Wednesday, April 24, 2019
Home Podcasts Defensive Security

Defensive Security

Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

Defensive Security Podcast

Defensive Security Podcast Episode 235

https://www.theregister.co.uk/2019/03/20/steffan_needham_aws_rampage_prison_sentence_voova/https://www.zdnet.com/google-amp/article/study-shows-programmers-will-take-the-easy-way-out-and-not-implement-proper-password-security/https://arstechnica.com/information-technology/2019/03/50-shades-of-greyhat-a-study-in-how-not-to-handle-security-disclosures/https://matrix.org/blog/2019/04/11/security-incident/index.html
Defensive Security Podcast

Defensive Security Podcast Episode 234

https://www.zdnet.com/article/hackers-wipe-us-servers-of-email-provider-vfemail/https://www.securityweek.com/russian-state-sponsored-hackers-are-fastest-crowdstrikehttps://www.zdnet.com/article/icann-there-is-an-ongoing-and-significant-risk-to-dns-infrastructure/https://www.infosecurity-magazine.com/news/password-managers-no-more-secure-1/https://www.zdnet.com/article/microsoft-do-these-things-now-to-protect-your-network/
Defensive Security Podcast

Defensive Security Podcast Episode 233

https://www.securityweek.com/hackers-using-rdp-are-increasingly-using-network-tunneling-bypass-protections https://www.zdnet.com/article/trojan-malware-is-back-and-its-the-biggest-hacking-threat-to-your-business/ https://www.csoonline.com/article/3336923/security/phishing-has-become-the-root-of-most-cyber-evil.html https://www.darkreading.com/attacks-breaches/ransomware-attack-via-msp-locks-customers-out-of-systems/d/d-id/1333825 https://www.dlapiper.com/~/media/files/insights/publications/2019/02/dla-piper-gdpr-data-breach-survey-february-2019.pdf
Defensive Security Podcast

Defensive Security Podcast Episode 232

https://www.zdnet.com/article/popular-wordpress-plugin-hacked-by-angry-former-employee/ https://www.zdnet.com/article/notpetya-an-act-of-war-cyber-insurance-firm-taken-to-task-for-refusing-to-pay-out/ https://www.zdnet.com/article/employees-sacked-ceo-fined-in-singhealth-security-breach/ – https://www.zdnet.com/article/firms-fined-1m-for-singhealth-data-security-breach/ https://www.securityweek.com/new-variant-bec-seeks-divert-payroll-deposits https://www.zdnet.com/article/oklahoma-gov-data-leak-exposes-millions-of-department-files-fbi-investigations/
Defensive Security Podcast

Defensive Security Podcast Episode 231

https://lifehacker.com/why-smart-people-make-stupid-mistakes-1831503216 https://www.chicagotribune.com/business/ct-biz-tribune-publishing-malware-20181230-story,amp.html https://www.securityweek.com/was-north-korea-wrongly-accused-ransomware-attacks https://www.healthcareitnews.com/news/staff-lapses-and-it-system-vulnerabilities-are-key-reasons-behind-singhealth-cyberattack https://www.nextgov.com/cybersecurity/2019/01/hhs-releases-voluntary-cybersecurity-practices-health-industry/153835/ https://www.zdnet.com/article/data-of-2-4-million-blur-password-manager-users-left-exposed-online/ https://arstechnica.com/information-technology/2018/12/iranian-phishers-bypass-2fa-protections-offered-by-yahoo-mail-and-gmail/
Defensive Security Podcast

Defensive Security Podcast Episode 230

https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/ https://krebsonsecurity.com/2018/11/marriott-data-on-500-million-guests-stolen-in-4-year-breach/ https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/
Defensive Security Podcast

Defensive Security Podcast Episode 229

https://www.dutchnews.nl/news/2018/11/internet-con-men-ripped-off-pathe-nl-for-e19m-in-sophisticated-fraud/ https://lifehacker.com/how-password-constraints-give-you-a-false-sense-of-secu-1830564360 https://www.csoonline.com/article/3319704/data-protection/the-end-of-security-as-we-know-it.html https://www.careersinfosecurity.com/breach-settlement-has-unusual-penalty-a-11669 https://motherboard.vice.com/en_us/article/bje8na/massive-data-leaks-keep-happening-because-big-companies-can-afford-to-lose-your-data https://www.zdnet.com/article/city-of-valdez-alaska-admits-to-paying-off-ransomware-infection/
Defensive Security Podcast

Defensive Security Podcast Episode 228

https://www.zdnet.com/article/this-is-how-artificial-intelligence-will-become-weaponized-in-future-cyberattacks/ https://www.securityinfowatch.com/article/12434583/everyone-needs-to-take-responsibility-for-cybersecurity-in-the-workplace https://www.zdnet.com/article/adobe-coldfusion-servers-under-attack-from-apt-group/ https://www.securityweek.com/troubled-waters-how-new-wave-cyber-attacks-targeting-maritime-trade https://securityaffairs.co/wordpress/77676/malware/industrial-facilities-malware.html
Defensive Security Podcast

Defensive Security Podcast Episode 227

https://www.zdnet.com/article/equifax-engineer-who-designed-breach-portal-gets-8-months-of-house-arrest-for-insider-trading/ https://www.csoonline.com/article/3314557/security/ransomware-attack-hits-north-carolina-water-utility-following-hurricane.html https://www.securityweek.com/insurer-anthem-will-pay-record-16m-massive-data-breach https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html https://www.thinkadvisor.com/2018/09/26/sec-hits-voya-financial-advisors-with-1m-fine-over/ https://www.healthcareitnews.com/news/debunking-cybersecurity-thought-humans-are-weakest-link
Defensive Security Podcast

Defensive Security Podcast Episode 226 redux

Note: this episode is being re-released to fix a problem with the mp3 download. https://www.tripwire.com/state-of-security/security-data-protection/bec-as-a-service-offers-hacked-business-accounts-for-as-little-as-150/ https://www.bleepingcomputer.com/news/security/ic3-issues-alert-regarding-remote-desktop-protocol-rdp-attacks/ https://krebsonsecurity.com/2018/10/supply-chain-security-is-the-whole-enchilada-but-whos-willing-to-pay-for-it/  
Defensive Security Podcast

Defensive Security Podcast Episode 226

https://www.tripwire.com/state-of-security/security-data-protection/bec-as-a-service-offers-hacked-business-accounts-for-as-little-as-150/ https://www.bleepingcomputer.com/news/security/ic3-issues-alert-regarding-remote-desktop-protocol-rdp-attacks/ https://krebsonsecurity.com/2018/10/supply-chain-security-is-the-whole-enchilada-but-whos-willing-to-pay-for-it/  
Defensive Security Podcast

Defensive Security Podcast Episode 225

https://motherboard.vice.com/en_us/article/pa8emg/russian-indicted-jp-morgan-chase-hack https://www.zdnet.com/article/us-government-releases-post-mortem-report-on-equifax-hack/ https://www.zdnet.com/article/phishing-alert-north-korean-hacking-attacks-shows-your-email-is-still-the-weakest-link/ https://www.verizon.com/about/news/lifting-lid-cybercrime
Defensive Security Podcast

Defensive Security Podcast Episode 224

https://www.zdnet.com/article/this-destructive-ransomware-has-made-crooks-6m-by-encrypting-data-and-backups/ https://www.bleepingcomputer.com/news/security/reddit-announces-security-breach-after-hackers-bypassed-staffs-2fa/ https://www.databreachtoday.com/art-steal-fin7s-highly-effective-phishing-a-11286 https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Defensive Security Podcast

Defensive Security Podcast Episode 223

https://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most https://www.bankinfosecurity.com/labcorp-still-recovering-from-ransomware-attack-a-11235 https://www.securityweek.com/cyber-axis-evil-rewriting-cyber-kill-chain https://arstechnica.com/information-technology/2018/07/prolific-hacking-group-steals-almost-1-million-from-russian-bank/#p3 https://www.bleepingcomputer.com/news/government/us-charges-12-russian-intelligence-officers-for-hacking-dnc-running-dcleaks/
Defensive Security Podcast

Defensive Security Podcast Episode 221

https://www.esecurityplanet.com/network-security/security-projects-cisos-should-consider-gartner.html Data breach defendant must hand over computer forensics reports: court https://www.theregister.co.uk/2018/06/26/digitally_signed_malware/ https://www.bankinfosecurity.com/californias-new-privacy-law-its-almost-gdpr-in-us-a-11149 https://blog.erratasec.com/2018/06/lessons-from-npetya-one-year-later.html

Stuxnet Family Tree Grows

What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
ZDNet

Another dark web marketplace bites the dust –Wall Street Market

Two major dark web marketplaces for buying illegal products shut down in the span of a month.

Google File Cabinet Plays Host to Malware Payloads

Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.

Demonstration Showcase Brings DevOps to Interop19

Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.
isBuzz

What Home Buying Can Teach Us About Continuous Monitoring

Companies have been brainwashed to solely rely on hiring major auditing companies to help monitor and audit their vendors’ security. Assessments from these traditional auditors are typically an annual point-in-time affair. With technology advancing much more frequently, this outdated...