The Threatpost Podcast

By Mike Mimoso, Chris Brook

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Tech News

Open in iTunes

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 90
Reviews: 0


Threatpost writers Mike Mimoso and Chris Brook discuss security threats, attacks, vulnerability research and trends with a variety of industry executives, researchers and experts.

Episode Date
Texas Ransomware Attack: What We Know So Far

Threatpost talks to Allan Liska, with Recorded Future, about the ongoing ransomware attacks of more than 20 Texas entities. What do we know so far?  Why is this so different from other ransomware attacks? And will cities continue to be plagued by ransomware threats? 

Aug 21, 2019
News Wrap: BlueKeep Threats and Biometrics Data Breaches

On the heels of Black Hat USA 2019 and DEF CON, Threatpost editors break down the biggest news of this past week ended Aug. 16, from Patch Tuesday craziness to publicly-exposed databases. That includes:

  • Microsoft's August Patch Tuesday releasefeaturing four BlueKeep-like critical remote code-execution vulnerabilities in Remote Desktop Services (RDS) and a critical RCE flaw in Microsoft Word.
  • The personal and biometrics data of more than a million people left publicly exposedon a database owned by Suprema, a biometric security company.
  • Hacking conference organizer DEF CON Communicationssaid it plans to roll out a global anonymous bug submission platform based on the SecureDrop communications tool.



Aug 16, 2019
TikTok Scammers Cash In On Adult Dating, Impersonation Tricks

As social media platform TikTok becomes the top App Store app download in 2019 - and the number three app download on Google Play and on platforms overall - scammers are looking to cash in on the troves of younger users of the popular platform.

Tenable researcher Satnam Narang, who has been tracking the platform for scams since March 2019, said that, while scams have been previously undocumented, he has come across several that are "in their infancy" - and he expects that number to explode.

These scams, already prevalent on Instagram and Twitter, revolve around adult dating as well as account impersonation to get more likes or follows, and in some cases can be extremely profitable for scammers.

"I think as long as these platforms exist, and there are billions of users using them, you're going to have scammers. It's just sort of part of using these platforms," Narang told Threatpost.

Aug 14, 2019
Black Hat 2019 News Wrap: The Best and Worst Parts

Las Vegas - Black Hat and DEF CON 2019 may be wrapping up, but the dual conferences last week in Las Vegas left the security industry with a flurry of new security flaws, topics and announcements to discuss for the weeks to come.

Threatpost editors Tara Seals and Lindsey O'Donnell get together to discuss the highs and lows from the conference. The highs include a widespread trend around increased collaboration between vendors and researchers pinpointed during the keynote by Square's Dino Dai Zovi. That includes:

In addition, Threatpost discusses why Black Hat came under scrutiny for a sponsored "Time AI" encryption session that many researchers criticized as a scam.

Aug 12, 2019
Sponsored Podcast: The Operationalization of Data With a Purpose

Security, intel and fraud teams are swimming in data. Data is not the problem, but operationalizing and making use of the data we have is. Taking this one step further is making use of the data with a purpose, specifically, to interrupt the criminal lifecycle to make it more expensive for criminals to get value from the data and information they steal.

Threatpost podcast host Cody Hackett talks to Chip Witt, head of product strategy at Spycloud, to discuss the operationalization of data and how market trends are driving data security challenges.


Aug 07, 2019
Black Hat USA 2019 Preview

Las Vegas - Despite bizarre reports of a grasshopper infestation, Black Hat USA 2019 and DEF CON are set to kick off next week in Las Vegas, bringing on a rainstorm of sessions, keynotes and security-themed villages.

The Threatpost team, which will be on the frontlines of next week's shows, discuss what is sticking out to them - from the keynote given by Dino Dai Zovi with Square, "Every Security Team is a Software Team Now," to key sessions and vulnerabilities disclosed in iPhones, 5G and IoT devices.

Jul 31, 2019
The Threatpost Podcast: 93 Percent of Enterprises Harbor Cloud Security Concerns

With the increasing popularity of Bring Your Own Device (BYOD) policies and public cloud offerings, enterprises are moving from on-premises applications to cloud apps - but they still lack faith in cloud security.

A new July Bitglass study found that 67 percent of respondents believe cloud apps are as secure or more secure than on-premises apps— a significantly higher statistic than the 40 percent recorded in 2015. Despite this, 93 percent of respondents are at least moderately concerned about the security of the cloud.

"So you have this kind of seeming contradiction where people say, yes, it's just as secure or more secure, than on-prem ways of doing things. But also, we're very concerned about it," said Jacob Serpa with Bitglass in a podcast interview with Threatpost. "So I just think that, you know, one thing that really jumped out of the report was that emphasis on the shared responsibility model of security, and how organizations can say, hey, the cloud is secure. But we have to use it wisely."

Below is a full podcast interview with Serpa breaking down the top takeaways from the report and how enterprises are challenged by cloud security threats and concerns.


Jul 29, 2019
Why Cities Are a Low-Hanging Fruit For Ransomware (Part 2)

With ransomware attacks against local governments repeatedly making headlines, what can cities do to better protect themselves? 

In the second of a two-part series, Threatpost talks to Shawn Taylor, the senior systems engineer at Forescout who covers state and local governments across the country. Taylor, who was in the trenches during the infamous 2018 Atlanta ransomware attack,  recounts what the experience taught him about how to best protect against ransomware threats.

Jul 24, 2019
The Threatpost Podcast: Amazon Alexa, Google Home On Collision Course With Regulation

Voice assistants are growing rapidly in popularity -- but at the same time, the privacy concerns and security issues with popular home assistant devices like Amazon Echo and Google Home are also peaking.

Earlier in July, Amazon came under fireafter acknowledging that it retains the voice recordings and transcripts of customers' interactions with its Alexa voice assistant indefinitely - raising questions about how long companies should be able to save highly-personal data collected from voice assistant devices.

Amazon continues to find itself in hot water regarding privacy policies around its Echo devices. In April, Amazon came under fire after a report revealedthe company employs thousands of auditors to listen to Echo users' voice recordings. And last year, Amazon inadvertentlysent 1,700 audio files containing recordings of Alexa interactions by a customer to a random person –and later characterized it as a "mishap" that came down to one employee's mistake.

Jul 22, 2019
Why Cities Are a Low-Hanging Fruit For Ransomware (Part 1)

Why do cities appear to be a low hanging fruit when it comes to ransomware attacks? What hurdles do state and local governments face when securing their systems and responding to attacks?

In the first of a two part series, Threatpost talks to Shawn Taylor, the senior systems engineer at Forescout who covers state and local governments across the country. Taylor was in the trenches during the infamous 2018 Atlanta ransomware attack and recounts what the experience taught him about remediation and recovery efforts when it comes to cyberattacks.

Jul 15, 2019
The Threatpost Podcast: What the Next Generation of Bug Bounty Looks Like

Threatpost talks to Bugcrowd chief security officer David Baker about the challenges, trends and future of bug bounty programs.

Jul 10, 2019
The Threatpost Podcast: Thousands of IoT Devices Bricked By Silex Malware

A 14-year-old hacker used a new strain of malware this week to brick up to 4,000 insecure Internet of Things (IoT) devices - before abruptly shutting down. The malware, dubbed Silex, was first discovered by Larry Cashdollar, senior Security Intelligence Response engineer at Akamai, on his honeypot. Threatpost discusses the new malware with Cashdollar - and what malware strains like this one and BrickerBot mean for the insecure IoT device landscape. 

Jun 27, 2019
News Wrap Podcast For June 21

Beyond the regular humdrum of security vulnerabilities and patches this week, a slew of stories covered varying topics ranging from NASA to Tinder. The Threatpost team broke down the top stories of the week, including:

  • A ransomware webinar hosted by Threatpost editor Tara Seals, which included experts from Recorded Future, Malwarebytes and Moss Adams. The webinar looked at the top ransomware trends and threats, and outlined how enterprises can protect themselves.
  • A Florida city hit three weeks ago by a ransomware attack voted this week to pay the hackers a ransom of $600,000.
  • A Threatpost feature, that looked at top dating apps like and Tinder, found that the services are collecting and sharing a disturbing range  of data, from chat messages to sexual orientation.
  • Rampant security-operations bungling allowed cyberattackers to infiltrate NASA's JPL network, which carries human mission data.


Jun 21, 2019
The Threatpost Podcast: It's Time to Throw Out Insecure IoT Devices

What can be done with 2 million connected security cameras, baby monitors and more that are vulnerable to serious flaws - but don't have a patch?

Security researcher Paul Marrapese, whodisclosed the flaws in April and has yet to hear back from any impacted vendors, recommends that consumers throw them in the trash.

"I 100 percent suggest that people throw them out," he told Threatpost in a podcast interview. "I really, I don't think that there's going to be any patch for this. The issues are very, very hard to fix, in part because, once a device is shipped with a serial number, you can't really change that, you can't really patch that, it's a physical issue."

Jun 18, 2019
News Wrap Podcast For June 14

Beyond Patch Tuesday, this week was crammed with privacy and security related news. In this week's Threatpost podcast, editors Tara Seals and Lindsey O'Donnell discussed the top news from the week. That includes:

  • A federal lawsuit alleging that Amazon is recording children who use its Alexa devices, without their consent or knowledge.
  • Telegram's CEO pointing the finger squarely at Chinaas the culprit responsible for the distributed denial of service (DDoS) attack that it suffered on Wednesday.
  • A critical flawin the popular note-taking Evernote extension could have allowed attackers to steal personal data – including emails and financial transactions – of millions.
Jun 14, 2019
News Wrap Podcast for June 7

This week cybersecurity news was overshadowed by research, talks and discussion from Infosecurity Europe, which took place in London. During the Threatpost news wrap for the week ended June 7, the team breaks down the top news from the show, as well as other breaking security news covered over the past few days. Those include:

  • Top keynotes from Infosecurity Europe, including one that looked at the impact of data miningon future elections.  
  • Continued worries around the BlueKeep vulnerabilityafter a researcher disclosed a proof-of-concept (PoC).
  • A PoC attack named Tap ‘n Ghostthat targets Near Field Communication (NFC)-enabled Android smartphones.
Jun 07, 2019
The Threatpost Podcast: Behind-the-Scenes Look at Scattered Canary BEC Cybergang

At Infosecurity Europe, Threatpost caught up with Agari researchers to discuss their threat research unveiled at the show about a newly-unveiled business email compromise (BEC) cybergang.

The cybercriminal group, which researchers called Scattered Canary, has been evolving for over 10 years - starting from a "one man shop" launching Craigslist and romance scams, to a high-level, sophisticated BEC group with dozens of employees targeting enterprises.

Threatpost talks to Ronnie Tokazowski, senior threat researcher at Agari, and Crane Hassold, Senior Director of threat Research at Agari, about the threat research and BEC scams in general.


Jun 05, 2019
The Threatpost Podcast: Nansh0u Cryptojacking Campaign Infects 50K Servers

At Infosecurity Europe, which kicks off Tuesday in London, UK, Threatpost gets a behind-the-scenes look at the Nansh0u campaign, a cryptojacking campaign that has infected 50,000 servers with malware that mines an open source cryptocurrency called TurtleCoin. Dave Klein, senior director of engineering architecture with Guardicore, discusses cryptojacking and other trends he's looking out for at the show. 

Jun 03, 2019
The Threatpost Podcast: The Challenges Behind 5G Security

Threatpost talks to Nils Ahrlich, head of end-to-end security solutions at Nokia, at the GSMA Mobile 360 Security for 5G conference last week in the Netherlands. When it comes to 5G there are a slew of use cases being utilized at the bleeding edge - from smart factories to IoT - but these are also opening up security risks.

Jun 03, 2019
The Threatpost Podcast: Enterprise Security Risks of 5G

During the GSMA Mobile360 conference on 5G security, Threatpost editor Tara Seals talks to Patrick Donegan, founder and principle analyst at HardenStance, about the enterprise risks involved in 5G. 

May 31, 2019
The Threatpost Podcast: '5G is Coming,' What Does it Mean For Security?

With the advent of 5G, the tech community is bracing itself for new applications like self-driving cars and IoT. But what does that mean for the security landscape? At the GSMA Mobile 360 Conference, Threatpost editor Tara Seals talks to Fred Streefland, CISO for the Benelux and Nothern East Europe region at Palo Alto Networks, about the security challenges - and opportunities - that 5G is presenting.

May 29, 2019
News Wrap Podcast For May 24

The Threatpost team breaks down the top data privacy-related news this week, including:

  • Google's acknowledgementthat G Suite passwords had been stored in plaintext - since 2005.
  • The database of golfing app Game Golf left misconfigured, exposing millions of data points on games played plus sensitive information.

  •  Mozilla's focus on privacy in its new release of Firefox 67, which comes with protections against cryptomining and digital fingerprints.
  • The upcoming Threatpost webinar focusing on Identity Management solutions picking up the slack as passwords are increasingly viewed as security liabilities (you can register here)


May 24, 2019
The Threatpost Podcast: Behind the Intel CPU ZombieLoad Attack

After Intel on Tuesday revealed a new class of speculative execution vulnerabilities, which impact all its modern CPUs, the researcher who was part of the team that discovered one of these flaws is sounding off on the disclosure process behind it.

The speculative execution flaw, ZombieLoad, is an attack related to CVE-2018-12130, the flaw in the Fill Buffer of Intel CPUs. That's because this attack leaks the most data – attackers are able to siphon data from system applications, operating system and virtual machines. 

ZombieLoad was discovered and reported by Michael Schwarz, Moritz Lipp and Daniel Gruss from the Graz University of Technology (known for their previous discoveries of similar attacks, including Meltdown). Gruss talks about how the team first discovered the attack.

May 20, 2019
News Wrap Podcast For May 17

This week was filled with flaws, flaws and more flaws: From a zero-day under active exploit in the WhatsApp messaging app, to Patch Tuesday glitches addressed by Microsoft. Threatpost breaks down the top vulnerabilities of the week, including:

  • A WhatsApp zero-day vulnerability being exploited in targeted spyware attacks

  • Several Cisco vulnerabilities, including a critical remote code-execution (RCE) vulnerabilities in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network (EPN) Manager; and an unpatched, high-severity Secure Boot flaw that was disclosed on Monday
  • A new class of speculative execution vulnerabilities in all modern Intel CPUs, dubbed Microarchitectural Data Sampling (MDS)

  • A Microsoft patch released on Patch Tuesdayfor an elevation-of-privileges vulnerability rated important, which is being exploited in the wild

  • Apple rolling out 173 patchesin various products across its hardware portfolio, including for dangerous bugs in macOS for laptops and desktops, iPhone, Apple TV and Apple Watch.


May 17, 2019
News Wrap Podcast For May 10

Threatpost editors Lindsey O'Donnell and Tom Spring break down this week's biggest news, including:

-Facebook co-founder Chris Hughes wrote a blistering op-ed about the need for regulation around the social media giant 

-Verizon's data breach investigations report 2019, released this week, which outlined the top data breach trends to look out for

-A firestorm surrounding Airbnb after a guest discovered that her host was secretly recording her in the flat's bedroom.

May 10, 2019
News Wrap Podcast For May 3

The Threatpost team discusses a slew of strange security news that made headlines this week, including: 

-The Cartoon Network being hacked to play Brazilian stripper videos

-The Catholic Church falling victim to a $1.75 business email compromise scam

-A scammer pretending to be Jason Statham tricking a fan out of money 


May 03, 2019
The Threatpost Podcast: What is the Future of IoT Security?

What is the future of IoT security? Will consumers continue to face insecure technology, disturbing privacy concerns, and DDoS attacks? Or will the efforts of consortiums, legislations and industry pressure help set connected device security straight?

Threatpost sits down with Jason Soroco with Sectigo, the Chief Technology Officer of IoT, to get his opinion.


May 03, 2019
News Wrap Podcast For April 26

The Threatpost team talks about recent data privacy news - including the Facebook's FTC fine potentially reaching $5 billion, facial recognition concerns, and Amazon's Echo auditing team. 

Apr 26, 2019
The Threatpost Podcast: Spotting Social Media Influence Campaigns at SAS 2019

Threatpost editor Tara Seals sits down with Staffan Truvé, the co-founder and CTO of Recorded Future, at the Security Analyst Summit in Singapore this week. 

Truvé discussed the rise of influence campaigns on social media, and one campaign in particular that researchers have recently spotted that has focused not on fake news, but on old news that aims to influence victims.

Apr 11, 2019
The Threatpost Podcast: Discussing Supply Chain Security Woes at SAS 2019

At the Security Analyst Summit this year in Singapore, Threatpost editor Tara Seals catches up with Joe FitzPatrick, researcher with Securing Hardware, who led a session during the conference about "A Measured Response to a Grain of Rice: An Implant in the Shell"

After a 2019 Bloomberg report alleged that a spy chip was implanted on Supermicro servers and eventually made it into the supply chain of several high-profile cloud vendors, supply chain was thrown to the forefront. (The report was strongly refuted by Supermicro, Amazon and Apple). 

FitzPatrick talks about what stood out to him about the report- and what didn't make sense - as well as the risks of supply chain that end users should focus on.

Apr 10, 2019
The Threatpost Podcast: Chris Vickery on Publicly-Exposed Facebook Records

Chris Vickery, the Director of Cyber Risk Research at UpGuard, joined the Threatpost Podcast to discuss this week's report that hundreds of millions of Facebook records were publicly exposed on the internet.    

Apr 05, 2019
The Threatpost Podcast: The Norsk Hydro Cyberattack and Manufacturing Security

Norway-based Norsk Hydro announced on Tuesday morning it was victim to a serious ransomware attack, which has forced the global aluminum producer to shut down or isolate several plants and send several more into manual mode, the company said on Tuesday morning.

Threatpost talked to Phil Neray, the VP of Industrial Cybersecurity at CyberX, about how manufacturing firms can avoid a similar cyberattack that Norsk Hydro has undergone.


Mar 19, 2019
The Threatpost Podcast: RSA Conference 2019 Recap

The Threatpost team touches base at the RSA Conference this year in San Francisco to discuss breaking news from the show and their favorite topics and trends that they saw.

Mar 07, 2019
The Threatpost Podcast: Tom Kellermann on Top Financial Threats

Lindsey O'Donnell with Threatpost talked to Tom Kellermann, Chief Cybersecurity Officer at Carbon Black. Carbon Black at RSA this year unveiled a new report outlining the top attacks that financial firms are facing. According to the report, 67 percent of surveyed financial institutions have reported an increase in cyberattacks over the past 12 months. Kellermann discusses the report's findings and key takeaways.

Mar 06, 2019
Threatpost Podcast: Picking Apart Foreshadow at RSAC

During the RSA conference this week, Lindsey O'Donnell with Threatpost talks to Raoul Strackx, post-doctoral researcher and KU Leuven. Strackx was one of the researchers who discovered the Foreshadow vulnerability in CPUs in August. He discusses the vulnerability and why speculative execution attacks will only get worse.

Mar 05, 2019
The Threatpost Podcast: RSA 2019 Preview

The Threatpost team breaks down the biggest news, stories and trends they expect to hear about at RSA 2019 this year, which takes place next week in San Francisco.

Mar 01, 2019
News Wrap Podcast For Feb. 22

Lindsey O'Donnell and Tom Spring discuss the biggest news of the week ended Feb. 22, including a report about flaws in password managers that drew backlash, and a 19-year-old flaw found in WinRAR.

Feb 22, 2019
News Wrap Podcast For Feb. 1

Threatpost editors break down the biggest news from the week ended Feb. 1.

Feb 01, 2019
News Wrap Podcast For Jan. 25

Threatpost editors break down the top news from this week, including a government emergency alert regarding DNS hijacking attacks and a massive Google GDPR fine. 

Jan 25, 2019
News Wrap Podcast For Jan. 18

Threatpost's Tom Spring and Lindsey O'Donnell talk about data exposure, data breaches and new vulnerabilities discovered this past week.

Jan 18, 2019
The Threatpost Podcast: Emotet's Fast-Evolving Tactics

The Emotet banking trojan has been popping up in the news for years: From widespread malspam infections of banking German targets in 2014, all the way up to the costly infection of a New Hampshire town’s computer network in July.

And while the tricky Emotet malware first emerged targeting banking credentials, over the past year researchers have called out the trojan for changing its tactics – and its targets. Sig Murphy, consulting director for Western North America at Cylance, says that this evolution will continue in 2019.

Jan 14, 2019
The Threatpost Podcast: Interview With Snowden's Attorney (Part Two)

Human rights lawyer Robert Tibbo represented former N.S.A. contractor-turned-whistleblower Edward  Snowden when he fled the United States to Hong Kong in 2013. Less publicized has been Tibbo’s work representing several families from the Hong Kong refugee community that welcomed Snowden into their homes – where he avoided unwanted attention.

Threatpost caught up with Tibbo last week in Leipzig, Germany where he spoke at the Chaos Communication Congress about the so-called “Snowden Refugees.

Jan 07, 2019
The Threatpost Podcast: The Biggest Cybersecurity Trends in 2019

Threatpost talked to Leigh-Anne Galloway, the cybersecurity resilience lead of Positive Technologies, about what she sees as the top cyber trends, threats and topics in 2019.

From data breaches to threat actors, listen to hear more of Galloway's predictions. 

Jan 07, 2019
Threatpost Podcast: Interview With Snowden’s Attorney (Part One)

Threatpost's Tom Spring sits down with Robert Tibbo, lawyer for Edward Snowden and the refugee families who hid Snowden. 

The refugee families located in Hong Kong that helped shelter Edward Snowden in 2013 - known as the "Snowden refugees" - are under crushing pressure to cooperate with local authorities or face deportation to their countries of origin, where they face an uncertain fate.

Jan 02, 2019
The Threatpost Podcast: Breaking Down the Magecart Threat (Part Two)

Threatpost editor Lindsey O’Donnell talks to RiskIQ's threat researcher, Yonathan Klijnsma, about the varying groups under the Magecart umbrella, and the differing characteristics, targets and techniques of these growing number of groups.

Nov 30, 2018
The Threatpost Podcast: Using A Hacker-Mindset To Defend

We are joined on the podcast by David Wolpoff, better known as Moose, CTO at Randori.

With high profile breaches making headlines every day, and enterprises spending more on tools and solutions than ever, Moose talks about how companies can create an effective security strategy and defend themselves instead of merely throwing money at the problem.

Nov 24, 2018
Podcast: Breaking Down the Magecart Threat (Part One)

Threatpost editor Lindsey O'Donnell talks to Rapid7's Chief Data Scientist, Bob Rudis, about the threats that Magecart poses when it comes to e-commerce websites - and how this has evolved over time. This is the first in a series of three podcasts featuring an in-depth discussion of the Magecart threat group. Stay tuned for part two next week.

Nov 22, 2018
News Wrap Podcast For Nov. 23

With Thanksgiving this week and Cyber Monday right around the corner, Threatpost editors Lindsey O'Donnell and Tara Seals talk about the biggest holiday season-related cybersecurity stories of the week. 

Nov 21, 2018
The Threatpost Podcast: Jeep Hack Lawyer on Looming “Tidal Wave of IoT Lawsuits”

When it comes to IoT security, legal action is "a matter of when not if."

That's according to Ijay Palansky, an attorney in Armstrong Teasdale's Litigation practice group, represented plaintiffs and class members who alleged in the infamous 2015 Jeep hacking class-action lawsuit that the 3G “infotainment” center in those cars were vulnerable to hacking.

Threatpost talked to Palansky about impending IoT legal issues and what to expect.



Nov 13, 2018
Threatpost News Wrap for Nov. 9

The Threatpost editors break down this week's biggest news.

Nov 09, 2018
The Threatpost Podcast: Troy Hunt on Best (and Worst) Password Practices

Threatpost's Lindsey O'Donnell speaks with Troy Hunt, a web security expert and the owner of Have I Been Pwned (HIBP).

Hunt talks about HIBP's partnership with Mozilla Firefox and Cloudflare; trends he's seeing with data breaches; and how the view of responsibilities behind strong passwords is changing. 

Nov 08, 2018
The Threatpost Podcast: Post-Hurricane Utility Ransomware Attack

A “critical water utility” has been victim of a ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East coast of the U.S.

 The Onslow Water and Sewer Authority (ONWASA) said in a Monday release that a “sophisticated ransomware attack… has left the utility with limited computer capabilities.” While customer data was not compromised as part of the attack, the lack of computing ability will impact the timeliness of service from ONWASA “for several weeks to come.”

Threatpost's Lindsey O'Donnell talks to Katherine Gronberg, who heads government affairs at ForeScout, about the incident and the level of awareness and readiness for federal organizations for these types of threats.

Oct 17, 2018
Threatpost News Wrap For October 12

From Google's privacy snafu to a sneaky new fake Adobe Flash updater, Threatpost's Lindsey O'Donnell and Tara Seals break down the biggest news from the week ended Oct. 12.

Oct 12, 2018
The Threatpost Podcast: Biggest Trends From BSIMM9

Lindsey O'Donnell discusses Synopsys’ ninth annual Building Security in Maturity Model report (BSIMM9) released Tuesday.

The report revealed an emerging new dynamic for software security professionals. Synopsys' Gary McGraw, vice president of security technology, breaks down the top takeaways from the report and what was most surprising. 

Oct 09, 2018
Threatpost News Wrap For October 5

Threatpost's Lindsey O'Donnell and Tom Spring discuss this week's biggest news - including a breakthrough Bloomberg report that China infiltrated Supermicro motherboards, as well as a report that said that 83 percent of home and office router brands have vulnerabilities. 

Oct 05, 2018
The Threatpost Podcast: IoT Devices Still Open to BlueBorne Attack

A year later, almost 2 billion IoT devices are still vulnerable to the BlueBorne attack. Armis' VP of Product Joe Lea discusses with Threatpost.

Sep 21, 2018
Threatpost News Wrap For September 7

Threatpost editors Lindsey O'Donnell and Tom Spring break down the biggest news from the week ending September 7.

Sep 06, 2018
Threatpost News Wrap Podcast For August 31

The Threatpost team talks about the biggest news from this past week, including a Windows zero-day flaw outed on Twitter, Yahoo's email ad-targeting privacy snafu, and crashing mobile apps that leak private data.

Aug 31, 2018
The Threatpost Podcast: Securing Data in the Cloud

Threatpost talks to Scott Ellis with Google Cloud about issues around securing data in the cloud and accidental exposure.

Aug 29, 2018
The Threatpost Podcast: Troy Mursch on Cryptojacking Campaigns

Security researcher Troy Mursch, of the Bad Packets Report, comes onto the Threatpost Podcast to discuss recent cryptojacking campaigns and why these types of malicious cryptomining attacks are on the rise.

Aug 22, 2018
The Threatpost Podcast: Bugcrowd Founder on Profitable Bounty Programs

Bugcrowd has had a busy summer. Recently, the bug bounty company partnered with HP to launch the first-ever bug bounty program for printers, with rewards of up to $10,000 for discovered vulnerabilities.

Bugcrowd also recently announced, an open-sourced project to standardize best practices for providing a safe harbor for security researchers within bug bounty and vulnerability disclosure programs (VDPs).

 Threatpost talked to Casey Ellis, Bugcrowd founder and CTO, about big trends in bug bounty programs.

Aug 15, 2018
The Threatpost Podcast: Black Hat USA and DEF CON Wrap

Las Vegas was filled with researchers, executives, and hackers last week for the Black Hat USA and DEF CON 2018 conferences. 

Among the most interesting topics at the shows included IoTand connected cars, election votinghacks, and a flurry of other news topics and sessions outlining the newest threats, vulnerabilities, and cybersecurity best practices. 

Threatpost's Lindsey O'Donnell and Tara Seals talk about their favorite parts of the show.


Aug 13, 2018
The Threatpost Podcast: enSilo CEO Talks Biggest Black Hat Trends

Threatpost's Lindsey O'Donnell talks to enSilo CEO Roy Katmor about Black Hat trends to watch out for - from firmware attacks to connected car security.

Aug 08, 2018
The Threatpost Podcast: Black Hat USA 2018 Preview

Threatpost editors Tom Spring, Lindsey O'Donnell and Tara Seals preview Black Hat USA and DEF CON 2018, which both kick off in Las Vegas this week. 

Aug 06, 2018
The Threatpost Podcast: Breaking Down the COSCO Ransomware Attack

Threatpost talks to Matt Tyrer with Commvault about the recent COSCO ransomware attack. Tyrer discusses the biggest lessons learned from the incident, COSCO's response, and best practices in preventing ransomware attacks. 

Aug 02, 2018
The Threatpost Podcast: Bitcoin Mining on OT Networks

On this week's Threatpost Podcast show, we sit down with Ronen Rabinovich from Cyberbit to discuss bitcoin mining on operational technology and critical infrastructure networks.  

Jul 31, 2018
Threatpost News Wrap for July 27

Threatpost's Tom Spring and Lindsey O'Donnell sit down to discuss the biggest news of the week - including COSCO being hit by a ransomware attack, Adobe Flash being discussed by the U.S. government, and more Facebook drama.

Jul 27, 2018
The Threatpost Podcast: How to Secure Industrial Control Systems

Threatpost's Lindsey O'Donnell talks to PAS CEO Eddie Habibi about the cybersecurity risks that large manufacturing companies face today - especially with the emergence of industrial IoT. 

Jul 25, 2018
The Threatpost Podcast: The Future of Bug Bounty Programs

On this week's episode of The Threatpost Podcast, editor Lindsey O'Donnell sits down with Marten Mickos, the CEO of popular bug bounty program platform HackerOne. Mickos sounds off on the opportunities - and growing pains - of bug bounty programs.

Jun 27, 2018
Podcast: The Growing Social Media Threat Landscape

Threatpost's Lindsey O'Donnell talks with Zack Allen, ZeroFOX’s manager of threat operations, about the broader social media threats landscape and the growing issue of malicious content being spread across networks like Twitter, Facebook and LinkedIn.


Jun 13, 2018
Threatpost News Wrap Podcast for June 8

Threatpost editors Tom Spring, Tara Seals and Lindsey O’Donnell discuss the week’s information security news, including a slew of IoT device privacy incidents,  a critical Adobe Flash vulnerability, and scary new data on the breadth and impact of the VPNFilter malware.

Jun 08, 2018
Podcast: How Cities Can Be Security Smart

The smart city industry is projected to be a 400 billion dollar market by 2020, as municipals look at applications for transportation, waste management, and law enforcement.

But with that growth comes privacy issues and security risks, Tenable CTO Renaud Deraison told Threatpost’s Lindsey O’Donnell. Deraison outlines some of the biggest security problems that smart cities face right now – and how city developers can adopt better security hygiene.

May 31, 2018
Threatpost News Wrap Podcast for May 18

Threatpost editors Tom Spring, Tara Seals and Lindsey O'Donnell discuss the week’s information security news, including some interesting new malware, a Linux patch that made waves, social engineering gambits and a major banking theft from the second-largest economy in Latin America.

May 18, 2018
Podcast: The Evolution of Deception Technology

Once only seen in the market through the form of honeypots, deception technology is a quickly emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices. 

Threatpost talks to Tony Cole, CTO of Attivo Networks, about how deception technology has evolved, the challenges behind adoption of this method of cyber defense, and how attackers are learning to adapt. 

May 17, 2018
A Look Inside: Bug Bounties and Pen Testing

Threatpost's Lindsey O'Donnell talks with Christie Terrill, partner at Bishop Fox, about what kind of companies are looking at bug bounty programs versus conducting penetration testing, what these methods mean for vulnerability disclosures, and the legal nuances and complexities behind bug bounty programs.

May 03, 2018
Internet of Threats: Why Manufacturers Struggle To Secure IoT

Threatpost's Lindsey O'Donnell talks to Jeff Wilbur, Director of the Online Trust Alliance, about the challenges that manufacturers face when securing IoT devices. 

Apr 24, 2018
Roman Unuchek on Apps Leaking Private Data

Threatpost's Tom Spring talks to Roman Unuchek, senior malware analyst at Kaspersky Lab. Unuchek released his discovery at the RSA Conference this week that millions of apps leak personal identifiable information such as name, age, income and possibly even phone numbers and email addresses. 

Apr 20, 2018
Threatpost RSA Conference 2018 Preview

The 2018 RSA Conference kicks off this week in San Francisco. The massive security conference draws more than 50,000 attendees from around the world eager to learn more about the latest threats, vulnerabilities, and security products and tools. This year's conference has more than 650 exhibitors and 550 sessions covering everything from cryptocurrency to the Internet of Things. Threatpost's Tom Spring and Lindsey O'Donnell,  who will be covering the conference, talk about what they are most excited for.   

Apr 16, 2018
A Mirai Botnet Postscript: Lessons Learned

The fall 2016 Mirai botnet compromised more than 300,000 IoT devices to take down several websites in a massive DDoS attack. After the crippling attack, Flashpoint and Akamai worked together with law enforcement to help unravel the crime scene behind the botnet attack.

Threatpost's Tom Spring sits down with Flashpoint's director of security research Allison Nixon, and Akamai's senior engineer Chad Seaman, to discuss how the two worked together and what the industry has learned in the wake of the Mirai attacks.

Mar 19, 2018
FireEye's Marina Krotofil On Triton and ICS Threats

At the Security Analyst Summit this year in Cancun, FireEye's Marina Krotofil talks about the Triton malware, first disclosed in December 2017, that targets industrial control systems. Krotofil discusses with Threatpost's Lindsey O'Donnell about the implications of this malware for the manufacturing market as a whole.

Mar 12, 2018
The First Threatpost Alumni Podcast

With Mike Mimoso leaving Threatpost, it was high time to get many of the people responsible for the site's success throughout the years together for a podcast. Founding editors Ryan Naraine and Dennis Fisher along with Mike, Chris Brook, Brian Donohue and Christen Gentile are aboard for a memorable all-smiles podcast. 

Nov 17, 2017
Threatpost News Wrap Podcast Nov. 10

Threatpost editors Mike Mimoso and Tom Spring discuss this week's information security news, including Chris Valasek and Charlie Miller's IoT security keynote in Boston, a phony WhatsApp download removed from Google Play, the recent rash of Amazon S3 data leaks and a recent Tor vulnerability. 

Nov 10, 2017
Threatpost News Wrap Podcast Nov. 3

Threatpost editors Mike Mimoso and Tom Spring discuss the week's top information security news stories, including Google's decision to drop HTTP Public Key Pinning in Chrome, a vulnerability in Google's Issue Tracker, Mozilla's decision to ban Canvas Fingerprinting, and a HTTPS issue with

Nov 03, 2017
Threatpost News Wrap for Oct. 20, 2017

Threatpost editors Mike Mimoso and Tom Spring talk about the week's news in information and computer security starting with the ROCA factorization vulnerability affecting RSA cryptography, the KRACK Wi-Fi vulnerability, the BoundHook attacks and Google's announcement of Google Advanced Protection for Gmail. 

Oct 20, 2017
Chris Brook on Threatpost and Security

Threatpost Editor Mike Mimoso talks to Staff Writer Chris Brook who is leaving Threatpost after eight years. Chris talks about the early days of the site and how security has evolved right along with it. 

Oct 13, 2017
Costin Raiu and Juan Andres Guerrero-Saade on APT Fourth-Party Collection

Costin Raiu and Juan Andres Guerrero-Saade talk to Mike Mimoso live from Virus Bulletin in Madrid about APTs leveraging one anothers' attacks and compromised machines as their own. The practice, known as fourth-party collection, is wreaking havoc for researchers with regard to attribution.

Oct 04, 2017
Gary McGraw on BSIMM8 and Software Security

Software security pioneer Gary McGraw talks to Mike Mimoso about the latest iteration of the Building Security In Maturity Model (BSIMM) report. 

Oct 02, 2017
Threatpost News Wrap, September 29, 2017

Mike Mimoso and Chris Brook recap the news of the week, including the macOS Keychain attack, Signal's new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities.

Sep 29, 2017
Chris Vickery on Amazon S3 Data Leaks

Mike Mimoso talks to Chris Vickery of Upguard of the recent rash of Amazon S3 data leaks. Vickery uncovers of the commonalities among these leaks, some of which include AWS misconfigurations and mismanagement of third-party partner relationships.

Sep 25, 2017
Threatpost News Wrap, September 22, 2017

Mike Mimoso and Chris Brook recap the news of the week and look back at the Equifax saga so far. They also discuss a Google HTTPS warnings paper, cryptocurrency mining at the Pirate Bay, and bringing machine learning to passwords.

Sep 22, 2017
Threatpost News Wrap, September 1, 2017

Mike Mimoso and Chris Brook discuss the news of the week, including the Onliner spambot, Google's forthcoming Not Secure warnings for Chrome, the WireX botnet, Sarahah privacy and more.

Sep 01, 2017
Threatpost News Wrap, August 25, 2017

Mike Mimoso and Chris Brook discuss the news of the week, including all of the AWS S3 leaks, Zerodium's bounty on messaging app zero days, Ropemaker, and cobot vulnerabilities.

Aug 25, 2017
On Chrome Extension Hacking, Adobe Flash End-of-Life, NetSarang Backdoor

Threatpost editors Mike Mimoso and Tom Spring discuss this week's security news, including the abuse of Chrome Extensions, Adobe's decision to end-of-life Flash Player, and a backdoor found in NetSarang's updater. 

Aug 18, 2017
Threatpost News Wrap, August 11, 2017

Mike Mimoso and Chris Brook discuss the news of the week including the return of the Mamba ransomware, Kaspersky Lab's Q2 APT report, Bugcrowd's 250K mystery bounty, and a high schooler's $10K bug bounty from Google.

Aug 11, 2017
Threatpost News Wrap, August 4, 2017

Mike Mimoso and Chris Brook discuss the news of the week, including how Marcus Hutchins, aka MalwareTech was arrested in Las Vegas, Alex Stamos' Black Hat keynote, and this week's proposed IoT legislation.

Aug 04, 2017
Black Hat USA 2017 Preview

Threatpost editors Mike Mimoso and Tom Spring preview the annual Black Hat conference which starts July 26 in Las Vegas. 

Jul 25, 2017
Threatpost News Wrap, July 14, 2017

Mike Mimoso and Chris Brook discuss the news of the week, including the Verizon breach, the Oracle session hijacking attack, a Telegram-based hacking tool, and a free EternalBlue scanner.


Jul 14, 2017
Threatpost News Wrap, June 30, 2017

Mike Mimoso and Chris Brook discuss this week's ExPetr global ransomware outbreak, how it was distributed, the wiper aspect, and similarities to 2016's Petya ransomware.


Jun 30, 2017
Threatpost News Wrap, June 23, 2017

Mike Mimoso and Chris Brook discuss the news of the week, including Citizen Lab's latest report, WannaCry hitting Honda, GhostHook, and Fireball.

Jun 23, 2017
Threatpost News Wrap, June 16, 2017

Mike Mimoso and Chris Brook discuss the news of the week, including Microsoft's XP patches, Hidden Cobra, a Nigerian BEC campaign, MacRansom, and more.

Jun 16, 2017