaaS attack matrix which can be used by both red and blue teams, and why its important that this research is shared and talked about in the cybersecurity community. ** Links mentioned on the show * Lets talk about SaaS attack techniques https://pushsecurity.com/blog/saas-attack-techniques/ SAMLjacking a poisoned...
Back to School Cybersecurity, Phishing Pitfalls and Strategies, Xs (Twitter) Blocking Overhaul
In this episode, we discuss essential cybersecurity tips for students and educational institutions as they gear up for the school season. From software updates to strong passwords and cybersecurity education, we explore how students and schools can fortify their digital defenses. Next, we navigate the treacherous waters of phishing and related scams, unveiling strategies to outwit malicious links. Hovering over links, cautious email scrutiny, and verification tactics all play a role. Finally, we discuss the surprising policy change by X (formerly Twitter), where blocking faces a major overhaul. Tune in as we discuss the privacy and safety ramifications of this...
Business Email Compromise Scams Revisited
In this best of episode from December 2021, we revisit Business Email Compromise (BEC) scams. What are they, how to identify them, and why BEC scams have resulted in well over $3 billion in losses since 2016, more than any other type of fraud in the U.S. We also share our tips on how to protect yourself and your business from these scams. ** Links mentioned on the show * Business Email Compromise – Tips from the FBI https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-scams-and-crimes/business-email-compromise Business Scams 101: Common Schemes and How to Avoid Them https://www.business.com/security/business-scam-guide/ ** Watch this episode on YouTube ** https://youtu.be/ZROQGOCZvyo ** Become...
The Current and Future State of Email Security with Andy Yen, CEO of Proton
In this episode, host Tom Eston speaks with Andy Yen, founder and CEO of Proton, to discuss the current and future state of email security. We also discuss Andy’s unique background as a scientist, the importance of using email aliases, an overview of Proton’s new password manager (Proton Pass), how AI may impact email security in the future, and how to find out more about how Proton takes a different approach to email security. ** Links mentioned on the show * Follow Andy Yen on X (Twitter) https://twitter.com/andyyen Get Proton Mail! Find out more about Proton and sign up for...
Common Sense Advice for Hacker Summer Camp, AI Chatbot Attacks, Whats a Flipper Zero?
In this episode, we discuss our common sense tips to stay safe and secure while attending “Hacker Summer Camp”: BSides, Black Hat, and DEF CON hacking conferences in Las Vegas. Next, we discuss the vulnerabilities and potential adversarial attacks on large language models like ChatGPT and other AI chat bots. Finally, we discuss the Flipper Zero, a versatile hacking device. We discuss its features, the potential use to cause havoc with TVs, garage doors, other wireless devices, and its role in penetration testing. ** Links mentioned on the show * Don’t be afraid to attend “Hacker Summer Camp / DEFCON”...
Your Digital Immortality is Coming, Apple and Google Are Data Gatekeepers, Satellite Security Risks Revealed
In this episode, we explore the implications and ethical dilemmas of immortality in the digital world. Listen to our discussion about this cutting-edge technology and its potential impact on our privacy. Next, we discuss the growing trend of Apple and Google becoming custodians of our digital lives. Have these tech companies gone too far? Join the conversation as we discuss the trends and challenges of digital sovereignty. Lastly, satellites form the backbone of our interconnected world, but they might be more vulnerable than we realize. We discuss recent research that uncovers basic security flaws that pose potential risks to our...
Microsoft Lost Its Keys, Voice Cloning Scams, The Biden-Harris Cybersecurity Labeling Program
In this episode, we discuss the recent Microsoft security breach where China-backed hackers gained access to numerous email inboxes, including those of several federal government agencies, using a stolen Microsoft signing key to forge authentication tokens. A TikTok influencer used a voice cloning app to expose a cheating boyfriend. But wait, there’s more to this story than meets the eye! We discuss the serious implications of voice cloning and how its being used for new types of phone scams. Lastly, we discuss the recent announcement by the Biden-Harris administration about their new cybersecurity labeling program for smart devices. Will this...
First Ban on Selling Location Data, Prohibiting Password Managers, Real-Time Crime Center Concerns
In this episode we discuss how Massachusetts lawmakers are pushing a groundbreaking bill to ban the buying and selling of location data from mobile devices. This legislation raises vital questions about consumer privacy, digital stalking, and national security threats. Next, we discuss the pros and cons of prohibiting external password managers within organizations. Join the conversation as we weigh the benefits, downsides, and best practices surrounding this hotly debated topic. Finally, we discuss the rise of Real-Time Crime Centers (RTCCs) and the concerns they raise regarding mass surveillance, privacy rights, and data misuse. ** Links mentioned on the show *...
Metas Threads and Your Privacy, Airline Reservation Scams, IDOR Srikes Back
In this episode, we explore the rise of Threads, a new social media app developed by Meta, which has already attracted 10 million users in just seven hours. However, there’s a catch the app collects extensive personal data, sparking concerns about privacy. Next, we dive into the world of airline reservation scams, exposing how fraudsters exploit a loophole to deceive unsuspecting travelers. Learn how to protect yourself and avoid being swindled by these ticket scams. Finally, we discuss the security vulnerability discovered in Eaton’s smart security alarm systems, highlighting the significant risks of IDOR (Insecure Direct Object Reference) vulnerabilities and...
MOVEit Cyberattack, The Problem with Password Rotations, Military Alert on Free Smartwatches
Several major organizations, including British Airways and the BBC, fell victim to the recent MOVEit cyberattack. We discuss the alarming trend of hackers targeting trusted suppliers to gain access to customer data, potentially holding companies and individuals for ransom. Is it better to change passwords regularly or focus on creating complex ones? We discuss the pitfalls of frequent password changes, such as predictable patterns and delayed responses to security breaches. The Department of the Army’s Criminal Investigation Division issues a military-wide alert about a program offering free smartwatches to US service members. We discuss the concerns surrounding these devices, from...
Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian
Paul Asadoorian, OG security podcaster and host of the popular Paul’s Security Weekly podcast, joins us in this episode to talk about his career as one of the original security podcasters. Paul’s been podcasting for more than 17 years! Paul also shares with us some of his greatest hacking stories and don’t miss our lively discussion about the state of firmware security. ** Links mentioned on the show * Paul Asadoorian’s Hacker Musings, Security Podcasts, and Nerd Stuff. https://securitypodcaster.com/ Paul’s YouTube Channel https://www.youtube.com/@securitypodcaster Paul’s Security Weekly Podcast https://www.youtube.com/@SecurityWeekly https://podcasts.apple.com/us/podcast/pauls-security-weekly/id91472687 Connect with Paul https://www.linkedin.com/in/paulasadoorian/ https://infosec.exchange/@paulasadoorian https://twitter.com/securityweekly ** Watch this episode on...
The FTCs Complaint Against Ring, Detecting Malware Infected Apps, Americas Most Cybersecure Companies
The FTC charged Ring, the Amazon-owned home security camera company, for compromising customer privacy and having inadequate security measures. Employees accessed private videos, while hackers exploited vulnerabilities and now Ring needs to reimburse customers $5.8 million dollars. The FTC complaint emphasizes that Ring’s actions disregarded privacy and security, putting consumers at risk. Google has removed the iRecorder – Screen Recorder app from the Play Store after it was discovered that it was infected with malware capable of stealing personal information. We discuss several ways to spot malicious apps on your smartphone helping you protect and safeguard your personal information. Finally,...
How to Break Into a Cybersecurity Career Phillip Wylie
In this exciting episode of our podcast we have the pleasure of speaking with Phillip Wylie, a remarkable professional with a captivating career in cybersecurity. Join us as we discuss Phillip’s unique journey and uncover valuable insights on breaking into the cybersecurity field. From his origins as a professional wrestler who once bravely faced off against a bear, to his evolution into a respected penetration tester, author, trainer, mentor, and public speaker, Phillip’s experiences are nothing short of extraordinary. Join us as Phillip shares his inspiring origin story and sheds light on the following topics: Unveiling the Transformation: From Pro...
Netflix Cracks Down on Password Sharing, AI Legal Research Gone Wrong, Fake Identities and Surveillance Firms
Netflix plans to crack down on the widespread practice of password sharing among households. We discuss their new verification feature and its impact on user experience and security. A lawyer finds himself in hot water after relying on ChatGPT for legal research. We investigate the consequences of referencing non-existent legal cases, the lawyer’s claim of unawareness about the AI’s potential for false information, and the broader concerns surrounding the risks of AI, including misinformation and bias. Threat intelligence firms are using fake online personas to gather data on Discord, Reddit, WhatsApp, and other apps. Watchdog groups have raised concerns about...
Metas $1.3 Billion Fine, AI Hoax Hysteria, Montanas TikTok Ban
In this episode, we discuss Meta’s record-breaking $1.3 billion fine by the EU for unlawfully transferring user data, shedding light on the increasing risks faced by tech companies in violating privacy rules. Highly realistic images of a Pentagon explosion went viral on Twitter, causing a stock market dip. We discuss the risks associated with Twitter’s verification system and the issue of AI and deepfaked images. Montana makes headlines as the first US state to ban TikTok. We discuss the ban’s motives, the challenges of implementation, and the broader concerns about personal data protection and online freedom. ** Links mentioned on...
Google Now Supports Passkeys, Risky New Top Level Domains, Twitters Encryption Dilemma
In this episode, we explore the arrival of passwordless Google accounts that use “passkeys,” which offer enhanced usability and security. We discuss the benefits of passkeys over traditional passwords, but also why passkeys are not quite ready for prime time use. Next, we discuss Google Domains’ introduction of new top-level domains (TLDs) like .zip and .mov, raising concerns about the potential use for malicious activities. We separate fact from fiction, and discuss the real risks involved. Lastly, we examine Twitter’s long-awaited encrypted direct messaging feature. We explore the limitations and criticisms surrounding its implementation, highlighting the importance of true end-to-end...
Private Tweets Exposed, Unauthorized Tracking Collaboration, AI Risks and Regulation
In this episode we discuss a recent Twitter security incident that caused private tweets sent to Twitter Circles to become visible to unintended recipients. Next, we discuss the collaboration between Apple and Google to develop a specification for detecting and alerting users of unauthorized tracking using devices like AirTags. Finally, we explore the US government’s engagement with major technology companies and AI experts to address the risks associated with generative artificial intelligence (AI). We analyze the White House initiatives and the call for increased regulatory measures in the AI field. ** Links mentioned on the show * Twitter says ‘security...
Juice Jacking Debunked, Photographer vs. AI Dataset, Google Authenticator Risks
In this episode we debunk the fearmongering surrounding “juice jacking,” a cyber attack where attackers steal data from devices that are charging via USB ports. Next, we dive into a case where a photographer tried to get his photos removed from an AI dataset, only to receive an invoice instead of having his photos taken down. Finally, we examine the security risks of using Google Authenticator’s cloud sync feature for two-factor authentication. We explain why this feature may not provide adequate protection and offer recommendations for more secure alternatives. ** Links mentioned on the show * Why is Juice Jacking...
Building a Healthy Security Culture: Insights from Kai Roer
In this episode we speak with Kai Roer, a renowned author, security culture coach, and CEO of Praxis Security Labs. Kai shares his career journey in cybersecurity and emphasizes the importance of building a strong security culture within organizations. He identifies the biggest impediments to a good security culture and offers actionable steps that organizations can take to improve their culture. Kai also discusses some of the biggest surprises he’s encountered in his work and provides insights for security awareness professionals and executives to learn about the most critical aspects of security culture. Finally, Kai shares his vision for the...
Arkansas Social Media Consent Law, Android Malware Invasion, New Method of Keyless Car Theft
Is Arkansas taking the right step to protect children online? A new law passed in the state makes it illegal for minors to use social media without their parent or guardian’s consent. Over 60 Android apps on the Google Play Store with more than 100 million downloads have been infiltrated by the new “Tekya” malware. The malware can commit ad fraud and steal Facebook credentials. Criminals are stealing keyless cars in under two minutes with a previously unknown method involving intercepting the signal between the car key and the car. ** Links mentioned on the show * Arkansas Makes It...
Genesis Market Crackdown, Life360 App Misuse, Tesla Customer Privacy Concerns
Law enforcement agencies across 17 countries have cracked down on Genesis Market, one of the largest criminal marketplaces, resulting in the arrests of 120 people globally. Popular family safety app, Life360, has been used by sex traffickers to monitor and control their victims, highlighting the increasing use of GPS technology by criminals. A recent news report reveals that groups of Tesla employees shared highly invasive videos and images recorded by customers car cameras, including embarrassing and vulnerable situations. The leaked footage was shared via an internal messaging system, potentially compromising customer privacy. ** Links mentioned on the show * Genesis...
Clearview AI Facial Recognition Fallout, Hacked and Helpless, Is AI Armageddon Upon Us?
Clearview AI provided police with 30 billion scraped images from Facebook, raising concerns over privacy and the potential misuse of facial recognition technology. A victim of a phone hack shares their story of how their credit card was stolen, highlighting the vulnerability of personal information and the chain of events that happen when someone’s identity is stolen. Our discussion about an open letter calling for the regulation of AI development due to potential dangers and misuse has become a source of controversy within the tech community. We also discuss an extreme proposal of using the threat of nuclear war to...
The TikTok CEO Testimony, ChatGPTs Privacy Risks, Inaudible Ultrasound Attacks
The CEO of TikTok was criticized by Congress for his “worthless” assurances regarding the app’s privacy and security. But what is the real motivation for Congress attempting to ban TikTok? Should we be concerned that AI language models like ChatGPT are a privacy nightmare? Not just for businesses but for anyone using it? Researchers have found a way to use inaudible ultrasonic waves to attack smartphones, smart speakers, and other devices by taking control of their voice assistants, opening browser windows, and performing other malicious actions. Is this the next generation of attacks we need to be worried about? **...
Samsung Chipset Zero-Day Vulnerabilities, AI-Assisted Social Engineering, ATM Fraud with a Twist
In this episode we discuss Google’s discovery of 18 zero-day vulnerabilities in Samsung’s Exynos chipsets. We examine an AI-assisted social engineering campaign that combines emerging technologies with classic techniques. Finally, we look at a new method of ATM fraud where thieves use glue to disable card readers and trick customers into using the tap function on their debit cards. ** Links mentioned on the show * Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets https://www.bleepingcomputer.com/news/security/google-finds-18-zero-day-vulnerabilities-in-samsung-exynos-chipsets/ Adversary Simulation with Voice Cloning in Real Time https://tevora-threat.ghost.io/adversary-simulation-with-voice-cloning-in-real-time-part-1/amp/ ATM thieves use glue and ‘tap’ function to drain accounts at Chase Bank https://abc7chicago.com/chase-bank-atm-scam-tap-to-pay/12913307/ Scott’s...
Exploring the Role of Empathy in Cybersecurity with Andra Zaharia
On this episode, Tom Eston discusses empathy in cybersecurity with Andra Zaharia, host of the Cyber Empathy Podcast. We talk about finding her passion for contributing to the industry and the importance of empathy in cybersecurity. We cover how empathy relates to cybersecurity in the industry, the importance of being empathetic in our roles as cybersecurity professionals, and why the phrase “users are the weakest link in security” is nothing more than victim blaming. We also discuss the long term implications of new technology and how we can help educate people on how to build and use technology with kindness...
Bidens National Cybersecurity Strategy, BetterHelps FTC Fine, Chick-fil-A Data Breach
What you need to know about Biden’s new National Cybersecurity Strategy, which aims to provide a framework of what the current administration wants the US federal government, critical infrastructure organizations, and private companies to do to work together to improve national cybersecurity. BetterHelp, a direct-to-consumer mental health app, has been asked to pay $7.8m by the Federal Trade Commission (FTC) for allegedly passing on users’ mental health information to Facebook, Snapchat and others. Fast food chain Chick-fil-A has confirmed a credential stuffing attack that allowed cybercriminals (who apparently really love chicken sandwiches) to access 71,473 customer accounts and sell access...
The LastPass Attack Gets Worse, What is Gamification, Signals Encryption Standoff
Popular password manager LastPass suffered a second attack that lasted for over two months. Now new and disturbing information is being released about the attack. Scott discusses the benefits and challenges of using gamification in security awareness training, emphasizing the importance of individual learning before employing it at the business process level. Signal, a very popular encrypted messaging app, warns it may leave the UK if new online safety legislation weakens its end-to-end encryption, sparking controversy and debate over privacy concerns. ** Links mentioned on the show * LastPass: DevOps engineer hacked to steal password vault data in 2022 breach...
Twitters Paywall 2FA, Mental Health Data for Sale, Metas Verified Program
Twitter is phasing out its free text message two-factor authentication (2FA) and putting the feature behind a paywall, prompting security experts to advise Twitter users to switch to other authentication methods. How data brokers are selling sensitive mental health data for a few hundred dollars with little attempt to hide identifying information such as names and addresses. A new report highlights how some firms are offering the data for as low as $275 for information on 5,000 people, and Congress has yet to pass significant legislation on data brokers. Meta (formerly Facebook) has launched a new program called Meta Verified...
Reddit Hacked, Preventing Accidental Location Sharing, Developer Hacks His Own Company
Reddit announced that it was the victim of a phishing attack aimed at its employees, resulting in unauthorized access to internal documents, code, and some unspecified business systems. Advice on managing device location-tracking settings to ensure you’re not sharing your location inadvertently. The case of former Ubiquiti employee, Nickolas Sharp, who pled guilty to multiple felony charges after orchestrating a security breach, stealing data, and extorting almost $2m worth of cryptocurrency from his company. Plus, our thoughts about UFO’s and Chinese spy balloons! ** Links mentioned on the show * Reddit Suffers Security Breach Exposing Internal Documents and Source Code...
Layoffs, Recruiting, and The Year Ahead for Cybersecurity Job Seekers
In this episode host Tom Eston sits down with Kathleen Smith, Chief Outreach Officer at ClearedJobs.net, to discuss the current state of the job market in the cybersecurity industry. With a recent surge in layoffs, Kathleen provides advice for those who were recently let go and discusses how the economic situation has affected recruiters. She also shares her predictions for changes in the recruitment process and offers advice for job seekers. Finally, Kathleen shares more about her role at Cleared Jobs and how listeners can get in touch. ** Links mentioned on the show * Connect with Kathleen Smith https://www.linkedin.com/in/kathleenesmith/...
Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass
The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors. Not only that, a new vulnerability in the popular open-source password management software KeePass has also been reported. Three health tracking apps available on Google Play (Lucky Step, WalkingJoy, Lucky Habit: health tracker) have been downloaded on over 20 million devices, but a recent report shows that the rewards for using the apps are impossible or only partially available after watching tons of ads....
U.S. No Fly List Leaks, AI-Powered Phishing, Wi-Fi Used to See Humans Through Walls
A hacker discovered a copy of the US No Fly List, which contains the names of people banned from traveling in or out of the US on commercial flights, on an unsecured Jenkins server connected to a commercial airline. Will AI-powered phishing become a threat for organizations? Scientists from Carnegie Mellon University have developed a way to sense humans through walls using a deep neural network called DensePose that maps Wi-Fi signals to UV coordinates. ** Links mentioned on the show * U.S. No Fly List Leaks After Being Left in an Unsecured Airline Server https://www.vice.com/en/article/93a4p5/us-no-fly-list-leaks-after-being-left-in-an-unsecured-airline-server Why AI-Powered Phishing Will...
Social Zombies Revisited: Your Friends Want to Eat Your Brains
On this week’s episode, We’re excited to bring you a classic conference talk that Tom Eston gave with co-host Kevin Johnson back in 2009 at DEF CON 17 in Las Vegas. The talk is called “Social Zombies: Your Friends Want to Eat Your Brains” and it explores the various risks and concerns related to malware delivery through social networking sites. We discuss how social networks make money and the privacy and security issues that arise due to the trust built on these platforms. We also delve into typical botnets and bot programs, and examine the delivery of malware through social...
Metas EU Ad Practices Ruled Illegal, Twitter API Data Breach, Vulnerabilities in Major Car Brands
Facebook has been ordered to pay a fine of $414m by EU regulators who ruled that the company had broken EU law by forcing users to accept personalized ads. The ruling could have a major impact on Facebook’s advertising business in the EU, which is one of the company’s largest markets, if it is required to make changes to its advertising practices. A hacker has claimed to have the personal data of 400 million Twitter users for sale on the dark web. Attackers have also released the account details and email addresses of 235 million users for free. The information...
Things get worse for LastPass as a security breach in November resulted in the theft of customer data, including encrypted password vaults and unencrypted web addresses. Pig butchering scams, a variation of business email compromise and romance scams, are on the rise. How do they work and what do you need to know to protect yourself? Okta, a major identity and authentication company, has suffered another security breach following the “suspicious access” to its code repositories on Github. ** Links mentioned on the show * Encrypted LastPass Password Vaults, Customer Information Stolen in November Breach https://www.cpomagazine.com/cyber-security/encrypted-lastpass-password-vaults-customer-information-stolen-in-november-breach/ https://grahamcluley.com/lostpass-after-the-lastpass-hack-heres-what-you-need-to-know/ Hacker Lexicon: What...
How to Stop Online Tracking: 3 New Ways
In this episode host Tom Eston discusses one of the biggest privacy concerns people have today, online tracking by companies and advertisers. Tom will cover the following topics, tips, and new techniques to help you stop being tracked: Why should we be concerned about online tracking? How to enable and configure the privacy settings in your web browser How your smartphone has privacy settings to block online tracking Using a privacy focused search engine ** Links mentioned on the show * Apples Stunning iOS 14 Privacy Move: A Game-Changer For All iPhone Users https://www.forbes.com/sites/kateoflahertyuk/2021/01/31/apples-stunning-ios-14-privacy-move-a-game-changer-for-all-iphone-users/?sh=5fd623b47e8d How to Disable Ad ID Tracking...
The Year in Review and 2023 Predictions
In our last episode of the year, we discuss the year that was 2022. What did we get right? What did we get wrong? And what are our cybersecurity and privacy predictions for 2023? Thank you to all of our listeners for a great year! We’re looking forward to bringing you more content, news, tips, and advice in 2023! Happy New Year! ** Links mentioned on the show * Our previous year in review episodes (have fun with these!) https://sharedsecurity.net/2021/12/27/the-year-in-review-and-2022-predictions/ https://sharedsecurity.net/2020/12/23/the-year-in-review-and-2021-predictions/ https://sharedsecurity.net/2019/12/23/the-year-in-review-and-2020-predictions-with-kevin-johnson/ https://sharedsecurity.net/2018/12/26/the-year-in-review-and-2019-predictions-with-special-guest-kevin-johnson-83/ ** Watch this episode on YouTube ** https://youtu.be/mSNrn_RM5mM ** Thank you to our sponsors! ** SLNT Visit...
Apple to Allow Third-Party App Stores, Lensa AI App Privacy Risks, Real-Life Invisibility Cloak
Apple is considering giving third-party app stores access to its iPhones and iPads in the European Union (EU) to comply with new competition law. Will the “sideloading” of apps change Apple’s walled garden of security? Lensa the AI app that creates artistic profile pictures has gone viral. What are the privacy risks and what does their privacy policy and terms of service really say? A group of four graduate students from Wuhan University in China have developed a coat that they claim is invisible to AI-powered security cameras. How does the coat work and will this technology be used by...
ChatGPT Goes Viral, More Trouble for LastPass, Apples New Data Protections
A chatbot developed by OpenAI, called ChatGPT, has gone viral and is able to mimic human language and speech styles and can interact with users in a conversational way. It can be used for a range of purposes, including writing code, talking like a “Valley girl”, and even podcast introduction scripts. Attackers broke into a cloud storage service used by password manager LastPass to gain access to “certain elements” of customers’ information. Details on Apple’s three new advanced security features to protect user data in iCloud. Thanks to NordLayer for sponsoring this episode! As a listener of this podcast, get...
SASE: Is it Just Another Cybersecurity Buzzword?
In this sponsored episode co-host Tom Eston discusses SASE (Secure Access Service Edge) and if its more than just the latest cybersecurity buzzword with Carlos Salas from NordLayer. Topics include: – What is SASE (Secure Access Service Edge)? – What’s the difference between SASE and SSE (Security Service Edge)? – What challenges/problems do companies encounter while trying to secure cloud networks? – Why would companies need a SASE solution? – Some crucial features of SASE and SSE (Zero Trust Network Access, Cloud Access Security Broker, Secure Web gateway, Firewalls-as-a-Service, Data Loss Protection (DLP), SD-WAN) – What has been and will...
Is Social Media at a Tipping Point, The TikTok Invisible Challenge, San Francisco Police Can Use Killer Robots
A recent data breach of 5.4 million Twitter users and Meta being fined $265 million dollars from a 2021 data leak, and people are fleeing Twitter because of Elon Musk. Are we finally seeing a tipping point in social media? What is the TikTok Invisible Challenge and how links to fake “unfilter” software is being used to spread malware. Police in San Francisco will be allowed to deploy killer, remote-controlled robots in emergency situations. What could possibly go wrong? ** Links mentioned on the show ** Twitter Reportedly Unveils Lucrative Plan To Win Back Fleeing Advertisers As Musk Begs People...
How to Break Into a Cybersecurity Career Rob Fuller (Mubix)
This week we continue our series on how to break into a cybersecurity career with long time industry veteran, Rob Fuller (Mubix). Rob speaks with us about how he started his career in the Marine Corps, his time on Hak5, and more recently earning his Masters degree. Rob also talks about how these experiences has shaped his career, his best career advice to someone just starting out, and the importance of getting yourself out there and doing the things you enjoy! Thanks to NordLayer for sponsoring this episode! Secure your business network with NordLayer. As a listener of this podcast,...
The Rise of Mastodon, Twitter in Trouble, Largest Privacy Settlement in US History
Former Twitter users are migrating en masse to Mastodon so what is Mastodon and what do you need to know about Mastodon from a security and privacy perspective? Twitter was flooded by a wave of imposter accounts after the $8 “verification” label fiasco, and details about the largest multi-state privacy settlement in the US where Google has agreed to pay $391 million to resolve an investigation into how the company tracked users locations. Plus you don’t want to miss Tom’s Canadian dad jokes! ** Links mentioned on the show ** Mastodon: What you need to know for your security and...
How to Break Into a Cybersecurity Career Digital Forensics and Incident Response (DFIR)
Matt Scheurer, host of the ThreatReel Podcast and Assistant Vice President of Computer Security and Incident Response in a large enterprise environment, joins us to discuss starting a career in digital forensics and incident response (DFIR). Matt discusses how he got started, his advice to anyone that wants to pursue a career in DFIR, and what the future may hold for the DFIR industry. Thanks to NordLayer for sponsoring this episode! Secure your business network with NordLayer. As a listener of this podcast, get your first month free by going to https://nordlayer.com/sharedsecurity. ** Links mentioned on the show ** Follow...
Cybersecuritys Role in Combating Midterm Election Disinformation
Katie Teitler, Senior Cybersecurity Strategist at Axonius and co-host on the popular Enterprise Security Weekly podcast, joins us to discuss the role of cybersecurity in combating midterm election disinformation. We discuss the difference is between misinformation and disinformation, how we can combat disinformation and what are some things about disinformation, private platforms, and free speech we all need to think about during the midterm election. Plus, you don’t want to miss the story about how co-host Kevin Johnson was knocked out unconscious on an airplane! ** Links mentioned on the show ** Cybersecurity’s Role in Combating Midterm Election Disinformation –...
CISO Liability Risk and Jail Time, (ISC)2 Bylaw Vote and the Value of Cybersecurity Certifications
Rafal Los, host of the popular Down the Security Rabbithole Podcast, joins us to discuss CISO liability risk and the ongoing discussion in the cybersecurity community about CISOs going to jail. Plus, details on the recent (ISC)2 bylaw vote (why you should vote no) and a discussion about the value of cybersecurity certifications. ** Links mentioned on the show ** After the Sullivan Verdict: A CISO’s Guide to Avoiding Jail https://www.bankinfosecurity.com/after-sullivan-verdict-cisos-guide-to-avoiding-jail-a-20285 What the Uber Breach Verdict Means for CISOs in the US https://www.darkreading.com/attacks-breaches/what-the-uber-breach-verdict-means-for-cisos-in-the-us ISC2 bylaw drama So here's a summary of what ISC2 is changing in its Bylaws and why...
Attack of the Wi-Fi Spy Drones, How to Destroy Your Old Electronics, Signal Removes SMS Support
Two modified wi-fi enabled drones were found on the top of a financial firm’s building and used to intercept a employee’s credentials, a fun discussion about the best way to physically destroy data on electronics that no longer work, and details about Signal removing SMS support for Android users. ** Links mentioned on the show ** How Wi-Fi spy drones snooped on financial firm https://www.theregister.com/2022/10/12/drone-roof-attack/ How to wipe out data from things that don’t turn on? https://www.reddit.com/r/privacy/comments/y6535n/how_to_wipe_out_data_from_things_that_doesnt_turn/ Signal will remove support for SMS text messages on Android https://www.bleepingcomputer.com/news/technology/signal-will-remove-support-for-sms-text-messages-on-android/ ** Watch this episode on YouTube ** https://youtu.be/KJ9kfMGXebg ** Thank you to...
Former Uber CSO Joe Sullivan was found guilty of obstructing a federal investigation in connection with the attempted cover-up of a 2016 hack at Uber, NIST and Microsoft say that mandatory password expiration is no longer needed but many organizations are still doing it, and how fake executive profiles are becoming a huge problem for LinkedIn. ** Links mentioned on the show ** Guilty verdict in the Uber breach case makes personal liability real for CISOs https://www.csoonline.com/article/3676148/guilty-verdict-in-the-uber-breach-case-makes-personal-liability-real-for-cisos.html https://www.linkedin.com/posts/stuart-w-techsecscot_uberbreach-uberciso-uberhack-activity-6984057144438325248-gg1s/ Is mandatory password expiration helping or hurting your password security? https://www.helpnetsecurity.com/2022/10/04/mandatory-password-expiration-helping-or-hurting-password-security/ Glut of Fake LinkedIn Profiles Pits HR Against the Bots https://krebsonsecurity.com/2022/10/glut-of-fake-linkedin-profiles-pits-hr-against-the-bots/...
Hackers Need 5 Hours or Less to Break In, SMS Phishing Tactics, Strange Ways Employees Expose Data
A recent survey of ethical hackers by Bishop Fox and SANS shows that once a vulnerability or weakness is found about 58% of ethical hackers can break into an environment in less than five hours, SMS phishing and text message scams appear to be changing tactics taking a more “urgent” tone, and a discussion about strange ways employees can accidentally expose data. ** Links mentioned on the show ** More Than 60% Of Hackers Can Exfiltrate Data In Less Than Five Hours https://bishopfox.com/news/sans-hacking-survey-report-pr https://www.darkreading.com/attacks-breaches/attackers-less-than-ten-hours-find-weaknesses Scam nation: Why living with grifters is our new normal https://mashable.com/article/constant-texting-scams YSK: you shouldn’t reply “stop”...
What are Passkeys, PowerPoint Mouseover Attack, 2K Games Support Hacked
Passkeys are coming soon to Apple iOS 16 so what are passkeys and why are they an eventual replacement for passwords? Researchers have discovered a new attack that uses mouse movement in Microsoft PowerPoint to deploy malware, and details on how the 2K Games help desk support platform was compromised to push malware through fake support tickets. ** Links mentioned on the show ** Passkeys coming to iOS 16. What are Passkeys? https://developer.apple.com/passkeys/ https://www.cnet.com/tech/mobile/passkeys-more-secure-than-passwords-arrive-on-ios-16-iphone-14/ https://developer.apple.com/videos/play/wwdc2022/10092/ Hackers Using PowerPoint Mouseover Trick to Infect System with Malware https://thehackernews.com/2022/09/hackers-using-powerpoint-mouseover.html 2K Games says hacked help desk targeted players with malware https://www.bleepingcomputer.com/news/security/2k-games-says-hacked-help-desk-targeted-players-with-malware/ ** Watch this...
Uber Hacked by 18 Year Old, Morgan Stanley Hard Drives Got Auctioned, Deleting Your Data is Hard
Uber got hacked by an 18 year old using social engineering and a multi-factor authentication fatigue attack, Morgan Stanley has been auctioning off hard drives holding sensitive client data since 2015, and why is it so hard for social networks to remove personal data when deleting your user account. ** Links mentioned on the show ** Uber was breached to its core, purportedly by an 18-year-old. Heres whats known https://arstechnica.com/information-technology/2022/09/uber-was-hacked-to-its-core-purportedly-by-an-18-year-old-here-are-the-basics/ MITRE ATT&CK Mapping of the Uber breach https://twitter.com/MichalKoczwara/status/1571432800787759104/photo/1 Same hacker also claims he hacked Rockstar Games https://www.esquire.com/entertainment/a41292914/gta-6-leak-videos-rockstar-hacker/ Multi-factor Authentication Fatigue Attack – How to prevent being a victim https://sharedsecurity.net/2022/08/22/multi-factor-authentication-fatigue-attack-signal-account-twilio-hack-facebook-and-instagram-in-app-browser/ https://attack.mitre.org/techniques/T1621/...
Facebook Doesnt Know Where Your Data Is, New Hire Spearmishing Attack, Smart Thermostat Lock Out
In recent court testimony two Facebook engineers were asked what information, precisely, does Facebook store about us, and where is it? Surprisingly they said, they don’t know. Details on how brand new employees of companies are being “spearmished” (hat tip to @ErinInfosec and @RachelTobac via Twitter), and how thousands of Colorado residents found themselves locked out of their smart thermostats to help prevent the power grid from failing. ** Links mentioned on the show ** Facebook Engineers: We Have No Idea Where We Keep All Your Personal Data https://theintercept.com/2022/09/07/facebook-personal-data-no-accountability/ New Hire SMS Phish Attack Method – Spearmishing? https://twitter.com/RachelTobac/status/1568656397637947392 A utility...
TikTok Denies Data Breach, Los Angeles School District Ransomware Attack, Fingerprint Scanners in School Bathrooms
TikTok has denied reports that it was breached by a hacking group, after it claimed they have gained access to over 2 billion user records, the Los Angeles school district, the second-largest in the US, suffered a ransomware attack, and details on how one high school in Sydney Australia installed fingerprint scanners at the entrance to bathrooms to track student movements and prevent vandalism. ** Links mentioned on the show ** TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users’ Information https://thehackernews.com/2022/09/tiktok-denies-data-breach-reportedly.html The second-biggest school district in the US was hit with ransomware https://www.zdnet.com/article/the-second-biggest-school-district-in-the-us-was-hit-with-ransomware/ https://www.msn.com/en-us/news/us/feds-anticipate-ransomware-attacks-against-schools/ar-AA11yV3r Sydney schools use of...
LastPass Data Breach, ETHERLED: Air-Gapped Systems Attack, Twitter Whistleblower Complaint
Popular password manager LastPass announced that some of their source code was stolen, but that no customer passwords were compromised in a recent data breach disclosure, an Israeli researcher has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards, and details about the Twitter whistleblower Peiter Mudge Zatko and his claims about how Twitter had poor security practices, misled federal regulators about safety, and failed to properly estimate the number of bots on Twitter. ** Links mentioned on the show ** LastPass Says No Passwords Stolen in Data Breach https://www.cnet.com/tech/services-and-software/lastpass-says-no-passwords-stolen-in-data-breach/ https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/ ETHERLED:...
Janet Jackson Can Crash Laptops, Credential Phishing Attacks Skyrocket, A Phone Carrier That Doesnt Track You
Janet Jacksons Rhythm Nation has been recognized as an exploit for a vulnerability after Microsoft reported it can crash the hard drives of certain old laptop computers, phishing attacks that compromise credentials using brand impersonation are on the rise, and details about a new privacy focused phone carrier that doesn’t track your location or web browsing activity. ** Links mentioned on the show ** Microsoft: Bug in Janet Jacksons Rhythm Nation could crash a laptop https://therecord.media/microsoft-bug-in-janet-jacksons-rhythm-nation-could-crash-a-laptop/ https://www.theregister.com/2022/08/18/janet_jackson_video_crashes_laptops/ Credential phishing attacks skyrocketing, 265 brands impersonated in H1 2022 https://www.helpnetsecurity.com/2022/08/15/landscape-email-threat/ A Phone Carrier That Doesnt Track Your Browsing or Location https://www.wired.com/story/pretty-good-phone-privacy-android/ https://invisv.com/articles/pretty-good-phone-privacy.html...
Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser
A Cisco employee was compromised by a ransomware gang using a technique called multi-factor authentication fatigue, an attack on the Signal messenger app’s SMS service Twilio potentially disclosed the phone numbers of 1,900 users, and details on how Facebook and Instagram track what you click on including your web browsing history by using their in-app browser. ** Links mentioned on the show ** Kevin’s interview on the Bishop Fox Livestream from DEF CON 30 Cisco Hacked by Ransomware Gang, Data Stolen https://www.securityweek.com/cybercriminals-breached-cisco-systems-and-stole-data Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack https://thehackernews.com/2022/08/nearly-1900-signal-messenger-accounts.html Facebook and Instagram rewrite websites via in-app...
The Importance of Faraday Technology with Aaron Zar from SLNT
Aaron Zar, SLNT founder and director of disconnection joins co-host Tom Eston to discuss the importance of Faraday technology, what’s changed with privacy over the last several years, some of the really cool SLNT Faraday products now available, and how Aaron tested product durability by running over a SLNT Faraday Backpack (containing a MacBook Pro) with a truck! Don’t forget, listeners of the podcast get 10% off at slnt.com using discount code “sharedsecurity” during checkout! ** Links mentioned on the show ** Founder of SLNT Demonstrates the strength of the Berry and TAA Compliant Faraday Dry Bag Check out SLNT’s...
Phone Numbers Used for Identification, Hacker Summer Camp Advice, Samsung Repair Mode
Why your phone number is becoming a popular way to identify you, our advice on how to best protect your privacy at hacker summer camp in Las Vegas (BSides, BlackHat, DEF CON), and details on Samsung’s new repair mode which will protect your private data on your smartphone when you take it in for repairs. ** Links mentioned on the show ** When did our phone numbers become the new identifier de jour? https://iapp.org/news/a/when-did-our-phone-numbers-become-the-new-identifier-de-jour/ Letter from a librarian to Google about 2fA hurting poor and low income people https://docs.google.com/document/d/1f6HPQbUjslcbjVHkJkAgYmQmBV3PRRHEcx4WL5rxuE8/preview Going to Hacker Summer Camp (Black Hat / DEF CON)? How...
Twitter Data Breach, 15 Minutes to Exploit Zero-Day Vulnerabilities, Resilient Deepfake Traits
Twitter suffers a data breach of phone numbers and email addresses belonging to 5.4 million accounts, new research shows that attackers are finding and exploiting zero-day vulnerabilities in 15 minutes, and details on how a resilient trait in videos and images could aid in deepfake detection. ** Links mentioned on the show ** Hacker selling Twitter account data of 5.4 million users for $30k https://www.bleepingcomputer.com/news/security/hacker-selling-twitter-account-data-of-54-million-users-for-30k/ Race against time: Hackers start hunting for victims just 15 minutes after a bug is disclosed https://www.zdnet.com/article/race-against-time-hackers-start-hunting-for-victims-just-15-minutes-after-a-bug-is-disclosed/ Researchers Identify a Resilient Trait of Deepfakes That Could Aid Long-Term Detection https://www.unite.ai/researchers-identify-a-resilient-trait-of-deepfakes-that-could-aid-long-term-detection/ ** Watch this episode on...
Robert Kerbeck Author of RUSE: Lying the American Dream from Hollywood to Wall Street
In this episode learn all about the world of corporate spying from someone who was a corporate spy and actually wrote a book on it! Robert Kerbeck author of “RUSE: Lying the American Dream from Hollywood to Wall Street” joins us to discuss his fascinating career as a corporate spy, life as a struggling actor, his many celebrity encounters (including his performance in the infamous OJ Simpson exercise video), and how the corporate spying game is still big business. This is one interview you don’t want to miss! ** Links mentioned on the show ** Purchase Robert’s book: “RUSE: Lying...
Apple Previews Lockdown Mode, Another Marriott Data Breach, Smart Contact Lenses
Apple previews Lockdown Mode which is designed for high risk individuals such as human rights workers, lawyers, politicians and journalists, hotel chain Marriott confirms another data breach, and new details on the development of smart contact lenses and what these could mean for your privacy. ** Links mentioned on the show ** Apple previews Lockdown Mode to protect users from targeted spyware https://www.cnet.com/tech/mobile/apples-lockdown-mode-why-theres-new-level-of-security-for-your-iphone/ https://www.helpnetsecurity.com/2022/07/07/apple-lockdown-mode-video/ Hotel giant Marriott confirms yet another data breach https://techcrunch.com/2022/07/06/marriott-breach-again/ Mojo Vision CEO successfully wore a smart contact lens in his eye https://skarredghost.com/2022/06/28/mojo-vision-contact-tested-eye/ ** Watch this episode on YouTube ** https://youtu.be/4mZAw_NGPDI ** Thank you to our sponsors!...
Could TikTok Be Removed From App Stores, HackerOne Employee Caught Stealing Vulnerability Reports, California Gun Owner Data Breach
The commissioner of the FCC (Federal Communications Commission), asked the CEOs of Apple and Google to remove TikTok from their app stores, bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports and submitted them for personal gain, and new details on the California gun owner data breach which had exposed the personal information of hundreds of thousands of gun owners. ** Links mentioned on the show ** TikTok is unacceptable security risk and should be removed from app stores, says FCC https://blog.malwarebytes.com/privacy-2/2022/07/tiktok-is-unacceptable-security-risk-and-should-be-removed-from-app-stores-says-fcc HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains https://thehackernews.com/2022/07/hackerone-employee-caught-stealing.html https://hackerone.com/reports/1622449 Leak of California...
Period Tracking Apps and Your Privacy, Vendor Impersonation Attacks, LockBit Ransomware Bug Bounty Program
Period tracker apps are causing privacy concerns because they could potentially be used against women in states that ban abortion, new research shows that vendors are being impersonated more than employees in Business Email Compromise (BEC) attacks, and details on the first ever bug bounty program from the creators of the LockBit ransomware operation. ** Links mentioned on the show ** How period tracking apps and data privacy fit into a post-Roe v. Wade climate https://www.npr.org/2022/05/10/1097482967/roe-v-wade-supreme-court-abortion-period-apps https://www.msn.com/en-us/news/technology/which-period-tracking-apps-are-secure-to-use-data-privacy-questioned-post-roe-v-wade/ar-AAYXF9C https://source.colostate.edu/period-tracker-apps-privacy-roe-wade/ New Trend in Business Email Compromise Emerges as Vendor Impersonation Overtakes CEO Fraud https://www.galvnews.com/news_ap/business/article_cab81f33-b5f9-5206-bd84-8ce5fb696d6b.html LockBit 3.0 introduces the first ransomware bug bounty...
Tim Hortons Privacy Investigation, Social Engineering Kill-Chain, Hospitals Sending Facebook Your Data
The Tim Hortons mobile app created a a mass invasion of Canadians privacy” by conducting continuous location tracking without user consent even when the app was closed, what is a social engineering kill-chain and how can this help understand and prevent attacks, and new research shows 33 out of the top 100 hospitals in America are sending sensitive heath information to Facebook via the Meta Pixel ad tracking tool. ** Links mentioned on the show ** A Mass Invasion of Privacy but No Penalties for Tim Hortons https://financialpost.com/news/retail-marketing/tim-hortons-app-violated-privacy-laws-says-canadian-regulator https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2022/pipeda-2022-001/ Social Engineering KillChain: Predicting, Minimizing & Disrupting Attack Verticals https://ahead.feedly.com/posts/social-engineering-kill-chain-predicting-minimizing-and-disrupting-attack-verticals Facebook...
Bipartisan Digital-Privacy Bill, Delete Your Data Before Selling Your Car, Firefox Total Cookie Protection
A new bipartisan privacy bill, the American Data Privacy and Protection Act, “could” be the first privacy legislation in the US not doomed to fail, a story about why you should delete your location and private data in your car’s navigation system before selling it, and details on Firefox’s new privacy feature called “Total Cookie Protection”. ** Links mentioned on the show ** Legislators Introduce Bipartisan Digital-Privacy Bill That May Not Be Doomed https://www.pcmag.com/news/legislators-introduce-bipartisan-digital-privacy-bill-that-may-not-be-doomed LPT: If your vehicle has a built-in GPS and you plan to trade it in; make sure you clear your home address or any other personal...
Hacking Ham Radio: Why Its Still Relevant and How to Get Started
This week we discuss hacking ham radio with special guests Caitlin Johanson, Rick Osgood, and Larry Pesce. In this episode you’ll learn what ham radio is, why its still relevant, why would attackers want to hack ham radio, all about packet radio and APRS (Automatic Packet Reporting System), and what equipment and licensing you need to get started in ham radio. ** Links mentioned on the show ** Hacking Ham Radio: WinAPRS Part 1 https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1 Hacking Ham Radio: WinAPRS Part 2 https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part-2 Hacking Ham Radio: WinAPRS Part 3 https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part-3 Hacking Ham Radio: WinAPRS Part 4 https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part-4 The 5 Best Ham...
DuckDuckGo Browser Allows Microsoft Trackers, Stolen Verizon Employee Database, Attacking Powered Off iPhones
The DuckDuckGo mobile browser allows Microsoft trackers due to an agreement in their syndicated search content contract, a database of contact details for hundreds of Verizon employees was compromised after an employee was social engineered to give the attacker remote access to their corporate computer, and details about new research that shows that even when an iPhone running iOS 15 is turned off, its really not off and certain wireless features allow the phone to be located and possibly attacked. ** Links mentioned on the show ** DuckDuckGo caught giving Microsoft permission for trackers despite strong privacy reputation https://9to5mac.com/2022/05/25/duckduckgo-privacy-microsoft-permission-tracking/ https://www.bleepingcomputer.com/news/security/duckduckgo-browser-allows-microsoft-trackers-due-to-search-agreement/...
The State of Application Security with Tanya Janca
Tanya Janca, founder of the We Hack Purple Academy, Director of Developer Relations and Community at Bright, and author of “Alice & Bob Learn Application Security” joins us to discuss the current state and future of Application Security. In this episode we discuss what Tanya’s been up to, what’s changed in AppSec over the last several years, have organizations actually moved to DevSecOps, and what the next big thing in AppSec might be. ** Links mentioned on the show ** Pick up Tanyas book: Alice & Bob Learn Application Security on Amazon! https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/1119687357 Check out the We Hack Purple Academy...
Apple Mail Privacy Protection, Government Agencies Reveal Top Attack Vectors, Is Big Brother Watching You at Work?
What is Apple Mail Privacy Protection and how does it hide your IP address, so senders cant link it to your online activity or determine your location, government authorities such as the FBI and NSA have released a list of top attack vectors used to gain initial access by attackers, and how more companies are deploying privacy invasive surveillance software to monitor their employees at work. ** Links mentioned on the show ** Shout out to Josh Summers of All Things Secured channel on YouTube! Check out and subscribe to his channel! Apple Mail Now Blocks Email Tracking. Heres What...
FBI Warrantless Searches, Passwordless Sign-Ins, Keylogging Web Forms
The FBI searched emails, texts and other electronic communications of 3.4 million U.S. residents without a warrant, Apple, Google, and Microsoft have announced they will support a new passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium, and details about how some websites are keylogging your data as you type it into a web form, before you hit submit. ** Links mentioned on the show ** CircleCityCon 9.0: Saturday Morning Cartoons – Indianapolis, IN Friday, July 1 – Sunday, July 3 2022 New to cybersecurity? Never been to a conference? Contact us for a chance...
Cybersecurity for Startups with Josh Feinblum from Stavvy
Josh Feinblum is the co-founder of Stavvy, a Boston-based fully integrated digital mortgage platform, where he leads product, engineering, people, and finance. He also serves as a venture partner at F-Prime Capital, where he evaluates and advises startups of all stages across multiple verticals. Josh talks to us about his journey through cybersecurity including his experience as a CISO at Rapid7 and DigitalOcean, and then leaving cybersecurity to start a totally new business. We discuss how his cybersecurity and privacy experience helped build a successful startup and what he’s learned along the way. If you’re interested in either joining a...
Elon Musk buys Twitter for $44 billion so what does this mean for the privacy and cybersecurity of the platform? More than 100 different Lenovo laptop computers contain firmware-level vulnerabilities which is a great reminder about making sure you update the BIOS on your computer. Plus, details about researchers who have created a t-shirt that renders the wearer undetectable to facial recognition technology. ** Links mentioned on the show ** Its not rocket science, why Elon Musks Twitter takeover could be bad for privacy https://techcrunch.com/2022/04/26/elon-musk-twitter-privacy/ Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities https://www.darkreading.com/threat-intelligence/millions-of-lenovo-laptops-contain-firmware-level-vulnerabilities This ugly t-shirt makes you invisible to...
Rehumanizing Cybersecurity with Lianne Potter
Award-winning security transformation manager and digital anthropologist Lianne Potter joins us to discuss the fascinating topic of digital anthropology and how we can rehumanize cybersecurity. In this episode Lianne discusses how she became a digital anthropologist, how this field applies to cybersecurity, and the one thing organizations need to do to bring the human back into their cybersecurity programs. ** Links mentioned on the show ** Why The Cyber Security Industry Needs to Hire More Anthropologists https://response-ability.tech/lianne-potter/ Follow Lianne on Social Media https://twitter.com/Tech_Soapbox https://www.linkedin.com/in/liannep/ ** Watch this episode on YouTube ** https://youtu.be/cDydoWCIIdI ** Thank you to our sponsors! ** Keeper...
Dumbphone Sales are Soaring, John Oliver Blackmails Congress, Cicada Chinese APT Group
More young people seem to be choosing dumbphones over smartphones, but is it because of privacy concerns or because its trendy? John Oliver, host of the Last Week Tonight show, used data brokers to obtain lawmakers digital footprints and promised to not release the data as long as Congress passes privacy legislation. Plus details about the Cicada state sponsored Chinese hacking group which hid inside their victims’ networks for nine months. ** Links mentioned on the show ** Dumbphone Sales Are Soaring As People Revolt Against Overwhelming Smartphones https://www.activistpost.com/2022/03/dumbphone-sales-are-soaring-as-people-revolt-against-overwhelming-smartphones.html https://www.bbc.com/news/business-60763168?_hsenc=p2ANqtz–brM50u-TKJL3hsmOF1uEkSYZ-ZiWY2RuV7Gv_R46XTl5e4CMk7yQ7kf2bup635k-x1JHo https://www.reddit.com/r/privacy/comments/u106ob/why_have_we_decided_carrying_around/ John Oliver Blackmails Congress With Their Own Digital Data...
Truths and Myths of Privacy, Fake Shopping Apps, Borat RAT Malware
Scott and Tom explain why privacy isn’t dead, why everyone should care about their privacy, and how you should respond to someone that says “I don’t care about privacy, I have nothing to hide!”. Plus, details on a new attack using fake shopping apps and how a new malware toolkit called “Borat RAT” is no laughing matter. ** Links mentioned on the show ** The truths and myths of privacy (Scott’s blog post) https://clickarmor.ca/2022/04/the-truths-and-myths-of-privacy/ https://www.reddit.com/r/privacy/comments/tctcxy/how_to_explain_importance_of_privacy_to_common/ https://www.reddit.com/r/privacy/wiki/index/ Three types of online attack (Mikko Hypponen’s TED talk) https://www.ted.com/talks/mikko_hypponen_three_types_of_online_attack Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users https://thehackernews.com/2022/04/hackers-distributing-fake-shopping-apps.html Borat...
Google Android vs Apple iOS: Which is Better for Privacy and Cybersecurity?
This week we battle it out between the two mobile tech giants, Google Android vs Apple iOS, and discuss which one is better for your privacy and cybersecurity. Topics include: app stores and OS updates, ad tracking, and native text messaging. All this plus how Apple and Facebook fell for a massive email scam. ** Links mentioned on the show ** Apple and Facebook reportedly provided personal user data to hackers posing as law enforcement https://9to5mac.com/2022/03/30/apple-and-facebook-reportedly-provided-personal-user-data-to-hackers-posing-as-law-enforcement/ https://nypost.com/2022/03/30/apple-facebook-fell-for-scam-and-gave-user-data-away-report/ Android vs iOS: Which Platform is More Secure in 2021 https://appinventiv.com/blog/android-vs-ios-which-platform-is-more-secure-in-2021/ Open Source and Privacy Focused Android Operating Systems: GrapheneOS https://grapheneos.org/ CalyxOS https://calyxos.org/...
LAPSUS$ Hacks Okta, Browser-in-the Browser Phishing Attack, Popular Software Package Updated to Wipe Russian Systems
The LAPSUS$ hacking group has claimed to have hacked both Microsoft and Okta, details about a novel phishing technique called a browser-in-the-browser (BitB) attack, and how a popular software package that has 1.1 million weekly downloads released a new tampered version to condemn Russia’s invasion of Ukraine by wiping arbitrary file contents. ** Links mentioned on the show ** LAPSUS$ Hackers Claim to Have Breached Microsoft and Authentication Firm Okta https://thehackernews.com/2022/03/lapsus-hackers-claim-to-have-breached.html https://blog.cloudflare.com/cloudflare-investigation-of-the-january-2022-okta-compromise/ https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/ New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable https://thehackernews.com/2022/03/new-browser-in-browser-bitb-attack.html https://mrd0x.com/browser-in-the-browser-phishing-attack/ Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion https://thehackernews.com/2022/03/popular-npm-package-updated-to-wipe.html ** Watch...
Top 3 Location Tracking Apps: Do They Sell Your Data?
This week we discuss the top 3 location tracking apps in the Apple App Store and Google Play and which ones sell your data. Plus, details about recent fake Chick-fil-A and Olive Garden vouchers on Facebook. ** Links mentioned on the show ** #1 Phone Tracker by Number https://play.google.com/store/apps/details?id=mg.locations.track5 https://onelocator.com/ – Android https://www.locatorprivacy.com/ – iOS #2 Life360 https://play.google.com/store/apps/details?id=com.life360.android.safetymapd https://support.life360.com/hc/en-us/articles/360043228154 #3 Glympse – Android https://glympse.com/privacy/ https://play.google.com/store/apps/details?id=com.glympse.android.glympse #3 My Family: Find Friends Phone – iOS https://friendzy.tech/myfamilyprivacypolicy/ Scam Alert: Chick-fil-A and Olive Garden Facebook Vouchers https://www.snopes.com/fact-check/olive-garden-chickfila-voucher/ ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Keeper Security Sign...
Amazon Echos Hack Themselves, Fraud Is Flourishing on Zelle, Samsung Galaxy Source Code Stolen
A new attack uses Alexa’s functionality to force Amazon Echo devices to make self-issued commands, payment app Zelle has become popular with fraudsters and banks don’t seem to care, and details about hackers who have stolen source code for Samsung Galaxy devices. ** Links mentioned on the show ** Preorder Your Professionally Evil Aloha Shirt for Charity! (proceeds go to St. Jude’s Children’s Hospital) https://www.secureideas.com/proevil-hawaiian-shirt Help Support Ukraine with ClearVPN https://macpaw.com/help-ukraine https://macpaw.com/news/macpaw-amidst-aggression Attackers can force Amazon Echos to hack themselves with self-issued commands https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/ https://www.ava-attack.org/ Fraud Is Flourishing on Zelle. The Banks Say Its Not Their Problem https://www.nytimes.com/2022/03/06/business/payments-fraud-zelle-banks.html https://sharedsecurity.net/2019/11/18/googles-health-record-storage-controversy-us-border-search-ruling-zelle-scams/ Samsung...
Russia Gets Hacked, Microsoft 365 Credential Stuffing, McDonalds Ice Cream Machine Hackers
This week we discuss some of the more interesting hacks of Russian assets, technology, and more. Scott discusses recent credential stuffing attacks on Microsoft 365 accounts, and a fascinating story about ice cream machine “hackers” that are suing McDonald’s for $900 million dollars in damages. ** Links mentioned on the show ** Round up of interesting Russian hacking incidents https://www.vice.com/en/article/akvya5/russian-electric-vehicle-chargers-hacked-tell-users-putin-is-a-dickhead https://www.mirror.co.uk/news/world-news/hackers-rename-putins-73million-superyacht-26355609 https://www.thesun.co.uk/tech/17818843/anonymous-russia-space-agency-roscosmos/ Attackers use Microsoft Teams as launchpad for malware https://www.helpnetsecurity.com/2022/02/17/microsoft-teams-malware/ Ice Cream Machine Hackers Sue McDonald’s for $900 Million https://www.wired.com/story/kytch-ice-cream-machine-hackers-sue-mcdonalds-900-million/ The REAL Reason McDonalds Ice Cream Machines Are Always Broken https://www.youtube.com/watch?v=SrDEtSlqJC41 Realtime map of all broken McDonalds Ice Cream...
How TikTok can circumvent privacy protections and performs device tracking that gives TikTok full access to user data, the US government warns about ransomware attacks after Biden’s new sanctions against Russia, and details about the latest beta for iOS 15.4 which includes new features designed to prevent Apple AirTags from being used to stalk people. ** Links mentioned on the show ** TikTok Can Circumvent Apple and Google Privacy Protections and Access Full User Data, 2 Studies Say (Exclusive) https://www.yahoo.com/entertainment/tiktok-circumvent-apple-google-privacy-140000271.html US officials tell businesses to watch for potential ransomware attacks after Biden announces Russia sanctions https://www.msn.com/en-us/news/world/us-officials-tell-businesses-to-watch-for-potential-ransomware-attacks-after-biden-announces-russia-sanctions/ar-AAUbrCn New AirTags anti-stalking measures...
MoviePass Tracking Your Eyeballs, Shipment Delivery Scams, SIM Swappers Arrested
MoviePass will use facial recognition and eye tracking to make sure you’re watching ads, new types of shipment-delivery scams are being used to spread malware, and details on the arrests of a SIM swapping gang and how you can protect yourself against a SIM swapping attack. ** Links mentioned on the show ** 4-week SLNT Cybersecurity and Privacy Challenge – Created by Co-Host Tom Eston https://slnt.com/pages/cybersecurity-and-privacy-guide MoviePass 2.0 Wants to Track Your Eyeballs to Make Sure You Watch Ads https://www.vice.com/en/article/akvnba/moviepass-20-wants-to-track-your-eyeballs-to-make-sure-you-watch-ads Facebook asking me to send them a full video of my entire face https://www.reddit.com/r/SharedSecurityShow/comments/sqhgd1/facebook_asking_me_to_send_them_a_full_video_of/ Shipment-Delivery Scams Become the Favored Way...
EARN IT Act is Back, Romance Scams, Like and Subscribe Ransomware
The EARN IT Act is back for a second time which would pave the way for a new massive government surveillance system in the US, romance scams are on the rise so don’t fall for love in all the wrong places, and details about a new ransomware attack that wants you to like and subscribe, or else! ** Links mentioned on the show ** Its Back: Senators Want EARN IT Bill to Scan All Online Messages https://www.eff.org/deeplinks/2022/02/its-back-senators-want-earn-it-bill-scan-all-online-messages Our previous episode from June 2020 on EARN IT https://sharedsecurity.net/2020/06/30/earn-it-act-facial-recognition-fail-can-i-be-phished/ Dont Let These Romance Scams Taint Your Valentines Day, FBI Warns https://finance.yahoo.com/news/don-t-let-romance-scams-153008730.html https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/romance-scams...
Graphics Card Web Tracking, Fake Job Ad Scams, Hacker Takes Down North Koreas Internet
Researchers have discovered a new web tracking technique using your graphics card, scammers are exploiting security weaknesses on job recruitment websites to post fraudulent job postings, and how a hacker single-handedly took down North Korea’s Internet. ** Links mentioned on the show ** Your graphics card could be used to track you across the web regardless of cookie consent https://www.pcgamer.com/drawn-apart-gpu-web-tracking/ FBI warning: Scammers are posting fake job ads on networking sites to steal your money and identity https://www.zdnet.com/article/fbi-warning-scammers-are-posting-fake-job-ads-on-networking-sites-to-steal-your-money-and-identity/ North Korea Hacked Him. So He Took Down Its Internet https://www.wired.com/story/north-korea-hacker-internet-outage/ https://www.nknews.org/2022/02/new-cyberattack-hits-north-korea-after-hacker-claims-responsibility-for-outages/ ** Watch this episode on YouTube ** https://youtu.be/mOtJe4Wo1tM ** Thank...
Ukraine Invasion Hacktivists, Insta360 ONE X2 Vulnerabilities, Google Location Tracking Lawsuits
Hacktivists have hacked a Belarus rail system in an attempt to stop Russian military buildup, someone disclosed a slew of vulnerabilities in the popular Insta360 ONE X2 camera, and Google gets accused of “deceptive” location tracking in multiple lawsuits. ** Links mentioned on the show ** Hacktivists say they hacked Belarus rail system to stop Russian military buildup https://arstechnica.com/information-technology/2022/01/hactivists-say-they-hacked-belarus-rail-system-to-stop-russian-military-buildup/ Really cool Insta360 One X2 hidden feature! https://www.reddit.com/r/Insta360/comments/scsue6/really_cool_insta360_one_x2_hidden_feature/ https://www.insta360.com/product/insta360-onex2 Google accused of deceptive location tracking in fresh round of lawsuits https://www.theguardian.com/technology/2022/jan/24/google-sued-privacy-texas-district-of-columbia ** Watch this episode on YouTube ** https://youtu.be/SDXmcrd6CiE ** Thank you to our sponsors! ** SLNT Visit slnt.com to check...
Pandemic Surveillance in Canada, Malware-Filled USB Sticks are Back, Kill Switches in New Cars
Canadas federal government admitted to surveilling its populations movements during the COVID-19 lock-down by tracking 33 million phones, the FBI warned that a hacker group has been sending malware-laden USB sticks to companies, and details on a new law in the United States which will install kill switches in new cars. ** Links mentioned on the show ** Canada secretly tracked 33 million phones during COVID-19 lockdown (misleading title) https://nypost.com/2021/12/25/canada-secretly-tracked-33-million-phones-during-lockdown/ https://www.reddit.com/r/privacy/comments/s7mb6l/canada_secretly_tracked_33_million_phones_during/ Hackers Have Been Sending Malware-Filled USB Sticks to U.S. Companies Disguised as Present https://gizmodo.com/hackers-have-been-sending-malware-filled-usb-sticks-to-1848323578 New Law Will Install Kill Switches In All New Cars https://www.motorious.com/articles/features-3/kill-switches-new-cars/ Join the Shared Security...
Digital Wellbeing with Kelly Finnerty from Startpage
Kelly Finnerty, Director of Brand at Startpage, joins co-host Tom Eston to discuss the very important topic of digital wellbeing. In this episode you’ll learn about the mental, financial, and societal impacts of constant tracking. Plus, what are some holistic approaches and tactics that we can use to help our own digital wellbeing. Kelly also shares details about Startpage’s new web browser extension “Startpage Privacy Protection”. ** Links mentioned on the show ** Startpage Privacy Protection Browser Extension https://add.startpage.com/protection/ ThinkPrivacy https://thinkprivacy.ch/ Privacy Mindset: Europe vs. United States (with Kelly Finnerty) https://sharedsecurity.net/2020/11/09/privacy-mindset-europe-vs-united-states/ StartPage.com The Worlds Most Private Search Engine https://sharedsecurity.net/2020/09/21/startpage-com-the-worlds-most-private-search-engine/ Use...
Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation
Norton 360, a popular antivirus product, has installed a cryptocurrency mining program on its customers computers, some cities in Texas have been hit with a phishing scam designed to get users to pay through fraudulent QR code stickers on public parking meters, and how Facebook is still collecting data about you even if you deactivate your Facebook account. All this plus the launch of the Shared Security Community on Reddit! (https://www.reddit.com/r/SharedSecurityShow/) ** Links mentioned on the show ** Join the Shared Security Community on Reddit! https://www.reddit.com/r/SharedSecurityShow/ Norton 360 Now Comes With a Cryptominer https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/ https://krebsonsecurity.com/2022/01/500m-avira-antivirus-users-introduced-to-cryptomining/ https://www.theverge.com/2022/1/7/22869528/norton-crypto-miner-security-software-reaction Texas parking meters with...
Phone Scam Targets Psychologists, All My Apes Gone, Supply Chain Skimmer Attack
A phone scam targeting psychologists reveals that even professionals can become victims, stolen multi-million-dollar NFT’s results in a “all my apes gone” plea for help, and details on a skimmer supply chain attack on more than 100 real estate websites. ** Links mentioned on the show ** The Phone Scam That Targets Psychologists https://www.psychologytoday.com/ca/blog/the-fraud-crisis/202110/the-phone-scam-targets-psychologists Thieves Steal Gallery Owners Multimillion-Dollar NFT Collection: All My Apes Gone https://www.artnews.com/art-news/news/todd-kramer-nft-theft-1234614874/ What is a Crypto Wallet? https://www.ledger.com/academy/what-is-a-crypto-wallet 3 Ways to Keep Your Cryptocurrency Safe https://sharedsecurity.net/2021/05/01/3-ways-to-keep-your-cryptocurrency-safe/ Hackers Target Real Estate Websites with Skimmer in Latest Supply Chain Attack https://thehackernews.com/2022/01/hackers-target-real-estate-websites.html ** Watch this episode on YouTube **...
LastPass Master Passwords, New Cars and Your Privacy, Amazon Alexa Lethal Challenge
LastPass users received emails about their master passwords being compromised, details about the privacy policies of new cars, and a story about an Amazon Echo that proposed a lethal challenge to a ten-year-old girl. ** Links mentioned on the show ** Log4j 2.17.1 out now, fixes new remote code execution bug https://www.bleepingcomputer.com/news/security/log4j-2171-out-now-fixes-new-remote-code-execution-bug/ If any person or organization is suggesting you get spun up about CVE-2021-44832, you should really take a good look at what their motivations may be. pic.twitter.com/RgkvCu3sv2 — Will Dormann (@wdormann) December 28, 2021 From Reddit: We all knew that newer cars are terrible for privacy, but to...
Web3 and the Decentralized Internet
In our last monthly show of the year we discuss Web3. What is it and what will it mean to have a decentralized Internet. If you’ve wanted to know what Web3, DeFI, NFTs, and cryptocurrency means for cybersecurity and privacy this is one episode you don’t want to miss! ** Links mentioned on the show ** What is Web3? https://www.freecodecamp.org/news/what-is-web3/ ** Watch this episode on YouTube ** https://youtu.be/FInulAah450 ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this...
The Year in Review and 2022 Predictions
In our last weekly episode of the year, we discuss the top cybersecurity and privacy news from 2021, a recap of our previous “predictions”, and what we think we’ll see next year. Happy New Year! ** Links mentioned on the show ** Sign up for the Shared Security Show Newsletter http://eepurl.com/dwcc8D ** Watch this episode on YouTube ** https://youtu.be/nl7JYqGV-5o ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout...
Log4j Vulnerability, Apple AirTags Used by Thieves, FBIs Encrypted Messaging App Document
This week we discuss the Apache Log4j vulnerability and the impact it will have on organizations now and into the future, details on how Apple AirTags are being used by thieves to steal cars, and a FBI training document describes what data can be obtained by encrypted messaging apps. ** Links mentioned on the show ** Apache Log4j Vulnerability Log4Shell Widely Under Active Attack https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html https://www.linkedin.com/pulse/understanding-recent-java-security-bug-thats-causing-stir-wilson/ https://bishopfox.com/blog/log4j-zero-day-cve-2021-44228 https://thehackernews.com/2021/12/hackers-begin-exploiting-second-log4j.html Apple AirTags Are Being Used by Car Thieves to Track High-End Vehicles https://www.newsweek.com/apple-airtags-are-being-used-car-thieves-track-high-end-vehicles-1656848 FBI document shows what data can be obtained from encrypted messaging apps https://therecord.media/fbi-document-shows-what-data-can-be-obtained-from-encrypted-messaging-apps/ Shared Security Show Interview: End-to-End Encryption...
Life360 Selling Location Data, NSO Group Spyware Hacks Government Employees, Homecoming Queen Contest Hacked
Life360, a popular family safety app used by 33 million people worldwide, is selling location data to a dozen data brokers, phones of 11 U.S. State Department employees were hacked with spyware from the infamous NSO Group, and details on a bizarre story about a mother and daughter that face 16 years in prison for hacking into a school computer system to rig a homecoming queen election. ** Links mentioned on the show ** Life360 selling location data https://themarkup.org/privacy/2021/12/06/the-popular-family-safety-app-life360-is-selling-precise-location-data-on-its-tens-of-millions-of-user AP Source: NSO Group spyware used to hack State employees https://apnews.com/article/technology-business-middle-east-israel-hacking-290f990cc1b6aa8fd870ecd540e12664 Florida teen and her mother accused of hacking homecoming queen...
Business Email Compromise Scams
This month we discuss Business Email Compromise (BEC) scams. What are they, how to identify them, and why BEC scams have created over $1.8 billion worth of losses to businesses last year alone. ** Links mentioned on the show ** What is Business Email Compromise? https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise 64 times worse than ransomware? FBI statistics underline the horrific cost of business email compromise https://www.tripwire.com/state-of-security/featured/fbi-statistics-underline-orrific-cost-of-business-email-compromise/ ** Watch this episode on YouTube ** https://youtu.be/Sc4tFdfYEqg ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener...
Is TikTok Listening to You, Apple Warns Activists, UK Government Website Shows Porn
Is the TikTok app listening to you and playing videos based on your conversations? Apple takes the unique step of warning certain activists that their phones may be targeted by attackers, and details on how a UK government website was serving porn to its visitors. ** Links mentioned on the show ** Is TikTok listening to me? https://www.reddit.com/r/privacy/comments/r38jrn/tik_tok_listening_to_me/ https://tosdr.org/en/service/1448 https://www.tiktok.com/legal/privacy-policy-eea?lang=en Terms of Service Didn’t Read https://tosdr.org/en/frontpage Apple Warns Activists They Are Being Watched by Spyware https://www.vice.com/en/article/4awvk3/apple-activists-pegasus-spyware UK government transport website caught showing porn https://www.bleepingcomputer.com/news/security/uk-government-transport-website-caught-showing-porn/ ** Watch this episode on YouTube ** https://youtu.be/9Z63tFnkeMk ** Thank you to our sponsors! ** SLNT...
How to Break Into a Cybersecurity Career Part 3 with Scott Wright
Co-host Scott Wright joins Tom Eston for part three in our series on how to break into a cybersecurity career. Scott shares his career journey and gives us some insight into his career path going from consulting into starting his own company. If youre a college student or thinking about getting into cybersecurity, this is one episode you dont want to miss! ** Links mentioned on the show ** Connect with Scott Wright https://www.linkedin.com/in/scottwright/ https://twitter.com/streetsec So, you want to work in security? https://medium.freecodecamp.org/so-you-want-to-work-in-security-bc6c10157d23 Entering the InfoSec Biz https://defensivesecurity.org/entering-information-security-industry/ How to Build a Cybersecurity Career https://danielmiessler.com/blog/build-successful-infosec-career/ Start in Infosec (Really great...
FBI Email System Compromised, Ransomware Negotiation, Privacy Crushing Gifts
In milestone episode 200: The Federal Bureau of Investigations external email system was compromised sending spam emails with a fake warning of a cyber-attack, new research released about ransomware negotiation and some helpful negotiation tips, and details on Mozilla’s naughty list of privacy-crushing gifts. ** Links mentioned on the show ** FBI email system compromised by hackers who sent fake cyberattack alert https://www.msn.com/en-us/news/us/fbi-email-system-compromised-by-hackers-who-sent-fake-cyberattack-alert/ar-AAQGp3Z How to Negotiate With Ransomware Attackers https://www.darkreading.com/attacks-breaches/how-to-negotiate-with-ransomware-attackers Bad Santa: Amazon, Facebook top Mozilla’s naughty list of privacy-crushing gifts https://www.zdnet.com/article/bad-santa-amazon-facebook-top-mozillas-naughty-list-of-privacy-crushing-gifts ** Watch this episode on YouTube ** https://youtu.be/BzgqqxPqFEg ** Thank you to our sponsors! ** SLNT Visit slnt.com...
Robinhood Data Breach, 600 Hours of Dallas Police Helicopter Footage Leaked
Details on the Robinhood data breach (apparently caused by a social engineering attack) affecting approximately 7 million customers, and a discussion about surveillance and privacy concerns from a 600-hour leak of Dallas Police Department helicopter footage. ** Links mentioned on the show ** Robinhood Trading App Suffers Data Breach Exposing 7 Million Users’ Information https://thehackernews.com/2021/11/robinhood-trading-app-suffers-data.html https://blog.robinhood.com/news/2021/11/8/data-security-incident Activists leak 600 hours of mostly Dallas police helicopter footage after citys 22 terabyte loss of criminal case data https://www.courthousenews.com/activists-leak-600-hours-of-mostly-dallas-police-helicopter-footage-after-citys-22-terabyte-loss-of-criminal-case-data/ https://ddosecrets.com/wiki/Aerial_Surveillance_Footage Shared Security Show Merch https://store.sharedsecurity.net ** Watch this episode on YouTube ** https://youtu.be/J3gHVb5qYYg ** Thank you to our sponsors! ** SLNT Visit slnt.com...
Facebook Dumps Face Recognition, Social Engineering Bots, US Sanctions NSO Group
Facebook shuts down their face recognition system and deletes more than a billion facial recognition templates, how phone bots are being used to trick victims into giving up their multi-factor authentication codes, and the US blacklists the NSO Group and 3 other companies for malicious cyber activities. ** Links mentioned on the show ** Face Recognition Is So Toxic, Facebook Is Dumping It https://www.eff.org/deeplinks/2021/11/face-recognition-so-toxic-facebook-dumping-it https://about.fb.com/news/2021/11/update-on-use-of-face-recognition/ Hackers Are Outsourcing Social Engineering to Bots https://podcasts.apple.com/us/podcast/hackers-are-outsourcing-social-engineering-to-bots/id1441708044?i=1000540546679 https://www.vice.com/en/article/y3vz5k/booming-underground-market-bots-2fa-otp-paypal-amazon-bank-apple-venmo US Sanctions Pegasus-maker NSO Group and 3 Others For Selling Spyware https://thehackernews.com/2021/11/us-sanctions-pegasus-maker-nso-group.html https://www.schneier.com/blog/archives/2021/11/us-blacklists-nso-group.html Webinar with Tom Eston on November 10: What Bad Could Happen? Managing Application...
Interview with Dana Mantilia and the Role of the CISO
Dana Mantilia joins us this month to talk about cybersecurity awareness, her incredible YouTube channel, and the ever changing role of the CISO (Chief Information Security Officer). ** Links mentioned on the show ** Connect with Dana and subscribe to her YouTube Channel https://www.linkedin.com/in/dana-mantilia/ https://www.youtube.com/c/IdentityProtectionPlanningwithDana/videos ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To...
Federal Data Agency for Social Media, Squirrelwaffle Malspam, Ransomware Hits U.S. Candymaker
Do we really need a federal data agency to regulate social media companies? Watch out for Squirrelwaffle and Qakbot malspam attacks, and ransomware hits a major candymaker ahead of Halloween (is nothing sacred anymore?!) ** Links mentioned on the show ** Facebook and social media endanger Americans. We need a federal data agency. https://www.nbcnews.com/think/politics-policy/facebook-rcna3704 Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike https://thehackernews.com/2021/10/hackers-using-squirrelwaffle-loader-to.html Sticky business: Ransomware hits U.S. candymaker ahead of Halloween https://www.nbcnews.com/tech/security/ransomware-hits-us-candymaker-ahead-halloween-rcna3391 ** Watch this episode on YouTube ** https://youtu.be/IrnrRSMU4SI ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing...
Missouri Governor and F12 Hacking, Global Ransomware Meeting, Fake Government Websites
Details on the F12 “hacking” incident of the Missouri state education website and the foolish response from the Missouri governor, Over 30 countries (except China and Russia) meet to fight ransomware globally, and the FBI’s warning about fake unemployment benefit websites. ** Links mentioned on the show ** Gov. Parson promises swift justice to person he says hacked Mo. Dept. of Education website https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/ https://twitter.com/GovParsonMO/status/1448697768311132160?s=20 Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting https://thehackernews.com/2021/10/over-30-countries-pledge-to-fight.html FBI warns of fake govt sites used to steal financial, personal data https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-govt-sites-used-to-steal-financial-personal-data/ ** Watch this episode on YouTube ** https://youtu.be/S8ykceaLJes **...
Clickbait news about the rise of “killware”, Details on 1Passwords new feature to securely share passwords with others, and a new study by university researchers in the UK shows how Android phones snoop on their users. ** Links mentioned on the show ** The next big cyberthreat isn’t ransomware. It’s killware. And it’s just as bad as it sounds. https://news.yahoo.com/next-big-cyberthreat-isnt-ransomware-090022232.html 1Passwords new feature lets you safely share passwords using just a link https://techcrunch.com/2021/10/12/1passwords-new-feature-lets-you-safely-share-passwords-using-just-a-link Study reveals Android phones constantly snoop on their users https://www.bleepingcomputer.com/news/security/study-reveals-android-phones-constantly-snoop-on-their-users/ Where Kevin ordered his “googly eyes” https://www.digikey.com/en/products/detail/adafruit-industries-llc/4343/10419155 ** Watch this episode on YouTube ** https://youtu.be/bp226DNKiAk ** Thank...
Security Champions Framework, The Great Facebook Outage, Twitch Data Breach
Co-host Scott Wright presents a new framework to help people to become “security champions” in their organization, a discussion about the great Facebook outage of 2021, and details on the Twitch data breach exposing source code and creator payouts. ** Links mentioned on the show ** Scott’s Security Champions Webinar https://youtu.be/WH65jch9DKI What Happened to Facebook, Instagram, & WhatsApp? https://krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp/ Twitch source code, business data, gamer payouts leaked in massive hack https://www.zdnet.com/article/twitch-source-code-business-data-gamer-payouts-leaked-in-massive-hack/ https://thehackernews.com/2021/10/twitch-suffers-massive-125gb-data-and.html ** Watch this episode on YouTube ** https://youtu.be/hotJHONu8jE ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday...
Apple AirTag Good Samaritan Attack, iCloud+, Amazon Astro Dog and Ring Camera Drone
Will Apple AirTag’s replace malicious payload USB drops? Details on Private Relay and Hide My Email features included with iCloud+, and a fun discussion about Amazon’s Astro robot and the Ring camera drone! ** Links mentioned on the show ** Apple AirTag Bug Enables Good Samaritan Attack https://krebsonsecurity.com/2021/09/apple-airtag-bug-enables-good-samaritan-attack/ What Is Apple iCloud+? https://www.howtogeek.com/732978/what-is-apple-icloud/ Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses https://thehackernews.com/2021/09/apples-new-icloud-private-relay-service.html Amazon is now accepting your applications for its home surveillance drone https://www.theverge.com/2021/9/28/22692048/ring-always-home-cam-drone-amazon-price-release-date-specs ** Watch this episode on YouTube ** https://youtu.be/BMLngk17onQ ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent...
Multi-Factor Authentication and Authenticator Apps
October is Cybersecurity Awareness Month so in this episode we discuss multi-factor authentication and the use of authenticator apps. Multi-factor authentication is one of the most important things that you can enable to secure your online accounts but its unfortunately overlooked by most people. Listen to this episode to learn what multi-factor authentication is, all about authenticator apps, and how we can get more people to start using multi-factor authentication. ** Links mentioned on the show ** Professionally Evil CISSP Mentorship Program – Pay What You Can https://www.secureideas.com/cissp Why People Won’t Do the One Simple Thing that Protects Them Online...
No Password Microsoft Accounts, Facebook Smart Glasses, Security.txt Internet Standard
Microsoft will now allow you to login to your accounts without a password, Facebook releases its Ray-Ban Stories smart glasses, and a conversation about the security.txt “Internet standard” and if this will help or hinder a organization’s vulnerability disclosure process. ** Links mentioned on the show ** You Can Now Sign-in to Your Microsoft Accounts Without a Password https://thehackernews.com/2021/09/you-can-now-sign-in-to-you-microsoft.html Facebook already has your memories, smart glasses will get it more https://www.msn.com/en-us/news/technology/facebook-already-has-your-memories-smart-glasses-will-get-it-more/ar-AAOkt6u Does Your Organization Have a Security.txt File? https://krebsonsecurity.com/2021/09/does-your-organization-have-a-security-txt-file/ RFC 5965 – An Extensible Format for Email Feedback Reports https://datatracker.ietf.org/doc/html/rfc5965 ** Watch this episode on YouTube ** https://youtu.be/GGIv2NS3Hkc ** Thank...
iMessage Zero-Click Exploit, Leaked Guntrader Firearms Data, 60 Million Fitness Tracking Records Exposed
The latest on the iMessage Zero-Click exploit that affects Apple iOS, MacOS and WatchOS devices (update your Apple devices now!), the names and home addresses of 111,000 British firearm owners have been dumped online, and details on over 60 million fitness tracking records exposed via an unsecured database. ** Links mentioned on the show ** NSO Group iMessage Zero-Click Exploit Captured in the Wild https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ Leaked Guntrader firearms data file shared. Worst case scenario? Criminals plot UK gun owners’ home addresses in Google Earth https://www.theregister.com/2021/08/31/guntrader_breach_csv_danger/ https://www.theregister.com/2021/09/07/guntrader_hack_perp_interview/ Cyber stories for executives: Using the Guntrader data breach to help get executive buy-in...
Details on the controversy over encrypted email service ProtonMail handing over a user’s IP address to the Swiss police, how a fake bot disinformation campaign went viral on Twitter, and are we ready to welcome our correctional facility robot overlords? ** Links mentioned on the show ** ProtonMail deletes ‘we don’t log your IP’ boast from website after French climate activist reportedly arrested https://www.theregister.com/2021/09/07/protonmail_hands_user_ip_address_police/ https://protonmail.com/blog/climate-activist-arrest/ ER doctors original tweet on delta variant is legitimate – a story about disinformation https://apnews.com/article/fact-checking-528961447371 https://twitter.com/NJOverclocked/status/1420160869607018498 The Catalog of Carceral Surveillance – Mobile Correctional Facility Robots https://www.eff.org/deeplinks/2021/09/catalog-carceral-surveillance-mobile-correctional-facility-robots ** Watch this episode on YouTube ** **...
Election Security and the Packet Capture Controversy with Special Guest Rafal Los
This week Rafal Los, host of the Down the Security Rabbithole Podcast, joins us to talk about election fraud claims vs facts, the recent packet capture controversy, tribalism, and the challenges with election security. Note: this is not a political discussion but we believe that election security is important to discuss, no matter what your political views are. ** Links mentioned on the show ** Raf’s interview with Rob Graham: DtSR Episode 461 – TPA Peacocking Without PCAPS http://podcast.wh1t3rabbit.net/dtsr-episode-461-tpa-peacocking-without-pcaps Details about what really went on at Mike Lindell’s cyber symposium 1/nIf you are wondering if there will be anybody at...
What Happens to Your Social Media Accounts After You Die?
In our August monthly show co-hosts Kevin Johnson and Scott Wright join Tom Eston to discuss what happens to your social media accounts…after you die! This is a topic we don’t hear a lot of discussion about but is very important to understand for your legacy as well as how your friends and family members want to be remembered. ** Links mentioned on the show ** Social Media Algorithms Are Controlling How I Grieve https://www.wired.com/story/social-media-algorithms-are-controlling-how-i-grieve/ What to Do with Social Media Accounts after Someone Dies https://www.myfarewelling.com/article/what-to-do-with-social-media-accounts-after-someone-dies ** Watch this episode on YouTube ** https://youtu.be/MkoTbDKFM58 ** Thank you to our sponsors!...
T-Mobile Hacker Identified, Chinas New Privacy Law, Tesla Bot Announcement
A 21-year-old Virginia native living in Turkey is allegedly behind the massive T-Mobile hack, China adopts a new national privacy law, and is Elon Musk’s Tesla Bot just creepy or is it the beginning of “useful AI” that people love and is “unequivocally good”. ** Links mentioned on the show ** 21-year-old tells WSJ he was behind massive T-Mobile hack https://www.zdnet.com/article/21-year-old-tells-wsj-he-was-behind-massive-t-mobile-hack China adopts national privacy law https://iapp.org/news/a/china-adopts-national-privacy-law/ Elon Musk unveils Tesla Bot, a humanoid robot that uses vehicle AI https://www.cnet.com/news/elon-musk-unveils-tesla-bot-a-humanoid-robot-utilizing-vehicle-ai/ ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Privacy Privacy is a tool...
T-Mobile Data Breach, Tinder Identity Verification, Magnetic Stripe Phase Out
T-Mobile suffers another data breach this time impacting 8 million customers, Tinder will start letting users verify their identity to help prevent “catfishing”, and Mastercard is finally phasing out magnetic stripes on their cards starting in 2024. ** Links mentioned on the show ** T-Mobile says information of more than 8 million customers leaked in breach https://www.bleepingcomputer.com/news/security/t-mobile-says-hackers-stole-records-belonging-to-486-million-individuals/ https://krebsonsecurity.com/2021/08/t-mobile-investigating-claims-of-massive-data-breach/ Tinder letting users verify their identity as platforms struggle with ways to limit abuse https://finance.yahoo.com/news/tinder-letting-users-verify-identity-102344644.html 8 Signs You Are Being Catfished https://whatismyipaddress.com/catfish Mastercard is phasing out magnetic stripes on its cards starting in 2024 https://www.theverge.com/2021/8/17/22628455/mastercard-magnetic-stripe-phase-out-2024-2033 Checkout Skimmers Powered by Chip Cards https://krebsonsecurity.com/2021/02/checkout-skimmers-powered-by-chip-cards/...
Largest Cryptocurrency Hack in History, $10k For Stolen Network Access, Your Identity and the Metaverse
Over $600 million stolen in the largest DeFi cryptocurrency hack in history, attackers are getting around $10k for stolen network access credentials, and why your identity is trapped inside a social network and what this means for the next potential evolution of the Internet…the metaverse! ** Links mentioned on the show ** Apple to refuse government demands of expanding scanning beyond child abuse https://www.zdnet.com/article/apple-to-refuse-government-demands-of-expanding-scanning-beyond-child-abuse/ Ransomware gang uses PrintNightmare to breach Windows servers https://www.bleepingcomputer.com/news/security/ransomware-gang-uses-printnightmare-to-breach-windows-servers/ Over $600 million reportedly stolen in cryptocurrency hack https://www.bleepingcomputer.com/news/security/over-600-million-reportedly-stolen-in-cryptocurrency-hack/ https://research.kudelskisecurity.com/2021/08/12/the-poly-network-hack-explained/amp/ Hackers netting average of nearly $10,000 for stolen network access https://www.zdnet.com/article/hackers-netting-average-of-nearly-10000-for-stolen-network-access/ Why is your identity trapped inside...
CISA JCDC Announcement, Apples Child Abuse Image Scanning, Amazon Pays You for Your Biometric Data
CISA announces the new Joint Cyber Defense Collaborative (JCDC), the controversy over Apple scanning devices for child sexual abuse material, and Amazon offers you a $10 credit if you enroll your biometric data in their palm print recognition system. ** Links mentioned on the show ** CISA to partner with Amazon, Google, Microsoft, Verizon, AT&T and more for cyberdefense initiative https://www.zdnet.com/article/cisa-to-partner-with-amazon-google-microsoft-verizon-at-t-and-more-for-cyberdefense-initiative Apple’s plan to scan phones for child abuse worries privacy advocates https://www.cnet.com/tech/services-and-software/apples-plan-to-scan-phones-for-child-abuse-worries-privacy-advocates/ Amazon will give you a whole $10 for your palm print https://www.theverge.com/2021/8/3/22607218/amazon-one-palm-print-technology-10-dollar-promo ** Watch this episode on YouTube ** https://youtu.be/NrX44LYlxOk ** Thank you to our sponsors! **...
Reboot Your Smartphone, FBIs Top Targeted Vulnerabilities, Flirty Account Dupes Defense Contractors
Why rebooting your smartphone is good security hygiene, the FBI reveals top targeted vulnerabilities in the last two years, and details on how a nation state used a “flirty” aerobics instructor to steal data from defense contractors. ** Links mentioned on the show ** Turn off, turn on: Simple step can thwart top phone hackers https://apnews.com/article/technology-government-and-politics-hacking-752db867fafbaba1f9cc34f7588944c5 FBI reveals top targeted vulnerabilities of the last two years https://www.bleepingcomputer.com/news/security/fbi-reveals-top-targeted-vulnerabilities-of-the-last-two-years/ Hackers Pose as Flirty Aerobics Instructor to Target Employees https://www.bloomberg.com/news/articles/2021-07-28/hackers-pose-as-flirty-aerobics-instructor-to-target-employees ** Watch this episode on YouTube ** https://youtu.be/Ydn5Uh7ydRY ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent...
How to Protect Yourself from Gift Card Scams
In our July monthly show we discuss gift card scams! What are the different scams that are out there, how do they work, and details on how to protect yourself from becoming a victim. ** Links mentioned on the show ** 8 Gift Card SCAMS you can SPOT and EASILY AVOID! https://www.giftcards.com/gcgf/giftcard-scams ** Watch this episode on YouTube ** https://youtu.be/9qt2x8O8fOU ** Thank you to our sponsors! ** Privacy Privacy is a tool that masks your bank account information by generating virtual card numbers. So if your virtual card number gets compromised, your real card number wont! New Privacy customers will...
Pegasus Spyware is Back, Twitter Hacker Arrested, 16-Year-Old Printer Bug
Pegasus spyware and NSO Group are back in the news because of a data leak of 50,000 phone numbers, another “hacker” was arrested for the great Twitter hack of 2020, and how a 16-year-old printer vulnerability is affecting millions of HP, Samsung, and Xerox printers. ** Links mentioned on the show ** New Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globally https://thehackernews.com/2021/07/new-leak-reveals-abuse-of-pegasus.html https://www.washingtonpost.com/technology/2021/07/19/apple-iphone-nso/ Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam https://thehackernews.com/2021/07/another-hacker-arrested-for-2020.html 16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers https://thehackernews.com/2021/07/16-year-old-security-bug-affects.html ** Watch this episode on YouTube ** ** Thank you to our...
Popular Myths about VPNs
In this sponsored episode from our friends at ClearVPN, Artem Risukhin Content Marketing Manager at ClearVPN, joins co-host Tom Eston to discuss the most popular myths about VPNs. Be sure to watch the YouTube edition for a demo of ClearVPN and don’t forget to use discount code “SHAREDSECURITY” to take 40% off your purchase of a ClearVPN subscription! Myths that we discuss in this episode include: A VPN is illegal to use People who use VPNs have something to hide VPNs are only for security or privacy nerds Free VPNs are just like paid ones All VPNs are basically the...
Targeted Dream Incubation, TikTok Data Sharing, Chrome and Firefox Updates
Is dream hacking the next big privacy concern or just a new marketing gimmick? Some people may be surprised that TikTok shares data with China, and details on Google Chrome adding HTTPS-first mode and Firefox easing its blocking of Facebook login buttons. ** Links mentioned on the show ** Nightmare scenario: alarm as advertisers seek to plug into our dreams https://www.theguardian.com/media/2021/jul/05/advertisers-targeted-dream-incubation A third of Britons fear TikTok would share data with Chinese state https://www.theguardian.com/technology/2021/jul/13/britons-fear-tiktok-share-data-chinese-state-china-reputation Google Chrome will add HTTPS-First Mode to keep your data safe https://www.bleepingcomputer.com/news/security/google-chrome-will-add-https-first-mode-to-keep-your-data-safe/ Firefox 90 lands with just-in-time support for unblocking Facebook when users log in https://www.zdnet.com/article/firefox-90-lands-with-just-in-time-support-for-unblocking-facebook-when-users-log-in/...
Details on the Kaseya supply-chain and REvil ransomware attack, a new zero-day exploit called “PrintNightmare” affects all Windows versions before June, and how randomly generated passwords in a popular password manager were not so random. ** Links mentioned on the show ** REvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom https://thehackernews.com/2021/07/revil-used-0-day-in-kaseya-ransomware.html https://grahamcluley.com/revil-ransomware-rampages-following-kaseya-supply-chain-attack/ Public Windows PrintNightmare 0-day exploit allows domain takeover https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/ https://www.bleepingcomputer.com/news/microsoft/microsofts-incomplete-printnightmare-patch-fails-to-fix-vulnerability/ Kaspersky Password Manager caught out making easily bruteforced passwords https://www.zdnet.com/article/kaspersky-password-manager-caught-out-making-easily-bruteforced-passwords/ https://donjon.ledger.com/kaspersky-password-manager/ ** Watch this episode on YouTube ** https://youtu.be/phdOcE5FMY8 ** Thank you to our sponsors! ** Privacy Privacy is a tool that masks your bank...
LinkedIn Data Leak, Western Digital NAS Attacks, STIR/SHAKEN Deadline
Was there another LinkedIn “data leak” or is this just the same data anyone with a LinkedIn account can access? Western Digital Network-Attached Storage (NAS) devices under attack, and details on the STIR/SHAKEN deadline which is supposed to help stop robocalls. ** Links mentioned on the show ** New LinkedIn Data Leak Leaves 700 Million Users Exposed https://restoreprivacy.com/linkedin-data-leak-700-million-users/ Attacks Erase Western Digital Network-Attached Storage Drives https://www.darkreading.com/attacks-breaches/attacks-erase-western-digital-network-attached-storage-drives/d/d-id/1341419 https://www.darkreading.com/attacks-breaches/mybook-investigation-reveals-attackers-exploited-legacy-zero-day-vulnerabilities/d/d-id/1341440 Robocallers Beware: The STIR/SHAKEN Deadline Has Officially Arrived https://www.tmcnet.com/voip/news/articles/449342-robocallers-bewarethe-stirshaken-deadline-has-officially-arrived.htm https://www.fcc.gov/call-authentication Check out Scott’s new security awareness campaign for Utilities! https://clickarmor.ca/2021/07/how-can-small-utilities-strengthen-their-critical-gap-in-cyber-security-awareness/ ** Watch this episode on YouTube ** https://youtu.be/jt0K7R7d97Y ** Thank you to our...
Asset Discovery with Chris Kirsch Co-Founder at Rumble
Chris Kirsch co-founder and chief revenue officer at Rumble joins us in our June monthly show to talk about how Rumble is solving the problem of asset discovery. You also get to see a demo of Rumble in action and learn about the many talents that Chris has like pickpocketing! ** Links mentioned on the show ** Learn more about Rumble and try it out on your home network https://www.rumble.run/ Chris Kirsch – Pickpocketing Competition: Wait, where is my access badge? https://www.youtube.com/watch?v=OvET4r4uARQ Wait, Wheres My Access Badge: A Pickpocketing Training for Red Teamers https://medium.com/@chris.kirsch/wait-wheres-my-access-badge-a-pickpocketing-training-for-red-teamers-6eb4fdf9b64a Chris Kirsch on Medium https://medium.com/@chris.kirsch Connect...
Off Limits Critical Infrastructure, Ransomware on Repeat, Cyber Safe Drinking Water
What does it really mean when Biden tells Putin critical US infrastructure is “off limits”, details on a recent survey which shows ransomware payments create repeat attacks, and how cyber safe is your drinking water? ** Links mentioned on the show ** Biden Tells Putin Critical Infrastructure Sectors ‘Off Limits’ to Russian Hacking https://beta.darkreading.com/threat-intelligence/biden-tells-putin-critical-infrastructure-sectors-off-limits-to-russian-hacking Ransomware Payments Trigger Repeat Cyberattacks, Cybereason Research Finds https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/ransomware-payment-repeat-attacks/ How Cyber Safe is Your Drinking Water Supply? https://krebsonsecurity.com/2021/06/how-cyber-safe-is-your-drinking-water-supply/ John McAfee Found Dead https://www.reuters.com/legal/government/john-mcafee-found-dead-prison-after-spanish-court-allows-extradition-2021-06-23/ ** Watch this episode on YouTube ** https://youtu.be/LfvCmtdfv44 ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent...
TikTok can now collect biometric data from user content, researchers find a vulnerability in Peloton bikes, and why some people think that Nextdoor might be the next big social network. ** Links mentioned on the show ** TikTok Can Now Collect Biometric Data https://www.schneier.com/blog/archives/2021/06/tiktok-can-now-collect-biometric-data.html McAfee discovers vulnerability in Peloton Bike+ https://www.zdnet.com/article/mcafee-discovers-vulnerability-in-peloton-bike Nextdoor: The next big social network? https://www.linkedin.com/news/story/the-next-big-social-network-5474402/ ** Watch this episode on YouTube ** https://youtu.be/I14_dJ5xeqQ ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this...
ANOM FBI Global Crime Sting, Colonial Pipeline Updates, Password Leak Research
Details about the “ANOM” global crime sting where the FBI created a fake encrypted mobile phone for criminals that promised secure communications, new details about how the Colonial Pipeline ransomware attack started, and some really bad security research about stolen user credentials. ** Links mentioned on the show ** Only the following devices have Amazon Sidewalk enabled (for now): Ring Floodlight Cam (2019) Ring Spotlight Cam Wired (2019) Ring Spotlight Cam Mount (2019) Echo (3rd gen and newer) Echo Dot (3rd gen and newer) Echo Dot for Kids (3rd gen and newer) Echo Dot with Clock (3rd gen and newer)...
Amazon Sidewalk, NFTs and Cybersecurity, Norton 360 Cryptocurrency Mining
Is Amazon Sidewalk the latest threat to our privacy? Also, what’s the big deal about NFTs, and why mining cryptocurrency through your anti-virus software is a horrible idea. ** Links mentioned on the show ** What Does Amazon Sidewalk Mean for Your Privacy? https://www.makeuseof.com/what-does-amazon-sidewalk-mean-for-your-privacy/ https://thehackernews.com/2021/05/your-amazon-devices-to-automatically.html Note! Only the following devices have Amazon Sidewalk enabled (for now): Ring Floodlight Cam (2019) Ring Spotlight Cam Wired (2019) Ring Spotlight Cam Mount (2019) Echo (3rd gen and newer) Echo Dot (3rd gen and newer) Echo Dot for Kids (3rd gen and newer) Echo Dot with Clock (3rd gen and newer) Echo Plus (all...
Bidens Cybersecurity Executive Order, Apples AirTag, Cyber Insurance
Details about Biden’s cybersecurity executive order, privacy and stalking concerns with Apple’s new AirTag technology, and why some cyber insurance companies may not pay out for ransomware in the future. ** Links mentioned on the show ** New Cybersecurity Executive Order: What You Need to Know https://www.veracode.com/blog/security-news/new-cybersecurity-executive-order-what-you-need-know How Apples AirTag turns us into unwitting spies in a vast surveillance network https://www.theguardian.com/technology/2021/may/17/how-apples-airtag-turns-us-into-unwitting-spies-in-a-vast-surveillance-network Cyber Insurance Firms Start Tapping Out as Ransomware Continues to Rise https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/d-id/1341109 ** Watch this episode on YouTube ** https://youtu.be/nptmo3mTbFk ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of...
How Gamification is Changing Cybersecurity
Gamification is changing cybersecurity and the way we learn! Scott Wright, Co-host and CEO of Click Armor, joins us this month to discuss why gamification is a “game” changer in our industry. ** Links mentioned on the show ** What is Gamified Learning? https://clickarmor.ca/guide-to-gamified-learning/ ** Watch this episode on YouTube ** https://youtu.be/C37MnOUWsv0 ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click...
Colonial Pipeline Updates, DarkSide Goes Dark, Cybersecurity Best Practices
More news and updates about the Colonial Pipeline ransomware attack, the DarkSide ransomware as a service (RaaS) goes dark on the dark web, and why we still need cybersecurity best practices (regardless of an opinion piece that says otherwise). ** Links mentioned on the show ** Colonial Pipeline Paid Nearly $5 Million in Ransom to Cybercriminals https://thehackernews.com/2021/05/colonial-pipeline-paid-nearly-5-million.html U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized https://thehackernews.com/2021/05/us-pipeline-ransomware-attackers-go.html Our cybersecurity ‘industry best practices’ keep allowing breaches (opinion piece) https://thehill.com/opinion/technology/553891-our-cybersecurity-industry-best-practices-keep-allowing-breaches?rl=1 ** Watch this episode on YouTube ** https://youtu.be/hHCrwxDdvMU ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com...
The Colonial Pipeline Ransomware Attack
This week Tom and Kevin discuss the Colonial Pipeline ransomware attack, RaaS (Ransomware as a Service), and why ransomware attacks are not going away anytime soon. ** Links mentioned on the show ** Colonial Pipeline Hackers, DarkSide, Apologize, Say Goal ‘Is to Make Money’ https://www.msn.com/en-us/news/world/colonial-pipeline-hackers-darkside-apologize-say-goal-is-to-make-money/ar-BB1gBzhB Colonial Pipeline attack: Everything you need to know https://www.zdnet.com/article/everything-you-need-to-know-about-the-colonial-pipeline-ransomware-attack/ Ransomware Infection on Colonial Pipeline Shows Potential for Worse Gas Disruption https://zetter.substack.com/p/ransomware-infection-on-colonial What is Ransomware as a Service (RaaS)? https://www.crowdstrike.com/cybersecurity-101/ransomware/ransomware-as-a-service-raas/ Kevin’s “Pay what you can” CISSP Mentorship Program https://training.secureideas.com/course/cisspmentor/ ** Watch this episode on YouTube ** https://youtu.be/OA1TeMV4QNQ ** Thank you to our sponsors! ** Silent Pocket...
World Password Day, Tesla Hacking via Drone, Ipsos Screenwise Panel
Do we still need World Password Day? Hacking a Tesla via a drone, and a privacy warning about the Ipsos Screenwise panel. ** Links mentioned on the show ** World password day – May 6th https://www.darkreading.com/vulnerabilities—threats/will-2021-mark-the-end-of-world-password-day-/a/d-id/1340911 Tesla Car Hacked Remotely From Drone via Zero-Click Exploit https://www.securityweek.com/tesla-car-hacked-remotely-drone-zero-click-exploit What is this Ipsos/Google Screenwise Panel? (Tom received a letter randomly in the mail with a real dollar bill attached. The panel gives Google access to everything your family does on the Internet through a wifi router that they control in your home. In return, they pay you a few bucks for your app...
Remembering Dan Kaminsky, Apple AirDrop Vulnerability
Remembering Dan Kaminsky who was one of the greatest security researchers of our time plus details on a new Apple Airdrop vulnerability. ** Links mentioned on the show ** Remembering Dan Kaminsky https://www.nytimes.com/2021/04/27/technology/daniel-kaminsky-dead.html Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby https://thehackernews.com/2021/04/apple-airdrop-bug-could-leak-your.html https://www.komando.com/security-privacy/apple-airdrop-security-flaw/787628/ ** Watch this episode on YouTube ** https://youtu.be/N6T6qcRfTBA ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code...
3 Ways to Keep Your Cryptocurrency Safe
Are you investing in cryptocurrency or thinking about it? Be sure to listen or watch our April monthly show for our top 3 ways to keep your cryptocurrency safe! ** Links mentioned on the show ** 10 Ways to Keep Your Cryptocurrency Safe https://money.usnews.com/investing/cryptocurrency/slideshows/ways-to-keep-your-cryptocurrency-safe Beware of These Top Bitcoin Scams https://www.investopedia.com/articles/forex/042315/beware-these-five-bitcoin-scams.asp 9 Best Crypto Wallets (Software and Hardware) in 2021 https://cryptotrader.tax/blog/best-crypto-wallet ** Watch this episode on YouTube ** https://youtu.be/plOnfKhePXY ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a...
Instagram Anti-Abuse Tool, Apple Advertiser Restrictions, Terrible Passwords
Instagram is rolling out new features to help block spam and abusive messages, Apple releases iOS 14.5 to restrict tracking by advertisers, and a discussion about why people continue to choose terrible passwords. ** Links mentioned on the show ** Instagram debuts new tool to stop abusive message salvos made through new accounts https://www.zdnet.com/article/instagram-debuts-new-means-to-stop-senders-of-abusive-messages-contacting-you-through-new-accounts/ Apple releases long-awaited iOS update to restrict tracking by advertisers https://www.cbsnews.com/news/iphone-ios-privacy-update/?mc_cid=6359ff7e82&mc_eid=ab953fc709 These are the terrible passwords that people are still using. Here’s how to do better https://www.zdnet.com/article/these-are-the-terrible-passwords-that-people-are-still-using-heres-how-to-do-better/ ** Watch this episode on YouTube ** https://youtu.be/Q0QMpb0J4pE ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com...
Data Breaches vs. Data Leaks, FBI Exchange Server Controversy
This week Tom and Kevin are back with an all new episode! Data breaches vs. recent data leaks, and the controversy over the FBI operation conducted to remove web shells from compromised Microsoft Exchange servers. ** Links mentioned on the show ** Facebook Data Breach: Heres What To Do Now https://www.forbes.com/sites/kateoflahertyuk/2021/04/06/facebook-data-breach-heres-what-to-do-now/?sh=32c7c9235708 LinkedIn says some user data scraped and posted for sale https://www.reuters.com/article/us-linkedin-dataprotection-idUSKBN2BW1D3 Scraped personal data of 1.3 million Clubhouse users has reportedly leaked online https://www.msn.com/en-us/money/other/personal-data-of-13-million-clubhouse-users-has-reportedly-leaked-online-days-after-linkedin-and-facebook-also-suffered-data-breaches/ar-BB1fweCz FBI nuked web shells from hacked Exchange Servers without telling owners https://www.bleepingcomputer.com/news/security/fbi-nuked-web-shells-from-hacked-exchange-servers-without-telling-owners/ ** Watch this episode on YouTube ** https://youtu.be/4QeFEwj64ck ** Thank you to our...
Best of Episode: Interview with Jayson E. Street
This week is another best of episode with the man, the myth, the legend, Jayson E. Street! In this episode Jayson shares with us several of his greatest hacking and social engineering adventures. This is one classic episode you don’t want to miss! ** Links mentioned on the show ** Follow Jayson on Twitter https://twitter.com/jaysonstreet Check out Jayson’s books on Amazon https://www.amazon.com/Jayson-E-Street/e/B002KRHDMO?ref=sr_ntt_srch_lnk_2&qid=1618086907&sr=8-2 ** Watch this episode on YouTube ** https://youtu.be/Q3hp0PDxCqw ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As...
Best of Episode: Interview with Rachel Tobac
This week is a best of episode with special guest Rachel Tobac, CEO of Social Proof Security. In this episode we discuss social engineering, how to get more women in cybersecurity, and of course Rachel’s favorite David Lynch movies. This is one previous episode you don’t want to miss! ** Links mentioned on the show ** Connect with Rachel on Twitter https://twitter.com/RachelTobac Find out more about Social Proof Security https://www.socialproofsecurity.com/ ** Watch this episode on YouTube ** https://youtu.be/LNbaxT9cZgU ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and...
SMS Two-Factor Authentication, New Internet Hygiene Model
Is it time to finally move away from SMS text based two-factor authentication? Plus a discussion about a new model that can help consumers with improving their Internet hygiene. ** Links mentioned on the show ** Can We Stop Pretending SMS Is Secure Now? https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/ The Consumer Authentication Strength Maturity Model (CASMM) https://danielmiessler.com/blog/casmm-consumer-authentication-security-maturity-model/ Tom Eston’s interview on the Secure Dad Podcast about Online Privacy https://www.thesecuredad.com/post/how-to-protect-your-privacy-online ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your...
Top 3 Privacy Tips for Travel
This week, co-host Tom Eston shares his top 3 tips to stay more private when you travel this year on vacation. ** Links mentioned on the show ** Smartphone privacy screens (Amazon) https://www.amazon.com/s?k=smartphone+privacy+screen&ref=nb_sb_noss_1 Laptop privacy screens (Amazon) https://www.amazon.com/s?k=laptop+privacy+screen&ref=nb_sb_noss_2 ** Watch this episode on YouTube ** https://youtu.be/2izHDB80qgA ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how gamification...
Facebook and Apple Privacy Debate, Employee Phishing Test Gone Wrong
Scott and Kevin finally get together to debate Facebook and Apple privacy, and why you shouldn’t conduct a phishing test to trick employees into thinking they will get free Covid-19 vaccines. ** Links mentioned on the show ** Apple CEO sounds warning of algorithms pushing society towards catastrophe https://www.zdnet.com/article/apple-ceo-sounds-warning-of-algorithms-pushing-society-towards-catastrophe/ https://clickarmor.ca/2021/02/is-this-the-beginning-of-the-end-for-facebook/ Internal Memo: ICF Next Used Promise of Employee Vaccinations as Phishing Test https://www.adweek.com/agencyspy/internal-memo-icf-next-used-promise-of-employee-vaccinations-as-phishing-test/171253/ ** Watch this episode on YouTube ** https://youtu.be/Lqwtp9W_CNU ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy....
Encryption Backdoor Debate, Microsoft Exchange Attacks, Airline Supplier Data Breach
Why is federal law enforcement (still) asking Congress for encryption backdoors? Attacks on Microsoft Exchange servers seem to have gotten worse, details on an airline supplier data breach, and the real reason Kevin hasn’t replaced his Chewbacca mannequin with Darth Vader! ** Links mentioned on the show ** The FBI Should Stop Attacking Encryption and Tell Congress About All the Encrypted Phones Its Already Hacking Into https://www.eff.org/deeplinks/2021/03/fbi-should-stop-attacking-encryption-and-tell-congress-about-all-encrypted-phones Warning the World of a Ticking Time Bomb https://krebsonsecurity.com/2021/03/warning-the-world-of-a-ticking-time-bomb/ https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/ https://securityboulevard.com/2021/03/huge-fallout-from-microsoft-incompetence-lets-exchange-exchange/ Airlines warn passengers of data breach after aviation tech supplier is hit by cyberattack https://www.zdnet.com/article/airlines-warn-passengers-of-data-breach-after-aviation-tech-supplier-is-hit-by-cyberattack/ ** Watch this episode on YouTube **...
The Deepfake Dilemma, Microsoft Exchange Zero-Days, IT Security Investments
Deepfake video and audio has really advanced in recent years. Will this technology start to erode trust in the media we consume? Microsoft Exchange zero-days in the wild, and why is it that IT security investment on cybersecurity is at an all time high, yet we continue to see more data breaches? ** Links mentioned on the show ** Deepfakes are getting better and better. Should we be concerned? https://twitter.com/RachelTobac/status/1365413178327277575?s=20 https://www.vice.com/en/article/n7vgm8/heres-how-worried-you-should-be-about-those-tom-cruise-deepfakes State hackers rush to exploit unpatched Microsoft Exchange servers https://www.bleepingcomputer.com/news/security/state-hackers-rush-to-exploit-unpatched-microsoft-exchange-servers/ Why do companies fail to stop breaches despite soaring IT security investment? https://thehackernews.com/2021/03/why-do-companies-fail-to-stop-breaches.html Check out our previous episodes with...
Card Skimmers Powered by Chip Cards, Silver Sparrow Mac Malware, Accellion Zero-Days
This week co-host Kevin Johnson joins Tom Eston to discuss new card skimmers found in the wild, the Accellion zero-days, and a new type of Mac malware called “Silver Sparrow”. ** Links mentioned on the show ** Checkout Skimmers Powered by Chip Cards https://krebsonsecurity.com/2021/02/checkout-skimmers-powered-by-chip-cards/ Apple says it has already beaten new M1 Mac malware https://www.techradar.com/au/news/apple-says-it-has-already-beaten-new-m1-mac-malware Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks https://thehackernews.com/2021/02/hackers-exploit-accellion-zero-days-in.html https://thehackernews.com/2021/02/data-breach-exposes-16-million-jobless.html https://www.msn.com/en-us/money/companies/kroger-says-some-hr-data-and-pharmacy-records-were-possibly-compromised-in-data-breach/ What We Can Learn from the Accellion Breach https://labs.bishopfox.com/industry-blog/what-we-can-learn-from-the-accellion-breach ** Watch this episode on YouTube ** https://youtu.be/g_eDR9e48CI ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out...
Clubhouse App and Your Privacy
Everyone is talking about the Clubhouse app but what should you be concerned about from a privacy perspective? In our February monthly show, Tom and Scott discuss what all the hype is about and what you need to know if you happen to receive a Clubhouse invite! ** Links mentioned on the show ** Join Clubhouse! Umm, What is Clubhouse? https://www.nytimes.com/2021/02/20/at-home/clubhouse-app-explainer.html Clubhouse vows to fix its platform after tool enabled audio chat leaks https://www.msn.com/en-us/money/other/clubhouse-vows-to-fix-its-platform-after-tool-enabled-audio-chat-leaks/ Clubhouse Chats Are Breached, Raising Concerns Over Security https://www.msn.com/en-us/money/other/clubhouse-chats-are-breached-raising-concerns-over-security/ Youve been invited to Clubhouse. Your privacy hasnt. https://www.vox.com/recode/22278601/clubhouse-invite-privacy-contacts-app Register for Tom Eston’s webinar on March 18th!...
Apples Safe Browsing Request Proxy, BEC Attacks, LastPass Updates
In episode 161: Apple will start to proxy Safe Browsing requests to hide IP addresses from Google, the rise of Business Email Compromise attacks, and changes to the free version of LastPass. ** Links mentioned on the show ** Apple will proxy Safe Browsing requests to hide iOS users’ IP from Google https://thehackernews.com/2021/02/apple-will-proxy-safe-browsing-requests.html This cybersecurity threat costs business millions. And it’s the one they often forget about https://www.zdnet.com/article/this-cybersecurity-threat-costs-business-millions-and-its-the-one-they-often-forget-about/ LastPass making changes free service https://www.zdnet.com/article/lastpass-making-changes-free-service/ ** Watch this episode on YouTube ** https://youtu.be/aW8qQY8XFoo ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line...
Florida Water Supply Hack, Android App Hijack, US Capitol Riot Phone Tracking
In episode 160: An attacker tried to poison a Florida city’s water supply, a popular Android app was hacked to display malicious ads, and how smartphone location data was used to track the US Capitol rioters. ** Links mentioned on the show ** A Hacker Tried to Poison a Florida City’s Water Supply, Officials Say https://www.mass.gov/service-details/cybersecurity-advisory-for-public-water-suppliers https://www.wired.com/story/oldsmar-florida-water-utility-hack/ With one update, this malicious Android app hijacked millions of devices https://www.zdnet.com/article/with-one-update-this-malicious-android-app-hijacked-10-million-devices/ They Stormed the Capitol. Their Apps Tracked Them. https://www.nytimes.com/2021/02/05/opinion/capitol-attack-cellphone-data.html?mc_cid=7a7bd73939&mc_eid=f1ab7621fc ** Watch this episode on YouTube ** https://youtu.be/5uqQTZB5cpc ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out...
Dangerous Social Media Algorithms, A Moral Imperative for AI Powered Weapons?
In episode 159: Will algorithms be the death of social media and why the US government thinks it has a moral imperative to build AI powered weapons. ** Links mentioned on the show ** US has ‘moral imperative’ to develop AI weapons, says panel https://www.theguardian.com/science/2021/jan/26/us-has-moral-imperative-to-develop-ai-weapons-says-panel Apple CEO sounds warning of algorithms pushing society towards catastrophe https://www.zdnet.com/article/apple-ceo-sounds-warning-of-algorithms-pushing-society-towards-catastrophe/ Is this the beginning of the end for Facebook? https://clickarmor.ca/2021/02/is-this-the-beginning-of-the-end-for-facebook/ Kevin’s “Pay what you can” CISSP Mentor Program https://training.secureideas.com/course/cisspmentor/ ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line...
Cybersecurity Researchers Targeted, Three iOS Zero-Days, Google FLoC
In episode 158: Cybersecurity researchers targeted by North Korean hackers, Apple patches three iOS zero-day exploits, and details on Google’s Federated Learning of Cohorts (FLoC) which may one day replace third-party cookie tracking. ** Links mentioned on the show ** Check out these recent popular episodes! https://sharedsecurity.net/2021/01/28/tanya-janca-ceo-and-founder-we-hack-purple/ https://sharedsecurity.net/2021/01/18/the-capital-riot-first-amendment-and-deplatforming-cybersecurity-lessons-learned/ New campaign targeting security researchers https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html Google claims almost no change in ad revenue from targeting proposals in its Privacy Sandbox — but privacy upside less clear https://www.msn.com/en-us/news/technology/google-claims-almost-no-change-in-ad-revenue-from-targeting-proposals-in-its-privacy-sandbox-but-privacy-upside-less-clear/ar-BB1d53AQ https://blog.google/products/ads-commerce/2021-01-privacy-sandbox/ Don’t Play in Google’s Privacy Sandbox https://www.eff.org/deeplinks/2019/08/dont-play-googles-privacy-sandbox-1 ** Watch this...
Tanya Janca CEO and Founder We Hack Purple
Tanya Janca, CEO and founder of We Hack Purple joins us to discuss her new book “Alice & Bob Learn Application Security”, what inspired her to write the book, the current and future state of Application Security and much more! If you’re a fan of Tanya’s work, this is one episode you don’t want to miss! ** Links mentioned on the show ** Pick up Tanya’s book: “Alice & Bob Learn Application Security” on Amazon! https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/1119687357 Check out the We Hack Purple Academy and Community https://www.wehackpurple.com Connect with Tanya https://twitter.com/shehackspurple https://www.linkedin.com/in/tanya-janca/ Tanya was last on episode 82 of the podcast!...
Is the world really ready for COVID-19 vaccination passport apps? Also, the partial return of Parler, details on Nancy Pelosi’s stolen laptop, the Ubiquiti data breach, Ring end-to-end encryption for video, and other important cybersecurity and privacy news from the week. ** Links mentioned on the show ** Parler Partially Reappears With Support From Russian Technology Firm https://www.usnews.com/news/top-news/articles/2021-01-18/parler-partially-reappears-with-support-from-russian-technology-firm Ubiquiti: Change Your Password, Enable 2FA https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/ Ring trials customer video end-to-end encryption for smart doorbells https://www.zdnet.com/article/ring-trials-customer-video-end-to-end-encryption/ WhatsApp clarifies its not giving all your data to Facebook after surge in Signal and Telegram users https://www.theverge.com/2021/1/12/22226792/whatsapp-privacy-policy-response-signal-telegram-controversy-clarification New AI software can turn regular security...
The Capital Riot: First Amendment and Deplatforming, Cybersecurity Lessons Learned
This week co-host Kevin Johnson joins me to discuss the cybersecurity lessons learned from the US Capital riot, why deplatforming is not violating first amendment rights, and much more. ** Links mentioned on the show ** Check out our series on how to break into a cybersecurity career https://sharedsecurity.net/2021/01/04/how-to-break-into-to-a-cybersecurity-career-part-1/ https://sharedsecurity.net/2021/01/11/how-to-break-into-a-cybersecurity-career-part-2-with-rafal-los/ What the First Amendment actually says https://www.law.cornell.edu/constitution/first_amendment First Amendment and free speech: When it applies and when it doesn’t https://www.msn.com/en-us/news/us/first-amendment-and-free-spech-when-it-applies-and-when-it-doesnt/ar-BB1cH6ak Apple removed Parler from the App Store for inciting violence https://www.bleepingcomputer.com/news/apple/apple-removed-parler-from-the-app-store-for-inciting-violence/ Google bans Parler app from Play Store for threats of violence https://www.bleepingcomputer.com/news/software/google-bans-parler-app-from-play-store-for-threats-of-violence/ ‘This is not normal’: Behind the decisions...
How to Break Into a Cybersecurity Career Part 2 with Rafal Los
Rafal Los, industry veteran and host of the “Down the Security Rabbithole Podcast”, joins Tom Eston for part two in our series on how to break into a cybersecurity career. If you’re a college student or thinking about getting into cybersecurity, this is one episode you don’t want to miss! ** Links mentioned on the show ** Listen and subscribe to the Down the Security Rabbithole Podcast hosted by Rafal Los and James Jardine http://podcast.wh1t3rabbit.net/ Check out Raf’s new podcast “Indistinguishable from Magic” https://www.itspmagazine.com/indistinguishable-from-magic-podcast Connect with Rafal Los https://twitter.com/Wh1t3Rabbit https://www.linkedin.com/in/rmlos/ So, you want to work in security? https://medium.freecodecamp.org/so-you-want-to-work-in-security-bc6c10157d23 Entering the...
How to Break Into a Cybersecurity Career Part 1
In episode 154 for January 4th 2021: Are you a college student, or someone that has an interest in a cybersecurity career? Check out the first episode in our series on how to break into a cybersecurity career with co-host Kevin Johnson. ** Links mentioned on the show ** So, you want to work in security? https://medium.freecodecamp.org/so-you-want-to-work-in-security-bc6c10157d23 Entering the InfoSec Biz https://defensivesecurity.org/entering-information-security-industry/ How to Build a Cybersecurity Career https://danielmiessler.com/blog/build-successful-infosec-career/ Start in Infosec (Really great list of career/just starting out advice) https://malicious.link/start/ Becoming a Penetration Tester https://www.gracefulsecurity.com/becoming-a-penetration-tester/ ** Watch this episode on YouTube ** https://youtu.be/GE2gfG-_4BQ ** Thank you to our sponsors!...
Top 3 Cybersecurity Tips
In episode 153 for December 28th 2020: In our last episode of the year co-host Tom Eston talks about his top 3 tips to keep you cybersecure in 2021. Thank you for listening, watching us on YouTube, and supporting our show and sponsors this year. We wish you and your family a new year that’s safe and secure! ** Links mentioned on the show ** Everything You Need to Know About Password Managers https://www.consumerreports.org/digital-security/everything-you-need-to-know-about-password-managers/ For more details on when we may see the end of passwords, check out my interview with Andrew Shikiar from the FIDO Alliance https://sharedsecurity.net/2020/04/27/the-end-of-passwords-as-we-know-it/ Two-factor authentication:...
The Year in Review and 2021 Predictions
Our last episode of the year is our always entertaining year in review and 2021 predictions with co-hosts Scott Wright and Kevin Johnson. Thank you for listening and supporting the show in 2020! ** Links mentioned on the show ** Check out our year in review and 2020 predictions recorded around the same time last year! https://sharedsecurity.net/2019/12/23/the-year-in-review-and-2020-predictions-with-kevin-johnson/ ** Watch this episode on YouTube ** https://youtu.be/gKiymWnnfzM ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast...
SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security
In episode 152 for December 21st 2020: A discussion about the SolarWinds Orion backdoor, third-party security, and the threat of supply chain attacks with co-host Kevin Johnson. ** Links mentioned on the show ** US govt, FireEye breached after SolarWinds supply-chain attack https://www.bleepingcomputer.com/news/security/us-govt-fireeye-breached-after-solarwinds-supply-chain-attack/ https://savebreach.com/solarwinds-credentials-exposure-led-to-us-government-fireye-breach/ https://www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/ What We Know (And Dont) About The SolarWinds Orion Hack So Far https://labs.bishopfox.com/industry-blog/what-we-know-and-dont-about-the-solarwinds-orion-hack SolarWinds attack explained: And why it was so hard to detect https://www.csoonline.com/article/3601508/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html ** Watch this episode on YouTube ** https://youtu.be/ojDvx6Wwn6I ** Thank you to our sponsors!...
FireEye Hacked, Foxconn Ransomware Attack, Apples New Privacy Features
In episode 151 for December 14th 2020: What you need to know about the stolen FireEye “Red Team” tools and the FUD going on in the media about the attack, Foxconn gets hit with a ransomware attack plus details on how ransomware attacks are evolving, and how Apple is stopping advertisers from tracking you across different applications. ** Links mentioned on the show ** FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html https://www.theguardian.com/technology/2020/dec/08/fireeye-hack-cybersecurity-theft?mid=1 https://techcentral.co.za/why-everyone-should-be-worried-by-the-fireeye-hack/103750/ The Stolen FireEye Red Team Tools Are Mostly Open Source https://labs.bishopfox.com/industry-blog/the-stolen-fireeye-red-team-tools-are-mostly-open-source Foxconn electronics giant hit by ransomware, $34 million ransom https://www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/...
In episode 150 for December 7th 2020: Details about a now patched iPhone zero-click Wi-Fi exploit, the FBI warns of business email compromise scammers using email auto-forwarding in attacks, and how nation-state attackers are targeting the COVID-19 vaccine supply ‘cold chain’. ** Links mentioned on the show ** Google Hacker Details Zero-Click ‘Wormable’ Wi-Fi Exploit to Hack iPhones https://thehackernews.com/2020/12/google-hacker-details-zero-click.html https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html FBI warns of BEC scammers using email auto-forwarding in attacks https://www.bleepingcomputer.com/news/security/fbi-warns-of-bec-scammers-using-email-auto-forwarding-in-attacks/ https://www.bleepingcomputer.com/news/security/fbi-cybercrime-victims-lost-35-billion-in-2019/ Coronavirus: Hackers targeted Covid vaccine supply ‘cold chain’ https://securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/ ** Watch this episode on YouTube ** https://youtu.be/rMfij4AThzI ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com...
Holiday Shopping Scams and Tips to Stay Safe
In our November monthly episode we discuss the scams that you may encounter this holiday shopping season due to the pandemic and our top tips on how to stay safe and more secure when doing your shopping this year. ** Links mentioned on the show ** Digital Safety in the New Normal: Holiday Edition https://www.ibtimes.com/digital-safety-new-normal-holiday-edition-3087840 Online Holiday Shopping Scams https://us-cert.cisa.gov/ncas/current-activity/2020/11/24/online-holiday-shopping-scams ** Watch this episode on YouTube ** https://youtu.be/D3IIgfp9-sk ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener...
Amazon Sidewalk, Federal IoT Security Law, Facebook Messenger Bug
In episode 149 for November 30th 2020: Police begin to pilot a program to live-stream Amazon Ring cameras, new details about Amazon Sidewalk, Congress unanimously passes a federal Internet of Things security law, and a Facebook Messenger bug that lets an attacker listen to you before you pick up a call. ** Links mentioned on the show ** Police Will Pilot a Program to Live-Stream Amazon Ring Cameras https://www.eff.org/deeplinks/2020/11/police-will-pilot-program-live-stream-amazon-ring-cameras What is Amazon Sidewalk? https://www.aboutamazon.com/news/devices/introducing-amazon-sidewalk https://m.media-amazon.com/images/G/01/sidewalk/privacy_security_whitepaper_final.pdf Congress unanimously passes federal IoT security law https://blog.rapid7.com/2020/11/18/congress-unanimously-passes-federal-iot-security-law/ Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call https://thehackernews.com/2020/11/facebook-messenger-bug-lets-hackers.html ** Watch...
CISA Director Chris Krebs Fired, Common Sense and Section 230
In episode 148 for November 23rd 2020: This week Kevin Johnson joins me to discuss the Twitter firing of Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency, and our thoughts about a common sense approach to social media and Section 230 of the Communications Decency Act. ** Links mentioned on the show ** Trump fires top cybersecurity official Christopher Krebs https://www.cbsnews.com/news/trump-fires-cybersecurity-chief-christopher-krebs/ Dont Blame Section 230 for Big Techs Failures. Blame Big Tech. https://www.eff.org/deeplinks/2020/11/dont-blame-section-230-big-techs-failures-blame-big-tech Computer Security Experts Urge White House to Keep Politics Out of Election Security https://www.eff.org/press/releases/computer-security-experts-urge-white-house-keep-politics-out-election-security ** Watch this episode on YouTube ** https://youtu.be/YfMQQHYBfQI ** Thank you...
Stolen Source Code, Apple Zero-Days, Bidens Privacy and Cybersecurity Policies
In episode 147 for November 16th 2020: The latest about source code stolen from US government agencies and private companies, three actively exploited iOS zero-days in the wild and new App Store privacy labels, and what a Biden administration could mean for privacy and cybersecurity. ** Links mentioned on the show ** Our 3 part series on Targeted Attacks – Watch on YouTube! https://www.youtube.com/playlist?list=PLOh_LIYqw5qV22VV9pT-SNpItiKDxOJaO Our interviews with StartPage.com All about StartPage, the Worlds Most Private Search Engine, with Alex Kubiak https://sharedsecurity.net/2020/09/21/startpage-com-the-worlds-most-private-search-engine/ Privacy Mindset between Europe and United Stated with Kelly Finnerty https://sharedsecurity.net/2020/11/09/privacy-mindset-europe-vs-united-states/ FBI: Hackers stole source code from US government...
Privacy Mindset: Europe vs. United States
In episode 146 for November 9th 2020: My conversation with Kelly Finnerty, Director of Brand and Content for Startpage.com on the differences in privacy mindset between Europe and the United States. ** Links mentioned on the show ** Future of Privacy Forum https://fpf.org/ Startpage.com https://www.startpage.com StartPage Privacy Please Blog https://www.startpage.com/privacy-please/ Follow Kelly on Twitter https://twitter.com/Kelly_Startpage Connect with Kelly on LinkedIn https://www.linkedin.com/in/kelly-finnerty-5267648/ ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener...
Government Rumor Control, US Hospital Ransomware Threat, Russian Hackers Charged
In episode 145 for November 2nd 2020: Kevin Johnson joins me to discuss the US government’s attempt to prevent disinformation and rumors about the election, a new ransomware threat targeting US hospitals, and details about six Russian hackers that were charged for some of the biggest cyber-attacks in the last decade. ** Links mentioned on the show ** #Protect2020 Rumor vs. Reality https://www.cisa.gov/rumorcontrol The Security Justice Podcast (2008-2011) https://archive.org/details/securityjustice FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals https://krebsonsecurity.com/2020/10/fbi-dhs-hhs-warn-of-imminent-credible-ransomware-threat-against-u-s-hospitals/ US charges Russian hackers behind NotPetya, KillDisk, OlympicDestroyer attacks https://www.zdnet.com/article/us-charges-russian-hackers-behind-notpetya-killdisk-olympicdestroyer-attacks/ ** Watch this episode on YouTube ** https://youtu.be/XTeb3aq3y_8...
Targeted Attacks Part 3 The Exploit
In our October monthly episode we finish our three part series on targeted attacks. In this episode we discuss the exploit and malware analysis with special guest Tyler Hudak, Incident Response Practice Lead at TrustedSec. Make sure you watch the YouTube edition of this episode to see a demo of several tools and techniques used in professional malware analysis. ** Links mentioned on the show ** Episode 110 with Tyler “You’ve Been Hacked! Now What?” https://sharedsecurity.net/2020/03/02/youve-been-hacked-now-what/ Connect with Tyler https://twitter.com/secshoggoth https://www.linkedin.com/in/tylerhudak https://secshoggoth.blogspot.com/ Find out more about TrustedSec https://www.trustedsec.com/ ** Watch this episode on YouTube ** https://youtu.be/NzFCIbnYM7I ** Thank you to...
Voter Privacy and the US Election
In episode 144 for October 26th 2020: Voter privacy and what you need to know about protecting your private information during the upcoming US election. ** Links mentioned on the show ** Closing in on the US election with voter privacy and election security https://iapp.org/news/a/closing-in-on-the-u-s-election-with-voter-privacy-and-election-security/ Access To and Use Of Voter Registration Lists https://www.ncsl.org/research/elections-and-campaigns/access-to-and-use-of-voter-registration-lists.aspx Understanding public funding of presidential elections https://www.fec.gov/help-candidates-and-committees/understanding-public-funding-presidential-elections/ Your phone and TV are tracking you, and political campaigns are listening in https://www.latimes.com/politics/la-na-pol-campaign-tech-privacy-20190220-story.html How this company tracked 16,000 Iowa caucus-goers via their phones https://splinternews.com/how-this-company-tracked-16-000-iowa-caucus-goers-via-t-1793854687 EFF’s Privacy Badger Web Browser Plugin https://privacybadger.org/ ** Watch this episode on YouTube **...
In episode 143 for October 19th 2020: Microsoft gets creative to help take down the TrickBot botnet, details on how attackers have been using VPN flaws to attack election support systems, and Zoom’s rollout of end-to-end encryption. ** Links mentioned on the show ** “The Social Dilemma” A Conversation about the Pros and Cons of Social Media https://sharedsecurity.net/2020/10/12/the-social-dilemma/ Microsoft and others orchestrate takedown of TrickBot botnet https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/ Hackers used VPN flaws to access US govt elections support systems https://us-cert.cisa.gov/ncas/alerts/aa20-283a Zoom to roll out end-to-end encrypted (E2EE) calls https://blog.zoom.us/zoom-rolling-out-end-to-end-encryption-offering/ ** Watch this episode on YouTube ** https://www.youtube.com/c/SharedSecurityPodcast ** Thank you to...
The Social Dilemma
In episode 142 for October 12th 2020: My conversation about the pros and cons of the Netflix documentary “The Social Dilemma” with frequent guest, Kevin Johnson. The Social Dilemma is a popular documentary (dramamentary?) on Netflix about how social media is causing unintended harm to people and society. Several engineers and leaders that worked at Facebook, Instagram, Twitter, Google, and others are interviewed and give their take on the dangers and current state of social media in modern civilization. It’s an interesting and also controversial film that is worth watching so you can form your own opinion. Even if you...
More Hospital Ransomware Attacks, FBIs Disinformation Warning, Android 11 Privacy Features
In episode 141 for October 5th 2020: Universal Health Services is the latest victim of a massive hospital ransomware attack, the FBI issues new warnings about false claims of hacked voter information, and the top Android 11 privacy and security features. ** Links mentioned on the show ** Large US hospital chain hobbled by Ryuk ransomware https://www.nbcnews.com/tech/security/cyberattack-hits-major-u-s-hospital-system-n1241254 https://www.reddit.com/r/hacking/comments/j17aj1/cyberattack_on_uhs_hospitals_nationwide_last_night/ https://www.uhsinc.com/statement-from-universal-health-services/ FBI warns of disinformation campaigns about hacked voter systems https://www.cisa.gov/sites/default/files/publications/PSA_voter_registration_data_508pobs.pdf Android 11 5 New Security and Privacy Features You Need to Know https://thehackernews.com/2020/09/android-11-security-privacy.html ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com...
Targeted Attacks Part 2 Pretexting and Attack Development
In our September monthly episode we continue our three part series on targeted attacks. In this episode we discuss the pretext and how attackers develop and launch their attacks with special guests Nathan Sweaney, Senior Security Consultant at Secure Ideas and Kevin Johnson, CEO of Secure Ideas. ** Links mentioned on the show ** GoPhish – Open Source Phishing Framework https://getgophish.com/ Follow Nathan on Twitter https://twitter.com/sweaney Follow and connect with Secure Ideas https://secureideas.com/ ** Watch this episode on YouTube ** https://youtu.be/9zPZnA9gt34 ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of...
Death by Ransomware, Strava Flyby, iOS 14 Privacy Improvements
In episode 140 for September 28th 2020: Details on the first human death related to a ransomware attack, popular fitness app Strava is caught giving away your location data to strangers, and the top privacy improvements in Apple iOS 14. ** Links mentioned on the show ** A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems https://www.bbc.com/news/technology-54204356 Strava app shows your info to nearby users unless this setting is disabled https://www.bleepingcomputer.com/news/security/strava-app-shows-your-info-to-nearby-users-unless-this-setting-is-disabled/ Five iOS 14 and iPadOS 14 security and privacy features you need to know about https://www.zdnet.com/article/five-ios-14-and-ipados-14-security-and-privacy-features-you-need-to-know-about/ ** Watch this episode on YouTube ** https://youtu.be/tKqM0vu85Pw ** Thank you to...
StartPage.com The Worlds Most Private Search Engine
In episode 139 for September 21st 2020: This week we take a break from the news to bring you our interview with Alex Kubiak, Senior Product Manager at StartPage.com. StartPage is a privacy focused search engine which uses Google’s search results but removes all trackers and logs. This makes StartPage very different than other privacy focused search engines like DuckDuckGo. In this interview we talk about these differences, how Startpage.com makes money, privacy features and benefits of using StartPage, and the one thing you should do to better protect your online privacy. ** Links mentioned on the show ** Use...
Schools Under Cyberattack, Chrome Ad Blocking Update, US Election Interference
In episode 138 for September 14th 2020: School districts under cyber-attack, Google Chrome’s new ad blocking feature, and Microsoft’s latest alert about foreign interference in the 2020 US election. ** Links mentioned on the show ** City of Hartford postpones first day of school after ransomware attack https://www.zdnet.com/article/city-of-hartford-postpones-first-day-of-school-after-ransomware-attack/ Hackers shutdown first day of Toledo Public Schools online classes https://www.13abc.com/2020/09/08/hackers-shutdown-first-day-of-toledo-public-schools-online-classes/ Miami-Dade Schools: Students log on successfully after days of cyber slowdowns https://www.local10.com/news/local/2020/09/03/superintendent-miami-schools-platform-also-targeted-by-foreign-interference/ Google Chrome starts blocking ads that slow down the browser https://www.bleepingcomputer.com/news/google/google-chrome-starts-blocking-ads-that-slow-down-the-browser/ New cyberattacks targeting U.S. elections https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/ ** Watch this episode on YouTube ** https://www.youtube.com/c/SharedSecurityPodcast ** Thank you to...
NSA Data Collection Ruling, Browsing History Identification, Ambulance Chasing
In episode 137 for September 7th 2020: A federal appeals court finds the NSA’s bulk collection of phone data was unlawful, new research shows that browsing histories are unique enough to reliably identify users, and my personal story about a car accident and the privacy of your public records. ** Links mentioned on the show ** Appeals court finds NSA’s bulk phone data collection was unlawful https://www.cnet.com/news/appeals-court-finds-nsas-bulk-phone-data-collection-was-unlawful/ Mozilla research: Browsing histories are unique enough to reliably identify users https://www.zdnet.com/article/mozilla-research-browsing-histories-are-unique-enough-to-reliably-identify-users/ Replication: Why We Still Cant Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories https://www.usenix.org/system/files/soups2020-bird.pdf Aggressive solicitation comes...
Targeted Attacks Part 1 OSINT and Reconnaissance
In our August monthly episode we start our three part series on targeted attacks. In this episode we focus on OSINT (Open Source Intelligence) and reconnaissance techniques used by attackers in phishing and BEC (Business Email Compromise) attacks. Kyle Lovett, Principal Penetration Tester at Veracode, joins us to demonstrate some of the tools and techniques used by attackers and professional penetration testers when conducting these targeted attacks. ** Links mentioned on the show ** Kyle Lovett on Darknet Diaries Episode 5 (#ASUSGATE) https://darknetdiaries.com/episode/5/ Cisco Employee Earns Security Bug Bounty 1 Million United Miles! https://blogs.cisco.com/wearecisco/cisco-employee-earns-security-bug-bounty-1-million-united-miles A Search Engine for Threats https://www.threatcrowd.org/...
Uber CISO Charged, Facebook Data Portability, Malicious iOS SDK
In episode 136 for August 31st 2020: Uber’s former security chief is charged over covering up a 2016 data breach, Facebook pushes for data portability legislation, and how a malicious iOS SDK breached the privacy of millions of mobile users. ** Links mentioned on the show ** Former Uber Security Chief Charged Over Covering Up 2016 Data Breach https://thehackernews.com/2020/08/uber-data-breach-cover-ups.html Facebook pushes for data portability legislation ahead of FTC hearing https://www.reuters.com/article/us-facebook-antitrust/facebook-pushes-for-data-portability-legislation-ahead-of-ftc-hearing-idUSKBN25H0BG Malicious iOS SDK breaches user privacy for millions https://www.helpnetsecurity.com/2020/08/24/malicious-ios-sdk/ ** Watch this episode on YouTube ** https://www.youtube.com/c/SharedSecurityPodcast ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check...
Audio Recordings Used to Copy Keys, Carnival Ransomware Attack, Social Media Profile Data Exposed
In episode 135 for August 24th 2020: Details on how researchers can use audio recordings of keys being used in locks to create copies, Carnival cruise lines becomes the victim of a ransomware attack, and a data broker exposes nearly 235 million profiles scraped from social media sites. ** Links mentioned on the show ** Picking Locks with Audio Technology https://cacm.acm.org/news/246744-picking-locks-with-audio-technology/fulltext World’s largest cruise line operator discloses ransomware attack https://www.zdnet.com/article/worlds-largest-cruise-line-operator-discloses-ransomware-attack/ https://www.sec.gov/ix?doc=/Archives/edgar/data/815097/000095014220002039/eh2001078_8k.htm Social media data broker exposes nearly 235 million profiles scraped from Instagram, TikTok, and Youtube https://www.comparitech.com/blog/information-security/social-data-leak/ ** Watch this episode on YouTube ** https://www.youtube.com/c/SharedSecurityPodcast ** Thank you to our...
Amazon Echo Exploit, Privacy Shield, Capital One Data Breach Update
In episode 134 for August 17th 2020: Details on new critical vulnerabilities found in Amazon Echo devices, what the end of the Privacy Shield framework means EU citizens personal data, and new data breach fines issued to Capital One and Twitter by the OCC and FTC. ** Links mentioned on the show ** Keeping the gate locked on your IoT devices: Vulnerabilities found on Amazons Alexa https://research.checkpoint.com/2020/amazons-alexa-hacked/ Privacy Shield Is Dead, And Data Marketplaces Are Just Getting Going https://www.forbes.com/sites/forbestechcouncil/2020/08/10/privacy-shield-is-dead-and-data-marketplaces-are-just-getting-going/ https://iapp.org/news/a/is-privacy-shield-really-gone/ Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users https://thehackernews.com/2020/08/capital-one-data-breach.html https://www.occ.treas.gov/news-issuances/news-releases/2020/nr-occ-2020-101.html Twitter expecting FTC fine of...
In episode 133 for August 10th 2020: What we can learn from the big Twitter hack, why everyone is trying to ban TikTok, and pharmacy chain Rite Aid’s use of facial recognition cameras. ** Links mentioned on the show ** How the FBI tracked down the Twitter hackers https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html https://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/ Call for TikTok security check before HQ decision https://www.bbc.com/news/technology-53640909 Rite Aid deployed facial recognition systems in hundreds of U.S. stores https://www.reuters.com/investigates/special-report/usa-riteaid-software/ ** Watch this episode on YouTube ** https://youtu.be/bb28WGS1Jlk ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags...
How Big Tech Collects Your Private Data and How to Delete It
In episode 132 for August 3rd 2020: How the big tech companies like Google, Apple, Facebook, and Twitter collect your private data and how you can delete it with Kira Rakova from Undatify. ** Links mentioned on the show ** Find out more about Undatify https://undatify.me/ https://www.instagram.com/undatifyme/ The Step-by-Step Guide to Erasing Your Entire Google History https://pixelprivacy.com/resources/erasing-google-history How to Download And Delete Your Data From Facebook https://www.online-tech-tips.com/computer-tips/how-to-download-and-delete-your-data-from-facebook/ How to Delete Your Private Data from Apples Servers https://www.macobserver.com/tips/quick-tip/delete-private-data-apple-servers/ How to delete your Twitter history https://www.theverge.com/2018/2/8/16991396/how-to-delete-twitter-history-tweetdelete ** Watch this episode on YouTube ** Check out the live demo of deleting private data...
Chinese Hacking Campaign Exposed, BadPower Fast Charger Attack, Instacart Data Leak
In episode 131 for July 27th 2020: The FBI charges two Chinese hackers for one of the largest Chinese directed hacking campaigns ever discovered, how the BadPower fast charger attack could melt or set your devices on fire, and details on a massive leak of Instacart customer information. ** Links mentioned on the show ** DOJ says Chinese hackers targeted coronavirus vaccine research https://www.politico.com/news/2020/07/21/doj-chinese-hackers-coronavirus-research-375855 BadPower attack corrupts fast chargers to melt or set your device on fire https://www.zdnet.com/article/badpower-attack-corrupts-fast-chargers-to-melt-or-set-your-device-on-fire Instacart user data is reportedly being sold online, but the company denies there was a breach https://www.buzzfeednews.com/article/janelytvynenko/instacart-customers-info-sold-online ** Watch this episode on...
Privacy Settings for Amazon Echo and Google Home
In episode 102 of our July monthly show Scott and Tom walk-through the recommended privacy settings for Amazon Echo and Google Home smart speakers. ** Links mentioned on the show ** 8 ways to protect your Amazon Echo privacy while working from home https://www.cnet.com/how-to/8-ways-to-protect-your-amazon-echo-privacy-while-working-from-home/ How To Make Your Amazon Echo and Google Home as Private as Possible https://www.wired.com/story/alexa-google-assistant-echo-smart-speaker-privacy-controls/ Is your Google Home or Nest secure? How to find and delete your private data https://www.cnet.com/how-to/is-your-google-home-or-nest-secure-how-to-find-and-delete-your-private-data/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to...
The Big Twitter Hack, Critical Windows DNS Server Update, Email Impersonation Attacks
In episode 130 for July 20th 2020: Details on the big Twitter hack which took over high-profile accounts, a major wormable critical vulnerability in Microsoft Windows DNS Server, and how email impersonation attacks take advantage of everyone working from home. ** Links mentioned on the show ** Twitter blames ‘coordinated’ attack on its systems for hack of Joe Biden, Barack Obama, Bill Gates and others https://www.cnn.com/2020/07/15/tech/twitter-hack-elon-musk-bill-gates/index.html https://twitter.com/TwitterSupport/status/1283591846464233474 Hackers Convinced Twitter Employee to Help Them Hijack Accounts https://www.vice.com/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos Crypto hack latest in a history of high-profile Twitter breaches https://www.hindustantimes.com/world-news/crypto-hack-latest-in-a-history-of-high-profile-twitter-breaches/story-5z9Q0hh4S3yjSmv5fgAiZK.html Microsoft warns of critical Windows DNS Server vulnerability thats wormable https://www.theverge.com/2020/7/14/21324353/microsoft-windows-dns-server-security-vulnerability-patch-critical-flaw Email...
In episode 129 for July 13th 2020: Impact of the F5-BIG-IP critical vulnerability, security updates and your WiFi router, and details about new research that shows how billions of compromised credentials are available in the cyber underground. ** Links mentioned on the show ** Mitigating critical F5 BIG-IP RCE flaw not enough, bypass found https://www.bleepingcomputer.com/news/security/mitigating-critical-f5-big-ip-rce-flaw-not-enough-bypass-found/ Home router warning: They’re riddled with known flaws and run ancient, unpatched Linux https://www.zdnet.com/article/home-router-warning-theyre-riddled-with-known-flaws-and-run-ancient-unpatched-linux/ Billions of passwords now available on underground forums, say security researchers https://www.zdnet.com/article/billions-of-passwords-now-available-on-underground-forums-say-security-researchers/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of...
TikTok Privacy Concerns, macOS Ransomware, Bad Passwords
In episode 128 for July 6th 2020: New TikTok privacy concerns, the rise of macOS ransomware, and details on new research about bad password choices. ** Links mentioned on the show ** Family Safety and Security with Andy Murphy from The Secure Dad Podcast https://sharedsecurity.net/2020/06/29/family-safety-and-security-with-andy-murphy-from-the-secure-dad-podcast EARN IT Act, Facial Recognition Fail, Can I Be Phished? https://sharedsecurity.net/2020/06/30/earn-it-act-facial-recognition-fail-can-i-be-phished TikTok Reverse Engineered: What Was Discovered Will Make You Delete It ASAP https://www.reddit.com/r/privacy/comments/hgkqee/tiktok_reverse_engineered_what_was_discovered TikTok Reverse Engineering Highlights Massive Privacy Problems https://beincrypto.com/tiktok-reverse-engineering-highlights-massive-privacy-problems iOS 14 beta has a banner to confirm when you paste from another device (eg copy on a Mac and paste on iPhone)...
EARN IT Act, Facial Recognition Fail, Can I Be Phished?
In episode 101 of our June monthly show: Scott and Tom discuss the privacy concerns with the EARN IT Act, more stories of facial recognition fail, and Scott talks about his new podcast, Can I Be Phished? ** Links mentioned on the show ** PETITION: Nearly 500,000 say Congress shouldnt kill encryption with the EARN IT Act https://www.dailydot.com/debug/earn-it-act-petition/ The EARN IT Bill Is the Governments Plan to Scan Every Message Online https://www.eff.org/deeplinks/2020/03/earn-it-bill-governments-not-so-secret-plan-scan-every-message-online False facial recognition match leads to a wrongful arrest in Detroit https://www.engadget.com/facial-recognition-wrongful-arrest-michigan-141531393.html Announcing the Can I Be Phished? podcast unboxing the most common attacks! https://clickarmor.ca/2020/06/announcing-the-can-i-be-phished-podcast-unboxing-the-most-common-attacks/ ** Thank you...
Family Safety and Security with Andy Murphy from The Secure Dad Podcast
In episode 127 for June 29th 2020: Family safety and security with special guest Andy Murphy host of The Secure Dad podcast. I really enjoyed this interview with Andy! If you’re looking for a podcast about home and family security, self-defense, and more you should definitely subscribe to his show! ** Links mentioned on the show ** The Secure Dad 5 Day Challenge https://www.thesecuredad.com/5daychallenge Our Episode on 5 Tips to Stay Secure and Private During a Protest https://sharedsecurity.net/2020/06/15/5-tips-to-stay-private-and-secure-during-a-protest/ Andy’s Episode on “The Crime We Create” https://podcasts.apple.com/us/podcast/the-crime-we-create/id1438284738?i=1000456654826 Subscribe to The Secure Dad Podcast https://www.thesecuredad.com/podcast Follow Andy and The Secure Dad Podcast...
Largest DDoS Attack Ever, New Dropbox Features, North Korean Cyber-Attacks
In episode 126 for June 22nd 2020: Details on the largest Distributed Denial of Service attack ever recorded, new security features in Dropbox, and the latest on new North Korean targeted cyber-attacks. ** Show notes and links mentioned on the show ** Zoom will provide end-to-end encryption to all users https://www.bleepingcomputer.com/news/security/zoom-will-provide-end-to-end-encryption-to-all-users/ AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever https://www.zdnet.com/article/aws-said-it-mitigated-a-2-3-tbps-ddos-attack-the-largest-ever/ DDoS explained: How distributed denial of service attacks are evolving https://www.csoonline.com/article/3222095/ddos-explained-how-denial-of-service-attacks-are-evolving.html Dropbox unveils new features: Passwords, document vault, backup https://www.helpnetsecurity.com/2020/06/17/dropbox-new-features North Korea’s state hackers caught engaging in BEC scams https://www.zdnet.com/article/north-koreas-state-hackers-caught-engaging-in-bec-scams/ North Korean state hackers reportedly planning...
5 Tips to Stay Private and Secure During a Protest
In episode 125 for June 15th 2020: Our top 5 tips for staying private and secure during a protest. ** Show notes and links mentioned on the show ** Privacy And Security While Protesting https://silent-pocket.com/blogs/news/privacy-and-security-while-protesting You Have a First Amendment Right to Record the Police https://www.eff.org/deeplinks/2020/06/you-have-first-amendment-right-record-police Protecting Your Privacy if Your Phone is Taken Away https://www.eff.org/deeplinks/2020/06/protecting-your-privacy-if-your-phone-taken-away How to Protest Safely in the Age of Surveillance https://www.wired.com/story/how-to-protest-safely-surveillance-digital-privacy/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this...
Minneapolis Police Website Hacked, Zoom Encryption, eBay Port Scanning
In episode 124 for June 8th 2020: Details on how the Minneapolis Police website may have been hacked, Zoom’s plan to implement end-to-end encryption, and why eBay and other sites may be port scanning your computer. ** Show notes and links mentioned on the show ** After Anonymous Promises Retribution for George Floyds Death, Minneapolis Police Website Shows Signs It Was Hacked https://time.com/5845880/anonymous-minneapolis-police-hack/ Anonymous Hacker Gets Six Years In Prison For DDoS Attacks https://yro.slashdot.org/story/19/11/22/2211205/anonymous-hacker-gets-six-years-in-prison-for-ddos-attacks Zoom to offer end-to-end encryption only to paying customers https://www.helpnetsecurity.com/2020/06/04/zoom-end-to-end-encryption Is the EARN-IT Act a backdoor attempt to get encryption backdoors? https://www.csoonline.com/article/3531393/is-the-earn-it-act-a-backdoor-attempt-to-get-encryption-backdoors.html eBay port scans visitors’...
First Amendment Rights and Twitter, Encryption Backdoors
In episode 123 for June 1st 2020: The controversy continues over fact checking and First Amendment rights on Twitter, and why government mandated encryption backdoors are bad for everyone’s security. ** Show notes and links mentioned on the show ** Trump to sign executive order aimed at cracking down on Facebook and Twitter https://www.cnbc.com/2020/05/28/trump-to-sign-executive-order-aimed-at-cracking-down-on-facebook-twitter.html The law enforcement backdoor debate continues https://www.helpnetsecurity.com/2020/05/26/backdoor-encryption/ OWASP Top 10 2020 Data Analysis Plan https://owasp.org/www-project-top-ten/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a...
Episode 100 with Rachel Tobac and Kathleen Smith
In episode 100 of our May monthly show we discuss the history of the podcast, some of the most interesting cybersecurity and privacy news and events over the years, and speak with former guest Rachel Tobac, CEO and Co-Founder of SocialProof Security, about what she’s been up to and of course the David Lynch daily weather report! We also catch up with Kathleen Smith, CMO of ClearedJobs.net and CyberSecJobs.com to talk about the current cybersecurity job market, recruiting, and the one thing you need to stop doing with your resume. Interviews start at [38:00]. Be sure to watch the full...
Apples Law Enforcement Backdoor Dispute, Signal PINs, EasyJet Data Breach
In episode 122 for May 25th 2020: Apple and the US Government dispute over law enforcement backdoors in Apple products, secure messaging app Signal starts to move away from using phone numbers as user IDs, and details on the EasyJet data breach affecting 9 million customers. ** Show notes and links mentioned on the show ** Apple Calls FBI Comments on Lack of Help Unlocking Florida Shooter’s iPhone an ‘Excuse to Weaken Encryption’ https://www.macrumors.com/2020/05/18/apple-fbi-dispute-weaken-encryption/ Signal to move away from using phone numbers as user IDs https://signal.org/blog/signal-pins/ British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers’ Data https://thehackernews.com/2020/05/easyjet-data-breach-hacking.html EasyJet official...
In episode 121 for May 18th 2020: A new Thunderbolt flaw could let hackers steal your data in under five minutes, new vulnerabilities in a popular WordPress plugin, and details on why the US Senate just rejected a plan to require a warrant to obtain Americans’ web browsing history. ** Show notes and links mentioned on the show ** Thunderbolt flaw lets hackers steal your data in ‘five minutes’ https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/ Thunderbolt 3 The USB-C that does it all https://thunderbolttechnology.net/consumer/ Thunderspy tool to test if your PC is vulnerable https://thunderspy.io/ WordPress plugin Page Builder by SiteOrigin patched against code execution attacks...
In episode 120 for May 11th 2020: The latest on the GoDaddy security incident affecting 28,000 customers, fake Microsoft Teams notification emails and Zoom downloaders, and details on new features to the Firefox built in password manager. ** Show notes and links mentioned on the show ** GoDaddy notifies users of breached hosting accounts https://www.bleepingcomputer.com/news/security/godaddy-notifies-users-of-breached-hosting-accounts/ GoDaddy email to affected customers https://oag.ca.gov/system/files/Customer%20Notification.pdf How to combine SSH key authentication and two-factor authentication on Linux https://www.techrepublic.com/article/how-to-combine-ssh-key-authentication-and-two-factor-authentication-on-linux/ Fake Microsoft Teams Notification Emails https://www.helpnetsecurity.com/2020/05/04/fake-microsoft-teams-notification/ Fake Zoom Downloaders https://www.zdnet.com/article/hackers-target-remote-workers-with-fake-zoom-downloader/ The Firefox password manager now tells you when you use leaked passwords https://www.zdnet.com/article/the-firefox-password-manager-now-tells-you-when-you-use-leaked-passwords/ World Password Day https://www.daysoftheyear.com/days/password-day/...
Workplace Surveillance, Apple and Google Contact Tracing Tech, Virtual Cybersecurity Conferences
In episode 119 for May 4th 2020: The use of thermal cameras and other technology to monitor the workplace for COVID-19, more details about Apple and Google’s contact tracing framework, and are virtual security conferences the new normal? ** Show notes and links mentioned on the show ** A new era of workplace surveillance due to COVID-19? https://www.washingtonpost.com/technology/2020/04/27/companies-use-thermal-cameras-speed-return-work-sparks-worries-about-civil-liberties/ Apple and Google provide more technical details about the COVID-19 exposure notification API https://www.washingtonpost.com/technology/2020/04/29/most-americans-are-not-willing-or-able-use-an-app-tracking-coronavirus-infections-thats-problem-big-techs-plan-slow-pandemic/ https://www.apple.com/covid19/contacttracing/ Pros and cons of virtual security events https://www.helpnetsecurity.com/2020/04/29/virtual-events Check out all the great online courses offered by Secure Ideas. Use discount code: SIFRIEND for 25% off! https://secureideas.com/catalog/...
The End of Passwords as We Know It
In episode 118 for April 27th 2020: A discussion about the end of passwords and what the future may hold with special guest Andrew Shikiar executive director of the FIDO Alliance. ** Show notes and links mentioned on the show ** Find out more about the FIDO Alliance https://fidoalliance.org/ https://twitter.com/fidoalliance How FIDO works and eliminates the need for passwords https://fidoalliance.org/how-fido-works/ Connect with Andrew Shikiar https://www.linkedin.com/in/andrewshikiar/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast...
In episode 99 of our April monthly show: Apple and Google’s controversial efforts to create contact tracing technology, fighting COVID-19 criminal activity, and what the new normal means for startup companies. ** Show notes and links mentioned on the show ** Apple and Google to build contact tracing technology https://www.rte.ie/news/business/2020/0410/1129902-apple-and-google-to-build-contact-tracing-technology/ COVID-19 Cyber Threat Coalition https://www.cyberthreatcoalition.org/ Cyber Threat Alliance https://www.cyberthreatalliance.org/ COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic? https://krebsonsecurity.com/2020/04/covid-19-has-united-cybersecurity-experts-but-will-that-unity-survive-the-pandemic/ More cybersecurity and other vendors stepping up with free products for healthcare and other impacted organizations https://www.helpnetsecurity.com/2020/04/15/microsoft-accountguard-healthcare/ https://www.helpnetsecurity.com/2020/04/08/cybersecurity-pandemic-try-solutions/ ** Thank you to our sponsors! ** Silent Pocket Visit...
Zoom Hacked Accounts, North Korean Hackers, Facebook Senior Pictures
In episode 117 for April 20th 2020: More problems for Zoom with tens of thousands of compromised credentials and zero-day exploits, the $5 million dollar reward for information on North Korean hackers, and why it might not be the best idea to post your senior year pictures on Facebook. ** Show notes and links mentioned on the show ** Over 500,000 Zoom accounts sold on hacker forums, the dark web https://www.bleepingcomputer.com/news/security/over-500-000-zoom-accounts-sold-on-hacker-forums-the-dark-web/ Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 https://www.vice.com/en_us/article/qjdqgv/hackers-selling-critical-zoom-zero-day-exploit-for-500000 US offers $5 million reward for information on North Korean hackers https://www.zdnet.com/article/us-offers-5-million-reward-for-information-on-north-korean-hackers/ DPRK Cyber Threat Advisory https://www.us-cert.gov/sites/default/files/2020-04/DPRK_Cyber_Threat_Advisory_04152020_S508C.pdf Have...
Contact Tracing Apps, Business Email Compromise Scams, SPAM Phone Calls
In episode 116 for April 13th 2020: Privacy concerns with COVID-19 contact tracing apps, the FBI’s new warnings about business email compromise scams, and how to prevent unwanted and SPAM phone calls. ** Show notes and links mentioned on the show ** Help speed up contact tracing with TraceTogether https://www.gov.sg/article/help-speed-up-contact-tracing-with-tracetogether COVID-19 contact tracing: Canadian company says authorities not interested in app that could help with virus https://www.msn.com/en-ca/news/canada/covid-19-contact-tracing-canadian-company-says-authorities-not-interested-in-app-that-could-help-with-virus/ar-BB12lAyG?li=AAggXBV FBI warns again of BEC scammers exploiting cloud email services https://www.bleepingcomputer.com/news/security/fbi-warns-again-of-bec-scammers-exploiting-cloud-email-services/ CEO Fraud What is a BEC scam? https://fraudwatchinternational.com/expert-explanations/what-is-a-bec-scam/ Study: State of Robocalls in the U.S. https://www.roboshield.com/blog/dealing-with-unwanted-calls/ The FCC’s Push to Combat Robocalls...
Another Marriott Data Breach, Zoom-Bombing, Economic Stimulus Scams
In episode 115 for April 6th 2020: The latest on yet another Marriott data breach, what you need to know about Zoom-Bombing and other Zoom privacy concerns, and new warnings about US economic stimulus payment scams. ** Show notes and links mentioned on the show ** Marriott discloses another security breach that may impact over 5 million guests https://www.theverge.com/2020/4/1/21203313/marriott-database-security-breach-5-million-guest Marriott International: Incident Notification https://mysupport.marriott.com/ Zoom to iPhone users: We’re no longer sending your data to Facebook https://www.zdnet.com/article/zoom-to-iphone-users-were-no-longer-sending-your-data-to-facebook/ Zoom to iPhone users: We’re no longer sending your data to Facebook https://www.yahoo.com/news/trolls-started-invading-public-zoom-211626623.html Zoom Lets Attackers Steal Windows Credentials, Run Programs via UNC...
Staying Secure When Working From Home
In episode 114 for March 30th 2020: Co-host Tom Eston is joined with frequent guest Kevin Johnson to discuss how to stay more secure when working from home. If you find yourself working from home because of COVID-19 this is one episode you don’t want to miss! ** Show notes and links mentioned on the show ** Social isolation is a risk factor for scam loss https://www.helpnetsecurity.com/2020/03/24/risk-scams/ The State of Cybersecurity Training and Certifications with Kevin Johnson https://sharedsecurity.net/2019/04/25/the-state-of-cybersecurity-training-and-certifications-with-kevin-johnson/ How I Became a Security Consultant: AbsoluteAppsec Interview https://blog.secureideas.com/2020/03/how-i-became-a-security-consultant-absoluteappsec-interview.html Secure Ideas Affordable Cybersecurity Training Offerings https://secureideas.com/training ** Thank you to our sponsors!...
Click Armor Demo, Podcast Survey Results, Google Geofence Warrants
In episode 98 of our monthly show co-host Scott Wright shows us a demo of Click Armor which is a gamified cybersecurity awareness platform, Tom presents the results of our listener survey, and we have a discussion about the privacy concerns with geofence warrants. ** Show notes and links mentioned on the show ** Take the Click Armor 3-minute interactive assessment: Can I be Phished? https://www.clickarmor.ca/canibephished Google tracked his bike ride past a burglarized home. That made him a suspect. https://www.nbcnews.com/news/us-news/google-tracked-his-bike-ride-past-burglarized-home-made-him-n1151761 ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of...
COVID-19 Mass Surveillance, New Coronavirus Cyber-Attacks, Encryption Backdoors
In episode 113 for March 23rd 2020: Israel passes an emergency law to use mobile data to track people infected with COVID-19, the latest coronavirus cyber-attacks to be aware of, and how governments world-wide could be putting backdoors into secure messaging apps. ** Show notes and links mentioned on the show ** Israel passes emergency law to use mobile data for COVID-19 contact tracing https://www.bbc.com/news/technology-51930681 To Track Virus, Governments Weigh Surveillance Tools That Push Privacy Limits https://www.wsj.com/articles/to-track-virus-governments-weigh-surveillance-tools-that-push-privacy-limits-11584479841 WhatsApp And Signal Replaced By New Mystery Messaging App for EU Diplomats https://www.forbes.com/sites/zakdoffman/2020/02/27/whatsapp-and-signal-replaced-by-new-mystery-messaging-app-this-eu-change-matters-heres-why/#4cea89017ba9 The EARN IT Bill Is the Governments Plan to Scan...
COVID-19 Cybersecurity Impact, Hacking the Hackers, Whisper App Data Leak
In episode 112 for March 16th 2020: The cybersecurity impact of COVID-19, who’s hacking the hackers, and details on a data leak of the secret sharing app Whisper. ** Show notes and links mentioned on the show ** Resilient in Times of Disruption https://www.rsa.com/en-us/blog/2020-03/resilient-in-times-of-disruption COVID-19 coronavirus outbreak and a security conference tries to play it down https://www.zdnet.com/article/covid-19-outbreak-and-a-security-conference-tries-to-play-it-down/ Cybercriminals leveraging coronavirus outbreak to execute ransomware attacks https://www.helpnetsecurity.com/2020/03/11/coronavirus-ransomware-attacks Employees Are Working From Home Do You Know Where Your Remote Work Policy Is? https://securityintelligence.com/employees-are-working-from-home-do-you-know-where-your-remote-work-policy-is/ Hackers are targeting other hackers by infecting their tools with malware https://techcrunch.com/2020/03/09/hacking-the-hackers https://www.cybereason.com/blog/whos-hacking-the-hackers-no-honor-among-thieves Whisper, an anonymous secret-sharing app, failed...
IoT Device Attacks, FCC Fines Mobile Carriers, Lets Encrypt Certificate Bug
In episode 111 for March 9th 2020: A new report shows that attacks on Internet of Things devices are on the rise, the FCC fines major mobile carriers for selling users’ location data, and details on what happens when 3 million HTTPS certificates need to be revoked because of coding error. ** Show notes and links mentioned on the show ** Take our podcast listener survey and be entered to win a $25 Amazon gift card! https://sharedsecurity.net/survey Attacks are targeting default passwords on IoT devices https://www.zdnet.com/article/these-are-the-top-passwords-hackers-will-try-when-attacking-your-device/ https://blog.f-secure.com/attack-landscape-h2-2019-an-unprecedented-year-cyber-attacks/ Basic rules for securing IoT devices at home https://krebsonsecurity.com/2018/01/some-basic-rules-for-securing-your-iot-stuff/ The FCC fines wireless...
Youve Been Hacked! Now What?
In episode 110: Tyler Hudak, Incident Response Practice Lead at TrustedSec, joins us to talk about what you should do (and more importantly what you shouldn’t do) if you find out you’ve been hacked! ** Show notes and links mentioned on the show ** Take our podcast listener survey and be entered to win a $25 Amazon gift card! https://sharedsecurity.net/survey Connect with Tyler https://twitter.com/secshoggoth https://www.linkedin.com/in/tylerhudak https://secshoggoth.blogspot.com/ Find out more about TrustedSec https://www.trustedsec.com/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your...
Ring Mandates Two-Factor Authentication, License Plate Reader Data Sharing, RSA Conference Coronavirus Fears
In episode 109 for February 24th 2020: Kevin Johnson joins us to discuss how Ring made two-factor authentication mandatory following recent hacking incidents, California police have been caught illegally sharing license plate reader data, and details on IBM and other companies pulling out of the RSA conference due to coronavirus fears. ** Show notes and links mentioned on the show ** Take our podcast listener survey and be entered to win a $25 Amazon gift card! https://sharedsecurity.net/survey Ring Makes 2-Factor Authentication Mandatory Following Recent Hacks https://thehackernews.com/2020/02/ring-cameras-cybersecurity.html https://www.eff.org/deeplinks/2020/02/ring-updates-device-security-and-privacy-ignores-larger-concerns California Police Have Been Illegally Sharing License Plate Reader Data https://www.vice.com/en_us/article/y3mb8b/california-police-have-been-illegally-sharing-license-plate-reader-data IBM pulls...
Chinese Hackers, Coronavirus Phishing Attacks, How to Stay (Almost) Anonymous Online
In episode 97 of our monthly show we discuss how Chinese hackers caused the Equifax data breach, new coronavirus phishing attacks to be aware of, and how to stay (almost) anonymous online. ** Show notes and links mentioned on the show ** U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack https://krebsonsecurity.com/2020/02/u-s-charges-4-chinese-military-officers-in-2017-equifax-hack/ Phishers impersonate WHO, exploit coronavirus-related anxiety https://www.helpnetsecurity.com/2020/02/07/coronavirus-fake-emails/ 8 steps to being (almost) completely anonymous online https://www.csoonline.com/article/2975193/9-steps-completely-anonymous-online.html ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a...
Equifax Hacked by China, Israeli Voter Registry Exposed, How the CIA Owned Encryption
In episode 108 for February 17th 2020: The US charges four Chinese military hackers in the Equifax data breach, how Israel’s entire voter registry was exposed, and details on the encryption provider that was secretly owned by the CIA for the last fifty years. ** Show notes and links mentioned on the show ** U.S. charges four Chinese military hackers in 2017 Equifax breach https://www.reuters.com/article/us-usa-justice-cyber-idUSKBN2041RT https://krebsonsecurity.com/2020/02/u-s-charges-4-chinese-military-officers-in-2017-equifax-hack/ Netanyahu’s party left Israel’s entire voter registry exposed https://www.engadget.com/2020/02/09/likud-left-israel-voter-database-exposed/ https://www.nytimes.com/2020/02/10/world/middleeast/israeli-voters-leak.html CIA Secretly Owned Global Encryption Provider, Built Backdoors, Spied On 100+ Foreign Governments https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ ** Thank you to our sponsors! ** Silent Pocket Visit...
Preventing Tax Identity Theft, FTC and Robocallers, Google Photos Incident
In episode 107 for February 10th 2020: preventing tax identity theft and other tax scams, the FTC taking a stand against companies that support robocallers, and details on the incident where videos from Google Photos were being sent to strangers. ** Show notes and links mentioned on the show ** Preventing Tax Identity Theft and other Tax Scams https://www.consumer.ftc.gov/features/tax-identity-theft-awareness FTC warns VoIP providers that help robocallers: we can and will sue https://nakedsecurity.sophos.com/2020/02/03/ftc-warns-voip-providers-that-help-robocallers-we-can-and-will-sue/ Google Photos accidentally sent peoples private videos to strangers https://www.technologyreview.com/f/615140/google-accidentally-sent-peoples-private-videos-to-strangers/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line...
In episode 106 for February 3rd 2020: What you need to know about Facebook’s new off-Facebook activity tool, details about the Ring Android app sending user data to third party trackers, and new developments in the Wawa credit card breach. ** Show notes and links mentioned on the show ** Off-Facebook Activity is a Welcome but Incomplete Move https://www.eff.org/deeplinks/2020/01/facebook-history-welcome-incomplete-move How to Change Your Off-Facebook Activity Settings https://www.eff.org/deeplinks/2020/01/how-change-your-facebook-activity-settings Link to Facebook to change your Off-Facebook Activity Settings https://www.facebook.com/off_facebook_activity Ring Android App Sent Sensitive User Data to 3rd Party Trackers https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-trackers Wawa card breach may rank as one of the biggest of...
Voting by Smartphone, Jeff Bezos Hacked, Microsoft Security Breach
In episode 96 of our monthly we discuss the controversy of voting by smartphone in our elections, the Jeff Bezos hacking incident, and the recent Microsoft support security breach. ** Show notes and links mentioned on the show ** Seattle-Area Voters To Vote By Smartphone In 1st For U.S. Elections https://www.npr.org/2020/01/22/798126153/exclusive-seattle-area-voters-to-vote-by-smartphone-in-1st-for-u-s-elections Saudi Prince Allegedly Hacked World’s Richest Man Jeff Bezos Using WhatsApp https://thehackernews.com/2020/01/saudi-prince-allegedly-hacked-worlds.html Microsoft discloses security breach of customer support database https://www.zdnet.com/article/microsoft-discloses-security-breach-of-customer-support-database/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your...
Dark Web Fraud and Cybercrime with Emily Wilson
In episode 105 for January 27th 2020: What are the new forms of fraud and cybercrime being found on the Dark Web? We discuss this fascinating topic with Emily Wilson, VP of Research at Terbium Labs. ** Show notes and links mentioned on the show ** Emily’s Dark Reading Article: Fraud in the New Decade https://www.darkreading.com/application-security/fraud-in-the-new-decade/a/d-id/1336671 Terbium Labs https://terbiumlabs.com/ https://twitter.com/TerbiumLabs Connect with Emily https://twitter.com/thirdemily https://www.linkedin.com/in/emily-e-wilson/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast...
Critical Windows Vulnerability, Dating App Security Risk, Apple iOS Privacy Features
In episode 104 for January 20th 2020: Details on the new critical Microsoft Windows vulnerability, why dating apps could pose a national security risk, and how new Apple privacy features are changing the way your data is sold. ** Show notes and links mentioned on the show ** Major Windows flaw was discovered and reported by the NSA https://www.cnet.com/news/major-windows-10-flaw-was-reportedly-discovered-by-the-nsa/ https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF https://www.us-cert.gov/ncas/alerts/aa20-014a https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601 Windows 7 end of life announcement https://support.microsoft.com/en-us/help/4057281/windows-7-support-ended-on-january-14-2020 Apples new privacy features have further rattled the location-based ad market https://digiday.com/marketing/apples-new-privacy-features-rattle-location-based-ad-market ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of...
Iranian Cyber-Attacks, Ring Class-Action Lawsuit, Preventing Calendar SPAM
In episode 103: The US Department of Homeland Security warns of Iranian cyber-attacks, Ring gets hit with a $5 million dollar class action lawsuit, and some quick tips on how to prevent calendar SPAM. ** Show notes and links mentioned on the show ** Iran maintains a robust cyber program and can execute cyber-attacks against the US https://www.us-cert.gov/ncas/alerts/aa20-006a https://sharedsecurity.net/2019/07/01/us-cyber-attack-on-iran-poor-government-cybersecurity-malvertising-campaigns/ https://www.dallasnews.com/news/politics/2020/01/07/texas-officials-fear-iranian-cyber-attack-attempts-may-be-increasing/ https://twitter.com/campuscodi/status/1213641008556265472 Ring faces a $5 million proposed class action lawsuit https://abcnews.go.com/US/amazon-ring-face-million-proposed-class-action-lawsuit/story?id=67948687 Preventing Calendar SPAM https://the-parallax.com/2019/08/29/how-to-stop-calendar-spam/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built...
New California Data Privacy Law, Wyze Data Leak, ToTok Spy App
In episode 102: Details on the new California data privacy law, the Wyze data leak, and what is the ToTok app and could it be spying on you? ** Show notes and links mentioned on the show ** Enter our Silent Pocket New Year’s Giveaway – Deadline to enter: January 11th 2020 https://kingsumo.com/g/jsz2pk/silent-pocket-faraday-bag-new-years-giveaway Details on the new California data privacy law https://www.npr.org/2019/12/30/791190150/california-rings-in-the-new-year-with-a-new-data-privacy-law https://news.yahoo.com/california-apos-privacy-law-finally-110223203.html Wyze leaked personal data of 2.4 million users https://www.engadget.com/2019/12/30/wyze-leak-2-4-million-users/ https://www.bleepingcomputer.com/news/security/wyze-exposes-user-data-via-unsecured-elasticsearch-cluster/ https://ipvm.com/reports/wyze-employee https://forums.wyzecam.com/t/updated-12-27-19-data-leak-12-26-2019/79046 What is ToTok and is it a spy app? New York Times Article Twitter response from ToTok about the Google and Apple app store ban...
Top 10 Cybersecurity and Privacy Resolutions
In episode 101: Start the new year off right by following our top 10 cybersecurity and privacy resolutions! ** Show notes and links mentioned on the show ** Recommended Password Managers KeePass (free and open source): https://keepass.info/ Dashlane: https://www.dashlane.com/ 1Password: https://1password.com/ See if your site or service offer’s two-factor or multi-factor authentication https://twofactorauth.org/ Silent Pocket Faraday bag to protect your smartphone or laptop (use discount code “sharedsecurity” and get 15% off your order!) https://silent-pocket.com The new Firefox web browser offers blocking of third-party trackers by default https://www.mozilla.org/en-US/firefox/new/ https://blog.mozilla.org/press/2019/10/latest-firefox-brings-privacy-protections-front-and-center-letting-you-track-the-trackers/ Recommended Web Browser Ad Blockers and Privacy Plugins https://github.com/gorhill/uBlock https://www.eff.org/privacybadger Freeze your...
Rebecca Herold The Privacy Professor
In episode 95 of our monthly show we’re joined by special guest Rebecca Herold, the “Privacy Professor”. Rebecca is a well known expert in the privacy and cybersecurity community and gives us an update on what she’s been working on, what her thoughts are on the current state of privacy regulations (CCPA, GLBA, etc), and what we may see in 2020 from a privacy perspective. We also talk about Rebecca’s favorite books and her encounter with famed author Cliff Stoll who wrote “The Cuckoo’s Egg”. Thanks to Rebecca for joining us again on the show! ** Show notes and links...
The Year in Review and 2020 Predictions with Kevin Johnson
In episode 100: Kevin Johnson, CEO of SecureIdeas joins us in this very special milestone episode to discuss the year that was 2019 and what Kevin’s “predictions” are for cybersecurity and privacy 2020. Thank you to Kevin for being our special guest! ** Show notes and links mentioned on the show ** The Nerf Dart “head-shot” that will live in infamy (yes, Kevin..it’s in the show notes) Professionally Evil CISSP Mentorship Class – Starting in January https://training.secureideas.com/course/cissp-mentor/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other...
The Password Reuse Problem, US Government IoT Recommendations, Smart Lock Security Disaster
In episode 99: Password reuse is still a very large problem, US government recommendations for securing Internet of Things devices, and yet another smart lock device security disaster. ** Show notes and links mentioned on the show ** Password reuse continues to be a major problem https://www.microsoft.com/securityinsights/Identity https://resources.hypr.com/top-recommendations/password-usage-study https://www.nbcnews.com/news/us-news/man-hacks-ring-camera-8-year-old-girl-s-bedroom-n1100586 US government recommendations for securing Internet of Things devices https://www.bleepingcomputer.com/news/security/fbi-recommends-securing-your-smart-tvs-and-iot-devices/ https://www.bleepingcomputer.com/news/security/ftc-advises-checking-smart-toy-features-before-buying/ Another “smart” lock device security disaster https://www.helpnetsecurity.com/2019/12/11/keywe-smart-lock/ https://sharedsecurity.net/2019/10/14/hong-kong-protests-instagrams-anti-phishing-tool-smart-device-fail/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener...
How Youre Tracked Online, New Mass Surveillance Concerns, Malicious Android App Hijack
In episode 98: A new report from the EFF details how we are tracked online by third-party corporations, more mass surveillance concerns in China and Australia, and a malicious app hijack attack on Android to be aware of. ** Show notes and links mentioned on the show ** How You’re Tracked Online – Must Read Research from the EFF https://www.eff.org/press/releases/eff-report-exposes-explains-big-techs-personal-data-trackers-lurk-social-media https://www.eff.org/wp/behind-the-one-way-mirror EFF’s Privacy Badger uBlock Origin New Privacy Concerns in China and Australia https://www.engadget.com/2019/12/01/china-requires-face-scans-for-mobile-service-users/ https://www.engadget.com/2019/12/01/australia-rolls-out-ai-cameras-to-spot-drivers-using-their-phone/ Malicious Android Apps in the Wild https://www.zdnet.com/article/android-new-strandhogg-vulnerability-is-being-exploited-in-the-wild/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com and check out Silent Pocket’s amazing line...
Top 25 Most Dangerous Vulnerabilities, Smart City Privacy, DuckDuckGo vs. Google
In episode 94 of our monthly show for November 2019: The 25 most dangerous vulnerabilities, the privacy of new “smart cities”, and which search engine keeps your searches more private? It’s DuckDuckGo vs. Google! ** Show notes and links mentioned on the show ** Snapshot: Top 25 Most Dangerous Software Errors https://www.dhs.gov/science-and-technology/news/2019/11/26/snapshot-top-25-most-dangerous-software-errors https://www.theregister.co.uk/2019/09/18/the_25_most_dangerous_software_weaknesses/ Googles smart city in Toronto: what it wanted, what it will now get and why its still problematic for privacy Toyota, Lexus owners warned about thefts that use ‘relay attacks’ I ditched Google for DuckDuckGo. Here’s why you should too Sign-up for Rebecca Herold’s privacy newsletter –...
Phone and Voice Fraud, Twitter Account Purge, Adobe Magento Marketplace Data Breach
In episode 97 for December 2nd 2019: How to prevent phone and voice fraud, Twitter’s inactive account purge, and the Adobe Magento Marketplace data breach. ** Show notes and links mentioned on the show ** Don’t become a victim of phone and voicemail fraud https://www.darkreading.com/7-ways-to-hang-up-on-voice-fraud—/d/d-id/1336427 Twitter’s inactive account purge https://www.cnn.com/2019/11/27/tech/twitter-inactive-account-delete/index.html https://twitter.com/TwitterSupport/status/1199777313300209664 Adobe Magento Marketplace data breach https://nakedsecurity.sophos.com/2019/11/29/adobes-magento-marketplace-suffers-data-breach/ https://magento.com/blog/magento-news/magento-marketplace-security-update https://nakedsecurity.sophos.com/2019/04/05/patch-now-magento-e-commerce-sites-targeted-by-sqli-attacks/ ** Thank you to our sponsors! * Silent Pocket Visit https://silent-pocket.com check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 15% off your order at...
Disney+ Hacked Accounts, Black Friday Scams, Android Camera Exploits
In episode 96: Thousands of Disney+ accounts have been hacked, Black Friday and Cyber Monday scams to watch out for, and the latest on new Android camera exploits affecting Google and Samsung smartphones. ** Show notes and links mentioned on the show ** Disney+ accounts hacked shortly after the service launched https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/ Find out which apps and sites offer two-factor authentication https://twofactorauth.org/ KeyPass – free password manager https://keepass.info/ List of popular password managers https://en.wikipedia.org/wiki/List_of_password_managers Black Friday and Cyber Monday scams to watch out for https://www.msn.com/en-us/money/personalfinance/black-friday-2019-how-scammers-use-gift-cards-hot-toy-deals-to-trick-you/ar-BBX2xEV?li=AA30Nm How attackers could hijack your Android camera to spy on you https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera https://thehackernews.com/2019/11/android-camera-hacking.html ** Thank...
Googles Health Record Storage Controversy, US Border Search Ruling, Zelle Scams
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston. In episode 95 for November 18th 2019: Google’s access to the medical records of millions of Americans, a new ruling on suspicionless searches at the US border, and details on a new scam using the popular money sharing app Zelle. This week I read a news article about how more schools are either outright banning the use of smart phones or having kids put their phones in their lockers while in class. And while some kids may complain that...
Facebook Data Leaks, Smart Speaker Laser Attack, BlueKeep in the Wild
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston. In episode 94 for November 11th 2019: Facebook’s Group API data leak and 7,000 pages of leaked Facebook documents, lasers that can control your smart speakers, and details about the BlueKeep vulnerability now being exploited in the wild. Are you like most of us that have to be constantly checking our smart phones for the latest Tweet or Facebook update? How many of us are actually doing this while we’re driving? Distracted driving is one of the most common...
WhatsApps NSO Group Lawsuit, This Week in Data Breaches, Office 365 Voicemail Phishing
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston. In episode 93 for November 4th 2019: The WhatsApp NSO group lawsuit plus details on Facebook’s preventive health tool, this week’s data breach news, and how attackers are using a voicemail to phish Microsoft Office 365 users. Halloween may be over but this time of year doesn’t have to be scary when it comes to protecting your digital privacy. Silent Pocket makes it easy to protect your devices with their full line of faraday bags, wallets, and other accessories...
Firewalla Review, 15 Most Dangerous Apps for Kids, Rise of the Deepfake
In episode 93 of our monthly show we review the Firewalla home network device, talk about the 15 most dangerous (or scary) apps for kids that parents need to be aware of, and the rise of the “deepfake”! Watch the recording of our live stream on YouTube (we’re not sure what happened with Scott’s out-of-sync and choppy video so we apologize for our technical difficulties): Here are the show notes and links to articles discussed during the show: Tom’s review of the Firewalla home network protection device Description of the Firewalla Blue and Firewalla Red Firewalla router compatibility list Information...
Nord VPN Security Incident, Smart Speaker Phishing, Apple iOS 13 Privacy Features
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston. In episode 92 for October 28th 2019: Details on the Nord VPN security incident, using Amazon Echo and Google Home smart speakers for phishing attacks, and new privacy features in Apple iOS 13 you should know about. What does it mean to go off the grid? For most of us that are constantly relying on our phones, tablets, and laptops it means shutting them off and doing some other activity like enjoying nature or spending valuable time with friends...
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston. In episode 91 for October 21st 2019: Pitney Bowes becomes the latest ransomware victim, what are the top technology fears, and the latest on the vulnerability that allows a Samsung Galaxy S10 to be unlocked with anyone’s fingerprint. Smart phones and other mobile devices have truly become integrated with our daily lives. So much in fact, these devices are causing a new type of stress injury called “text neck”. Text neck is a stress injury which causes pain in...
Hong Kong Protests, Instagrams Anti-Phishing Tool, Smart Device Fail
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston In episode 90 for October 14th 2019: How protesters in Hong Kong are avoiding facial recognition, Instagram’s new anti-phishing tool, and my recent epic smart device failure incident. Being a frequent traveler myself, I’m always surprised at how many people at airports are not very aware of their privacy. Just last week while I was waiting for my flight I listened as someone was giving their credit card number over the phone, and another person had their laptop open...
Microsoft OneDrive Personal Vault, Googles New Privacy and Security Controls, REAL ID Deadline
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston. In episode 89 for October 7th 2019: Microsoft’s new OneDrive personal vault, updated privacy and security controls announced by Google, and the TSA’s announcement about the REAL ID deadline next year. I have a question for you. What’s in your daily carry? Now I’m not talking about your concealed weapon of choice (if you do legally choose to do so) but I’m talking about your wallet, backpack, clutch, or other travel accessory. If you’re looking to upgrade to something...
Amazon Smart Glasses, Webkey Social Engineering, Erase Your Old Hard Drives!
In episode 92 of our monthly show Tom and Scott talk about Amazon’s new smart glasses that work with Alexa, what webkey’s are and how they could be used for social engineering, and why you should always erase old hard drives and other data storage before selling or giving away computers and other electronics. Looking to up your privacy and security game while you travel? Then you need to check out Silent Pocket’s patented product line of faraday bags, wallets, backpacks, and other accessories at silentpocket.com. Be sure to use discount code “sharedsecurity” at checkout to receive 15% off your...
DoorDash Data Breach, Voice Assistant Privacy Changes, Limiting Ad Tracking
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston. In episode 88 for September 30th 2019: DoorDash announces a data breach affecting 4.9 million people, recent voice assistant privacy changes, and ways that you can limit ad tracking on your mobile device. Are you a frequent traveler that wants a high-quality, fashionable backpack that keeps your digital privacy in mind? Then you need to check out Silent Pocket’s new Faraday Bag Waterproof Backpack. Check it out at silentpocket.com as well as their other products built to protect your...
Aaron Zar, Co-Founder and CEO of Silent Pocket
On this special edition of the podcast we speak with Aaron Zar, co-founder and CEO of Silent Pocket. Silent Pocket has been a long time sponsor of the show and it was great to catch up with Aaron to get his thoughts on the current state of digital privacy. On the show we also discuss: Why privacy isn’t dead and how Aaron responds to people that say “Who cares about privacy! I have nothing to hide!” How Silent Pocket products are helping people protect their digital privacy and stay more secure The history of Silent Pocket, their first products, and...
Apple iOS 13, Venmo Scams, Simjacking Attacks
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston. In episode 87 for September 22nd 2019: Everything you need to know about Apple iOS 13, Venmo scams you need to be aware of, and new details about “Simjacking” attacks This week I had the pleasure of interviewing Aaron Zar, co-founder and CEO of our sponsor Silent Pocket. Aaron’s a great guy and I think you’ll enjoy hearing how he started Silent Pocket and his take on why our digital privacy is more important than ever. Well be publishing...
End-to-End Encryption with Max Krohn from Keybase.io
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston. In episode 86 for September 16th 2019: All about end-to-end encryption with Max Krohn from Keybase.io. Are you looking for the very best products to protect your digital privacy? Well, Silent Pocket has everything you need to mind the grid with their patented product line of faraday bags and wallets. Visit silentpocket.com today and receive 15% off your order with discount code “sharedsecurity”. The Shared Security Podcast is also sponsored by Edgewise Networks. Visit edgewise.net to find out about...
New Firefox Privacy Protections, Apple iOS Zero-Days, Facebook User Phone Numbers Exposed
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston. In episode 85 for September 9th 2019: Firefox will now block all third-party tracking cookies and more by default, serious vulnerabilities found in Apple iOS, and the latest on the huge database of Facebook users’ phone numbers found online. Did you know that all electronic devices emit a form of electromagnetic radiation? Well recently we’re starting to see more scientific research come out about the potential health effects of using our mobile devices and other wireless electronics so close...
Android Ghost Click Apps, New Apple Siri Privacy Protections, Credit Card Spying
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston. In episode 84 for September 2nd 2019: “Ghost click” Android apps found on the Google Play Store, new privacy protections for Apple’s Siri voice assistant, and did you know that your credit card may spying on you? I have a question for you. How often do you carry your laptop with you? If you’re a frequent traveler, the answer may be all day and every day. So if you are carrying your laptop around, how are you doing it?...
10 Year Anniversary Episode with Kevin Johnson and Jayson E. Street
In Episode 91 of this very special episode of our monthly show, Tom and Scott are joined by special guests Kevin Johnson and Jayson E. Street back to celebrate the 10 year anniversary of this podcast! We talk about the history of the show, what’s improved (or not improved) in the last 10 years from a cybersecurity and privacy perspective, Kevin’s Star Wars addiction, Jayson’s #HackerAdventures, and we have a very important debate about the future of security awareness and what can be done to provide better education on phishing which continues to be one of the top attack vectors...
New Facebook Privacy Controls, Apple iOS Patching Mistake, MoviePass Data Breach
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston. In episode 83 for August 26th 2019: Facebook announces new off-Facebook activity privacy controls, how Apple made everyone’s iOS device vulnerable, and details on the massive MoviePass data breach. This week I read yet another news article that talked about how thieves stole a Tesla in about 30-seconds using what is known as a relay or key fob attack. The attack works by using a device to amplify the signal from the car thinking that the key fob is...
Biometric Security Data Breach, Critical Windows Vulnerabilities, FBI Data Harvesting
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technologywith your host, Tom Eston. In episode 82 for August 19th 2019: The BioStar2 biometric security data breach, wormable vulnerabilities in Microsoft Windows, and the FBI trying to harvest your social media data. Can you believe that this week we’re celebrating the 10 year anniversary of this podcast? For the last 10 years we’ve been talking about how your private information can be exposed through data breaches, vulnerabilities, exploits, and even through the wireless capabilities of our smartphones and laptops. It seems that in...
BSides Las Vegas, iMessage Exploit, 5G and Stingray Surveillance
This is your Shared Security Weekly Blaze for August 12th 2019 with your host, Tom Eston. In this week’s episode: My summary of last week’s BSides Las Vegas security conference, how a single text message to your iPhone could get you hacked, and how Stingray surveillance devices can still be used on new 5G networks. Wireless technology such as Wi-Fi, Bluetooth, and RFID are integrated into every part of our daily lives. In fact, because everything these days is wireless we can often take the security risks for granted. So if you’re looking to have the ultimate peace of mind,...
Capital One Data Breach, Equifax Settlement Payouts, Nextdoor App Scams
This is your Shared Security Weekly Blaze for August 5th 2019 with your host, Tom Eston. In this week’s episode: everything you need to know about the Capital One data breach, changes in the payouts from the Equifax settlement, and Nextdoor app scams. If you happen to be in the cybersecurity industry this week is what we call “security summer camp” where thousands of cybersecurity professionals, enthusiasts, and even black hat hackers all meet in Las Vegas to attend the Bsides, BlackHat, and the infamous hacker conference, DEF CON. These conferences are probably the most dangerous place on the plant...
Medical Device Security with Special Guest John Nye
In episode 90 of our monthly show we discuss medical device security with John Nye, Senior Director of Cybersecurity Research and Communication at CynergisTek. Do you use an insulin pump, have a pacemaker or other medical device implant? Are you concerned about medical device security and what the future holds for technology like this? If so, this is one show not to miss! The Shared Security Podcast is proudly sponsored by Silent Pocket and Edgewise Networks. Here are show notes and topics we covered with John: Should we be concerned about medical device security? Are the attacks we hear about...
Equifax Settlement, Android Video File Exploit, Encryption Backdoors
This is your Shared Security Weekly Blaze for July 29th 2019 with your host, Tom Eston. In this week’s episode: Details on the Equifax breach settlement, why your Android phone could be exploited by simply watching a video file, and encryption backdoors being requested by world-wide governments. Can you believe that its almost August and that summer is almost over? I was just in Target the other day and noticed that the school supplies are already out! Once you see that you know the Halloween supplies are also right around the corner. It’s totally crazy! I don’t know about you...
This is your Shared Security Weekly Blaze for July 22nd 2019 with your host, Tom Eston. In this week’s episode: The FaceApp privacy panic, Facebooks 5 billion dollar fine from the FTC, and what you need to know about two new types of Amazon scams. Traveling internationally this summer? If so, make sure you protect one of the most valuable documents that youre going to carry, and thats your passport. Not only do you have to worry about losing your passport but you also need to consider the privacy issues if your passport information is exposed. Passport information is often...
Zoom Zero-Day, GDPR Fines, Google Assistant Recordings
This is your Shared Security Weekly Blaze for July 15th 2019 with your host, Tom Eston. In this week’s episode: Zoom video conferencing zero-day, massive fines being issued for violating GDPR, and who might be listening when you talk to your Google Assistant. Looking to protect your laptop, smartphone, and key fobs this summer? Well this week I’m excited to announce that you could win one of two Silent Pocket vacation prize packages which includes a passport wallet, medium faraday sleeve, and 5 liter drybag! Check out our post on Twitter @sharedsec or on Instagram @sharedsecurity for contest rules and...
Amazon Alexa Recordings, Facebook Malware Campaign, Top 3 Tips to Stay Private on Vacation
This is your Shared Security Weekly Blaze for July 8th 2019 with your host, Tom Eston. In this week’s episode: Amazon confirms that Alexa recordings are kept forever, details about one of the largest Facebook malware campaigns, and my top three tips for staying private on vacation. Summer is upon us and that means it’s time for some much needed vacation time with friends and family. Summer also means that you need to be aware of data privacy and how to protect your laptops, smartphones and key fobs while traveling. Airports, concert venues, festivals, beaches, and other public areas can...
US Cyber-Attack on Iran, Poor Government Cybersecurity, Malvertising Campaigns
This is your Shared Security Weekly Blaze for July 1st 2019 with your host, Tom Eston. In this week’s episode: The US cyber-attack on Iran, the sad state of cybersecurity in the US government, and what you need to know about malvertising campaigns. Dont you hate air travel? I know I do! Rude people, crowds, the TSA searching you and your bags because of a toothbrush that for some reason looks like a weapon, and on top of that your flight has a very high chance of being delayed or cancelled! This is the unfortunate reality the minute you get...
The Home Security Episode Locks, Doors, Cameras, and More!
In episode 89 of our monthly show Scott and Tom discuss everything you need to know about home security with physical security expert, Patrick McNeil. We delve deep into the world of locks, lock bumping, doors, windows, surveillance cameras, alarms, and much more. If you’ve always wanted to know how best to protect your home or residence this is one episode not to miss! Check out the YouTube edition of this episode for Patrick’s presentation on lock bumping and the contest we had during the live stream of this episode. The Shared Security Podcast is proudly sponsored by Silent Pocket...
Facebooks New Cryptocurrency, Firefox Zero Day, Smart TV Malware
This is your Shared Security Weekly Blaze for June 24th 2019 with your host, Tom Eston. In this week’s episode: Facebook announces a new cryptocurrency called Libra, two new zero-day vulnerabilities affecting Firefox, and should you be scanning your smart TV for malware? Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi everyone, welcome to the Shared Security Weekly...
US Customs and Border Protection Data Breach, Sign in with Apple, Leaked Facebook Emails
This is your Shared Security Weekly Blaze for June 17th 2019 with your host, Tom Eston. In this week’s episode: the US Customs and Border Protection data breach, the new sign in with Apple button, and more leaked Facebook emails. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi everyone, welcome to the Shared Security Weekly Blaze where we...
Quest Diagnostics Data Breach, Googles Network Outage, US Visa Applicants and Social Media Names
This is your Shared Security Weekly Blaze for June 10th 2019 with your host, Tom Eston. In this week’s episode: the Quest Diagnostics and LabCorp Data Breach, what happens to your smart devices when the Internet goes down, and US visa applicants now required to share their social media names. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi...
Ransomware Rampage, Mobile Phishing Attacks, iPhone App Ad Trackers
This is your Shared Security Weekly Blaze for June 3rd 2019 with your host, Tom Eston. In this week’s episode: US cities are being rampaged with ransomware, mobile phishing attacks on the rise, and do you know what your iPhone is doing while you sleep? Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi everyone, welcome to the Shared...
Equifax Downgraded, Huawei Ban, Google is Tracking Your Purchases
This is your Shared Security Weekly Blaze for May 27th 2019 with your host, Tom Eston. In this week’s episode: Investment firm Moody’s downgrades Equifax, Huawei’s US technology ban, and how Google is tracking all your purchases. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on...
Remotely Killing Car Engines, Password Expiration Policies, Facial Recognition at Airports, InfoSec vs. Cybersecurity
In episode 88 of our monthly show we streamed live on GetVokl! Subscribe to our channel and get notified when we’ll be live so you can chat and participate in our next show! Here are the topics we covered and links to articles we discussed: Hacker Finds He Can Remotely Kill Car Engines After Breaking Into GPS Tracking A hacker by the name of L&M broke into to GPS systems from iTrack and ProTrack which are apps used to manage and monitor fleets of trucks and vehicles. About 27,000 accounts. He could track and shut down the engines of any...
Critical WhatsApp Vulnerability, Facial Recognition Ban, Wormable Flaw in Windows
This is your Shared Security Weekly Blaze for May 20th 2019 with your host, Tom Eston. In this week’s episode: A serious spyware vulnerability in WhatsApp, San Francisco bans facial recognition, and a wormable vulnerability in older Microsoft systems. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi everyone, welcome to the Shared Security Weekly Blaze where we update...
Israel Cyber-Attack Bombing, New Google Privacy Settings, Traditional Mail Blackmail Scam
This is your Shared Security Weekly Blaze for May 13th 2019 with your host, Tom Eston. In this week’s episode: Israel bombs a building in retaliation for a cyber-attack, Google adds more privacy settings, and a new blackmail scam that uses traditional mail. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi everyone, welcome to the Shared Security Weekly...
The End of Password Expiration Policies, Seat-Back Cameras on Airplanes, Unknown Data Breach
This is your Shared Security Weekly Blaze for May 6th 2019 with your host, Tom Eston. In this week’s episode: Is this the end of password expiration policies, are there camera’s recording you on an airplane, and the unknown data breach exposing 80 million records. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi everyone, welcome to the Shared...
All about VPNs with Gaya Polat from vpnMentor
Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Tom Eston: Joining me on the podcast to discuss VPNs is Gaya Polat from vpnMentor. Welcome, Gaya. Gaya Polat: Hello. Tom Eston: Alright. So first question about VPNs is, maybe for our audience that may not be familiar with VPNs, what is a VPN and why should someone use one? Gaya...
The State of Cybersecurity Training and Certifications with Kevin Johnson
In episode 87 of our monthly show, frequent guest Kevin Johnson joins us to discuss the current state of cybersecurity training and certifications. If you’re currently in the industry or pursuing a career in cybersecurity this is one episode not to miss! Tom and Kevin cover the following topics: Whats the state of training and certifications in our industry? Why is some training so expensive? How did we get here? Whats the biggest challenge we face? What should we look for in a training provider and are certifications really worth it? What certifications are valuable? We also discuss the recent...
Microsoft Email Hacked, Instagram Nasty List Phishing Scam, Facebook Third-Party Data Deals
This is your Shared Security Weekly Blaze for April 22nd 2019 with your host, Tom Eston. In this week’s episode: Microsoft email services hacked, the Instagram “Nasty List” phishing scam, and Facebook’s attempted deals to sell your data. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi everyone, welcome to the Shared Security Weekly Blaze where we update you...
Amazon Echo Recording Controversy, New Mobile Phone Scam, Hotels Leaking Data
This is your Shared Security Weekly Blaze for April 15th 2019 with your host, Tom Eston. In this week’s episode: Amazon Echo’s recording controversy, a new mobile phone scam, and hotels leaking your private information. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top...
Facebooks Bad Week, Stalkerware, Tax Season Scams
This is your Shared Security Weekly Blaze for April 8th 2019 with your host, Tom Eston. In this week’s episode: Facebook’s very bad week, Stalkerware on the rise, and tax season scams. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and...
Apple Card, ASUS Live Update Backdoor, Statistics on Malware Attacks
This is your Shared Security Weekly Blaze for April 1st 2019 with your host, Tom Eston. In this week’s episode: Apple’s new privacy focused credit card, the ASUS live update software backdoor, and recent statistics on Malware attacks. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi everyone, welcome to the Shared Security Weekly Blaze where we update you...
Facebook Passwords Exposed, Android Q Privacy, Microsoft Office Targeted
This is your Shared Security Weekly Blaze for March 25th 2019 with your host, Tom Eston. In this week’s episode: Facebook passwords exposed in plain text, Android Q’s new privacy features, and why Microsoft Office is the most popular target for cybercriminals. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi everyone, welcome to the Shared Security Weekly Blaze...
Verifications.io Data Breach, Capsizing a Ship with a Cyberattack, Worlds Most Dangerous Malware
In episode 86 of our monthly show we discuss Tom’s new garbage service (yep, that’s right) and why taking credit cards by filling out a form and mailing it is never a good idea, the Verifications.io data breach, how a cyberattack could capsize a ship, and the world’s most dangerous malware. This was also the first show we streamed live over Twitch. Be sure to subscribe to us on Twitch to get notified when we’ll be live! Links to articles mentioned on the show: Verifications.io data breach How a cyberattack can capsize a ship Triton is the worlds most murderous...
Equifax and Marriott Data Breach Updates, Facial Recognition at the Airport, Citrix Password Spraying Attack
** Correction about CLEAR as noted in this episode of the podcast. CLEAR does not use Facial Recognition technology, only iris or fingerprint biometric scans ** This is your Shared Security Weekly Blaze for March 18th 2019 with your host, Tom Eston. In this week’s episode: Equifax and Marriott data breach updates, facial recognition coming to 20 US airports, and the Citrix password spraying attack. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of...
Google Chrome Zero-Day, Facebook Phone Number Privacy, NSA Phone Data Collection Program
This is your Shared Security Weekly Blaze for March 11th 2019 with your host, Tom Eston. In this week’s episode: a new Google Chrome Zero-Day, how Facebook uses your phone number, and the shutdown of the NSA’s phone data collection program. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Hi everyone, welcome to the Shared Security Weekly Blaze where...
Multi-Factor Authentication, New Attacks on 4G and 5G Mobile Networks
This is your Shared Security Weekly Blaze for March 4th 2019 with your host, Tom Eston. In this week’s episode: Multi-factor authentication to protect your credentials, and new attacks on 4G and 5G mobile networks. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer. Almost every day we hear about a new data breach or leak of personal data. In...
Google Nests Secret Microphone, Facebook Login Phishing, Password Manager Vulnerabilities
This is your Shared Security Weekly Blaze for February 25th 2019 with your host, Tom Eston. In this week’s episode: Google Nest’s secret microphone, a new Facebook login phishing campaign, and vulnerabilities in popular password managers. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer. Hi everyone,...
Preventing Illegal Robocalls, Webcam Spying, Dating App Account Hacking
This is your Shared Security Weekly Blaze for February 18th 2019 with your host, Tom Eston. In this week’s episode: Preventing illegal robocalls, should you be scared of your laptop’s webcam, and recent hacks of popular dating apps. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer....
Artificial Intelligence in Cybersecurity, Apple FaceTime Bug, Nest Camera Passwords
In episode 85 of our monthly show we discuss artificial intelligence in cybersecurity, the recent Apple FaceTime bug, and the controversy over compromised Nest camera’s. This was also the first show we streamed live over YouTube! You can re-watch the live stream on our YouTube Channel. The Shared Security Podcast sponsored by Silent Pocket and Edgewise Networks. Be sure to follow the Shared Security Podcast on Facebook, Twitter and Instagram for the latest news and commentary. If you have feedback or topic ideas for the show you can email us at feedback[aT]sharedsecurity.net. First time listener to the podcast? Please subscribe...
DNA Testing and the FBI, $198 Million Dollar Cryptocurrency Password, Password Checkup Chrome Extension
This is your Shared Security Weekly Blaze for February 11th 2019 with your host, Tom Eston. In this week’s episode: DNA testing and the FBI, the $198 million dollar cryptocurrency password, and a new Chrome extension to protect your accounts from data breaches. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take...
Massive Apple FaceTime Privacy Bug, Selling Your Privacy for Money, Insecure Smart Light Bulbs
This is your Shared Security Weekly Blaze for February 4th 2019 with your host, Tom Eston. In this week’s episode: The massive Apple FaceTime privacy bug, selling your privacy for money, and insecure smart light bulbs. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer. Hi everyone,...
The Lack of US Privacy Regulations, Nest Cameras Hijacked
This is your Shared Security Weekly Blaze for January 28th 2019 with your host, Tom Eston. In this week’s episode: Where are the US federal privacy regulations and details on Nest camera’s being hijacked in credential stuffing attacks. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer....
Ring Doorbell Privacy Concerns, Recent Password Breach News, Biometrics and Fifth Amendment Rights
This is your Shared Security Weekly Blaze for January 21st 2019 with your host, Tom Eston. In this week’s episode: Ring doorbell privacy concerns, news on a recent password breach, and a new ruling on biometrics and Fifth Amendment rights. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this...
US Government Shutdown, Privacy at CES 2019, Mobile Location Data Controversy
This is your Shared Security Weekly Blaze for January 14th 2019 with your host, Tom Eston. In this week’s episode: The US government shutdown and cybersecurity, privacy takes center stage at CES 2019, and a mobile location data controversy. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive...
Cybersecurity Careers, Recruiting, and Volunteering with Kathleen Smith
New year, new Cybersecurity job? If you’re looking for a new job or just starting out in Cybersecurity you’ll want to listen to this episode of our monthly show where we’re joined by special guest Kathleen Smith, CMO of ClearedJobs.net and CyberSecJobs.com. We discuss Kathleen’s recent survey on people who advance their career by volunteering in the Cybersecurity community, the Hire Ground career track at the BSides Las Vegas cybersecurity conference, how to work with recruiters and job boards, why you should plan (rather than react) when you look for a new job, and much more! Thanks again to Kathleen...
Newspaper Ransomware Attack, How Facebook Tracks You on Android, USB-Type-C Authentication
This is the 50th episode of the Shared Security Weekly Blaze for January 7th 2019 with your host, Tom Eston. In this week’s episode: Newspaper Ransomware Attack, How Facebook Tracks You on Android, and USB-Type-C Authentication Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer. Hi everyone,...
This is your Shared Security Weekly Blaze for December 31st 2018 with your host, Tom Eston. In this week’s episode: a new phishing attack targeting two-factor authentication, Amazon Echo eavesdropping, and a new Netflix email scam. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer. Hi everyone,...
The Year in Review and 2019 Predictions with Special Guest Kevin Johnson
Watch this episode on our YouTube channel! In this year end episode of the podcast, we’re joined by frequent guest Kevin Johnson to recap the big cybersecurity and privacy news of this past year, talk about a little movie called Star Wars, and have some fun discussing our “predictions” for what’s to come in 2019. The Shared Security Podcast sponsored by Silent Pocket and Edgewise Networks. Thank you to our listeners and sponsors for an amazing year! We really appreciate your support of the show! Be sure to follow the Shared Security Podcast on Facebook, Twitter and Instagram for the...
Healthcare Databases Exposed, Facebooks Photo API Bug, Signal Speaks Out WB48
Watch this episode on our YouTube channel! This is your Shared Security Weekly Blaze for December 24th 2018 with your host, Tom Eston. In this week’s episode: Healthcare databases exposed, Facebook’s Photo API bug, and Signal speaks out. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer....
Equifax Data Breach Details Released, More Google+ API Bugs, Supermicro Strikes Back WB47
Watch this episode on our YouTube channel! This is your Shared Security Weekly Blaze for December 17th 2018 with your host, Tom Eston.In this week’s episode: Equifax data breach details released, more Google+ API bugs and Supermicro strikes back. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive...
The Quora Data Breach, Facebooks Private Emails, Google Location Tracking WB46
Watch this episode on our YouTube channel! This is your Shared Security Weekly Blaze for December 10th 2018 with your host, Tom Eston. In this week’s episode: In this week’s episode: the Quora data breach, Facebook’s private emails, and Google location tracking. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage...
Massive Marriott Data Breach, Secure Holiday Shopping Tips, Phishing Sites Using HTTPS WB45
Watch this episode on our YouTube channel! This is your Shared Security Weekly Blaze for December 3rd 2018 with your host, Tom Eston. In this week’s episode: the massive Marriott data breach, secure holiday shopping tips, and phishing sites using HTTPS. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of...
Special Guest Tanya Janca, DevOps and AppSec, Women in Cybersecurity #82
In this episode Tom and Scott are joined by special guest Tanya Janca who is a Senior Cloud Developer Advocate for Microsoft. We speak with Tanya about her journey into the world of AppSec, women and minorities in Cybersecurity, her advice for getting started in AppSec, her OWASP project (DevSlop), the current state of DevOps and privacy, and much more! Tanya is one of our most fun and engaging guests, it’s one not to miss! Below are show notes and links mentioned in the podcast: Tanya’s blog on Medium and her article on getting started in AppSec. Follow Tanya on...
This is your Shared Security Weekly Blaze for November 26th 2018 with your host, Tom Eston. In this week’s episode: Vehicle infotainment privacy, Instagram’s accidental password exposure, and the Firefox monitor data breach notification service. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer. Hi everyone, welcome...
Harry Sverdlove, Edgewise Founder and CTO Special Edition
In this special edition of the podcast we speak to Harry Sverdlove, who is the Founder and Chief Technology Officer of Edgewise. Harry talks with us about the concept of “zero trust” and their innovative technology that can help stop data breaches. Find out more at Edgewise.net and to schedule a demo by clicking on the “Request Demo” button on the main page.
Thanks again to Harry for being our guest on the show and to Edgewise for sponsoring the podcast!
The post Harry Sverdlove, Edgewise Founder and CTO – Special Edition appeared first on Shared Security Podcast.
This is your Shared Security Weekly Blaze for November 19th 2018 with your host, Tom Eston. In this week’s episode: USPS Informed delivery vulnerabilities, protecting yourself from credit card fraud and a huge SMS database leak. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off your order. Visit silent-pocket.com to take advantage of this exclusive offer. Hi everyone, welcome...
This is your Shared Security Weekly Blaze for November 12, 2018 with your host, Tom Eston. In this week’s episode: Midterm Election Security, Gait Recognition Surveillance Technology and Caller ID Authentication Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer. Hi everyone, this is Tom Eston, Co-host...
Microsoft and Apple Security Updates, Signals Sealed Sender, Girl Scouts Data Breach WB41
This is your Shared Security Weekly Blaze for November 5th 2018 with your host, Tom Eston. In this week’s episode: Microsoft and Apple security Updates, Signal’s sealed sender and the Girl Scouts data breach. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer. Hi everyone, this is...
Fortnite Scams, Google Search Privacy, Bloomberg SuperMicro Controversy #81
This is the 81st episode of the Shared Security Podcast sponsored by Silent Pocket and Edgewise Networks was hosted byTom EstonandScott Wright recorded on October 29, 2018. Listen to this episode and previous ones direct via your web browser by clicking here. This episode is also available to watch on our YouTube Channel. In this episode Tom and Scott cover the recent rise in Fortnite scams, new privacy controls in Google search and the controversy over the Bloomberg article and SuperMicro. Below are show notes and links mentioned in the podcast: Fortnite scams are increasing due to the massive popularity...
Spy Apps and Stalkerware with Special Guest Jeff Tang WB40
This is your Shared Security Weekly Blaze for October 29th 2018 with your host, Tom Eston. In this week’s episode: Spy apps and Stalkerware with special guest Jeff Tang. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer. Spy apps, or better known as “stalkerware”, are apps...
Hotel Room Security and Privacy with Special Guest Patrick McNeil WB39
This is your Shared Security Weekly Blaze for October 22nd 2018 with your host, Tom Eston. In this week’s episode: Hotel Room Security and Privacy with Special Guest Patrick McNeil. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer. Hotel security has been a hot topic being...
Google+ Shutdown, Weapons Systems Vulnerabilities, Voice Phishing Scams WB38
This is your Shared Security Weekly Blaze for October 15th 2018 with your host, Tom Eston. In this week’s episode: Google+ shutdown, weapons systems vulnerabilities, and new data on voice phishing scams. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer. Hi everyone, this is Tom Eston,...
Chinese Spying, Facebook Shadow Contact Information, iPhone X FaceID Privacy WB37
This is your Shared Security Weekly Blaze for October 8th 2018 with your host, Tom Eston. In this week’s episode: Chinese Spying, Facebook Shadow Contact Information and iPhone X FaceID Privacy. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer. Hi everyone, this is Tom Eston, Co-host...
Facebooks Fake Account Crackdown, Privacy Upgrade to HTTPS, New Security Features in Apple iOS 12 WB36
This is your Shared Security Weekly Blaze for October 1st 2018 with your host, Tom Eston. In this week’s episode: Facebook’s fake account crackdown, privacy upgrade to HTTPS, and new security features in Apple iOS 12. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer. Hi everyone,...
Mobile Phone Call Scams, Pegasus Mobile Spyware, Newegg Data Breach WB35
This is the Shared Security Weekly Blaze for September 24, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutionsand Silent Pocket. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here. You can also watch each episode of the podcast on our YouTube Channel! Show Transcript This is your Shared Security Weekly Blaze for September 24th 2018 with your host, Tom Eston. In this week’s episode: Mobile phone call scams, Pegasus mobile spyware, and the Newegg data breach. Silent Pocket is a proud sponsor of...
Malware-Less Email Attacks, Equifax Breach Updates, Vizio Class Action Lawsuit
This is the Shared Security Weekly Blaze for September 17, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutionsand Silent Pocket. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here. You can also watch each episode of the podcast on our YouTube Channel! Show Transcript This is your Shared Security Weekly Blaze for September 17th 2018 with your host, Tom Eston. In this week’s episode: Malware-less email attacks, Equifax breach updates and the Vizio class action lawsuit. Silent Pocket is a proud sponsor of...
Episode 80 Special Guest Chris Hadnagy and Social Engineering The Science of Human Hacking
This is the 80th episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions and Silent Pocket. This episode was hosted byTom EstonandScott Wright recorded September 5, 2018. Listen to this episode and previous ones direct via your web browser by clicking here! This podcast is also available to watch on our YouTube Channel. In this very special episode we’re joined by Chris Hadnagy (@humanhacker) who is the author of the new book “Social Engineering: The Science of Human Hacking”. We talk with Chris about his new book, how Social Engineering...
Five Eyes Security Alliance, Google and Your Offline Purchases, Privacy by Default in Firefox
This is the Shared Security Weekly Blaze for September 10, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutionsand Silent Pocket. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here. You can also watch the podcast by subscribing to our YouTube Channel! Show Transcript This is your Shared Security Weekly Blaze for September 10th 2018 with your host, Tom Eston. In this week’s episode: The five eyes security alliance, Google and your offline purchases, and privacy by default in Firefox. Silent Pocket is a...
US Federal Privacy Law, WhatsApp Google Drive Warning, Improved Security for Instagram
This is the Shared Security Weekly Blaze for September 3, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutionsand Silent Pocket. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Show Transcript This is your Shared Security Weekly Blaze for September 3rd 2018 with your host, Tom Eston. In this week’s episode: US Federal Privacy Law, WhatsApp’s Google Drive Warning and Improved Security for Instagram. Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product...
Election Hacking and Vulnerable Voting Machines
This is the 79th episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions and Silent Pocket. This episode was hosted byTom EstonandScott Wright recorded August 23, 2018. Listen to this episode and previous ones direct via your web browser by clicking here! This episode is available on our YouTube Channel and is the very first episode that we recorded over video via Skype! We apologize for the poor video quality at times and will be testing additional video streaming via Facebook or YouTube live in the future. Please subscribe to...
New TSA Body Scanners, Back to School Cybersecurity, Instagram Hacking
This is the Shared Security Weekly Blaze for August 27, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutionsand Silent Pocket. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Show Transcript This is your Shared Security Weekly Blaze for August 27th 2018 with your host, Tom Eston. In this week’s episode: New TSA Body Scanners, Back to School Cybersecurity, and Instagram Hacking. The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and...
The Shared Security Weekly Blaze ATM Cashout Attacks, Mobile Phone Voicemail Security, Google Location Tracking
This is the Shared Security Weekly Blaze for August 20, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutionsand Silent Pocket. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Show Transcript This is your Shared Security Weekly Blaze for August 20th 2018 with your host, Tom Eston. In this week’s episode: ATM cashout attacks, mobile phone voicemail security and Google location tracking. The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and...
The Shared Security Weekly Blaze Facebook and your Financial Transactions, Smart Home Security, Critical HP Printer Vulnerabilities
This is the Shared Security Weekly Blaze for August 13, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutionsand Silent Pocket. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Show Transcript This is your Shared Security Weekly Blaze for August 13th 2018 with your host, Tom Eston. In this week’s episode: Facebook and your financial transactions, Smart Home security and critical HP printer vulnerabilities. The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases,...
The Shared Security Weekly Blaze Quiet Skies TSA Surveillance Program, SIM Hijacking and the Reddit Data Breach, Sextortion Scams
This is the Shared Security Weekly Blaze for August 6, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutionsand Silent Pocket. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Show Transcript This is your Shared Security Weekly Blaze for August 6, 2018 with your host, Tom Eston. In this week’s episode: The Quiet Skies TSA surveillance program, SIM hijacking and the Reddit data breach and Sextortion scams. The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line...
The Shared Security Weekly Blaze Bluetooth Vulnerabilities, Malicious Apps Removed from Twitter, Gmail Confidential Mode
This is the Shared Security Weekly Blaze for July 30th, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutionsand Silent Pocket. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! Click here to leave your review in iTunes! Show Transcript This is your Shared Security Weekly Blaze for July 30th 2018 with...
The Shared Security Podcast Episode 78 Summer Camp Facial Recognition, Dark Web Dangers
This is the 78th episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions and Silent Pocket. This episode was hosted byTom EstonandScott Wright recorded July 18, 2018. Listen to this episode and previous ones direct via your web browser by clicking here! Subscribe to our new email list! Stay up-to-date on the latest episodes, receive exclusive offers from our sponsors, participate in contests and gain access to content just for our email subscribers! Sign-up via this link today! In this episode Tom and Scott discuss the recent trend in using...
The Shared Security Weekly Blaze Lost and Stolen Devices, Instagram and SIM Hijacking, LabCorp Security Breach
This is the Shared Security Weekly Blaze for July 23rd, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutionsand Silent Pocket. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! Show Transcript This is your Shared Security Weekly Blaze for July 23rd 2018 with your host, Tom Eston. In this week’s episode:...
The Shared Security Weekly Blaze Polar Fitness App Location Data Exposed, Blocking Scam Phone Calls, Samba TV Privacy Controversy
This is the Shared Security Weekly Blaze for July 16th, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutionsand Silent Pocket. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! Show Transcript This is your Shared Security Weekly Blaze for July 16th 2018 with your host, Tom Eston. In this week’s episode:...
The Shared Security Weekly Blaze Mobile App Data Leaks, The California Privacy Act, Third-party Gmail Access
This is the Shared Security Weekly Blaze for July 2nd, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutionsand Silent Pocket. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! Show Transcript This is your Shared Security Weekly Blaze for July 9th 2018 with your host, Tom Eston. In this week’s episode:...
The Shared Security Weekly Blaze New WPA3 Wireless Standard, Malicious Smartphone Batteries, Exactis Data Leak
This is the Shared Security Weekly Blaze for July 2nd, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! Show Transcript This is your Shared Security Weekly Blaze for July 2nd 2018 with your host, Tom Eston. In this week’s episode:...
The Shared Security Podcast Episode 77 Personal Risk Assessments, Stingray Surveillance Devices
This is the 77th episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom EstonandScott Wright recorded June 19, 2018. Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! In this episode Tom and Scott discuss the concept of developing your own privacy threat model and...
The Shared Security Weekly Blaze MyLobot Malware, Updates on Third-Party Location Data Sharing, Fortnite Scam Websites
This is the Shared Security Weekly Blaze for June 25, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! Show Transcript This is your Shared Security Weekly Blaze for June 25th 2018 with your host, Tom Eston. In this week’s episode:...
The Shared Security Weekly Blaze Ultrasonic Hard Drive Attacks, Dangerous USB Devices, Email Fraudsters Arrested
This is the Shared Security Weekly Blaze for June 18, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! Show Transcript This is your Shared Security Weekly Blaze for June 18, 2018 with your host, Tom Eston. In this week’s episode:...
The Shared Security Weekly Blaze MyHeritage Data Breach, Facebooks Data Sharing Partnership, Apple iOS 12 and macOS Updates
This is the Shared Security Weekly Blaze for June 11, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! Show Transcript This is your Shared Security Weekly Blaze for June 11th 2018 with your host, Tom Eston. In this week’s episode:...
The Shared Security Weekly Blaze Telegram Messenger in Russia, Amazons Facial Recognition Technology, Digital License Plates
This is the Shared Security Weekly Blaze for June 4, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! Show Transcript This is your Shared Security Weekly Blaze for June 4th 2018 with your host, Tom Eston. In this week’s episode:...
The Shared Security Weekly Blaze Real-time Location Tracking, VPNFilter Router Malware, Apples GDPR Updates
This is the Shared Security Weekly Blaze for May 28, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! Show Transcript This is your Shared Security Weekly Blaze for May 28th 2018 with your host, Tom Eston. In this week’s episode:...
The Shared Security Weekly Blaze Efail Vulnerabilities and PGP Encryption, Facebooks App Investigation, Nest Password Notifications
This is the Shared Security Weekly Blaze for May 21, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! Show Transcript This is your Shared Security Weekly Blaze for May 21st 2018 with your host, Tom Eston. In this week’s episode:...
The Shared Security Weekly Blaze Recent Windows Vulnerabilities, Exposed Passwords, Credit Freeze Controversy
This is the Shared Security Weekly Blaze for May 14, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! Show Transcript This is your Shared Security Weekly Blaze for May 14th 2018 with your host, Tom Eston. In this week’s episode:...
The Shared Security Podcast Episode 76 Special Guest Kevin Johnson (@secureideas), Router Hacking, GDPR, NSA Metadata
This is the 76th episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom EstonandScott Wrightwith special guest Kevin Johnson recorded May 7, 2018. Listen to this episode direct via this link or through the media player embedded in this post! Interview with special guest Kevin Johnson Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic...
The Shared Security Weekly Blaze DNA Privacy, This Weeks Social Media Privacy News Roundup, Remote Car Hacking
This is the Shared Security Weekly Blaze for May 7, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom Eston.Listen to this episode and previous ones direct via your web browser by clicking here! Leave us a review! If you like this podcast we would really appreciate you leaving a review in iTunes or your favorite podcatcher app. Reviews really help move us up the podcast ratings list and are greatly appreciated! Show Transcript This is your Shared Security Weekly Blaze for May 7th 2018 with your host,...
The Shared Security Weekly Blaze Child Identity Fraud, Tech Support Scams, Amazon Key In-Car Delivery
This is the Shared Security Weekly Blaze for April 30, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom Eston. Show Transcript This is your Shared Security Weekly Blaze for April 30th 2018 with your host, Tom Eston. In this week’s episode: Child Identity Fraud, Tech Support Scams and Amazon Key In-Car Delivery. The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals which will make your devices instantly untrackable,...
The Shared Security Weekly Blaze Androids Toxic Hellstew of Vulnerabilities, Facebooks New Privacy Controls, Russian Router Hacking
This is the Shared Security Weekly Blaze for April 23, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom Eston. Show Transcript This is your Shared Security Weekly Blaze for April 23rd 2018 with your host, Tom Eston. In this week’s episode: Android’s Toxic Hellstew of Vulnerabilities, Facebook’s New Privacy Controls and Russian Router Hacking. The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals which will make your devices...
The Shared Security Podcast Episode 75 Cybersecurity Education with Gotham Sharma (@g0thamsharma) and Dr. Brian Krupp (@briankrupp)
This is the 75th episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom EstonandScott Wrightwith special guests Gotham Sharma and Dr. Brian Krupp recorded April 16, 2018. The Cybersecurity Education Episode In this episode we’re joined by two cybersecurity educators for their perspective on the current state of education in the cybersecurity industry. This is a really important topic given the current cybersecurity skills shortage where its becoming more difficult to find qualified and skilled individuals to fill cybersecurity jobs. Gotham Sharma serves...
The Shared Security Weekly Blaze Facebook goes to Congress, More Data Breach Announcements, New Hope for Replacing Passwords
This is the Shared Security Weekly Blaze for April 16, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom Eston. Show Transcript This is your Shared Security Weekly Blaze for April 16th 2018 with your host, Tom Eston In this week’s episode: Facebook goes to Congress, More Data Breach Announcements and a New Hope for Replacing Passwords The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals which will make...
The Shared Security Weekly Blaze The #DeleteFacebook Movement, Cloudflares New Privacy Focused DNS Service, Saks Fifth Avenue and Panera Data Breaches
This is the Shared Security Weekly Blaze for April 9, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions,Silent Pocketand CISOBox. This episode was hosted byTom Eston. Show Transcript This is your Shared Security Weekly Blaze for April 9th 2018 with your host, Tom Eston In this week’s episode: The #DeleteFacebook Movement, Cloudflare’s New Privacy Focused DNS Service and the Saks Fifth Avenue and Panera Data Breaches The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals...
The Shared Security Weekly Blaze Facebooks Privacy Firestorm, MyFitnessPal Data Breach, Ramifications of CLOUD and FOSTA
This is the Shared Security Weekly Blaze for April 2, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment SolutionsandSilent Pocket. This episode was hosted byTom Eston. Show Transcript This is your Shared Security Weekly Blaze for April 2nd 2018 with your host, Tom Eston. In this week’s episode: Facebook’s Privacy Firestorm, the MyFitnessPal Data Breach and Ramifications of the CLOUD and FOSTA Bills The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals which will make your...
The Shared Security Podcast Episode 74 Special Guest Rachel Tobac (@RachelTobac)
This is the 74th episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted byTom EstonandScott Wrightwith special guest Rachel Tobac recorded March 25, 2018. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Interview with special guest Rachel Tobac Rachel is the CEO & Co-founder of SocialProof Security where she helps people and companies keep their data safe by training them on social engineering risks. Rachel also placed second place two years in a row in the DEF CON hacking...
The Shared Security Weekly Blaze Facebook and the Cambridge Analytica Controversy, Vulnerable VPNs, Siri Lock Screen Privacy
This is the Shared Security Weekly Blaze for March 26, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions.This episode was hosted byTom Eston. Show Transcript This is your Shared Security Weekly Blaze for March 26th 2018with your host, Tom Eston. In this week’s episode: Facebook and the Cambridge Analytica Controversy, Vulnerable VPNs and Siri Lock Screen Privacy Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are...
The Shared Security Weekly Blaze The Insecure Internet of Things, Spectre Patch Updates, Android Malware
This is the Shared Security Weekly Blaze for March 19, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions.This episode was hosted byTom Eston. Show Transcript This is your Shared Security Weekly Blaze for March 19th 2018 with your host, Tom Eston. In this week’s episode: The Insecure Internet of Things, Spectre Patch Updates and Android Malware. Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published...
The Shared Security Weekly Blaze Malicious Healthcare Workers, New Attacks on Mobile Networks, Facebook Messenger for Kids
This is the Shared Security Weekly Blaze for March 12, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions.This episode was hosted byTom Eston. Show Transcript This is your Shared Security Weekly Blaze for March 12th 2018with your hostTom Eston In this week’s episode: Malicious Healthcare Workers, New Attacks on Mobile Networks, and Facebook Messenger for Kids Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published...
The Shared Security Weekly Blaze Facebook Face Recognition, Private Web Browsing, Credit Card Fraud
This is the Shared Security Weekly Blaze for March 5, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions.This episode was hosted byTom Eston. Show Transcript This is your Shared Security Weekly Blaze for March 5th 2018with your hostTom Eston In this week’s episode: Facebook Face Recognition, Private Web Browsing and Credit Card Fraud Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and...
The Shared Security Weekly Blaze AI Enabled Privacy Policies, New Android Updates, Hotel Room Inspections
This is the Shared Security Weekly Blaze for February 26, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions.This episode was hosted byTom Eston. Show Transcript This is your Shared Security Weekly Blaze for February 26th 2018with your hostTom Eston In this week’s episode: AI Enabled Privacy Policies, New Android Updates and Hotel Room Inspections Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday...
The Shared Security Weekly Blaze Instagram Social Stalking, Cryptojacking, Equifax Breach Updates
This is the Shared Security Weekly Blaze for February 19, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions.This episode was hosted byTom Eston. Show Transcript This is your Shared Security Weekly Blaze for February 19th 2018with your hostTom Eston In this week’s episode: Instagram Social Stalking, Cryptojacking, Equifax Breach Updates Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes...
This is the 73rd episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted byTom EstonandScott Wrightrecorded February 14, 2018. Below are the show notes, commentary, links to articles and news mentioned in the podcast: The Shared Security Amazing Thing of the Month This month we discuss why it’s important to use a password manager as well as our personal recommendations on which one to use. Tom prefers KeePass, while Scott prefers LastPass. Regardless of our preference…any password manager you choose is better than none! Product Review:Silent...
The Shared Security Weekly Blaze Tax Season Scams, SIM Hijacking, Smart TV Privacy
This is the Shared Security Weekly Blaze for February 12, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions.This episode was hosted byTom Eston. Show Transcript This is your Shared Security Weekly Blaze for February 12th 2018with your hostTom Eston In this week’s episode: Tax Season Scams, SIM Hijacking and Smart TV Privacy Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are...
The Shared Security Weekly Blaze License Plate Tracking, Jackpotting ATMs, Strava Global Heatmap Controversy
This is the Shared Security Weekly Blaze for February 5, 2018 sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions.This episode was hosted byTom Eston. Show Transcript This is your Shared Security Weekly Blaze for February 5th 2018with your hostTom Eston In this week’s episode: ICE license plate tracking database, the first Jackpotting attacks on US ATMs and the Strava global heatmap controversy. Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week....
The Shared Security Podcast Episode 72 Mobile Phone Emergency SOS, Overview of Meltdown and Spectre
This is the 72nd episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted byTom EstonandScott Wrightrecorded January 22, 2018. Below are the show notes, commentary, links to articles and news mentioned in the podcast: The Shared Security Amazing Thing of the Month (we’re not sure what to name this new segment so we’re rolling with this for now…) Tom and Scott discuss the emergency SOS feature on your mobile device. There was a recent story in the news about a college student who was able to...
The Shared Security Weekly Blaze Dark Caracal, Meltdown and Spectre Debacle, Amazon Go
This is the first episode of the Shared Security Weekly Blaze podcast.This episode was hosted byTom Eston. Every Monday we’ll be releasing a short podcast, in 15 minutes or less, covering the top 3 hot news topics happening in the security and privacy world. The idea is to give you fast and consumable security and privacy “news that you can use”. These weekly podcasts are in addition to our traditional monthly podcast which will continue to cover security and privacy topics in more detail. In this week’s episode we talk about a new form of mobile malware called Dark Caracal,...
The Shared Security Podcast Episode 71 Special Guest Rebecca Herold The Privacy Professor (@PrivacyProf)
This is the 71st episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted byTom EstonandScott Wrightwith special guest Rebecca Herold recorded December 13, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Interview and discussion about privacy with Rebecca Herold Rebecca has over 25 years of IT, info sec, privacy & security experience; is CEO & Founder (2004) of Rebecca Herold & Associates, LLC, aka The Privacy Professor(R); and President & Co-Founder (2014) of SIMBUS360. Rebecca is also an...
The Shared Security Podcast Episode 70 Insider Threat Psychology with Special Guest Dr Helen Ofosu
This is the 70th episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted byTom EstonandScott Wrightwith special guest Dr Helen Ofosu recorded November 29, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Interview and discussion about insider threat psychology with Dr Helen Ofosu Dr Ofosu has more than 15 years of experience using industrial and organizational psychology in the business and government sectors. Dr Ofosu brings her vast knowledge, sensitivity, and special brand of humor to her career...
The Shared Security Podcast Episode 69 Amazon Key, KRACK and DUHK Attacks, New Devices to Steal a Car
This is the 69th episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted byTom EstonandScott Wrightrecorded October 25, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Amazon Key opens your home for indoor deliveries A new Amazon Prime service now allows your package couriers access to your home to drop off deliveries. The system uses a Amazon smart lock and connected camera. Innovation or invasion of privacy/security nightmare? Tom and Scott debate the pros and cons! Severe WiFi...
The Shared Security Podcast Episode 68 Special Guest Chris Hadnagy, Innocent Lives Foundation, Social Engineering
This is the 68th episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted byTom EstonandScott Wrightwith special guest Chris Hadnagy from the Innocent Lives Foundation and Social-Engineer.org recorded September 27, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Interview with Chris Hadnagy from the Innocent Lives Foundation Chris Hadnagy is a professional social engineer, founder of Social-Engineer.org, book author, host of the Social Engineer Podcast and founder of the Innocent Lives Foundation. Chris talks to us about his...
The Shared Security Podcast Episode 67 SpamBot Exposed, Mobile App Tracking, Smart Lock Fail
This is the 67th episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted byTom EstonandScott Wrightrecorded September 6, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Over 711 Million Email Addresses Exposed From SpamBot Server Apparently, one of the largest cache of email addresses and SMTP credentials has been discovered. This list was used to distribute SPAM and banking malware. Tom and Scott recommend that you sign up for breach notifications from Troy Hunt’s “Have I been Pwned”...
The Shared Security Podcast Episode 66 Ring Doorbell Camera Review, Traffic Apps, Amazon Echo
This is the 66th episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted byTom EstonandScott Wrightrecorded July 24, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Tom’s review of the Ring doorbell camera Tom discusses his recently purchased a Ring doorbell camera, some of the features, challenges and tips for use. Disclaimer: This review was not sponsored by Ring…although we’re happy to test other Ring products if Ring would like to get in touch with us. When traffic...
The Shared Security Podcast Episode 65 Smart TV Hacks, New Privacy Concerns, Phishing for Selfies
This is the 65th episode of the Shared Security Podcast sponsored bySecurity Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted byTom EstonandScott Wrightrecorded July 6, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Smart TV hack embeds attack code into broadcast signalno access required A new vulnerability has been discovered in the way Smart TV’s use “Digital Video Broadcasting Terrestrial” (or DVB-T) to receive TV signals. There is low risk on this one as the attack requires a specialized transmitter but it’s interesting to see...
The Shared Security Podcast Episode 64 Ultrasonic Ads, Home Security Vulnerabilities, Printer Tracking Dots
This is the 64th episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston,Scott Wrightrecorded June 7, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: More Android phones than ever are covertly listening for inaudible sounds in ads Marketers can now use apps to listen for “beacons” that indicate when a person is watching a specific TV commercial or other type of audio. If you have an Android phone there are many apps that are...
The Shared Security Podcast Episode 63 Special Guest Jayson E. Street, Misconceptions About VPNs
This is the 63rdepisode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston,Scott Wrightand special guest Jayson E. Street recorded April 12, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Interview with Special Guest Jayson E. Street In this episode we were joined by “notorious” hackerJayson E. Street who is the InfoSec Ranger at Pwnie Express, Senior Partner at Krypton Security, CEO of Stratagem 1 Solutionsand author of severalbooks. Here is a short snippet of...
This is the 62nd episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom EstonandScott Wrightrecorded March 1, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: “CloudBleed” what is it and are you affected? Internet company Cloudflare recently discovered that they were vulnerable to a rather significant memory leak in which“1 in every 3,300,000 HTTP requests through Cloudflare” was potentially exposed. What this means is that if you were using one of the 3,400 applications that...
The Shared Security Podcast Episode 61 Home Device Hijacking, Used Device Security, Creepy Facebook Search Tool
This is the 61st episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom EstonandScott Wrightrecorded February 15, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Here Is How to Fend Off a Hijacking of Home Devices This article has some very good tipson how to secure your IoT devices and home network. Here are our suggestions as well: 1. Research the device you’re about to buy. Google search for the “device name” and “security vulnerabilities”....
The Shared Security Podcast Episode 60 The Secure Messaging Episode: Signal, WhatsApp, Facebook Messenger
This is the 60th episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom EstonandScott Wrightrecorded February 1, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: In this episode we focus on secure messaging apps like Signal, Wire, WhatsApp as well asother popular apps like Facebook Messenger. Tom and Scott delve into the reasons why people are starting to use these apps and the security and privacy features. We also discuss if using these apps for...
This is the 59th episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom EstonandScott Wrightrecorded January 11, 2017 (Happy New Year!). Below are the show notes, commentary, links to articles and news mentioned in the podcast: Amazon Is Already Winning the Next Big Arms Race in Tech If you haven’t heard this mentioned in the news (real news, not the fake news) but Amazon’s Echo virtual assistant (Alexa) as been a hot selling device this holiday season. Other recent announcements coming from the...
The Shared Security Podcast Episode 58 Snapchat Spectacles, Mobile Number Privacy, PoisonTap
This is the 58th episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom EstonandScott Wrightrecorded November 29, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Privacy Panic? Snapchat Spectacles raise eyebrows Anyone remember Google Glass (which was a failed product by the way)? This time Snapchat is releasing their own type of wearable tech called “Spectacles”. What are the privacy ramifications to be concerned about? Not much, and we’ll see if they take off with...
The Shared Security Podcast Episode 57 Dropbox and Yahoo Breach, IoT DDoS, LinkedIn Endorsements
This is the 57th episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom EstonandScott Wrightrecorded October 5, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Hackers Stole Account Details for Over 60 Million Dropbox Users Have a Dropbox account? Change your password immediately! Yahoo: The Largest Password Breach in History (and what you should do about it if you use Yahoo services) This is another breach that happened years ago but were just now finding...
This is the 56th episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom EstonandScott Wrightrecorded August 17, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Bitmoji keyboard for Apple iOS devices wants “Allow Full Access”. How bad is this? A word of caution for applications that either replace or allow access to your keyboard on your mobile device! Over 90 per cent of ICS devices exposed to Internet are vulnerable Some rather interesting statistics released...
This is the 55th episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom EstonandScott Wrightrecorded July 6, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: If Mark Zuckerberg Can Be a Hacking Victim, So Can You Getting hacked can happen to anyone. This is an interesting read about how a previous password breach that happened several years ago may come back to haunt you! Cool geographic tweet map tool This is an interesting tool to...
The Shared Security Podcast Episode 54 Facebook Ad Privacy, Password Breaches, Random USBs
This is the 54th episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom EstonandScott Wrightrecorded June 1, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: How to see all the companies tracking you on Facebook and block them Have you ever wondered how all those companies can target you and your interests on Facebook? This is some of the best privacy advice for Facebook we’ve seen in a long time. Cluster of megabreaches compromises a...
The Shared Security Podcast Episode 53 The VPN Episode, AI Gone Bad, Google Nest
This is the 53rd episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom EstonandScott Wrightrecorded May 4, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Scott and Tom talk about VPNs What is a VPN and why would you want to use one? Also, Scott talks about a few recommendations for a personal VPN based on his experience using a few. Here is also a decent list of popular VPNs that you might find helpful....
The Shared Security Podcast Episode 52 Creepy New Social Network, Phishing Dangers, Ransomware
This is the 52nd episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom EstonandScott Wright. This episode wasrecorded March 9, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Unexpected implications arising from the Internet of Things This was an interesting article about some of the “unexpected” security and privacy things that people don’t really think about. For example, what are the ramifications of IoT technology that might be hacked to create fake sensor and video...
The Shared Security Podcast Episode 51 Online Behavioral Advertising in Canada, Toy Security, Dangerous Apps for Teens
This is the 51st episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom EstonandScott Wrightwith special interview guestAndrew Patrick from the Office of the Privacy Commissioner (OPC) of Canada. This episode wasrecorded February 10, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Online Behavioral Advertising – An interview with Andrew Patrick from the Office of the Privacy Commissioner (OPC) of Canada Today, Scott had a great discussion with Andrew Patrick regarding OBA, or what some...
The Shared Security Podcast Episode 50 Facebook Quizzes, Pre-Crime, Wireless Home Security Systems
This is the 50th episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom EstonandScott Wrightwith special guest Alex Hamerstone from TrustedSec recorded January 21, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: 2016 Reality: Lazy Authentication Still the Norm This is a great story from Brian Krebs own personal experience regarding how his PayPal account was “hacked”. It was not “hacked” in the way you would normally thing via stolen credentials or password guessing. His...
The Shared Security Podcast Episode 49 Google Search Privacy, Smart TV Attacks, Internet Router Risks
This is the 49th episode of the Shared Security Podcast sponsored by Security Perspectives Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wrightrecorded December 16, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast: People’s Deepest, Darkest Google Searches Are Being Used Against Them You should really always be thinking about how your search queries could end up putting you on a sucker list. There there seem to be two levels of exploiting your search queries: Direct categorization by the search engine,...
The Shared Security Podcast Episode 48 Password Manager Compromise, Fingerprint Insecurity, Quitting Social Media
This is the 48th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded November 23, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Hacking tool swipes encrypted credentials from password manager This article, and the associated incident, is an excellent reminder that there is no easy solution to securing EVERYTHING. Using an infected computer presents so many catastrophic scenarios, it’s not really wise to view this problem as a...
The Shared Security Podcast Episode 47 Celebrity Impersonations, Social Media and Kids, EU Safe Harbor
This is the 47th episode of the Shared Security Podcast (formally the Social Media Security Podcast) sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded October 28, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Do you know which of these stars have the most celebrity impersonations? I did a quick check of which celebrity had the most impersonators on each social networking site: Facebook Bradley Cooper Twitter Angelina Jolie and Channing Tatum Google Plus...
The Shared Security Podcast Episode 46 Peeple App, Medical Devices Exposed, Instagram for Doctors
This is the 46th episode of the Shared Security Podcast (formally the Social Media Security Podcast) sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded October 7, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Scott gives an overview of the BSides Ottawa Security Conference If you’re in the Information Security industryI highly recommend you attend a local BSides conference. Always great content and networking opportunities! -Tom Everyone you know will be able to rate...
This is the 45th episode of the Shared Security Podcast (formally the Social Media Security Podcast) sponsored by the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded September 24, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast: How The Internet of Things CouldRevolutionizeOur Lives, Work The above article does a good job of painting a Utopian future, with your office doors opening and computers logging you in with appropriate privileges without having to manually tap into 10 different interfaces every day. You may also enjoy dreaming...
The Shared Security Podcast Episode 44 Facebook Data, Apple Watch, Android, Amazon Dash Buttons
This is the 44th episode of the Shared Security Podcast (formally the Social Media Security Podcast) sponsored by the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded September 2, 2015. Below are the show notes, links to articles and news mentioned in the podcast: Facebook urged to tighten privacy settings after harvest of user data Make an Apple Watch Door Unlocker Severe weaknesses in Android handsets could leak user fingerprints Big Android makers will now push monthly security updates How I Hacked the Amazon WiFi Button to track Baby Data Oracle security chief to...
The Shared Security Podcast Episode 43 Car Hacking, IoT Risks, Facebook Scams, SmartTV Privacy
This is the 43rdepisode of the Shared Security Podcast (formally the Social Media Security Podcast) sponsored bytheStreetwise Security Zone. This episode was hosted byTom EstonandScott Wrightrecorded August 6, 2015. Below are the show notes, links to articles and news mentioned in the podcast: Car hack reveals peril on the road to Internet of Things (IoT) Smart watches and activity monitors usually connect to the cloud, sometimes without good security Really great article from Venture Beat about IoT risks Good research and whitepaper from Veracode about several popular IoT devices being sold and the security risks Scott talks abouta recent Facebook...
The Shared Security Podcast 42 Car Theft, Risky Apps, Facebook Security Checkup
Podcast Update: The new website for the Shared Security Podcast will hopefully be live for the next episode! We hope you enjoy the new topics and format! This is the 42ndepisode of the Shared Security Podcastsponsored bytheStreetwise Security Zone. This episode was hosted byTom EstonandScott Wrightrecorded June 3, 2015. Below are the show notes, links to articles and news mentioned in the podcast: Marauder’s Map plugin for Chrome allows geolocation of messenger communications for friends or people in a message thread Facebook check-up feature being tested which is anew tool that might help users understand and select privacy settings that...
Social Media Security Podcast 41 Podcast Updates, Internet of Things, TV Privacy
This is the 41st episode of the Social Media Security Podcast sponsored bytheStreetwise Security Zone. This episode was hosted byTom EstonandScott Wrightrecorded April 29, 2015. Below are the show notes, links to articles and news mentioned in the podcast: Important Podcast Update! While we haven’t finalized the details we’re hoping to rename the podcast as “Shared Security. We have been discussing the fact that the privacy and security topics we’ve been covering are really spreading to more than just social media. Now, we see the important stories as being ones that relate to who and what we trust as connected...
Social Media Security Podcast 40 ThreatExchange, Echosec, Facebook Scams
This is the 40th episode of the Social Media Security Podcast sponsored bytheStreetwise Security Zone. This episode was hosted byTom EstonandScott Wrightrecorded February 25, 2015. Below are the show notes, links to articles and news mentioned in the podcast: Facebook’s new ThreatExchange Fitbit data used in a court case Echosec is a web application that lets you search a geographical locale for posts on Twitter, Instagram and Flickr Some new Facebook security tips and tricks A very special interview with somebody who experienced a scam attempt on Facebook. Great advice on how to defend against these types of scams! Please...
Social Media Security Podcast 39 Snapcash, Yik Yak, LinkedIn Security and Privacy Tips
This is the 39th episode of the Social Media Security Podcast sponsored bySecureStateand theStreetwise Security Zone. This episode was hosted byTom Eston,Scott Wrightrecorded December 12, 2014. Below are the show notes, links to articles and news mentioned in the podcast: “Snapcash” has been announced by the creators of Snapchat. Can Snapchat gain enough consumer confidence to break into the payments field? Yik Yak is a social app for browsing anonymous chats in your locale and it’s gaining popularity with teens and causing some problems for schools. Yik Yak is also not as private or anonymous as you think as a...
Social Media Security Podcast 38 Corporate Policy, Whisper Privacy Flaws, Snapchat Hack
This is the 38th episode of the Social Media Security Podcast sponsored bySecureStateand theStreetwise Security Zone. This episode was hosted byTom Eston,Scott Wrightrecorded October 21, 2014. Below are the show notes, links to articles and news mentioned in the podcast: An enterprise level story about how hard it is to block specific sites, and what can be done about it Twitter’s former security head condemns Whisper’s privacy flaws Twitter sues the US Government over national security data Twitter quickly withholds tweets for Turkeys national security Twitter ‘news’ spreads faster than Ebola Snapchat third party service hacked Facebook Fake Likes Exposed...
Social Media Security Podcast 37 Special Guest Kevin Johnson (@Secureideas), Managing Your Digital Footprint
This is the 37th episode of the Social Media Security Podcast sponsored bySecureStateand theStreetwise Security Zone. This episode was hosted byTom Eston,Scott Wrightand special guest Kevin Johnson recorded September 19th2014. Below are the show notes, links to articles and news mentioned in the podcast: Special Topic! Managing Your Digital Footprint (thanks to Chris John Riley for the idea!) Personal objectives for using social media Types of footprints you might have (likes, comments, photos, tags, etc.) Ways you can be exposed, and how to find them (Google search, Facebook search, Linkedin Search, etc.) Ways to manage exposure going forward This site...
Social Media Security Podcast 36 Your Cats Metadata, Facebook Messenger, User Risk Awareness
This is the 36th episode of the Social Media Security Podcast sponsored bySecureStateand theStreetwise Security Zone. This episode was hosted byTom EstonandScott Wrightrecorded August 20th 2014. Below are the show notes, links to articles and news mentioned in the podcast: HTML5 Canvas Fingerprint Widely Used Unstoppable Web Tracking Technology What the Internet Can See From Your Cat Pictures. Everyone also knows where your cat lives… Discussion about Facebook Messenger Privacy. Is it really that big of a deal? Misplaced fear about Facebook Messenger for Android Ars Technica interviews Facebook CSO Joe Sullivan about improving corporate security Another interview with Joe...
Social Media Security Podcast 35 Facebook News Feed Psychology, Complex Passwords, Dumb Criminals
This is the 35th episode of the Social Media Security Podcast sponsored bySecureStateand theStreetwise Security Zone. This episode was hosted byTom EstonandScott Wrightrecorded July 17th 2014. Below are the show notes, links to articles and news mentioned in the podcast: Facebook altered 689,000 users’ News Feeds for a psychology experiment How to Stop Facebook From Using Your Browsing History Hacking Facebooks Legacy API, Part 1: Making Calls on Behalf of Any User How to Teach Humans to Remember Really Complex Passwords Why I quit Facebook and we are sharing much more than you think Burglar logs in to Facebook in...
Social Media Security Podcast 34 Facebook Privacy, LinkedIn Scammers, Naughty Employees
This is the 34th episode of the Social Media Security Podcast sponsored bySecureStateand the Streetwise Security Zone. This episode was hosted byTom EstonandScott Wrightrecorded June 18th 2014. Below are the show notes, links to articles and news mentioned in the podcast: Facebook Switches Default Setting to Private to Prevent Oversharing Facebook Fights Malware With Free Security Software Facebook Microphone Update To Store Data: Social Media Giant Confirms New Feature Will Aggregate Information Facebook responds to this privacy issue How to “Hack” Someone’s “Private” Friends List on Facebook to See All of Their Friends 6 tips on how to avoid Linkedin...
Social Media Security Podcast 33 Heartbleed, Hashtag Fail, Social Impersonation
Guess what? We’re back! This is the 33rd episode of the Social Media Security Podcast sponsored bySecureState. This episode was hosted byTom EstonandScott Wrightrecorded May 15, 2014. Below are the show notes, links to articles and news mentioned in the podcast: Social Media sites affected by Heartbleed NYPD Twitter hashtag campain FAIL Facebook Fail pages for brands like ADT alarm service New Snowden Docs Highlight Weaknesses In Facebook Data Security Snapchat security failure Facebook class action lawsuit status Canada’s Privacy Commissioner rules on Facebook remedies in case of harrassment by child imposter Interesting view on Android permissions requested by FB...
Social Media Security Podcast 32 The Privacy Paradox, Twitter Hacks, Facebook Home
This is the 32nd episode of the Social Media Security Podcast sponsored bySecureState. This episode was hosted byTom EstonandScott Wrightrecorded April 25, 2013. Below are the show notes, links to articles and news mentioned in the podcast: A Little Privacy, Please! Your Rights and Social Media Policies. Tom and Scott discuss why you should be reading the privacy polices of the social networks you use. AP Twitter account hacked; report of White House bombs false Beware Twitter “password check” sites – there are fakes, and there are fake fakes! Is your Twitter password secure? What is “Facebook Home” and what...
Social Media Security Podcast 31 New Facebook Graph Search, Fake Internet Girlfriends, Social Media and Your Business
This is the 31st episode of the Social Media Security Podcast sponsored bySecureState. This episode was hosted byTom EstonandScott Wrightrecorded January 18th, 2013. Below are the show notes, links to articles and news mentioned in the podcast: Facebook privacy controls have been updated. Check out this article on all the changes.You can no longer have your profile hidden. All Facebook users are publicly searchable. Facebook Graph Search has been released. Tom and Scott talk about what you need to know. What’s up with all these fake Internet girlfriends?? (Manti Teo) Tom and Scott talk about the current state of Social...
Social Media Security Podcast 30 The Password Episode
This is the 30th episode of the Social Media Security Podcast sponsored by SecureState. This episode was hosted byTom EstonandScott Wright. In this episode we talk about the password problem and why we continue to choose easy to guess passwords. Tom and Scott also talk about ways to select more secure passwords and how technology can help. Below are the show notes, links to articles and news mentioned in the podcast: The password Episode! It’s episode 30! Study shows hackers more focused on passwords than those who create them Major password breaches in the last few months: Formspring (420,000) LinkedIn...
Social Media Security Podcast 29 Fake Bieber, Facebook Social Engineering Tool, MySpace Who?
This is the 29th episode of the Social Media Security Podcast. This episode was hosted byTom EstonandScott Wright. Below are the show notes, links to articles and news mentioned in the podcast: MySpace charged for violating user privacy, vows to do better How a fake Justin Bieber “sextorted” hundreds of girls through Facebook FBPwn: A cross-platform Facebook social engineering tool Tom and Scott’s take on the Facebook IPO LinkedIn CSRF (Cross-site Request Forgery) controls attacked Scott gives us an update on his mobile honeystick project We are still planning on getting back to regular podcasts! Stay tuned. Please send any...
Social Media Security Podcast 28 Facebook Timeline, US Privacy Questions, Twitter Acquisitions
This is the 28th episode of the Social Media Security Podcast recorded back a few months ago. Content is stillrelevant! This episode was hosted byTom EstonandScott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Facebook starts rolling out Timeline to everyone (what you need to know about the timeline privacy) Twitter Acquires Web Security Firm Dasient Trojan steals e-cash vouchers from Facebook users Facebook ducks U.S. privacy question LinkedIn Friend Finder…what you need to know! Don’t worry! We are still planning on getting back to regular podcasts. Stay tuned. Please send any show...
Social Media Security Podcast 27 Facebook Friend Unlock, The Anti-Facebook, Facebook Games
This is the 27th episode of the Social Media Security Podcast recorded November 11, 2011. This episode was hosted byTom EstonandScott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Locked Out Of Facebook? Your Friends Will Soon Be Able To Help You Get Back In Anti-Facebook Social Network Unthink Launches To Public Most social networks users don’t keep up with privacy settings changes Facebook video games are stupid, anyway Please send any show feedback tofeedback [aT] socialmediasecurity.comor comment below. You can also call our voice mail box at1-613-693-0997if you have a question for...
Social Media Security Podcast 26 Google +, New Facebook Privacy Controls, FBPwn Tool
This is the 26th episode of the Social Media Security Podcast recorded September 8, 2011. This episode was hosted byTom EstonandScott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Google + Security and Privacy New Facebook Privacy Controls, what’s changed? New Tool: FBPwn–A cross-platform Java based Facebook profile dumper Please send any show feedback tofeedback [aT] socialmediasecurity.comor comment below. You can also call our voice mail box at1-613-693-0997if you have a question for our Q&A section on the next episode.You can alsosubscribe to the podcast in iTunesandfollow us on Twitter. Thanks for listening!...
Social Media Security Podcast 25 Facebook Security Updates, FaceNiff, Social Media Background Checks
This is the 25th episode of the Social Media Security Podcast recorded July 1, 2011. This episode was hosted byTom Eston andScott Wright. Below are the show notes, links to articles and news mentioned in the podcast: LinkedIn SSL Leaves Accounts Vulnerable to Hijacking Facebook adds two-factor authentication, other new security features Facebook facial recognition. How it looks, fact and myth, and how we would fix the problems. Firesheep for Android Phones (FaceNiff) LinkedIn, Foursquare and Netflix on Android Store Your Passwords in Unencryped Text Files Social Media Background Checks Please send any show feedback tofeedback [aT] socialmediasecurity.com or...
Social Media Security Podcast 24 Personal Social Media Accounts, Cree.py, ProfileSpy, App Privacy
This is the 24th episode of the Social Media Security Podcast recorded April 6, 2011. This episode was hosted byTom Eston andScott Wright with special guest James Ruffer. Below are the show notes, links to articles and news mentioned in the podcast: Why Should the CSO Care About an Employees Personal Social Media Account? Virally spreading scam spreads over Twitter (ProfileSpy) Spammers Using Facebook Events to Trick Users ‘Cree.py’ Social Engineering Tool Pinpoints A Person’s Physical Location US Military plan would create many fake Social Media Identities for use in fighting terrorism What the app privacy investigation means to you...
Social Media Security Podcast 23 Recent Changes to Facebook, Enterprise Social Media Tools, Spokeo
This is the 23rd episode of the Social Media Security Podcast recorded February 25th, 2011. This episode was hosted byTom Eston andScott Wright.Below are the show notes, links to articles and news mentioned in the podcast: New changes to Facebook and security implications Facebook now supports full SSL browsing (optional), social authentication improvements Facebook rolls out new messaging system Facebook now allows iframes within tab applications. Possible security issue with applications! API bug responsible for Zuckerberg page hack Facebook ‘tag spam’ targets indiscriminate friend collectors Dispelling the Myths of Facebook Privacy and Security Government Calls for Privacy Protections for Device...
Social Media Security Podcast 22 Skype Email, Taxonomy of Socnet Data, Facebook Graph API
This is the 22nd episode of the Social Media Security Podcast recorded January 21, 2011. This episode was hosted byTom Eston andScott Wright.Below are the show notes, links to articles and news mentioned in the podcast: Skype credit email as an apology – a new trend we can expect in 2011 from good guys and bad guys. Screen shot mentioned in the podcast. Scott’s note: I searched for posts about this email before clicking on it, and it was actually legitimate. However, this would be a very compelling phishing attack for any organization that recently suffered a PR setback. Any...
Social Media Security Podcast 21 Facebook Trolls, Cookie Monster, Gawker Breach
This is the 20th episode of the Social Media Security Podcast recorded December 17th 2010. This episode was hosted byTom Eston andScott Wright.Below are the show notes, links to articles and news mentioned in the podcast: Trolls who deface Facebook RIP pages of teens who have died Canadian Mounties LIKE Cookie Monster Audition for SNL Facebook becomes divorce lawyers’ new best friend Vulnerabilities in Facebook Apps (nothing new but still a problem) Gawker breach and implications. Ryan Naraine had a good set of tips at Threatpost.com. Facebook Profile Changes: What You Should Know Zuckerburg man of the year? Please send...
Social Media Security Podcast 20 FireSheep, Privacy in the US, What NOT To Post On Facebook
This is the 20th episode of the Social Media Security Podcast recorded November 5th 2010. This episode was hosted byTom Eston andScott Wright.Below are the show notes, links to articles and news mentioned in the podcast: FireSheep – “Firefox plugin to pull active cookies from popular websites while using open wifi”. Facebook Responds to FireSheep Idiocy tool sends tweets on your behalf as a “Warning”. Get the tool here. How to defend against FireSheep? Manually use HTTPS for social media sites or use a VPN while connected to open wifi..don’t forget about mobile apps! Try theHTTPS Everywhere Plugin from the...
Social Media Security Podcast 19 New Changes to Facebook, Social Media Risk Survey, LinkedIn Scams
This is the 19th episode of the Social Media Security Podcast recorded October 8, 2010. This episode was hosted byTom Eston andScott Wright.Below are the show notes, links to articles and news mentioned in the podcast: Social Media Security Awareness Month – at SecureState!Two new white paper’s released:Security Gaps in Social Media Websites for Children Open Door to Attackers Aiming To Prey On Children by Scott White.Profiling User Passwords on Social Networks by Tom Eston SocialScan service and social media consulting available. Panda Security Publishes Findings from First Annual Social Media Risk Index for SMBs Survey: Fear of data loss,...
Social Media Security Podcast 18 RFID and Facebook, Hacking Facebook Places, MySpace Privacy
This is the 18th episode of the Social Media Security Podcast recorded September 3, 2010. This episode was hosted by Tom Eston and Scott Wright and is our 1 year anniversary episode! Thanks to everyone that has supported the podcast over the last year…we really appreciate it! Below are the show notes, links to articles and news mentioned in the podcast: Scary new way to use Facebook with RFID. Is the physical world starting to merge with social media? MySpace updates its privacy settings Hacking your location with Facebook Places Privacy Settings for Facebook Places How to get hacked on...
Social Media Security Podcast 17 ICanStalkU, QR Codes, Facebook directory via Torrent, LinkedIn CAPTCHAs
This is the 17th episode of the Social Media Security Podcast recorded August 13th, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Researchers Show How Twitter, Twitpic Make Stalking Simple. Check out ICanStalkU.com! Robin Sage revealed at BlackHat USA. Why QR Codes Are Poised to Hit the Mainstream. Check out our QR Code. This one is safe! Download 171 million Facebook names via Torrent. Here is an update from Ron. Acunetix releases video and technical article about an exploitable XSS on facebook.com Facebook...
Social Media Security Podcast 16 Diaspora News, FTC and Twitter, Twitter XSS, Facebook App Permissions
This is the 16th episode of the Social Media Security Podcast recorded July 2, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Quick update on Diaspora (pronounced Di-as-para). Here is a video update as well. FTC nails Twitter for deceiving users about privacy and security HTTPS Everywhere Firefox extension from the EFF Persistent XSS on Twitter.com Interesting New Twitter Phish Can Lead to Bad Places Facebook Rolls Out Simplified Application Permissions System Facebook Phonebook Is Not A Security Threat NTIA (National Telecommunications and...
Social Media Security Podcast 15 Current Facebook Security Issues, New Privacy Tools, Likejacking, Formspring, Social Media at Work
This is the 15th episode of the Social Media Security Podcast recorded June 11th, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Our Facebook Privacy & Security Guide has been updated to v2.2. We are working on the LinkedIn Privacy & Security Guide! How to permanently delete your Facebook account Quit Facebook Day – May 31st was it successful? Facebook Leaks Usernames, User IDs, and Personal Details to Advertisers Facebook Fixing Embarrassing Privacy Bug (CSRF). Video here. Facebook likejacking targets World Cup, BP,...
Social Media Security Podcast 14 Recent Facebook Hacks and Controversy, Diaspora, Swipely
This is the 14th episode of the Social Media Security Podcast recorded May 14th, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Yelp Security Hole Puts Facebook User Data At Risk, Underscores Problems With Instant Personalization (two XSS holes in a few days discovered) Want to know what Cross-Site Scripting (XSS) is and how it works at a basic level? Check out Episode 2 of our podcast. Facebook Leaks IP Addresses via Email Facebook is dying, social is not. Is Facebook overplaying your...
Social Media Security Podcast 13 Details on the recent changes to Facebook, Blippy CC issue, Bye bye Basic Auth
This is the 13th episode of the Social Media Security Podcast recorded April 30, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: New Facebook Changes – Social Graph, Social Plugins and Instant Personalization. Here are two articles to read on the new changes. Want to know more about the new Graph API? Read Facebook’s documentation. Tom updated his Facebook Privacy & Security Guide to version 2.1. This update includes all the latest changes to Facebook. Download and share with friends and family! Opps....
Social Media Security Podcast 12 New Facebook Privacy Changes, Social Gaming Threats, Social Media in the Workplace
This is the 12th episode of the Social Media Security Podcast recorded March 28, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Facebook is about to implement a new Facebook Privacy Policy and Statement of Rights and Responsibilities. We put together a blog post of some must read articles on the topic. Rumor is that Facebook is going to use QR Codes as part of their Geolocation strategy (mentioned by Tom). Joan Goodchild from CSO Online interviewed Tom and Scott for an article...
Social Media Security Podcast 11 Google Buzz, Geostalking, Twitters Phishing Filter
This is the 11th episode of the Social Media Security Podcast recorded March 15, 2010. Sorry for the delay on releasing this! We should be back on our biweekly schedule soon. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Buzz Opens Privacy Pandora’s Box for Google How to turn off Google Buzz, or just close some of its privacy loopholes Twitter to block malicious links. We think this is a good thing! Hoping Twitter rolls this out to the entire service soon. The dark...
Social Media Security Podcast 10 Shmoocon, Geo-Location, Social Media Policies, CyberStalking
This is the 10th episode of the Social Media Security Podcast recorded February 8, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Shmoocon was great! Be sure to check out the two talks about social media: Social Zombies II: Your Friends Need More Brains (video, slide deck, Facebook Application Autopwn Demo, Robin’s KreiosCS w/LinkedIn demo) and Nathan Hamiel’s talk Exposed | More: Attacking the Extended Web. Download the slide deck here. CDC Social Media Policies Facebook celebrates 400 million users by rolling out...
Social Media Security Podcast 9 Defensio, Blippy.com, Relationships and Social Media
This is the 9th episode of the Social Media Security Podcast recorded January 26, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Tom and Kevin will be speaking with Robin Wood at Shmoocon Saturday, February 6th at 11am. “Social Zombies II: Your Friends Need More Brains”. Facebook Partners With McAfee for Anti-Virus. Does this change anything? Websense Defensio 2.0. Websense offers a Facebook application to protect users from malicious content in their profiles. How does it work and does it help? Blippy.com –...
Social Media Security Podcast 8 Would You Commit Social Media Suicide?
This is the 8th episode of the Social Media Security Podcast recorded January 8, 2010. This episode was hosted by Tom Eston, Kevin Johnson and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Backupify.com – A solution for backing up all your social media site content. Check out theharmonyguy’s manual method for Facebook. Commit virtual social media suicide! This service will remove your social network profiles, change your profile picture and password so you can never use the account again. Facebook is currently blocking the service as they say it’s a violation...
Social Media Security Podcast 7 New Facebook Privacy Settings, Twitter Lists, FTC and Bloggers
This is the 7th episode of the Social Media Security Podcast recorded December 21, 2009. This episode was hosted by Scott Wright and Tom Eston. Below are the show notes, links to articles and news mentioned in the podcast: Tom and Scott talk about the new Facebook privacy settings. Tom released an updated Facebook Privacy & Security Guide as well as a video walkthrough. Tom talks about a work around by theharmonyguy to easily view hidden Facebook photo albums. This does not circumvent Facebook privacy settings, it just “unhides” photo albums set to “Everyone”. Mark Zuckerberg’s pictures exposed by Facebook...
Social Media Security Podcast 6 Privacy, Photo Tagging, Facebook Police, What is Clickjacking
This is the 6th episode of the Social Media Security Podcast recorded December 3, 2009. This episode was hosted by Tom Eston and Kevin Johnson. Scott Wright joins in as “god” during post-edit. Below are the show notes, links to articles and news mentioned in the podcast: New privacy settings in Facebook are rolling out, regional networks are being removed. Be sure to check out the comments under Mark Zuckerberg’s blog post…all spam! Is Facebook photo tagging still a big fail? Scott clarifies this for us. The solution to this is to adjust your privacy settings to allow only you...
Social Media Security Podcast 5 Google Reader, Privacy, Wave, ChromeOS and Foursquare
This is the 5th episode of the Social Media Security Podcast recorded November 20, 2009. This episode was hosted by Scott Wright and Tom Eston. Kevin Johnson will be joining us for the next podcast. Below are the show notes, links to articles and news mentioned in the podcast: Tom gives an overview of the OWASP AppSec DC conference. Koobface now using Google Reader for links. Very good paper on how Koobface works. Google Launches Privacy Dashboard. Google Wave Gadget to Make Your Friends Logout. Google’s ChromeOS. What is it and how does this relate to social media use? Foursquare....
Social Media Security Podcast 4 Death by Twitter, Open Source Intelligence, Policies, Google Wave
This is the 4th episode of the Social Media Security Podcast recorded November 6, 2009. This episode was hosted by Scott Wright, Tom Eston and Kevin Johnson. Below are the show notes, links to articles and news mentioned in the podcast: More scams on Twitter including the recent IQ quiz attack. Disinformation on social networks…someone died example..are you sure they are really dead? Tom talks about his Open Source Intelligence Gathering talk that he recently gave. How do you find information posted about your company on social networks and why should you look? Now is probably a good time for...
Social Media Security Podcast 3 Phishing and Koobface, What is CSRF, Protected Tweets
This is the third episode of the Social Media Security Podcast recorded October 23, 2009. This episode was hosted by Scott Wright, Tom Eston and Kevin Johnson. Below are the show notes, links to articles and news mentioned in the podcast: Tom and Scott talk about phishing on social networks. How can you tell the difference between a fake friend request and a real one? Here is a screen shot of a fake friend request and a real friend request. Just by looking at the email…it’s really hard to tell the difference isn’t it? The only way you can tell...
Social Media Security Podcast 2 Month of Facebook Bugs, What is XSS, Canadian Privacy Ruling
This is the second episode of the Social Media Security Podcast recorded September 25, 2009. This episode was hosted by Scott Wright, Tom Eston and our new co-host Kevin Johnson. Below are the show notes, links to articles and news mentioned in the podcast: Introducing our new co-host, Kevin Johnson. Kevin is a Senior Security Analyst for InGuardians and is also an instructor for the SANS Institute, teaching both SEC504: Hacker Techniques, Exploits, and Incident Handling and SEC542: Web App Penetration Testing and Ethical Hacking courses. Tom talks about the Month of Facebook Bugs (created by a security researcher called...
Social Media Security Podcast 1 Zombies, Bad Facebook Apps, Twitter SPAM
This is the first episode of the Social Media Security Podcast. This episode was hosted by Scott Wright and Tom Eston. Below are the show notes, links to articles and news mentioned in the podcast: How did socialmediasecurity.com get started? Want to help out? Join our mailing list! Weaponizing the Web: More Attacks on User Generated Content (good article on Nathan and Shawn’s talk) Aviv Raff’s Month of Twitter bugs, research on Facebook applications by theharmonyguy What are the Black Hat and DEFCON conferences? History of DEFCON, Black Hat and the security underground (ThreatPost interview with founder Jeff Moss) Twitter...
Simply Offensive
The AI Revolution: How Jobs Will Change by 2030 with Nicolas Chaillan
Nicolas Chaillan on AI Replacing Jobs, National Security, and Staying Relevant in the AI EraEpisode SummaryIn this episode of Simply Offensive, host Phillip Wylie sits down with entrepreneur and former U.S. Air Force and Space Force Chief Software Officer Nicolas Chaillan. Nicolas shares his journey from coding at age seven to founding multiple companies, working in government leadership, and building AI-driven businesses.The conversation explores the rapid evolution of AI, the reality of job displacement, how AI agents are already replacing entire teams, and what skills professionals need to remain relevant. Nicolas also discusses national security concerns around AI adoption, government...
From Analog Hacks to Agentic AI Denis Calderone on the Evolution of Offensive Security
In this episode of Simply Offensive, host Phillip Wylie sits down with Denis Calderone, Co-Founder and Principal at Suzu Labs, to discuss his journey from early curiosity about how technology works to building a long career in cybersecurity consulting and penetration testing.Denis shares stories from the early days of security when breaches often went unnoticed, how compliance shaped the industry, and how todays AI-driven development is creating both opportunity and risk. The conversation explores the evolution of pentesting, the importance of community in hiring, the growing role of AI in offensive security, and why human expertise still matters despite increasing...
Offensive Security Mindset, Leadership, and AI with Chris Marks
In this episode ofSimply Offensive, host Phillip Wylie sits down with cybersecurity leader Christopher Marks to discuss his journey from networking into security leadership, the importance of offensive security knowledge for defenders, and how AI is changing security operations.Christopher shares how community involvement, mentorship, and hands-on offensive security training helped shape his career and leadership philosophy. The conversation explores why security teams benefit from understanding attacker techniques and how organizations can improve resilience through purple team exercises and realistic simulations.Connect with Christopher Marks:LinkedIn: https://www.linkedin.com/in/christopher-m-7357441b/=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by Suzu Labs=========================All the ways to connect with @Suzulabshttps://suzulabs.comhttps://x.com/suzulabshttps://www.linkedin.com/company/suzu-labs/Chapters00:00...
From Military to Cybersecurity with Josh Mason
In this episode, Phillip Wylie interviews cybersecurity expert Josh Mason about his journey from military service to cybersecurity, his book on communicating security to business leaders, and his initiatives like Noob Village to support newcomers at conferences like DEF CON.Connect with Josh Mason:LinkedIn: https://www.linkedin.com/in/joshuacmason/Noob Community Website: https://www.noobvillage.org/=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by Suzu Labs=========================All the ways to connect with @Suzulabshttps://suzulabs.comhttps://x.com/suzulabshttps://www.linkedin.com/company/suzu-labs/Chapters00:00 Introduction to Cybersecurity Journeys02:57 Transitioning from Military to Cybersecurity04:56 Communicating Cybersecurity in Business08:18 Inspiration Behind the Book12:06 Creating a New Village for Newbies14:55 Building the Newbs Community at DEF CON25:32 Simply Defensive Podcast Overview30:26 Simply Offensive Outro
The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss
In this episode of Simply Offensive, Phillip Wylie interviews Dan DeCloss, founder of PlexTrack, discussing the evolution of cybersecurity, the importance of report writing in pen testing, and the impact of AI on the industry. Dan shares his unique origin story, insights on the challenges of report writing, and how PlexTrack aims to streamline the process. The conversation also explores the future of AI in cybersecurity and its implications for the job market.Connect with Dan DeCloss:LinkedIn: https://www.linkedin.com/in/ddecloss/PlexTrac Website: https://plextrac.com=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by Suzu Labs=========================All the ways to connect with @Suzulabshttps://suzulabs.comhttps://x.com/suzulabshttps://www.linkedin.com/company/suzu-labs/Chapters00:00 Introduction and Background of PlexTrack03:15...
AI Killed the CTF Star with Jacob Krell
In this episode, Phillip Wylie and Jacob Krell discuss the integration of AI in Capture The Flag (CTF) competitions and its implications for cybersecurity. Jacob shares his experiences with AI in penetration testing, highlighting how it enhances efficiency and changes the competitive landscape. They explore the future of certifications, the importance of human skills, and the ethical considerations surrounding AI in cybersecurity.Connect with Jacob:https://www.linkedin.com/in/jacob-krell/https://x.com/hackerfren=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by Suzu Labs=========================All the ways to connect with @Suzulabshttps://suzulabs.comhttps://x.com/suzulabshttps://www.linkedin.com/company/suzu-labs/
Navigating AI's Challenges in Problem Solving with Darius Houle
In this episode,Darius Houlejoins the conversation to explore the real-world limitations of AI in problem-solving and why context matters more than most people realize. The discussion covers how AI systems struggle with nuanced tasks, why developers must understand the boundaries of these tools, and how clearer prompts can dramatically improve outcomes.Darius shares insights from his experience in application security, tool building, and community leadership. The conversation also highlights the growing role of AI in cybersecurity testing and the responsibility developers have when integrating AI into their workflows.========================= Connect with Darius HouleLinkedIn: https://www.linkedin.com/in/dariushoule/Trail of Bits Skills Marketplace: https://github.com/trailofbits/skills========================= Connect with your...
Exploring the World of Hardware Hacking with Matt Brown
In this episode, Phillip Wylie interviews Matt Brown, a hardware hacker and content creator, discussing his journey in technology, the fundamentals of hardware hacking, and the importance of affordable training. They explore the impact of content creation on career opportunities, the significance of community and conferences in the field, and provide advice for aspiring content creators. Matt shares insights on his recent milestone of reaching 200,000 subscribers on YouTube and emphasizes the value of sharing knowledge and learning in the hardware hacking space.========================= Connect with Matt BrownYouTube Channel: https://www.youtube.com/@mattbrwnLinkedIn: https://www.linkedin.com/in/mattbrwn/Website: https://brownfinesecurity.com/Training: https://training.brownfinesecurity.com/========================= Connect with your host, Phillip Wylie: LinkedIn: https://linkedin.com/in/phillipwylieX:...
Emulated Cyber Crime with Dahvid Schloss
In this episode of Simply Offensive, Phillip Wylie interviews Dahvid Schloss, a cybersecurity expert and the emulated mob boss of emulated criminals. They discuss Dahvid's background in the military and cybersecurity, the differences between red teaming and pen testing, the importance of red teaming in understanding real risks, and the role of purple teaming in improving security practices. They also delve into the significance of tooling in adversarial emulation, the planning involved in red team operations, and the impact of AI on red teaming. The conversation concludes with Dahvid sharing insights on how to get started in adversarial emulation and...
Exploring AI Vulnerabilities in Cybersecurity with Mike Bell
SummaryIn this episode of Simply Offensive, Phillip Wylie interviews Mike Bell, CEO of Suzu Labs, discussing the intersection of cybersecurity and AI. They explore the OWASP Top 10 vulnerabilities, focusing on prompt injection attacks and their implications. Mike demonstrates real-world attack scenarios, emphasizing the importance of input sanitization and risk mitigation in AI systems. The conversation concludes with resources for learning AI security and best practices for pen testing.TakeawaysAccurate asset inventory is crucial for security.AI and cybersecurity are converging fields.Prompt injection can manipulate AI responses.Indirect prompt injection is a hidden threat.Training data quality affects AI performance.Input sanitization is essential for...
Human Hacked: Life as the Worlds First Augmented Ethical Hacker with Len Noe
In this episode of Simply Offensive, Phillip Wylie sits down with Len Noe (HaCkEr_213) the worlds first recognized augmented ethical hacker. From microchip implants and implantable terabyte drives to a past life in outlaw motorcycle clubs, Lens story sits at the collision point of human and machine identity.Connect with Len:https://www.linkedin.com/in/len-noe/https://i-am-machine.com/=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by Suzu Labs=========================All the ways to connect with @Suzulabshttps://suzulabs.comhttps://x.com/suzulabshttps://www.linkedin.com/company/suzu-labs/
AI vs Pentesters with Shubham Khichi
In this episode of Simply Offensive, Phillip Wylie interviews Shubham Khichi, an offensive security professional and founder of CyberAGI. We explore Shubham's journey in cybersecurity, the challenges faced by security engineers, and the innovative solutions offered by CyberAGI.We also discuss the role of AI in penetration testing, the importance of human involvement in automation, and how professionals can future-proof their careers in an evolving landscape.Shubham shares the need for trust in technology and the value of making cybersecurity tools accessible and effective for engineers.Connect with Shubham:https://www.linkedin.com/in/shubhamkhichi=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by Suzu Labs=========================All the ways to connect...
You've Got to Build Some Labs with Daniel Lowrie
In this episode of Simply Offensive, Phillip Wylie interviews Daniel Lowrie, who shares his extensive background in IT and cybersecurity, particularly in penetration testing and education.Daniel discusses his journey from IT to teaching, effective learning strategies for aspiring pen testers, the importance of hands-on experience, and engaging teaching techniques.He emphasizes the need for personal branding in cybersecurity and offers advice for those starting their careers in this field. Tune in now to learn more!Connect with Daniel:https://www.linkedin.com/in/daniellowriehttps://www.youtube.com/@daniellowriehttps://academy.simplycyber.io/l/pdp/the-complete-pentest-course-pt0-003=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by Suzu Labs=========================All the ways to connect with @Suzulabshttps://suzulabs.comhttps://x.com/suzulabshttps://www.linkedin.com/company/suzu-labs/
OT and ICS Pentesting and Security with Mike Holcomb
In this episode of Simply Offensive, Phillip Wylie interviews Mike Holcomb, an expert in Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity.Mike discusses the importance of OT security, the types of attacks that have targeted critical infrastructure, and the evolving landscape of cybersecurity threats. He shares insights on the significance of safety in OT environments, the challenges of pentesting in these settings, and the tools and techniques used for effective security assessments.We also touch on the role of AI in enhancing OT security and the resources available for those looking to enter the field.Connect with Mike:https://linkedin.com/in/mikeholcombhttps://mikeholcomb.commike@mikeholcomb.comhttps://youtube.com/@utilsec https://github.com/utilsec=========================Connect with your...
From Hacker to CEO with Danny Jenkins
In this episode of Simply Offensive, Phillip Wylie interviews Danny Jenkins, CEO and founder of ThreatLocker.Danny shares his unique journey from corporate IT to ethical hacking, discussing his innovative approach to penetration testing and cybersecurity. He emphasizes the importance of understanding technology and security configurations, the role of living off the land binaries in modern attacks, and how ThreatLocker implements a zero trust model to enhance security.This episode also covers community engagement through events and the significance of hands-on learning in cybersecurity. Join us to learn more!Connect with Danny Jenkins on LinkedIn:https://www.linkedin.com/in/dannyjenkinscyber=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by...
Unlocking Advanced Penetration Testing with Greg Hatcher & John Stigerwalt
In this episode of Simply Offensive, Phillip Wylie is joined by Greg Hatcher and John Stigerwalt from White Knight Labs.They discuss their backgrounds in cybersecurity, the importance of advanced penetration testing, and the unique offerings of their training courses. The conversation covers various aspects of cybersecurity, including ransomware simulations, compliance, physical pen testing, and how to become an advanced pen tester.Greg and John share insights into their methodologies and the gaps they see in current security practices, emphasizing the need for companies to adopt more robust security measures.Connect with Greg and John:https://www.linkedin.com/in/gregoryhatcher2/https://www.linkedin.com/in/john-stigerwalt-90a9b4110/https://whiteknightlabs.com/https://training.whiteknightlabs.com/=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by...
30 Certifications and Counting with Jacob Krell
In this episode of Simply Offensive, Phillip Wylie is joined by Jacob Krell, a cybersecurity professional with a wealth of certifications and experience. Jacob shares his journey into the world of hacking, the importance of personal branding, and how to avoid burnout while pursuing certifications.He discusses the significance of CVEs, the role of platforms like Hack The Box in skill development, and the integration of AI in cybersecurity. Jacob emphasizes the need for discipline and continuous learning in achieving success in the field.Connect with Jacob:https://www.linkedin.com/in/jacob-krell/https://x.com/hackerfren=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by Suzu Labs=========================All the ways to connect with...
Arrested During a Pentest with Corey LeBleu
Welcome to the Season 2 premiere of Simply Offensive. In this episode of Simply Offensive, Phillip Wylie is joined by Corey LeBleu, a cybersecurity professional with over 20 years of experience in penetration testing.Tune in to learn about Corey's background - and his experience being arrested while on a pentest.Corey has expertise across multiple domains including network pentesting, social engineering, physical security assessments, and web application security. He discovered CVEs for major vendors including Apple and Citrix, and currently runs his own consulting firm, Relix Security.Connect with Corey:https://www.linkedin.com/in/coreylebleu/https://www.relixsecurity.com/=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by Suzu Labs=========================All the ways...
Hacking Smarter with Tyler Ramsbey
In this episode of Simply Offensive, Phillip Wylie is joined by Tyler Ramsbey, a penetration tester and content creator.Learn about Tyler's unique journey into cybersecurity, the importance of soft skills, and the value of teaching and content creation.Tyler shares insights on maintaining mental health, balancing family life, and his upcoming venture into entrepreneurship with a focus on quality pen testing services.The conversation emphasizes the significance of personal branding, effective communication, and the need for emotional intelligence in the tech industry.You do not want to miss this Season 1 finale episode!Connect with Tyler:https://www.linkedin.com/in/tyler-ramsbey-86221643https://hacksmarter.org/YouTube:@TylerRamsbey =========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented...
Navigating the Cybersecurity Landscape with Tim Shipp
In this episode of Simply Offensive, Phillip Wylie is joined by Tim Shipp to discuss various aspects of cybersecurity, including the evolution of the field over the past 25 years, the importance of offensive security, and the challenges faced by both red and blue teams.Tim shares his extensive background in cybersecurity, touching on incident response, the monetization of cyber attacks, and the significance of basic security hygiene. The discussion also emphasizes the need for collaboration between offensive and defensive security practices, as well as offering advice for newcomers to the industry.Tim's LinkedIn: https://www.linkedin.com/in/tshipp=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented...
Leveraging Offensive Security for Better Defense with Catherine Ullman
In this episode of Simply Offensive, Phillip Wylie is joined by Cathy Ullman, a principal technology architect in cybersecurity.Join us as we discuss Cathy's journey in the cybersecurity field, the evolution of security tools and threats, the importance of understanding offensive security, and the value of purple teaming.Cathy shares insights on leveraging cyber threat intelligence and the MITRE ATT&CK framework, as well as advice for getting involved in the cybersecurity community.This conversation emphasizes the need for defenders to understand the offensive mindset to enhance their security posture. Tune in to learn more.Episode Links:- Cathy's LinkedIn: https://www.linkedin.com/in/catherine-ullman-26a9406/- Cathy's book, The Active...
The Power of Proactive Security with Rob Allen
In this episode of Simply Offensive, Phillip Wylie interviews Rob Allen, Chief Product Officer at ThreatLocker. Learn about the importance of proactive security measures, particularly in the context of ransomware prevention.Rob shares his journey to ThreatLocker and the company's unique approach of 'deny by default' in endpoint security. The conversation also touches on the significance of controls validation, the risks associated with low bins, and real-world examples of how these concepts apply in cybersecurity.Gain insights on upcoming events and the value of continuous learning in the field. Rob Allen's LinkedIn: https://www.linkedin.com/in/threatlockerrob30-day ThreatLocker Trial: https://www.threatlocker.com/simplyoffensive=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube:...
Community, Burnout, and Leveling Up in Offensive Security with Joe Brinkley
In this powerful and heartfelt episode of Simply Offensive, Phillip Wylie is joined by Joe Brinkley, better known as The Blind Hacker, Founder of the DeadPixelSec community, and a seasoned offensive security professional.Joe shares his journey from sysadmin to red teamer, his philosophy on mentorship, and candid insights on burnout in cybersecurity.Whether you're breaking into the field or leveling up, this episode offers invaluable advice on growth, community, and sustainability.Connect with Joe Brinkley on LinkedIn: https://www.linkedin.com/in/brinkleyjoseph/=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by Suzu Labs=========================All the ways to connect with @Suzulabshttps://suzulabs.comhttps://x.com/suzulabshttps://www.linkedin.com/company/suzu-labs/=========================Sponsored by @ThreatLockerAllow what you need, block everything else......
Red Teaming vs. Pentesting, Certs That Matter, and Breaking In Without Coding with Ben Thal
In this episode of Simply Offensive, host Phillip Wylie welcomes offensive security veteran Ben Thal for a deep dive into the world of red teaming, penetration testing, and breaking into offensive security.With over a decade of experience across red teaming, pen testing, and hardware hacking, Ben brings practical insights for anyone interested in or currently navigating the field.Connect with Ben Thal on LinkedIn:https://www.linkedin.com/in/benjamin-l-thal/=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by Suzu LabsAll the ways to connect with @Suzulabshttps://suzulabs.comhttps://x.com/suzulabshttps://www.linkedin.com/company/suzu-labs/=========================Sponsored by @ThreatLocker Allow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlocker
AI in Red Teaming & Communicating with Leadership with Amlie Koran
In this episode of Simply Offensive, Phillip Wylie interviews Amlie Koran, a seasoned expert in offensive security and AI red teaming.They discuss the evolution of red teaming, the challenges and opportunities presented by AI in security, and the importance of human expertise in navigating the complexities of cybersecurity.The conversation also touches on the differences between federal and corporate security practices, the significance of security clearances, and the need for organizations to reevaluate their security tools and practices.Connect with Amlie Koran on LinkedIn:https://www.linkedin.com/in/webjedi=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by Suzu Labs=========================All the ways to connect with @Suzulabshttps://suzulabs.comhttps://x.com/suzulabshttps://www.linkedin.com/company/suzu-labs/
Cracking The Offensive Security Career Code with Michael Kim
In the inaugural episode of the Simply Offensive podcast, host Phillip Wylie interviews Michael Kim, a cybersecurity professional with a diverse background.Michael shares his journey from music to cybersecurity, emphasizing the importance of networking, certifications, and continuous learning. He discusses the challenges of breaking into pen testing, the interview process, and the significance of coding skills in the field.The conversation highlights the value of experience, both formal and informal, and encourages aspiring pen testers to leverage their training and connections to succeed in the industry.Connect with Michael Kim on LinkedIn: https://www.linkedin.com/in/michael-k-83b0627b/=========================Connect with your host, Phillip Wylie: LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie =========================Presented...
The Cyber Threat Perspective
Episode 177: Claude Mythos What It Actually Does, What It Doesn't, and What Your Organization Should Do Now
In Episode 177 of the Cyber Threat Perspective podcast, host Brad Causey and virtual CISO Daniel Perkins take a clear-eyed look at Claude Mythos Anthropic's AI model that's generating serious buzz in the cybersecurity world for its ability to analyze source code, identify vulnerabilities at scale, build working exploits, and surface flaws that have sat undetected for decades.The cybersecurity community is reacting. Brad and Daniel think a more measured response is warranted.This episode breaks down what Mythos actually is, what it actually did, and what it actually means for your security program without the hype or the hand-waving.Topics covered include:What...
Episode 176: Cybersecurity Advice That Sounds Smart But Fails in Practice
In Episode 176 of the Cyber Threat Perspective podcast, Brad and Spencer break down some of the most repeated cybersecurity best practices in the industry and explain why, despite sounding solid on paper, they consistently fall short in real IT environments.This isn't about dismissing good security principles. It's about closing the gap between advice that looks great in a framework and controls that actually hold up against how attackers operate.Topics covered include:"Just enable MFA everywhere" why focusing only on RDP leaves SMB, WinRM, service accounts, and legacy protocols wide open"EDR will catch it" the danger of over-relying on a single...
Episode 175: NetTools - The Free Active Directory Swiss Army Knife for IT Admins & Pen Testers
In Episode 175, Spencer and Tyler break down NetTools a free, self-contained Active Directory management and troubleshooting tool thats become a go-to for their internal penetration testing engagements.They start with the backstory: years of relying on AD Explorer from Microsoft Sysinternals, and the growing need to evade EDR detections. At one point, that meant manually obfuscating binaries with a hex editor. NetTools eliminates that friction entirely no installation, no dependencies, no signatures to fight.Topics covered include:Why NetTools replaced AD Explorer and how EDR pressure forced the shiftGroup Policy enumeration, including how to spot dangerous GPO permissions like authenticated users with...
Episode 174: Web Application Penetration Testing Tools & Techniques with Jordan
In Episode 174, host Brad Causey is joined by guest Jordan Natter for a practical, tool-focused conversation on web application penetration testing. Together they break down the essential tools and Burp Suite Pro extensions that make up a modern web app pen testing toolkit.Topics covered include:Burp Suite Pro vs. OWASP ZAP comparing capabilities, extensions, and use casesCSP Auditor identifying unsafe Content Security Policy directivesJSON Web Token (JWT) extension surfacing and tampering with JWTs in HTTP historyRetire.js flagging outdated JavaScript libraries with known vulnerabilitiesCyberChef & JWT.io encoding, decoding, and debugging tokensPostman & Swagger API testing and documentation workflowsSQLMap powerful SQL injection...
Episode 173: How to Find Insecure Active Directory Permissions with ADeleg
How do you find insecure permissions in Active Directory before they turn into attack paths?In this episode, we take a practical look at how to identify insecure Active Directory permissions using ADeleg, a free security tool trusted by penetration testers.Misconfigured delegation and overly permissive access rights are a common source of risk in Active Directory environments. These gaps can create hidden attack pathsbut many teams dont know where to look or how to interpret what theyre seeing.In this episode, we cover:How to identify insecure permissions in Active DirectoryWhat to look for in high-risk users and groups like Domain Users, Everyone,...
Episode 172: The biggest security blind spots in Midsized companies
Hey folks! Greetings from the Offensive Security group at SecurIT360. Brad & Spencer are on this episode of The Cyber Threat Perspective to break down The Biggest Security Blind Spots in Mid-Size Companies.In this episode, we expose the most common (and dangerous) gaps that leave mid-sized organizations wide open: poor asset inventory, flat networks, flat identities, overconfidence in security tools, credential reuse, and the emerging risks with AI.If any of these hit home, go to offsec.blog/pentesting, fill out the form on our website, and see if were a fit for you.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork...
Episode 171: The future of pentesting with AI
Pentesting is quickly evolving with the integration of AI, fundamentally changing how cybersecurity professionals approach their work. In this episode, Spencer and Brad discuss the real shifts theyre seeing in the industry and what the future may look like.The pivotal changes in AI that have impacted pentesting over the past yearThe emergence of agents, orchestration, and single-pane-of-glass platforms for streamlined operationsHow AI is enabling rapid tool creation, customization, and administrative efficiencyThe effect of AI on skillsets, closing the gap between junior and senior pentestersWhy human expertise remains irreplaceable despite advancements in AI-driven toolsTune in to hear straight-forward perspectives on the...
Episode 170: The Evasive Adversary
In this episode, we break down the biggest insights from the CrowdStrike 2026 Global Threat Report and what they actually mean for IT leaders, security teams, and executives. From attackers abusing trusted identities and bypassing security tools to exploiting edge infrastructure and leveraging AI to move faster than ever, the modern threat landscape is shifting in ways many organizations arent prepared for.https://www.crowdstrike.com/en-us/global-threat-report/https://mhaggis.github.io/ClickGrab/Episode 164: Offensive Security in the Age of AI - What Has...Episode 155: How We Use AI Offensively - Offensive Security Blog - SecurIT360Episode 146: What Are The Security Implications of AI -...Episode 144: How Cyber Threat Actors Are...
Episode 169: Malicious Browser Extensions
In this episode, were digging into malicious browser extensions...the quiet, often overlooked attack vector living inside nearly every organization. While we focus on patching servers, hardening Active Directory, and deploying EDR, attackers are increasingly abusing the browser as their initial foothold. Well break down how these extensions work, why theyre so dangerous, and what IT leaders can realistically do about it.Check out these resources:Annex - Enterprise Software Extension Security & Managementhttps://crxaminer.tech/https://x.com/tucknerhttps://x.com/IceSolstbrad@securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 168: Do you need a web app pen test?
Brad and Jordan talk bout web app pen testing, why you might need it, and why other forms of app sec might not be good enough.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 167: TLS and SSL vulnerabilities - do they matter?
You've got Tyler & Brad and In this episode, we break down the early versions of Transport Layer Security (TLS) TLS 1.0 and TLS 1.1 and explain why these once-standard encryption protocols are now considered insecure. Well cover when they were released, how modern attacks and cryptographic weaknesses caught up with them, and why todays internet relies on newer, more secure protocols like TLS 1.2 and TLS 1.3.Well also discuss how even secure protocols can become vulnerable when weak ciphers are enabled, using Sweet32 as a real-world example of cipher-level risk.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork...
Episode 166: Why Your Pentest Didnt Make You Safer
In this episode, we explore why many organizations invest in penetration testing yet see little improvement in their actual security posture. We discuss the common pitfalls of treating pentests as one-time events, how attackers operate very differently from scoped assessments, and why remediationnot the reportis what determines real safety. If youve ever wondered why passing a pentest didnt translate into stronger defenses, this episode is for you.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 165: What to expect on your API Pentest
In this episode, Brad and Jordan talk about API pen testing, how it works, and what you can expect if you want to procure one. They discuss pitfalls, common findings, and ways to streamline the process.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 164: Offensive Security in the Age of AI: What Has Changed
In this episode, we take a step back from the AI hype and focus on what has actually changed in offensive security. AI isnt replacing attackers or inventing brand-new techniques, but it is dramatically reducing friction across the attack lifecycle. We break down the myths, explain where AI is already impacting real-world attacks, and walk through how defenders need to adapt if they want to keep up.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 163: The Vendor Security Trap: Are You Losing Control?
In this episode, we dissect the dangerous trend of organizations ceding control of their security strategy to vendors, exploring the pitfalls of vendor lock-in, overspending, and the illusion of comprehensive protection. We'll provide actionable steps to reclaim your security posture and build an independent strategy tailored to your specific needs.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 162: Before the Breach How Attackers Profile Your Organization
In this episode, Brad and Spencer from SecurIT360's Offensive Security group delve into the crucial reconnaissance phase attackers undertake before launching an attack. They discuss the real-world impact of seemingly harmless data leaks, how attackers chain them together to build a profile of your organization, and common misconceptions about what data is truly "sensitive" from an external attacker's perspective. Learn how organizations can realistically assess their external attack surface beyond automated scanning and discover creative OSINT techniques defenders can use to mimic attacker reconnaissance.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that...
Episode 161: The Evolution of Pentesting Going Into 2026
In this episode Brad and Spencer discuss the rapid technology shift that's happening in cybersecurity, hybrid pentesting models and the overall evolution of pen testing as we head into 2026.Need a pentest before the end of the year?Learn how here...Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 160: Should You Alert Your SOC Before a Pentest?
In this episode, we're discussing the pros and mostly the cons of notifying your SOC/MSSP before your penetration test. Spencer and Brad delve into the details of why it matters and share their experience from hundreds of penetration tests.Get your 2025 External Pentest done before time runs out! https://www.securit360.com/external-penetration-testing-services-sa/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 159: How to Break Into Cybersecurity in 2026
In this episode, were sharing practical, no-fluff advice for getting into cybersecurity, whether you're switching careers, just starting out, or leveling up your IT skills. Well cover what actually matters to employers, what to avoid, and the fastest paths into the industry. If youre looking for a clear roadmap into cybersecurity, this episode is for you.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 158: How to get kicked out of AWS by the FBI
In this episode Brad and Jordan sit down to discuss how she was caught and reported on a penetration test engagement. We deep dive into the details and why it's a net positive.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 157: AppSec Findings in 2025
In this episode Brad and Jordan sit down to discuss common web application security findings we've seen this year.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 156: Post-Exploitation Tactics That Still Work in 2025
In this episode Spencer and Tyler discuss post-exploitation tactics that still work in 2025. The guys discuss everything from credential access techniques to defense evasion, lateral movement and even exfiltration.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 155: How We Use AI Offensively
In this episode, we're taking a deep dive into how the Offensive Security group at SecurIT360 is strategically leveraging and utilizing artificial intelligence technologies in offensive security operations. We'll explore the innovative ways this team is harnessing the power of AI to enhance their penetration testing capabilities, automate security assessments, and identify vulnerabilities more efficiently.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 154: Pentesting on a Budget for IT Admins
This episode is all about pentesting on a budget for IT Admins. This episode is inspired by the PDQ Live stream held on October 23rd, 2025, where Spencer shared tips, tactics, tools and advice for IT admins wanting to better defend and protect their environments.All tools, checklists, guides and resources can be found here: https://go.spenceralessi.com/budgetBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 153: How to Prove Your Security Works Before Attackers Do
In this episode, we dig into how to move from we think were secure to we can prove it. Well lay out a practical loop for validating controls, gathering evidence, and tracking results that leadership understands. If youve ever wondered how to demonstrate security value beyond dashboards and audits, this is your playbook.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
(replay) Common Pentest Findings That Shouldn't Exist in 2025
In this episode of The Cyber Threat Perspective, we highlight the pentest findings that, frankly, have no business showing up in 2025. From accounts with weak passwords and no MFA to plaintext credentials on file shares, we break down the common misconfigurations and oversights that attackers still abuse, despite years of seeing the same issues over and over again. If you're an IT admin or security leader, this episode is your checklist of what to fix yesterday.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal...
Episode 152: What is Offensive Security?
In this episode, Spencer and Brad dig into a question that comes up all the time: what exactly is offensive security? Hint: its not just pentesting. Offensive security covers a whole spectrum of activities, including, penetration testing, red teaming, purple teaming, adversary emulation, and more. Well break down what each of these means, how theyre different, and how we do things at SecurIT360. By the end, youll have a clearer picture of how offensive security fits into a bigger security strategy and why its more than just finding vulnerabilities.Find vulnerabilities that matter, learn about how we do assume breach internal...
Episode 151: Tool Time - PingCastle for Defenders
In this episode, were digging into a super awesome Active Directory security tool called PingCastle. Well cover what it is, why it matters for Active Directory security, and how IT and security teams can leverage it to get ahead of adversaries. PingCastle is a staple tool on our internal pentesting toolbelt. In this episode, you will find out why.Find vulnerabilities that matter, learn about how we do assume breach internal pentesting here.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 150: How to Use Pentest Findings to Justify Your Next Security Spend
https://offsec.blog/budgetIn this episode, were tackling an often-overlooked opportunity: using pentest results to secure more budget for security initiatives. Too many organizations run a pentest, file the report away, and move on without leveraging it for strategic value. Well break down how to translate findings into business language, influence leadership, and turn vulnerabilities into funding for better defenses.Click here to see if you're a fit for our style of internal pentesting.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 149: Building a Security Stack That Works A Practitioners Perspective
In this episode, Brad and Spencer sit down with an experienced information security and risk manager to explore how they build and manage their security stack, choose the right tools, and win support from their team and leadership. We dig into the balance between technical defenses and business-driven risk management, from budgeting and vendor selection to measuring success and preparing for emerging threats. Whether youre a hands-on practitioner or a security leader, youll walk away with practical insights on building stronger defenses and aligning security with business goals.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com...
Episode 148: Securing Windows: Common Misconfigurations That Give Attackers The Advantage
This is the webinar I gave in August 2025 on the topic of common Windows misconfigurations I see during internal pentests. Make sure you grab your free gifts!Learn how we do internal pentesting differently...https://securit360.com/free-giftshttps://links.spenceralessi.com/credshttps://go.spenceralessi.com/windows-slidesBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 147: When to Accept the Risk
In this episode, were digging into one of the most overlooked parts of a penetration test, when it actually makes sense to not fix a finding. Not every vulnerability deserves equal treatment, and sometimes accepting the risk is the most mature decision a business can make. Well cover how to recognize those situations, avoid common pitfalls, and document your choices so they stand up to scrutiny.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 146: What Are the Security Implications of AI?
In this episode of The Cyber Threat Perspective, were exploring the broader security implications of artificial intelligence. AI is transforming everythingfrom how we defend our networks to how attackers exploit them. Well break down the risks, the opportunities, and what security teams need to be thinking about right now as AI becomes embedded in both our tools and becomes a part of our daily life.Spencer's next webinar 8/28 12pm EasternTopic: Securing Windows, Common Misconfigurations That Give Attackers The Advantagehttps://go.spenceralessi.com/windowsBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we...
Episode 145: What To Do Minute 1 When Incident Response Arrives
In this episode, we're diving into what to do the minute incident response arrives. That first moment mattersa lot. Whether it's a ransomware attack, unauthorized access, or data exfiltration, how you act in minute one can either help or hinder the investigation. Well cover the dos, donts, and common mistakes we see, so youre ready when the heat is on.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 144: How Cyber Threat Actors Are Using AI
In this episode of The Cyber Threat Perspective, we're diving into one of the most pressing trends in cybersecurity: how threat actors are using AI. From deepfake scams and AI-generated phishing emails to automated malware and voice cloning, attackers are leveraging artificial intelligence to scale their operations and sharpen their tactics. Well break down real-world examples, tools like WormGPT, and what this means for defenders going forward.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 143: Stop Wasting Money on Pentests - Do This First
In this episode, we break down a question that often gets overlooked: When should you not do a penetration test? Not every organization needs a pentest right away, and choosing the wrong assessment can waste time, money, and effort. Well walk through the differences between pentests, vulnerability scans, and risk assessments and when each one is the right move.Learn how we do internal pentesting differently...Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 142: How Active Directory Certificates Become Active Threats
In this episode, we're diving into one of the most overlooked yet dangerous components of Active Directory: Certificate Services. What was designed to build trust and secure authentication is now being exploited by attackers to silently escalate privileges and persist in your environment. Well break down how AD CS works, how it gets abused, and what defenders need to do to lock it down.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 141: Are You Making These Windows Security Mistakes
Its easy to overlook small misconfigurations on Windows endpoints, but those little mistakes can create big opportunities for attackers. In this episode, we break down the most common Windows security missteps we see in real-world environments, from missing the basics to reused local admin passwords. If youre a sysadmin, IT admin, or just responsible for keeping Windows machines secure, this one's for you.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 140: Financial Services Cybersecurity Challenges & How to Address Them - Part 2
In this episode, we dive into the unique cybersecurity challenges faced by the financial services sector, from high-value targets and strict compliance requirements to the constant threat of phishing and ransomware. Well break down common attack paths, what makes financial orgs so attractive to threat actors, and most importantly, what IT and security teams can do to stay ahead. Whether you're on the red team, blue team, or in leadership, this episode will help you strengthen your security posture in one of the most targeted industries on the planet.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us:...
Episode 139: Financial Services Cybersecurity Challenges & How to Address Them - Part 1
In this episode, we dive into the unique cybersecurity challenges faced by the financial services sector, from high-value targets and strict compliance requirements to the constant threat of phishing and ransomware. Whether you're on the red team, blue team, or in leadership, this episode will help you strengthen your security posture in one of the most targeted industries on the planet.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
(Replay) How We Evade Detection During Internal Pentests
(Replay) In this episode, Spencer and Brad discuss the ever popular and highly debated topic of evasion. In this podcast we talk about evasion from the context of evading defense controls, not necessarily EDR specific evasion techniques. Our hope with this episode is to shed light on this topic and help defenders understand various methods of evasion and this topic more in general.Resources(Jun 1, 2021) Evadere Classifications - detection & response focusDefense Evasion, Tactic TA0005 - Enterprise | MITRE ATT&CK - controls focus(Mar 22, 2024) Atomics on a Friday - Evade or Bypass - edr focusBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer...
Episode 138: The 7 Questions Every Security Leader Should Ask After a Pentest
In this episode of The Cyber Threat Perspective, we break down the 7 critical questions every security leader should ask after a penetration test. A pentest isnt just about checking a box, its an opportunity to assess your defenses, measure progress, and refine your strategy. We discuss how to go beyond the report, extract real value from the assessment, and ensure findings lead to meaningful action across your organization. Whether youre a CISO, IT director, or team lead, this episode will help you make every pentest count.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com |...
Episode 137: Common Pentest Findings That Shouldnt Exist in 2025
In this episode of The Cyber Threat Perspective, we highlight the pentest findings that, frankly, have no business showing up in 2025. From accounts with weak passwords and no MFA to plaintext credentials on file shares, we break down the common misconfigurations and oversights that attackers still abuse, despite years of seeing the same issues over and over again. If you're an IT admin or security leader, this episode is your checklist of what to fix yesterday.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal...
Episode 136: A day in the life of an External Penetration Tester
In this episode of The Cyber Threat Perspective, we dive into why a A day in the life of an External Penetration Tester." What do we actually do, and how do the things we do affect the overall engagement? What's important? We answer all of these questions and more in this week's episode.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
(Replay) How To Harden Active Directory To Prevent Cyber Attacks - Webinar
(REPLAY) This is a recording of a webinar aimed at IT professionals, system administrators, and cybersecurity professionals eager to bolster their defenses against cyber threats. In this session, "How to Harden Active Directory to Prevent Cyber Attacks," our expert speakers will discuss comprehensive strategies and best practices for securing your Active Directory environment.Download the slides here.Key Takeaways:- Understanding AD Vulnerabilities: Learn about the most common security weaknesses in Active Directory (AD) and how attackers exploit these gaps.- Best Practices in Configuration: Discover how to properly configure Active Directory settings for maximum security to deter potential breaches.- Advanced Security Measures: Explore...
Episode 135: We Couldnt Get In...And Thats a Good Thing, Or Is It?
In this episode of The Cyber Threat Perspective, we dive into why a we couldnt get in result on a pentest isnt always the victory it seemsand why it can be a great sign if interpreted correctly. We break down the real defensive controls that prevented compromise, explore what might still be hiding under the surface, and share why even a clean report shouldnt mean letting your guard down.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 134: Preventing Data Breaches: Strategies to Mitigate Initial Compromise
In this episode of The Cyber Threat Perspective, we tackle the crucial first step in cybersecurity: preventing initial compromise. We'll dissect common attack vectors like phishing and exploitation and explore layered defenses ranging from MFA and patch management to DMZs and WAFs. Get actionable guidance to integrate these controls into your security program and safeguard your organization against the risk of that initial foothold.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 133: How Cyber Attackers Steal Credentials & Hijack Sessions
In this episode of The Cyber Threat Perspective, we break down how attackers steal credentials and hijack sessions to gain unauthorized access to systems and data. From phishing to cookie stealing to session token theft, well explore the most common techniques and how to defend against them. Whether you're an IT admin or security pro, youll walk away with practical tips to help protect your users and your organization.Learn how we do internal pentesting differently...Recommended Conditional Access Policies to protect against account compromise: https://x.com/techspence/status/1919815226158932119Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that...
Episode 132: Reviewing the Mandiant M-Trends 2025 Report
In this episode Spencer and Brad review the M-Trends 2025 Report. M-Trends 2025 is Mandiant's annual report that shares frontline learnings from its global incident-response engagementsover 450 000 hours of investigations in 2024providing sanitized, data-driven analysis of evolving attacker tactics, dwell times, industry and regional trends, and practical recommendations to help organizations improve their defenses.M-Trends 2025: Data, Insights, and Recommendations From the Frontlines | Google Cloud BlogBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
(Replay) How To Defend Against Lateral Movement
In this replay, Spencer and Brad dive into lateral movement, discussing various techniques like RDP, RATs, Impacket tools, PsExec, PTH, PTT, and PowerShell Remoting. They explain how attackers use these methods to gain unauthorized access, evade detection, and enable malicious activities. They also discuss precursors to lateral movement and strategies to restrict it, such as least privilege access, network segmentation, and monitoring. The podcast emphasizes the importance of understanding lateral movement and implementing comprehensive security measures to mitigate these threats.Resourceshttps://www.reddit.com/r/cybersecurity/comments/1ellylu/what_lateral_attacks_have_you_been_seeing/The DFIR ReportLateral Movement, Tactic TA0008 - Enterprise | MITRE ATT&CKBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovSpencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessiWork with Us: https://securit360.comBlog:...
Episode 131: DMARC & PCI 4.0 Compliance - Is your Organization Compliant?
In this episode, Tyler and Brad discuss DMARC and how the latest version of the PCI framework requires phishing protection. You'll also learn about DMARC, DKIM, and SPF and how to elevate them to help protect your organization from attacks like Business Email Compromise (BEC).Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 130: Using Deception Technology to Detect Cyber Attacks
In this episode of The Cyber Threat Perspective, we explore the strategic integration of deception technology like canaries and honeypots into your cybersecurity defenses. Discover how these tools allow you to detect threat actors earlier in their attack sequence, disrupt malicious activities, and mitigate potential damage to your organization. Join us for actionable insights and defensive advice to enhance your organization's security posture.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 129: How to Analyze Threat Reports for Defenders
Threat reports can be goldmines for defenders but only if we know how to extract and apply what matters. A good analysis can mean catching an attack early or missing it entirely. There's no shortage of threat intel out there. The real challenge is making sense of it without getting overwhelmed. In this episode we discuss:What makes up a threat reportGoals of analyzing threat reportsHow to analyze the pieces that matterActionable tips you can use todayBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting...
Episode 128: The Most Common External Pen Test FindingsAnd How to Fix Them
In this episode, Brad and Sam discuss the most common security issues found on external penetration tests, how to find them yourself, and how to address them.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 127: SaaS Supply Chain Attacks - How to Stay Secure
This episode focuses on SaaS (Software as a Service) Supply Chain Attacks. We discuss what SaaS applications are most at risk, what the real danger of saas supply chain attacks are and most importantly how to defend and detect these attacks.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 126: Typosquatting - How and Why It Works and How to Defend Against It
Dive into the quirky underworld of digital misdirection in this episode, where we explore the art of typosquatting. Discover how a simple mistyped URL can turn into a gateway for cyber trickery, as we break down the many forms of typosquattingfrom subtle misspellings that mimic trusted sites to more elaborate schemes designed to deceive. Learn why these small errors are so effective in luring unsuspecting users and get insider tips on how to protect yourself from falling into these cleverly crafted traps. Whether you're a digital native or just curious about the hidden risks of the internet, this episode equips...
Episode 125: Whose Job Is Harder? Red or Blue
In this episode, we discuss whose job is harder. The red team or the blue team? We discuss the roles and responsibilities of many red and blue teamers, the challenges both those teams face, and then we share some advice for handling and overcoming those challenges.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
(Replay) How To Monitor Your Attack Surface
Unlock the secrets of effective attack surface monitoring in this replay of The Cyber Threat Perspective. Brad and Spencer dive into essential practices, tools, and methodologies to keep your systems secure.Define and understand attack surface and attack vectorsDistinguish between physical and digital attack surfacesExplore DIY vs. commercial tools for attack surface monitoringLearn from bug bounty industry methodologies and resourcesEmphasize the importance of continuous monitoring and asset managementCheck out our show notes for additional resources, and don't forget to like, share, and subscribe!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn...
Episode 124: MFA != Secure
Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 123: Insecure Active Directory Protocols
In this episode, we discuss several insecure protocols that are found within Active Directory environments. When these protocols are enabled, they could be abused by an attacker to perform a number of attacks, including privilege escalation and lateral movement.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 122: AI/ChatGPT Interviews a Web Pen Tester!!
In this episode, Chelsea (ChatGTP) interviews Brad about web application penetration testing. Listen in to learn how the process works from start to finish! Resourceshttps://owasp.org/https://nvd.nist.gov/vuln-metrics/cvsshttps://chatgpt.com/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 121: How We Evade Detection During Internal Pentests
In this episode, Spencer and Brad discuss the ever popular and highly debated topic of evasion. In this podcast we talk about evasion from the context of evading defense controls, not necessarily EDR specific evasion techniques. Our hope with this episode is to shed light on this topic and help defenders understand various methods of evasion and this topic more in general.Resources(Jun 1, 2021) Evadere Classifications - detection & response focusDefense Evasion, Tactic TA0005 - Enterprise | MITRE ATT&CK - controls focus(Mar 22, 2024) Atomics on a Friday - Evade or Bypass - edr focusBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on...
Episode 120: Demystifying Pentests: What Every Organization Needs to Know
In this episode, Spencer and Tyler discuss key things that they as pentesters wish all organizations knew about pentesting and the pentest process. They go through the entire lifecycle of a pentest and discuss definitions, processes, misconceptions and much more. By the end of this episode, we hope you have a better understanding of everything that goes into the pentesting process including things that are not typically visible to clients.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 119: Lessons Natural Disasters Can Teach Us About Cybersecurity
In this episode, we draw parallels between natural disasters and navigating todays cybersecurity landscape. From the importance of preparation and layered defenses to the critical need for constant monitoring and resilience, we uncover valuable lessons that natures challenges can teach us about protecting systems and data. Whether youre an IT professional, a business owner, or just someone passionate about cybersecurity, this episode will inspire you to think differently about your defensesand stay one step ahead.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
(Replay) Tales From The Trenches
Join us for this replay of episode 78 - an enthralling journey into the heart of cybersecurity operations with Tales from the Trenches, an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360.Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career spent on the front lines of digital defense.Engage with real-life stories illustrating offensive cybersecurity's intense challenges and triumphant victories. Brad's narrative will transport you to the core of high-pressure operations, where strategic decisions can impact the security posture of entire organizations.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on...
(Replay) Email Spoofing: From Basics to Advanced Techniques and Solutions
Welcome to this replay on The Cyber Threat Perspective! In this episode, Brad and Spencer dive into the mechanics and recent developments of email spoofing, shedding light on how attackers are bypassing advanced email protections.In this episode, we cover:The fundamentals of email spoofing and why it's a significant threat.Insight into the recent echo spoofing campaign exploiting Proofpoint's misconfiguration.The role of SPF, DKIM, and DMARC in combating email spoofing.How threat actors are using Microsoft 365 to bypass email protections.Mitigation strategies and the latest updates from Proofpoint and Microsoft to address these vulnerabilities.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork...
(Replay) Windows and Active Directory Hardening
In this episode of The Cyber Threat Perspective, Nathan and Spencer discuss crucial strategies for Windows and Active Directory hardening, emphasizing the importance of community collaboration and the value of using CIS benchmarks for security compliance.In this episode, we cover:Implementing multi-factor authentication for domain adminsThe benefits and importance of using CIS benchmarks for Windows 10 and 11Advantages of having a consistent standard in an active directory environmentAssurance and verification tools available in the benchmarksSimulated environment testing and active community participation for benchmark improvementBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter,...
Episode 118: 2025 - A CISO's Perspective with Mike Whitt
In this episode, were discussing what a seasoned CISO is focused on going into 2025. Mike Whitt is a Cheif Information Security Officer in the financial sector with over 20 years of experience building teams, security programs, and leading organizations to a more secure posture.https://www.linkedin.com/in/mike-whitt-a4b4802/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 117: Why Do Pentests Cost So Much?
In this episode, were peeling back the layers of the question so many organizations ask: Why do penetration tests cost so much? But heres the real twistare they actually expensive, or are we measuring their value the wrong way?By the end of this episode, youll understand not just the cost of a penetration test, but its value as an investment in protecting your business. Well dive into real-world examples, break down the factors that drive pentest pricing, and explore how it compares to the costs of incidents like data breaches, ransomware, and PR disasters. Lets get started.https://www.morganlewis.com/blogs/sourcingatmorganlewis/2024/03/study-finds-average-cost-of-data-breaches-continued-to-rise-in-2023Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow...
In this episode, were diving into one of the most enduring cybersecurity challengesweak passwords. Well explore how poor password practices and identity management pitfalls leave organizations vulnerable to compromise. From understanding the most common mistakes to implementing effective defenses, were breaking down what it takes to fortify your systems against attackers exploiting the weakest link. Sourceshttps://www.verizon.com/about/news/2023-data-breach-investigations-report?utm_source=chatgpt.comhttps://blog.1password.com/challenges-of-shadow-it/https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024?msockid=2e875ee0e1fe64d22f854aa6e0746523Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 115: How to understand and address risk w/ Robert McElroy
In this episode, we discuss the broad concept of risk, what it is, and how to manage it. This episode is a great way to begin understanding how to develop an overall risk management strategy at your organization or understand how a risk management program might work for you.You find out more about what Rob and his team can do here:https://www.securit360.com/services/managed-services-consulting/Reach him directly here:rob@securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 114: Making Penetration Test Results Actionable
In this episode, we discuss the challenge of translating penetration test findings into practical and effective security improvements, and we delve into the three major bottlenecks to improving security and give recommendations for overcoming them.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 113: Phishing with Malicious RDP Files
In this episode, we're talking about a significant development in the cyber threat landscape. There has been a surge in activity from a group known as Midnight Blizzard, also known as APT29. They're a sophisticated Russian state-sponsored group, and their primary targets are governments, diplomats, NGOs, and IT service providers, mainly in the US and Europe. What's really alarming is their recent shift in tactics. They're now using malicious RDP files in their spear-phishing campaigns, which is a new approach for them. This indicates they are evolving their methods, becoming even more dangerous. RDP is commonly used in corporate environments...
Episode 112: Key Insights From The Microsoft Digital Defense Report 2024
In this episode, we dive deep into the newly released Microsoft Digital Defense Report 2024, which offers a comprehensive look at the latest trends in the global cybersecurity landscape. From evolving cyber threats and attack strategies to Microsoft's analysis of the most vulnerable sectors, we break down the key findings and what they mean for businesses, governments, and cybersecurity professionals. Join us as we discuss how threat actors are leveraging new technologies, the role of AI in defense strategies, and what steps organizations can take to bolster their cyber resilience. Whether you're an IT professional or just passionate about cybersecurity,...
(Replay) How To Actually Protect Credentials
In this episode replay, Spencer and Darrius break down the complexities of credential protection, discussing everything from user education and tools to threat modeling and guardrails. Plus, we delve into the world of protecting credentials within scripts and code. This is a must-listen for all IT admins, CISOs and any other IT/Security professional.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 111: Red Team Tools (OST) Managing Open-Source Threats
In this episode, Spencer and Brad discuss a recent Trend Micro research project and associated white paper "Red Team Tools in the Hands of Cybercriminals and Nation States". Spencer and Brad dig into what red teaming is, what red team tools (often referred to as offensive security tools) are and why they are used. They also cover the abuse of red team tools, the speed of exploitation after public release and supply chain attacks against red team tools.From Defense to Offense: The Misuse of Red Teaming Tools by Cybercriminals | Trend Micro (US)Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's...
(Replay) Vulnerability Management Deep Dive
In this replay episode, Spencer is joined by Daniel Perkins, a Senior Information Security Officer at SecurIT360 to discuss the intricacies of vulnerability management, the important prerequisites to vulnerability management, and best practices, and provide actionable strategies to level up your vulnerability management program.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 110: AD Security Workshop Preview
In this episode, Brad and Spencer discuss Spencer's upcoming in-person workshop at Cyber SC. The **Hardening Active Directory to Prevent Cyber Attacks** Workshop is aimed at IT professionals, system administrators, and cybersecurity professionals eager to learn how to bolster their defenses against cyber threats. In this workshop, we will discuss comprehensive strategies and best practices for securing Active Directory.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 109: Current State of Pentesting - Internal and External
In this episode, Spencer and Tyler share what they love and hate about the current state of penetration testing, they discuss current and future trends, and what it means to be a true cybersecurity partner. We hope you enjoy this episode!Learn how we do internal pentesting differently...Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 108: New tales from the trenches!
In this episode, Tyler and Brad talk about various security issues found on recent penetration tests. They outline the how and why, and talk about mitigation strategies to help you beat these issues in your environment.ResourcesBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 107: How To Defend Against Lateral Movement
In this episode, Spencer and Brad dive into lateral movement, discussing various techniques like RDP, RATs, Impacket tools, PsExec, PTH, PTT, and PowerShell Remoting. They explain how attackers use these methods to gain unauthorized access, evade detection, and enable malicious activities. They also discuss precursors to lateral movement and strategies to restrict it, such as least privilege access, network segmentation, and monitoring. The podcast emphasizes the importance of understanding lateral movement and implementing comprehensive security measures to mitigate these threats.Resourceshttps://www.reddit.com/r/cybersecurity/comments/1ellylu/what_lateral_attacks_have_you_been_seeing/The DFIR ReportLateral Movement, Tactic TA0008 - Enterprise | MITRE ATT&CKBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with...
(Replay) DNS Security
In our "DNS Security" podcast, we delve into DNS's critical role in how the internet works, exploring its vulnerabilities and attacks like DNS spoofing, cache poisoning, and DDoS. We discuss DNSSEC and its components, including public and private keys, and examine practical solutions such as DNS and content filtering. The episode also highlights the advantages of cloud-based DNS services, like those offered by Cloudflare.Finally, we share best practices and resources for securing DNS infrastructure, addressing challenges like scalability and false positives. Join us for a concise yet comprehensive exploration of DNS security's complexities and solutions.For questions, hit us up!brad@securit360.comBlog: https://offsec.blog/Youtube:...
Episode 106: An Overview of Cyber Risk
Let's talk about cyber risk classification in this episode of The Cyber Threat Perspective.Brad and Tyler provide a high-level overview of various types of cyber risk encountered in penetration testing.-Reputational Risk-Financial Risk-Operational Risk-Direct Risk-Indirect Risk-Lateral Risk-Strategic Risk-Compliance Riskhttps://offsec.blogBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 105: How to Monitor Your Attack Surface
In this episode Brad and Spencer discuss Attack Surface Monitoring, what it is, and why it's important for defending against cyber-attacks. They give into the difference between attack vectors and attack surface and share a high-level overview on how to go about monitoring your own attack surface. Finally, they share tools and techniques for attack surface monitoring, many of which are key concepts taken from the world of bug bounty.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 104: How To Get Into Cyber For First Responders
In this episode, Spencer has Sam Killingsworth on the show to talk about getting into cybersecurity, specifically penetration testing, coming from a first responder background. Sam is currently a full-time Firefighter/EMT and part-time penetration tester here at SecurIT360. Sam shares his background and experiences of learning cybersecurity and pentesting and how he has used the skills from his full-time job to help him be a better pentester.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 103: Email Spoofing
In this episode, Spencer and Brad dive into the complex maze of 3rd party email providers, filtering and spoofing. Email spoofing is a technique used by cybercriminals to disguise the sender's address in an email message, making it appear as though the email originated from a different source. This can be used for a variety of malicious purposes, such as phishing attacks, fraudulent activities, or spreading malware.DMARC Rundown - Offensive Security Blog - SecurIT360EchoSpoofing A Massive Phishing Campaign Exploiting...Spoof intelligence insight - Microsoft Defender for Office 365How attackers bypass third-party mail filtering to Office 365Spoofing Microsoft 365 Like Its 1995...
Episode 102: The Global CrowdStrike Outage
In this episode, Spencer is joined by Joey Vandergrift (SecurIT360's VP of Security Operations) and Mark Brophy (SecurIT360's DFIR practice lead). Together they discuss how CrowdStrike, a leading EDR product, caused one of the largest global IT outages in history.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 101: Infostealers - 10,000 Victims a Day
In this episode, Spencer and Brad dive into the deep underworld of infostealer malware. They discuss what infostealers are, how they are used and what they are used for. They will dig into how the information obtained from infostealers can help cyber threat actors compromise large and small organizations, cloud providers and more but also how the infostealer data and logs can be used by authorities for good.Resources10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruithttps://x.com/vxunderground/status/1757467533202862344Infostealer malware logs used to identify child abuse website membershttps://cybernews.com/cybercrime/disney-slack-data-breach-unreleased-projects/https://x.com/arekfurt/status/1800181869256024083https://x.com/ddd1ms/status/1755256762997850279https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion?linkId=10091118Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities...
(Replay) How We Hack Medical Devices To Save Lives
Discover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech.- Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques.- Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios to reveal how medical devices can be manipulated, compromising patient safety.- An in-depth analysis of a common air purifier APK, exposing undocumented features and firmware flaws with far-reaching security implications.- Real-world examples...
Episode 100: The OpenSSH RegreSSHion Vulnerability
In this episode, Spencer and Brad discuss the OpenSSH "regreSSHion" vulnerability. This is being tracked as CVE-2024-6409 & CVE-2024-6387. A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.Links:https://nvd.nist.gov/vuln/detail/CVE-2024-6409https://nvd.nist.gov/vuln/detail/CVE-2024-6387https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt?ref=thestack.technologyhttps://www.infosecurity-magazine.com/news/chinese-state-exploits/https://x.com/fofabot/status/1810622161192919350https://justpaste.it/do235Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 99: Tool Time - OneDriveEnum & AD Miner
In this episode, Spencer and Tyler discuss two of their current favorite tools: OneDriveEnum for enumerating user accounts in Microsoft 365 and AD Miner for visualizing attack paths in Active Directory. We hope you enjoy and get value from this episode!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 98: Current State of M365 Attacks: Initial Access
In this episode, we discuss the latest trends and techniques for enumerating Microsoft 365. We break down how attackers may identify M365 tenants, how they discover and validate accounts and what you as an IT admin can do to protect your organization in-light of this. Topics covered:Credential Stuffing, Brute Force Attacks, Password Spraying, Prompt Bombing, Session Hijacking,Adversary-in-the-Middle (AiTM) Attacks,OAuth Phishing, Legacy Authentication Protocols,App Passwords, Conditional Access PoliciesBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 97: Current State of M365 Attacks: Enumeration
In this episode, we discuss the latest trends and techniques for enumerating Microsoft 365. We break down how attackers may identify M365 tenants, how they discover and validate accounts and what you as an IT admin can do to protect your organization in-light of this.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 96: How to Harden Active Directory to Prevent Cyber Attacks
This is a recording of a webinar aimed at IT professionals, system administrators, and cybersecurity professionals eager to bolster their defenses against cyber threats. In this session, "How to Harden Active Directory to Prevent Cyber Attacks," our expert speakers will discuss comprehensive strategies and best practices for securing your Active Directory environment.Learn how we do internal pentesting differently...Key Takeaways:- Understanding AD Vulnerabilities: Learn about the most common security weaknesses in Active Directory (AD) and how attackers exploit these gaps.- Best Practices in Configuration: Discover how to properly configure Active Directory settings for maximum security to deter potential breaches.- Advanced Security...
Episode 95: Navigating the Legal Maze of Cybersecurity with Alexander Boyd
In this episode, Alex Boyd joins Spencer and Brad. Alex is a shareholder in Polsinelli's national Technology Transactions and Data Privacy practice, shares crucial insights for CTOs, IT Directors, CISOs, Security Managers when responding to security incidents. Discover common misconceptions about breaches and the mistakes organizations make in regulatory compliance. Gain valuable advice on selecting cyber insurance policies and navigating the legal landscape of regulatory investigations, licensing agreements and terms of service.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 94: Defending Against Ransomware Part 2
In this episode, Brad and Spencer discuss the preparation stage of defending against ransomware. As we know, the time to have a plan is before you enter the woods and cybersecurity is no different.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 93: Defending Against Ransomware Part 1
In this episode, Brad and Spencer discuss the preparation stage of defending against ransomware. As we know, the time to have a plan is before you enter the woods and cybersecurity is no different.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 92: Cybersecurity Training and Certification Advice
In this episode, Spencer and Darrius share their expertise on navigating the world of cybersecurity training and certification. With decades of experience and numerous certifications, they provide valuable insights, tips, and personal stories to help listeners stay ahead of emerging threats and advance their careers in cybersecurity. Whether you're a beginner or a veteran in the field, this episode offers practical advice to enhance your skills and succeed in this ever-changing industry. Tune in to gain insider knowledge and expert guidance from professionals dedicated to protecting digital environments and combating cyber threats.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links:...
Episode 91: The 2024 Verizon Data Breach Investigations Report
In this episode, Spencer and Brad discuss the highly respected 2024 Verizon Data Breach Investigations Report (DBIR), a data-driven analysis of cyberattacks and data breaches from around the world. Tune in to discover the latest global trends and patterns in cybersecurity, as well as key insights for security professionals and executives. Don't miss out on this essential resource that has been shaping the industry for the past 15 years.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 90: Transforming Your Security - Insights from Coaching a Collegiate Cyber Defense Team
In this episode Spencer chats with Mark Brophy (of SecurIT360) to discuss his background and experience with coaching a collegiate cyber defense team and how many of those lessons learned from defending against expert red team operators translate to securing organizations in today's modern thread landscape. Another must-listen to episode for all defenders, it admins, cisos, it directors, or anyone else in charge of managing, maintaining and/or securing computers and networks.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 89: How to Actually Protect Credentials
In this episode, Spencer and Darrius break down the complexities of credential protection, discussing everything from user education and tools to threat modeling and guardrails. Plus, we delve into the world of protecting credentials within scripts and code. This is a must-listen for all IT admins, CISOs and any other IT/Security professional.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 88: Budgeting for Security: Optimizing Penetration Testing Investments
Get into the dynamic world of penetration testing with Episode 88 of The Cyber Threat Perspective.Hosts Brad and Tyler discuss how to plan for penetration testing from both a budgeting and success perspective. How to budget for penetration testing - by evaluating risk and compliance needs. Discussion on the ways to ensure you're getting value and quality in your penetration testing. How to avoid pit-falls before, during and after penetration testing. The role of communication in delivering effective pen testing services and client relationships. How to establish a proper cadence of offensive security work.https://OffSec.bloghttps://SecurIT360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social...
Episode 87: Pentesting Challenges and How to Overcome Them
In this episode, Spencer and Tyler dive into the common challenges, struggles and obstacles a pentester may face in their career and they offer advice for dealing with and overcoming those hurdles. Thank you for listening! We hope this episode brings you value! Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 86: The XZ Backdoor
In this episode Spencer and Darrius discuss the XZ backdoor fiasco and share their perspective on what to be thinking about as a defender and what the long-term impact of this event may be.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 85: Tool Time - DarkGPT
In this episode, Spencer and Darrius discuss DarkGPT, which is an OSINT assistant based on GPT-4-200K (recommended use) designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your traditional OSINT processes.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 84: How We Hack Medical Devices to Save Lives
Discover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech.- Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques.- Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios to reveal how medical devices can be manipulated, compromising patient safety.- An in-depth analysis of a common air purifier APK, exposing undocumented features and firmware flaws with far-reaching security implications.- Real-world examples...
Episode 83 - Defense in Depth
In this episode, Brand and Spencer dive into Defense in Depth. What is it, what does that mean, what are some actionable and practical steps you can take to implement a defense in depth strategy, how does threat modeling and incident response tabletop exercises fit into it and so much more. Do not miss this episodeBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Ep82 - DFIR For IT & Security Leadership
In this episode, we dive into the world of digital forensics and incident response. Spencer, Mark and Andrew discuss the various roles you might see on a DFIR team, the psychology of IR and the stages of incident response, the challenges of responding to cloud compromises, what comes after after the breach and so much more.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Ep81 - Pentesting Misconceptions
In this episode, Spencer and Tyler discuss common misconceptions about penetration testing and provide clarity on its purpose and importance in cybersecurity. Join us as we explore the realities behind this vital security assessment, debunking myths and offering insights into its role in safeguarding organizations and data.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Ep 80: Low-Cost, High-Impact Security
In this episode, Spencer and Brad deep dive into several tools that IT Admins can use to identify critical issues within Active Directory environments, without breaking the bank. There's a misconception that security can only be achieved by spending large sums of money. That simply isn't the case. Listen to this episode to learn how.https://pingcastle.com/https://github.com/mtth-bfft/adeleghttps://github.com/techspence/ScriptSentryhttps://github.com/TrimarcJake/Locksmithhttps://github.com/BloodHoundAD/BloodHoundhttps://github.com/EvotecIT/GPOZaurrBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 79: Bug Bounties
Our expert hosts unpack the intricacies of bug bounty programs, exploring how they've become a pivotal element in the cybersecurity world and also how they fail. Whether you're a cybersecurity professional, an aspiring ethical hacker, or simply curious about the mechanisms that protect our online spaces, this episode comprehensively explores the bug bounty ecosystem.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 78: Tales from the Trenches
Join us for an enthralling journey into the heart of cybersecurity operations with Tales from the Trenches, an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360. Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career spent on the front lines of digital defense.Engage with real-life stories illustrating offensive cybersecurity's intense challenges and triumphant victories. Brad's narrative will transport you to the core of high-pressure operations, where strategic decisions can impact the security posture of entire organizations. Learn from a seasoned expert who has navigated complex cyber...
Episode 77: DNS Security
In our "DNS Security" podcast, we delve into DNS's critical role in how the internet works, exploring its vulnerabilities and attacks like DNS spoofing, cache poisoning, and DDoS. We discuss DNSSEC and its components, including public and private keys, and examine practical solutions such as DNS and content filtering. The episode also highlights the advantages of cloud-based DNS services, like those offered by Cloudflare.Finally, we share best practices and resources for securing DNS infrastructure, addressing challenges like scalability and false positives. Join us for a concise yet comprehensive exploration of DNS security's complexities and solutions.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on...
Episode 76: Windows & Active Directory Hardening
In this episode, we dive into the world of Windows and Active Directory and we explore strategies and best practices to secure these systems. This episode will provide you with actionable advice for securing your organization against cyber attacks. We discuss topics such as least privilege, tiered admin model, CIS benchmarks, and much more.Learn how we do internal pentesting differently...Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 75: Assume Breach - Extracting Maximum Value From Offensive Security Testing
In today's rapidly evolving cybersecurity landscape, where organizations of all verticals and industries are more and more being targeted, organizations must adopt a proactive approach to securing their systems and data. Penetration testing is an essential component of identifying vulnerabilities and weaknesses. However, many organizations fail to extract maximum value from their penetration tests, treating them as isolated events rather than continuous learning opportunities.This session aims to shed light on the concept of "Assume Breach" and explore how organizations can extract the most value from their penetration tests. By embracing the assumption that systems and users at some point will...
Episode 74: Soft Skills and Mental Health For Security Professionals
In this episode, we discuss soft skills and mental health for security professionals.Soft Skillsself-awarenessGumption (initiative & resourcefulness)Autodidactic (self-educate)EmpathyPatienceDeterminationCommunication - This is one to hit heavilyWritten & Spokenread the roomCreativity (BS-ing)Attention to detailCuriosityMental Healthdo you truly enjoy/love what you do?work-life balancechange the definition of "success"give yourself a break/don't be so hard on yourselfschedule time to yourself for escapismfind a hobbydon't force inspiration because you can'twhen you're feeling inspired capitalize on itstand on the shoulders of giants24-hour examsBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting...
Episode 73: Password Spraying Inside & Out
In this episode, we discuss password spraying, a favorite technique among attackers who are trying to compromise organizations. Spencer and Tyler discuss external and internal password spraying, why it is so effective, how password spraying works, and what to look out for on your network.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 72: Vulnerability Management Deep Dive
In this episode, Spencer is joined by Daniel Perkins, a Senior Information Security Officer at SecurIT360 to discuss the intricacies of vulnerability management, the important prerequisites to vulnerability management, and best practices, and provide actionable strategies to level up your vulnerability management program.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 71: A CISO's Perspective on Offensive Security Services
In this episode, Zach Sims (Information Security Officer at SecurIT360) provides valuable insights into offensive security services from the perspective of a security leader. This episode explores the significance of these services in today's digital landscape. Listeners gain a concise understanding of the CISO's role, the alignment of offensive security goals with cybersecurity strategy, and the challenges faced in implementation. The discussion also delves into how CISOs balance the need for offensive and defensive security assessments, offering a compact yet informative overview of key aspects of the world of information security.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork...
Episode 70: Future Trends in Penetration Testing Part 2
This is part two of Future Trends in Pentesting. Spencer and Darrius, members of SecurIT360's offensive security team discuss up and coming techniques, tools and tactics that they see on the horizon for 2024 and beyond.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 69: Future Trends in Penetration Testing Part 1
In this episode Brad and Darrius discuss future trends in penetration testing. We plan for this to be a multi-part series and in this part listen to Brad and Darrius delve into why keeping pace with current and future trends is important, evolving threats, the cloud and much more!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 68: The evolution of penetration testing TTPs
In this episode of "The Cyber Threat Perspective," Tyler and Brad, members of SecurIT360's offensive security team, take us through the evolution of various penetration testing TTPs. Specifically, using the external penetration test process as an example and analyzing other processes and why/how they changed.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 67: A Day In The Life: External Penetration Testing
In this episode, Spencer and Tyler go "behind the hack" and discuss what life is like behind the keyboard of an external pentest. They discuss various parts of an external penetration test such as planning and preparation, execution, and post-exploitation as well as common challenges throughout the way.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
(Replay) HACKERS: How we GET IN and how to STOP US
This week we are replaying one of our earliest episodes. In this episode, Brad and Spencer discuss the THREE primary ways we gain initial access on penetration tests and how to stop us! The moral of this story is that these are attack vectors we see adversaries using day in and day out to compromise organizations. We hope this episode helps you track down and close those gaps in your own environments.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do...
Episode 66: The DevSec Divide: Breaking Down Barriers for Better Security
In this episode, Spencer and Darrius discuss a common divide found among companies between the Security Team and the development teams. These are two teams that are ultimately trying to benefit the company, and by working together both are able to succeed.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
11/2023 Cyber Threat Recap: Okta, Octo Temptest, Smishing
This is the November 2023 Cyber Threat Recap. Every day our Cyber Threat Intelligence team is tracking, researching, and analyzing threats, vulnerabilities, exploits, and techniques with the purpose of keeping you up-to-date on what's relevant and important in the industry. So you can be more prepared today than you were yesterday to protect your organization.Okta Breach/1PasswordOkta says its support system was breached using stolen credentials1Password Detects Suspicious Activity Following Okta Support BreachHackers Stole Access Tokens from Oktas Support Unit Krebs on SecurityOcto Tempesthttps://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/Trendshttps://www.simplilearn.com/top-cybersecurity-trends-articleThe 10 Biggest Cyber Security Trends In 2024 Everyone Must Be Ready For NowBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer...
Episode 65: Unsecured Credentials and Where To Find Them
In this very special Halloween episode, prepared to be scared. Brad and Spencer discuss the common and not so common locations that we find credentials during penetration tests. This includes plaintext credentials and other types of credential material like API keys.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 64: A Day In The Life: Web Application Penetration Testing
In this episode, Spencer and Darrius go "behind the hack" and discuss what life is like behind the keyboard of a web application penetration tester. They discuss various parts of a web app penetration test such as planning and preparation, execution, and post-exploitation as well as common challenges throughout the way.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 63: A Day in The Life: Internal Penetration Testing
In this episode, Brad and Spencer go "behind the hack" and discuss what life is like behind the keyboard of an internal penetration tester. They discuss various parts of an internal penetration test such as planning and preparation, execution, post-exploitation as well as common challenges throughout the way.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 62: What Makes a Great Penetration Test Report?
In this episode we discuss what makes a great penetration test report. The report is THE crucial deliverable of a penetration test. It's the culmination of all the effort that went into testing. It not only provides insights into an organization's security posture but also serves as a roadmap for addressing vulnerabilities and improving overall security.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 61: How to Mitigate Social Engineering Attacks
In this episode, we explore the various tactics used by malicious actors to manipulate individuals and organizations, and provide practical tips to safeguard against these attacks. From educating your team members to implementing strong security measures, join us to learn how to effectively protect yourself and your organization from social engineering threats.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 60: Cybersecurity Hot Takes
In this episode, Spencer and Darrius discuss unpopular Cybersecurity opinions, which are referred to as "hot takes." This discussion was inspired from a tweet by John Breth (@JBizzle703) which as of recording has close to 4 million views.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 59: Offensive TTPs and Tooling Trends
In this episode, Darrius and Spencer discuss Offensive Security TTPs and tools that look promising, that we're excited for, or are trending.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 58: How To Identify and Mitigate Insecure Windows Services
In this episode, we're talking about How To Identify and Mitigate Insecure Windows Services. This is a very common issue we see on internal pentests. So much so that day 1 of our internal pentests revolves around evaluating the security and configuration of the endpoint to identify these issues. But this is only the tip of the ice burg.https://offsec.blog/hidden-danger-how-to-identify-and-mitigate-insecure-windows-services/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 57: Find and FIX AD CS Vulnerabilities Using Locksmith with Jake and Sam
In this episode we talk all about Active Directory Certificate Services and a free tool designed to help find and fix AD CS misconfigurations called Locksmith. Jake Hildreth (Mastodon: @horse@infosec.exchange) the creator of Locksmith together with Sam Erde (Twitter: @SamErde) and myself (who are contributors to the project) chat about the inception of Locksmith and some of the awesome features, such as remediation snippets.Invoke-Locksmith today!https://github.com/TrimarcJake/LocksmithBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 56: Vulnerabilities & Severity - Explain It To Me Like I'm 5
In this episode, Brad and Spencer talk about how vulnerabilities are assigned severity ratings, why they are important, how they are not perfect and why you should not rely on severity ratings alone to determine risk.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 55: What If Your EDR Doesn't Detect or Respond?
In this episode, Brad and Spencer discuss the role EDR and Antivirus plays in a modern security stack, the overreliance on EDR, and how that's a dangerous game.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 54: Misconfigured and Dangerous Logon Scripts
In this episode we're talking about misconfigured and dangerous logon scripts. Spencer and Brad discuss 4 common examples, based on real-world engagements, of how logon scripts can be misconfigured and how they can allow for all sorts of bad things. Do you know what's hiding in your logon scripts? Read the blog post that goes along with this episode here: https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-scripts/https://github.com/techspence/ScriptSentryBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 53: How to Defend and Mitigate PowerShell Attacks
This episode concludes our miniseries all about PowerShell. In this episode, we're going to discuss How to Defend and Mitigate PowerShell Attacks. Definitely check out our previous episodes: How Attackers Use PowerShell, and Security Automation with PowerShell.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 52: How to Prepare for an External Penetration Test
In this episode Spencer and Tyler discuss the most important things you must do before you have an external penetration test. Everything from understanding goals and objectives to asset management to dark web searches. Listen in as Tyler shares how the SecurIT360 external pentest process may be different from other pentests you've received in the past.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 51: Security Automation with PowerShell
Spencer and Darrius continue their series of episodes all about PowerShell. In this episode, they discuss using PowerShell for automation and orchestration. Stay tuned for the next episode where we talk about defending against PowerShell abuse.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 50: How Attackers Use PowerShell
In this episode Spencer and Darrius discuss how cyber adversaries harness the power of PowerShell to orchestrate their malicious activities. Stay tuned for the next episode where we talk about security automation with PowerShell.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
In this episode Brad and Spencer discuss the nuances around scoping offensive security engagements. Scoping an offensive security engagement involves defining boundaries, objectives, and limitations before starting. It includes objectives, rules, scope boundaries, legal considerations, timeframe, reporting, approval, and sign-off. Scoping is important for clarity, risk management, compliance, stakeholder involvement, and setting expectations.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 48: Authentication done right!
In this episode, Brad and Darrius talk about Authentication and what issues they routinely see while performing penetration tests. They walk about MFA, Passwords, Conditional Access, and other solutions that, done right, will improve your external security posture.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 47: How to Sharpen your Sword as a Pentester
In this episode Spencer, Darrius and Tyler get together for a round-table discussion on sharpening your sword as a pentester. They discuss what they do to keep improving, upping their skill and honing their craft. Spoiler, it's not just the technical aspects of pentesting that are important to work on.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 46: Reducing Active Directory Security Risks from a Hackers Perspective
In this episode Spencer and Darrius discuss and explore Active Directory security risks from a hacker's point of view. They discuss various techniques and tools that attackers use to attack Active Directory and how you can reduce your organization's risk by finding these vulnerabilities and misconfigurations and fixing them.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 45: Our Most Common External Pen Test Findings
In this episode, Tyler and Brad talk about the most common external penetration test findings. We see these findings over and over again and want you to know what to do about them and how they may impact you.Check it out!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 44: Should penetration testers know how to code?
In this episode, Darrius and Brad talk about the need for coding skills in the offensive security world. There's some fun with regard to which languages are important too. Check it out!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 43: Hacking for Good - Insights and Inspiration with John Hammond
In this episode John Hammond joins us on the show! We talk about John's background and how he got interested in computers, how he approaches learning a new topic, if you have to create content to grow your career and so much more. There's a whole lot of fun and smiles and joy in this episode, check it out!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 42: OSINT - What You Don't Know Can Hurt You
OSINT - Open Source Intelligence: is the process of collecting and analyzing publicly available information in order to achieve some goal or facilitate some kind of action. OSINT can and is used for all sorts of things and it's applicable to virtually every industry. OSINT like many other things, can be used for good and it can be used for evil. But it's what you don't know about OSINT that can really hurt you...Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 41: Security Assessment vs Pentest Which is More Impactful and Why
In this episode Brad, Spencer and Tyler discuss the major differences and pros and cons of Security Assessments and Penetration Tests. In the end they are both very different types of assessments and require different skill sets to perform. If you're in charge of IT or Security at your organization, this is a must-listen episode!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 40: How Attackers Target Law Firms and How To Detect & Prevent It
It's no secret law firms have become prime targets for attackers due to the sensitive information they handle and the clients they do business with. In this episode Brad and Spencer discuss common tactics used by attackers to breach law firms' defenses and provide practical tips on how to detect and prevent these types of attacks.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 39: Pentesting Certifications Tier List Part 2
This is part 2 of a 2 part series where Spencer, Darrius and Tyler talk about pentesting certifications and where they fall on a tier list. For those unfamiliar, we're ranking the popular pentesting certifications from best to worst. This is a must listen/watch episode, check it out and be sure to let us know in the comments what YOU think of these certifications and if we had any bad takes!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 38: Pentesting Certifications Tier List Part 1
This is part 1 of a 2 part series where Spencer, Darrius and Tyler talk about pentesting certifications and where they fall on a tier list. For those unfamiliar, we're ranking the popular pentesting certifications from best to worst. This is a must listen/watch episode, check it out and be sure to let us know in the comments what YOU think of these certifications and if we had any bad takes!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 37: Offensive Security Testing Part 5 - Wireless Pentesting
In this episode Brad and Darrius continue the Offensive Security Testing series and discuss Wireless Penetration Testing. Wireless Pentesting is often overlooked, but could be the blind spot that allows an attacker onto your network. Listen to this episode for key insights and considerations related to wireless networks and pentesting.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 36: Pentest vs Purple Team vs Red Team
In this episode Brad and Spencer discuss the differences between a Penetration Test, Purple Team Exercise and a Red Team Engagement. The goal of this episode is to help educate and inform on the differences between a pentest, a purple team and a red team, what the goals of each may be, and how they help an organization improve security and resilience.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 35: Getting Into Pentesting Without an IT Background
In this episode, Spencer and Tyler discuss Tyler's journey from working at Home Depot to getting a job as a Penetration Tester. They also share first-hand advice for those that are looking to break into this exciting field.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 34: The State of Web Application Penetration Testing
In this episode, Darrius and Brad look at the current state of web application penetration testing, why it is how it is, and what you can do if you want to break into the field.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 33: Reflections on Privacy Law and Privacy Issues
In this episode, Brad and Darrius talk about some of the buzz around recent changes in privacy regulation/law and how it may impact other market verticals such as banking, law firms, and retail.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
In this episode Spencer shares his affinity for PingCastle. If you are in IT, if you're a sysadmin or network admin or have any kind of responsibility for the security of your environment. I encourage you to have a look at PingCastle. Not only can it be used to find VERY severe vulnerabilities, but you can use it to track progress over time and show leadership you're doing the work. We also talk about some of my favorite ways to use this tool on penetration tests.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find...
Episode 31: Pentesting War Stories
In this episode Brad and Spencer discuss some of the more, interesting, pentest engagements they've been on. The goal of this episode is to reflect on some of the significant vulnerabilities and "cool" attacks we've performed on pentests, yes, but it's also an important reminder that if we don't remember history we are bound to repeat it. Yes we are total nerds and no we're not going to apologize for that ;)Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 30: LastPass DataBreach Updates
In this episode, Brad and Spencer discuss the newly released information surrounded the 2022 LastPass data breach. They discuss potential controls that may have prevented the incident and recommendations for protecting your own organization against this kind of threat.https://support.lastpass.com/download/lastpass-blog-securityhttps://support.lastpass.com/help/what-data-was-accessedBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 29: Critical Vulnerabilities You WONT Find Using Nessus
In this episode Brad and Spencer vulnerabilities that are not detected by vulnerability scanning tools such as Nessus and explored several methods that can be used to identify them. While vulnerability scanning is important and effective at identifying known vulnerabilities, they are not so good at detecting unknown or complex vulnerabilities. To address this gap, we discussed several complementary methods that can be used, such as penetration testing, red teaming, fuzzing, and source code review, to identify vulnerabilities and weaknesses that may not be apparent from a vulnerability scan. By incorporating these additional methods into a comprehensive security testing strategy,...
In this episode, Brad and Darrius discuss recent and upcoming changes made to the BurpSuite line of products. If you're a web application penetration tester or just interested in web application security, check this out, it's a game-changer.PortSwigger Post: https://portswigger.net/blog/burp-suite-roadmap-update-january-2023Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 27: Password Myths Misconceptions and Lies
In this episode Brad and Spencer discuss all the bad advice that's been given over the years regarding passwords and they provide insights into why the current state of passwords are the way they are. Chances are you're like us and you've made each and every one of these password mistakes before. If you want to know what to not do when it comes to passwords, this episode is exactly what you need.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 26: Cloud Security Quick Wins For Defenders
In this episode Spencer and Darrius discuss a variety of things you can and should be doing to secure your cloud environments. While the majority of these quick wins pertain to Microsoft 365 and Azure, the same concepts can be applied to AWS, Okta, Duo and others. Take the time to know your environment and secure it well. We hope this episode helps give you ideas on how to further secure your cloud infrastructure.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 25: What To Do Before You Get A Pentest
In this episode Spencer, Darrius and Brad answer the question: "What do I need to do before I have someone pentest my network or my web app or my environment?" Spencer talks about important considerations before internal pentests, Darrius talks about the critical components to focus on before a web app or even an API pentest and Brad wraps it up with two foundational security components to ensure you have in place before an external pentest.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting...
Episode 24: Active Directory Security Quick Wins For Defenders
In this episode Spencer and Darrius discuss some seriously free and relatively "easy" quick wins for hardening your Active Directory and internal environment. We go from talking about weak passwords to discussing nested group membership and a whole lot more. This episode is jam packed with advice, that's free and easy to implement. We hope you enjoy and get value from it!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 23: Offensive Security Testing Part 4 - External Pentesting
In this episode Spencer and Tyler continue the Offensive Security Testing series and discuss External Penetration Testing. We discuss all things external pentesting including what is an external pentest, what is PTES, how external pentests work operationally, pros and cons of different types of external pentests and so much more. Stay until the end of the podcast because Tyler shares war stories and talks about things that can get your organization compromised and how to prevent that.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal...
Episode 22: Yet Another LastPass Breach
In this episode Spencer and Darrius discuss the most recent LastPass Breach. We talk all about what happened, what it means to you and I as well as what it means for firms who use LastPass on an enterprise level. At the end we discuss some thoughts and opinions around with LastPass versus finding a new password vault product and some things to pay attention to if you're in the later boat.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 21 - SecurIT360 Offensive Security Christmas Special
In this episode we've got the whole Offensive Security team at SecurIT360 on the podcast to talk about exciting moments of 2022 and what everyone is exited for as we move into 2023 and beyond. Thank you for listening and/or watching! If you enjoy our podcast we'd love to know what specifically you enjoy so we can make more of that type of content. Merry Christmas and Happy New Year!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 20 - ChatGPT: The Future of Infosec with AI
In this episode Spencer and Darrius discuss an amazing new AI chatbot that has taken the internet by storm and captivated the infosec community. Listen to this episode to learn what ChatGPT is, how it can be used (and abused) and what the possible implications are (good and bad) of such an amazing piece of technology.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 19: Staying Frosty Sharp over the Holidays
CTF, or Capture The Flag, is a great way to expand your learning and understanding of various information security topics. It can also be great fun and a great way to meet people in the industry. In this episode Spencer and Darrius talk about the benefit of using CTFs to keep your pentesting skills sharp over the holiday "break."Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 18: An introduction to Burp Suite
In this episode, Darrius and Brad talk about Portswigger's Burp Suite, how they use it, and why it's important. They also offer a sneak-peak into what's coming in 2023!Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 17: Abusing WSUS for Lateral Movement
In this episode Spencer and Brad talk about the hidden dangers of not properly protecting Microsoft WSUS Servers. That's Windows Server Update Service for those not in the know. Attackers often use legitimate functionality to gain ground and WSUS is no different.Nettitude blog discussing SharpWSUS: Introducing SharpWSUS - Nettitude LabsSpencer's fork of SharpWSUS: GitHub - techspence/SharpWSUS: SharpWSUS is a c# tool for abusing Microsoft Windows Server Update Services for Lateral MovementBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal...
Episode 16: OWASP API Hacking and DevSec with Matt Tesauro
In this episode Brad is joined by Matt Tesauro to talk all things OWASP, API Hacking and DevSec. Matt Tesauro is a Distinguished Engineer at NoName Labs, a member of the OWASP Global Board of Directors and Founder of 10Security, the creators of DefectDojo.Matt Tesauro is a DevSecOps and AppSec guru with specialization in creating security programs, leveraging automation to maximize team velocity and training emerging and senior professionals. When not writing automation code in Go, Matt is pushing for DevSecOps everywhere via his involvement in open-source projects, presentations, trainings and new technology innovation.Twitter: https://twitter.com/matt_tesauroLinkedIn: https://www.linkedin.com/in/matttesauro/DefectDojo: https://www.defectdojo.org/DefectDojo on Github: https://github.com/DefectDojo/django-DefectDojoDefectDojo...
Episode 15: Pentesting Certifications - which to get and why
Are you looking for your first job in penetration testing? Perhaps you're looking to advance and up your skills or maybe you're a manager looking to hire a penetration tester to your team. In this episode Brad, Spencer and Darrius talk about which pentesting certs to get and why.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 14: Offensive Security Testing Part 3 - Web App Pentesting
This is part 3 of a multi-episode series where the Offsec group at SecurIT360 dives into the details of various Offensive Security Tests, what they mean, what to expect, war stories and much more!Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 13: Offensive Security Testing Part 2 - Mobile Pentesting
This is part 2 of a multi-episode series where the Offsec group at SecurIT360 dives into the details of various Offensive Security Tests, what they mean, what to expect, war stories and much more!Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 12: Law Firm Security Challenges Live at LegalSec22
Coming at you LIVE from LegalSec22 in San Antonio Texas. In this episode Brad and Spencer discuss common security challenges that are unique to law firms and provide insights on ways to begin solving those challenges.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 11: Offensive Security Testing Part 1 - Internal Pentesting
This is part 1 of a multi-episode series where the Offsec group at SecurIT360 dives into the details of various Offensive Security Tests, what they mean, what to expect, war stories and much more!Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 10: Web Application Threats in the Modern Landscape
Web application risks are not new, but they are different because how they have fully proliferated all aspects of modern computing. Everything lives on HTTP or HTTPS or some webservice. Tune into this episode to learn about some of the most common risks we see with web applications in the modern landscape.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 9: Breaking In Or Branching Out: How To Get A Job In Cybersecurity
There's essentially a 0% unemployment rate in cybersecurity. It's a very hot field, great job security, great pay and great mission. But, with that comes a high level of competition for individuals seeking cybersecurity jobs. So on today's episode, Brad and Spencer talk with Misty Stacy, Managing Partner at Trusted Cyber Talent, who is on the forefront of helping cybersecurity professionals find their first or next cybersecurity job.Looking for help getting a job in Cyber? Check out https://testedcybertalent.com or reach out to Misty at https://www.linkedin.com/in/mistystacy Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links:...
Episode 8: Hackers: How we get in and how to stop us
In this episode Brad and Spencer discuss the THREE primary ways we gain initial access on penetration tests and how to stop us! The moral of this story is that these are attack vectors we see adversaries using day in and day out to compromise organizations. We hope this episode helps you track down and close those gaps in your own environments. Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
9-16-22 Week in Review: Uber Hacked, Teams Cleartext Tokens, Intermittent Ransomware Encryption
In this week's reviewUber was hackedMicrosoft Teams stores auth tokens as cleartext in Windows, Linux, MacsRansomware Developers Turn to Intermittent Encryption to Evade DetectionBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 7: How to Make Threat Actors Cry
In this episode Brad and Spencer talk about what mature, proactive organizations are doing to harden and secure their environments, with the end goal of forcing attackers to make more noise which hopefully leads to quicker detection and ejection from your network. These are things that get us caught and slow us down on penetration tests and they are things that will absolutely do the same to real threat actors. Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal...
9-9-22 Week in Review: New EvilProxy Phishing Service and Linux Malware
In this week's review:New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor SecurityNew Linux Malware Evades Detection Using Multi-stage DeploymentBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 6: 5 Ways to Get More Value out of your External Penetration Test
Are you sure you're getting what you paid for when it comes to external penetration tests? In this podcast Brad and Spencer discuss 5 things that you as a consumer of penetration tests can do to get more value from them. Some of these are easy wins, some of them require work, all of them will make your external pentests better.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
9-2-22 Week in Review: Okta Phishing, BEC Analysis, LNK Attacks
In this week's reviewRoasting 0ktapus: The phishing campaign going after Okta identity credentialsAdvanced BEC Scam Campaign Targeting Executives on O365The Rise of LNK Files (T1547.009) and Ways To Detect ThemBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 5: Common High Risk Findings on Internal Penetration Tests & How to Mitigate Them
It's an unfortunate truth that we see these common high risk findings time and time again on internal pentests. We find these issues on super-maximum secured environments as well in less hardened environments. The end result though is the same. Tune in to learn more about these common high risk findings and most importantly, how to mitigate them for free!Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
8-26-22 Week in Review: LastPass Breach, Office 365 Abuse, DevSecOps
In this week's reviewHackers Breach LastPass Developer System to Steal Source CodeYou Cant Audit Me: APT29 Continues Targeting Microsoft 365 | MandiantThe GitLab 2022 Global DevSecOps SurveyBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 4: 7 Awesome Ways to Show Off Your Skills as a Pentester
In order to stay relevant and up-to-date with new techniques and tools, it requires a certain amount of focus day after day, week after week, year after year. That focus being constant improvement. If we, as pentesters, dont get better, we cant help businesses defend better.So thats what this podcast is about. Constant improvement and showing that off to the world. We are going to talk about WHY you would want to show off your skills as a pentester as well as 7 awesome ways to do just that, show off your skills as a pentester.Read the associated blog post...
8-19-22 Week in Review: Password Snooping, Supply Chain, Cl0p Ransomware
In this week's reviewCleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPYRealtek SDK Vulnerability Exposes RoutersInfoSec Handlers Diary Blog - SANS Internet Storm CenterCVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflowClop Ransomware Gang Breaches Water Utility, Just Not the Right Onehttps://twitter.com/malwrhunterteam/status/1559244860636413952?s=20&t=ixiTRaQ9aflHzI37D_VlwQhttps://twitter.com/UK_Daniel_Card/status/1559252446320500741?s=20&t=ixiTRaQ9aflHzI37D_VlwQBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 3: It's a Trap! Avoid These 4 Common Pentesting Mistakes
This podcast is a discussion about 4 Common Pentesting Mistakes that we oursleves have made and have seen other pentesters make. Hopefully, the dialog around these mistakes and how we go about solving them, helps you not make them yourself or to realize them and recover from them quickly.Read the associated blog post here: https://offsec.blog/its-a-trap-avoid-these-4-common-pentesting-mistakes/Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
8-12-22 Week in Review: BumbleBee Malware & High Profile Phishing Attacks
In this week's reviewBumbleBee Roasts Its Way to Domain AdminSMS & Voice Phishing Attackshttps://www.twilio.com/blog/august-2022-social-engineering-attackhttps://blog.cloudflare.com/2022-07-sms-phishing-attacks/https://blog.talosintelligence.com/2022/08/recent-cyber-attack.htmlBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 2: How to Find Passwords on Network Shares Before Attackers Do
Brad and Spencer discuss a common finding on internal penetration tests. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
8-5-22 Week in Review: Evasive Phishing, Tricky Malware and Initial Access Brokers
In this week's reviewLarge-Scale AiTM Attack targeting enterprise users of Microsoft email servicesDeception at a scaleInitial Access Brokers Are Key to Rise in Ransomware AttacksBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Episode 1: Takeaways from the 2022 Verizon Data Breach Investigations Report
This podcast is a discussion about the 2022 Verizon Data Breach Investigations Report and some of our key takeaways. From the Executive Summary of the DBIR:As introduced in the 2018 report, the DBIR provides a place for security practitioners to look for data-driven, real-world views on what commonly befalls companies with regard to cybercrime. For this, our 15th anniversary installment, we continue in that same tradition by providing insight into what threats your organization is likely to face today, along with the occasional look back at previous reports and how the threat landscape has changed over the intervening years. Blog:...
July 29th Week in Review: Intergalactic Planetary Phishing, ISOs & LNKs, Ransomware & Extortion
In this week's reviewIPFS The New Hotbed of PhishingHow Threat Actors Are Adapting to a Post-Macro WorldPalo Alto 2022 Incident Response Threat ReportFewer Ransomware Victims Pay As Medium Ransom Falls in Q2 2022Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
July 22nd 2022 CTP Week in Review: RIP Macros, Bad Luck BlackCat, Mr. Eagle
In this week's review:Microsoft resumes default blocking of Office macros after updating docshttps://docs.microsoft.com/en-us/deployoffice/security/internet-macros-blockedA potentially dangerous macro has been blockedBlackCat ransomware attacks not merely a byproduct of bad luck'AIG' Threat Group Launches With Unique Business ModelBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
July 15th 2022 CTP Week in Review: Macros, Coin Miners, Rustomware, Cookie Phishing
In this week's review:Microsoft DOES plan to work on blocking internet macros by default in Office, their pause is apparently temporaryThe DFIR Report - SELECT XMRig FROM SQLServerHive ransomware gets upgrades in RustFrom cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraudBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
July 8th 2022 CTP Week in Review: Office Macros - BRC4 - QNAPWorm - Leaky S3 Buckets - Prevention Over Response
In this week's reviewMicrosoft Rolls Back Decision to Block Office Macros By Default Possible APT29/Ransomware Groups Use of Brute Ratel C4When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious ActorsReversing Malware Also How is APT 29 Successful with This Phishing TechniqueRaspberry Robin/QNAPWormRaspberry Robin gets the worm earlyMicrosoft finds Raspberry Robin worm in hundreds of Windows networksNew Raspberry Robin worm uses Windows Installer to drop malwareCloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 BucketPrevention Takes Priority Over ResponseBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com...
July 1st 2022 CTP Week in Review: LNK Malware - LockBit 3.0 Bug Bounty - PwnKit Exploitation In The Wild
In this week's reviewRise of LNK (Shortcut files) MalwareLockBit 3.0 Released Now With Bug Bounty ProgramCISA Says PwnKit Exploited in the WildBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
June 24th 2022 CTP Week In Review: DFSCoerce, Ransomware in OneDrive & PowerShell Forever
In this week's review:New NTLM Relaying Attack via DFSCoerceRansomware Potential for OneDrive & SharePoint FilesKeeping PowerShell: Security Measures to Use and EmbraceBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
June 17th 2022 CTP Week In Review: BlackCat - LockBit 2.0 - Saitama DNS Tunneling - Exposed Travis CI Logs
In this week's review:The rise of BlackCat (ALPHV) ransomwareMicrosoft Analysis of BlackCatAdvIntel Analysis of BlackCatRansomware Group Debuts Searchable Victim DataLockBit 2.0: How This RaaS Operates and How to Protect Against ItTranslating Saitama's DNS tunneling messages - SANS Internet Storm CenterPublic Travis CI Logs (Still) Expose Users to Cyber AttacksBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
June 10th 2022 CTP Week in Review: Dogwalk - Qakbot - Follina - ESXi Ransomware
In this week's review:A DFIR Report with no Ransomware and no Cobalt StrikePath Traversal & MOTW Bypass - DIAGCAB Windows Zero-day aka "Dogwalk"Linux version of Black Basta ransomware targets VMware ESXi serversTA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
June 3rd 2022 Cyber Threat Perspective Week in Review
In this week's review:Microsoft Diagnostics Tool Remote Code Execution Zero DayNew Windows Search zero-day added to Microsoft protocol nightmareVendor Refuses to Remove Backdoor Account That Can...Over 3.6 million exposed MySQL servers on IPv4 and IPv6 |...APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-DaysBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
The sky IS NOT falling with this one. Is it important? Yes. Does it highlight an area that's under-researched and likely contains additional attack vectors and techniques? Absolutely. Resourceshttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629ehttps://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bughttps://github.com/NVISOsecurity/nviso-cti/blob/master/advisories/29052022%20-%20msdt-0-day.mdJohn Hammond's Excellent CVE-2022-30190 VideoBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
May 27th 2022 Cyber Threat Perspective Week in Review
In This Weeks ReviewPDF Malware Is Not Dead YetDetecting & Preventing Rogue Azure SubscriptionsPython and PHP Library Updated with 'Extra' Features by a "Security Researcher"2022 Verizon Data Breach Investigations ReportZoom: Remote Code Execution with XMPPExploit released for critical VMware auth bypass bugBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
May 20th, 2022 - Cyber Threat Perspective - Week in Review
In This Weeks ReviewGootloader & Gootkit Analysis by DFIR Report and Red CanaryAuthenticated PetitPotam Lives On (CVE-2022-26925)The Hunter Becomes the Hunted: Evicting the AdversarySpoofing SaaS Vanity URLS for Social Engineering AttacksBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
May 13th, 2022 - Cyber Threat Perspective - Week in Review
In This Weeks ReviewThreat Actor using Windows Event Logs for "fileless" MalwareCVE-2022-1388 - F5 BIG-IP PoC ReleasedCVE-2021-22600 - Privilege Escalation Bug In The Linux KernelCVE-2022-26925 - A Windows LSA Spoofing Vulnerability (PetitPotam)CVE-202226923 - Another ADCS Domain Privilege EscalationBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
May 6th, 2022 - Cyber Threat Perspective - Week in Review
In this week's review:Detecting SharpHound using DecoysUNC3524: Eye Spy on Your Email | MandiantThe New Initial Access Trend: ZIPs, ISOs & LNKsUnauthenticated RCE in F5 BIG-IP CVE-2022-1388Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Threat Intel Flash Briefing - Kerberos Relaying to Local SYSTEM
There exists a universal no-fix local privilege escalation in Windows domain environments where LDAP signing is not enforced (the default settings). Thanks to the research and open source tools of several researchers, it's now trivial to elevate to SYSTEM on most Windows Operating Systems.Resources:https://github.com/Dec0ne/KrbRelayUphttps://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.htmlhttps://github.com/cube0x0/KrbRelayhttps://github.com/Dec0ne/KrbRelayUpSocial:https://twitter.com/cyberthreatpovhttps://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
The Social Engineer Podcast
Ep. 343 - The Human Element Series - Spark Your Mental Fitness with Todd Bertsch
Today we are joined by Todd Bertsch. Todd is a keynote speaker, mental fitness coach, and creator of the Spark Frameworka system rooted in neuroscience and behavioral psychology that focuses on building resilience, leadership clarity, and sustainable personal growth through small, consistent changes. After overcoming early struggles with addiction and pivoting from entrepreneurship into coaching during the COVID pandemic, Todd now helps leaders strengthen their "mental muscle" byidentifyingnegative thought patterns and shifting into a more constructive, resilient mindset.[March 16, 2026] 00:00Intro 00:26 - Intro Links Social-Engineer.com -http://www.social-engineer.com/ Offensive Security Vishing Services -https://www.social-engineer.com/offensive-security/vishing/ Offensive SecuritySMiShingServices -https://www.social-engineer.com/offensive-security/smishing/ Offensive Security Phishing Services -https://www.social-engineer.com/offensive-security/smishing/...
Ep. 342 - The Doctor Is In Series - How Does Decision Fatigue Affect You?
Welcome to theSocial-EngineerPodcast: The Doctor IsInSeries where we discuss understandings and developments in the field of psychology. In today's episode, Chris and Dr. Abbie discuss decision fatiguehow making too many choices throughout the day drains mental energy and affects judgment. They explain how stress and lack of sleep make it worse, how it differs from burnout, and why leaders and parents are especially vulnerable. The episode also shares simple, practical strategies to reduce daily decisions, protect mental energy, and prioritize recovery. [Mar2, 2026] 00:00 - Intro 00:56 - Show Updates and Sponsors 02:35 - What Decision Fatigue Is 03:34 -...
Ep. 341 - The Security Awareness Series - Cognitive Bias in InfoSec with Josten Pena
Todayonthe Social-Engineer Podcast: The Security Awareness Series, Chris Hadnagy is joinedbyJostenPena for an in-depth discussion on cognitive biases and their impact on cybersecurity. Together, they explore how inherent mental shortcutscan increase susceptibility to social engineering attacks. The conversation emphasizes the importance of recognizing and owning these biases, rather than trying toeliminatethem, and highlights practical mitigation strategies like hands-on training and fostering critical thinking.[Feb 16, 2026] 00:00 Intro00:47 Meet the Co-Host: Josten Pena 01:38 Intro Links:Social-Engineer.com- http://www.social-engineer.com/ Offensive Security Vishing Services -https://www.social-engineer.com/offensive-security/vishing/ Offensive SecuritySMiShingServices -https://www.social-engineer.com/offensive-security/smishing/ Offensive Security Phishing Services -https://www.social-engineer.com/offensive-security/smishing/ Call Back Phishing -https://www.social-engineer.com/offensive-security/call-back-phishing/ Adversarial Simulation Services -https://www.social-engineer.com/offensive-security/adversarial-simulation/ Social Engineering Risk...
Ep. 340 - The Human Element Series - Is AI Changing Human Behavior with Jacob Ward
In this episode, Chris Hadnagy is joined by Jacob Ward, a veteran technology journalist who has reported for NBC News, Al Jazeera, CNN, and PBS, and previously served as editor-in-chief ofPopular Science. Jacob is the author ofThe Loop: How AI Is Creating a World Without Choicesand How to Fight Back, a book thatanticipatedtoday's commercial AI moment. Together, they explore how artificial intelligence is shaping human behavior, decision-making, and autonomy, along with the ethical and societal challenges that come with an increasingly AI-driven world. [Feb9, 2026] 00:00 Intro01:02 Intro Links Social-Engineer.com- http://www.social-engineer.com/ Offensive Security Vishing Services -https://www.social-engineer.com/offensive-security/vishing/ Offensive SecuritySMiShingServices-https://www.social-engineer.com/offensive-security/smishing/ Offensive Security...
Ep. 339 - The Doctor Is In Series - Are You An Imposter?
Welcome to theSocial-EngineerPodcast: The Doctor IsInSeries where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Dr. Abbieexploreimposter syndrome, examining what it is, why it occurs, and how cultural and professional pressures can intensify it. They discuss common symptoms,personal experiences, and the psychological roots behind feelingundeserving ofsuccess. Through scientific insight and practical strategies, they share ways to recognize, reframe, and manage imposter syndrome with greater self-awareness and confidence. [Feb 2,2026] 00:00-Intro 00:20- Meetthe Hosts 00:54-Upcoming Events and Announcements 02:29-Defining Imposter Syndrome 06:42-Cultural and Gender Influences 12:26-Personality Traits and Imposter Syndrome 14:46-Sponsor 16:12-Balancing Humility...
Ep 338 - The 4th Monday Series - Playing Chess With Your Taxes
Welcome to theSocial-EngineerPodcast:The4thMondaySerieswith Chris Hadnagy and MikeHolfeld. Chris and Mike will be coveringcutting edgeglobal news to help people remain safe,secureand knowledgeable in a world where it is hard to know what is real and what is fake news. In this episode, Chris and Mike are joined byJeff Lareau, CPA and partner atLareau&Lareau CPAs, a third-generation, family-owned firm in Central Florida. Jeff helps individuals and business owners simplify complex tax laws while focusing on long-term planning and confidencenot just filing returns.Jeff explains major tax changes heading into 2026, including updates to tips and overtime deductions, senior tax benefits, bonus depreciation, business...
Ep. 337 - Security Awareness Series - Using Social Engineering on Yourself with Rosa Rowles
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Rosa Rowles. Together, they explore the nuances of social engineering, focusing on the critical role of pretexting and impersonation in security assessments. Their conversation underscores the significance of preparation and adaptability, highlighting how embodying different personas can enhance the effectiveness of security operations. [Jan 19, 2026] 00:00 - Intro 00:27 - Rosa Rowles Intro - LinkedIn: https://www.linkedin.com/in/shelbydacko/ 00:55 - Intro Links: - Social-Engineer.com- http://www.social-engineer.com/ - Offensive Security Vishing Services -https://www.social-engineer.com/offensive-security/vishing/ - Offensive Security SMiShing Services -https://www.social-engineer.com/offensive-security/smishing/ - Offensive Security Phishing Services -https://www.social-engineer.com/offensive-security/smishing/ - Call Back Phishing -https://www.social-engineer.com/offensive-security/call-back-phishing/...
Ep. 336 - Human Element Series - Helping Successful Leaders with Mitchell Osmond
Today we are joined by Mitchell Osmond. Mitchell is a leadership consultant, executive coach, and host of the Dad Nation Podcast, ranked in the top 5% globally with over 33,000 listeners. With 15+ years in senior leadership, Mitchell helps high-performing men find success where it matters most: at home, in their health, and in their happiness, all while strengthening their careers. [Jan 12, 2026] 00:00 - Intro 00:29 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Offensive Security Vishing Services -https://www.social-engineer.com/offensive-security/vishing/ - Offensive Security SMiShing Services -https://www.social-engineer.com/offensive-security/smishing/ - Offensive Security Phishing Services -https://www.social-engineer.com/offensive-security/smishing/ - Call Back Phishing -https://www.social-engineer.com/offensive-security/call-back-phishing/ - Adversarial Simulation...
Ep. 335 - The Doctor Is In Series - Is That Person Really a Psychopath?
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Dr. Abbie explore psychopathy, focusing on its clinical definition and common misconceptions. They discuss how the term is often misapplied to various behaviors, stressing the importance of understanding its roots in empathy and fear. By highlighting the need for accurate knowledge, they aim to prevent stigmatization and promote a deeper understanding of mental health. [Jan 5, 2026] 00:00 - Intro 00:24 - Dr. Abbie Maroo Intro 00:42 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/...
Ep. 334 - The 4th Monday Series - Travel Hacks and Tips with Christie Hudson
Welcome to the Social-Engineer Podcast: The 4th Monday Series with Chris Hadnagy and Mike Holfeld. Chris and Mike will be covering cutting edge global news to help people remain safe, secure and knowledgeable in a world where it is hard to know what is real and what is fake news. Today, Chris and Mike are joined by Christie Hudson, a resident travel expert and head of global PR for Hotels.com. Christie is adept at transforming travel data into actionable insights, helping travelers maximize their experiences. With a background in PR from the University of Prince Edward Island's Atlantic Veterinary College,...
Ep. 333 - Security Awareness Series - DISC and Pivoting with Shelby Dacko
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Shelby Dacko. Chris and Shelby delve into the intricacies of social engineering, focusing on the challenges of pivoting during on-site security assessments. Their discussion highlights the importance of adaptability and teamwork in overcoming unexpected obstacles, emphasizing how diverse communication styles can enhance the effectiveness of security operations. [Dec 15, 2025] 00:00 - Intro 00:34 - Shelby Dacko Intro - LinkedIn: https://www.linkedin.com/in/shelbydacko/ 01:18 - Intro Links: - Social-Engineer.com- http://www.social-engineer.com/ - Offensive Security Vishing Services -https://www.social-engineer.com/offensive-security/vishing/ - Offensive Security SMiShing Services -https://www.social-engineer.com/offensive-security/smishing/ - Offensive Security Phishing Services -https://www.social-engineer.com/offensive-security/smishing/ -...
Ep. 332 - Human Element Series - Health, Fitness and Mindset with Toby Wright
Today we are joined by Toby Wright. Toby is an online coach and personal trainer with a passion for mental health. Toby believes true wellness begins from the inside out. Blending evidence-based training with a focus on mental health and mindset. [Dec 8, 2025] 00:00 - Intro 00:26 Dr. Abbie Maroo Intro 00:51 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Offensive Security Vishing Services -https://www.social-engineer.com/offensive-security/vishing/ - Offensive Security SMiShing Services -https://www.social-engineer.com/offensive-security/smishing/ - Offensive Security Phishing Services -https://www.social-engineer.com/offensive-security/smishing/ - Call Back Phishing -https://www.social-engineer.com/offensive-security/call-back-phishing/ - Adversarial Simulation Services -https://www.social-engineer.com/offensive-security/adversarial-simulation/ - Social Engineering Risk Assessments -https://www.social-engineer.com/offensive-security/social-engineering-risk-assessment/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb -...
Ep. 331 - The Doctor Is In Series - What Is Cognitive Dissonance?
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Dr. Abbie explore cognitive dissonance, focusing on its impact on self-concept and emotional regulation. They discuss how dissonance occurs when actions conflict with core beliefs, creating psychological tension. Emphasizing self-awareness and reflection, they warn against rationalizing harmful behaviors and highlight the importance of embracing discomfort for personal growth and identity development. [Dec 1, 2025] 00:00 - Intro 00:26 - Dr. Abbie Maroo Intro 00:43 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Offensive Security...
Ep. 330 - The 4th Monday Series - Is Your Pet In Pain? with Dr. Liz Moses
Welcome to the Social-Engineer Podcast: The 4th Monday Series with Chris Hadnagy and Mike Holfeld. Chris and Mike will be covering cutting edge global news to help people remain safe, secure and knowledgeable in a world where it is hard to know what is real and what is fake news. Today Chris and Mike are joined by Dr. Liz Moses. Dr. Moses is an emergency veterinarian at Veterinary Emergency Group (VEG) in South Tampa, where she helps pets and their families through some of their most urgent and stressful moments. A graduate of the University of Prince Edward Island's Atlantic...
Ep. 329 - Security Awareness Series - Mistakes, AI and Empathy: Being a Powerful Leader with Michelle Li
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Michelle Li. Chris and Michelle delve into the transformative role of AI in social engineering, highlighting both its potential and pitfalls. Their conversation emphasizes the critical need for empathy in leadership and the importance of maintaining human-centric processes in an increasingly automated world. [Nov 17, 2025] 00:00 - Intro 00:27 - Intro Links: - Social-Engineer.com- http://www.social-engineer.com/ - Offensive Security Vishing Services -https://www.social-engineer.com/offensive-security/vishing/ - Offensive Security SMiShing Services -https://www.social-engineer.com/offensive-security/smishing/ - Offensive Security Phishing Services -https://www.social-engineer.com/offensive-security/smishing/ - Call Back Phishing -https://www.social-engineer.com/offensive-security/call-back-phishing/ - Adversarial Simulation Services -https://www.social-engineer.com/offensive-security/adversarial-simulation/ - Social Engineering...
Ep. 328 - Human Element Series - Empathy Communication and Storytelling with Tanya Van Cott
Today we're joined by Tanya Van Cott. Tanya is a New Yorkbased architect, industrial designer, and educator whose work explores how design and storytelling can drive social change. A graduate of Pratt Institute, Tanya has been recognized by the National Endowment for the Arts with a Presidential Design Achievement Award and has been published for her innovative approach to interdisciplinary design. Before launching her own practice and press, WomanBecool PRESS, she honed her skills at world-renowned studios Pentagram and Lippincott. Through both design and the written word, Tanya examines how disruptive technologies shape our lives often through the eyes of...
Ep. 327 - The Doctor Is In Series - Healthy vs. Obsessive Ambition
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Dr. Abbie discuss the complexities of ambition, emphasizing its connection to identity and intrinsic motivation. They explore how ambition can be healthy or obsessive, influenced by personality traits and life experiences. Their conversation warns against destructive ambition, which can harm relationships and ethical standards, and stresses the importance of regularly redefining success to maintain a healthy balance. [Nov 3, 2025] 00:00 - Intro 00:45 - Dr. Abbie Maroo Intro 01:01 - Intro Links...
Ep. 326 - The 4th Monday Series - Back From The Dead with Carrie Hatton
Welcome to the Social-Engineer Podcast: The 4th Monday Series with Chris Hadnagy and Mike Holfeld. Chris and Mike will be covering cutting edge global news to help people remain safe, secure and knowledgeable in a world where it is hard to know what is real and what is fake news. Today Chris and Mike are joined by Carrie Hatton. Carrie lives in Northeastern PA near Lake Wallenpaupack. A single mother of two boys, Carrie became disabled in 2021 after a severe case of COVID-19. She was hospitalized for three months, during which doctors had declared her clinically dead. A former...
Ep. 325 - Security Awareness Series - A Crystal Ball for Mitigating Threats With Chris and Carter
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Carter Zupancich. Chris and Carter explore the evolving landscape of social engineering threats, focusing on the rise of vishing attacks and the role of AI in enhancing these tactics. Their discussion underscores the importance of empowering employees as a human firewall and the need for continuous education and testing to strengthen organizational security. [Oct 20, 2025] 00:00 - Intro 00:31 - Carter Zupancich Intro - Website: https://carterzupancich.com/ 01:30 - Intro Links: - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/...
Ep. 324 - Human Element Series - It Cant Be About Me with Jay Izso
Today we are joined by Jay Izso. Jay is a high-energy mindset and resilience coach, keynote speaker, bestselling author, and media personality. Known as "Coach Jay," he helps people shift their thinking, master their mindset, and unlock their potential in business and life. Drawing on his background in psychology and years of coaching leaders, entrepreneurs, and athletes, Jay blends humor, science, and real-world stories that resonate with audiences everywhere. As the host of A New Direction and Real Estate Right Now, he's built a reputation for engaging conversations that inspire action, growth, and results. [Oct 13, 2025] 00:00 - Intro...
Ep. 323 - The Doctor Is In Series - Dreams Placebo and Deja Vu
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Dr. Abbie explore the intriguing phenomena of dreams, the placebo effect, and dj vu. They delve into the mysteries of why dreams can feel more emotionally intense than reality, how belief can trigger real physiological changes, and the perplexing sensation of dj vu that leaves us questioning our memories. Through engaging discussions, they uncover what science knows and the many questions that remain unanswered about these fascinating topics. [Oct 6, 2025] 00:00 -...
Ep. 296 - Human Element Series - The Imagination Dilemma with Dr. Lydia Kostopoulos REPLAY
REPLAY (Original Air Date March 10, 2025) Today we are joined by Dr. Lydia Kostopoulos. Dr. Kostopoulos is a globally recognized strategist that brings clarity and context as to what is on the horizon. Her unique expertise at the intersection of emerging technology, security and macro-trends has been sought by the United Nations, U.S. Special Operations, the European Commission, NATO, multi-nationals, tech companies, design agencies, academia, such as MIT and Oxford Sad Business School, and foreign governments. She helps her clients understand new technologies, emerging value chains, and contextualizes the convergences of our time. She founded the boutique consultancy Abundance...
Ep. 322 - The 4th Monday Series - Is Your Vintage Game Worth 30000? with Ryan Rosenzweig
Welcome to the Social-Engineer Podcast: The 4th Monday Series with Chris Hadnagy and Mike Holfeld. Chris and Mike will be covering cutting edge global news to help people remain safe, secure and knowledgeable in a world where it is hard to know what is real and what is fake news. Today Chris and Mike are joined by Ryan Rosenzweig. Ryan is the 26 years old CEO of C10 Toys and Games, which he started when he was just 16 years old. Based out of Orlando FL, he specializes in Video games, Pokemon cards and Funko pops. [Sept 22, 2025] 00:00...
Ep. 321 - Security Awareness Series - Trust But Verify Even Under Abnormal Circumstances: A Red Team Story with Chris and Faith
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Faith Kent. Together, they delve into the critical role of effective communication, the art of role adaptation, and the psychological dynamics in crisis situations. The conversation highlights the importance of proactive preparedness and fostering trust within teams to tackle challenges with confidence. [Sept 15, 2025] 00:00 - Intro 00:42 - Faith Kent Intro 01:21 - Intro Links: - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 03:09 -...
Ep. 320 - Human Element Series - Using Gestures To Enhanced Communications with Lauren Gawne
Today we are joined by Lauren Gawne. Lauren is a Senior Lecturer in linguistics at La Trobe University. Her work focuses on understanding how people use gestures and grammar, with a particular focus on cross-cultural gesture use. Lauren also does research on emoji, scicomm and the grammar of Tibetan languages in Nepal. [Sept 8, 2025] 00:00 - Intro 01:40 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 02:40 - Lauren Gawne Intro 03:02 - Foreign Gestures 03:59...
Ep. 319 - The Doctor Is In Series - Can You Trust Your Gut? - All About Intuition
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie delve into the fascinating world of intuition and gut feelings. They explore whether these instincts are rooted in biology or shaped by past experiences and discuss the science behind how our brains process environmental cues to make quick decisions. [Sept 1, 2025] 00:00 - Intro 00:44 - Dr. Abbie Maroo Intro 01:02 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ -...
Ep. 318 - The 4th Monday Series - Finding Stable Employment in a Crazy Economy with Bobby Knost
Welcome to the Social-Engineer Podcast: The 4th Monday Series with Chris Hadnagy and Mike Holfeld. Chris and Mike will be covering cutting edge global news to help people remain safe, secure and knowledgeable in a world where it is hard to know what is real and what is fake news. Today Chris and Mike are joined by Bobby Knost. Bobby is a proud member of the Iron Workers Local Union 808, which represents workers across eight counties in Central Florida. He has been a Union Iron Worker since 1985 and currently serves as the Business Manager of Local 808, a...
Ep. 317 - Security Awareness Series - Are You Ready For A Breach? with Jowan and Chris
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Jowan Joseph. Chris and Jowan discuss the importance of effective communication, role adaptation, and the psychological aspects of crisis situations. The discussion emphasizes the need for proactive preparedness and building trust within teams to navigate challenges effectively. [Aug 18, 2025] 00:00 - Intro 00:32 - Jowan Joseph Intro 00:44 - New Format 01:24 - Intro Links: - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 03:08 - Tabletop...Child's...
Ep. 316 - Human Element Series - Do It Scared, But Do It Anyway with Shang Saavedra
Today we are joined by Shang Saavedra, the Founder and CEO of Save My Cents, an influential personal-finance website and social-media platform. Saavedra teaches readers the key habits and behaviors needed to become less fearful of money and live life with joy. Saavedra was named one of the "25 Most Influential New Voices of Money" by TIME/NextAdvisor in 2022 and is an Expert Reviewer and Contributor at CNET Money. She received her bachelor's degree in economics from Harvard and her MBA from the University Of Chicago Booth School Of Business. Saavedra and her husband finished saving for their retirement by...
Ep. 315 - The Doctor Is In Series - Love at First Sight, Is it Possible?
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie explore the complexities of attraction and the concept of love at first sight. They discuss the biochemical responses associated with attraction, the importance of understanding cognitive biases, and the role of familiarity in relationships. [Aug 4, 2025] 00:00 - Intro 00:35 - Dr. Abbie Maroo Intro 01:15 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb...
Ep. 314 - The 4th Monday Series - What Can You Do If Your Accounts Are Hacked? with Congressman Darren Soto
Welcome to the Social-Engineer Podcast: The 4th Monday Series with Chris Hadnagy and Mike Holfeld. Chris and Mike will be covering cutting edge global news to help people remain safe, secure and knowledgeable in a world where it is hard to know what is real and what is fake news. Today Chris and Mike are joined by Congressman Darren Soto. Darren Soto is the representative for Florida's Ninth Congressional District, covering Osceola and parts of Orange and Polk Counties. He currently serves on the House Committee on Energy and Commerce and the House Committee on Natural Resources. Additionally, Darren is...
Ep. 313 - Security Awareness Series - The Importance of Securing Virtual Events With Trent Waterhouse
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Trent Waterhouse. Trent is the CMO of GlobalMeet, a leading virtual event technology company with a scalable, flexible, and secure hybrid event streaming platform built and supported by experienced event experts. Trent has a proven track record of driving growth and innovation with 35 years of expertise leveraging a field sales marketing model that aligns sales, marketing, and R&D to think like a customer, act like a partner, and measure success through customer satisfaction and net promoters. Built for growth, Trent's unique blend of technology understanding and...
Ep. 312 - Human Element Series - Having a Hunger to Serve with Doug Thorpe
Today we are joined by Doug Thorpe. Doug is an experienced leadership coach, business advisor, and speaker who focuses on helping small to mid-size business owners and executives develop their leadership capabilities. With decades of experience in banking, finance, and business management, Thorpe transitioned to coaching and advisory services to help others navigate their professional growth journeys. [July 14, 2025] 00:00 - Intro 00:16 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 01:35 - Doug Thorpe Intro...
Ep. 311 - The Doctor Is In Series - The Scientific Keys To Happiness with Dr. Paul Zak
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are joined by Dr. Paul J Zak. Dr. Zak is in the top 0.3% of most cited scientists. For over two decades Paul's research has extended the boundaries of behavioral neuroscience and that has taken him from the Pentagon to Fortune 500 boardrooms to the rainforests of Papua New Guinea. Besides his academic appointment, he is a 4-time tech entrepreneur. In 2017 he founded Immersion Neuroscience, a software platform that allows anyone...
Ep. 250 - Human Element Series - Rationalize Minimalize and Project with Agent Brad Beeler REPLAY
REPLAY (Original Air Date March 11, 2024) Today we are joined by Agent Brad Beeler. Assistant to the Special Agent in Charge Brad Beeler has been with the United States Secret Service for the past 25 years. He currently serves as instructor and Secret Service liaison at the National Center for Credibility Assessment (NCCA) at Fort Jackson, South Carolina. Over the past 8 years in this role, he has trained agents throughout the federal law enforcement and intelligence community in credibility assessment and elicitation techniques. Prior to arriving at NCCA, he was a polygraph examiner in the Chicago and St....
Ep. 310 - The 4th Monday Series - Are You Ready for the Storm? with Lisa Miller
Welcome to the Social-Engineer Podcast: The 4th Monday Series with Chris Hadnagy and Mike Holfeld. Chris and Mike will be covering cutting edge global news to help people remain safe, secure and knowledgeable in a world where it is hard to know what is real and what is fake news. Today Chris and Mike are joined by Lisa Miller, a former Deputy Insurance Commissioner for Florida who is a disaster insurance and recovery expert. She consults with insurance companies that represent about a quarter of Florida's six million personal and commercial residential policies. Her Tallahassee, Florida-based firm, Lisa Miller &...
Ep. 279 - Security Awareness Series - Dodging Turkeys and Security Awareness with Stacey Edmonds REPLAY
REPLAY (Original Air Date Oct 21, 2024) Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Stacey Edmonds. Stacey is a multi-disciplinary EdTech innovator and Digital Safety Pioneer, driven by a commitment to democratizing knowledge. Stacey's expertise, encompassing social science, education, EdTech, and multi-platform screen production, culminated in the founding of Lively, which we will hear all about on this podcast. Since 2002, Stacey has been designing and delivering enterprise-wide cyber safety upskilling programs. In 2023, embodying her mission to make knowledge accessible, Stacey launched 'Dodgy or Not?' a social enterprise offering an engaging approach to...
Ep. 308 - Human Element Series - Finding Common Ground With Lonnie Marts
Today we are joined by Lonnie Marts. Lonnie is an American creator, entertainer, and host known for his magnetic charm and comedic storytelling. His unique ability to engage audiences has catapulted him to digital stardom, with nearly 3 million highly engaged fans tuning in daily for his comedic skits and feel-good content on social media. A graduate of Embry-Riddle with an MBA, Lonnie's impact goes beyond content creation. He's been featured in "Forbes" and "Rolling Stone" and recently earned recognition for his work in DoorDash's Cannes Award-winning Super Bowl campaign. Lonnie continues to expand his reach and has received recognition...
Ep. 307 - The Doctor Is In Series - Why is the Road to Self-Betterment So Lonely
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing why change can feel so lonely? They will talk about what triggers growth in people, the amount a person can actually change and how loneliness plays a role in this growth. [June 2, 2025] 00:00 - Intro 00:47 - Dr. Abbie Maroo Intro 01:06 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb -...
Ep. 306 - The 4th Monday Series - Changing The Game - New Sport Tech with Seth Daniels
Welcome to the Social-Engineer Podcast: The 4th Monday Series with Chris Hadnagy and Mike Holfeld. Chris and Mike will be covering cutting edge global news to help people remain safe, secure and knowledgeable in a world where it is hard to know what is real and what is fake news. Today Chris and Mike are joined by Seth Daniels. Seth is the Director of Customer Experience and a founding employee of Rapsodo Inc., an industry leader in sports technology. Seth helped launch Rapsodo in the United States in 2015, particularly on the Diamond Sports side focusing on baseball and softball....
Ep. 305 - Security Awareness Series - Using Empathy to Not Become a Mushroom with Julie Chatman
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Julie Chatman. Julie is a distinguished cybersecurity executive with nearly two decades of experience in cybersecurity strategy, risk management, and AI governance. She began her career in the U.S. Navy, serving on active duty as a Hospital Corpsman specializing in Medical Laboratory Science & Technology. Her transition into cybersecurity began at the FBI, where strong mentorship shaped her approach to leadership, problem solving, and talent development. She currently serves as the Deputy Chief Information Security Officer for Finance at the Virginia Information Technologies Agency (VITA), where she...
Ep. 304 - Human Element Series - Dr. Intergalactic and Using AI to Save The World with Dr. Jose Morey
Today we are joined by Jos Morey, M.D. Dr. Morey is Chief Executive Officer and Founder of Ad Astra Media LLC, an Eisenhower Fellow, and Co-Founder of Ever Medical Technologies. He is a health and technology keynote speaker, author, and consultant for NASA, Forbes, MIT, the United Nations World Food Program and the White House Office of Science and Technology Policy. He is considered the world's first Intergalactic Doctor and is often featured on Forbes, Univision, CNBC, and NASA360. He coined Puerto Rico as the future "Silicon Island" as appeared in Forbes, The Weekly Journal, Reddit and Hispanic Executive. Additionally,...
Ep. 303 - The Doctor Is In Series - Emotional Regulation in the Workplace
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing Emotional Regulation in the Workplace. They will talk about the different strategies that can be used to help, not just at work, but in most areas of our lives. [May 5, 2025] 00:00 - Intro 00:38 - Dr. Abbie Maroo Intro 00:57 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/...
Ep. 302 - The 4th Monday Series - From Scam Victim to Investment Guru with Kayla Lussier
Welcome to the Social-Engineer Podcast: The 4th Monday Series with Chris Hadnagy and Mike Holfeld. Chris and Mike will be covering cutting edge global news to help people remain safe, secure and knowledgeable in a world where it is hard to know what is real and what is fake news. Today Chris and Mike are joined by Kayla Lussier. Kayla is the co-founder of Money Match, a platform championing financial wellness by connecting real estate investors and small businesses with the capital they need to thrive. Her 15 years in healthcare as a nurse practitioner have instilled in her a...
Ep. 301 - Security Awareness Series - Leadership Relationships and Becoming a CISO with Travis Farral
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Travis Farral. Travis has been working in information security since the 90s at places such as Nokia, ExxonMobil, and XTO Energy. He is currently VP & CISO at Archaea Energy, a bp owned, renewable natural gas company based in Houston, Texas. He has spoken at events around world on topics such as Cyber Threat Intelligence, MITRE ATT&CK, and Incident Response. Notable activities during his career include everything from programming logic controllers, building and leading SOCs, driving forklifts, standing up cybersecurity teams, developing threat intelligence programs, and handling...
Ep. 300 - Human Element Series - Celebrating 300 Episodes of The Social Engineer Podcast
Today we are celebrating our 300th episode! Chris will be joined by some friends as he discusses how the podcast got started - back in 2009, how it has evolved, including the creation of multiple series, and the direction for the future. [April 14, 2025] 00:00 - Intro 00:22 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 02:45 - Social-Engineer Origin Story 03:59 - The Human Element Series 05:34 - The Security Awareness Series 06:03 - The...
Ep. 299 - The Doctor Is In Series - Why Do We Cry?
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing Why Do We Cry? They will talk about the psychological and biological influence on our crying, as well as those that cry too much, too little, and how to get support to find the right balance. [April 7, 2025] 00:00 - Intro 00:16 - Dr. Abbie Maroo Intro 00:31 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer...
Ep. 260 - The SE ETC Series - Suffering Through a Romance Scam with Nadja El Fertasi REPLAY
REPLAY (Original Air Date May 27, 2024) *Please note that this episode contains discussions regarding abuse that some may find disturbing. Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Join Chris as he discusses topics and news pertaining to the world of Social Engineering. Today, Chris is joined by Nadja El Fertasi. Nadja is a leading figure in fostering emotional resilience within the digital age. Her comprehensive expertise spans crisis management, strategic...
Ep. 297 - Security Awareness Series - Quantifying and Owning Risk with Roy Luongo
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Roy Luongo. Roy is the Chief Information Security Officer for the United States Secret Service. He leads a team in the defense and information assurance of all USSS information systems and solutions. Prior to his current role he was the Director, Joint Mission Operations Center for Cyber Command, providing oversight of mission critical Cyber Operations infrastructures. He has also served as Chief, NSA Red Team and Technical Director for Interactive Operations for the NSA. Roy is a retired Army soldier with 20 years' service within the Intelligence...
Ep. 296 - Human Element Series - The Imagination Dilemma with Dr. Lydia Kostopoulos
Today we are joined by Dr. Lydia Kostopoulos. Dr. Kostopoulos is a globally recognized strategist that brings clarity and context as to what is on the horizon. Her unique expertise at the intersection of emerging technology, security and macro-trends has been sought by the United Nations, U.S. Special Operations, the European Commission, NATO, multi-nationals, tech companies, design agencies, academia, such as MIT and Oxford Sad Business School, and foreign governments. She helps her clients understand new technologies, emerging value chains, and contextualizes the convergences of our time. She founded the boutique consultancy Abundance Studio and has experience working in the...
Ep. 295 - The Doctor Is In Series - Bystander Effect
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing the Bystander Effect. They will talk about the many different ways it presents itself as well as how to avoid it and what you can do if you find yourself victim of it. [March 3, 2025] 00:00 - Intro 00:14 - Dr. Abbie Maroo Intro 00:45 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK-...
Ep. 294 - The 4th Monday Series - Accidentally Wes Anderson with Wally Koval
Welcome to the Social-Engineer Podcast: The 4th Monday Series with Chris Hadnagy and Mike Holfeld. Chris and Mike will be covering cutting edge global news to help people remain safe, secure and knowledgeable in a world where it is hard to know what is real and what is fake news. Today Chris and Mike are joined by Wally Koval. Wally is the founder and creator of Accidentally Wes Anderson (AWA), a popular visual storytelling platform inspired by filmmaker Wes Anderson's distinctive aesthetic. Since its launch on Instagram in 2017, AWA has grown into a global community of nearly two million...
Ep. 293 - Security Awareness Series - From Banker to Spy to Cyber Security Expert with Peter Warmka
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Peter Warmka. Peter is a Former Senior Intelligence Officer with the CIA with over 20 years' experience in breaching the security of organizations overseas. Peter is the founder of the Orlando-based firm Counterintelligence Institute, LLC and an Adjunct Professor at Webster University's Masters Cybersecurity Program. Peter is passionate about using his expertise in helping city, state, and federal government entities, non-profits, academic institutes, private companies, and individuals safeguard their sensitive proprietary and/or personal data. He is also the author of two books. [Feb 17, 2025] 00:00 -...
Ep. 292 - Human Element Series - Rejection is Protection with Erica Rooney
Today we're joined by Erica Rooney, a leadership dynamo and gender equality advocate who's breaking barriers and inspiring infinite possibilities. With over 15 years as an executive, Erica is renowned for tackling 'sticky floors'the limiting beliefs that hold us backand smashing through glass ceilings. She's a sought-after speaker, bestselling author, and coach on a mission to help people rewrite their narratives and step boldly into their full potential. [Feb 10, 2025] 00:00 - Intro 00:21 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb...
Ep. 291 - The Doctor Is In Series - The Power of Shame with Megan Barry
Welcome to the Social-Engineer Podcast: The Doctor Is In Series - where we will discuss understandings and developments in the field of psychology. In today's episode, Abbie is joined by Megan Barry. Megan Barry is the former mayor of Nashville, TN, the first woman to be elected to the office. While she was in office, she lost her only son, Max, to a drug overdose. Since leaving her position, Barry is working to combat the shame and guilt that comes from the loss of her son and to help those who struggle with substance use disorder and their loved ones...
Ep. 290 - The In This Corner Series - Staying Safe in a Crazy World
Welcome to the Social-Engineer Podcast: The In This Corner Series with Chris Hadnagy and Mike Holfeld. Chris and Mike will be covering cutting edge global news to help people remain safe, secure and knowledgeable in a world where it is hard to know what is real and what is fake news. Today Chris and Mike are joined by Sheriff Kevin Beary, a retired Sheriff from Orange County, Florida after sharing 49 years in law enforcement. He is a part of 5 generations of law enforcement and has worked for corporations such as the Kennedy Space Center. Throughout his career he...
Ep. 289 - Security Awareness Series - The Good The Bad and The Ugly CISOs with David Holtzman
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by David Holtzman. David has been the CTO for Network Solutions, Chief Scientist at IBM, CTO & Cybersecurity advisor to 2 presidential candidates, and a former intelligence agent. David is now advising on web3 and blockchain. [Jan 20, 2025] 00:00 - Intro 00:18 - Intro Links: - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 02:01 - David Holtzman Intro 02:30 - The Ever-Changing Threat Landscape 05:35 - Insecure...
Ep. 288 - Human Element Series - Making Difficult Conversations Easier with Andy Earle
Today we are joined by Andy Earle. Andy is the founder of the elite ghostwriting firm Write it Great. He and his team help people with Big Ideas write books that can change the way people think. He also hosts the Talking to Teens podcast, where he interviews authors about how to have difficult conversations with teenagers. [Jan 13, 2025] 00:00 - Intro 00:19 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 02:36 - Andy Earle Intro...
Ep. 287 - The Doctor Is In Series - The Effects of Procrastination
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing Procrastination. They will talk about what it is, the causes, and reasons of why we procrastinate and the many ways you can try to overcome it. [Jan 6, 2025] 00:00 - Intro 00:16 - Dr. Abbie Maroo Intro 00:41 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/...
Ep. 286 - Human Element Series - 2024 - Year of the SE
Welcome to the Social-Engineer Podcast: The Human Element Series. Today is our 2024 year-end wrap up, where we'll revisit some of the biggest stories of the past year as well as talk about some of our company's highlights. [Dec 9, 2024] 00:00 - Intro 00:17 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 02:31 - This Years' Stories 07:05 - The SE Podcast Recap - Ep. 253 - Understanding Human Behavior with Dr David Matsumoto - Artificial...
Ep. 285 - The Doctor Is In Series - You Need a Self-compassion Break to Increase Flow with Dr. Brent
Welcome to the Social-Engineer Podcast: The Doctor Is In Series - where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are joined by Dr. Brent Hogarth, Psy.D. Dr. Hogarth is a distinguished Clinical and Sport Psychologist and the founder of FlowRx, specializing in high-performance psychology. He has worked with elite athletes, corporate executives, and entrepreneurs to unlock their full potential through developing greater mindfulness, emotional regulation and executive functioning. With a Doctorate in Clinical Psychology and a Master's in Sport Psychology, Dr. Hogarth has coached over a 1,000 executives at the...
Ep. 224 - The SE ETC Series - Tips for Having Difficult Conversations with Chris and Patrick REPLAY
REPLAY (Original Air Date Aug 28, 2023) Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering.[August 28, 2023] 00:00 - Intro 00:21 - Patrick Laverty Intro 00:55 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb -...
Ep. 247 - Security Awareness Series - A Day In The Life of a Dark Web Threat Advisor with Mary D'Angelo REPLAY
REPLAY (Original Air Date Feb 19, 2024) Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Mary D'Angelo. Mary helps clients understand the threats that exist on the dark web and how to use that intelligence to bolster their cybersecurity programs. With a solid foundation from the University of Washington, where she earned her Bachelor's degree, Mary has rapidly ascended as a global leader at SearchLight Cyber. Her expertise, honed over six years, delves deep into understanding the nuances of dark web threat actors and their intelligence. Mary's and her company's insights and analyses have been...
Ep. 282 - Human Element Series - Sell Like A Spy with Jeremy Hurewitz
Jeremy Hurewitz spent the first decade of his career overseas building the media association Project Syndicate while based out of Prague and Shanghai. He spearheaded a business development strategy that saw the association grow from a few dozen member newspapers in mostly Eastern Europe, to a truly global association of over 300 newspapers in over 100 countries. When returning to the US, Jeremy worked for several well-known global consulting firms in the world of corporate security. These companies are staffed by former intelligence officers and Jeremy worked closely with these former spies. In addition to former spies, his colleagues included...
Ep. 281 - The Doctor Is In Series - Sticks, Stones, Words and Broken Bones
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing Bullying. They will talk about what bullying is, the difference between bullying and just being mean and the psychological impact it can have on people, as well as what we can do about it. [Nov 4, 2024] 00:00 - Intro 00:16 - Dr. Abbie Maroo Intro 00:42 - Intro Links Social-Engineer.com- http://www.social-engineer.com/ Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb CLUTCH- http://www.pro-rock.com/ innocentlivesfoundation.org-...
Ep. 280 - The SE ETC Series - What Can You Do If You Are Involved In A Breach?
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Join Chris as he discusses topics and news pertaining to the world of Social Engineering. [Oct 28, 2024] 00:00 - Intro 00:24 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 03:25 - Gmail Takeover Scam 06:19 - Fidelity Data Breach 07:28...
Ep. 279 - Security Awareness Series - Dodging Turkeys and Security Awareness with Stacey Edmonds
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Stacey Edmonds. Stacey is a multi-disciplinary EdTech innovator and Digital Safety Pioneer, driven by a commitment to democratizing knowledge. Stacey's expertise, encompassing social science, education, EdTech, and multi-platform screen production, culminated in the founding of Lively, which we will hear all about on this podcast. Since 2002, Stacey has been designing and delivering enterprise-wide cyber safety upskilling programs. In 2023, embodying her mission to make knowledge accessible, Stacey launched 'Dodgy or Not?' a social enterprise offering an engaging approach to digital safety education. She continues to bridge...
Ep. 278 - Human Element Series - Biohacking and the Benefits of Wine with Melanie Avalon
Today we are joined by Melanie Avalon. Melanie is an actress, health influencer, author, and host of "The Melanie Avalon Biohacking Podcast," "The Intermittent Fasting Podcast," and "The Mind Blown Podcast." Melanie created the top Apple app "Food Sense Guide," and founded the supplement line AvalonX. Melanie has appeared on the cover of Biohackers Update Magazine, as a featured speaker in Dave Asprey's Biohacking Conference, and in numerous publications including USA Today, Forbes, LA Weekly, Entrepreneur, CNBC and Fox. [Oct 14, 2024] 00:00 - Intro 00:16 - Intro Links Social-Engineer.com- http://www.social-engineer.com/ Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ AdversarialSimulations-...
Ep. 277 - The Doctor Is In Series - Developing Authentic Human Connections with Judd Shaw
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are joined by Judd Shaw. Judd is an adventurer, storyteller, and agent of change, blending his background as a lawyer and President of Judd Shaw Injury Law with a passion for human connection. With over two decades in law, Judd initially chased professional success, only to discover its hollow rewards without genuine human bonds. Through introspection, therapy, and collaboration with professionals, Judd developed the Connection Cure frameworka compass guiding individuals toward authentic...
Ep. 238 - Human Element Series - S.M.A.R.T Reading with Nick Hutchison REPLAY
REPLAY (Original Air Date Dec 11, 2023) Today we are joined by Nick Hutchison. Nick is the visionary force behind BookThinkers, a thriving 7-figure marketing agency bridging authors and readers. In just over 7 years, he has cultivated a platform reaching over 1,000,000 people monthly and hosts the top 2% global podcast, "BookThinkers: Life-Changing Books," featuring interviews with renowned authors like Grant Cardone and Lewis Howes. Nick's platform and services have empowered countless authors to reach millions of readers, driving substantial revenue growth. His services encompass video production, podcast booking, and social media brand building. With a mission to inspire...
Ep. 276 - The SE ETC Series - Breaches Breaches and More Breaches What Can You Do?
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Join Chris as he discusses topics and news pertaining to the world of Social Engineering. [Sept 23, 2024] 00:00 - Intro 00:18 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 02:44 - Payment System Attacks 05:40 - Now Freeze! 06:22 -...
Ep. 275 - Security Awareness Series - Bringing Light to Sim Swapping with Mark Kreitzman
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Mark Kreitzman. Mark is a seasoned cybersecurity veteran with over two decades of experience building robust security solutions. As General Manager of Efani, he safeguards mobile phone users from the escalating threat of SIM swap attacks. Mark's deep understanding of the evolving mobile landscape makes him a trusted authority on protecting privacy and securing communications in our increasingly connected world. [Sept 16, 2024] 00:00 - Intro 00:19 - Intro Links: - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ -...
Ep. 274 - Human Element Series - How a Ballet Dancer and AI Can Improve Your Nonverbals with Rachel Cossar
Today we are joined by Rachel Cossar. Rachel is a leader in the field of nonverbal communication and leadership presence facilitation. As a former nationally ranked athlete and professional ballet dancer, Rachel has a knack of translating unique skills into relatable business skills and competencies. Virtual Sapiens comes as an evolution of Rachel's combined work as founder of Choreography for Business, a nonverbal communication consulting firm as well as a faculty member with Mobius Executive Leadership and as a leadership presence facilitator with Ariel Group. Rachel has worked with leaders from GE, BCG, Pfizer, Accenture, McKinsey, HBS and more. [Sept...
Ep. 273 - The Doctor Is In Series - Secure or Insecure - What Is Your Attachment Style?
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing Attachment Styles. They will talk about the 4 different types, how they are caused and how to grow from an insecure to a secure style. [Sept 2, 2024] 00:00 - Intro 00:16 - Dr. Abbie Maroo Intro 00:49 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 03:49...
Ep. 272 - The SE ETC Series - Ransomware, Phishing and iOS - SE in the News!
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Join Chris as he discusses topics and news pertaining to the world of Social Engineering. [Aug 26, 2024] 00:00 - Intro 00:20 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 04:11 - Story 1: Keytronic Attack 05:46 - Story 2: CrowdStrike...
Ep. 271 - Security Awareness Series - Advocating for Non-Adversarial Security with Kimberly Sims
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Kimberly Sims. Kimberly is the Deputy CISO, Director of Cyber Operations and Cloud Security for American Century Investments. Kimberly has over 17 years' experience in the Financial Services sector. Prior to joining American Century, Kimberly ran the Information Security Program for the second-largest capital market's desk in the world, responsible for securing systems that process a trillion-dollar debt portfolio. Kimberly is an advisory member, and IT lead for the Charter for Veterans, a non-profit organization assisting recovering combat wounded veterans. She is an advocate for mentorship and...
Ep. 270 - Human Element Series - Depression Success and Empathy with Adam De Micco from Lorna Shore
Today we are joined by Adam De Micco. Adam is best known as the NJ Native who is the guitarist for the band Lorna Shore, which has risen to fame recently, bringing a new genre of music into the spotlight. [Aug 12, 2024] 00:00 - Intro 00:16 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 01:54 - Adam De Micco Intro 06:23 - Being Open 08:46 - Recognizing the Depths 11:34 - Changing Perspective 14:16 - Practicing...
Ep. 269 - The Doctor Is In Series - The Fears That Drive Self-Sabotage
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing Self-Sabotage. They will talk about the different ways people keep themselves from moving forward and how you can try to realign this misguided way of thinking. [Aug 5, 2024] 00:00 - Intro 00:17 - Dr. Abbie Maroo Intro 00:44 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/...
Ep. 228 - The SE ETC Series - How to Protect Your Kids from Online Dangers with Shane McCombs REPLAY
REPLAY (Original Air Date Sept 25, 2023) Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. Today, Chris and Patrick are joined by Shane McCombs. Shane leads the ILF with more than 25 years of experience in the tech industry, including more than a decade of experience in C-level roles. He led enterprise-wide...
Ep. 268 - The SE ETC Series - Phishing, Impersonation and Bad Actors - Oh My!
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Join Chris as he discusses topics and news pertaining to the world of Social Engineering. [July 22, 2024] 00:00 - Intro 00:22 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 03:28 - Story 1: Dynamic Phishing Link Attack 05:07 - Story...
Ep. 267 - Security Awareness Series - Own your YES and Find Your Passion with May Brooks-Kempler
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by May Brooks-Kempler. May is a cybersecurity expert who has transformed her early curiosity, hacking 90's computer games, into a distinguished cybersecurity career. As a board member of ISC2, an educator, a CISO and the founder of the Think Safe Cyber community, she is dedicated to making the online world a safer place for everyone. [July 15, 2024] 00:00 - Intro 00:19 - Intro Links: - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb -...
Ep. 266 - Human Element Series - Work in Progress with Dr. Abbie Maroo
Today we are joined by Dr. Abbie Maroo. Bringing a unique level of experience and scientific validation to her work, Dr. Maroo is both a scientist and a practitioner in the field of human behavior. The United States Department of State has recognized her international acclaim and record of extraordinary achievements, placing her in the top 1% of her field. Underscoring her recognized expertise, Dr. Abbie has been invited to provide specialized behavior analysis training for elite units such as the Internet Crimes Against Children (ICAC) Task Force. This prestigious group includes agents from the US Secret Service, FBI, Department...
Ep. 265 - The Doctor Is In Series - Psychology Says...
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing Psychological Myths. They will talk about some of the most pervasive myths in our society and how you can separate fact from fiction. [July 1, 2024] 00:00 - Intro 00:17 - Dr. Abbie Maroo Intro 00:41 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 03:54 - The...
Ep. 264 - The SE ETC Series - TicketMaster Healthcare and Threat Actors
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Join Chris as he discusses topics and news pertaining to the world of Social Engineering. [June 24, 2024] 00:00 - Intro 00:18 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 04:18 - Ticketmaster Breach - Breach Story 05:20 - Actionable Tips...
Ep. 263 - Security Awareness Series - Attitude Is Everything In Security with Sigita Jurkynait
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Sigita Jurkynait. Sigita works as Information Security Manager at Nord Security, where she is responsible for company's Information Security Management System, ensuring compliance with international standards and regulations, and security training and awareness. Previously, Sigita worked at Research and Education Network Association GANT, where she led a wide range of international projects and teams, information security community activities and Special Interest Groups. She organized cyber security trainings, conferences and workshops in Europe and Asian countries. Sigita was Director of CyberSOC at NRD Cyber Security prior to joining...
Ep. 262 - Human Element Series - From Hero to Heroin To Hero with Shawn Livingston
Today we are joined by Shawn Livingston. Shawn, a combat veteran, battled heroin addiction after serving his country, as seen in "100 Miles to Redemption." Now, he's a symbol of hope and strength, excelling as an ultra-runner and in fitness. He hosts the "I Am Redemption" podcast, providing a platform for stories of triumph and fostering community. Shawn also inspires through motivational speaking, spreading the message of resilience and redemption. His journey proves that no matter how far one falls, they can always rise again. [June 10, 2024] 00:00 - Intro 00:18 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed...
Ep. 261 - The Doctor Is In Series - Intrinsic vs Extrinsic Motivators
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing Intrinsic and Extrinsic Motivation. They will talk about the differences your source of motivation can have on your behavior and state of mind. [June 3, 2024] 00:00 - Intro 00:18 - Dr. Abbie Maroo Intro 00:35 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 03:35 - The...
Ep. 260 - The SE ETC Series - Suffering Through a Romance Scam with Nadja El Fertasi
*Please note that this episode contains discussions regarding abuse that some may find disturbing. Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Join Chris as he discusses topics and news pertaining to the world of Social Engineering. Today, Chris is joined by Nadja El Fertasi. Nadja is a leading figure in fostering emotional resilience within the digital age. Her comprehensive expertise spans crisis management, strategic stakeholder communication, and emotional intelligence, creating a...
Ep. 259 - Security Awareness Series - Listen Up Social Engineering Your Help Desk with Aaron Painter
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Aaron Painter. Aaron is the CEO of Nametag Inc., the company who invented "Sign in with ID" as a more secure alternative to passwords. After watching too many friends and family members fall victim to identity theft and online fraud, Aaron assembled a team of security experts to build the next generation of online account protection. Nametag has a mission to bring authenticity to the internet and enable people to build more trusted relationships. They believe security should be centered around you, the user, and that your...
Ep. 258 - Human Element Series - A Meta Conversation with Dr. Jade Thomas
Today we are joined by Dr. Jade Thomas, a Registered Psychologist in London, UK. By the age of 24, Dr. Jade became a university lecturer in Psychology and Mental Health and by the age of 25 she opened her own private psychological therapy practice, becoming the Clinical Director and Founder of Luxe Psychology Practice. Luxe Psychology Practice strives to modernize mental health services by offering every client with high quality, ethical, bespoke mental health care. Putting the client's experience first, ensuring all clients receive 5-star mental health care and a mental health treatment experience they can be proud of. Dr....
Ep. 257 - The Doctor Is In Series - Are You Overworking or Hiding From Your Emotions
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing Overworking. They will talk about the causes, symptoms and what you can do to combat it. [May 6, 2024] 00:00 - Intro 00:17 - Dr. Abbie Maroo Intro 00:47 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 04:37 - The Topic of the Day: Overworking 05:17 -...
Ep. 214 - Human Element Series - Augmented Reality and Thought Suppression with Dr. David Rawaf REPLAY (Original Air Date: June 12, 2023)
REPLAY (Original Air Date: June 12, 2023) Today we are joined by Dr. David Rawaf. Dr. Rawaf is a surgeon, researcher, technologist, innovator and policy developer. As well as studying and working in both UK and US, David is involved with Imperial College WHO Collaborating Centre (for Public Health Education & Training), as well as medical writing, research and hosting conferences. David has a role as Surgical Skill Faculty and is Centre Accredited by the Royal College of Surgeons. In addition, he is an abstract and content reviewer for a number of institutions including the Institute for Health Metrics and...
Ep. 256 - The SE ETC Series - 2024 State of Vishing Report Analysis with Chris and Dr. Abbie
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Join Chris as he discusses topics and news pertaining to the world of Social Engineering. [April 22, 2024] 00:00 - Intro 00:16 - Dr. Abbie Maroo Intro 00:40 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 03:24 - 2024 State of...
Ep. 255 - Security Awareness Series - Faking Reality: AI Deepfakes and the Future of Truth with Justin and Paul
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Paul Vann and Justin Marciano. Paul Vann is a seasoned cybersecurity professional, with experience across numerous emerging markets in the field. He has worked at a wide array of cybersecurity and software development startups, helping to ensure a more secure future for all. Paul additionally is passionate about emerging technologies in the space and was recognized as a Top rated Speaker at the RSA Conference in 2023. Justin Marciano is the Co-Founder and CEO of IdentifAI. Studying economics with a concentration in finance at the University of...
Ep. 254 - Human Element Series - The Origins of Empathy and How To Use It with Chris Voss
Today we are joined by Chris Voss. Mr. Voss is a former Lead FBI Negotiator and dynamic speaker who debunks the biggest myths of negotiation. Chris engages all groups with captivating stories, insights, and useful tips for business and everyday life. He has lectured on negotiation at business schools across the country and has been seen on ABC, CBS, CNN, and Fox News. Chris has also been featured in Forbes, Time, Fast Company, and Inc. Chris's Keynotes are based on his book Never Split The Difference. [April 8, 2024] 00:00 - Intro 00:20 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ -...
Ep. 253 - The Doctor Is In Series - Understanding Human Behavior with Dr. David Matsumoto
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are joined by Dr. David Matsumoto. Dr. Matsumoto, Director of Humintell, is a world-renowned expert in the fields of emotion, nonverbal behavior, deception, and culture. He received his bachelor's degree from the University of Michigan in 1981, double majoring in psychology and Japanese and receiving High Honors in both. He obtained his Masters (1983) and Doctoral (1986) degrees in Psychology from the University of California at Berkeley. He has been a Professor...
Ep. 252 - The SE ETC Series - Crypto, Phishing and SMiShing...Oh My
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Join Chris as he discusses topics and news pertaining to the world of Social Engineering. [March 25, 2024] 00:00 - Intro 00:18 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 04:48 - Ransomware: No Code of Conduct 06:50 - Education 07:52...
Ep. 251 - Security Awareness Series - Butchering The Pig Butchers with Josh Bown Rachel Jones
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris will be talking with Josh Brown and Rachel Jones, both from the Department of Homeland Security. They join us to discuss what Pig Butchering scams are and how we can protect ourselves. [March 18, 2024] 00:00 - Intro 00:18 - Intro Links: - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 02:13 - Josh Brown & Rachel Jones Intro 02:52 - Why the Secret Service? 03:44 - Pig Butchering 05:47 -...
Ep. 250 - Human Element Series - Rationalize Minimalize and Project with Agent Brad Beeler
Today we are joined by Agent Brad Beeler. Assistant to the Special Agent in Charge Brad Beeler has been with the United States Secret Service for the past 25 years. He currently serves as instructor and Secret Service liaison at the National Center for Credibility Assessment (NCCA) at Fort Jackson, South Carolina. Over the past 8 years in this role, he has trained agents throughout the federal law enforcement and intelligence community in credibility assessment and elicitation techniques. Prior to arriving at NCCA, he was a polygraph examiner in the Chicago and St. Louis Field Offices and served on the...
Ep. 249 - The Doctor Is In Series - Irrational Fears vs Phobias
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing Irrational Fears & Phobias. They will talk about the similarities, the differences, why some are necessary and how to overcome the ones that aren't. [March 4, 2024] 00:00 - Intro 00:21 - Dr. Abbie Maroo Intro 00:50 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 04:55 -...
Ep. 248 - The SE ETC Series - SE in the News - Tips Tricks
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Join Chris as he discusses topics and news pertaining to the world of Social Engineering. [Feb 26, 2024] 00:00 - Intro 00:33 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 03:06 - The New(s) Format 04:02 - Mother of All Breaches...
Ep. 247 - Security Awareness Series - A Day In The Life of a Dark Web Threat Advisor with Mary DAngelo
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Mary D'Angelo. Mary helps clients understand the threats that exist on the dark web and how to use that intelligence to bolster their cybersecurity programs. With a solid foundation from the University of Washington, where she earned her Bachelor's degree, Mary has rapidly ascended as a global leader at SearchLight Cyber. Her expertise, honed over six years, delves deep into understanding the nuances of dark web threat actors and their intelligence. Mary's and her company's insights and analyses have been instrumental in shedding light on the shadowy...
Ep. 246 - Human Element Series - The Way of The Hero with Layne Gneiting
Today we are joined by Layne Gneiting. Layne is just your average guy. His family's a tad bigger than most (he's got 8 kids), but he lives in a snug 1,800 square foot home in the heart of suburbia, and still wakes up in a panic most Friday mornings when the garbage truck rumbles down the street. However, Layne has a secret identity. Twice a year he straps on his super suita bicycle jerseyand sweeps executives and doctors into the biggest adventure of their lives. It came from his biggest kick in the butt: cycling across America. Now Layne's guided...
Ep. 245 - The Doctor Is In Series - I Trust You with Dr. Paul Zak
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are joined by Dr. Paul J. Zak. Dr. Zak is a University Professor at Claremont Graduate University and is in the top 0.3% of most cited scientists. Paul's two decades of research extending the boundaries of behavioral neuroscience have taken him from the Pentagon to Fortune 50 boardrooms to the rainforest of Papua New Guinea. His most recent book is Immersion: The Science of the Extraordinary and the Source of Happiness. Besides...
Ep. 202 - Human Element Series - As a Leader Are You REDI for the 3 C's with Gena Cox REPLAY (Original Air Date: March 13, 2023)
REPLAY (Original Air Date: March 13, 2023) Today we are joined by Gena Cox, PhD. Gena is a corporate adviser and executive coach known as a straight-shooter who also brings warmth and generosity of spirit to her partnerships. She guides CEOs, leaders, and boards as they respond to evolving stakeholder expectations and transformation driven by societal change and organic and M&A growth. Her differentiator is the nuanced insights and recommendations she brings from a lifetime of continuous multi-disciplinary learning, enabling her to offer clients uniquely invaluable insights. Her book, Leading Inclusion, is available wherever books are sold. The book catalyzes...
Ep. 244 - The SE ETC Series - Daytime Break In with Shelby Dacko PART 2
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. Today Chris and Patrick are once again joined by Shelby Dacko. Shelby is a Human Risk Analyst with SocialEngineer, LLC. Her specialties include vishing, OSINT work, educational material production, and public speaking. Notably, she has made over 20,000 vishing calls in her career. She...
Ep. 243 - Security Awareness Series - Be a Cultural Lightning Rod with Robert Wood
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by Robert Wood. Mr. Wood is the Chief Information Security Officer (CISO) for the Centers for Medicare and Medicaid Services (CMS). He leads enterprise cyber security, compliance, privacy, and counter intelligence functions at CMS and ensures the Agency complies with secure IT requirements while encouraging innovation. Mr. Wood has over 10 years of experience in information technology, information security and management consulting. Prior to CMS, Mr. Wood has built and managed several security programs in the technology sector. He was also formerly a Principal Consultant for...
Ep. 242 - Human Element Series - The Greatest Salesman in the World - Is It AI? with Tony UV
Today we are joined by Tony UcedaVlez. Tony UV is the co-creator of the Process for Attack Simulation & Threat Analysis and the CEO of VerSprite. Tony has over 25 years of IT/InfoSec work across a vast range of industries. He is also the OWASP leader for Atlanta, GA. [Jan 8, 2024] 00:00 - Intro 00:19 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 03:00 Tony UV Intro 03:34 Good in Chaos 05:28 VerSprite 06:18 Future Focus...
Ep. 241 - The Doctor Is In Series - Understanding Different Types of Trauma Bonding
Ep. 240 - The SE ETC Series - Swimming in Rivers and Stealing Trucks with Shelby Dacko
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. Today Chris and Patrick are joined by Shelby Dacko. Shelby is a Human Risk Analyst with SocialEngineer, LLC. Her specialties include vishing, OSINT work, educational material production, and public speaking. Notably, she has made over 20,000 vishing calls in her career. She holds a...
Ep. 239 - Security Awareness Series - Protecting Against the Perfect Storm with Marc Ashworth
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined once again by Marc Ashworth. Mr. Ashworth is the Senior Vice President and Chief Information Security Officer at First Bank, is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, author and a public speaker. He is a member of the Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. He is a former board officer for the St. Louis InfraGard Alliance. Possessing security...
Ep. 238 - Human Element Series - S.M.A.R.T. Reading with Nick Hutchison
Today we are joined by Nick Hutchison. Nick is the visionary force behind BookThinkers, a thriving 7-figure marketing agency bridging authors and readers. In just over 7 years, he has cultivated a platform reaching over 1,000,000 people monthly and hosts the top 2% global podcast, "BookThinkers: Life-Changing Books," featuring interviews with renowned authors like Grant Cardone and Lewis Howes. Nick's platform and services have empowered countless authors to reach millions of readers, driving substantial revenue growth. His services encompass video production, podcast booking, and social media brand building. With a mission to inspire readers to take action, Nick authored "Rise...
Ep. 237 - The Doctor Is In Series - Music and the Senses
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing music and the senses; how it can influence our mood, "seeing" sounds, and the various ways music can shape our health. [Dec 4, 2023] 00:00 - Intro 00:17 - Dr. Abbie Maroo Intro 01:15 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 04:39 - The Topic of...
Ep. 236 - The SE ETC Series - Vishing, Phishing and SMiShing...Oh My! - End of Year Threats
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [Nov 27, 2023] 00:00 - Intro 00:19 - Patrick Laverty Intro 00:50 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 04:33...
Ep. 235 - Security Awareness Series - An Empathetic Approach Security Culture with Stuart Archer
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by Stuart Archer. Stuart is a dynamic health care leader with a proven track record of quality improvement, growth and innovation. He began his health care career at the bedside as a nurse's aide, building within him a laser-like focus on a patient-first care model and building teams guided by empathy and compassion. He took the helm at Oceans Healthcare in 2015 and has since shepherded in a period of unprecedented improvement and growth. Oceans is now an industry leader, among very few behavioral health providers...
Ep. 234 - Human Element Series - Leadership Positivity and Amicable Defense with Laura Casselman
Today we are joined by Laura Casselman. Laura is the CEO of JVZoo.com and co-founder of Vidastreet LLC. Laura climbed the corporate ladder by mastering the rules of the "old boys club." More often than not, she beat them at their own game. She's been published in Inc. Magazine Entrepreneur, and her book, Trust Your Increments, is a Wall Street Journal Best Seller. Laura's companies have also been featured on the Inc. 5000's list of America's Fastest Growing Companies four times. [Nov 13, 2023] 00:00 - Intro 00:21 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ -...
Ep. 233 - The Doctor Is In Series - Mind-Body-Connect with Dr. Abbie and Erin Gray
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Dr. Abbie is being joined by Erin Gray. Erin is an internationally known actress, 70's super model and now founder of 'Heroes for Hire', a company representing celebrities for personal appearances worldwide. Erin went from being one of the original Sports Illustrated models, Breck Girls, Maxi Girl and the Bloomingdales spokesperson for ten years to being the lead actress in the feature film and TV series 'Buck Rogers in the 25th Century', quickly followed by...
Ep. 198 - Human Element Series - Using Compassion And Resiliency To Better Your Life with Dr. Cortney Warren REPLAY (Original Air Date: Feb 13, 2022)
Today we are joined by Dr. Cortney S. Warren, a board-certified clinical psychologist and former tenured associate professor of psychology at the University of Nevada, Las Vegas. Dr. Warren is an expert on addictions, self-deception, eating pathology, and the practice of psychotherapy from a cross-cultural perspective. With almost 50 peer reviewed journal articles, 7 book chapters, two books, and 75 professional presentations, Dr. Warren's work appears in some of the field's top journals. She has won some of the most prestigious awards in her field. In addition to publishing in scientific, peer-reviewed journals, Dr. Warren is passionate about bringing psychological...
Ep. 232 - The SE ETC Series - Preparing for a Red Team or SE Teaming Job
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [Oct 23, 2023] 00:00 - Intro 00:19 - Patrick Laverty Intro 01:10 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 03:51...
Ep. 187 - Security Awareness Series - A master class in CISO Communications with Marc Ashworth REPLAY (Original Air Date: November 21, 2022)
Marc Ashworth is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, is an author and a public speaker. He is a board member of the St. Louis Chapter of InfraGard, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy, possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. As the Senior Vice President and Chief Information Security Officer at First Bank, Marc currently oversees First Bank's information security, fraud, physical security, and the network services...
Ep. 230 - Human Element Series - Propaganda Branding and Social Media with Ryan McBeth
Today we are joined by Ryan McBeth. Ryan is a software architect, novelist, triathlete, and YouTuber. He makes videos on YouTube about Programming, Cybersecurity, OSINT and Military topics. Ryan spent 20 years as an anti-armor and heavy weapons infantryman with two overseas deployments. He also spent time performing C4ISR intelligence collection for various government customers and currently consults on intelligence collection and analysis methods. [Oct 9, 2023] 00:00 - Intro 00:22 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ -...
Ep. 229 - The Doctor Is In Series - A Beginners Course to Mimicry
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing mimicry. What it is, its multiple forms, and why we do it. [Oct 2, 2023] 00:00 - Intro 00:17 - Dr. Abbie Maroo Intro 01:17 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 07:45 - The Topic of the Day: Mimicry 08:04 - A Definition 09:04 -...
Ep. 228 - The SE ETC Series - How to Protect Your Kids from Online Dangers with Shane McCombs
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. Today, Chris and Patrick are joined by Shane McCombs. Shane leads the ILF with more than 25 years of experience in the tech industry, including more than a decade of experience in C-level roles. He led enterprise-wide initiatives within project management, customer relationship management...
Ep. 227 - Security Awareness Series - Having A Cyber Radar with Evan Blair
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by Evan Blair. He is the General Manager for Searchlight Cyber, which brings industry leading dark web intelligence & security capabilities to the commercial and government sectors. Mr. Blair, a seasoned international cyber security executive, previously held the role of Chief Revenue Officer at the secure communications & data management firm HighSide, co-founded, led and exited the cyber security & threat intelligence firm ZeroFox and ran Accuvant's global partner solutions division. He has been a fixture on Capitol Hill, working to advance legislation and funding for...
Ep. 226 - Human Element Series - Dont Wish It Was Easier Wish You Were Better with Mark Raffan
Today we are joined by Mark Raffan. Mark is an award winning negotiation trainer, speaker, podcast host, well known negotiation expert, and entrepreneur. He has coached executives and teams in some of the largest companies on the planet and has been featured in Entrepreneur, Forbes, Thrive Global, and Supply and Demand Chain Executive Magazine (as a 2021 pro-to-know). Additionally, Mark has appeared on dozens of podcasts, including Make it Happen Mondays, The Brutal Truth About Sales, and The Insider's Guide to Finance. [Sept 11, 2023] 00:00 - Intro 00:19 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/...
Ep. 225 - The Doctor Is In Series - The Psychology of Con Artists
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing the psychology of Con Artists. What motivates them, why people fall for them, and how you can protect yourself. [Sept 4, 2023] 00:00 - Intro 00:30 - Dr. Abbie Maroo Intro 01:11 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 04:58 - The Topic of the Day:...
Ep. 224 - The SE ETC Series - Tips for Having Difficult Conversations with Chris and Patrick
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [August 28, 2023] 00:00 - Intro 00:21 - Patrick Laverty Intro 00:55 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 07:20...
Ep. 179 - Security Awareness Series - Can You Really Prevent Burnout with Erin Maloney (Original Air Date: Sept 19, 2022)
(Original Air Date: Sept 19, 2022) Today we are joined byErin Maloney. Erin earned her Bachelor of Science degree in psychology from Saint Joseph's University in Philadelphia, PA. She then earned her master's degree in social work from Widener University in Chester, PA. Erin holds a license as a Licensed Clinical Social Worker. Erin has worked in the behavioral and mental health field for over 20 years. Her experience has included: case management, addiction counseling, behavioral specialty work, school based behavioral health services, and private practice. Erin has worked with a wide range of clients from young children to older...
Ep. 222 - Human Element Series - Art and Bias with Andi Schmied
Today we are joined by Andi Schmied. Andi is an urban designer and visual artist. With her installations and printed work, she explores the architectural framing of social space, and uncovers urban anomalies. These vary from areas that have deviated far from their originally planned function, utopian architectures or spaces of extreme privilege. Schmied graduated as an urban designer from the Bartlett School of Architecture (UCL, London) and is currently a PhD candidate at Moholy Nagy University of Arts and Design. Her latest book, Private Views: A High-Rise Panorama of Manhattan won the first prize in visual arts category of...
Ep. 221 - The Doctor Is In Series - The Psychology of Learned Helplessness
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing the psychology of Learned Helplessness. What it is, who's most at risk, and ways to cope with it. [Aug 7, 2023] 00:00 - Intro 00:20 - Dr. Abbie Maroo Intro 01:02 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 05:45 - The Topic of the Day: Learned...
Ep. 173 - Human Element Series - Empathetic Chameleons and Painful Lobsters with Laurie Segall (Original Air Date: July 11, 2022)
(Original Air Date: July 11, 2022) Today Chris is talking withLaurie Segall. Laurie is the founder of Dot Dot Dot, a media company focused on onboarding the mainstream into a new era of the internet, Web3. Laurie is an award-winning journalist who has interviewed the world's most influential tech leaders including Mark Zuckerberg and Tim Cook. Prior, she was CNN's senior tech correspondent, covering technology and culture for a decade and a former reporter for 60 Minutes. 00:00 - Intro - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on...
Ep. 220 - The SE ETC Series -Social Engineering in Everyday Life with Patrick and Chris
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [July 24, 2023] 00:00 - Intro 00:18 - Patrick Laverty Intro 00:53 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 12:40...
Ep. 219 - Security Awareness Series - Involve Me and Ill Understand with Ganesh Krishnan
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and Chris are joined by Ganesh Krishnan, a cybersecurity superhero with over 25 years of experience protecting the digital world from cyber threats. As a two-time founder with a track record of success at some of the world's top tech companies, he's earned a reputation as a thought leader at the forefront of cybersecurity. Now at the helm of Anzenna, his latest security startup, he's out to revolutionize the industry by making cybersecurity accessible to every employee, not just the security team. [July 17, 2023] 00:00 - Intro 01:01 -...
Ep. 218 - Human Element Series - Adjusting Your Conscious Experience with Patrick McAndrew
Today we are joined by Patrick McAndrew. As the Founder & CEO of HARA, Patrick focuses on developing the whole person, knowing that high performance is determined by how you live not just how you work. Patrick helps develop habits of mind to thrive in competitive environments. He has trained leaders and high-performing teams to bring more structure into their lives for greater: Focus; Energy; Productivity; Mental Resilience & Life Balance. With a background in corporate law, Patrick moved into sales, leading the expansion of BriteVenue across North America, the #1 venue software for weddings and events. In 2018, Patrick...
Ep. 217 - The Doctor Is In Series - The Truth about Detecting Deception
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing: Deception Detection. While there are many misconceptions about this topic, we are not completely in the dark; we are just not as good as we think. [July 3, 2023] 00:00 - Intro 00:18 - Dr. Abbie Maroo Intro 01:18 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/...
Ep. 216 - The SE ETC Series - Acting Your Way in Social Engineering with Curt Rosa Patrick and Chris
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [June 26, 2023] 00:00 - Intro 00:19 - Patrick Laverty Intro 00:58 - Practical Application for Social Engineering 02:37 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb...
Ep. 215 - Security Awareness Series - Do You Live in the City of NO with Jason Rebholz
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by Jason Rebholz. Jason is the Chief Information Security Officer at Corvus Insurance. He has over a decade of experience performing forensic investigations into sophisticated cyber attacks and helping organizations build secure and resilient environments. As Corvus's CISO, Jason leverages his incident response, security, and infrastructure expertise to drive security strategy and reduce the risk of security threats internally at Corvus and for Corvus's policyholders. Prior to joining Corvus, Jason held leadership roles at Mandiant, The Crypsis Group, Gigamon, and MOXFIVE [June 19, 2023] 00:00 -...
Ep. 214 - Human Element Series - Augmented Reality and Thought Suppression with Dr. David Rawaf
Today we are joined by Dr. David Rawaf. Dr. Rawaf is a surgeon, researcher, technologist, innovator and policy developer. As well as studying and working in both UK and US, David is involved with Imperial College WHO Collaborating Centre (for Public Health Education & Training), as well as medical writing, research and hosting conferences. David has a role as Surgical Skill Faculty and is Centre Accredited by the Royal College of Surgeons. In addition, he is an abstract and content reviewer for a number of institutions including the Institute for Health Metrics and Evaluation amongst a number of other scientific...
Ep. 213 - The Doctor Is In Series - Everything You Remember is False
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing: False Memories. Although memory processes and systems usually operate reliably, they are sometimes prone to distortions and illusions. Today's discussion will examine how and why this happens. [June 5, 2023] 00:00 - Intro 00:20 - Dr. Abbie Maroo Intro 01:02 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org-...
Ep. 161 - Human Element Series - Do You Want To Go Fast Or Far with Amy Herman (Replay)
(Original Air Date: 01/10/2022) This month Chris Hadnagy is joined by the fascinating Amy Herman. Amy is a lawyer and an art historian who uses works of art to sharpen observation, analysis, and communication skills. She developed her Art of Perception seminar in 2000 and since then has worked with the New York City Police Department, the FBI, Department of Defense, Fortune 500 companies and more. She is also a TED speaker and an author of 2 books. Her latest book, "Fixed: How to Perfect the Fine Art of Problem-Solving was just released in December of 2021. 00:00 Intro -...
Ep. 212 - The SE ETC Series -SE Book Club - Human Hacking with Patrick and Chris
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [May 22, 2023] 00:00 - Intro 00:18 - Patrick Laverty Intro 00:58 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 08:58...
Ep. 211 - Security Awareness Series - From Phreaker to InfoSec Pro with John Young
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by John Young. Like many security experts, John started out on the wrong side of the law by manipulating the AT&T phone system as a teenage phone phreak in New York City before he was scared straight by the FBI. His career started four decades ago in 1982, and by 1987 Young became the network director at McDonnell Douglas's $41.8 billion C-17 program. He eventually retired from IBM after a 30-year career in the corporate cyberwar trenches to launch his own company, CyberDef. Regarded as one...
Ep. 210 - Human Element Series - Data Driven Psychology and User Experience with Tommy Honton
Today we are joined by Tommy Honton. Tommy is a writer and experienced designer specializing in the intersection of interactivity and narrative. He has produced work around the world for audiences of all sizes and regularly lectures about design. He is also the co-creator of the award-winning escape room Stash House. [May 8, 2023] 00:00 Intro 00:22 Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 03:40 - Tommy Honton Intro 04:25 - How did Escape Rooms become your...
Ep. 209 - The Doctor Is In Series - The TRUTH Behind Conspiracy Theories
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing: Conspiracy theories. They will talk about what makes a Conspiracy Theory and why we believe them. [May 1, 2023] 00:00 - Intro 00:17 - Dr. Abbie Maroo Intro 00:59 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 04:45 - The Topic of the Day: The TRUTH Behind...
Ep. 208 - The SE ETC Series - The SE Framework: Its Origin and How To Use It with Patrick and Chris
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [April 24, 2023] 00:00 - Intro 00:25 - Patrick Laverty Intro 00:59 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 05:34...
Ep. 207 - Security Awareness Series - 2023 State of Vishing Report Discussion
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by Dr. Abbie Maroo. Dr. Maroo is now the Director of Education at Social-Engineer, LLC, an active member of internationally recognized research groups, and an expert consultant and advisor. Today, Chris, Ryan and Abbie will discuss the 2023 State of Vishing Report. [April 17, 2023] 00:00 - Intro 00:23 - Ryan Intro 01:20 - Intro Links: - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 04:42 -...
Ep. 206 - Human Element Series - Using Skip Tracing Skills in Everyday Life with Alex SkipGuru Price
Today we are joined by Alex "Skipguru" Price. Alex is a nationally recognized expert on the Art of Skip Tracing with over 35 years of experience in the skip-tracing, FinTech and Bail Bonds industries. He is a keynote speaker and author of the Skip-Tracers National Certification Program, Florida Public Records Guide, and the Military Installations Guide. Alex is a contributor for several industry magazines and post-pandemic, has become a popular content matter expert podcast guest. Currently he is the Director of Training and Development for LocateSmarter. He has become a highly sought-after speaker in the bail enforcement, private investigations and...
Ep. 205 - The Doctor Is In Series - Your Perception is Your Reality
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing: Social Perception. We will talk about what social perception is and how our reality is shaped by it. [April 3, 2023] 00:00 - Intro 00:22 - Dr. Abbie Maroo Intro 01:21 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 05:02 - The Topic of the Day: Perception...
Ep. 204 - The SE ETC Series - FUD or Empathy - What Makes Better Security with David Sherry
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [March 27, 2023] 00:00 - Intro 00:18 - Patrick Laverty Intro 01:01 - Intro Links - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ - innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 05:02...
Ep. 160 - Security Awareness Series - Go To The Source So There's No Remorse with Adam Levin (Original Air Date: 12/20/2021)
This month, Chris Hadnagy and Ryan MacDougall are joined by Adam Levin. Adam is a nationally recognized expert on cybersecurity, privacy, identity theft, fraud, and personal finance and has distinguished himself as a fierce consumer advocate for the past 50 years. Adam is the former Director of the New Jersey Division of Consumer Affairs, and currently is the founder of CyberScout and co-founder of Credit.com. He is also author of the critically acclaimed book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. Adam is also the host of the podcast What the Hack...
Ep. 202 - Human Element Series - As a Leader Are You REDI for the 3 Cs with Gena Cox
Today we are joined by Gena Cox, PhD. Gena is a corporate adviser and executive coach known as a straight-shooter who also brings warmth and generosity of spirit to her partnerships. She guides CEOs, leaders, and boards as they respond to evolving stakeholder expectations and transformation driven by societal change and organic and M&A growth. Her differentiator is the nuanced insights and recommendations she brings from a lifetime of continuous multi-disciplinary learning, enabling her to offer clients uniquely invaluable insights. Her book, Leading Inclusion, is available wherever books are sold. The book catalyzes executive leaders to drive inclusion from the...
Ep. 201 - The Doctor Is In Series - The Illusion of Rational Thought
Welcome to the Social-Engineer Podcast: The Doctor Is In Series - where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing: The Illusion of Rational Thought. We will discuss the positives and negatives of rational decision making, as well as the role our emotions play in our decision making processes. [March 6, 2023] 00:00 - Intro 00:22 - Dr. Abbie Maroo Intro 01:21 - Intro Links - Tuxcare tuxcare.com - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK-...
Ep. 200 - The SE ETC Series - Popular Scams And How They Work with Patrick and Chris
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [Feb 27, 2023] 00:00 - Intro 00:46 - Patrick Laverty Intro 01:40 - Intro Links - Tuxcare tuxcare.com - Social-Engineer.com- http://www.social-engineer.com/ - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb - CLUTCH- http://www.pro-rock.com/ -...
Ep. 199 - Security Awareness Series - Bitcoin and SIM Swap with Haseeb Awan
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by Haseeb Awan. Haseeb is the CEO & Founder of Efani Secure Mobile, a company that works with ultra-high-net-worth individuals on their Mobile Security. Previously, he co-founded one of the largest Bitcoin ATM networks. He has been featured on NYT, TechCrunch, Wall Street Journal, Hulu, and several international media outlets. [Feb 20, 2023] 00:00 - Intro 00:50 - Intro Links: - Social-Engineer.com- http://www.social-engineer.com/ - Tuxcare tuxcare.com - Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ - AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb -...
Ep. 198 - Human Element Series - Using Compassion And Resiliency To Better Your Life with Dr. Cortney Warren
Today we are joined by Dr. Cortney S. Warren, a board-certified clinical psychologist and former tenured associate professor of psychology at the University of Nevada, Las Vegas. Dr. Warren is an expert on addictions, self-deception, eating pathology, and the practice of psychotherapy from a cross-cultural perspective. With almost 50 peer reviewed journal articles, 7 book chapters, two books, and 75 professional presentations, Dr. Warren's work appears in some of the field's top journals. She has won some of the most prestigious awards in her field. In addition to publishing in scientific, peer-reviewed journals, Dr. Warren is passionate about bringing psychological...
Ep. 197 - The Doctor Is In Series - Information Elicitation
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing: Information Elicitation. We will discuss what it is, why it's so important to use 'science-based interviewing', and why approaches that encourage cooperation are better than manipulation of information retrieval. [Feb 6, 2023] 00:00 Intro 00:20 Dr. Abbie Maroo Intro 00:54 Intro Links Social-Engineer.com- http://www.social-engineer.com/ Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb CLUTCH- http://www.pro-rock.com/ org- http://www.innocentlivesfoundation.org/ 03:58 The Topic of the Day: Information...
Ep. 196 - SE Etc Series - The Role Of Empathy In Social Engineering with Patrick and Chris
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [Jan 30, 2023] 00:00 Intro 00:28 Patrick Laverty Intro 00:58 Intro Links Social-Engineer.com- http://www.social-engineer.com/ Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb CLUTCH- http://www.pro-rock.com/ org- http://www.innocentlivesfoundation.org/ 05:38 "You never know" 06:51 Todays Topic: The Role of Empathy...
Ep. 195 - Security Awareness Series - Social Engineering Forecast for 2023
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I will have a special discussion of the 2023 security landscape. [Jan 27, 2023] 00:00 Intro 00:27 Intro Links: Social-Engineer.com- http://www.social-engineer.com/ Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb CLUTCH- http://www.pro-rock.com/ innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 04:25 Don't Forget Ryan 05:11 What Are We Talking About: 2023 Edition 05:39 2022 Was Rough! 07:09 Getting Everyone Else Up To Speed 09:24 Hackers for Hire? 12:58 Economic Crisis = Rise in Cybercrime 15:10 Emotional Victimizing 18:08 Losing the Teachable Moment 20:42 Ransomware as a Growth Industry...
Ep. 194 - Human Element Series - RUSE: Corporate Spies as a Service with Robert Kerbeck
Today we are joined by Robert Kerbeck. Robert is the founder of the Malibu Writers Circle, a lifetime member of the Actors Studio, and a graduate of the University of Pennsylvania. His true crime memoir about his secret career as a corporate spy, RUSE: Lying the American Dream from Hollywood to Wall Street, has received praise from Frank Abagnale and former CIA Agent Valerie Plame. Kerbeck's writing has appeared in numerous publications including the Los Angeles Times, the San Francisco Chronicle, Los Angeles Magazine, and Lithub's Crime Reads. [Jan 25, 2023] 00:00 Intro 00:26 Intro Links Social-Engineer.com- http://www.social-engineer.com/ Managed Voice...
Ep. 193 - The Doctor Is In Series - Shame, The Good The Bad And The Coping
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing: Shame. We will talk about how shame helps us, hinders us, why some people can deal with it and why some can't. We'll also discuss various coping strategies and more. [Jan 02, 2023] 00:00 Intro 00:17 Dr. Abbie Maroo Intro 00:55 Intro Links Social-Engineer.com- http://www.social-engineer.com/ Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb CLUTCH- http://www.pro-rock.com/ org- http://www.innocentlivesfoundation.org/ 03:38 The topic of the day:...
Ep. 192 - SE Etc Series - Shelbys Love of Dumpsters with Patrick and Chris
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [Dec 26, 2022] 00:00 Intro 00:29 Patrick Laverty Intro 01:18 Intro Links Social-Engineer.com Managed Voice Phishing Managed Email Phishing AdversarialSimulations Social-Engineer channel on SLACK CLUTCH innocentlivesfoundation.org 05:04 Todays Topic: Dumpster Diving 06:27 Shelby Dacko Intro 08:38 Patrick's Pizza Adventure 14:34 Who is Shelby? 15:51...
Ep. 191 - Security Awareness Series - Getting Hit By a Bus with Steve Orrin
Today our guest is Steve Orrin. Steve is a respected IT executive with over 30 years of experience in cybersecurity, solution architecture, virtualization security, and federal project management. Orrin earned a Bachelor's in Honors Research Biology from Kean University. He currently serves as a Federal Chief Technology Officer and Senior PE for Intel Corporation. He is also a key advisor and subject matter expert in the emerging technologies space, providing guidance to the Public Sector, Defense, and Intelligence communities. [Dec 19, 2022] 00:00 Intro 00:55 Intro Links: Social-Engineer.com- http://www.social-engineer.com/ Managed Voice Phishing Managed Email PhishingAdversarialSimulations- Social-Engineer channel on SLACK CLUTCH...
Ep. 190 - Human Element Series - Decide What To Be Bad At with Dorie Clark
Dorie Clark helps individuals and companies get their best ideas heard in a crowded, noisy world. She has been named one of the Top 50 business thinkers in the world by Thinkers50. She was honored as the #1 Communication Coach by the Marshall Goldsmith Leading Global Coaches Awards and one of the Top 5 Communication Professionals in the World by Global Gurus. She is the Wall Street Journal bestselling author of The Long Game, Entrepreneurial You, Reinventing You, and Stand Out, which was named the #1 Leadership Book of the Year by Inc. magazine. A former presidential campaign spokeswoman, Clark...
Ep. 189 - The Doctor Is In Series - Neurons That Fire Together Wire Together
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are discussing: Natural born killers, or monsters in the making? We are all curious about the origins of evil and violence. We see a story on the news and ask ourselves, how could anyone do that? So, let's dive into how. We are not going to cover specific cases and talk about specific serial killers, because you lose the science and we "celebritize" serial killers. [Dec 05, 2022] 00:00 Intro 00:19 Dr....
Ep. 188 - SE Etc Series - Training to be a Social Engineer with Patrick and Chris
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [Nov 28, 2022] 00:00 Intro 00:24 Patrick Laverty Intro 00:43 Intro Links Social-Engineer.com- http://www.social-engineer.com/ Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb CLUTCH- http://www.pro-rock.com/ innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 03:26 Todays Topic: How do you become a Social Engineer? 05:16...
Ep. 187 - Security Awareness Series - A master class in CISO Communications with Marc Ashworth
Marc Ashworth is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, is an author and a public speaker. He is a board member of the St. Louis Chapter of InfraGard, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy, possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. As the Senior Vice President and Chief Information Security Officer at First Bank, Marc currently oversees First Bank's information security, fraud, physical security, and the network services...
Ep. 186 - Human Element Series - Dont Be the Smartest Person in the Room with Stephanie Paul
Today we are joined by Stephanie Paul. Stephanie is an actress, a trainer, and keynote speaker. She has over 30 years of experience in the entertainment industry and she uses that now as she coaches and trains executives, sales teams, Tedx speakers and experts of all kinds to become master communicators. She is also a proud member of EOA and on the board of the directors of the Alzheimer's Association in Orange County. She is an active member of WIB, and the Vice Chair of Young Women in Bio. [Nov 14th, 2022] 00:00 Intro 00:23 Intro Links Social-Engineer.com Managed Voice...
Ep. 185 - Nonverbals, Neuroception and understanding Intent with Chris Hadnagy and Dr. Abbie Marono
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. In today's episode, Chris and Abbie are not just going to talk about nonverbal communication at an observational level, but lay the ground work for a deeper understanding of nonverbals. Not just what certain behaviors tell us but WHY they tell us this, and where nonverbal communication originated from! [Nov 07, 2022] 00:00 Intro 00:17 Dr. Abbie Maroo Intro 01:10 Intro Links Social-Engineer.com Managed Voice Phishing Managed Email Phishing AdversarialSimulations Social-Engineer channel on SLACK CLUTCH innocentlivesfoundation.org 04:01 The...
Ep. 184 - SE Etc. Series - Ryan Didn't Die with Patrick and Chris
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [Oct 24th, 2022] 00:00 Intro 00:17 Patrick Laverty Intro 00:58 Intro Links Social-Engineer.com Managed Voice Phishing Managed Email Phishing AdversarialSimulations Social-Engineer channel on SLACK CLUTCH innocentlivesfoundation.org 03:28 This month's dumpster dive: Great Stories 04:01 Oceans 11 1/2: Ryan Didn't Die 05:14 Let the testing...
Ep. 183 - Security Awareness Series - I Promise You That's Not Amazon On The Phone with Kevin Gowen
Today our guest joining us is Kevin Gowen. Kevin serves as Chief Information Security Officer for Synovus and is responsible for information and cyber security, physical security, business continuity, fraud, and financial crimes. He was named Chief Information Security Officer in 2015. Gowen earned Bachelor's and Master's degrees in Mechanical Engineering from the Georgia Institute of Technology. He was a recipient of the James H. Blanchard Leadership award and was named Tech Exec Networks' Information Security Executive of the Year in May 2022. Gowen is an alumnus of Leadership Columbus and serves as a board member of the National Technology...
Ep. 182 - Human Element Series - Strategic Thought Time and Grit with David Hill
Today we are joined by David Hill. David is currently a licensed real estate broker in Massachusetts and is also a Success Certified Business Coach and Cardone University Sales Trainer. Davis has been a top producing real estate agent for over 18 years as well as a phone sales trainer with over 36 years' sales experience in multiple industries. David is also the host of the Path to Mastery podcast and the author of two books, "The Sales Playbook" and "Getting your Quality of Life back". David also enjoys traveling, spending time with his 3 daughters and his wife, and...
Ep. 181 - The Doctor Is In Series - Can You Fake It Till You Make It
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. This is Episode 181 and hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Joining Chris is co-host Dr. Abbie Maroo. Abbie is Director of education at Social-Engineer, LLC, and a perception management coach. She has a PhD in Behaviour analysis and specializes in nonverbal communication, trust, and cooperation. Today's conversation will be on the topic of Can You Fake It Till You Make...
Ep. 180 - Twitter, Twillio and Cisco Oh My! With Patrick and Chris
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [Sept 26, 2022] 00:00 Intro 00:17 Patrick Laverty Intro 01:12 The Origin Story 02:07 Intro Links Social-Engineer.com Managed Voice Phishing Managed Email Phishing AdversarialSimulations Social-Engineer channel on SLACK CLUTCH innocentlivesfoundation.org 04:41 The importance of knowing past breaches 06:20 The Twitter Breach (The F.U.D. train)...
Ep. 179 - Security Awareness Series - Can You Really Prevent Burnout with Erin Maloney
Today we are joined by Erin Maloney. Erin earned her Bachelor of Science degree in psychology from Saint Joseph's University in Philadelphia, PA. She then earned her master's degree in social work from Widener University in Chester, PA. Erin holds a license as a Licensed Clinical Social Worker. Erin has worked in the behavioral and mental health field for over 20 years. Her experience has included: case management, addiction counseling, behavioral specialty work, school based behavioral health services, and private practice. Erin has worked with a wide range of clients from young children to older adults with a variety of...
Ep. 178 - Human Element Series - Become a Transformational Charismatic Leader with Dr. Ron Riggio
Today Chris is talking with Ronald E. Riggio, Ph.D., the Henry R. Kravis Professor of Leadership and Organizational Psychology and former Director of the Kravis Leadership Institute at Claremont McKenna College. Dr. Riggio is a social/personality psychologist and leadership scholar with more than a dozen authored or edited books and more than 150 articles/book chapters. His research interests are in leadership and organizational communication, particularly leader nonverbal communication, and emotional competence. He is part of the Fullerton Longitudinal Study that is examining leadership development across the lifespan (beginning at 1 year of age and continuing through adulthood). [Sept 12th, 2022]...
Ep. 177 - The Doctor Is In Series - Hold This Coffee - Subliminal Persuasion
Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology. This is Episode 177 and hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Joining Chris is co-host Dr. Abbie Maroo. Abbie is Director of education at Social-Engineer, LLC, and a perception management coach. She has a PhD in Behaviour analysis and specializes in nonverbal communication, trust, and cooperation. Today's conversation will be on the topic of Subliminal Persuasion. [Sep 05, 2022] 00:00 Intro...
Ep. 176 - Security Awareness Series - Bottom Up Context is better than Top Down Control with Nishant Bhajaria
This month, Chris Hadnagy and Ryan MacDougall are joined by Nishant Bhajaria. Nishant is an executive leader and industry-expert in the privacy and security space and currently serves as the Director of Privacy Engineering and Governance at Uber. He plays the critical role connecting engineering, legal, and leadership to ensure data protection for both the user and the business. Prior to Uber, Nishant spearheaded compliance and privacy engineering programs at Google, Netflix and Nike. He has a Master's Degree in computer science from Arizona State University In addition to speaking extensively in this space, Nishant also teaches courses around privacy,...
Ep. 175 - Human Element Series - Culture and The 5 H's with Hala Taha
Today Chris is talking with Hala Taha. Hala, who has been dubbed the "The Podcast Princess," is the host of Young and Profiting (YAP) Podcast, which is frequently ranked as a #1 Education podcast across all apps. Hala is also the founder and CEO of YAP Media, a social media and podcast marketing agency for top podcasters, celebrities and CEOs. She is well-known for her engaged following and influence on LinkedIn, and she landed the January 2021 cover of Podcast Magazine. Hala is an expert on networking, personal branding, leadership, social media, side hustles, entrepreneurship and podcasting. [Aug 8th, 2022]...
Ep. 174 - Security Awareness Series - Killing Baby Dragons with Shane McCombs
This month, Chris Hadnagy and Ryan MacDougall are joined by the Chief Operating Officer of the ILF, Shane McCombs. Shane leads the ILF with more than 25 years of experience in the tech industry, including more than a decade of experience in C-level roles. He led enterprise-wide initiatives within project management, customer relationship management and acquisition, policies and procedures, process improvement, and infrastructure. Shane is also an accomplished public speaker and trainer focused on change management, professionalism, social engineering, and corporate security. In the past, he volunteered for the Autism Hope Alliance and currently donates his time to businesses and...
Ep. 173 - Human Element Series - Empathetic Chameleons and Painful Lobsters with Laurie Segall
Today Chris is talking with Laurie Segall. Laurie is the founder of Dot Dot Dot, a media company focused on onboarding the mainstream into a new era of the internet, Web3. Laurie is an award-winning journalist who has interviewed the world's most influential tech leaders including Mark Zuckerberg and Tim Cook. Prior, she was CNN's senior tech correspondent, covering technology and culture for a decade and a former reporter for 60 Minutes. [July 11, 2022] 00:00 Intro Social-Engineer.com Managed Voice Phishing Managed Email Phishing AdversarialSimulations Social-Engineer channel on SLACK CLUTCH innocentlivesfoundation.org 03:23 Laurie Segall intro 04:20 Starting your career in...
Ep. 172 - Security Awareness Series - Creating Psychological Salt with Ted Harrington
This month, Chris Hadnagy and Ryan MacDougall are joined by Ted Harrington. Ted is the author of HACKABLE: How to Do Application Security Right and the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for hacking cars, medical devices, and password managers. Ted has been named both Executive of the Year by the American Business Awards and an SD Metro 40 Under 40 entrepreneur. Ted has been featured in more than 100 media outlets, including The Wall Street Journal, Financial Times, and Forbes. [June 20, 2022] 00:00 Intro 00:56 Intro Links Social-Engineer.com- http://www.social-engineer.com/ Managed Voice...
Ep. 171 - Human Element Series - Yes and... with Clay Drinko
Today Chris is talking with Clay Drinko, Ph.D. Clay is an author and educator. He writes for Psychology Today about the intersection between improv comedy, science, and everyday life. He's also the author of the first academic book connecting improv and cognitive science, Theatrical Improvisation, Consciousness, and Cognition. His most recent book, Play Your Way Sane, was published by Simon & Schuster last year and applies his improv research to everyday life. [June 14, 2022] 00:00 Intro Social-Engineer.com- http://www.social-engineer.com/ Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb CLUTCH- http://www.pro-rock.com/ innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/ 02:27 Clay...
Ep. 170 - Security Awareness Series - Rapport is the key to security with Adam Glick
This month, Chris Hadnagy and Ryan MacDougall are joined by Adam Glick. Adam is currently the Chief Information Security Officer for SimpliSafe in Boston, MA. In this position and his previous jobs, Adam has had the responsibility of managing all matters pertaining to information security, risk, policy, and procedures. Adam is currently an adjunct professor at Boston College in the cybersecurity policy & governance program, and an adjunct professor of IT in the MBA program at the School of Business at Providence College. Outside of the office, he is a car and technology enthusiast along with an avid reader, hiker,...
Ep. 169 - Human Element Series - A Real Life Doogie Howser with Dr. Abbie Maroo
Today we will be talking with Abbie Maroo, a nonverbal communications and social influence coach. Abbie published her first paper in nonverbal communication at 19 years old, going on to do her PhD in behavior analysis and become a university lecturer at 23. She now directs a research group, BRINC, alongside her coaching and teaching. [May 9, 2022] 00:00 Intro Social-Engineer.com Managed Voice Phishing Managed Email Phishing AdversarialSimulations- Social-Engineer channel on SLACK CLUTCH innocentlivesfoundation.org 02:52 Abbie Maroo intro 04:47 At what point in your life did you want to become a Nonverbal expert? 06:56 The reality of getting to where...
Ep. 168 - Security Awareness Series - Lessons Learned From the Attacks on Ukraine with Patrick Laverty
This month, Chris Hadnagy and Ryan MacDougall are joined by Patrick Laverty. Patrick is the Senior Team Lead at Social Engineer, LLC, working with an incredible team of professional social engineers. He was previously a senior penetration tester at Rapid7 and a member of the CSIRT at Akamai. He is a co-organizer of the Layer 8 Conference and is the host of the Layer 8 Podcast on social engineering and OSINT. He lives in Rhode Island with his daughter, dog and two cats. [April 18, 2022] 00:00 Intro 00:50 Patrick Laverty intro https://layer8conference.com 02:19 Intro Links Social-Engineer.com Managed Voice Phishing...
Ep. 167 - Human Element Series - Paying Attention To The Human Side with Vanessa Bohns
Today we will be talking with Vanessa Bohns. Vanessa is a social psychologist and professor of organizational behavior at Cornell University. She holds a PhD from Columbia University and an AB from Brown University. Her writing has appeared in the New York Times, Wall Street Journal, and Harvard Business Review, and her research has been widely featured in the media, including The Wall Street Journal, The New York Times, The Atlantic, The Economist, and on NPR's Hidden Brain. Her first book, You Have More Influence Than You Think, was just published in September 2021. [April 11, 2022] 00:00 Intro Social-Engineer.com...
Ep. 165 - Human Element Series - Trial By Fire with Dr Camille Preston
This month we are joined by Dr. Camille Preston, who is the CEO and founder of AIM Leadership. Since founding AIM Leadership in 2004, she has worked with leaders across sectors and the capital stack. As a business psychologist, Camille brings research and insights from psychology, neuroscience, and business to her work. Whether supporting Fortune 500 leaders, startup founders, or C-suite executives in healthcare, Camille's sweet spot is helping uncover hidden barriers to increase the capacity to optimize, innovate, and manage change. In addition to working as a coach and business psychologist, Camille is author of two books, a regular...
Ep. 164 - Security Awareness Series - Metrics and Empathy the Answer To Cyber Breaches with Kate Mullin
This month Chris Hadnagy and Ryan MacDougall are joined by Kathleen (Kate) Mullin. Kate is an influential information security practitioner with over 30 years of experience. Kate currently is CISO with Cancer Treatment Centers of America. Kate has been CISO at various organizations including start-ups, publicly traded, private equity, not-for-profit, and governmental entities. Throughout her career, Kate has volunteered and participated in maturing information security as a profession. She volunteers with ISC(2) and ISACA and has been a member of the ISACA CGEIT Certification and Credentials Committee and a chapter president. Kate serves as a featured international speaker and panelist....
Ep. 162 - Security Awareness Series - What Cows Can Teach You About Infosec with John Strand
This month Chris Hadnagyand Ryan MacDougall are joined by John Strand from Black Hills Information Security. John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is a coveted speaker and much-loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks. He enjoys mountain biking, getting hurtmountainbiking, sucking at surfing,and heavy music.January 17th2022 00:00 Intro Social-Engineer.com-http://www.social-engineer.com/ Managed Voice Phishing-https://www.social-engineer.com/services/vishing-service/ Managed Email Phishing-https://www.social-engineer.com/services/se-phishing-service/ AdversarialSimulations-https://www.social-engineer.com/services/social-engineering-penetration-test/ Social-Engineer channel on SLACK-https://social-engineering-hq.slack.com/ssb CLUTCH-http://www.pro-rock.com/ innocentlivesfoundation.org-http://www.innocentlivesfoundation.org/ Human Behavior Conferencehttps://humanbehaviorcon.com/ 02:40 John Strand Info 03:31 -ILF 04:51- Ryan intro...
Ep. Special Edition 001 - Human Element Series - Covid-19 Test Site Scams
This is a special edition of Social-Engineer's Human Element Series Podcast. Chris Hadnagy will discuss Covid-19 testing site scams, and how you can protect yourself against them. [January 14, 2022] 00:00 Intro social-engineer.com/ social-engineer.org/ innocentlivesfoundation.org/ 00:21 Covid-19 Testing Site Physical Scams 05:46 Other types of scams during Covid-19 06:44 Outro http://www.social-engineer.com/ https://social-engineering-hq.slack.com/ssb http://www.pro-rock.com/ http://www.innocentlivesfoundation.org/
Ep. 161 - Human Element Series - Do You Want To Go Fast Or Far with Amy Herman
This month Chris Hadnagy is joined bythe fascinating Amy Herman. Amy is a lawyer and an art historian who uses works of art to sharpen observation, analysis, and communication skills. She developed her Art of Perception seminar in 2000 and since then has worked with the New York City Police Department, the FBI, Department of Defense, Fortune 500 companies and more. She is also a TED speaker and an author of 2 books. Her latest book, "Fixed: How to Perfect the Fine Art of Problem-Solving was just released in December of 2021.She is also going to be bringing her fascinating...
Ep. 160 - Security Awareness Series - Go To The Source So There's No Remorse with Adam Levin
This month, Chris Hadnagy and Ryan MacDougall are joined by Adam Levin.Adamis a nationally recognized expert on cybersecurity, privacy, identity theft, fraud, and personal finance and has distinguished himself as a fierce consumer advocate for the past 50 years. Adam is the former Director of the New Jersey Division of Consumer Affairs, and currently is the founder ofCyberScoutand co-founder of Credit.com. He is also author of the critically acclaimed bookSwiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves.Adam is also the host of the podcastWhat the Hack with Adam Levin,wherethey talk to fascinating people...
Ep. 159 - Human Element Series - Can You Fly A Helicopter with Anne-Maartje Oud
This month Chris Hadnagy is joined by our good friend, Anne-Maartje Oud. For 20 years Anne-Maartje has been a behavioral advisor, consultant, chairwoman, and keynote speaker. On top of that she is the CEO and founder of The Behavior Company based in Amsterdam where she helps customize personal development programs for companies and organizations worldwide. Anne-Maartje is also a trainer who gives lectures and training at several universities in the Netherlands. She is also going to be a trainer at the Human Behavior Conference in March 2022. [December 13, 2021] 00:00 Intro Social-Engineer.com-http://www.social-engineer.com/ Managed Voice Phishing-https://www.social-engineer.com/services/vishing-service/ Managed Email Phishing-https://www.social-engineer.com/services/se-phishing-service/ AdversarialSimulations-https://www.social-engineer.com/services/social-engineering-penetration-test/...
Ep. 158 - Security Awareness Series - Don't Act Old And Other Advice with Paul Asadoorian
This month, Chris Hadnagy and Ryan MacDougall are joined by Paul Asadoorian. Paul is the founder of Security Weekly, a security podcast network. Paul spends time "in the trenches" coding in Python, testing security products and evaluating and implementing open-source software. Paul's career began by implementing security programs for a lottery company and then a large university. As Product Evangelist for Tenable Network Security, Paul also built a library of materials on the topic of vulnerability management. When not hacking IoT devices, web applications or Linux, Paul can be found researching his next set of headphones, devices for smoking meat,...
Ep. 157 - Human Element Series - Turn Your Mess Into Your Message with Marilise de Villiers
This month, Chris Hadnagy is joined byMarilisede Villiers.Mariliseis a mindset and performance coach, a TEDX speaker,and a cybersecurity awareness, culture, and talent expert. While at one time she was a female executive in a Big Four consulting firm she is now the founder and CEO of her own company, ROAR! Coaching and Consulting,which helps people find their purpose, their power, and gives people the courage to speak their truth.November 8, 2021 00:00 Intro Social-Engineer.com Managed Voice Phishing Managed Email Phishing AdversarialSimulations Social-Engineer channel on SLACK CLUTCH innocentlivesfoundation.org Human Behavior Conference 04:35 What made you leave an amazing corporate company and...
Ep. 156 - Security Awareness Series - Are You Speaking My Language with Les Correia
This month Chris Hadnagy and Ryan MacDougall are joined by Les Correia, who leads the evangelization of Estee Lauders Application Security. In his position Les wears many hats, but they are all worn with the mission of protecting Estee Lauders critical assets from the risk of a security breach. Prior to this, Les held SeniorandAdvisory roles providing thought leadership at companies such as AT&Tand Lucent. Les also holds an MSc in Cyber Security as well as an exhaustive list of certifications.In his free time, Lespilots smallaircraftanddrives racecars. October 18, 2021 00:00 Intro www.social-engineer.com Managed Voice Phishing Managed Email Phishing AdversarialSimulations...
Ep. 155 - Human Element Series - Positively Influencing Behavior Change with Jessica Barker
This month Chris Hadnagy is joined byDr. Jessica Barker.Jessica is an award-winning global leaderinthe human side of cyber security. She is Co-Founder and co-CEO ofCygenta, where she follows her passion of positively influencing cyber security awareness,behaviourand culture inorganisationsaround the world.Jessicawas alsonamed one of the top 20 most influential women in cyber security in the UK and is the former Chair ofClubCISO. She is the author of the best-selling book Confident Cyber Security: how to get started in cyber security and futureproof your careerANDco-author of Cybersecurity ABCs: delivering awareness,behavioursand culture change. October 11, 2021. 00:00 Intro www.social-engineer.com Managed Voice Phishing Managed...
Ep. 154 - Security Awareness Series - Whispering Sweet Security Nothings with Ed Skoudis
In this episode, Chris Hadnagy and Ryan MacDougall are joined byEd Skoudis. Ed is a SANS Institute Fellow, Instructor, and Director of Cyber Ranges. He is the founder of Counter Hack, an innovative cyber security company that works as trusted information security advisors togovernment, military, and commercial enterprises by providingin-depth security architecture, penetration testing, red teaming, incidentresponse, anddigital forensics expertise.Ed frequently presents industry keynotes basedon thelatest attack vectors he identifies during his team's penetrationtesting projects, expert witness work on large-scale breaches, securityresearch into late-breaking malware and exploits, and incident responseengagements.Over hiscareer, Ed has taught over 20,000 students in computer incident...
Ep. 153 - Human Element Series - You Are Special And Other Lies With Cortney Warren
In this episode, Chris Hadnagy is joined byDr.Cortney Warren.Dr.Warren is a Board-Certified Clinical Psychologist and former tenured Associate Professor of Psychology at the University of Nevada, Las Vegas (UNLV).Sheis an expert on addictions, self-deception, eating pathology, and the practice of psychotherapy from a cross-cultural perspective.In addition to publishing insome of the field's topscientific, peer-reviewed journals, Dr. Warren is passionate about bringing theoretically grounded,empirically-supportedpsychological research to the general public.So,in addition to her academic work, Dr. Warren is a research consultant, keynote speaker, and writes a blog for Psychology Today. September 13, 2021 00:00 Intro www.social-engineer.com Managed Voice Phishing Managed Email Phishing...
Ep. 152 - Security Awareness Series - Sharing With Your Frenemies with Bernie Acre
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Bernie Acre. Bernieis the Chief Information Officer for the City of Bryan,TXwhere he'sresponsible for all technology and communications systems, including the Fire, Police, Public Works, the municipal electric utility,and a myriad of general support organizations. Bernie is currently an appointed Member ofthe Texas Cybersecurity Council. Bernie has a combined 41-years of experience in informationtechnology;including 20+ in the USAirForceand 21 years in the electric utility industry and municipal government. August 16, 2021 00:00 Intro www.social-engineer.com Managed Voice Phishing Managed Email Phishing AdversarialSimulations Social-Engineer channel on SLACK CLUTCH www.innocentlivesfoundation.org 03:34 Bernie...
The Wake UP X - With Efren L. Salazar | Securing Tomorrow, Empowering Today
AI Will Make You 140 Hours Productive in a 40 Hour Week. | Jorge Avila
Employers are already expecting 140 hours of work output from a 40 hour week thanks to AI. Is your business ready?In this episode of The Wake Up X Solutions Podcast, recorded LIVE at RSA Conference 2025, Efren and Jorge Avila of Paleo Tech Group break down why AI is no longer optional for small businesses and why ignoring it could cost you everything.This isn't just a buzzword. This is the biggest productivity shift in business history. What you'll learn in this episode: Why employers now expect 140 hours of work output in a 40 hour week Why AI is the...
From Migrant Farm Worker Roots to AI & Cybersecurity Entrepreneur | Jorge Avila | RSA 2026
At RSA Conference 2026 in San Francisco, I sat down with Jorge Avila, co-founder of Paleo Tech Group, to talk about his journey from migrant farm worker roots in Texas to building an AI and cybersecurity startup. Jorge shares how COVID sparked his career change, why he's on a mission to close the digital divide for Latino and underserved communities, and how AI can fast-track anyone into entrepreneurship step by step. In this episode we cover:How Jorge transitioned from the California Department of Technology to startup founderWhy AI is the biggest opportunity of our generation (and how to use it...
How AI Can Help You Start a Business From Scratch | Entrepreneurship Tips for Latinos 2025 | Jorge Avila
AI is the business advisor you never knew you had and it's FREE.In this episode of The Wake Up X Solutions Podcast, Efren sits down with Jorge Avila of Paleo Tech Group to talk about how AI is completely changing the game for entrepreneurs especially in the Latino community.If you've ever thought about starting a business but didn't know where to begin, this episode is for YOU. What you'll learn in this episode: How to use AI as a step-by-step business advisor Why people are scared of AI and why entrepreneurs think differently How to find your strengths and let...
How Networking Can Land You a Cybersecurity Job (RSA Interview) | Ryan Doctor
Just wrapped an amazing conversation at RSA Conference with Ryan Doctor!We talked about: Breaking into cybersecurity from IT operations The power of networking (this is HUGE) How AI continues to dominate the cybersecurity space And whether RSA is worth attending for beginnersOne thing that really stood out:Networking has opened up so many opportunities, from learning to interviews.If you're trying to break into cybersecurity, dont overcomplicate it:Start with community. Start with conversations. Start showing up.Events like RSA, meetups like ISC2 Sacramento Chapter & ISACA Sacramento, they matter more than you think.Appreciate everyone who pulled up last minute to support The Wake...
AI, Cloud Security & Identity Access Explained Real Talk with a Michael Dimitras | @p0-dev
In this episode of the Wake Up X Solutions Podcast, Efren Salazar sits down with Michael Demetrius from P0 Security at RSA Conference 2026.We dive into how Identity Access Management (IAM) is evolving with AI, cloud environments, and non-human identities. What youll learn:How to manage access across cloud, on-prem, and AI agentsWhy zero standing privilege is becoming essentialHow to reduce risk by understanding identity access visibilityThe importance of developer-friendly security workflowsHow AI is impacting cybersecurity and developmentMichael also shares insights on: Using AI tools like Claude & Cursor in development The importance of networking and community Advice for breaking into...
Cant Afford a CISO? Do THIS Instead (Greg McCord Explains)
In this episode of the *Wake Up X Solutions Podcast*, I sit down with **Greg McCord**, CISO at Lightcast and founder of Keystone Advisory, to break down what cybersecurity really looks like for startups and growing businesses.We dive into:Why startups should think about security from the very beginningWhat a *fractional CISO* is and how it helps companies scale securelyThe biggest cybersecurity challenges companies still havent solvedHow AI is changing the security landscape (and why its still hackable)Gregs journey from no tech background to becoming a CISOReal advice for anyone trying to break into cybersecurityGreg also shares powerful insights on leadership,...
From Healthcare to Cybersecurity | First-Time RSA Conference Experience | Stacy Ditta
Live from RSA Conference, I sat down with Stacy to talk about her journey into cybersecurity and her first experience attending one of the biggest security conferences in the world.Host: https://www.linkedin.com/in/efrenlsalazarGuest: https://www.linkedin.com/in/stacy-dittaIn this interview, we cover: What its like attending RSAC for the first time How a background in healthcare & biotech led to cybersecurity The importance of securing patient data and clinical information Why healthcare is a major target for cyber attacks The growing role of AI in cybersecurity The value of volunteering, networking, and communityStacy also shares her experience attending events like BSides and volunteering at a Global...
Why You SHOULD Start at Help Desk Before Cybersecurity (CTO Explains) | Louis Kemp
Great connecting with Louis Kemp at RSA Conference 2026! We had an insightful conversation about his journey from help desk to cybersecurity leadership, and now building his own consulting company. Key takeaways from our conversation:Start with the foundations, help desk experience builds real understandingCybersecurity is evolving toward autonomous penetration testingMentorship is critical for the next generation entering the fieldThe future of security isnt just tools, its community + educationLouis is currently: CTO of A.N.U.L Technologies Partnered with Horizon3.ai Offering MSSP services including pentesting, training, and upcoming vCISO supportOne thing that stood out: Cybersecurity makes more sense when you understand the...
@p0-dev Explained: The Future of Identity-Based Access Control | Gergely Danyi
Controlling Production Access Just Got Smarter At RSAC, I had the opportunity to sit down and talk about something every cybersecurity professional Gergely Dnyi should care about, production access control.I spoke with the team from P0 Security, and heres what stood out What is P0 Security?P0 Security is an authorization control plane that helps organizations manage and enforce access across their entire infrastructure, whether it's:Linux systems (SSH)Windows serversCloud environments like AWS & Azure The goal? Ensure users only get the access they actually need, nothing more, nothing less. Key Capabilities:Identity-based access (integrates with providers like Okta, Entra ID, etc.)Elimination of...
AI Hype vs Reality in Cybersecurity | Jonny Norris at RSA Conference
AI in Cybersecurity: Hype or Reality?At RSA Conference in San Francisco, I asked Johnny Norris from Concentric AI a simple question:**Is AI actually real or just hype?**Heres the honest answer There *is* real power in AIbut theres also a lot of noise.Many companies are jumping on the trend, but not all are truly using AI. Some are just rebranding existing solutions, what Johnny called, AI washing.** So what actually matters?* Protecting your data and organization* Sticking to strong security fundamentals* Testing solutions with real proof of valueAt the end of the day:**AI isnt fakebut the hype around it can be...
From CyberPatriot to AI Security: How She Broke Into Cybersecurity | Sana Talwar
From High School Cyber Competitions to AI Security At RSA Conference 2026, I sat down with Sana Talwar to talk about breaking into cybersecurityand what it really takes. How she started:AP Computer ScienceCyberPatriot (CTF-style competitions)Passion for problem-solving What actually got her into cyber?Internships.She explored multiple paths:Software engineering in securityNetwork security (hands-on + server rooms )Embedded security Didnt love most of them and thats the point.That trial-and-error led her to Product Security. What shes focused on now:AI Security & AppSecPrompt injection risksMaking security easier for beginners to understand Her take on AI:Not replacing jobsbut reshaping themSome entry-level tasks may fadeNew opportunities...
Imposter Syndrome in Cybersecurity: How to Quiet the Voice and Build Confidence
Efren Salazar discusses imposter syndrome on the Wakeup X Solutions podcast, explaining it as the inner voice that says youre not valuable, ready, or knowledgeable and that others will expose you. He shares that imposter syndrome is common across IT and cybersecurityfrom beginners to executivesand describes his own experience transitioning from IT into cybersecurity while questioning whether he belongs. Efren notes that in cybersecurity you can never know everything because new attacks, vulnerabilities, tools, and technologies constantly emerge, which can intensify self-doubt. He encourages listeners to focus on feedback, be unique, brand and present themselves, and be proud of their...
Help Desk to CISSP: Cybersecurity Careers, Leadership & the Championship Mindset
In this episode of the Wake Up X Podcast, we sit down with James to break down his journey from Help Desk to leadership and CISSP, using a light football-style framework to talk about mindset, preparation, pivots, and long-term growth.We cover what it really takes to break into cybersecurity, why Help Desk is a powerful foundation, and how to think beyond tools and start thinking like management and leadership. James also shares practical advice on studying for certifications, avoiding common exam mistakes, and adapting your learning style to actually retain information.We dive into AI and learning, including how to use...
AI & Cybersecurity: A CISOs Real Perspective on the Future of Tech
In this episode of the Wake Up X Podcast, Efren sits down with Gustavo Mastroianni, Chief Information Security Officer (CISO) at a California state agency, to break down the real impact of AI in cybersecurity.We dive deep into:How fast AI is evolving (faster than expected)Whether AI will replace jobs or create new onesAI in SOC, GRC, and automation workflowsData Loss Prevention (DLP) and AI guardrailsWhy AI is becoming a required skill for IT & Cyber professionalsCertifications like CISM, CRISC, and AI-focused certsThe balance between technology and security (CTO vs CISO mindset)Real-world risks like AI hallucinations and data leakageThis is not...
Cybersecurity Career Path: From Zero to CISO | Live Q&A with Industry Expert
Replay: LIVE Cybersecurity Podcast!Curious about breaking into cybersecurity or becoming a CISO? Tune in for an insightful Q&A with a cybersecurity expert, educator, and advisor who shares his career journey from tech engineer to CISO, professor, and ISACA chapter president. What You'll Learn: How to start a cybersecurity career with no degree or certifications The key differences between technical and non-technical CISO roles Why volunteering, networking, and mentorship are game-changers The top certifications to pursue (ISACA, ISC2, PMI, etc.) How AI is reshaping cybersecurity (Red Team, Blue Team, SOC) The state of the job market: Entry-level cybersecurity jobs in 2025...
Inside the World of MSSPs: Breaking Into Cybersecurity with Gustavo!-Part 2
Wake Up X: Cybersecurity, Innovation & Real Talk Host: Efren L. Salazar | Cybersecurity Enthusiast | Entrepreneur | IT ProWelcome to Wake Up X, the podcast where cybersecurity, AI, automation, and entrepreneurship collide. We keep it real while helping you navigate the fast-changing world of techfrom breaking into cybersecurity to scaling in your career or business.Each week, Efren L. Salazar sits down with industry prosCISOs, ethical hackers, SOC analysts, and entrepreneursto unpack the strategies, tools, and mindset shifts needed to stay ahead in todays digital battlefield.Whether you're a cybersecurity professional, a tech founder, or someone exploring a career in IT...
Breaking Into Cybersecurity with Gustavo Mastroianni & Efren L. Salazar
Exciting Announcement! Follow: Gustavo Mastroianni - CISO Follow: Efren L. Salazar - Wake UP X - Podcast Im thrilled to introduce Gustavo Mastroianni as the first guest on my virtual podcast! Gustavo Mastroianni is a Chief Information Security Officer (CISO) responsible for overseeing technical and cybersecurity operations in his organization. With his vast expertise and leadership in the field, this conversation promises to be insightful and inspiring. A huge thank you to Gustavo Mastroianni for being my first guest! Im excited to announce that this podcast will be launching on all platforms, including YouTube and LinkedIn, so be sure to...
