Episodes

Reviews

Analytics

Clips

April 15, 2019
Defensive Security Podcast Episode 235
https://www.theregister.co.uk/2019/03/20/steffan_needham_aws_rampage_prison_sentence_voova/ https://www.zdnet.com/google-amp/article/study-shows-programmers-will-take-the-easy-way-out-and-not-implement-proper-password-security/ https://arstechnica.com/information-technology/2019/03/50-shades-of-greyhat-a-study-in-how-not-to-handle-security-disclosures/ https://matrix.org/blog/2019/04/11/security-incident/index.html
More info...
25 min
March 4, 2019
Defensive Security Podcast Episode 234
https://www.zdnet.com/article/hackers-wipe-us-servers-of-email-provider-vfemail/ https://www.securityweek.com/russian-state-sponsored-hackers-are-fastest-crowdstrike https://www.zdnet.com/article/icann-there-is-an-ongoing-and-significant-risk-to-dns-infrastructure/ https://www.infosecurity-magazine.com/news/password-managers-no-more-secure-1/ https://www.zdnet.com/article/microsoft-do-these-things-now-to-protect-your-network/
More info...
40 min
February 12, 2019
Defensive Security Podcast Episode 233
https://www.securityweek.com/hackers-using-rdp-are-increasingly-using-network-tunneling-bypass-protections https://www.zdnet.com/article/trojan-malware-is-back-and-its-the-biggest-hacking-threat-to-your-business/ https://www.csoonline.com/article/3336923/security/phishing-has-become-the-root-of-most-cyber-evil.html https://www.darkreading.com/attacks-breaches/ransomware-attack-via-msp-locks-customers-out-of-systems/d/d-id/1333825 https://www.dlapiper.com/~/media/files/insights/publications/2019/02/dla-piper-gdpr-data-breach-survey-february-2019.pdf
More info...
49 min
January 22, 2019
Defensive Security Podcast Episode 232
https://www.zdnet.com/article/popular-wordpress-plugin-hacked-by-angry-former-employee/ https://www.zdnet.com/article/notpetya-an-act-of-war-cyber-insurance-firm-taken-to-task-for-refusing-to-pay-out/ https://www.zdnet.com/article/employees-sacked-ceo-fined-in-singhealth-security-breach/ - https://www.zdnet.com/article/firms-fined-1m-for-singhealth-data-security-breach/ https://www.securityweek.com/new-variant-bec-seeks-divert-payroll-deposits https://www.zdnet.com/article/oklahoma-gov-data-leak-exposes-millions-of-department-files-fbi-investigations/
More info...
42 min
January 15, 2019
Defensive Security Podcast Episode 231
https://lifehacker.com/why-smart-people-make-stupid-mistakes-1831503216 https://www.chicagotribune.com/business/ct-biz-tribune-publishing-malware-20181230-story,amp.html https://www.securityweek.com/was-north-korea-wrongly-accused-ransomware-attacks https://www.healthcareitnews.com/news/staff-lapses-and-it-system-vulnerabilities-are-key-reasons-behind-singhealth-cyberattack https://www.nextgov.com/cybersecurity/2019/01/hhs-releases-voluntary-cybersecurity-practices-health-industry/153835/ https://www.zdnet.com/article/data-of-2-4-million-blur-password-manager-users-left-exposed-online/ https://arstechnica.com/information-technology/2018/12/iranian-phishers-bypass-2fa-protections-offered-by-yahoo-mail-and-gmail/
More info...
48 min
December 4, 2018
Defensive Security Podcast Episode 230
https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/ https://krebsonsecurity.com/2018/11/marriott-data-on-500-million-guests-stolen-in-4-year-breach/ https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/
More info...
54 min
November 27, 2018
Defensive Security Podcast Episode 229
https://www.dutchnews.nl/news/2018/11/internet-con-men-ripped-off-pathe-nl-for-e19m-in-sophisticated-fraud/ https://lifehacker.com/how-password-constraints-give-you-a-false-sense-of-secu-1830564360 https://www.csoonline.com/article/3319704/data-protection/the-end-of-security-as-we-know-it.html https://www.careersinfosecurity.com/breach-settlement-has-unusual-penalty-a-11669 https://motherboard.vice.com/en_us/article/bje8na/massive-data-leaks-keep-happening-because-big-companies-can-afford-to-lose-your-data https://www.zdnet.com/article/city-of-valdez-alaska-admits-to-paying-off-ransomware-infection/
More info...
64 min
November 13, 2018
Defensive Security Podcast Episode 228
https://www.zdnet.com/article/this-is-how-artificial-intelligence-will-become-weaponized-in-future-cyberattacks/ https://www.securityinfowatch.com/article/12434583/everyone-needs-to-take-responsibility-for-cybersecurity-in-the-workplace https://www.zdnet.com/article/adobe-coldfusion-servers-under-attack-from-apt-group/ https://www.securityweek.com/troubled-waters-how-new-wave-cyber-attacks-targeting-maritime-trade https://securityaffairs.co/wordpress/77676/malware/industrial-facilities-malware.html
More info...
46 min
October 30, 2018
Defensive Security Podcast Episode 227
https://www.zdnet.com/article/equifax-engineer-who-designed-breach-portal-gets-8-months-of-house-arrest-for-insider-trading/ https://www.csoonline.com/article/3314557/security/ransomware-attack-hits-north-carolina-water-utility-following-hurricane.html https://www.securityweek.com/insurer-anthem-will-pay-record-16m-massive-data-breach https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html https://www.thinkadvisor.com/2018/09/26/sec-hits-voya-financial-advisors-with-1m-fine-over/ https://www.healthcareitnews.com/news/debunking-cybersecurity-thought-humans-are-weakest-link
More info...
57 min
October 8, 2018
Defensive Security Podcast Episode 226 redux
https://www.tripwire.com/state-of-security/security-data-protection/bec-as-a-service-offers-hacked-business-accounts-for-as-little-as-150/ https://www.bleepingcomputer.com/news/security/ic3-issues-alert-regarding-remote-desktop-protocol-rdp-attacks/ https://krebsonsecurity.com/2018/10/supply-chain-security-is-the-whole-enchilada-but-whos-willing-to-pay-for-it/ https://www.youtube.com/watch?v=lwHW_W1KbK4&feature=youtu.be
More info...
60 min
September 9, 2018
Defensive Security Podcast Episode 225
https://motherboard.vice.com/en_us/article/pa8emg/russian-indicted-jp-morgan-chase-hack https://www.zdnet.com/article/us-government-releases-post-mortem-report-on-equifax-hack/ https://www.zdnet.com/article/phishing-alert-north-korean-hacking-attacks-shows-your-email-is-still-the-weakest-link/ https://www.verizon.com/about/news/lifting-lid-cybercrime
More info...
53 min
August 31, 2018
Defensive Security Podcast Episode 224
https://www.zdnet.com/article/this-destructive-ransomware-has-made-crooks-6m-by-encrypting-data-and-backups/ https://www.bleepingcomputer.com/news/security/reddit-announces-security-breach-after-hackers-bypassed-staffs-2fa/ https://www.databreachtoday.com/art-steal-fin7s-highly-effective-phishing-a-11286 https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
More info...
43 min
July 31, 2018
Defensive Security Podcast Episode 223
https://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most https://www.bankinfosecurity.com/labcorp-still-recovering-from-ransomware-attack-a-11235 https://www.securityweek.com/cyber-axis-evil-rewriting-cyber-kill-chain https://arstechnica.com/information-technology/2018/07/prolific-hacking-group-steals-almost-1-million-from-russian-bank/#p3 https://www.bleepingcomputer.com/news/government/us-charges-12-russian-intelligence-officers-for-hacking-dnc-running-dcleaks/
More info...
45 min
July 15, 2018
Defensive Security Podcast Episode 222
https://www.csoonline.com/article/3285982/data-protection/4-reasons-why-cisos-must-think-like-developers-to-build-cybersecurity-platforms.html https://www.csoonline.com/article/3287655/phishing/stop-training-your-employees-to-fall-for-phishing-attacks.html https://www.bankinfosecurity.com/cryptojacking-displaces-ransomware-as-top-malware-threat-a-11165 https://wiki.gentoo.org/wiki/Project:Infrastructure/Incident_Reports/2018-06-28_Github
More info...
52 min
July 3, 2018
Defensive Security Podcast Episode 221
https://www.esecurityplanet.com/network-security/security-projects-cisos-should-consider-gartner.html https://www.theregister.co.uk/2018/06/26/digitally_signed_malware/ https://www.bankinfosecurity.com/californias-new-privacy-law-its-almost-gdpr-in-us-a-11149 https://blog.erratasec.com/2018/06/lessons-from-npetya-one-year-later.html
More info...
42 min
June 28, 2018
Defensive Security Podcast Episode 220
https://www.wired.com/story/exactis-database-leak-340-million-records/ https://www.helpnetsecurity.com/2018/06/19/opm-breach-fraud/ https://www.tenable.com/blog/should-you-still-prioritize-exploit-kit-vulnerabilities
More info...
40 min
June 19, 2018
Defensive Security Podcast Episode 219
https://www.csoonline.com/article/3276584/ransomware/what-does-a-ransomware-attack-cost-beware-the-hidden-expenses.html https://www.bankinfosecurity.com/mental-health-provider-pays-ransom-to-recover-data-a-11040 https://www.itbusinessedge.com/blogs/data-security/did-we-see-our-first-data-breach-of-the-gdpr-era.html
More info...
35 min
May 28, 2018
Defensive Security Podcast Episode 218
https://www.zdnet.com/article/wannacry-ransomware-crisis-one-year-on-are-we-ready-for-the-next-global-cyber-attack/ https://www.zdnet.com/article/enterprise-vulnerability-management-as-effective-as-random-chance/ https://www.zdnet.com/article/enterprise-codebases-plagued-by-open-source-vulnerabilities/ https://www.databreachtoday.com/nuance-communications-breach-affected-45000-patients-a-11002
More info...
52 min
April 24, 2018
Defensive Security Podcast Episode 217
https://www.csoonline.com/article/3262168/ransomware/customers-describe-the-impact-of-the-allscripts-ransomware-attack.html https://www.infosecurity-magazine.com/news/atlanta-city-splurges-27m/ https://arstechnica.com/information-technology/2018/04/insecure-rsa-conference-app-leaked-attendee-data/ https://www.wired.com/story/inside-the-unnerving-supply-chain-attack-that-corrupted-ccleaner/
More info...
44 min
April 21, 2018
Defensive Security Podcast Episode 216
https://www.verizonenterprise.com/verizon-insights-lab/dbir/
More info...
52 min
April 13, 2018
Defensive Security Podcast Episode 215
https://www.bankinfosecurity.com/nj-ag-smacks-practice-hefty-fine-for-vendor-breach-a-10774 https://www.bankinfosecurity.com/panera-bread-data-leak-persisted-for-eight-months-a-10760 http://www.eweek.com/security/best-buy-delta-sears-hit-by-third-party-chat-widget-breach http://www.baltimoresun.com/news/maryland/crime/bs-md-ci-hack-folo-20180328-story.html
More info...
51 min
March 29, 2018
Defensive Security Podcast Episode 214
https://www.csoonline.com/article/3265024/privacy/are-you-letting-gdpr-s-privacy-rules-trump-security.html http://www.zdnet.com/article/doj-indicts-iranian-hackers-for-stealing-data-from-144-us-universities/ https://www.databreachtoday.com/report-guccifer-20-unmasked-at-last-a-10737 https://www.databreachtoday.com/expedias-orbitz-suspects-880000-payment-cards-stolen-a-10729 https://www.csoonline.com/article/3266364/security/samsam-group-deletes-atlantas-contact-portal-after-the-address-goes-public.html https://www.securityweek.com/top-vulnerabilities-exploited-cybercriminals
More info...
49 min
March 21, 2018
Defensive Security Podcast Episode 213
https://www.theguardian.com/business/2018/mar/14/equifax-insider-trading-data-breach-jun-ying-charged https://gizmodo.com/us-power-company-fined-2-7-million-over-security-flaws-1823745994 https://www.csoonline.com/article/3262551/data-protection/are-your-employees-unwittingly-invalidating-your-cyber-liability-insurance.html https://www.cisecurity.org/controls/
More info...
41 min
March 13, 2018
Defensive Security Podcast Episode 212
https://www.csoonline.com/article/3258817/data-breach/sec-guidance-on-it-security-would-you-report-security-risks-before-a-breach.html http://www.zdnet.com/article/hackers-are-selling-legitimate-code-signing-certificates-to-evade-malware-detection/ http://au.news.yahoo.com/a/39380423/equifax-expects-net-200-million-in-breach-related-costs-in-2018/ http://www.eweek.com/security/crowdstrike-reveals-time-to-breakout-as-key-cyber-security-metric https://www.securityweek.com/sophisticated-cyberspies-target-middle-east-africa-routers
More info...
67 min
February 19, 2018
Defensive Security Podcast Episode 211
https://www.bleepingcomputer.com/news/security/destructive-malware-wreaks-havoc-at-pyeongchang-2018-winter-olympics/ https://www.cyberscoop.com/atos-olympics-hack-olympic-destroyer-malware-peyongchang/ https://www.bankinfosecurity.com/blogs/attribution-games-dont-rush-to-blame-p-2594 http://www.zdnet.com/article/meltdown-spectre-flaws-weve-found-new-attack-variants-say-researchers/ https://news.iu.edu/stories/2018/02/iub/releases/13-paper-suggests-agency-to-prevent-cyberattacks.html
More info...
45 min
January 17, 2018
Defensive Security Podcast Episode 209
https://www.csoonline.com/article/3247653/data-protection/5-mistakes-ive-made-and-how-to-avoid-them.html https://www.csoonline.com/article/3244650/disaster-recovery/why-we-continue-to-fail-lessons-learned-from-the-atlanta-airport-fiasco.html https://www.wired.com/story/meltdown-and-spectre-patches-take-toll/
More info...
70 min
December 30, 2017
Defensive Security Podcast Episode 208
https://www.upguard.com/breaches/cloud-leak-alteryx?ilink=1 https://krebsonsecurity.com/2017/12/4-years-after-target-the-little-guy-is-the-target/
More info...
65 min
December 14, 2017
Defensive Security Podcast Episode 207
https://www.csoonline.com/article/3239645/data-protection/3-common-cybersecurity-maturity-failings.html https://www.troyhunt.com/the-trouble-with-politicians-sharing-passwords/ https://krebsonsecurity.com/2017/12/phishers-are-upping-their-game-so-should-you/ https://www.reuters.com/article/us-uber-cyber-payment-exclusive/exclusive-uber-paid-20-year-old-florida-man-to-keep-data-breach-secret-sources-idUSKBN1E101C
More info...
63 min
December 5, 2017
Defensive Security Podcast Episode 206
http://www.zdnet.com/article/national-credit-federation-leaked-us-citizen-data-through-unsecured-aws-bucket/ http://www.mercurynews.com/2017/11/21/uber-concealed-attack-that-exposed-data-of-57-million/
More info...
42 min
November 13, 2017
Defensive Security Podcast Episode 205
https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/ https://www.bankinfosecurity.com/mayer-strengthened-defense-couldnt-stop-massive-breaches-a-10442 http://www.securityweek.com/phishing-poses-biggest-threat-users-google
More info...
38 min
November 6, 2017
Defensive Security Podcast Episode 204
https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/ https://motherboard.vice.com/en_us/article/ne3bv7/equifax-breach-social-security-numbers-researcher-warning https://www.csoonline.com/article/3234675/data-protection/6-reasons-why-awareness-programs-fail-even-when-following-best-practices.html https://cyberbalancesheet.com/
More info...
52 min
October 16, 2017
Defensive Security Podcast Episode 203
https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks-of-state-sponsored-pros https://www.databreachtoday.com/ex-ceo-blames-human-error-tech-failures-for-equifax-breach-a-10349 http://www.zdnet.com/article/wsj-kaspersky-software-likely-used-in-russian-backed-nsa-breach/ https://www.washingtonpost.com/world/national-security/israel-hacked-kaspersky-then-tipped-the-nsa-that-its-tools-had-been-breached/2017/10/10/d48ce774-aa95-11e7-850e-2bdd1236be5d_story.html https://www.bleepingcomputer.com/news/legal/it-admin-trashes-railroad-companys-network-before-he-leaves/
More info...
54 min
October 2, 2017
Defensive Security Podcast Episode 202
https://arstechnica.com/information-technology/2017/09/ccleaner-backdoor-infecting-millions-delivered-mystery-payload-to-40-pcs/ https://www.theregister.co.uk/2017/09/26/equifax_ceo_resigns/ https://krebsonsecurity.com/2017/09/source-deloitte-breach-affected-all-company-email-admin-accounts/comment-page-2/ https://www.theregister.co.uk/2017/09/26/deloitte_leak_github_and_google/
More info...
56 min
September 11, 2017
Defensive Security Podcast Episode 201
https://krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpster-fire/ https://www.welivesecurity.com/2017/09/06/security-vulnerability-leaves-fortune-100-firms-vulnerable/ http://nypost.com/2017/09/08/equifax-blames-giant-breach-on-vendor-software-flaw/amp/ https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax https://qz.com/1073221/the-hackers-who-broke-into-equifax-exploited-a-nine-year-old-security-flaw/
More info...
55 min
August 29, 2017
Defensive Security Podcast Episode 200
http://www.securityweek.com/three-questions-every-ciso-should-be-able-answer https://arstechnica.com/information-technology/2017/08/powerful-backdoor-found-in-software-used-by-100-banks-and-energy-cos/?amp=1 https://krebsonsecurity.com/2017/08/blowing-the-whistle-on-bad-attribution/ http://www.csoonline.com/article/3213030/security/when-it-comes-to-the-cloud-do-cisos-have-their-heads-in-the-sand.html http://www.zdnet.com/article/petya-ransomware-cyber-attack-costs-could-hit-300m-for-shipping-giant-maersk/ https://www.helpnetsecurity.com/2017/08/24/crystal-finance-millennium-compromised/ https://www.lacyberlab.org/what-los-angeles-cyber-lab
More info...
51 min
August 14, 2017
Defensive Security Podcast Episode 199
https://www.theregister.co.uk/2017/08/10/salesforce_fires_its_senior_security_engineers_after_defcon_talk/?mt=1502653861726 https://www.theregister.co.uk/2017/08/10/carbon_black_denies_sec_sys_broken/ http://www.databreachtoday.com/ocr-tells-organizations-to-step-up-phishing-scam-awareness-a-10174 https://www.infosecurity-magazine.com/news/anthem-medicare-patients-hit-breach/ https://www.theregister.co.uk/2017/08/07/cba_blames_software_for_money_laundering_miss/
More info...
52 min
August 7, 2017
Defensive Security Podcast Episode 198
https://www.darkreading.com/vulnerabilities---threats/wannacry-inspires-worm-like-module-in-trickbot/d/d-id/1329491 http://www.securityweek.com/one-million-exposed-adware-hijacked-chrome-extension https://www.darkreading.com/risk/can-your-risk-assessment-stand-up https://youtu.be/ac1NeL6_o0k
More info...
53 min
July 24, 2017
Defensive Security Podcast Episode 197
http://thehackernews.com/2017/07/adwind-rat-malware.html https://www.theregister.co.uk/2017/07/13/swiss_domain_name_hijack/ http://www.databreachtoday.com/fedex-warns-notpetya-will-negatively-affect-profits-a-10118 http://www.cnbc.com/2017/07/21/a-cyberattack-is-going-to-cause-this-tech-company-to-miss-earnings.html http://www.securityweek.com/alarming-percentage-employees-hide-security-incidents-report
More info...
48 min
July 12, 2017
Defensive Security Podcast Episode 196
http://www.databreachtoday.com/notpetya-patient-zero-ukrainian-accounting-software-vendor-a-10080 http://blog.talosintelligence.com/2017/07/the-medoc-connection.html?m=1 http://www.databreachtoday.com/police-seize-backdoored-firms-servers-to-stop-attacks-a-10083 https://www.bleepingcomputer.com/news/security/m-e-doc-software-was-backdoored-3-times-servers-left-without-updates-since-2013/ https://www.wired.com/story/petya-plague-automatic-software-updates/ https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/https://apnews.com/962db1cd370d4fdda6083d064b94dd1b https://infosec.engineering/notpetya-complex-attacks-and-the-fog-of-war/
More info...
74 min
June 27, 2017
Defensive Security Podcast Episode 195
http://securityaffairs.co/wordpress/60243/data-breach/dra-data-leak.html https://www.wired.com/story/crash-override-malware/ https://threatpost.com/fin10-extorting-canadian-mining-companies-casinos/126382/ http://variety.com/2017/digital/features/netflix-orange-is-the-new-black-leak-dark-overlord-larson-studios-1202471400/amp/ https://arstechnica.com/information-technology/2017/06/32tb-of-windows-10-beta-builds-driver-source-code-leaked/ https://arstechnica.com/security/2017/06/5-weeks-after-wcry-outbreak-nsa-derived-worm-shuts-down-a-honda-factory/
More info...
58 min
June 22, 2017
Defensive Security Podcast Episode 194
https://hotforsecurity.bitdefender.com/blog/heartbleed-still-hurting-hard-uk-council-fined-100000-after-data-breach-18205.html https://threatpost.com/ransomware-attack-hobbles-prestigious-university-college-london/126299/ http://www.securityweek.com/web-hosting-provider-pays-1-million-ransomware-attackers https://infosec.engineering/improving-the-effectiveness-of-vulnerability-remediation-targeting/
More info...
42 min
June 12, 2017
Defensive Security Podcast Episode 193
http://www.csoonline.com/article/3198492/security/ceos-risky-behaviors-compromise-security.html https://www.bleepingcomputer.com/news/security/ex-admin-deletes-all-customer-data-and-wipes-servers-of-dutch-hosting-provider http://thehackernews.com/2017/06/intel-amt-firewall-bypass.html http://thehackernews.com/2017/06/microsoft-powerpoint-malware.html
More info...
30 min
June 6, 2017
Defensive Security Podcast Episode 192
http://www.csoonline.com/article/3198496/compliance/sometimes-it-is-necessary-to-bend-the-rules-a-bit.html http://www.securityweek.com/nature-vs-nurture-bad-cybersecurity-our-dna http://gizmodo.com/top-defense-contractor-left-sensitive-pentagon-files-on-1795669632 https://nakedsecurity.sophos.com/2017/06/02/onelogin-warns-that-attacker-could-be-able-to-decrypt-data/
More info...
36 min
May 25, 2017
Defensive Security Podcast Episode 191
https://arstechnica.com/security/2017/05/windows-7-not-xp-was-the-reason-last-weeks-wcry-worm-spread-so-widely/ http://www.publictechnology.net/articles/news/nhs-cyber-attack-forces-week-long-council-email-block https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html https://www.grahamcluley.com/companies-keeping-bitcoin-hand-case-ransomware-attacks/ http://www.eweek.com/security/zomato-docusign-breaches-reveal-common-security-risks
More info...
48 min
May 10, 2017
Defensive Security Podcast Episode 190
http://www.verizonenterprise.com/resources/reports/rp_DBIR_2017_Report_en_xg.pdf
More info...
109 min
April 25, 2017
Defensive Security Podcast Episode 189
https://www.wsj.com/articles/cybersecurity-startup-tanium-exposed-california-hospitals-network-in-demos-without-permission-1492624287 http://www.csoonline.com/article/3191286/security/most-employees-willing-to-share-sensitive-information-survey-says.html https://www.bleepingcomputer.com/news/security/over-36-000-computers-infected-with-nsas-doublepulsar-malware/
More info...
51 min
April 17, 2017
Defensive Security Podcast Episode 188
https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/ https://www.bleepingcomputer.com/news/security/former-sysadmin-accused-of-planting-time-bomb-in-companys-database/ http://www.computerworld.com/article/3189059/security/what-prevents-breaches-process-technology-or-people-one-answer-is-pc-and-one-is-right.html http://www.csoonline.com/article/3187422/network-security/report-30-of-malware-is-zero-day-missed-by-legacy-antivirus.amp.html How Hackers Hijacked a Bank’s Entire Online Operation http://news.softpedia.com/news/two-laptops-with-hong-kong-s-3-7-million-voters-data-stolen-514346.shtml Threat Brief: Credential Theft – The Keystone of the Shamoon 2 Attacks
More info...
64 min
March 28, 2017
Defensive Security Podcast Episode 187
http://www.itworld.com/article/3182431/security/some-https-inspection-tools-might-weaken-security.html https://www.bleepingcomputer.com/news/legal/former-it-admin-accused-of-leaving-backdoor-account-accessing-it-700-times/ http://www.securityweek.com/what-cisos-can-learn-er-doctors http://www.csoonline.com/article/3180762/data-breach/inside-the-russian-hack-of-yahoo-how-they-did-it.html https://arstechnica.com/security/2017/03/microsofts-silence-over-unprecedented-patch-delay-doesnt-smell-right/
More info...
47 min
March 14, 2017
Defensive Security Podcast Episode 186
http://www.bankinfosecurity.com/emory-healthcare-database-breach-what-happened-a-9745 http://www.networkworld.com/article/3176718/security/dealing-with-overwhelming-volume-of-security-alerts.html#tk.rss_security http://www.networkworld.com/article/3175030/security/trend-micro-report-ransomware-booming.html https://www.helpnetsecurity.com/2017/03/02/yahoo-cookie-forging-incident/ http://www.darkreading.com/risk/new-cybersecurity-regulations-begin-today-for-ny-banks/d/d-id/1328295 http://www.pcworld.com/article/3179348/security/after-cia-leak-intel-security-releases-detection-tool-for-efi-rootkits.html https://arstechnica.com/security/2017/03/wikileaks-publishes-what-it-says-is-trove-of-cia-hacking-tools/ http://www.csoonline.com/article/3177994/security/cia-false-flag-team-repurposed-shamoon-data-wiper-other-malware.html
More info...
56 min
February 28, 2017
Defensive Security Podcast Episode 185
https://www.bleepingcomputer.com/news/security/malware-used-to-attack-polish-banks-contained-false-flags-blaming-russian-hackers/ http://www.csoonline.com/article/3173639/security/bleeding-clouds-cloudflare-server-errors-blamed-for-leaked-customer-data.html http://www.csoonline.com/article/3174153/security/carders-capitalize-on-cloudflare-problems-claim-150-million-logins-for-sale.amp.html http://www.securityweek.com/what-hackers-think-your-defenses http://www.csoonline.com/article/3171154/security/verizon-knocks-off-350m-from-yahoo-deal-after-breaches.html
More info...
52 min
February 20, 2017
Defensive Security Podcast Episode 184
https://gallery.technet.microsoft.com/ATA-Playbook-ef0a8e38/file/169827/1/ATA%20Playbook.pdf http://www.securityweek.com/google-shares-data-corporate-email-attacks http://www.databreachtoday.com/reworked-ny-cybersecurity-regulation-takes-effect-in-march-a-9733 http://www.computerworld.com/article/3169386/security/recent-malware-attacks-on-polish-banks-tied-to-wider-hacking-campaign.html#tk.rss_security http://www.computerworld.com/article/3166824/security/polish-banks-on-alert-after-mystery-malware-found-on-computers.html http://www.forbes.com/sites/thomasbrewster/2017/02/16/dnc-fancy-bear-russia-hackers-mac-malware-hacking-team-fbi-fsb/#3998bc7812bc
More info...
47 min
February 14, 2017
Defensive Security Podcast Episode 183
https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/?amp=1 http://www.darkreading.com/risk/7-tips-for-getting-your-security-budget-approved/d/d-id/1328004 https://www.asd.gov.au/publications/protect/essential-eight-explained.htm http://www.csoonline.com/article/3163068/application-development/how-to-secure-active-directory.html https://securosis.com/mobile/tidal-forces-software-as-a-service-is-the-new-back-office/full
More info...
61 min
January 23, 2017
Defensive Security Podcast Episode 182
http://www.securityweek.com/cyber-threat-intelligence-shows-majority-cybercrime-not-sophisticated http://www.databreachtoday.com/new-in-depth-analysis-anthem-breach-a-9627 http://www.databreachtoday.com/475000-hipaa-penalty-for-tardy-breach-notification-a-9624 http://www.databreachtoday.com/insurer-slapped-22-million-hipaa-settlement-a-9643 https://krebsonsecurity.com/2017/01/extortionists-wipe-thousands-of-databases-victims-who-pay-up-get-stiffed/ https://securosis.com/mobile/tidal-forces-endpoints-are-different-more-secure-and-less-open/full
More info...
64 min
January 9, 2017
Defensive Security Podcast Episode 181
http://www.businessinsider.com/russian-hacking-fears-reportedly-triggered-by-vermont-employee-checking-his-email-2017-1 http://www.cio.com/article/3153706/security/4-information-security-threats-that-will-dominate-2017.html http://www.databreachtoday.com/major-breach-insurer-blames-system-integrator-a-9603 http://www.zdnet.com/article/this-ransomware-targets-hr-departments-with-fake-job-applications/ https://securosis.com/mobile/tidal-forces-the-trends-tearing-apart-security-as-we-know-it/full https://securosis.com/blog/network-security-in-the-cloud-age-everything-changes http://blog.erratasec.com/2017/01/notes-about-ftc-action-against-d-link.html Slack Channel: http://https://defensivesecurity.org/slack-channel/
More info...
59 min
December 20, 2016
Defensive Security Podcast Episode 180
https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/ http://arstechnica.com/tech-policy/2016/12/disgraced-it-worker-stole-confidential-expedia-e-mails-even-after-he-left/ http://arstechnica.com/security/2016/12/millions-exposed-to-malvertising-that-hid-attack-code-in-banner-pixels/ http://www.reuters.com/article/us-cyber-heist-bangladesh-exclusive-idUSKBN1411ST http://motherboard.vice.com/read/newly-uncovered-site-suggests-nsa-exploits-for-direct-sale http://arstechnica.com/security/2016/12/what-can-you-do-with-a-billion-yahoo-passwords-lots-of-bad-things/
More info...
49 min
December 18, 2016
Defensive Security Podcast Episode 179
2016 HOLIDAY PODCAST MASHUP With: PVC Security Podcast: http://www.pvcsec.com/ Brakeing Down Security Podcast: http://www.brakeingsecurity.com/ Advanced Persistent Security Podcast: https://advancedpersistentsecurity.net/ ...and Amanda Berlin!
More info...
74 min
November 28, 2016
Defensive Security Podcast Episode 178
http://blog.checkpoint.com/2016/11/24/imagegate-check-point-uncovers-new-method-distributing-malware-images/ http://www.csoonline.com/article/3143713/analytics/shall-we-care-about-zero-day.html http://www.databreachtoday.com/umass-amherst-hit-650000-hipaa-settlement-a-9554 http://arstechnica.com/security/2016/11/elegant-0day-unicorn-underscores-serious-concerns-about-linux-security/ http://www.securityweek.com/disgruntled-gamer-likely-behind-october-us-hacking-expert http://www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_just_bunk_antivirus_ids/ https://blog.instant2fa.com/an-economic-model-for-security-spending-3d982d05d0c1#.fpcnkz5qn http://www.securityweek.com/when-ransomware-hits-business-paying-unlikely-guarantee-resolution http://www.csoonline.com/article/3142889/security/ransomware-victims-able-to-thwart-attacks-report-says.html
More info...
73 min
November 14, 2016
Defensive Security Podcast Episode 177
Book recommendations: https://defensivesecurity.org/resources/recommended-books/ Slack channel: http://https://defensivesecurity.org/slack-channel/ http://arstechnica.com/information-technology/2016/11/kaspersky-accuses-microsoft-of-anticompetitive-bundling-of-antivirus-software/ https://nakedsecurity.sophos.com/2016/11/11/yahoo-staff-knew-they-were-breached-two-years-ago/ http://www.csoonline.com/article/3139311/security/412-million-friendfinder-accounts-exposed-by-hackers.html
More info...
37 min
November 7, 2016
Defensive Security Podcast Episode 176
https://www.helpnetsecurity.com/2016/11/03/overconfidence-risk-attacks/ http://arstechnica.com/security/2016/11/windows-zero-day-exploited-by-same-group-behind-dnc-hack/ http://www.bankinfosecurity.com/those-suing-anthem-seek-security-audit-documents-a-9498 https://it.slashdot.org/story/16/11/05/1744231/it-workers-facing-layoffs-jolted-by-ceos-message
More info...
54 min
November 2, 2016
Defensive Security Podcast Episode 175
http://www.securityweek.com/shadow-brokers-leaks-servers-allegedly-hacked-nsa http://www.bankinfosecurity.com/online-ad-industry-threatened-by-security-issues-a-9488 http://m.elpasoinc.com/news/local_news/article_92e82ee0-9f84-11e6-b429-0b2b853bae0b.html?mode=jqm http://researchcenter.paloaltonetworks.com/2016/10/unit42-psa-conference-invite-used-lure-operation-lotus-blossom-actors/
More info...
65 min
October 24, 2016
Defensive Security Podcast Episode 174
https://threatpost.com/serious-dirty-cow-linux-vulnerability-under-attack/121448/ http://news.softpedia.com/news/hackers-steal-research-and-user-data-from-japanese-nuclear-research-lab-509380.shtml https://www.databreaches.net/rainbow-childrens-clinic-notifies-33368-patients-of-ransomware-attack/ https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
More info...
40 min
October 16, 2016
Defensive Security Podcast Episode 173
http://conferences.oreilly.com/security/network-data-security-ny/public/content/buy-one-get-one-discount https://www.eventbrite.com/e/bsides-atlanta-2016-tickets-27895813128 http://www.cnbc.com/2016/10/14/british-banks-keep-cyber-attacks-under-wraps-to-protect-image.html http://www.lexology.com/library/detail.aspx?g=f17c1e55-5768-4ea6-a7e6-d555c4052eef https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly
More info...
40 min
October 3, 2016
Defensive Security Podcast Episode 172
http://cybersecurity.oxfordjournals.org/content/early/2016/08/08/cybsec.tyw001 https://www.helpnetsecurity.com/2016/09/29/risky-password-practices/ http://www.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html?_r=0 http://www.databreachtoday.com/blogs/yahoo-breach-great-nation-state-cop-out-p-2260
More info...
42 min
September 22, 2016
Defensive Security Podcast Episode 171
http://www.csoonline.com/article/3119965/security/a-single-ransomware-network-has-pulled-in-121-million.html https://www.sans.org/reading-room/whitepapers/dataprotection/data-breaches-prevention-practical-37267 http://www.bankinfosecurity.com/aligning-cyber-framework-organizations-strategy-goals-a-9401 http://arstechnica.com/security/2016/09/swift-fraudsters-detection-system-bangladesh-bank-heist/ http://www.bankinfosecurity.com/blogs/ransomware-victims-please-come-forward-p-2255 http://www.nytimes.com/2016/09/17/business/dealbook/wells-fargo-warned-workers-against-fake-accounts-but-they-needed-a-paycheck.html
More info...
58 min
September 11, 2016
Defensive Security Podcast Episode 170
http://news.softpedia.com/news/retiring-sysadmin-fakes-cyber-attack-to-get-away-with-data-theft-507992.shtml https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf http://money.cnn.com/2016/09/08/investing/wells-fargo-created-phony-accounts-bank-fees/index.html http://spectrum.ieee.org/view-from-the-valley/computing/it/facebook-engineers-crash-data-centers-in-realworld-stress-test http://www.bloomberg.com/news/articles/2016-09-08/cisco-s-network-bugs-are-front-and-center-in-bankruptcy-fight
More info...
58 min
August 30, 2016
Defensive Security Podcast Episode 169
http://www.csoonline.com/article/3110975/techology-business/how-do-you-measure-success-when-it-comes-to-stopping-phishing-attacks.html http://www.databreachtoday.com/equation-group-hacking-tool-dump-5-lessons-a-9358 http://www.csoonline.com/article/3109982/security/attackers-dont-need-vulnerabilities-when-the-basics-work-just-as-well.html http://www.securityweek.com/attacker-uses-virtual-machine-hide-malicious-activity http://www.networkworld.com/article/3110653/security/imperva-application-layer-ddos-attacks-are-on-the-rise.html http://arstechnica.com/security/2016/08/actively-exploited-ios-flaws-that-hijack-iphones-likely-spread-for-years/
More info...
44 min
August 21, 2016
Defensive Security Podcast Episode 168
https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/ http://www.extremetech.com/extreme/234031-your-guide-to-the-shadow-brokers-nsa-theft-which-puts-the-snowden-leaks-to-shame http://phys.org/news/2016-08-people-software-percent.html http://www.csoonline.com/article/3108025/cyber-attacks-espionage/cerber-ransomware-earns-2-3mil-with-0-3-response-rate.html
More info...
51 min
August 14, 2016
Defensive Security Podcast Episode 167
http://www.csoonline.com/article/3101863/security/report-only-3-percent-of-u-s-companies-pay-attackers-after-ransomware-infections.html http://www.bankinfosecurity.com/fed-reserve-a-9282 http://www.tripwire.com/state-of-security/featured/does-dropping-malicious-usb-sticks-really-work-yes-worryingly-well/ http://arstechnica.com/security/2016/08/frequent-password-changes-are-the-enemy-of-security-ftc-technologist-says/ http://spectrum.ieee.org/tech-talk/telecom/security/nigerian-scammers-infect-themselves-with-own-malware-revealing-new-wirewire-fraud-scheme http://www.csoonline.com/article/3106076/data-protection/disable-wpad-now-or-have-your-accounts-and-private-data-compromised.html http://fortune.com/2016/08/12/delta-airlines-outages/
More info...
62 min
July 25, 2016
Defensive Security Podcast Episode 166
http://www.bankinfosecurity.com/report-new-york-fed-fumbled-cyber-heist-response-a-9281 http://motherboard.vice.com/read/ransomware-gang-claims-fortune-500-company-hired-them-to-hack-the-competition http://www.lexology.com/library/detail.aspx?g=d0f4e774-6c6a-4783-b993-4f165f1dcc7e
More info...
48 min
July 17, 2016
Defensive Security Podcast Episode 165
Tiaracon: http://tiaracon.org/ http://www.cbc.ca/news/technology/antivirus-software-1.3668746 http://www.csoonline.com/article/3089439/business-continuity/9-critical-controls-for-todays-threats.html http://www.bankinfosecurity.com/interviews/heartbleed-update-america-vulnerable-i-3242 http://www.bankinfosecurity.com/blogs/av-wars-sophos-vs-cylance-p-2172 http://www.reuters.com/article/us-cyber-fdic-china-idUSKCN0ZT20M http://blog.talosintel.com/2016/07/ranscam.html
More info...
57 min
June 30, 2016
Defensive Security Podcast Episode 164
http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html#.V3BKyvkrJhE http://www.zdnet.com/article/cvss-scores-are-not-enough-for-modern-security/ http://www.crn.com/news/security/300081157/sophos-slams-cylance-in-blog-post-as-market-for-endpoint-security-heats-up.htm?itc=refresh
More info...
62 min
June 20, 2016
Defensive Security Podcast Episode 163
http://www.darkreading.com/vulnerabilities---threats/windows-badtunnel-attack-hijacks-network-traffic/d/d-id/1325875 http://krebsonsecurity.com/2016/06/adobe-update-plugs-flash-player-zero-day/ http://krebsonsecurity.com/2016/06/banks-credit-card-breach-at-cicis-pizza/ http://ieee-security.org/TC/SP2016/papers/0824a018.pdf https://securelist.com/blog/research/75027/xdedic-the-shady-world-of-hacked-servers-for-sale/ https://www.washingtonpost.com/world/national-security/guccifer-20-claims-credit-for-dnc-hack/2016/06/15/abdcdf48-3366-11e6-8ff7-7b6c1998b7a0_story.html http://fox4kc.com/2016/06/15/platte-county-commissioners-give-treasurer-one-week-to-repay-funds-lost-to-email-scam/ http://www.abc.net.au/news/2016-06-18/software-legal-battle-could-put-sa-patients'-safety/7522934
More info...
60 min
June 5, 2016
Defensive Security Podcast Episode 162
https://threatpost.com/teamviewer-denies-hack-blames-password-reuse-for-compromises/118427/ http://www.businessinsurance.com/article/20160602/NEWS06/160609935/chubb-p-f-changs-federal-insurance-co-cybersecurity-by-chubb-credit http://www.csoonline.com/article/3075385/backup-recovery/will-your-backups-protect-you-against-ransomware.html#jump http://www.csoonline.com/article/3077434/security/93-of-phishing-emails-are-now-ransomware.html#jump http://venturebeat.com/2016/06/04/federal-reserve-bank-was-hacked-more-than-50-times-between-2011-and-2015/ http://www.csoonline.com/article/3075758/data-breach/up-to-a-dozen-banks-are-reportedly-investigating-potential-swift-breaches.html#jump http://www.theregister.co.uk/2016/06/03/swift_threatens_insecure_bank_suspensions/
More info...
50 min
May 23, 2016
Defensive Security Podcast Episode 161
Vote for us! https://www.surveymonkey.com/r/secbloggerwards2016 http://www.csoonline.com/article/3071337/cyber-attacks-espionage/cybercriminals-are-increasingly-embracing-a-sophisticated-business-model-approach.html#tk.rss_all https://www.yahoo.com/news/special-report-cyber-thieves-exploit-banks-faith-swift-052100312--finance.html?ref=gs http://www.securityweek.com/google-soon-kill-sslv3-rc4-support-gmail https://threatpost.com/microsoft-warns-of-sneaky-new-macro-trick/118227/ http://www.networkworld.com/article/3073495/security/kansas-heart-hospital-hit-with-ransomware-paid-but-attackers-demanded-2nd-ransom.html
More info...
33 min
May 18, 2016
Defensive Security Podcast Episode 160
http://www.bankinfosecurity.com/researcher-hacks-symantecs-av-via-email-a-9109 http://www.v3.co.uk/v3-uk/news/2457773/hackers-exploiting-six-year-old-sap-software-flaw-warns-us-cert http://arstechnica.com/security/2016/05/1b-bangladesh-heist-officials-say-swift-technicians-left-bank-vulnerable/ http://www.csoonline.com/article/3069502/data-breach/malware-attacks-on-two-banks-have-links-with-2014-sony-pictures-hack.html https://www.surveymonkey.com/r/secbloggerwards2016
More info...
58 min
May 2, 2016
Defensive Security Podcast Episode 159
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/ https://blog.osvdb.org/2016/04/27/a-note-on-the-verizon-dbir-2016-vulnerabilities-claims/
More info...
87 min
April 28, 2016
Defensive Security Podcast Episode 158
http://baesystemsai.blogspot.nl/2016/04/two-bytes-to-951m.html https://threatpost.com/bangladesh-bank-hackers-accessed-swift-system-to-steal-cover-tracks/117637/ http://www.csoonline.com/article/3061229/fraud/swift-banking-network-warns-customers-of-cyberfraud-cases.html http://www.theregister.co.uk/2016/04/22/i_hacked_facebook_and_found_someone_had_beaten_me_to_it/
More info...
41 min
April 19, 2016
Defensive Security Podcast Episode 157
https://www.helpnetsecurity.com/2016/04/15/eu-data-protection-rules/ http://pastebin.com/raw/0SNSvyjJ https://threatpost.com/apple-deprecates-quick-time-for-windows-wont-patch-new-flaws/117427/ http://www.welivesecurity.com/2016/04/13/medical-data-breach-leads-record-cash-settlement/
More info...
46 min
April 13, 2016
Defensive Security Podcast Episode 156
https://offensivetechblog.wordpress.com/2016/03/29/systems-admins-we-need-to-talk/ http://m.sfgate.com/business/technology/article/Hackers-broke-into-hospitals-despite-software-7229722.php http://www.wired.co.uk/news/archive/2016-04/06/panama-papers-mossack-fonseca-website-security-problems http://arstechnica.com/security/2016/04/ok-panic-newly-evolved-ransomware-is-bad-news-for-everyone/
More info...
51 min
April 5, 2016
Defensive Security Podcast Episode 155
https://www.cooley.com/california-attorney-general-2016-data-breach-report http://www.csoonline.com/article/3049392/security/chinese-scammers-take-mattel-to-the-bank-phishing-them-for-3-million.html http://www.oreilly.com/security/newsletter http://conferences.oreilly.com/security/network-data-security-ny
More info...
60 min
March 29, 2016
Defensive Security Podcast Episode 154
https://threatpost.com/apt-attackers-flying-more-false-flags-than-ever/116814/ http://www.csoonline.com/article/3048334/security/verizons-breach-experts-missed-one-right-under-their-noses.html http://www.wsj.com/articles/hackers-in-bangladesh-bank-account-heist-part-of-larger-breach-1458582678 http://krebsonsecurity.com/2016/03/hospital-declares-internet-state-of-emergency-after-ransomware-infection/
More info...
39 min
March 15, 2016
Defensive Security Podcast Episode 153
http://www.csoonline.com/article/3043975/security/compromised-data-goes-public-as-staminus-recovers-from-attack.html#tk.rss_all http://www.darkreading.com/endpoint/patch-management-still-plagues-enterprise/d/d-id/1324615 http://www.welivesecurity.com/2016/03/09/android-trojan-targets-online-banking-users/ http://arstechnica.com/security/2016/03/a-typo-costs-bank-hackers-nearly-1b/ http://www.cnet.com/news/home-depot-offers-19m-to-settle-customers-hacking-lawsuit/
More info...
48 min
March 7, 2016
Defensive Security Podcast Episode 152
http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf?_ga=1.157194172.685877305.1433735448 https://blog.agilebits.com/2015/06/17/1password-inter-process-communication-discussion/ http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest_xg_en.pdf
More info...
60 min
February 28, 2016
Defensive Security Podcast Episode 151
http://www.databreachtoday.com/anthem-breach-lessons-one-year-later-a-8897 http://www.dw.com/en/hackers-hold-german-hospital-data-hostage/a-19076030 http://krebsonsecurity.com/2016/02/breached-credit-union-comes-out-of-its-shell/ http://arstechnica.com/security/2016/02/hackers-did-indeed-cause-ukrainian-power-outage-us-report-concludes/
More info...
39 min
February 25, 2016
Defensive Security Podcast Episode 150
http://www.scmagazineuk.com/russian-bank-licences-revoked-for-using-hackers-to-withdraw-funds/article/474464/ http://arstechnica.com/security/2016/02/hospital-pays-17k-for-ransomware-crypto-key/ http://news.softpedia.com/news/us-school-agrees-to-pay-8-500-to-get-rid-of-ransomware-500684.shtml http://www.scmagazineuk.com/44-of-ransomware-victims-in-the-uk-have-paid-to-recover-their-data/article/475426/ http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/
More info...
46 min
February 16, 2016
Defensive Security Podcast Episode 149
http://www.tripwire.com/state-of-security/latest-security-news/cisco-patches-critical-asa-ike-buffer-overflow-vulnerability/ http://www.securityweek.com/we-cant-give-preventing-breaches http://www.csoonline.com/article/3033160/security/ransomware-takes-hollywood-hospital-offline-36m-demanded-by-attackers.html http://arstechnica.com/security/2016/02/clever-bank-hack-allowed-crooks-to-make-unlimited-atm-withdrawals/
More info...
49 min
February 11, 2016
Defensive Security Podcast Episode 148
http://www.theregister.co.uk/2016/02/04/norse_corp_ceo_fired/ http://www.secureworks.com/resources/blog/ransomware-used-as-a-distraction/ http://www.zdnet.com/article/most-windows-flaws-mitigated-by-removing-admin-rights-says-report/ http://mobile.reuters.com/article/idUSKCN0VD14X http://www.csoonline.com/article/3025787/security/defending-against-insider-security-threats-hangs-on-trust.html http://www.securityforrealpeople.com/2016/02/poor-ux-leads-to-poorly-secured-soho.html
More info...
57 min
February 1, 2016
Defensive Security Podcast Episode 147
Hack in the Box: https://conference.hitb.org/ Circle City Con: https://circlecitycon.com/tickets/ http://www.theregister.co.uk/2016/01/28/nsas_top_hacking_boss_explains_how_to_protect_your_network_from_his_minions/?page=1 https://www.youtube.com/watch?v=bDJb8WOJYdA http://krebsonsecurity.com/2016/01/sources-security-firm-norse-corp-imploding/ http://arstechnica.com/security/2016/01/secret-ssh-backdoor-in-fortinet-hardware-found-in-more-products/
More info...
42 min
January 27, 2016
Defensive Security Podcast Episode 146
https://blog.malwarebytes.org/intelligence/2016/01/draft-lechiffre-a-manually-run-ransomware/ http://www.tripwire.com/state-of-security/security-data-protection/boeing-supplier-hacked-claims-55-million-worth-of-damage-as-stock-price-falls/ http://krebsonsecurity.com/2016/01/firm-sues-cyber-insurer-over-480k-loss/ http://shawnetuma.com/2016/01/08/supervalu-data-breach-class-action-dismissed-for-lack-of-harm/ Hack in the Box: https://conference.hitb.org/ Circle City Con: https://circlecitycon.com/tickets/
More info...
39 min
January 21, 2016
Defensive Security Podcast Episode 145
http://arstechnica.com/security/2016/01/security-firm-sued-for-filing-woefully-inadequate-forensics-report/ http://arstechnica.com/security/2016/01/et-tu-fortinet-hard-coded-password-raises-new-backdoor-eavesdropping-fears/ http://www.csoonline.com/article/3021774/security/trend-micro-flaw-could-have-allowed-attacker-to-steal-all-passwords.html
More info...
36 min
January 3, 2016
Defensive Security Podcast Episode 144
http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/ http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html http://www.databreaches.net/191-million-voters-personal-info-exposed-by-misconfigured-database/ http://darkmatters.norsecorp.com/2015/12/28/the-cybersecurity-information-sharing-act-cisa-passed/
More info...
42 min
January 3, 2016
Defensive Security Podcast Episode 143
This is our 2015 holiday episode with the Brakeing Down Security and PVC Security podcasts.
More info...
81 min
December 13, 2015
Defensive Security Podcast Episode 142
https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html http://www.csoonline.com/article/3012443/security/how-the-nsa-uses-behavior-analytics-to-detect-threats.html#tk.rss_all http://www.databreachtoday.com/wyndham-agrees-to-settle-ftc-breach-case-a-8737 https://technet.microsoft.com/en-us/library/security/ms15-127.aspx https://www.reddit.com/r/sysadmin/comments/3wa8rl/early_warning_system_for_cryptowall_crypto_canary/
More info...
43 min
December 6, 2015
Defensive Security Podcast Episode 141
http://www.zdnet.com/article/vtech-hack-gets-worse-kids-photos-chat-logs-also-stolen/ http://krebsonsecurity.com/2015/12/dhs-giving-firms-free-penetration-tests/ http://www.csoonline.com/article/3011580/data-protection/insurance-companies-will-crack-down-on-cyber-security-in-2016-report.html http://www.forbes.com/sites/joannabelbey/2015/11/30/7-tips-from-the-fbi-to-prepare-your-firm-for-a-cyber-attack/
More info...
46 min
November 26, 2015
Defensive Security Podcast Episode 140
http://krebsonsecurity.com/2015/11/breach-at-it-automation-firm-landesk/ http://www.slate.com/articles/technology/users/2015/11/sony_employees_on_the_hack_one_year_later.html http://www.csoonline.com/article/3006816/cyber-attacks-espionage/damballa-finds-tools-related-to-the-malware-that-hit-sony.html http://www.databreachtoday.com/interviews/what-jpmorgan-chase-breach-teaches-us-i-2982 http://www.healthcaredive.com/news/ftc-data-breach-case-dismissal-raises-bar-for-demonstrating-consumer-harm/409634/
More info...
44 min
November 16, 2015
Defensive Security Podcast Episode 139
http://www.bloomberg.com/news/articles/2015-11-10/hackers-accused-by-u-s-of-targeting-top-banks-mutual-funds http://www.trust.org/item/20151113203615-j3cyu http://krebsonsecurity.com/2015/11/jpmorgan-hackers-breached-anti-fraud-vendor-g2-web-services/#more-32855 http://consumerist.com/2015/11/13/lack-of-windows-3-1-technicians-causes-traffic-backup-at-french-airport/ http://securityaffairs.co/wordpress/41950/cyber-crime/fakben-ransomware-as-a-service.html
More info...
46 min
November 8, 2015
Defensive Security Podcast Episode 138
http://arstechnica.com/security/2015/11/crypto-e-mail-service-pays-6000-ransom-gets-taken-out-by-ddos-anyway/ http://arstechnica.com/security/2015/11/booming-crypto-ransomware-industry-employs-new-tricks-to-befuddle-victims/ http://www.theregister.co.uk/2015/11/02/pagefair_malware_snare_scare_in_halloween_hack_of_adblocker_blocker/ http://www.infosecurity-magazine.com/news/it-personnel-are-the-riskiest/
More info...
55 min
October 26, 2015
Defensive Security Podcast Episode 137
http://blog.erratasec.com/2015/10/dumb-dumber-and-cybersecurity.html http://www.businessinsider.com/talktalk-didnt-use-encryption-hack-protect-4-million-customer-details-2015-10 https://grahamcluley.com/2015/10/talktalk-hacked-silly-ask-data-encrypted/ http://krebsonsecurity.com/2015/10/talktalk-hackers-demanded-80k-in-bitcoin/ http://www.securityweek.com/hacking-impact-short-lived-sony-boss https://threatpost.com/european-aviation-agency-warns-of-aircraft-hacking/114987/
More info...
38 min
October 21, 2015
Defensive Security Podcast Episode 136
http://www.threatconnect.com/threat-intelligence-driven-risk-analysis/http://www.theregister.co.uk/2015/10/15/inside_mandiants_biggest_forensics_breach_battle_is_this_anthem/http://www.theregister.co.uk/2015/10/16/dow_jones_denies_russian_hackers_plundered_its_servers_for_insider_trading_tips/http://m.nextgov.com/cybersecurity/2015/10/opm-fully-do-away-passwords-network-access-2-years/122768/
More info...
51 min
October 13, 2015
Defensive Security Podcast Episode 135
tp://www.databreachtoday.com/report-usps-workers-vulnerable-to-phishing-scams-a-8579 http://krebsonsecurity.com/2015/10/at-experian-security-attrition-amid-acquisitions/#more-32501 http://www.databreachtoday.com/etrade-dow-jones-issue-breach-alerts-a-8586 http://www.bankinfosecurity.asia/blogs/cyber-insurance-primer-for-insurers-insured-p-1946 http://www.csoonline.com/article/2990471/social-engineering/near-flawless-social-engineering-attack-spoiled-by-single-flaw.html#tk.rss_all
More info...
54 min
October 5, 2015
Defensive Security Podcast Episode 134
http://arstechnica.com/security/2015/10/patreon-was-warned-of-serious-website-flaw-5-days-before-it-was-hacked/ http://www.scmagazine.com/sec-hits-security-adviser-with-75000-penalty-in-breach-settlement/article/440268/ http://krebsonsecurity.com/2015/10/scottrade-breach-hits-4-6-million-customers/ http://www.wired.com/2015/10/hack-brief-hackers-steal-15m-t-mobile-customers-data-experian/ http://time.com/4056928/trump-hotels-hacked/ http://fortune.com/2015/10/02/american-bankers-association-breach/
More info...
37 min
September 30, 2015
Defensive Security Podcast Episode 133
http://www.pvcsec.com/ http://brakeingsecurity.com/
More info...
67 min
September 29, 2015
Defensive Security Podcast Episode 132
http://www.thenationaltriallawyers.org/2015/09/standing-neiman-marcus-data-breach/ http://krebsonsecurity.com/2015/09/bidding-for-breaches-redefining-targeted-attacks/ http://www.miltonstart.com/blog/2015/09/22/morgan-stanley-employee-pleads-guilty-in-data-breach-case/
More info...
76 min
September 21, 2015
Defensive Security Podcast Episode 131
http://www.bizjournals.com/atlanta/blog/atlantech/2015/09/atlantas-bitpay-got-hacked-for-1-8-million-in.html http://www.securityweek.com/excellus-data-breach-impacts-10-million http://www.databreachtoday.com/attacks-on-insurers-lessons-learned-a-8530 http://federalnewsradio.com/cybersecurity/2015/09/us-certs-dos-and-donts-for-after-the-cyber-hack/ http://www.theguardian.com/technology/2015/sep/10/cyber-threat-data-manipulation-us-intelligence-chief http://www.csoonline.com/article/2984543/vulnerabilities/as-containers-take-off-so-do-security-concerns.html
More info...
64 min
September 12, 2015
Defensive Security Podcast Episode 130
http://www.theregister.co.uk/2015/09/04/mozilla_firefox_bugzilla_leak/ http://darkmatters.norsecorp.com/2015/09/03/four-non-technical-measures-for-mitigating-insidious-insiders/ http://arstechnica.com/tech-policy/2015/08/ftc-can-sue-companies-with-poor-information-security-appeals-court-says/ https://nakedsecurity.sophos.com/2015/09/02/microsoft-word-intruder-revealed-inside-a-malware-construction-kit/ http://www.securityweek.com/executive-it-security-problem-lessons-learned-hillary-clinton
More info...
65 min
August 25, 2015
Defensive Security Podcast Episode 129
http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/security-reverse-engineering-and-eulas/ http://arstechnica.com/security/2015/08/my-browser-visited-drudgereport-and-all-i-got-was-this-lousy-malware/ http://arstechnica.com/security/2015/08/attackers-actively-exploit-windows-bug-that-uses-usb-sticks-to-infect-pcs/ http://arstechnica.com/information-technology/2015/08/lenovo-used-windows-anti-theft-feature-to-install-persistent-crapware/ http://socialmedia.umich.edu/blog/hacked/
More info...
42 min
August 25, 2015
Defensive Security Podcast Episode 128
More info...
29 min
August 11, 2015
Defensive Security Podcast Episode 127
http://resources.infosecinstitute.com/can-user-awareness-really-prevent-spear-phishing/ http://www.net-security.org/secworld.php?id=18702 http://link.springer.com/article/10.1007/s12290-015-0355-5/fulltext.html
More info...
60 min
August 3, 2015
Defensive Security Podcast Episode 126
http://fortune.com/2015/07/29/crowdstrike-cybersecurity-george-kurtz/ http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/phishing-up-74-in-q2-2015-reveals-infoblox-dns-threat-index/ http://blog.trendmicro.com/trendlabs-security-intelligence/angler-exploit-kit-used-to-find-and-infect-pos-systems/ http://www.welivesecurity.com/2015/07/28/new-report-explains-gulf-security-experts-non-experts/
More info...
78 min
July 27, 2015
Defensive Security Podcast Episode 125
http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/ http://www.mcafee.com/us/resources/reports/rp-aspen-holding-line-cyberthreats.pdf http://arstechnica.com/tech-policy/2015/07/obama-administration-decides-not-to-blame-china-publicly-for-opm-hack/ http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/
More info...
44 min
July 19, 2015
Defensive Security Podcast Episode 124
http://arstechnica.com/tech-policy/2015/07/hacking-teams-surveillance-software-sold-to-kgb-successor/ http://arstechnica.com/security/2015/07/hackingteams-evil-android-app-had-code-to-bypass-google-play-screening/ http://www.scmagazine.com/ios-devices-dont-have-to-be-jailbroken-for-spyware-sold-by-hacking-team-to-be-installed/article/426137/ https://krebsonsecurity.com/2015/07/hacking-team-used-spammer-tricks-to-resurrect-spy-network/ http://www.scmagazine.com/fireeye-intern-morgan-culbertson-arrested-in-darkode-bust/article/427139/2/ http://erpscan.com/wp-content/themes/supercms/Publications/Chinese_attack_on_USIS_using_SAP_vulnerability_Detailed_review_and_comments.pdf
More info...
53 min
July 13, 2015
Defensive Security Podcast Episode 123
http://labs.bromium.com/2015/07/10/government-grade-malware-a-look-at-hackingteams-rat/ http://www.theregister.co.uk/2015/07/12/adobe_flash_zero_day_cve_2015_5122/ https://www.tenable.com/blog/lessons-to-learn-from-the-opm-breach http://arstechnica.com/tech-policy/2015/07/opm-director-resigns-after-news-that-hack-affected-21-5-million-people/ http://www.ffiec.gov/cyberassessmenttool.htm
More info...
53 min
July 9, 2015
Defensive Security Podcast Episode 122
http://arstechnica.com/security/2015/07/massive-leak-reveals-hacking-teams-most-private-moments-in-messy-detail/ & http://www.csoonline.com/article/2945200/vulnerabilities/adobe-to-patch-flash-0-day-created-by-hacking-team.html http://securityaffairs.co/wordpress/38372/cyber-crime/kins-malware-builder-leaked.html https://threatpost.com/cyber-ul-could-become-reality-under-leadership-of-hacker-mudge/113538 http://www.federaltimes.com/story/government/omr/opm-cyber-report/2015/06/23/keypoint-usis-opm-breach/28977277/
More info...
37 min
June 30, 2015
Defensive Security Podcast Episode 121
http://www.databreaches.net/fbi-cyber-division-bulletin-on-tools-reportedly-used-by-opm-hackers/ https://fortune.com/sony-hack-part-1/ http://www.csoonline.com/article/2938310/data-protection/lieberman-mandiant-and-verizon-wrong-on-unstoppable-threats.html http://www.itworld.com/article/2939255/windows/the-us-navys-warfare-systems-command-just-paid-millions-to-stay-on-windows-xp.html
More info...
51 min
June 23, 2015
Defensive Security Podcast Episode 120
http://www.bankinfosecurity.com/blogs/did-fisma-facilitate-opm-hack-p-1879/op-1 http://www.csoonline.com/article/2936723/data-breach/user-error-is-an-expected-business-problem.html http://www.databreachtoday.com/blogs/post-malware-outbreak-rip-replace-p-1877 http://www.csoonline.com/article/2936615/data-breach/6-breaches-lessons-reminders-and-potential-ways-to-prevent-them.html http://www.nytimes.com/2015/06/17/sports/baseball/st-louis-cardinals-hack-astros-fbi.html
More info...
53 min
June 15, 2015
Defensive Security Podcast Episode 119
http://www.theregister.co.uk/2015/05/28/cottage_healthcare_system_sued/ http://arstechnica.com/security/2015/06/report-hack-of-government-employee-records-discovered-by-product-demo/ http://www.reddit.com/r/netsec/comments/36obxt/what_i_know_about_us_export_controls_and_hacking/ http://www.bis.doc.gov/index.php/policy-guidance/faqs http://www.wired.com/2015/06/kaspersky-finds-new-nation-state-attack-network/
More info...
51 min
May 27, 2015
Defensive Security Podcast Episode 118
http://www.symantec.com/connect/fr/blogs/check-your-sources-trojanized-open-source-ssh-software-used-steal-information https://nakedsecurity.sophos.com/2015/05/21/anatomy-of-a-logjam-another-tls-vulnerability-and-what-to-do-about-it/ http://krebsonsecurity.com/2015/05/carefirst-blue-cross-breach-hits-1-1m/ http://www.forbes.com/sites/thomasbrewster/2015/05/20/guns-bombs-hacking-cars-and-planes-dangerous-tweets-for-a-security-researcher/
More info...
59 min
May 18, 2015
Defensive Security Podcast Episode 117
http://www.computerworld.com/article/2918406/cybercrime-hacking/cybercriminals-borrow-from-apt-playbook-in-attacking-pos-vendors.html http://www.welivesecurity.com/2015/05/12/5-practical-tips-avoid-ransomware-email/ http://www.zdnet.com/article/what-causes-enterprise-data-breaches-the-terrible-complexity-and-fragility-of-our-it-systems/ http://www.computing.co.uk/ctg/news/2408602/venom-security-vulnerability-allows-hackers-to-infiltrate-networks-via-the-cloud http://arstechnica.com/security/2015/05/penn-state-severs-engineering-network-after-incredibly-serious-intrusion/
More info...
64 min
May 11, 2015
Defensive Security Podcast Episode 116
John's book: http://www.amazon.com/Offensive-Countermeasures-Art-Active-Defense/dp/1491065966/ref=sr_1_1?ie=UTF8&qid=1431313328&sr=8-1&keywords=active+defense
More info...
42 min
April 28, 2015
Defensive Security Podcast Episode 115
http://www.wsj.com/articles/five-simple-steps-to-protect-corporate-data-1429499477http://www.politico.com/story/2015/04/sony-hackers-fake-emails-117200.htmlhttp://www.japantimes.co.jp/news/2015/04/21/national/tepcos-frugality-rapped-after-48000-pcs-found-running-windows-xp/http://www.darkreading.com/attacks-breaches/zero-day-malvertising-attack-went-undetected-for-two-months/d/d-id/1320092http://www.csoonline.com/article/2913884/access-control/credit-card-terminals-have-used-same-password-since-1990s-claim-researchers.html#tk.rss_all https://www.youtube.com/watch?v=qTH5koCnXL4
More info...
53 min
April 20, 2015
Defensive Security Podcast Episode 114
http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report-2015_en_xg.pdf http://arstechnica.com/security/2015/04/researcher-who-joked-about-hacking-a-jet-plane-barred-from-united-flight/
More info...
59 min
April 12, 2015
Defensive Security Podcast Episode 113
http://arstechnica.com/tech-policy/2015/04/police-chief-paying-the-bitcoin-ransom-was-the-last-resort/ http://www.computerworld.com/article/2907088/russian-hackers-accessed-white-house-email.html http://www.darkreading.com/endpoint/so-you-dont-believe-in-security-education-/a/d-id/1319793? - my post regarding this: https://www.maliciouslink.com/applying-science-to-cyber-security/ http://www.reuters.com/article/2015/04/07/us-cybersecurity-americas-idUSKBN0MY06Z20150407
More info...
46 min
April 7, 2015
Defensive Security Podcast Episode 112
http://www.databreachtoday.com/new-malware-attacks-prey-on-banks-a-8076 http://www.databreachtoday.com/cyber-attacks-target-energy-firms-a-8068/op-1 http://www.techworld.com/news/security/removing-admin-rights-would-ease-97-percent-of-critical-microsoft-flaws-3605895/ http://www.ffiec.gov/press/pr033015.htm http://www.csoonline.com/article/2905682/data-breach/employees-have-no-qualms-in-selling-corporate-passwords.html
More info...
49 min
March 31, 2015
Defensive Security Podcast Episode 111
High Tech Crime Investigation Association Conference: https://www.htcia.org/event-registration/?ee=16 http://www.databreachtoday.com/pci-issues-penetration-test-guidance-a-8056 http://arstechnica.com/security/2015/03/github-battles-largest-ddos-in-sites-history-targeted-at-anti-censorship-tools/
More info...
39 min
March 25, 2015
Defensive Security Podcast Episode 110
http://www.infoworld.com/article/2898658/security/premera-anthem-data-breaches-linked-by-similar-hacking-tactics.html http://www.theregister.co.uk/2015/03/23/premera_healthcare_hipaa/ http://arstechnica.com/security/2015/03/all-four-major-browsers-take-a-stomping-at-pwn2own-hacking-competition/ http://www.csoonline.com/article/2898128/disaster-recovery/godaddy-accounts-vulnerable-to-social-engineering-and-photoshop.html http://blog.norsecorp.com/2015/03/23/bitwhisper-breaching-air-gapped-systems-via-thermal-manipulation/ http://rt.com/news/243397-canada-cyber-spying-snowden/ http://www.dailydot.com/technology/michael-hamelin-legacy-encryption-death/
More info...
52 min
March 18, 2015
Defensive Security Podcast Episode 109
http://www.firstcoastnews.com/story/news/local/2015/03/09/cyber-thieves-target-orange-park-bank/24682713/ https://blogs.mcafee.com/mcafee-labs/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events http://mobile.esecurityplanet.com/network-security/pci-compliance-still-a-challenge-verizon.html http://www.zdnet.com/article/feds-hot-on-the-trail-of-jpmorgan-hackers/ http://www.pnj.com/story/news/2015/03/16/sacred-heart-health-system-billing-information-hacked/24859975/
More info...
42 min
March 10, 2015
Defensive Security Podcast Episode 108
http://arstechnica.com/security/2015/03/ubers-epic-db-blunder-is-hardly-an-exception-github-is-awash-in-passwords/ http://www.csoonline.com/article/2892417/security-awareness/5-steps-to-incorporate-threat-intelligence-into-your-security-awareness-program.html http://www.csoonline.com/article/2892327/malware-cybercrime/driveby-attack-relies-on-hacked-godaddy-accounts.html#tk.rss_all http://www.csoonline.com/article/2889850/security/insurance-firm-staysure-fined-175000-for-unbelievable-credit-card-hack.html#tk.rss_all http://www.huffingtonpost.com/2015/03/04/clinton-ran-own-computer-_n_6797824.html http://www.theguardian.com/us-news/2015/mar/08/clinton-double-standard-on-email-scott-gration http://www.securitybsides.com/w/page/92311122/BSidesATL2015
More info...
54 min
March 1, 2015
Defensive Security Podcast Episode 107
http://www.bloomberg.com/news/articles/2015-02-19/morgan-stanley-probe-said-to-examine-whether-adviser-got-hacked http://gizmodo.com/state-department-computer-systems-hit-by-hackers-1659549503/1686899463/+chris-mills http://www.theregister.co.uk/2015/02/25/gemalto_everythings_fine_security_industry_hang_on_a_minute/ https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf http://www.csoonline.com/article/2887930/network-security/how-better-log-monitoring-can-prevent-data-breaches.html
More info...
43 min
February 16, 2015
Defensive Security Podcast Episode 106
http://training.pcisecuritystandards.org/pci-ssc-bulletin-on-impending-revisions-to-pci-dss-pa-dss-assessor http://www.theguardian.com/technology/2015/feb/05/company-loses-17m-in-email-scam http://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html?_r=0 http://www.group-ib.com/files/Anunak_APT_against_financial_institutions.pdf http://arstechnica.com/security/2015/02/pwned-in-7-seconds-hackers-use-flash-and-ie-to-target-forbes-visitors/ http://www.csoonline.com/article/2883248/data-protection/zero-days-last-up-to-six-months-for-some-malware.html#tk.rss_all http://krebsonsecurity.com/2015/02/anthem-breach-may-have-started-in-april-2014/
More info...
58 min
February 9, 2015
Defensive Security Podcast Episode 105
http://www.techworld.com/news/security/dating-site-topface-pays-hacker-who-stole-20-million-credentials-3596333/ http://www.securityweek.com/disconnected-security-increases-risk http://www.csoonline.com/article/2879444/data-breach/hack-to-cost-sony-35-million-in-it-repairs.html http://www.csoonline.com/article/2879655/malware-cybercrime/malicious-advertisements-on-major-sites-compromised-many-computers.html http://www.csoonline.com/article/2880095/cyber-attacks-espionage/crowdstrike-demonstrates-how-attackers-wiped-the-data-from-the-machines-at-sony.html http://www.huffingtonpost.com/2015/02/06/anthem-hackers-december_n_6634440.html
More info...
55 min
February 1, 2015
Defensive Security Podcast Episode 104
http://www.scmagazine.com/travelers-accuses-web-firm-of-shoddy-practices/article/394588/ https://www.htbridge.com/blog/ransomweb_emerging_website_threat.html http://blogs.gartner.com/anton-chuvakin/2015/01/28/defeat-the-casual-attacker-first/ http://www.csoonline.com/article/2876310/security-leadership/7-ideas-for-security-leaders.html http://blog.erratasec.com/2015/01/some-notes-on-ghos
More info...
45 min
January 26, 2015
Defensive Security Podcast Episode 103
http://www.abc.net.au/pm/content/2015/s4164603.htm http://breakingbits.net/2015/01/18/taking-over-godaddy-accounts-using-csrf/ http://recode.net/2015/01/20/heres-what-helped-sonys-hackers-break-in-zero-day-vulnerability/ http://www.darkreading.com/attacks-breaches/nsa-report-how-to-defend-against-destructive-malware/d/d-id/1318734 http://www.databreachtoday.com/court-rules-in-favor-breached-retailer-a-7822 http://www.csoonline.com/article/2872329/data-breach/6-biggest-business-security-risks-and-how-you-can-fight-back.html#tk.rss_all http://www.csoonline.com/article/2871922/malware-cybercrime/gap-between-perception-and-reality-of-cyberthreats-widened-in-2015.html#tk.rss_all
More info...
56 min
January 19, 2015
Defensive Security Podcast Episode 102
http://www.darkreading.com/a-lot-of-security-purchases-remain-shelfware/d/d-id/1318648 http://arstechnica.com/information-technology/2015/01/google-drops-more-windows-0-days-somethings-gotta-give/ http://www.eweek.com/security/effective-computer-security-means-covering-all-your-bases.html http://krebsonsecurity.com/2015/01/park-n-fly-onestopparking-confirm-breaches/ http://www.databreachtoday.com/report-mercenaries-behind-apt-attacks-a-7806 http://www.zdnet.com/article/new-report-the-dhs-is-a-mess-of-cybersecurity-incompetence/
More info...
54 min
January 15, 2015
Defensive Security Podcast Episode 101
http://www.wsj.com/articles/puzzle-forms-in-morgan-stanley-data-breach-1420590326 http://www.economist.com/news/leaders/21637390-states-should-police-corporate-cyber-security-more-toughlybut-react-breaches-cautiously-losing http://www.securityweek.com/google-discloses-new-unpatched-windows-81-privilege-escalation-flaw http://www.cultofmac.com/308478/confidential-apple-product-plans-quanta/ http://www.networkworld.com/article/2867565/microsoft-subnet/hackers-dump-over-30-000-confidential-client-emails-after-bank-refuses-to-pay-ransom.html
More info...
39 min
January 7, 2015
Defensive Security Podcast Episode 100
http://www.darkreading.com/attacks-breaches/long-running-cyberattacks-become-the-norm/d/d-id/1318392 http://www.hotforsecurity.com/blog/top-10-data-breaches-of-2014-lessons-learned-for-a-safer-2015-11101.html http://www.net-security.org/secworld.php?id=17784 http://m.healthcareitnews.com/news/phi-485k-swiped-usps-data-breach http://www.databreachtoday.com/breach-prevention-5-lessons-learned-a-7757/op-1 http://www.securityweek.com/morgan-stanley-fires-employee-stealing-client-data
More info...
51 min
December 30, 2014
Defensive Security Podcast Episode 99
https://securityledger.com/2014/12/new-clues-in-sony-hack-point-to-insiders-away-from-dprk/http://www.databreachtoday.com/blogs/6-sony-breach-lessons-we-must-learn-p-1786 http://www.theregister.co.uk/2014/12/26/isc_org_hacked/ http://www.darkreading.com/attackers-leverage-it-tools-as-cover-/d/d-id/1318365 http://www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/ https://www.maliciouslink.com/jpmc-is-getting-off-easy/
More info...
53 min
December 23, 2014
Defensive Security Podcast Episode 98
http://www.bizjournals.com/atlanta/news/2014/12/19/home-depot-data-breach-forces-community-banks-to.html?ana=twt http://www.itworld.com/article/2861675/cyberattack-on-german-steel-factory-causes-massive-damage.html http://www.csoonline.com/article/2860737/social-engineering/icann-targeted-by-spear-phishing-attack-several-systems-impacted.html#tk.rss_all http://gizmodo.com/sony-execs-knew-about-extensive-it-flaws-two-months-bef-1670203774 http://for.tn/1x7xPTe
More info...
61 min
December 19, 2014
Defensive Security Podcast Episode 97
More info...
86 min
December 9, 2014
Defensive Security Podcast Episode 96
http://www.cio.com/article/2439324/risk-management/your-guide-to-good-enough-compliance.html https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/ http://recode.net/2014/12/07/sony-describes-hack-attack-as-unprecedented/ http://www.theregister.co.uk/2014/12/08/kaspersky_deets_on_sony_malware/ http://securelist.com/blog/research/67985/destover/ https://www.bluecoat.com/security-blog/2014-12-04/custom-sony-malware-indicates-previous-knowledge
More info...
68 min
December 4, 2014
Defensive Security Podcast Episode 95
http://www.welivesecurity.com/2014/11/25/craigslist-redirected-prank-site-via-dns-hijack/ https://nakedsecurity.sophos.com/2014/11/28/syrian-electronic-army-returns-with-thanksgiving-press-hack/ http://www.theregister.co.uk/2014/12/02/us_parking_garage_breach/ http://arstechnica.com/security/2014/12/critical-networks-in-us-15-nations-completely-owned-by-iran-backed-hackers/ http://www.wired.com/2014/12/sony-hack-what-we-know/
More info...
49 min
November 25, 2014
Defensive Security Podcast Episode 94
http://rt.com/usa/206663-detroit-bitcoin-ransom-database/ http://www.databreachtoday.com/fdic-what-to-expect-in-new-guidance-a-7596/op-1 http://blog.cobaltstrike.com/2014/11/12/adversary-simulation-becomes-a-thing/ http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
More info...
48 min
November 18, 2014
Defensive Security Podcast Episode 93
http://www.securityweek.com/postal-service-suspends-telecommuting-vpn-access-breach-investigation-continues http://www.browserstack.com/attack-and-downtime-on-9-November http://www.techweekeurope.co.uk/security/hotel-wifi-hacked-executives-kaspersky-155165 http://www.washingtonpost.com/world/national-security/state-department-shuts-down-its-e-mail-system-amid-concerns-about-hacking/2014/11/16/92cf0722-4815-41ca-b602-9bfe8ecdb256_story.html http://www.securityweek.com/security-operations-what-your-signal-noise-ratio
More info...
53 min
November 11, 2014
Defensive Security Podcast Episode 92
http://www.securityweek.com/nc-dermatology-center-discovers-hacked-server-two-years-after-attack http://krebsonsecurity.com/2014/11/home-depot-hackers-stole-53m-email-addreses/ http://www.csoonline.com/article/2842532/data-breach/6-things-we-learned-from-this-years-security-breaches.html http://www.net-security.org/article.php?id=2156
More info...
54 min
November 4, 2014
Defensive Security Podcast Episode 91
http://news.yahoo.com/j-p-morgan-found-hackers-breach-corporate-event-010203954--sector.html http://www.scmagazine.com/research-helps-companies-determine-if-theyve-suffered-data-leaks/article/380063/ http://www.darkreading.com/attacks-breaches/drupal-attacks-started-within-hours-of-patch-release/d/d-id/1317145 http://www.bankinfosecurity.com/home-depot-breach-cost-cus-60-million-a-7504/op-1 http://www.bankinfosecurity.com/phishing-attack-leads-to-bank-breach-a-7502
More info...
41 min
October 28, 2014
Defensive Security Podcast Episode 90
http://www.darkreading.com/operations/10-things-it-probably-doesnt-know-about-cyber-insurance/d/d-id/1316862 http://www.csoonline.com/article/2838025/data-protection/disaster-as-cryptowall-encrypts-us-firms-entire-server-installation.html#tk.rss_all http://www.csoonline.com/article/2836568/data-breach/fraudulent-activity-is-first-hint-of-a-staples-data-breach.html#tk.rss_all http://www.csoonline.com/article/2836843/data-breach/pci-compliance-under-scrutiny-following-big-data-breaches.html#tk.rss_all http://sfspodcast.libsyn.com/episode-145-the-interview-episode-feat-hackingdave-selenakyle
More info...
49 min
October 21, 2014
Defensive Security Podcast Episode 89
http://www.healthcareitnews.com/news/hipaa-breach-letters-go-out-after-email-hack https://blog.gdatasoftware.com/blog/article/new-frameworkpos-variant-exfiltrates-data-via-dns-requests.html http://www.zdnet.com/average-company-now-attacked-every-four-days-with-no-end-to-the-cybercrime-wave-in-sight-7000034755/ http://arstechnica.com/security/2014/10/ghost-in-the-bourne-again-shell-fallout-of-shellshock-far-from-over/ http://www.databreachtoday.com/defending-against-government-intrusions-a-7452
More info...
60 min
October 16, 2014
Defensive Security Podcast Episode 88
https://www.imperialviolet.org/2014/10/14/poodle.html http://www.cnbc.com/id/102070655 https://www.nsslabs.com/blog/all%E2%80%99s-well-ends-well http://www.csoonline.com/article/2692415/data-protection/an-inside-look-at-russian-cybercriminals.html#tk.rss_all http://krebsonsecurity.com/2014/10/signed-malware-is-expensive-oops-for-hp/ http://krebsonsecurity.com/2014/10/dairy-queen-confirms-breach-at-395-stores/ http://krebsonsecurity.com/2014/10/malware-based-credit-card-breach-at-kmart/#comments
More info...
56 min
October 8, 2014
Defensive Security Podcast Episode 87
Derbycon Videos: http://www.irongeek.com/i.php?page=videos/derbycon4/mainlist http://www.tripwire.com/state-of-security/top-security-stories/att-discovers-second-insider-breach-this-year/ http://www.zdnet.com/yahoo-confirms-servers-infected-but-not-by-shellshock-7000034411/ http://www.futuresouth.us/wordpress/?p=32 http://www.theregister.co.uk/2014/10/05/report_says_russians_behind_jpmorgan_chase_cyber_attack/ http://nakedsecurity.sophos.com/2014/10/06/badusb-now-with-do-it-yourself-instructions/ http://hackaday.com/2014/10/05/badusb-means-were-all-screwed/ http://www.csoonline.com/article/2689609/network-security/threat-intelligence-firm-mistakes-research-for-nation-state-attack.html#tk.rss_all
More info...
52 min
September 30, 2014
Defensive Security Podcast Episode 86
http://www.zdnet.com/shellshock-makes-heartbleed-look-insignificant-7000034143/ https://www.maliciouslink.com/post-traumatic-vulnerability-disorder/
More info...
38 min
September 24, 2014
Defensive Security Podcast Episode 85
http://arstechnica.com/tech-policy/2014/09/senior-it-worker-at-top-tech-law-firm-arrested-for-insider-trading/ http://www.finextra.com/news/fullstory.aspx?newsitemid=26446 http://arstechnica.com/security/2014/09/home-depots-former-security-architect-had-history-of-techno-sabotage/ http://www.nytimes.com/2014/09/20/business/ex-employees-say-home-depot-left-data-vulnerable.html http://online.wsj.com/articles/fraudulent-transactions-surface-in-wake-of-home-depot-breach-1411506081 http://risky.biz/RB337_notes http://www.csoonline.com/article/2686453/security/malicious-advertisements-distributed-by-doubleclick-zedo-networks.html Http://www.reddit.com/r/AskNetsec/comments/2h0dtu/what_are_your_recommended_resources_for/ckopv80
More info...
66 min
September 16, 2014
Defensive Security Podcast Episode 84
http://www.businessweek.com/articles/2014-09-11/home-depot-hack-malware-points-to-different-hackers-than-targets http://www.csoonline.com/article/2605857/security-awareness/successful-security-awareness-programs-hold-employees-hands-to-the-fire-in.html http://www.networkworld.com/article/2604411/security0/ernst-and-young-accused-by-canadian-used-computer-dealer-of-data-breach.html http://www.cyber-security-blog.com/2013/08/Responding-to-a-Domain-Admin-Account-Compromise-Bootstrapping-Trust-A-Billion-Dollar-Cyber-Security-Problem.html http://digital-forensics.sans.org/blog/2013/06/20/overview-of-microsofts-best-practices-for-securing-active-directory
More info...
59 min
September 9, 2014
Defensive Security Podcast Episode 83
[1] http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/ [2a] http://nakedsecurity.sophos.com/2014/04/18/pci-dss-whats-new-in-v3-0/ [2b] https://www.pcisecuritystandards.org/documents/DSS_and_PA-DSS_Change_Highlights.pdf [3] http://news.techworld.com/security/3543504/phishing-emails-fool-most-employees-but-is-this-their-problem-or-emails/ [4] https://www.nccgroup.com/en/blog/2014/09/phishing-all-you-need-is-one/ [5] http://hackerhurricane.blogspot.com/2014/09/infosec-industry-partly-responsible-for.html?m=1
More info...
70 min
September 5, 2014
Defensive Security Podcast Episode 82
http://www.databreachtoday.com/buying-cyber-insurance-5-tips-a-7250 http://www.csoonline.com/article/2600212/data-protection/why-russian-hackers-are-beating-us.html http://www.aorato.com/labs/report/untold-story-target-attack-step-step/ http://www.csoonline.com/article/2599257/network-security/security-council-blames-breaches-on-poor-pci-standard-support.html#tk.rss_all
More info...
60 min
August 27, 2014
Defensive Security Podcast Episode 81
http://www.csoonline.com/article/2466084/data-protection/community-health-systems-blames-china-for-recent-data-breach.html http://www.csoonline.com/article/2466726/data-protection/heartbleed-to-blame-for-community-health-systems-breach.html http://www.csoonline.com/article/2597389/data-protection/more-problems-emerge-on-the-community-health-systems-network.html http://www.securityweek.com/secret-service-over-1000-business-infected-backoff-point-sale-malware http://nakedsecurity.sophos.com/2014/08/22/the-ups-store-breach-what-went-wrong-and-what-ups-got-right
More info...
August 19, 2014
Defensive Security Podcast Episode 80
http://blog.soundidea.co.za/articles/Your_websites_been_hacked_now_what-378.html http://money.cnn.com/2014/08/15/technology/security/albertsons-supervalu-hack/index.html http://www.forbes.com/sites/kashmirhill/2014/08/13/so-many-pwns/ http://www.theregister.co.uk/2014/08/16/time_to_ditch_http_state_network_injection_attacks_documented_in_the_wild/ http://krebsonsecurity.com/2014/08/tenn-utility-sues-bank-over-327k-cyberheist/ http://blog.trendmicro.com/trendlabs-security-intelligence/7-places-to-check-for-signs-of-a-targeted-attack-in-your-network/
More info...
62 min
August 12, 2014
Defensive Security Podcast Episode 79
[1] Cisco’s mid-year report [2] Poorly trained IT workers pose a risk to organizations [3] Cyber security should be professionalized [4] How hackers are using Google to steal data’ [5] PCI creates a check-box mentality [6] Gamma’s ownage detailed on pastebin [7] 1.2 Billion passwords, Russians and controversy Web Site | Subscribe in iTunes | Podcast RSS Feed | Twitter | Email [1] https://blogs.cisco.com/security/cisco-2014-midyear-security-report-exposing-weak-links-to-strengthen-the-security-chain/ [2] http://www.telegraph.co.uk/technology/internet-security/11011249/Poorly-trained-IT-workers-are-gateway-for-hackers.html [3] http://www.csoonline.com/article/2461669/security-leadership/cybersecurity-should-be-professionalized.html [4] http://www.csoonline.com/article/2462409/data-protection/how-hackers-used-google-in-stealing-corporate-data.html [5] http://www.csoonline.com/article/2460607/security/pci-regime-has-bred-complacent-tick-box-security-among-retailers-tripwire-survey-finds.html [6] http://pastebin.com/cRYvK4jb [7] http://www.youarenotpayingattention.com/2014/08/08/the-lie-behind-1-2-billion-stolen-passwords/
More info...
August 5, 2014
Defensive Security Podcast Episode 78
Web Site | Subscribe in iTunes | Podcast RSS Feed | Twitter | Email [1] Researchers to demonstrate attacks by reprogramming firmware of commodity USB devices [2] Survey find that enterprises are not paying attention to 3rd party risks, despite recent headlines [3] Ransomware attack failed thanks to security awareness training [4] Stubhub defrauded out of $1.6M using stolen passwords of its users [5] Maricopa County fires IT manager in the wake of a data breach that the IT manager apparently warned the school about [6] Why PCI can't stop RAM scraping malware [7] Plans for Israel's Iron Dome apparently stolen by Chinese hackers [1] http://nakedsecurity.sophos.com/2014/08/02/badusb-what-if-you-could-never-trust-a-usb-device-again/ [2] http://www.csoonline.com/article/2458048/security-leadership/insecure-connections-enterprises-hacked-after-neglecting-third-party-risks.html#tk.rss_all [3] http://www.csoonline.com/article/2459961/security-leadership/security-managers-journal-a-ransomware-flop-thanks-to-security-awareness.html#tk.rss_all [4] http://www.darkreading.com/7-arrested-3-more-indicted-for-roles-in-cyber-fraud-ring-that-stung-stubhub/d/d-id/1297510 [5] http://www.azfamily.com/news/School-fires-IT-manager-who-warned-of-security-breach-268218462.html [6] http://www.darkreading.com/attacks-breaches/ram-scraper-malware-why-pci-dss-cant-fix-retail/a/d-id/1297501 [7] http://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-firms-that-built-iron-dome-missile-defense-system/
More info...
68 min
July 22, 2014
Defensive Security Podcast Episode 77
Russians steal the NASDAQ; Importance of AV in incident response; Report finds poor security communication between staff and executives; Microsoft recommends reusing weak passwords; Government malware found being used by criminals; Don't use security as an excuse to resist the cloud.
More info...
58 min
July 17, 2014
Defensive Security Podcast Episode 76
A question from Bob on Active Directory; 67 percent of critical infrastructure providers were breached last year; Malware coming from shipping scanners; It's the end of the road for Windows Server 2003; Details emerge on the Boeing hack; Testing your APT response plan; Revamping your insider threat program; Beware of computers in hotel business centers.
More info...
54 min
July 8, 2014
Defensive Security Podcast Episode 75
SEC investigating breached companies; How companies can rebuild trust after a security breach; Preparing your company for a ransom attack; BAE retracts the story on hedge fund hack; Hackers compromising businesses via 3rd parties and remote access.
More info...
45 min
July 1, 2014
Defensive Security Podcast Episode 74
Advice from Bob; Airport breaches and the apparently misguided priorities of security pros; Hospitals are leaking data; Attackers hack legitimate downloads to deliver industrial control malware; Listener mail.
More info...
65 min
June 25, 2014
Defensive Security Podcast Episode 73
Advice from Bob; Acoustical covert communication channel; Researchers recreate some NSA spy tools based on catalog descriptions; Why cyber insurance is such a mess; Code Spaces hacked out of business; Reuters defaced by the Syrian Electronic Army; Aviva hacked by Heartbleed bug, or was it?
More info...
65 min
June 18, 2014
Defensive Security Podcast Episode 72
New Logo!; Dominos has 600k records stolen and held for ransome; Undisclosed number of customer records are stolen from ATT by employees of a vendor; PF Changs confirms credit card breach; Stratfor forensic report leaks; Feedly hit by DDOS attack, doesn't pay ransom and gets it again; Inland Empire Colleges emails 35000 records to the wrong address; Class action suit filed against payroll company following data breach; 9 rules to follow after you've suffered a data breach; You should be managing incidents, not responding to them.
More info...
53 min
June 11, 2014
Defensive Security Podcast Episode 71
Advice from Bob; SEC asks public companies to disclose more breaches; 230k IPMI devices found in Internet scan; PF Changs may have been hacked; Building network security to fail; 5 lessons from companies that get security right; Advice in responding to Anonymous threats; Bank of England announces assessment framework; Target shoppers don't seem to be fazed by breach; Target board is under fire; Truecrypt may be coming back.
More info...
57 min
June 4, 2014
Defensive Security Podcast Episode 70
Privileged user security; FTC holding companies to a mysterious security standard; Information overload; business users bypass IT and go straight to the cloud.
More info...
62 min
May 30, 2014
Defensive Security Podcast Episode 69
Advice from Bob on the importance of an accurate inventory; TrueCrypt meets an unfortunate end; Weak passwords are responsible for the initial intrusion in 31% of breaches; 71% of exploits used Java; 59% of malicious email used an attachment, 41% used a link; NTT's Global Threat Intelligence Report finds that most incidents are the result of failing to take basic precautions; DHS reports about a public utility compromised by a brute force attack; There is an apparent discrepancy between the severity of the breaches detailed in the recent DOJ indictment of alleged Chinese hackers and the way that the breached companies categorize was was stolen, and whether that loss needed to be reported to share holders.
More info...
55 min
May 21, 2014
Defensive Security Podcast Episode 68
Advice from Bob; How China's army hacked America; Emory University has an SCCM meltdown; Bored executives pull infosec funding; How to avoid a big data security breach; US industry not taking industrial security seriously; Employees stealing data on their way out the door.
More info...
58 min
May 14, 2014
Defensive Security Podcast Episode 67
Doctor finds out the hard way that Google likes to index stuff; What's old is new again - the current focus on improving detection is not new; Microsoft's Security Incident Response Report and the malware explosion; Security vs. compliance.
More info...
43 min
May 7, 2014
Defensive Security Podcast Episode 66
Advice from Bob; We have entered the post AV world; Target reboots it's CEO; Microsoft backs down and patches IE 0day for XP; How to communicate to users in situations like the IE 0day; Results from a survey of executives on data protection; Australian real estate company has bank account hacked, advice is to stop using Internet email and Facebook on business computers; A report on Non-advanced Persistent Threats
More info...
53 min
April 30, 2014
Defensive Security Podcast Episode 65
Cisco's annual security report for 2014; the Verizon Data Breach Investigations Report; 7 deadly cyber risks from Zurich Insurance; Alien Vault urges opening up threat intelligence; Stanford's new password policy; New social engineering alert from Trusted Sec; New Internet Explorer 0day
More info...
57 min
April 22, 2014
Defensive Security Podcast Episode 64
Agency; Heartbleed used to bypass 2 factor controls,;Mandiant's 2014 M-Trends report; The economics of security controls; 3 million credit cards stolen from Michaels and Aaron's stores; Hardward company Lacie has a year long data breach.
More info...
52 min
April 16, 2014
Defensive Security Podcast Episode 63
Heartbleed!
More info...
60 min
April 8, 2014
Defensive Security Podcast Episode 62
Cyber criminals operate on a budget too; 7 things you didn't know cyber insurance covered; Security hype; Billions spent on cyber security with not a lot to show for it; Banks abandon lawsuit against Target and Trustwave; CIOs don't know what advanced evasion techniques are; 5 tips for improving incident response.
More info...
50 min
April 1, 2014
Defensive Security Podcast Episode 61
Big announcement inside! Stories covered: http://www.mercurynews.com/business/ci_25369262/jesse-jackson-take-techs-lack-diversity https://securosis.com/blog/jennifer-minella-is-now-a-contributing-analyst http://seclists.org/dailydave/2014/q1/74 http://www.hollywoodreporter.com/news/man-who-exposed-target-security-689782 http://www.cnet.com/news/symantec-fires-ceo-steve-bennett/
More info...
16 min
March 26, 2014
Defensive Security Podcast Episode 60
Advice from Bob; The problems with qualitative risk assessments; Defending like an attacker; Secunia's vulnerability review; Watching for data breaches by looking for anomalies; The NSA targets sysadmins, expect criminals to follow suit; Insurers are finding energy firms controls are not up to snuff; 4 lessons CIOs can learn from the Target breach; A court approved a damages settlement for victims of a data breach who did not suffer any damages; Trustwave, Target's QSA, gets sued as a result of the breach.
More info...
48 min
March 18, 2014
Defensive Security Podcast Episode 59
Advice for the criminals from Bob; Pwn2Own results are in; Target ignored it's FireEye alerts; Integrating threat intelligence into your operations; The problem with threat intelligence; Advanced endpoint protection advice; Workers are apathetic about lost mobile devices and company data; Lessons to learn from the hack of some Navy servers; How the Syrian Electronic Army compromised Forbes; a discussion about what to do when you see criminal activity.
More info...
57 min
March 11, 2014
Defensive Security Podcast Episode 58
Some security advice from Bob; Target's CIO resigns, should the QSA bear some responsibility? Rogue ads overtake porn as top source for mobile malware; Five things to know about malware before driving it out; Why you need to segment your network; SecurePay in denial about breach; Sally Beauty apparently breached.
More info...
54 min
March 4, 2014
Defensive Security Podcast Episode 57
Security recommendations from Bob; Meetup.com rides out a DDOS attack rather than pay a ransom; How to test the security savvy of your employees; Why companies need to think about this insider threat; 6 lessons learned from advanced attacks; How IT can establish better cloud control; Council on Cyber Security releases version 5 of critical security controls.
More info...
52 min
February 25, 2014
Defensive Security Podcast Episode 56
Tip from Bob; US Cyber Security Framework; Challenges with deploying insecure technology; Target vendor compromised through email and some discussions on vendor risks; Healthcare organizations are UNDER SIEGE by cyber attacks; The DSD's ranking of security controls; 6 tips to combat APT; The importance of not running with administrator rights; Neiman Marcus breach details begin to emerge, 60,000 events went uninvestigated.
More info...
49 min
February 19, 2014
Defensive Security Podcast Episode 55
A small bit of advice from Bob; A lengthy discussion on communicating risk to management.
More info...
46 min
February 12, 2014
Defensive Security Podcast Episode 54
More advice from Bob; Verizon's report on PCI compliance; Target hacked through HVAC contractor; Reporting fail on hacking the Winter Olympics; Optimizing the use of security budgets in larger organizations.
More info...
53 min
February 4, 2014
Defensive Security Podcast Episode 53
More advice from Bob; Follow up on Coke's lost laptops; Honey Encryption to frustrate attackers; What the Target breach shows us about vendor risk; Managing the response to a data breach; More POS malware, this time with TOR goodness.
More info...
37 min
January 30, 2014
Defensive Security Podcast Episode 52
Coke loses 55 laptops and 56000 records over 7 years; Private cyber espionage network in India; Review of the Shell_Crew hack using Adobe Cold Fusion exploit; Should we punish employees who fall for phishing emails?; Assuming your network has been hacked; more details on the Target breach are emerging.
More info...
61 min
January 22, 2014
Defensive Security Podcast Episode 51
Bob's wisdom for the week; Learning from the Target breach; Question: given the massive Target breach, the Neiman Marcus breach and rumors of 6 other significant retailers being breached, assuming Target and others were complying with PCI rules, what will be the PCI council's response? AWS & GoDaddy hosting malware.
More info...
51 min
January 14, 2014
Defensive Security Podcast Episode 50
Advice from Bob; the Threat of Powerlocker, a new variant of ransomware; Senior managers are bad at security; More details emerge about the Target breach; and Jerry's rant about the PTV situation.
More info...
44 min
January 7, 2014
Defensive Security Podcast Episode 49
More wisdom from Bob; Yahoo's ad network delivers the magnitude exploit kit; OpenSSL site defaced by way of the hypervisor; How a 4 year long HIPAA breach highlights the need for activity monitoring; Credit Union files lawsuit against Target, seems to lack some facts; US CERT issues advisory on POS malware; 7 dodgy tips for protecting your organization from data breaches and why this security stuff is hard; A political rant on the state of security.
More info...
76 min
December 31, 2013
Defensive Security Podcast Episode 48
More advice from Bob; The Target breach; Hacking hard drive controllers; NSA shenanigans; Compromised BBC server for sale; 2014 predictions.
More info...
50 min
December 17, 2013
Defensive Security Podcast Episode 47
More advice from Bob; Chinese spear phish diplomats with Mrs Bruni-Sarkozy's nude pictures; Network segmentation could have mitigated phishing attacks on governments; Krebs find organizations having systems with open RDP connections rented out; Generation Y employees have a dubious view on security; 61% of web traffic is automated; 5 recommendations on improving the security situation; Some great incident response documents from Society Generale; More ideas on cleaning up family's computers when visiting for the holidays.
More info...
62 min
December 11, 2013
Defensive Security Podcast Episode 46
More security thoughts from Bob; A paper on thwarting targeted email attacks from Japan; Security recommendations for SMB's from Sophos; An update on Badbios; How to handle our parent's infected home computers over the holidays.
More info...
42 min
December 3, 2013
Defensive Security Podcast Episode 45
99% of Indian programmers lack secure coding skills; Gartner's 5 styles of defending against advanced threats; Malware: the war without end; a discussion on the value of penetration testing.
More info...
63 min
November 25, 2013
Defensive Security Podcast Episode 44
Another tip from Bob; Anonymous blamed for stealing US Department of Health and Human Services Data; Cupid Media loses 42M unencrypted passwords in a breach they apparently did not disclose; Looking at a Ponemon study about views of IT security staff; Botnet take downs might be more marketing than helpful; New malware uses I2P for C&C; A longer than expected discussion on Stuxnet.
More info...
68 min
November 19, 2013
Defensive Security Podcast Episode 43
More advice from Bob; PCI 3 is here; Stats from a survey of malware analysts; A report from EastWest on measuring the Cyber Security Problem; The benefits of a GRC program; and we talk about web defacements.
More info...
50 min
November 12, 2013
Defensive Security Podcast Episode 42
Bob drops some more advice on malware; More details emerge about the Adobe password breach and it isn't pretty; Long live the security perimeter; Snowden highlights the importance of not sharing passwords, and the downside to when it happens; A new 0day impacting Internet Explorer is making the rounds; And part 2 of our talk on advanced malware.
More info...
59 min
November 5, 2013
Defensive Security Podcast Episode 41
New trojan looking for SAP installations, possibly a harbinger of things to come; Turns out Adobe used symmetric encryption to store the 130M passwords that were stolen; A dicey list of suggestions on how not to be the guy that gets your company owned; The results of the 2013 social engineering capture the flag are not pretty; Some security researchers completely compromise a government agency with a fake Facebook profile of an attractive lady; and all sorts of craziness about #badbios.
More info...
64 min
October 29, 2013
Defensive Security Podcast Episode 40
Federal employees circumventing onerous security controls resulting in breaches; Cryptolocker is scary stuff; PHP.net hacked, and the response; DDOS attacks getting much larger, but lasting less time; Our discussion on advanced malware.
More info...
75 min
October 22, 2013
Defensive Security Podcast Episode 39
Hackers hide drugs coming through Belgium port by repeatedly hacking port computer systems; Aligning security with business priorities and other sage advice; how [not] to respond to a malware incident; on the security of jump boxes; reminder about security risks to small businesses; defining metrics for an incident response organization.
More info...
53 min
October 15, 2013
Defensive Security Podcast Episode 38
Study on personality traits and susceptibility to phishing; Android is apparently more secure than iOS; Don't forget to factor malicious BHO's into your plans; Don't forget to factor malicious BHO's into your plans; More registrar attacks; Insider threats are number 1; Defending against watering hole attacks.
More info...
53 min
October 9, 2013
Defensive Security Podcast Episode 37
The depressingly small impact from the arrest of the black hole exploit kit author; detecting malware embedded in hardware; altering CPUs during manufacturing to weaken random number generation; investigation into major identity theft operation results in discovery that data brokers were infected and that Adobe's source code and 2.9M user IDs were stolen; recapping Derbycon 3.
More info...
65 min
September 23, 2013
Defensive Security Podcast Episode 36
How to change your SSN; How Snowden was able to access and steal the documents; Liberty Mutual sues Schucks grocery store over cyber breach insurance policy; Barclays and Santander banks hit with physical IT attacks; password security
More info...
63 min
September 16, 2013
Defensive Security Podcast Episode 35
Paying attention to security is important - regulators are swirling: HTC and TrendNet have to submit to independent security audits every other year for 20 years, 50 other companies need to as well; encrypting your endpoints is not optional - just do it; and a winding discussion on man in the middle attacks.
More info...
50 min
Feedback on the new Podbay?
    1x
    15
    15
    00:00:00
      00:00:00