DtSR Episode 446 – TPA AppSec Philosophy
Prologue When in Austin, TX ... meet up with some friends right? This week I have the pleasure of sitting down in-person with Joel whom has been doing the "AppSec thing" for longer than many of you who are...
DtSR Episode 445 – TPA Non-Random Cyber Thoughts with Dave Marcus
Prologue I honestly am having a difficult time understanding how this show has gone so long, so many episodes, without sitting down with Dave Marcus 1:1. It hurts my brain. So I rectified this situation and here you are....
DtSR Episode 444 – TPA Gary is Awful at Retirement
Prologue I'm honored to have Gary McGraw on with James and myself on this episode. I hadn't realized, but Gary retired from (what was formerly) Cigital - and by retired I mean "started something new". Gary sucks at retirement,...
DtSR Episode 443 – TPA Addressing AppSec Tech Debt
Prologue Chris Eng has been elbows deep in software security for a very long time. Times have changed over the last 20 years, as have tools, methods, and outcomes - what hasn't changed is how much security debt we...
DtSR Episode 442 – S11E15 – TPA Fighting the Good Fight
Prologue This week, the show is back after a brief spring break, and we have with us Dmitri Alperovitch - who has taken on a new venture in his latest role. We discuss cybersecurity policy, government's role in private...
DtSR Episode 441 – TPA State Secrets and Diplomatic Protection
Prologue ** First, before I say anything else, I want to thank Lonnie and his staff for their service to our country. Protecting diplomats is not an easy task I imagine, and being the most powerful nation on Earth,...
DtSR Episode 440 – TPA Fighting Back Against ATO
Prologue Account Take-Over (ATO). You've probably not given this too much thought, unless you've had your account jacked. Whether it was someone stealing your Twitter account, or your bank account, or God-forbid your Facebook - you know the ramifications...
DtSR Episode 439 – TPA Open Source Endpoint Defense
Prologue OK, say it with me, defender tools suck. They all have their own dashboards, data formats, ways to look at what's going on...and that wouldn't be bad if they even remotely worked together. OSQuery isn't the end-all for endpoint...
DtSR Episode 438 – TPA Implementing Zero Trust Principles
Prologue This week on a very cool conversation, Rafal snags a chance to do a virtual sit-down with Yuri all the way from the Netherlands. Juri is one of the quintessential experts on Zero Trust (not the commercial tools...
DtSR Episode 437 – TPA Healthcare IT Under Siege
Prologue This week, DJ McArthur joins James and Rafal to talk shop about his career in defending healthcare IT. The Cliff's Notes version is that it's more complex, more under siege, and more critical than ever. No problem, right?...
DtSR Episode 436 – TPA A Dev Perspective on AppSec
Prologue Continuing what accidentally became a series of AppSec or Software Security focused episodes, #436 takes it from yet another direction. Rey joins us to talk about AppSec from his perspective - that of a life-long developer that's moved...
File Progress DtSR Episode 435 – TPA WPScan and WordPress
Prologue Episode 435 is packed with OpenSource goodness, talking about WordPress and WPScan with Ryan Dewhurst. Ryan started WPScan (a tool you probably use as a security practitioner) and has now made a business out of it. He spends...
DtSR Episode 434 – TPA Open Source Software Security
Prologue This week, Jennifer Fernick of NCC Group joins me to talk about her work with open source software and security. With a storied career, Jennifer is well-qualified to talk about some really interesting topics, but finding bugs in...
DtSR Episode 433 – TPA Leading the Alliance
Prologue: This week, Gary Latham joins the podcast to talk about taking the reigns of the Security Advisor Alliance, at a pivotal time for the organization. If you don't know about the SAA, I highly encourage you to check it...
DtSR Episode 432 – TPA Identity and Trust
Prologue On this week's episode of the podcast, boomerang guest Robb Rock joins Rafal to talk identity, trust, and what's happened since the last time Robb was on the show (which was in 2016!). Of course they talk about...
Blessed are the cryptographers, labelling them criminal enablers is just foolish
Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons Column Nearly a decade ago I decided to try my hand as a cryptographer. It went about as well as you...
Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations
The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data ransom demands are not met.
"The...
NSA and ODNI analyze potential risks to 5G networks
U.S. Intelligence agencies warn of weaknesses in 5G networks that could be exploited by crooks and nation-state actors for intelligence gathering.
The U.S. National Security Agency (NSA), along with the DHS Cybersecurity and Infrastructure Security Agency (CISA), and the Office...
Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild
Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild.
The list of updated applications includes Adobe Experience Manager,...
Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data
Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…
