The Threatpost Podcast

By Mike Mimoso, Chris Brook

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in iTunes


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 106
Reviews: 0

Description

Threatpost writers Mike Mimoso and Chris Brook discuss security threats, attacks, vulnerability research and trends with a variety of industry executives, researchers and experts.

Episode Date
Retail Org Cyberattacks Set to Soar in 2019 Holiday Season
20:03

In a new report, "Holiday Season Cyber Heists" released Thursday morning, Carbon Black said that cybercrime activity tracked during 2019 is already setting the holiday shopping season for an upward trajectory in malware and ransomware attacks.

From constantly-evolving malware like Kryptik, to island hopping attacks, holiday shoppers are the ones who find themselves constantly at risk during cyberattacks against retailers. And retail companies are paying the price: Up to 40 percent of surveyed retail organizations said they've lost revenue as a result of a cyberattack in 2019.

Tom Kellerman, the head cybersecurity strategist with VMware Carbon Black, talks about the newest threats that retail organizations - and shoppers - are facing this holiday shopping season.

Dec 12, 2019
News Wrap: Authorities Target Evil Corp., Imminent Monitor, Money Mules
15:27

In this week's Threatpost news wrap, editors Tara Seals and Lindsey O'Donnell break down the top infosec news, including:

  • Authorities cracked down on cybercrime group Evil Corp. with sanctions and charges against its leader, known for his lavish lifestyle.

  • The developers behind a commodity remote-access tool (RAT) that allows full control of a victim’s computer has been taken down by Australian and global authorities.

  • Feds say they have halted over 600 domestic money mules – exceeding last year’s 400 money mules stopped last year.

 

Dec 06, 2019
Why Consumers Grapple With a 'Wild West Era' For Mobile Tracking
26:09

The "identifiers" behind data collection - the ways that companies identify consumers who they're collecting the data from - has extended far beyond cookies prevalent in web browsers, privacy experts warn.  

Now, consumers and regulators struggling to understand who is collecting data, how that data is being shared and how it's being stored, must also think about 'identifiers" that are used in mobile tracking and even physical tracking - including facial biometrics or credit cards. And unfortunately, according to a new report released this week, these new types of tracking identifiers are still in a stage where its difficult to reign them in via regulation.  

We talk to EFF about how data is being tracked and used, how consumers can protect themselves - and why it's not all bad news in our Threatpost Podcast interview.

Dec 03, 2019
Black Friday Scams, Malware Running Rampant
17:54

Black Friday and Cyber Monday-related scams are nothing new - but researchers warn that this year,  they are seeing an uptick in scams using more sophisticated methods to lure users to hand over their payment data.

A research report released Tuesday by ZeroFOX uncovered some of the threats that attackers are using to tap into the Black Friday shopping craze, including social media scams, domain impersonation scams, and malware.

Nov 26, 2019
News Wrap: Amazon Ring Risks, Stalkerware, and D-Link Router Flaws
26:35

Threatpost news editors break down the top stories of the week, including:

  • The Coalition Against Stalkerware launched this week, with the aim of offering a centralized location for helping victims of stalkerware, as well as defining what stalkerware is in the first place.
  • Five U.S. Senators are demanding that Amazondisclose how it's securing Ring home-security device footage – and who is allowed to access that footage.
  • D-Link has warned that more of its routers are vulnerableto critical flaws that allow remote hackers to take control of hardware and steal data - but the routers won't be fixed as they have reached end of life.
Nov 22, 2019
Google Discloses Android Camera Hijack Hack: Behind the Scenes
17:39

Threatpost talks to researchers about a newly-disclosed, high-severity vulnerability in the Google Camera App, the camera built into Android smartphones, that could allow attackers to hijack Android cameras.

Nov 19, 2019
Sponsored Podcast: Managing an Out-Of-Control Security Tech Stack
23:51

In this sponsored podcast, Threatpost podcast host Cody Hackett and Sam McLane, chief technical services officer with Arctic Wolf, discuss important considerations when building a multi-layered cybersecurity strategy and best practices when evaluating security vendors in a crowded landscape.

Nov 15, 2019
Live at ENFUSE 2019: Security Regulations, Insider Threats, and IoT Privacy Risks
15:37

From insider threats, to Internet of Things (IoT) medical device security, ENFUSE 2019 broke down the top privacy and security issues that consumers are seeing today - and which regulatory efforts are being developed to address them.

Nov 14, 2019
News Wrap: Voice Assistant Laser Hack, Twitter Insider Threats, Data Breach Fine Fails
17:56

Threatpost editors break down the top news stories for the week ended Nov. 8. The top stories of the week include:

Nov 08, 2019
Emotet Resurgence Continues With New TTPs
16:11

Emotet, the infamous banking trojan that mysteriously disappeared over the summer,  returned last monthdropping other banking trojans, information stealers, email harvesters, self-propagation mechanisms and ransomware.

But since the malware returned from its hiatus, there was no clear novel technique or tactic that researchers observed - until eventually throughout the weeks, security researcher Suweera De Souza started seeing more and more development. De Souza discusses the new techniques with Threatpost on this week's Threatpost Podcast.

Nov 06, 2019
News Wrap: Office 365 Voicemail Phish, Bed Bath and Beyond Breach
18:13

Threatpost editors Tara Seals and Lindsey O'Donnell break down the top security news of this week, from data breaches to Advanced Persistent Threat (APT) activity.  Top stories include:

  • A Microsoft alert that APT group Fancy Bearhas targeted anti-doping authorities and sporting organizations around the world as the world begins to gear up for the Tokyo Summer Olympic Games, which kick off July 2020.
  • A report outlining that Chinese state-sponsored hackersare attacking telecom networks to sniff out SMS messages that contain keywords revolving around political dissidents.
  • Bed, Bath and Beyond disclosing a data breachthat allowed the adversaries to access customers' online accounts - and what researchers say the attack may have stemmed from.
  • A nasty phishing campaignthat uses fake voicemail messages to lure victims into revealing their Office 365 email credentials.
Nov 01, 2019
WhatsApp Hack: Inside the NSO Group Investigation
19:17

John Scott Railton, senior researcher at Citizen Lab, led the charge on the investigation into NSO Group and the alleged WhatsApp hack. The lawsuit by WhatsApp parent company Facebook into NSO Group, he said, is a "certified big deal" and will have widespread implications for commercial spyware companies in general.

Oct 30, 2019
News Wrap: Hotel Robot Hacks, FTC Stalkerware Crackdown
14:11

Threatpost editors break down the top news stories for the week ended Oct. 25. The biggest stories include:

  • An unsecured NFC tag opening a door totrivial exploitation of robotsthat are used inside Japanese hotels.
  • The FTC has bannedthe sale of three apps – marketed to monitor children and employees – unless the developers can prove that the apps will be used for legitimate purposes.
  • Developer interfaces were used by Security Research Labs researchers to turn digital home assistantsinto 'Smart Spies'.
Oct 25, 2019
New Alexa, Google Home Hack Enables Eavesdropping on Users
20:50

Researchers this week disclosed new ways that attackers can exploit Alexa and Google Home smart speakers to spy on users. The hacks, which rely on the abuse of "skills," or apps for voice assistants, allow bad actors to eavesdrop on users and trick them into telling them their passwords over the smart assistant devices.

Threatpost discusses the new hack with Karsten Nohl, managing director at Security Research Labs, who was behind the research. 

Oct 22, 2019
Insider Threats May Soon Be Less Costly For Cybercriminals Than Malware
19:32

As it becomes more difficult and expensive to infiltrate environments via malware, cybercriminals may start turning in the future to a more viable and less costly alternative: Insider threats.

Oct 18, 2019
Departing Employees Could Mean Departing Data
18:53

With so many malicious adversaries trying to penetrate companies' networks, companies are forgetting to watch out for a dangerous threat from within their own ranks -insider threats.

Threatpost talks to Digital Guardian's Tim Bandos to learn more about the insider threat of departing employees - and what companies can do to protect data loss.

Oct 16, 2019
Sponsored Podcast: Vendors, Suppliers, Partners -- Oh My! Who Will Increase Your Risk of Account Takeover?
23:36

In this sponsored podcast, Threatpost podcast host Cody Hackett talks to Chip Witt, head of product strategy at SpyCloud, about the account takeover risks posed by third parties. 

Your users’ login credentials are available for sale on the criminal underground -- and criminals know it. For the third year running, the 2019 Verizon Data Breach Report calls out the use of weak and stolen credentials as the most common hacking tactic. 

The best way to protect your organization is to reset stolen employee and consumer credentials before criminals have a chance to use them against you. But what about partners and vendors, who may have access to your network, your customer data, or your IP? If you have these types of direct relationships, you may have additional exposures. 



Oct 09, 2019
Why This New Cybergang is Heralding a New Age For BEC
21:33

Researchers have uncovered a cybergang, using a new business email compromise (BEC) tactic, that has found success swindling funds from more than 500 organizations worldwide.

The cybergang, dubbed Silent Starling, hijacks email accounts belonging to employees within a targeted company’s finance department, such as accounts receivable or procurement - and then targets their customers.

Oct 02, 2019
News Wrap: GandCrab Operators Resurface, Utilities Firms Hit By LookBack Malware
14:23

On this week's news wrap podcast, Threatpost editors Tara Seals and Lindsey O'Donnell break down the top news, including:

Sep 27, 2019
News Wrap: Emotet's Return, Snowden Gets Sued, Physical Pen Testers Arrested
18:57

From the re-emergence of an infamous malware, to a new lawsuit against Edward Snowden, Threatpost editors Lindsey O'Donnell and Tara Seals break down this week's top news.

Sep 20, 2019
Behind the DEF CON Anonymous Bug Submission Program
24:28

A global anonymous bug submission platform, announced at DEF CON in Las Vegas in August, aims to help encourage ethical hackers to submit high-level bugs anonymously that might otherwise trigger a barrage of questions or might put researchers in legal hot water.

At DEF CON, conference founder Jeff Moss said the goal was to launch the yet-to-be-named program within the next 12 months.  The program will be built on open-source technology from the Freedom of the Press Foundation's SecureDrop server and is designed to be a cyber tipline of sorts.

Marc Rogers, VP of cybersecurity strategy for Okta and Head of Security Operations for DEF CON, breaks down the anonymous bug submission program in this week's Threatpost Podcast.

Sep 18, 2019
News Wrap: IoT Radio Telnet Backdoor And 'SimJacker' Active Exploit
18:07

Threatpost editors break down the biggest news stories of this week ended Sept. 13.

That includes:

Sep 13, 2019
Strangest Phishing Lures of 2019: From Divorce Papers to Real Estate Decoys
22:34

Sherrod DeGrippo, the senior director of the threat research and detection team at Proofpoint, joins Threatpost editor Lindsey O'Donnell to swap stories about the craziest scams and phishing attempts that she's seen - and how hackers are playing into victims' emotions to get them to click on that malicious attachment or link.

Sep 11, 2019
News Wrap: Deepfake CEO Voice Scam, Facebook Data Breach
21:38

In this week's news wrap ended Sept. 6, the Threatpost team breaks down the biggest news of the week, including:

  • Cybercrooks successfully fooling a company into a large wire transfer using an AI-powered deepfakeof a chief executive's voice (and Facebook, Microsoft and a number of universities joining forces to sponsor a contestpromoting research and development to combat deepfakes)
  • A leaky server exposing phone numbers linked to the Facebook accountsof hundreds of millions of users in the latest privacy gaffe for the social media giant.
  • Facebook allowing its users to opt-out of the Tag Suggestions feature, while at the same time attempting to help users better understand what the feature does.
  • The challenges behind patch management, and why 80 percent of enterprise applications have at least one unpatched vulnerability in them.

 

Sep 06, 2019
News Wrap: More Ransomware Attacks, Venmo and Ring Hit By Privacy Firestorm
18:03

In this week's news wrap podcast, editor Lindsey O'Donnell and Tara Seals break down the top news of the week - from ransomware attacks to companies responding to outcry over privacy issues. Top stories include:

  •  Ring announcedit is working with more than 400 US police departments to streamline their access to user videos, ushering fears over privacy
  • Speaking of privacy, the Mozilla Foundation and EFF penned an open letter this week scolding Venmofor its privacy policies; while Appleand Googlestepped up their game with newly-announced steps they would take against data abuse.
  • Ransomware attacks hit several U.S. dentist officesthis week, while a report also came out about how more cyberinsurance providers are encouraging users to pay the ransom.
  • A webinar hosted by Tara Seals this week where a panel of experts offered enterprises and other organizations insight about how to approach security for the next wave of IoT deployments, which will be enabled by the rollout of 5G networks worldwide. Click here to listen to the recorded webinar.

 

 

Aug 30, 2019
News Wrap: Linux Utility Backdoor, Steam Zero Day Disclosure Drama
20:55

Why did Valve-owner Steam say it made a "mistake" turning a researcher away from its bug bounty program? Who was behind a backdoor that was purposefully introduced into a utility utilized by Unix and Linux servers? And why is Facebook coming under fire for its "Clear History" feature? Threatpost editors Lindsey O'Donnell and Tom Spring break down the top stories of the week that have the infosec space buzzing, including:

  • A backdoor that was intentionally planted in Webminin 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.
  • A researcher disclosing a zero-day vulnerability (the second in two weeks) for the Steam gaming client after he said he was barred from the bug bounty programof Steam's owner, Valve.
  • Facebook being met with vitriol after users discovered its "Clear History" feature, rolled out in some countries this week, wasn't what they had thought.
Aug 23, 2019
Texas Ransomware Attack: What We Know So Far
22:39

Threatpost talks to Allan Liska, with Recorded Future, about the ongoing ransomware attacks of more than 20 Texas entities. What do we know so far?  Why is this so different from other ransomware attacks? And will cities continue to be plagued by ransomware threats? 

Aug 21, 2019
News Wrap: BlueKeep Threats and Biometrics Data Breaches
16:34

On the heels of Black Hat USA 2019 and DEF CON, Threatpost editors break down the biggest news of this past week ended Aug. 16, from Patch Tuesday craziness to publicly-exposed databases. That includes:

  • Microsoft's August Patch Tuesday releasefeaturing four BlueKeep-like critical remote code-execution vulnerabilities in Remote Desktop Services (RDS) and a critical RCE flaw in Microsoft Word.
  • The personal and biometrics data of more than a million people left publicly exposedon a database owned by Suprema, a biometric security company.
  • Hacking conference organizer DEF CON Communicationssaid it plans to roll out a global anonymous bug submission platform based on the SecureDrop communications tool.

 

 

Aug 16, 2019
TikTok Scammers Cash In On Adult Dating, Impersonation Tricks
19:55

As social media platform TikTok becomes the top App Store app download in 2019 - and the number three app download on Google Play and on platforms overall - scammers are looking to cash in on the troves of younger users of the popular platform.

Tenable researcher Satnam Narang, who has been tracking the platform for scams since March 2019, said that, while scams have been previously undocumented, he has come across several that are "in their infancy" - and he expects that number to explode.

These scams, already prevalent on Instagram and Twitter, revolve around adult dating as well as account impersonation to get more likes or follows, and in some cases can be extremely profitable for scammers.

"I think as long as these platforms exist, and there are billions of users using them, you're going to have scammers. It's just sort of part of using these platforms," Narang told Threatpost.

Aug 14, 2019
Black Hat 2019 News Wrap: The Best and Worst Parts
19:33

Las Vegas - Black Hat and DEF CON 2019 may be wrapping up, but the dual conferences last week in Las Vegas left the security industry with a flurry of new security flaws, topics and announcements to discuss for the weeks to come.

Threatpost editors Tara Seals and Lindsey O'Donnell get together to discuss the highs and lows from the conference. The highs include a widespread trend around increased collaboration between vendors and researchers pinpointed during the keynote by Square's Dino Dai Zovi. That includes:

In addition, Threatpost discusses why Black Hat came under scrutiny for a sponsored "Time AI" encryption session that many researchers criticized as a scam.

Aug 12, 2019
Sponsored Podcast: The Operationalization of Data With a Purpose
21:37

Security, intel and fraud teams are swimming in data. Data is not the problem, but operationalizing and making use of the data we have is. Taking this one step further is making use of the data with a purpose, specifically, to interrupt the criminal lifecycle to make it more expensive for criminals to get value from the data and information they steal.

Threatpost podcast host Cody Hackett talks to Chip Witt, head of product strategy at Spycloud, to discuss the operationalization of data and how market trends are driving data security challenges.

 

Aug 07, 2019
Black Hat USA 2019 Preview
21:11

Las Vegas - Despite bizarre reports of a grasshopper infestation, Black Hat USA 2019 and DEF CON are set to kick off next week in Las Vegas, bringing on a rainstorm of sessions, keynotes and security-themed villages.

The Threatpost team, which will be on the frontlines of next week's shows, discuss what is sticking out to them - from the keynote given by Dino Dai Zovi with Square, "Every Security Team is a Software Team Now," to key sessions and vulnerabilities disclosed in iPhones, 5G and IoT devices.

Jul 31, 2019
The Threatpost Podcast: 93 Percent of Enterprises Harbor Cloud Security Concerns
16:55

With the increasing popularity of Bring Your Own Device (BYOD) policies and public cloud offerings, enterprises are moving from on-premises applications to cloud apps - but they still lack faith in cloud security.

A new July Bitglass study found that 67 percent of respondents believe cloud apps are as secure or more secure than on-premises apps— a significantly higher statistic than the 40 percent recorded in 2015. Despite this, 93 percent of respondents are at least moderately concerned about the security of the cloud.

"So you have this kind of seeming contradiction where people say, yes, it's just as secure or more secure, than on-prem ways of doing things. But also, we're very concerned about it," said Jacob Serpa with Bitglass in a podcast interview with Threatpost. "So I just think that, you know, one thing that really jumped out of the report was that emphasis on the shared responsibility model of security, and how organizations can say, hey, the cloud is secure. But we have to use it wisely."

Below is a full podcast interview with Serpa breaking down the top takeaways from the report and how enterprises are challenged by cloud security threats and concerns.

 

Jul 29, 2019
Why Cities Are a Low-Hanging Fruit For Ransomware (Part 2)
07:23

With ransomware attacks against local governments repeatedly making headlines, what can cities do to better protect themselves? 

In the second of a two-part series, Threatpost talks to Shawn Taylor, the senior systems engineer at Forescout who covers state and local governments across the country. Taylor, who was in the trenches during the infamous 2018 Atlanta ransomware attack,  recounts what the experience taught him about how to best protect against ransomware threats.

Jul 24, 2019
The Threatpost Podcast: Amazon Alexa, Google Home On Collision Course With Regulation
18:16

Voice assistants are growing rapidly in popularity -- but at the same time, the privacy concerns and security issues with popular home assistant devices like Amazon Echo and Google Home are also peaking.

Earlier in July, Amazon came under fireafter acknowledging that it retains the voice recordings and transcripts of customers' interactions with its Alexa voice assistant indefinitely - raising questions about how long companies should be able to save highly-personal data collected from voice assistant devices.

Amazon continues to find itself in hot water regarding privacy policies around its Echo devices. In April, Amazon came under fire after a report revealedthe company employs thousands of auditors to listen to Echo users' voice recordings. And last year, Amazon inadvertentlysent 1,700 audio files containing recordings of Alexa interactions by a customer to a random person –and later characterized it as a "mishap" that came down to one employee's mistake.

Jul 22, 2019
Why Cities Are a Low-Hanging Fruit For Ransomware (Part 1)
20:35

Why do cities appear to be a low hanging fruit when it comes to ransomware attacks? What hurdles do state and local governments face when securing their systems and responding to attacks?

In the first of a two part series, Threatpost talks to Shawn Taylor, the senior systems engineer at Forescout who covers state and local governments across the country. Taylor was in the trenches during the infamous 2018 Atlanta ransomware attack and recounts what the experience taught him about remediation and recovery efforts when it comes to cyberattacks.

Jul 15, 2019
The Threatpost Podcast: What the Next Generation of Bug Bounty Looks Like
13:42

Threatpost talks to Bugcrowd chief security officer David Baker about the challenges, trends and future of bug bounty programs.

Jul 10, 2019
The Threatpost Podcast: Thousands of IoT Devices Bricked By Silex Malware
15:44

A 14-year-old hacker used a new strain of malware this week to brick up to 4,000 insecure Internet of Things (IoT) devices - before abruptly shutting down. The malware, dubbed Silex, was first discovered by Larry Cashdollar, senior Security Intelligence Response engineer at Akamai, on his honeypot. Threatpost discusses the new malware with Cashdollar - and what malware strains like this one and BrickerBot mean for the insecure IoT device landscape. 

Jun 27, 2019
News Wrap Podcast For June 21
19:16

Beyond the regular humdrum of security vulnerabilities and patches this week, a slew of stories covered varying topics ranging from NASA to Tinder. The Threatpost team broke down the top stories of the week, including:

  • A ransomware webinar hosted by Threatpost editor Tara Seals, which included experts from Recorded Future, Malwarebytes and Moss Adams. The webinar looked at the top ransomware trends and threats, and outlined how enterprises can protect themselves.
  • A Florida city hit three weeks ago by a ransomware attack voted this week to pay the hackers a ransom of $600,000.
  • A Threatpost feature, that looked at top dating apps like Match.com and Tinder, found that the services are collecting and sharing a disturbing range  of data, from chat messages to sexual orientation.
  • Rampant security-operations bungling allowed cyberattackers to infiltrate NASA's JPL network, which carries human mission data.

 

Jun 21, 2019
The Threatpost Podcast: It's Time to Throw Out Insecure IoT Devices
17:30

What can be done with 2 million connected security cameras, baby monitors and more that are vulnerable to serious flaws - but don't have a patch?

Security researcher Paul Marrapese, whodisclosed the flaws in April and has yet to hear back from any impacted vendors, recommends that consumers throw them in the trash.

"I 100 percent suggest that people throw them out," he told Threatpost in a podcast interview. "I really, I don't think that there's going to be any patch for this. The issues are very, very hard to fix, in part because, once a device is shipped with a serial number, you can't really change that, you can't really patch that, it's a physical issue."

Jun 18, 2019
News Wrap Podcast For June 14
16:50

Beyond Patch Tuesday, this week was crammed with privacy and security related news. In this week's Threatpost podcast, editors Tara Seals and Lindsey O'Donnell discussed the top news from the week. That includes:

  • A federal lawsuit alleging that Amazon is recording children who use its Alexa devices, without their consent or knowledge.
  • Telegram's CEO pointing the finger squarely at Chinaas the culprit responsible for the distributed denial of service (DDoS) attack that it suffered on Wednesday.
  • A critical flawin the popular note-taking Evernote extension could have allowed attackers to steal personal data – including emails and financial transactions – of millions.
Jun 14, 2019
News Wrap Podcast for June 7
19:33

This week cybersecurity news was overshadowed by research, talks and discussion from Infosecurity Europe, which took place in London. During the Threatpost news wrap for the week ended June 7, the team breaks down the top news from the show, as well as other breaking security news covered over the past few days. Those include:

  • Top keynotes from Infosecurity Europe, including one that looked at the impact of data miningon future elections.  
  • Continued worries around the BlueKeep vulnerabilityafter a researcher disclosed a proof-of-concept (PoC).
  • A PoC attack named Tap ‘n Ghostthat targets Near Field Communication (NFC)-enabled Android smartphones.
Jun 07, 2019
The Threatpost Podcast: Behind-the-Scenes Look at Scattered Canary BEC Cybergang
24:21

At Infosecurity Europe, Threatpost caught up with Agari researchers to discuss their threat research unveiled at the show about a newly-unveiled business email compromise (BEC) cybergang.

The cybercriminal group, which researchers called Scattered Canary, has been evolving for over 10 years - starting from a "one man shop" launching Craigslist and romance scams, to a high-level, sophisticated BEC group with dozens of employees targeting enterprises.

Threatpost talks to Ronnie Tokazowski, senior threat researcher at Agari, and Crane Hassold, Senior Director of threat Research at Agari, about the threat research and BEC scams in general.

 

Jun 05, 2019
The Threatpost Podcast: Nansh0u Cryptojacking Campaign Infects 50K Servers
18:50

At Infosecurity Europe, which kicks off Tuesday in London, UK, Threatpost gets a behind-the-scenes look at the Nansh0u campaign, a cryptojacking campaign that has infected 50,000 servers with malware that mines an open source cryptocurrency called TurtleCoin. Dave Klein, senior director of engineering architecture with Guardicore, discusses cryptojacking and other trends he's looking out for at the show. 

Jun 03, 2019
The Threatpost Podcast: The Challenges Behind 5G Security
16:04

Threatpost talks to Nils Ahrlich, head of end-to-end security solutions at Nokia, at the GSMA Mobile 360 Security for 5G conference last week in the Netherlands. When it comes to 5G there are a slew of use cases being utilized at the bleeding edge - from smart factories to IoT - but these are also opening up security risks.

Jun 03, 2019
The Threatpost Podcast: Enterprise Security Risks of 5G
13:35

During the GSMA Mobile360 conference on 5G security, Threatpost editor Tara Seals talks to Patrick Donegan, founder and principle analyst at HardenStance, about the enterprise risks involved in 5G. 

May 31, 2019
The Threatpost Podcast: '5G is Coming,' What Does it Mean For Security?
17:29

With the advent of 5G, the tech community is bracing itself for new applications like self-driving cars and IoT. But what does that mean for the security landscape? At the GSMA Mobile 360 Conference, Threatpost editor Tara Seals talks to Fred Streefland, CISO for the Benelux and Nothern East Europe region at Palo Alto Networks, about the security challenges - and opportunities - that 5G is presenting.

May 29, 2019
News Wrap Podcast For May 24
21:53

The Threatpost team breaks down the top data privacy-related news this week, including:

  • Google's acknowledgementthat G Suite passwords had been stored in plaintext - since 2005.
  • The database of golfing app Game Golf left misconfigured, exposing millions of data points on games played plus sensitive information.

  •  Mozilla's focus on privacy in its new release of Firefox 67, which comes with protections against cryptomining and digital fingerprints.
  • The upcoming Threatpost webinar focusing on Identity Management solutions picking up the slack as passwords are increasingly viewed as security liabilities (you can register here)

 

May 24, 2019
The Threatpost Podcast: Behind the Intel CPU ZombieLoad Attack
27:43

After Intel on Tuesday revealed a new class of speculative execution vulnerabilities, which impact all its modern CPUs, the researcher who was part of the team that discovered one of these flaws is sounding off on the disclosure process behind it.

The speculative execution flaw, ZombieLoad, is an attack related to CVE-2018-12130, the flaw in the Fill Buffer of Intel CPUs. That's because this attack leaks the most data – attackers are able to siphon data from system applications, operating system and virtual machines. 

ZombieLoad was discovered and reported by Michael Schwarz, Moritz Lipp and Daniel Gruss from the Graz University of Technology (known for their previous discoveries of similar attacks, including Meltdown). Gruss talks about how the team first discovered the attack.

May 20, 2019
News Wrap Podcast For May 17
21:17

This week was filled with flaws, flaws and more flaws: From a zero-day under active exploit in the WhatsApp messaging app, to Patch Tuesday glitches addressed by Microsoft. Threatpost breaks down the top vulnerabilities of the week, including:

  • A WhatsApp zero-day vulnerability being exploited in targeted spyware attacks

  • Several Cisco vulnerabilities, including a critical remote code-execution (RCE) vulnerabilities in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network (EPN) Manager; and an unpatched, high-severity Secure Boot flaw that was disclosed on Monday
  • A new class of speculative execution vulnerabilities in all modern Intel CPUs, dubbed Microarchitectural Data Sampling (MDS)

  • A Microsoft patch released on Patch Tuesdayfor an elevation-of-privileges vulnerability rated important, which is being exploited in the wild

  • Apple rolling out 173 patchesin various products across its hardware portfolio, including for dangerous bugs in macOS for laptops and desktops, iPhone, Apple TV and Apple Watch.

 

May 17, 2019
News Wrap Podcast For May 10
26:53

Threatpost editors Lindsey O'Donnell and Tom Spring break down this week's biggest news, including:

-Facebook co-founder Chris Hughes wrote a blistering op-ed about the need for regulation around the social media giant 

-Verizon's data breach investigations report 2019, released this week, which outlined the top data breach trends to look out for

-A firestorm surrounding Airbnb after a guest discovered that her host was secretly recording her in the flat's bedroom.

May 10, 2019
News Wrap Podcast For May 3
17:39

The Threatpost team discusses a slew of strange security news that made headlines this week, including: 

-The Cartoon Network being hacked to play Brazilian stripper videos

-The Catholic Church falling victim to a $1.75 business email compromise scam

-A scammer pretending to be Jason Statham tricking a fan out of money 

 

May 03, 2019
The Threatpost Podcast: What is the Future of IoT Security?
18:50

What is the future of IoT security? Will consumers continue to face insecure technology, disturbing privacy concerns, and DDoS attacks? Or will the efforts of consortiums, legislations and industry pressure help set connected device security straight?

Threatpost sits down with Jason Soroco with Sectigo, the Chief Technology Officer of IoT, to get his opinion.

 

May 03, 2019
News Wrap Podcast For April 26
28:03

The Threatpost team talks about recent data privacy news - including the Facebook's FTC fine potentially reaching $5 billion, facial recognition concerns, and Amazon's Echo auditing team. 

Apr 26, 2019
The Threatpost Podcast: Spotting Social Media Influence Campaigns at SAS 2019
10:29

Threatpost editor Tara Seals sits down with Staffan Truvé, the co-founder and CTO of Recorded Future, at the Security Analyst Summit in Singapore this week. 

Truvé discussed the rise of influence campaigns on social media, and one campaign in particular that researchers have recently spotted that has focused not on fake news, but on old news that aims to influence victims.

Apr 11, 2019
The Threatpost Podcast: Discussing Supply Chain Security Woes at SAS 2019
10:25

At the Security Analyst Summit this year in Singapore, Threatpost editor Tara Seals catches up with Joe FitzPatrick, researcher with Securing Hardware, who led a session during the conference about "A Measured Response to a Grain of Rice: An Implant in the Shell"

After a 2019 Bloomberg report alleged that a spy chip was implanted on Supermicro servers and eventually made it into the supply chain of several high-profile cloud vendors, supply chain was thrown to the forefront. (The report was strongly refuted by Supermicro, Amazon and Apple). 

FitzPatrick talks about what stood out to him about the report- and what didn't make sense - as well as the risks of supply chain that end users should focus on.

Apr 10, 2019
The Threatpost Podcast: Chris Vickery on Publicly-Exposed Facebook Records
17:01

Chris Vickery, the Director of Cyber Risk Research at UpGuard, joined the Threatpost Podcast to discuss this week's report that hundreds of millions of Facebook records were publicly exposed on the internet.    

Apr 05, 2019
The Threatpost Podcast: The Norsk Hydro Cyberattack and Manufacturing Security
22:23

Norway-based Norsk Hydro announced on Tuesday morning it was victim to a serious ransomware attack, which has forced the global aluminum producer to shut down or isolate several plants and send several more into manual mode, the company said on Tuesday morning.

Threatpost talked to Phil Neray, the VP of Industrial Cybersecurity at CyberX, about how manufacturing firms can avoid a similar cyberattack that Norsk Hydro has undergone.

 

Mar 19, 2019
The Threatpost Podcast: RSA Conference 2019 Recap
13:09

The Threatpost team touches base at the RSA Conference this year in San Francisco to discuss breaking news from the show and their favorite topics and trends that they saw.

Mar 07, 2019
The Threatpost Podcast: Tom Kellermann on Top Financial Threats
17:18

Lindsey O'Donnell with Threatpost talked to Tom Kellermann, Chief Cybersecurity Officer at Carbon Black. Carbon Black at RSA this year unveiled a new report outlining the top attacks that financial firms are facing. According to the report, 67 percent of surveyed financial institutions have reported an increase in cyberattacks over the past 12 months. Kellermann discusses the report's findings and key takeaways.

Mar 06, 2019
Threatpost Podcast: Picking Apart Foreshadow at RSAC
13:47

During the RSA conference this week, Lindsey O'Donnell with Threatpost talks to Raoul Strackx, post-doctoral researcher and KU Leuven. Strackx was one of the researchers who discovered the Foreshadow vulnerability in CPUs in August. He discusses the vulnerability and why speculative execution attacks will only get worse.

Mar 05, 2019
The Threatpost Podcast: RSA 2019 Preview
18:35

The Threatpost team breaks down the biggest news, stories and trends they expect to hear about at RSA 2019 this year, which takes place next week in San Francisco.

Mar 01, 2019
News Wrap Podcast For Feb. 22
17:48

Lindsey O'Donnell and Tom Spring discuss the biggest news of the week ended Feb. 22, including a report about flaws in password managers that drew backlash, and a 19-year-old flaw found in WinRAR.

Feb 22, 2019
News Wrap Podcast For Feb. 1
15:32

Threatpost editors break down the biggest news from the week ended Feb. 1.

Feb 01, 2019
News Wrap Podcast For Jan. 25
19:37

Threatpost editors break down the top news from this week, including a government emergency alert regarding DNS hijacking attacks and a massive Google GDPR fine. 

Jan 25, 2019
News Wrap Podcast For Jan. 18
19:56

Threatpost's Tom Spring and Lindsey O'Donnell talk about data exposure, data breaches and new vulnerabilities discovered this past week.

Jan 18, 2019
The Threatpost Podcast: Emotet's Fast-Evolving Tactics
25:30

The Emotet banking trojan has been popping up in the news for years: From widespread malspam infections of banking German targets in 2014, all the way up to the costly infection of a New Hampshire town’s computer network in July.

And while the tricky Emotet malware first emerged targeting banking credentials, over the past year researchers have called out the trojan for changing its tactics – and its targets. Sig Murphy, consulting director for Western North America at Cylance, says that this evolution will continue in 2019.

Jan 14, 2019
The Threatpost Podcast: Interview With Snowden's Attorney (Part Two)
24:20

Human rights lawyer Robert Tibbo represented former N.S.A. contractor-turned-whistleblower Edward  Snowden when he fled the United States to Hong Kong in 2013. Less publicized has been Tibbo’s work representing several families from the Hong Kong refugee community that welcomed Snowden into their homes – where he avoided unwanted attention.

Threatpost caught up with Tibbo last week in Leipzig, Germany where he spoke at the Chaos Communication Congress about the so-called “Snowden Refugees.

Jan 07, 2019
The Threatpost Podcast: The Biggest Cybersecurity Trends in 2019
19:15

Threatpost talked to Leigh-Anne Galloway, the cybersecurity resilience lead of Positive Technologies, about what she sees as the top cyber trends, threats and topics in 2019.

From data breaches to threat actors, listen to hear more of Galloway's predictions. 

Jan 07, 2019
Threatpost Podcast: Interview With Snowden’s Attorney (Part One)
24:27

Threatpost's Tom Spring sits down with Robert Tibbo, lawyer for Edward Snowden and the refugee families who hid Snowden. 

The refugee families located in Hong Kong that helped shelter Edward Snowden in 2013 - known as the "Snowden refugees" - are under crushing pressure to cooperate with local authorities or face deportation to their countries of origin, where they face an uncertain fate.

Jan 02, 2019
The Threatpost Podcast: Breaking Down the Magecart Threat (Part Two)
25:01

Threatpost editor Lindsey O’Donnell talks to RiskIQ's threat researcher, Yonathan Klijnsma, about the varying groups under the Magecart umbrella, and the differing characteristics, targets and techniques of these growing number of groups.

Nov 30, 2018
The Threatpost Podcast: Using A Hacker-Mindset To Defend
15:19

We are joined on the podcast by David Wolpoff, better known as Moose, CTO at Randori.

With high profile breaches making headlines every day, and enterprises spending more on tools and solutions than ever, Moose talks about how companies can create an effective security strategy and defend themselves instead of merely throwing money at the problem.

Nov 24, 2018
Podcast: Breaking Down the Magecart Threat (Part One)
21:51

Threatpost editor Lindsey O'Donnell talks to Rapid7's Chief Data Scientist, Bob Rudis, about the threats that Magecart poses when it comes to e-commerce websites - and how this has evolved over time. This is the first in a series of three podcasts featuring an in-depth discussion of the Magecart threat group. Stay tuned for part two next week.

Nov 22, 2018
News Wrap Podcast For Nov. 23
21:29

With Thanksgiving this week and Cyber Monday right around the corner, Threatpost editors Lindsey O'Donnell and Tara Seals talk about the biggest holiday season-related cybersecurity stories of the week. 

Nov 21, 2018
The Threatpost Podcast: Jeep Hack Lawyer on Looming “Tidal Wave of IoT Lawsuits”
16:47

When it comes to IoT security, legal action is "a matter of when not if."

That's according to Ijay Palansky, an attorney in Armstrong Teasdale's Litigation practice group, represented plaintiffs and class members who alleged in the infamous 2015 Jeep hacking class-action lawsuit that the 3G “infotainment” center in those cars were vulnerable to hacking.

Threatpost talked to Palansky about impending IoT legal issues and what to expect.

 

 

Nov 13, 2018
Threatpost News Wrap for Nov. 9
19:26

The Threatpost editors break down this week's biggest news.

Nov 09, 2018
The Threatpost Podcast: Troy Hunt on Best (and Worst) Password Practices
22:07

Threatpost's Lindsey O'Donnell speaks with Troy Hunt, a web security expert and the owner of Have I Been Pwned (HIBP).

Hunt talks about HIBP's partnership with Mozilla Firefox and Cloudflare; trends he's seeing with data breaches; and how the view of responsibilities behind strong passwords is changing. 

Nov 08, 2018
The Threatpost Podcast: Post-Hurricane Utility Ransomware Attack
16:47

A “critical water utility” has been victim of a ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East coast of the U.S.

 The Onslow Water and Sewer Authority (ONWASA) said in a Monday release that a “sophisticated ransomware attack… has left the utility with limited computer capabilities.” While customer data was not compromised as part of the attack, the lack of computing ability will impact the timeliness of service from ONWASA “for several weeks to come.”

Threatpost's Lindsey O'Donnell talks to Katherine Gronberg, who heads government affairs at ForeScout, about the incident and the level of awareness and readiness for federal organizations for these types of threats.

Oct 17, 2018
Threatpost News Wrap For October 12
22:01

From Google's privacy snafu to a sneaky new fake Adobe Flash updater, Threatpost's Lindsey O'Donnell and Tara Seals break down the biggest news from the week ended Oct. 12.

Oct 12, 2018
The Threatpost Podcast: Biggest Trends From BSIMM9
19:10

Lindsey O'Donnell discusses Synopsys’ ninth annual Building Security in Maturity Model report (BSIMM9) released Tuesday.

The report revealed an emerging new dynamic for software security professionals. Synopsys' Gary McGraw, vice president of security technology, breaks down the top takeaways from the report and what was most surprising. 

Oct 09, 2018
Threatpost News Wrap For October 5
29:34

Threatpost's Lindsey O'Donnell and Tom Spring discuss this week's biggest news - including a breakthrough Bloomberg report that China infiltrated Supermicro motherboards, as well as a report that said that 83 percent of home and office router brands have vulnerabilities. 

Oct 05, 2018
The Threatpost Podcast: IoT Devices Still Open to BlueBorne Attack
20:26

A year later, almost 2 billion IoT devices are still vulnerable to the BlueBorne attack. Armis' VP of Product Joe Lea discusses with Threatpost.

Sep 21, 2018
Threatpost News Wrap For September 7
20:13

Threatpost editors Lindsey O'Donnell and Tom Spring break down the biggest news from the week ending September 7.

Sep 06, 2018
Threatpost News Wrap Podcast For August 31
27:28

The Threatpost team talks about the biggest news from this past week, including a Windows zero-day flaw outed on Twitter, Yahoo's email ad-targeting privacy snafu, and crashing mobile apps that leak private data.

Aug 31, 2018
The Threatpost Podcast: Securing Data in the Cloud
16:44

Threatpost talks to Scott Ellis with Google Cloud about issues around securing data in the cloud and accidental exposure.

Aug 29, 2018
The Threatpost Podcast: Troy Mursch on Cryptojacking Campaigns
15:44

Security researcher Troy Mursch, of the Bad Packets Report, comes onto the Threatpost Podcast to discuss recent cryptojacking campaigns and why these types of malicious cryptomining attacks are on the rise.

Aug 22, 2018
The Threatpost Podcast: Bugcrowd Founder on Profitable Bounty Programs
25:12

Bugcrowd has had a busy summer. Recently, the bug bounty company partnered with HP to launch the first-ever bug bounty program for printers, with rewards of up to $10,000 for discovered vulnerabilities.

Bugcrowd also recently announced Disclose.io, an open-sourced project to standardize best practices for providing a safe harbor for security researchers within bug bounty and vulnerability disclosure programs (VDPs).

 Threatpost talked to Casey Ellis, Bugcrowd founder and CTO, about big trends in bug bounty programs.

Aug 15, 2018
The Threatpost Podcast: Black Hat USA and DEF CON Wrap
16:00

Las Vegas was filled with researchers, executives, and hackers last week for the Black Hat USA and DEF CON 2018 conferences. 

Among the most interesting topics at the shows included IoTand connected cars, election votinghacks, and a flurry of other news topics and sessions outlining the newest threats, vulnerabilities, and cybersecurity best practices. 

Threatpost's Lindsey O'Donnell and Tara Seals talk about their favorite parts of the show.

 

Aug 13, 2018
The Threatpost Podcast: enSilo CEO Talks Biggest Black Hat Trends
20:20

Threatpost's Lindsey O'Donnell talks to enSilo CEO Roy Katmor about Black Hat trends to watch out for - from firmware attacks to connected car security.

Aug 08, 2018
The Threatpost Podcast: Black Hat USA 2018 Preview
15:21

Threatpost editors Tom Spring, Lindsey O'Donnell and Tara Seals preview Black Hat USA and DEF CON 2018, which both kick off in Las Vegas this week. 

Aug 06, 2018
The Threatpost Podcast: Breaking Down the COSCO Ransomware Attack
19:24

Threatpost talks to Matt Tyrer with Commvault about the recent COSCO ransomware attack. Tyrer discusses the biggest lessons learned from the incident, COSCO's response, and best practices in preventing ransomware attacks. 

Aug 02, 2018
The Threatpost Podcast: Bitcoin Mining on OT Networks
18:59

On this week's Threatpost Podcast show, we sit down with Ronen Rabinovich from Cyberbit to discuss bitcoin mining on operational technology and critical infrastructure networks.  

Jul 31, 2018
Threatpost News Wrap for July 27
19:03

Threatpost's Tom Spring and Lindsey O'Donnell sit down to discuss the biggest news of the week - including COSCO being hit by a ransomware attack, Adobe Flash being discussed by the U.S. government, and more Facebook drama.

Jul 27, 2018
The Threatpost Podcast: How to Secure Industrial Control Systems
21:59

Threatpost's Lindsey O'Donnell talks to PAS CEO Eddie Habibi about the cybersecurity risks that large manufacturing companies face today - especially with the emergence of industrial IoT. 

Jul 25, 2018
The Threatpost Podcast: The Future of Bug Bounty Programs
19:47

On this week's episode of The Threatpost Podcast, editor Lindsey O'Donnell sits down with Marten Mickos, the CEO of popular bug bounty program platform HackerOne. Mickos sounds off on the opportunities - and growing pains - of bug bounty programs.

Jun 27, 2018
Podcast: The Growing Social Media Threat Landscape
17:40

Threatpost's Lindsey O'Donnell talks with Zack Allen, ZeroFOX’s manager of threat operations, about the broader social media threats landscape and the growing issue of malicious content being spread across networks like Twitter, Facebook and LinkedIn.

 

Jun 13, 2018
Threatpost News Wrap Podcast for June 8
22:04

Threatpost editors Tom Spring, Tara Seals and Lindsey O’Donnell discuss the week’s information security news, including a slew of IoT device privacy incidents,  a critical Adobe Flash vulnerability, and scary new data on the breadth and impact of the VPNFilter malware.

Jun 08, 2018
Podcast: How Cities Can Be Security Smart
20:14

The smart city industry is projected to be a 400 billion dollar market by 2020, as municipals look at applications for transportation, waste management, and law enforcement.

But with that growth comes privacy issues and security risks, Tenable CTO Renaud Deraison told Threatpost’s Lindsey O’Donnell. Deraison outlines some of the biggest security problems that smart cities face right now – and how city developers can adopt better security hygiene.

May 31, 2018
Threatpost News Wrap Podcast for May 18
26:52

Threatpost editors Tom Spring, Tara Seals and Lindsey O'Donnell discuss the week’s information security news, including some interesting new malware, a Linux patch that made waves, social engineering gambits and a major banking theft from the second-largest economy in Latin America.

May 18, 2018
Podcast: The Evolution of Deception Technology
17:42

Once only seen in the market through the form of honeypots, deception technology is a quickly emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices. 

Threatpost talks to Tony Cole, CTO of Attivo Networks, about how deception technology has evolved, the challenges behind adoption of this method of cyber defense, and how attackers are learning to adapt. 

May 17, 2018