Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

By Jerry Bell and Andrew Kalat

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in iTunes


Open RSS feed


Open Website


Rate for this podcast


Description

Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

Episode Date
Defensive Security Podcast Episode 230
54:57
https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/ https://krebsonsecurity.com/2018/11/marriott-data-on-500-million-guests-stolen-in-4-year-breach/ https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/
Dec 04, 2018
Defensive Security Podcast Episode 229
1:04:18
https://www.dutchnews.nl/news/2018/11/internet-con-men-ripped-off-pathe-nl-for-e19m-in-sophisticated-fraud/ https://lifehacker.com/how-password-constraints-give-you-a-false-sense-of-secu-1830564360 https://www.csoonline.com/article/3319704/data-protection/the-end-of-security-as-we-know-it.html https://www.careersinfosecurity.com/breach-settlement-has-unusual-penalty-a-11669 https://motherboard.vice.com/en_us/article/bje8na/massive-data-leaks-keep-happening-because-big-companies-can-afford-to-lose-your-data https://www.zdnet.com/article/city-of-valdez-alaska-admits-to-paying-off-ransomware-infection/
Nov 27, 2018
Defensive Security Podcast Episode 228
46:47
https://www.zdnet.com/article/this-is-how-artificial-intelligence-will-become-weaponized-in-future-cyberattacks/ https://www.securityinfowatch.com/article/12434583/everyone-needs-to-take-responsibility-for-cybersecurity-in-the-workplace https://www.zdnet.com/article/adobe-coldfusion-servers-under-attack-from-apt-group/ https://www.securityweek.com/troubled-waters-how-new-wave-cyber-attacks-targeting-maritime-trade https://securityaffairs.co/wordpress/77676/malware/industrial-facilities-malware.html
Nov 13, 2018
Defensive Security Podcast Episode 227
57:58
https://www.zdnet.com/article/equifax-engineer-who-designed-breach-portal-gets-8-months-of-house-arrest-for-insider-trading/ https://www.csoonline.com/article/3314557/security/ransomware-attack-hits-north-carolina-water-utility-following-hurricane.html https://www.securityweek.com/insurer-anthem-will-pay-record-16m-massive-data-breach https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html https://www.thinkadvisor.com/2018/09/26/sec-hits-voya-financial-advisors-with-1m-fine-over/ https://www.healthcareitnews.com/news/debunking-cybersecurity-thought-humans-are-weakest-link
Oct 30, 2018
Defensive Security Podcast Episode 226 redux
1:00:39
Note: this episode is being re-released to fix a problem with the mp3 download. https://www.tripwire.com/state-of-security/security-data-protection/bec-as-a-service-offers-hacked-business-accounts-for-as-little-as-150/ https://www.bleepingcomputer.com/news/security/ic3-issues-alert-regarding-remote-desktop-protocol-rdp-attacks/ https://krebsonsecurity.com/2018/10/supply-chain-security-is-the-whole-enchilada-but-whos-willing-to-pay-for-it/
Oct 08, 2018
Defensive Security Podcast Episode 225
53:01
https://motherboard.vice.com/en_us/article/pa8emg/russian-indicted-jp-morgan-chase-hack https://www.zdnet.com/article/us-government-releases-post-mortem-report-on-equifax-hack/ https://www.zdnet.com/article/phishing-alert-north-korean-hacking-attacks-shows-your-email-is-still-the-weakest-link/ https://www.verizon.com/about/news/lifting-lid-cybercrime
Sep 09, 2018
Defensive Security Podcast Episode 224
43:56
https://www.zdnet.com/article/this-destructive-ransomware-has-made-crooks-6m-by-encrypting-data-and-backups/ https://www.bleepingcomputer.com/news/security/reddit-announces-security-breach-after-hackers-bypassed-staffs-2fa/ https://www.databreachtoday.com/art-steal-fin7s-highly-effective-phishing-a-11286 https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Aug 31, 2018
Defensive Security Podcast Episode 223
45:54
https://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most https://www.bankinfosecurity.com/labcorp-still-recovering-from-ransomware-attack-a-11235 https://www.securityweek.com/cyber-axis-evil-rewriting-cyber-kill-chain https://arstechnica.com/information-technology/2018/07/prolific-hacking-group-steals-almost-1-million-from-russian-bank/#p3 https://www.bleepingcomputer.com/news/government/us-charges-12-russian-intelligence-officers-for-hacking-dnc-running-dcleaks/
Jul 31, 2018
Defensive Security Podcast Episode 222
52:03
https://www.csoonline.com/article/3285982/data-protection/4-reasons-why-cisos-must-think-like-developers-to-build-cybersecurity-platforms.html https://www.csoonline.com/article/3287655/phishing/stop-training-your-employees-to-fall-for-phishing-attacks.html https://www.bankinfosecurity.com/cryptojacking-displaces-ransomware-as-top-malware-threat-a-11165 https://wiki.gentoo.org/wiki/Project:Infrastructure/Incident_Reports/2018-06-28_Github
Jul 15, 2018
Defensive Security Podcast Episode 221
42:48
https://www.esecurityplanet.com/network-security/security-projects-cisos-should-consider-gartner.html Data breach defendant must hand over computer forensics reports: court https://www.theregister.co.uk/2018/06/26/digitally_signed_malware/ https://www.bankinfosecurity.com/californias-new-privacy-law-its-almost-gdpr-in-us-a-11149 https://blog.erratasec.com/2018/06/lessons-from-npetya-one-year-later.html
Jul 03, 2018
Defensive Security Podcast Episode 220
40:15
https://www.wired.com/story/exactis-database-leak-340-million-records/ https://www.helpnetsecurity.com/2018/06/19/opm-breach-fraud/ https://www.tenable.com/blog/should-you-still-prioritize-exploit-kit-vulnerabilities
Jun 28, 2018
Defensive Security Podcast Episode 219
35:31
https://www.csoonline.com/article/3276584/ransomware/what-does-a-ransomware-attack-cost-beware-the-hidden-expenses.html https://www.bankinfosecurity.com/mental-health-provider-pays-ransom-to-recover-data-a-11040 https://www.itbusinessedge.com/blogs/data-security/did-we-see-our-first-data-breach-of-the-gdpr-era.html
Jun 19, 2018
Defensive Security Podcast Episode 218
52:18
https://www.zdnet.com/article/wannacry-ransomware-crisis-one-year-on-are-we-ready-for-the-next-global-cyber-attack/ https://www.zdnet.com/article/enterprise-vulnerability-management-as-effective-as-random-chance/ https://www.zdnet.com/article/enterprise-codebases-plagued-by-open-source-vulnerabilities/ https://www.databreachtoday.com/nuance-communications-breach-affected-45000-patients-a-11002
May 28, 2018
Defensive Security Podcast Episode 217
44:47
https://www.csoonline.com/article/3262168/ransomware/customers-describe-the-impact-of-the-allscripts-ransomware-attack.html https://www.infosecurity-magazine.com/news/atlanta-city-splurges-27m/ https://arstechnica.com/information-technology/2018/04/insecure-rsa-conference-app-leaked-attendee-data/ https://www.wired.com/story/inside-the-unnerving-supply-chain-attack-that-corrupted-ccleaner/
Apr 24, 2018
Defensive Security Podcast Episode 216
52:39
https://www.verizonenterprise.com/verizon-insights-lab/dbir/
Apr 21, 2018
Defensive Security Podcast Episode 215
51:41
https://www.bankinfosecurity.com/nj-ag-smacks-practice-hefty-fine-for-vendor-breach-a-10774 https://www.bankinfosecurity.com/panera-bread-data-leak-persisted-for-eight-months-a-10760 http://www.eweek.com/security/best-buy-delta-sears-hit-by-third-party-chat-widget-breach http://www.baltimoresun.com/news/maryland/crime/bs-md-ci-hack-folo-20180328-story.html
Apr 13, 2018
Defensive Security Podcast Episode 214
49:42
https://www.csoonline.com/article/3265024/privacy/are-you-letting-gdpr-s-privacy-rules-trump-security.html http://www.zdnet.com/article/doj-indicts-iranian-hackers-for-stealing-data-from-144-us-universities/ https://www.databreachtoday.com/report-guccifer-20-unmasked-at-last-a-10737 https://www.databreachtoday.com/expedias-orbitz-suspects-880000-payment-cards-stolen-a-10729 https://www.csoonline.com/article/3266364/security/samsam-group-deletes-atlantas-contact-portal-after-the-address-goes-public.html https://www.securityweek.com/top-vulnerabilities-exploited-cybercriminals
Mar 29, 2018
Defensive Security Podcast Episode 213
41:41
https://www.theguardian.com/business/2018/mar/14/equifax-insider-trading-data-breach-jun-ying-charged https://gizmodo.com/us-power-company-fined-2-7-million-over-security-flaws-1823745994 https://www.csoonline.com/article/3262551/data-protection/are-your-employees-unwittingly-invalidating-your-cyber-liability-insurance.html https://www.cisecurity.org/controls/
Mar 21, 2018
Defensive Security Podcast Episode 212
1:07:37
https://www.csoonline.com/article/3258817/data-breach/sec-guidance-on-it-security-would-you-report-security-risks-before-a-breach.html http://www.zdnet.com/article/hackers-are-selling-legitimate-code-signing-certificates-to-evade-malware-detection/ http://au.news.yahoo.com/a/39380423/equifax-expects-net-200-million-in-breach-related-costs-in-2018/ http://www.eweek.com/security/crowdstrike-reveals-time-to-breakout-as-key-cyber-security-metric https://www.securityweek.com/sophisticated-cyberspies-target-middle-east-africa-routers
Mar 13, 2018
Defensive Security Podcast Episode 211
45:23
https://www.bleepingcomputer.com/news/security/destructive-malware-wreaks-havoc-at-pyeongchang-2018-winter-olympics/ https://www.cyberscoop.com/atos-olympics-hack-olympic-destroyer-malware-peyongchang/ https://www.bankinfosecurity.com/blogs/attribution-games-dont-rush-to-blame-p-2594 http://www.zdnet.com/article/meltdown-spectre-flaws-weve-found-new-attack-variants-say-researchers/ https://news.iu.edu/stories/2018/02/iub/releases/13-paper-suggests-agency-to-prevent-cyberattacks.html
Feb 19, 2018
Defensive Security Podcast Episode 209
1:10:51
https://www.csoonline.com/article/3247653/data-protection/5-mistakes-ive-made-and-how-to-avoid-them.html https://www.csoonline.com/article/3244650/disaster-recovery/why-we-continue-to-fail-lessons-learned-from-the-atlanta-airport-fiasco.html https://www.wired.com/story/meltdown-and-spectre-patches-take-toll/
Jan 17, 2018
Defensive Security Podcast Episode 208
1:05:34
https://www.upguard.com/breaches/cloud-leak-alteryx?ilink=1 https://krebsonsecurity.com/2017/12/4-years-after-target-the-little-guy-is-the-target/
Dec 30, 2017
Defensive Security Podcast Episode 207
1:03:31
https://www.csoonline.com/article/3239645/data-protection/3-common-cybersecurity-maturity-failings.html https://www.troyhunt.com/the-trouble-with-politicians-sharing-passwords/ https://krebsonsecurity.com/2017/12/phishers-are-upping-their-game-so-should-you/ https://www.reuters.com/article/us-uber-cyber-payment-exclusive/exclusive-uber-paid-20-year-old-florida-man-to-keep-data-breach-secret-sources-idUSKBN1E101C
Dec 14, 2017
Defensive Security Podcast Episode 206
42:08
http://www.zdnet.com/article/national-credit-federation-leaked-us-citizen-data-through-unsecured-aws-bucket/ http://www.mercurynews.com/2017/11/21/uber-concealed-attack-that-exposed-data-of-57-million/
Dec 05, 2017
Defensive Security Podcast Episode 205
38:33
https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/ https://www.bankinfosecurity.com/mayer-strengthened-defense-couldnt-stop-massive-breaches-a-10442 http://www.securityweek.com/phishing-poses-biggest-threat-users-google
Nov 13, 2017
Defensive Security Podcast Episode 204
52:31
https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/ https://motherboard.vice.com/en_us/article/ne3bv7/equifax-breach-social-security-numbers-researcher-warning https://www.csoonline.com/article/3234675/data-protection/6-reasons-why-awareness-programs-fail-even-when-following-best-practices.html https://cyberbalancesheet.com/
Nov 06, 2017
Defensive Security Podcast Episode 203
54:17
https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks-of-state-sponsored-pros https://www.databreachtoday.com/ex-ceo-blames-human-error-tech-failures-for-equifax-breach-a-10349 http://www.zdnet.com/article/wsj-kaspersky-software-likely-used-in-russian-backed-nsa-breach/ https://www.washingtonpost.com/world/national-security/israel-hacked-kaspersky-then-tipped-the-nsa-that-its-tools-had-been-breached/2017/10/10/d48ce774-aa95-11e7-850e-2bdd1236be5d_story.html https://www.bleepingcomputer.com/news/legal/it-admin-trashes-railroad-companys-network-before-he-leaves/
Oct 16, 2017
Defensive Security Podcast Episode 202
56:26
https://arstechnica.com/information-technology/2017/09/ccleaner-backdoor-infecting-millions-delivered-mystery-payload-to-40-pcs/ https://www.theregister.co.uk/2017/09/26/equifax_ceo_resigns/ https://krebsonsecurity.com/2017/09/source-deloitte-breach-affected-all-company-email-admin-accounts/comment-page-2/ https://www.theregister.co.uk/2017/09/26/deloitte_leak_github_and_google/
Oct 02, 2017
Defensive Security Podcast Episode 201
55:39
https://krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpster-fire/ https://www.welivesecurity.com/2017/09/06/security-vulnerability-leaves-fortune-100-firms-vulnerable/ http://nypost.com/2017/09/08/equifax-blames-giant-breach-on-vendor-software-flaw/amp/ https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax https://qz.com/1073221/the-hackers-who-broke-into-equifax-exploited-a-nine-year-old-security-flaw/
Sep 11, 2017
Defensive Security Podcast Episode 200
51:24
http://www.securityweek.com/three-questions-every-ciso-should-be-able-answer https://arstechnica.com/information-technology/2017/08/powerful-backdoor-found-in-software-used-by-100-banks-and-energy-cos/?amp=1 https://krebsonsecurity.com/2017/08/blowing-the-whistle-on-bad-attribution/ http://www.csoonline.com/article/3213030/security/when-it-comes-to-the-cloud-do-cisos-have-their-heads-in-the-sand.html http://www.zdnet.com/article/petya-ransomware-cyber-attack-costs-could-hit-300m-for-shipping-giant-maersk/ https://www.helpnetsecurity.com/2017/08/24/crystal-finance-millennium-compromised/ https://www.lacyberlab.org/what-los-angeles-cyber-lab
Aug 29, 2017
Defensive Security Podcast Episode 199
52:05
https://www.theregister.co.uk/2017/08/10/salesforce_fires_its_senior_security_engineers_after_defcon_talk/?mt=1502653861726 PR fight ensues after claims of leaked Carbon Black data https://www.theregister.co.uk/2017/08/10/carbon_black_denies_sec_sys_broken/ http://www.databreachtoday.com/ocr-tells-organizations-to-step-up-phishing-scam-awareness-a-10174 https://www.infosecurity-magazine.com/news/anthem-medicare-patients-hit-breach/ https://www.theregister.co.uk/2017/08/07/cba_blames_software_for_money_laundering_miss/
Aug 14, 2017
Defensive Security Podcast Episode 198
53:20
https://www.darkreading.com/vulnerabilities—threats/wannacry-inspires-worm-like-module-in-trickbot/d/d-id/1329491 http://www.securityweek.com/one-million-exposed-adware-hijacked-chrome-extension https://www.darkreading.com/risk/can-your-risk-assessment-stand-up-under-scrutiny/a/d-id/1329435
Aug 07, 2017
Defensive Security Podcast Episode 197
48:35
http://thehackernews.com/2017/07/adwind-rat-malware.html https://www.theregister.co.uk/2017/07/13/swiss_domain_name_hijack/ http://www.databreachtoday.com/fedex-warns-notpetya-will-negatively-affect-profits-a-10118 http://www.cnbc.com/2017/07/21/a-cyberattack-is-going-to-cause-this-tech-company-to-miss-earnings.html http://www.securityweek.com/alarming-percentage-employees-hide-security-incidents-report
Jul 24, 2017
Defensive Security Podcast Episode 196
1:14:26
http://www.databreachtoday.com/notpetya-patient-zero-ukrainian-accounting-software-vendor-a-10080 http://blog.talosintelligence.com/2017/07/the-medoc-connection.html?m=1 http://www.databreachtoday.com/police-seize-backdoored-firms-servers-to-stop-attacks-a-10083 https://www.bleepingcomputer.com/news/security/m-e-doc-software-was-backdoored-3-times-servers-left-without-updates-since-2013/ https://www.wired.com/story/petya-plague-automatic-software-updates/ https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/https://apnews.com/962db1cd370d4fdda6083d064b94dd1b https://infosec.engineering/notpetya-complex-attacks-and-the-fog-of-war/
Jul 12, 2017
Defensive Security Podcast Episode 195
58:36
http://securityaffairs.co/wordpress/60243/data-breach/dra-data-leak.html https://www.wired.com/story/crash-override-malware/ https://threatpost.com/fin10-extorting-canadian-mining-companies-casinos/126382/ http://variety.com/2017/digital/features/netflix-orange-is-the-new-black-leak-dark-overlord-larson-studios-1202471400/amp/ https://arstechnica.com/information-technology/2017/06/32tb-of-windows-10-beta-builds-driver-source-code-leaked/ https://arstechnica.com/security/2017/06/5-weeks-after-wcry-outbreak-nsa-derived-worm-shuts-down-a-honda-factory/
Jun 27, 2017
Defensive Security Podcast Episode 194
42:00
https://hotforsecurity.bitdefender.com/blog/heartbleed-still-hurting-hard-uk-council-fined-100000-after-data-breach-18205.html https://threatpost.com/ransomware-attack-hobbles-prestigious-university-college-london/126299/ http://www.securityweek.com/web-hosting-provider-pays-1-million-ransomware-attackers https://infosec.engineering/improving-the-effectiveness-of-vulnerability-remediation-targeting/
Jun 22, 2017
Defensive Security Podcast Episode 193
30:52
http://www.csoonline.com/article/3198492/security/ceos-risky-behaviors-compromise-security.html https://www.bleepingcomputer.com/news/security/ex-admin-deletes-all-customer-data-and-wipes-servers-of-dutch-hosting-provider http://thehackernews.com/2017/06/intel-amt-firewall-bypass.html http://thehackernews.com/2017/06/microsoft-powerpoint-malware.html
Jun 12, 2017
Defensive Security Podcast Episode 192
36:02
http://www.csoonline.com/article/3198496/compliance/sometimes-it-is-necessary-to-bend-the-rules-a-bit.html http://www.securityweek.com/nature-vs-nurture-bad-cybersecurity-our-dna http://gizmodo.com/top-defense-contractor-left-sensitive-pentagon-files-on-1795669632 https://nakedsecurity.sophos.com/2017/06/02/onelogin-warns-that-attacker-could-be-able-to-decrypt-data/
Jun 06, 2017
Defensive Security Podcast Episode 191
48:03
https://arstechnica.com/security/2017/05/windows-7-not-xp-was-the-reason-last-weeks-wcry-worm-spread-so-widely/ http://www.publictechnology.net/articles/news/nhs-cyber-attack-forces-week-long-council-email-block https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html https://www.grahamcluley.com/companies-keeping-bitcoin-hand-case-ransomware-attacks/ http://www.eweek.com/security/zomato-docusign-breaches-reveal-common-security-risks
May 25, 2017
Defensive Security Podcast Episode 190
1:49:03
http://www.verizonenterprise.com/resources/reports/rp_DBIR_2017_Report_en_xg.pdf
May 10, 2017
Defensive Security Podcast Episode 189
51:58
https://www.wsj.com/articles/cybersecurity-startup-tanium-exposed-california-hospitals-network-in-demos-without-permission-1492624287 95% of enterprise risk assessments find employees using TOR, private VPNs to bypass security, report says http://www.csoonline.com/article/3191286/security/most-employees-willing-to-share-sensitive-information-survey-says.html https://www.bleepingcomputer.com/news/security/over-36-000-computers-infected-with-nsas-doublepulsar-malware/
Apr 25, 2017
Defensive Security Podcast Episode 188
1:04:02
https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/ https://www.bleepingcomputer.com/news/security/former-sysadmin-accused-of-planting-time-bomb-in-companys-database/ http://www.computerworld.com/article/3189059/security/what-prevents-breaches-process-technology-or-people-one-answer-is-pc-and-one-is-right.html http://www.csoonline.com/article/3187422/network-security/report-30-of-malware-is-zero-day-missed-by-legacy-antivirus.amp.html How Hackers Hijacked a Bank’s Entire Online Operation http://news.softpedia.com/news/two-laptops-with-hong-kong-s-3-7-million-voters-data-stolen-514346.shtml Threat Brief: Credential Theft – The Keystone of the Shamoon 2 Attacks
Apr 17, 2017
Defensive Security Podcast Episode 187
47:57
http://www.itworld.com/article/3182431/security/some-https-inspection-tools-might-weaken-security.html https://www.bleepingcomputer.com/news/legal/former-it-admin-accused-of-leaving-backdoor-account-accessing-it-700-times/ http://www.securityweek.com/what-cisos-can-learn-er-doctors http://www.csoonline.com/article/3180762/data-breach/inside-the-russian-hack-of-yahoo-how-they-did-it.html https://arstechnica.com/security/2017/03/microsofts-silence-over-unprecedented-patch-delay-doesnt-smell-right/
Mar 28, 2017
Defensive Security Podcast Episode 186
56:11
http://www.bankinfosecurity.com/emory-healthcare-database-breach-what-happened-a-9745 http://www.networkworld.com/article/3176718/security/dealing-with-overwhelming-volume-of-security-alerts.html#tk.rss_security http://www.networkworld.com/article/3175030/security/trend-micro-report-ransomware-booming.html https://www.helpnetsecurity.com/2017/03/02/yahoo-cookie-forging-incident/ http://www.darkreading.com/risk/new-cybersecurity-regulations-begin-today-for-ny-banks/d/d-id/1328295 http://www.pcworld.com/article/3179348/security/after-cia-leak-intel-security-releases-detection-tool-for-efi-rootkits.html https://arstechnica.com/security/2017/03/wikileaks-publishes-what-it-says-is-trove-of-cia-hacking-tools/ http://www.csoonline.com/article/3177994/security/cia-false-flag-team-repurposed-shamoon-data-wiper-other-malware.html
Mar 14, 2017
Defensive Security Podcast Episode 185
52:36
https://www.bleepingcomputer.com/news/security/malware-used-to-attack-polish-banks-contained-false-flags-blaming-russian-hackers/ http://www.csoonline.com/article/3173639/security/bleeding-clouds-cloudflare-server-errors-blamed-for-leaked-customer-data.html http://www.csoonline.com/article/3174153/security/carders-capitalize-on-cloudflare-problems-claim-150-million-logins-for-sale.amp.html http://www.securityweek.com/what-hackers-think-your-defenses http://www.csoonline.com/article/3171154/security/verizon-knocks-off-350m-from-yahoo-deal-after-breaches.html
Feb 28, 2017
Defensive Security Podcast Episode 184
47:36
https://gallery.technet.microsoft.com/ATA-Playbook-ef0a8e38/file/169827/1/ATA%20Playbook.pdf http://www.securityweek.com/google-shares-data-corporate-email-attacks http://www.databreachtoday.com/reworked-ny-cybersecurity-regulation-takes-effect-in-march-a-9733 http://www.computerworld.com/article/3169386/security/recent-malware-attacks-on-polish-banks-tied-to-wider-hacking-campaign.html#tk.rss_security http://www.computerworld.com/article/3166824/security/polish-banks-on-alert-after-mystery-malware-found-on-computers.html http://www.forbes.com/sites/thomasbrewster/2017/02/16/dnc-fancy-bear-russia-hackers-mac-malware-hacking-team-fbi-fsb/#3998bc7812bc
Feb 20, 2017
Defensive Security Podcast Episode 183
1:01:15
https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/?amp=1 http://www.darkreading.com/risk/7-tips-for-getting-your-security-budget-approved/d/d-id/1328004 https://www.asd.gov.au/publications/protect/essential-eight-explained.htm http://www.csoonline.com/article/3163068/application-development/how-to-secure-active-directory.html https://securosis.com/mobile/tidal-forces-software-as-a-service-is-the-new-back-office/full
Feb 14, 2017
Defensive Security Podcast Episode 182
1:04:38
http://www.securityweek.com/cyber-threat-intelligence-shows-majority-cybercrime-not-sophisticated http://www.databreachtoday.com/new-in-depth-analysis-anthem-breach-a-9627 http://www.databreachtoday.com/475000-hipaa-penalty-for-tardy-breach-notification-a-9624 http://www.databreachtoday.com/insurer-slapped-22-million-hipaa-settlement-a-9643 https://krebsonsecurity.com/2017/01/extortionists-wipe-thousands-of-databases-victims-who-pay-up-get-stiffed/ https://securosis.com/mobile/tidal-forces-endpoints-are-different-more-secure-and-less-open/full
Jan 23, 2017
Defensive Security Podcast Episode 181
59:19
http://www.businessinsider.com/russian-hacking-fears-reportedly-triggered-by-vermont-employee-checking-his-email-2017-1 http://www.cio.com/article/3153706/security/4-information-security-threats-that-will-dominate-2017.html http://www.databreachtoday.com/major-breach-insurer-blames-system-integrator-a-9603 http://www.zdnet.com/article/this-ransomware-targets-hr-departments-with-fake-job-applications/ https://securosis.com/mobile/tidal-forces-the-trends-tearing-apart-security-as-we-know-it/full https://securosis.com/blog/network-security-in-the-cloud-age-everything-changes http://blog.erratasec.com/2017/01/notes-about-ftc-action-against-d-link.html Slack Channel: http://https://defensivesecurity.org/slack-channel/
Jan 09, 2017
Defensive Security Podcast Episode 180
49:25
https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/ http://arstechnica.com/tech-policy/2016/12/disgraced-it-worker-stole-confidential-expedia-e-mails-even-after-he-left/ http://arstechnica.com/security/2016/12/millions-exposed-to-malvertising-that-hid-attack-code-in-banner-pixels/ http://www.reuters.com/article/us-cyber-heist-bangladesh-exclusive-idUSKBN1411ST http://motherboard.vice.com/read/newly-uncovered-site-suggests-nsa-exploits-for-direct-sale http://arstechnica.com/security/2016/12/what-can-you-do-with-a-billion-yahoo-passwords-lots-of-bad-things/
Dec 20, 2016
Defensive Security Podcast Episode 179
1:14:21
2016 HOLIDAY PODCAST MASHUP With: PVC Security Podcast: http://www.pvcsec.com/ Brakeing Down Security Podcast: http://www.brakeingsecurity.com/ Advanced Persistent Security Podcast: https://advancedpersistentsecurity.net/ …and Amanda Berlin!
Dec 18, 2016
Defensive Security Podcast Episode 178
1:13:04
Slack channel:  https://defensivesecurity.org/slack-channel/ http://blog.checkpoint.com/2016/11/24/imagegate-check-point-uncovers-new-method-distributing-malware-images/ http://www.csoonline.com/article/3143713/analytics/shall-we-care-about-zero-day.html http://www.databreachtoday.com/umass-amherst-hit-650000-hipaa-settlement-a-9554 http://arstechnica.com/security/2016/11/elegant-0day-unicorn-underscores-serious-concerns-about-linux-security/ http://www.securityweek.com/disgruntled-gamer-likely-behind-october-us-hacking-expert http://www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_just_bunk_antivirus_ids/ https://blog.instant2fa.com/an-economic-model-for-security-spending-3d982d05d0c1#.fpcnkz5qn http://www.securityweek.com/when-ransomware-hits-business-paying-unlikely-guarantee-resolution http://www.csoonline.com/article/3142889/security/ransomware-victims-able-to-thwart-attacks-report-says.html
Nov 28, 2016
Defensive Security Podcast Episode 177
37:37
Book recommendations: https://defensivesecurity.org/resources/recommended-books/ Slack channel: http://https://defensivesecurity.org/slack-channel/ http://arstechnica.com/information-technology/2016/11/kaspersky-accuses-microsoft-of-anticompetitive-bundling-of-antivirus-software/ https://nakedsecurity.sophos.com/2016/11/11/yahoo-staff-knew-they-were-breached-two-years-ago/ http://www.csoonline.com/article/3139311/security/412-million-friendfinder-accounts-exposed-by-hackers.html
Nov 14, 2016
Defensive Security Podcast Episode 176
54:19
https://www.helpnetsecurity.com/2016/11/03/overconfidence-risk-attacks/ http://arstechnica.com/security/2016/11/windows-zero-day-exploited-by-same-group-behind-dnc-hack/ http://www.bankinfosecurity.com/those-suing-anthem-seek-security-audit-documents-a-9498 https://it.slashdot.org/story/16/11/05/1744231/it-workers-facing-layoffs-jolted-by-ceos-message
Nov 07, 2016
Defensive Security Podcast Episode 175
1:05:55
http://www.securityweek.com/shadow-brokers-leaks-servers-allegedly-hacked-nsa http://www.bankinfosecurity.com/online-ad-industry-threatened-by-security-issues-a-9488 http://m.elpasoinc.com/news/local_news/article_92e82ee0-9f84-11e6-b429-0b2b853bae0b.html?mode=jqm http://researchcenter.paloaltonetworks.com/2016/10/unit42-psa-conference-invite-used-lure-operation-lotus-blossom-actors/
Nov 02, 2016
Defensive Security Podcast Episode 174
40:38
https://threatpost.com/serious-dirty-cow-linux-vulnerability-under-attack/121448/ http://news.softpedia.com/news/hackers-steal-research-and-user-data-from-japanese-nuclear-research-lab-509380.shtml https://www.databreaches.net/rainbow-childrens-clinic-notifies-33368-patients-of-ransomware-attack/ https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
Oct 24, 2016
Defensive Security Podcast Episode 173
40:08
http://conferences.oreilly.com/security/network-data-security-ny/public/content/buy-one-get-one-discount https://www.eventbrite.com/e/bsides-atlanta-2016-tickets-27895813128 http://www.cnbc.com/2016/10/14/british-banks-keep-cyber-attacks-under-wraps-to-protect-image.html http://www.lexology.com/library/detail.aspx?g=f17c1e55-5768-4ea6-a7e6-d555c4052eef https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly
Oct 16, 2016
Defensive Security Podcast Episode 172
42:38
http://cybersecurity.oxfordjournals.org/content/early/2016/08/08/cybsec.tyw001 https://www.helpnetsecurity.com/2016/09/29/risky-password-practices/ http://www.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html?_r=0 http://www.databreachtoday.com/blogs/yahoo-breach-great-nation-state-cop-out-p-2260
Oct 03, 2016
Defensive Security Podcast Episode 171
58:24
http://www.csoonline.com/article/3119965/security/a-single-ransomware-network-has-pulled-in-121-million.html https://www.sans.org/reading-room/whitepapers/dataprotection/data-breaches-prevention-practical-37267 http://www.bankinfosecurity.com/aligning-cyber-framework-organizations-strategy-goals-a-9401 http://arstechnica.com/security/2016/09/swift-fraudsters-detection-system-bangladesh-bank-heist/ http://www.bankinfosecurity.com/blogs/ransomware-victims-please-come-forward-p-2255 http://www.nytimes.com/2016/09/17/business/dealbook/wells-fargo-warned-workers-against-fake-accounts-but-they-needed-a-paycheck.html
Sep 22, 2016
Defensive Security Podcast Episode 170
58:42
http://news.softpedia.com/news/retiring-sysadmin-fakes-cyber-attack-to-get-away-with-data-theft-507992.shtml https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf http://money.cnn.com/2016/09/08/investing/wells-fargo-created-phony-accounts-bank-fees/index.html http://spectrum.ieee.org/view-from-the-valley/computing/it/facebook-engineers-crash-data-centers-in-realworld-stress-test http://www.bloomberg.com/news/articles/2016-09-08/cisco-s-network-bugs-are-front-and-center-in-bankruptcy-fight
Sep 11, 2016
Defensive Security Podcast Episode 169
44:50
http://www.csoonline.com/article/3110975/techology-business/how-do-you-measure-success-when-it-comes-to-stopping-phishing-attacks.html http://www.databreachtoday.com/equation-group-hacking-tool-dump-5-lessons-a-9358 http://www.csoonline.com/article/3109982/security/attackers-dont-need-vulnerabilities-when-the-basics-work-just-as-well.html http://www.securityweek.com/attacker-uses-virtual-machine-hide-malicious-activity http://www.networkworld.com/article/3110653/security/imperva-application-layer-ddos-attacks-are-on-the-rise.html http://arstechnica.com/security/2016/08/actively-exploited-ios-flaws-that-hijack-iphones-likely-spread-for-years/
Aug 30, 2016
Defensive Security Podcast Episode 168
51:28
https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/ http://www.extremetech.com/extreme/234031-your-guide-to-the-shadow-brokers-nsa-theft-which-puts-the-snowden-leaks-to-shame http://phys.org/news/2016-08-people-software-percent.html http://www.csoonline.com/article/3108025/cyber-attacks-espionage/cerber-ransomware-earns-2-3mil-with-0-3-response-rate.html
Aug 21, 2016
Defensive Security Podcast Episode 167
1:02:46
http://www.csoonline.com/article/3101863/security/report-only-3-percent-of-u-s-companies-pay-attackers-after-ransomware-infections.html http://www.bankinfosecurity.com/fed-reserve-a-9282 http://www.tripwire.com/state-of-security/featured/does-dropping-malicious-usb-sticks-really-work-yes-worryingly-well/ http://arstechnica.com/security/2016/08/frequent-password-changes-are-the-enemy-of-security-ftc-technologist-says/ http://spectrum.ieee.org/tech-talk/telecom/security/nigerian-scammers-infect-themselves-with-own-malware-revealing-new-wirewire-fraud-scheme http://www.csoonline.com/article/3106076/data-protection/disable-wpad-now-or-have-your-accounts-and-private-data-compromised.html http://fortune.com/2016/08/12/delta-airlines-outages/
Aug 14, 2016
Defensive Security Podcast Episode 166
48:19
http://www.bankinfosecurity.com/report-new-york-fed-fumbled-cyber-heist-response-a-9281 http://motherboard.vice.com/read/ransomware-gang-claims-fortune-500-company-hired-them-to-hack-the-competition http://www.lexology.com/library/detail.aspx?g=d0f4e774-6c6a-4783-b993-4f165f1dcc7e
Jul 25, 2016
Defensive Security Podcast Episode 165
57:34
Tiaracon: http://tiaracon.org/ http://www.cbc.ca/news/technology/antivirus-software-1.3668746 http://www.csoonline.com/article/3089439/business-continuity/9-critical-controls-for-todays-threats.html http://www.bankinfosecurity.com/interviews/heartbleed-update-america-vulnerable-i-3242 http://www.bankinfosecurity.com/blogs/av-wars-sophos-vs-cylance-p-2172 http://www.reuters.com/article/us-cyber-fdic-china-idUSKCN0ZT20M http://blog.talosintel.com/2016/07/ranscam.html
Jul 17, 2016
Defensive Security Podcast Episode 164
1:02:56
http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html#.V3BKyvkrJhE http://www.zdnet.com/article/cvss-scores-are-not-enough-for-modern-security/ http://www.crn.com/news/security/300081157/sophos-slams-cylance-in-blog-post-as-market-for-endpoint-security-heats-up.htm?itc=refresh
Jun 30, 2016
Defensive Security Podcast Episode 163
1:00:30
http://www.darkreading.com/vulnerabilities—threats/windows-badtunnel-attack-hijacks-network-traffic/d/d-id/1325875 http://krebsonsecurity.com/2016/06/adobe-update-plugs-flash-player-zero-day/ http://krebsonsecurity.com/2016/06/banks-credit-card-breach-at-cicis-pizza/ http://ieee-security.org/TC/SP2016/papers/0824a018.pdf https://securelist.com/blog/research/75027/xdedic-the-shady-world-of-hacked-servers-for-sale/ https://www.washingtonpost.com/world/national-security/guccifer-20-claims-credit-for-dnc-hack/2016/06/15/abdcdf48-3366-11e6-8ff7-7b6c1998b7a0_story.html http://fox4kc.com/2016/06/15/platte-county-commissioners-give-treasurer-one-week-to-repay-funds-lost-to-email-scam/ http://www.abc.net.au/news/2016-06-18/software-legal-battle-could-put-sa-patients’-safety/7522934
Jun 20, 2016
Defensive Security Podcast Episode 162
50:37
https://threatpost.com/teamviewer-denies-hack-blames-password-reuse-for-compromises/118427/ http://www.businessinsurance.com/article/20160602/NEWS06/160609935/chubb-p-f-changs-federal-insurance-co-cybersecurity-by-chubb-credit http://www.csoonline.com/article/3075385/backup-recovery/will-your-backups-protect-you-against-ransomware.html#jump http://www.csoonline.com/article/3077434/security/93-of-phishing-emails-are-now-ransomware.html#jump http://venturebeat.com/2016/06/04/federal-reserve-bank-was-hacked-more-than-50-times-between-2011-and-2015/ http://www.csoonline.com/article/3075758/data-breach/up-to-a-dozen-banks-are-reportedly-investigating-potential-swift-breaches.html#jump http://www.theregister.co.uk/2016/06/03/swift_threatens_insecure_bank_suspensions/
Jun 05, 2016
Defensive Security Podcast Episode 161
33:22
Vote for us! https://www.surveymonkey.com/r/secbloggerwards2016 http://www.csoonline.com/article/3071337/cyber-attacks-espionage/cybercriminals-are-increasingly-embracing-a-sophisticated-business-model-approach.html#tk.rss_all https://www.yahoo.com/news/special-report-cyber-thieves-exploit-banks-faith-swift-052100312–finance.html?ref=gs http://www.securityweek.com/google-soon-kill-sslv3-rc4-support-gmail https://threatpost.com/microsoft-warns-of-sneaky-new-macro-trick/118227/ http://www.networkworld.com/article/3073495/security/kansas-heart-hospital-hit-with-ransomware-paid-but-attackers-demanded-2nd-ransom.html
May 23, 2016
Defensive Security Podcast Episode 160
58:40
http://www.bankinfosecurity.com/researcher-hacks-symantecs-av-via-email-a-9109 http://www.v3.co.uk/v3-uk/news/2457773/hackers-exploiting-six-year-old-sap-software-flaw-warns-us-cert http://arstechnica.com/security/2016/05/1b-bangladesh-heist-officials-say-swift-technicians-left-bank-vulnerable/ http://www.csoonline.com/article/3069502/data-breach/malware-attacks-on-two-banks-have-links-with-2014-sony-pictures-hack.html https://www.surveymonkey.com/r/secbloggerwards2016
May 18, 2016
Defensive Security Podcast Episode 159
1:27:05
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/ https://blog.osvdb.org/2016/04/27/a-note-on-the-verizon-dbir-2016-vulnerabilities-claims/
May 02, 2016
Defensive Security Podcast Episode 158
41:55
http://baesystemsai.blogspot.nl/2016/04/two-bytes-to-951m.html https://threatpost.com/bangladesh-bank-hackers-accessed-swift-system-to-steal-cover-tracks/117637/ http://www.csoonline.com/article/3061229/fraud/swift-banking-network-warns-customers-of-cyberfraud-cases.html http://www.theregister.co.uk/2016/04/22/i_hacked_facebook_and_found_someone_had_beaten_me_to_it/
Apr 28, 2016
Defensive Security Podcast Episode 157
46:50
https://www.helpnetsecurity.com/2016/04/15/eu-data-protection-rules/ http://pastebin.com/raw/0SNSvyjJ https://threatpost.com/apple-deprecates-quick-time-for-windows-wont-patch-new-flaws/117427/ http://www.welivesecurity.com/2016/04/13/medical-data-breach-leads-record-cash-settlement/
Apr 19, 2016
Defensive Security Podcast Episode 156
51:33
https://offensivetechblog.wordpress.com/2016/03/29/systems-admins-we-need-to-talk/ http://m.sfgate.com/business/technology/article/Hackers-broke-into-hospitals-despite-software-7229722.php http://www.wired.co.uk/news/archive/2016-04/06/panama-papers-mossack-fonseca-website-security-problems http://arstechnica.com/security/2016/04/ok-panic-newly-evolved-ransomware-is-bad-news-for-everyone/
Apr 13, 2016
Defensive Security Podcast Episode 155
1:00:36
https://www.cooley.com/california-attorney-general-2016-data-breach-report http://www.csoonline.com/article/3049392/security/chinese-scammers-take-mattel-to-the-bank-phishing-them-for-3-million.html http://www.oreilly.com/security/newsletter http://conferences.oreilly.com/security/network-data-security-ny
Apr 05, 2016
Defensive Security Podcast Episode 154
39:29
https://threatpost.com/apt-attackers-flying-more-false-flags-than-ever/116814/ http://www.csoonline.com/article/3048334/security/verizons-breach-experts-missed-one-right-under-their-noses.html http://www.wsj.com/articles/hackers-in-bangladesh-bank-account-heist-part-of-larger-breach-1458582678 http://krebsonsecurity.com/2016/03/hospital-declares-internet-state-of-emergency-after-ransomware-infection/
Mar 29, 2016
Defensive Security Podcast Episode 153
48:09
http://www.csoonline.com/article/3043975/security/compromised-data-goes-public-as-staminus-recovers-from-attack.html#tk.rss_all http://www.darkreading.com/endpoint/patch-management-still-plagues-enterprise/d/d-id/1324615 http://www.welivesecurity.com/2016/03/09/android-trojan-targets-online-banking-users/ http://arstechnica.com/security/2016/03/a-typo-costs-bank-hackers-nearly-1b/ http://www.cnet.com/news/home-depot-offers-19m-to-settle-customers-hacking-lawsuit/
Mar 15, 2016
Defensive Security Podcast Episode 152
1:00:35
http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf?_ga=1.157194172.685877305.1433735448 https://blog.agilebits.com/2015/06/17/1password-inter-process-communication-discussion/ http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest_xg_en.pdf
Mar 07, 2016
Defensive Security Podcast Episode 151
39:39
http://www.databreachtoday.com/anthem-breach-lessons-one-year-later-a-8897 http://www.dw.com/en/hackers-hold-german-hospital-data-hostage/a-19076030 http://krebsonsecurity.com/2016/02/breached-credit-union-comes-out-of-its-shell/ http://arstechnica.com/security/2016/02/hackers-did-indeed-cause-ukrainian-power-outage-us-report-concludes/
Feb 28, 2016
Defensive Security Podcast Episode 150
46:47
http://www.scmagazineuk.com/russian-bank-licences-revoked-for-using-hackers-to-withdraw-funds/article/474464/ http://arstechnica.com/security/2016/02/hospital-pays-17k-for-ransomware-crypto-key/ http://news.softpedia.com/news/us-school-agrees-to-pay-8-500-to-get-rid-of-ransomware-500684.shtml http://www.scmagazineuk.com/44-of-ransomware-victims-in-the-uk-have-paid-to-recover-their-data/article/475426/ http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/
Feb 25, 2016
Defensive Security Podcast Episode 149
49:55
http://www.tripwire.com/state-of-security/latest-security-news/cisco-patches-critical-asa-ike-buffer-overflow-vulnerability/ http://www.securityweek.com/we-cant-give-preventing-breaches http://www.csoonline.com/article/3033160/security/ransomware-takes-hollywood-hospital-offline-36m-demanded-by-attackers.html http://arstechnica.com/security/2016/02/clever-bank-hack-allowed-crooks-to-make-unlimited-atm-withdrawals/
Feb 16, 2016
Defensive Security Podcast Episode 148
57:14
http://www.theregister.co.uk/2016/02/04/norse_corp_ceo_fired/ http://www.secureworks.com/resources/blog/ransomware-used-as-a-distraction/ http://www.zdnet.com/article/most-windows-flaws-mitigated-by-removing-admin-rights-says-report/ http://mobile.reuters.com/article/idUSKCN0VD14X http://www.csoonline.com/article/3025787/security/defending-against-insider-security-threats-hangs-on-trust.html http://www.securityforrealpeople.com/2016/02/poor-ux-leads-to-poorly-secured-soho.html
Feb 11, 2016
Defensive Security Podcast Episode 147
42:24
Hack in the Box: https://conference.hitb.org/ Circle City Con: https://circlecitycon.com/tickets/ http://www.theregister.co.uk/2016/01/28/nsas_top_hacking_boss_explains_how_to_protect_your_network_from_his_minions/?page=1 https://www.youtube.com/watch?v=bDJb8WOJYdA http://krebsonsecurity.com/2016/01/sources-security-firm-norse-corp-imploding/ http://arstechnica.com/security/2016/01/secret-ssh-backdoor-in-fortinet-hardware-found-in-more-products/
Feb 01, 2016
Defensive Security Podcast Episode 146
39:49
https://blog.malwarebytes.org/intelligence/2016/01/draft-lechiffre-a-manually-run-ransomware/ http://www.tripwire.com/state-of-security/security-data-protection/boeing-supplier-hacked-claims-55-million-worth-of-damage-as-stock-price-falls/ http://krebsonsecurity.com/2016/01/firm-sues-cyber-insurer-over-480k-loss/ http://shawnetuma.com/2016/01/08/supervalu-data-breach-class-action-dismissed-for-lack-of-harm/ Hack in the Box: https://conference.hitb.org/ Circle City Con: https://circlecitycon.com/tickets/
Jan 27, 2016
Defensive Security Podcast Episode 145
36:10
http://arstechnica.com/security/2016/01/security-firm-sued-for-filing-woefully-inadequate-forensics-report/ http://arstechnica.com/security/2016/01/et-tu-fortinet-hard-coded-password-raises-new-backdoor-eavesdropping-fears/ http://www.csoonline.com/article/3021774/security/trend-micro-flaw-could-have-allowed-attacker-to-steal-all-passwords.html
Jan 21, 2016
Defensive Security Podcast Episode 144
42:36
http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/ http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html http://www.databreaches.net/191-million-voters-personal-info-exposed-by-misconfigured-database/ http://darkmatters.norsecorp.com/2015/12/28/the-cybersecurity-information-sharing-act-cisa-passed/
Jan 03, 2016
Defensive Security Podcast Episode 143
1:21:37
This is our 2015 holiday episode with the Brakeing Down Security and PVC Security podcasts.
Jan 03, 2016
Defensive Security Podcast Episode 142
43:11
https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html http://www.csoonline.com/article/3012443/security/how-the-nsa-uses-behavior-analytics-to-detect-threats.html#tk.rss_all http://www.databreachtoday.com/wyndham-agrees-to-settle-ftc-breach-case-a-8737 https://technet.microsoft.com/en-us/library/security/ms15-127.aspx https://www.reddit.com/r/sysadmin/comments/3wa8rl/early_warning_system_for_cryptowall_crypto_canary/
Dec 13, 2015
Defensive Security Podcast Episode 141
46:48
http://www.zdnet.com/article/vtech-hack-gets-worse-kids-photos-chat-logs-also-stolen/ http://krebsonsecurity.com/2015/12/dhs-giving-firms-free-penetration-tests/ http://www.csoonline.com/article/3011580/data-protection/insurance-companies-will-crack-down-on-cyber-security-in-2016-report.html http://www.forbes.com/sites/joannabelbey/2015/11/30/7-tips-from-the-fbi-to-prepare-your-firm-for-a-cyber-attack/
Dec 06, 2015
Defensive Security Podcast Episode 140
44:41
http://krebsonsecurity.com/2015/11/breach-at-it-automation-firm-landesk/ http://www.slate.com/articles/technology/users/2015/11/sony_employees_on_the_hack_one_year_later.html http://www.csoonline.com/article/3006816/cyber-attacks-espionage/damballa-finds-tools-related-to-the-malware-that-hit-sony.html http://www.databreachtoday.com/interviews/what-jpmorgan-chase-breach-teaches-us-i-2982 http://www.healthcaredive.com/news/ftc-data-breach-case-dismissal-raises-bar-for-demonstrating-consumer-harm/409634/
Nov 26, 2015
Defensive Security Podcast Episode 139
46:20
http://www.bloomberg.com/news/articles/2015-11-10/hackers-accused-by-u-s-of-targeting-top-banks-mutual-funds http://www.trust.org/item/20151113203615-j3cyu http://krebsonsecurity.com/2015/11/jpmorgan-hackers-breached-anti-fraud-vendor-g2-web-services/#more-32855 http://consumerist.com/2015/11/13/lack-of-windows-3-1-technicians-causes-traffic-backup-at-french-airport/ http://securityaffairs.co/wordpress/41950/cyber-crime/fakben-ransomware-as-a-service.html
Nov 16, 2015
Defensive Security Podcast Episode 138
55:03
http://arstechnica.com/security/2015/11/crypto-e-mail-service-pays-6000-ransom-gets-taken-out-by-ddos-anyway/ http://arstechnica.com/security/2015/11/booming-crypto-ransomware-industry-employs-new-tricks-to-befuddle-victims/ http://www.theregister.co.uk/2015/11/02/pagefair_malware_snare_scare_in_halloween_hack_of_adblocker_blocker/ http://www.infosecurity-magazine.com/news/it-personnel-are-the-riskiest/
Nov 08, 2015
Defensive Security Podcast Episode 137
38:28
http://blog.erratasec.com/2015/10/dumb-dumber-and-cybersecurity.html http://www.businessinsider.com/talktalk-didnt-use-encryption-hack-protect-4-million-customer-details-2015-10 https://grahamcluley.com/2015/10/talktalk-hacked-silly-ask-data-encrypted/ http://krebsonsecurity.com/2015/10/talktalk-hackers-demanded-80k-in-bitcoin/ http://www.securityweek.com/hacking-impact-short-lived-sony-boss https://threatpost.com/european-aviation-agency-warns-of-aircraft-hacking/114987/
Oct 26, 2015
Defensive Security Podcast Episode 136
51:15
http://www.threatconnect.com/threat-intelligence-driven-risk-analysis/http://www.theregister.co.uk/2015/10/15/inside_mandiants_biggest_forensics_breach_battle_is_this_anthem/http://www.theregister.co.uk/2015/10/16/dow_jones_denies_russian_hackers_plundered_its_servers_for_insider_trading_tips/http://m.nextgov.com/cybersecurity/2015/10/opm-fully-do-away-passwords-network-access-2-years/122768/
Oct 21, 2015
Defensive Security Podcast Episode 135
54:48
tp://www.databreachtoday.com/report-usps-workers-vulnerable-to-phishing-scams-a-8579 http://krebsonsecurity.com/2015/10/at-experian-security-attrition-amid-acquisitions/#more-32501 http://www.databreachtoday.com/etrade-dow-jones-issue-breach-alerts-a-8586 http://www.bankinfosecurity.asia/blogs/cyber-insurance-primer-for-insurers-insured-p-1946 http://www.csoonline.com/article/2990471/social-engineering/near-flawless-social-engineering-attack-spoiled-by-single-flaw.html#tk.rss_all
Oct 13, 2015
Defensive Security Podcast Episode 134
37:46
http://arstechnica.com/security/2015/10/patreon-was-warned-of-serious-website-flaw-5-days-before-it-was-hacked/ http://www.scmagazine.com/sec-hits-security-adviser-with-75000-penalty-in-breach-settlement/article/440268/ http://krebsonsecurity.com/2015/10/scottrade-breach-hits-4-6-million-customers/ http://www.wired.com/2015/10/hack-brief-hackers-steal-15m-t-mobile-customers-data-experian/ http://time.com/4056928/trump-hotels-hacked/ http://fortune.com/2015/10/02/american-bankers-association-breach/
Oct 05, 2015
Defensive Security Podcast Episode 133
1:07:12
http://www.pvcsec.com/ http://brakeingsecurity.com/
Sep 30, 2015
Defensive Security Podcast Episode 132
1:16:04
http://www.thenationaltriallawyers.org/2015/09/standing-neiman-marcus-data-breach/ http://krebsonsecurity.com/2015/09/bidding-for-breaches-redefining-targeted-attacks/ http://www.miltonstart.com/blog/2015/09/22/morgan-stanley-employee-pleads-guilty-in-data-breach-case/
Sep 29, 2015
Defensive Security Podcast Episode 131
1:04:47
http://www.bizjournals.com/atlanta/blog/atlantech/2015/09/atlantas-bitpay-got-hacked-for-1-8-million-in.html http://www.securityweek.com/excellus-data-breach-impacts-10-million http://www.databreachtoday.com/attacks-on-insurers-lessons-learned-a-8530 http://federalnewsradio.com/cybersecurity/2015/09/us-certs-dos-and-donts-for-after-the-cyber-hack/ http://www.theguardian.com/technology/2015/sep/10/cyber-threat-data-manipulation-us-intelligence-chief http://www.csoonline.com/article/2984543/vulnerabilities/as-containers-take-off-so-do-security-concerns.html
Sep 21, 2015
Defensive Security Podcast Episode 130
1:05:56
http://www.theregister.co.uk/2015/09/04/mozilla_firefox_bugzilla_leak/ http://darkmatters.norsecorp.com/2015/09/03/four-non-technical-measures-for-mitigating-insidious-insiders/ http://arstechnica.com/tech-policy/2015/08/ftc-can-sue-companies-with-poor-information-security-appeals-court-says/ https://nakedsecurity.sophos.com/2015/09/02/microsoft-word-intruder-revealed-inside-a-malware-construction-kit/ http://www.securityweek.com/executive-it-security-problem-lessons-learned-hillary-clinton
Sep 12, 2015
Defensive Security Podcast Episode 129
42:28
http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/security-reverse-engineering-and-eulas/ http://arstechnica.com/security/2015/08/my-browser-visited-drudgereport-and-all-i-got-was-this-lousy-malware/ http://arstechnica.com/security/2015/08/attackers-actively-exploit-windows-bug-that-uses-usb-sticks-to-infect-pcs/ http://arstechnica.com/information-technology/2015/08/lenovo-used-windows-anti-theft-feature-to-install-persistent-crapware/ http://socialmedia.umich.edu/blog/hacked/
Aug 25, 2015
Defensive Security Podcast Episode 128
29:36
Aug 25, 2015
Defensive Security Podcast Episode 127
1:00:56
http://resources.infosecinstitute.com/can-user-awareness-really-prevent-spear-phishing/ http://www.net-security.org/secworld.php?id=18702 http://link.springer.com/article/10.1007/s12290-015-0355-5/fulltext.html
Aug 11, 2015
Defensive Security Podcast Episode 126
1:18:15
http://fortune.com/2015/07/29/crowdstrike-cybersecurity-george-kurtz/ http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/phishing-up-74-in-q2-2015-reveals-infoblox-dns-threat-index/ http://blog.trendmicro.com/trendlabs-security-intelligence/angler-exploit-kit-used-to-find-and-infect-pos-systems/ http://www.welivesecurity.com/2015/07/28/new-report-explains-gulf-security-experts-non-experts/
Aug 03, 2015
Defensive Security Podcast Episode 125
44:32
http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/ http://www.mcafee.com/us/resources/reports/rp-aspen-holding-line-cyberthreats.pdf http://arstechnica.com/tech-policy/2015/07/obama-administration-decides-not-to-blame-china-publicly-for-opm-hack/ http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/
Jul 27, 2015
Defensive Security Podcast Episode 124
53:26
http://arstechnica.com/tech-policy/2015/07/hacking-teams-surveillance-software-sold-to-kgb-successor/ http://arstechnica.com/security/2015/07/hackingteams-evil-android-app-had-code-to-bypass-google-play-screening/ http://www.scmagazine.com/ios-devices-dont-have-to-be-jailbroken-for-spyware-sold-by-hacking-team-to-be-installed/article/426137/ https://krebsonsecurity.com/2015/07/hacking-team-used-spammer-tricks-to-resurrect-spy-network/ http://www.scmagazine.com/fireeye-intern-morgan-culbertson-arrested-in-darkode-bust/article/427139/2/ http://erpscan.com/wp-content/themes/supercms/Publications/Chinese_attack_on_USIS_using_SAP_vulnerability_Detailed_review_and_comments.pdf
Jul 19, 2015
Defensive Security Podcast Episode 123
53:37
http://labs.bromium.com/2015/07/10/government-grade-malware-a-look-at-hackingteams-rat/ http://www.theregister.co.uk/2015/07/12/adobe_flash_zero_day_cve_2015_5122/ https://www.tenable.com/blog/lessons-to-learn-from-the-opm-breach http://arstechnica.com/tech-policy/2015/07/opm-director-resigns-after-news-that-hack-affected-21-5-million-people/ http://www.ffiec.gov/cyberassessmenttool.htm
Jul 13, 2015
Defensive Security Podcast Episode 122
37:08
http://arstechnica.com/security/2015/07/massive-leak-reveals-hacking-teams-most-private-moments-in-messy-detail/ & http://www.csoonline.com/article/2945200/vulnerabilities/adobe-to-patch-flash-0-day-created-by-hacking-team.html http://securityaffairs.co/wordpress/38372/cyber-crime/kins-malware-builder-leaked.html https://threatpost.com/cyber-ul-could-become-reality-under-leadership-of-hacker-mudge/113538 http://www.federaltimes.com/story/government/omr/opm-cyber-report/2015/06/23/keypoint-usis-opm-breach/28977277/
Jul 09, 2015
Defensive Security Podcast Episode 121
51:27
http://www.databreaches.net/fbi-cyber-division-bulletin-on-tools-reportedly-used-by-opm-hackers/ https://fortune.com/sony-hack-part-1/ http://www.csoonline.com/article/2938310/data-protection/lieberman-mandiant-and-verizon-wrong-on-unstoppable-threats.html http://www.itworld.com/article/2939255/windows/the-us-navys-warfare-systems-command-just-paid-millions-to-stay-on-windows-xp.html
Jun 30, 2015
Defensive Security Podcast Episode 120
53:02
http://www.bankinfosecurity.com/blogs/did-fisma-facilitate-opm-hack-p-1879/op-1 http://www.csoonline.com/article/2936723/data-breach/user-error-is-an-expected-business-problem.html http://www.databreachtoday.com/blogs/post-malware-outbreak-rip-replace-p-1877 http://www.csoonline.com/article/2936615/data-breach/6-breaches-lessons-reminders-and-potential-ways-to-prevent-them.html http://www.nytimes.com/2015/06/17/sports/baseball/st-louis-cardinals-hack-astros-fbi.html
Jun 23, 2015
Defensive Security Podcast Episode 119
51:38
http://www.theregister.co.uk/2015/05/28/cottage_healthcare_system_sued/ http://arstechnica.com/security/2015/06/report-hack-of-government-employee-records-discovered-by-product-demo/ http://www.reddit.com/r/netsec/comments/36obxt/what_i_know_about_us_export_controls_and_hacking/ http://www.bis.doc.gov/index.php/policy-guidance/faqs http://www.wired.com/2015/06/kaspersky-finds-new-nation-state-attack-network/
Jun 15, 2015
Defensive Security Podcast Episode 118
59:09
http://www.symantec.com/connect/fr/blogs/check-your-sources-trojanized-open-source-ssh-software-used-steal-information https://nakedsecurity.sophos.com/2015/05/21/anatomy-of-a-logjam-another-tls-vulnerability-and-what-to-do-about-it/ http://krebsonsecurity.com/2015/05/carefirst-blue-cross-breach-hits-1-1m/ http://www.forbes.com/sites/thomasbrewster/2015/05/20/guns-bombs-hacking-cars-and-planes-dangerous-tweets-for-a-security-researcher/
May 27, 2015
Defensive Security Podcast Episode 117
1:04:44
http://www.computerworld.com/article/2918406/cybercrime-hacking/cybercriminals-borrow-from-apt-playbook-in-attacking-pos-vendors.html http://www.welivesecurity.com/2015/05/12/5-practical-tips-avoid-ransomware-email/ http://www.zdnet.com/article/what-causes-enterprise-data-breaches-the-terrible-complexity-and-fragility-of-our-it-systems/ http://www.computing.co.uk/ctg/news/2408602/venom-security-vulnerability-allows-hackers-to-infiltrate-networks-via-the-cloud http://arstechnica.com/security/2015/05/penn-state-severs-engineering-network-after-incredibly-serious-intrusion/
May 18, 2015
Defensive Security Podcast Episode 116
42:33
John’s book: http://www.amazon.com/Offensive-Countermeasures-Art-Active-Defense/dp/1491065966/ref=sr_1_1?ie=UTF8&qid=1431313328&sr=8-1&keywords=active+defense
May 11, 2015
Defensive Security Podcast Episode 115
53:19
http://www.wsj.com/articles/five-simple-steps-to-protect-corporate-data-1429499477 http://www.politico.com/story/2015/04/sony-hackers-fake-emails-117200.html http://www.japantimes.co.jp/news/2015/04/21/national/tepcos-frugality-rapped-after-48000-pcs-found-running-windows-xp/ http://www.darkreading.com/attacks-breaches/zero-day-malvertising-attack-went-undetected-for-two-months/d/d-id/1320092 http://www.csoonline.com/article/2913884/access-control/credit-card-terminals-have-used-same-password-since-1990s-claim-researchers.html#tk.rss_all
Apr 28, 2015
Defensive Security Podcast Episode 114
59:44
http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report-2015_en_xg.pdf http://arstechnica.com/security/2015/04/researcher-who-joked-about-hacking-a-jet-plane-barred-from-united-flight/
Apr 20, 2015
Defensive Security Podcast Episode 113
46:34
http://arstechnica.com/tech-policy/2015/04/police-chief-paying-the-bitcoin-ransom-was-the-last-resort/ http://www.computerworld.com/article/2907088/russian-hackers-accessed-white-house-email.html http://www.darkreading.com/endpoint/so-you-dont-believe-in-security-education-/a/d-id/1319793? – my post regarding this: https://www.maliciouslink.com/applying-science-to-cyber-security/ http://www.reuters.com/article/2015/04/07/us-cybersecurity-americas-idUSKBN0MY06Z20150407
Apr 12, 2015
Defensive Security Podcast Episode 112
49:04
HTCIA conference: http://www.htciaconference.org http://www.databreachtoday.com/new-malware-attacks-prey-on-banks-a-8076 http://www.databreachtoday.com/cyber-attacks-target-energy-firms-a-8068/op-1 http://www.techworld.com/news/security/removing-admin-rights-would-ease-97-percent-of-critical-microsoft-flaws-3605895/  http://www.ffiec.gov/press/pr033015.htm http://www.csoonline.com/article/2905682/data-breach/employees-have-no-qualms-in-selling-corporate-passwords.html
Apr 07, 2015
Defensive Security Podcast Episode 111
39:46
High Tech Crime Investigation Association Conference: http://www.htciaconference.org http://www.databreachtoday.com/pci-issues-penetration-test-guidance-a-8056 http://arstechnica.com/security/2015/03/github-battles-largest-ddos-in-sites-history-targeted-at-anti-censorship-tools/
Mar 31, 2015
Defensive Security Podcast Episode 110
52:15
http://www.infoworld.com/article/2898658/security/premera-anthem-data-breaches-linked-by-similar-hacking-tactics.html http://www.theregister.co.uk/2015/03/23/premera_healthcare_hipaa/ http://arstechnica.com/security/2015/03/all-four-major-browsers-take-a-stomping-at-pwn2own-hacking-competition/ http://www.csoonline.com/article/2898128/disaster-recovery/godaddy-accounts-vulnerable-to-social-engineering-and-photoshop.html http://blog.norsecorp.com/2015/03/23/bitwhisper-breaching-air-gapped-systems-via-thermal-manipulation/ http://rt.com/news/243397-canada-cyber-spying-snowden/ http://www.dailydot.com/technology/michael-hamelin-legacy-encryption-death/
Mar 25, 2015
Defensive Security Podcast Episode 109
42:45
http://www.firstcoastnews.com/story/news/local/2015/03/09/cyber-thieves-target-orange-park-bank/24682713/ https://blogs.mcafee.com/mcafee-labs/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events http://mobile.esecurityplanet.com/network-security/pci-compliance-still-a-challenge-verizon.html http://www.zdnet.com/article/feds-hot-on-the-trail-of-jpmorgan-hackers/ http://www.pnj.com/story/news/2015/03/16/sacred-heart-health-system-billing-information-hacked/24859975/
Mar 18, 2015
Defensive Security Podcast Episode 108
54:38
http://arstechnica.com/security/2015/03/ubers-epic-db-blunder-is-hardly-an-exception-github-is-awash-in-passwords/ http://www.csoonline.com/article/2892417/security-awareness/5-steps-to-incorporate-threat-intelligence-into-your-security-awareness-program.html http://www.csoonline.com/article/2892327/malware-cybercrime/driveby-attack-relies-on-hacked-godaddy-accounts.html#tk.rss_all http://www.csoonline.com/article/2889850/security/insurance-firm-staysure-fined-175000-for-unbelievable-credit-card-hack.html#tk.rss_all http://www.huffingtonpost.com/2015/03/04/clinton-ran-own-computer-_n_6797824.html http://www.theguardian.com/us-news/2015/mar/08/clinton-double-standard-on-email-scott-gration
Mar 10, 2015
Defensive Security Podcast Episode 107
43:45
http://www.bloomberg.com/news/articles/2015-02-19/morgan-stanley-probe-said-to-examine-whether-adviser-got-hacked http://gizmodo.com/state-department-computer-systems-hit-by-hackers-1659549503/1686899463/+chris-mills http://www.theregister.co.uk/2015/02/25/gemalto_everythings_fine_security_industry_hang_on_a_minute/ https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf http://www.csoonline.com/article/2887930/network-security/how-better-log-monitoring-can-prevent-data-breaches.html
Mar 01, 2015
Defensive Security Podcast Episode 106
58:59
http://training.pcisecuritystandards.org/pci-ssc-bulletin-on-impending-revisions-to-pci-dss-pa-dss-assessor http://www.theguardian.com/technology/2015/feb/05/company-loses-17m-in-email-scam http://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html?_r=0 http://www.group-ib.com/files/Anunak_APT_against_financial_institutions.pdf http://arstechnica.com/security/2015/02/pwned-in-7-seconds-hackers-use-flash-and-ie-to-target-forbes-visitors/ http://www.csoonline.com/article/2883248/data-protection/zero-days-last-up-to-six-months-for-some-malware.html#tk.rss_all http://krebsonsecurity.com/2015/02/anthem-breach-may-have-started-in-april-2014/
Feb 16, 2015
Defensive Security Podcast Episode 105
55:05
http://www.techworld.com/news/security/dating-site-topface-pays-hacker-who-stole-20-million-credentials-3596333/ http://www.securityweek.com/disconnected-security-increases-risk http://www.csoonline.com/article/2879444/data-breach/hack-to-cost-sony-35-million-in-it-repairs.html http://www.csoonline.com/article/2879655/malware-cybercrime/malicious-advertisements-on-major-sites-compromised-many-computers.html http://www.csoonline.com/article/2880095/cyber-attacks-espionage/crowdstrike-demonstrates-how-attackers-wiped-the-data-from-the-machines-at-sony.html http://www.huffingtonpost.com/2015/02/06/anthem-hackers-december_n_6634440.html
Feb 09, 2015
Defensive Security Podcast Episode 104
45:09
http://www.scmagazine.com/travelers-accuses-web-firm-of-shoddy-practices/article/394588/ https://www.htbridge.com/blog/ransomweb_emerging_website_threat.html http://blogs.gartner.com/anton-chuvakin/2015/01/28/defeat-the-casual-attacker-first/ http://www.csoonline.com/article/2876310/security-leadership/7-ideas-for-security-leaders.html http://blog.erratasec.com/2015/01/some-notes-on-ghost.html
Feb 01, 2015
Defensive Security Podcast Episode 103
56:51
http://www.abc.net.au/pm/content/2015/s4164603.htm http://breakingbits.net/2015/01/18/taking-over-godaddy-accounts-using-csrf/ http://recode.net/2015/01/20/heres-what-helped-sonys-hackers-break-in-zero-day-vulnerability/ http://www.darkreading.com/attacks-breaches/nsa-report-how-to-defend-against-destructive-malware/d/d-id/1318734 http://www.databreachtoday.com/court-rules-in-favor-breached-retailer-a-7822 http://www.csoonline.com/article/2872329/data-breach/6-biggest-business-security-risks-and-how-you-can-fight-back.html#tk.rss_all http://www.csoonline.com/article/2871922/malware-cybercrime/gap-between-perception-and-reality-of-cyberthreats-widened-in-2015.html#tk.rss_all
Jan 26, 2015
Defensive Security Podcast Episode 102
54:38
http://www.darkreading.com/a-lot-of-security-purchases-remain-shelfware/d/d-id/1318648 http://arstechnica.com/information-technology/2015/01/google-drops-more-windows-0-days-somethings-gotta-give/ http://www.eweek.com/security/effective-computer-security-means-covering-all-your-bases.html http://krebsonsecurity.com/2015/01/park-n-fly-onestopparking-confirm-breaches/ http://www.databreachtoday.com/report-mercenaries-behind-apt-attacks-a-7806 http://www.zdnet.com/article/new-report-the-dhs-is-a-mess-of-cybersecurity-incompetence/
Jan 19, 2015
Defensive Security Podcast Episode 101
39:50
http://www.wsj.com/articles/puzzle-forms-in-morgan-stanley-data-breach-1420590326 http://www.economist.com/news/leaders/21637390-states-should-police-corporate-cyber-security-more-toughlybut-react-breaches-cautiously-losing http://www.securityweek.com/google-discloses-new-unpatched-windows-81-privilege-escalation-flaw http://www.cultofmac.com/308478/confidential-apple-product-plans-quanta/ http://www.networkworld.com/article/2867565/microsoft-subnet/hackers-dump-over-30-000-confidential-client-emails-after-bank-refuses-to-pay-ransom.html
Jan 15, 2015
Defensive Security Podcast Episode 100
51:18
http://www.darkreading.com/attacks-breaches/long-running-cyberattacks-become-the-norm/d/d-id/1318392 http://www.hotforsecurity.com/blog/top-10-data-breaches-of-2014-lessons-learned-for-a-safer-2015-11101.html http://www.net-security.org/secworld.php?id=17784 http://m.healthcareitnews.com/news/phi-485k-swiped-usps-data-breach http://www.databreachtoday.com/breach-prevention-5-lessons-learned-a-7757/op-1 http://www.securityweek.com/morgan-stanley-fires-employee-stealing-client-data
Jan 07, 2015
Defensive Security Podcast Episode 99
53:12
https://securityledger.com/2014/12/new-clues-in-sony-hack-point-to-insiders-away-from-dprk/http://www.databreachtoday.com/blogs/6-sony-breach-lessons-we-must-learn-p-1786 http://www.theregister.co.uk/2014/12/26/isc_org_hacked/ http://www.darkreading.com/attackers-leverage-it-tools-as-cover-/d/d-id/1318365 http://www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/ https://www.maliciouslink.com/jpmc-is-getting-off-easy/
Dec 30, 2014
Defensive Security Podcast Episode 98
1:01:44
http://www.bizjournals.com/atlanta/news/2014/12/19/home-depot-data-breach-forces-community-banks-to.html?ana=twt http://www.itworld.com/article/2861675/cyberattack-on-german-steel-factory-causes-massive-damage.html http://www.csoonline.com/article/2860737/social-engineering/icann-targeted-by-spear-phishing-attack-several-systems-impacted.html#tk.rss_all http://gizmodo.com/sony-execs-knew-about-extensive-it-flaws-two-months-bef-1670203774 http://for.tn/1x7xPTe
Dec 23, 2014
Defensive Security Podcast Episode 97
1:26:30
Dec 19, 2014
Defensive Security Podcast Episode 96
1:08:27
http://www.cio.com/article/2439324/risk-management/your-guide-to-good-enough-compliance.html https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/ http://recode.net/2014/12/07/sony-describes-hack-attack-as-unprecedented/ http://www.theregister.co.uk/2014/12/08/kaspersky_deets_on_sony_malware/ http://securelist.com/blog/research/67985/destover/ https://www.bluecoat.com/security-blog/2014-12-04/custom-sony-malware-indicates-previous-knowledge
Dec 09, 2014
Defensive Security Podcast Episode 95
49:44
http://www.welivesecurity.com/2014/11/25/craigslist-redirected-prank-site-via-dns-hijack/ https://nakedsecurity.sophos.com/2014/11/28/syrian-electronic-army-returns-with-thanksgiving-press-hack/ http://www.theregister.co.uk/2014/12/02/us_parking_garage_breach/ http://arstechnica.com/security/2014/12/critical-networks-in-us-15-nations-completely-owned-by-iran-backed-hackers/ http://www.wired.com/2014/12/sony-hack-what-we-know/
Dec 04, 2014
Defensive Security Podcast Episode 94
48:25
http://rt.com/usa/206663-detroit-bitcoin-ransom-database/ http://www.databreachtoday.com/fdic-what-to-expect-in-new-guidance-a-7596/op-1 http://blog.cobaltstrike.com/2014/11/12/adversary-simulation-becomes-a-thing/ http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
Nov 25, 2014
Defensive Security Podcast Episode 93
53:10
http://www.securityweek.com/postal-service-suspends-telecommuting-vpn-access-breach-investigation-continues http://www.browserstack.com/attack-and-downtime-on-9-November http://www.techweekeurope.co.uk/security/hotel-wifi-hacked-executives-kaspersky-155165 http://www.washingtonpost.com/world/national-security/state-department-shuts-down-its-e-mail-system-amid-concerns-about-hacking/2014/11/16/92cf0722-4815-41ca-b602-9bfe8ecdb256_story.html  http://www.securityweek.com/security-operations-what-your-signal-noise-ratio
Nov 18, 2014
Defensive Security Podcast Episode 92
54:43
http://www.securityweek.com/nc-dermatology-center-discovers-hacked-server-two-years-after-attack http://krebsonsecurity.com/2014/11/home-depot-hackers-stole-53m-email-addreses/ http://www.csoonline.com/article/2842532/data-breach/6-things-we-learned-from-this-years-security-breaches.html http://www.net-security.org/article.php?id=2156
Nov 11, 2014
Defensive Security Podcast Episode 91
41:08
http://news.yahoo.com/j-p-morgan-found-hackers-breach-corporate-event-010203954–sector.html http://www.scmagazine.com/research-helps-companies-determine-if-theyve-suffered-data-leaks/article/380063/ http://www.darkreading.com/attacks-breaches/drupal-attacks-started-within-hours-of-patch-release/d/d-id/1317145 http://www.bankinfosecurity.com/home-depot-breach-cost-cus-60-million-a-7504/op-1 http://www.bankinfosecurity.com/phishing-attack-leads-to-bank-breach-a-7502
Nov 04, 2014
Defensive Security Podcast Episode 90
49:16
http://www.darkreading.com/operations/10-things-it-probably-doesnt-know-about-cyber-insurance/d/d-id/1316862 http://www.csoonline.com/article/2838025/data-protection/disaster-as-cryptowall-encrypts-us-firms-entire-server-installation.html#tk.rss_all http://www.csoonline.com/article/2836568/data-breach/fraudulent-activity-is-first-hint-of-a-staples-data-breach.html#tk.rss_all http://www.csoonline.com/article/2836843/data-breach/pci-compliance-under-scrutiny-following-big-data-breaches.html#tk.rss_all http://sfspodcast.libsyn.com/episode-145-the-interview-episode-feat-hackingdave-selenakyle
Oct 28, 2014
Defensive Security Podcast Episode 89
1:00:21
http://www.healthcareitnews.com/news/hipaa-breach-letters-go-out-after-email-hack https://blog.gdatasoftware.com/blog/article/new-frameworkpos-variant-exfiltrates-data-via-dns-requests.html http://www.zdnet.com/average-company-now-attacked-every-four-days-with-no-end-to-the-cybercrime-wave-in-sight-7000034755/ http://arstechnica.com/security/2014/10/ghost-in-the-bourne-again-shell-fallout-of-shellshock-far-from-over/ http://www.databreachtoday.com/defending-against-government-intrusions-a-7452
Oct 21, 2014
Defensive Security Podcast Episode 88
56:23
https://www.imperialviolet.org/2014/10/14/poodle.html http://www.cnbc.com/id/102070655 https://www.nsslabs.com/blog/all%E2%80%99s-well-ends-well http://www.csoonline.com/article/2692415/data-protection/an-inside-look-at-russian-cybercriminals.html#tk.rss_all http://krebsonsecurity.com/2014/10/signed-malware-is-expensive-oops-for-hp/ http://krebsonsecurity.com/2014/10/dairy-queen-confirms-breach-at-395-stores/ http://krebsonsecurity.com/2014/10/malware-based-credit-card-breach-at-kmart/#comments
Oct 16, 2014
Defensive Security Podcast Episode 87
52:36
Derbycon Videos: http://www.irongeek.com/i.php?page=videos/derbycon4/mainlist http://www.tripwire.com/state-of-security/top-security-stories/att-discovers-second-insider-breach-this-year/ http://www.zdnet.com/yahoo-confirms-servers-infected-but-not-by-shellshock-7000034411/ http://www.futuresouth.us/wordpress/?p=32 http://www.theregister.co.uk/2014/10/05/report_says_russians_behind_jpmorgan_chase_cyber_attack/ http://nakedsecurity.sophos.com/2014/10/06/badusb-now-with-do-it-yourself-instructions/ http://hackaday.com/2014/10/05/badusb-means-were-all-screwed/ http://www.csoonline.com/article/2689609/network-security/threat-intelligence-firm-mistakes-research-for-nation-state-attack.html#tk.rss_all   Lacie the security dog:
Oct 08, 2014
Defensive Security Podcast Episode 86
38:32
http://www.zdnet.com/shellshock-makes-heartbleed-look-insignificant-7000034143/ https://www.maliciouslink.com/post-traumatic-vulnerability-disorder/
Sep 30, 2014
Defensive Security Podcast Episode 85
1:06:04
http://arstechnica.com/tech-policy/2014/09/senior-it-worker-at-top-tech-law-firm-arrested-for-insider-trading/ http://www.finextra.com/news/fullstory.aspx?newsitemid=26446 http://arstechnica.com/security/2014/09/home-depots-former-security-architect-had-history-of-techno-sabotage/ http://www.nytimes.com/2014/09/20/business/ex-employees-say-home-depot-left-data-vulnerable.html http://online.wsj.com/articles/fraudulent-transactions-surface-in-wake-of-home-depot-breach-1411506081 http://risky.biz/RB337_notes http://www.csoonline.com/article/2686453/security/malicious-advertisements-distributed-by-doubleclick-zedo-networks.html Http://www.reddit.com/r/AskNetsec/comments/2h0dtu/what_are_your_recommended_resources_for/ckopv80
Sep 24, 2014
Defensive Security Podcast Episode 84
59:42
http://www.businessweek.com/articles/2014-09-11/home-depot-hack-malware-points-to-different-hackers-than-targets http://www.csoonline.com/article/2605857/security-awareness/successful-security-awareness-programs-hold-employees-hands-to-the-fire-in.html http://www.networkworld.com/article/2604411/security0/ernst-and-young-accused-by-canadian-used-computer-dealer-of-data-breach.html http://www.cyber-security-blog.com/2013/08/Responding-to-a-Domain-Admin-Account-Compromise-Bootstrapping-Trust-A-Billion-Dollar-Cyber-Security-Problem.html http://digital-forensics.sans.org/blog/2013/06/20/overview-of-microsofts-best-practices-for-securing-active-directory
Sep 16, 2014
Defensive Security Podcast Episode 83
1:10:39
[1] http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/ [2a] http://nakedsecurity.sophos.com/2014/04/18/pci-dss-whats-new-in-v3-0/ [2b] https://www.pcisecuritystandards.org/documents/DSS_and_PA-DSS_Change_Highlights.pdf [3] http://news.techworld.com/security/3543504/phishing-emails-fool-most-employees-but-is-this-their-problem-or-emails/ [4] https://www.nccgroup.com/en/blog/2014/09/phishing-all-you-need-is-one/ [5] http://hackerhurricane.blogspot.com/2014/09/infosec-industry-partly-responsible-for.html?m=1
Sep 09, 2014
Defensive Security Podcast Episode 82
1:00:02
http://www.databreachtoday.com/buying-cyber-insurance-5-tips-a-7250 http://www.csoonline.com/article/2600212/data-protection/why-russian-hackers-are-beating-us.html http://www.aorato.com/labs/report/untold-story-target-attack-step-step/ http://www.csoonline.com/article/2599257/network-security/security-council-blames-breaches-on-poor-pci-standard-support.html#tk.rss_all
Sep 05, 2014
Defensive Security Podcast Episode 81
http://www.csoonline.com/article/2466084/data-protection/community-health-systems-blames-china-for-recent-data-breach.html http://www.csoonline.com/article/2466726/data-protection/heartbleed-to-blame-for-community-health-systems-breach.html http://www.csoonline.com/article/2597389/data-protection/more-problems-emerge-on-the-community-health-systems-network.html http://www.securityweek.com/secret-service-over-1000-business-infected-backoff-point-sale-malware http://nakedsecurity.sophos.com/2014/08/22/the-ups-store-breach-what-went-wrong-and-what-ups-got-right
Aug 27, 2014
Defensive Security Podcast Episode 80
1:02:45
[1] Recovering from a hacked website [2] Albertson’s and Supervalu hacked [3] VNC everywhere!!!! [4] HTTPS as a solution to network injection appliances [5] Tennessee company sues its bank to recover stolen money [6] 7 places to check for signs of a targeted attack in your network =================== [1] http://blog.soundidea.co.za/articles/Your_websites_been_hacked_now_what-378.html [2] http://money.cnn.com/2014/08/15/technology/security/albertsons-supervalu-hack/index.html [3] http://www.forbes.com/sites/kashmirhill/2014/08/13/so-many-pwns/ [4] http://www.theregister.co.uk/2014/08/16/time_to_ditch_http_state_network_injection_attacks_documented_in_the_wild/ [5] http://krebsonsecurity.com/2014/08/tenn-utility-sues-bank-over-327k-cyberheist/ [6] http://blog.trendmicro.com/trendlabs-security-intelligence/7-places-to-check-for-signs-of-a-targeted-attack-in-your-network/
Aug 19, 2014
Defensive Security Podcast Episode 79
[1] Cisco’s mid-year report [2] Poorly trained IT workers pose a risk to organizations [3] Cyber security should be professionalized [4] How hackers are using Google to steal data’ [5] PCI creates a check-box mentality [6] Gamma’s ownage detailed on pastebin [7] 1.2 Billion passwords, Russians and controversy Web Site | Subscribe in iTunes | Podcast RSS Feed | Twitter | Email [1] … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-79/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 79</span> <span class="meta-nav">→</span></a>
Aug 12, 2014
Defensive Security Podcast Episode 78
1:08:25
Web Site | Subscribe in iTunes | Podcast RSS Feed | Twitter | Email [1] Researchers to demonstrate attacks by reprogramming firmware of commodity USB devices [2] Survey find that enterprises are not paying attention to 3rd party risks, despite recent headlines [3] Ransomware attack failed thanks to security awareness training [4] Stubhub defrauded out of $1.6M using stolen passwords of … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-78/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 78</span> <span class="meta-nav">→</span></a>
Aug 05, 2014
Defensive Security Podcast Episode 77
58:51
Russians steal the NASDAQ; Importance of AV in incident response; Report finds poor security communication between staff and executives; Microsoft recommends reusing weak passwords; Government malware found being used by criminals; Don’t use security as an excuse to resist the cloud. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.businessweek.com/printer/articles/213544-how-russian-hackers-stole-the-nasdaq http://www.bankinfosecurity.com/nasdaq-hack-attribution-questioned-a-7080 http://blogs.technet.com/b/neilcar/archive/2009/11/23/incident-response-the-importance-of-anti-virus.aspx http://searchsecurity.techtarget.com/news/2240224785/Report-finds-poor-security-communication-among-executives http://www.darknet.org.uk/2014/07/microsoft-says-re-use-passwords-across-sites/ http://www.sentinel-labs.com/wp-content/uploads/2014/07/Sentinel-Labs-Intelligence-Report_0714.pdf http://images.infoworld.com/d/cloud-computing/sorry-cloud-resisters-control-does-not-equal-security-246386?source=rss_security
Jul 22, 2014
Defensive Security Podcast Episode 76
54:55
A question from Bob on Active Directory; 67 percent of critical infrastructure providers were breached last year; Malware coming from shipping scanners; It’s the end of the road for Windows Server 2003; Details emerge on the Boeing hack; Testing your APT response plan; Revamping your insider threat program; Beware of computers in hotel business centers. … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-76/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 76</span> <span class="meta-nav">→</span></a>
Jul 17, 2014
Defensive Security Podcast Episode 75
45:14
SEC investigating breached companies; How companies can rebuild trust after a security breach; Preparing your company for a ransom attack; BAE retracts the story on hedge fund hack; Hackers compromising businesses via 3rd parties and remote access. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.sfgate.com/business/article/Hacked-companies-face-SEC-scrutiny-over-5596541.php http://www.forbes.com/sites/katevinton/2014/07/01/how-companies-can-rebuild-trust-after-a-security-breach/ http://akamai.infoworld.com/d/security/prepare-yourself-high-stakes-cyber-ransom-245320 http://www.theregister.co.uk/2014/07/03/bae_retracts_hedge_fund_hack_allegation/ http://www.computerworld.com/s/article/9249516/Hackers_hit_more_businesses_through_remote_access_accounts
Jul 08, 2014
Defensive Security Podcast Episode 74
1:05:17
Advice from Bob; Airport breaches and the apparently misguided priorities of security pros; Hospitals are leaking data; Attackers hack legitimate downloads to deliver industrial control malware; Listener mail. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.csoonline.com/article/2378585/data-protection/airport-breach-a-sign-for-it-industry-to-think-security-not-money.html http://www.wired.com/2014/06/hospital-networks-leaking-data/ http://arstechnica.com/security/2014/06/attackers-poison-legitimate-apps-to-infect-sensitive-industrial-control-systems/ http://www.coso.org/documents/COSOKRIPaperFull-FINALforWebPostingDec110_000.pdf
Jul 01, 2014
Defensive Security Podcast Episode 73
1:05:18
Advice from Bob; Acoustical covert communication channel; Researchers recreate some NSA spy tools based on catalog descriptions; Why cyber insurance is such a mess; Code Spaces hacked out of business; Reuters defaced by the Syrian Electronic Army; Aviva hacked by Heartbleed bug, or was it? Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.tripwire.com/state-of-security/top-security-stories/covert-acoustical-mesh-networks-present-new-attack-vector/ http://www.theregister.co.uk/2014/06/19/hackers_reverseengineer_nsa_spying_devices_using_offtheshelf_parts/ http://www.slate.com/articles/technology/future_tense/2014/06/target_breach_cyberinsurance_is_a_mess.html http://www.cnbc.com/id/101770396 https://threatpost.com/hacker-puts-hosting-service-code-spaces-out-of-business/106761 … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-73/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 73</span> <span class="meta-nav">→</span></a>
Jun 25, 2014
Defensive Security Podcast Episode 72
53:18
New Logo!; Dominos has 600k records stolen and held for ransome; Undisclosed number of customer records are stolen from ATT by employees of a vendor; PF Changs confirms credit card breach; Stratfor forensic report leaks; Feedly hit by DDOS attack, doesn’t pay ransom and gets it again; Inland Empire Colleges emails 35000 records to the … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-72/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 72</span> <span class="meta-nav">→</span></a>
Jun 18, 2014
Defensive Security Podcast Episode 71
57:06
Advice from Bob; SEC asks public companies to disclose more breaches; 230k IPMI devices found in Internet scan; PF Changs may have been hacked; Building network security to fail; 5 lessons from companies that get security right; Advice in responding to Anonymous threats; Bank of England announces assessment framework; Target shoppers don’t seem to be … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-71/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 71</span> <span class="meta-nav">→</span></a>
Jun 11, 2014
Defensive Security Podcast Episode 70
1:02:55
Privileged user security; FTC holding companies to a mysterious security standard; Information overload; business users bypass IT and go straight to the cloud. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.trustedcs.com/resources/whitepapers/Ponemon-RaytheonPrivilegedUserAbuseResearchReport.pdf http://www.computing.co.uk/ctg/news/2345362/businesses-risk-data-breaches-due-to-confusion-over-privileged-user-information-security http://www.networkworld.com/news/2014/053014-companies-should-already-know-how-282091.html http://www.networkworld.com/research/2014/052914-information-overload-finding-signals-in-282019.html http://www.networkworld.com/news/2014/052714-business-users-bypass-it-and-281911.html
Jun 04, 2014
Defensive Security Podcast Episode 69
55:29
Advice from Bob on the importance of an accurate inventory; TrueCrypt meets an unfortunate end; Weak passwords are responsible for the initial intrusion in 31% of breaches; 71% of exploits used Java; 59% of malicious email used an attachment, 41% used a link; NTT’s Global Threat Intelligence Report finds that most incidents are the result … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-69/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 69</span> <span class="meta-nav">→</span></a>
May 30, 2014
Defensive Security Podcast Episode 68
58:42
Advice from Bob; How China’s army hacked America; Emory University has an SCCM meltdown; Bored executives pull infosec funding; How to avoid a big data security breach; US industry not taking industrial security seriously; Employees stealing data on their way out the door. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://arstechnica.com/tech-policy/2014/05/how-chinas-army-hacked-american-companies/ http://www.infosecnews.org/emory-university-windows-network-wiped-out-blame-emps-cyberwar-squirrels-try-accidental-reformat/ http://www.theregister.co.uk/2014/05/15/aisa_finding_infosec_bores_board_execs/ http://www.computerworld.com.au/article/545450/how_avoid_big_data_security_breachhttp://www.reuters.com/article/2014/05/16/us-cyber-summit-infrastructure-idUSBREA4F0OK20140516 http://www.itpro.co.uk/data-loss-prevention/22273/employees-steal-data-to-make-good-impression-in-a-new-job
May 21, 2014
Defensive Security Podcast Episode 67
43:37
Doctor finds out the hard way that Google likes to index stuff; What’s old is new again – the current focus on improving detection is not new; Microsoft’s Security Incident Response Report and the malware explosion; Security vs. compliance. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.computerworld.com/s/article/9248205/IT_malpractice_Doc_operates_on_server_costs_hospitals_4.8M http://www.brookings.edu/~/media/research/files/papers/2014/05/07%20strategy%20not%20speed%20digital%20defenders%20early%20cybersecurity%20thinkers%20bejtlich/voices%20from%20the%20cyber%20past%20final http://www.zdnet.com/microsoft-report-downloaded-malware-exploded-in-late-2013-7000029131/#ftag=RSS4d2198e
May 14, 2014
Defensive Security Podcast Episode 66
53:18
Advice from Bob; We have entered the post AV world; Target reboots it’s CEO; Microsoft backs down and patches IE 0day for XP; How to communicate to users in situations like the IE 0day; Results from a survey of executives on data protection; Australian real estate company has bank account hacked, advice is to stop … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-66/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 66</span> <span class="meta-nav">→</span></a>
May 07, 2014
Defensive Security Podcast Episode 65
57:46
Cisco’s annual security report for 2014; the Verizon Data Breach Investigations Report; 7 deadly cyber risks from Zurich Insurance; Alien Vault  urges opening up threat  intelligence; Stanford’s new password policy; New social engineering alert from Trusted Sec; New Internet Explorer 0day Subscribe in iTunes | Podcast RSS Feed | Twitter | Email https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf http://www.verizonenterprise.com/DBIR/2014/reports/rp_Verizon-DBIR-2014_en_xg.pdf http://www.ibtimes.co.uk/zurich-insurance-unveils-7-deadly-cyber-risks-1445607 http://www.infosecurity-magazine.com/view/38136/alienvault-ceo-throws-down-the-gauntlet-on-threat-sharing/?utm_source=twitterfeed&utm_medium=twitter http://arstechnica.com/security/2014/04/stanfords-password-policy-shuns-one-size-fits-all-security/ https://www.trustedsec.com/april-2014/red-alert-massive-cyber-wire-fraud-attacks-us-companies/ https://community.qualys.com/blogs/laws-of-vulnerabilities/2014/04/26/new-internet-explorer-0-day
Apr 30, 2014
Defensive Security Podcast Episode 64
52:41
Some advice from Bob, arrest made in the heartbleed attack on the Canadian Revenue Agency; Heartbleed used to bypass 2 factor controls,;Mandiant’s 2014 M-Trends report; The economics of security controls; 3 million credit cards stolen from Michaels and Aaron’s stores; Hardward company Lacie has a year long data breach. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.theregister.co.uk/2014/04/16/mounties_get_their_man_canadian_heartbleed_hacker_nabbed https://www.mandiant.com/blog/attackers-exploit-heartbleed-openssl-vulnerability-circumvent-multifactor-authentication-vpns/ … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-64/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 64</span> <span class="meta-nav">→</span></a>
Apr 22, 2014
Defensive Security Podcast Episode 63
1:00:33
Heartbleed! Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://arstechnica.com/security/2014/04/heartbleed-bug-exploited-to-steal-taxpayer-data/ http://arstechnica.com/security/2014/04/private-crypto-keys-are-accessible-to-heartbleed-hackers-new-data-shows http://www.vox.com/2014/4/12/5601828/we-massively-underinvest-in-internet-security
Apr 16, 2014
Defensive Security Podcast Episode 62
50:20
Cyber criminals operate on a budget too; 7 things you didn’t know cyber insurance covered; Security hype; Billions spent on cyber security with not a lot to show for it; Banks abandon lawsuit against Target and Trustwave; CIOs don’t know what advanced evasion techniques are; 5 tips for improving incident response. Subscribe in iTunes | Podcast RSS … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-62/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 62</span> <span class="meta-nav">→</span></a>
Apr 08, 2014
Defensive Security Podcast Episode 61
16:53
Big announcement inside! Stories covered: http://www.mercurynews.com/business/ci_25369262/jesse-jackson-take-techs-lack-diversity https://securosis.com/blog/jennifer-minella-is-now-a-contributing-analyst http://seclists.org/dailydave/2014/q1/74 http://www.hollywoodreporter.com/news/man-who-exposed-target-security-689782 http://www.cnet.com/news/symantec-fires-ceo-steve-bennett/
Apr 01, 2014
Defensive Security Podcast Episode 60
48:37
Advice from Bob; The problems with qualitative risk assessments; Defending like an attacker; Secunia’s vulnerability review;  Watching for data breaches by looking for anomalies; The NSA targets sysadmins, expect criminals to follow suit; Insurers are finding energy firms controls are not up to snuff; 4 lessons CIOs can learn from the Target breach; A court … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-60/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 60</span> <span class="meta-nav">→</span></a>
Mar 26, 2014
Defensive Security Podcast Episode 59
57:06
Advice for the criminals from Bob; Pwn2Own results are in; Target ignored it’s FireEye alerts; Integrating threat intelligence into your operations; The problem with threat intelligence; Advanced endpoint protection advice; Workers are apathetic about lost mobile devices and company data; Lessons to learn from the hack of some Navy servers; How the Syrian Electronic Army … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-59/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 59</span> <span class="meta-nav">→</span></a>
Mar 18, 2014
Defensive Security Podcast Episode 58
54:59
Some security advice from Bob; Target’s CIO resigns, should the QSA bear some responsibility? Rogue ads overtake porn as top source for mobile malware; Five things to know about malware before driving it out; Why you need to segment your network; SecurePay in denial about breach; Sally Beauty apparently breached. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-58/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 58</span> <span class="meta-nav">→</span></a>
Mar 11, 2014
Defensive Security Podcast Episode 57
52:50
Security recommendations from Bob; Meetup.com rides out a DDOS attack rather than pay a ransom; How to test the security savvy of your employees; Why companies need to think about this insider threat; 6 lessons learned from advanced attacks; How IT can establish better cloud control; Council on Cyber Security releases version 5 of critical … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-57/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 57</span> <span class="meta-nav">→</span></a>
Mar 04, 2014
Defensive Security Podcast Episode 56
49:07
Tip from Bob; US Cyber Security Framework; Challenges with deploying insecure technology; Target vendor compromised through email and some discussions on vendor risks;  Healthcare organizations are UNDER SIEGE by cyber attacks; The DSD’s ranking of security controls; 6 tips to combat APT; The importance of not running with administrator rights; Neiman Marcus breach details begin … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-56/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 56</span> <span class="meta-nav">→</span></a>
Feb 25, 2014
Defensive Security Podcast Episode 55
46:20
A small bit of advice from Bob; A lengthy discussion on communicating risk to management. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Risk Science Podcast: http://riskscience.net/
Feb 19, 2014
Defensive Security Podcast Episode 54
53:46
More advice from Bob; Verizon’s report on PCI compliance; Target hacked through HVAC contractor; Reporting fail on hacking the Winter Olympics;  Optimizing the use of security budgets in larger organizations. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Verizon PCI report: http://www.verizonenterprise.com/resources/reports/rp_pci-report-2014_en_xg.pdf http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ http://www.infoworld.com/d/security/target-attack-shows-danger-of-remotely-accessible-hvac-systems-235919 http://blog.erratasec.com/2014/02/that-nbc-story-100-fraudulent.html http://www.businessinsider.com/nbc-richard-engel-hacking-report-cyber-attack-sochi-olympics-2014-2 http://www.techrepublic.com/blog/it-security/how-mid-to-large-companies-can-optimize-security-budgets/
Feb 12, 2014
Defensive Security Podcast Episode 53
37:50
More advice from Bob; Follow up on Coke’s lost laptops; Honey Encryption to frustrate attackers; What the Target breach shows us about vendor risk; Managing the response to a data breach; More POS malware, this time with TOR goodness. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://blogs.csoonline.com/security-leadership/2957/interesting-finding-coke-data-breach-and-why-you-need-prevent-it-happening-you http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fake-secrets/ http://www.networkworld.com/news/2014/013114-target-credential-theft-highlights-third-party-278305.html http://www.networkworld.com/news/2014/013014-positioning-your-institution39s-response-in-278292.html http://www.networkworld.com/news/2014/013014-tor-enabled-malware-stole-credit-card-278289.html?source=nww_rss
Feb 04, 2014
Defensive Security Podcast Episode 52
1:01:11
Coke loses 55 laptops and 56000 records over 7 years; Private cyber espionage network in India; Review of the Shell_Crew hack using Adobe Cold Fusion exploit; Should we punish employees who fall for phishing emails?; Assuming your network has been hacked; more details on the Target breach are emerging. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.networkworld.com/news/2014/012814-coca-cola-suffers-data-breach-after-278154.html … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-52/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 52</span> <span class="meta-nav">→</span></a>
Jan 30, 2014
Defensive Security Podcast Episode 51
51:28
Bob’s wisdom for the week;  Learning from the Target breach; Question: given the massive Target breach, the Neiman Marcus breach and rumors of 6 other significant retailers being breached, assuming Target and others were complying with PCI rules, what will be the PCI council’s response?  AWS & GoDaddy hosting malware. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-51/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 51</span> <span class="meta-nav">→</span></a>
Jan 22, 2014
Defensive Security Podcast Episode 50
44:08
Advice from Bob; the Threat of Powerlocker, a new variant of ransomware; Senior managers are bad at security; More details emerge about the Target breach; and Jerry’s rant about the PTV situation. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.informationweek.com/security/attacks-and-breaches/beware-powerlocker-ransomware/d/d-id/1113344 http://www.csoonline.com/article/745703/senior-managers-fumble-security-much-more-often-than-rank-and-file http://www.csoonline.com/article/745806/rising-impact-of-target-breach-indicates-deeper-hack-into-systems?page=1 http://www.reuters.com/article/2014/01/12/us-target-databreach-retailers-idUSBREA0B01720140112 https://www.maliciouslink.com/a-different-perspective-on-the-ptv-website-vulnerability-debacle/
Jan 14, 2014
Defensive Security Podcast Episode 49
1:16:19
More wisdom from Bob; Yahoo’s ad network delivers the magnitude exploit kit; OpenSSL site defaced by way of the hypervisor; How a 4 year long HIPAA breach highlights the need for activity monitoring; Credit Union files lawsuit against Target, seems to lack some facts; US CERT issues advisory on POS malware; 7 dodgy tips for protecting your … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-49/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 49</span> <span class="meta-nav">→</span></a>
Jan 07, 2014
Defensive Security Podcast Episode 48
50:48
More advice from Bob; The Target breach; Hacking hard drive controllers; NSA shenanigans; Compromised BBC server for sale; 2014 predictions. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://blog.cryptographyengineering.com/2013/12/can-hackers-decrypt-targets-pin-data.html http://spritesmods.com/?art=hddhack http://www.spiegel.de/international/world/nsa-secret-toolbox-ant-unit-offers-spy-gadgets-for-every-need-a-941006.html http://www.dailymail.co.uk/news/article-2531062/BBC-takes-three-days-regain-control-computer-server-hacker-breaks-tries-sell-access-cyber-criminals.html
Dec 31, 2013
Defensive Security Podcast Episode 47
1:02:48
More advice from Bob; Chinese spear phish diplomats with Mrs Bruni-Sarkozy’s nude pictures; Network segmentation could have mitigated phishing attacks on governments; Krebs find organizations having systems with open RDP connections rented out; Generation Y employees have a dubious view on security; 61% of web traffic is automated; 5 recommendations on improving the security situation; … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-47/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 47</span> <span class="meta-nav">→</span></a>
Dec 17, 2013
Defensive Security Podcast Episode 46
42:52
More security thoughts from Bob; A paper on thwarting targeted email attacks from Japan; Security recommendations for SMB’s from Sophos; An update on Badbios; How to handle our parent’s infected home computers over the holidays. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Guide on preventing targeted email attacks and one on preventing apt: http://www.ipa.go.jp/security/english/newattack_en.html SMB’s putting themselves … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-46/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 46</span> <span class="meta-nav">→</span></a>
Dec 11, 2013
Defensive Security Podcast Episode 45
1:03:06
99% of Indian programmers lack secure coding skills; Gartner’s 5 styles of defending against advanced threats; Malware: the war without end; a discussion on the value of penetration testing. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://m.infoworld.com/d/security/malware-war-without-end-231654 http://www.networkworld.com/news/2013/103013-gartner-defense-attacks-275438.html
Dec 03, 2013
Defensive Security Podcast Episode 44
1:08:56
Another tip from Bob; Anonymous blamed for stealing US Department of Health and Human Services Data; Cupid Media loses 42M unencrypted passwords in a breach they apparently did not disclose; Looking at a Ponemon study about views of IT security staff; Botnet take downs might be more marketing than helpful; New malware uses I2P for … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-44/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 44</span> <span class="meta-nav">→</span></a>
Nov 25, 2013
Defensive Security Podcast Episode 43
50:54
More advice from Bob; PCI 3 is here; Stats from a survey of malware analysts; A report from EastWest on measuring the Cyber Security Problem; The benefits of a GRC program; and we talk about web defacements. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email PCI 3: http://www.bankinfosecurity.com/critiquing-new-version-pci-dss-a-6208 Study of malware analysts, highlighting that it’s apparently common to … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-43/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 43</span> <span class="meta-nav">→</span></a>
Nov 19, 2013
Defensive Security Podcast Episode 42
59:49
Bob drops some more advice on malware; More details emerge about the Adobe password breach and it isn’t pretty; Long live the security perimeter; Snowden highlights the importance of not sharing passwords, and the downside to when it happens; A new 0day impacting Internet Explorer is making the rounds; And part 2 of our talk … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-42/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 42</span> <span class="meta-nav">→</span></a>
Nov 12, 2013
Defensive Security Podcast Episode 41
1:04:08
New trojan looking for SAP installations, possibly a harbinger of things to come; Turns out Adobe used symmetric encryption to store the 130M passwords that were stolen; A dicey list of suggestions on how not to be the guy that gets your company owned; The results of the 2013 social engineering capture the flag are … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-41/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 41</span> <span class="meta-nav">→</span></a>
Nov 05, 2013
Defensive Security Podcast Episode 40
1:15:57
Federal employees circumventing onerous security controls resulting in breaches;  Cryptolocker is scary stuff; PHP.net hacked, and the response; DDOS attacks getting much larger, but lasting less time; Our discussion on advanced malware. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.networkworld.com/news/2013/101713-federal-security-breaches-traced-to-274944.html http://www.securelist.com/en/blog/208214109/Cryptolocker_Wants_Your_Money http://bartblaze.blogspot.com/2013/10/phpnet-compromised.html http://arstechnica.com/security/2013/10/hackers-compromise-official-php-website-infect-visitors-with-malware/ http://www.pcworld.com/article/2056188/brace-for-stronger-ddos-attacks-security-firm-warns.html
Oct 29, 2013
Defensive Security Podcast Episode 39
53:49
Hackers hide drugs coming through Belgium port by repeatedly hacking port computer systems; Aligning security with business priorities and other sage advice; how [not] to respond to a malware incident; on the security of jump boxes; reminder about security risks to small businesses; defining metrics for an incident response organization. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-39/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 39</span> <span class="meta-nav">→</span></a>
Oct 22, 2013
Defensive Security Podcast Episode 38
53:51
Study on personality traits and susceptibility to phishing; Android is apparently more secure than iOS; Don’t forget to factor malicious BHO’s into your plans; Don’t forget to factor malicious BHO’s into your plans; More registrar attacks; Insider threats are number 1; Defending against watering hole attacks. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
Oct 15, 2013
Defensive Security Podcast Episode 37
1:05:02
The depressingly small impact from the arrest of the black hole exploit kit author; detecting malware embedded in hardware; altering CPUs during manufacturing to  weaken random number generation; investigation into major identity theft operation results in discovery that data brokers were infected and that Adobe’s source code and 2.9M user IDs were stolen; recapping Derbycon … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-37/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 37</span> <span class="meta-nav">→</span></a>
Oct 09, 2013
Defensive Security Podcast Episode 36
1:03:37
How to change your SSN; How Snowden was able to access and steal the documents; Liberty Mutual sues Schucks grocery store over cyber breach insurance policy; Barclays and Santander banks hit with physical IT attacks; password security   Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Changing a social security number in the US: http://ssa-custhelp.ssa.gov/app/answers/detail/a_id/79/~/request-for-a-different-social-security-number Follow up on … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-36/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 36</span> <span class="meta-nav">→</span></a>
Sep 23, 2013
Defensive Security Podcast Episode 35
50:12
Paying attention to security is important – regulators are swirling: HTC and TrendNet have to submit to independent security audits every other year for 20 years, 50 other companies need to as well; encrypting your endpoints is not optional – just do it; and a winding discussion on man in the middle attacks. Subscribe in iTunes | Podcast … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-35/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 35</span> <span class="meta-nav">→</span></a>
Sep 16, 2013
Defensive Security Podcast Episode 34
52:57
On preventing Snowden-style data leaks in your organization; should companies really worry about NSA spying?; On the usefulness of Red Team exercises; and how to defend against DDOS attacks. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://investigations.nbcnews.com/_news/2013/08/26/20197183-how-snowden-did-it?lite http://akamai.infoworld.com/t/data-security/how-secure-your-company-against-nsa-inspired-hacking-226264 http://www.darkreading.com/vulnerability/getting-the-most-out-of-a-security-red-t/240160471
Sep 10, 2013
Defensive Security Podcast Episode 33
26:57
Cause of recent DOE breach revealed to be outdated Coldfusion; 30% of adults willingly open emails they know are malicious; Spear phishing led to successful attacks on the nyt and twitter; DNS attack types Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Cause of recent DOE breach revealed to be outdated Coldfusion: http://www.informationweek.com/security/attacks/energy-dept-hack-details-emerge/240160685 30% of adults willingly open emails they know … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-33/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 33</span> <span class="meta-nav">→</span></a>
Sep 02, 2013
Defensive Security Podcast Episode 32
39:07
Mcafee apologizes for a USD$1T report; how the Snowden effect is impacting CIO’s; millions robbed from banks by attacking the wire transfer network, and hiding behind a DoS; Gartner’s recommendations for engaging the board of directors and other management in the security process. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Mcafee sorry for its $1T estimate: http://www.afr.com/p/technology/mcafee_regrets_flawed_trillion_dollar_msQ2WFkVLEZKx7Yv7ZCMQI … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-32/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 32</span> <span class="meta-nav">→</span></a>
Aug 26, 2013
Defensive Security Podcast Episode 31
44:38
Windows XP vulnerabilities may be stored up until after end of support on April 8, 2014; Department of Energy hacked for a second time in 2013; using metasploit and exploitDB to prioritize vulnerability patching; and a number of discussions on Lavabit. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Windows XP vulnerabilities may be stored up: http://www.infoworld.com/d/microsoft-windows/xps-retirement-will-be-hacker-heaven-224796?page=0,1  Department of … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-31/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 31</span> <span class="meta-nav">→</span></a>
Aug 19, 2013
Defensive Security Podcast Episode 30
41:48
Escrow service company forced to close after $1.5M theft resulting from malware, Incentives for complying with cyber framework, Benefits of expanding the cyber insurance market, Thousands of .nl domains redirected to black hole exploit kit Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Escrow service company forced to close after $1.5M theft resulting from malware: http://krebsonsecurity.com/2013/08/1-5-million-cyberheist-ruins-escrow-firm/ Incentives for complying with cyber … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-30/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 30</span> <span class="meta-nav">→</span></a>
Aug 12, 2013